Skip to content

[Azure CNS] Bug Fix for Overlay Subnet Expansion #4083

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

[Azure CNS] Bug Fix for Overlay Subnet Expansion #4083

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
e2cdc67
added logic to fix cns bug for overlay subnet expansion
Oct 15, 2025
b317c45
reverted a line change
Oct 15, 2025
a0b5a56
fixed spelling
Oct 15, 2025
01ecd91
added unit test
Oct 15, 2025
c853b69
fixing go lint
rejain789 Oct 16, 2025
d452d9f
expanded on a comment
rejain789 Oct 17, 2025
22b5d91
ran make dockerfiles as per docker build images fail check
rejain789 Oct 17, 2025
1fb11af
ran make dockerfiles as per docker build images fail check
rejain789 Oct 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .pipelines/build/dockerfiles/cni.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
ARG ARCH

# mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image:v1.0.0
FROM --platform=windows/${ARCH} mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image@sha256:b4c9637e032f667c52d1eccfa31ad8c63f1b035e8639f3f48a510536bf34032b AS windows
FROM --platform=windows/${ARCH} AS windows
ARG ARTIFACT_DIR .

COPY ${ARTIFACT_DIR}/bin/dropgz.exe /dropgz.exe
Expand Down
6 changes: 3 additions & 3 deletions .pipelines/build/dockerfiles/cns.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,19 +3,19 @@
ARG ARCH

# mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image:v1.0.0
FROM --platform=windows/${ARCH} mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image@sha256:b4c9637e032f667c52d1eccfa31ad8c63f1b035e8639f3f48a510536bf34032b AS windows
FROM --platform=windows/${ARCH} AS windows
ARG ARTIFACT_DIR .

COPY ${ARTIFACT_DIR}/bin/azure-cns.exe /azure-cns.exe
ENTRYPOINT ["azure-cns.exe"]
EXPOSE 10090

# mcr.microsoft.com/azurelinux/base/core:3.0
FROM --platform=linux/${ARCH} mcr.microsoft.com/azurelinux/base/core@sha256:833693619d523c23b1fe4d9c1f64a6c697e2a82f7a6ee26e1564897c3fe3fa02 AS build-helper
FROM --platform=linux/${ARCH} AS build-helper
RUN tdnf install -y iptables

# mcr.microsoft.com/azurelinux/distroless/minimal:3.0
FROM --platform=linux/${ARCH} mcr.microsoft.com/azurelinux/distroless/minimal@sha256:d784c8233e87e8bce2e902ff59a91262635e4cabc25ec55ac0a718344514db3c AS linux
FROM --platform=linux/${ARCH} AS linux
ARG ARTIFACT_DIR .

COPY --from=build-helper /usr/sbin/*tables* /usr/sbin/
Expand Down
6 changes: 3 additions & 3 deletions cni/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,10 @@ ARG OS_VERSION
ARG OS

# mcr.microsoft.com/oss/go/microsoft/golang:1.24-azurelinux3.0
FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang@sha256:7bbbda682ce4a462855bd8a61c5efdc1e79ab89d9e32c2610f41e6f9502e1cf4 AS go
FROM --platform=linux/${ARCH} AS go

# mcr.microsoft.com/azurelinux/base/core:3.0
FROM --platform=linux/${ARCH} mcr.microsoft.com/azurelinux/base/core@sha256:833693619d523c23b1fe4d9c1f64a6c697e2a82f7a6ee26e1564897c3fe3fa02 AS mariner-core
FROM --platform=linux/${ARCH} AS mariner-core

FROM go AS azure-vnet
ARG OS
Expand Down Expand Up @@ -54,7 +54,7 @@ COPY --from=dropgz /go/bin/dropgz dropgz
ENTRYPOINT [ "/dropgz" ]

# mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image:v1.0.0
FROM --platform=windows/${ARCH} mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image@sha256:b4c9637e032f667c52d1eccfa31ad8c63f1b035e8639f3f48a510536bf34032b as hpc
FROM --platform=windows/${ARCH} as hpc

FROM hpc as windows
COPY --from=dropgz /go/bin/dropgz dropgz.exe
Expand Down
8 changes: 4 additions & 4 deletions cns/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,13 @@ ARG OS_VERSION
ARG OS

# mcr.microsoft.com/oss/go/microsoft/golang:1.24-azurelinux3.0
FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang@sha256:7bbbda682ce4a462855bd8a61c5efdc1e79ab89d9e32c2610f41e6f9502e1cf4 AS go
FROM --platform=linux/${ARCH} AS go

# mcr.microsoft.com/azurelinux/base/core:3.0
FROM mcr.microsoft.com/azurelinux/base/core@sha256:833693619d523c23b1fe4d9c1f64a6c697e2a82f7a6ee26e1564897c3fe3fa02 AS mariner-core
FROM AS mariner-core

# mcr.microsoft.com/azurelinux/distroless/minimal:3.0
FROM mcr.microsoft.com/azurelinux/distroless/minimal@sha256:d784c8233e87e8bce2e902ff59a91262635e4cabc25ec55ac0a718344514db3c AS mariner-distroless
FROM AS mariner-distroless

FROM --platform=linux/${ARCH} go AS builder
ARG OS
Expand All @@ -33,7 +33,7 @@ ENTRYPOINT [ "/usr/local/bin/azure-cns" ]
EXPOSE 10090

# mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image:v1.0.0
FROM --platform=windows/${ARCH} mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image@sha256:b4c9637e032f667c52d1eccfa31ad8c63f1b035e8639f3f48a510536bf34032b as hpc
FROM --platform=windows/${ARCH} as hpc

FROM hpc as windows
COPY --from=builder /go/bin/azure-cns /azure-cns.exe
Expand Down
1 change: 1 addition & 0 deletions cns/NetworkContainerContract.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,7 @@ type CreateNetworkContainerRequest struct {
EndpointPolicies []NetworkContainerRequestPolicies
NCStatus v1alpha.NCStatus
NetworkInterfaceInfo NetworkInterfaceInfo //nolint // introducing new field for backendnic, to be used later by cni code
Scenario v1alpha.NCType //nolint // introducing new field for nnc reconciler
}

func (req *CreateNetworkContainerRequest) Validate() error {
Expand Down
1 change: 1 addition & 0 deletions cns/kubecontroller/nodenetworkconfig/conversion.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ func CreateNCRequestFromDynamicNC(nc v1alpha.NetworkContainer) (*cns.CreateNetwo
GatewayIPAddress: nc.DefaultGateway,
},
NCStatus: nc.Status,
Scenario: nc.Type,
}, nil
}

Expand Down
1 change: 1 addition & 0 deletions cns/kubecontroller/nodenetworkconfig/conversion_linux.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,5 +63,6 @@ func createNCRequestFromStaticNCHelper(nc v1alpha.NetworkContainer, primaryIPPre
NetworkInterfaceInfo: cns.NetworkInterfaceInfo{
MACAddress: nc.MacAddress,
},
Scenario: nc.Type,
}, nil
}
18 changes: 11 additions & 7 deletions cns/restserver/internalapi.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import (
"github.com/Azure/azure-container-networking/common"
"github.com/Azure/azure-container-networking/crd/nodenetworkconfig/api/v1alpha"
"github.com/pkg/errors"
"go.uber.org/zap"
)

const (
Expand All @@ -35,6 +36,9 @@ const (
// internal APIs (definde in internalapi.go).
// This will be used internally (say by RequestController in case of AKS)

// Initialize a zap logger instance
var zapLogger, _ = zap.NewProduction()

// GetPartitionKey - Get dnc/service partition key
func (service *HTTPRestService) GetPartitionKey() (dncPartitionKey string) {
service.RLock()
Expand Down Expand Up @@ -630,13 +634,13 @@ func (service *HTTPRestService) CreateOrUpdateNetworkContainerInternal(req *cns.
if ok {
existingReq := existingNCInfo.CreateNetworkContainerRequest
if !reflect.DeepEqual(existingReq.IPConfiguration.IPSubnet, req.IPConfiguration.IPSubnet) {
logger.Errorf("[Azure CNS] Error. PrimaryCA is not same, NCId %s, old CA %s/%d, new CA %s/%d",
req.NetworkContainerid,
existingReq.IPConfiguration.IPSubnet.IPAddress,
existingReq.IPConfiguration.IPSubnet.PrefixLength,
req.IPConfiguration.IPSubnet.IPAddress,
req.IPConfiguration.IPSubnet.PrefixLength)
return types.PrimaryCANotSame
if req.Scenario != v1alpha.Overlay { // if overlay -> potentially an overlay subnet expansion is occurring, skip this check
zapLogger.Error("[Azure CNS] Error. PrimaryCA is not same",
zap.String("NCId", req.NetworkContainerid),
zap.String("oldCA", fmt.Sprintf("%s/%d", existingReq.IPConfiguration.IPSubnet.IPAddress, existingReq.IPConfiguration.IPSubnet.PrefixLength)),
zap.String("newCA", fmt.Sprintf("%s/%d", req.IPConfiguration.IPSubnet.IPAddress, req.IPConfiguration.IPSubnet.PrefixLength)))
return types.PrimaryCANotSame
}
}
}

Expand Down
45 changes: 45 additions & 0 deletions cns/restserver/internalapi_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,51 @@ func TestReconcileNCStatePrimaryIPChangeShouldFail(t *testing.T) {
assert.Equal(t, types.PrimaryCANotSame, resp)
}

// TestReconcileNCStatePrimaryIPChangeShouldNotFail tests that reconciling NC state with
// a NC whose IP has changed should not fail for overlay clusters
func TestReconcileNCStatePrimaryIPChangeShouldNotFail(t *testing.T) {
restartService()
setEnv(t)
setOrchestratorTypeInternal(cns.KubernetesCRD)
svc.state.ContainerStatus = make(map[string]containerstatus)

// start with a NC in state
ncID := "555ac5c9-89f2-4b5d-b8d0-616894d6d151"
svc.state.ContainerStatus[ncID] = containerstatus{
ID: ncID,
VMVersion: "0",
HostVersion: "0",
CreateNetworkContainerRequest: cns.CreateNetworkContainerRequest{
NetworkContainerid: ncID,
IPConfiguration: cns.IPConfiguration{
IPSubnet: cns.IPSubnet{
IPAddress: "10.0.1.0",
PrefixLength: 24,
},
},
},
}

ncReqs := []*cns.CreateNetworkContainerRequest{
{
NetworkContainerid: ncID,
IPConfiguration: cns.IPConfiguration{
IPSubnet: cns.IPSubnet{
IPAddress: "10.0.2.0", // note this IP has changed
PrefixLength: 24,
},
},
Scenario: v1alpha.Overlay, // overlay cluster - skip primary CA check
NetworkContainerType: cns.Kubernetes,
},
}

// now try to reconcile the state where the NC primary IP has changed
resp := svc.ReconcileIPAMStateForSwift(ncReqs, map[string]cns.PodInfo{}, &v1alpha.NodeNetworkConfig{})

assert.Equal(t, types.Success, resp)
}

// TestReconcileNCStateGatewayChange tests that NC state gets updated when reconciled
// if the NC's gateway IP has changed
func TestReconcileNCStateGatewayChange(t *testing.T) {
Expand Down
Loading