From 364c168ccc7889ac8c16dea1b34f781eeac0aaa0 Mon Sep 17 00:00:00 2001 From: Ashish Nair Date: Mon, 1 Apr 2024 10:00:42 -0700 Subject: [PATCH] fix: Using Node IP as the primary IP allowing the use of all the IPs in the subnet for pods in Vnet Scale Mode and added the fix for Vnet Scale Cillium (#2660) * Testing with NodeIP as the PrimaryIP * Updated the secondary IP configs to not delete the first IP from Primary IP field as we will now use the Node IP for all functions related to Primary IP * Fixed the invalid UT to test out and validate the use of Node IP for SNAT and including the primary IP for use in secondary IP blocks * Combined the common code for Prefix Length * Updated to set the Host Primary IP for both Overlay and Vnet Scale as it is primarily only being used to setup IMDS SNAT Rules * Fixing the valid overlay UT to include the Host Primary IP --- cns/kubecontroller/nodenetworkconfig/conversion.go | 8 +++++++- .../nodenetworkconfig/conversion_linux.go | 3 +-- .../nodenetworkconfig/conversion_linux_test.go | 12 +++++++++--- 3 files changed, 17 insertions(+), 6 deletions(-) diff --git a/cns/kubecontroller/nodenetworkconfig/conversion.go b/cns/kubecontroller/nodenetworkconfig/conversion.go index 8f6346ce52..01bda6780e 100644 --- a/cns/kubecontroller/nodenetworkconfig/conversion.go +++ b/cns/kubecontroller/nodenetworkconfig/conversion.go @@ -87,14 +87,20 @@ func CreateNCRequestFromStaticNC(nc v1alpha.NetworkContainer) (*cns.CreateNetwor if err != nil { return nil, errors.Wrapf(err, "invalid SubnetAddressSpace %s", nc.SubnetAddressSpace) } + subnet := cns.IPSubnet{ - IPAddress: primaryPrefix.Addr().String(), PrefixLength: uint8(subnetPrefix.Bits()), } + if nc.Type == v1alpha.VNETBlock { + subnet.IPAddress = nc.NodeIP + } else { + subnet.IPAddress = primaryPrefix.Addr().String() + } req, err := createNCRequestFromStaticNCHelper(nc, primaryPrefix, subnet) if err != nil { return nil, errors.Wrapf(err, "error while creating NC request from static NC") } + return req, err } diff --git a/cns/kubecontroller/nodenetworkconfig/conversion_linux.go b/cns/kubecontroller/nodenetworkconfig/conversion_linux.go index a22dbd4bd8..c89d41646b 100644 --- a/cns/kubecontroller/nodenetworkconfig/conversion_linux.go +++ b/cns/kubecontroller/nodenetworkconfig/conversion_linux.go @@ -27,8 +27,6 @@ func createNCRequestFromStaticNCHelper(nc v1alpha.NetworkContainer, primaryIPPre // Add IPs from CIDR block to the secondary IPConfigs if nc.Type == v1alpha.VNETBlock { - // Delete primary IP reserved for Primary IP for NC - delete(secondaryIPConfigs, primaryIPPrefix.Addr().String()) for _, ipAssignment := range nc.IPAssignments { cidrPrefix, err := netip.ParsePrefix(ipAssignment.IP) @@ -48,6 +46,7 @@ func createNCRequestFromStaticNCHelper(nc v1alpha.NetworkContainer, primaryIPPre } return &cns.CreateNetworkContainerRequest{ + HostPrimaryIP: nc.NodeIP, SecondaryIPConfigs: secondaryIPConfigs, NetworkContainerid: nc.ID, NetworkContainerType: cns.Docker, diff --git a/cns/kubecontroller/nodenetworkconfig/conversion_linux_test.go b/cns/kubecontroller/nodenetworkconfig/conversion_linux_test.go index b30b53bb69..440cb691c4 100644 --- a/cns/kubecontroller/nodenetworkconfig/conversion_linux_test.go +++ b/cns/kubecontroller/nodenetworkconfig/conversion_linux_test.go @@ -7,7 +7,8 @@ import ( ) var validOverlayRequest = &cns.CreateNetworkContainerRequest{ - Version: strconv.FormatInt(0, 10), + HostPrimaryIP: validOverlayNC.NodeIP, + Version: strconv.FormatInt(0, 10), IPConfiguration: cns.IPConfiguration{ IPSubnet: cns.IPSubnet{ PrefixLength: uint8(subnetPrefixLen), @@ -37,18 +38,23 @@ var validOverlayRequest = &cns.CreateNetworkContainerRequest{ } var validVNETBlockRequest = &cns.CreateNetworkContainerRequest{ - Version: strconv.FormatInt(version, 10), + Version: strconv.FormatInt(version, 10), + HostPrimaryIP: vnetBlockNodeIP, IPConfiguration: cns.IPConfiguration{ GatewayIPAddress: vnetBlockDefaultGateway, IPSubnet: cns.IPSubnet{ PrefixLength: uint8(vnetBlockSubnetPrefixLen), - IPAddress: vnetBlockPrimaryIP, + IPAddress: vnetBlockNodeIP, }, }, NetworkContainerid: ncID, NetworkContainerType: cns.Docker, // Ignore first IP in first CIDR Block, i.e. 10.224.0.4 SecondaryIPConfigs: map[string]cns.SecondaryIPConfig{ + "10.224.0.4": { + IPAddress: "10.224.0.4", + NCVersion: version, + }, "10.224.0.5": { IPAddress: "10.224.0.5", NCVersion: version,