enable check vlan conflict

[zbb88888]

Pull Request

• Make sure you have followed Kube-OVN Code Style.

What type of this PR

Examples of user facing changes:

• Features

1. kube-ovn-controller 保证新创建 vlan crd 不和集群内的 tunnel nic vlan 以及已存在的 vlan 冲突（vlan crd 生效前处理，vlan status conflict 为 true，子网 not ready）
2. kube-ovn-cni 保证新创建 vlan crd 不和集群内的 tunnel vlan，以及 node 上已有的 vlan 子接口冲突 （记录 ProviderNetwork condition err，not ready）
3. kube-ovn-cni 周期性检查：vlan 已创建，如果发现有其他provider network 同网卡的子接口 vlan 冲突，则（记录 ProviderNetwork condition err，not ready）

Which issue(s) this PR fixes

Fixes #(issue-number)

[gemini-code-assist]

Hello @zbb88888, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

Summary of Changes

This pull request introduces a mechanism to check for VLAN conflicts within the Kube-OVN environment. It ensures that newly created VLANs do not conflict with existing tunnel VLANs on nodes or other VLANs already present in the cluster. This is achieved by adding a conflict status to the VLAN CRD and implementing checks in both the kube-ovn-controller and kube-ovn-cni components. The changes include adding a new configuration option to enable/disable the VLAN conflict check, updating the VLAN status to reflect conflicts, and implementing periodic checks to identify and report conflicts.

Highlights

• VLAN Conflict Detection: Implements checks to prevent VLAN ID conflicts between newly created VLAN CRDs, existing tunnel VLANs on nodes, and other VLANs in the cluster.
• Kube-OVN Controller Changes: Modifies the kube-ovn-controller to ensure new VLAN CRDs do not conflict with tunnel NIC VLANs or existing VLANs before becoming effective. Sets the VLAN status to 'conflict' and marks the subnet as 'not ready' if a conflict is detected.
• Kube-OVN CNI Changes: Updates kube-ovn-cni to check for conflicts between new VLAN CRDs and tunnel VLANs, as well as existing VLAN sub-interfaces on nodes. Records a ProviderNetwork condition error and marks the network as 'not ready' if conflicts are found. Also, implements periodic checks to detect conflicts with other Provider Networks.
• Configuration Option: Adds a new configuration flag --enable-check-vlan-conflict to enable or disable the VLAN conflict check feature.
• Node Labeling: The daemon now patches nodes with labels indicating the tunnel VLAN ID, which the controller uses to check for conflicts.

Changelog

Click here to see the changelog

• dist/images/install.sh
  • Adds --enable-check-vlan-conflict=true to kube-ovn-controller's arguments.
  • Sets a default value for IFACE to bond0.123.
• pkg/apis/kubeovn/v1/vlan.go
  • Adds a Conflict field to the VlanStatus struct to indicate if the VLAN has conflicts.
• pkg/controller/config.go
  • Adds a EnableCheckVlanConflict field to the Configuration struct.
  • Adds a command-line flag --enable-check-vlan-conflict to control whether to enable VLAN conflict checking.
• pkg/controller/subnet.go
  • Checks for VLAN conflicts before formatting a subnet if EnableCheckVlanConflict is true. Returns an error if the VLAN is in conflict.
• pkg/controller/vlan.go
  • Imports fmt, strconv, and github.com/scylladb/go-set/strset.
  • In handleAddVlan, checks for VLAN conflicts with node tunnel VLANs and other VLANs. Updates the VLAN status to Conflict if a conflict is found.
• pkg/daemon/config.go
  • Adds netlink import.
  • Adds IfaceVlanID and EnableCheckVlanConflict fields to the Configuration struct.
  • Adds a command-line flag --enable-check-vlan-conflict to control whether to enable VLAN conflict checking.
  • Caches the tunnel NIC VLAN ID during initialization if EnableCheckVlanConflict is enabled.
  • Adds a getVLAN function to retrieve the VLAN ID of a given interface.
• pkg/daemon/controller.go
  • In initProviderNetwork, checks if the VLAN ID is already used by the tunnel interface on the node. Records a ProviderNetwork error if a conflict is found.
  • In Run, patches the node with tunnel VLAN ID labels and starts a periodic check for VLAN conflicts.
  • Adds loopCheckVlanConflict to periodically check for VLAN conflicts between tunnel VLANs and OVS VLANs, and between OVS VLANs and OS VLANs. Records ProviderNetwork errors if conflicts are found.
• pkg/daemon/ovs_linux.go
  • Imports slices and github.com/scylladb/go-set/strset.
  • Adds loopCheckVlanConflict to check for vlan conflicts.
  • Adds patchNodeTunnelVlanLabel to patch the node with tunnel vlan labels.
• pkg/util/const.go
  • Adds TunnelVlanIDLabel and TunnelUseVlanLabel constants for node labels.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

---

A VLAN's tale, a tangled web,
Of IDs clashing, causing ebb.
To check and guard, with vigilant eye,
Conflicts resolved, beneath the sky.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a VLAN conflict check feature to prevent the creation of conflicting VLANs in the cluster. The feature is implemented in both the kube-ovn-controller and kube-ovn-cni components. Overall, the code is well-structured and addresses the intended functionality. However, there are some areas where improvements can be made to enhance maintainability, efficiency, and clarity.

Summary of Findings

• VLAN Conflict Check Logic: The VLAN conflict check logic is implemented in both the controller and daemon, leading to potential redundancy and inconsistency. Consolidating this logic into a shared library or webhook would improve maintainability and ensure consistent behavior across components.
• Error Handling in Conflict Detection: The error handling in the VLAN conflict detection loops could be improved. Currently, errors are logged but the loop continues, potentially masking other conflicts. Consider returning immediately upon encountering an error to prevent further processing and ensure that all errors are surfaced.
• Logging Consistency: The logging messages use inconsistent formatting and verbosity levels. Standardizing the logging format and using consistent verbosity levels would improve readability and debuggability.

Merge Readiness

The pull request introduces a valuable feature for preventing VLAN conflicts. However, the identified issues regarding redundant logic, error handling, and logging consistency should be addressed before merging. Addressing these concerns will improve the overall quality and maintainability of the code. I am unable to directly approve this pull request, and recommend that others review and approve this code before merging.

[coveralls]

Pull Request Test Coverage Report for Build 14372473322

Warning: This coverage report may be inaccurate.

This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.

• For more information on this, see Tracking coverage changes with pull request builds.
• To avoid this issue with future PRs, see these Recommended CI Configurations.
• For a quick fix, rebase this PR at GitHub. Your next report should be accurate.

Details

• 0 of 178 (0.0%) changed or added relevant lines in 6 files are covered.
• 1053 unchanged lines in 9 files lost coverage.
• Overall coverage decreased (-0.3%) to 21.704%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
pkg/controller/config.go	0	2	0.0%
pkg/controller/subnet.go	0	7	0.0%
pkg/daemon/controller.go	0	14	0.0%
pkg/daemon/config.go	0	27	0.0%
pkg/controller/vlan.go	0	40	0.0%
pkg/daemon/ovs_linux.go	0	88	0.0%

Files with Coverage Reduction	New Missed Lines	%
pkg/controller/config.go	22	0.0%
pkg/apis/kubeovn/v1/subnet.go	25	0.0%
pkg/controller/endpoint.go	77	0.0%
pkg/ovs/ovn-nb-load_balancer.go	83	72.76%
pkg/controller/init.go	107	0.0%
pkg/controller/service.go	110	0.0%
pkg/daemon/controller.go	127	0.0%
pkg/controller/pod.go	207	0.0%
pkg/daemon/controller_linux.go	295	0.0%

Totals
Change from base Build 14098291719:	-0.3%
Covered Lines:	10263
Relevant Lines:	47286

---

💛 - Coveralls