Skip to content

Commit

Permalink
add switch for gateway connectivity check
Browse files Browse the repository at this point in the history
  • Loading branch information
zhangzujian committed Jul 22, 2021
1 parent 6c97dc3 commit fcdb010
Show file tree
Hide file tree
Showing 9 changed files with 108 additions and 21 deletions.
2 changes: 2 additions & 0 deletions dist/images/install-pre-1.16.sh
Original file line number Diff line number Diff line change
Expand Up @@ -515,6 +515,8 @@ spec:
type: string
underlayGateway:
type: boolean
disableGatewayCheck:
type: boolean
disableInterConnection:
type: boolean
---
Expand Down
2 changes: 2 additions & 0 deletions dist/images/install.sh
Original file line number Diff line number Diff line change
Expand Up @@ -542,6 +542,8 @@ spec:
type: string
underlayGateway:
type: boolean
disableGatewayCheck:
type: boolean
disableInterConnection:
type: boolean
scope: Cluster
Expand Down
1 change: 1 addition & 0 deletions pkg/apis/kubeovn/v1/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,7 @@ type SubnetSpec struct {
Vlan string `json:"vlan,omitempty"`
UnderlayGateway bool `json:"underlayGateway"`

DisableGatewayCheck bool `json:"disableGatewayCheck"`
DisableInterConnection bool `json:"disableInterConnection"`
}

Expand Down
18 changes: 6 additions & 12 deletions pkg/daemon/gateway.go
Original file line number Diff line number Diff line change
Expand Up @@ -168,26 +168,20 @@ func (c *Controller) setPolicyRouting() error {
return nil
}

func (c *Controller) addEgressConfig(subnet, ip string) error {
podSubnet, err := c.subnetsLister.Get(subnet)
if err != nil {
klog.Errorf("get subnet %s failed, %+v", subnet, err)
return err
}

if podSubnet.Spec.GatewayType != kubeovnv1.GWDistributedType ||
podSubnet.Spec.Vpc != util.DefaultVpc {
func (c *Controller) addEgressConfig(subnet *kubeovnv1.Subnet, ip string) error {
if subnet.Spec.GatewayType != kubeovnv1.GWDistributedType ||
subnet.Spec.Vpc != util.DefaultVpc {
return nil
}

podIPs := strings.Split(ip, ",")
protocol := util.CheckProtocol(ip)
if podSubnet.Spec.NatOutgoing {
if subnet.Spec.NatOutgoing {
c.addIPSetMembers(LocalPodSet, protocol, podIPs)
return nil
}
if podSubnet.Spec.ExternalEgressGateway != "" {
return c.addPodPolicyRouting(protocol, podSubnet.Spec.ExternalEgressGateway, podSubnet.Spec.PolicyRoutingPriority, podSubnet.Spec.PolicyRoutingTableID, podIPs)
if subnet.Spec.ExternalEgressGateway != "" {
return c.addPodPolicyRouting(protocol, subnet.Spec.ExternalEgressGateway, subnet.Spec.PolicyRoutingPriority, subnet.Spec.PolicyRoutingTableID, podIPs)
}

return nil
Expand Down
16 changes: 13 additions & 3 deletions pkg/daemon/handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,16 @@ func (csh cniServerHandler) handleAdd(req *restful.Request, resp *restful.Respon
}

if strings.HasSuffix(podRequest.Provider, util.OvnProvider) && subnet != "" {
podSubnet, err := csh.Controller.subnetsLister.Get(subnet)
if err != nil {
errMsg := fmt.Errorf("failed to get subnet %s: %v", subnet, err)
klog.Error(errMsg)
if err = resp.WriteHeaderAndEntity(http.StatusInternalServerError, request.CniResponse{Err: errMsg.Error()}); err != nil {
klog.Errorf("failed to write response: %v", err)
}
return
}

var mtu int
if providerNetwork != "" {
node, err := csh.Controller.nodesLister.Get(csh.Config.NodeName)
Expand Down Expand Up @@ -167,10 +177,10 @@ func (csh cniServerHandler) handleAdd(req *restful.Request, resp *restful.Respon
nsArray := strings.Split(netns, "/")
podNetns := nsArray[len(nsArray)-1]
if nicType == util.InternalType {
podNicName, err = csh.configureNicWithInternalPort(podRequest.PodName, podRequest.PodNamespace, podRequest.Provider, podRequest.NetNs, podRequest.ContainerID, ifName, macAddr, mtu, ipAddr, gw, ingress, egress, vlanID, podRequest.DeviceID, nicType, podNetns)
podNicName, err = csh.configureNicWithInternalPort(podRequest.PodName, podRequest.PodNamespace, podRequest.Provider, podRequest.NetNs, podRequest.ContainerID, ifName, macAddr, mtu, ipAddr, gw, ingress, egress, vlanID, podRequest.DeviceID, nicType, podNetns, !podSubnet.Spec.DisableGatewayCheck)
} else {
podNicName = ifName
err = csh.configureNic(podRequest.PodName, podRequest.PodNamespace, podRequest.Provider, podRequest.NetNs, podRequest.ContainerID, podRequest.VfDriver, ifName, macAddr, mtu, ipAddr, gw, ingress, egress, vlanID, podRequest.DeviceID, nicType, podNetns)
err = csh.configureNic(podRequest.PodName, podRequest.PodNamespace, podRequest.Provider, podRequest.NetNs, podRequest.ContainerID, podRequest.VfDriver, ifName, macAddr, mtu, ipAddr, gw, ingress, egress, vlanID, podRequest.DeviceID, nicType, podNetns, !podSubnet.Spec.DisableGatewayCheck)
}
if err != nil {
errMsg := fmt.Errorf("configure nic failed %v", err)
Expand All @@ -181,7 +191,7 @@ func (csh cniServerHandler) handleAdd(req *restful.Request, resp *restful.Respon
return
}

if err = csh.Controller.addEgressConfig(subnet, ip); err != nil {
if err = csh.Controller.addEgressConfig(podSubnet, ip); err != nil {
errMsg := fmt.Errorf("failed to add egress configuration: %v", err)
klog.Error(errMsg)
if err = resp.WriteHeaderAndEntity(http.StatusInternalServerError, request.CniResponse{Err: errMsg.Error()}); err != nil {
Expand Down
16 changes: 10 additions & 6 deletions pkg/daemon/ovs.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ import (
"github.com/kubeovn/kube-ovn/pkg/util"
)

func (csh cniServerHandler) configureNic(podName, podNamespace, provider, netns, containerID, vfDriver, ifName, mac string, mtu int, ip, gateway, ingress, egress, vlanID, DeviceID, nicType, podNetns string) error {
func (csh cniServerHandler) configureNic(podName, podNamespace, provider, netns, containerID, vfDriver, ifName, mac string, mtu int, ip, gateway, ingress, egress, vlanID, DeviceID, nicType, podNetns string, checkGw bool) error {
var err error
var hostNicName, containerNicName string
if DeviceID == "" {
Expand Down Expand Up @@ -74,7 +74,7 @@ func (csh cniServerHandler) configureNic(podName, podNamespace, provider, netns,
if err != nil {
return fmt.Errorf("failed to open netns %q: %v", netns, err)
}
if err = configureContainerNic(containerNicName, ifName, ip, gateway, macAddr, podNS, mtu, nicType); err != nil {
if err = configureContainerNic(containerNicName, ifName, ip, gateway, macAddr, podNS, mtu, nicType, checkGw); err != nil {
return err
}
return nil
Expand Down Expand Up @@ -157,7 +157,7 @@ func configureHostNic(nicName, vlanID string) error {
return nil
}

func configureContainerNic(nicName, ifName string, ipAddr, gateway string, macAddr net.HardwareAddr, netns ns.NetNS, mtu int, nicType string) error {
func configureContainerNic(nicName, ifName string, ipAddr, gateway string, macAddr net.HardwareAddr, netns ns.NetNS, mtu int, nicType string, checkGw bool) error {
containerLink, err := netlink.LinkByName(nicName)
if err != nil {
return fmt.Errorf("can not find container nic %s %v", nicName, err)
Expand Down Expand Up @@ -254,7 +254,11 @@ func configureContainerNic(nicName, ifName string, ipAddr, gateway string, macAd
return fmt.Errorf("config gateway failed %v", err)
}

return waitNetworkReady(gateway)
if checkGw {
return waitNetworkReady(gateway)
}

return nil
})
}

Expand Down Expand Up @@ -852,7 +856,7 @@ func renameLink(curName, newName string) error {
return nil
}

func (csh cniServerHandler) configureNicWithInternalPort(podName, podNamespace, provider, netns, containerID, ifName, mac string, mtu int, ip, gateway, ingress, egress, vlanID, DeviceID, nicType, podNetns string) (string, error) {
func (csh cniServerHandler) configureNicWithInternalPort(podName, podNamespace, provider, netns, containerID, ifName, mac string, mtu int, ip, gateway, ingress, egress, vlanID, DeviceID, nicType, podNetns string, checkGw bool) (string, error) {
var err error

_, containerNicName := generateNicName(containerID, ifName)
Expand Down Expand Up @@ -886,7 +890,7 @@ func (csh cniServerHandler) configureNicWithInternalPort(podName, podNamespace,
if err != nil {
return containerNicName, fmt.Errorf("failed to open netns %q: %v", netns, err)
}
if err = configureContainerNic(containerNicName, ifName, ip, gateway, macAddr, podNS, mtu, nicType); err != nil {
if err = configureContainerNic(containerNicName, ifName, ip, gateway, macAddr, podNS, mtu, nicType, checkGw); err != nil {
return containerNicName, err
}
return containerNicName, nil
Expand Down
70 changes: 70 additions & 0 deletions test/e2e/subnet/normal.go
Original file line number Diff line number Diff line change
Expand Up @@ -577,4 +577,74 @@ var _ = Describe("[Subnet]", func() {
}
})
})

Describe("Disable Gateway Check", func() {
It("disable gateway check", func() {
name := f.GetName()

By("create namespace")
namespace := &corev1.Namespace{
ObjectMeta: metav1.ObjectMeta{
Name: name,
Labels: map[string]string{"e2e": "true"},
},
}
_, err := f.KubeClientSet.CoreV1().Namespaces().Create(context.Background(), namespace, metav1.CreateOptions{})
Expect(err).NotTo(HaveOccurred())

By("create subnet")
subnet := &kubeovn.Subnet{
ObjectMeta: metav1.ObjectMeta{
Name: name,
Labels: map[string]string{"e2e": "true"},
},
Spec: kubeovn.SubnetSpec{
CIDRBlock: "11.17.0.0/16",
Namespaces: []string{namespace.Name},
UnderlayGateway: true,
DisableGatewayCheck: true,
},
}
_, err = f.OvnClientSet.KubeovnV1().Subnets().Create(context.Background(), subnet, metav1.CreateOptions{})
Expect(err).NotTo(HaveOccurred())

By("validate subnet")
err = f.WaitSubnetReady(subnet.Name)
Expect(err).NotTo(HaveOccurred())

By("create pod")
pod := &corev1.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: name,
Namespace: namespace.Name,
},
Spec: corev1.PodSpec{
Containers: []corev1.Container{
{
Name: name,
Image: "kubeovn/pause:3.2",
ImagePullPolicy: corev1.PullIfNotPresent,
},
},
},
}
_, err = f.KubeClientSet.CoreV1().Pods(pod.Namespace).Create(context.Background(), pod, metav1.CreateOptions{})
Expect(err).NotTo(HaveOccurred())

_, err = f.WaitPodReady(pod.Name, pod.Namespace)
Expect(err).NotTo(HaveOccurred())

By("delete pod")
err = f.KubeClientSet.CoreV1().Pods(pod.Namespace).Delete(context.Background(), pod.Name, metav1.DeleteOptions{})
Expect(err).NotTo(HaveOccurred())

By("delete subnet")
err = f.OvnClientSet.KubeovnV1().Subnets().Delete(context.Background(), subnet.Name, metav1.DeleteOptions{})
Expect(err).NotTo(HaveOccurred())

By("delete namespace")
err = f.KubeClientSet.CoreV1().Namespaces().Delete(context.Background(), namespace.Name, metav1.DeleteOptions{})
Expect(err).NotTo(HaveOccurred())
})
})
})
2 changes: 2 additions & 0 deletions yamls/crd-pre-1.16.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -198,6 +198,8 @@ spec:
type: string
underlayGateway:
type: boolean
disableGatewayCheck:
type: boolean
disableInterConnection:
type: boolean
---
Expand Down
2 changes: 2 additions & 0 deletions yamls/crd.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -216,6 +216,8 @@ spec:
type: string
underlayGateway:
type: boolean
disableGatewayCheck:
type: boolean
disableInterConnection:
type: boolean
scope: Cluster
Expand Down

0 comments on commit fcdb010

Please sign in to comment.