From 2258ff36337334342db74bd65dfc5418bddc3e14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Martins?= Date: Thu, 18 Jun 2020 17:05:38 +0200 Subject: [PATCH 1/3] pkg/option: return error in case validation of IPv4NativeRoutingCIDR fail MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes: e7d4f5c6af7d ("daemon: validate IPv4NativeRoutingCIDR value in DaemonConfig") Signed-off-by: André Martins --- pkg/option/config.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/option/config.go b/pkg/option/config.go index d90e0b08e843..210fccb4e865 100644 --- a/pkg/option/config.go +++ b/pkg/option/config.go @@ -2073,7 +2073,7 @@ func (c *DaemonConfig) Validate() error { } if err := c.checkIPv4NativeRoutingCIDR(); err != nil { - return nil + return err } // Validate that the KVStore Lease TTL value lies between a particular range. From 2e59c93b1c475c8dfd22aee4a50d332e26ff6d87 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Martins?= Date: Thu, 18 Jun 2020 17:07:01 +0200 Subject: [PATCH 2/3] daemon: add native-routing-cidr as part of the daemon flags MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes: c496e25635c2 ("eni: Support masquerading") Signed-off-by: André Martins --- Documentation/cmdref/cilium-agent.md | 1 + daemon/cmd/daemon_main.go | 3 +++ 2 files changed, 4 insertions(+) diff --git a/Documentation/cmdref/cilium-agent.md b/Documentation/cmdref/cilium-agent.md index 7e83a3ecbec0..6d06fa72c7f6 100644 --- a/Documentation/cmdref/cilium-agent.md +++ b/Documentation/cmdref/cilium-agent.md @@ -156,6 +156,7 @@ cilium-agent [flags] --monitor-queue-size int Size of the event queue when reading monitor events --mtu int Overwrite auto-detected MTU of underlying network --nat46-range string IPv6 prefix to map IPv4 addresses to (default "0:0:0:0:0:FFFF::/96") + --native-routing-cidr string Allows to explicitly specify the CIDR for native routing. This value corresponds to the configured cluster-cidr. --node-port-acceleration string BPF NodePort acceleration via XDP ("native", "disabled") (default "disabled") --node-port-bind-protection Reject application bind(2) requests to service ports in the NodePort range (default true) --node-port-mode string BPF NodePort mode ("snat", "dsr", "hybrid") (default "snat") diff --git a/daemon/cmd/daemon_main.go b/daemon/cmd/daemon_main.go index de4a7ab643b9..eebd8e0e02e1 100644 --- a/daemon/cmd/daemon_main.go +++ b/daemon/cmd/daemon_main.go @@ -538,6 +538,9 @@ func init() { flags.Bool(option.EnableHostFirewall, false, "Enable host network policies") option.BindEnv(option.EnableHostFirewall) + flags.String(option.IPv4NativeRoutingCIDR, "", "Allows to explicitly specify the CIDR for native routing. This value corresponds to the configured cluster-cidr.") + option.BindEnv(option.IPv4NativeRoutingCIDR) + flags.String(option.LibDir, defaults.LibraryPath, "Directory path to store runtime build environment") option.BindEnv(option.LibDir) From ca645023f36e0788d98363941bc438d77e91f5a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Martins?= Date: Thu, 18 Jun 2020 17:25:11 +0200 Subject: [PATCH 3/3] test: set nativeRoutingCIDR MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As we are currently running our CI with a CIDR from the Cilium-Operator, which is "10.0.0.0/16", we should set it as part of our 'nativeRoutingCIDR'. Fixes: ace902d42715 ("helm: Enable BPF masquerading by default") Signed-off-by: André Martins --- test/helpers/kubectl.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/helpers/kubectl.go b/test/helpers/kubectl.go index 151b5fb241b5..55186dcecfed 100644 --- a/test/helpers/kubectl.go +++ b/test/helpers/kubectl.go @@ -116,7 +116,8 @@ var ( // We need CNP node status to know when a policy is being enforced "config.enableCnpStatusUpdates": "true", - "global.hostFirewall": "true", + "global.hostFirewall": "true", + "global.nativeRoutingCIDR": "10.0.0.0/16", } flannelHelmOverrides = map[string]string{