Release 1.12.12 mc (#6112)

zhaocongqi · web-flow · commit 7c5836a7efda · 2025-12-29T10:31:44.000+08:00
* fix(vm/sts): handle multiple network interfaces when cleaning resources on VM Pod deletion (#6089) Signed-off-by: zhaocongqi <1229896069@qq.com> * update mc version Signed-off-by: zhaocongqi <1229896069@qq.com> --------- Signed-off-by: zhaocongqi <1229896069@qq.com>
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-v1.12.11-mc
+v1.12.12-mc
diff --git a/pkg/controller/pod.go b/pkg/controller/pod.go
@@ -1043,23 +1043,25 @@ func (c *Controller) handleDeletePod(key string) error {
 
 	podKey := fmt.Sprintf("%s/%s", pod.Namespace, podName)
 
-	var keepIPCR bool
-	if ok, stsName, stsUID := isStatefulSetPod(pod); ok {
-		if pod.DeletionTimestamp != nil {
-			klog.Infof("handle deletion of sts pod %s", podName)
-			toDel := isStatefulSetPodToDel(c.config.KubeClient, pod, stsName, stsUID)
-			if !toDel {
+	var keepIPCR, isOwnerRefToDel, isOwnerRefDeleted bool
+	var ipcrToDelete []string
+	isStsPod, stsName, stsUID := isStatefulSetPod(pod)
+	if isStsPod {
+		if !pod.DeletionTimestamp.IsZero() {
+			klog.Infof("handle deletion of sts pod %s", podKey)
+			isOwnerRefToDel = isStatefulSetPodToDel(c.config.KubeClient, pod, stsName, stsUID)
+			if !isOwnerRefToDel {
 				klog.Infof("try keep ip for sts pod %s", podKey)
 				keepIPCR = true
 			}
 		}
 		if keepIPCR {
-			isDelete, err := appendCheckPodToDel(c, pod, stsName, util.StatefulSet)
+			isOwnerRefDeleted, ipcrToDelete, err := appendCheckPodNetToDel(c, pod, stsName, util.StatefulSet)
 			if err != nil {
 				klog.Error(err)
 				return err
 			}
-			if isDelete {
+			if isOwnerRefDeleted || len(ipcrToDelete) != 0 {
 				klog.Infof("not keep ip for sts pod %s", podKey)
 				keepIPCR = false
 			}
@@ -1080,20 +1082,20 @@ func (c *Controller) handleDeletePod(key string) error {
 			}
 		}
 		if pod.DeletionTimestamp != nil {
-			klog.Infof("handle deletion of vm pod %s", podName)
-			vmToBeDel := c.isVMToDel(pod, vmName)
-			if !vmToBeDel {
+			klog.Infof("handle deletion of vm pod %s", podKey)
+			isOwnerRefToDel = c.isVMToDel(pod, vmName)
+			if !isOwnerRefToDel {
 				klog.Infof("try keep ip for vm pod %s", podKey)
 				keepIPCR = true
 			}
 		}
 		if keepIPCR {
-			isDelete, err := appendCheckPodToDel(c, pod, vmName, util.VMInstance)
+			isOwnerRefDeleted, ipcrToDelete, err = appendCheckPodNetToDel(c, pod, vmName, util.VMInstance)
 			if err != nil {
 				klog.Error(err)
 				return err
 			}
-			if isDelete {
+			if isOwnerRefDeleted || len(ipcrToDelete) != 0 {
 				klog.Infof("not keep ip for vm pod %s", podKey)
 				keepIPCR = false
 			}
@@ -1170,6 +1172,12 @@ func (c *Controller) handleDeletePod(key string) error {
 		klog.Infof("try release all ip address for deleting pod %s", podKey)
 		for _, podNet := range podNets {
 			portName := ovs.PodNameToPortName(podName, pod.Namespace, podNet.ProviderName)
+			// if the OwnerRef has been deleted or is in the process of being deleted, all associated IPCRs must be cleaned up
+			if (isStsPod || isVMPod) && !isOwnerRefToDel && !isOwnerRefDeleted &&
+				!slices.Contains(ipcrToDelete, portName) {
+				klog.Infof("skip clean ip CR %s", portName)
+				continue
+			}
 			ipCR, err := c.ipsLister.Get(portName)
 			if err != nil {
 				if k8serrors.IsNotFound(err) {
@@ -1967,93 +1975,132 @@ func (c *Controller) acquireStaticAddress(key, nicName, ip string, mac *string,
 	return v4IP, v6IP, macStr, nil
 }
 
-func appendCheckPodToDel(c *Controller, pod *v1.Pod, ownerRefName, ownerRefKind string) (bool, error) {
-	// subnet for ns has been changed, and statefulset pod's ip is not in the range of subnet's cidr anymore
+func appendCheckPodNetToDel(c *Controller, pod *v1.Pod, ownerRefName, ownerRefKind string) (bool, []string, error) {
+	// subnet for ns has been changed, and statefulset/vm pod's ip is not in the range of subnet's cidr anymore
 	podNs, err := c.namespacesLister.Get(pod.Namespace)
 	if err != nil {
 		klog.Errorf("failed to get namespace %s, %v", pod.Namespace, err)
-		return false, err
+		return false, nil, err
 	}
 
-	// check if subnet exist in OwnerReference
-	var ownerRefSubnetExist bool
-	var ownerRefSubnet string
+	var ownerRefAnnotations map[string]string
 	switch ownerRefKind {
 	case util.StatefulSet:
 		ss, err := c.config.KubeClient.AppsV1().StatefulSets(pod.Namespace).Get(context.Background(), ownerRefName, metav1.GetOptions{})
 		if err != nil {
 			if k8serrors.IsNotFound(err) {
 				klog.Infof("Statefulset %s is not found", ownerRefName)
-				return true, nil
+				return true, nil, nil
 			}
 			klog.Errorf("failed to get StatefulSet %s, %v", ownerRefName, err)
 		}
-		if ss.Spec.Template.ObjectMeta.Annotations[util.LogicalSwitchAnnotation] != "" {
-			ownerRefSubnetExist = true
-			ownerRefSubnet = ss.Spec.Template.ObjectMeta.Annotations[util.LogicalSwitchAnnotation]
+		if ss.Spec.Template.Annotations != nil {
+			ownerRefAnnotations = ss.Spec.Template.Annotations
 		}
 
 	case util.VMInstance:
 		vm, err := c.config.KubevirtClient.VirtualMachine(pod.Namespace).Get(context.Background(), ownerRefName, metav1.GetOptions{})
 		if err != nil {
 			if k8serrors.IsNotFound(err) {
 				klog.Infof("VirtualMachine %s is not found", ownerRefName)
-				return true, nil
+				return true, nil, nil
 			}
 			klog.Errorf("failed to get VirtualMachine %s, %v", ownerRefName, err)
 		}
 		if vm != nil &&
 			vm.Spec.Template != nil &&
-			vm.Spec.Template.ObjectMeta.Annotations != nil &&
-			vm.Spec.Template.ObjectMeta.Annotations[util.LogicalSwitchAnnotation] != "" {
-			ownerRefSubnetExist = true
-			ownerRefSubnet = vm.Spec.Template.ObjectMeta.Annotations[util.LogicalSwitchAnnotation]
-		}
-	}
-	podSwitch := strings.TrimSpace(pod.Annotations[util.LogicalSwitchAnnotation])
-	if !ownerRefSubnetExist {
-		nsSubnetNames := podNs.Annotations[util.LogicalSwitchAnnotation]
-		// check if pod use the subnet of its ns
-		if nsSubnetNames != "" && podSwitch != "" && !slices.Contains(strings.Split(nsSubnetNames, ","), podSwitch) {
-			klog.Infof("ns %s annotation subnet is %s, which is inconstant with subnet for pod %s, delete pod", pod.Namespace, nsSubnetNames, pod.Name)
-			return true, nil
+			vm.Spec.Template.ObjectMeta.Annotations != nil {
+			ownerRefAnnotations = vm.Spec.Template.ObjectMeta.Annotations
 		}
 	}
 
+	var ipcrToDelete []string
+	if defaultIPCRName := appendCheckPodNonMultusNetToDel(c, pod, ownerRefName, ownerRefAnnotations, podNs); defaultIPCRName != "" {
+		ipcrToDelete = append(ipcrToDelete, defaultIPCRName)
+	}
+
+	if multusIPCRNames := appendCheckPodMultusNetToDel(c, pod, ownerRefName, ownerRefAnnotations); len(multusIPCRNames) != 0 {
+		ipcrToDelete = append(ipcrToDelete, multusIPCRNames...)
+	}
+
+	return false, ipcrToDelete, nil
+}
+
+func appendCheckPodNonMultusNetToDel(c *Controller, pod *v1.Pod, ownerRefName string, ownerRefAnnotations map[string]string, podNs *v1.Namespace) string {
+	podDefaultSwitch := strings.TrimSpace(pod.Annotations[util.LogicalSwitchAnnotation])
+	if podDefaultSwitch != "" {
+		ownerRefSubnet := ownerRefAnnotations[util.LogicalSwitchAnnotation]
+		defaultIPCRName := ovs.PodNameToPortName(ownerRefName, pod.Namespace, util.OvnProvider)
+		if ownerRefSubnet == "" {
+			nsSubnetNames := podNs.Annotations[util.LogicalSwitchAnnotation]
+			// check if pod use the subnet of its ns
+			if nsSubnetNames != "" && !slices.Contains(strings.Split(nsSubnetNames, ","), podDefaultSwitch) {
+				klog.Infof("ns %s annotation subnet is %s, which is inconstant with subnet for pod %s, delete pod", pod.Namespace, nsSubnetNames, pod.Name)
+				return defaultIPCRName
+			}
+		} else {
+			podIP := pod.Annotations[util.IPAddressAnnotation]
+			if shouldCleanPodNet(c, pod, ownerRefName, ownerRefSubnet, podDefaultSwitch, podIP) {
+				return defaultIPCRName
+			}
+		}
+	}
+	return ""
+}
+
+func appendCheckPodMultusNetToDel(c *Controller, pod *v1.Pod, ownerRefName string, ownerRefAnnotations map[string]string) []string {
+	var multusIPCRNames []string
+	attachmentNets, _ := c.getPodAttachmentNet(pod)
+	for _, attachmentNet := range attachmentNets {
+		ipCRName := ovs.PodNameToPortName(ownerRefName, pod.Namespace, attachmentNet.ProviderName)
+		podSwitch := strings.TrimSpace(pod.Annotations[fmt.Sprintf(util.LogicalSwitchAnnotationTemplate, attachmentNet.ProviderName)])
+		ownerRefSubnet := ownerRefAnnotations[fmt.Sprintf(util.LogicalSwitchAnnotationTemplate, attachmentNet.ProviderName)]
+		podIP := pod.Annotations[fmt.Sprintf(util.IPAddressAnnotationTemplate, attachmentNet.ProviderName)]
+		if shouldCleanPodNet(c, pod, ownerRefName, ownerRefSubnet, podSwitch, podIP) {
+			multusIPCRNames = append(multusIPCRNames, ipCRName)
+		}
+	}
+	return multusIPCRNames
+}
+
+func shouldCleanPodNet(c *Controller, pod *v1.Pod, ownerRefName, ownerRefSubnet, podSwitch, podIP string) bool {
 	// subnet cidr has been changed, and statefulset pod's ip is not in the range of subnet's cidr anymore
 	podSubnet, err := c.subnetsLister.Get(podSwitch)
 	if err != nil {
+		if k8serrors.IsNotFound(err) {
+			klog.Infof("subnet %s not found for pod %s/%s, not auto clean ip", podSwitch, pod.Namespace, pod.Name)
+			return false
+		}
 		klog.Errorf("failed to get subnet %s, %v, not auto clean ip", podSwitch, err)
-		return false, err
+		return false
 	}
 	if podSubnet == nil {
 		// TODO: remove: CRD get interface will retrun a nil subnet ?
 		klog.Errorf("pod %s/%s subnet %s is nil, not auto clean ip", pod.Namespace, pod.Name, podSwitch)
-		return false, nil
+		return false
 	}
-	podIP := pod.Annotations[util.IPAddressAnnotation]
 	if podIP == "" {
 		// delete pod just after it created < 1ms
 		klog.Infof("pod %s/%s annotaions has no ip address, not auto clean ip", pod.Namespace, pod.Name)
-		return false, nil
+		return false
 	}
 	podSubnetCidr := podSubnet.Spec.CIDRBlock
 	if podSubnetCidr == "" {
 		// subnet spec cidr changed by user
 		klog.Errorf("invalid pod subnet %s empty cidr %s, not auto clean ip", podSwitch, podSubnetCidr)
-		return false, nil
+		return false
 	}
 	if !util.CIDRContainIP(podSubnetCidr, podIP) {
-		klog.Infof("pod's ip %s is not in the range of subnet %s, delete pod", pod.Annotations[util.IPAddressAnnotation], podSubnet.Name)
-		return true, nil
+		klog.Infof("pod's ip %s is not in the range of subnet %s, delete pod", podIP, podSubnet.Name)
+		return true
 	}
 	// subnet of ownerReference(sts/vm) has been changed, it needs to handle delete pod and create port on the new logical switch
 	if ownerRefSubnet != "" && podSubnet.Name != ownerRefSubnet {
 		klog.Infof("Subnet of owner %s has been changed from %s to %s, delete pod %s/%s", ownerRefName, podSubnet.Name, ownerRefSubnet, pod.Namespace, pod.Name)
-		return true, nil
+		return true
 	}
 
-	return false, nil
+	return false
 }
 
 func isVMPod(pod *v1.Pod) (bool, string) {
