Pass native-routing-cidr to ENI CNI for route rules

Signed-off-by: John Watson <johnw@planetscale.com>
cilium · Apr 30, 2020 · 4b47aa7 · 4b47aa7
1 parent ebe156f
commit 4b47aa7
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 2 deletions.
diff --git a/pkg/ipam/crd.go b/pkg/ipam/crd.go
@@ -464,6 +464,10 @@ func (a *crdAllocator) buildAllocationResult(ip net.IP, ipInfo *ipamTypes.Alloca
 				result.Master = eni.MAC
 				result.CIDRs = []string{eni.VPC.PrimaryCIDR}
 				result.CIDRs = append(result.CIDRs, eni.VPC.CIDRs...)
+				// Add manually configured Native Routing CIDR
+				if a.conf.IPv4NativeRoutingCIDR() != nil {
+					result.CIDRs = append(result.CIDRs, a.conf.IPv4NativeRoutingCIDR().String())
+				}
 				if eni.Subnet.CIDR != "" {
 					result.GatewayIP = deriveGatewayIP(eni)
 				}

diff --git a/pkg/ipam/ipam.go b/pkg/ipam/ipam.go
@@ -71,6 +71,10 @@ type Configuration interface {
 	// SetIPv4NativeRoutingCIDR is called by the IPAM module to announce
 	// the native IPv4 routing CIDR if it exists
 	SetIPv4NativeRoutingCIDR(cidr *cidr.CIDR)
+
+	// IPv4NativeRoutingCIDR is called by the IPAM module retrieve
+	// the native IPv4 routing CIDR if it exists
+	IPv4NativeRoutingCIDR() *cidr.CIDR
 }
 
 // Owner is the interface the owner of an IPAM allocator has to implement

diff --git a/pkg/ipam/ipam_test.go b/pkg/ipam/ipam_test.go
@@ -56,6 +56,7 @@ func (t *testConfiguration) HealthCheckingEnabled() bool              { return t
 func (t *testConfiguration) IPAMMode() string                         { return option.IPAMHostScopeLegacy }
 func (t *testConfiguration) BlacklistConflictingRoutesEnabled() bool  { return false }
 func (t *testConfiguration) SetIPv4NativeRoutingCIDR(cidr *cidr.CIDR) {}
+func (t *testConfiguration) IPv4NativeRoutingCIDR() *cidr.CIDR        { return nil }
 
 func (s *IPAMSuite) TestLock(c *C) {
 	fakeAddressing := fake.NewNodeAddressing()

diff --git a/plugins/cilium-cni/eni.go b/plugins/cilium-cni/eni.go
@@ -20,19 +20,25 @@ import (
 
 	"github.com/cilium/cilium/api/v1/models"
 	enirouting "github.com/cilium/cilium/pkg/aws/eni/routing"
+	"github.com/cilium/cilium/pkg/ip"
 	"github.com/cilium/cilium/pkg/mac"
 
 	"github.com/containernetworking/cni/pkg/types/current"
 )
 
 func eniAdd(ipConfig *current.IPConfig, ipam *models.IPAMAddressResponse, conf models.DaemonConfigurationStatus) error {
-	cidrs := make([]net.IPNet, 0, len(ipam.Cidrs))
+	allCIDRs := make([]*net.IPNet, 0, len(ipam.Cidrs))
 	for _, cidrString := range ipam.Cidrs {
 		_, cidr, err := net.ParseCIDR(cidrString)
 		if err != nil {
 			return fmt.Errorf("invalid CIDR '%s': %s", cidrString, err)
 		}
-
+		allCIDRs = append(allCIDRs, cidr)
+	}
+	// Coalesce CIDRs into minimum set needed for route rules
+	ipv4CIDRs, _ := ip.CoalesceCIDRs(allCIDRs)
+	cidrs := make([]net.IPNet, 0, len(ipv4CIDRs))
+	for _, cidr := range ipv4CIDRs {
 		cidrs = append(cidrs, *cidr)
 	}