in controllers/daemon/podendpoint_controller.go [184:231]
func (r *PodEndpointReconciler) cleanUp(ctx context.Context) error {
log := log.FromContext(ctx)
log.Info("Cleaning up orphaned wireguard peers")
podEndpointList := &egressgatewayv1alpha1.PodEndpointList{}
if err := r.List(ctx, podEndpointList); err != nil {
return fmt.Errorf("failed to list PodEndpoints: %w", err)
}
gwConfigList := &egressgatewayv1alpha1.StaticGatewayConfigurationList{}
if err := r.List(ctx, gwConfigList); err != nil {
return fmt.Errorf("failed to list staticGatewayConfigurations: %w", err)
}
gwConfigMap := make(map[string]string)
for _, gwConfig := range gwConfigList.Items {
gwConfig := gwConfig
// skip deleting gwConfig, as the wglink will be deleted in staticGatewayConfiguration controller
if applyToNode(&gwConfig) && gwConfig.ObjectMeta.DeletionTimestamp.IsZero() {
gwConfigMap[strings.ToLower(fmt.Sprintf("%s/%s", gwConfig.Namespace, gwConfig.Name))] = getWireguardInterfaceName(&gwConfig)
}
}
// map: gw-namespace-name -> set of peer public keys
peerMap := make(map[string]map[string]struct{})
for _, podEndpoint := range podEndpointList.Items {
if wglinkName, ok := gwConfigMap[strings.ToLower(fmt.Sprintf("%s/%s", podEndpoint.Namespace, podEndpoint.Spec.StaticGatewayConfiguration))]; ok {
if _, exists := peerMap[wglinkName]; !exists {
peerMap[wglinkName] = make(map[string]struct{})
}
peerMap[wglinkName][podEndpoint.Spec.PodPublicKey] = struct{}{}
}
}
var peersToDelete []egressgatewayv1alpha1.PeerConfiguration
for _, wglinkName := range gwConfigMap {
peers, err := r.cleanUpWgLink(ctx, wglinkName, peerMap)
if err != nil {
// do not block cleaning up rest namespaces
log.Error(err, fmt.Sprintf("failed to clean up peers for wgLink %s", wglinkName))
}
peersToDelete = append(peersToDelete, peers...)
}
if err := r.updateGatewayNodeStatus(ctx, peersToDelete, false /* add */); err != nil {
return fmt.Errorf("failed to update gateway node status: %w", err)
}
log.Info("Wireguard peer cleanup completed")
return nil
}