Detect IPConflicting and gatewayReachable in ipam without coordinator (…

…#4560) (#4587)

Signed-off-by: Cyclinder Kuo <[email protected]>

.github/workflows/lint-openapi.yaml

@@ -26,7 +26,7 @@ on:
 jobs:
   link-check:
     name: Openapi Lint
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     strategy:
       matrix:
         include:
@@ -46,12 +46,12 @@ jobs:
 
       - name: Validate OpenAPI definition By PR
         if: ${{ github.event_name != 'workflow_dispatch' }}
-        uses: char0n/swagger-editor-validate@v1
+        uses: char0n/swagger-editor-validate@v1.4.0
         with:
           definition-file: ${{ matrix.openapifilepath }}
 
       - name: Validate OpenAPI definition By Command
         if: ${{ github.event_name == 'workflow_dispatch' }}
-        uses: char0n/swagger-editor-validate@v1
+        uses: char0n/swagger-editor-validate@v1.4.0
         with:
           definition-file: ${{ github.event.inputs.path }}

Makefile

@@ -275,7 +275,7 @@ check_test_label:
 .PHONY: unittest-tests
 unittest-tests: check_test_label
 	@echo "run unittest-tests"
-	$(QUIET) $(ROOT_DIR)/tools/scripts/ginkgo.sh \
+	sudo $(QUIET) $(ROOT_DIR)/tools/scripts/ginkgo.sh \
 		--cover --coverprofile=./coverage.out --covermode set \
 		--json-report unittestreport.json  \
 		-randomize-suites -randomize-all --keep-going  --timeout=1h  -p \

README-zh_CN.md

@@ -173,6 +173,6 @@ We are a [Cloud Native Computing Foundation](https://www.cncf.io) [sandbox proje
 The Linux Foundation® (TLF) has registered trademarks and uses trademarks. For a list of TLF trademarks, see [Trademark Usage](https://www.linuxfoundation.org/legal/trademark-usage).
 
 <p align="center">
-<img src="https://landscape.cncf.io/images/cncf-landscape-horizontal-color.svg" width="300"/>&nbsp
+<img src="https://landscape.cncf.io/images/cncf-landscape-horizontal-color.svg" alt="CNCF Landscape" width="300"/>&nbsp
 <br/><br/>
 </p>

README.md

@@ -179,6 +179,6 @@ We are a [Cloud Native Computing Foundation](https://www.cncf.io) [sandbox proje
 The Linux Foundation® (TLF) has registered trademarks and uses trademarks. For a list of TLF trademarks, see [Trademark Usage](https://www.linuxfoundation.org/legal/trademark-usage).
 
 <p align="center">
-<img src="https://landscape.cncf.io/images/cncf-landscape-horizontal-color.svg" width="300"/>&nbsp
+<img src="https://landscape.cncf.io/images/cncf-landscape-horizontal-color.svg" alt="CNCF Landscape" width="300"/>&nbsp
 <br/><br/>
 </p>

api/v1/agent/openapi.yaml

@@ -306,6 +306,10 @@ definitions:
         type: string
       vlan:
         type: integer
+      enableGatewayDetection:
+        type: boolean
+      enableIPConflictDetection:
+        type: boolean
     required:
       - version
       - address
@@ -340,10 +344,6 @@ definitions:
         type: integer
       txQueueLen:
         type: integer
-      detectIPConflict:
-        type: boolean
-      detectGateway:
-        type: boolean
       vethLinkAddress:
         type: string
     required:

charts/spiderpool/README.md

@@ -134,6 +134,8 @@ helm install spiderpool spiderpool/spiderpool --wait --namespace kube-system \
 | `ipam.enableStatefulSet`                    | the network mode                                                                                 | `true` |
 | `ipam.enableKubevirtStaticIP`               | the feature to keep kubevirt vm pod static IP                                                    | `true` |
 | `ipam.enableSpiderSubnet`                   | SpiderSubnet feature gate.                                                                       | `true` |
+| `ipam.enableIPConflictDetection`                      | enable IP conflict detection                                                                     | `false` |
+| `ipam.enableGatewayDetection`                         | enable gateway detection                                                                         | `false` |
 | `ipam.subnetDefaultFlexibleIPNumber`        | the default flexible IP number of SpiderSubnet feature auto-created IPPools                      | `1`    |
 | `ipam.gc.enabled`                           | enable retrieve IP in spiderippool CR                                                            | `true` |
 | `ipam.gc.gcAll.intervalInSecond`            | the gc all interval duration                                                                     | `600`  |

charts/spiderpool/crds/spiderpool.spidernet.io_spidercoordinators.yaml

@@ -40,11 +40,15 @@ spec:
             properties:
               detectGateway:
                 default: false
-                description: DetectGateway to detect the gateway for the pod
+                description: 'DetectGateway to detect the gateway for the pod Deprecated:
+                  gateway detection is now done by IPAM, setting this value has no
+                  effect，this will be removed in the future.'
                 type: boolean
               detectIPConflict:
                 default: false
-                description: DetectIPConflict to detect the ip conflict for the pod
+                description: 'DetectIPConflict to detect the ip conflict for the pod
+                  Deprecated: IP conflict detection is now done by IPAM, setting this
+                  value has no effect，this will be removed in the future.'
                 type: boolean
               hijackCIDR:
                 description: HijackCIDR configure static routing tables in the pod

charts/spiderpool/crds/spiderpool.spidernet.io_spidermultusconfigs.yaml

@@ -59,12 +59,15 @@ spec:
                 properties:
                   detectGateway:
                     default: false
-                    description: DetectGateway to detect the gateway for the pod
+                    description: 'DetectGateway to detect the gateway for the pod
+                      Deprecated: gateway detection is now done by IPAM, setting this
+                      value has no effect，this will be removed in the future.'
                     type: boolean
                   detectIPConflict:
                     default: false
-                    description: DetectIPConflict to detect the ip conflict for the
-                      pod
+                    description: 'DetectIPConflict to detect the ip conflict for the
+                      pod Deprecated: IP conflict detection is now done by IPAM, setting
+                      this value has no effect，this will be removed in the future.'
                     type: boolean
                   hijackCIDR:
                     description: HijackCIDR configure static routing tables in the

charts/spiderpool/templates/configmap.yaml

@@ -21,6 +21,8 @@ data:
     enableStatefulSet: {{ .Values.ipam.enableStatefulSet }}
     enableKubevirtStaticIP: {{ .Values.ipam.enableKubevirtStaticIP }}
     enableSpiderSubnet: {{ .Values.ipam.enableSpiderSubnet }}
+    enableIPConflictDetection: {{ .Values.ipam.enableIPConflictDetection }}
+    enableGatewayDetection: {{ .Values.ipam.enableGatewayDetection }}
     {{- if .Values.ipam.enableSpiderSubnet }}
     clusterSubnetDefaultFlexibleIPNumber: {{ .Values.ipam.subnetDefaultFlexibleIPNumber }}
     {{- else}}

charts/spiderpool/values.yaml

@@ -56,6 +56,12 @@ ipam:
   ## @param ipam.enableSpiderSubnet SpiderSubnet feature gate.
   enableSpiderSubnet: true
 
+  ## @param ipam.enableIPConflictDetection enable IP conflict detection
+  enableIPConflictDetection: false
+
+  ## @param ipam.enableGatewayDetection enable gateway detection
+  enableGatewayDetection: false
+
   ## @param ipam.subnetDefaultFlexibleIPNumber the default flexible IP number of SpiderSubnet feature auto-created IPPools
   subnetDefaultFlexibleIPNumber: 1
 

cmd/coordinator/cmd/cni_types.go

@@ -11,7 +11,6 @@ import (
 	"path/filepath"
 	"regexp"
 	"strings"
-	"time"
 
 	"github.com/containernetworking/cni/pkg/types"
 	"github.com/containernetworking/cni/pkg/version"
@@ -44,24 +43,21 @@ const (
 
 type Config struct {
 	types.NetConf
-	DetectGateway      *bool          `json:"detectGateway,omitempty"`
-	VethLinkAddress    string         `json:"vethLinkAddress,omitempty"`
-	MacPrefix          string         `json:"podMACPrefix,omitempty"`
-	MultusNicPrefix    string         `json:"multusNicPrefix,omitempty"`
-	PodDefaultCniNic   string         `json:"podDefaultCniNic,omitempty"`
-	OverlayPodCIDR     []string       `json:"overlayPodCIDR,omitempty"`
-	ServiceCIDR        []string       `json:"serviceCIDR,omitempty"`
-	HijackCIDR         []string       `json:"hijackCIDR,omitempty"`
-	TunePodRoutes      *bool          `json:"tunePodRoutes,omitempty"`
-	PodDefaultRouteNIC string         `json:"podDefaultRouteNic,omitempty"`
-	Mode               Mode           `json:"mode,omitempty"`
-	HostRuleTable      *int64         `json:"hostRuleTable,omitempty"`
-	HostRPFilter       *int32         `json:"hostRPFilter,omitempty" `
-	PodRPFilter        *int32         `json:"podRPFilter,omitempty" `
-	TxQueueLen         *int64         `json:"txQueueLen,omitempty"`
-	IPConflict         *bool          `json:"detectIPConflict,omitempty"`
-	DetectOptions      *DetectOptions `json:"detectOptions,omitempty"`
-	LogOptions         *LogOptions    `json:"logOptions,omitempty"`
+	VethLinkAddress    string      `json:"vethLinkAddress,omitempty"`
+	MacPrefix          string      `json:"podMACPrefix,omitempty"`
+	MultusNicPrefix    string      `json:"multusNicPrefix,omitempty"`
+	PodDefaultCniNic   string      `json:"podDefaultCniNic,omitempty"`
+	OverlayPodCIDR     []string    `json:"overlayPodCIDR,omitempty"`
+	ServiceCIDR        []string    `json:"serviceCIDR,omitempty"`
+	HijackCIDR         []string    `json:"hijackCIDR,omitempty"`
+	TunePodRoutes      *bool       `json:"tunePodRoutes,omitempty"`
+	PodDefaultRouteNIC string      `json:"podDefaultRouteNic,omitempty"`
+	Mode               Mode        `json:"mode,omitempty"`
+	HostRuleTable      *int64      `json:"hostRuleTable,omitempty"`
+	HostRPFilter       *int32      `json:"hostRPFilter,omitempty" `
+	PodRPFilter        *int32      `json:"podRPFilter,omitempty" `
+	TxQueueLen         *int64      `json:"txQueueLen,omitempty"`
+	LogOptions         *LogOptions `json:"logOptions,omitempty"`
 }
 
 // DetectOptions enable ip conflicting check for pod's ip
@@ -142,15 +138,6 @@ func ParseConfig(stdin []byte, coordinatorConfig *models.CoordinatorConfig) (*Co
 		return nil, err
 	}
 
-	if conf.IPConflict == nil && coordinatorConfig.DetectIPConflict {
-		conf.IPConflict = ptr.To(true)
-	}
-
-	conf.DetectOptions, err = ValidateDelectOptions(conf.DetectOptions)
-	if err != nil {
-		return nil, err
-	}
-
 	if conf.HostRuleTable == nil && coordinatorConfig.HostRuleTable > 0 {
 		conf.HostRuleTable = ptr.To(coordinatorConfig.HostRuleTable)
 	}
@@ -163,10 +150,6 @@ func ParseConfig(stdin []byte, coordinatorConfig *models.CoordinatorConfig) (*Co
 		conf.HostRuleTable = ptr.To(int64(500))
 	}
 
-	if conf.DetectGateway == nil {
-		conf.DetectGateway = ptr.To(coordinatorConfig.DetectGateway)
-	}
-
 	if conf.TunePodRoutes == nil {
 		conf.TunePodRoutes = coordinatorConfig.TunePodRoutes
 	}
@@ -270,37 +253,3 @@ func validateRPFilterConfig(rpfilter *int32, coordinatorConfig int64) (*int32, e
 	}
 	return rpfilter, nil
 }
-
-func ValidateDelectOptions(config *DetectOptions) (*DetectOptions, error) {
-	if config == nil {
-		return &DetectOptions{
-			Interval: "10ms",
-			TimeOut:  "100ms",
-			Retry:    3,
-		}, nil
-	}
-
-	if config.Retry == 0 {
-		config.Retry = 3
-	}
-
-	if config.Interval == "" {
-		config.Interval = "10ms"
-	}
-
-	if config.TimeOut == "" {
-		config.TimeOut = "500ms"
-	}
-
-	_, err := time.ParseDuration(config.Interval)
-	if err != nil {
-		return nil, fmt.Errorf("invalid detectOptions.interval %s: %v, input like: 1s or 1m", config.Interval, err)
-	}
-
-	_, err = time.ParseDuration(config.TimeOut)
-	if err != nil {
-		return nil, fmt.Errorf("invalid detectOptions.timeout %s: %v, input like: 1s or 1m", config.TimeOut, err)
-	}
-
-	return config, nil
-}