mirror of https://github.com/k3s-io/k3s
Use TrafficManager interface when calling flannel
Signed-off-by: Thomas Ferrandiz <thomas.ferrandiz@suse.com>pull/10222/head
Thomas Ferrandiz
parent
1da6b9aacd
commit
e5eea95ca7
1
go.mod
1
go.mod
|
|
@ -114,6 +114,7 @@ require (
|
|||
github.com/gorilla/websocket v1.5.1
|
||||
github.com/ipfs/go-ds-leveldb v0.5.0
|
||||
github.com/ipfs/go-log/v2 v2.5.1
|
||||
github.com/joho/godotenv v1.5.1
|
||||
github.com/json-iterator/go v1.1.12
|
||||
github.com/k3s-io/helm-controller v0.15.9
|
||||
github.com/k3s-io/kine v0.11.7
|
||||
|
|
|
|||
2
go.sum
2
go.sum
|
|
@ -758,6 +758,8 @@ github.com/jbenet/goprocess v0.1.4/go.mod h1:5yspPrukOVuOLORacaBi858NqyClJPQxYZl
|
|||
github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU=
|
||||
github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
|
||||
github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
|
||||
github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
|
||||
github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
|
||||
github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
|
||||
github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
|
||||
github.com/jonboulle/clockwork v0.4.0 h1:p4Cf1aMWXnXAUh8lVfewRBx1zaTSYKrKMF2g3ST4RZ4=
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ import (
|
|||
"github.com/flannel-io/flannel/pkg/ip"
|
||||
"github.com/flannel-io/flannel/pkg/subnet/kube"
|
||||
"github.com/flannel-io/flannel/pkg/trafficmngr/iptables"
|
||||
"github.com/joho/godotenv"
|
||||
"github.com/pkg/errors"
|
||||
"github.com/sirupsen/logrus"
|
||||
"golang.org/x/net/context"
|
||||
|
|
@ -80,49 +81,36 @@ func flannel(ctx context.Context, flannelIface *net.Interface, flannelConf, kube
|
|||
if err != nil {
|
||||
return errors.Wrap(err, "failed to register flannel network")
|
||||
}
|
||||
trafficMngr := &iptables.IPTablesManager{}
|
||||
err = trafficMngr.Init(ctx, &sync.WaitGroup{})
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "failed to initialize flannel ipTables manager")
|
||||
}
|
||||
|
||||
if netMode == (ipv4+ipv6) || netMode == ipv4 {
|
||||
net, err := config.GetFlannelNetwork(&bn.Lease().Subnet)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "failed to get flannel network details")
|
||||
if config.Network.Empty() {
|
||||
return errors.New("ipv4 mode requested but no ipv4 network provided")
|
||||
}
|
||||
iptables.CreateIP4Chain("nat", "FLANNEL-POSTRTG")
|
||||
iptables.CreateIP4Chain("filter", "FLANNEL-FWD")
|
||||
getMasqRules := func() []iptables.IPTablesRule {
|
||||
if config.HasNetworks() {
|
||||
return iptables.MasqRules(config.Networks, bn.Lease())
|
||||
}
|
||||
return iptables.MasqRules([]ip.IP4Net{config.Network}, bn.Lease())
|
||||
}
|
||||
getFwdRules := func() []iptables.IPTablesRule {
|
||||
return iptables.ForwardRules(net.String())
|
||||
}
|
||||
go iptables.SetupAndEnsureIP4Tables(getMasqRules, 60)
|
||||
go iptables.SetupAndEnsureIP4Tables(getFwdRules, 50)
|
||||
}
|
||||
|
||||
if config.IPv6Network.String() != emptyIPv6Network {
|
||||
ip6net, err := config.GetFlannelIPv6Network(&bn.Lease().IPv6Subnet)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "failed to get ipv6 flannel network details")
|
||||
}
|
||||
if flannelIPv6Masq {
|
||||
logrus.Debugf("Creating IPv6 masquerading iptables rules for %s network", config.IPv6Network.String())
|
||||
iptables.CreateIP6Chain("nat", "FLANNEL-POSTRTG")
|
||||
getRules := func() []iptables.IPTablesRule {
|
||||
if config.HasIPv6Networks() {
|
||||
return iptables.MasqIP6Rules(config.IPv6Networks, bn.Lease())
|
||||
}
|
||||
return iptables.MasqIP6Rules([]ip.IP6Net{config.IPv6Network}, bn.Lease())
|
||||
}
|
||||
go iptables.SetupAndEnsureIP6Tables(getRules, 60)
|
||||
}
|
||||
iptables.CreateIP6Chain("filter", "FLANNEL-FWD")
|
||||
getRules := func() []iptables.IPTablesRule {
|
||||
return iptables.ForwardRules(ip6net.String())
|
||||
}
|
||||
go iptables.SetupAndEnsureIP6Tables(getRules, 50)
|
||||
//setup masq rules
|
||||
prevNetwork := ReadCIDRFromSubnetFile(subnetFile, "FLANNEL_NETWORK")
|
||||
prevSubnet := ReadCIDRFromSubnetFile(subnetFile, "FLANNEL_SUBNET")
|
||||
|
||||
prevIPv6Network := ReadIP6CIDRFromSubnetFile(subnetFile, "FLANNEL_IPV6_NETWORK")
|
||||
prevIPv6Subnet := ReadIP6CIDRFromSubnetFile(subnetFile, "FLANNEL_IPV6_SUBNET")
|
||||
if flannelIPv6Masq {
|
||||
err = trafficMngr.SetupAndEnsureMasqRules(ctx, config.Network, prevSubnet, prevNetwork, config.IPv6Network, prevIPv6Subnet, prevIPv6Network, bn.Lease(), 60)
|
||||
} else {
|
||||
//set empty flannel ipv6 Network to prevent masquerading
|
||||
err = trafficMngr.SetupAndEnsureMasqRules(ctx, config.Network, prevSubnet, prevNetwork, ip.IP6Net{}, prevIPv6Subnet, prevIPv6Network, bn.Lease(), 60)
|
||||
}
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "failed to setup masq rules")
|
||||
}
|
||||
|
||||
//setup forward rules
|
||||
trafficMngr.SetupAndEnsureForwardRules(ctx, config.Network, config.IPv6Network, 50)
|
||||
|
||||
if err := WriteSubnetFile(subnetFile, config.Network, config.IPv6Network, true, bn, netMode); err != nil {
|
||||
// Continue, even though it failed.
|
||||
|
|
@ -237,3 +225,37 @@ func WriteSubnetFile(path string, nw ip.IP4Net, nwv6 ip.IP6Net, ipMasq bool, bn
|
|||
return os.Rename(tempFile, path)
|
||||
//TODO - is this safe? What if it's not on the same FS?
|
||||
}
|
||||
|
||||
// ReadCIDRFromSubnetFile reads the flannel subnet file and extracts the value of IPv4 network CIDRKey
|
||||
func ReadCIDRFromSubnetFile(path string, CIDRKey string) ip.IP4Net {
|
||||
var prevCIDR ip.IP4Net
|
||||
if _, err := os.Stat(path); !os.IsNotExist(err) {
|
||||
prevSubnetVals, err := godotenv.Read(path)
|
||||
if err != nil {
|
||||
logrus.Errorf("Couldn't fetch previous %s from subnet file at %s: %v", CIDRKey, path, err)
|
||||
} else if prevCIDRString, ok := prevSubnetVals[CIDRKey]; ok {
|
||||
err = prevCIDR.UnmarshalJSON([]byte(prevCIDRString))
|
||||
if err != nil {
|
||||
logrus.Errorf("Couldn't parse previous %s from subnet file at %s: %v", CIDRKey, path, err)
|
||||
}
|
||||
}
|
||||
}
|
||||
return prevCIDR
|
||||
}
|
||||
|
||||
// ReadIP6CIDRFromSubnetFile reads the flannel subnet file and extracts the value of IPv6 network CIDRKey
|
||||
func ReadIP6CIDRFromSubnetFile(path string, CIDRKey string) ip.IP6Net {
|
||||
var prevCIDR ip.IP6Net
|
||||
if _, err := os.Stat(path); !os.IsNotExist(err) {
|
||||
prevSubnetVals, err := godotenv.Read(path)
|
||||
if err != nil {
|
||||
logrus.Errorf("Couldn't fetch previous %s from subnet file at %s: %v", CIDRKey, path, err)
|
||||
} else if prevCIDRString, ok := prevSubnetVals[CIDRKey]; ok {
|
||||
err = prevCIDR.UnmarshalJSON([]byte(prevCIDRString))
|
||||
if err != nil {
|
||||
logrus.Errorf("Couldn't parse previous %s from subnet file at %s: %v", CIDRKey, path, err)
|
||||
}
|
||||
}
|
||||
}
|
||||
return prevCIDR
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue