ipset exclude cluster service ip range

cd0ddf10 · Yan Zhu · 5de6ceb5 · cd0ddf10 · cd0ddf10
Commit cd0ddf10 authored 6 years ago by Yan Zhu
Hide whitespace changes
Inline Side-by-side

Showing

with 51 additions and 37 deletions
+51 -37
--- a/pkg/daemon/config.go
+++ b/pkg/daemon/config.go
@@ -13,31 +13,33 @@ import (
 )

 type Configuration struct {
-	BindSocket     string
-	OvsSocket      string
-	KubeConfigFile string
-	KubeClient     kubernetes.Interface
-	NodeName       string
-	OvnNbHost      string
-	OvnNbPort      int
-	OvnSbHost      string
-	OvnSbPort      int
-	ClusterRouter  string
-	NodeSwitch     string
+	BindSocket            string
+	OvsSocket             string
+	KubeConfigFile        string
+	KubeClient            kubernetes.Interface
+	NodeName              string
+	OvnNbHost             string
+	OvnNbPort             int
+	OvnSbHost             string
+	OvnSbPort             int
+	ClusterRouter         string
+	NodeSwitch            string
+	ServiceClusterIPRange string
 }

 // TODO: validate configuration
 func ParseFlags() (*Configuration, error) {
 	var (
-		argBindSocket     = pflag.String("bind-socket", "/var/run/cniserver.sock", "The socket daemon bind to.")
-		argOvsSocket      = pflag.String("ovs-socket", "", "The socket to local ovs-server")
-		argKubeConfigFile = pflag.String("kubeconfig", "", "Path to kubeconfig file with authorization and master location information. If not set use the inCluster token.")
-		argOvnNbHost      = pflag.String("ovn-nb-host", "", "")
-		argOvnNbPort      = pflag.Int("ovn-nb-port", 6641, "")
-		argOvnSbHost      = pflag.String("ovn-sb-host", "", "")
-		argOvnSbPort      = pflag.Int("ovn-sb-port", 6642, "")
-		argClusterRouter  = pflag.String("cluster-router", "ovn-cluster", "The router name for cluster router.Default: cluster-router")
-		argNodeSwitch     = pflag.String("node-switch", "join", "The name of node gateway switch which help node to access pod network. Default: join")
+		argBindSocket            = pflag.String("bind-socket", "/var/run/cniserver.sock", "The socket daemon bind to.")
+		argOvsSocket             = pflag.String("ovs-socket", "", "The socket to local ovs-server")
+		argKubeConfigFile        = pflag.String("kubeconfig", "", "Path to kubeconfig file with authorization and master location information. If not set use the inCluster token.")
+		argOvnNbHost             = pflag.String("ovn-nb-host", "", "")
+		argOvnNbPort             = pflag.Int("ovn-nb-port", 6641, "")
+		argOvnSbHost             = pflag.String("ovn-sb-host", "", "")
+		argOvnSbPort             = pflag.Int("ovn-sb-port", 6642, "")
+		argClusterRouter         = pflag.String("cluster-router", "ovn-cluster", "The router name for cluster router.Default: cluster-router")
+		argNodeSwitch            = pflag.String("node-switch", "join", "The name of node gateway switch which help node to access pod network. Default: join")
+		argServiceClusterIPRange = pflag.String("service-cluster-ip-range", "10.96.0.0/12", "The kubernetes service cluster ip range")
 	)

 	klogFlags := flag.NewFlagSet("klog", flag.ExitOnError)
@@ -62,16 +64,17 @@ func ParseFlags() (*Configuration, error) {
 	}

 	config := &Configuration{
-		BindSocket:     *argBindSocket,
-		OvsSocket:      *argOvsSocket,
-		KubeConfigFile: *argKubeConfigFile,
-		NodeName:       nodeName,
-		OvnNbHost:      *argOvnNbHost,
-		OvnNbPort:      *argOvnNbPort,
-		OvnSbHost:      *argOvnSbHost,
-		OvnSbPort:      *argOvnSbPort,
-		ClusterRouter:  *argClusterRouter,
-		NodeSwitch:     *argNodeSwitch,
+		BindSocket:            *argBindSocket,
+		OvsSocket:             *argOvsSocket,
+		KubeConfigFile:        *argKubeConfigFile,
+		NodeName:              nodeName,
+		OvnNbHost:             *argOvnNbHost,
+		OvnNbPort:             *argOvnNbPort,
+		OvnSbHost:             *argOvnSbHost,
+		OvnSbPort:             *argOvnSbPort,
+		ClusterRouter:         *argClusterRouter,
+		NodeSwitch:            *argNodeSwitch,
+		ServiceClusterIPRange: *argServiceClusterIPRange,
 	}
 	err := config.initKubeClient()
 	if err != nil {

--- a/pkg/daemon/gateway.go
+++ b/pkg/daemon/gateway.go
@@ -13,9 +13,9 @@ import (

 const (
 	SubnetSet   = "subnets"
-	LocalPodSet = "local-pod-ip"
+	LocalPodSet = "local-pod-ip-nat"
 	IPSetPrefix = "ovn"
-	NATRule     = "-m set --match-set ovn40local-pod-ip src -m set ! --match-set ovn40subnets dst -j MASQUERADE"
+	NATRule     = "-m set --match-set ovn40local-pod-ip-nat src -m set ! --match-set ovn40subnets dst -j MASQUERADE"
 )

 func (c *Controller) runGateway(stopCh <-chan struct{}) error {
@@ -25,7 +25,7 @@ func (c *Controller) runGateway(stopCh <-chan struct{}) error {
 		klog.Errorf("get subnets failed, %+v", err)
 		return err
 	}
-	localPodIPs, err := c.getLocalPodIPs()
+	localPodIPs, err := c.getLocalPodIPsNeedNAT()
 	if err != nil {
 		klog.Errorf("get local pod ips failed, %+v", err)
 		return err
@@ -70,7 +70,7 @@ LOOP:
 			klog.Errorf("get subnets failed, %+v", err)
 			continue
 		}
-		localPodIPs, err := c.getLocalPodIPs()
+		localPodIPs, err := c.getLocalPodIPsNeedNAT()
 		if err != nil {
 			klog.Errorf("get local pod ips failed, %+v", err)
 			continue
@@ -91,7 +91,7 @@ LOOP:
 	return nil
 }

-func (c *Controller) getLocalPodIPs() ([]string, error) {
+func (c *Controller) getLocalPodIPsNeedNAT() ([]string, error) {
 	var localPodIPs []string
 	hostname, _ := os.Hostname()
 	allPods, err := c.podsLister.List(labels.Everything())
@@ -101,7 +101,18 @@ func (c *Controller) getLocalPodIPs() ([]string, error) {
 	}
 	for _, pod := range allPods {
 		if pod.Spec.NodeName == hostname && pod.Spec.HostNetwork != true && pod.Status.PodIP != "" {
-			localPodIPs = append(localPodIPs, pod.Status.PodIP)
+			ns, err := c.namespacesLister.Get(pod.Namespace)
+			if err != nil {
+				klog.Errorf("get ns %s failed, %+v", pod.Namespace, err)
+				continue
+			}
+			nsGWType := ns.Annotations[util.GWTypeAnnotation]
+			switch nsGWType {
+			case "", util.GWDistributedMode:
+				localPodIPs = append(localPodIPs, pod.Status.PodIP)
+			case util.GWCentralizedMode:
+				// TODO:
+			}
 		}
 	}
 	klog.V(5).Infof("local pod ips %v", localPodIPs)
@@ -109,7 +120,7 @@ func (c *Controller) getLocalPodIPs() ([]string, error) {
 }

 func (c *Controller) getSubnets() ([]string, error) {
-	var subnets []string
+	var subnets = []string{c.config.ServiceClusterIPRange}
 	allNamespaces, err := c.namespacesLister.List(labels.Everything())
 	if err != nil {
 		klog.Errorf("list namespaces failed, %+v", err)