fix ipsets

Subnets using underlay networking should not be included in ipsets.
kubeovn · Jul 19, 2021 · a63de27 · a63de27
1 parent cc51be3
commit a63de27
Show file tree

Hide file tree

Showing 2 changed files with 103 additions and 5 deletions.
diff --git a/pkg/daemon/gateway.go b/pkg/daemon/gateway.go
@@ -75,7 +75,7 @@ func (c *Controller) setIPSet() error {
 		if c.ipset[protocol] == nil {
 			continue
 		}
-		subnets, err := c.getSubnetsCIDR(protocol)
+		subnets, err := c.getOverlaySubnetsCIDR(protocol)
 		if err != nil {
 			klog.Errorf("get subnets failed, %+v", err)
 			return err
@@ -657,7 +657,8 @@ func (c *Controller) getSubnetsNeedNAT(protocol string) ([]string, error) {
 			subnet.Spec.GatewayType == kubeovnv1.GWCentralizedType &&
 			util.GatewayContains(subnet.Spec.GatewayNode, c.config.NodeName) &&
 			(subnet.Spec.Protocol == kubeovnv1.ProtocolDual || subnet.Spec.Protocol == protocol) &&
-			subnet.Spec.NatOutgoing {
+			subnet.Spec.NatOutgoing &&
+			subnet.Spec.Vlan == "" {
 			cidrBlock := getCidrByProtocol(subnet.Spec.CIDRBlock, protocol)
 			subnetsNeedNat = append(subnetsNeedNat, cidrBlock)
 		}
@@ -679,7 +680,8 @@ func (c *Controller) getSubnetsNeedPR(protocol string) (map[policyRouteMeta]stri
 			subnet.Spec.GatewayType == kubeovnv1.GWCentralizedType &&
 			util.GatewayContains(subnet.Spec.GatewayNode, c.config.NodeName) &&
 			(subnet.Spec.Protocol == kubeovnv1.ProtocolDual || subnet.Spec.Protocol == protocol) &&
-			subnet.Spec.ExternalEgressGateway != "" {
+			subnet.Spec.ExternalEgressGateway != "" &&
+			subnet.Spec.Vlan == "" {
 			meta := policyRouteMeta{
 				priority: subnet.Spec.PolicyRoutingPriority,
 				tableID:  subnet.Spec.PolicyRoutingTableID,
@@ -704,7 +706,7 @@ func (c *Controller) getSubnetsNeedPR(protocol string) (map[policyRouteMeta]stri
 	return subnetsNeedPR, nil
 }
 
-func (c *Controller) getSubnetsCIDR(protocol string) ([]string, error) {
+func (c *Controller) getOverlaySubnetsCIDR(protocol string) ([]string, error) {
 	subnets, err := c.subnetsLister.List(labels.Everything())
 	if err != nil {
 		klog.Error("failed to list subnets")
@@ -721,7 +723,7 @@ func (c *Controller) getSubnetsCIDR(protocol string) ([]string, error) {
 		}
 	}
 	for _, subnet := range subnets {
-		if subnet.Spec.Vpc == util.DefaultVpc {
+		if subnet.Spec.Vpc == util.DefaultVpc && subnet.Spec.Vlan == "" {
 			cidrBlock := getCidrByProtocol(subnet.Spec.CIDRBlock, protocol)
 			ret = append(ret, cidrBlock)
 		}

diff --git a/test/e2e/underlay/underlay.go b/test/e2e/underlay/underlay.go
@@ -517,6 +517,102 @@ var _ = Describe("[Underlay]", func() {
 					}
 				})
 			})
+
+			Context("[Overlay-Underlay]", func() {
+				overlayNamespace := "default"
+
+				BeforeEach(func() {
+					err := f.KubeClientSet.CoreV1().Pods(Namespace).Delete(context.Background(), f.GetName(), metav1.DeleteOptions{})
+					if err != nil && !k8serrors.IsNotFound(err) {
+						klog.Fatalf("failed to delete pod %s/%s: %v", Namespace, f.GetName(), err)
+					}
+					err = f.KubeClientSet.CoreV1().Pods(overlayNamespace).Delete(context.Background(), f.GetName(), metav1.DeleteOptions{})
+					if err != nil && !k8serrors.IsNotFound(err) {
+						klog.Fatalf("failed to delete pod %s/%s: %v", overlayNamespace, f.GetName(), err)
+					}
+				})
+				AfterEach(func() {
+					err := f.KubeClientSet.CoreV1().Pods(Namespace).Delete(context.Background(), f.GetName(), metav1.DeleteOptions{})
+					if err != nil && !k8serrors.IsNotFound(err) {
+						klog.Fatalf("failed to delete pod %s/%s: %v", Namespace, f.GetName(), err)
+					}
+					err = f.KubeClientSet.CoreV1().Pods(overlayNamespace).Delete(context.Background(), f.GetName(), metav1.DeleteOptions{})
+					if err != nil && !k8serrors.IsNotFound(err) {
+						klog.Fatalf("failed to delete pod %s/%s: %v", overlayNamespace, f.GetName(), err)
+					}
+				})
+
+				It("o2u", func() {
+					By("create underlay pod")
+					var autoMount bool
+					upod := &corev1.Pod{
+						ObjectMeta: metav1.ObjectMeta{
+							Name:      f.GetName(),
+							Namespace: Namespace,
+							Labels:    map[string]string{"e2e": "true"},
+						},
+						Spec: corev1.PodSpec{
+							Containers: []corev1.Container{
+								{
+									Name:            f.GetName(),
+									Image:           testImage,
+									ImagePullPolicy: corev1.PullIfNotPresent,
+								},
+							},
+							AutomountServiceAccountToken: &autoMount,
+						},
+					}
+					_, err := f.KubeClientSet.CoreV1().Pods(upod.Namespace).Create(context.Background(), upod, metav1.CreateOptions{})
+					Expect(err).NotTo(HaveOccurred())
+					upod, err = f.WaitPodReady(upod.Name, upod.Namespace)
+					Expect(err).NotTo(HaveOccurred())
+					Expect(upod.Spec.NodeName).NotTo(BeEmpty())
+
+					By("create overlay pod")
+					opod := &corev1.Pod{
+						ObjectMeta: metav1.ObjectMeta{
+							Name:      f.GetName(),
+							Namespace: overlayNamespace,
+							Labels:    map[string]string{"e2e": "true"},
+						},
+						Spec: corev1.PodSpec{
+							Containers: []corev1.Container{
+								{
+									Name:            f.GetName(),
+									Image:           testImage,
+									ImagePullPolicy: corev1.PullIfNotPresent,
+								},
+							},
+							AutomountServiceAccountToken: &autoMount,
+						},
+					}
+					_, err = f.KubeClientSet.CoreV1().Pods(opod.Namespace).Create(context.Background(), opod, metav1.CreateOptions{})
+					Expect(err).NotTo(HaveOccurred())
+					opod, err = f.WaitPodReady(opod.Name, upod.Namespace)
+					Expect(err).NotTo(HaveOccurred())
+
+					By("get underlay pod's netns")
+					cniPod := cniPods[upod.Spec.NodeName]
+					cmd := fmt.Sprintf("ovs-vsctl --no-heading --columns=external_ids find interface external-ids:pod_name=%s external-ids:pod_namespace=%s", upod.Name, upod.Namespace)
+					stdout, _, err := f.ExecToPodThroughAPI(cmd, "cni-server", cniPod.Name, cniPod.Namespace, nil)
+					Expect(err).NotTo(HaveOccurred())
+					var netns string
+					for _, field := range strings.Fields(stdout) {
+						if strings.HasPrefix(field, "pod_netns=") {
+							netns = strings.TrimPrefix(field, "pod_netns=")
+							netns = netns[:len(netns)-1]
+							break
+						}
+					}
+					Expect(netns).NotTo(BeEmpty())
+
+					By("ping overlay pod")
+					cmd = fmt.Sprintf("nsenter --net=%s ping -c1 -W1 %s", filepath.Join("/var/run/netns", netns), opod.Status.PodIP)
+					stdout, _, err = f.ExecToPodThroughAPI(cmd, "cni-server", cniPod.Name, cniPod.Namespace, nil)
+					Expect(err).NotTo(HaveOccurred())
+					Expect(stdout).To(ContainSubstring(" 0% packet loss"))
+				})
+			})
 		})
 	})