From 1595eac56740e388b718548204906cd7b5f9a4dc Mon Sep 17 00:00:00 2001 From: zhangzujian Date: Mon, 19 Jul 2021 13:36:37 +0800 Subject: [PATCH] fix ipsets Subnets using underlay networking should not be included in ipsets. --- pkg/daemon/gateway.go | 12 +++-- test/e2e/underlay/underlay.go | 96 +++++++++++++++++++++++++++++++++++ 2 files changed, 103 insertions(+), 5 deletions(-) diff --git a/pkg/daemon/gateway.go b/pkg/daemon/gateway.go index 16439c7a9e1..80fb9a18081 100644 --- a/pkg/daemon/gateway.go +++ b/pkg/daemon/gateway.go @@ -75,7 +75,7 @@ func (c *Controller) setIPSet() error { if c.ipset[protocol] == nil { continue } - subnets, err := c.getSubnetsCIDR(protocol) + subnets, err := c.getOverlaySubnetsCIDR(protocol) if err != nil { klog.Errorf("get subnets failed, %+v", err) return err @@ -657,7 +657,8 @@ func (c *Controller) getSubnetsNeedNAT(protocol string) ([]string, error) { subnet.Spec.GatewayType == kubeovnv1.GWCentralizedType && util.GatewayContains(subnet.Spec.GatewayNode, c.config.NodeName) && (subnet.Spec.Protocol == kubeovnv1.ProtocolDual || subnet.Spec.Protocol == protocol) && - subnet.Spec.NatOutgoing { + subnet.Spec.NatOutgoing && + subnet.Spec.Vlan == "" { cidrBlock := getCidrByProtocol(subnet.Spec.CIDRBlock, protocol) subnetsNeedNat = append(subnetsNeedNat, cidrBlock) } @@ -679,7 +680,8 @@ func (c *Controller) getSubnetsNeedPR(protocol string) (map[policyRouteMeta]stri subnet.Spec.GatewayType == kubeovnv1.GWCentralizedType && util.GatewayContains(subnet.Spec.GatewayNode, c.config.NodeName) && (subnet.Spec.Protocol == kubeovnv1.ProtocolDual || subnet.Spec.Protocol == protocol) && - subnet.Spec.ExternalEgressGateway != "" { + subnet.Spec.ExternalEgressGateway != "" && + subnet.Spec.Vlan == "" { meta := policyRouteMeta{ priority: subnet.Spec.PolicyRoutingPriority, tableID: subnet.Spec.PolicyRoutingTableID, @@ -704,7 +706,7 @@ func (c *Controller) getSubnetsNeedPR(protocol string) (map[policyRouteMeta]stri return subnetsNeedPR, nil } -func (c *Controller) getSubnetsCIDR(protocol string) ([]string, error) { +func (c *Controller) getOverlaySubnetsCIDR(protocol string) ([]string, error) { subnets, err := c.subnetsLister.List(labels.Everything()) if err != nil { klog.Error("failed to list subnets") @@ -721,7 +723,7 @@ func (c *Controller) getSubnetsCIDR(protocol string) ([]string, error) { } } for _, subnet := range subnets { - if subnet.Spec.Vpc == util.DefaultVpc { + if subnet.Spec.Vpc == util.DefaultVpc && subnet.Spec.Vlan == "" { cidrBlock := getCidrByProtocol(subnet.Spec.CIDRBlock, protocol) ret = append(ret, cidrBlock) } diff --git a/test/e2e/underlay/underlay.go b/test/e2e/underlay/underlay.go index eab38d1bf0b..b0f7ddaaf57 100644 --- a/test/e2e/underlay/underlay.go +++ b/test/e2e/underlay/underlay.go @@ -517,6 +517,102 @@ var _ = Describe("[Underlay]", func() { } }) }) + + Context("[Overlay-Underlay]", func() { + overlayNamespace := "default" + + BeforeEach(func() { + err := f.KubeClientSet.CoreV1().Pods(Namespace).Delete(context.Background(), f.GetName(), metav1.DeleteOptions{}) + if err != nil && !k8serrors.IsNotFound(err) { + klog.Fatalf("failed to delete pod %s/%s: %v", Namespace, f.GetName(), err) + } + err = f.KubeClientSet.CoreV1().Pods(overlayNamespace).Delete(context.Background(), f.GetName(), metav1.DeleteOptions{}) + if err != nil && !k8serrors.IsNotFound(err) { + klog.Fatalf("failed to delete pod %s/%s: %v", overlayNamespace, f.GetName(), err) + } + }) + AfterEach(func() { + err := f.KubeClientSet.CoreV1().Pods(Namespace).Delete(context.Background(), f.GetName(), metav1.DeleteOptions{}) + if err != nil && !k8serrors.IsNotFound(err) { + klog.Fatalf("failed to delete pod %s/%s: %v", Namespace, f.GetName(), err) + } + err = f.KubeClientSet.CoreV1().Pods(overlayNamespace).Delete(context.Background(), f.GetName(), metav1.DeleteOptions{}) + if err != nil && !k8serrors.IsNotFound(err) { + klog.Fatalf("failed to delete pod %s/%s: %v", overlayNamespace, f.GetName(), err) + } + }) + + It("o2u", func() { + By("create underlay pod") + var autoMount bool + upod := &corev1.Pod{ + ObjectMeta: metav1.ObjectMeta{ + Name: f.GetName(), + Namespace: Namespace, + Labels: map[string]string{"e2e": "true"}, + }, + Spec: corev1.PodSpec{ + Containers: []corev1.Container{ + { + Name: f.GetName(), + Image: testImage, + ImagePullPolicy: corev1.PullIfNotPresent, + }, + }, + AutomountServiceAccountToken: &autoMount, + }, + } + _, err := f.KubeClientSet.CoreV1().Pods(upod.Namespace).Create(context.Background(), upod, metav1.CreateOptions{}) + Expect(err).NotTo(HaveOccurred()) + upod, err = f.WaitPodReady(upod.Name, upod.Namespace) + Expect(err).NotTo(HaveOccurred()) + Expect(upod.Spec.NodeName).NotTo(BeEmpty()) + + By("create overlay pod") + opod := &corev1.Pod{ + ObjectMeta: metav1.ObjectMeta{ + Name: f.GetName(), + Namespace: overlayNamespace, + Labels: map[string]string{"e2e": "true"}, + }, + Spec: corev1.PodSpec{ + Containers: []corev1.Container{ + { + Name: f.GetName(), + Image: testImage, + ImagePullPolicy: corev1.PullIfNotPresent, + }, + }, + AutomountServiceAccountToken: &autoMount, + }, + } + _, err = f.KubeClientSet.CoreV1().Pods(opod.Namespace).Create(context.Background(), opod, metav1.CreateOptions{}) + Expect(err).NotTo(HaveOccurred()) + opod, err = f.WaitPodReady(opod.Name, upod.Namespace) + Expect(err).NotTo(HaveOccurred()) + + By("get underlay pod's netns") + cniPod := cniPods[upod.Spec.NodeName] + cmd := fmt.Sprintf("ovs-vsctl --no-heading --columns=external_ids find interface external-ids:pod_name=%s external-ids:pod_namespace=%s", upod.Name, upod.Namespace) + stdout, _, err := f.ExecToPodThroughAPI(cmd, "cni-server", cniPod.Name, cniPod.Namespace, nil) + Expect(err).NotTo(HaveOccurred()) + var netns string + for _, field := range strings.Fields(stdout) { + if strings.HasPrefix(field, "pod_netns=") { + netns = strings.TrimPrefix(field, "pod_netns=") + netns = netns[:len(netns)-1] + break + } + } + Expect(netns).NotTo(BeEmpty()) + + By("ping overlay pod") + cmd = fmt.Sprintf("nsenter --net=%s ping -c1 -W1 %s", filepath.Join("/var/run/netns", netns), opod.Status.PodIP) + stdout, _, err = f.ExecToPodThroughAPI(cmd, "cni-server", cniPod.Name, cniPod.Namespace, nil) + Expect(err).NotTo(HaveOccurred()) + Expect(stdout).To(ContainSubstring(" 0% packet loss")) + }) + }) }) })