Merge pull request #4982 from rbrtbnfgl/ipv6-nat_release-1.21

[Release 1.21] Add IPv6 NAT
2022-01-19 08:45:33 +01:00 · 2022-01-19 08:45:33 +01:00 · dc970d27ca
parent 447279299b 42d160da5b
commit dc970d27ca
6 changed files with 26 additions and 10 deletions
--- a/pkg/agent/config/config.go
+++ b/pkg/agent/config/config.go
@ -388,6 +388,7 @@ func get(ctx context.Context, envInfo *cmds.Agent, proxy proxy.Proxy) (*config.N
 		SELinux:                  envInfo.EnableSELinux,
 		ContainerRuntimeEndpoint: envInfo.ContainerRuntimeEndpoint,
 		FlannelBackend:           controlConfig.FlannelBackend,
+		FlannelIPv6Masq:          controlConfig.FlannelIPv6Masq,
 		ServerHTTPSPort:          controlConfig.HTTPSPort,
 	}
 	nodeConfig.FlannelIface = flannelIface
--- a/pkg/agent/flannel/flannel.go
+++ b/pkg/agent/flannel/flannel.go
@ -25,8 +25,8 @@ import (
 	"github.com/flannel-io/flannel/network"
 	"github.com/flannel-io/flannel/pkg/ip"
 	"github.com/flannel-io/flannel/subnet/kube"
+	"github.com/sirupsen/logrus"
 	"golang.org/x/net/context"
-	log "k8s.io/klog"

 	// Backends need to be imported for their init() to get executed and them to register
 	_ "github.com/flannel-io/flannel/backend/extension"
@ -39,7 +39,7 @@ const (
 	subnetFile = "/run/flannel/subnet.env"
 )

-func flannel(ctx context.Context, flannelIface *net.Interface, flannelConf, kubeConfigFile string, netMode int) error {
+func flannel(ctx context.Context, flannelIface *net.Interface, flannelConf, kubeConfigFile string, flannelIPv6Masq bool, netMode int) error {
 	extIface, err := LookupExtInterface(flannelIface, netMode)
 	if err != nil {
 		return err
@ -71,15 +71,21 @@ func flannel(ctx context.Context, flannelIface *net.Interface, flannelConf, kube
 	go network.SetupAndEnsureIPTables(network.MasqRules(config.Network, bn.Lease()), 60)
 	go network.SetupAndEnsureIPTables(network.ForwardRules(config.Network.String()), 50)

+	if flannelIPv6Masq && config.IPv6Network.String() != emptyIPv6Network {
+		logrus.Debugf("Creating IPv6 masquerading iptables rules for %s network", config.IPv6Network.String())
+		go network.SetupAndEnsureIP6Tables(network.MasqIP6Rules(config.IPv6Network, bn.Lease()), 60)
+		go network.SetupAndEnsureIP6Tables(network.ForwardRules(config.IPv6Network.String()), 50)
+	}
+
 	if err := WriteSubnetFile(subnetFile, config.Network, config.IPv6Network, true, bn); err != nil {
 		// Continue, even though it failed.
-		log.Warningf("Failed to write subnet file: %s", err)
+		logrus.Warningf("Failed to write flannel subnet file: %s", err)
 	} else {
-		log.Infof("Wrote subnet file to %s", subnetFile)
+		logrus.Infof("Wrote flannel subnet file to %s", subnetFile)
 	}

 	// Start "Running" the backend network. This will block until the context is done so run in another goroutine.
-	log.Info("Running backend.")
+	logrus.Info("Running flannel backend.")
 	bn.Run(ctx)
 	return nil
 }
@ -90,18 +96,18 @@ func LookupExtInterface(iface *net.Interface, netMode int) (*backend.ExternalInt
 	var err error

 	if iface == nil {
-		log.Info("Determining IP address of default interface")
+		logrus.Debug("No interface defined for flannel in the config. Fetching the default gateway interface")
 		if iface, err = ip.GetDefaultGatewayInterface(); err != nil {
 			return nil, fmt.Errorf("failed to get default interface: %s", err)
 		}
-	} else {
-		log.Info("Determining IP address of specified interface: ", iface.Name)
 	}
+	logrus.Debugf("The interface %s will be used by flannel", iface.Name)

 	ifaceAddr, err = ip.GetInterfaceIP4Addr(iface)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find IPv4 address for interface %s", iface.Name)
 	}
+	logrus.Infof("The interface %s with ipv4 address %s will be used by flannel", iface.Name, ifaceAddr)

 	if netMode == (ipv4 + ipv6) {
 		ifacev6Addr, err = ip.GetInterfaceIP6Addr(iface)
@ -109,7 +115,7 @@ func LookupExtInterface(iface *net.Interface, netMode int) (*backend.ExternalInt
 			return nil, fmt.Errorf("failed to find IPv6 address for interface %s", iface.Name)
 		}

-		log.Infof("Using ipv6 address %s", ifacev6Addr)
+		logrus.Infof("Using dual-stack mode. The ipv6 address %s will be used by flannel", ifacev6Addr)
 	}
 	if iface.MTU == 0 {
 		return nil, fmt.Errorf("failed to determine MTU for %s interface", ifaceAddr)
--- a/pkg/agent/flannel/setup.go
+++ b/pkg/agent/flannel/setup.go
@ -99,7 +99,7 @@ func Run(ctx context.Context, nodeConfig *config.Node, nodes typedcorev1.NodeInt
 		return errors.Wrap(err, "failed to check netMode for flannel")
 	}
 	go func() {
-		err := flannel(ctx, nodeConfig.FlannelIface, nodeConfig.FlannelConfFile, nodeConfig.AgentConfig.KubeConfigKubelet, netMode)
+		err := flannel(ctx, nodeConfig.FlannelIface, nodeConfig.FlannelConfFile, nodeConfig.AgentConfig.KubeConfigKubelet, nodeConfig.FlannelIPv6Masq, netMode)
 		if err != nil && !errors.Is(err, context.Canceled) {
 			logrus.Fatalf("flannel exited: %v", err)
 		}
--- a/pkg/cli/cmds/server.go
+++ b/pkg/cli/cmds/server.go
@ -52,6 +52,7 @@ type Server struct {
 	DisableScheduler         bool
 	ServerURL                string
 	FlannelBackend           string
+	FlannelIPv6Masq          bool
 	DefaultLocalStoragePath  string
 	DisableCCM               bool
 	DisableNPC               bool
@ -194,6 +195,11 @@ var ServerFlags = []cli.Flag{
 		Destination: &ServerConfig.FlannelBackend,
 		Value:       "vxlan",
 	},
+	cli.BoolFlag{
+		Name:        "flannel-ipv6-masq",
+		Usage:       "(networking) Enable IPv6 masquerading for pod",
+		Destination: &ServerConfig.FlannelIPv6Masq,
+	},
 	ServerToken,
 	cli.StringFlag{
 		Name:        "token-file",
--- a/pkg/cli/server/server.go
+++ b/pkg/cli/server/server.go
@ -131,6 +131,7 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont
 	serverConfig.ControlConfig.AdvertiseIP = cfg.AdvertiseIP
 	serverConfig.ControlConfig.AdvertisePort = cfg.AdvertisePort
 	serverConfig.ControlConfig.FlannelBackend = cfg.FlannelBackend
+	serverConfig.ControlConfig.FlannelIPv6Masq = cfg.FlannelIPv6Masq
 	serverConfig.ControlConfig.ExtraCloudControllerArgs = cfg.ExtraCloudControllerArgs
 	serverConfig.ControlConfig.DisableCCM = cfg.DisableCCM
 	serverConfig.ControlConfig.DisableNPC = cfg.DisableNPC
--- a/pkg/daemons/config/types.go
+++ b/pkg/daemons/config/types.go
@ -34,6 +34,7 @@ type Node struct {
 	FlannelConfFile          string
 	FlannelConfOverride      bool
 	FlannelIface             *net.Interface
+	FlannelIPv6Masq          bool
 	Containerd               Containerd
 	Images                   string
 	AgentConfig              Agent
@ -115,6 +116,7 @@ type CriticalControlArgs struct {
 	DisableNPC       bool
 	DisableServiceLB bool
 	FlannelBackend   string
+	FlannelIPv6Masq  bool
 	NoCoreDNS        bool
 	ServiceIPRange   *net.IPNet
 	ServiceIPRanges  []*net.IPNet