fix: use external_ids to identify vpc policy routes and static routes

oilbeater · oilbeater · commit b9af62d327b6 · 2026-02-08T07:19:58.000Z
Signed-off-by: Mengxin Liu &lt;liumengxinfly@gmail.com&gt;
diff --git a/pkg/controller/vpc.go b/pkg/controller/vpc.go
@@ -24,6 +24,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 
 	kubeovnv1 "github.com/kubeovn/kube-ovn/pkg/apis/kubeovn/v1"
+	"github.com/kubeovn/kube-ovn/pkg/ovs"
 	"github.com/kubeovn/kube-ovn/pkg/ovsdb/ovnnb"
 	"github.com/kubeovn/kube-ovn/pkg/util"
 )
@@ -289,7 +290,23 @@ func (c *Controller) handleAddOrUpdateVpc(key string) error {
 		return err
 	}
 
-	learnFromARPRequest := true
+	learnFromARPRequest := vpc.Spec.EnableExternal
+	if !learnFromARPRequest {
+		for _, subnetName := range vpc.Status.Subnets {
+			subnet, err := c.subnetsLister.Get(subnetName)
+			if err != nil {
+				if k8serrors.IsNotFound(err) {
+					continue
+				}
+				klog.Errorf("failed to get subnet %s for vpc %s: %v", subnetName, key, err)
+				return err
+			}
+			if subnet.Spec.Vlan != "" && subnet.Spec.U2OInterconnection {
+				learnFromARPRequest = true
+				break
+			}
+		}
+	}
 
 	if err = c.createVpcRouter(key, learnFromARPRequest); err != nil {
 		klog.Errorf("failed to create vpc router for vpc %s: %v", key, err)
@@ -319,15 +336,18 @@ func (c *Controller) handleAddOrUpdateVpc(key string) error {
 	}
 
 	// handle static route
+	staticRouteExternalIDs := map[string]string{
+		ovs.ExternalIDVendor:         util.CniTypeName,
+		ovs.ExternalIDVpcStaticRoute: "true",
+	}
+
 	var (
 		staticExistedRoutes []*ovnnb.LogicalRouterStaticRoute
 		staticTargetRoutes  []*kubeovnv1.StaticRoute
 		staticRouteMapping  map[string][]*kubeovnv1.StaticRoute
-		externalIDs         = map[string]string{"vendor": util.CniTypeName}
 	)
 
-	// only manage static routes which are kube-ovn managed, by filtering for vendor util.CniTypeName
-	staticExistedRoutes, err = c.OVNNbClient.ListLogicalRouterStaticRoutes(vpc.Name, nil, nil, "", externalIDs)
+	staticExistedRoutes, err = c.OVNNbClient.ListLogicalRouterStaticRoutes(vpc.Name, nil, nil, "", staticRouteExternalIDs)
 	if err != nil {
 		klog.Errorf("failed to get vpc %s static route list, %v", vpc.Name, err)
 		return err
@@ -464,15 +484,15 @@ func (c *Controller) handleAddOrUpdateVpc(key string) error {
 		if item.BfdID != "" {
 			klog.Infof("vpc %s add static ecmp route: %+v", vpc.Name, item)
 			if err = c.OVNNbClient.AddLogicalRouterStaticRoute(
-				vpc.Name, item.RouteTable, convertPolicy(item.Policy), item.CIDR, &item.BfdID, externalIDs, item.NextHopIP,
+				vpc.Name, item.RouteTable, convertPolicy(item.Policy), item.CIDR, &item.BfdID, staticRouteExternalIDs, item.NextHopIP,
 			); err != nil {
 				klog.Errorf("failed to add bfd static route to vpc %s , %v", vpc.Name, err)
 				return err
 			}
 		} else {
 			klog.Infof("vpc %s add static route: %+v", vpc.Name, item)
 			if err = c.OVNNbClient.AddLogicalRouterStaticRoute(
-				vpc.Name, item.RouteTable, convertPolicy(item.Policy), item.CIDR, nil, externalIDs, item.NextHopIP,
+				vpc.Name, item.RouteTable, convertPolicy(item.Policy), item.CIDR, nil, staticRouteExternalIDs, item.NextHopIP,
 			); err != nil {
 				klog.Errorf("failed to add normal static route to vpc %s , %v", vpc.Name, err)
 				return err
@@ -481,6 +501,11 @@ func (c *Controller) handleAddOrUpdateVpc(key string) error {
 	}
 
 	// handle policy route
+	policyExternalIDs := map[string]string{
+		ovs.ExternalIDVendor:         util.CniTypeName,
+		ovs.ExternalIDVpcPolicyRoute: "true",
+	}
+
 	var (
 		policyRouteExisted, policyRouteNeedDel, policyRouteNeedAdd []*kubeovnv1.PolicyRoute
 		policyRouteLogical                                         []*ovnnb.LogicalRouterPolicy
@@ -493,33 +518,30 @@ func (c *Controller) handleAddOrUpdateVpc(key string) error {
 		policyRouteNeedDel, policyRouteNeedAdd = diffPolicyRouteWithExisted(policyRouteExisted, vpc.Spec.PolicyRoutes)
 	} else {
 		if vpc.Spec.PolicyRoutes == nil {
-			// do not clean default vpc policy routes
-			if err = c.OVNNbClient.ClearLogicalRouterPolicy(vpc.Name); err != nil {
-				klog.Errorf("clean all vpc %s policy route failed, %v", vpc.Name, err)
+			// only clean vpc spec managed policy routes, not those created by subnet or egress gateway controllers
+			if err = c.OVNNbClient.DeleteLogicalRouterPolicies(vpc.Name, -1, policyExternalIDs); err != nil {
+				klog.Errorf("clean vpc %s spec policy routes failed, %v", vpc.Name, err)
 				return err
 			}
 		} else {
-			policyRouteLogical, err = c.OVNNbClient.ListLogicalRouterPolicies(vpc.Name, -1, nil, true)
+			policyRouteLogical, err = c.OVNNbClient.ListLogicalRouterPolicies(vpc.Name, -1, policyExternalIDs, false)
 			if err != nil {
 				klog.Errorf("failed to get vpc %s policy route list, %v", vpc.Name, err)
 				return err
 			}
-			// diff vpc policy route
 			policyRouteNeedDel, policyRouteNeedAdd = diffPolicyRouteWithLogical(policyRouteLogical, vpc.Spec.PolicyRoutes)
 		}
 	}
-	// delete policies non-exist
 	for _, item := range policyRouteNeedDel {
 		klog.Infof("delete policy route for router: %s, priority: %d, match %s", vpc.Name, item.Priority, item.Match)
 		if err = c.OVNNbClient.DeleteLogicalRouterPolicy(vpc.Name, item.Priority, item.Match); err != nil {
 			klog.Errorf("del vpc %s policy route failed, %v", vpc.Name, err)
 			return err
 		}
 	}
-	// add new policies
 	for _, item := range policyRouteNeedAdd {
-		klog.Infof("add policy route for router: %s, match %s, action %s, nexthop %s, externalID %v", c.config.ClusterRouter, item.Match, string(item.Action), item.NextHopIP, externalIDs)
-		if err = c.OVNNbClient.AddLogicalRouterPolicy(vpc.Name, item.Priority, item.Match, string(item.Action), []string{item.NextHopIP}, nil, externalIDs); err != nil {
+		klog.Infof("add policy route for router: %s, match %s, action %s, nexthop %s, externalID %v", vpc.Name, item.Match, string(item.Action), item.NextHopIP, policyExternalIDs)
+		if err = c.OVNNbClient.AddLogicalRouterPolicy(vpc.Name, item.Priority, item.Match, string(item.Action), []string{item.NextHopIP}, nil, policyExternalIDs); err != nil {
 			klog.Errorf("add policy route to vpc %s failed, %v", vpc.Name, err)
 			return err
 		}
@@ -580,7 +602,7 @@ func (c *Controller) handleAddOrUpdateVpc(key string) error {
 		if subnet.Spec.Vpc == key {
 			// Accelerate subnet update when vpc config is updated.
 			// In case VPC not set namespaces, subnet will backoff and may take long time to back to ready.
-			if subnet.Status.IsNotReady() || subnet.Spec.U2OInterconnection {
+			if subnet.Status.IsNotReady() {
 				c.addOrUpdateSubnetQueue.Add(subnet.Name)
 			}
 			if vpc.Name != util.DefaultVpc && vpc.Spec.EnableBfd && subnet.Spec.EnableEcmp {
diff --git a/pkg/controller/vpc_test.go b/pkg/controller/vpc_test.go
@@ -11,6 +11,7 @@ import (
 	"k8s.io/utils/keymutex"
 
 	kubeovnv1 "github.com/kubeovn/kube-ovn/pkg/apis/kubeovn/v1"
+	"github.com/kubeovn/kube-ovn/pkg/ovs"
 	"github.com/kubeovn/kube-ovn/pkg/ovsdb/ovnnb"
 	"github.com/kubeovn/kube-ovn/pkg/util"
 )
@@ -24,11 +25,12 @@ func Test_handleAddOrUpdateVpc_staticRoutes(t *testing.T) {
 	srcIPPolicy := ovnnb.LogicalRouterStaticRoutePolicySrcIP
 	dstIPPolicy := ovnnb.LogicalRouterStaticRoutePolicyDstIP
 
-	// Internal static route created directly in OVN with kube-ovn vendor
+	// Internal static route created directly in OVN with kube-ovn vendor and vpc-static-route label
 	internalStaticRoute := &ovnnb.LogicalRouterStaticRoute{
 		UUID: "internal-static-route-uuid",
 		ExternalIDs: map[string]string{
-			"vendor": util.CniTypeName,
+			"vendor":           util.CniTypeName,
+			"vpc-static-route": "true",
 		},
 		IPPrefix:   "10.0.0.0/24",
 		Nexthop:    "1.2.3.4",
@@ -40,7 +42,8 @@ func Test_handleAddOrUpdateVpc_staticRoutes(t *testing.T) {
 	managedStaticRoute := &ovnnb.LogicalRouterStaticRoute{
 		UUID: "managed-static-route-uuid",
 		ExternalIDs: map[string]string{
-			"vendor": util.CniTypeName,
+			"vendor":           util.CniTypeName,
+			"vpc-static-route": "true",
 		},
 		IPPrefix:   "192.168.0.0/24",
 		Nexthop:    "10.0.0.1",
@@ -89,11 +92,14 @@ func Test_handleAddOrUpdateVpc_staticRoutes(t *testing.T) {
 			internalStaticRoute,
 		}
 
-		externalIDs := map[string]string{"vendor": util.CniTypeName}
+		staticRouteExternalIDs := map[string]string{
+			ovs.ExternalIDVendor:         util.CniTypeName,
+			ovs.ExternalIDVpcStaticRoute: "true",
+		}
 
 		mockOvnClient.EXPECT().CreateLogicalRouter(vpcName).Return(nil)
 		mockOvnClient.EXPECT().UpdateLogicalRouter(gomock.Any(), gomock.Any()).Return(nil)
-		mockOvnClient.EXPECT().ListLogicalRouterStaticRoutes(vpcName, nil, nil, "", externalIDs).Return(existingKubeOvnRoutes, nil)
+		mockOvnClient.EXPECT().ListLogicalRouterStaticRoutes(vpcName, nil, nil, "", staticRouteExternalIDs).Return(existingKubeOvnRoutes, nil)
 		mockOvnClient.EXPECT().GetLogicalRouter(vpcName, false).Return(&ovnnb.LogicalRouter{
 			Name: vpcName,
 			Nat:  []string{},
@@ -105,10 +111,11 @@ func Test_handleAddOrUpdateVpc_staticRoutes(t *testing.T) {
 			"dst-ip",
 			"192.168.0.0/24",
 			nil,
-			externalIDs,
+			staticRouteExternalIDs,
 			"10.0.0.1",
 		).Return(nil)
-		mockOvnClient.EXPECT().ClearLogicalRouterPolicy(vpcName).Return(nil)
+		policyExternalIDs := map[string]string{ovs.ExternalIDVendor: util.CniTypeName, ovs.ExternalIDVpcPolicyRoute: "true"}
+		mockOvnClient.EXPECT().DeleteLogicalRouterPolicies(vpcName, -1, policyExternalIDs).Return(nil)
 		mockOvnClient.EXPECT().ListLogicalSwitch(gomock.Any(), gomock.Any()).Return([]ovnnb.LogicalSwitch{}, nil).AnyTimes()
 		mockOvnClient.EXPECT().ListLogicalRouter(gomock.Any(), gomock.Any()).Return([]ovnnb.LogicalRouter{}, nil).AnyTimes()
 		mockOvnClient.EXPECT().DeleteLogicalRouterPort(fmt.Sprintf("bfd@%s", vpcName)).Return(nil)
@@ -158,17 +165,21 @@ func Test_handleAddOrUpdateVpc_staticRoutes(t *testing.T) {
 			managedStaticRoute,
 		}
 
-		externalIDs := map[string]string{"vendor": util.CniTypeName}
+		staticRouteExternalIDs := map[string]string{
+			ovs.ExternalIDVendor:         util.CniTypeName,
+			ovs.ExternalIDVpcStaticRoute: "true",
+		}
 
 		mockOvnClient.EXPECT().CreateLogicalRouter(vpcName).Return(nil)
 		mockOvnClient.EXPECT().UpdateLogicalRouter(gomock.Any(), gomock.Any()).Return(nil)
-		mockOvnClient.EXPECT().ListLogicalRouterStaticRoutes(vpcName, nil, nil, "", externalIDs).Return(existingKubeOvnRoutes, nil)
+		mockOvnClient.EXPECT().ListLogicalRouterStaticRoutes(vpcName, nil, nil, "", staticRouteExternalIDs).Return(existingKubeOvnRoutes, nil)
 		mockOvnClient.EXPECT().GetLogicalRouter(vpcName, false).Return(&ovnnb.LogicalRouter{
 			Name: vpcName,
 			Nat:  []string{},
 		}, nil)
 		mockOvnClient.EXPECT().DeleteLogicalRouterStaticRoute(vpcName, gomock.Any(), gomock.Any(), "10.0.0.0/24", "1.2.3.4").Return(nil)
-		mockOvnClient.EXPECT().ClearLogicalRouterPolicy(vpcName).Return(nil)
+		policyExternalIDs := map[string]string{ovs.ExternalIDVendor: util.CniTypeName, ovs.ExternalIDVpcPolicyRoute: "true"}
+		mockOvnClient.EXPECT().DeleteLogicalRouterPolicies(vpcName, -1, policyExternalIDs).Return(nil)
 		mockOvnClient.EXPECT().ListLogicalSwitch(gomock.Any(), gomock.Any()).Return([]ovnnb.LogicalSwitch{}, nil).AnyTimes()
 		mockOvnClient.EXPECT().ListLogicalRouter(gomock.Any(), gomock.Any()).Return([]ovnnb.LogicalRouter{}, nil).AnyTimes()
 		mockOvnClient.EXPECT().DeleteLogicalRouterPort(fmt.Sprintf("bfd@%s", vpcName)).Return(nil)
@@ -211,18 +222,22 @@ func Test_handleAddOrUpdateVpc_staticRoutes(t *testing.T) {
 			managedStaticRoute,
 		}
 
-		externalIDs := map[string]string{"vendor": util.CniTypeName}
+		staticRouteExternalIDs := map[string]string{
+			ovs.ExternalIDVendor:         util.CniTypeName,
+			ovs.ExternalIDVpcStaticRoute: "true",
+		}
 
 		mockOvnClient.EXPECT().CreateLogicalRouter(vpcName).Return(nil)
 		mockOvnClient.EXPECT().UpdateLogicalRouter(gomock.Any(), gomock.Any()).Return(nil)
-		mockOvnClient.EXPECT().ListLogicalRouterStaticRoutes(vpcName, nil, nil, "", externalIDs).Return(existingKubeOvnRoutes, nil)
+		mockOvnClient.EXPECT().ListLogicalRouterStaticRoutes(vpcName, nil, nil, "", staticRouteExternalIDs).Return(existingKubeOvnRoutes, nil)
 		mockOvnClient.EXPECT().GetLogicalRouter(vpcName, false).Return(&ovnnb.LogicalRouter{
 			Name: vpcName,
 			Nat:  []string{},
 		}, nil)
 		mockOvnClient.EXPECT().DeleteLogicalRouterStaticRoute(vpcName, gomock.Any(), gomock.Any(), "10.0.0.0/24", "1.2.3.4").Return(nil)
 		mockOvnClient.EXPECT().DeleteLogicalRouterStaticRoute(vpcName, gomock.Any(), gomock.Any(), "192.168.0.0/24", "10.0.0.1").Return(nil)
-		mockOvnClient.EXPECT().ClearLogicalRouterPolicy(vpcName).Return(nil)
+		policyExternalIDs := map[string]string{ovs.ExternalIDVendor: util.CniTypeName, ovs.ExternalIDVpcPolicyRoute: "true"}
+		mockOvnClient.EXPECT().DeleteLogicalRouterPolicies(vpcName, -1, policyExternalIDs).Return(nil)
 		mockOvnClient.EXPECT().ListLogicalSwitch(gomock.Any(), gomock.Any()).Return([]ovnnb.LogicalSwitch{}, nil).AnyTimes()
 		mockOvnClient.EXPECT().ListLogicalRouter(gomock.Any(), gomock.Any()).Return([]ovnnb.LogicalRouter{}, nil).AnyTimes()
 		mockOvnClient.EXPECT().DeleteLogicalRouterPort(fmt.Sprintf("bfd@%s", vpcName)).Return(nil)
@@ -267,11 +282,14 @@ func Test_handleAddOrUpdateVpc_staticRoutes(t *testing.T) {
 		err = fakeinformers.vpcInformer.Informer().GetStore().Add(vpc)
 		require.NoError(t, err)
 
-		externalIDs := map[string]string{"vendor": util.CniTypeName}
+		staticRouteExternalIDs := map[string]string{
+			ovs.ExternalIDVendor:         util.CniTypeName,
+			ovs.ExternalIDVpcStaticRoute: "true",
+		}
 
 		mockOvnClient.EXPECT().CreateLogicalRouter(vpcName).Return(nil)
 		mockOvnClient.EXPECT().UpdateLogicalRouter(gomock.Any(), gomock.Any()).Return(nil)
-		mockOvnClient.EXPECT().ListLogicalRouterStaticRoutes(vpcName, nil, nil, "", externalIDs).Return(nil, nil)
+		mockOvnClient.EXPECT().ListLogicalRouterStaticRoutes(vpcName, nil, nil, "", staticRouteExternalIDs).Return(nil, nil)
 		mockOvnClient.EXPECT().GetLogicalRouter(vpcName, false).Return(&ovnnb.LogicalRouter{
 			Name: vpcName,
 			Nat:  []string{},
@@ -282,10 +300,11 @@ func Test_handleAddOrUpdateVpc_staticRoutes(t *testing.T) {
 			"dst-ip",
 			"192.168.0.0/24",
 			nil,
-			externalIDs,
+			staticRouteExternalIDs,
 			"10.0.0.1",
 		).Return(nil)
-		mockOvnClient.EXPECT().ClearLogicalRouterPolicy(vpcName).Return(nil)
+		policyExternalIDs := map[string]string{ovs.ExternalIDVendor: util.CniTypeName, ovs.ExternalIDVpcPolicyRoute: "true"}
+		mockOvnClient.EXPECT().DeleteLogicalRouterPolicies(vpcName, -1, policyExternalIDs).Return(nil)
 		mockOvnClient.EXPECT().ListLogicalSwitch(gomock.Any(), gomock.Any()).Return([]ovnnb.LogicalSwitch{}, nil).AnyTimes()
 		mockOvnClient.EXPECT().ListLogicalRouter(gomock.Any(), gomock.Any()).Return([]ovnnb.LogicalRouter{}, nil).AnyTimes()
 		mockOvnClient.EXPECT().DeleteLogicalRouterPort(fmt.Sprintf("bfd@%s", vpcName)).Return(nil)
diff --git a/pkg/ovs/ovn.go b/pkg/ovs/ovn.go
@@ -52,6 +52,8 @@ const (
 
 	ExternalIDVendor           = "vendor"
 	ExternalIDVpcEgressGateway = "vpc-egress-gateway"
+	ExternalIDVpcPolicyRoute   = "vpc-policy-route"
+	ExternalIDVpcStaticRoute   = "vpc-static-route"
 )
 
 // NewLegacyClient init a legacy ovn client

Original file line number	Diff line number	Diff line change
`@@ -52,6 +52,8 @@ const (`
`52`	`52`
`53`	`53`	`ExternalIDVendor = "vendor"`
`54`	`54`	`ExternalIDVpcEgressGateway = "vpc-egress-gateway"`
	`55`	`+ ExternalIDVpcPolicyRoute = "vpc-policy-route"`
	`56`	`+ ExternalIDVpcStaticRoute = "vpc-static-route"`
`55`	`57`	`)`
`56`	`58`
`57`	`59`	`// NewLegacyClient init a legacy ovn client`