From 2daee65c058d723b9ba9620025ecfc6d4a3e382e Mon Sep 17 00:00:00 2001 From: Claes Mogren Date: Wed, 23 Oct 2019 16:51:32 -0700 Subject: [PATCH] Add MTU to the plugin config --- README.md | 12 +++ misc/10-aws.conflist | 3 +- pkg/networkutils/network.go | 20 ++++- pkg/networkutils/network_test.go | 74 ++++++++++++------- plugins/routed-eni/cni.go | 14 +++- plugins/routed-eni/cni_test.go | 24 +++--- plugins/routed-eni/driver/driver.go | 16 ++-- plugins/routed-eni/driver/driver_test.go | 11 +-- .../routed-eni/driver/mocks/driver_mocks.go | 8 +- scripts/install-aws.sh | 1 + 10 files changed, 120 insertions(+), 63 deletions(-) diff --git a/README.md b/README.md index 71f5e4b4cf..dbe32ee247 100644 --- a/README.md +++ b/README.md @@ -250,6 +250,18 @@ is not used, and the maximum number of ENIs is always equal to the maximum numbe --- +`AWS_VPC_K8S_CNI_LOGLEVEL` + +Type: String + +Default: `DEBUG` + +Valid Values: `trace`, `debug`, `info`, `warn`, `error`, `critical` or `off`. (Not case sensitive) + +Specifies the loglevel for ipamd. + +--- + `AWS_VPC_K8S_CNI_LOG_FILE` Type: String diff --git a/misc/10-aws.conflist b/misc/10-aws.conflist index 2b4a737b9b..a7cb87791c 100644 --- a/misc/10-aws.conflist +++ b/misc/10-aws.conflist @@ -5,7 +5,8 @@ { "name": "aws-cni", "type": "aws-cni", - "vethPrefix": "__VETHPREFIX__" + "vethPrefix": "__VETHPREFIX__", + "mtu": "__MTU__" }, { "type": "portmap", diff --git a/pkg/networkutils/network.go b/pkg/networkutils/network.go index 39ee62108e..38478e047a 100644 --- a/pkg/networkutils/network.go +++ b/pkg/networkutils/network.go @@ -163,7 +163,7 @@ func New() NetworkAPIs { typeOfSNAT: typeOfSNAT(), nodePortSupportEnabled: nodePortSupportEnabled(), mainENIMark: getConnmark(), - mtu: GetEthernetMTU(), + mtu: GetEthernetMTU(""), netLink: netlinkwrapper.NewNetLink(), ns: nswrapper.NewNS(), @@ -247,6 +247,14 @@ func (n *linuxNetwork) SetupHostNetwork(vpcCIDR *net.IPNet, vpcCIDRs []*string, } } + link, err := LinkByMac(primaryMAC, n.netLink, retryLinkByMacInterval) + if err != nil { + return errors.Wrapf(err, "setupHostNetwork: failed to find the link primary ENI with MAC address %s", primaryMAC) + } + if err = n.netLink.LinkSetMTU(link, n.mtu); err != nil { + return errors.Wrapf(err, "setupHostNetwork: failed to set MTU to %d for %s", n.mtu, primaryIntf) + } + // If node port support is enabled, add a rule that will force force marked traffic out of the main ENI. We then // add iptables rules below that will mark traffic that needs this special treatment. In particular NodePort // traffic always comes in via the main ENI but response traffic would go out of the pod's assigned ENI if we @@ -936,9 +944,13 @@ func (n *linuxNetwork) UpdateRuleListBySrc(ruleList []netlink.Rule, src net.IPNe return nil } -// GetEthernetMTU gets the MTU setting from AWS_VPC_ENI_MTU, or defaults to 9001 if not set. -func GetEthernetMTU() int { - if envMTUValue := os.Getenv(envMTU); envMTUValue != "" { +// GetEthernetMTU gets the MTU setting from AWS_VPC_ENI_MTU if set, or takes the passed in string. Defaults to 9001 if not set. +func GetEthernetMTU(envMTUValue string) int { + inputStr, found := os.LookupEnv(envMTU) + if found { + envMTUValue = inputStr + } + if envMTUValue != "" { mtu, err := strconv.Atoi(envMTUValue) if err != nil { log.Errorf("Failed to parse %s will use %d: %v", envMTU, maximumMTU, err.Error()) diff --git a/pkg/networkutils/network_test.go b/pkg/networkutils/network_test.go index 0d05d7a134..5d68b226ae 100644 --- a/pkg/networkutils/network_test.go +++ b/pkg/networkutils/network_test.go @@ -38,6 +38,7 @@ import ( ) const ( + dockerFirst = "02:42:ac:11:00:02" testMAC1 = "01:23:45:67:89:a0" testMAC2 = "01:23:45:67:89:a1" testTable = 10 @@ -72,17 +73,14 @@ func TestSetupENINetwork(t *testing.T) { hwAddr, err := net.ParseMAC(testMAC1) assert.NoError(t, err) - mockLinkAttrs1 := &netlink.LinkAttrs{ HardwareAddr: hwAddr, } hwAddr, err = net.ParseMAC(testMAC2) assert.NoError(t, err) - mockLinkAttrs2 := &netlink.LinkAttrs{ HardwareAddr: hwAddr, } - lo := mock_netlink.NewMockLink(ctrl) eth1 := mock_netlink.NewMockLink(ctrl) // Emulate a delay attaching the ENI so a retry is necessary @@ -94,14 +92,11 @@ func TestSetupENINetwork(t *testing.T) { lo.EXPECT().Attrs().Return(mockLinkAttrs1) eth1.EXPECT().Attrs().Return(mockLinkAttrs2) gomock.InOrder(firstlistSet, secondlistSet) - mockNetLink.EXPECT().LinkSetMTU(gomock.Any(), testMTU).Return(nil) mockNetLink.EXPECT().LinkSetUp(gomock.Any()).Return(nil) - // eth1's device eth1.EXPECT().Attrs().Return(mockLinkAttrs2) eth1.EXPECT().Attrs().Return(mockLinkAttrs2) - // eth1's IP address testeniAddr := &net.IPNet{ IP: net.ParseIP(testeniIP), @@ -150,14 +145,16 @@ func TestSetupHostNetworkNodePortDisabled(t *testing.T) { ln := &linuxNetwork{ mainENIMark: 0x80, - - netLink: mockNetLink, - ns: mockNS, + mtu: testMTU, + netLink: mockNetLink, + ns: mockNS, newIptables: func() (iptablesIface, error) { return mockIptables, nil }, } + err := mockPrimaryInterfaceLookup(t, ctrl, mockNetLink, testMAC1) + mockNetLink.EXPECT().LinkSetMTU(gomock.Any(), testMTU).Return(nil) var hostRule netlink.Rule mockNetLink.EXPECT().NewRule().Return(&hostRule) mockNetLink.EXPECT().RuleDel(&hostRule) @@ -166,10 +163,22 @@ func TestSetupHostNetworkNodePortDisabled(t *testing.T) { mockNetLink.EXPECT().RuleDel(&mainENIRule) var vpcCIDRs []*string - err := ln.SetupHostNetwork(testENINetIPNet, vpcCIDRs, "", &testENINetIP) + err = ln.SetupHostNetwork(testENINetIPNet, vpcCIDRs, testMAC1, &testENINetIP) assert.NoError(t, err) } +func mockPrimaryInterfaceLookup(t *testing.T, ctrl *gomock.Controller, mockNetLink *mock_netlinkwrapper.MockNetLink, mac string) error { + hwAddr, err := net.ParseMAC(mac) + assert.NoError(t, err) + mockLinkAttrs1 := &netlink.LinkAttrs{ + HardwareAddr: hwAddr, + } + lo := mock_netlink.NewMockLink(ctrl) + mockNetLink.EXPECT().LinkList().Return([]netlink.Link{lo}, nil) + lo.EXPECT().Attrs().AnyTimes().Return(mockLinkAttrs1) + return err +} + func TestUpdateRuleListBySrc(t *testing.T) { ctrl, mockNetLink, _, _, _ := setup(t) defer ctrl.Finish() @@ -267,6 +276,7 @@ func TestSetupHostNetworkNodePortEnabled(t *testing.T) { useExternalSNAT: true, nodePortSupportEnabled: true, mainENIMark: defaultConnmark, + mtu: testMTU, netLink: mockNetLink, ns: mockNS, @@ -278,6 +288,9 @@ func TestSetupHostNetworkNodePortEnabled(t *testing.T) { }, } + err := mockPrimaryInterfaceLookup(t, ctrl, mockNetLink, dockerFirst) + mockNetLink.EXPECT().LinkSetMTU(gomock.Any(), testMTU).Return(nil) + var hostRule netlink.Rule mockNetLink.EXPECT().NewRule().Return(&hostRule) mockNetLink.EXPECT().RuleDel(&hostRule) @@ -288,11 +301,7 @@ func TestSetupHostNetworkNodePortEnabled(t *testing.T) { var vpcCIDRs []*string - // loopback for primary device is a little bit hacky. But the test is stable and it should be - // OK for test purpose. - LoopBackMac := "" - - err := ln.SetupHostNetwork(testENINetIPNet, vpcCIDRs, LoopBackMac, &testENINetIP) + err = ln.SetupHostNetwork(testENINetIPNet, vpcCIDRs, dockerFirst, &testENINetIP) assert.NoError(t, err) assert.Equal(t, map[string]map[string][][]string{ @@ -300,7 +309,7 @@ func TestSetupHostNetworkNodePortEnabled(t *testing.T) { "PREROUTING": [][]string{ { "-m", "comment", "--comment", "AWS, primary ENI", - "-i", "lo", + "-i", "eth0", "-m", "addrtype", "--dst-type", "LOCAL", "--limit-iface-in", "-j", "CONNMARK", "--set-mark", "0x80/0x80", }, @@ -316,17 +325,17 @@ func TestSetupHostNetworkNodePortEnabled(t *testing.T) { func TestLoadMTUFromEnvTooLow(t *testing.T) { _ = os.Setenv(envMTU, "1") - assert.Equal(t, GetEthernetMTU(), minimumMTU) + assert.Equal(t, GetEthernetMTU(""), minimumMTU) } func TestLoadMTUFromEnv1500(t *testing.T) { _ = os.Setenv(envMTU, "1500") - assert.Equal(t, GetEthernetMTU(), 1500) + assert.Equal(t, GetEthernetMTU(""), 1500) } func TestLoadMTUFromEnvTooHigh(t *testing.T) { _ = os.Setenv(envMTU, "65536") - assert.Equal(t, GetEthernetMTU(), maximumMTU) + assert.Equal(t, GetEthernetMTU(""), maximumMTU) } func TestLoadExcludeSNATCIDRsFromEnv(t *testing.T) { @@ -347,6 +356,7 @@ func TestSetupHostNetworkWithExcludeSNATCIDRs(t *testing.T) { excludeSNATCIDRs: []string{"10.12.0.0/16", "10.13.0.0/16"}, nodePortSupportEnabled: true, mainENIMark: defaultConnmark, + mtu: testMTU, netLink: mockNetLink, ns: mockNS, @@ -358,6 +368,9 @@ func TestSetupHostNetworkWithExcludeSNATCIDRs(t *testing.T) { }, } + err := mockPrimaryInterfaceLookup(t, ctrl, mockNetLink, dockerFirst) + + mockNetLink.EXPECT().LinkSetMTU(gomock.Any(), testMTU).Return(nil) var hostRule netlink.Rule mockNetLink.EXPECT().NewRule().Return(&hostRule) mockNetLink.EXPECT().RuleDel(&hostRule) @@ -368,7 +381,7 @@ func TestSetupHostNetworkWithExcludeSNATCIDRs(t *testing.T) { var vpcCIDRs []*string vpcCIDRs = []*string{aws.String("10.10.0.0/16"), aws.String("10.11.0.0/16")} - err := ln.SetupHostNetwork(testENINetIPNet, vpcCIDRs, "", &testENINetIP) + err = ln.SetupHostNetwork(testENINetIPNet, vpcCIDRs, dockerFirst, &testENINetIP) assert.NoError(t, err) assert.Equal(t, map[string]map[string][][]string{ @@ -381,7 +394,7 @@ func TestSetupHostNetworkWithExcludeSNATCIDRs(t *testing.T) { "POSTROUTING": [][]string{{"-m", "comment", "--comment", "AWS SNAT CHAIN", "-j", "AWS-SNAT-CHAIN-0"}}}, "mangle": { "PREROUTING": [][]string{ - {"-m", "comment", "--comment", "AWS, primary ENI", "-i", "lo", "-m", "addrtype", "--dst-type", "LOCAL", "--limit-iface-in", "-j", "CONNMARK", "--set-mark", "0x80/0x80"}, + {"-m", "comment", "--comment", "AWS, primary ENI", "-i", "eth0", "-m", "addrtype", "--dst-type", "LOCAL", "--limit-iface-in", "-j", "CONNMARK", "--set-mark", "0x80/0x80"}, {"-m", "comment", "--comment", "AWS, primary ENI", "-i", "eni+", "-j", "CONNMARK", "--restore-mark", "--mask", "0x80"}, }, }, @@ -398,6 +411,7 @@ func TestSetupHostNetworkCleansUpStaleSNATRules(t *testing.T) { excludeSNATCIDRs: nil, nodePortSupportEnabled: true, mainENIMark: defaultConnmark, + mtu: testMTU, netLink: mockNetLink, ns: mockNS, @@ -408,7 +422,9 @@ func TestSetupHostNetworkCleansUpStaleSNATRules(t *testing.T) { return &mockRPFilter, nil }, } + err := mockPrimaryInterfaceLookup(t, ctrl, mockNetLink, dockerFirst) + mockNetLink.EXPECT().LinkSetMTU(gomock.Any(), testMTU).Return(nil) var hostRule netlink.Rule mockNetLink.EXPECT().NewRule().Return(&hostRule) mockNetLink.EXPECT().RuleDel(&hostRule) @@ -426,7 +442,7 @@ func TestSetupHostNetworkCleansUpStaleSNATRules(t *testing.T) { _ = mockIptables.NewChain("nat", "AWS-SNAT-CHAIN-5") _ = mockIptables.Append("nat", "POSTROUTING", "-m", "comment", "--comment", "AWS SNAT CHAIN", "-j", "AWS-SNAT-CHAIN-0") - err := ln.SetupHostNetwork(testENINetIPNet, vpcCIDRs, "", &testENINetIP) + err = ln.SetupHostNetwork(testENINetIPNet, vpcCIDRs, dockerFirst, &testENINetIP) assert.NoError(t, err) assert.Equal(t, @@ -440,7 +456,7 @@ func TestSetupHostNetworkCleansUpStaleSNATRules(t *testing.T) { "POSTROUTING": [][]string{{"-m", "comment", "--comment", "AWS SNAT CHAIN", "-j", "AWS-SNAT-CHAIN-0"}}}, "mangle": { "PREROUTING": [][]string{ - {"-m", "comment", "--comment", "AWS, primary ENI", "-i", "lo", "-m", "addrtype", "--dst-type", "LOCAL", "--limit-iface-in", "-j", "CONNMARK", "--set-mark", "0x80/0x80"}, + {"-m", "comment", "--comment", "AWS, primary ENI", "-i", "eth0", "-m", "addrtype", "--dst-type", "LOCAL", "--limit-iface-in", "-j", "CONNMARK", "--set-mark", "0x80/0x80"}, {"-m", "comment", "--comment", "AWS, primary ENI", "-i", "eni+", "-j", "CONNMARK", "--restore-mark", "--mask", "0x80"}, }, }, @@ -457,6 +473,7 @@ func TestSetupHostNetworkExcludedSNATCIDRsIdempotent(t *testing.T) { excludeSNATCIDRs: []string{"10.12.0.0/16", "10.13.0.0/16"}, nodePortSupportEnabled: true, mainENIMark: defaultConnmark, + mtu: testMTU, netLink: mockNetLink, ns: mockNS, @@ -467,7 +484,9 @@ func TestSetupHostNetworkExcludedSNATCIDRsIdempotent(t *testing.T) { return &mockRPFilter, nil }, } + err := mockPrimaryInterfaceLookup(t, ctrl, mockNetLink, dockerFirst) + mockNetLink.EXPECT().LinkSetMTU(gomock.Any(), testMTU).Return(nil) var hostRule netlink.Rule mockNetLink.EXPECT().NewRule().Return(&hostRule) mockNetLink.EXPECT().RuleDel(&hostRule) @@ -485,7 +504,7 @@ func TestSetupHostNetworkExcludedSNATCIDRsIdempotent(t *testing.T) { // remove exclusions vpcCIDRs := []*string{aws.String("10.10.0.0/16"), aws.String("10.11.0.0/16")} - err := ln.SetupHostNetwork(testENINetIPNet, vpcCIDRs, "", &testENINetIP) + err = ln.SetupHostNetwork(testENINetIPNet, vpcCIDRs, dockerFirst, &testENINetIP) assert.NoError(t, err) assert.Equal(t, @@ -499,7 +518,7 @@ func TestSetupHostNetworkExcludedSNATCIDRsIdempotent(t *testing.T) { "POSTROUTING": [][]string{{"-m", "comment", "--comment", "AWS SNAT CHAIN", "-j", "AWS-SNAT-CHAIN-0"}}}, "mangle": { "PREROUTING": [][]string{ - {"-m", "comment", "--comment", "AWS, primary ENI", "-i", "lo", "-m", "addrtype", "--dst-type", "LOCAL", "--limit-iface-in", "-j", "CONNMARK", "--set-mark", "0x80/0x80"}, + {"-m", "comment", "--comment", "AWS, primary ENI", "-i", "eth0", "-m", "addrtype", "--dst-type", "LOCAL", "--limit-iface-in", "-j", "CONNMARK", "--set-mark", "0x80/0x80"}, {"-m", "comment", "--comment", "AWS, primary ENI", "-i", "eni+", "-j", "CONNMARK", "--restore-mark", "--mask", "0x80"}, }, }, @@ -515,6 +534,7 @@ func TestSetupHostNetworkMultipleCIDRs(t *testing.T) { useExternalSNAT: true, nodePortSupportEnabled: true, mainENIMark: defaultConnmark, + mtu: testMTU, netLink: mockNetLink, ns: mockNS, @@ -525,7 +545,9 @@ func TestSetupHostNetworkMultipleCIDRs(t *testing.T) { return &mockRPFilter, nil }, } + err := mockPrimaryInterfaceLookup(t, ctrl, mockNetLink, dockerFirst) + mockNetLink.EXPECT().LinkSetMTU(gomock.Any(), testMTU).Return(nil) var hostRule netlink.Rule mockNetLink.EXPECT().NewRule().Return(&hostRule) mockNetLink.EXPECT().RuleDel(&hostRule) @@ -536,7 +558,7 @@ func TestSetupHostNetworkMultipleCIDRs(t *testing.T) { var vpcCIDRs []*string vpcCIDRs = []*string{aws.String("10.10.0.0/16"), aws.String("10.11.0.0/16")} - err := ln.SetupHostNetwork(testENINetIPNet, vpcCIDRs, "", &testENINetIP) + err = ln.SetupHostNetwork(testENINetIPNet, vpcCIDRs, dockerFirst, &testENINetIP) assert.NoError(t, err) } diff --git a/plugins/routed-eni/cni.go b/plugins/routed-eni/cni.go index e66c623074..16f17ebbb0 100644 --- a/plugins/routed-eni/cni.go +++ b/plugins/routed-eni/cni.go @@ -22,6 +22,8 @@ import ( "os" "runtime" + "github.com/aws/amazon-vpc-cni-k8s/pkg/networkutils" + "golang.org/x/net/context" "google.golang.org/grpc" @@ -67,6 +69,9 @@ type NetConf struct { // veth device name. It should be no more than four characters, and // defaults to 'eni'. VethPrefix string `json:"vethPrefix"` + + // MTU for eth0 + Mtu string `json:"mtu"` } // K8sArgs is the valid CNI_ARGS used for Kubernetes @@ -121,6 +126,13 @@ func add(args *skel.CmdArgs, cniTypes typeswrapper.CNITYPES, grpcClient grpcwrap return errors.New("conf.VethPrefix can be at most 4 characters long") } + // MTU + if conf.Mtu == "" { + log.Debug("MTU not set, defaulting to 9001") + conf.Mtu = "9001" + } + mtu := networkutils.GetEthernetMTU(conf.Mtu) + cniVersion := conf.CNIVersion // Set up a connection to the ipamD server. @@ -175,7 +187,7 @@ func add(args *skel.CmdArgs, cniTypes typeswrapper.CNITYPES, grpcClient grpcwrap // Note: the maximum length for linux interface name is 15 hostVethName := generateHostVethName(conf.VethPrefix, string(k8sArgs.K8S_POD_NAMESPACE), string(k8sArgs.K8S_POD_NAME)) - err = driverClient.SetupNS(hostVethName, args.IfName, args.Netns, addr, int(r.DeviceNumber), r.VPCcidrs, r.UseExternalSNAT) + err = driverClient.SetupNS(hostVethName, args.IfName, args.Netns, addr, int(r.DeviceNumber), r.VPCcidrs, r.UseExternalSNAT, mtu) if err != nil { log.Errorf("Failed SetupPodNetwork for pod %s namespace %s container %s: %v", diff --git a/plugins/routed-eni/cni_test.go b/plugins/routed-eni/cni_test.go index 6914f73260..9a6ac3309e 100644 --- a/plugins/routed-eni/cni_test.go +++ b/plugins/routed-eni/cni_test.go @@ -56,16 +56,8 @@ func setup(t *testing.T) (*gomock.Controller, mock_driver.NewMockNetworkAPIs(ctrl) } -type RPCCONN interface { - Close() error -} - type rpcConn struct{} -func NewRPCCONN() RPCCONN { - return &rpcConn{} -} - func (*rpcConn) Close() error { return nil } @@ -101,11 +93,12 @@ func TestCmdAdd(t *testing.T) { } mocksNetwork.EXPECT().SetupNS(gomock.Any(), cmdArgs.IfName, cmdArgs.Netns, - addr, int(addNetworkReply.DeviceNumber), gomock.Any(), gomock.Any()).Return(nil) + addr, int(addNetworkReply.DeviceNumber), gomock.Any(), gomock.Any(), gomock.Any()).Return(nil) mocksTypes.EXPECT().PrintResult(gomock.Any(), gomock.Any()).Return(nil) - add(cmdArgs, mocksTypes, mocksGRPC, mocksRPC, mocksNetwork) + err := add(cmdArgs, mocksTypes, mocksGRPC, mocksRPC, mocksNetwork) + assert.Nil(t, err) } func TestCmdAddNetworkErr(t *testing.T) { @@ -169,7 +162,7 @@ func TestCmdAddErrSetupPodNetwork(t *testing.T) { } mocksNetwork.EXPECT().SetupNS(gomock.Any(), cmdArgs.IfName, cmdArgs.Netns, - addr, int(addNetworkReply.DeviceNumber), gomock.Any(), gomock.Any()).Return(errors.New("error on SetupPodNetwork")) + addr, int(addNetworkReply.DeviceNumber), gomock.Any(), gomock.Any(), gomock.Any()).Return(errors.New("error on SetupPodNetwork")) // when SetupPodNetwork fails, expect to return IP back to datastore delNetworkReply := &rpc.DelNetworkReply{Success: true, IPv4Addr: ipAddr, DeviceNumber: devNum} @@ -213,7 +206,8 @@ func TestCmdDel(t *testing.T) { mocksNetwork.EXPECT().TeardownNS(addr, int(delNetworkReply.DeviceNumber)).Return(nil) - del(cmdArgs, mocksTypes, mocksGRPC, mocksRPC, mocksNetwork) + err := del(cmdArgs, mocksTypes, mocksGRPC, mocksRPC, mocksNetwork) + assert.Nil(t, err) } func TestCmdDelErrDelNetwork(t *testing.T) { @@ -242,7 +236,8 @@ func TestCmdDelErrDelNetwork(t *testing.T) { mockC.EXPECT().DelNetwork(gomock.Any(), gomock.Any()).Return(delNetworkReply, errors.New("error on DelNetwork")) - del(cmdArgs, mocksTypes, mocksGRPC, mocksRPC, mocksNetwork) + err := del(cmdArgs, mocksTypes, mocksGRPC, mocksRPC, mocksNetwork) + assert.Error(t, err) } func TestCmdDelErrTeardown(t *testing.T) { @@ -278,5 +273,6 @@ func TestCmdDelErrTeardown(t *testing.T) { mocksNetwork.EXPECT().TeardownNS(addr, int(delNetworkReply.DeviceNumber)).Return(errors.New("error on teardown")) - del(cmdArgs, mocksTypes, mocksGRPC, mocksRPC, mocksNetwork) + err := del(cmdArgs, mocksTypes, mocksGRPC, mocksRPC, mocksNetwork) + assert.Error(t, err) } diff --git a/plugins/routed-eni/driver/driver.go b/plugins/routed-eni/driver/driver.go index 67c3b7fd2a..0f811a7d2e 100644 --- a/plugins/routed-eni/driver/driver.go +++ b/plugins/routed-eni/driver/driver.go @@ -42,7 +42,7 @@ const ( // NetworkAPIs defines network API calls type NetworkAPIs interface { - SetupNS(hostVethName string, contVethName string, netnsPath string, addr *net.IPNet, table int, vpcCIDRs []string, useExternalSNAT bool) error + SetupNS(hostVethName string, contVethName string, netnsPath string, addr *net.IPNet, table int, vpcCIDRs []string, useExternalSNAT bool, mtu int) error TeardownNS(addr *net.IPNet, table int) error } @@ -70,14 +70,14 @@ type createVethPairContext struct { mtu int } -func newCreateVethPairContext(contVethName string, hostVethName string, addr *net.IPNet) *createVethPairContext { +func newCreateVethPairContext(contVethName string, hostVethName string, addr *net.IPNet, mtu int) *createVethPairContext { return &createVethPairContext{ contVethName: contVethName, hostVethName: hostVethName, addr: addr, netLink: netlinkwrapper.NewNetLink(), ip: ipwrapper.NewIP(), - mtu: networkutils.GetEthernetMTU(), + mtu: mtu, } } @@ -164,13 +164,13 @@ func (createVethContext *createVethPairContext) run(hostNS ns.NetNS) error { } // SetupNS wires up linux networking for a pod's network -func (os *linuxNetwork) SetupNS(hostVethName string, contVethName string, netnsPath string, addr *net.IPNet, table int, vpcCIDRs []string, useExternalSNAT bool) error { - log.Debugf("SetupNS: hostVethName=%s,contVethName=%s, netnsPath=%s table=%d", hostVethName, contVethName, netnsPath, table) - return setupNS(hostVethName, contVethName, netnsPath, addr, table, vpcCIDRs, useExternalSNAT, os.netLink, os.ns) +func (os *linuxNetwork) SetupNS(hostVethName string, contVethName string, netnsPath string, addr *net.IPNet, table int, vpcCIDRs []string, useExternalSNAT bool, mtu int) error { + log.Debugf("SetupNS: hostVethName=%s, contVethName=%s, netnsPath=%s, table=%d, mtu=%d", hostVethName, contVethName, netnsPath, table, mtu) + return setupNS(hostVethName, contVethName, netnsPath, addr, table, vpcCIDRs, useExternalSNAT, os.netLink, os.ns, mtu) } func setupNS(hostVethName string, contVethName string, netnsPath string, addr *net.IPNet, table int, vpcCIDRs []string, useExternalSNAT bool, - netLink netlinkwrapper.NetLink, ns nswrapper.NS) error { + netLink netlinkwrapper.NetLink, ns nswrapper.NS, mtu int) error { // Clean up if hostVeth exists. if oldHostVeth, err := netLink.LinkByName(hostVethName); err == nil { if err = netLink.LinkDel(oldHostVeth); err != nil { @@ -179,7 +179,7 @@ func setupNS(hostVethName string, contVethName string, netnsPath string, addr *n log.Debugf("Clean up old hostVeth: %v\n", hostVethName) } - createVethContext := newCreateVethPairContext(contVethName, hostVethName, addr) + createVethContext := newCreateVethPairContext(contVethName, hostVethName, addr, mtu) if err := ns.WithNetNSPath(netnsPath, createVethContext.run); err != nil { log.Errorf("Failed to setup NS network %v", err) return errors.Wrap(err, "setupNS network: failed to setup NS network") diff --git a/plugins/routed-eni/driver/driver_test.go b/plugins/routed-eni/driver/driver_test.go index e911e5892b..e55dba9920 100644 --- a/plugins/routed-eni/driver/driver_test.go +++ b/plugins/routed-eni/driver/driver_test.go @@ -43,6 +43,7 @@ const ( testeniIP = "10.10.10.20" testeniMAC = "01:23:45:67:89:ab" testeniSubnet = "10.10.0.0/16" + mtu = 9001 ) func setup(t *testing.T) (*gomock.Controller, @@ -529,7 +530,7 @@ func TestSetupPodNetwork(t *testing.T) { Mask: net.IPv4Mask(255, 255, 255, 255), } var cidrs []string - err = setupNS(testHostVethName, testContVethName, testnetnsPath, addr, testTable, cidrs, true, mockNetLink, mockNS) + err = setupNS(testHostVethName, testContVethName, testnetnsPath, addr, testTable, cidrs, true, mockNetLink, mockNS, mtu) assert.NoError(t, err) } @@ -548,7 +549,7 @@ func TestSetupPodNetworkErrLinkByName(t *testing.T) { Mask: net.IPv4Mask(255, 255, 255, 255), } var cidrs []string - err := setupNS(testHostVethName, testContVethName, testnetnsPath, addr, testTable, cidrs, false, mockNetLink, mockNS) + err := setupNS(testHostVethName, testContVethName, testnetnsPath, addr, testTable, cidrs, false, mockNetLink, mockNS, mtu) assert.Error(t, err) } @@ -570,7 +571,7 @@ func TestSetupPodNetworkErrLinkSetup(t *testing.T) { Mask: net.IPv4Mask(255, 255, 255, 255), } var cidrs []string - err := setupNS(testHostVethName, testContVethName, testnetnsPath, addr, testTable, cidrs, false, mockNetLink, mockNS) + err := setupNS(testHostVethName, testContVethName, testnetnsPath, addr, testTable, cidrs, false, mockNetLink, mockNS, mtu) assert.Error(t, err) } @@ -603,7 +604,7 @@ func TestSetupPodNetworkErrRouteReplace(t *testing.T) { Mask: net.IPv4Mask(255, 255, 255, 255), } var cidrs []string - err = setupNS(testHostVethName, testContVethName, testnetnsPath, addr, testTable, cidrs, false, mockNetLink, mockNS) + err = setupNS(testHostVethName, testContVethName, testnetnsPath, addr, testTable, cidrs, false, mockNetLink, mockNS, mtu) assert.Error(t, err) } @@ -651,7 +652,7 @@ func TestSetupPodNetworkPrimaryIntf(t *testing.T) { } var cidrs []string - err = setupNS(testHostVethName, testContVethName, testnetnsPath, addr, 0, cidrs, false, mockNetLink, mockNS) + err = setupNS(testHostVethName, testContVethName, testnetnsPath, addr, 0, cidrs, false, mockNetLink, mockNS, mtu) assert.NoError(t, err) } diff --git a/plugins/routed-eni/driver/mocks/driver_mocks.go b/plugins/routed-eni/driver/mocks/driver_mocks.go index f1d3970ad4..796eca3897 100644 --- a/plugins/routed-eni/driver/mocks/driver_mocks.go +++ b/plugins/routed-eni/driver/mocks/driver_mocks.go @@ -48,15 +48,15 @@ func (m *MockNetworkAPIs) EXPECT() *MockNetworkAPIsMockRecorder { } // SetupNS mocks base method -func (m *MockNetworkAPIs) SetupNS(arg0, arg1, arg2 string, arg3 *net.IPNet, arg4 int, arg5 []string, arg6 bool) error { - ret := m.ctrl.Call(m, "SetupNS", arg0, arg1, arg2, arg3, arg4, arg5, arg6) +func (m *MockNetworkAPIs) SetupNS(arg0, arg1, arg2 string, arg3 *net.IPNet, arg4 int, arg5 []string, arg6 bool, arg7 int) error { + ret := m.ctrl.Call(m, "SetupNS", arg0, arg1, arg2, arg3, arg4, arg5, arg6, arg7) ret0, _ := ret[0].(error) return ret0 } // SetupNS indicates an expected call of SetupNS -func (mr *MockNetworkAPIsMockRecorder) SetupNS(arg0, arg1, arg2, arg3, arg4, arg5, arg6 interface{}) *gomock.Call { - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SetupNS", reflect.TypeOf((*MockNetworkAPIs)(nil).SetupNS), arg0, arg1, arg2, arg3, arg4, arg5, arg6) +func (mr *MockNetworkAPIsMockRecorder) SetupNS(arg0, arg1, arg2, arg3, arg4, arg5, arg6, arg7 interface{}) *gomock.Call { + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SetupNS", reflect.TypeOf((*MockNetworkAPIs)(nil).SetupNS), arg0, arg1, arg2, arg3, arg4, arg5, arg6, arg7) } // TeardownNS mocks base method diff --git a/scripts/install-aws.sh b/scripts/install-aws.sh index 670e137921..3d12280334 100755 --- a/scripts/install-aws.sh +++ b/scripts/install-aws.sh @@ -1,6 +1,7 @@ #!/usr/bin/env bash echo "====== Installing AWS-CNI ======" sed -i s/__VETHPREFIX__/"${AWS_VPC_K8S_CNI_VETHPREFIX:-"eni"}"/g /app/10-aws.conflist +sed -i s/__MTU__/"${AWS_VPC_ENI_MTU:-"9001"}"/g /app/10-aws.conflist cp /app/portmap /host/opt/cni/bin/ cp /app/aws-cni-support.sh /host/opt/cni/bin/