networks: Add Owner annotation to NetAttachDefs

[zeeke]

depends on:

• Support namespaced {Sriov,SriovIB,OVS}Networks  #894

NetworkattachmentDefinitions are usually created in namespaces that are different
than the {Sriov,SriovIb,OVS}Networks, so the OwnerReference object field can't be
used to endorse the ownership reference.

Add a sriovnetwork.openshift.io/owner annotation to put on the NetAttachDef
to avoid multiple {Sriov,SriovIb,OVS}Network objects does not override changes.

[github-actions]

Thanks for your PR,
To run vendors CIs, Maintainers can use one of:

• /test-all: To run all tests for all vendors.
• /test-e2e-all: To run all E2E tests for all vendors.
• /test-e2e-nvidia-all: To run all E2E tests for NVIDIA vendor.

To skip the vendors CIs, Maintainers can use one of:

• /skip-all: To skip all tests for all vendors.
• /skip-e2e-all: To skip all E2E tests for all vendors.
• /skip-e2e-nvidia-all: To skip all E2E tests for NVIDIA vendor.
  Best regards.

[coveralls]

Pull Request Test Coverage Report for Build 17434124856

Details

• 20 of 24 (83.33%) changed or added relevant lines in 2 files are covered.
• 6 unchanged lines in 2 files lost coverage.
• Overall coverage increased (+0.2%) to 62.008%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
api/v1/helper.go	7	11	63.64%

Files with Coverage Reduction	New Missed Lines	%
controllers/drain_controller_helper.go	1	67.43%
controllers/generic_network_controller.go	5	78.35%

Totals
Change from base Build 17261676753:	0.2%
Covered Lines:	8691
Relevant Lines:	14016

---

💛 - Coveralls

[adrianchiris]

should we limit the cleanup to specific object kind ? according to the object returned in the controller.GetObject() ?

[zeeke]

good idea. The problem is that I didn't find a nice way to check that two pointers have the same underlying type.
The only one I found is

func isType(a, b interface{}) bool {
    return fmt.Sprintf("%T", a) == fmt.Sprintf("%T", b)
}

https://stackoverflow.com/questions/34820469/can-i-compare-variable-types-with-type-in-golang

which is not really nice :(

[adrianchiris]

@zeeke once #894 is merged, lets rebase this one so we can do final round of reviews.

[Copilot]

Pull Request Overview

This PR implements owner annotation functionality for NetworkAttachmentDefinitions to prevent conflicts when network objects exist in different namespaces. The change replaces the previous finalizer-based ownership approach with an annotation-based system that can work across namespace boundaries.

• Adds owner annotation to NetworkAttachmentDefinitions to track ownership relationships
• Implements garbage collection for orphaned NetworkAttachmentDefinitions
• Removes finalizer-based ownership system and migrates existing resources

Reviewed Changes

Copilot reviewed 15 out of 15 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
pkg/consts/constants.go	Adds new owner annotation constant
controllers/suite_test.go	Updates test setup to skip name validation
controllers/sriovnetwork_controller_test.go	Adds test for finalizer removal during migration
controllers/generic_network_controller_test.go	Comprehensive tests for owner annotation functionality
controllers/generic_network_controller.go	Main controller logic changes for annotation-based ownership
bindata/manifests/cni-config/	Updates templates to include owner annotations
api/v1/testdata/	Updates test expectations for owner annotations
api/v1/helper_test.go	Improves test assertions and adds metadata
api/v1/helper.go	Implements owner reference string conversion functions

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[adrianchiris]

for network CR instances that are in the operator namespace and point to a different namespace, are we relying on garbageCollect to clean them ?

i think the approach is problematic, since we are removing finalizers at L97, once the object is deleted, it will be removed from k8s API. if for some reason garbage collect fails and controller is restarted we will never retry.

then we rely on the next delete event to trigger garbage collect (which might take a while or never come ?)

i wonder if we should just keep finalizers on network CR instances or at least for those in the operator namespace then we explicitly delete what we need.

[zeeke]

sounds good. The first commit is about adding the owner-ref annotation and ensure 2 NetworkObject are not clashing on the same NetAttachDef. The second commit is about using the owner-ref annotation on the netattachdef instead of networkobject's finalizers, which I was a sort of bonus change.

I'm dropping the second commit to focus this PR on having the owner-ref annotation. We can discuss about dropping the finalizers later, if needed

[SchSeba]

LGTM

just a small nit, not blocking

[SchSeba]

just nit we can use default here instead of the return right?

[zeeke]

this commit has been dropped:
#897 (comment)

it was about replacing finalizers delete flow with another based on garbage collecting. Now this PR only avoids multiple network objects overrides the same netAttachDef

[SchSeba]

just a quick question if we have !equality.Semantic.DeepEqual(found.GetAnnotations(), netAttDef.GetAnnotations() below do we still need this validation here?

[zeeke]

yes, we do:

in case we have:

kind: NetworkAttachmentDefinition
metadata:
  name: foo
  namespace: foo-ns
  annotations:
     owner-ref: SriovNetwork/sriov-operator-ns/foo
spec:
  <sriov cni config>

which comes from an SriovNetwork in the sriov-operator-ns namespace

when reconciling another network object:

kind: SriovNetwork
metadata:
  name: foo
  namespace: foo-ns
spec: ...

the generated net-attach-def has owner-ref: SriovNetwork/foo-ns/foo, which would make the condition !equality.Semantic.DeepEqual(found.GetAnnotations(), netAttDef.GetAnnotations() true and the netAttachDef woudl be overridden.

The policy, as of now, is the first reconciler networkobject is the owner

[SchSeba]

Great work!

Merging this one