Support configurable network interface CIDRs for Pod traffic across N…

…ode (#2704)

Antrea Agent uses the configurable CIDRs for Pod traffic. The IP address
used for tunneling or routing traffic to remote Nodes is decided in the
following order of preference (from highest to lowest):
1. TransportInterface
2. TransportInterfaceCIDRs
3. The Node Internal IP or External IP

Signed-off-by: Wu zhengdong <zhengdong.wu@transwarp.io>

build/yamls/antrea-aks.yml

@@ -3919,10 +3919,23 @@ data:
     #tlsMinVersion:
 
     # The name of the interface on Node which is used for tunneling or routing the traffic across Nodes.
-    # If there are multiple IP addresses configured on the interface, the first one is used.
-    # The interface configured with Node IP is used if this parameter is not set.
+    # If there are multiple IP addresses configured on the interface, the first one is used. The IP
+    # address used for tunneling or routing traffic to remote Nodes is decided in the following order of
+    # preference (from highest to lowest):
+    # 1. transportInterface
+    # 2. transportInterfaceCIDRs
+    # 3. The Node IP
     #transportInterface:
 
+    # The network CIDRs of the interface on Node which is used for tunneling or routing the traffic across
+    # Nodes. If there are multiple interfaces configured the same network CIDR, the first one is used. The
+    # IP address used for tunneling or routing traffic to remote Nodes is decided in the following order of
+    # preference (from highest to lowest):
+    # 1. transportInterface
+    # 2. transportInterfaceCIDRs
+    # 3. The Node IP
+    #transportInterfaceCIDRs: [<IPv4 CIDR>,<IPv6 CIDR>]
+
     # Option antreaProxy contains AntreaProxy related configuration options.
     antreaProxy:
       # ProxyAll tells antrea-agent to proxy all Service traffic, including NodePort, LoadBalancer, and ClusterIP traffic,
@@ -4041,7 +4054,7 @@ metadata:
   annotations: {}
   labels:
     app: antrea
-  name: antrea-config-2cg6khh44b
+  name: antrea-config-dtc759g79k
   namespace: kube-system
 ---
 apiVersion: v1
@@ -4112,7 +4125,7 @@ spec:
             fieldRef:
               fieldPath: spec.serviceAccountName
         - name: ANTREA_CONFIG_MAP_NAME
-          value: antrea-config-2cg6khh44b
+          value: antrea-config-dtc759g79k
         image: projects.registry.vmware.com/antrea/antrea-ubuntu:latest
         imagePullPolicy: IfNotPresent
         livenessProbe:
@@ -4163,7 +4176,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-2cg6khh44b
+          name: antrea-config-dtc759g79k
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -4444,7 +4457,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-2cg6khh44b
+          name: antrea-config-dtc759g79k
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

build/yamls/antrea-eks.yml

@@ -3919,10 +3919,23 @@ data:
     #tlsMinVersion:
 
     # The name of the interface on Node which is used for tunneling or routing the traffic across Nodes.
-    # If there are multiple IP addresses configured on the interface, the first one is used.
-    # The interface configured with Node IP is used if this parameter is not set.
+    # If there are multiple IP addresses configured on the interface, the first one is used. The IP
+    # address used for tunneling or routing traffic to remote Nodes is decided in the following order of
+    # preference (from highest to lowest):
+    # 1. transportInterface
+    # 2. transportInterfaceCIDRs
+    # 3. The Node IP
     #transportInterface:
 
+    # The network CIDRs of the interface on Node which is used for tunneling or routing the traffic across
+    # Nodes. If there are multiple interfaces configured the same network CIDR, the first one is used. The
+    # IP address used for tunneling or routing traffic to remote Nodes is decided in the following order of
+    # preference (from highest to lowest):
+    # 1. transportInterface
+    # 2. transportInterfaceCIDRs
+    # 3. The Node IP
+    #transportInterfaceCIDRs: [<IPv4 CIDR>,<IPv6 CIDR>]
+
     # Option antreaProxy contains AntreaProxy related configuration options.
     antreaProxy:
       # ProxyAll tells antrea-agent to proxy all Service traffic, including NodePort, LoadBalancer, and ClusterIP traffic,
@@ -4041,7 +4054,7 @@ metadata:
   annotations: {}
   labels:
     app: antrea
-  name: antrea-config-2cg6khh44b
+  name: antrea-config-dtc759g79k
   namespace: kube-system
 ---
 apiVersion: v1
@@ -4112,7 +4125,7 @@ spec:
             fieldRef:
               fieldPath: spec.serviceAccountName
         - name: ANTREA_CONFIG_MAP_NAME
-          value: antrea-config-2cg6khh44b
+          value: antrea-config-dtc759g79k
         image: projects.registry.vmware.com/antrea/antrea-ubuntu:latest
         imagePullPolicy: IfNotPresent
         livenessProbe:
@@ -4163,7 +4176,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-2cg6khh44b
+          name: antrea-config-dtc759g79k
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -4446,7 +4459,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-2cg6khh44b
+          name: antrea-config-dtc759g79k
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

build/yamls/antrea-gke.yml

@@ -3919,10 +3919,23 @@ data:
     #tlsMinVersion:
 
     # The name of the interface on Node which is used for tunneling or routing the traffic across Nodes.
-    # If there are multiple IP addresses configured on the interface, the first one is used.
-    # The interface configured with Node IP is used if this parameter is not set.
+    # If there are multiple IP addresses configured on the interface, the first one is used. The IP
+    # address used for tunneling or routing traffic to remote Nodes is decided in the following order of
+    # preference (from highest to lowest):
+    # 1. transportInterface
+    # 2. transportInterfaceCIDRs
+    # 3. The Node IP
     #transportInterface:
 
+    # The network CIDRs of the interface on Node which is used for tunneling or routing the traffic across
+    # Nodes. If there are multiple interfaces configured the same network CIDR, the first one is used. The
+    # IP address used for tunneling or routing traffic to remote Nodes is decided in the following order of
+    # preference (from highest to lowest):
+    # 1. transportInterface
+    # 2. transportInterfaceCIDRs
+    # 3. The Node IP
+    #transportInterfaceCIDRs: [<IPv4 CIDR>,<IPv6 CIDR>]
+
     # Option antreaProxy contains AntreaProxy related configuration options.
     antreaProxy:
       # ProxyAll tells antrea-agent to proxy all Service traffic, including NodePort, LoadBalancer, and ClusterIP traffic,
@@ -4041,7 +4054,7 @@ metadata:
   annotations: {}
   labels:
     app: antrea
-  name: antrea-config-kh429k9mg7
+  name: antrea-config-65f7gf8456
   namespace: kube-system
 ---
 apiVersion: v1
@@ -4112,7 +4125,7 @@ spec:
             fieldRef:
               fieldPath: spec.serviceAccountName
         - name: ANTREA_CONFIG_MAP_NAME
-          value: antrea-config-kh429k9mg7
+          value: antrea-config-65f7gf8456
         image: projects.registry.vmware.com/antrea/antrea-ubuntu:latest
         imagePullPolicy: IfNotPresent
         livenessProbe:
@@ -4163,7 +4176,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-kh429k9mg7
+          name: antrea-config-65f7gf8456
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -4447,7 +4460,7 @@ spec:
           path: /home/kubernetes/bin
         name: host-cni-bin
       - configMap:
-          name: antrea-config-kh429k9mg7
+          name: antrea-config-65f7gf8456
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

build/yamls/antrea-ipsec.yml

@@ -3924,10 +3924,23 @@ data:
     #tlsMinVersion:
 
     # The name of the interface on Node which is used for tunneling or routing the traffic across Nodes.
-    # If there are multiple IP addresses configured on the interface, the first one is used.
-    # The interface configured with Node IP is used if this parameter is not set.
+    # If there are multiple IP addresses configured on the interface, the first one is used. The IP
+    # address used for tunneling or routing traffic to remote Nodes is decided in the following order of
+    # preference (from highest to lowest):
+    # 1. transportInterface
+    # 2. transportInterfaceCIDRs
+    # 3. The Node IP
     #transportInterface:
 
+    # The network CIDRs of the interface on Node which is used for tunneling or routing the traffic across
+    # Nodes. If there are multiple interfaces configured the same network CIDR, the first one is used. The
+    # IP address used for tunneling or routing traffic to remote Nodes is decided in the following order of
+    # preference (from highest to lowest):
+    # 1. transportInterface
+    # 2. transportInterfaceCIDRs
+    # 3. The Node IP
+    #transportInterfaceCIDRs: [<IPv4 CIDR>,<IPv6 CIDR>]
+
     # Option antreaProxy contains AntreaProxy related configuration options.
     antreaProxy:
       # ProxyAll tells antrea-agent to proxy all Service traffic, including NodePort, LoadBalancer, and ClusterIP traffic,
@@ -4046,7 +4059,7 @@ metadata:
   annotations: {}
   labels:
     app: antrea
-  name: antrea-config-f8ktc7gg2c
+  name: antrea-config-fcd8c2h5b5
   namespace: kube-system
 ---
 apiVersion: v1
@@ -4126,7 +4139,7 @@ spec:
             fieldRef:
               fieldPath: spec.serviceAccountName
         - name: ANTREA_CONFIG_MAP_NAME
-          value: antrea-config-f8ktc7gg2c
+          value: antrea-config-fcd8c2h5b5
         image: projects.registry.vmware.com/antrea/antrea-ubuntu:latest
         imagePullPolicy: IfNotPresent
         livenessProbe:
@@ -4177,7 +4190,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-f8ktc7gg2c
+          name: antrea-config-fcd8c2h5b5
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -4493,7 +4506,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-f8ktc7gg2c
+          name: antrea-config-fcd8c2h5b5
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

build/yamls/antrea-windows.yml

@@ -98,9 +98,22 @@ data:
     #trafficEncapMode: encap
 
     # The name of the interface on Node which is used for tunneling or routing the traffic across Nodes.
-    # If there are multiple IP addresses configured on the interface, the first one is used.
-    # The interface configured with Node IP is used if this parameter is not set.
+    # If there are multiple IP addresses configured on the interface, the first one is used. The IP
+    # address used for tunneling or routing traffic to remote Nodes is decided in the following order of
+    # preference (from highest to lowest):
+    # 1. transportInterface
+    # 2. transportInterfaceCIDRs
+    # 3. The Node IP
     #transportInterface:
+
+    # The network CIDRs of the interface on Node which is used for tunneling or routing the traffic across
+    # Nodes. If there are multiple interfaces configured the same network CIDR, the first one is used. The
+    # IP address used for tunneling or routing traffic to remote Nodes is decided in the following order of
+    # preference (from highest to lowest):
+    # 1. transportInterface
+    # 2. transportInterfaceCIDRs
+    # 3. The Node IP
+    #transportInterfaceCIDRs: [<IPv4 CIDR>,<IPv6 CIDR>]
   antrea-cni.conflist: |
     {
         "cniVersion":"0.3.0",
@@ -119,7 +132,7 @@ kind: ConfigMap
 metadata:
   labels:
     app: antrea
-  name: antrea-windows-config-74ctmgh7mf
+  name: antrea-windows-config-4hbbk65bdk
   namespace: kube-system
 ---
 apiVersion: apps/v1
@@ -207,7 +220,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-windows-config-74ctmgh7mf
+          name: antrea-windows-config-4hbbk65bdk
         name: antrea-windows-config
       - configMap:
           defaultMode: 420

build/yamls/antrea.yml

@@ -3924,10 +3924,23 @@ data:
     #tlsMinVersion:
 
     # The name of the interface on Node which is used for tunneling or routing the traffic across Nodes.
-    # If there are multiple IP addresses configured on the interface, the first one is used.
-    # The interface configured with Node IP is used if this parameter is not set.
+    # If there are multiple IP addresses configured on the interface, the first one is used. The IP
+    # address used for tunneling or routing traffic to remote Nodes is decided in the following order of
+    # preference (from highest to lowest):
+    # 1. transportInterface
+    # 2. transportInterfaceCIDRs
+    # 3. The Node IP
     #transportInterface:
 
+    # The network CIDRs of the interface on Node which is used for tunneling or routing the traffic across
+    # Nodes. If there are multiple interfaces configured the same network CIDR, the first one is used. The
+    # IP address used for tunneling or routing traffic to remote Nodes is decided in the following order of
+    # preference (from highest to lowest):
+    # 1. transportInterface
+    # 2. transportInterfaceCIDRs
+    # 3. The Node IP
+    #transportInterfaceCIDRs: [<IPv4 CIDR>,<IPv6 CIDR>]
+
     # Option antreaProxy contains AntreaProxy related configuration options.
     antreaProxy:
       # ProxyAll tells antrea-agent to proxy all Service traffic, including NodePort, LoadBalancer, and ClusterIP traffic,
@@ -4046,7 +4059,7 @@ metadata:
   annotations: {}
   labels:
     app: antrea
-  name: antrea-config-48bgbgd97b
+  name: antrea-config-dhb74b822t
   namespace: kube-system
 ---
 apiVersion: v1
@@ -4117,7 +4130,7 @@ spec:
             fieldRef:
               fieldPath: spec.serviceAccountName
         - name: ANTREA_CONFIG_MAP_NAME
-          value: antrea-config-48bgbgd97b
+          value: antrea-config-dhb74b822t
         image: projects.registry.vmware.com/antrea/antrea-ubuntu:latest
         imagePullPolicy: IfNotPresent
         livenessProbe:
@@ -4168,7 +4181,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-48bgbgd97b
+          name: antrea-config-dhb74b822t
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -4449,7 +4462,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-48bgbgd97b
+          name: antrea-config-dhb74b822t
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

build/yamls/base/conf/antrea-agent.conf

@@ -161,10 +161,23 @@ wireGuard:
 #tlsMinVersion:
 
 # The name of the interface on Node which is used for tunneling or routing the traffic across Nodes.
-# If there are multiple IP addresses configured on the interface, the first one is used.
-# The interface configured with Node IP is used if this parameter is not set.
+# If there are multiple IP addresses configured on the interface, the first one is used. The IP
+# address used for tunneling or routing traffic to remote Nodes is decided in the following order of
+# preference (from highest to lowest):
+# 1. transportInterface
+# 2. transportInterfaceCIDRs
+# 3. The Node IP
 #transportInterface:
 
+# The network CIDRs of the interface on Node which is used for tunneling or routing the traffic across
+# Nodes. If there are multiple interfaces configured the same network CIDR, the first one is used. The
+# IP address used for tunneling or routing traffic to remote Nodes is decided in the following order of
+# preference (from highest to lowest):
+# 1. transportInterface
+# 2. transportInterfaceCIDRs
+# 3. The Node IP
+#transportInterfaceCIDRs: [<IPv4 CIDR>,<IPv6 CIDR>]
+
 # Option antreaProxy contains AntreaProxy related configuration options.
 antreaProxy:
   # ProxyAll tells antrea-agent to proxy all Service traffic, including NodePort, LoadBalancer, and ClusterIP traffic,