add missing link scope routes in vpc-nat-gateway

dist/images/vpcnatgateway/nat-gateway.sh

@@ -13,9 +13,15 @@ function exec_cmd() {
 }
 
 function init() {
+    lanCIDR=$1
     ip link set net1 up
-    exec_cmd "ip rule add iif net1 table $ROUTE_TABLE"
-    exec_cmd "ip rule add iif eth0 table $ROUTE_TABLE"
+    if [ $(ip rule show iif net1 | wc -l) -eq 0 ]; then
+        exec_cmd "ip rule add iif net1 table $ROUTE_TABLE"
+    fi
+    if [ $(ip rule show iif eth0 | wc -l) -eq 0 ]; then
+        exec_cmd "ip rule add iif eth0 table $ROUTE_TABLE"
+    fi
+    exec_cmd "ip route replace $lanCIDR dev eth0 table $ROUTE_TABLE"
 
     # add static chain
     iptables -t nat -N DNAT_FILTER
@@ -41,7 +47,7 @@ function add_vpc_internal_route() {
         cidr=${arr[0]}
         nextHop=${arr[1]}
 
-        exec_cmd "ip ro replace $cidr via $nextHop dev eth0 table $ROUTE_TABLE"
+        exec_cmd "ip route replace $cidr via $nextHop dev eth0 table $ROUTE_TABLE"
     done
 }
 
@@ -51,7 +57,7 @@ function del_vpc_internal_route() {
         arr=(${rule//,/ })
         cidr=${arr[0]}
 
-        exec_cmd "ip ro del $cidr table $ROUTE_TABLE"
+        exec_cmd "ip route del $cidr table $ROUTE_TABLE"
     done
 }
 
@@ -61,10 +67,13 @@ function add_eip() {
         arr=(${rule//,/ })
         eip=${arr[0]}
         eip_without_prefix=(${eip//\// })
+        eip_network=$(ipcalc -n $eip | awk -F '=' '{print $2}')
+        eip_prefix=$(ipcalc -p $eip | awk -F '=' '{print $2}')
         gateway=${arr[1]}
 
         exec_cmd "ip addr replace $eip dev net1"
-        exec_cmd "ip ro replace default via $gateway dev net1 table $ROUTE_TABLE"
+        exec_cmd "ip route replace $eip_network/$eip_prefix dev net1 table $ROUTE_TABLE"
+        exec_cmd "ip route replace default via $gateway dev net1 table $ROUTE_TABLE"
         exec_cmd "arping -c 3 -s $eip_without_prefix $gateway"
     done
 }
@@ -78,7 +87,6 @@ function del_eip() {
         if [ -n "$lines" ]; then
             exec_cmd "ip addr del $eip dev net1"
         fi
-
     done
 }
 
@@ -128,7 +136,7 @@ opt=$1
 case $opt in
  init)
         echo "init"
-        init
+        init $rules
         ;;
  subnet-route-add)
         echo "subnet-route-add $rules"

pkg/controller/vpc_nat_gateway.go

@@ -319,13 +319,18 @@ func (c *Controller) handleInitVpcNatGw(key string) error {
 	}
 	c.vpcNatGwKeyMutex.Lock(key)
 	defer c.vpcNatGwKeyMutex.Unlock(key)
-	_, err := c.vpcNatGatewayLister.Get(key)
+	gw, err := c.vpcNatGatewayLister.Get(key)
 	if err != nil {
 		if k8serrors.IsNotFound(err) {
 			return nil
 		}
 		return err
 	}
+	subnet, err := c.subnetsLister.Get(gw.Spec.Subnet)
+	if err != nil {
+		klog.Errorf("failed to get subnet %s: %v", gw.Spec.Subnet, err)
+		return fmt.Errorf("failed to initialize vpc nat gateway %s: %v", key, err)
+	}
 
 	oripod, err := c.getNatGwPod(key)
 	if err != nil {
@@ -344,7 +349,7 @@ func (c *Controller) handleInitVpcNatGw(key string) error {
 	if _, hasInit := pod.Annotations[util.VpcNatGatewayInitAnnotation]; hasInit {
 		return nil
 	}
-	if err = c.execNatGwRules(pod, NAT_GW_INIT, nil); err != nil {
+	if err = c.execNatGwRules(pod, NAT_GW_INIT, []string{subnet.Spec.CIDRBlock}); err != nil {
 		klog.Errorf("failed to init vpc nat gateway, err: %v", err)
 		return err
 	}
@@ -642,7 +647,9 @@ func (c *Controller) handleUpdateNatGwSubnetRoute(natGwKey string) error {
 	if len(newCIDRS) > 0 {
 		var rules []string
 		for _, cidr := range newCIDRS {
-			rules = append(rules, fmt.Sprintf("%s,%s", cidr, gwSubnet.Spec.Gateway))
+			if !util.CIDRContainIP(cidr, gwSubnet.Spec.Gateway) {
+				rules = append(rules, fmt.Sprintf("%s,%s", cidr, gwSubnet.Spec.Gateway))
+			}
 		}
 		if err = c.execNatGwRules(pod, NAT_GW_SUBNET_ROUTE_ADD, rules); err != nil {
 			klog.Errorf("failed to exec nat gateway rule, err: %v", err)