fix: nat gw pod should set default gw to net1 so that to access public (

#1864) * fix: nat-gw can not access public network after cni daemon not pass gw to cni except nic name is eth0 * fix: nat gw pod should set default gw to net1 so that to access public
kubeovn · Aug 31, 2022 · e92c85f · e92c85f
1 parent 0b9f0c1
commit e92c85f
Showing 1 changed file with 22 additions and 22 deletions.
diff --git a/dist/images/vpcnatgateway/nat-gateway.sh b/dist/images/vpcnatgateway/nat-gateway.sh
@@ -1,7 +1,5 @@
 #!/usr/bin/env bash
 
-ROUTE_TABLE=100
-
 function exec_cmd() {
     cmd=${@:1:${#}}
     $cmd
@@ -20,14 +18,6 @@ function init() {
     iptables -t nat -N DNAT_FILTER
     ip link set net1 up
     ip link set dev net1 arp off
-    lanCIDR=$1
-    if [ $(ip rule show iif net1 | wc -l) -eq 0 ]; then
-        exec_cmd "ip rule add iif net1 table $ROUTE_TABLE"
-    fi
-    if [ $(ip rule show iif eth0 | wc -l) -eq 0 ]; then
-        exec_cmd "ip rule add iif eth0 table $ROUTE_TABLE"
-    fi
-    exec_cmd "ip route replace $lanCIDR dev eth0 table $ROUTE_TABLE"
 
     # add static chain
     iptables -t nat -N SNAT_FILTER
@@ -54,7 +44,7 @@ function add_vpc_internal_route() {
         cidr=${arr[0]}
         nextHop=${arr[1]}
 
-        exec_cmd "ip route replace $cidr via $nextHop dev eth0 table $ROUTE_TABLE"
+        exec_cmd "ip route replace $cidr via $nextHop dev eth0"
     done
 }
 
@@ -66,7 +56,7 @@ function del_vpc_internal_route() {
         arr=(${rule//,/ })
         cidr=${arr[0]}
 
-        exec_cmd "ip route del $cidr table $ROUTE_TABLE"
+        exec_cmd "ip route del $cidr dev eth0"
     done
 }
 
@@ -79,24 +69,31 @@ function add_vpc_external_route() {
         cidr=${arr[0]}
         nextHop=${arr[1]}
 
-        exec_cmd "ip route replace $cidr dev net1 table $ROUTE_TABLE"
+        exec_cmd "ip route replace default via $nextHop dev net1"
+        # replace default route to dev net1 to access public network
+        # TODO: use multus macvlan to provider eth0 to skip this external route
         sleep 1
-        exec_cmd "ip route replace default via $nextHop dev net1 table $ROUTE_TABLE"
+        ip route | grep "default via $nextHop dev net1"
+        # make sure route is added
+        # gw lost probably occured when you create >10 nat gw pod at the same time
+        # so add the same logic again in every eip add process
+
     done
 }
 
 function del_vpc_external_route() {
     # make sure inited
     iptables-save -t nat | grep  SNAT_FILTER | grep SHARED_SNAT
-    for rule in $@
-    do
-        arr=(${rule//,/ })
-        cidr=${arr[0]}
+    # never do this, if deleted, will cause error
 
-        exec_cmd "ip route del $cidr table $ROUTE_TABLE"
-        sleep 1
-        exec_cmd "ip route del default table $ROUTE_TABLE"
-    done
+    # for rule in $@
+    # do
+    #     arr=(${rule//,/ })
+    #     cidr=${arr[0]}
+    #     exec_cmd "ip route del $cidr dev net1"
+    #     sleep 1
+    #     exec_cmd "ip route del default dev net1"
+    # done
 }
 
 function add_eip() {
@@ -113,6 +110,9 @@ function add_eip() {
 
         exec_cmd "ip addr replace $eip dev net1"
         ip link set dev net1 arp on
+        # gw may lost, even if add_vpc_external_route add route successfully
+        exec_cmd "ip route replace default via $gateway dev net1"
+        ip route | grep "default via $gateway dev net1"
         exec_cmd "arping -c 3 -s $eip_without_prefix $gateway"
     done
 }