Adding ability to disable IP-in-IP tunnelining for cross node pod-to-pod connectivity

where nodes are in different subnet. With tunneling disabled its expected that default gateway has learned the pod CIDR's allocated for all the nodes and can route the pod-to-pod traffic across nodes in different subnets Fixes #119
2025-10-08 08:21:28 +02:00 · 2017-09-08 22:03:09 +05:30 · 2017-09-08 22:03:09 +05:30 · ca97d0d6eb
commit ca97d0d6eb
parent 1c4adafd32
2 changed files with 26 additions and 0 deletions
--- a/app/controllers/network_routes_controller.go
+++ b/app/controllers/network_routes_controller.go
@ -54,6 +54,7 @@ type NetworkRoutingController struct {
 	globalPeerAsnNumber  uint32
 	bgpFullMeshMode      bool
 	podSubnetsIpSet      *ipset.IPSet
+	enableOverlays       bool
 }

 var (
@ -464,6 +465,24 @@ func (nrc *NetworkRoutingController) injectRoute(path *table.Path) error {
 	if !nrc.nodeSubnet.Contains(nexthop) {
 		tunnelName := "tun-" + strings.Replace(nexthop.String(), ".", "", -1)
 		glog.Infof("Found node: " + nexthop.String() + " to be in different subnet.")
+
+		// if overlay is not enabled then skip creating tunnels and adding route
+		if !nrc.enableOverlays {
+			glog.Infof("Found node: " + nexthop.String() + " to be in different subnet but overlays are " +
+				"disabled so not creating any tunnel and injecting route for the node's pod CIDR.")
+			glog.Infof("Cleaning up if there is any existing tunnel interface for the node")
+			link, err := netlink.LinkByName(tunnelName)
+			if err != nil {
+				return nil
+			}
+			err = netlink.LinkDel(link)
+			if err != nil {
+				glog.Errorf("Failed to delete tunnel link for the node due to " + err.Error())
+			}
+			return nil
+		}
+
+		// create ip-in-ip tunnel and inject route as overlay is enabled
 		var link netlink.Link
 		var err error
 		link, err = netlink.LinkByName(tunnelName)
@ -1007,6 +1026,8 @@ func NewNetworkRoutingController(clientset *kubernetes.Clientset,

 	nrc.advertiseClusterIp = kubeRouterConfig.AdvertiseClusterIp

+	nrc.enableOverlays = kubeRouterConfig.EnableOverlay
+
 	if (len(kubeRouterConfig.PeerRouter) != 0 && len(kubeRouterConfig.PeerAsn) == 0) ||
 		(len(kubeRouterConfig.PeerRouter) == 0 && len(kubeRouterConfig.PeerAsn) != 0) {
 		return nil, errors.New("Either both or none of the params --peer-asn, --peer-router must be specified")
--- a/app/options/options.go
+++ b/app/options/options.go
@ -29,6 +29,7 @@ type KubeRouterConfig struct {
 	FullMeshMode        bool
 	GlobalHairpinMode   bool
 	NodePortBindOnAllIp bool
+	EnableOverlay       bool
 }

 func NewKubeRouterConfig() *KubeRouterConfig {
@ -36,6 +37,7 @@ func NewKubeRouterConfig() *KubeRouterConfig {
 		IpvsSyncPeriod:     1 * time.Minute,
 		IPTablesSyncPeriod: 1 * time.Minute,
 		RoutesSyncPeriod:   1 * time.Minute,
+		EnableOverlay:      true,
 	}
 }

@ -84,4 +86,7 @@ func (s *KubeRouterConfig) AddFlags(fs *pflag.FlagSet) {
 		"Add iptable rules for every Service Endpoint to support hairpin traffic.")
 	fs.BoolVar(&s.NodePortBindOnAllIp, "nodeport-bindon-all-ip", false,
 		"For service of NodePort type create IPVS service that listens on all IP's of the node.")
+	fs.BoolVar(&s.EnableOverlay, "enable-overlay", true,
+		"When enable-overlay set to true, IP-in-IP tunneling is used for pod-to-pod networking across nodes in different subnets. "+
+			"When set to false no tunneling is used and routing infrastrcture is expected to route traffic for pod-to-pod networking across nodes in different subnets")
 }