Pass native-routing-cidr to ENI CNI for route rules

[dctrwatson]

When using a configured native-routing-cidr that encompasses the VPC subnet, due to using VPC Peering or similar, the Linux routing rules need to be configured to properly route back out the ENI which the IP is attached when masquerade is disabled.

This PR adds native-routing-cidr to the IPAM CRD AllocationResult. In the ENI cilium-cni plugin it coalesces all returned CIDRs into the minimum set needed for the Linux routing rules.

Signed-off-by: John Watson johnw@planetscale.com

[maintainer-s-little-helper]

Please set the appropriate release note label.

[aanm]

test-me-please

[coveralls]

Coverage decreased (-0.01%) to 44.571% when pulling 4b47aa7 on planetscale:jw-route-rule-for-native into 4b865d5 on cilium:master.

[aanm]

test-me-please

[aanm]

PTAL @tgraf

[tgraf]

I was puzzled at first but assuming that the native-routing-cidr equals the CIDR of the VPC then this is correct.

[aanm]

test-me-please

[aanm]

re-running CI since jenkins build was gone

[qmonnet]

test-focus K8sServicesTest External services To Services first endpoint creation

[qmonnet]

There's a conflict in plugins/cilium-cni/eni.go, could you rebase this PR on the current master branch please?

[dctrwatson]

There's a conflict in plugins/cilium-cni/eni.go, could you rebase this PR on the current master branch please?

Rebased.

🎉 smaller change now 😀

[aanm]

test-me-please

[qmonnet]

Thanks for the rebase, but it looks like there is a build error now 😢:

08:43:35  # github.com/cilium/cilium/plugins/cilium-cni
[2020-04-29T07:43:35.062Z] ./eni.go:40:11: cannot assign []*net.IPNet to cidrs (type []net.IPNet) in multiple assignment
[2020-04-29T07:43:35.062Z] ./eni.go:40:29: cannot use cidrs (type []net.IPNet) as type []*net.IPNet in argument to ip.CoalesceCIDRs
[2020-04-29T07:43:35.062Z] make[1]: *** [cilium-cni] Error 2
[2020-04-29T07:43:35.062Z] Makefile:13: recipe for target 'cilium-cni' failed
08:43:35  make[1]: Leaving directory '/go/src/github.com/cilium/cilium/plugins/cilium-cni'
08:43:35  make: *** [build-container] Error 2
[2020-04-29T07:43:35.062Z] Makefile:76: recipe for target 'build-container' failed

Please have a look.

[dctrwatson]

but it looks like there is a build error now

Sorry about that :(

Just pushed up a fix.

[qmonnet]

test-me-please

[qmonnet]

Timed out.

restart-ginkgo

[qmonnet]

Sorry, one last thing. Could you please squash your fix commit with the one that failed to compile, before we merge? This is so that it does not break git bisect workflows by introducing a broken build in the git history.

[dctrwatson]

Could you please squash your fix commit with the one that failed to compile, before we merge?

Squashed and force pushed.

[qmonnet]

Thanks, but I'm afraid you squashed with the wrong commit :( I tried building with your first commit applied only, and it fails. Would you mind double-checking, please?

[dctrwatson]

Thanks, but I'm afraid you squashed with the wrong commit :( I tried building with your first commit applied only, and it fails. Would you mind double-checking, please?

Ohhh, I'll need to squash all 3 commits then

[dctrwatson]

Squashed the original change with the rebase fix commits. confirmed cilium-cni does build.

[qmonnet]

All good this time, thank you!