From ca97d0d6eb403f9b71db090f52ca106bbab4accf Mon Sep 17 00:00:00 2001 From: Murali Reddy Date: Fri, 8 Sep 2017 22:03:09 +0530 Subject: [PATCH] Adding ability to disable IP-in-IP tunnelining for cross node pod-to-pod connectivity where nodes are in different subnet. With tunneling disabled its expected that default gateway has learned the pod CIDR's allocated for all the nodes and can route the pod-to-pod traffic across nodes in different subnets Fixes #119 --- app/controllers/network_routes_controller.go | 21 ++++++++++++++++++++ app/options/options.go | 5 +++++ 2 files changed, 26 insertions(+) diff --git a/app/controllers/network_routes_controller.go b/app/controllers/network_routes_controller.go index 94d97eb2..f0dfba86 100644 --- a/app/controllers/network_routes_controller.go +++ b/app/controllers/network_routes_controller.go @@ -54,6 +54,7 @@ type NetworkRoutingController struct { globalPeerAsnNumber uint32 bgpFullMeshMode bool podSubnetsIpSet *ipset.IPSet + enableOverlays bool } var ( @@ -464,6 +465,24 @@ func (nrc *NetworkRoutingController) injectRoute(path *table.Path) error { if !nrc.nodeSubnet.Contains(nexthop) { tunnelName := "tun-" + strings.Replace(nexthop.String(), ".", "", -1) glog.Infof("Found node: " + nexthop.String() + " to be in different subnet.") + + // if overlay is not enabled then skip creating tunnels and adding route + if !nrc.enableOverlays { + glog.Infof("Found node: " + nexthop.String() + " to be in different subnet but overlays are " + + "disabled so not creating any tunnel and injecting route for the node's pod CIDR.") + glog.Infof("Cleaning up if there is any existing tunnel interface for the node") + link, err := netlink.LinkByName(tunnelName) + if err != nil { + return nil + } + err = netlink.LinkDel(link) + if err != nil { + glog.Errorf("Failed to delete tunnel link for the node due to " + err.Error()) + } + return nil + } + + // create ip-in-ip tunnel and inject route as overlay is enabled var link netlink.Link var err error link, err = netlink.LinkByName(tunnelName) @@ -1007,6 +1026,8 @@ func NewNetworkRoutingController(clientset *kubernetes.Clientset, nrc.advertiseClusterIp = kubeRouterConfig.AdvertiseClusterIp + nrc.enableOverlays = kubeRouterConfig.EnableOverlay + if (len(kubeRouterConfig.PeerRouter) != 0 && len(kubeRouterConfig.PeerAsn) == 0) || (len(kubeRouterConfig.PeerRouter) == 0 && len(kubeRouterConfig.PeerAsn) != 0) { return nil, errors.New("Either both or none of the params --peer-asn, --peer-router must be specified") diff --git a/app/options/options.go b/app/options/options.go index 6f2e4a16..6b75a398 100755 --- a/app/options/options.go +++ b/app/options/options.go @@ -29,6 +29,7 @@ type KubeRouterConfig struct { FullMeshMode bool GlobalHairpinMode bool NodePortBindOnAllIp bool + EnableOverlay bool } func NewKubeRouterConfig() *KubeRouterConfig { @@ -36,6 +37,7 @@ func NewKubeRouterConfig() *KubeRouterConfig { IpvsSyncPeriod: 1 * time.Minute, IPTablesSyncPeriod: 1 * time.Minute, RoutesSyncPeriod: 1 * time.Minute, + EnableOverlay: true, } } @@ -84,4 +86,7 @@ func (s *KubeRouterConfig) AddFlags(fs *pflag.FlagSet) { "Add iptable rules for every Service Endpoint to support hairpin traffic.") fs.BoolVar(&s.NodePortBindOnAllIp, "nodeport-bindon-all-ip", false, "For service of NodePort type create IPVS service that listens on all IP's of the node.") + fs.BoolVar(&s.EnableOverlay, "enable-overlay", true, + "When enable-overlay set to true, IP-in-IP tunneling is used for pod-to-pod networking across nodes in different subnets. "+ + "When set to false no tunneling is used and routing infrastrcture is expected to route traffic for pod-to-pod networking across nodes in different subnets") }