From 76bd82fcc3dfa65985ddc66ecfa063ed57a2e395 Mon Sep 17 00:00:00 2001 From: msherif1234 Date: Thu, 18 May 2023 11:02:15 -0400 Subject: [PATCH] OCPBUGS-11888: handle daemonSet pods restart when delete daemonSet or daemon pods manually pods will get recreated but the interface will have older xdp attached to it Signed-off-by: msherif1234 --- .../ingressnodefirewallnodestate_controller.go | 6 +++--- pkg/ebpfsyncer/ebpfsyncer.go | 14 ++++++++++++++ 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/controllers/ingressnodefirewallnodestate_controller.go b/controllers/ingressnodefirewallnodestate_controller.go index 6fa219a7..8dcc04d4 100644 --- a/controllers/ingressnodefirewallnodestate_controller.go +++ b/controllers/ingressnodefirewallnodestate_controller.go @@ -66,7 +66,7 @@ func (r *IngressNodeFirewallNodeStateReconciler) Reconcile(ctx context.Context, // Request object not found, could have been deleted after reconcile request. // Owned objects are automatically garbage collected. For additional cleanup logic use finalizers. // Return and don't requeue - return r.reconcileResource(ctx, req, nodeState, true) + return r.reconcileResource(ctx, nodeState, true) } // Error reading the object - requeue the request. r.Log.Error(err, "Failed to get IngressNodeFirewallNodeState") @@ -74,7 +74,7 @@ func (r *IngressNodeFirewallNodeStateReconciler) Reconcile(ctx context.Context, } r.Log.Info("Reconciling resource and programming bpf", "name", nodeState.Name, "namespace", nodeState.Namespace) - return r.reconcileResource(ctx, req, nodeState, false) + return r.reconcileResource(ctx, nodeState, false) } // SetupWithManager sets up the controller with the Manager. @@ -90,7 +90,7 @@ var mock ebpfsyncer.EbpfSyncer = nil // reconcileResource reconciles the resource by getting the EbpfDaemon singleton's SyncInterfaceIngressRules method. // For mock tests, var mock can be overwritten. func (r *IngressNodeFirewallNodeStateReconciler) reconcileResource( - ctx context.Context, req ctrl.Request, instance *infv1alpha1.IngressNodeFirewallNodeState, isDelete bool) (ctrl.Result, error) { + ctx context.Context, instance *infv1alpha1.IngressNodeFirewallNodeState, isDelete bool) (ctrl.Result, error) { if err := ebpfsyncer.GetEbpfSyncer(ctx, r.Log, r.Stats, mock).SyncInterfaceIngressRules(instance.Spec.InterfaceIngressRules, isDelete); err != nil { return ctrl.Result{}, errors.Wrapf(err, "FailedToSyncIngressNodeFirewallResources") } diff --git a/pkg/ebpfsyncer/ebpfsyncer.go b/pkg/ebpfsyncer/ebpfsyncer.go index 770db749..ed1ba5cc 100644 --- a/pkg/ebpfsyncer/ebpfsyncer.go +++ b/pkg/ebpfsyncer/ebpfsyncer.go @@ -3,8 +3,11 @@ package ebpfsyncer import ( "context" "fmt" + "os" + "os/signal" "strings" "sync" + "syscall" "github.com/openshift/ingress-node-firewall/api/v1alpha1" infv1alpha1 "github.com/openshift/ingress-node-firewall/api/v1alpha1" @@ -72,6 +75,8 @@ func (e *ebpfSingleton) SyncInterfaceIngressRules( logger := e.log.WithName("syncIngressNodeFirewallResources") logger.Info("Running sync operation", "ifaceIngressRules", ifaceIngressRules, "isDelete", isDelete) + sigc := make(chan os.Signal, 1) + // Stop the poller for the time of this operation and start it again afterwards. if e.stats != nil { e.stats.StopPoll() @@ -82,6 +87,15 @@ func (e *ebpfSingleton) SyncInterfaceIngressRules( }() } + signal.Notify(sigc, os.Interrupt, syscall.SIGTERM) + go func(c chan os.Signal) { + // Wait for a SIGTERM + <-c + if e.c != nil { + e.resetAll() + } + }(sigc) + // Create a new manager if none exists. if err := e.createNewManager(); err != nil { return err