vpc egress gateway: fix invalid route destination (#5202)

zhangzujian · web-flow · commit 509ec599e9fe · 2025-05-06T08:17:57.000+08:00
Signed-off-by: zhangzujian &lt;zhangzujian.7@gmail.com&gt;
diff --git a/.github/workflows/build-x86-image.yaml b/.github/workflows/build-x86-image.yaml
@@ -2510,7 +2510,7 @@ jobs:
       - build-kube-ovn
       - build-e2e-binaries
     runs-on: ubuntu-24.04
-    timeout-minutes: 10
+    timeout-minutes: 15
     strategy:
       fail-fast: false
       matrix:
diff --git a/dist/images/init-vpc-egress-gateway.sh b/dist/images/init-vpc-egress-gateway.sh
@@ -14,18 +14,22 @@ sysctl -w net.ipv6.conf.all.forwarding=1
 
 iptables -V
 
-for dst in ${INTERNAL_ROUTE_DST_IPV4[*]}; do 
-  ip route add "${dst}" via "${INTERNAL_GATEWAY_IPV4}"
+for dst in ${INTERNAL_ROUTE_DST_IPV4[*]}; do
+  ip route replace "${dst}" via "${INTERNAL_GATEWAY_IPV4}"
 done
 
-for dst in ${INTERNAL_ROUTE_DST_IPV6[*]}; do 
-  ip route add "${dst}" via "${INTERNAL_GATEWAY_IPV6}"
+for dst in ${INTERNAL_ROUTE_DST_IPV6[*]}; do
+  ip route replace "${dst}" via "${INTERNAL_GATEWAY_IPV6}"
 done
 
-for src in ${SNAT_SOURCES_IPV4[*]}; do 
-  iptables -t nat -A POSTROUTING -s "${src}" -j MASQUERADE --random-fully
+for src in ${SNAT_SOURCES_IPV4[*]}; do
+  if ! iptables -t nat -C POSTROUTING -s "${src}" -j MASQUERADE --random-fully 2>/dev/null; then
+    iptables -t nat -A POSTROUTING -s "${src}" -j MASQUERADE --random-fully
+  fi
 done
 
 for src in ${SNAT_SOURCES_IPV6[*]}; do
-  ip6tables -t nat -A POSTROUTING -s "${src}" -j MASQUERADE --random-fully
+  if ! ip6tables -t nat -C POSTROUTING -s "${src}" -j MASQUERADE --random-fully 2>/dev/null; then
+    ip6tables -t nat -A POSTROUTING -s "${src}" -j MASQUERADE --random-fully
+  fi
 done
diff --git a/pkg/util/pod_routes.go b/pkg/util/pod_routes.go
@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"slices"
+	"strings"
 
 	"github.com/kubeovn/kube-ovn/pkg/request"
 )
@@ -25,6 +26,14 @@ func (r PodRoutes) Add(provider, destination, gateway string) {
 		return
 	}
 
+	if !strings.ContainsRune(destination, '/') {
+		if strings.ContainsRune(destination, ':') {
+			destination += "/128"
+		} else {
+			destination += "/32"
+		}
+	}
+
 	if r[provider] == nil {
 		r[provider] = make(PodProviderRoutes)
 	}
diff --git a/pkg/util/pod_routes_test.go b/pkg/util/pod_routes_test.go
@@ -27,7 +27,7 @@ func TestPodRoutes(t *testing.T) {
 	require.Len(t, annotations, 1)
 	require.Equal(t,
 		annotations[fmt.Sprintf(RoutesAnnotationTemplate, "foo")],
-		`[{"dst":"0.0.0.1","gw":"1.1.1.1"},{"dst":"0.0.1.0/24","gw":"1.1.1.1"},{"dst":"0.1.0.0/16","gw":"1.1.1.2"}]`,
+		`[{"dst":"0.0.0.1/32","gw":"1.1.1.1"},{"dst":"0.0.1.0/24","gw":"1.1.1.1"},{"dst":"0.1.0.0/16","gw":"1.1.1.2"}]`,
 	)
 
 	routes.Add("foo", "0.0.0.1", "")

Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@ func TestPodRoutes(t *testing.T) {`
`27`	`27`	`require.Len(t, annotations, 1)`
`28`	`28`	`require.Equal(t,`
`29`	`29`	`annotations[fmt.Sprintf(RoutesAnnotationTemplate, "foo")],`
`30`		- `[{"dst":"0.0.0.1","gw":"1.1.1.1"},{"dst":"0.0.1.0/24","gw":"1.1.1.1"},{"dst":"0.1.0.0/16","gw":"1.1.1.2"}]`,
	`30`	+ `[{"dst":"0.0.0.1/32","gw":"1.1.1.1"},{"dst":"0.0.1.0/24","gw":"1.1.1.1"},{"dst":"0.1.0.0/16","gw":"1.1.1.2"}]`,
`31`	`31`	`)`
`32`	`32`
`33`	`33`	`routes.Add("foo", "0.0.0.1", "")`