Protect from sg Not Found on multiple np enforcement

When multiple Network policies deletion affecting the same pod happens at the same time, a Not Found exception can be raised causing a controller restart. This commit fixes the issue by ensuring the policy deletion is retried and the sgs list is updated. Change-Id: I55a0f81ab6e30ca672e3f3d4865aed3cd96a94d2 Closes-bug: 1856709
2019-12-17 13:38:13 +00:00 · 2019-12-17 13:38:13 +00:00 · ed6e9c1384
parent a047f20bf2
commit ed6e9c1384
1 changed files with 8 additions and 1 deletions
--- a/kuryr_kubernetes/controller/handlers/policy.py
+++ b/kuryr_kubernetes/controller/handlers/policy.py
@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+from neutronclient.common import exceptions as n_exc
+from openstack import exceptions as o_exc
 from oslo_cache import core as cache
 from oslo_config import cfg as oslo_cfg
 from oslo_log import log as logging
@ -116,7 +118,12 @@ class NetworkPolicyHandler(k8s_base.ResourceEventHandler):
                        raise oslo_cfg.RequiredOptError(
                            'pod_security_groups',
                            oslo_cfg.OptGroup('neutron_defaults'))
-                self._drv_vif_pool.update_vif_sgs(pod, pod_sgs)
+                try:
+                    self._drv_vif_pool.update_vif_sgs(pod, pod_sgs)
+                except (n_exc.NotFound, o_exc.NotFoundException):
+                    LOG.debug("Fail to update pod sgs."
+                              " Retrying policy deletion.")
+                    raise exceptions.ResourceNotReady(policy)

            # ensure ports at the pool don't have the NP sg associated
            net_id = self._get_policy_net_id(policy)