diff --git a/.pipelines/build/dockerfiles/cni.Dockerfile b/.pipelines/build/dockerfiles/cni.Dockerfile index c4d38741b8..08fc0f2a0f 100644 --- a/.pipelines/build/dockerfiles/cni.Dockerfile +++ b/.pipelines/build/dockerfiles/cni.Dockerfile @@ -3,7 +3,7 @@ ARG ARCH # mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image:v1.0.0 -FROM --platform=windows/${ARCH} mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image@sha256:b4c9637e032f667c52d1eccfa31ad8c63f1b035e8639f3f48a510536bf34032b AS windows +FROM --platform=windows/${ARCH} AS windows ARG ARTIFACT_DIR . COPY ${ARTIFACT_DIR}/bin/dropgz.exe /dropgz.exe diff --git a/.pipelines/build/dockerfiles/cns.Dockerfile b/.pipelines/build/dockerfiles/cns.Dockerfile index 1fc8f9d5b1..ed61c6ffe2 100644 --- a/.pipelines/build/dockerfiles/cns.Dockerfile +++ b/.pipelines/build/dockerfiles/cns.Dockerfile @@ -3,7 +3,7 @@ ARG ARCH # mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image:v1.0.0 -FROM --platform=windows/${ARCH} mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image@sha256:b4c9637e032f667c52d1eccfa31ad8c63f1b035e8639f3f48a510536bf34032b AS windows +FROM --platform=windows/${ARCH} AS windows ARG ARTIFACT_DIR . COPY ${ARTIFACT_DIR}/bin/azure-cns.exe /azure-cns.exe @@ -11,11 +11,11 @@ ENTRYPOINT ["azure-cns.exe"] EXPOSE 10090 # mcr.microsoft.com/azurelinux/base/core:3.0 -FROM --platform=linux/${ARCH} mcr.microsoft.com/azurelinux/base/core@sha256:833693619d523c23b1fe4d9c1f64a6c697e2a82f7a6ee26e1564897c3fe3fa02 AS build-helper +FROM --platform=linux/${ARCH} AS build-helper RUN tdnf install -y iptables # mcr.microsoft.com/azurelinux/distroless/minimal:3.0 -FROM --platform=linux/${ARCH} mcr.microsoft.com/azurelinux/distroless/minimal@sha256:d784c8233e87e8bce2e902ff59a91262635e4cabc25ec55ac0a718344514db3c AS linux +FROM --platform=linux/${ARCH} AS linux ARG ARTIFACT_DIR . COPY --from=build-helper /usr/sbin/*tables* /usr/sbin/ diff --git a/cni/Dockerfile b/cni/Dockerfile index 5867fd09b2..f2a6924e60 100644 --- a/cni/Dockerfile +++ b/cni/Dockerfile @@ -6,10 +6,10 @@ ARG OS_VERSION ARG OS # mcr.microsoft.com/oss/go/microsoft/golang:1.24-azurelinux3.0 -FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang@sha256:7bbbda682ce4a462855bd8a61c5efdc1e79ab89d9e32c2610f41e6f9502e1cf4 AS go +FROM --platform=linux/${ARCH} AS go # mcr.microsoft.com/azurelinux/base/core:3.0 -FROM --platform=linux/${ARCH} mcr.microsoft.com/azurelinux/base/core@sha256:833693619d523c23b1fe4d9c1f64a6c697e2a82f7a6ee26e1564897c3fe3fa02 AS mariner-core +FROM --platform=linux/${ARCH} AS mariner-core FROM go AS azure-vnet ARG OS @@ -54,7 +54,7 @@ COPY --from=dropgz /go/bin/dropgz dropgz ENTRYPOINT [ "/dropgz" ] # mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image:v1.0.0 -FROM --platform=windows/${ARCH} mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image@sha256:b4c9637e032f667c52d1eccfa31ad8c63f1b035e8639f3f48a510536bf34032b as hpc +FROM --platform=windows/${ARCH} as hpc FROM hpc as windows COPY --from=dropgz /go/bin/dropgz dropgz.exe diff --git a/cns/Dockerfile b/cns/Dockerfile index 7908371aea..31d3b7e0ea 100644 --- a/cns/Dockerfile +++ b/cns/Dockerfile @@ -5,13 +5,13 @@ ARG OS_VERSION ARG OS # mcr.microsoft.com/oss/go/microsoft/golang:1.24-azurelinux3.0 -FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang@sha256:7bbbda682ce4a462855bd8a61c5efdc1e79ab89d9e32c2610f41e6f9502e1cf4 AS go +FROM --platform=linux/${ARCH} AS go # mcr.microsoft.com/azurelinux/base/core:3.0 -FROM mcr.microsoft.com/azurelinux/base/core@sha256:833693619d523c23b1fe4d9c1f64a6c697e2a82f7a6ee26e1564897c3fe3fa02 AS mariner-core +FROM AS mariner-core # mcr.microsoft.com/azurelinux/distroless/minimal:3.0 -FROM mcr.microsoft.com/azurelinux/distroless/minimal@sha256:d784c8233e87e8bce2e902ff59a91262635e4cabc25ec55ac0a718344514db3c AS mariner-distroless +FROM AS mariner-distroless FROM --platform=linux/${ARCH} go AS builder ARG OS @@ -33,7 +33,7 @@ ENTRYPOINT [ "/usr/local/bin/azure-cns" ] EXPOSE 10090 # mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image:v1.0.0 -FROM --platform=windows/${ARCH} mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image@sha256:b4c9637e032f667c52d1eccfa31ad8c63f1b035e8639f3f48a510536bf34032b as hpc +FROM --platform=windows/${ARCH} as hpc FROM hpc as windows COPY --from=builder /go/bin/azure-cns /azure-cns.exe diff --git a/cns/NetworkContainerContract.go b/cns/NetworkContainerContract.go index 8f5939c28e..cf1ff35a10 100644 --- a/cns/NetworkContainerContract.go +++ b/cns/NetworkContainerContract.go @@ -129,6 +129,7 @@ type CreateNetworkContainerRequest struct { EndpointPolicies []NetworkContainerRequestPolicies NCStatus v1alpha.NCStatus NetworkInterfaceInfo NetworkInterfaceInfo //nolint // introducing new field for backendnic, to be used later by cni code + Scenario v1alpha.NCType //nolint // introducing new field for nnc reconciler } func (req *CreateNetworkContainerRequest) Validate() error { diff --git a/cns/kubecontroller/nodenetworkconfig/conversion.go b/cns/kubecontroller/nodenetworkconfig/conversion.go index f2f3d9e9cf..cc34d682c8 100644 --- a/cns/kubecontroller/nodenetworkconfig/conversion.go +++ b/cns/kubecontroller/nodenetworkconfig/conversion.go @@ -67,6 +67,7 @@ func CreateNCRequestFromDynamicNC(nc v1alpha.NetworkContainer) (*cns.CreateNetwo GatewayIPAddress: nc.DefaultGateway, }, NCStatus: nc.Status, + Scenario: nc.Type, }, nil } diff --git a/cns/kubecontroller/nodenetworkconfig/conversion_linux.go b/cns/kubecontroller/nodenetworkconfig/conversion_linux.go index 9d425aa48f..dd9141dfc3 100644 --- a/cns/kubecontroller/nodenetworkconfig/conversion_linux.go +++ b/cns/kubecontroller/nodenetworkconfig/conversion_linux.go @@ -63,5 +63,6 @@ func createNCRequestFromStaticNCHelper(nc v1alpha.NetworkContainer, primaryIPPre NetworkInterfaceInfo: cns.NetworkInterfaceInfo{ MACAddress: nc.MacAddress, }, + Scenario: nc.Type, }, nil } diff --git a/cns/restserver/internalapi.go b/cns/restserver/internalapi.go index efefb3f2d3..b76ed5d01c 100644 --- a/cns/restserver/internalapi.go +++ b/cns/restserver/internalapi.go @@ -23,6 +23,7 @@ import ( "github.com/Azure/azure-container-networking/common" "github.com/Azure/azure-container-networking/crd/nodenetworkconfig/api/v1alpha" "github.com/pkg/errors" + "go.uber.org/zap" ) const ( @@ -35,6 +36,9 @@ const ( // internal APIs (definde in internalapi.go). // This will be used internally (say by RequestController in case of AKS) +// Initialize a zap logger instance +var zapLogger, _ = zap.NewProduction() + // GetPartitionKey - Get dnc/service partition key func (service *HTTPRestService) GetPartitionKey() (dncPartitionKey string) { service.RLock() @@ -630,13 +634,13 @@ func (service *HTTPRestService) CreateOrUpdateNetworkContainerInternal(req *cns. if ok { existingReq := existingNCInfo.CreateNetworkContainerRequest if !reflect.DeepEqual(existingReq.IPConfiguration.IPSubnet, req.IPConfiguration.IPSubnet) { - logger.Errorf("[Azure CNS] Error. PrimaryCA is not same, NCId %s, old CA %s/%d, new CA %s/%d", - req.NetworkContainerid, - existingReq.IPConfiguration.IPSubnet.IPAddress, - existingReq.IPConfiguration.IPSubnet.PrefixLength, - req.IPConfiguration.IPSubnet.IPAddress, - req.IPConfiguration.IPSubnet.PrefixLength) - return types.PrimaryCANotSame + if req.Scenario != v1alpha.Overlay { // if overlay -> potentially an overlay subnet expansion is occurring, skip this check + zapLogger.Error("[Azure CNS] Error. PrimaryCA is not same", + zap.String("NCId", req.NetworkContainerid), + zap.String("oldCA", fmt.Sprintf("%s/%d", existingReq.IPConfiguration.IPSubnet.IPAddress, existingReq.IPConfiguration.IPSubnet.PrefixLength)), + zap.String("newCA", fmt.Sprintf("%s/%d", req.IPConfiguration.IPSubnet.IPAddress, req.IPConfiguration.IPSubnet.PrefixLength))) + return types.PrimaryCANotSame + } } } diff --git a/cns/restserver/internalapi_test.go b/cns/restserver/internalapi_test.go index 4df797a498..0b061a8a36 100644 --- a/cns/restserver/internalapi_test.go +++ b/cns/restserver/internalapi_test.go @@ -101,6 +101,51 @@ func TestReconcileNCStatePrimaryIPChangeShouldFail(t *testing.T) { assert.Equal(t, types.PrimaryCANotSame, resp) } +// TestReconcileNCStatePrimaryIPChangeShouldNotFail tests that reconciling NC state with +// a NC whose IP has changed should not fail for overlay clusters +func TestReconcileNCStatePrimaryIPChangeShouldNotFail(t *testing.T) { + restartService() + setEnv(t) + setOrchestratorTypeInternal(cns.KubernetesCRD) + svc.state.ContainerStatus = make(map[string]containerstatus) + + // start with a NC in state + ncID := "555ac5c9-89f2-4b5d-b8d0-616894d6d151" + svc.state.ContainerStatus[ncID] = containerstatus{ + ID: ncID, + VMVersion: "0", + HostVersion: "0", + CreateNetworkContainerRequest: cns.CreateNetworkContainerRequest{ + NetworkContainerid: ncID, + IPConfiguration: cns.IPConfiguration{ + IPSubnet: cns.IPSubnet{ + IPAddress: "10.0.1.0", + PrefixLength: 24, + }, + }, + }, + } + + ncReqs := []*cns.CreateNetworkContainerRequest{ + { + NetworkContainerid: ncID, + IPConfiguration: cns.IPConfiguration{ + IPSubnet: cns.IPSubnet{ + IPAddress: "10.0.2.0", // note this IP has changed + PrefixLength: 24, + }, + }, + Scenario: v1alpha.Overlay, // overlay cluster - skip primary CA check + NetworkContainerType: cns.Kubernetes, + }, + } + + // now try to reconcile the state where the NC primary IP has changed + resp := svc.ReconcileIPAMStateForSwift(ncReqs, map[string]cns.PodInfo{}, &v1alpha.NodeNetworkConfig{}) + + assert.Equal(t, types.Success, resp) +} + // TestReconcileNCStateGatewayChange tests that NC state gets updated when reconciled // if the NC's gateway IP has changed func TestReconcileNCStateGatewayChange(t *testing.T) {