diff --git a/multicluster/apis/multicluster/v1alpha1/gateway_types.go b/multicluster/apis/multicluster/v1alpha1/gateway_types.go index ab2fd2431a5..c1c0ec10d34 100644 --- a/multicluster/apis/multicluster/v1alpha1/gateway_types.go +++ b/multicluster/apis/multicluster/v1alpha1/gateway_types.go @@ -50,6 +50,8 @@ type ClusterInfo struct { ServiceCIDR string `json:"serviceCIDR,omitempty"` // GatewayInfos has information of Gateways GatewayInfos []GatewayInfo `json:"gatewayInfos,omitempty"` + // PodCIDRs is the Pod IP address CIDRs. + PodCIDRs []string `json:"podCIDRs,omitempty"` } //+kubebuilder:object:root=true diff --git a/multicluster/apis/multicluster/v1alpha1/multiclusterconfig_types.go b/multicluster/apis/multicluster/v1alpha1/multiclusterconfig_types.go index 1a06080ed1f..7d0d38204b8 100644 --- a/multicluster/apis/multicluster/v1alpha1/multiclusterconfig_types.go +++ b/multicluster/apis/multicluster/v1alpha1/multiclusterconfig_types.go @@ -41,6 +41,8 @@ type MultiClusterConfig struct { config.ControllerManagerConfigurationSpec `json:",inline"` // ServiceCIDR allows user to set the ClusterIP range of the cluster manually. ServiceCIDR string `json:"serviceCIDR,omitempty"` + // PodCIDRs is the Pod IP address CIDRs. + PodCIDRs []string `json:"podCIDRs,omitempty"` // The precedence about which IP address (internal or external IP) of Node is preferred to // be used as the cross-cluster tunnel endpoint. if not specified, internal IP will be chosen. GatewayIPPrecedence Precedence `json:"gatewayIPPrecedence,omitempty"` diff --git a/multicluster/build/yamls/antrea-multicluster-leader-global.yml b/multicluster/build/yamls/antrea-multicluster-leader-global.yml index a5eb1217570..ea751babbdc 100644 --- a/multicluster/build/yamls/antrea-multicluster-leader-global.yml +++ b/multicluster/build/yamls/antrea-multicluster-leader-global.yml @@ -379,6 +379,11 @@ spec: type: string type: object type: array + podCIDRs: + description: PodCIDRs is the Pod IP address CIDRs. + items: + type: string + type: array serviceCIDR: description: ServiceCIDR is the IP ranges used by Service ClusterIP. type: string @@ -3268,6 +3273,11 @@ spec: type: string type: object type: array + podCIDRs: + description: PodCIDRs is the Pod IP address CIDRs. + items: + type: string + type: array serviceCIDR: description: ServiceCIDR is the IP ranges used by Service ClusterIP. type: string diff --git a/multicluster/build/yamls/antrea-multicluster-leader-namespaced.yml b/multicluster/build/yamls/antrea-multicluster-leader-namespaced.yml index 6755a466504..cf2e8c5e7ac 100644 --- a/multicluster/build/yamls/antrea-multicluster-leader-namespaced.yml +++ b/multicluster/build/yamls/antrea-multicluster-leader-namespaced.yml @@ -322,6 +322,8 @@ data: leaderElection: leaderElect: false serviceCIDR: "" + podCIDRs: + - "" gatewayIPPrecedence: "private" endpointIPType: "ClusterIP" kind: ConfigMap diff --git a/multicluster/build/yamls/antrea-multicluster-member.yml b/multicluster/build/yamls/antrea-multicluster-member.yml index 12263c286d7..47c5f1e4de3 100644 --- a/multicluster/build/yamls/antrea-multicluster-member.yml +++ b/multicluster/build/yamls/antrea-multicluster-member.yml @@ -111,6 +111,11 @@ spec: type: string type: object type: array + podCIDRs: + description: PodCIDRs is the Pod IP address CIDRs. + items: + type: string + type: array serviceCIDR: description: ServiceCIDR is the IP ranges used by Service ClusterIP. type: string @@ -946,6 +951,8 @@ data: leaderElection: leaderElect: false serviceCIDR: "" + podCIDRs: + - "" gatewayIPPrecedence: "private" endpointIPType: "ClusterIP" kind: ConfigMap diff --git a/multicluster/cmd/multicluster-controller/member.go b/multicluster/cmd/multicluster-controller/member.go index 64ba6e45355..be20e706b4e 100644 --- a/multicluster/cmd/multicluster-controller/member.go +++ b/multicluster/cmd/multicluster-controller/member.go @@ -84,6 +84,7 @@ func runMember(o *Options) error { mgr.GetScheme(), env.GetPodNamespace(), opts.ServiceCIDR, + opts.PodCIDRs, commonAreaGetter) if err = gwReconciler.SetupWithManager(mgr); err != nil { return fmt.Errorf("error creating Gateway controller: %v", err) diff --git a/multicluster/cmd/multicluster-controller/options.go b/multicluster/cmd/multicluster-controller/options.go index 8ad8837b963..06c8f6f8f39 100644 --- a/multicluster/cmd/multicluster-controller/options.go +++ b/multicluster/cmd/multicluster-controller/options.go @@ -32,6 +32,8 @@ type Options struct { options ctrl.Options // The Service ClusterIP range used in the member cluster. ServiceCIDR string + // PodCIDRs is the Pod IP address CIDRs of the member cluster. + PodCIDRs []string // The precedence about which IP (private or public one) of Node is preferred to // be used as tunnel endpoint. If not specified, private IP will be chosen. GatewayIPPrecedence mcsv1alpha1.Precedence @@ -64,7 +66,17 @@ func (o *Options) complete(args []string) error { return fmt.Errorf("failed to parse serviceCIDR, invalid CIDR string %s", ctrlConfig.ServiceCIDR) } } + cidrs := []string{} + for _, cidr := range ctrlConfig.PodCIDRs { + if _, _, err := net.ParseCIDR(cidr); err != nil && cidr != "" { + return fmt.Errorf("failed to parse podCIDRs, invalid CIDR string %s", cidr) + } + if cidr != "" { + cidrs = append(cidrs, cidr) + } + } o.ServiceCIDR = ctrlConfig.ServiceCIDR + o.PodCIDRs = cidrs o.GatewayIPPrecedence = ctrlConfig.GatewayIPPrecedence if ctrlConfig.EndpointIPType == "" { o.EndpointIPType = "ClusterIP" diff --git a/multicluster/config/crd/bases/multicluster.crd.antrea.io_clusterinfoimports.yaml b/multicluster/config/crd/bases/multicluster.crd.antrea.io_clusterinfoimports.yaml index cb8a98f7694..5bb209cbfc9 100644 --- a/multicluster/config/crd/bases/multicluster.crd.antrea.io_clusterinfoimports.yaml +++ b/multicluster/config/crd/bases/multicluster.crd.antrea.io_clusterinfoimports.yaml @@ -57,6 +57,11 @@ spec: type: string type: object type: array + podCIDRs: + description: PodCIDRs is the Pod IP address CIDRs. + items: + type: string + type: array serviceCIDR: description: ServiceCIDR is the IP ranges used by Service ClusterIP. type: string diff --git a/multicluster/config/crd/bases/multicluster.crd.antrea.io_resourceexports.yaml b/multicluster/config/crd/bases/multicluster.crd.antrea.io_resourceexports.yaml index 0b9440868d0..ef034bc5199 100644 --- a/multicluster/config/crd/bases/multicluster.crd.antrea.io_resourceexports.yaml +++ b/multicluster/config/crd/bases/multicluster.crd.antrea.io_resourceexports.yaml @@ -74,6 +74,11 @@ spec: type: string type: object type: array + podCIDRs: + description: PodCIDRs is the Pod IP address CIDRs. + items: + type: string + type: array serviceCIDR: description: ServiceCIDR is the IP ranges used by Service ClusterIP. type: string diff --git a/multicluster/config/crd/bases/multicluster.crd.antrea.io_resourceimports.yaml b/multicluster/config/crd/bases/multicluster.crd.antrea.io_resourceimports.yaml index bbb60b5d301..fe4b05fead1 100644 --- a/multicluster/config/crd/bases/multicluster.crd.antrea.io_resourceimports.yaml +++ b/multicluster/config/crd/bases/multicluster.crd.antrea.io_resourceimports.yaml @@ -72,6 +72,11 @@ spec: type: string type: object type: array + podCIDRs: + description: PodCIDRs is the Pod IP address CIDRs. + items: + type: string + type: array serviceCIDR: description: ServiceCIDR is the IP ranges used by Service ClusterIP. type: string diff --git a/multicluster/config/default/configmap/controller_manager_config.yaml b/multicluster/config/default/configmap/controller_manager_config.yaml index a2f3d3efe3c..decbb468ccb 100644 --- a/multicluster/config/default/configmap/controller_manager_config.yaml +++ b/multicluster/config/default/configmap/controller_manager_config.yaml @@ -9,5 +9,7 @@ webhook: leaderElection: leaderElect: false serviceCIDR: "" +podCIDRs: + - "" gatewayIPPrecedence: "private" endpointIPType: "ClusterIP" diff --git a/multicluster/controllers/multicluster/gateway_controller.go b/multicluster/controllers/multicluster/gateway_controller.go index 5efe37cad63..3cdac092afb 100644 --- a/multicluster/controllers/multicluster/gateway_controller.go +++ b/multicluster/controllers/multicluster/gateway_controller.go @@ -44,6 +44,7 @@ type ( namespace string localClusterID string serviceCIDR string + podCIDRs []string leaderNamespace string } ) @@ -55,12 +56,14 @@ func NewGatewayReconciler( scheme *runtime.Scheme, namespace string, serviceCIDR string, + podCIDRs []string, commonAreaGetter RemoteCommonAreaGetter) *GatewayReconciler { reconciler := &GatewayReconciler{ Client: client, Scheme: scheme, namespace: namespace, serviceCIDR: serviceCIDR, + podCIDRs: podCIDRs, commonAreaGetter: commonAreaGetter, } return reconciler @@ -144,6 +147,7 @@ func (r *GatewayReconciler) updateResourceExport(ctx context.Context, req ctrl.R resExportSpec.ClusterInfo = &mcsv1alpha1.ClusterInfo{ ClusterID: r.localClusterID, ServiceCIDR: r.serviceCIDR, + PodCIDRs: r.podCIDRs, GatewayInfos: []mcsv1alpha1.GatewayInfo{*gwInfo}, } if reflect.DeepEqual(existingResExport.Spec, resExportSpec) { @@ -171,6 +175,7 @@ func (r *GatewayReconciler) createResourceExport(ctx context.Context, req ctrl.R resExportSpec.ClusterInfo = &mcsv1alpha1.ClusterInfo{ ClusterID: r.localClusterID, ServiceCIDR: r.serviceCIDR, + PodCIDRs: r.podCIDRs, GatewayInfos: []mcsv1alpha1.GatewayInfo{ { GatewayIP: gatewayIP, diff --git a/multicluster/controllers/multicluster/gateway_controller_test.go b/multicluster/controllers/multicluster/gateway_controller_test.go index d2f78d7ae46..cb0d0b8a444 100644 --- a/multicluster/controllers/multicluster/gateway_controller_test.go +++ b/multicluster/controllers/multicluster/gateway_controller_test.go @@ -141,7 +141,7 @@ func TestGatewayReconciler(t *testing.T) { mcReconciler := NewMemberClusterSetReconciler(fakeClient, scheme, "default") mcReconciler.SetRemoteCommonArea(commonArea) commonAreaGatter := mcReconciler - r := NewGatewayReconciler(fakeClient, scheme, "default", "10.96.0.0/12", commonAreaGatter) + r := NewGatewayReconciler(fakeClient, scheme, "default", "10.96.0.0/12", []string{"10.200.1.1/16"}, commonAreaGatter) t.Run(tt.name, func(t *testing.T) { req := ctrl.Request{NamespacedName: tt.namespacedName} if _, err := r.Reconcile(ctx, req); err != nil { diff --git a/pkg/agent/multicluster/mc_route_controller.go b/pkg/agent/multicluster/mc_route_controller.go index ff872d432ea..4319733b282 100644 --- a/pkg/agent/multicluster/mc_route_controller.go +++ b/pkg/agent/multicluster/mc_route_controller.go @@ -331,7 +331,8 @@ func (c *MCRouteController) addMCFlowsForSingleCIImp(activeGW *mcv1alpha1.Gatewa if installedCIImp != nil { oldTunnelPeerIPToRemoteGW := getPeerGatewayIP(installedCIImp.Spec) - if oldTunnelPeerIPToRemoteGW.Equal(tunnelPeerIPToRemoteGW) && installedCIImp.Spec.ServiceCIDR == ciImport.Spec.ServiceCIDR { + if oldTunnelPeerIPToRemoteGW.Equal(tunnelPeerIPToRemoteGW) && installedCIImp.Spec.ServiceCIDR == ciImport.Spec.ServiceCIDR && + sets.NewString(installedCIImp.Spec.PodCIDRs...).Equal(sets.NewString(ciImport.Spec.PodCIDRs...)) { klog.V(2).InfoS("No difference between new and installed ClusterInfoImports, skip updating", "clusterinfoimport", ciImport.Name) return nil } @@ -339,7 +340,7 @@ func (c *MCRouteController) addMCFlowsForSingleCIImp(activeGW *mcv1alpha1.Gatewa klog.InfoS("Adding/updating remote Gateway Node flows for Multi-cluster", "gateway", klog.KObj(activeGW), "node", c.nodeConfig.Name, "peer", tunnelPeerIPToRemoteGW) - allCIDRs := []string{ciImport.Spec.ServiceCIDR} + allCIDRs := append([]string{ciImport.Spec.ServiceCIDR}, ciImport.Spec.PodCIDRs...) peerConfigs, err := generatePeerConfigs(allCIDRs, tunnelPeerIPToRemoteGW) if err != nil { klog.ErrorS(err, "Parse error for serviceCIDR from remote cluster", "clusterinfoimport", ciImport.Name, "gateway", activeGW.Name)