01085728bb
fix: Add NAT Policies for Windows AKS-Swift Scenario ( #1036 )
...
* Add DNS NAT policy for windows AKS-Swift scenario
* Addressing comments
Co-authored-by: Jaeryn <tsun.chu@microsoft.com>
2021-10-20 13:58:10 -07:00
519aeca381
fix: Fail network creation if handleCommonOptions return error ( #1063 )
...
* handle errors in setting up routes and iptables for AKS-Swift
* added netio interface in networkmanager
2021-10-19 10:54:49 -07:00
279911c94a
Support for Dualstack transparent ( #1046 )
...
* ipv6 dualstack support transparent mode
* golint fixes
* fixed linter errors
* enable ipv6 setting
* dualstack transparent changes
* abstracted platform execute command
* lint fixes
fix compilation issues
* addressed comments
* fixed a bug
2021-10-15 14:28:37 -07:00
dfc70acbd9
[NPM] Adding prefixes to IPSets in dataplane ( #1047 )
...
* [NPM] Adding prefixes to IPSets in dataplane
* Correcting a linting issue
* Using the correct case for metadata
* Adding IOShim for both windows and linux
* splitting ioshim for each os
* correcting a import error
* correcting some mistakes
* Adding tests for policies in Dp
* fixing a testname
* Updating the dataplane mock file
* removing dataplane mocks from dataplane tests as their scope is controllers
2021-10-11 13:11:45 -07:00
4d27a9f6c0
feat: Adds support for HNS L4WFPProxyPolicy ( #1003 )
...
Fixes #1002
Allow the cni plugin to marshall and apply L4WFPProxyPolicy
to Windows endpoints.
Tested on Kubernetes v1.19 with AKS-engine and docker/containerd runtime
Signed-off-by: Sotiris Nanopoulos <sonanopo@microsoft.com>
2021-09-27 12:11:59 -05:00
f9c4b8549a
Set MTU for veths based on VM interface ( #1031 )
...
* Set MTU for veths based on VM interface
* ignore setmtu error
2021-09-22 17:28:50 -07:00
62172a4387
wrap hnsv2 calls and add a test with mocks ( #1012 )
...
* feat: update cns client (#992 )
* fix debug commands
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* fix: update cns client
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* add ctx to debug calls
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* repackage cns client
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* add ctx to all methods and preinit all route urls
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* down-scope cns client interface and move to consumer packages
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* no unkeyed struct literals
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* trace updated client method signatures out through windows paths
* delint
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* fix windows build
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* delint
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* Remove dead codes from telemetry package (#1004 )
* Netlink package interfacing and adding a fake (#996 )
* Initial pass at Netlink interface
* changing some netlink and epc
* Resolcing all dependencies on netlink package
* first pass at adding a netlinkinterface
* windows working now
* feat: update cns client (#992 )
* fix debug commands
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* fix: update cns client
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* add ctx to debug calls
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* repackage cns client
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* add ctx to all methods and preinit all route urls
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* down-scope cns client interface and move to consumer packages
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* no unkeyed struct literals
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* trace updated client method signatures out through windows paths
* delint
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* fix windows build
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* delint
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* windows working now
* Some golints checks
* commenting a flaky NPM UT and adding some golint checks
* renaming fakenetlink to mocknetlink
* removing a mock netlink usage
* fixing more golints and a test fix
* fixing more go lints
* Adding in netlink from higher level as input
* adding netlinkinterface to windows endpoint impl
* removing netlink name confusion
Co-authored-by: Evan Baker <rbtr@users.noreply.github.com>
* wrap hns calls
* correct delete endpoint test
* tag with windows
* change uuid for fake
* change parameter name to be relevant
* update to add comment and fix build tag
* include build tag on wrapper
* correct merge conflict error
Co-authored-by: Evan Baker <rbtr@users.noreply.github.com>
Co-authored-by: JungukCho <jungukcho@microsoft.com>
Co-authored-by: Vamsi Kalapala <vakr@microsoft.com>
2021-09-21 10:39:01 -06:00
99a856982c
cni/network unit test coverage ( #1020 )
...
* adding uts
* feat: update cns client (#992 )
* fix debug commands
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* fix: update cns client
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* add ctx to debug calls
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* repackage cns client
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* add ctx to all methods and preinit all route urls
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* down-scope cns client interface and move to consumer packages
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* no unkeyed struct literals
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* trace updated client method signatures out through windows paths
* delint
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* fix windows build
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* delint
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* Remove dead codes from telemetry package (#1004 )
* Netlink package interfacing and adding a fake (#996 )
* Initial pass at Netlink interface
* changing some netlink and epc
* Resolcing all dependencies on netlink package
* first pass at adding a netlinkinterface
* windows working now
* feat: update cns client (#992 )
* fix debug commands
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* fix: update cns client
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* add ctx to debug calls
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* repackage cns client
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* add ctx to all methods and preinit all route urls
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* down-scope cns client interface and move to consumer packages
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* no unkeyed struct literals
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* trace updated client method signatures out through windows paths
* delint
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* fix windows build
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* delint
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* windows working now
* Some golints checks
* commenting a flaky NPM UT and adding some golint checks
* renaming fakenetlink to mocknetlink
* removing a mock netlink usage
* fixing more golints and a test fix
* fixing more go lints
* Adding in netlink from higher level as input
* adding netlinkinterface to windows endpoint impl
* removing netlink name confusion
Co-authored-by: Evan Baker <rbtr@users.noreply.github.com>
* test: add tests for CNI Azure invoker (#1010 )
* include add tests
* test delete
* gci
* chore: Refactor UTs in telemetry packages (#1011 )
* Refactor UTs to cleanup UTs and increase UT coverages
* User assert for consistency
* Applied comments and resolve lint error
* Delete unnecessary license header
* Add UT coverage ovs_network_client (#1008 )
* Added ovsctl mock
* Changed iptables and ovsctl to use interface instead of concrete
classes
* Added tests for ovs_networkclient_linux.go
* Fix linter issues
Co-authored-by: Shriroop <shrjo@microsoft.com>
* unitest for add, delete, get
added test for handling second add call in windows
added linux and windows specific tests
added multitenancy, baremetal tests
fixed linter errors
* fix linter issue
* fix nns test
added comment
linter fixes and dependency injection from top
* adding back removed file
fixed merge issues
* linter fixes
Co-authored-by: Evan Baker <rbtr@users.noreply.github.com>
Co-authored-by: JungukCho <jungukcho@microsoft.com>
Co-authored-by: Vamsi Kalapala <vakr@microsoft.com>
Co-authored-by: Mathew Merrick <matmerr@users.noreply.github.com>
Co-authored-by: Shriroop Joshi <shriroopjoshi@users.noreply.github.com>
Co-authored-by: Shriroop <shrjo@microsoft.com>
2021-09-20 16:58:18 -07:00
32d0e12bf9
Add UT coverage ovs_network_client ( #1008 ) ( #1026 )
...
* Added ovsctl mock
* Changed iptables and ovsctl to use interface instead of concrete
classes
* Added tests for ovs_networkclient_linux.go
* Fix linter issues
Co-authored-by: Shriroop <shrjo@microsoft.com>
Co-authored-by: Shriroop Joshi <shriroopjoshi@users.noreply.github.com>
Co-authored-by: Shriroop <shrjo@microsoft.com>
2021-09-20 14:04:35 -05:00
2bd3c74811
Netlink package interfacing and adding a fake ( #996 ) ( #1025 )
...
* Initial pass at Netlink interface
* changing some netlink and epc
* Resolcing all dependencies on netlink package
* first pass at adding a netlinkinterface
* windows working now
* feat: update cns client (#992 )
* fix debug commands
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* fix: update cns client
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* add ctx to debug calls
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* repackage cns client
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* add ctx to all methods and preinit all route urls
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* down-scope cns client interface and move to consumer packages
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* no unkeyed struct literals
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* trace updated client method signatures out through windows paths
* delint
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* fix windows build
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* delint
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* windows working now
* Some golints checks
* commenting a flaky NPM UT and adding some golint checks
* renaming fakenetlink to mocknetlink
* removing a mock netlink usage
* fixing more golints and a test fix
* fixing more go lints
* Adding in netlink from higher level as input
* adding netlinkinterface to windows endpoint impl
* removing netlink name confusion
Co-authored-by: Evan Baker <rbtr@users.noreply.github.com>
Co-authored-by: Vamsi Kalapala <vakr@microsoft.com>
Co-authored-by: Evan Baker <rbtr@users.noreply.github.com>
2021-09-20 13:57:12 -05:00
69abf11d4c
feat: update cns client ( #992 )
...
* fix debug commands
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* fix: update cns client
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* add ctx to debug calls
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* repackage cns client
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* add ctx to all methods and preinit all route urls
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* down-scope cns client interface and move to consumer packages
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* no unkeyed struct literals
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* trace updated client method signatures out through windows paths
* delint
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* fix windows build
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
* delint
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
2021-09-14 12:56:32 -05:00
96bec09d41
chore: appease the linter (3/?), the big gofumpt ( #987 )
...
* gofumpt -w -s .
* small addtl cleanups after gofumpt
* rerun after rebase
2021-09-02 16:33:18 -05:00
1087201b28
chore: appease the linter, pt 2 of ? ( #925 )
2021-09-01 18:28:17 -05:00
9e4e6ab6dc
Check if systemd-resolved is running before copying dns servers ( #977 )
...
Co-authored-by: Jaeryn <tsun.chu@microsoft.com>
2021-08-24 15:38:22 -07:00
45f3668401
chore: appease the linter, pt 1 of ? ( #922 )
2021-07-08 13:30:59 -05:00
f2e763050d
fix: [CNI] handle getting endpoints when state file is empty ( #916 )
...
* handle empty state file
* update tests
* restore
* fix: add custom unmarshaller for struct with embedded custom interface type
* mkdir images
Co-authored-by: Evan Baker <rbtr@users.noreply.github.com>
2021-06-30 17:54:43 -07:00
57fbd94c70
Drop arp request for snatbridge apipa range ( #912 )
...
* added snatbridge mac same as eth0
added drop rule for arp request for snat bridge ip
* tested the fix and updated ebtable rules
* updated function names
2021-06-28 18:49:50 -07:00
b09ca83ef7
[CNI] Add GET_ENDPOINT_STATE command to dump CNI state to stdout ( #891 )
...
* inital dump state and ipam interface update
* add reconcile command to CNI
* add integration test
* pass endpoint id on add
* address some feedback
* fix test path and linting
* address feedback and logging
* remove return and rename to PodEndpointID
2021-06-11 14:01:42 -07:00
1fa243e5f5
CI: Add golint-ci ( #888 )
...
* add golint-ci
* add gofmt
* enable linters
* uncap count
* fix linting/fmt issues
2021-06-01 16:58:56 -07:00
d929d1acb0
chore: Specify CI build pool name ( #841 )
...
* Specify pool name
2021-04-13 11:00:49 -07:00
9a352f261e
fix: ACLPolicy check for hnsv2 ( #815 )
...
Current code is incorrectly checking against EndpointPolicyType.
2021-03-08 11:56:36 -08:00
79fd586dda
pass adapter name to hns create network call ( #813 )
...
* pass adapter name to hns create network call
* add comments and log
2021-03-08 11:28:20 -08:00
8307081065
not necessary to delete hostveth as it goes away when container namespace is deleted ( #775 )
2021-02-05 12:15:59 -08:00
48e0ee24dc
fix for configuring multiple dns server on azure0 interface ( #769 )
...
* fix for configuring multiple dns server on azure0 interface
* updated log
* added a comment
2021-01-28 11:59:27 -08:00
cc3f97059a
latency fix for transparent mode ( #753 )
2021-01-19 10:48:11 -08:00
98f838ef1b
Write to intermediate file before moving to state file ( #755 )
...
* write to temp file and move to state file
* fixed memleak and other issues
* call windows replace function with MOVEFILE_WRITE_THROUGH flag
* moved few functions to platform package
* moved test files to correct dir
* addressed comments
2021-01-07 17:43:33 -08:00
f0907b4e82
refactor: Move CNI bridge/transparent routes to common ( #694 )
...
* fix: pass host gateway to CNI with Swift to enable Swift+Transparent
2020-11-16 14:24:00 -08:00
33a1dd5070
handling endpoint not found in hns delete
2020-11-12 06:14:06 -08:00
01bbbe6fad
Use PortMappingPolicySetting ( #689 )
...
In order to support VIPs for container Port Mappings, we should
use PortMappingPolicySetting type from HNSv2 instead of the old
NatPolicy from HNSv1.
2020-11-09 10:33:27 -08:00
cc2aab5dea
Support for ACL (Hnsv2) ( #705 )
...
* initial changes
* remove extraneous code
* Add ACL and wireserver ACL
* add ACLs
* default acls
* address comments
* addressed comment
2020-11-04 16:35:45 -08:00
223b5ba0bf
fix: Pass host gateway to CNI in swift mode ( #695 )
...
* fix: pass host gateway to cni in swift mode
* hostgwkey
* update comments
2020-10-21 10:56:54 -07:00
7bd8a2644d
Add "acn" cli tool to install and manage Azure CNI ( #688 )
...
* tail azure-vnet.logs
* dockerfile update
* installer fixes
* remove external deps
* move to cli design
* manager cmd
* update vendor
* minor fixes
* logs
* update makefile
* Update manager-master.yaml
* Update manager-agent.yaml
2020-10-20 14:00:40 -07:00
41232c134d
CNI using CNS IPAM ( #597 )
...
* Configure CNI to use CNS IPAM
2020-09-29 14:43:19 -07:00
75fae82f9d
CNI not to rehydrate based on reboot time ( #643 )
...
* cni to not consider reboot time and rehydrate
* added missing files
* fixed ut
2020-08-10 16:59:18 -07:00
a42d5aca45
added check to find accept_ra file exists ( #620 )
2020-07-22 11:36:41 -07:00
9d6b6c9194
Fix NATing on *COW (HnsV2) Scenarios ( #596 )
...
* For HnsV2 we will only add outbound nat policy for single tenant scenario or if enableSnatForDns is true.
* adding comments to detail results of determineSnat func
Co-authored-by: Jaeryn <tsun.chu@microsoft.com>
2020-07-15 16:14:34 -07:00
7b5e817bd8
Improving and adding CNI unit tests ( #543 )
...
* Add ipam/pool_test.go & add network/*test.go
* add testing ./network/ in Makefile
* fix context
2020-06-26 14:16:45 -07:00
6515faee86
Disable RA for interfaces created by CNI ( #567 )
2020-05-26 15:22:10 -07:00
aed0d716b9
Azure CNI Windows dualstack support ( #557 )
...
* windows ipv6 changes
* addressed compilation issues
* return fix
* type error
* updated pipeline.yaml
* removed -mod=vendor
* updated pipeline yaml
* fixed pipeline.yaml
* fixed pipeline.yaml
* updated function name as per comment
2020-05-07 11:40:46 -07:00
6ac5e8c9f0
CNI Ipv6 Dualstack Support ( #538 )
...
* added cniv6 plugin
* cni ipv6 base framework
* removed unwanted changes
* added ipv6 change
* added cni ipv6 changes
* drop neighbor discovery messages to other VMs
* fixed issues
* fixed unit tests
* fix nil dereference
* addressed comments
* ipv6 fixes and changes
* addressed comments
2020-04-15 22:30:48 -07:00
dc1ecbfd95
added ipv6 changes ( #534 )
2020-04-01 13:21:47 -07:00
0b62fc40c7
Fixing windows test failure ( #531 )
...
* Testing windows change
* Found error
2020-03-18 17:57:34 -07:00
17e2c7d404
Adding network monitor capabilities for prerouting and postrouting ebrules ( #527 )
...
* About to take debugging comments out
* Removed debugging statements and tested again
* Removed more debugging statements and unused method
* Made changes suggested by Tamilmani, tested again.
* Made spacing changes suggested by Tamilmani
* Triggering new tests to run
2020-03-18 14:02:31 -07:00
a01afb7a93
Added EB rule for ip addresses in conflist for linux ( #505 )
...
* Added EB rule for ip addresses in conflist for linux
* Made methods more generic and removed line from endpoint struct
* Adding log statement
* Fixed syntax error
* Made review2 changes
* Made review3 changes
* Made method lowercase
2020-02-21 14:35:37 -08:00
19ac791afc
Option to not enable hairpin on the host interface. ( #472 )
2020-01-16 14:27:25 -08:00
43d2c684d1
Setup SNAT Configuration Based on Azure Host Support ( #401 )
...
* Save enable snat on host settings after querying NMagent version
* Adding changes to exclude outbound snat for win cni if new NMAgent is running
* try to acquire lock file when writing to disableSnatOnHost.json
* addressed some of Tamilmani's comments
* Adding snat for DNS if current NMAgent does not support it yet
* Adding DNS NAT changes for Windows CNI
* vendoring HCSShim changes that support destination based SNATing
* Reverting k8s.io/api dependencies from master branch to last working version
* Addressing Tamilmani's comments
* syncing with an older version of k8s.io dependencies
* verify valid windows version before Dns NAT.
* only remove snat on windows when host has full support
* addressing Tamilmani's comments
* addressing Tamilmani's comments
* rebased and re-depped
2019-11-14 12:01:04 -08:00
84fb35b545
Add Host NC communication support in Windows with HnsV2 ( #424 )
...
This PR adds support for host NC bidirectional communication with windows HnsV2. This is supported in multitenant scenario only. AllowHostToNCCommunication and AllowNCToHostCommunication flags are used to enable Host to NC and NC to host communication respectively.
2019-10-18 13:12:03 -07:00
edd2ae7c8b
Support hyper-v and process based containers with cricontainerd (*COW) ( #417 )
...
Support hyper-v and process based containers with cricontainerd (*COW)
2019-10-18 06:58:27 -07:00
c44e775344
NPM test fixes + Azure Pipelines ( #402 )
...
Initial Azure Pipelines config, run pipeline tests in container, CNM and NPM fixes
2019-09-20 16:15:08 -07:00
b027258240
Enable IP forwarding for Linux mulititenancy ( #386 )
...
* Enable ipforwarding, prevent ip spoofing and other security concern
* added ovssnat test to circleci
* fixed compiler error
* updated circleci image
* fixed circleci yaml
* updated circleci image
* fixed UT
* fixed UTs
* addressed review comments
* added comments
* addressed review comments
* fixed UT
* separating PRs - removing ip spoofing check changes
* added document for describing multitenancy fields
* fixed docs/cnimultitenancy.md
* removed a condition as it seems to be not working
2019-08-20 14:06:36 -07:00
Jaeryn
tamilmani1989
Vamsi Kalapala
Sotiris Nanopoulos
aegal
Evan Baker
Mathew Merrick
Ashvin Deodhar
Ramiro
Adelina Tuvenie
vivekagg-MSFT
PrIce Qian
Paul Johnston
Vipul Hattiwale