Fix GetPodIPsOfNetwork for retrieving UDN IPs

This fixes GetPodIPsOfNetwork function to return appropriate IPs based on the configured primary network of the given pod. Signed-off-by: Periyasamy Palanisamy <[email protected]>
ovn-org · Sep 9, 2024 · 26f870a · 26f870a
1 parent 45e655b
commit 26f870a
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 15 deletions.
diff --git a/go-controller/pkg/ovn/base_network_controller.go b/go-controller/pkg/ovn/base_network_controller.go
@@ -701,6 +701,8 @@ func (bnc *BaseNetworkController) getPodNADNames(pod *kapi.Pod) ([]string, error
 		return []string{types.DefaultNetworkName}, nil
 	}
 	if bnc.IsPrimaryNetwork() {
+		// We couldn't reply on bnc.NetInfo because this may span across different namespaces.
+		// Hence retrieve active network object from pod namespace and then NADs from this object.
 		namespacePrimaryNetwork, err := bnc.getActiveNetworkForNamespace(pod.Namespace)
 		if err != nil {
 			return nil, err

diff --git a/go-controller/pkg/ovn/base_network_controller_namespace.go b/go-controller/pkg/ovn/base_network_controller_namespace.go
@@ -71,14 +71,16 @@ func getNamespaceAddrSetDbIDs(namespaceName, controller string) *libovsdbops.DbO
 // WatchNamespaces starts the watching of namespace resource and calls
 // back the appropriate handler logic
 func (bnc *BaseNetworkController) WatchNamespaces() error {
-	if bnc.IsSecondary() {
+	if bnc.IsPrimaryNetwork() && !util.IsNetworkSegmentationSupportEnabled() {
+		// For primary user defined networks, we don't have to watch namespace events if
+		// network segmentation support is not enabled.
+		return nil
+	}
+
+	if bnc.IsSecondary() && !bnc.IsPrimaryNetwork() && !util.IsMultiNetworkPoliciesSupportEnabled() {
 		// For secondary networks, we don't have to watch namespace events if
-		// multi-network policy support is not enabled and if it's not used a
-		// primary network for the namespaced.
-		if !util.IsMultiNetworkPoliciesSupportEnabled() &&
-			(!util.IsNetworkSegmentationSupportEnabled() || !bnc.IsPrimaryNetwork()) {
-			return nil
-		}
+		// multi-network policy support is not enabled.
+		return nil
 	}
 
 	if bnc.namespaceHandler != nil {

diff --git a/go-controller/pkg/ovn/base_network_controller_policy.go b/go-controller/pkg/ovn/base_network_controller_policy.go
@@ -220,14 +220,16 @@ func (bnc *BaseNetworkController) syncNetworkPolicies(networkPolicies []interfac
 		return err
 	}
 
+	// FIXME: For primary user networks, shoul we need the hairpin allow ACL?
+	// The port group is not found error is thrown at line 269. Is that expected ?
 	if bnc.NetInfo.IsSecondary() {
 		return nil
 	}
 
 	// add default hairpin allow acl
 	err = bnc.addHairpinAllowACL()
 	if err != nil {
-		return fmt.Errorf("failed to create allow hairping acl: %w", err)
+		return fmt.Errorf("failed to create allow hairpin acl: %w", err)
 	}
 
 	return nil

diff --git a/go-controller/pkg/util/pod_annotation.go b/go-controller/pkg/util/pod_annotation.go
@@ -301,15 +301,18 @@ func GetPodCIDRsWithFullMask(pod *v1.Pod, nInfo NetInfo) ([]*net.IPNet, error) {
 	return ips, nil
 }
 
-// GetPodIPsOfNetwork returns the pod's IP addresses, first from the OVN annotation
-// and then falling back to IPs from "k8s.ovn.org/pod-networks" pod annotation if pod
-// is served by user defined primary network, otherwise retrieve it from Pod Status IPs.
+// GetPodIPsOfNetwork returns the pod's IP addresses.
+// If the network is default type, then retrieve it from Pod Status IPs.
+// If the network is secondary and also used as primary network for the pod, then retrieve
+// IPs from "k8s.ovn.org/pod-networks" pod annotation.
+// If the network is only secondary, then retrieve IPs from the k8s.ovn.org/pod-networks
+// annotation based on NetworkSelectionElement.
 // This function is intended to also return IPs for HostNetwork and other non-OVN-IPAM-ed pods.
 func GetPodIPsOfNetwork(pod *v1.Pod, nInfo NetInfo) ([]net.IP, error) {
-	if nInfo.IsSecondary() {
-		return SecondaryNetworkPodIPs(pod, nInfo)
+	if !nInfo.IsSecondary() || PodWantsHostNetwork(pod) {
+		return DefaultNetworkPodIPs(pod)
 	}
-	if nInfo.IsPrimaryNetwork() && !PodWantsHostNetwork(pod) {
+	if nInfo.IsPrimaryNetwork() {
 		nadList := nInfo.GetNADs()
 		for _, nad := range nadList {
 			userNet, err := UnmarshalPodAnnotation(pod.Annotations, nad)
@@ -325,8 +328,10 @@ func GetPodIPsOfNetwork(pod *v1.Pod, nInfo NetInfo) ([]net.IP, error) {
 			}
 			return ips, nil
 		}
+		return nil, fmt.Errorf("no IP(s) configured for pod %s/%s from network %s",
+			pod.Namespace, pod.Name, nInfo.GetNetworkName())
 	}
-	return DefaultNetworkPodIPs(pod)
+	return SecondaryNetworkPodIPs(pod, nInfo)
 }
 
 func DefaultNetworkPodIPs(pod *v1.Pod) ([]net.IP, error) {