Merge pull request #29009 from bboreham/hairpin-via-cni

Automatic merge from submit-queue Use the CNI bridge plugin to set hairpin mode Following up this part of #23711: > I'd like to wait until containernetworking/cni#175 lands and then just pass the request through to CNI. The code here just * passes the required setting down from kubenet to CNI * disables `DockerManager` from doing hairpin-veth, if kubenet is in use Note to test you need a very recent version of the CNI `bridge` plugin; the one brought in by #28799 should be OK. Also relates to https://github.com/kubernetes/kubernetes/issues/19766#issuecomment-232722864
2025-07-30 23:15:14 +00:00 · 2016-07-31 10:08:06 -07:00 · 2016-07-31 10:08:06 -07:00 · 63602348a4
commit 63602348a4
parent 6ae6450a39 f21d2dde5a
2 changed files with 10 additions and 2 deletions
--- a/pkg/kubelet/kubelet.go
+++ b/pkg/kubelet/kubelet.go
@ -434,7 +434,13 @@ func NewMainKubelet(
 			imageBackOff,
 			serializeImagePulls,
 			enableCustomMetrics,
-			klet.hairpinMode == componentconfig.HairpinVeth,
+			// If using "kubenet", the Kubernetes network plugin that wraps
+			// CNI's bridge plugin, it knows how to set the hairpin veth flag
+			// so we tell the container runtime to back away from setting it.
+			// If the kubelet is started with any other plugin we can't be
+			// sure it handles the hairpin case so we instruct the docker
+			// runtime to set the flag instead.
+			klet.hairpinMode == componentconfig.HairpinVeth && networkPluginName != "kubenet",
 			seccompProfileRoot,
 			containerRuntimeOptions...,
 		)
--- a/pkg/kubelet/network/kubenet/kubenet_linux.go
+++ b/pkg/kubelet/network/kubenet/kubenet_linux.go
@ -186,6 +186,7 @@ const NET_CONFIG_TEMPLATE = `{
  "addIf": "%s",
  "isGateway": true,
  "ipMasq": false,
+  "hairpin": "%t",
  "ipam": {
    "type": "host-local",
    "subnet": "%s",
@ -218,10 +219,11 @@ func (plugin *kubenetNetworkPlugin) Event(name string, details map[string]interf
 	glog.V(5).Infof("PodCIDR is set to %q", podCIDR)
 	_, cidr, err := net.ParseCIDR(podCIDR)
 	if err == nil {
+		setHairpin := plugin.hairpinMode == componentconfig.HairpinVeth
 		// Set bridge address to first address in IPNet
 		cidr.IP.To4()[3] += 1

-		json := fmt.Sprintf(NET_CONFIG_TEMPLATE, BridgeName, plugin.MTU, network.DefaultInterfaceName, podCIDR, cidr.IP.String())
+		json := fmt.Sprintf(NET_CONFIG_TEMPLATE, BridgeName, plugin.MTU, network.DefaultInterfaceName, setHairpin, podCIDR, cidr.IP.String())
 		glog.V(2).Infof("CNI network config set to %v", json)
 		plugin.netConfig, err = libcni.ConfFromBytes([]byte(json))
 		if err == nil {