Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat/include snat cidrs #1229

Closed
wants to merge 16 commits into from
Closed

Feat/include snat cidrs #1229

wants to merge 16 commits into from

Conversation

tanguyfalconnet
Copy link

What type of PR is this?
feature

Which issue does this PR fix:
#1224

What does this PR do / Why do we need it:
#1224

If an issue # is not available please add repro steps and logs from IPAMD/CNI showing the issue:

Testing done on this change:
Testing done on v1.6.1 (backport)

Automation added to e2e:

Will this break upgrades or downgrades. Has updating a running cluster been tested?:

Does this change require updates to the CNI daemonset config files to work?:

Does this PR introduce any user-facing change?:

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@tanguyfalconnet
Copy link
Author

tanguyfalconnet commented Sep 29, 2020
edited
Loading

@totahuanocotl I saw your PR #520, could you explain me how to handle rpc ? I'm missing something...

@totahuanocotl
Copy link
Contributor

totahuanocotl commented Sep 29, 2020
edited
Loading

@totahuanocotl I saw your PR #520, could you explain me how to handle rpc ? I'm missing something...

It's been a year since that PR, and I haven't worked on the project since but I'll try to do my best.
If you haven't read the cni proposal I would recommend it, as it very descriptive of what the plugin is doing.

You will find how the cni plugin interacts with the ipam daemonset via grpc.

The ipam daemonset sets up the host networking on startup, in our case we were interested in the iptables rules

  1. Creates ipamd
  2. Initializes the node and
  3. Sets up the host network
  4. iptables mostly

The plugin, on the other hand is what interacts with kubelet, and this will setup the ip routes in the host, which would be the NS for the pod, if it requires it. This interaction is the one done via grpc to the agent. Our interest was in the add command, since it is the one that sets up everything.

  1. The plugin is requested to Add a network
  2. Which it delegates to the agent via grpc
  3. The handler does it business, and because we were interested in excluding specific CIDRS, we had to provide those CIDRs back along with the VPC ones so that,
  4. Using those CIDRS the plugin could setup the NS
  5. Which would set up the ip rules for those vpc CIDRs on the host

I hope this is enough to give you more clarity of how it fits together.

@jayanthvn jayanthvn mentioned this pull request Jan 21, 2021
Closed
@fawadkhaliq fawadkhaliq requested review from achevuru and removed request for mogren February 3, 2021 19:28
@github-actions
Copy link

This pull request is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days

@github-actions github-actions bot added the stale Issue or PR is stale label Apr 13, 2022
@github-actions
Copy link

Pull request closed due to inactivity.

@github-actions github-actions bot closed this Apr 27, 2022
@tanguyfalconnet tanguyfalconnet deleted the feat/include_snat_cidrs branch September 23, 2024 08:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anguslees anguslees Awaiting requested review from anguslees

@SaranBalaji90 SaranBalaji90 Awaiting requested review from SaranBalaji90

@achevuru achevuru Awaiting requested review from achevuru

Assignees

@achevuru achevuru

Labels
stale Issue or PR is stale
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tanguyfalconnet @totahuanocotl @achevuru