Ensure no KuryrNet addition is tried when namespace is not present

In case the KuryrNet CRD addition is being handled and the namespace is not present on the cluster anymore, the Kuryr Controller is marked as unhealthy and restarted. This commit ensures any event that tries to get a not present namespace is skipped. Closes-Bug: 1846525 Change-Id: I9468785e79c5692709e5c50a3b92cc30f6a37fd8
2019-10-03 16:18:33 +00:00
parent 232509ee66
commit 474495f8c5
5 changed files with 63 additions and 3 deletions
--- a/kuryr_kubernetes/controller/drivers/network_policy_security_groups.py
+++ b/kuryr_kubernetes/controller/drivers/network_policy_security_groups.py
@@ -180,6 +180,10 @@ def _create_sg_rule_on_text_port(sg_id, direction, port, rule_selected_pods,
                pods=pods)
        else:
            namespace_obj = driver_utils.get_namespace(namespace)
+            if not namespace_obj:
+                LOG.debug("Skipping SG rule creation. Inexistent"
+                          " namespace.")
+                continue
            namespace_cidr = driver_utils.get_namespace_subnet_cidr(
                namespace_obj)
            sg_rule = driver_utils.create_security_group_rule_body(
--- a/kuryr_kubernetes/controller/drivers/utils.py
+++ b/kuryr_kubernetes/controller/drivers/utils.py
@@ -507,9 +507,14 @@ def get_ports(resource, port):

 def get_namespace(namespace_name):
    kubernetes = clients.get_kubernetes_client()
-    return kubernetes.get(
-        '{}/namespaces/{}'.format(
-            constants.K8S_API_BASE, namespace_name))
+    try:
+        return kubernetes.get(
+            '{}/namespaces/{}'.format(
+                constants.K8S_API_BASE, namespace_name))
+    except k_exc.K8sResourceNotFound:
+        LOG.debug("Namespace not found: %s",
+                  namespace_name)
+        return None


 def update_port_pci_info(pod, vif):
--- a/kuryr_kubernetes/controller/handlers/kuryrnet.py
+++ b/kuryr_kubernetes/controller/handlers/kuryrnet.py
@@ -50,6 +50,9 @@ class KuryrNetHandler(k8s_base.ResourceEventHandler):
        namespace = kuryrnet_crd['metadata']['annotations'].get(
            'namespaceName')
        namespace_obj = driver_utils.get_namespace(namespace)
+        if not namespace_obj:
+            LOG.debug("Skipping Kuryrnet addition. Inexistent namespace.")
+            return
        namespace_kuryrnet_annotations = driver_utils.get_annotations(
            namespace_obj, constants.K8S_ANNOTATION_NET_CRD)
        if namespace_kuryrnet_annotations != kuryrnet_crd['metadata']['name']:
--- a/kuryr_kubernetes/tests/unit/controller/drivers/test_utils.py
+++ b/kuryr_kubernetes/tests/unit/controller/drivers/test_utils.py
@@ -0,0 +1,36 @@
+# Copyright 2019 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+import mock
+
+from kuryr_kubernetes.controller.drivers import utils
+
+from kuryr_kubernetes import constants
+from kuryr_kubernetes import exceptions
+from kuryr_kubernetes.tests import base as test_base
+from kuryr_kubernetes.tests.unit import kuryr_fixtures as k_fix
+
+
+class TestUtils(test_base.TestCase):
+
+    def test_get_namespace_not_found(self):
+        namespace_name = mock.sentinel.namespace_name
+        kubernetes = self.useFixture(k_fix.MockK8sClient()).client
+        kubernetes.get.side_effect = exceptions.K8sResourceNotFound(
+            mock.sentinel.resource)
+
+        resp = utils.get_namespace(namespace_name)
+
+        self.assertIsNone(resp)
+        kubernetes.get.assert_called_once_with('{}/namespaces/{}'.format(
+            constants.K8S_API_BASE, namespace_name))
--- a/kuryr_kubernetes/tests/unit/controller/handlers/test_kuryrnet.py
+++ b/kuryr_kubernetes/tests/unit/controller/handlers/test_kuryrnet.py
@@ -99,3 +99,15 @@ class TestKuryrNetHandler(test_base.TestCase):
                                                    self._subnets,
                                                    [])
        m_patch_kn_crd.assert_called_once()
+
+    @mock.patch.object(driver_utils, 'get_annotations')
+    @mock.patch.object(driver_utils, 'get_namespace')
+    def test_on_added_no_namespace(self, m_get_ns, m_get_ann):
+        m_get_ns.return_value = None
+        ns_name = self._kuryrnet_crd['metadata']['annotations'].get(
+            'namespaceName')
+
+        kuryrnet.KuryrNetHandler.on_added(self._handler, self._kuryrnet_crd)
+
+        m_get_ns.assert_called_once_with(ns_name)
+        m_get_ann.assert_not_called()