Skip to content

Commit

Permalink
update np name with character prefix
Browse files Browse the repository at this point in the history
  • Loading branch information
@hongzhen-ma
hongzhen-ma committed Nov 9, 2022
1 parent ff3ac89 commit ea5b931
Showing 1 changed file with 30 additions and 23 deletions.
53 changes: 30 additions & 23 deletions pkg/controller/network_policy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"reflect"
"strconv"
"strings"
"unicode"

corev1 "k8s.io/api/core/v1"
netv1 "k8s.io/api/networking/v1"
Expand Down Expand Up @@ -183,16 +184,22 @@ func (c *Controller) handleUpdateNp(key string) error {
logEnable = true
}

npName := np.Name
nameArray := []rune(np.Name)
if !unicode.IsLetter(nameArray[0]) {
npName = "np" + np.Name
}

// TODO: ovn acl doesn't support address_set name with '-', now we replace '-' by '.'.
// This may cause conflict if two np with name test-np and test.np. Maybe hash is a better solution,
// but we do not want to lost the readability now.
pgName := strings.Replace(fmt.Sprintf("%s.%s", np.Name, np.Namespace), "-", ".", -1)
ingressAllowAsNamePrefix := strings.Replace(fmt.Sprintf("%s.%s.ingress.allow", np.Name, np.Namespace), "-", ".", -1)
ingressExceptAsNamePrefix := strings.Replace(fmt.Sprintf("%s.%s.ingress.except", np.Name, np.Namespace), "-", ".", -1)
egressAllowAsNamePrefix := strings.Replace(fmt.Sprintf("%s.%s.egress.allow", np.Name, np.Namespace), "-", ".", -1)
egressExceptAsNamePrefix := strings.Replace(fmt.Sprintf("%s.%s.egress.except", np.Name, np.Namespace), "-", ".", -1)
pgName := strings.Replace(fmt.Sprintf("%s.%s", npName, np.Namespace), "-", ".", -1)
ingressAllowAsNamePrefix := strings.Replace(fmt.Sprintf("%s.%s.ingress.allow", npName, np.Namespace), "-", ".", -1)
ingressExceptAsNamePrefix := strings.Replace(fmt.Sprintf("%s.%s.ingress.except", npName, np.Namespace), "-", ".", -1)
egressAllowAsNamePrefix := strings.Replace(fmt.Sprintf("%s.%s.egress.allow", npName, np.Namespace), "-", ".", -1)
egressExceptAsNamePrefix := strings.Replace(fmt.Sprintf("%s.%s.egress.except", npName, np.Namespace), "-", ".", -1)

if err := c.ovnClient.CreateNpPortGroup(pgName, np.Namespace, np.Name); err != nil {
if err := c.ovnClient.CreateNpPortGroup(pgName, np.Namespace, npName); err != nil {
klog.Errorf("failed to create port group for np %s, %v", key, err)
return err
}
Expand All @@ -210,8 +217,8 @@ func (c *Controller) handleUpdateNp(key string) error {
}

// set svc address_set
svcAsNameIPv4 := strings.Replace(fmt.Sprintf("%s.%s.service.%s", np.Name, np.Namespace, kubeovnv1.ProtocolIPv4), "-", ".", -1)
svcAsNameIPv6 := strings.Replace(fmt.Sprintf("%s.%s.service.%s", np.Name, np.Namespace, kubeovnv1.ProtocolIPv6), "-", ".", -1)
svcAsNameIPv4 := strings.Replace(fmt.Sprintf("%s.%s.service.%s", npName, np.Namespace, kubeovnv1.ProtocolIPv4), "-", ".", -1)
svcAsNameIPv6 := strings.Replace(fmt.Sprintf("%s.%s.service.%s", npName, np.Namespace, kubeovnv1.ProtocolIPv6), "-", ".", -1)
svcIpv4s, svcIpv6s, err := c.fetchSelectedSvc(np.Namespace, &np.Spec.PodSelector)
if err != nil {
klog.Errorf("failed to fetchSelectedSvc svcIPs result %v", err)
Expand All @@ -225,7 +232,7 @@ func (c *Controller) handleUpdateNp(key string) error {
svcAsName = svcAsNameIPv6
svcIPs = svcIpv6s
}
if err := c.ovnClient.CreateAddressSet(svcAsName, np.Namespace, np.Name, "service"); err != nil {
if err := c.ovnClient.CreateAddressSet(svcAsName, np.Namespace, npName, "service"); err != nil {
klog.Errorf("failed to create address_set %s, %v", svcAsNameIPv4, err)
return err
}
Expand All @@ -235,7 +242,7 @@ func (c *Controller) handleUpdateNp(key string) error {
}
}

ingressAsNames, err := c.ovnClient.ListAddressSet(np.Namespace, np.Name, "ingress")
ingressAsNames, err := c.ovnClient.ListAddressSet(np.Namespace, npName, "ingress")
if err != nil {
klog.Errorf("failed to list ingress address_set, %v", err)
return err
Expand Down Expand Up @@ -288,7 +295,7 @@ func (c *Controller) handleUpdateNp(key string) error {
}
}
klog.Infof("UpdateNp Ingress, allows is %v, excepts is %v, log %v", allows, excepts, logEnable)
if err := c.ovnClient.CreateAddressSet(ingressAllowAsName, np.Namespace, np.Name, "ingress"); err != nil {
if err := c.ovnClient.CreateAddressSet(ingressAllowAsName, np.Namespace, npName, "ingress"); err != nil {
klog.Errorf("failed to create address_set %s, %v", ingressAllowAsName, err)
return err
}
Expand All @@ -297,7 +304,7 @@ func (c *Controller) handleUpdateNp(key string) error {
return err
}

if err := c.ovnClient.CreateAddressSet(ingressExceptAsName, np.Namespace, np.Name, "ingress"); err != nil {
if err := c.ovnClient.CreateAddressSet(ingressExceptAsName, np.Namespace, npName, "ingress"); err != nil {
klog.Errorf("failed to create address_set %s, %v", ingressExceptAsName, err)
return err
}
Expand All @@ -315,12 +322,12 @@ func (c *Controller) handleUpdateNp(key string) error {
if len(np.Spec.Ingress) == 0 {
ingressAllowAsName := fmt.Sprintf("%s.%s.all", ingressAllowAsNamePrefix, protocol)
ingressExceptAsName := fmt.Sprintf("%s.%s.all", ingressExceptAsNamePrefix, protocol)
if err := c.ovnClient.CreateAddressSet(ingressAllowAsName, np.Namespace, np.Name, "ingress"); err != nil {
if err := c.ovnClient.CreateAddressSet(ingressAllowAsName, np.Namespace, npName, "ingress"); err != nil {
klog.Errorf("failed to create address_set %s, %v", ingressAllowAsName, err)
return err
}

if err := c.ovnClient.CreateAddressSet(ingressExceptAsName, np.Namespace, np.Name, "ingress"); err != nil {
if err := c.ovnClient.CreateAddressSet(ingressExceptAsName, np.Namespace, npName, "ingress"); err != nil {
klog.Errorf("failed to create address_set %s, %v", ingressExceptAsName, err)
return err
}
Expand All @@ -340,7 +347,7 @@ func (c *Controller) handleUpdateNp(key string) error {
}
}

asNames, err := c.ovnClient.ListAddressSet(np.Namespace, np.Name, "ingress")
asNames, err := c.ovnClient.ListAddressSet(np.Namespace, npName, "ingress")
if err != nil {
klog.Errorf("failed to list address_set, %v", err)
return err
Expand Down Expand Up @@ -369,7 +376,7 @@ func (c *Controller) handleUpdateNp(key string) error {
return err
}

asNames, err := c.ovnClient.ListAddressSet(np.Namespace, np.Name, "ingress")
asNames, err := c.ovnClient.ListAddressSet(np.Namespace, npName, "ingress")
if err != nil {
klog.Errorf("failed to list address_set, %v", err)
return err
Expand All @@ -382,7 +389,7 @@ func (c *Controller) handleUpdateNp(key string) error {
}
}

egressAsNames, err := c.ovnClient.ListAddressSet(np.Namespace, np.Name, "egress")
egressAsNames, err := c.ovnClient.ListAddressSet(np.Namespace, npName, "egress")
if err != nil {
klog.Errorf("failed to list egress address_set, %v", err)
return err
Expand Down Expand Up @@ -435,7 +442,7 @@ func (c *Controller) handleUpdateNp(key string) error {
}
}
klog.Infof("UpdateNp Egress, allows is %v, excepts is %v, log %v", allows, excepts, logEnable)
if err := c.ovnClient.CreateAddressSet(egressAllowAsName, np.Namespace, np.Name, "egress"); err != nil {
if err := c.ovnClient.CreateAddressSet(egressAllowAsName, np.Namespace, npName, "egress"); err != nil {
klog.Errorf("failed to create address_set %s, %v", egressAllowAsName, err)
return err
}
Expand All @@ -444,7 +451,7 @@ func (c *Controller) handleUpdateNp(key string) error {
return err
}

if err := c.ovnClient.CreateAddressSet(egressExceptAsName, np.Namespace, np.Name, "egress"); err != nil {
if err := c.ovnClient.CreateAddressSet(egressExceptAsName, np.Namespace, npName, "egress"); err != nil {
klog.Errorf("failed to create address_set %s, %v", egressExceptAsName, err)
return err
}
Expand All @@ -460,12 +467,12 @@ func (c *Controller) handleUpdateNp(key string) error {
if len(np.Spec.Egress) == 0 {
egressAllowAsName := fmt.Sprintf("%s.%s.all", egressAllowAsNamePrefix, protocol)
egressExceptAsName := fmt.Sprintf("%s.%s.all", egressExceptAsNamePrefix, protocol)
if err := c.ovnClient.CreateAddressSet(egressAllowAsName, np.Namespace, np.Name, "egress"); err != nil {
if err := c.ovnClient.CreateAddressSet(egressAllowAsName, np.Namespace, npName, "egress"); err != nil {
klog.Errorf("failed to create address_set %s, %v", egressAllowAsName, err)
return err
}

if err := c.ovnClient.CreateAddressSet(egressExceptAsName, np.Namespace, np.Name, "egress"); err != nil {
if err := c.ovnClient.CreateAddressSet(egressExceptAsName, np.Namespace, npName, "egress"); err != nil {
klog.Errorf("failed to create address_set %s, %v", egressExceptAsName, err)
return err
}
Expand All @@ -485,7 +492,7 @@ func (c *Controller) handleUpdateNp(key string) error {
}
}

asNames, err := c.ovnClient.ListAddressSet(np.Namespace, np.Name, "egress")
asNames, err := c.ovnClient.ListAddressSet(np.Namespace, npName, "egress")
if err != nil {
klog.Errorf("failed to list address_set, %v", err)
return err
Expand Down Expand Up @@ -515,7 +522,7 @@ func (c *Controller) handleUpdateNp(key string) error {
return err
}

asNames, err := c.ovnClient.ListAddressSet(np.Namespace, np.Name, "egress")
asNames, err := c.ovnClient.ListAddressSet(np.Namespace, npName, "egress")
if err != nil {
klog.Errorf("failed to list egress address_set, %v", err)
return err
Expand Down

0 comments on commit ea5b931

Please sign in to comment.