Kube-OVN Version
v1.13.0
Kubernetes Version
sbctl版本
kubectl-ko sbctl --version
ovn-sbctl 24.03.5
Open vSwitch Library 3.3.3
DB Schema 20.33.0
nbctl版本
kubectl-ko nbctl --version
ovn-nbctl 24.03.5
Open vSwitch Library 3.3.3
DB Schema 7.3.0
Operation-system/Kernel Version
/etc/os-release
"CentOS Stream 9"
uname -r
5.14.0-407.el9.x86_64
Description
创建snat规则时没有加上finalizers参数
finalizers:
- kubeovn.io/kube-ovn-controller
导致删除时snat在vpc-nat-gw pod内规则没有正常删除
Steps To Reproduce
1 编辑snat.yaml
apiVersion: kubeovn.io/v1
kind: IptablesSnatRule
metadata:
annotations:
ovn.kubernetes.io/vpc_eip: iptableseip-kvefapux
creationTimestamp: "2025-04-21T07:03:53Z"
generation: 1
labels:
ovn.kubernetes.io/eip_v4_ip: 10.1.69.203
ovn.kubernetes.io/vpc-nat-gw-name: v-gw-b1c023e2a60dbca2
name: snat-iptableseip-kvefapux
resourceVersion: "920261675"
uid: 3bcaa55d-65de-4960-a602-7d00064f699b
spec:
eip: iptableseip-kvefapux
internalCIDR: 10.0.1.0/242 创建snat资源 kubectl apply -f snat.yaml
3 查看snat资源 ,缺少finalizers参数
kubectl get snat snat-iptableseip-kvefapux -oyaml
apiVersion: kubeovn.io/v1
kind: IptablesSnatRule
metadata:
annotations:
ovn.kubernetes.io/vpc_eip: iptableseip-kvefapux
creationTimestamp: "2025-04-21T07:03:53Z"
generation: 1
labels:
ovn.kubernetes.io/eip_v4_ip: 10.1.69.203
ovn.kubernetes.io/vpc-nat-gw-name: v-gw-b1c023e2a60dbca2
name: snat-iptableseip-kvefapux
resourceVersion: "920261675"
uid: 3bcaa55d-65de-4960-a602-7d00064f699b
spec:
eip: iptableseip-kvefapux
internalCIDR: 10.0.1.0/24
status:
internalCIDR: 10.0.1.0/24
natGwDp: v-gw-b1c023e2a60dbca2
ready: true
redo: ""
v4ip: 10.1.69.203
v6ip: ""4 进入vpc-nat-gw pod
kubectl exec -it vpc-nat-gw-v-gw-b1c023e2a60dbca2-0 -- bash
查看 nat规则,存在一条snat规则
iptables-legacy -t nat -L -n -v
Chain SHARED_SNAT (1 references) pkts bytes target prot opt in out source destination 6 456 SNAT 0 -- * net1 10.0.1.0/24 0.0.0.0/0 to:10.1.69.203 random-fully
5 删除snat资源
kubectl delete snat snat-iptableseip-kvefapux
6 进入vpc-nat-gw pod
kubectl exec -it vpc-nat-gw-v-gw-b1c023e2a60dbca2-0 -- bash
查看 nat规则,还是存在一条snat规则,期望的删除snat规则未实现
iptables-legacy -t nat -L -n -v
Chain SHARED_SNAT (1 references) pkts bytes target prot opt in out source destination 6 456 SNAT 0 -- * net1 10.0.1.0/24 0.0.0.0/0 to:10.1.69.203 random-fully
Current Behavior
snat资源 ,缺少finalizers参数
删除snat资源后,pod 内snat规则还是存在
Expected Behavior
snat资源 ,有finalizers参数
删除snat资源后,pod 内snat规则被删除
Kube-OVN Version
v1.13.0
Kubernetes Version
sbctl版本
kubectl-ko sbctl --version
ovn-sbctl 24.03.5
Open vSwitch Library 3.3.3
DB Schema 20.33.0
nbctl版本
kubectl-ko nbctl --version
ovn-nbctl 24.03.5
Open vSwitch Library 3.3.3
DB Schema 7.3.0
Operation-system/Kernel Version
/etc/os-release
"CentOS Stream 9"
uname -r
5.14.0-407.el9.x86_64
Description
创建snat规则时没有加上finalizers参数
finalizers:
导致删除时snat在vpc-nat-gw pod内规则没有正常删除
Steps To Reproduce
1 编辑snat.yaml
2 创建snat资源 kubectl apply -f snat.yaml
3 查看snat资源 ,缺少finalizers参数
kubectl get snat snat-iptableseip-kvefapux -oyaml
4 进入vpc-nat-gw pod
kubectl exec -it vpc-nat-gw-v-gw-b1c023e2a60dbca2-0 -- bash
查看 nat规则,存在一条snat规则
iptables-legacy -t nat -L -n -v
Chain SHARED_SNAT (1 references) pkts bytes target prot opt in out source destination 6 456 SNAT 0 -- * net1 10.0.1.0/24 0.0.0.0/0 to:10.1.69.203 random-fully5 删除snat资源
kubectl delete snat snat-iptableseip-kvefapux
6 进入vpc-nat-gw pod
kubectl exec -it vpc-nat-gw-v-gw-b1c023e2a60dbca2-0 -- bash
查看 nat规则,还是存在一条snat规则,期望的删除snat规则未实现
iptables-legacy -t nat -L -n -v
Chain SHARED_SNAT (1 references) pkts bytes target prot opt in out source destination 6 456 SNAT 0 -- * net1 10.0.1.0/24 0.0.0.0/0 to:10.1.69.203 random-fullyCurrent Behavior
snat资源 ,缺少finalizers参数
删除snat资源后,pod 内snat规则还是存在
Expected Behavior
snat资源 ,有finalizers参数
删除snat资源后,pod 内snat规则被删除