diff --git a/pkg/kubelet/dockershim/network/kubenet/kubenet_linux.go b/pkg/kubelet/dockershim/network/kubenet/kubenet_linux.go index df6145a50bb..d65902dacbe 100644 --- a/pkg/kubelet/dockershim/network/kubenet/kubenet_linux.go +++ b/pkg/kubelet/dockershim/network/kubenet/kubenet_linux.go @@ -79,10 +79,7 @@ const ( "ipam": { "type": "host-local", "ranges": [%s], - "routes": [ - { "dst": "%s" }, - { "dst": "%s" } - ] + "routes": [%s] } }` ) @@ -281,7 +278,7 @@ func (plugin *kubenetNetworkPlugin) Event(name string, details map[string]interf //setup hairpinMode setHairpin := plugin.hairpinMode == kubeletconfig.HairpinVeth - json := fmt.Sprintf(NET_CONFIG_TEMPLATE, BridgeName, plugin.mtu, network.DefaultInterfaceName, setHairpin, plugin.getRangesConfig(), zeroCIDRv4, zeroCIDRv6) + json := fmt.Sprintf(NET_CONFIG_TEMPLATE, BridgeName, plugin.mtu, network.DefaultInterfaceName, setHairpin, plugin.getRangesConfig(), plugin.getRoutesConfig()) klog.V(4).Infof("CNI network config set to %v", json) plugin.netConfig, err = libcni.ConfFromBytes([]byte(json)) if err != nil { @@ -842,6 +839,29 @@ func (plugin *kubenetNetworkPlugin) getRangesConfig() string { return strings.Join(ranges[:], ",") } +// given a n cidrs assigned to nodes, +// create bridge routes configuration that conforms to them +func (plugin *kubenetNetworkPlugin) getRoutesConfig() string { + var ( + routes []string + hasV4, hasV6 bool + ) + for _, thisCIDR := range plugin.podCIDRs { + if thisCIDR.IP.To4() != nil { + hasV4 = true + } else { + hasV6 = true + } + } + if hasV4 { + routes = append(routes, fmt.Sprintf(`{"dst": "%s"}`, zeroCIDRv4)) + } + if hasV6 { + routes = append(routes, fmt.Sprintf(`{"dst": "%s"}`, zeroCIDRv6)) + } + return strings.Join(routes, ",") +} + func (plugin *kubenetNetworkPlugin) addPodIP(id kubecontainer.ContainerID, ip string) { plugin.mu.Lock() defer plugin.mu.Unlock() diff --git a/pkg/kubelet/dockershim/network/kubenet/kubenet_linux_test.go b/pkg/kubelet/dockershim/network/kubenet/kubenet_linux_test.go index bfe5eadf170..2ef3475bff3 100644 --- a/pkg/kubelet/dockershim/network/kubenet/kubenet_linux_test.go +++ b/pkg/kubelet/dockershim/network/kubenet/kubenet_linux_test.go @@ -18,6 +18,7 @@ package kubenet import ( "fmt" + "net" "strings" "testing" @@ -312,4 +313,33 @@ func TestTearDownWithoutRuntime(t *testing.T) { } } +func TestGetRoutesConifg(t *testing.T) { + for _, test := range []struct { + cidrs []string + routes string + }{ + { + cidrs: []string{"10.0.0.1/24"}, + routes: `{"dst": "0.0.0.0/0"}`, + }, + { + cidrs: []string{"2001:4860:4860::8888/32"}, + routes: `{"dst": "::/0"}`, + }, + { + cidrs: []string{"2001:4860:4860::8888/32", "10.0.0.1/24"}, + routes: `{"dst": "0.0.0.0/0"},{"dst": "::/0"}`, + }, + } { + var cidrs []*net.IPNet + for _, c := range test.cidrs { + _, cidr, err := net.ParseCIDR(c) + assert.NoError(t, err) + cidrs = append(cidrs, cidr) + } + fakeKubenet := &kubenetNetworkPlugin{podCIDRs: cidrs} + assert.Equal(t, test.routes, fakeKubenet.getRoutesConfig()) + } +} + //TODO: add unit test for each implementation of network plugin interface