Support Pod secondary interfaces on VLAN network #5365
Conversation
jianjuns
added
area/component/cni
| // Include the inner veth interface name in the name generation, as one Pod can have more | ||
| // than one interfaces inc. secondary interfaces, while the outer interface name must be | ||
| // be unique. | ||
| hostIfaceName := util.GenerateContainerOuterVethName(podName, podNamespace, containerID, containerIfaceName) |
There was a problem hiding this comment.
My understanding is that "inner veth" is usually referred to as containerVeth and the "outer veth" referred to as hostVeth. The CNI project seems to be using this terminology (https://github.com/containernetworking/plugins/blob/v1.3.0/pkg/ip/link_linux.go#L139).
There was a problem hiding this comment.
Changed to containerVeth and hostVeth.
pkg/agent/cniserver/secondary.go
Outdated
| } | ||
| hostIface := result.Interfaces[0] | ||
| containerIface := result.Interfaces[1] | ||
| klog.InfoS("Configured SR-IOV interface", "Pod", podName, "Namespace", podNamespace, "interface", containerInterfaceName, "hostInterface", hostIface) |
There was a problem hiding this comment.
use klog.KRef (or klog.KObj when appropriate) to log references to K8s objects:
klog.InfoS("Configured SR-IOV interface", "Pod", klog.KRef(podNamespace, podName), "interface", containerInterfaceName, "hostInterface", hostIface)| const ( | ||
| sriovNetworkType = "sriov" | ||
| vlanNetworkType = "vlan" | ||
| ) |
There was a problem hiding this comment.
should we create a dedicated type for this?
type NetworkType string
const (
sriovNetworkType NetworkType = "sriov"
vlanNetworkType NetworkType = "vlan"
)| @@ -38,5 +39,7 @@ type SecondaryNetworkConfig struct { | |||
| Type string `json:"type,omitempty"` | |||
| // Set networkType to "sriov" | |||
| NetworkType string `json:"networkType,omitempty"` | |||
| MTU int `json:"mtu, omitempty"` | |||
| VLAN uint16 `json:"vlan, omitempty"` | |||
There was a problem hiding this comment.
probably better to use int32 in a public API, especially since the max value is 4096 and you have to perform validation anyway
even though this is not a K8s API: https://github.com/zecke/Kubernetes/blob/master/docs/devel/api-conventions.md#primitive-types
| @@ -38,5 +39,7 @@ type SecondaryNetworkConfig struct { | |||
| Type string `json:"type,omitempty"` | |||
| // Set networkType to "sriov" | |||
| NetworkType string `json:"networkType,omitempty"` | |||
| MTU int `json:"mtu, omitempty"` | |||
| if cniType != "" { | ||
| configStr = strings.Replace(configStr, "type\": \"antrea", "type\": \""+cniType, 1) | ||
| } | ||
| configStr = strings.Replace(configStr, "mtu\": 1500", "mtu\": "+strconv.Itoa(mtu), 1) | ||
| configStr = strings.Replace(configStr, "vlan\": 100", "vlan\": "+strconv.Itoa(int(vlan)), 1) |
There was a problem hiding this comment.
IMO, you should use the text/template package to do this more cleanly
There was a problem hiding this comment.
Changed to text/template. Thanks for the suggestion.
| CNIConfig: config2, | ||
| }, | ||
| } | ||
| assert.True(t, reflect.DeepEqual(&savedCNIConfig, infos[0])) |
There was a problem hiding this comment.
I thought assert.Equal already used reflect.DeepEqual to check for comparison?
There was a problem hiding this comment.
You are right. Changed to use assert.Equal.
jianjuns
force-pushed
the
sec-net-vlan
branch
2 times, most recently
from
fb2bd0c to
c5f19c5
Compare
| } | ||
|
|
||
| // ConfigureSriovSecondaryInterface configures a SR-IOV secondary interface for a Pod. | ||
| func (pc *podConfigurator) ConfigureSriovSecondaryInterface( |
There was a problem hiding this comment.
This func is copied from the original cniserver/sriov.go without changes.
| // See the License for the specific language governing permissions and | ||
| // limitations under the License. | ||
|
|
||
| package podwatch |
There was a problem hiding this comment.
All funcs in this file are moved from podwatch/controller.go without changes.
| // Include the inner veth interface name in the name generation, as one Pod can have more | ||
| // than one interfaces inc. secondary interfaces, while the outer interface name must be | ||
| // be unique. | ||
| hostIfaceName := util.GenerateContainerOuterVethName(podName, podNamespace, containerID, containerIfaceName) |
There was a problem hiding this comment.
Changed to containerVeth and hostVeth.
| @@ -38,5 +39,7 @@ type SecondaryNetworkConfig struct { | |||
| Type string `json:"type,omitempty"` | |||
| // Set networkType to "sriov" | |||
| NetworkType string `json:"networkType,omitempty"` | |||
| MTU int `json:"mtu, omitempty"` | |||
| VLAN uint16 `json:"vlan, omitempty"` | |||
| @@ -38,5 +39,7 @@ type SecondaryNetworkConfig struct { | |||
| Type string `json:"type,omitempty"` | |||
| // Set networkType to "sriov" | |||
| NetworkType string `json:"networkType,omitempty"` | |||
| MTU int `json:"mtu, omitempty"` | |||
| if cniType != "" { | ||
| configStr = strings.Replace(configStr, "type\": \"antrea", "type\": \""+cniType, 1) | ||
| } | ||
| configStr = strings.Replace(configStr, "mtu\": 1500", "mtu\": "+strconv.Itoa(mtu), 1) | ||
| configStr = strings.Replace(configStr, "vlan\": 100", "vlan\": "+strconv.Itoa(int(vlan)), 1) |
There was a problem hiding this comment.
Changed to text/template. Thanks for the suggestion.
| CNIConfig: config2, | ||
| }, | ||
| } | ||
| assert.True(t, reflect.DeepEqual(&savedCNIConfig, infos[0])) |
There was a problem hiding this comment.
You are right. Changed to use assert.Equal.
jianjuns
force-pushed
the
sec-net-vlan
branch
3 times, most recently
from
5db5adf to
39a71fc
Compare
pkg/agent/util/net.go
Outdated
| // The probability of collision should be neglectable. | ||
| func GenerateContainerInterfaceName(podName, podNamespace, containerID string) string { | ||
| // Use the podName as the prefix and the containerID as the hashing key. | ||
| // podNamespace is not used currently. | ||
| return generateInterfaceName(containerID, podName, true) | ||
| } | ||
|
|
||
| // GenerateContainerOuterVethName generates a unique interface name using the |
There was a problem hiding this comment.
s/GenerateContainerOuterVethName/GenerateContainerHostVethName
pkg/agent/util/net_test.go
Outdated
| assert.True(t, len(ifaceName0) <= interfaceNameLength) | ||
| assert.True(t, strings.HasPrefix(ifaceName0, podName0+"-")) |
There was a problem hiding this comment.
use require as you typically want all the subtests below to be skipped if one of these assertions is false
pkg/agent/util/net_test.go
Outdated
| containerID0 := "container0" | ||
| eth0 := "eth0" | ||
| ifaceName0 := GenerateContainerHostVethName(podName0, podNamespace0, containerID0, eth0) | ||
| assert.True(t, len(ifaceName0) <= interfaceNameLength) |
| continue | ||
| } | ||
| if networkConfig.NetworkType == vlanNetworkType { | ||
| if networkConfig.VLAN > vlanIDMax || networkConfig.VLAN < 0 { | ||
| klog.ErrorS(nil, "Invalid VLAN ID", "NetworkAttachmentDefinition", klog.KObj(netDefCRD), "Pod", klog.KObj(pod)) |
There was a problem hiding this comment.
nit: maybe add the VLAN value to the log
| } | ||
| } | ||
| if networkConfig.MTU < 0 { | ||
| klog.ErrorS(nil, "Invalid MTU", "NetworkAttachmentDefinition", klog.KObj(netDefCRD), "Pod", klog.KObj(pod)) |
There was a problem hiding this comment.
same as above, but for MTU
| network2 := testNetwork("net2") | ||
| savedCNIConfig := *cniConfig | ||
| network1 := testNetwork("net1", sriovNetworkType) | ||
| network2 := testNetworkExt("net2", "", vlanNetworkType, defaultMTU, 100) |
There was a problem hiding this comment.
nit: define a local constant for the vlan id
This commit adds support for connecting Pod secondary interfaces to a VLAN network. A Pod secondary interface configured with the VLAN networkType will be connected to the secondary network OVS bridge, and the specified VLAN tag will be set on the OVS port. This commit mostly follows the existing SR-IOV secondary network implementation, in which a Pod controller configures Pod secondary interfaces based on the local Pod events. It thus inherits the existing limitations, like secondary interface configuration is not persisted on the Node and may get lost after antrea-agent restarts. Signed-off-by: Jianjun Shen <shenj@vmware.com>
|
/test-all |
This commit adds support for connecting Pod secondary interfaces to a VLAN network. A Pod secondary interface configured with the VLAN networkType will be connected to the secondary network OVS bridge, and the specified VLAN tag will be set on the OVS port.
This commit mostly follows the existing SR-IOV secondary network implementation, in which a Pod controller configures Pod secondary interfaces based on the local Pod events. It thus inherits the existing limitations, like secondary interface configuration is not persisted on the Node and may get lost after antrea-agent restarts.
Reorganize some files:
Renamed pkg/agent/cniserver/sriov.go to secondary.go, and put secondary interface configuration funcs there.
Move SR-IOV interface related code in pkg/agent/secondarynetwork/podwatch/controller.go to sriov.go.
Issue: #5278