Skip to content

add v6 port mapping policy to dualstack overlay #1989

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 10 commits into from
Jun 8, 2023
Merged

add v6 port mapping policy to dualstack overlay #1989

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
7642f0e
cosmic v6 port mapping policy fix
paulyufan2 May 31, 2023
ae9211e
add fixes
paulyufan2 Jun 2, 2023
a2f521c
add TODO
paulyufan2 Jun 2, 2023
d369222
fix comments
paulyufan2 Jun 2, 2023
dea5a52
fix linter issue
paulyufan2 Jun 2, 2023
a39cf70
linter issue fix
paulyufan2 Jun 2, 2023
b5136e8
fix an UT
paulyufan2 Jun 2, 2023
c1ed85e
fix linter issue
paulyufan2 Jun 2, 2023
a7c204d
linter issue fix
paulyufan2 Jun 2, 2023
467be11
fix an UT flag
paulyufan2 Jun 7, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 5 additions & 6 deletions cni/network/network.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -637,14 +637,12 @@ func (plugin *NetPlugin) createNetworkInternal(
NetNs: ipamAddConfig.args.Netns,
Options: ipamAddConfig.options,
DisableHairpinOnHostInterface: ipamAddConfig.nwCfg.DisableHairpinOnHostInterface,
IPV6Mode: ipamAddConfig.nwCfg.IPV6Mode,
IPV6Mode: ipamAddConfig.nwCfg.IPV6Mode, // TODO: check if IPV6Mode field can be deprecated
IPAMType: ipamAddConfig.nwCfg.IPAM.Type,
ServiceCidrs: ipamAddConfig.nwCfg.ServiceCidrs,
IsIPv6Enabled: ipamAddResult.ipv6Result != nil,
}

// set IPv6Mode to dualStackOverlay mode
nwInfo.IPV6Mode = ipamAddConfig.nwCfg.IPAM.Mode

if err = addSubnetToNetworkInfo(ipamAddResult, &nwInfo); err != nil {
log.Printf("[cni-net] Failed to add subnets to networkInfo due to %+v", err)
return nwInfo, err
Expand Down Expand Up @@ -764,7 +762,8 @@ func (plugin *NetPlugin) createEndpointInternal(opt *createEndpointInternalOpt)
NATInfo: opt.natInfo,
}

epPolicies := getPoliciesFromRuntimeCfg(opt.nwCfg)
isIPv6Enabled := opt.resultV6 != nil
epPolicies := getPoliciesFromRuntimeCfg(opt.nwCfg, isIPv6Enabled)
epInfo.Policies = append(epInfo.Policies, epPolicies...)

// Populate addresses.
Expand All @@ -774,7 +773,7 @@ func (plugin *NetPlugin) createEndpointInternal(opt *createEndpointInternalOpt)

if opt.resultV6 != nil {
// inject ipv6 routes to Linux pod
epInfo.IPV6Mode = string(util.IpamMode(opt.nwCfg.IPAM.Mode))
epInfo.IPV6Mode = string(util.IpamMode(opt.nwCfg.IPAM.Mode)) // TODO: check IPV6Mode field can be deprecated and can we add IsIPv6Enabled flag for generic working
for _, ipconfig := range opt.resultV6.IPs {
epInfo.IPAddresses = append(epInfo.IPAddresses, ipconfig.Address)
}
Expand Down
2 changes: 1 addition & 1 deletion cni/network/network_linux.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ func getEndpointPolicies(PolicyArgs) ([]policy.Policy, error) {

// getPoliciesFromRuntimeCfg returns network policies from network config.
// getPoliciesFromRuntimeCfg is a dummy function for Linux platform.
func getPoliciesFromRuntimeCfg(nwCfg *cni.NetworkConfig) []policy.Policy {
func getPoliciesFromRuntimeCfg(_ *cni.NetworkConfig, _ bool) []policy.Policy {
return nil
}

Expand Down
35 changes: 31 additions & 4 deletions cni/network/network_windows.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -238,10 +238,11 @@ func getEndpointDNSSettings(nwCfg *cni.NetworkConfig, result *cniTypesCurr.Resul
}

// getPoliciesFromRuntimeCfg returns network policies from network config.
func getPoliciesFromRuntimeCfg(nwCfg *cni.NetworkConfig) []policy.Policy {
func getPoliciesFromRuntimeCfg(nwCfg *cni.NetworkConfig, isIPv6Enabled bool) []policy.Policy {
log.Printf("[net] RuntimeConfigs: %+v", nwCfg.RuntimeConfig)
var policies []policy.Policy
var protocol uint32

for _, mapping := range nwCfg.RuntimeConfig.PortMappings {

cfgProto := strings.ToUpper(strings.TrimSpace(mapping.Protocol))
Expand All @@ -267,13 +268,39 @@ func getPoliciesFromRuntimeCfg(nwCfg *cni.NetworkConfig) []policy.Policy {
Settings: rawPolicy,
})

policy := policy.Policy{
policyv4 := policy.Policy{
Type: policy.EndpointPolicy,
Data: hnsv2Policy,
}
log.Printf("[net] Creating port mapping policy: %+v", policy)

policies = append(policies, policy)
log.Printf("[net] Creating port mapping policy: %+v", policyv4)
policies = append(policies, policyv4)

// add port mapping policy for v6 if we have IPV6 enabled
if isIPv6Enabled {
// To support hostport policy mapping for ipv6 in dualstack overlay mode
// uint32 NatFlagsIPv6 = 2
rawPolicyv6, _ := json.Marshal(&hnsv2.PortMappingPolicySetting{ // nolint
ExternalPort: uint16(mapping.HostPort),
InternalPort: uint16(mapping.ContainerPort),
VIP: mapping.HostIp,
Protocol: protocol,
Flags: hnsv2.NatFlagsIPv6,
})

hnsv2Policyv6, _ := json.Marshal(&hnsv2.EndpointPolicy{ // nolint
Type: hnsv2.PortMapping,
Settings: rawPolicyv6,
})

policyv6 := policy.Policy{
Type: policy.EndpointPolicy,
Data: hnsv2Policyv6,
}

log.Printf("[net] Creating port mapping policy v6: %+v", policyv6)
policies = append(policies, policyv6)
}
}

return policies
Expand Down
3 changes: 2 additions & 1 deletion cni/network/network_windows_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -253,7 +253,8 @@ func TestSetPoliciesFromNwCfg(t *testing.T) {
for _, tt := range tests {
tt := tt
t.Run(tt.name, func(t *testing.T) {
policies := getPoliciesFromRuntimeCfg(&tt.nwCfg)
isIPv6Enabled := false
policies := getPoliciesFromRuntimeCfg(&tt.nwCfg, isIPv6Enabled)
require.Condition(t, assert.Comparison(func() bool {
return len(policies) > 0 && policies[0].Type == policy.EndpointPolicy
}))
Expand Down
1 change: 0 additions & 1 deletion cns/client/client.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -400,7 +400,6 @@ func (c *Client) RequestIPs(ctx context.Context, ipconfig cns.IPConfigsRequest)
}
req.Header.Set(headerContentType, contentTypeJSON)
res, err := c.client.Do(req)

if err != nil {
return nil, errors.Wrap(err, "http request failed")
}
Expand Down
1 change: 1 addition & 0 deletions network/network.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@ type NetworkInfo struct {
IPV6Mode string
IPAMType string
ServiceCidrs string
IsIPv6Enabled bool
}

// SubnetInfo contains subnet information for a container network.
Expand Down
5 changes: 2 additions & 3 deletions network/network_windows.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@ import (
"strings"
"time"

"github.com/Azure/azure-container-networking/cni/util"
"github.com/Azure/azure-container-networking/log"
"github.com/Azure/azure-container-networking/network/hnswrapper"
"github.com/Azure/azure-container-networking/network/policy"
Expand Down Expand Up @@ -404,8 +403,8 @@ func (nm *networkManager) newNetworkImplHnsV2(nwInfo *NetworkInfo, extIf *extern
if err != nil {
// if network not found, create the HNS network.
if errors.As(err, &hcn.NetworkNotFoundError{}) {
// in dualStackOverlay mode, add net routes to windows node
if nwInfo.IPV6Mode == string(util.DualStackOverlay) {
// add net routes to windows node if we have IPv6 enabled
if nwInfo.IsIPv6Enabled {
if err := nm.addNewNetRules(nwInfo); err != nil { // nolint
log.Printf("[net] Failed to add net rules due to %+v", err)
return nil, err
Expand Down