fix(agent): VTEPTable +listType=map + optimistic retry in registerVTEP

syscod3 · syscod3 · commit 26abf459eb3b · 2026-03-08T03:36:39.000Z
Change VTEPTable list type annotation from +listType=atomic to
+listType=map (key: vmIP) so concurrent status patches from multiple
agent nodes are merged by the API server rather than last-write-wins.

Wrap registerVTEP in retry.RetryOnConflict with optimistic lock
(MergeFromWithOptimisticLock) so a conflict on the status patch causes
a re-fetch and retry instead of a silent data loss.

Regenerate CRDs; vtepTable now carries x-kubernetes-list-type: map
and x-kubernetes-list-map-keys: [vmIP] in the schema.

Add concurrent-write unit test that exercises two goroutines calling
registerVTEP simultaneously and asserts both entries survive.
diff --git a/api/v1alpha1/impnetwork_types.go b/api/v1alpha1/impnetwork_types.go
@@ -126,7 +126,8 @@ type ImpNetworkStatus struct {
 	// VTEPTable contains VTEP entries for cross-node VXLAN FDB population.
 	// Each entry maps a VM's IP and MAC to the node IP hosting it.
 	// +optional
-	// +listType=atomic
+	// +listType=map
+	// +listMapKey=vmIP
 	VTEPTable []VTEPEntry `json:"vtepTable,omitempty"`
 }
 
diff --git a/config/crd/bases/imp.dev_impnetworks.yaml b/config/crd/bases/imp.dev_impnetworks.yaml
@@ -256,7 +256,9 @@ spec:
                   - vmMAC
                   type: object
                 type: array
-                x-kubernetes-list-type: atomic
+                x-kubernetes-list-map-keys:
+                - vmIP
+                x-kubernetes-list-type: map
             type: object
         type: object
     served: true
diff --git a/internal/agent/reconciler.go b/internal/agent/reconciler.go
@@ -10,6 +10,7 @@ import (
 
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/client-go/util/retry"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
@@ -278,46 +279,50 @@ func (r *ImpVMReconciler) SetupWithManager(mgr ctrl.Manager) error {
 }
 
 // registerVTEP adds or updates the VTEPEntry for vm in ImpNetwork.status.vtepTable.
+// It uses optimistic-lock retries to handle concurrent patches from multiple agents.
 func (r *ImpVMReconciler) registerVTEP(ctx context.Context, vm *impdevv1alpha1.ImpVM, vmIP, vmMAC string) error {
-	var impNet impdevv1alpha1.ImpNetwork
-	if err := r.Get(ctx, client.ObjectKey{
-		Namespace: vm.Namespace,
-		Name:      vm.Spec.NetworkRef.Name,
-	}, &impNet); err != nil {
-		return err
-	}
+	return retry.RetryOnConflict(retry.DefaultBackoff, func() error {
+		var impNet impdevv1alpha1.ImpNetwork
+		if err := r.Get(ctx, client.ObjectKey{
+			Namespace: vm.Namespace,
+			Name:      vm.Spec.NetworkRef.Name,
+		}, &impNet); err != nil {
+			return err
+		}
 
-	// Check if an up-to-date entry already exists.
-	for _, e := range impNet.Status.VTEPTable {
-		if e.VMIP == vmIP && e.VMMAC == vmMAC && e.NodeIP == r.NodeIP {
-			return nil // already registered
+		// Check if an up-to-date entry already exists.
+		for _, e := range impNet.Status.VTEPTable {
+			if e.VMIP == vmIP && e.VMMAC == vmMAC && e.NodeIP == r.NodeIP {
+				return nil // already registered
+			}
 		}
-	}
 
-	base := impNet.DeepCopy()
+		base := impNet.DeepCopy()
 
-	// Replace or append entry for this VM IP.
-	found := false
-	for i, e := range impNet.Status.VTEPTable {
-		if e.VMIP == vmIP {
-			impNet.Status.VTEPTable[i] = impdevv1alpha1.VTEPEntry{
+		// Replace or append entry for this VM IP.
+		found := false
+		for i, e := range impNet.Status.VTEPTable {
+			if e.VMIP == vmIP {
+				impNet.Status.VTEPTable[i] = impdevv1alpha1.VTEPEntry{
+					NodeIP: r.NodeIP,
+					VMIP:   vmIP,
+					VMMAC:  vmMAC,
+				}
+				found = true
+				break
+			}
+		}
+		if !found {
+			impNet.Status.VTEPTable = append(impNet.Status.VTEPTable, impdevv1alpha1.VTEPEntry{
 				NodeIP: r.NodeIP,
 				VMIP:   vmIP,
 				VMMAC:  vmMAC,
-			}
-			found = true
-			break
+			})
 		}
-	}
-	if !found {
-		impNet.Status.VTEPTable = append(impNet.Status.VTEPTable, impdevv1alpha1.VTEPEntry{
-			NodeIP: r.NodeIP,
-			VMIP:   vmIP,
-			VMMAC:  vmMAC,
-		})
-	}
 
-	return r.Status().Patch(ctx, &impNet, client.MergeFrom(base))
+		return r.Status().Patch(ctx, &impNet,
+			client.MergeFromWithOptions(base, client.MergeFromWithOptimisticLock{}))
+	})
 }
 
 // deregisterVTEP removes the VTEPEntry for vm.Status.IP from ImpNetwork.status.vtepTable.
diff --git a/internal/agent/reconciler_test.go b/internal/agent/reconciler_test.go
@@ -5,6 +5,7 @@ package agent
 import (
 	"context"
 	"errors"
+	"sync"
 	"time"
 
 	. "github.com/onsi/ginkgo/v2"
@@ -499,6 +500,55 @@ var _ = Describe("ImpVM Agent: Running — lazy reattach on agent restart", func
 	})
 })
 
+var _ = Describe("ImpVM Agent: registerVTEP — concurrent writes", func() {
+	ctx := context.Background()
+
+	It("preserves both entries when two goroutines register simultaneously", func() {
+		impNet := &impdevv1alpha1.ImpNetwork{
+			ObjectMeta: metav1.ObjectMeta{Name: "test-net-concurrent", Namespace: "default"},
+			Spec:       impdevv1alpha1.ImpNetworkSpec{Subnet: "10.200.0.0/24"},
+		}
+		Expect(k8sClient.Create(ctx, impNet)).To(Succeed())
+		DeferCleanup(func() { k8sClient.Delete(ctx, impNet) }) //nolint:errcheck
+
+		r1 := &ImpVMReconciler{Client: k8sClient, NodeIP: "10.0.0.1"}
+		r2 := &ImpVMReconciler{Client: k8sClient, NodeIP: "10.0.0.2"}
+
+		vm1 := &impdevv1alpha1.ImpVM{
+			ObjectMeta: metav1.ObjectMeta{Name: "vm1-conc", Namespace: "default"},
+			Spec:       impdevv1alpha1.ImpVMSpec{NetworkRef: &impdevv1alpha1.LocalObjectRef{Name: "test-net-concurrent"}},
+		}
+		vm2 := &impdevv1alpha1.ImpVM{
+			ObjectMeta: metav1.ObjectMeta{Name: "vm2-conc", Namespace: "default"},
+			Spec:       impdevv1alpha1.ImpVMSpec{NetworkRef: &impdevv1alpha1.LocalObjectRef{Name: "test-net-concurrent"}},
+		}
+
+		var wg sync.WaitGroup
+		var err1, err2 error
+		wg.Add(2)
+		go func() {
+			defer wg.Done()
+			err1 = r1.registerVTEP(ctx, vm1, "10.200.0.2", "02:00:00:00:00:01")
+		}()
+		go func() {
+			defer wg.Done()
+			err2 = r2.registerVTEP(ctx, vm2, "10.200.0.3", "02:00:00:00:00:02")
+		}()
+		wg.Wait()
+
+		Expect(err1).NotTo(HaveOccurred())
+		Expect(err2).NotTo(HaveOccurred())
+
+		updated := &impdevv1alpha1.ImpNetwork{}
+		Expect(k8sClient.Get(ctx, types.NamespacedName{Name: "test-net-concurrent", Namespace: "default"}, updated)).To(Succeed())
+		vmIPs := make([]string, 0, len(updated.Status.VTEPTable))
+		for _, e := range updated.Status.VTEPTable {
+			vmIPs = append(vmIPs, e.VMIP)
+		}
+		Expect(vmIPs).To(ConsistOf("10.200.0.2", "10.200.0.3"))
+	})
+})
+
 var _ = Describe("ImpVM Agent: handleTerminating driver.Stop error", func() {
 	ctx := context.Background()
 

Original file line number	Diff line number	Diff line change
`@@ -126,7 +126,8 @@ type ImpNetworkStatus struct {`
`126`	`126`	`// VTEPTable contains VTEP entries for cross-node VXLAN FDB population.`
`127`	`127`	`// Each entry maps a VM's IP and MAC to the node IP hosting it.`
`128`	`128`	`// +optional`
`129`		`- // +listType=atomic`
	`129`	`+ // +listType=map`
	`130`	`+ // +listMapKey=vmIP`
`130`	`131`	VTEPTable []VTEPEntry `json:"vtepTable,omitempty"`
`131`	`132`	`}`
`132`	`133`