func()

in controllers/daemon/staticgatewayconfiguration_controller.go [231:321]

• 83 lines of code
• 21 McCabe index (conditional complexity)

func (r *StaticGatewayConfigurationReconciler) cleanUp(ctx context.Context) error {
	log := log.FromContext(ctx)
	log.Info("Cleaning up orphaned gateway network configurations")

	gwConfigList := &egressgatewayv1alpha1.StaticGatewayConfigurationList{}
	if err := r.List(ctx, gwConfigList); err != nil {
		return fmt.Errorf("failed to list staticGatewayConfigurations: %w", err)
	}
	existingWgLinks := make(map[string]struct{})
	existingIPs := make(map[string]struct{})
	hasActiveGateway := false
	for _, gwConfig := range gwConfigList.Items {
		if applyToNode(&gwConfig) && gwConfig.DeletionTimestamp.IsZero() {
			_, vmSecondaryIP, err := r.getVMIP(ctx, &gwConfig)
			if err != nil {
				log.Error(err, "failed to get VM secondaryIP during cleanup", "gwConfig", fmt.Sprintf("%s/%s", gwConfig.Namespace, gwConfig.Name))
				continue
			}
			existingWgLinks[getWireguardInterfaceName(&gwConfig)] = struct{}{}
			existingIPs[vmSecondaryIP] = struct{}{}
			hasActiveGateway = true
		}
	}

	gwns, err := r.NetNS.GetNS(consts.GatewayNetnsName)
	if err != nil {
		return fmt.Errorf("failed to get network namespace %s: %w", consts.GatewayNetnsName, err)
	}
	defer gwns.Close()

	var links []netlink.Link
	var ips []netlink.Addr
	if err := gwns.Do(func(nn ns.NetNS) error {
		var err error
		links, err = r.Netlink.LinkList()
		if err != nil {
			return fmt.Errorf("failed to list links in gateway namespace: %w", err)
		}
		hostLink, err := r.Netlink.LinkByName(consts.HostLinkName)
		if err != nil {
			return fmt.Errorf("failed to get host link in gateway namespace: %w", err)
		}
		ips, err = r.Netlink.AddrList(hostLink, nl.FAMILY_ALL)
		if err != nil {
			return fmt.Errorf("failed to list addresses on host0 in gateway namespace: %w", err)
		}
		return nil
	}); err != nil {
		return err
	}

	for _, ip := range ips {
		if _, ok := existingIPs[ip.IP.String()]; !ok {
			log.Info("Removing orphaned IP", "ip", ip.IP.String())
			if err := r.ensureDeleteIP(ctx, gwns, ip); err != nil {
				log.Error(err, fmt.Sprintf("failed to cleanup vmSecondaryIP %s", ip.IP.String()))
			}
		}
	}

	for _, link := range links {
		if strings.HasPrefix(link.Attrs().Name, consts.WiregaurdLinkNamePrefix) {
			if _, ok := existingWgLinks[link.Attrs().Name]; !ok {
				log.Info("Removing orphaned wireguard link", "link", link.Attrs().Name)
				if err := r.ensureDeleteLink(ctx, gwns, link); err != nil {
					log.Error(err, fmt.Sprintf("failed to cleanup wireguard link %s", link.Attrs().Name))
				}
			}
		}
	}

	if !hasActiveGateway {
		log.Info("No active gateway found, cleaning up leftover network configurations")
		if err := r.reconcileIlbIPOnHost(ctx, ""); err != nil {
			return fmt.Errorf("failed to cleanup ILB IP on host: %w", err)
		}

		if err := r.removeIPTablesChains(
			ctx,
			utiliptables.TableNAT,
			[]utiliptables.Chain{utiliptables.Chain("EGRESS-GATEWAY-SNAT")},
			[]utiliptables.Chain{utiliptables.ChainPostrouting},
			[]string{"kube-egress-gateway no MASQUERADE"},
		); err != nil {
			return fmt.Errorf("failed to delete iptables chain EGRESS-GATEWAY-SNAT: %w", err)
		}
	}

	log.Info("Network namespace cleanup completed")
	return nil
}