switch to a route controller

aojea · May 26, 2024 · af0a651 · af0a651
1 parent 6c4d42e
commit af0a651
Show file tree

Hide file tree

Showing 32 changed files with 6,102 additions and 102 deletions.
diff --git a/cmd/kindnetd/main.go b/cmd/kindnetd/main.go
@@ -20,22 +20,23 @@ import (
 	"context"
 	"flag"
 	"fmt"
-	"net"
 	"os"
 	"os/signal"
 	"time"
 
+	"golang.org/x/sys/unix"
+
 	"github.com/aojea/kindnet/pkg/cni"
 	utilnet "github.com/aojea/kindnet/pkg/net"
+	"github.com/aojea/kindnet/pkg/router"
 
-	"golang.org/x/sys/unix"
+	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/util/sets"
-
-	corev1 "k8s.io/api/core/v1"
 	"k8s.io/client-go/informers"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
+	nodeutil "k8s.io/component-helpers/node/util"
 	"k8s.io/klog/v2"
 )
 
@@ -62,12 +63,40 @@ const (
 	DualStackFamily IPFamily = 12 // AF_INET + AF_INET6
 )
 
+var (
+	failOpen                   bool
+	adminNetworkPolicy         bool // 	AdminNetworkPolicy is alpha so keep it feature gated behind a flag
+	baselineAdminNetworkPolicy bool // 	BaselineAdminNetworkPolicy is alpha so keep it feature gated behind a flag
+	queueID                    int
+	metricsBindAddress         string
+	hostnameOverride           string
+)
+
+func init() {
+	flag.BoolVar(&failOpen, "fail-open", false, "If set, don't drop packets if the controller is not running")
+	flag.BoolVar(&adminNetworkPolicy, "admin-network-policy", false, "If set, enable Admin Network Policy API")
+	flag.BoolVar(&baselineAdminNetworkPolicy, "baseline-admin-network-policy", false, "If set, enable Baseline Admin Network Policy API")
+	flag.IntVar(&queueID, "nfqueue-id", 100, "Number of the nfqueue used")
+	flag.StringVar(&metricsBindAddress, "metrics-bind-address", ":9080", "The IP address and port for the metrics server to serve on")
+	flag.StringVar(&hostnameOverride, "hostname-override", "", "The hostname of the node")
+
+	flag.Usage = func() {
+		fmt.Fprint(os.Stderr, "Usage: kindnet [options]\n\n")
+		flag.PrintDefaults()
+	}
+}
+
 func main() {
 	// enable logging
 	klog.InitFlags(nil)
 	_ = flag.Set("logtostderr", "true")
 	flag.Parse()
 
+	hostname, err := nodeutil.GetHostname(hostnameOverride)
+	if err != nil {
+		panic(err.Error())
+	}
+
 	// create a Kubernetes client
 	config, err := rest.InClusterConfig()
 	if err != nil {
@@ -186,6 +215,14 @@ func main() {
 	// main control loop
 	informersFactory.Start(ctx.Done())
 
+	// routes controller
+	go func() {
+		err := router.New(hostname, clientset, nodeInformer).Run(ctx, 5)
+		if err != nil {
+			klog.Infof("error running router controller: %v", err)
+		}
+	}()
+
 	for {
 		// Gets the Nodes information from the API
 		// TODO: use a proper controller instead
@@ -254,44 +291,6 @@ func makeNodesReconciler(cniConfig *cni.CNIConfigWriter, hostIP string, ipFamily
 			); err != nil {
 				return err
 			}
-			// we're done handling this node
-			return nil
-		}
-
-		// This is another node. Add routes to the POD subnets in the other nodes
-		// don't do anything unless there is a PodCIDR
-		var podCIDRs []string
-		if ipFamily == DualStackFamily {
-			podCIDRs = node.Spec.PodCIDRs
-		} else {
-			podCIDRs = []string{node.Spec.PodCIDR}
-		}
-		if len(podCIDRs) == 0 {
-			fmt.Printf("Node %v has no CIDR, ignoring\n", node.Name)
-			return nil
-		}
-		klog.Infof("Node %v has CIDR %s \n", node.Name, podCIDRs)
-		podCIDRsv4, podCIDRsv6 := splitCIDRs(podCIDRs)
-
-		// obtain the PodCIDR gateway
-		var nodeIPv4, nodeIPv6 string
-		for _, ip := range nodeIPs.UnsortedList() {
-			if isIPv6String(ip) {
-				nodeIPv6 = ip
-			} else {
-				nodeIPv4 = ip
-			}
-		}
-
-		if nodeIPv4 != "" && len(podCIDRsv4) > 0 {
-			if err := syncRoute(nodeIPv4, podCIDRsv4); err != nil {
-				return err
-			}
-		}
-		if nodeIPv6 != "" && len(podCIDRsv6) > 0 {
-			if err := syncRoute(nodeIPv6, podCIDRsv6); err != nil {
-				return err
-			}
 		}
 		return nil
 	}
@@ -318,9 +317,3 @@ func internalIPs(node *corev1.Node) sets.Set[string] {
 	}
 	return ips
 }
-
-// isIPv6String returns if ip is IPv6.
-func isIPv6String(ip string) bool {
-	netIP := net.ParseIP(ip)
-	return netIP != nil && netIP.To4() == nil
-}
diff --git a/cmd/kindnetd/routes.go b/cmd/kindnetd/routes.go
diff --git a/go.mod b/go.mod
@@ -9,11 +9,13 @@ require (
 	k8s.io/api v0.30.1
 	k8s.io/apimachinery v0.30.1
 	k8s.io/client-go v0.30.1
+	k8s.io/component-helpers v0.30.1
 	k8s.io/klog/v2 v2.120.1
 )
 
 require (
 	github.com/emicklei/go-restful/v3 v3.12.0 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/uuid v1.3.0 // indirect
@@ -47,7 +49,7 @@ require (
 	// indirect dep
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a // indirect
-	k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 // indirect
+	k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect

diff --git a/go.sum b/go.sum
@@ -18,6 +18,8 @@ github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1v
 github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 h1:0VpGH+cDhbDtdcweoyCVsF3fhN8kejK6rFe/2FFX2nU=
@@ -132,6 +134,8 @@ k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U=
 k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
 k8s.io/client-go v0.30.1 h1:uC/Ir6A3R46wdkgCV3vbLyNOYyCJ8oZnjtJGKfytl/Q=
 k8s.io/client-go v0.30.1/go.mod h1:wrAqLNs2trwiCH/wxxmT/x3hKVH9PuV0GGW0oDoHVqc=
+k8s.io/component-helpers v0.30.1 h1:/UcxSLzZ0owluTE2WMDrFfZl2L+WVXKdYYYm68qnH7U=
+k8s.io/component-helpers v0.30.1/go.mod h1:b1Xk27UJ3p/AmPqDx7khrnSxrdwQy9gTP7O1y6MZ6rg=
 k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
 k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a h1:zD1uj3Jf+mD4zmA7W+goE5TxDkI7OGJjBNBzq5fJtLA=

diff --git a/pkg/net/host.go b/pkg/net/host.go
@@ -71,3 +71,25 @@ func getDefaultGwIf(ipFamily int) (string, error) {
 	}
 	return "", fmt.Errorf("not routes found")
 }
+
+// IsLocalIP returns true if given IP belongs to the current host
+// It returns false if is not local or if is not able to detect it.
+func IsLocalIP(nodeIP net.IP) bool {
+	addrs, err := net.InterfaceAddrs()
+	if err != nil {
+		return false
+	}
+	for _, addr := range addrs {
+		var ip net.IP
+		switch v := addr.(type) {
+		case *net.IPNet:
+			ip = v.IP
+		case *net.IPAddr:
+			ip = v.IP
+		}
+		if ip != nil && ip.Equal(nodeIP) {
+			return true
+		}
+	}
+	return false
+}