fix: use external_ids to identify vpc policy routes and static routes

oilbeater · oilbeater · commit a1bb237bb148 · 2026-02-08T10:35:20.000Z
Signed-off-by: Mengxin Liu &lt;liumengxinfly@gmail.com&gt;
diff --git a/pkg/controller/node.go b/pkg/controller/node.go
@@ -207,9 +207,10 @@ func (c *Controller) handleAddNode(key string) error {
 				match       = fmt.Sprintf("ip%d.dst == %s", af, nodeIP)
 				action      = kubeovnv1.PolicyRouteActionReroute
 				externalIDs = map[string]string{
-					"vendor":         util.CniTypeName,
-					"node":           node.Name,
-					"address-family": strconv.Itoa(af),
+					ovs.ExternalIDVendor:       util.CniTypeName,
+					ovs.ExternalIDController:   "node",
+					ovs.ExternalIDResourceName: node.Name,
+					"address-family":           strconv.Itoa(af),
 				}
 			)
 			klog.Infof("add policy route for router: %s, match %s, action %s, nexthop %s, externalID %v", c.config.ClusterRouter, match, action, ip, externalIDs)
@@ -945,6 +946,8 @@ func (c *Controller) addNodeGatewayStaticRoute() error {
 					NextHopIP:  nextHop,
 					RouteTable: util.MainRouteTable,
 				},
+				"node",
+				"node-gateway",
 			); err != nil {
 				klog.Errorf("failed to add static route for node gw: %v", err)
 				return err
@@ -1120,10 +1123,11 @@ func (c *Controller) addPolicyRouteForLocalDNSCacheOnNode(dnsIPs []string, nodeP
 
 	var (
 		externalIDs = map[string]string{
-			"vendor":          util.CniTypeName,
-			"node":            nodeName,
-			"address-family":  strconv.Itoa(af),
-			"isLocalDnsCache": "true",
+			ovs.ExternalIDVendor:       util.CniTypeName,
+			ovs.ExternalIDController:   "node",
+			ovs.ExternalIDResourceName: nodeName,
+			"address-family":           strconv.Itoa(af),
+			"isLocalDnsCache":          "true",
 		}
 		pgAs     = strings.ReplaceAll(fmt.Sprintf("%s_ip%d", nodePortName, af), "-", ".")
 		action   = kubeovnv1.PolicyRouteActionReroute
@@ -1134,7 +1138,7 @@ func (c *Controller) addPolicyRouteForLocalDNSCacheOnNode(dnsIPs []string, nodeP
 		matches.Add(fmt.Sprintf("ip%d.src == $%s && ip%d.dst == %s", af, pgAs, af, ip))
 	}
 
-	policies, err := c.OVNNbClient.GetLogicalRouterPoliciesByExtID(c.config.ClusterRouter, "node", nodeName)
+	policies, err := c.OVNNbClient.GetLogicalRouterPoliciesByExtID(c.config.ClusterRouter, ovs.ExternalIDResourceName, nodeName)
 	if err != nil {
 		klog.Errorf("failed to list logical router policies with external-ids:node = %q: %v", nodeName, err)
 		return err
@@ -1178,10 +1182,11 @@ func (c *Controller) addPolicyRouteForLocalDNSCacheOnNode(dnsIPs []string, nodeP
 
 func (c *Controller) deletePolicyRouteForLocalDNSCacheOnNode(nodeName string, af int) error {
 	policies, err := c.OVNNbClient.ListLogicalRouterPolicies(c.config.ClusterRouter, -1, map[string]string{
-		"vendor":          util.CniTypeName,
-		"node":            nodeName,
-		"address-family":  strconv.Itoa(af),
-		"isLocalDnsCache": "true",
+		ovs.ExternalIDVendor:       util.CniTypeName,
+		ovs.ExternalIDController:   "node",
+		ovs.ExternalIDResourceName: nodeName,
+		"address-family":           strconv.Itoa(af),
+		"isLocalDnsCache":          "true",
 	}, true)
 	if err != nil {
 		klog.Errorf("failed to list logical router policies: %v", err)
diff --git a/pkg/controller/pod.go b/pkg/controller/pod.go
@@ -867,8 +867,9 @@ func (c *Controller) reconcileRouteSubnets(pod *v1.Pod, needRoutePodNets []*kube
 						NextHopIP: nextHop,
 					},
 					map[string]string{
-						"vendor": util.CniTypeName,
-						"subnet": subnet.Name,
+						ovs.ExternalIDVendor:       util.CniTypeName,
+						ovs.ExternalIDController:   "pod",
+						ovs.ExternalIDResourceName: fmt.Sprintf("%s/%s", pod.Namespace, pod.Name),
 					},
 				); err != nil {
 					klog.Errorf("failed to add policy route, %v", err)
@@ -934,8 +935,9 @@ func (c *Controller) reconcileRouteSubnets(pod *v1.Pod, needRoutePodNets []*kube
 								NextHopIP: pod.Annotations[util.NorthGatewayAnnotation],
 							},
 							map[string]string{
-								"vendor": util.CniTypeName,
-								"subnet": subnet.Name,
+								ovs.ExternalIDVendor:       util.CniTypeName,
+								ovs.ExternalIDController:   "pod",
+								ovs.ExternalIDResourceName: fmt.Sprintf("%s/%s", pod.Namespace, pod.Name),
 							},
 						); err != nil {
 							klog.Errorf("failed to add policy route, %v", err)
diff --git a/pkg/controller/subnet.go b/pkg/controller/subnet.go
@@ -2051,8 +2051,9 @@ func getIPSuffix(protocol string) string {
 
 func buildPolicyRouteExternalIDs(subnetName string, extraIDs map[string]string) map[string]string {
 	externalIDs := map[string]string{
-		"vendor": util.CniTypeName,
-		"subnet": subnetName,
+		ovs.ExternalIDVendor:       util.CniTypeName,
+		ovs.ExternalIDController:   "subnet",
+		ovs.ExternalIDResourceName: subnetName,
 	}
 	maps.Copy(externalIDs, extraIDs)
 	return externalIDs
@@ -2498,6 +2499,8 @@ func (c *Controller) addCustomVPCStaticRouteForSubnet(subnet *kubeovnv1.Subnet)
 				CIDR:      v4Cidr,
 				NextHopIP: v4Gw,
 			},
+			"subnet",
+			subnet.Name,
 		); err != nil {
 			klog.Errorf("failed to add static route, %v", err)
 			return err
@@ -2512,6 +2515,8 @@ func (c *Controller) addCustomVPCStaticRouteForSubnet(subnet *kubeovnv1.Subnet)
 				CIDR:      v6Cidr,
 				NextHopIP: v6Gw,
 			},
+			"subnet",
+			subnet.Name,
 		); err != nil {
 			klog.Errorf("failed to add static route, %v", err)
 			return err
diff --git a/pkg/controller/vpc.go b/pkg/controller/vpc.go
@@ -24,6 +24,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 
 	kubeovnv1 "github.com/kubeovn/kube-ovn/pkg/apis/kubeovn/v1"
+	"github.com/kubeovn/kube-ovn/pkg/ovs"
 	"github.com/kubeovn/kube-ovn/pkg/ovsdb/ovnnb"
 	"github.com/kubeovn/kube-ovn/pkg/util"
 )
@@ -289,7 +290,23 @@ func (c *Controller) handleAddOrUpdateVpc(key string) error {
 		return err
 	}
 
-	learnFromARPRequest := true
+	learnFromARPRequest := vpc.Spec.EnableExternal
+	if !learnFromARPRequest {
+		for _, subnetName := range vpc.Status.Subnets {
+			subnet, err := c.subnetsLister.Get(subnetName)
+			if err != nil {
+				if k8serrors.IsNotFound(err) {
+					continue
+				}
+				klog.Errorf("failed to get subnet %s for vpc %s: %v", subnetName, key, err)
+				return err
+			}
+			if subnet.Spec.Vlan != "" && subnet.Spec.U2OInterconnection {
+				learnFromARPRequest = true
+				break
+			}
+		}
+	}
 
 	if err = c.createVpcRouter(key, learnFromARPRequest); err != nil {
 		klog.Errorf("failed to create vpc router for vpc %s: %v", key, err)
@@ -319,15 +336,19 @@ func (c *Controller) handleAddOrUpdateVpc(key string) error {
 	}
 
 	// handle static route
+	staticRouteExternalIDs := map[string]string{
+		ovs.ExternalIDVendor:       util.CniTypeName,
+		ovs.ExternalIDController:   "vpc",
+		ovs.ExternalIDResourceName: vpc.Name,
+	}
+
 	var (
 		staticExistedRoutes []*ovnnb.LogicalRouterStaticRoute
 		staticTargetRoutes  []*kubeovnv1.StaticRoute
 		staticRouteMapping  map[string][]*kubeovnv1.StaticRoute
-		externalIDs         = map[string]string{"vendor": util.CniTypeName}
 	)
 
-	// only manage static routes which are kube-ovn managed, by filtering for vendor util.CniTypeName
-	staticExistedRoutes, err = c.OVNNbClient.ListLogicalRouterStaticRoutes(vpc.Name, nil, nil, "", externalIDs)
+	staticExistedRoutes, err = c.OVNNbClient.ListLogicalRouterStaticRoutes(vpc.Name, nil, nil, "", staticRouteExternalIDs)
 	if err != nil {
 		klog.Errorf("failed to get vpc %s static route list, %v", vpc.Name, err)
 		return err
@@ -464,15 +485,15 @@ func (c *Controller) handleAddOrUpdateVpc(key string) error {
 		if item.BfdID != "" {
 			klog.Infof("vpc %s add static ecmp route: %+v", vpc.Name, item)
 			if err = c.OVNNbClient.AddLogicalRouterStaticRoute(
-				vpc.Name, item.RouteTable, convertPolicy(item.Policy), item.CIDR, &item.BfdID, externalIDs, item.NextHopIP,
+				vpc.Name, item.RouteTable, convertPolicy(item.Policy), item.CIDR, &item.BfdID, staticRouteExternalIDs, item.NextHopIP,
 			); err != nil {
 				klog.Errorf("failed to add bfd static route to vpc %s , %v", vpc.Name, err)
 				return err
 			}
 		} else {
 			klog.Infof("vpc %s add static route: %+v", vpc.Name, item)
 			if err = c.OVNNbClient.AddLogicalRouterStaticRoute(
-				vpc.Name, item.RouteTable, convertPolicy(item.Policy), item.CIDR, nil, externalIDs, item.NextHopIP,
+				vpc.Name, item.RouteTable, convertPolicy(item.Policy), item.CIDR, nil, staticRouteExternalIDs, item.NextHopIP,
 			); err != nil {
 				klog.Errorf("failed to add normal static route to vpc %s , %v", vpc.Name, err)
 				return err
@@ -481,6 +502,12 @@ func (c *Controller) handleAddOrUpdateVpc(key string) error {
 	}
 
 	// handle policy route
+	policyExternalIDs := map[string]string{
+		ovs.ExternalIDVendor:       util.CniTypeName,
+		ovs.ExternalIDController:   "vpc",
+		ovs.ExternalIDResourceName: vpc.Name,
+	}
+
 	var (
 		policyRouteExisted, policyRouteNeedDel, policyRouteNeedAdd []*kubeovnv1.PolicyRoute
 		policyRouteLogical                                         []*ovnnb.LogicalRouterPolicy
@@ -493,33 +520,30 @@ func (c *Controller) handleAddOrUpdateVpc(key string) error {
 		policyRouteNeedDel, policyRouteNeedAdd = diffPolicyRouteWithExisted(policyRouteExisted, vpc.Spec.PolicyRoutes)
 	} else {
 		if vpc.Spec.PolicyRoutes == nil {
-			// do not clean default vpc policy routes
-			if err = c.OVNNbClient.ClearLogicalRouterPolicy(vpc.Name); err != nil {
-				klog.Errorf("clean all vpc %s policy route failed, %v", vpc.Name, err)
+			// only clean vpc spec managed policy routes, not those created by subnet or egress gateway controllers
+			if err = c.OVNNbClient.DeleteLogicalRouterPolicies(vpc.Name, -1, policyExternalIDs); err != nil {
+				klog.Errorf("clean vpc %s spec policy routes failed, %v", vpc.Name, err)
 				return err
 			}
 		} else {
-			policyRouteLogical, err = c.OVNNbClient.ListLogicalRouterPolicies(vpc.Name, -1, nil, true)
+			policyRouteLogical, err = c.OVNNbClient.ListLogicalRouterPolicies(vpc.Name, -1, policyExternalIDs, false)
 			if err != nil {
 				klog.Errorf("failed to get vpc %s policy route list, %v", vpc.Name, err)
 				return err
 			}
-			// diff vpc policy route
 			policyRouteNeedDel, policyRouteNeedAdd = diffPolicyRouteWithLogical(policyRouteLogical, vpc.Spec.PolicyRoutes)
 		}
 	}
-	// delete policies non-exist
 	for _, item := range policyRouteNeedDel {
 		klog.Infof("delete policy route for router: %s, priority: %d, match %s", vpc.Name, item.Priority, item.Match)
 		if err = c.OVNNbClient.DeleteLogicalRouterPolicy(vpc.Name, item.Priority, item.Match); err != nil {
 			klog.Errorf("del vpc %s policy route failed, %v", vpc.Name, err)
 			return err
 		}
 	}
-	// add new policies
 	for _, item := range policyRouteNeedAdd {
-		klog.Infof("add policy route for router: %s, match %s, action %s, nexthop %s, externalID %v", c.config.ClusterRouter, item.Match, string(item.Action), item.NextHopIP, externalIDs)
-		if err = c.OVNNbClient.AddLogicalRouterPolicy(vpc.Name, item.Priority, item.Match, string(item.Action), []string{item.NextHopIP}, nil, externalIDs); err != nil {
+		klog.Infof("add policy route for router: %s, match %s, action %s, nexthop %s, externalID %v", vpc.Name, item.Match, string(item.Action), item.NextHopIP, policyExternalIDs)
+		if err = c.OVNNbClient.AddLogicalRouterPolicy(vpc.Name, item.Priority, item.Match, string(item.Action), []string{item.NextHopIP}, nil, policyExternalIDs); err != nil {
 			klog.Errorf("add policy route to vpc %s failed, %v", vpc.Name, err)
 			return err
 		}
@@ -580,7 +604,7 @@ func (c *Controller) handleAddOrUpdateVpc(key string) error {
 		if subnet.Spec.Vpc == key {
 			// Accelerate subnet update when vpc config is updated.
 			// In case VPC not set namespaces, subnet will backoff and may take long time to back to ready.
-			if subnet.Status.IsNotReady() || subnet.Spec.U2OInterconnection {
+			if subnet.Status.IsNotReady() {
 				c.addOrUpdateSubnetQueue.Add(subnet.Name)
 			}
 			if vpc.Name != util.DefaultVpc && vpc.Spec.EnableBfd && subnet.Spec.EnableEcmp {
@@ -936,22 +960,26 @@ func (c *Controller) batchDeletePolicyRouteFromVpc(name string, policies []*kube
 	return nil
 }
 
-func (c *Controller) addStaticRouteToVpc(name string, route *kubeovnv1.StaticRoute) error {
-	externalIDs := map[string]string{"vendor": util.CniTypeName}
+func (c *Controller) addStaticRouteToVpc(vpcName string, route *kubeovnv1.StaticRoute, controller, resourceName string) error {
+	externalIDs := map[string]string{
+		ovs.ExternalIDVendor:       util.CniTypeName,
+		ovs.ExternalIDController:   controller,
+		ovs.ExternalIDResourceName: resourceName,
+	}
 	if route.BfdID != "" {
-		klog.Infof("vpc %s add static ecmp route: %+v", name, route)
+		klog.Infof("vpc %s add static ecmp route: %+v", vpcName, route)
 		if err := c.OVNNbClient.AddLogicalRouterStaticRoute(
-			name, route.RouteTable, convertPolicy(route.Policy), route.CIDR, &route.BfdID, externalIDs, route.NextHopIP,
+			vpcName, route.RouteTable, convertPolicy(route.Policy), route.CIDR, &route.BfdID, externalIDs, route.NextHopIP,
 		); err != nil {
-			klog.Errorf("failed to add bfd static route to vpc %s , %v", name, err)
+			klog.Errorf("failed to add bfd static route to vpc %s , %v", vpcName, err)
 			return err
 		}
 	} else {
-		klog.Infof("vpc %s add static route: %+v", name, route)
+		klog.Infof("vpc %s add static route: %+v", vpcName, route)
 		if err := c.OVNNbClient.AddLogicalRouterStaticRoute(
-			name, route.RouteTable, convertPolicy(route.Policy), route.CIDR, nil, externalIDs, route.NextHopIP,
+			vpcName, route.RouteTable, convertPolicy(route.Policy), route.CIDR, nil, externalIDs, route.NextHopIP,
 		); err != nil {
-			klog.Errorf("failed to add normal static route to vpc %s , %v", name, err)
+			klog.Errorf("failed to add normal static route to vpc %s , %v", vpcName, err)
 			return err
 		}
 	}
diff --git a/pkg/controller/vpc_test.go b/pkg/controller/vpc_test.go
diff --git a/pkg/ovs/ovn.go b/pkg/ovs/ovn.go
