policy: enable KPR

Signed-off-by: l1b0k <[email protected]>
l1b0k · Jan 13, 2025 · dc9976c · dc9976c
1 parent b2e1146
commit dc9976c
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 1 deletion.
diff --git a/cmd/terway-cli/cni_linux.go b/cmd/terway-cli/cni_linux.go
@@ -63,3 +63,18 @@ func allowEBPFNetworkPolicy(require bool) (bool, error) {
 func checkKernelVersion(k, major, minor int) bool {
 	return kernel.CheckKernelVersion(k, major, minor)
 }
+
+func enableKPR() bool {
+	if !utilfeature.DefaultFeatureGate.Enabled(terwayfeature.KubeProxyReplacement) {
+		return false
+	}
+
+	prev := nodecap.GetNodeCapabilities(nodecap.NodeCapabilityKubeProxyReplacement)
+	if prev == True {
+		fmt.Println("kpr enabled")
+		return true
+	}
+
+	_, err := netlink.LinkByName("cilium_net")
+	return errors.As(err, &netlink.LinkNotFoundError{})
+}
diff --git a/cmd/terway-cli/policy.go b/cmd/terway-cli/policy.go
@@ -27,6 +27,7 @@ type PolicyConfig struct {
 	IPv6                 bool
 	InClusterLoadBalance bool
 	HasCiliumChainer     bool
+	EnableKPR            bool
 }
 
 type CNIConfig struct {
@@ -76,6 +77,7 @@ func getPolicyConfig(capFilePath string) (*PolicyConfig, error) {
 	cfg.Datapath = store.Get(nodecap.NodeCapabilityDataPath)
 	cfg.PolicyProvider = store.Get(nodecap.NodeCapabilityNetworkPolicyProvider)
 	cfg.HasCiliumChainer = store.Get(nodecap.NodeCapabilityHasCiliumChainer) == True
+	cfg.EnableKPR = store.Get(nodecap.NodeCapabilityKubeProxyReplacement) == True
 
 	cfg.HealthCheckPort = os.Getenv("FELIX_HEALTHPORT")
 	if cfg.HealthCheckPort == "" {
@@ -209,6 +211,12 @@ func runCilium(cfg *PolicyConfig) error {
 		"--enable-bandwidth-manager=true",
 		"--agent-health-port=" + cfg.HealthCheckPort,
 	}
+	if cfg.IPv6 {
+		args = append(args, "--enable-ipv6=true")
+	} else {
+		args = append(args, "--enable-ipv6=false")
+	}
+
 	if cfg.EnableNetworkPolicy {
 		args = append(args, "--enable-policy=default")
 	} else {
@@ -221,6 +229,11 @@ func runCilium(cfg *PolicyConfig) error {
 		args = append(args, "--datapath-mode=ipvlan")
 	case dataPathV2:
 		args = append(args, "--datapath-mode=veth")
+
+		if cfg.EnableKPR {
+			args = append(args, "--enable-node-port=true")
+		}
+
 	default:
 		args = append(args, "--kube-proxy-replacement=disabled")
 	}

diff --git a/pkg/feature/feature.go b/pkg/feature/feature.go
@@ -14,8 +14,11 @@ func init() {
 const (
 	// AutoDataPathV2 enable the new datapath feature.
 	AutoDataPathV2 featuregate.Feature = "AutoDataPathV2"
+
+	KubeProxyReplacement featuregate.Feature = "KubeProxyReplacement"
 )
 
 var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureSpec{
-	AutoDataPathV2: {Default: true, PreRelease: featuregate.Alpha},
+	AutoDataPathV2:       {Default: true, PreRelease: featuregate.Alpha},
+	KubeProxyReplacement: {Default: true, PreRelease: featuregate.Alpha},
 }
diff --git a/pkg/utils/nodecap/node_capabilities.go b/pkg/utils/nodecap/node_capabilities.go
@@ -18,6 +18,7 @@ const (
 	NodeCapabilityDataPath              = "datapath"
 	NodeCapabilityNetworkPolicyProvider = "network_policy_provider"
 	NodeCapabilityHasCiliumChainer      = "has_cilium_chainer"
+	NodeCapabilityKubeProxyReplacement  = "kube_proxy_replacement"
 )
 
 // NodeCapabilitiesStore defines an interface for node capabilities operations