do not need to delete pg when update networkpolicy #1959
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
hongzhen-ma
force-pushed
the
networkpolicy
branch
from
7e4e87e
to
5c5f5a1
Compare
oilbeater
requested changes
Oct 17, 2022
hongzhen-ma
force-pushed
the
networkpolicy
branch
from
5c5f5a1
to
85cb5ab
Compare
oilbeater
approved these changes
Oct 17, 2022
hongzhen-ma
force-pushed
the
networkpolicy
branch
2 times, most recently
from
4b1362f
to
89175f5
Compare
|
测试确认,不能将 acl 删除放在 acl 创建逻辑中,否则会导致已经创建的 acl 被删除 在删除 DeletePortGroup 之后,已经减少了 acl 删除与创建之间,networkpolicy 导致流量短暂通的问题。相比功能不能用,这个bug的优先级要低一些。 |
hongzhen-ma
force-pushed
the
networkpolicy
branch
from
89175f5
to
f3e92c5
Compare
|
测试在同一个 transaction 中,同时执行 删除与添加 acl 的动作,遇到部分情况下,默认添加的 drop 规则没有添加上的情况 命令行确认是正确的,手动执行的话,就有 drop 规则生成
更新networkpolicy,从 allow-all 变更为 deny-all,可能是时序问题导致的 drop 规则丢失
|
|
1、删除 acl 的动作,只能在循环外执行一次,删除之后,就只能执行添加的动作。 |
hongzhen-ma
force-pushed
the
networkpolicy
branch
from
f3e92c5
to
d216a0a
Compare
|
如果将 drop ACL的 --may-exist 去掉,就会在创建 acl 时候出现冲突 这也证明了,在更新networkpolicy时候,drop acl 是存在的。但是之前的测试结果,在更新之后,drop acl 就不见了,应该是被删掉了。 |
|
使用--id 指定 acl 参数,创建acl,在同一个transaction的命令行中,指定的 --id 参数不能重复,否则有以下报错 |
hongzhen-ma
force-pushed
the
networkpolicy
branch
from
d216a0a
to
0b9d563
Compare
hongzhen-ma
force-pushed
the
networkpolicy
branch
from
0b9d563
to
21b2104
Compare
oilbeater
approved these changes
Nov 2, 2022
hongzhen-ma
added a commit
that referenced
this pull request
Nov 3, 2022
hongzhen-ma
added a commit
that referenced
this pull request
Nov 3, 2022
hongzhen-ma
added a commit
that referenced
this pull request
Nov 3, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What type of this PR
do not need to delete pg when update networkpolicy
Which issue(s) this PR fixes:
Fixes #1878