* remove l2bridge checker and l2tunnel mode
* fix l2bridge type
* fix the comment to add an UT to ensure hcn network type is always l2bridge
* go format to fix the linter issue
* feat: add IPConfig state logs/metrics to Request/Release handlers
Signed-off-by: Evan BaKer <rbtr@users.noreply.github.com>
* make metrics recording async so that it will not block ip requests
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
---------
Signed-off-by: Evan BaKer <rbtr@users.noreply.github.com>
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* fix log on ai telemetry handle create error
* fix failure to pass cni ai id at build time for cni images
* address feedback
* move ai id to hardcoded variable
* update unit test
* Revert "move ai id to hardcoded variable"
This reverts commit 666c2b0a8f.
* fix typo
* fix: HTTPRemoteRestService config missing Direct ChannelMode
* refactor: fix lint on rewriting if-else to switch statement
* refactor: simplify copy channel mode from cnsconfig
* refactor: use safe type assertion to prevent potential panics
Co-authored-by: Timothy J. Raymond <timraymond@users.noreply.github.com>
Signed-off-by: Jackie Luc <15662837+jackieluc@users.noreply.github.com>
---------
Signed-off-by: Jackie Luc <15662837+jackieluc@users.noreply.github.com>
Co-authored-by: Timothy J. Raymond <timraymond@users.noreply.github.com>
* modify accelnet path in cni
* remove all occurences of accelnetnic type since not sent by cns middleware
* remove all accelnet specific UTs
* remove additional UTs referring to accelnet in invoker_cns & network_test
* fix: additional UTs in endpoint_windows
invoker_mock - removed accelnet flags
* Add CNS API to retrieve VMUniqueID from IMDS
* Address the PR review comments
* Address the security comment from Evans to expose this API wherever needed
* fixed the linter error
* address the PR comments from Matt
* lowercase the struct json fields
* add prefix length from mtpnc to podipinfo & gatewayip
* separate getIpConfig based on OS for HNS prefix changes, add subnet in UTs
* import packages
* refactor middleware into os files after rebase w/ master
* split only the subnet-prefix assign part
* fix lint errors
* add UTs to test the function's behavior for linux vs windows
---------
Signed-off-by: Kshitija Murudi <kmurudi@microsoft.com>
Co-authored-by: paulyufan2 <paulyu01@outlook.com>
* Adding backend interfaces support for CNS
* Fixing the log line
* Moving backend nic functions to platform package
* Moving the pnpID fetching to platform package
* Moving the mapping to CRD mode
* Moving macaddress parsing to net package function
* removing the backend nic config
* Handling multiple interface information
* Adding error handling for macaddress parsing
* Moving pnpid mapping to swift v2 flow
* Adding pipeline vars
* Adding ut's for Happy paths
* Adding ut's for Happy paths
* Adding mtpnc check
* Rebasing with master
* Addressing lint errors
* Adding function to linux file
* Addressing lint errors
* Addressing lint comments
* Addressing Lint issues
* Modifying ut's
* removing mutex lock on cache
* Adding podnetwork instance label
* Modifying ut's after change
* Moving function out of restserver
* Moving mapping after crd intial state
* Adding the config debug statements
* removing the unused config
* Adding the debug statements
* Adding the debug statements
* Adding more debug logs
* removing log lines and adding mtpnc status check
* Moving mapping to state file
* Rebasing and removing the debug statements
* Addressing lint errors
* removing the debug pipeline changes
* Adding more coverage
* Adding test coverage and unhappy paths
* Addressing lint errors
* addressing lint errors
* Addressing lint errors
* Add default routes k8s windows
* add os version flags 2025
* remove unnecessary line
* fix windows 2025 build version
* remove windows 2025 build from this PR
* Update cns/middlewares/k8sSwiftV2_windows.go
Co-authored-by: John Payne <89417863+jpayne3506@users.noreply.github.com>
Signed-off-by: Paul Yu <129891899+paulyufan2@users.noreply.github.com>
* fix a comment linter issue
* fix the feedback to organize log
---------
Signed-off-by: Paul Yu <129891899+paulyufan2@users.noreply.github.com>
Co-authored-by: Kshitija Murudi <kmurudi@microsoft.com>
Co-authored-by: John Payne <89417863+jpayne3506@users.noreply.github.com>
* PB Operations
* Added gRPC Boilerplate Code
* Updated package
* Minor Fixes
* gRPC Boilerplate
* Minor Changes
* Feedback PB Changes
* Ignored dotnet
* Improved Logging
* PB Operations with Gen Code
* Cherry Picking PB Operations
* SetOrchestratorInfo Implementation
* gRPC Boilerplate Server Startup
* FIxed Merge Conflicts
* Resolved Merge Conflicts
* Removed gitignore
* Add gRPC Protobuf Files for CNS Operations (#2754)
* PB Operations
* Updated Protobuf Service Name
* Package Rename
---------
Co-authored-by: Kevin <t-kcamacho@microsoft.com>
* refactor: code changes for stateless cni and swift v2 (#2688)
* ci: changes up to endpointInternal
* ci: remove defaultInterface from invoker
* ci: change up to CreateEndpoint
* ci: changes up to CreateEndpoint()
* ci: invoker cns and UT fixes
* ci: add fixes to UT(s), capture non populated defaultInterface failures
* ci: multitenancy changes
* ci: invoker azure changes & remove all defaultInterfaceInfo possible
* ci add NICType to baremetal flow
* chore: address comments
* merge nw info fields to ep info and draft new createEndpoint function
* restruct ipamAddResult struct
* reorder code to create epinfo first, and then create network and ep based on epinfo
* add getNwInfo and generate ipamAddResult
* fix network windows.go
* create nw info first and create nw and ep dns info
* fix testIpamAddFail ut referencing wrong redeclared err variable, fix error message
* UT fix part one
* fix the getNetworkID and getNetworkInfo
* move create endpoint to network package, remove ifIndex as needed
* use function to get network id
* unify creation of nw and endpoint info by removing switch
* change functions to consume ep info instead of nw info
* remove unused variable accidentally added earlier
* update old azure ipam invoker to use ep info and change ids to network ids when appropriate
previously we renamed the NetworkInfo symbol to EndpointInfo in lots of places, but the Id in Network Info is NOT the same as Endpoint Info, so while the code compiles, code that previously used the id field of the network info struct would now be using the id field of the endpoint info struct. It should use the NetworkId field of the endpoint info struct instead.
* rename endpoint info id field to EndpointID to remove ambiguity
* change nw info to ep info in windows
* adjust comments
* move all methods in create ep info dependent on nw info to use ep info instead (windows and linux)
addSubnetToNetworkInfo, setNetworkOptions, and getEndpointPolicies. getEndpointPolicies will now take just the subnets needed as a parameter rather than the whole nw or ep info.
* make cnm compile (not necessarily correct)
* make all tests compile except endpoint test secondary client (windows and linux) (not necessarily correct)
* comment out endpoint test secondary endpoint client case to make tests compile
* address todos and comments from meeting
* remove duplicated code for populating address in ep info generation
* update EndpointCreate to support multiple infra nic
* save all endpoints to state, regardless of type, use either stateless or cni statefile
undos some changes in "move create endpoint to network package, remove ifIndex as needed"
deletion flow needs to figure out how to tell if the nic type is delegated
1 interface info : 1 endpoint info : 1 endpoint struct mapping
* fix dual nic support conditional and finding master interface ip
the master interface ip must be in a particular form where the last few bits are zeroed out based on the mask or we won't find the ip
for example, while the host subnet perfix is 10.224.0.113/16, the ip that should be passed into find master interface (subnet) should be 10.224.0.0/16 which matches one of the interfaces' ipnet (10.224.0.0/16)
* fix empty network name
when we need to create a network, we collect the network information, but if we do not find the network, we return an empty nw info and an error
when we create the endpoint we need to use endpoint info's network id, not the (possibly) empty network info struct's network id
* make network_test.go compile (linux and windows compile)
unit tests are not necessarily correct at this point
* add NICType to endpoint struct and populate it
important: when getting the endpoint state, the NIC Type field is not populated, leading to deletes not having a NIC Type; this should be changed so that getting the state populates that field
including the nic type allows us to simplify the secondary endpoints delete flow (just check if the nic type is delegated instead of checking if the secondary interfaces map is populated)
smoke tested:
linux aks podsubnet (same vm, multi vm, internet, cni statefile consistent)
linux standalone transparent vlan multitenancy (same vm, multi vm, internet, multi vnet, no connection between coke pepsi, cni statefile consistent)
windows standalone bridge multitenancy single customer (same vm connections, internet, dns only, cni statefile consistent, 2 pods deleting and recreating)
* ci: InterfaceInfo Map
* fix multitenancy_test ut by changing key
* add endpoint id to secondary ep info test since we populate the id in the actual flow
* fix cni network_test linux and ensure secondary create ep info does not break
in network_test we pass in sample delegated (secondary) data to Add which we then create endpoint info from
even with most fields empty, in linux, the ep info is created without erroring
* make invoker_cns_test linux pass
running all linux package tests for network and cni package pass (or also fail on master, like createBridge)
windows unit tests mostly all fail for the same ones on master and this branch
summary:
- network_windows_test.go
○ TestFailToAddIPv6DefaultRoute already fails on master
- network_test.go
○ 9 tests fail on master, 9 tests fail on my branch
- manager_test.go
○ 9 tests fail on master, 9 tests fail on my branch
- endpoint_windows_test.go
○ TestNewAndDeleteEndpointImplHnsV2 already timeouts on master
- endpoint_test.go
○ 9 tests fail on master, 9 tests fail on my branch
- network_windows_test.go
○ FAIL: TestPluginSecondAddSamePodWindows/CNI_consecutive_add_already_hot_attached
○ FAIL: TestPluginSecondAddSamePodWindows/CNI_consecutive_add_not_hot_attached
○ We don't handle consecutive add anymore
- network_test.go
○ TestPluginMultitenancyAdd/Add_Happy_path fails on master and my branch (received multiple NC results [] from CNS while dualnic feature is not supported)-- we still get two items on our list/map though which is expected
- invoker_cns_test passes
- invoker_azure_test passes
- multitenancy_test passes
The consecutive add tests fail but that is expected since we no longer support it.
* modify delete flow to handle multiple epinfos to delete
delete ALL endpoints related to the endpoint infos list in the event cni fails half-way through an add (one failed endpoint create and we delete all would-be-create endpoints and the state)
replace looping over deletion code "n" number of times with getting a slice of endpoint infos to delete
modify stateless cni code to retrieve a slice of network endpoint infos from a single response based on the container id (container id can be used in stateless cni for retrieval)
incorporate stateless cni changes from other branch (cns client/ipam/restserver changes)
modify get endpoint state to return slice of endpoint infos, and getting an endpoint will return an endpoint from that slice with nic type infra
move edge case where endpoint is not created in the state but ips are already allocated to immediately after retrieving all ep infos
fix mock behavior for getting all endpoints by container id
move getting network id and network info out of the loop because their values do not seem to change between iterations
move deletion of endpoint logic into a dedicated loop, and then create a dedicate loop for calling ipam delete to prevent inconsistent state
all expected unit tests on linux pass
* address feedback
* Make change to UpdateEndpointState API to support SwiftV2 for Stateless CNI
* change save state to only call update endpoint state once with a slice of endpoints, uts pass
* fix using nonexistent key by passing in current interface info directly
* fix azure ipam invoker not getting a populated network info for legacy cni
* add L1VH windows support
* add nic type to windows endpoints
* move adding an external interface code to run only when creating a new network
this change reflects prior behavior, where we would only add an external interface to the statefile if the network (after searching through all external interfaces) was not found
currently, if there are multiple interfaces that could be selected as the master, we would add each external interface to the statefile, even if the *network* is associated with one of the existing interfaces
while we would still always find the same network (thanks to having a constant NetworkId, regardless of the external interface), you could get an extra empty external interface in your statefile
this commit should remove that possibility (the extra external interface shouldn't really matter in the first place though because we always select the external interface that has a matching network created on it)
this should be os agnostic
* update comments, first todo check pass
* address some linter issues
* rename networkId to networkID in endpoint info
ran package tests in windows and linux for cni and network packages
ran package tests in linux for cns restserver
all have expected outputs (either pass, or also fails on master branch)
* address linter issues
* preserve more logs and reduce timeout for restart for debugging
* clean comments and rename for clarity
if we use the endpoint info for the network info fields, we name it nwInfo as a hint
* address more linter issues
linux network, restserver, and cni package tests pass
* Revert "preserve more logs and reduce timeout for restart for debugging"
This reverts commit 0f004925cf.
* ignore error on delete flow network query
if we are in stateful cni and do not find the network, we will not error, but when we search for the endpoint it will not be found, leading to us calling ipam invoker delete which is assumed idempotent before returning
previously we would error in stateful cni and return before calling ipam invoker delete
* delete network on endpoint delete if stateless and delegated vmnic (win + linux)
* add nic name, set nicname in linux to master interface name
stateless will key into interface map with the nicname field
in windows, the nicname field is based on the args ifname (usually eth0)
in linux, the nicname field is based on the master interface found (usually eth0)
note:
hostifname/hostvethname = linux veth pair peer in the host ns
ifname/contifname = linux veth pair peer in the container ns, in windows it's just the args ifname
nicname is something else
ifname isn't used during deletion in linux, hns id is used for deletion in windows
* return secondary interface as cni result if no infra nic found, include mac address in cni result
* address linter issue
* fix critical error where failing to add in windows stateless would lead to hns components not being deleted and add netns for hnsv2
tested by triggering a failure to save the stateless state and seeing that the hns endpoint and network are cleaned up
we use the endpoint info to clean up on "add" error, but previously, we didn't populate it with the hns ids to do so
adds netns to stateless as the presence of a valid guid in netns determines if hnsv2 is used
* set nicname used in stateless cni according to feedback
* add dummy guid to stateless delete since we assume stateless is always hnsv2
we assume that the netns value isn't used in stateless deletion
* clean up createEpInfo, declare endpoint info once
* address feedback from vipul
* change comments only
* revert change to cns package
* fix stateless cni migration flow not having nictype on migrate
* keep nwInfo variables named the same as before pr (noop)
* separate endpoint and network policies in endpoint info
behavior should not change except in hnsv1, where network policies passed into network create call will NOT include endpoint policies
endpoint policies always include network policies
* address feedback from reviewers
* address feedback and account for case where cns provides info without nic type
if nic type is empty from cns in invoker cns, we assume it is infra nic type and populate it with infra nic type
* address feedback to declare endpoint info once and populate all fields at once
moved add subnets to after endpoint info created
moved retrieval of all endpoint policies (from getEndpointPolicies and getPoliciesFromRuntimeCfg)until after endpoint info created
network policies are just passed in from the args unaltered
* use ifname instead of nicname field in endpoint struct as key in stateless
* convert macaddress only nictype is delegatedvmnic
* address feedback by removing network dns settings
* address linter issues (noop)
* address feedback and linter (noop)
* remove unused consecutive add funcs (noop)
* fix release ips when create a container without nictype using older cni and then upgrade cni and delete
if we create a pod with an older cni version, it won't have a nictype
if we upgrade cni and then delete, we should treat an empty nictype as an infra nictype and
call the invoker delete
* prevent eps with delegated nic type present on ep from also calling transparent endpoint client on delete
tested on swift v2 linux single pod add, change cni to this version, delete (ok)
then add using this cni version and delete, no extraneous transparent endpoint client calls logged
* mock get interface method for ut
searched for "NetPlugin" in all files and determined all prod use of NetPlugin goes through NewNetPlugin where we set the get interface method to the real interface get method
adds ut where the master interface (by mac) is not found
* address feedback (noop)
* add ut for handling empty nictype on cns add (noop)
* add multitenancy delete net not found ut (noop)
* add uts for multi interface infos single add call, verify endpoint id, cns to cni data conversion and vice versa, get endpoint info from container id (noop)
verifies partial success will delete all endpoints, even successfully created ones in the same cni add call
* add ut for all pods associated with container id delete in one del call, new secondary delete flow (noop)
* add two UTs
* fix a linter issue
* add ut to check endpoint ifname on new endpoint creation based on nictype (noop)
* add ut for fail to find interface by subnet (noop)
* Adding support for Stateless CNI Delete Edge case when there in no HNS ID
* fix uts
* fix linter issues
* fix ut
---------
Co-authored-by: jpayne3506 <payne.3506@gmail.com>
Co-authored-by: paulyufan2 <paulyu01@outlook.com>
Co-authored-by: AzureAhai <behzadm@microsoft.com>
* Corrected imports
* Final Commit
* Updated .gitignore
* Added dummy methods for PB operatons
* Modularized CNS
* Improved configurations
* Resolved Concflicts
* Resolved cns logic error
* Improved config structure
* Resolved Conflicts
* Updated Main
* Removed Config
* WIP: 34307edf Fixed return code
---------
Co-authored-by: Kevin <t-kcamacho@microsoft.com>
Co-authored-by: QxBytes <39818795+QxBytes@users.noreply.github.com>
Co-authored-by: jpayne3506 <payne.3506@gmail.com>
Co-authored-by: paulyufan2 <paulyu01@outlook.com>
Co-authored-by: AzureAhai <behzadm@microsoft.com>
Evan Baker
Paul Yu
ZetaoZhuang
Behzad Mirkhanzadeh
Santhosh Prabhu
Alexander
Jackie Luc
Kshitija Murudi
Saksham Mittal
Matthew Long
sivakami-projects
Jaeryn
msvik
shreyashastantram
bohuini
Kevin Camacho