feat: support for multiple external network

charts/templates/kube-ovn-crd.yaml

@@ -176,6 +176,10 @@ spec:
                   type: string
                 subnet:
                   type: string
+                externalSubnets:
+                  items:
+                    type: string
+                  type: array
                 vpc:
                   type: string
                 selector:
@@ -558,6 +562,8 @@ spec:
                   type: string
                 qosPolicy:
                   type: string
+                externalSubnet:
+                  type: string
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition

dist/images/install.sh

@@ -396,6 +396,10 @@ spec:
                   type: string
                 subnet:
                   type: string
+                externalSubnets:
+                  items:
+                    type: string
+                  type: array
                 vpc:
                   type: string
                 selector:
@@ -778,6 +782,8 @@ spec:
                   type: string
                 qosPolicy:
                   type: string
+                externalSubnet:
+                  type: string
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition

pkg/apis/kubeovn/v1/types.go

@@ -483,12 +483,13 @@ type VpcNatGateway struct {
 }
 
 type VpcNatSpec struct {
-	Vpc         string              `json:"vpc"`
-	Subnet      string              `json:"subnet"`
-	LanIp       string              `json:"lanIp"`
-	Selector    []string            `json:"selector"`
-	Tolerations []corev1.Toleration `json:"tolerations"`
-	Affinity    corev1.Affinity     `json:"affinity"`
+	Vpc             string              `json:"vpc"`
+	Subnet          string              `json:"subnet"`
+	ExternalSubnets []string            `json:"externalSubnets"`
+	LanIp           string              `json:"lanIp"`
+	Selector        []string            `json:"selector"`
+	Tolerations     []corev1.Toleration `json:"tolerations"`
+	Affinity        corev1.Affinity     `json:"affinity"`
 }
 
 // +genclient
@@ -504,11 +505,12 @@ type IptablesEIP struct {
 	Status IptablesEipStatus `json:"status,omitempty"`
 }
 type IptablesEipSpec struct {
-	V4ip       string `json:"v4ip"`
-	V6ip       string `json:"v6ip"`
-	MacAddress string `json:"macAddress"`
-	NatGwDp    string `json:"natGwDp"`
-	QoSPolicy  string `json:"qosPolicy"`
+	V4ip           string `json:"v4ip"`
+	V6ip           string `json:"v6ip"`
+	MacAddress     string `json:"macAddress"`
+	NatGwDp        string `json:"natGwDp"`
+	QoSPolicy      string `json:"qosPolicy"`
+	ExternalSubnet string `json:"externalSubnet"`
 }
 
 // IptablesEIPCondition describes the state of an object at a certain point.

pkg/controller/init.go

@@ -434,7 +434,8 @@ func (c *Controller) InitIPAM() error {
 		return err
 	}
 	for _, eip := range eips {
-		if _, _, _, err = c.ipam.GetStaticAddress(eip.Name, eip.Name, eip.Status.IP, eip.Spec.MacAddress, util.VpcExternalNet, true); err != nil {
+		externalNetwork := util.GetExternalNetwork(eip.Spec.ExternalSubnet)
+		if _, _, _, err = c.ipam.GetStaticAddress(eip.Name, eip.Name, eip.Status.IP, eip.Spec.MacAddress, externalNetwork, true); err != nil {
 			klog.Errorf("failed to init ipam from iptables eip cr %s: %v", eip.Name, err)
 		}
 	}

pkg/controller/pod_iptables_eip.go

@@ -252,7 +252,7 @@ func (c *Controller) handleAddPodAnnotatedIptablesEip(key string) error {
 		err = fmt.Errorf("pod network not allocated, failed to create iptables eip %s", eipName)
 		return err
 	}
-	if _, err = c.iptablesEipsLister.Get(eipName); err != nil {
+	if eip, err := c.iptablesEipsLister.Get(eipName); err != nil {
 		if !k8serrors.IsNotFound(err) {
 			return err
 		}
@@ -264,7 +264,8 @@ func (c *Controller) handleAddPodAnnotatedIptablesEip(key string) error {
 			klog.Errorf("failed to get vpc nat gw eip: %v", eipName, err)
 			return err
 		}
-		if err := c.createOrUpdateCrdEip(eipName, "", "", "", "", natGw); err != nil {
+		externalNetwork := util.GetExternalNetwork(eip.Spec.ExternalSubnet)
+		if err := c.createOrUpdateCrdEip(eipName, "", "", "", "", natGw, externalNetwork); err != nil {
 			klog.Errorf("failed to create eip %s: %v", eipName, err)
 			return err
 		}

pkg/controller/subnet.go

@@ -1869,7 +1869,7 @@ func calcDualSubnetStatusIP(subnet *kubeovnv1.Subnet, c *Controller) error {
 	}
 	usingIPs += float64(len(vips.Items))
 
-	if subnet.Name == util.VpcExternalNet {
+	if !isOvnSubnet(subnet) {
 		eips, err := c.iptablesEipsLister.List(
 			labels.SelectorFromSet(labels.Set{util.SubnetNameLabel: subnet.Name}))
 		if err != nil {
@@ -1940,7 +1940,7 @@ func calcSubnetStatusIP(subnet *kubeovnv1.Subnet, c *Controller) error {
 		return err
 	}
 	usingIPs += float64(len(vips.Items))
-	if subnet.Name == util.VpcExternalNet {
+	if !isOvnSubnet(subnet) {
 		eips, err := c.iptablesEipsLister.List(
 			labels.SelectorFromSet(labels.Set{util.SubnetNameLabel: subnet.Name}))
 		if err != nil {

pkg/controller/vpc_nat_gateway.go

@@ -80,13 +80,6 @@ func (c *Controller) resyncVpcNatGwConfig() {
 		if vpcNatEnabled == "true" && VpcNatCmVersion == cm.ResourceVersion {
 			return
 		}
-
-		klog.Info("start establish vpc-nat-gateway")
-		if err = c.checkVpcExternalNet(); err != nil {
-			klog.Errorf("failed to check vpc external net, %v", err)
-			return
-		}
-
 		gws, err := c.vpcNatGatewayLister.List(labels.Everything())
 		if err != nil {
 			klog.Errorf("failed to get vpc nat gateway, %v", err)
@@ -533,11 +526,12 @@ func (c *Controller) handleUpdateNatGwSubnetRoute(natGwKey string) error {
 	pod := oriPod.DeepCopy()
 	var extRules []string
 	var v4ExternalGw, v4InternalGw, v4ExternalCidr string
-	if subnet, ok := c.ipam.Subnets[util.VpcExternalNet]; ok {
+	externalNetwork := util.GetNatGwExternalNetwork(gw.Spec.ExternalSubnets)
+	if subnet, ok := c.ipam.Subnets[externalNetwork]; ok {
 		v4ExternalGw = subnet.V4Gw
 		v4ExternalCidr = subnet.V4CIDR.String()
 	} else {
-		return fmt.Errorf("failed to get external subnet %s", util.VpcExternalNet)
+		return fmt.Errorf("failed to get external subnet %s", externalNetwork)
 	}
 	extRules = append(extRules, fmt.Sprintf("%s,%s", v4ExternalCidr, v4ExternalGw))
 	if err = c.execNatGwRules(pod, natGwExtSubnetRouteAdd, extRules); err != nil {
@@ -667,10 +661,10 @@ func (c *Controller) genNatGwStatefulSet(gw *kubeovnv1.VpcNatGateway, oldSts *v1
 	if oldSts != nil && len(oldSts.Annotations) != 0 {
 		newPodAnnotations = oldSts.Annotations
 	}
-
+	externalNetwork := util.GetNatGwExternalNetwork(gw.Spec.ExternalSubnets)
 	podAnnotations := map[string]string{
 		util.VpcNatGatewayAnnotation:     gw.Name,
-		util.AttachmentNetworkAnnotation: fmt.Sprintf("%s/%s", c.config.PodNamespace, util.VpcExternalNet),
+		util.AttachmentNetworkAnnotation: fmt.Sprintf("%s/%s", c.config.PodNamespace, externalNetwork),
 		util.LogicalSwitchAnnotation:     gw.Spec.Subnet,
 		util.IpAddressAnnotation:         gw.Spec.LanIp,
 	}
@@ -763,18 +757,6 @@ func (c *Controller) getNatGwPod(name string) (*corev1.Pod, error) {
 	return pods[0], nil
 }
 
-func (c *Controller) checkVpcExternalNet() (err error) {
-	networkClient := c.config.AttachNetClient.K8sCniCncfIoV1().NetworkAttachmentDefinitions(c.config.PodNamespace)
-	if _, err = networkClient.Get(context.Background(), util.VpcExternalNet, metav1.GetOptions{}); err != nil {
-		if k8serrors.IsNotFound(err) {
-			klog.Errorf("vpc external multus net '%s' should be exist already before ovn-vpc-nat-gw-config applied", util.VpcExternalNet)
-			return err
-		}
-		return err
-	}
-	return nil
-}
-
 func (c *Controller) initCreateAt(key string) (err error) {
 	if NAT_GW_CREATED_AT != "" {
 		return nil