Merge pull request #20115 from pravisankar/egress-router-add-dns-route

Allow egress-router to connect to DNS IP

Author: openshift-merge-robot

pkg/cmd/server/kubernetes/network/sdn_linux.go

@@ -56,6 +56,7 @@ func NewSDNInterfaces(options configapi.NodeConfig, networkClient networkclient.
 		PluginName:         options.NetworkConfig.NetworkPluginName,
 		Hostname:           options.NodeName,
 		SelfIP:             options.NodeIP,
+		DNSIP:              options.DNSIP,
 		RuntimeEndpoint:    runtimeEndpoint,
 		CNIBinDir:          cniBinDir,
 		CNIConfDir:         cniConfDir,

pkg/network/node/cniserver/cniserver.go

@@ -59,6 +59,7 @@ const CNIServerConfigFilePath string = CNIServerRunDir + "/" + CNIServerConfigFi
 type Config struct {
 	MTU                uint32 `json:"mtu"`
 	ServiceNetworkCIDR string `json:"serviceNetworkCIDR"`
+	DNSIP              string `json:"dnsIP"`
 }
 
 // Explicit type for CNI commands the server handles

pkg/network/node/cniserver/cniserver_test.go

@@ -62,7 +62,7 @@ func TestCNIServer(t *testing.T) {
 	defer os.RemoveAll(tmpDir)
 	socketPath := filepath.Join(tmpDir, CNIServerSocketName)
 
-	s := NewCNIServer(tmpDir, &Config{MTU: 1500, ServiceNetworkCIDR: "172.30.0.0/16"})
+	s := NewCNIServer(tmpDir, &Config{MTU: 1500, ServiceNetworkCIDR: "172.30.0.0/16", DNSIP: "172.30.0.1"})
 	if err := s.Start(serverHandleCNI); err != nil {
 		t.Fatalf("error starting CNI server: %v", err)
 	}

pkg/network/node/node.go

@@ -71,6 +71,7 @@ type OsdnNodeConfig struct {
 	PluginName      string
 	Hostname        string
 	SelfIP          string
+	DNSIP           string
 	RuntimeEndpoint string
 	MTU             uint32
 	EnableHostports bool
@@ -169,7 +170,7 @@ func New(c *OsdnNodeConfig) (*OsdnNode, error) {
 		networkClient:      c.NetworkClient,
 		recorder:           c.Recorder,
 		oc:                 oc,
-		podManager:         newPodManager(c.KClient, policy, c.MTU, c.CNIBinDir, oc, c.EnableHostports),
+		podManager:         newPodManager(c.KClient, policy, c.MTU, c.CNIBinDir, oc, c.EnableHostports, c.DNSIP),
 		localIP:            c.SelfIP,
 		hostName:           c.Hostname,
 		useConnTrack:       useConnTrack,

pkg/network/node/pod.go

@@ -82,10 +82,13 @@ type podManager struct {
 	// and thus can be set from Start()
 	ipamConfig     []byte
 	hostportSyncer kubehostport.HostportSyncer
+
+	// IP address that pods will use to access cluster DNS
+	dnsIP string
 }
 
 // Creates a new live podManager; used by node code0
-func newPodManager(kClient kclientset.Interface, policy osdnPolicy, mtu uint32, cniBinPath string, ovs *ovsController, enableHostports bool) *podManager {
+func newPodManager(kClient kclientset.Interface, policy osdnPolicy, mtu uint32, cniBinPath string, ovs *ovsController, enableHostports bool, dnsIP string) *podManager {
 	pm := newDefaultPodManager()
 	pm.kClient = kClient
 	pm.policy = policy
@@ -94,6 +97,7 @@ func newPodManager(kClient kclientset.Interface, policy osdnPolicy, mtu uint32,
 	pm.podHandler = pm
 	pm.ovs = ovs
 	pm.enableHostports = enableHostports
+	pm.dnsIP = dnsIP
 	return pm
 }
 
@@ -180,7 +184,7 @@ func (m *podManager) Start(rundir string, localSubnetCIDR string, clusterNetwork
 
 	go m.processCNIRequests()
 
-	m.cniServer = cniserver.NewCNIServer(rundir, &cniserver.Config{MTU: m.mtu, ServiceNetworkCIDR: serviceNetworkCIDR})
+	m.cniServer = cniserver.NewCNIServer(rundir, &cniserver.Config{MTU: m.mtu, ServiceNetworkCIDR: serviceNetworkCIDR, DNSIP: m.dnsIP})
 	return m.cniServer.Start(m.handleCNIRequest)
 }
 

pkg/network/sdn-cni-plugin/openshift-sdn.go

@@ -205,30 +205,32 @@ func (p *cniPlugin) CmdAdd(args *skel.CmdArgs) error {
 			if err != nil {
 				return fmt.Errorf("failed to configure macvlan device: %v", err)
 			}
+
+			var dsts []*net.IPNet
 			for _, addr := range addrs {
-				route := &netlink.Route{
-					Dst: &net.IPNet{
-						IP:   addr.IP,
-						Mask: net.CIDRMask(32, 32),
-					},
-					Gw: defaultGW,
-				}
-				if err := netlink.RouteAdd(route); err != nil {
-					return fmt.Errorf("failed to add route to node IP: %v", err)
-				}
+				dsts = append(dsts, &net.IPNet{IP: addr.IP, Mask: net.CIDRMask(32, 32)})
 			}
 
-			// Add a route to service network via SDN
 			_, serviceIPNet, err := net.ParseCIDR(config.ServiceNetworkCIDR)
 			if err != nil {
 				return fmt.Errorf("failed to parse ServiceNetworkCIDR: %v", err)
 			}
-			route := &netlink.Route{
-				Dst: serviceIPNet,
-				Gw:  defaultGW,
+			dsts = append(dsts, serviceIPNet)
+
+			dnsIP := net.ParseIP(config.DNSIP)
+			if dnsIP == nil {
+				return fmt.Errorf("failed to parse dns IP: %v", err)
 			}
-			if err := netlink.RouteAdd(route); err != nil {
-				return fmt.Errorf("failed to add route to service network: %v", err)
+			dsts = append(dsts, &net.IPNet{IP: dnsIP, Mask: net.CIDRMask(32, 32)})
+
+			for _, dst := range dsts {
+				route := &netlink.Route{
+					Dst: dst,
+					Gw:  defaultGW,
+				}
+				if err := netlink.RouteAdd(route); err != nil {
+					return fmt.Errorf("failed to add route to dst: %v via SDN: %v", dst, err)
+				}
 			}
 		}
 

pkg/network/sdn-cni-plugin/sdn_cni_plugin_test.go

@@ -83,7 +83,7 @@ func TestOpenshiftSdnCNIPlugin(t *testing.T) {
 	defer os.RemoveAll(tmpDir)
 
 	path := filepath.Join(tmpDir, cniserver.CNIServerSocketName)
-	server := cniserver.NewCNIServer(tmpDir, &cniserver.Config{MTU: 1500, ServiceNetworkCIDR: "172.30.0.0/16"})
+	server := cniserver.NewCNIServer(tmpDir, &cniserver.Config{MTU: 1500, ServiceNetworkCIDR: "172.30.0.0/16", DNSIP: "172.30.0.1"})
 	if err := server.Start(serverHandleCNI); err != nil {
 		t.Fatalf("error starting CNI server: %v", err)
 	}