Skip to content

Commit

Permalink
Update rule realization for failure case too
Browse files Browse the repository at this point in the history 
With antrea 1.9, networkpolicystatus support realization status
and error msg field. Added the backend support in Nephe too to
report realization for both success and failure case.

Signed-off-by: Rahul Jain <[email protected]>
  • Loading branch information
@reachjainrahul
reachjainrahul committed Oct 25, 2022
1 parent ecec19d commit 5a386f8
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 22 deletions.
28 changes: 6 additions & 22 deletions pkg/controllers/cloud/networkpolicy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,6 @@ import (

"github.com/mohae/deepcopy"
apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/tools/cache"
"sigs.k8s.io/controller-runtime/pkg/client"

Expand Down Expand Up @@ -1008,33 +1007,17 @@ func (a *appliedToSecurityGroup) getStatus() error {
return &InProgress{}
}

// updateRuleRealizationState report ANP realization status to Antrea Controller.
func (a *appliedToSecurityGroup) updateRuleRealizationState(r *NetworkPolicyReconciler) {
// updateRuleRealizationState update all ANPs status for a given appliedToGroup.
func (a *appliedToSecurityGroup) updateRuleRealizationState(r *NetworkPolicyReconciler, failed bool, msg string) {
nps, err := r.networkPolicyIndexer.ByIndex(networkPolicyIndexerByAppliedToGrp, a.id.Name)
if err != nil {
r.Log.Error(err, "Get networkPolicy indexer failed.", "appliedToGroup", a.id.Name)
return
}
// Walk through all the ANPs for a given appliedToGroup and report combined status.
for _, i := range nps {
np := i.(*networkPolicy)
status := &antreanetworking.NetworkPolicyStatus{
ObjectMeta: metav1.ObjectMeta{
Name: string(np.UID),
Namespace: np.Namespace,
},

Nodes: []antreanetworking.NetworkPolicyNodeStatus{
{
NodeName: config.ANPNepheController,
Generation: np.Generation,
},
},
}
r.Log.V(1).Info("Updating rule realization.", "NP", np.Name, "Namespace", np.Namespace)
if err := r.antreaClient.NetworkPolicies().UpdateStatus(context.TODO(), status.Name, status); err != nil {
r.Log.Error(err, "Rule realization failed.", "NP", np.Name, "Namespace", np.Namespace)
}
np := i.(*networkPolicy).NetworkPolicy
r.sendRuleRealizationStatus(&np, failed, msg)
}
}

Expand All @@ -1058,6 +1041,7 @@ func (a *appliedToSecurityGroup) notify(op securityGroupOperation, status error,
a.status = status
}
if status != nil {
a.updateRuleRealizationState(r, true, status.Error())
r.Log.Error(status, "AppliedToSecurityGroup operation failed", "Name", a.id.Name, "Op", op)
return nil
}
Expand All @@ -1078,7 +1062,7 @@ func (a *appliedToSecurityGroup) notify(op securityGroupOperation, status error,
a.hasMembers = true
case securityGroupOperationUpdateRules:
// AppliedToSecurityGroup added rules, now update rule realization state, addrGroup references and add members.
a.updateRuleRealizationState(r)
a.updateRuleRealizationState(r, false, "")
if err := a.updateAddrGroupReference(r); err != nil {
return err
}
Expand Down
26 changes: 26 additions & 0 deletions pkg/controllers/cloud/networkpolicy_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,31 @@ func (r *NetworkPolicyReconciler) isNetworkPolicySupported(anp *antreanetworking
return nil
}

// sendRuleRealizationStatus send anp realization status to antrea controller.
func (r *NetworkPolicyReconciler) sendRuleRealizationStatus(anp *antreanetworking.NetworkPolicy, failed bool, msg string) {
status := &antreanetworking.NetworkPolicyStatus{
ObjectMeta: metav1.ObjectMeta{
Name: string(anp.UID),
Namespace: anp.Namespace,
},

Nodes: []antreanetworking.NetworkPolicyNodeStatus{
{
NodeName: config.ANPNepheController,
Generation: anp.Generation,
},
},
}
if failed {
status.Nodes[0].RealizationFailure = true
status.Nodes[0].Message = msg
}
r.Log.V(1).Info("Updating rule realization.", "NP", anp.Name, "Namespace", anp.Namespace)
if err := r.antreaClient.NetworkPolicies().UpdateStatus(context.TODO(), status.Name, status); err != nil {
r.Log.Error(err, "rule realization send failed.", "NP", anp.Name, "Namespace", anp.Namespace)
}
}

// normalizedANPObject updates ANP object with Nephe friendly name. Required for Azure
// cloud which doesn't handles / in any cloud resource name.
func (r *NetworkPolicyReconciler) normalizedANPObject(anp *antreanetworking.NetworkPolicy) {
Expand Down Expand Up @@ -394,6 +419,7 @@ func (r *NetworkPolicyReconciler) processNetworkPolicy(event watch.Event) error

r.Log.V(1).Info("Received NetworkPolicy event", "type", event.Type, "obj", anp)
if err := r.isNetworkPolicySupported(anp); err != nil {
r.sendRuleRealizationStatus(anp, true, err.Error())
return err
}
if anp.Namespace == "" {
Expand Down

0 comments on commit 5a386f8

Please sign in to comment.