Skip to content

Commit

Permalink
ipset exclude cluster service ip range
Browse files Browse the repository at this point in the history
  • Loading branch information
@halfcrazy
halfcrazy committed Apr 12, 2019
1 parent 5de6ceb commit cd0ddf1
Show file tree
Hide file tree
Showing 2 changed files with 51 additions and 37 deletions.
63 changes: 33 additions & 30 deletions pkg/daemon/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,31 +13,33 @@ import (
)

type Configuration struct {
BindSocket string
OvsSocket string
KubeConfigFile string
KubeClient kubernetes.Interface
NodeName string
OvnNbHost string
OvnNbPort int
OvnSbHost string
OvnSbPort int
ClusterRouter string
NodeSwitch string
BindSocket string
OvsSocket string
KubeConfigFile string
KubeClient kubernetes.Interface
NodeName string
OvnNbHost string
OvnNbPort int
OvnSbHost string
OvnSbPort int
ClusterRouter string
NodeSwitch string
ServiceClusterIPRange string
}

// TODO: validate configuration
func ParseFlags() (*Configuration, error) {
var (
argBindSocket = pflag.String("bind-socket", "/var/run/cniserver.sock", "The socket daemon bind to.")
argOvsSocket = pflag.String("ovs-socket", "", "The socket to local ovs-server")
argKubeConfigFile = pflag.String("kubeconfig", "", "Path to kubeconfig file with authorization and master location information. If not set use the inCluster token.")
argOvnNbHost = pflag.String("ovn-nb-host", "", "")
argOvnNbPort = pflag.Int("ovn-nb-port", 6641, "")
argOvnSbHost = pflag.String("ovn-sb-host", "", "")
argOvnSbPort = pflag.Int("ovn-sb-port", 6642, "")
argClusterRouter = pflag.String("cluster-router", "ovn-cluster", "The router name for cluster router.Default: cluster-router")
argNodeSwitch = pflag.String("node-switch", "join", "The name of node gateway switch which help node to access pod network. Default: join")
argBindSocket = pflag.String("bind-socket", "/var/run/cniserver.sock", "The socket daemon bind to.")
argOvsSocket = pflag.String("ovs-socket", "", "The socket to local ovs-server")
argKubeConfigFile = pflag.String("kubeconfig", "", "Path to kubeconfig file with authorization and master location information. If not set use the inCluster token.")
argOvnNbHost = pflag.String("ovn-nb-host", "", "")
argOvnNbPort = pflag.Int("ovn-nb-port", 6641, "")
argOvnSbHost = pflag.String("ovn-sb-host", "", "")
argOvnSbPort = pflag.Int("ovn-sb-port", 6642, "")
argClusterRouter = pflag.String("cluster-router", "ovn-cluster", "The router name for cluster router.Default: cluster-router")
argNodeSwitch = pflag.String("node-switch", "join", "The name of node gateway switch which help node to access pod network. Default: join")
argServiceClusterIPRange = pflag.String("service-cluster-ip-range", "10.96.0.0/12", "The kubernetes service cluster ip range")
)

klogFlags := flag.NewFlagSet("klog", flag.ExitOnError)
Expand All @@ -62,16 +64,17 @@ func ParseFlags() (*Configuration, error) {
}

config := &Configuration{
BindSocket: *argBindSocket,
OvsSocket: *argOvsSocket,
KubeConfigFile: *argKubeConfigFile,
NodeName: nodeName,
OvnNbHost: *argOvnNbHost,
OvnNbPort: *argOvnNbPort,
OvnSbHost: *argOvnSbHost,
OvnSbPort: *argOvnSbPort,
ClusterRouter: *argClusterRouter,
NodeSwitch: *argNodeSwitch,
BindSocket: *argBindSocket,
OvsSocket: *argOvsSocket,
KubeConfigFile: *argKubeConfigFile,
NodeName: nodeName,
OvnNbHost: *argOvnNbHost,
OvnNbPort: *argOvnNbPort,
OvnSbHost: *argOvnSbHost,
OvnSbPort: *argOvnSbPort,
ClusterRouter: *argClusterRouter,
NodeSwitch: *argNodeSwitch,
ServiceClusterIPRange: *argServiceClusterIPRange,
}
err := config.initKubeClient()
if err != nil {
Expand Down
25 changes: 18 additions & 7 deletions pkg/daemon/gateway.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,9 @@ import (

const (
SubnetSet = "subnets"
LocalPodSet = "local-pod-ip"
LocalPodSet = "local-pod-ip-nat"
IPSetPrefix = "ovn"
NATRule = "-m set --match-set ovn40local-pod-ip src -m set ! --match-set ovn40subnets dst -j MASQUERADE"
NATRule = "-m set --match-set ovn40local-pod-ip-nat src -m set ! --match-set ovn40subnets dst -j MASQUERADE"
)

func (c *Controller) runGateway(stopCh <-chan struct{}) error {
Expand All @@ -25,7 +25,7 @@ func (c *Controller) runGateway(stopCh <-chan struct{}) error {
klog.Errorf("get subnets failed, %+v", err)
return err
}
localPodIPs, err := c.getLocalPodIPs()
localPodIPs, err := c.getLocalPodIPsNeedNAT()
if err != nil {
klog.Errorf("get local pod ips failed, %+v", err)
return err
Expand Down Expand Up @@ -70,7 +70,7 @@ LOOP:
klog.Errorf("get subnets failed, %+v", err)
continue
}
localPodIPs, err := c.getLocalPodIPs()
localPodIPs, err := c.getLocalPodIPsNeedNAT()
if err != nil {
klog.Errorf("get local pod ips failed, %+v", err)
continue
Expand All @@ -91,7 +91,7 @@ LOOP:
return nil
}

func (c *Controller) getLocalPodIPs() ([]string, error) {
func (c *Controller) getLocalPodIPsNeedNAT() ([]string, error) {
var localPodIPs []string
hostname, _ := os.Hostname()
allPods, err := c.podsLister.List(labels.Everything())
Expand All @@ -101,15 +101,26 @@ func (c *Controller) getLocalPodIPs() ([]string, error) {
}
for _, pod := range allPods {
if pod.Spec.NodeName == hostname && pod.Spec.HostNetwork != true && pod.Status.PodIP != "" {
localPodIPs = append(localPodIPs, pod.Status.PodIP)
ns, err := c.namespacesLister.Get(pod.Namespace)
if err != nil {
klog.Errorf("get ns %s failed, %+v", pod.Namespace, err)
continue
}
nsGWType := ns.Annotations[util.GWTypeAnnotation]
switch nsGWType {
case "", util.GWDistributedMode:
localPodIPs = append(localPodIPs, pod.Status.PodIP)
case util.GWCentralizedMode:
// TODO:
}
}
}
klog.V(5).Infof("local pod ips %v", localPodIPs)
return localPodIPs, nil
}

func (c *Controller) getSubnets() ([]string, error) {
var subnets []string
var subnets = []string{c.config.ServiceClusterIPRange}
allNamespaces, err := c.namespacesLister.List(labels.Everything())
if err != nil {
klog.Errorf("list namespaces failed, %+v", err)
Expand Down

0 comments on commit cd0ddf1

Please sign in to comment.