Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Release 1.22] Add IPv6 NAT #4983

Merged
merged 4 commits into from
Jan 19, 2022
Merged

[Release 1.22] Add IPv6 NAT #4983

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
4f7fa01
Added iptables masquerade rules for ipv6 on flannel
rbrtbnfgl Jan 12, 2022
f5475bf
Added flannel-ipv6-masq flag to enable IPv6 nat
rbrtbnfgl Jan 14, 2022
db4d046
Added debug log for IPv6 Masquerading rule
rbrtbnfgl Jan 17, 2022
4536594
Move flannel logs to logrus
manuelbuil Dec 21, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions pkg/agent/config/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -411,6 +411,7 @@ func get(ctx context.Context, envInfo *cmds.Agent, proxy proxy.Proxy) (*config.N
SELinux: envInfo.EnableSELinux,
ContainerRuntimeEndpoint: envInfo.ContainerRuntimeEndpoint,
FlannelBackend: controlConfig.FlannelBackend,
FlannelIPv6Masq: controlConfig.FlannelIPv6Masq,
ServerHTTPSPort: controlConfig.HTTPSPort,
Token: info.String(),
}
Expand Down
24 changes: 15 additions & 9 deletions pkg/agent/flannel/flannel.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,8 @@ import (
"github.com/flannel-io/flannel/network"
"github.com/flannel-io/flannel/pkg/ip"
"github.com/flannel-io/flannel/subnet/kube"
"github.com/sirupsen/logrus"
"golang.org/x/net/context"
log "k8s.io/klog"

// Backends need to be imported for their init() to get executed and them to register
_ "github.com/flannel-io/flannel/backend/extension"
Expand All @@ -39,7 +39,7 @@ const (
subnetFile = "/run/flannel/subnet.env"
)

func flannel(ctx context.Context, flannelIface *net.Interface, flannelConf, kubeConfigFile string, netMode int) error {
func flannel(ctx context.Context, flannelIface *net.Interface, flannelConf, kubeConfigFile string, flannelIPv6Masq bool, netMode int) error {
extIface, err := LookupExtInterface(flannelIface, netMode)
if err != nil {
return err
Expand Down Expand Up @@ -71,15 +71,21 @@ func flannel(ctx context.Context, flannelIface *net.Interface, flannelConf, kube
go network.SetupAndEnsureIPTables(network.MasqRules(config.Network, bn.Lease()), 60)
go network.SetupAndEnsureIPTables(network.ForwardRules(config.Network.String()), 50)

if flannelIPv6Masq && config.IPv6Network.String() != emptyIPv6Network {
logrus.Debugf("Creating IPv6 masquerading iptables rules for %s network", config.IPv6Network.String())
go network.SetupAndEnsureIP6Tables(network.MasqIP6Rules(config.IPv6Network, bn.Lease()), 60)
go network.SetupAndEnsureIP6Tables(network.ForwardRules(config.IPv6Network.String()), 50)
}

if err := WriteSubnetFile(subnetFile, config.Network, config.IPv6Network, true, bn); err != nil {
// Continue, even though it failed.
log.Warningf("Failed to write subnet file: %s", err)
logrus.Warningf("Failed to write flannel subnet file: %s", err)
} else {
log.Infof("Wrote subnet file to %s", subnetFile)
logrus.Infof("Wrote flannel subnet file to %s", subnetFile)
}

// Start "Running" the backend network. This will block until the context is done so run in another goroutine.
log.Info("Running backend.")
logrus.Info("Running flannel backend.")
bn.Run(ctx)
return nil
}
Expand All @@ -90,26 +96,26 @@ func LookupExtInterface(iface *net.Interface, netMode int) (*backend.ExternalInt
var err error

if iface == nil {
log.Info("Determining IP address of default interface")
logrus.Debug("No interface defined for flannel in the config. Fetching the default gateway interface")
if iface, err = ip.GetDefaultGatewayInterface(); err != nil {
return nil, fmt.Errorf("failed to get default interface: %s", err)
}
} else {
log.Info("Determining IP address of specified interface: ", iface.Name)
}
logrus.Debugf("The interface %s will be used by flannel", iface.Name)

ifaceAddr, err = ip.GetInterfaceIP4Addr(iface)
if err != nil {
return nil, fmt.Errorf("failed to find IPv4 address for interface %s", iface.Name)
}
logrus.Infof("The interface %s with ipv4 address %s will be used by flannel", iface.Name, ifaceAddr)

if netMode == (ipv4 + ipv6) {
ifacev6Addr, err = ip.GetInterfaceIP6Addr(iface)
if err != nil {
return nil, fmt.Errorf("failed to find IPv6 address for interface %s", iface.Name)
}

log.Infof("Using ipv6 address %s", ifacev6Addr)
logrus.Infof("Using dual-stack mode. The ipv6 address %s will be used by flannel", ifacev6Addr)
}
if iface.MTU == 0 {
return nil, fmt.Errorf("failed to determine MTU for %s interface", ifaceAddr)
Expand Down
2 changes: 1 addition & 1 deletion pkg/agent/flannel/setup.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ func Run(ctx context.Context, nodeConfig *config.Node, nodes typedcorev1.NodeInt
return errors.Wrap(err, "failed to check netMode for flannel")
}
go func() {
err := flannel(ctx, nodeConfig.FlannelIface, nodeConfig.FlannelConfFile, nodeConfig.AgentConfig.KubeConfigKubelet, netMode)
err := flannel(ctx, nodeConfig.FlannelIface, nodeConfig.FlannelConfFile, nodeConfig.AgentConfig.KubeConfigKubelet, nodeConfig.FlannelIPv6Masq, netMode)
if err != nil && !errors.Is(err, context.Canceled) {
logrus.Fatalf("flannel exited: %v", err)
}
Expand Down
6 changes: 6 additions & 0 deletions pkg/cli/cmds/server.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ type Server struct {
DisableScheduler bool
ServerURL string
FlannelBackend string
FlannelIPv6Masq bool
DefaultLocalStoragePath string
DisableCCM bool
DisableNPC bool
Expand Down Expand Up @@ -204,6 +205,11 @@ var ServerFlags = []cli.Flag{
Destination: &ServerConfig.FlannelBackend,
Value: "vxlan",
},
cli.BoolFlag{
Name: "flannel-ipv6-masq",
Usage: "(networking) Enable IPv6 masquerading for pod",
Destination: &ServerConfig.FlannelIPv6Masq,
},
ServerToken,
cli.StringFlag{
Name: "token-file",
Expand Down
1 change: 1 addition & 0 deletions pkg/cli/server/server.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,7 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont
serverConfig.ControlConfig.AdvertiseIP = cfg.AdvertiseIP
serverConfig.ControlConfig.AdvertisePort = cfg.AdvertisePort
serverConfig.ControlConfig.FlannelBackend = cfg.FlannelBackend
serverConfig.ControlConfig.FlannelIPv6Masq = cfg.FlannelIPv6Masq
serverConfig.ControlConfig.ExtraCloudControllerArgs = cfg.ExtraCloudControllerArgs
serverConfig.ControlConfig.DisableCCM = cfg.DisableCCM
serverConfig.ControlConfig.DisableNPC = cfg.DisableNPC
Expand Down
2 changes: 2 additions & 0 deletions pkg/daemons/config/types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ type Node struct {
FlannelConfFile string
FlannelConfOverride bool
FlannelIface *net.Interface
FlannelIPv6Masq bool
Containerd Containerd
Images string
AgentConfig Agent
Expand Down Expand Up @@ -116,6 +117,7 @@ type CriticalControlArgs struct {
DisableNPC bool
DisableServiceLB bool
FlannelBackend string
FlannelIPv6Masq bool
NoCoreDNS bool
ServiceIPRange *net.IPNet
ServiceIPRanges []*net.IPNet
Expand Down