Merge pull request #82800 from Random-Liu/fix-routes

Only set ipv4/ipv6 routes when there is corresponding CIDR.
2025-07-23 03:41:45 +00:00 · 2019-09-18 19:14:59 -07:00 · 2019-09-18 19:14:59 -07:00 · 4097a99fd7
commit 4097a99fd7
parent 652f4016d9 032c97daee
2 changed files with 55 additions and 5 deletions
--- a/pkg/kubelet/dockershim/network/kubenet/kubenet_linux.go
+++ b/pkg/kubelet/dockershim/network/kubenet/kubenet_linux.go
@ -79,10 +79,7 @@ const (
  "ipam": {
    "type": "host-local",
    "ranges": [%s],
-    "routes": [
-      { "dst": "%s" },
-      { "dst": "%s" }
-    ]
+    "routes": [%s]
  }
 }`
 )
@ -281,7 +278,7 @@ func (plugin *kubenetNetworkPlugin) Event(name string, details map[string]interf
 	//setup hairpinMode
 	setHairpin := plugin.hairpinMode == kubeletconfig.HairpinVeth

-	json := fmt.Sprintf(NET_CONFIG_TEMPLATE, BridgeName, plugin.mtu, network.DefaultInterfaceName, setHairpin, plugin.getRangesConfig(), zeroCIDRv4, zeroCIDRv6)
+	json := fmt.Sprintf(NET_CONFIG_TEMPLATE, BridgeName, plugin.mtu, network.DefaultInterfaceName, setHairpin, plugin.getRangesConfig(), plugin.getRoutesConfig())
 	klog.V(4).Infof("CNI network config set to %v", json)
 	plugin.netConfig, err = libcni.ConfFromBytes([]byte(json))
 	if err != nil {
@ -842,6 +839,29 @@ func (plugin *kubenetNetworkPlugin) getRangesConfig() string {
 	return strings.Join(ranges[:], ",")
 }

+// given a n cidrs assigned to nodes,
+// create bridge routes configuration that conforms to them
+func (plugin *kubenetNetworkPlugin) getRoutesConfig() string {
+	var (
+		routes       []string
+		hasV4, hasV6 bool
+	)
+	for _, thisCIDR := range plugin.podCIDRs {
+		if thisCIDR.IP.To4() != nil {
+			hasV4 = true
+		} else {
+			hasV6 = true
+		}
+	}
+	if hasV4 {
+		routes = append(routes, fmt.Sprintf(`{"dst": "%s"}`, zeroCIDRv4))
+	}
+	if hasV6 {
+		routes = append(routes, fmt.Sprintf(`{"dst": "%s"}`, zeroCIDRv6))
+	}
+	return strings.Join(routes, ",")
+}
+
 func (plugin *kubenetNetworkPlugin) addPodIP(id kubecontainer.ContainerID, ip string) {
 	plugin.mu.Lock()
 	defer plugin.mu.Unlock()
--- a/pkg/kubelet/dockershim/network/kubenet/kubenet_linux_test.go
+++ b/pkg/kubelet/dockershim/network/kubenet/kubenet_linux_test.go
@ -18,6 +18,7 @@ package kubenet

 import (
 	"fmt"
+	"net"
 	"strings"
 	"testing"

@ -312,4 +313,33 @@ func TestTearDownWithoutRuntime(t *testing.T) {
 	}
 }

+func TestGetRoutesConifg(t *testing.T) {
+	for _, test := range []struct {
+		cidrs  []string
+		routes string
+	}{
+		{
+			cidrs:  []string{"10.0.0.1/24"},
+			routes: `{"dst": "0.0.0.0/0"}`,
+		},
+		{
+			cidrs:  []string{"2001:4860:4860::8888/32"},
+			routes: `{"dst": "::/0"}`,
+		},
+		{
+			cidrs:  []string{"2001:4860:4860::8888/32", "10.0.0.1/24"},
+			routes: `{"dst": "0.0.0.0/0"},{"dst": "::/0"}`,
+		},
+	} {
+		var cidrs []*net.IPNet
+		for _, c := range test.cidrs {
+			_, cidr, err := net.ParseCIDR(c)
+			assert.NoError(t, err)
+			cidrs = append(cidrs, cidr)
+		}
+		fakeKubenet := &kubenetNetworkPlugin{podCIDRs: cidrs}
+		assert.Equal(t, test.routes, fakeKubenet.getRoutesConfig())
+	}
+}
+
 //TODO: add unit test for each implementation of network plugin interface