Update the kubeovn_deny_all security group after the virtual machine … (#5831)

* Update the kubeovn_deny_all security group after the virtual machine is unbound from all security groups

Signed-off-by: zhoujian05 <[email protected]>

* Update pkg/controller/security_group.go

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Signed-off-by: zhoujian05 <[email protected]>

---------

Signed-off-by: zhoujian05 <[email protected]>
Co-authored-by: zhoujian05 <[email protected]>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
(cherry picked from commit 638d31d)

Author: 3 people

pkg/controller/security_group.go

@@ -369,6 +369,9 @@ func (c *Controller) syncSgLogicalPort(key string) error {
 	if err != nil {
 		if k8serrors.IsNotFound(err) {
 			klog.Warningf("no security group %s", key)
+			// The security group is gone, trigger an update of the deny-all security group
+			// to re-evaluate which ports should be included.
+			c.addOrUpdateSgQueue.Add(util.DenyAllSecurityGroup)
 			return nil
 		}
 		klog.Errorf("failed to get security group %s: %v", key, err)