From 032c97daee409021e7fdc348a76534fcfb913f2a Mon Sep 17 00:00:00 2001 From: Lantao Liu Date: Tue, 17 Sep 2019 11:05:17 -0700 Subject: [PATCH] Only set ipv4/ipv6 routes when there is corresponding CIDR. Signed-off-by: Lantao Liu --- .../network/kubenet/kubenet_linux.go | 30 +++++++++++++++---- .../network/kubenet/kubenet_linux_test.go | 30 +++++++++++++++++++ 2 files changed, 55 insertions(+), 5 deletions(-) diff --git a/pkg/kubelet/dockershim/network/kubenet/kubenet_linux.go b/pkg/kubelet/dockershim/network/kubenet/kubenet_linux.go index 8e8dc4accac..0575a434df8 100644 --- a/pkg/kubelet/dockershim/network/kubenet/kubenet_linux.go +++ b/pkg/kubelet/dockershim/network/kubenet/kubenet_linux.go @@ -80,10 +80,7 @@ const ( "ipam": { "type": "host-local", "ranges": [%s], - "routes": [ - { "dst": "%s" }, - { "dst": "%s" } - ] + "routes": [%s] } }` ) @@ -283,7 +280,7 @@ func (plugin *kubenetNetworkPlugin) Event(name string, details map[string]interf //setup hairpinMode setHairpin := plugin.hairpinMode == kubeletconfig.HairpinVeth - json := fmt.Sprintf(NET_CONFIG_TEMPLATE, BridgeName, plugin.mtu, network.DefaultInterfaceName, setHairpin, plugin.getRangesConfig(), zeroCIDRv4, zeroCIDRv6) + json := fmt.Sprintf(NET_CONFIG_TEMPLATE, BridgeName, plugin.mtu, network.DefaultInterfaceName, setHairpin, plugin.getRangesConfig(), plugin.getRoutesConfig()) klog.V(4).Infof("CNI network config set to %v", json) plugin.netConfig, err = libcni.ConfFromBytes([]byte(json)) if err != nil { @@ -844,6 +841,29 @@ func (plugin *kubenetNetworkPlugin) getRangesConfig() string { return strings.Join(ranges[:], ",") } +// given a n cidrs assigned to nodes, +// create bridge routes configuration that conforms to them +func (plugin *kubenetNetworkPlugin) getRoutesConfig() string { + var ( + routes []string + hasV4, hasV6 bool + ) + for _, thisCIDR := range plugin.podCIDRs { + if thisCIDR.IP.To4() != nil { + hasV4 = true + } else { + hasV6 = true + } + } + if hasV4 { + routes = append(routes, fmt.Sprintf(`{"dst": "%s"}`, zeroCIDRv4)) + } + if hasV6 { + routes = append(routes, fmt.Sprintf(`{"dst": "%s"}`, zeroCIDRv6)) + } + return strings.Join(routes, ",") +} + func (plugin *kubenetNetworkPlugin) addPodIP(id kubecontainer.ContainerID, ip string) { plugin.mu.Lock() defer plugin.mu.Unlock() diff --git a/pkg/kubelet/dockershim/network/kubenet/kubenet_linux_test.go b/pkg/kubelet/dockershim/network/kubenet/kubenet_linux_test.go index bfe5eadf170..2ef3475bff3 100644 --- a/pkg/kubelet/dockershim/network/kubenet/kubenet_linux_test.go +++ b/pkg/kubelet/dockershim/network/kubenet/kubenet_linux_test.go @@ -18,6 +18,7 @@ package kubenet import ( "fmt" + "net" "strings" "testing" @@ -312,4 +313,33 @@ func TestTearDownWithoutRuntime(t *testing.T) { } } +func TestGetRoutesConifg(t *testing.T) { + for _, test := range []struct { + cidrs []string + routes string + }{ + { + cidrs: []string{"10.0.0.1/24"}, + routes: `{"dst": "0.0.0.0/0"}`, + }, + { + cidrs: []string{"2001:4860:4860::8888/32"}, + routes: `{"dst": "::/0"}`, + }, + { + cidrs: []string{"2001:4860:4860::8888/32", "10.0.0.1/24"}, + routes: `{"dst": "0.0.0.0/0"},{"dst": "::/0"}`, + }, + } { + var cidrs []*net.IPNet + for _, c := range test.cidrs { + _, cidr, err := net.ParseCIDR(c) + assert.NoError(t, err) + cidrs = append(cidrs, cidr) + } + fakeKubenet := &kubenetNetworkPlugin{podCIDRs: cidrs} + assert.Equal(t, test.routes, fakeKubenet.getRoutesConfig()) + } +} + //TODO: add unit test for each implementation of network plugin interface