Merge pull request #2667 from ricky-rav/OCPBUGS-59246

OCPBUGS-59381:[release-4.17] Fix default network -> localnet

Author: openshift-merge-bot[bot]

go-controller/pkg/node/gateway.go

@@ -406,8 +406,8 @@ func (g *gateway) Reconcile() error {
 	if err != nil {
 		return fmt.Errorf("failed to get subnets for node: %s for OpenFlow cache update; err: %w", node.Name, err)
 	}
-	nodeIPs, _ := g.nodeIPManager.ListAddresses()
-	if err := g.openflowManager.updateBridgeFlowCache(subnets, nodeIPs); err != nil {
+	hostIPs, hostSubnets := g.nodeIPManager.ListAddresses()
+	if err := g.openflowManager.updateBridgeFlowCache(subnets, hostSubnets, hostIPs); err != nil {
 		return err
 	}
 	// Services create OpenFlow flows as well, need to update them all

go-controller/pkg/node/gateway_localnet.go

@@ -20,16 +20,16 @@ import (
 	utilnet "k8s.io/utils/net"
 )
 
-func newLocalGateway(nodeName string, hostSubnets []*net.IPNet, gwNextHops []net.IP, gwIntf, egressGWIntf string, gwIPs []*net.IPNet,
+func newLocalGateway(nodeName string, subnets []*net.IPNet, gwNextHops []net.IP, gwIntf, egressGWIntf string, gwIPs []*net.IPNet,
 	nodeAnnotator kube.Annotator, cfg *managementPortConfig, kube kube.Interface, watchFactory factory.NodeWatchFactory,
 	routeManager *routemanager.Controller) (*gateway, error) {
 	klog.Info("Creating new local gateway")
 	gw := &gateway{}
 
-	for _, hostSubnet := range hostSubnets {
+	for _, subnet := range subnets {
 		// local gateway mode uses mp0 as default path for all ingress traffic into OVN
 		var nextHop *net.IPNet
-		if utilnet.IsIPv6CIDR(hostSubnet) {
+		if utilnet.IsIPv6CIDR(subnet) {
 			nextHop = cfg.ipv6.ifAddr
 		} else {
 			nextHop = cfg.ipv4.ifAddr
@@ -129,16 +129,16 @@ func newLocalGateway(nodeName string, hostSubnets []*net.IPNet, gwNextHops []net
 			return fmt.Errorf("failed to update masquerade subnet annotation on node: %s, error: %v", nodeName, err)
 		}
 
-		nodeIPs, _ := gw.nodeIPManager.ListAddresses()
-		gw.openflowManager, err = newGatewayOpenFlowManager(gwBridge, exGwBridge, hostSubnets, nodeIPs)
+		hostIPs, hostSubnets := gw.nodeIPManager.ListAddresses()
+		gw.openflowManager, err = newGatewayOpenFlowManager(gwBridge, exGwBridge, subnets, hostSubnets, hostIPs)
 		if err != nil {
 			return err
 		}
 		// resync flows on IP change
 		gw.nodeIPManager.OnChanged = func() {
 			klog.V(5).Info("Node addresses changed, re-syncing bridge flows")
-			nodeIPs, _ := gw.nodeIPManager.ListAddresses()
-			if err := gw.openflowManager.updateBridgeFlowCache(hostSubnets, nodeIPs); err != nil {
+			hostIPs, hostSubnets := gw.nodeIPManager.ListAddresses()
+			if err := gw.openflowManager.updateBridgeFlowCache(subnets, hostSubnets, hostIPs); err != nil {
 				// very unlikely - somehow node has lost its IP address
 				klog.Errorf("Failed to re-generate gateway flows after address change: %v", err)
 			}
@@ -158,7 +158,7 @@ func newLocalGateway(nodeName string, hostSubnets []*net.IPNet, gwNextHops []net
 		if config.Gateway.NodeportEnable {
 			if config.OvnKubeNode.Mode == types.NodeModeFull {
 				// (TODO): Internal Traffic Policy is not supported in DPU mode
-				if err := initSvcViaMgmPortRoutingRules(hostSubnets); err != nil {
+				if err := initSvcViaMgmPortRoutingRules(subnets); err != nil {
 					return err
 				}
 			}

go-controller/pkg/node/gateway_shared_intf.go

@@ -1371,7 +1371,7 @@ func flowsForDefaultBridge(bridge *bridgeConfiguration, extraIPs []net.IP) ([]st
 	return dftFlows, nil
 }
 
-func commonFlows(subnets []*net.IPNet, bridge *bridgeConfiguration) ([]string, error) {
+func commonFlows(subnets, hostSubnets []*net.IPNet, bridge *bridgeConfiguration) ([]string, error) {
 	// CAUTION: when adding new flows where the in_port is ofPortPatch and the out_port is ofPortPhys, ensure
 	// that dl_src is included in match criteria!
 	ofPortPhys := bridge.ofPortPhys
@@ -1432,7 +1432,7 @@ func commonFlows(subnets []*net.IPNet, bridge *bridgeConfiguration) ([]string, e
 
 					// Allow OVN->Host traffic on the same node
 					if config.Gateway.Mode == config.GatewayModeShared || config.Gateway.Mode == config.GatewayModeLocal {
-						dftFlows = append(dftFlows, ovnToHostNetworkNormalActionFlows(netConfig, bridgeMacAddress, subnets, false)...)
+						dftFlows = append(dftFlows, ovnToHostNetworkNormalActionFlows(netConfig, bridgeMacAddress, hostSubnets, false)...)
 					}
 				} else {
 					//  for UDN we additionally SNAT the packet from masquerade IP -> node IP
@@ -1512,7 +1512,7 @@ func commonFlows(subnets []*net.IPNet, bridge *bridgeConfiguration) ([]string, e
 
 					// Allow OVN->Host traffic on the same node
 					if config.Gateway.Mode == config.GatewayModeShared || config.Gateway.Mode == config.GatewayModeLocal {
-						dftFlows = append(dftFlows, ovnToHostNetworkNormalActionFlows(netConfig, bridgeMacAddress, subnets, true)...)
+						dftFlows = append(dftFlows, ovnToHostNetworkNormalActionFlows(netConfig, bridgeMacAddress, hostSubnets, true)...)
 					}
 				} else {
 					//  for UDN we additionally SNAT the packet from masquerade IP -> node IP
@@ -1771,11 +1771,11 @@ func setBridgeOfPorts(bridge *bridgeConfiguration) error {
 
 // initSvcViaMgmPortRoutingRules creates the svc2managementport routing table, routes and rules
 // that let's us forward service traffic to ovn-k8s-mp0 as opposed to the default route towards breth0
-func initSvcViaMgmPortRoutingRules(hostSubnets []*net.IPNet) error {
+func initSvcViaMgmPortRoutingRules(subnets []*net.IPNet) error {
 	// create ovnkubeSvcViaMgmPortRT and service route towards ovn-k8s-mp0
-	for _, hostSubnet := range hostSubnets {
-		isIPv6 := utilnet.IsIPv6CIDR(hostSubnet)
-		gatewayIP := util.GetNodeGatewayIfAddr(hostSubnet).IP.String()
+	for _, subnet := range subnets {
+		isIPv6 := utilnet.IsIPv6CIDR(subnet)
+		gatewayIP := util.GetNodeGatewayIfAddr(subnet).IP.String()
 		for _, svcCIDR := range config.Kubernetes.ServiceCIDRs {
 			if isIPv6 == utilnet.IsIPv6CIDR(svcCIDR) {
 				if stdout, stderr, err := util.RunIP("route", "replace", "table", ovnkubeSvcViaMgmPortRT, svcCIDR.String(), "via", gatewayIP, "dev", types.K8sMgmtIntfName); err != nil {
@@ -1895,7 +1895,7 @@ func newSharedGateway(nodeName string, subnets []*net.IPNet, gwNextHops []net.IP
 			}
 		}
 		gw.nodeIPManager = newAddressManager(nodeName, kube, cfg, watchFactory, gwBridge)
-		nodeIPs, _ := gw.nodeIPManager.ListAddresses()
+		hostIPs, hostSubnets := gw.nodeIPManager.ListAddresses()
 
 		if config.OvnKubeNode.Mode == types.NodeModeFull {
 			// Delete stale masquerade resources if there are any. This is to make sure that there
@@ -1919,7 +1919,7 @@ func newSharedGateway(nodeName string, subnets []*net.IPNet, gwNextHops []net.IP
 			}
 		}
 
-		gw.openflowManager, err = newGatewayOpenFlowManager(gwBridge, exGwBridge, subnets, nodeIPs)
+		gw.openflowManager, err = newGatewayOpenFlowManager(gwBridge, exGwBridge, subnets, hostSubnets, hostIPs)
 		if err != nil {
 			return err
 		}
@@ -1928,7 +1928,7 @@ func newSharedGateway(nodeName string, subnets []*net.IPNet, gwNextHops []net.IP
 		gw.nodeIPManager.OnChanged = func() {
 			klog.V(5).Info("Node addresses changed, re-syncing bridge flows")
 			nodeIPs, _ := gw.nodeIPManager.ListAddresses()
-			if err := gw.openflowManager.updateBridgeFlowCache(subnets, nodeIPs); err != nil {
+			if err := gw.openflowManager.updateBridgeFlowCache(subnets, hostSubnets, nodeIPs); err != nil {
 				// very unlikely - somehow node has lost its IP address
 				klog.Errorf("Failed to re-generate gateway flows after address change: %v", err)
 			}

go-controller/pkg/node/openflow_manager.go

@@ -145,7 +145,7 @@ func (c *openflowManager) syncFlows() {
 //
 // -- to handle host -> service access, via masquerading from the host to OVN GR
 // -- to handle external -> service(ExternalTrafficPolicy: Local) -> host access without SNAT
-func newGatewayOpenFlowManager(gwBridge, exGWBridge *bridgeConfiguration, subnets []*net.IPNet, extraIPs []net.IP) (*openflowManager, error) {
+func newGatewayOpenFlowManager(gwBridge, exGWBridge *bridgeConfiguration, subnets, hostSubnets []*net.IPNet, extraIPs []net.IP) (*openflowManager, error) {
 	// add health check function to check default OpenFlow flows are on the shared gateway bridge
 	ofm := &openflowManager{
 		defaultBridge:         gwBridge,
@@ -157,7 +157,7 @@ func newGatewayOpenFlowManager(gwBridge, exGWBridge *bridgeConfiguration, subnet
 		flowChan:              make(chan struct{}, 1),
 	}
 
-	if err := ofm.updateBridgeFlowCache(subnets, extraIPs); err != nil {
+	if err := ofm.updateBridgeFlowCache(subnets, hostSubnets, extraIPs); err != nil {
 		return nil, err
 	}
 
@@ -201,19 +201,19 @@ func (c *openflowManager) Run(stopChan <-chan struct{}, doneWg *sync.WaitGroup)
 
 // updateBridgeFlowCache generates the "static" per-bridge flows
 // note: this is shared between shared and local gateway modes
-func (c *openflowManager) updateBridgeFlowCache(subnets []*net.IPNet, extraIPs []net.IP) error {
+func (c *openflowManager) updateBridgeFlowCache(subnets, hostSubnets []*net.IPNet, hostIPs []net.IP) error {
 	// protect defaultBridge config from being updated by gw.nodeIPManager
 	c.defaultBridge.Lock()
 	defer c.defaultBridge.Unlock()
 
 	// CAUTION: when adding new flows where the in_port is ofPortPatch and the out_port is ofPortPhys, ensure
 	// that dl_src is included in match criteria!
 
-	dftFlows, err := flowsForDefaultBridge(c.defaultBridge, extraIPs)
+	dftFlows, err := flowsForDefaultBridge(c.defaultBridge, hostIPs)
 	if err != nil {
 		return err
 	}
-	dftCommonFlows, err := commonFlows(subnets, c.defaultBridge)
+	dftCommonFlows, err := commonFlows(subnets, hostSubnets, c.defaultBridge)
 	if err != nil {
 		return err
 	}
@@ -227,7 +227,7 @@ func (c *openflowManager) updateBridgeFlowCache(subnets []*net.IPNet, extraIPs [
 		c.externalGatewayBridge.Lock()
 		defer c.externalGatewayBridge.Unlock()
 		c.updateExBridgeFlowCacheEntry("NORMAL", []string{fmt.Sprintf("table=0,priority=0,actions=%s\n", util.NormalAction)})
-		exGWBridgeDftFlows, err := commonFlows(subnets, c.externalGatewayBridge)
+		exGWBridgeDftFlows, err := commonFlows(subnets, hostSubnets, c.externalGatewayBridge)
 		if err != nil {
 			return err
 		}