Skip to content

fix reconciliation issue when ag is modified during controller restart #247

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 20, 2023
Merged

fix reconciliation issue when ag is modified during controller restart #247

merged 1 commit into from
Jun 20, 2023

Conversation

shenmo3
Copy link
Contributor

@shenmo3 shenmo3 commented Jun 7, 2023

Description

Currently, if the address group of network policies is modified during controller restart, the reconciliation process will encounter issues. The syncFromCloud will delete the previous address group before deleting the previous rules that still reference it. This lead to dependency violation in AWS and ASG not found error during rule updates in Azure. This PR addresses the problem by first updating address group references for appliedTo groups before deleting address groups.

Changes

  1. The appliedTo group sync now computes the address group references before performing rule updates on indexer changes, instead of only updating references after the async rule update completes.
  2. SyncFromCloud will delete unknown address groups after appliedTo group sync finishes.
  3. The isRemove flag, previously added for Azure to fix the ASG not found issue, has been removed.

@shenmo3 shenmo3 requested a review from reachjainrahul June 7, 2023 22:39
@shenmo3 shenmo3 self-assigned this Jun 7, 2023
@shenmo3 shenmo3 requested a review from Anandkumar26 June 7, 2023 23:20
reachjainrahul
reachjainrahul reviewed Jun 12, 2023
View reviewed changes
pkg/cloudprovider/cloudapi/azure/azure_security.go Outdated
err = computeService.removeReferencesToSecurityGroup(&securityGroupIdentifier.CloudResourceID, rgName, location, membershipOnly)
if err != nil {
return err
// remove attached rules for appliedTo sg but not address sg. this behavior is consistent with AWS.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

reachjainrahul
reachjainrahul reviewed Jun 12, 2023
View reviewed changes
reachjainrahul
reachjainrahul reviewed Jun 12, 2023
View reviewed changes
@shenmo3 shenmo3 force-pushed the fix-reconciliation branch 2 times, most recently from 82c5067 to c1d82a7 Compare June 13, 2023 21:37
shenmo3
shenmo3 commented Jun 14, 2023
View reviewed changes
@shenmo3 @reachjainrahul
fix reconciliation issue when ag is modified during controller restart
6e3de0f 
Signed-off-by: Alexander Liu <alliu@vmware.com>
reachjainrahul
reachjainrahul approved these changes Jun 20, 2023
View reviewed changes
Copy link
Contributor

@reachjainrahul reachjainrahul left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/LGTM

@reachjainrahul
Copy link
Contributor

/nephe-test-e2e-kind

1 similar comment
@reachjainrahul
Copy link
Contributor

/nephe-test-e2e-kind

@reachjainrahul reachjainrahul merged commit 8da3c29 into main Jun 20, 2023
@reachjainrahul reachjainrahul deleted the fix-reconciliation branch June 20, 2023 19:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@reachjainrahul reachjainrahul reachjainrahul approved these changes

@Anandkumar26 Anandkumar26 Awaiting requested review from Anandkumar26

Assignees

@shenmo3 shenmo3

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@shenmo3 @reachjainrahul