CNI not setting the Flags in endpoint policies to use IPV6 in case of DualStack cluster #1986
Description
What happened:
In a DualStack Cluster, the HostPortMapping feature is not working only for IPV6.
Root cause is, CNI is not setting the flags in following code to use NatFlagsIPv6 while creating endpoint policy.
rawPolicy, _ := json.Marshal(&hnsv2.PortMappingPolicySetting{
ExternalPort: uint16(mapping.HostPort),
InternalPort: uint16(mapping.ContainerPort),
VIP: mapping.HostIp,
Protocol: protocol,
**Flags: hnsv2.NatFlagsLocalRoutedVip,**
})
Without the Ipv6 enum being set, Hns considers it as not an IPV6 portmapping and creates Hairpin rules only for IPV4.
What you expected to happen:
Once the IPV6 flag is set for endpoint policy creation, HNS will use the flag to plumb Hairpin policy for IPV6 as well.
This will enable the HostPortMapping feature for IPV6 as well in dualstack.
How to reproduce it:
- Create 2 node cluster
- Create a pod with following yaml
apiVersion: v1
kind: Pod
metadata:
name: tcpserver-hostport
namespace: demo
spec:
containers:
- name: tcpserver-hostport
image: princepereira/tcp-client-server:WS2022
command: ["server.exe", "-p", "4444", "-pr", "All", "-swt", "5", "-awt", "5"]
imagePullPolicy: Always
ports:
- containerPort: 4444
hostPort: 4488
terminationGracePeriodSeconds: 1000
nodeSelector:
kubernetes.io/os: windows
- Connect to the pod from the neighbouring node with HostPort and IPV6, IPv4 node Ips
- Connectivity will work only for IPV4
Orchestrator and Version (e.g. Kubernetes, Docker):
Kubernetes : 1.26.3
Containerd
Operating System (Linux/Windows):
Windows
Kernel (e.g. uanme -a for Linux or $(Get-ItemProperty -Path "C:\windows\system32\hal.dll").VersionInfo.FileVersion for Windows):
10.0.20348.558 (WinBuild.160101.0800)
Anything else we need to know?:
[Miscellaneous information that will assist in solving the issue.]