Merge pull request #4952 from rbrtbnfgl/ipv6-nat

Add IPv6 NAT
This commit is contained in:
Roberto Bonafiglia 2022-01-19 08:44:57 +01:00 committed by GitHub
commit bb856c67dc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 18 additions and 2 deletions

View File

@ -411,6 +411,7 @@ func get(ctx context.Context, envInfo *cmds.Agent, proxy proxy.Proxy) (*config.N
SELinux: envInfo.EnableSELinux, SELinux: envInfo.EnableSELinux,
ContainerRuntimeEndpoint: envInfo.ContainerRuntimeEndpoint, ContainerRuntimeEndpoint: envInfo.ContainerRuntimeEndpoint,
FlannelBackend: controlConfig.FlannelBackend, FlannelBackend: controlConfig.FlannelBackend,
FlannelIPv6Masq: controlConfig.FlannelIPv6Masq,
ServerHTTPSPort: controlConfig.HTTPSPort, ServerHTTPSPort: controlConfig.HTTPSPort,
Token: info.String(), Token: info.String(),
} }

View File

@ -39,7 +39,7 @@ const (
subnetFile = "/run/flannel/subnet.env" subnetFile = "/run/flannel/subnet.env"
) )
func flannel(ctx context.Context, flannelIface *net.Interface, flannelConf, kubeConfigFile string, netMode int) error { func flannel(ctx context.Context, flannelIface *net.Interface, flannelConf, kubeConfigFile string, flannelIPv6Masq bool, netMode int) error {
extIface, err := LookupExtInterface(flannelIface, netMode) extIface, err := LookupExtInterface(flannelIface, netMode)
if err != nil { if err != nil {
return err return err
@ -71,6 +71,12 @@ func flannel(ctx context.Context, flannelIface *net.Interface, flannelConf, kube
go network.SetupAndEnsureIPTables(network.MasqRules(config.Network, bn.Lease()), 60) go network.SetupAndEnsureIPTables(network.MasqRules(config.Network, bn.Lease()), 60)
go network.SetupAndEnsureIPTables(network.ForwardRules(config.Network.String()), 50) go network.SetupAndEnsureIPTables(network.ForwardRules(config.Network.String()), 50)
if flannelIPv6Masq && config.IPv6Network.String() != emptyIPv6Network {
logrus.Debugf("Creating IPv6 masquerading iptables rules for %s network", config.IPv6Network.String())
go network.SetupAndEnsureIP6Tables(network.MasqIP6Rules(config.IPv6Network, bn.Lease()), 60)
go network.SetupAndEnsureIP6Tables(network.ForwardRules(config.IPv6Network.String()), 50)
}
if err := WriteSubnetFile(subnetFile, config.Network, config.IPv6Network, true, bn); err != nil { if err := WriteSubnetFile(subnetFile, config.Network, config.IPv6Network, true, bn); err != nil {
// Continue, even though it failed. // Continue, even though it failed.
logrus.Warningf("Failed to write flannel subnet file: %s", err) logrus.Warningf("Failed to write flannel subnet file: %s", err)

View File

@ -99,7 +99,7 @@ func Run(ctx context.Context, nodeConfig *config.Node, nodes typedcorev1.NodeInt
return errors.Wrap(err, "failed to check netMode for flannel") return errors.Wrap(err, "failed to check netMode for flannel")
} }
go func() { go func() {
err := flannel(ctx, nodeConfig.FlannelIface, nodeConfig.FlannelConfFile, nodeConfig.AgentConfig.KubeConfigKubelet, netMode) err := flannel(ctx, nodeConfig.FlannelIface, nodeConfig.FlannelConfFile, nodeConfig.AgentConfig.KubeConfigKubelet, nodeConfig.FlannelIPv6Masq, netMode)
if err != nil && !errors.Is(err, context.Canceled) { if err != nil && !errors.Is(err, context.Canceled) {
logrus.Fatalf("flannel exited: %v", err) logrus.Fatalf("flannel exited: %v", err)
} }

View File

@ -62,6 +62,7 @@ type Server struct {
DisableScheduler bool DisableScheduler bool
ServerURL string ServerURL string
FlannelBackend string FlannelBackend string
FlannelIPv6Masq bool
DefaultLocalStoragePath string DefaultLocalStoragePath string
DisableCCM bool DisableCCM bool
DisableNPC bool DisableNPC bool
@ -205,6 +206,11 @@ var ServerFlags = []cli.Flag{
Destination: &ServerConfig.FlannelBackend, Destination: &ServerConfig.FlannelBackend,
Value: "vxlan", Value: "vxlan",
}, },
cli.BoolFlag{
Name: "flannel-ipv6-masq",
Usage: "(networking) Enable IPv6 masquerading for pod",
Destination: &ServerConfig.FlannelIPv6Masq,
},
ServerToken, ServerToken,
cli.StringFlag{ cli.StringFlag{
Name: "token-file", Name: "token-file",

View File

@ -131,6 +131,7 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont
serverConfig.ControlConfig.AdvertiseIP = cfg.AdvertiseIP serverConfig.ControlConfig.AdvertiseIP = cfg.AdvertiseIP
serverConfig.ControlConfig.AdvertisePort = cfg.AdvertisePort serverConfig.ControlConfig.AdvertisePort = cfg.AdvertisePort
serverConfig.ControlConfig.FlannelBackend = cfg.FlannelBackend serverConfig.ControlConfig.FlannelBackend = cfg.FlannelBackend
serverConfig.ControlConfig.FlannelIPv6Masq = cfg.FlannelIPv6Masq
serverConfig.ControlConfig.ExtraCloudControllerArgs = cfg.ExtraCloudControllerArgs serverConfig.ControlConfig.ExtraCloudControllerArgs = cfg.ExtraCloudControllerArgs
serverConfig.ControlConfig.DisableCCM = cfg.DisableCCM serverConfig.ControlConfig.DisableCCM = cfg.DisableCCM
serverConfig.ControlConfig.DisableNPC = cfg.DisableNPC serverConfig.ControlConfig.DisableNPC = cfg.DisableNPC

View File

@ -34,6 +34,7 @@ type Node struct {
FlannelConfFile string FlannelConfFile string
FlannelConfOverride bool FlannelConfOverride bool
FlannelIface *net.Interface FlannelIface *net.Interface
FlannelIPv6Masq bool
Containerd Containerd Containerd Containerd
Images string Images string
AgentConfig Agent AgentConfig Agent
@ -116,6 +117,7 @@ type CriticalControlArgs struct {
DisableNPC bool DisableNPC bool
DisableServiceLB bool DisableServiceLB bool
FlannelBackend string FlannelBackend string
FlannelIPv6Masq bool
NoCoreDNS bool NoCoreDNS bool
ServiceIPRange *net.IPNet ServiceIPRange *net.IPNet
ServiceIPRanges []*net.IPNet ServiceIPRanges []*net.IPNet