Граф коммитов

2256 Коммитов

Автор SHA1 Сообщение Дата
dependabot[bot] 1deec28b9b
deps: bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.5.2 to 1.6.0 (#2778)
deps: bump github.com/Azure/azure-sdk-for-go/sdk/azidentity

Bumps [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) from 1.5.2 to 1.6.0.
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/internal/v1.5.2...sdk/azcore/v1.6.0)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-21 00:34:40 +00:00
dependabot[bot] 38b9fd371c
deps: bump github.com/containernetworking/plugins from 1.5.0 to 1.5.1 in /azure-ipam (#2795)
deps: bump github.com/containernetworking/plugins in /azure-ipam

Bumps [github.com/containernetworking/plugins](https://github.com/containernetworking/plugins) from 1.5.0 to 1.5.1.
- [Release notes](https://github.com/containernetworking/plugins/releases)
- [Commits](https://github.com/containernetworking/plugins/compare/v1.5.0...v1.5.1)

---
updated-dependencies:
- dependency-name: github.com/containernetworking/plugins
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-18 23:32:03 +00:00
dependabot[bot] baf6a42ae9
deps: bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.11.1 to 1.12.0 (#2771)
deps: bump github.com/Azure/azure-sdk-for-go/sdk/azcore

Bumps [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go) from 1.11.1 to 1.12.0.
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.11.1...sdk/azcore/v1.12.0)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-18 23:28:54 +00:00
dependabot[bot] 577559b93f
deps: bump github.com/containernetworking/cni from 1.2.0 to 1.2.1 in /azure-ipam (#2794)
deps: bump github.com/containernetworking/cni in /azure-ipam

Bumps [github.com/containernetworking/cni](https://github.com/containernetworking/cni) from 1.2.0 to 1.2.1.
- [Release notes](https://github.com/containernetworking/cni/releases)
- [Commits](https://github.com/containernetworking/cni/compare/v1.2.0...v1.2.1)

---
updated-dependencies:
- dependency-name: github.com/containernetworking/cni
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-18 14:07:37 +00:00
dependabot[bot] 8289d5537f
deps: bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (#2791)
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.8.0...v1.8.1)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-18 14:07:26 +00:00
dependabot[bot] 40ab7fb89b
deps: bump k8s.io/klog/v2 from 2.120.1 to 2.130.0 (#2790)
Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog) from 2.120.1 to 2.130.0.
- [Release notes](https://github.com/kubernetes/klog/releases)
- [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes/klog/compare/v2.120.1...v2.130.0)

---
updated-dependencies:
- dependency-name: k8s.io/klog/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-18 14:05:11 +00:00
Evan Baker 994ba651b9
combine linux and win Dockerfiles using build targets (#2559)
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
2024-06-17 21:53:44 +00:00
dependabot[bot] d82a441deb
ci: bump golangci/golangci-lint-action from 5 to 6 (#2734)
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 5 to 6.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v5...v6)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-17 19:05:34 +00:00
Kevin Camacho bebbe63560
Added gRPC Server Boilerplate Code for CNS (#2745)
* PB Operations

* Added gRPC Boilerplate Code

* Updated package

* Minor Fixes

* gRPC Boilerplate

* Minor Changes

* Feedback PB Changes

* Ignored dotnet

* Improved Logging

* PB Operations with Gen Code

* Cherry Picking PB Operations

* SetOrchestratorInfo Implementation

* gRPC Boilerplate Server Startup

* FIxed Merge Conflicts

* Resolved Merge Conflicts

* Removed gitignore

* Add gRPC Protobuf Files for CNS Operations (#2754)

* PB Operations

* Updated Protobuf Service Name

* Package Rename

---------

Co-authored-by: Kevin <t-kcamacho@microsoft.com>

* refactor: code changes for stateless cni and swift v2 (#2688)

* ci: changes up to endpointInternal

* ci: remove defaultInterface from invoker

* ci: change up to CreateEndpoint

* ci: changes up to CreateEndpoint()

* ci: invoker cns and UT fixes

* ci: add fixes to UT(s), capture non populated defaultInterface failures

* ci: multitenancy changes

* ci: invoker azure changes & remove all defaultInterfaceInfo possible

* ci add NICType to baremetal flow

* chore: address comments

* merge nw info fields to ep info and draft new createEndpoint function

* restruct ipamAddResult struct

* reorder code to create epinfo first, and then create network and ep based on epinfo

* add getNwInfo and generate ipamAddResult

* fix network windows.go

* create nw info first and create nw and ep dns info

* fix testIpamAddFail ut referencing wrong redeclared err variable, fix error message

* UT fix part one

* fix the getNetworkID and getNetworkInfo

* move create endpoint to network package, remove ifIndex as needed

* use function to get network id

* unify creation of nw and endpoint info by removing switch

* change functions to consume ep info instead of nw info

* remove unused variable accidentally added earlier

* update old azure ipam invoker to use ep info and change ids to network ids when appropriate

previously we renamed the NetworkInfo symbol to EndpointInfo in lots of places, but the Id in Network Info is NOT the same as Endpoint Info, so while the code compiles, code that previously used the id field of the network info struct would now be using the id field of the endpoint info struct. It should use the NetworkId field of the endpoint info struct instead.

* rename endpoint info id field to EndpointID to remove ambiguity

* change nw info to ep info in windows

* adjust comments

* move all methods in create ep info dependent on nw info to use ep info instead (windows and linux)

addSubnetToNetworkInfo, setNetworkOptions, and getEndpointPolicies. getEndpointPolicies will now take just the subnets needed as a parameter rather than the whole nw or ep info.

* make cnm compile (not necessarily correct)

* make all tests compile except endpoint test secondary client (windows and linux) (not necessarily correct)

* comment out endpoint test secondary endpoint client case to make tests compile

* address todos and comments from meeting

* remove duplicated code for populating address in ep info generation

* update EndpointCreate to support multiple infra nic

* save all endpoints to state, regardless of type, use either stateless or cni statefile

undos some changes in "move create endpoint to network package, remove ifIndex as needed"
deletion flow needs to figure out how to tell if the nic type is delegated
1 interface info : 1 endpoint info : 1 endpoint struct mapping

* fix dual nic support conditional and finding master interface ip

the master interface ip must be in a particular form where the last few bits are zeroed out based on the mask or we won't find the ip
for example, while the host subnet perfix is 10.224.0.113/16, the ip that should be passed into find master interface (subnet) should be 10.224.0.0/16 which matches one of the interfaces' ipnet (10.224.0.0/16)

* fix empty network name
when we need to create a network, we collect the network information, but if we do not find the network, we return an empty nw info and an error
when we create the endpoint we need to use endpoint info's network id, not the (possibly) empty network info struct's network id

* make network_test.go compile (linux and windows compile)

unit tests are not necessarily correct at this point

* add NICType to endpoint struct and populate it

important: when getting the endpoint state, the NIC Type field is not populated, leading to deletes not having a NIC Type; this should be changed so that getting the state populates that field
including the nic type allows us to simplify the secondary endpoints delete flow (just check if the nic type is delegated instead of checking if the secondary interfaces map is populated)

smoke tested:
linux aks podsubnet (same vm, multi vm, internet, cni statefile consistent)
linux standalone transparent vlan multitenancy (same vm, multi vm, internet, multi vnet, no connection between coke pepsi, cni statefile consistent)
windows standalone bridge multitenancy single customer (same vm connections, internet, dns only, cni statefile consistent, 2 pods deleting and recreating)

* ci: InterfaceInfo Map

* fix multitenancy_test ut by changing key

* add endpoint id to secondary ep info test since we populate the id in the actual flow

* fix cni network_test linux and ensure secondary create ep info does not break

in network_test we pass in sample delegated (secondary) data to Add which we then create endpoint info from
even with most fields empty, in linux, the ep info is created without erroring

* make invoker_cns_test linux pass

running all linux package tests for network and cni package pass (or also fail on master, like createBridge)
windows unit tests mostly all fail for the same ones on master and this branch
summary:
	- network_windows_test.go
		○ TestFailToAddIPv6DefaultRoute already fails on master
	- network_test.go
		○ 9 tests fail on master, 9 tests fail on my branch
	- manager_test.go
		○ 9 tests fail on master, 9 tests fail on my branch
	- endpoint_windows_test.go
		○ TestNewAndDeleteEndpointImplHnsV2 already timeouts on master
	- endpoint_test.go
		○ 9 tests fail on  master, 9 tests fail on my branch
	- network_windows_test.go
		○ FAIL: TestPluginSecondAddSamePodWindows/CNI_consecutive_add_already_hot_attached
		○ FAIL: TestPluginSecondAddSamePodWindows/CNI_consecutive_add_not_hot_attached
		○ We don't handle consecutive add anymore
	- network_test.go
		○ TestPluginMultitenancyAdd/Add_Happy_path fails on master and my branch (received multiple NC results [] from CNS while dualnic feature is not supported)-- we still get two items on our list/map though which is expected
	- invoker_cns_test passes
	- invoker_azure_test passes
        - multitenancy_test passes
The consecutive add tests fail but that is expected since we no longer support it.

* modify delete flow to handle multiple epinfos to delete

delete ALL endpoints related to the endpoint infos list in the event cni fails half-way through an add (one failed endpoint create and we delete all would-be-create endpoints and the state)
replace looping over deletion code "n" number of times with getting a slice of endpoint infos to delete
modify stateless cni code to retrieve a slice of network endpoint infos from a single response based on the container id (container id can be used in stateless cni for retrieval)
incorporate stateless cni changes from other branch (cns client/ipam/restserver changes)
modify get endpoint state to return slice of endpoint infos, and getting an endpoint will return an endpoint from that slice with nic type infra
move edge case where endpoint is not created in the state but ips are already allocated to immediately after retrieving all ep infos
fix mock behavior for getting all endpoints by container id
move getting network id and network info out of the loop because their values do not seem to change between iterations
move deletion of endpoint logic into a dedicated loop, and then create a dedicate loop for calling ipam delete to prevent inconsistent state

all expected unit tests on linux pass

* address feedback

* Make change to UpdateEndpointState API to support SwiftV2 for Stateless CNI

* change save state to only call update endpoint state once with a slice of endpoints, uts pass

* fix using nonexistent key by passing in current interface info directly

* fix azure ipam invoker not getting a populated network info for legacy cni

* add L1VH windows support

* add nic type to windows endpoints

* move adding an external interface code to run only when creating a new network

this change reflects prior behavior, where we would only add an external interface to the statefile if the network (after searching through all external interfaces) was not found
currently, if there are multiple interfaces that could be selected as the master, we would add each external interface to the statefile, even if the *network* is associated with one of the existing interfaces
while we would still always find the same network (thanks to having a constant NetworkId, regardless of the external interface), you could get an extra empty external interface in your statefile
this commit should remove that possibility (the extra external interface shouldn't really matter in the first place though because we always select the external interface that has a matching network created on it)
this should be os agnostic

* update comments, first todo check pass

* address some linter issues

* rename networkId to networkID in endpoint info

ran package tests in windows and linux for cni and network packages
ran package tests in linux for cns restserver
all have expected outputs (either pass, or also fails on master branch)

* address linter issues

* preserve more logs and reduce timeout for restart for debugging

* clean comments and rename for clarity

if we use the endpoint info for the network info fields, we name it nwInfo as a hint

* address more linter issues

linux network, restserver, and cni package tests pass

* Revert "preserve more logs and reduce timeout for restart for debugging"

This reverts commit 0f004925cf.

* ignore error on delete flow network query

if we are in stateful cni and do not find the network, we will not error, but when we search for the endpoint it will not be found, leading to us calling ipam invoker delete which is assumed idempotent before returning
previously we would error in stateful cni and return before calling ipam invoker delete

* delete network on endpoint delete if stateless and delegated vmnic (win + linux)

* add nic name, set nicname in linux to master interface name

stateless will key into interface map with the nicname field
in windows, the nicname field is based on the args ifname (usually eth0)
in linux, the nicname field is based on the master interface found (usually eth0)

note:
hostifname/hostvethname = linux veth pair peer in the host ns
ifname/contifname = linux veth pair peer in the container ns, in windows it's just the args ifname
nicname is something else
ifname isn't used during deletion in linux, hns id is used for deletion in windows

* return secondary interface as cni result if no infra nic found, include mac address in cni result

* address linter issue

* fix critical error where failing to add in windows stateless would lead to hns components not being deleted and add netns for hnsv2

tested by triggering a failure to save the stateless state and seeing that the hns endpoint and network are cleaned up
we use the endpoint info to clean up on "add" error, but previously, we didn't populate it with the hns ids to do so

adds netns to stateless as the presence of a valid guid in netns determines if hnsv2 is used

* set nicname used in stateless cni according to feedback

* add dummy guid to stateless delete since we assume stateless is always hnsv2

we assume that the netns value isn't used in stateless deletion

* clean up createEpInfo, declare endpoint info once

* address feedback from vipul

* change comments only

* revert change to cns package

* fix stateless cni migration flow not having nictype on migrate

* keep nwInfo variables named the same as before pr (noop)

* separate endpoint and network policies in endpoint info

behavior should not change except in hnsv1, where network policies passed into network create call will NOT include endpoint policies
endpoint policies always include network policies

* address feedback from reviewers

* address feedback and account for case where cns provides info without nic type

if nic type is empty from cns in invoker cns, we assume it is infra nic type and populate it with infra nic type

* address feedback to declare endpoint info once and populate all fields at once

moved add subnets to after endpoint info created
moved retrieval of all endpoint policies (from getEndpointPolicies and getPoliciesFromRuntimeCfg)until after endpoint info created
network policies are just passed in from the args unaltered

* use ifname instead of nicname field in endpoint struct as key in stateless

* convert macaddress only nictype is delegatedvmnic

* address feedback by removing network dns settings

* address linter issues (noop)

* address feedback and linter (noop)

* remove unused consecutive add funcs (noop)

* fix release ips when create a container without nictype using older cni and then upgrade cni and delete

if we create a pod with an older cni version, it won't have a nictype
if we upgrade cni and then delete, we should treat an empty nictype as an infra nictype and
call the invoker delete

* prevent eps with delegated nic type present on ep from also calling transparent endpoint client on delete

tested on swift v2 linux single pod add, change cni to this version, delete (ok)
then add using this cni version and delete, no extraneous transparent endpoint client calls logged

* mock get interface method for ut

searched for "NetPlugin" in all files and determined all prod use of NetPlugin goes through NewNetPlugin where we set the get interface method to the real interface get method
adds ut where the master interface (by mac) is not found

* address feedback (noop)

* add ut for handling empty nictype on cns add (noop)

* add multitenancy delete net not found ut (noop)

* add uts for multi interface infos single add call, verify endpoint id, cns to cni data conversion and vice versa, get endpoint info from container id (noop)

verifies partial success will delete all endpoints, even successfully created ones in the same cni add call

* add ut for all pods associated with container id delete in one del call, new secondary delete flow (noop)

* add two UTs

* fix a linter issue

* add ut to check endpoint ifname on new endpoint creation based on nictype (noop)

* add ut for fail to find interface by subnet (noop)

* Adding support for Stateless CNI Delete Edge case when there in no HNS ID

* fix uts

* fix linter issues

* fix ut

---------

Co-authored-by: jpayne3506 <payne.3506@gmail.com>
Co-authored-by: paulyufan2 <paulyu01@outlook.com>
Co-authored-by: AzureAhai <behzadm@microsoft.com>

* Corrected imports

* Final Commit

* Updated .gitignore

* Added dummy methods for PB operatons

* Modularized CNS

* Improved configurations

* Resolved Concflicts

* Resolved cns logic error

* Improved config structure

* Resolved Conflicts

* Updated Main

* Removed Config

* WIP: 34307edf Fixed return code

---------

Co-authored-by: Kevin <t-kcamacho@microsoft.com>
Co-authored-by: QxBytes <39818795+QxBytes@users.noreply.github.com>
Co-authored-by: jpayne3506 <payne.3506@gmail.com>
Co-authored-by: paulyufan2 <paulyu01@outlook.com>
Co-authored-by: AzureAhai <behzadm@microsoft.com>
2024-06-14 17:43:47 +00:00
John Payne c1d73397fe
ci: Remove depreciated values from Cilium nightly config (#2787)
* ci: remove enable-remote-node-identity from nightly config

* ci: remove sidecar-istio-proxy-image
2024-06-14 17:31:55 +00:00
dependabot[bot] d613309a88
deps: bump github.com/golangci/golangci-lint from 1.59.0 to 1.59.1 in /build/tools (#2774)
deps: bump github.com/golangci/golangci-lint in /build/tools

Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.59.0 to 1.59.1.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.59.0...v1.59.1)

---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-14 17:31:49 +00:00
Jackie Luc 33de98f5ad
[CNS] refactor: remove redundant check for TLSSettings.TLSPort (#2780)
refactor: remove redundant check for TLSSettings.TLSPort
2024-06-14 17:08:13 +00:00
Evan Baker 7d2a7d7b97
fix: move CNS to distroless-iptables base image (#2661)
* fix: move cns to distroless base image
with iptables

Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>

* fix: add debug container to CNS Pod for tests

Signed-off-by: GitHub <noreply@github.com>

---------

Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
Signed-off-by: GitHub <noreply@github.com>
2024-06-14 17:04:02 +00:00
Behzad Mirkhanzadeh 49f4c56881
feat: bumping dropGZ to 1.6.0 and adding stateless CNI to Windows (#2785) 2024-06-13 19:56:18 +00:00
bohuini 5526348fa9
fix: Rename test file (#2784)
* Rename test file

* Modified UT

* Modified setRoutes name
2024-06-13 19:28:52 +00:00
Behzad Mirkhanzadeh 6b86c47519
fix: Editing makefile to add stateless CNI binary to the archives (#2775) 2024-06-12 05:24:47 +00:00
Andy Chan 7de898b824
feat: New yaml file for updated CNI and CNS version (#2772)
* feat: New yaml file for updated CNI and CNS version

* Use CNS 1.5.28
2024-06-12 00:28:10 +00:00
Camryn Lee 219317c006
ci: makefile ACN_VERSION exclusions (#2783)
* change makefile acn_verison exclusions

* space
2024-06-11 21:40:37 +00:00
dependabot[bot] d5116f8311
deps: bump google.golang.org/protobuf from 1.34.1 to 1.34.2 in /build/tools (#2776)
deps: bump google.golang.org/protobuf in /build/tools

Bumps google.golang.org/protobuf from 1.34.1 to 1.34.2.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-11 18:07:46 +00:00
dependabot[bot] 5c8221ec3f
deps: bump google.golang.org/protobuf from 1.34.1 to 1.34.2 (#2777)
Bumps google.golang.org/protobuf from 1.34.1 to 1.34.2.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-11 18:07:31 +00:00
Camryn Lee aa2577fdf8
ci: build ipv6-hp-bpf in pipeline (#2769)
* build ipv6-hp-bpf img in pipeline

* test binary build

* use sudo

* build separate binaries

* test archives

* combine dockerfiles and build cmds

* setup binary builds

* fix makefile

* parameterize arch for dockerfile cp and library installation
2024-06-11 16:05:07 +00:00
Jackie Luc de225e4d34
feat: add mTLS to CNS (#2751)
* feat: add UseMTLS config

* feat: add mTLS auth for CNS

* test: add testdata for mTLS tests

* chore: add logs on TLS config retrieval

* lint: in tests

* refactor: use CNS logger, not ACN logger

* refactor: add guards to mtlsRootCAsFromCertificate and unit tests

* lint: fix lint errors

* test: include HTTP listener tests for when TLS/mTLS is enabled

* chore: add log for stopping the TLS listener

* test: add test helper to create certificates for testing instead of using hardcoded pem file

* test: assert non-TLS service has no TLSSettings

* test: refactor TestMtlsRootCAsFromCertificate to table-based tests

* refactor: pull listener addresses from listener and remove redundant struct field for tls address
2024-06-07 22:26:49 +00:00
bohuini 13f7037fd9
feat: Added NIC type and modified setRoutes function to support Windows (#2679)
* Added NIC type and modified setRoutes function to support Windows

* Removed deprecated nic types
2024-06-07 20:49:55 +00:00
Camryn Lee 7e8b45f4f5
ci: skip async delete for nightly pipeline (#2765)
* skip async delete in nightly pipeline since we use hard version of azure-ipam

* update spacing

* address comment
2024-06-05 19:09:28 +00:00
Camryn Lee 3e10379143
ci: cilium-nightly skip test check-log-errors (#2763)
skip check-log-errors
2024-06-05 19:08:30 +00:00
dependabot[bot] 49509a9b2a
deps: bump golang.org/x/sys from 0.20.0 to 0.21.0 (#2768)
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.20.0 to 0.21.0.
- [Commits](https://github.com/golang/sys/compare/v0.20.0...v0.21.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-05 18:22:02 +00:00
dependabot[bot] 9b749ffc37
deps: bump golang.org/x/crypto from 0.23.0 to 0.24.0 (#2767)
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.23.0 to 0.24.0.
- [Commits](https://github.com/golang/crypto/compare/v0.23.0...v0.24.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-05 18:21:52 +00:00
ZetaoZhuang 7b5b879965
add azr metrics in heartbeats (#2735)
* add azr metrics in heartbeats

* fix bug

* address comment

* address comment

* move heartbeat.go under metric folder

* emit error infos for getHomeAZ failures

* ignore exhuastive check

---------

Co-authored-by: Saksham Mittal <111590532+smittal22@users.noreply.github.com>
2024-06-05 09:52:25 +00:00
dependabot[bot] ef69d47c1f
deps: bump google.golang.org/grpc/cmd/protoc-gen-go-grpc from 1.3.0 to 1.4.0 in /build/tools (#2761)
deps: bump google.golang.org/grpc/cmd/protoc-gen-go-grpc in /build/tools

Bumps [google.golang.org/grpc/cmd/protoc-gen-go-grpc](https://github.com/grpc/grpc-go) from 1.3.0 to 1.4.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.3.0...v1.4.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc/cmd/protoc-gen-go-grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-04 15:02:17 +00:00
dependabot[bot] 40318af5af
deps: bump github.com/spf13/viper from 1.18.2 to 1.19.0 (#2760)
Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.18.2 to 1.19.0.
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](https://github.com/spf13/viper/compare/v1.18.2...v1.19.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-04 14:39:28 +00:00
QxBytes 2ab9cfe823
refactor: code changes for stateless cni and swift v2 (#2688)
* ci: changes up to endpointInternal

* ci: remove defaultInterface from invoker

* ci: change up to CreateEndpoint

* ci: changes up to CreateEndpoint()

* ci: invoker cns and UT fixes

* ci: add fixes to UT(s), capture non populated defaultInterface failures

* ci: multitenancy changes

* ci: invoker azure changes & remove all defaultInterfaceInfo possible

* ci add NICType to baremetal flow

* chore: address comments

* merge nw info fields to ep info and draft new createEndpoint function

* restruct ipamAddResult struct

* reorder code to create epinfo first, and then create network and ep based on epinfo

* add getNwInfo and generate ipamAddResult

* fix network windows.go

* create nw info first and create nw and ep dns info

* fix testIpamAddFail ut referencing wrong redeclared err variable, fix error message

* UT fix part one

* fix the getNetworkID and getNetworkInfo

* move create endpoint to network package, remove ifIndex as needed

* use function to get network id

* unify creation of nw and endpoint info by removing switch

* change functions to consume ep info instead of nw info

* remove unused variable accidentally added earlier

* update old azure ipam invoker to use ep info and change ids to network ids when appropriate

previously we renamed the NetworkInfo symbol to EndpointInfo in lots of places, but the Id in Network Info is NOT the same as Endpoint Info, so while the code compiles, code that previously used the id field of the network info struct would now be using the id field of the endpoint info struct. It should use the NetworkId field of the endpoint info struct instead.

* rename endpoint info id field to EndpointID to remove ambiguity

* change nw info to ep info in windows

* adjust comments

* move all methods in create ep info dependent on nw info to use ep info instead (windows and linux)

addSubnetToNetworkInfo, setNetworkOptions, and getEndpointPolicies. getEndpointPolicies will now take just the subnets needed as a parameter rather than the whole nw or ep info.

* make cnm compile (not necessarily correct)

* make all tests compile except endpoint test secondary client (windows and linux) (not necessarily correct)

* comment out endpoint test secondary endpoint client case to make tests compile

* address todos and comments from meeting

* remove duplicated code for populating address in ep info generation

* update EndpointCreate to support multiple infra nic

* save all endpoints to state, regardless of type, use either stateless or cni statefile

undos some changes in "move create endpoint to network package, remove ifIndex as needed"
deletion flow needs to figure out how to tell if the nic type is delegated
1 interface info : 1 endpoint info : 1 endpoint struct mapping

* fix dual nic support conditional and finding master interface ip

the master interface ip must be in a particular form where the last few bits are zeroed out based on the mask or we won't find the ip
for example, while the host subnet perfix is 10.224.0.113/16, the ip that should be passed into find master interface (subnet) should be 10.224.0.0/16 which matches one of the interfaces' ipnet (10.224.0.0/16)

* fix empty network name
when we need to create a network, we collect the network information, but if we do not find the network, we return an empty nw info and an error
when we create the endpoint we need to use endpoint info's network id, not the (possibly) empty network info struct's network id

* make network_test.go compile (linux and windows compile)

unit tests are not necessarily correct at this point

* add NICType to endpoint struct and populate it

important: when getting the endpoint state, the NIC Type field is not populated, leading to deletes not having a NIC Type; this should be changed so that getting the state populates that field
including the nic type allows us to simplify the secondary endpoints delete flow (just check if the nic type is delegated instead of checking if the secondary interfaces map is populated)

smoke tested:
linux aks podsubnet (same vm, multi vm, internet, cni statefile consistent)
linux standalone transparent vlan multitenancy (same vm, multi vm, internet, multi vnet, no connection between coke pepsi, cni statefile consistent)
windows standalone bridge multitenancy single customer (same vm connections, internet, dns only, cni statefile consistent, 2 pods deleting and recreating)

* ci: InterfaceInfo Map

* fix multitenancy_test ut by changing key

* add endpoint id to secondary ep info test since we populate the id in the actual flow

* fix cni network_test linux and ensure secondary create ep info does not break

in network_test we pass in sample delegated (secondary) data to Add which we then create endpoint info from
even with most fields empty, in linux, the ep info is created without erroring

* make invoker_cns_test linux pass

running all linux package tests for network and cni package pass (or also fail on master, like createBridge)
windows unit tests mostly all fail for the same ones on master and this branch
summary:
	- network_windows_test.go
		○ TestFailToAddIPv6DefaultRoute already fails on master
	- network_test.go
		○ 9 tests fail on master, 9 tests fail on my branch
	- manager_test.go
		○ 9 tests fail on master, 9 tests fail on my branch
	- endpoint_windows_test.go
		○ TestNewAndDeleteEndpointImplHnsV2 already timeouts on master
	- endpoint_test.go
		○ 9 tests fail on  master, 9 tests fail on my branch
	- network_windows_test.go
		○ FAIL: TestPluginSecondAddSamePodWindows/CNI_consecutive_add_already_hot_attached
		○ FAIL: TestPluginSecondAddSamePodWindows/CNI_consecutive_add_not_hot_attached
		○ We don't handle consecutive add anymore
	- network_test.go
		○ TestPluginMultitenancyAdd/Add_Happy_path fails on master and my branch (received multiple NC results [] from CNS while dualnic feature is not supported)-- we still get two items on our list/map though which is expected
	- invoker_cns_test passes
	- invoker_azure_test passes
        - multitenancy_test passes
The consecutive add tests fail but that is expected since we no longer support it.

* modify delete flow to handle multiple epinfos to delete

delete ALL endpoints related to the endpoint infos list in the event cni fails half-way through an add (one failed endpoint create and we delete all would-be-create endpoints and the state)
replace looping over deletion code "n" number of times with getting a slice of endpoint infos to delete
modify stateless cni code to retrieve a slice of network endpoint infos from a single response based on the container id (container id can be used in stateless cni for retrieval)
incorporate stateless cni changes from other branch (cns client/ipam/restserver changes)
modify get endpoint state to return slice of endpoint infos, and getting an endpoint will return an endpoint from that slice with nic type infra
move edge case where endpoint is not created in the state but ips are already allocated to immediately after retrieving all ep infos
fix mock behavior for getting all endpoints by container id
move getting network id and network info out of the loop because their values do not seem to change between iterations
move deletion of endpoint logic into a dedicated loop, and then create a dedicate loop for calling ipam delete to prevent inconsistent state

all expected unit tests on linux pass

* address feedback

* Make change to UpdateEndpointState API to support SwiftV2 for Stateless CNI

* change save state to only call update endpoint state once with a slice of endpoints, uts pass

* fix using nonexistent key by passing in current interface info directly

* fix azure ipam invoker not getting a populated network info for legacy cni

* add L1VH windows support

* add nic type to windows endpoints

* move adding an external interface code to run only when creating a new network

this change reflects prior behavior, where we would only add an external interface to the statefile if the network (after searching through all external interfaces) was not found
currently, if there are multiple interfaces that could be selected as the master, we would add each external interface to the statefile, even if the *network* is associated with one of the existing interfaces
while we would still always find the same network (thanks to having a constant NetworkId, regardless of the external interface), you could get an extra empty external interface in your statefile
this commit should remove that possibility (the extra external interface shouldn't really matter in the first place though because we always select the external interface that has a matching network created on it)
this should be os agnostic

* update comments, first todo check pass

* address some linter issues

* rename networkId to networkID in endpoint info

ran package tests in windows and linux for cni and network packages
ran package tests in linux for cns restserver
all have expected outputs (either pass, or also fails on master branch)

* address linter issues

* preserve more logs and reduce timeout for restart for debugging

* clean comments and rename for clarity

if we use the endpoint info for the network info fields, we name it nwInfo as a hint

* address more linter issues

linux network, restserver, and cni package tests pass

* Revert "preserve more logs and reduce timeout for restart for debugging"

This reverts commit 0f004925cf.

* ignore error on delete flow network query

if we are in stateful cni and do not find the network, we will not error, but when we search for the endpoint it will not be found, leading to us calling ipam invoker delete which is assumed idempotent before returning
previously we would error in stateful cni and return before calling ipam invoker delete

* delete network on endpoint delete if stateless and delegated vmnic (win + linux)

* add nic name, set nicname in linux to master interface name

stateless will key into interface map with the nicname field
in windows, the nicname field is based on the args ifname (usually eth0)
in linux, the nicname field is based on the master interface found (usually eth0)

note:
hostifname/hostvethname = linux veth pair peer in the host ns
ifname/contifname = linux veth pair peer in the container ns, in windows it's just the args ifname
nicname is something else
ifname isn't used during deletion in linux, hns id is used for deletion in windows

* return secondary interface as cni result if no infra nic found, include mac address in cni result

* address linter issue

* fix critical error where failing to add in windows stateless would lead to hns components not being deleted and add netns for hnsv2

tested by triggering a failure to save the stateless state and seeing that the hns endpoint and network are cleaned up
we use the endpoint info to clean up on "add" error, but previously, we didn't populate it with the hns ids to do so

adds netns to stateless as the presence of a valid guid in netns determines if hnsv2 is used

* set nicname used in stateless cni according to feedback

* add dummy guid to stateless delete since we assume stateless is always hnsv2

we assume that the netns value isn't used in stateless deletion

* clean up createEpInfo, declare endpoint info once

* address feedback from vipul

* change comments only

* revert change to cns package

* fix stateless cni migration flow not having nictype on migrate

* keep nwInfo variables named the same as before pr (noop)

* separate endpoint and network policies in endpoint info

behavior should not change except in hnsv1, where network policies passed into network create call will NOT include endpoint policies
endpoint policies always include network policies

* address feedback from reviewers

* address feedback and account for case where cns provides info without nic type

if nic type is empty from cns in invoker cns, we assume it is infra nic type and populate it with infra nic type

* address feedback to declare endpoint info once and populate all fields at once

moved add subnets to after endpoint info created
moved retrieval of all endpoint policies (from getEndpointPolicies and getPoliciesFromRuntimeCfg)until after endpoint info created
network policies are just passed in from the args unaltered

* use ifname instead of nicname field in endpoint struct as key in stateless

* convert macaddress only nictype is delegatedvmnic

* address feedback by removing network dns settings

* address linter issues (noop)

* address feedback and linter (noop)

* remove unused consecutive add funcs (noop)

* fix release ips when create a container without nictype using older cni and then upgrade cni and delete

if we create a pod with an older cni version, it won't have a nictype
if we upgrade cni and then delete, we should treat an empty nictype as an infra nictype and
call the invoker delete

* prevent eps with delegated nic type present on ep from also calling transparent endpoint client on delete

tested on swift v2 linux single pod add, change cni to this version, delete (ok)
then add using this cni version and delete, no extraneous transparent endpoint client calls logged

* mock get interface method for ut

searched for "NetPlugin" in all files and determined all prod use of NetPlugin goes through NewNetPlugin where we set the get interface method to the real interface get method
adds ut where the master interface (by mac) is not found

* address feedback (noop)

* add ut for handling empty nictype on cns add (noop)

* add multitenancy delete net not found ut (noop)

* add uts for multi interface infos single add call, verify endpoint id, cns to cni data conversion and vice versa, get endpoint info from container id (noop)

verifies partial success will delete all endpoints, even successfully created ones in the same cni add call

* add ut for all pods associated with container id delete in one del call, new secondary delete flow (noop)

* add two UTs

* fix a linter issue

* add ut to check endpoint ifname on new endpoint creation based on nictype (noop)

* add ut for fail to find interface by subnet (noop)

* Adding support for Stateless CNI Delete Edge case when there in no HNS ID

* fix uts

* fix linter issues

* fix ut

---------

Co-authored-by: jpayne3506 <payne.3506@gmail.com>
Co-authored-by: paulyufan2 <paulyu01@outlook.com>
Co-authored-by: AzureAhai <behzadm@microsoft.com>
2024-06-01 01:36:32 +00:00
Kevin Camacho 96a989e078
Add gRPC Protobuf Files for CNS Operations (#2754)
* PB Operations

* Updated Protobuf Service Name

* Package Rename

---------

Co-authored-by: Kevin <t-kcamacho@microsoft.com>
2024-05-31 17:02:11 +00:00
Camryn Lee 0475212f9f
feat: eBPF ingress/egress TC program for cilium external LB (#2710)
* tc egress + ingress bpf program for external lb dualstack svcs

* changes work with ip -6 neigh add for LL

* adding README and updated printk

* use helper func to compare IPs

* fix checksum

* prep makefile changes for future image installs

* remove generated files, update paths, addressing comments

* remove old path

* update dockerfile for bpf-tc

* implement zap logging

* update dockerfile

* create qdisc before cilium so initcontainer can start bpf-tc to attach filters

* addressing comments and change use debug macro for prints

* remove checksum flag

* logs to outfile

* reduce image size, run nft delete in main.go, delete filters if they exist before adding on restart

* rename to ipv6-hp-bpf

* reorder load_bytes

* delete filter by name
2024-05-30 20:43:37 +00:00
Shreya 6dabf708f7
chore: update cilium-operator security context (#2755)
* update cil-operator security context

* add security context to 1.14 template
2024-05-30 17:09:58 +00:00
Camryn Lee 91d1e76e94
ci: skip no-unexpected-packet-drops for cilium dualstack e2e (#2749)
skip no-unexpected-packet-drops for cilium dualstack pr
2024-05-30 17:09:33 +00:00
John Payne a1ce2878dc
ci: Remove merge queue workflow (#2704)
ci: remove workflow
2024-05-30 17:07:42 +00:00
dependabot[bot] e491f20ae0
deps: bump github.com/golangci/golangci-lint from 1.58.1 to 1.59.0 in /build/tools (#2752)
deps: bump github.com/golangci/golangci-lint in /build/tools

Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.58.1 to 1.59.0.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.58.1...v1.59.0)

---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-28 13:07:47 +00:00
dependabot[bot] 6a9b1554d8
deps: bump github.com/hashicorp/go-version from 1.6.0 to 1.7.0 (#2753)
Bumps [github.com/hashicorp/go-version](https://github.com/hashicorp/go-version) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/hashicorp/go-version/releases)
- [Changelog](https://github.com/hashicorp/go-version/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/go-version/compare/v1.6.0...v1.7.0)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-version
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-28 13:07:22 +00:00
dependabot[bot] 8653b039c9
deps: bump google.golang.org/grpc from 1.63.2 to 1.64.0 (#2741)
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.63.2 to 1.64.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.63.2...v1.64.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-20 23:03:43 +00:00
Matthew Long 90df8a1d5a
feat: plumb accelnet bool through interfaceinfo (#2746) 2024-05-20 22:33:57 +00:00
dependabot[bot] 1d8f89e3ce
deps: bump github.com/golangci/golangci-lint from 1.58.0 to 1.58.1 in /build/tools (#2737)
deps: bump github.com/golangci/golangci-lint in /build/tools

Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.58.0 to 1.58.1.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.58.0...v1.58.1)

---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-20 19:46:10 +00:00
dependabot[bot] c106f0f489
deps: bump github.com/containernetworking/plugins from 1.4.0 to 1.5.0 in /azure-ipam (#2744)
deps: bump github.com/containernetworking/plugins in /azure-ipam

Bumps [github.com/containernetworking/plugins](https://github.com/containernetworking/plugins) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/containernetworking/plugins/releases)
- [Commits](https://github.com/containernetworking/plugins/compare/v1.4.0...v1.5.0)

---
updated-dependencies:
- dependency-name: github.com/containernetworking/plugins
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-20 19:38:36 +00:00
Evan Baker 3c9450d9ce
fix: order of healthz and readyz arguments (#2743)
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
2024-05-20 19:21:37 +00:00
John Payne 5033a0c9e3
ci: create template for cilium cli install (#2736) 2024-05-17 00:48:16 +00:00
Vipul Singh c9682a60bd
ci: adding a retry login on exec cmd on failure (#2740) 2024-05-17 00:42:19 +00:00
dependabot[bot] cba6ded6b1
ci: bump Azure/login from 2.0.0 to 2.1.0 (#2691)
Bumps [Azure/login](https://github.com/azure/login) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/azure/login/releases)
- [Commits](https://github.com/azure/login/compare/v2.0.0...v2.1.0)

---
updated-dependencies:
- dependency-name: Azure/login
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-17 00:41:09 +00:00
Camryn Lee 512d2d4672
ci: test async delete in cilium stages (#2725)
* add async delete testing to cilium stages

* Revert "revert: async delete changes for azure-ipam (#2346)"

This reverts commit 5b9aaef6ad.

* tidy

* use exit code in script

* add async delete to cilium load test

* tidy
2024-05-17 00:37:52 +00:00
shchen 5e1b2adf6c
Add unblock condition for the swiftv2 tests. (#2738)
* Add unblock condition for the swiftv2 tests.

* Temp commit to convert all the test failure into t.Logf to unblock the pipeline.

* Revert "Temp commit to convert all the test failure into t.Logf to unblock the pipeline."

This reverts commit a4f7d95b54.

* Unblock the pipeline from the swiftv2 result.

* Add the condition to let continue on failures.

* Move the continue on error to the correct place.

* Unblock the pipeline and log the testing result

* Update the continue on error parameter.

* Remove unnecessary part when we have continue on error.

* Remove unnecessary tests and add continue on error.

* Add continue on error parameter.

* remove the comment out code.
2024-05-17 00:37:29 +00:00
Evan Baker 0c598e3e68
fix: pin Windows images (#2742)
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
2024-05-16 23:45:44 +00:00
Behzad Mirkhanzadeh 4370e6e93c
feat: Adding MACAddress to CNS endpoint State and refactoring stateless CNI code (#2722)
* Adding MACAddress to CNS endpointState and also refactoring statelss cni code

* Addressing the comments.

* Addressing the comments
2024-05-08 00:07:03 +00:00