Add Controlplane changes for NodeNetworkPolicy #5716
Conversation
Atish-iaf
force-pushed
the
HNP-controller-changes
branch
from
3dd82f0
to
1d9a71a
Compare
| @@ -82,6 +84,12 @@ type Interface interface { | |||
| // DeleteExternalEntity deletes an ExternalEntity from the index. If any existing groups are affected, eventHandlers | |||
| // will be called with the affected groups. | |||
| DeleteExternalEntity(ee *v1alpha2.ExternalEntity) | |||
| // AddNode adds or updates a Node to the index. If any existing groups are affected, eventHandlers will be called with | |||
| // the affected groups. | |||
| AddNode(node *v1.Node) | |||
There was a problem hiding this comment.
When NodeSelector is used in AddressGroup, the current code just calculate the selected Nodes via c.nodeLister.List(selector), see
antrea/pkg/controller/networkpolicy/networkpolicy_controller.go
Lines 1137 to 1140 in 22d70be
This is based on the assumption that the scale of Node is smaller than Pod, and Node events that we care about are much less frequent.
I think this PR should do the same to be consistent and to avoid making the grouping interface more complicated until it's necessary.
| @@ -1180,6 +1180,9 @@ func (n *NetworkPolicyController) getMemberSetForGroupType(groupType grouping.Gr | |||
| for _, ee := range externalEntities { | |||
| groupMemberSet.Insert(externalEntityToGroupMember(ee, true)) | |||
| } | |||
| for _, node := range nodes { | |||
| groupMemberSet.Insert(nodeToGroupMember(node)) | |||
There was a problem hiding this comment.
Like a Pod member in an AppliedToGroup, we don't need NodeIP in Node member when it's in an AppliedToGroup, otherwise the code needs to keep a Node group up-to-date when a Node IP changes but actually it's never used.
| @@ -1342,6 +1345,9 @@ func (n *NetworkPolicyController) syncAppliedToGroup(key string) error { | |||
| memberSetByNode[entityNodeKey] = entitySet | |||
| appGroupNodeNames.Insert(entityNodeKey) | |||
| } | |||
| for _, node := range nodes { | |||
| appGroupNodeNames.Insert(node.Name) | |||
There was a problem hiding this comment.
Like Pod case, we should fill memberSetByNode to only send the Node itself to a Node. Otherwise it will have to resend the whole members everytime a Node joins or leaves the group.
Please have an unit test to validate it.
| func NodeIPsIndexFunc(obj interface{}) ([]string, error) { | ||
| node, ok := obj.(*v1.Node) | ||
| if !ok { | ||
| return nil, fmt.Errorf("obj is not node: %+v", obj) |
There was a problem hiding this comment.
Since you're checking if obj is of type *v1.Node. However, when the type assertion fails, consider providing more context in the error message. For example: "Expected *v1.Node, got %T"
Atish-iaf
force-pushed
the
HNP-controller-changes
branch
from
1d9a71a
to
80b24a5
Compare
Atish-iaf
force-pushed
the
HNP-controller-changes
branch
2 times, most recently
from
6d988a2
to
c888923
Compare
Atish-iaf
force-pushed
the
HNP-controller-changes
branch
from
c888923
to
acda271
Compare
There was a problem hiding this comment.
LGTM
@hongliangl do you have other comments? Does it work with your PR?
LGTM overall. Just the json tag |
Atish-iaf
force-pushed
the
HNP-controller-changes
branch
from
acda271
to
0e5fc9d
Compare
Signed-off-by: Kumar Atish <[email protected]>
Atish-iaf
force-pushed
the
HNP-controller-changes
branch
from
0e5fc9d
to
a7e57e0
Compare
tnqn
added
action/release-note
|
/skip-all |
For #5671