feat: support ipv6-only mode

kubeovn · Jul 22, 2019 · 9d173ba · 9d173ba
1 parent 97efc1f
commit 9d173ba
Show file tree

Hide file tree

Showing 19 changed files with 407 additions and 152 deletions.
diff --git a/cmd/cni/cni.go b/cmd/cni/cni.go
@@ -4,14 +4,16 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"net"
+	"runtime"
+	"strings"
+
+	kubeovnv1 "github.com/alauda/kube-ovn/pkg/apis/kubeovn/v1"
 	"github.com/alauda/kube-ovn/pkg/request"
 	"github.com/containernetworking/cni/pkg/skel"
 	"github.com/containernetworking/cni/pkg/types"
 	"github.com/containernetworking/cni/pkg/types/current"
 	"github.com/containernetworking/cni/pkg/version"
-	"net"
-	"runtime"
-	"strings"
 )
 
 func init() {
@@ -58,16 +60,31 @@ func cmdAdd(args *skel.CmdArgs) error {
 func generateCNIResult(cniVersion string, podResponse *request.PodResponse) current.Result {
 	result := current.Result{CNIVersion: cniVersion}
 	_, mask, _ := net.ParseCIDR(podResponse.CIDR)
-	ip := current.IPConfig{
-		Version: "4",
-		Address: net.IPNet{IP: net.ParseIP(podResponse.IpAddress).To4(), Mask: mask.Mask},
-		Gateway: net.ParseIP(podResponse.Gateway).To4(),
+	switch podResponse.Protocol {
+	case kubeovnv1.ProtocolIPv4:
+		ip := current.IPConfig{
+			Version: "4",
+			Address: net.IPNet{IP: net.ParseIP(podResponse.IpAddress).To4(), Mask: mask.Mask},
+			Gateway: net.ParseIP(podResponse.Gateway).To4(),
+		}
+		result.IPs = []*current.IPConfig{&ip}
+		route := types.Route{}
+		route.Dst = net.IPNet{IP: net.ParseIP("0.0.0.0").To4(), Mask: net.CIDRMask(0, 32)}
+		route.GW = net.ParseIP(podResponse.Gateway).To4()
+		result.Routes = []*types.Route{&route}
+	case kubeovnv1.ProtocolIPv6:
+		ip := current.IPConfig{
+			Version: "6",
+			Address: net.IPNet{IP: net.ParseIP(podResponse.IpAddress).To16(), Mask: mask.Mask},
+			Gateway: net.ParseIP(podResponse.Gateway).To16(),
+		}
+		result.IPs = []*current.IPConfig{&ip}
+		route := types.Route{}
+		route.Dst = net.IPNet{IP: net.ParseIP("::").To16(), Mask: net.CIDRMask(0, 128)}
+		route.GW = net.ParseIP(podResponse.Gateway).To16()
+		result.Routes = []*types.Route{&route}
 	}
-	result.IPs = []*current.IPConfig{&ip}
-	route := types.Route{}
-	route.Dst = net.IPNet{IP: net.ParseIP("0.0.0.0").To4(), Mask: net.CIDRMask(0, 32)}
-	route.GW = net.ParseIP(podResponse.Gateway).To4()
-	result.Routes = []*types.Route{&route}
+
 	return result
 }
 

diff --git a/dist/images/cleanup.sh b/dist/images/cleanup.sh
@@ -1,13 +1,10 @@
 #!/bin/bash
 set -eu
 
-# Remove finalizers in svc
-kubectl patch svc -n kube-ovn ovn-nb --type='json' -p '[{"op": "replace", "path": "/metadata/finalizers", "value": []}]' || true
-kubectl patch svc -n kube-ovn ovn-sb --type='json' -p '[{"op": "replace", "path": "/metadata/finalizers", "value": []}]' || true
-
 # Delete Kube-OVN components
-kubectl delete -f https://raw.githubusercontent.com/alauda/kube-ovn/master/yamls/ovn.yaml
 kubectl delete -f https://raw.githubusercontent.com/alauda/kube-ovn/master/yamls/kube-ovn.yaml
+kubectl delete -f https://raw.githubusercontent.com/alauda/kube-ovn/master/yamls/ovn.yaml
+kubectl delete -f https://raw.githubusercontent.com/alauda/kube-ovn/master/yamls/crd.yaml
 
 # Remove annotations in namespaces and nodes
 kubectl annotate no --all ovn.kubernetes.io/cidr-

diff --git a/dist/images/start-cniserver.sh b/dist/images/start-cniserver.sh
@@ -9,6 +9,10 @@ if [[ -f "/proc/sys/net/ipv4/ip_forward" ]];
     then echo 1 > /proc/sys/net/ipv4/ip_forward;
 fi
 
+if [[ -f "/proc/sys/net/ipv6/conf/all/forwarding" ]];
+    then echo 1 > /proc/sys/net/ipv6/conf/all/forwarding;
+fi
+
 if [[ -f "/proc/sys/net/ipv4/conf/all/rp_filter" ]];
     then echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter;
 fi

diff --git a/pkg/controller/endpoint.go b/pkg/controller/endpoint.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"strings"
 
+	"github.com/alauda/kube-ovn/pkg/util"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
@@ -119,7 +120,9 @@ func (c *Controller) handleUpdateEndpoint(key string) error {
 	for _, subset := range ep.Subsets {
 		for _, addr := range subset.Addresses {
 			if addr.IP != "" {
-				backends = append(backends, addr.IP)
+				if util.CheckProtocol(addr.IP) == util.CheckProtocol(clusterIP) {
+					backends = append(backends, addr.IP)
+				}
 			}
 		}
 		for _, port := range subset.Ports {

diff --git a/pkg/controller/init.go b/pkg/controller/init.go
@@ -32,9 +32,10 @@ func InitDefaultLogicalSwitch(config *Configuration) error {
 			ExcludeIps:  strings.Split(config.DefaultExcludeIps, ","),
 			NatOutgoing: true,
 			GatewayType: kubeovnv1.GWDistributedType,
-			Protocol:    kubeovnv1.ProtocolIPv4,
+			Protocol:    util.CheckProtocol(config.DefaultCIDR),
 		},
 	}
+
 	_, err = config.KubeOvnClient.KubeovnV1().Subnets().Create(&defaultSubnet)
 	return err
 }
@@ -57,7 +58,7 @@ func InitNodeSwitch(config *Configuration) error {
 			CIDRBlock:  config.NodeSwitchCIDR,
 			Gateway:    config.NodeSwitchGateway,
 			ExcludeIps: []string{config.NodeSwitchGateway},
-			Protocol:   kubeovnv1.ProtocolIPv4,
+			Protocol:   util.CheckProtocol(config.NodeSwitchCIDR),
 		},
 	}
 	_, err = config.KubeOvnClient.KubeovnV1().Subnets().Create(&nodeSubnet)

diff --git a/pkg/controller/network_policy.go b/pkg/controller/network_policy.go
@@ -147,6 +147,25 @@ func (c *Controller) handleUpdateNp(key string) error {
 		}
 		return err
 	}
+	subnet, err := c.subnetsLister.Get(c.config.DefaultLogicalSwitch)
+	if err != nil {
+		klog.Errorf("failed to get default subnet %v", err)
+		return err
+	}
+	subnets, err := c.subnetsLister.List(labels.Everything())
+	if err != nil {
+		klog.Errorf("failed to list subnets %v", err)
+		return err
+	}
+
+	for _, s := range subnets {
+		for _, ns := range s.Spec.Namespaces {
+			if ns == np.Namespace {
+				subnet = s
+				break
+			}
+		}
+	}
 
 	defer func() {
 		if err != nil {
@@ -226,7 +245,7 @@ func (c *Controller) handleUpdateNp(key string) error {
 			return err
 		}
 
-		if err := c.ovnClient.CreateIngressACL(pgName, ingressAllowAsName, ingressExceptAsName, ingressPorts); err != nil {
+		if err := c.ovnClient.CreateIngressACL(pgName, ingressAllowAsName, ingressExceptAsName, subnet.Spec.Protocol, ingressPorts); err != nil {
 			klog.Errorf("failed to create ingress acls for np %s, %v", key, err)
 			return err
 		}
@@ -284,7 +303,7 @@ func (c *Controller) handleUpdateNp(key string) error {
 			return err
 		}
 
-		if err := c.ovnClient.CreateEgressACL(pgName, egressAllowAsName, egressExceptAsName, egressPorts); err != nil {
+		if err := c.ovnClient.CreateEgressACL(pgName, egressAllowAsName, egressExceptAsName, subnet.Spec.Protocol, egressPorts); err != nil {
 			klog.Errorf("failed to create egress acls for np %s, %v", key, err)
 			return err
 		}

diff --git a/pkg/controller/node.go b/pkg/controller/node.go
@@ -133,8 +133,17 @@ func (c *Controller) handleAddNode(key string) error {
 	}
 
 	nodeAddr := getNodeInternalIP(node)
-	err = c.ovnClient.AddStaticRouter("", nodeAddr, strings.Split(nic.IpAddress, "/")[0], c.config.ClusterRouter)
+	if util.CheckProtocol(nodeAddr) == util.CheckProtocol(nic.IpAddress) {
+		err = c.ovnClient.AddStaticRouter("", nodeAddr, strings.Split(nic.IpAddress, "/")[0], c.config.ClusterRouter)
+		if err != nil {
+			klog.Errorf("failed to add static router from node to ovn0 %v", err)
+			return err
+		}
+	}
+
+	subnet, err := c.subnetsLister.Get(c.config.NodeSwitch)
 	if err != nil {
+		klog.Errorf("failed to get node subnet %v", err)
 		return err
 	}
 
@@ -147,8 +156,8 @@ func (c *Controller) handleAddNode(key string) error {
 	payload := map[string]string{
 		util.IpAddressAnnotation:     nic.IpAddress,
 		util.MacAddressAnnotation:    nic.MacAddress,
-		util.CidrAnnotation:          nic.CIDR,
-		util.GatewayAnnotation:       nic.Gateway,
+		util.CidrAnnotation:          subnet.Spec.CIDRBlock,
+		util.GatewayAnnotation:       subnet.Spec.Gateway,
 		util.LogicalSwitchAnnotation: c.config.NodeSwitch,
 		util.PortNameAnnotation:      fmt.Sprintf("node-%s", key),
 	}

diff --git a/pkg/controller/pod.go b/pkg/controller/pod.go
@@ -49,7 +49,6 @@ func (c *Controller) enqueueAddPod(obj interface{}) {
 			c.updateNpQueue.AddRateLimited(np)
 		}
 	}
-
 }
 
 func (c *Controller) enqueueDeletePod(obj interface{}) {
@@ -368,17 +367,21 @@ func (c *Controller) handleAddPod(key string) error {
 		return nil
 	}
 
+	subnet, err := c.subnetsLister.Get(c.config.DefaultLogicalSwitch)
+	if err != nil {
+		klog.Errorf("failed to get default subnet %v", err)
+		return err
+	}
 	subnets, err := c.subnetsLister.List(labels.Everything())
 	if err != nil {
 		klog.Errorf("failed to list subnets %v", err)
 		return err
 	}
 
-	ls := c.config.DefaultLogicalSwitch
-	for _, subnet := range subnets {
-		for _, ns := range subnet.Spec.Namespaces {
+	for _, s := range subnets {
+		for _, ns := range s.Spec.Namespaces {
 			if ns == pod.Namespace {
-				ls = subnet.Name
+				subnet = s
 				break
 			}
 		}
@@ -394,7 +397,7 @@ func (c *Controller) handleAddPod(key string) error {
 	ip := pod.Annotations[util.IpAddressAnnotation]
 	mac := pod.Annotations[util.MacAddressAnnotation]
 
-	nic, err := c.ovnClient.CreatePort(ls, ovs.PodNameToPortName(name, namespace), ip, mac)
+	nic, err := c.ovnClient.CreatePort(subnet.Name, ovs.PodNameToPortName(name, namespace), ip, mac)
 	if err != nil {
 		return err
 	}
@@ -408,9 +411,9 @@ func (c *Controller) handleAddPod(key string) error {
 	}
 	pod.Annotations[util.IpAddressAnnotation] = nic.IpAddress
 	pod.Annotations[util.MacAddressAnnotation] = nic.MacAddress
-	pod.Annotations[util.CidrAnnotation] = nic.CIDR
-	pod.Annotations[util.GatewayAnnotation] = nic.Gateway
-	pod.Annotations[util.LogicalSwitchAnnotation] = ls
+	pod.Annotations[util.CidrAnnotation] = subnet.Spec.CIDRBlock
+	pod.Annotations[util.GatewayAnnotation] = subnet.Spec.Gateway
+	pod.Annotations[util.LogicalSwitchAnnotation] = subnet.Name
 
 	patchPayloadTemplate :=
 		`[{
@@ -450,17 +453,21 @@ func (c *Controller) handleAddIpPoolPod(key string) error {
 		return nil
 	}
 
+	subnet, err := c.subnetsLister.Get(c.config.DefaultLogicalSwitch)
+	if err != nil {
+		klog.Errorf("failed to get default subnet %v", err)
+		return err
+	}
 	subnets, err := c.subnetsLister.List(labels.Everything())
 	if err != nil {
 		klog.Errorf("failed to list subnets %v", err)
 		return err
 	}
 
-	ls := c.config.DefaultLogicalSwitch
-	for _, subnet := range subnets {
-		for _, ns := range subnet.Spec.Namespaces {
+	for _, s := range subnets {
+		for _, ns := range s.Spec.Namespaces {
 			if ns == pod.Namespace {
-				ls = subnet.Name
+				subnet = s
 				break
 			}
 		}
@@ -512,7 +519,7 @@ func (c *Controller) handleAddIpPoolPod(key string) error {
 	// pod address info may already exist in ovn
 	ip := pod.Annotations[util.IpAddressAnnotation]
 	mac := pod.Annotations[util.MacAddressAnnotation]
-	nic, err := c.ovnClient.CreatePort(ls, ovs.PodNameToPortName(name, namespace), ip, mac)
+	nic, err := c.ovnClient.CreatePort(subnet.Name, ovs.PodNameToPortName(name, namespace), ip, mac)
 	if err != nil {
 		return err
 	}
@@ -526,9 +533,9 @@ func (c *Controller) handleAddIpPoolPod(key string) error {
 	}
 	pod.Annotations[util.IpAddressAnnotation] = nic.IpAddress
 	pod.Annotations[util.MacAddressAnnotation] = nic.MacAddress
-	pod.Annotations[util.CidrAnnotation] = nic.CIDR
-	pod.Annotations[util.GatewayAnnotation] = nic.Gateway
-	pod.Annotations[util.LogicalSwitchAnnotation] = ls
+	pod.Annotations[util.CidrAnnotation] = subnet.Spec.CIDRBlock
+	pod.Annotations[util.GatewayAnnotation] = subnet.Spec.Gateway
+	pod.Annotations[util.LogicalSwitchAnnotation] = subnet.Name
 
 	patchPayloadTemplate :=
 		`[{

diff --git a/pkg/controller/service.go b/pkg/controller/service.go
@@ -2,14 +2,13 @@ package controller
 
 import (
 	"fmt"
-	"k8s.io/apimachinery/pkg/labels"
-	"strings"
-
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/labels"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/client-go/tools/cache"
 	"k8s.io/klog"
+	"strings"
 )
 
 func (c *Controller) enqueueDeleteService(obj interface{}) {

diff --git a/pkg/controller/subnet.go b/pkg/controller/subnet.go
@@ -194,13 +194,13 @@ func (c *Controller) handleAddSubnet(key string) error {
 		}
 	}
 	// If multiple namespace use same ls name, only first one will success
-	err = c.ovnClient.CreateLogicalSwitch(subnet.Name, subnet.Spec.CIDRBlock, subnet.Spec.Gateway, subnet.Spec.ExcludeIps)
+	err = c.ovnClient.CreateLogicalSwitch(subnet.Name, subnet.Spec.Protocol, subnet.Spec.CIDRBlock, subnet.Spec.Gateway, subnet.Spec.ExcludeIps)
 	if err != nil {
 		return err
 	}
 
 	if subnet.Spec.Private {
-		return c.ovnClient.SetPrivateLogicalSwitch(subnet.Name, subnet.Spec.AllowSubnets)
+		return c.ovnClient.SetPrivateLogicalSwitch(subnet.Name, subnet.Spec.Protocol, subnet.Spec.AllowSubnets)
 	}
 	return c.ovnClient.CleanLogicalSwitchAcl(subnet.Name)
 }
@@ -220,7 +220,7 @@ func (c *Controller) handleUpdateSubnet(key string) error {
 	}
 
 	if subnet.Spec.Private {
-		return c.ovnClient.SetPrivateLogicalSwitch(subnet.Name, subnet.Spec.AllowSubnets)
+		return c.ovnClient.SetPrivateLogicalSwitch(subnet.Name, subnet.Spec.Protocol, subnet.Spec.AllowSubnets)
 	}
 
 	return c.ovnClient.CleanLogicalSwitchAcl(subnet.Name)