fix: port security

kubeovn · Dec 20, 2021 · 3657155 · 3657155
1 parent 7919901
commit 3657155
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 8 deletions.
diff --git a/pkg/controller/pod.go b/pkg/controller/pod.go
@@ -680,15 +680,15 @@ func (c *Controller) handleUpdatePodSecurity(key string) error {
 			return err
 		}
 
+		var securityGroups string
 		if portSecurity {
-			securityGroupAnnotation := pod.Annotations[fmt.Sprintf(util.SecurityGroupAnnotationTemplate, podNet.ProviderName)]
-			portName := ovs.PodNameToPortName(name, namespace, podNet.ProviderName)
-			if err = c.reconcilePortSg(portName, securityGroupAnnotation); err != nil {
-				klog.Errorf("reconcilePortSg failed. %v", err)
-				return err
-			}
+			securityGroups = pod.Annotations[fmt.Sprintf(util.SecurityGroupAnnotationTemplate, podNet.ProviderName)]
+			securityGroups = strings.ReplaceAll(securityGroups, " ", "")
+		}
+		if err = c.reconcilePortSg(ovs.PodNameToPortName(name, namespace, podNet.ProviderName), securityGroups); err != nil {
+			klog.Errorf("reconcilePortSg failed. %v", err)
+			return err
 		}
-
 	}
 	return nil
 }

diff --git a/pkg/ovs/ovn-nbctl.go b/pkg/ovs/ovn-nbctl.go
@@ -163,12 +163,15 @@ func (c Client) SetPortExternalIds(port, key, value string) error {
 
 func (c Client) SetPortSecurity(portSecurity bool, port, mac, ipStr, vips string) error {
 	var addresses []string
+	ovnCommand := []string{"lsp-set-port-security", port}
 	if portSecurity {
 		addresses = append(addresses, mac)
 		addresses = append(addresses, strings.Split(ipStr, ",")...)
 		addresses = append(addresses, strings.Split(vips, ",")...)
+		ovnCommand = append(ovnCommand, strings.Join(addresses, " "))
 	}
-	if _, err := c.ovnNbCommand("lsp-set-port-security", port, strings.Join(addresses, " ")); err != nil {
+
+	if _, err := c.ovnNbCommand(ovnCommand...); err != nil {
 		klog.Errorf("set port %s security failed: %v", port, err)
 		return err
 	}