Skip to content

Commit

Permalink
skip adding IPs to trunk ENI; enable Custom Networking before SGPP
Browse files Browse the repository at this point in the history
  • Loading branch information
jdn5126 committed Feb 23, 2024
1 parent 764873b commit 544305d
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 7 deletions.
4 changes: 2 additions & 2 deletions pkg/ipamd/datastore/data_store.go
Original file line number Diff line number Diff line change
Expand Up @@ -978,8 +978,8 @@ func (ds *DataStore) GetENINeedsIP(maxIPperENI int, skipPrimary bool) *ENI {
ds.lock.Lock()
defer ds.lock.Unlock()
for _, eni := range ds.eniPool {
if skipPrimary && eni.IsPrimary {
ds.log.Debugf("Skip the primary ENI for need IP check")
if (skipPrimary && eni.IsPrimary) || eni.IsTrunk {
ds.log.Debugf("Skip needs IP check for trunk ENI of primary ENI when Custom Networking is enabled")
continue
}
if len(eni.AvailableIPv4Cidrs) < maxIPperENI {
Expand Down
15 changes: 10 additions & 5 deletions pkg/ipamd/ipamd.go
Original file line number Diff line number Diff line change
Expand Up @@ -455,12 +455,12 @@ func (c *IPAMContext) nodeInit() error {
return err
}

if c.enablePodENI {
// Try to patch CNINode with Security Groups for Pods feature.
c.tryEnableSecurityGroupsForPods(ctx)
}

if c.enableIPv6 {
// Security Groups for Pods cannot be enabled for IPv4 at this point, as Custom Networking must be enabled first.
if c.enablePodENI {
// Try to patch CNINode with Security Groups for Pods feature.
c.tryEnableSecurityGroupsForPods(ctx)
}
// We will not support upgrading/converting an existing IPv4 cluster to operate in IPv6 mode. So, we will always
// start with a clean slate in IPv6 mode. We also do not have to deal with dynamic update of Prefix Delegation
// feature in IPv6 mode as we do not support (yet) a non-PD v6 option. In addition, we do not support custom
Expand Down Expand Up @@ -540,6 +540,11 @@ func (c *IPAMContext) nodeInit() error {
}
}

// Now that Custom Networking is (potentially) enabled, Security Groups for Pods can be enabled for IPv4 nodes.
if c.enablePodENI {
c.tryEnableSecurityGroupsForPods(ctx)
}

// On node init, check if datastore pool needs to be increased. If so, attach CIDRs from existing ENIs and attach new ENIs.
datastorePoolTooLow, _ := c.isDatastorePoolTooLow()
if !c.disableENIProvisioning && datastorePoolTooLow {
Expand Down

0 comments on commit 544305d

Please sign in to comment.