fix: prevent GC from deleting KubeVirt VM interfaces

The garbage collector introduced in PR kubeovn#5789 incorrectly identifies
KubeVirt VM interfaces as 'lost' and deletes them, breaking network
connectivity for VMs within ~60 seconds of creation.

Root cause: For KubeVirt VMs, the pod_name in OVS external_ids is set
to the VM name (e.g., 'ubuntu-vm-br'), not the launcher pod name
(e.g., 'virt-launcher-ubuntu-vm-br-xyz'). When gcInterfaces() tries
to look up the pod by the VM name, it fails and incorrectly deletes
the interface.

Solution: When a pod is not found by direct lookup, check if it might
be a KubeVirt VM by searching for launcher pods with the label
'vm.kubevirt.io/name' matching the pod_name from OVS. If a matching
launcher pod exists, keep the interface instead of deleting it.

This fix maintains backward compatibility with non-KubeVirt pods
while preventing false-positive deletions for KubeVirt VMs.

Signed-off-by: Damir Nugmanov <damir_nug@mail.ru>
Signed-off-by: dnugmanov <damir_nug@mail.ru>

Author: dnugmanov

pkg/daemon/controller.go

@@ -15,6 +15,7 @@ import (
 	"github.com/scylladb/go-set/strset"
 	v1 "k8s.io/api/core/v1"
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/labels"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apimachinery/pkg/util/wait"
@@ -722,12 +723,28 @@ func (c *Controller) gcInterfaces() {
 			continue
 		}
 
-		if _, err := c.podsLister.Pods(podNamespace).Get(podName); err != nil {
-			if k8serrors.IsNotFound(err) {
-				klog.Infof("pod %s/%s not found, delete ovs interface %s", podNamespace, podName, iface)
-				if err := ovs.CleanInterface(iface); err != nil {
-					klog.Errorf("failed to clean ovs interface %s: %v", iface, err)
-				}
+		if _, err := c.podsLister.Pods(podNamespace).Get(podName); err != nil && k8serrors.IsNotFound(err) {
+			// Pod not found by name. Check if this might be a KubeVirt VM.
+			// For KubeVirt VMs, the pod_name in OVS external_ids is set to the VM name (not the launcher pod name).
+			// The actual launcher pod has the label 'vm.kubevirt.io/name' with the VM name as value.
+			// Try to find launcher pods by this label.
+			selector := labels.SelectorFromSet(map[string]string{util.KubeVirtVMNameLabel: podName})
+			launcherPods, listErr := c.podsLister.Pods(podNamespace).List(selector)
+			if listErr != nil {
+				klog.Errorf("failed to list launcher pods for vm %s/%s: %v", podNamespace, podName, listErr)
+			}
+
+			// If we found launcher pod(s) for this VM, keep the interface
+			if len(launcherPods) > 0 {
+				klog.V(5).Infof("found %d launcher pod(s) for vm %s/%s, keeping ovs interface %s",
+					len(launcherPods), podNamespace, podName, iface)
+				continue
+			}
+
+			// No pod and no launcher pod found - safe to delete
+			klog.Infof("pod %s/%s not found, delete ovs interface %s", podNamespace, podName, iface)
+			if err := ovs.CleanInterface(iface); err != nil {
+				klog.Errorf("failed to clean ovs interface %s: %v", iface, err)
 			}
 		}
 	}

pkg/util/const.go

@@ -112,6 +112,7 @@ const (
 	VpcDNSNameLabel                    = "ovn.kubernetes.io/vpc-dns"
 	QoSLabel                           = "ovn.kubernetes.io/qos"
 	NodeNameLabel                      = "ovn.kubernetes.io/node-name"
+	KubeVirtVMNameLabel                = "vm.kubevirt.io/name"
 	NetworkPolicyLogAnnotation         = "ovn.kubernetes.io/enable_log"
 	NetworkPolicyEnforcementAnnotation = "ovn.kubernetes.io/network_policy_enforcement"
 	ACLActionsLogAnnotation            = "ovn.kubernetes.io/log_acl_actions"