diff --git a/go.mod b/go.mod index ac16da7943..bc60fc50dc 100644 --- a/go.mod +++ b/go.mod @@ -97,7 +97,7 @@ require ( github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf github.com/docker/docker v20.10.21+incompatible github.com/erikdubbelboer/gspt v0.0.0-20190125194910-e68493906b83 - github.com/flannel-io/flannel v0.20.2 + github.com/flannel-io/flannel v0.21.0 github.com/go-bindata/go-bindata v3.1.2+incompatible github.com/go-sql-driver/mysql v1.6.0 github.com/go-test/deep v1.0.7 diff --git a/go.sum b/go.sum index 993432e7db..500750a98c 100644 --- a/go.sum +++ b/go.sum @@ -308,8 +308,8 @@ github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwo github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk= github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/flannel-io/flannel v0.20.2 h1:/hLQsvyQHQQV0mS9xxWVMf1oHPFBSReM1j5D9Cdm5dc= -github.com/flannel-io/flannel v0.20.2/go.mod h1:A23fmdRQyN4i6Gs5UzvVTlj8kcswPYIqisLhgUkhnxk= +github.com/flannel-io/flannel v0.21.0 h1:yWEk7JN2p6b5bwKZsdQ3NZblkNWF6DOhGjooat4XXl4= +github.com/flannel-io/flannel v0.21.0/go.mod h1:YIajK+YeyFL3LMC8VTL7+02plJXl8GVKqCsVJ+KhpT4= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/form3tech-oss/jwt-go v3.2.3+incompatible h1:7ZaBxOI7TMoYBfyA3cQHErNNyAWIKUMIwqxEtgHOs5c= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= diff --git a/pkg/agent/flannel/flannel.go b/pkg/agent/flannel/flannel.go index a961b9093c..d06dc02b1d 100644 --- a/pkg/agent/flannel/flannel.go +++ b/pkg/agent/flannel/flannel.go @@ -21,19 +21,19 @@ import ( "path/filepath" "sync" - "github.com/flannel-io/flannel/backend" - "github.com/flannel-io/flannel/network" + "github.com/flannel-io/flannel/pkg/backend" "github.com/flannel-io/flannel/pkg/ip" - "github.com/flannel-io/flannel/subnet/kube" + "github.com/flannel-io/flannel/pkg/iptables" + "github.com/flannel-io/flannel/pkg/subnet/kube" "github.com/sirupsen/logrus" "golang.org/x/net/context" // Backends need to be imported for their init() to get executed and them to register - _ "github.com/flannel-io/flannel/backend/extension" - _ "github.com/flannel-io/flannel/backend/hostgw" - _ "github.com/flannel-io/flannel/backend/ipsec" - _ "github.com/flannel-io/flannel/backend/vxlan" - _ "github.com/flannel-io/flannel/backend/wireguard" + _ "github.com/flannel-io/flannel/pkg/backend/extension" + _ "github.com/flannel-io/flannel/pkg/backend/hostgw" + _ "github.com/flannel-io/flannel/pkg/backend/ipsec" + _ "github.com/flannel-io/flannel/pkg/backend/vxlan" + _ "github.com/flannel-io/flannel/pkg/backend/wireguard" ) const ( @@ -52,7 +52,13 @@ func flannel(ctx context.Context, flannelIface *net.Interface, flannelConf, kube return err } - sm, err := kube.NewSubnetManager(ctx, "", kubeConfigFile, FlannelBaseAnnotation, flannelConf, false) + sm, err := kube.NewSubnetManager(ctx, + "", + kubeConfigFile, + FlannelBaseAnnotation, + flannelConf, + false, + false) if err != nil { return err } @@ -76,18 +82,46 @@ func flannel(ctx context.Context, flannelIface *net.Interface, flannelConf, kube } if netMode == (ipv4+ipv6) || netMode == ipv4 { - network.CreateIP4Chain("nat", "FLANNEL-POSTRTG") - network.CreateIP4Chain("filter", "FLANNEL-FWD") - go network.SetupAndEnsureIP4Tables(network.MasqRules(config.Network, bn.Lease()), 60) - go network.SetupAndEnsureIP4Tables(network.ForwardRules(config.Network.String()), 50) + net, err := config.GetFlannelNetwork(&bn.Lease().Subnet) + if err != nil { + return err + } + iptables.CreateIP4Chain("nat", "FLANNEL-POSTRTG") + iptables.CreateIP4Chain("filter", "FLANNEL-FWD") + getMasqRules := func() []iptables.IPTablesRule { + if config.HasNetworks() { + return iptables.MasqRules(config.Networks, bn.Lease()) + } + return iptables.MasqRules([]ip.IP4Net{config.Network}, bn.Lease()) + } + getFwdRules := func() []iptables.IPTablesRule { + return iptables.ForwardRules(net.String()) + } + go iptables.SetupAndEnsureIP4Tables(getMasqRules, 60) + go iptables.SetupAndEnsureIP4Tables(getFwdRules, 50) } - if flannelIPv6Masq && config.IPv6Network.String() != emptyIPv6Network { - logrus.Debugf("Creating IPv6 masquerading iptables rules for %s network", config.IPv6Network.String()) - network.CreateIP6Chain("nat", "FLANNEL-POSTRTG") - network.CreateIP6Chain("filter", "FLANNEL-FWD") - go network.SetupAndEnsureIP6Tables(network.MasqIP6Rules(config.IPv6Network, bn.Lease()), 60) - go network.SetupAndEnsureIP6Tables(network.ForwardRules(config.IPv6Network.String()), 50) + if config.IPv6Network.String() != emptyIPv6Network { + ip6net, err := config.GetFlannelIPv6Network(&bn.Lease().IPv6Subnet) + if err != nil { + return err + } + if flannelIPv6Masq { + logrus.Debugf("Creating IPv6 masquerading iptables rules for %s network", config.IPv6Network.String()) + iptables.CreateIP6Chain("nat", "FLANNEL-POSTRTG") + getRules := func() []iptables.IPTablesRule { + if config.HasIPv6Networks() { + return iptables.MasqIP6Rules(config.IPv6Networks, bn.Lease()) + } + return iptables.MasqIP6Rules([]ip.IP6Net{config.IPv6Network}, bn.Lease()) + } + go iptables.SetupAndEnsureIP6Tables(getRules, 60) + } + iptables.CreateIP6Chain("filter", "FLANNEL-FWD") + getRules := func() []iptables.IPTablesRule { + return iptables.ForwardRules(ip6net.String()) + } + go iptables.SetupAndEnsureIP6Tables(getRules, 50) } if err := WriteSubnetFile(subnetFile, config.Network, config.IPv6Network, true, bn, netMode); err != nil {