diff --git a/charts/kube-ovn-v2/templates/agent/agent-daemonset.yaml b/charts/kube-ovn-v2/templates/agent/agent-daemonset.yaml index 844dba7a4ea..ecd7a9419b0 100644 --- a/charts/kube-ovn-v2/templates/agent/agent-daemonset.yaml +++ b/charts/kube-ovn-v2/templates/agent/agent-daemonset.yaml @@ -162,7 +162,7 @@ spec: valueFrom: fieldRef: fieldPath: status.podIP - - name: KUBE_NODE_NAME + - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName diff --git a/charts/kube-ovn-v2/templates/controller/controller-deployment.yaml b/charts/kube-ovn-v2/templates/controller/controller-deployment.yaml index 44875f7d62b..2e5f708d4be 100644 --- a/charts/kube-ovn-v2/templates/controller/controller-deployment.yaml +++ b/charts/kube-ovn-v2/templates/controller/controller-deployment.yaml @@ -177,11 +177,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - - name: KUBE_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: KUBE_NODE_NAME + - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName diff --git a/charts/kube-ovn-v2/templates/monitor/monitor-deployment.yaml b/charts/kube-ovn-v2/templates/monitor/monitor-deployment.yaml index 17dfac30d24..fd392367f82 100644 --- a/charts/kube-ovn-v2/templates/monitor/monitor-deployment.yaml +++ b/charts/kube-ovn-v2/templates/monitor/monitor-deployment.yaml @@ -98,7 +98,7 @@ spec: env: - name: ENABLE_SSL value: "{{ .Values.networking.enableSsl }}" - - name: KUBE_NODE_NAME + - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName diff --git a/charts/kube-ovn-v2/templates/ovs-ovn/ovs-ovn-daemonset.yaml b/charts/kube-ovn-v2/templates/ovs-ovn/ovs-ovn-daemonset.yaml index 6be0790eb76..44983e0d707 100644 --- a/charts/kube-ovn-v2/templates/ovs-ovn/ovs-ovn-daemonset.yaml +++ b/charts/kube-ovn-v2/templates/ovs-ovn/ovs-ovn-daemonset.yaml @@ -128,7 +128,7 @@ spec: value: "{{- .Values.features.enableHardwareOffload }}" - name: TUNNEL_TYPE value: "{{- .Values.networking.tunnelType }}" - - name: KUBE_NODE_NAME + - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName diff --git a/charts/kube-ovn-v2/templates/ovs-ovn/ovs-ovn-dpdk-daemonset.yaml b/charts/kube-ovn-v2/templates/ovs-ovn/ovs-ovn-dpdk-daemonset.yaml index 9d1fecda2ea..883d6b80667 100644 --- a/charts/kube-ovn-v2/templates/ovs-ovn/ovs-ovn-dpdk-daemonset.yaml +++ b/charts/kube-ovn-v2/templates/ovs-ovn/ovs-ovn-dpdk-daemonset.yaml @@ -67,7 +67,7 @@ spec: value: "{{- .Values.networking.tunnelType }}" - name: DPDK_TUNNEL_IFACE value: "{{- .Values.agent.dpdkTunnelInterface }}" - - name: KUBE_NODE_NAME + - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName diff --git a/charts/kube-ovn/templates/controller-deploy.yaml b/charts/kube-ovn/templates/controller-deploy.yaml index 977e7fffdfa..76a558367c1 100644 --- a/charts/kube-ovn/templates/controller-deploy.yaml +++ b/charts/kube-ovn/templates/controller-deploy.yaml @@ -168,11 +168,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - - name: KUBE_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: KUBE_NODE_NAME + - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName diff --git a/charts/kube-ovn/templates/monitor-deploy.yaml b/charts/kube-ovn/templates/monitor-deploy.yaml index dc4eac2249b..8a986fcbedb 100644 --- a/charts/kube-ovn/templates/monitor-deploy.yaml +++ b/charts/kube-ovn/templates/monitor-deploy.yaml @@ -81,7 +81,7 @@ spec: env: - name: ENABLE_SSL value: "{{ .Values.networking.ENABLE_SSL }}" - - name: KUBE_NODE_NAME + - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName diff --git a/charts/kube-ovn/templates/ovn-dpdk-ds.yaml b/charts/kube-ovn/templates/ovn-dpdk-ds.yaml index 330c9b6f302..5e18230e136 100644 --- a/charts/kube-ovn/templates/ovn-dpdk-ds.yaml +++ b/charts/kube-ovn/templates/ovn-dpdk-ds.yaml @@ -54,7 +54,7 @@ spec: value: "{{- .Values.networking.TUNNEL_TYPE }}" - name: DPDK_TUNNEL_IFACE value: "{{- .Values.networking.DPDK_TUNNEL_IFACE }}" - - name: KUBE_NODE_NAME + - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName diff --git a/charts/kube-ovn/templates/ovncni-ds.yaml b/charts/kube-ovn/templates/ovncni-ds.yaml index 34e9d28442d..973363193cd 100644 --- a/charts/kube-ovn/templates/ovncni-ds.yaml +++ b/charts/kube-ovn/templates/ovncni-ds.yaml @@ -143,7 +143,7 @@ spec: valueFrom: fieldRef: fieldPath: status.podIP - - name: KUBE_NODE_NAME + - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName diff --git a/charts/kube-ovn/templates/ovsovn-ds.yaml b/charts/kube-ovn/templates/ovsovn-ds.yaml index 7146ec71485..07f429cabc8 100644 --- a/charts/kube-ovn/templates/ovsovn-ds.yaml +++ b/charts/kube-ovn/templates/ovsovn-ds.yaml @@ -115,7 +115,7 @@ spec: value: "{{- .Values.func.HW_OFFLOAD }}" - name: TUNNEL_TYPE value: "{{- .Values.networking.TUNNEL_TYPE }}" - - name: KUBE_NODE_NAME + - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName diff --git a/cmd/controller/controller.go b/cmd/controller/controller.go index 6b734b93da9..a2b7d88f35d 100644 --- a/cmd/controller/controller.go +++ b/cmd/controller/controller.go @@ -136,7 +136,7 @@ func CmdMain() { recorder := record.NewBroadcaster().NewRecorder(scheme.Scheme, apiv1.EventSource{ Component: ovnLeaderResource, - Host: os.Getenv(util.HostnameEnv), + Host: os.Getenv(util.EnvNodeName), }) rl, err := resourcelock.NewFromKubeconfig(resourcelock.LeasesResourceLock, config.PodNamespace, diff --git a/cmd/daemon/cniserver.go b/cmd/daemon/cniserver.go index 85b9a5e5af5..199ad041d09 100644 --- a/cmd/daemon/cniserver.go +++ b/cmd/daemon/cniserver.go @@ -101,7 +101,7 @@ func main() { kubeinformers.WithTweakListOptions(func(listOption *v1.ListOptions) { listOption.FieldSelector = fmt.Sprintf("metadata.name=%s", util.DefaultOVNIPSecCA) }), - kubeinformers.WithNamespace(os.Getenv("POD_NAMESPACE")), + kubeinformers.WithNamespace(os.Getenv(util.EnvPodNamespace)), ) ctl, err := daemon.NewController(config, stopCh, podInformerFactory, nodeInformerFactory, caSecretInformerFactory, kubeovnInformerFactory) diff --git a/cmd/webhook/server.go b/cmd/webhook/server.go index 6b6bb7ce227..4406db8fd64 100644 --- a/cmd/webhook/server.go +++ b/cmd/webhook/server.go @@ -75,7 +75,7 @@ func CmdMain() { Metrics: metricsserver.Options{ BindAddress: "0", }, - HealthProbeBindAddress: util.JoinHostPort(os.Getenv("POD_IP"), *healthProbePort), + HealthProbeBindAddress: util.JoinHostPort(os.Getenv(util.EnvPodIP), *healthProbePort), }) if err != nil { panic(err) diff --git a/dist/images/install.sh b/dist/images/install.sh index d13cbed7623..916373060ff 100755 --- a/dist/images/install.sh +++ b/dist/images/install.sh @@ -4460,7 +4460,7 @@ spec: value: "$HW_OFFLOAD" - name: TUNNEL_TYPE value: "$TUNNEL_TYPE" - - name: KUBE_NODE_NAME + - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName @@ -4611,7 +4611,7 @@ spec: value: "$TUNNEL_TYPE" - name: DPDK_TUNNEL_IFACE value: "$DPDK_TUNNEL_IFACE" - - name: KUBE_NODE_NAME + - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName @@ -4888,11 +4888,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - - name: KUBE_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: KUBE_NODE_NAME + - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName @@ -5091,7 +5087,7 @@ spec: valueFrom: fieldRef: fieldPath: status.podIP - - name: KUBE_NODE_NAME + - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName @@ -5311,7 +5307,7 @@ spec: env: - name: ENABLE_SSL value: "$ENABLE_SSL" - - name: KUBE_NODE_NAME + - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName diff --git a/dist/images/ovsdb-inspect.sh b/dist/images/ovsdb-inspect.sh index cfa303eebfc..3f0e259aaaf 100644 --- a/dist/images/ovsdb-inspect.sh +++ b/dist/images/ovsdb-inspect.sh @@ -41,7 +41,7 @@ init-ovs-ctr for i in $(kubectl -n kube-system get pods -o wide | grep ovs-ovn | awk '{print $1}'); do - NODE=$(ovs-exec $i "printenv KUBE_NODE_NAME") + NODE=$(ovs-exec $i "printenv NODE_NAME") NODEIP=$(ovs-exec $i "printenv OVN_DB_IPS") NSNAME=$(kubectl get pods -o wide -A | grep $NODE | grep -v $NODEIP | awk '{print $2 "." $1}') for j in $NSNAME; diff --git a/dist/images/start-ovs.sh b/dist/images/start-ovs.sh index 845984876c2..233bcff75cd 100755 --- a/dist/images/start-ovs.sh +++ b/dist/images/start-ovs.sh @@ -143,7 +143,7 @@ ovs-vsctl set open . external-ids:ovn-remote="$(gen_conn_str 6642)" ovs-vsctl set open . external-ids:ovn-remote-probe-interval="${OVN_REMOTE_PROBE_INTERVAL}" ovs-vsctl set open . external-ids:ovn-openflow-probe-interval="${OVN_REMOTE_OPENFLOW_INTERVAL}" ovs-vsctl set open . external-ids:ovn-encap-type="${TUNNEL_TYPE}" -ovs-vsctl set open . external-ids:hostname="${KUBE_NODE_NAME}" +ovs-vsctl set open . external-ids:hostname="${NODE_NAME}" # Start ovn-controller if [[ "$ENABLE_SSL" == "false" ]]; then diff --git a/pkg/controller/config.go b/pkg/controller/config.go index 32e8059388e..c4926b459e3 100644 --- a/pkg/controller/config.go +++ b/pkg/controller/config.go @@ -288,8 +288,8 @@ func ParseFlags() (*Configuration, error) { DefaultHostInterface: *argDefaultInterfaceName, DefaultExchangeLinkName: *argDefaultExchangeLinkName, DefaultVlanName: *argDefaultVlanName, - PodName: os.Getenv("POD_NAME"), - PodNamespace: os.Getenv("KUBE_NAMESPACE"), + PodName: os.Getenv(util.EnvPodName), + PodNamespace: os.Getenv(util.EnvPodNamespace), PodNicType: *argPodNicType, EnableLb: *argEnableLb, EnableNP: *argEnableNP, @@ -442,8 +442,8 @@ func (config *Configuration) initKubeClient() error { } config.ExtClient = ExtClient - cfg.ContentType = "application/vnd.kubernetes.protobuf" - cfg.AcceptContentTypes = "application/vnd.kubernetes.protobuf,application/json" + cfg.ContentType = util.ContentTypeProtobuf + cfg.AcceptContentTypes = util.AcceptContentTypes kubeClient, err := kubernetes.NewForConfig(cfg) if err != nil { klog.Errorf("init kubernetes client failed %v", err) @@ -478,8 +478,8 @@ func (config *Configuration) initKubeFactoryClient() error { } config.KubeOvnFactoryClient = kubeOvnClient - cfg.ContentType = "application/vnd.kubernetes.protobuf" - cfg.AcceptContentTypes = "application/vnd.kubernetes.protobuf,application/json" + cfg.ContentType = util.ContentTypeProtobuf + cfg.AcceptContentTypes = util.AcceptContentTypes kubeClient, err := kubernetes.NewForConfig(cfg) if err != nil { klog.Errorf("init kubernetes client failed %v", err) diff --git a/pkg/controller/controller_test.go b/pkg/controller/controller_test.go index 7a6bcdc5057..0678c7155bd 100644 --- a/pkg/controller/controller_test.go +++ b/pkg/controller/controller_test.go @@ -34,6 +34,7 @@ import ( kubeovnfake "github.com/kubeovn/kube-ovn/pkg/client/clientset/versioned/fake" kubeovninformerfactory "github.com/kubeovn/kube-ovn/pkg/client/informers/externalversions" kubeovninformer "github.com/kubeovn/kube-ovn/pkg/client/informers/externalversions/kubeovn/v1" + "github.com/kubeovn/kube-ovn/pkg/util" ) type fakeControllerInformers struct { @@ -72,7 +73,7 @@ func newFakeControllerWithOptions(t *testing.T, opts *FakeControllerOptions) (*f ObjectMeta: metav1.ObjectMeta{ Name: "default", Annotations: map[string]string{ - "ovn.kubernetes.io/logical_switch": "ovn-default", + util.LogicalSwitchAnnotation: util.DefaultSubnet, }, }, } @@ -243,7 +244,7 @@ func TestFakeControllerWithOptions(t *testing.T) { Name: "test-pod", Namespace: "default", Annotations: map[string]string{ - "k8s.v1.cni.cncf.io/networks": `[{"name": "net1"}]`, + nadv1.NetworkAttachmentAnnot: `[{"name": "net1"}]`, }, }, }, diff --git a/pkg/controller/node_test.go b/pkg/controller/node_test.go index 2548db1f3fe..fdc78d146ab 100644 --- a/pkg/controller/node_test.go +++ b/pkg/controller/node_test.go @@ -1,7 +1,10 @@ package controller import ( + "fmt" "testing" + + "github.com/kubeovn/kube-ovn/pkg/util" ) func TestKubeOvnAnnotationsChanged(t *testing.T) { @@ -21,14 +24,14 @@ func TestKubeOvnAnnotationsChanged(t *testing.T) { name: "kube-ovn annotation added", oldAnnotations: map[string]string{}, newAnnotations: map[string]string{ - "ovn.kubernetes.io/allocated": "true", + util.AllocatedAnnotation: "true", }, expected: true, }, { name: "kube-ovn annotation removed", oldAnnotations: map[string]string{ - "ovn.kubernetes.io/allocated": "true", + util.AllocatedAnnotation: "true", }, newAnnotations: map[string]string{}, expected: true, @@ -36,20 +39,20 @@ func TestKubeOvnAnnotationsChanged(t *testing.T) { { name: "kube-ovn annotation value changed", oldAnnotations: map[string]string{ - "ovn.kubernetes.io/ip_address": "10.0.0.1", + util.IPAddressAnnotation: "10.0.0.1", }, newAnnotations: map[string]string{ - "ovn.kubernetes.io/ip_address": "10.0.0.2", + util.IPAddressAnnotation: "10.0.0.2", }, expected: true, }, { name: "kube-ovn annotation unchanged", oldAnnotations: map[string]string{ - "ovn.kubernetes.io/ip_address": "10.0.0.1", + util.IPAddressAnnotation: "10.0.0.1", }, newAnnotations: map[string]string{ - "ovn.kubernetes.io/ip_address": "10.0.0.1", + util.IPAddressAnnotation: "10.0.0.1", }, expected: false, }, @@ -66,60 +69,60 @@ func TestKubeOvnAnnotationsChanged(t *testing.T) { { name: "mixed annotations, only non-kube-ovn changed", oldAnnotations: map[string]string{ - "ovn.kubernetes.io/ip_address": "10.0.0.1", - "other.io/annotation": "value1", + util.IPAddressAnnotation: "10.0.0.1", + "other.io/annotation": "value1", }, newAnnotations: map[string]string{ - "ovn.kubernetes.io/ip_address": "10.0.0.1", - "other.io/annotation": "value2", + util.IPAddressAnnotation: "10.0.0.1", + "other.io/annotation": "value2", }, expected: false, }, { name: "mixed annotations, kube-ovn changed", oldAnnotations: map[string]string{ - "ovn.kubernetes.io/ip_address": "10.0.0.1", - "other.io/annotation": "value1", + util.IPAddressAnnotation: "10.0.0.1", + "other.io/annotation": "value1", }, newAnnotations: map[string]string{ - "ovn.kubernetes.io/ip_address": "10.0.0.2", - "other.io/annotation": "value2", + util.IPAddressAnnotation: "10.0.0.2", + "other.io/annotation": "value2", }, expected: true, }, { name: "multiple kube-ovn annotations unchanged", oldAnnotations: map[string]string{ - "ovn.kubernetes.io/ip_address": "10.0.0.1", - "ovn.kubernetes.io/mac_address": "00:11:22:33:44:55", - "ovn.kubernetes.io/allocated": "true", + util.IPAddressAnnotation: "10.0.0.1", + util.MacAddressAnnotation: "00:11:22:33:44:55", + util.AllocatedAnnotation: "true", }, newAnnotations: map[string]string{ - "ovn.kubernetes.io/ip_address": "10.0.0.1", - "ovn.kubernetes.io/mac_address": "00:11:22:33:44:55", - "ovn.kubernetes.io/allocated": "true", + util.IPAddressAnnotation: "10.0.0.1", + util.MacAddressAnnotation: "00:11:22:33:44:55", + util.AllocatedAnnotation: "true", }, expected: false, }, { name: "multiple kube-ovn annotations, one changed", oldAnnotations: map[string]string{ - "ovn.kubernetes.io/ip_address": "10.0.0.1", - "ovn.kubernetes.io/mac_address": "00:11:22:33:44:55", + util.IPAddressAnnotation: "10.0.0.1", + util.MacAddressAnnotation: "00:11:22:33:44:55", }, newAnnotations: map[string]string{ - "ovn.kubernetes.io/ip_address": "10.0.0.1", - "ovn.kubernetes.io/mac_address": "00:11:22:33:44:56", + util.IPAddressAnnotation: "10.0.0.1", + util.MacAddressAnnotation: "00:11:22:33:44:56", }, expected: true, }, { name: "provider network annotation changed", oldAnnotations: map[string]string{ - "net1.kubernetes.io/provider_network": "provider1", + fmt.Sprintf(util.ProviderNetworkTemplate, "net1"): "provider1", }, newAnnotations: map[string]string{ - "net1.kubernetes.io/provider_network": "provider2", + fmt.Sprintf(util.ProviderNetworkTemplate, "net1"): "provider2", }, expected: true, }, @@ -137,17 +140,17 @@ func TestKubeOvnAnnotationsChanged(t *testing.T) { name: "empty to kube-ovn annotations", oldAnnotations: map[string]string{}, newAnnotations: map[string]string{ - "ovn.kubernetes.io/ip_address": "10.0.0.1", - "ovn.kubernetes.io/mac_address": "00:11:22:33:44:55", - "ovn.kubernetes.io/chassis": "node1", + util.IPAddressAnnotation: "10.0.0.1", + util.MacAddressAnnotation: "00:11:22:33:44:55", + util.ChassisAnnotation: "node1", }, expected: true, }, { name: "kube-ovn annotations to empty", oldAnnotations: map[string]string{ - "ovn.kubernetes.io/ip_address": "10.0.0.1", - "ovn.kubernetes.io/mac_address": "00:11:22:33:44:55", + util.IPAddressAnnotation: "10.0.0.1", + util.MacAddressAnnotation: "00:11:22:33:44:55", }, newAnnotations: map[string]string{}, expected: true, @@ -155,12 +158,12 @@ func TestKubeOvnAnnotationsChanged(t *testing.T) { { name: "non-kube-ovn added and removed", oldAnnotations: map[string]string{ - "ovn.kubernetes.io/ip_address": "10.0.0.1", - "old.annotation": "value", + util.IPAddressAnnotation: "10.0.0.1", + "old.annotation": "value", }, newAnnotations: map[string]string{ - "ovn.kubernetes.io/ip_address": "10.0.0.1", - "new.annotation": "value", + util.IPAddressAnnotation: "10.0.0.1", + "new.annotation": "value", }, expected: false, }, diff --git a/pkg/controller/pki.go b/pkg/controller/pki.go index e9b6d97af62..8f43c309431 100644 --- a/pkg/controller/pki.go +++ b/pkg/controller/pki.go @@ -15,7 +15,7 @@ import ( ) func (c *Controller) InitDefaultOVNIPsecCA() error { - namespace := os.Getenv("POD_NAMESPACE") + namespace := os.Getenv(util.EnvPodNamespace) _, err := c.config.KubeClient.CoreV1().Secrets(namespace).Get(context.TODO(), util.DefaultOVNIPSecCA, metav1.GetOptions{}) if err == nil { klog.Infof("ovn ipsec CA secret already exists, skip") diff --git a/pkg/controller/signer.go b/pkg/controller/signer.go index 5b2a72660bb..c3692a99ef9 100644 --- a/pkg/controller/signer.go +++ b/pkg/controller/signer.go @@ -123,7 +123,7 @@ func (c *Controller) handleAddOrUpdateCsr(key string) (err error) { } // From this, point we are dealing with an approved CSR // Get CA in from ovn-ipsec-ca - caSecret, err := c.config.KubeClient.CoreV1().Secrets(os.Getenv("POD_NAMESPACE")).Get(context.TODO(), util.DefaultOVNIPSecCA, metav1.GetOptions{}) + caSecret, err := c.config.KubeClient.CoreV1().Secrets(os.Getenv(util.EnvPodNamespace)).Get(context.TODO(), util.DefaultOVNIPSecCA, metav1.GetOptions{}) if err != nil { c.signerFailure(csr, "CAFailure", fmt.Sprintf("Could not get CA certificate and key: %v", err)) diff --git a/pkg/controller/vpc_dns.go b/pkg/controller/vpc_dns.go index 32dd81c82d3..d431d5356fa 100644 --- a/pkg/controller/vpc_dns.go +++ b/pkg/controller/vpc_dns.go @@ -376,11 +376,11 @@ func setCoreDNSEnv(dp *v1.Deployment) { var env []corev1.EnvVar if len(k8sServiceHost) != 0 { - env = append(env, corev1.EnvVar{Name: "KUBERNETES_SERVICE_HOST", Value: k8sServiceHost}) + env = append(env, corev1.EnvVar{Name: util.EnvKubernetesServiceHost, Value: k8sServiceHost}) } if len(k8sServicePort) != 0 { - env = append(env, corev1.EnvVar{Name: "KUBERNETES_SERVICE_PORT", Value: k8sServicePort}) + env = append(env, corev1.EnvVar{Name: util.EnvKubernetesServicePort, Value: k8sServicePort}) } for i, container := range dp.Spec.Template.Spec.Containers { @@ -394,7 +394,7 @@ func setCoreDNSEnv(dp *v1.Deployment) { func setVpcDNSRoute(dp *v1.Deployment, subnetGw string) { dst := k8sServiceHost if len(dst) == 0 { - dst = os.Getenv("KUBERNETES_SERVICE_HOST") + dst = os.Getenv(util.EnvKubernetesServiceHost) } protocol := util.CheckProtocol(dst) diff --git a/pkg/controller/vpc_nat_gateway.go b/pkg/controller/vpc_nat_gateway.go index ecfad3e1bbd..f685fb6009f 100644 --- a/pkg/controller/vpc_nat_gateway.go +++ b/pkg/controller/vpc_nat_gateway.go @@ -789,7 +789,7 @@ func (c *Controller) setNatGwAPIAccess(annotations map[string]string) error { // setNatGwAPIRoute adds routes to a pod to reach the K8S API server func (c *Controller) setNatGwAPIRoute(annotations map[string]string, nadNamespace, nadName string) error { - dst := os.Getenv("KUBERNETES_SERVICE_HOST") + dst := os.Getenv(util.EnvKubernetesServiceHost) protocol := util.CheckProtocol(dst) if !strings.ContainsRune(dst, '/') { diff --git a/pkg/daemon/config.go b/pkg/daemon/config.go index f258edfbbc3..8d76d922396 100644 --- a/pkg/daemon/config.go +++ b/pkg/daemon/config.go @@ -220,7 +220,7 @@ func ParseFlags() *Configuration { func (config *Configuration) Init(nicBridgeMappings map[string]string) error { if config.NodeName == "" { klog.Info("node name not specified in command line parameters, fall back to the environment variable") - if config.NodeName = strings.ToLower(os.Getenv(util.HostnameEnv)); config.NodeName == "" { + if config.NodeName = strings.ToLower(os.Getenv(util.EnvNodeName)); config.NodeName == "" { klog.Info("node name not specified in environment variables, fall back to the hostname") hostname, err := os.Hostname() if err != nil { @@ -360,7 +360,7 @@ func (config *Configuration) initNicConfig(nicBridgeMappings map[string]string) } func (config *Configuration) getEncapIP(node *corev1.Node) string { - if podIP := os.Getenv(util.PodIP); podIP != "" { + if podIP := os.Getenv(util.EnvPodIP); podIP != "" { return podIP } @@ -430,7 +430,7 @@ func (config *Configuration) initKubeClient() error { } config.KubeOvnClient = kubeOvnClient - cfg.ContentType = util.ContentType + cfg.ContentType = util.ContentTypeProtobuf cfg.AcceptContentTypes = util.AcceptContentTypes kubeClient, err := kubernetes.NewForConfig(cfg) if err != nil { @@ -440,7 +440,7 @@ func (config *Configuration) initKubeClient() error { config.KubeClient = kubeClient if config.CertManagerIPSecCert { - cfg.ContentType = "application/json" + cfg.ContentType = util.ContentTypeJSON cmClient, err := certmanagerclientset.NewForConfig(cfg) if err != nil { klog.Errorf("init certmanager client failed %v", err) diff --git a/pkg/daemon/controller_linux.go b/pkg/daemon/controller_linux.go index 76b9f575735..69365d540d4 100644 --- a/pkg/daemon/controller_linux.go +++ b/pkg/daemon/controller_linux.go @@ -324,8 +324,9 @@ func (c *Controller) reconcileRouters(event *subnetEvent) error { gateway, ok := node.Annotations[util.GatewayAnnotation] if !ok { - klog.Errorf("annotation for node %s ovn.kubernetes.io/gateway not exists", node.Name) - return errors.New("annotation for node ovn.kubernetes.io/gateway not exists") + err = fmt.Errorf("gateway annotation for node %s does not exist", node.Name) + klog.Error(err) + return err } nic, err := netlink.LinkByName(util.NodeNic) if err != nil { @@ -727,12 +728,12 @@ func (c *Controller) getPolicyRouting(subnet *kubeovnv1.Subnet) ([]netlink.Rule, return nil, nil, err } - hostname := os.Getenv(util.HostnameEnv) + nodeName := os.Getenv(util.EnvNodeName) for _, pod := range pods { if pod.Spec.HostNetwork || pod.Status.PodIP == "" || pod.Annotations[util.LogicalSwitchAnnotation] != subnet.Name || - pod.Spec.NodeName != hostname { + pod.Spec.NodeName != nodeName { continue } diff --git a/pkg/daemon/gateway_linux.go b/pkg/daemon/gateway_linux.go index 494da2b81e3..bb976ba964f 100644 --- a/pkg/daemon/gateway_linux.go +++ b/pkg/daemon/gateway_linux.go @@ -1317,7 +1317,7 @@ func (c *Controller) cleanObsoleteIptablesRules(protocol string, rules []util.IP } func (c *Controller) setOvnSubnetGatewayMetric() { - hostname := os.Getenv(util.HostnameEnv) + nodeName := os.Getenv(util.EnvNodeName) for proto, iptables := range c.iptables { rules, err := iptables.ListWithCounters("filter", "FORWARD") if err != nil { @@ -1389,10 +1389,10 @@ func (c *Controller) setOvnSubnetGatewayMetric() { diffPackets := currentPackets - lastPackets diffPacketBytes := currentPacketBytes - lastPacketBytes - klog.V(3).Infof(`hostname %s key %s cidr %s direction %s proto %s has diffPackets %d diffPacketBytes %d currentPackets %d currentPacketBytes %d lastPackets %d lastPacketBytes %d`, - hostname, key, cidr, direction, proto, diffPackets, diffPacketBytes, currentPackets, currentPacketBytes, lastPackets, lastPacketBytes) - metricOvnSubnetGatewayPackets.WithLabelValues(hostname, key, cidr, direction, proto).Add(float64(diffPackets)) - metricOvnSubnetGatewayPacketBytes.WithLabelValues(hostname, key, cidr, direction, proto).Add(float64(diffPacketBytes)) + klog.V(3).Infof(`nodeName %s key %s cidr %s direction %s proto %s has diffPackets %d diffPacketBytes %d currentPackets %d currentPacketBytes %d lastPackets %d lastPacketBytes %d`, + nodeName, key, cidr, direction, proto, diffPackets, diffPacketBytes, currentPackets, currentPacketBytes, lastPackets, lastPacketBytes) + metricOvnSubnetGatewayPackets.WithLabelValues(nodeName, key, cidr, direction, proto).Add(float64(diffPackets)) + metricOvnSubnetGatewayPacketBytes.WithLabelValues(nodeName, key, cidr, direction, proto).Add(float64(diffPacketBytes)) } } } @@ -1568,7 +1568,7 @@ func (c *Controller) getLocalPodIPsNeedPR(protocol string) (map[policyRouteMeta] return nil, err } - nodeName := os.Getenv(util.HostnameEnv) + nodeName := os.Getenv(util.EnvNodeName) localPodIPs := make(map[policyRouteMeta][]string) for _, pod := range allPods { if pod.Spec.HostNetwork || diff --git a/pkg/daemon/ipsec.go b/pkg/daemon/ipsec.go index be9cce425f8..73782b6b737 100644 --- a/pkg/daemon/ipsec.go +++ b/pkg/daemon/ipsec.go @@ -234,10 +234,10 @@ func generateCSRCode(newPrivKeyPath string) ([]byte, error) { } func (c *Controller) getCertManagerSignedCert(ctx context.Context, csrBytes []byte) ([]byte, error) { - namespace := os.Getenv("POD_NAMESPACE") + namespace := os.Getenv(util.EnvPodNamespace) newCR := &certmanagerv1.CertificateRequest{ ObjectMeta: metav1.ObjectMeta{ - Name: "ovn-ipsec-" + os.Getenv("HOSTNAME"), + Name: "ovn-ipsec-" + os.Getenv(util.EnvNodeName), Namespace: namespace, }, Spec: certmanagerv1.CertificateRequestSpec{ @@ -297,7 +297,7 @@ func (c *Controller) getCertManagerSignedCert(ctx context.Context, csrBytes []by func (c *Controller) getSignedCert(ctx context.Context, csrBytes []byte) ([]byte, error) { csr := &v1.CertificateSigningRequest{ ObjectMeta: metav1.ObjectMeta{ - Name: "ovn-ipsec-" + os.Getenv("HOSTNAME"), + Name: "ovn-ipsec-" + os.Getenv(util.EnvNodeName), }, Spec: v1.CertificateSigningRequestSpec{ Request: csrBytes, diff --git a/pkg/metrics/dynamic_cert_key.go b/pkg/metrics/dynamic_cert_key.go index 200377569e6..e117b5db649 100644 --- a/pkg/metrics/dynamic_cert_key.go +++ b/pkg/metrics/dynamic_cert_key.go @@ -26,6 +26,8 @@ import ( "k8s.io/klog/v2" netutil "k8s.io/utils/net" "k8s.io/utils/ptr" + + "github.com/kubeovn/kube-ovn/pkg/util" ) var ( @@ -39,14 +41,14 @@ func init() { panic(fmt.Sprintf("failed to get hostname: %v", err)) } altDNS = []string{hostname} - for podIP := range strings.SplitSeq(os.Getenv("POD_IPS"), ",") { + for podIP := range strings.SplitSeq(os.Getenv(util.EnvPodIPs), ",") { if podIP = strings.TrimSpace(podIP); podIP == "" { continue } if ip := net.ParseIP(podIP); ip != nil { altIPs = append(altIPs, ip) } else { - panic(fmt.Sprintf("failed to parse POD_IPS %q", os.Getenv("POD_IPS"))) + panic(fmt.Sprintf("failed to parse environment variable %s=%q", util.EnvPodIPs, os.Getenv(util.EnvPodIPs))) } } } diff --git a/pkg/ovn_ic_controller/config.go b/pkg/ovn_ic_controller/config.go index 5bbbb2ea726..d55fc20ae0f 100644 --- a/pkg/ovn_ic_controller/config.go +++ b/pkg/ovn_ic_controller/config.go @@ -79,7 +79,7 @@ func ParseFlags() (*Configuration, error) { config := &Configuration{ KubeConfigFile: *argKubeConfigFile, - PodNamespace: os.Getenv("POD_NAMESPACE"), + PodNamespace: os.Getenv(util.EnvPodNamespace), OvnNbAddr: *argOvnNbAddr, OvnSbAddr: *argOvnSbAddr, OvnTimeout: *argOvnTimeout, @@ -127,8 +127,8 @@ func (config *Configuration) initKubeClient() error { } config.KubeOvnClient = kubeOvnClient - cfg.ContentType = "application/vnd.kubernetes.protobuf" - cfg.AcceptContentTypes = "application/vnd.kubernetes.protobuf,application/json" + cfg.ContentType = util.ContentTypeProtobuf + cfg.AcceptContentTypes = util.AcceptContentTypes kubeClient, err := kubernetes.NewForConfig(cfg) if err != nil { klog.Errorf("init kubernetes client failed %v", err) diff --git a/pkg/ovn_ic_controller/ovn_ic_controller.go b/pkg/ovn_ic_controller/ovn_ic_controller.go index b89da489f60..c57cf2714ff 100644 --- a/pkg/ovn_ic_controller/ovn_ic_controller.go +++ b/pkg/ovn_ic_controller/ovn_ic_controller.go @@ -384,7 +384,7 @@ func (c *Controller) startOVNIC(icHost, icNbPort, icSbPort string) error { "--ovn-northd-nb-db="+c.config.OvnNbAddr, "--ovn-northd-sb-db="+c.config.OvnSbAddr, "start_ic") - if os.Getenv("ENABLE_SSL") == "true" { + if os.Getenv(util.EnvSSLEnabled) == "true" { // #nosec G204 cmd = exec.Command("/usr/share/ovn/scripts/ovn-ctl", "--ovn-ic-nb-db="+genHostAddress(icHost, icNbPort), diff --git a/pkg/ovn_leader_checker/ovn.go b/pkg/ovn_leader_checker/ovn.go index c2d2d4cd95c..967b62317ac 100755 --- a/pkg/ovn_leader_checker/ovn.go +++ b/pkg/ovn_leader_checker/ovn.go @@ -34,13 +34,9 @@ import ( ) const ( - EnvSSL = "ENABLE_SSL" - EnvPodName = "POD_NAME" - EnvPodNameSpace = "POD_NAMESPACE" OvnNorthdServiceName = "ovn-northd" OvnNorthdPid = "/var/run/ovn/ovn-northd.pid" DefaultProbeInterval = 5 - OvnNorthdPort = "6643" MaxFailCount = 3 ) @@ -62,7 +58,7 @@ type Configuration struct { // ParseFlags parses cmd args then init kubeclient and conf // TODO: validate configuration func ParseFlags() (*Configuration, error) { - podIP := os.Getenv("POD_IP") + podIP := os.Getenv(util.EnvPodIP) var ( argKubeConfigFile = pflag.String("kubeconfig", "", "Path to kubeconfig file with authorization and master location information. If not set use the inCluster token.") argProbeInterval = pflag.Int("probeInterval", DefaultProbeInterval, "interval of probing leader in seconds") @@ -127,6 +123,9 @@ func KubeClientInit(cfg *Configuration) error { klog.Errorf("init kubernetes cfg failed %v", err) return err } + + kubeCfg.ContentType = util.ContentTypeProtobuf + kubeCfg.AcceptContentTypes = util.AcceptContentTypes if cfg.KubeClient, err = kubernetes.NewForConfig(kubeCfg); err != nil { klog.Errorf("init kubernetes client failed %v", err) return err @@ -169,13 +168,13 @@ func isDBLeader(address, database string) bool { var dbAddr string switch database { case ovnnb.DatabaseName: - dbAddr = ovs.OvsdbServerAddress(address, intstr.FromInt32(6641)) + dbAddr = ovs.OvsdbServerAddress(address, intstr.FromInt32(util.NBDatabasePort)) case ovnsb.DatabaseName: - dbAddr = ovs.OvsdbServerAddress(address, intstr.FromInt32(6642)) - case "OVN_IC_Northbound": - dbAddr = ovs.OvsdbServerAddress(address, intstr.FromInt32(6645)) - case "OVN_IC_Southbound": - dbAddr = ovs.OvsdbServerAddress(address, intstr.FromInt32(6646)) + dbAddr = ovs.OvsdbServerAddress(address, intstr.FromInt32(util.SBDatabasePort)) + case util.DatabaseICNB: + dbAddr = ovs.OvsdbServerAddress(address, intstr.FromInt32(util.ICNBDatabasePort)) + case util.DatabaseICSB: + dbAddr = ovs.OvsdbServerAddress(address, intstr.FromInt32(util.ICSBDatabasePort)) default: klog.Errorf("isDBLeader: unsupported database %s", database) return false @@ -246,36 +245,16 @@ func checkNorthdActive() bool { } func stealLock() { - podIP := os.Getenv("POD_IP") - - var command []string - if os.Getenv(EnvSSL) == "false" { - command = []string{ - "-v", - "-t", - "1", - "steal", - fmt.Sprintf("tcp:%s:6642", podIP), - "ovn_northd", - } - } else { - command = []string{ - "-v", - "-t", - "1", - "-p", - "/var/run/tls/key", - "-c", - "/var/run/tls/cert", - "-C", - "/var/run/tls/cacert", - "steal", - fmt.Sprintf("ssl:%s:6642", podIP), - "ovn_northd", - } + args := []string{ + "-v", "-t", "1", "steal", + ovs.OvsdbServerAddress(os.Getenv(util.EnvPodIP), intstr.FromInt32(util.SBDatabasePort)), + "ovn_northd", + } + if os.Getenv(util.EnvSSLEnabled) == "true" { + args = slices.Insert(args, 0, ovs.CmdSSLArgs()...) } - output, err := exec.Command("ovsdb-client", command...).CombinedOutput() // #nosec G204 + output, err := exec.Command("ovsdb-client", args...).CombinedOutput() // #nosec G204 if err != nil { klog.Errorf("stealLock err %v", err) return @@ -296,7 +275,7 @@ func checkNorthdSvcExist(cfg *Configuration, namespace, svcName string) bool { } func checkNorthdEpAvailable(ip string) bool { - address := net.JoinHostPort(ip, OvnNorthdPort) + address := util.JoinHostPort(ip, util.NBRaftPort) conn, err := net.DialTimeout("tcp", address, 3*time.Second) if err != nil { klog.Errorf("failed to connect to northd leader %s, err: %v", ip, err) @@ -401,8 +380,8 @@ func doOvnLeaderCheck(cfg *Configuration, podName, podNamespace string) { compactOvnDatabase("sb") } } else { - icNbLeader := isDBLeader(cfg.localAddress, "OVN_IC_Northbound") - icSbLeader := isDBLeader(cfg.localAddress, "OVN_IC_Southbound") + icNbLeader := isDBLeader(cfg.localAddress, util.DatabaseICNB) + icSbLeader := isDBLeader(cfg.localAddress, util.DatabaseICSB) patch := util.KVPatch{ "ovn-ic-nb-leader": strconv.FormatBool(icNbLeader), "ovn-ic-sb-leader": strconv.FormatBool(icSbLeader), @@ -420,10 +399,10 @@ func doOvnLeaderCheck(cfg *Configuration, podName, podNamespace string) { } for addr := range slices.Values(cfg.remoteAddresses) { - if icNbLeader && isDBLeader(addr, "OVN_IC_Northbound") { + if icNbLeader && isDBLeader(addr, util.DatabaseICNB) { klog.Fatalf("found another ovn-ic-nb leader at %s, exiting process to restart", addr) } - if icSbLeader && isDBLeader(addr, "OVN_IC_Southbound") { + if icSbLeader && isDBLeader(addr, util.DatabaseICSB) { klog.Fatalf("found another ovn-ic-sb leader at %s, exiting process to restart", addr) } } @@ -431,8 +410,8 @@ func doOvnLeaderCheck(cfg *Configuration, podName, podNamespace string) { } func StartOvnLeaderCheck(cfg *Configuration) { - podName := os.Getenv(EnvPodName) - podNamespace := os.Getenv(EnvPodNameSpace) + podName := os.Getenv(util.EnvPodName) + podNamespace := os.Getenv(util.EnvPodNamespace) interval := time.Duration(cfg.ProbeInterval) * time.Second for { doOvnLeaderCheck(cfg, podName, podNamespace) @@ -449,7 +428,7 @@ func getTSName(index int) string { func getTSCidr(index int) (string, error) { var proto, cidr string - podIpsEnv := os.Getenv("POD_IPS") + podIpsEnv := os.Getenv(util.EnvPodIPs) podIps := strings.Split(podIpsEnv, ",") if len(podIps) == 1 { if util.CheckProtocol(podIps[0]) == kubeovnv1.ProtocolIPv6 { @@ -502,7 +481,7 @@ func updateTS() error { cmd := exec.Command("ovn-ic-nbctl", ovs.MayExist, "ts-add", tsName, "--", "set", "Transit_Switch", tsName, fmt.Sprintf(`external_ids:subnet="%s"`, subnet)) - if os.Getenv("ENABLE_SSL") == "true" { + if os.Getenv(util.EnvSSLEnabled) == "true" { // #nosec G204 cmd = exec.Command("ovn-ic-nbctl", "--private-key=/var/run/tls/key", @@ -520,7 +499,7 @@ func updateTS() error { for i := existTSCount - 1; i >= expectTSCount; i-- { tsName := getTSName(i) cmd := exec.Command("ovn-ic-nbctl", "ts-del", tsName) // #nosec G204 - if os.Getenv("ENABLE_SSL") == "true" { + if os.Getenv(util.EnvSSLEnabled) == "true" { // #nosec G204 cmd = exec.Command("ovn-ic-nbctl", "--private-key=/var/run/tls/key", diff --git a/pkg/ovnmonitor/config.go b/pkg/ovnmonitor/config.go index 8214d9df31a..6d69e59a642 100644 --- a/pkg/ovnmonitor/config.go +++ b/pkg/ovnmonitor/config.go @@ -78,9 +78,9 @@ func ParseFlags() (*Configuration, error) { argDatabaseNorthboundFileDataPath = pflag.String("database.northbound.file.data.path", "/etc/ovn/ovnnb_db.db", "OVN NB db file.") argDatabaseNorthboundFileLogPath = pflag.String("database.northbound.file.log.path", "/var/log/ovn/ovsdb-server-nb.log", "OVN NB db log file.") argDatabaseNorthboundFilePidPath = pflag.String("database.northbound.file.pid.path", "/run/ovn/ovnnb_db.pid", "OVN NB db process id file.") - argDatabaseNorthboundPortDefault = pflag.Int("database.northbound.port.default", 6641, "OVN NB db network socket port.") + argDatabaseNorthboundPortDefault = pflag.Int("database.northbound.port.default", int(util.NBDatabasePort), "OVN NB db network socket port.") argDatabaseNorthboundPortSsl = pflag.Int("database.northbound.port.ssl", 6631, "OVN NB db network socket secure port.") - argDatabaseNorthboundPortRaft = pflag.Int("database.northbound.port.raft", 6643, "OVN NB db network port for clustering (raft)") + argDatabaseNorthboundPortRaft = pflag.Int("database.northbound.port.raft", int(util.NBRaftPort), "OVN NB db network port for clustering (raft)") argDatabaseSouthboundName = pflag.String("database.southbound.name", ovnsb.DatabaseName, "The name of OVN SB (southbound) db.") argDatabaseSouthboundSocketRemote = pflag.String("database.southbound.socket.remote", "unix:/run/ovn/ovnsb_db.sock", "JSON-RPC unix socket to OVN SB db.") @@ -88,9 +88,9 @@ func ParseFlags() (*Configuration, error) { argDatabaseSouthboundFileDataPath = pflag.String("database.southbound.file.data.path", "/etc/ovn/ovnsb_db.db", "OVN SB db file.") argDatabaseSouthboundFileLogPath = pflag.String("database.southbound.file.log.path", "/var/log/ovn/ovsdb-server-sb.log", "OVN SB db log file.") argDatabaseSouthboundFilePidPath = pflag.String("database.southbound.file.pid.path", "/run/ovn/ovnsb_db.pid", "OVN SB db process id file.") - argDatabaseSouthboundPortDefault = pflag.Int("database.southbound.port.default", 6642, "OVN SB db network socket port.") + argDatabaseSouthboundPortDefault = pflag.Int("database.southbound.port.default", int(util.SBDatabasePort), "OVN SB db network socket port.") argDatabaseSouthboundPortSsl = pflag.Int("database.southbound.port.ssl", 6632, "OVN SB db network socket secure port.") - argDatabaseSouthboundPortRaft = pflag.Int("database.southbound.port.raft", 6644, "OVN SB db network port for clustering (raft)") + argDatabaseSouthboundPortRaft = pflag.Int("database.southbound.port.raft", int(util.SBRaftPort), "OVN SB db network port for clustering (raft)") argServiceVswitchdFileLogPath = pflag.String("service.vswitchd.file.log.path", "/var/log/openvswitch/ovs-vswitchd.log", "OVS vswitchd daemon log file.") argServiceVswitchdFilePidPath = pflag.String("service.vswitchd.file.pid.path", "/var/run/openvswitch/ovs-vswitchd.pid", "OVS vswitchd daemon process id file.") diff --git a/pkg/ovnmonitor/exporter.go b/pkg/ovnmonitor/exporter.go index bbf9bdbd3c0..96a5f6d0b01 100644 --- a/pkg/ovnmonitor/exporter.go +++ b/pkg/ovnmonitor/exporter.go @@ -68,7 +68,7 @@ func (e *Exporter) initParas(cfg *Configuration) { e.pollInterval = cfg.PollInterval e.Client.Timeout = cfg.PollTimeout - e.Client.System.Hostname = os.Getenv("KUBE_NODE_NAME") + e.Client.System.Hostname = os.Getenv(util.EnvNodeName) e.Client.System.RunDir = cfg.SystemRunDir e.Client.Database.Vswitch.Name = cfg.DatabaseVswitchName e.Client.Database.Vswitch.Socket.Remote = cfg.DatabaseVswitchSocketRemote diff --git a/pkg/ovs/const.go b/pkg/ovs/const.go new file mode 100644 index 00000000000..bd6fab9b748 --- /dev/null +++ b/pkg/ovs/const.go @@ -0,0 +1,11 @@ +package ovs + +import "github.com/kubeovn/kube-ovn/pkg/util" + +func CmdSSLArgs() []string { + return []string{ + "-C", util.SslCACert, + "-p", util.SslKeyPath, + "-c", util.SslCertPath, + } +} diff --git a/pkg/ovs/ovn.go b/pkg/ovs/ovn.go index 8e003344aaa..024ce7443a9 100644 --- a/pkg/ovs/ovn.go +++ b/pkg/ovs/ovn.go @@ -72,7 +72,7 @@ func NewDynamicOvnNbClient( } nbClient, err := ovsclient.NewOvsDbClient( - ovsclient.NBDB, + ovnnb.DatabaseName, ovnNbAddr, dbModel, nil, @@ -118,7 +118,7 @@ func NewDynamicOvnNbClient( } if nbClient, err = ovsclient.NewOvsDbClient( - ovsclient.NBDB, + ovnnb.DatabaseName, ovnNbAddr, dbModel, monitors, @@ -180,7 +180,7 @@ func NewOvnNbClient(ovnNbAddr string, ovnNbTimeout, ovsDbConTimeout, ovsDbInacti var nbClient client.Client for { nbClient, err = ovsclient.NewOvsDbClient( - ovsclient.NBDB, + ovnnb.DatabaseName, ovnNbAddr, dbModel, monitors, @@ -222,7 +222,7 @@ func NewOvnSbClient(ovnSbAddr string, ovnSbTimeout, ovsDbConTimeout, ovsDbInacti var sbClient client.Client for { sbClient, err = ovsclient.NewOvsDbClient( - ovsclient.SBDB, + ovnsb.DatabaseName, ovnSbAddr, dbModel, monitors, diff --git a/pkg/ovs/ovsdb-client.go b/pkg/ovs/ovsdb-client.go index 0d5ce8725b5..450969566e2 100644 --- a/pkg/ovs/ovsdb-client.go +++ b/pkg/ovs/ovsdb-client.go @@ -12,6 +12,8 @@ import ( "github.com/ovn-kubernetes/libovsdb/ovsdb" "k8s.io/apimachinery/pkg/util/intstr" + + "github.com/kubeovn/kube-ovn/pkg/util" ) // OvsdbServerAddress constructs the ovsdb-server address based on the given host and port. @@ -22,7 +24,7 @@ import ( // OvsdbServerAddress("localhost:6641") returns "tcp:localhost:6641" or "ssl:localhost:6641" based on the ENABLE_SSL setting. func OvsdbServerAddress(host string, port intstr.IntOrString) string { scheme := "tcp" - if os.Getenv("ENABLE_SSL") == "true" { + if os.Getenv(util.EnvSSLEnabled) == "true" { scheme = "ssl" } return fmt.Sprintf("%s:%s", scheme, net.JoinHostPort(host, port.String())) @@ -47,7 +49,7 @@ func Query(address, database string, timeout int, operations ...ovsdb.Operation) args := []string{"--timeout", strconv.Itoa(timeout), "query", address, string(query)} if strings.HasPrefix(address, "ssl:") { - args = slices.Insert(args, 0, "-p", "/var/run/tls/key", "-c", "/var/run/tls/cert", "-C", "/var/run/tls/cacert") + args = slices.Insert(args, 0, CmdSSLArgs()...) } output, err := exec.Command("ovsdb-client", args...).CombinedOutput() // #nosec G204 diff --git a/pkg/ovsdb/client/client.go b/pkg/ovsdb/client/client.go index c483a04c5d2..5c75f57b703 100644 --- a/pkg/ovsdb/client/client.go +++ b/pkg/ovsdb/client/client.go @@ -21,13 +21,8 @@ import ( "go.uber.org/zap" "go.uber.org/zap/zapcore" "k8s.io/klog/v2" -) -const ( - NBDB = "nbdb" - SBDB = "sbdb" - ICNBDB = "icnbdb" - ICSBDB = "icsbdb" + "github.com/kubeovn/kube-ovn/pkg/util" ) var namedUUIDCounter uint32 @@ -95,12 +90,12 @@ func NewOvsDbClient( options = append(options, client.WithEndpoint(ep)) } if ssl { - cert, err := tls.LoadX509KeyPair("/var/run/tls/cert", "/var/run/tls/key") + cert, err := tls.LoadX509KeyPair(util.SslCertPath, util.SslKeyPath) if err != nil { klog.Error(err) return nil, fmt.Errorf("failed to load x509 cert key pair: %w", err) } - caCert, err := os.ReadFile("/var/run/tls/cacert") + caCert, err := os.ReadFile(util.SslCACert) if err != nil { klog.Error(err) return nil, fmt.Errorf("failed to read ca cert: %w", err) diff --git a/pkg/pinger/config.go b/pkg/pinger/config.go index b9e78a7399c..5e60a881883 100644 --- a/pkg/pinger/config.go +++ b/pkg/pinger/config.go @@ -112,9 +112,9 @@ func ParseFlags() (*Configuration, error) { pflag.CommandLine.AddGoFlagSet(flag.CommandLine) pflag.Parse() + podName := os.Getenv(util.EnvPodName) config := &Configuration{ KubeConfigFile: *argKubeConfigFile, - KubeClient: nil, Port: *argPort, DaemonSetNamespace: *argDaemonSetNameSpace, DaemonSetName: *argDaemonSetName, @@ -123,10 +123,10 @@ func ParseFlags() (*Configuration, error) { ExitCode: *argExitCode, InternalDNS: *argInternalDNS, ExternalDNS: *argExternalDNS, - PodIP: os.Getenv("POD_IP"), - HostIP: os.Getenv("HOST_IP"), - NodeName: os.Getenv("NODE_NAME"), - PodName: os.Getenv("POD_NAME"), + PodIP: os.Getenv(util.EnvPodIP), + HostIP: os.Getenv(util.EnvHostIP), + NodeName: os.Getenv(util.EnvNodeName), + PodName: podName, ExternalAddress: *argExternalAddress, NetworkMode: *argNetworkMode, EnableMetrics: *argEnableMetrics, @@ -156,7 +156,6 @@ func ParseFlags() (*Configuration, error) { return nil, err } - podName := os.Getenv("POD_NAME") for range 3 { pod, err := config.KubeClient.CoreV1().Pods(config.DaemonSetNamespace).Get(context.Background(), podName, metav1.GetOptions{}) if err != nil { @@ -207,8 +206,8 @@ func (config *Configuration) initKubeClient() error { cfg.Timeout = 15 * time.Second cfg.QPS = 1000 cfg.Burst = 2000 - cfg.ContentType = "application/vnd.kubernetes.protobuf" - cfg.AcceptContentTypes = "application/vnd.kubernetes.protobuf,application/json" + cfg.ContentType = util.ContentTypeProtobuf + cfg.AcceptContentTypes = util.AcceptContentTypes kubeClient, err := kubernetes.NewForConfig(cfg) if err != nil { klog.Errorf("init kubernetes client failed %v", err) diff --git a/pkg/pinger/ovn.go b/pkg/pinger/ovn.go index d46b4f074bb..679e391aa87 100644 --- a/pkg/pinger/ovn.go +++ b/pkg/pinger/ovn.go @@ -2,7 +2,6 @@ package pinger import ( "fmt" - "os" "os/exec" "slices" "strings" @@ -14,13 +13,13 @@ import ( "github.com/kubeovn/kube-ovn/pkg/ovs" "github.com/kubeovn/kube-ovn/pkg/ovsdb/ovnsb" + "github.com/kubeovn/kube-ovn/pkg/util" ) var sbServiceAddress string func init() { - sbHost := os.Getenv("OVN_SB_SERVICE_HOST") - sbPort := os.Getenv("OVN_SB_SERVICE_PORT") + sbHost, sbPort := util.InjectedServiceVariables("ovn-sb") sbServiceAddress = ovs.OvsdbServerAddress(sbHost, intstr.FromString(sbPort)) } diff --git a/pkg/speaker/config.go b/pkg/speaker/config.go index 4a95ebe0622..07706f59e50 100644 --- a/pkg/speaker/config.go +++ b/pkg/speaker/config.go @@ -86,7 +86,7 @@ func ParseFlags() (*Configuration, error) { argAuthPassword = pflag.String("auth-password", "", "bgp peer auth password") argHoldTime = pflag.Duration("holdtime", DefaultBGPHoldtime, "ovn-speaker goes down abnormally, the local saving time of BGP route will be affected.Holdtime must be in the range 3s to 65536s. (default 90s)") argPprofPort = pflag.Int32("pprof-port", DefaultPprofPort, "The port to get profiling data, default: 10667") - argNodeName = pflag.String("node-name", os.Getenv(util.HostnameEnv), "Name of the node on which the speaker is running on.") + argNodeName = pflag.String("node-name", os.Getenv(util.EnvNodeName), "Name of the node on which the speaker is running on.") argKubeConfigFile = pflag.String("kubeconfig", "", "Path to kubeconfig file with authorization and master location information. If not set use the inCluster token.") argPassiveMode = pflag.BoolP("passivemode", "", false, "Set BGP Speaker to passive model, do not actively initiate connections to peers") argEbgpMultihopTTL = pflag.Uint8("ebgp-multihop", DefaultEbgpMultiHop, "The TTL value of EBGP peer, default: 1") @@ -121,9 +121,9 @@ func ParseFlags() (*Configuration, error) { return nil, errors.New("the bgp MultihopTtl must be in the range 1 to 255") } - podIpsEnv := os.Getenv("POD_IPS") + podIpsEnv := os.Getenv(util.EnvPodIPs) if podIpsEnv == "" { - podIpsEnv = os.Getenv("POD_IP") + podIpsEnv = os.Getenv(util.EnvPodIP) } podIPv4, podIPv6 := util.SplitStringIP(podIpsEnv) @@ -229,8 +229,8 @@ func (config *Configuration) initKubeClient() error { } config.KubeOvnClient = kubeOvnClient - cfg.ContentType = "application/vnd.kubernetes.protobuf" - cfg.AcceptContentTypes = "application/vnd.kubernetes.protobuf,application/json" + cfg.ContentType = util.ContentTypeProtobuf + cfg.AcceptContentTypes = util.AcceptContentTypes kubeClient, err := kubernetes.NewForConfig(cfg) if err != nil { klog.Errorf("init kubernetes client failed %v", err) diff --git a/pkg/speaker/utils.go b/pkg/speaker/utils.go index 2880e23f671..b62eff28711 100644 --- a/pkg/speaker/utils.go +++ b/pkg/speaker/utils.go @@ -70,7 +70,7 @@ func parsePrefix(s string) (netip.Prefix, error) { // getGatewayName returns the name of the NAT GW hosting this speaker func getGatewayName() string { - return os.Getenv(util.GatewayNameEnv) + return os.Getenv(util.EnvGatewayName) } // prefixToAFI converts a network prefix to BGP AFI by checking its bit length diff --git a/pkg/util/const.go b/pkg/util/const.go index adc80f54721..f899ada4d1a 100644 --- a/pkg/util/const.go +++ b/pkg/util/const.go @@ -2,6 +2,7 @@ package util import ( appsv1 "k8s.io/api/apps/v1" + "k8s.io/apimachinery/pkg/runtime" kubevirtv1 "kubevirt.io/api/core/v1" ) @@ -245,9 +246,6 @@ const ( DpdkType = "dpdk-port" VethType = "veth-pair" - HostnameEnv = "KUBE_NODE_NAME" - GatewayNameEnv = "GATEWAY_NAME" - MirrosRetryMaxTimes = 5 MirrosRetryInterval = 1 @@ -255,11 +253,6 @@ const ( ChassisCniDaemonRetryInterval = 1 ChassisControllerRetryInterval = 3 - VM = "VirtualMachine" - VMInstance = "VirtualMachineInstance" - - StatefulSet = "StatefulSet" - MirrorControlAnnotation = "ovn.kubernetes.io/mirror" MirrorDefaultName = "m0" @@ -275,10 +268,6 @@ const ( NetemQosLossAnnotationTemplate = "%s.kubernetes.io/loss" NetemQosJitterAnnotationTemplate = "%s.kubernetes.io/jitter" - PodIP = "POD_IP" - ContentType = "application/vnd.kubernetes.protobuf" - AcceptContentTypes = "application/vnd.kubernetes.protobuf,application/json" - AttachmentProvider = "ovn.kubernetes.io/attachmentprovider" LbSvcPodImg = "ovn.kubernetes.io/lb_svc_img" @@ -301,9 +290,6 @@ const ( OvnSubnetGatewayIptables = "ovn-subnet-gateway" - QoSDirectionIngress = "ingress" - QoSDirectionEgress = "egress" - MainRouteTable = "" NatPolicyRuleActionNat = "nat" @@ -353,6 +339,53 @@ const ( MasqueradeCheckIP = "0.0.0.0" ) +const ( + EnvKubernetesServiceHost = "KUBERNETES_SERVICE_HOST" + EnvKubernetesServicePort = "KUBERNETES_SERVICE_PORT" + + EnvPodName = "POD_NAME" + EnvPodNamespace = "POD_NAMESPACE" + EnvPodIP = "POD_IP" + EnvPodIPs = "POD_IPS" + EnvNodeName = "NODE_NAME" + EnvHostIP = "HOST_IP" + EnvHostIPs = "HOST_IPS" + + EnvSSLEnabled = "ENABLE_SSL" + EnvGatewayName = "GATEWAY_NAME" +) + +const ( + DatabaseICNB = "OVN_IC_Northbound" + DatabaseICSB = "OVN_IC_Southbound" +) + +const ( + NBDatabasePort = int32(6641) + SBDatabasePort = int32(6642) + NBRaftPort = int32(6643) + SBRaftPort = int32(6644) +) + +const ( + ICNBDatabasePort = int32(6645) + ICSBDatabasePort = int32(6646) + ICNBRaftPort = int32(6647) + ICSBRaftPort = int32(6648) +) + +const ( + SslCACert = "/var/run/tls/cacert" + SslCertPath = "/var/run/tls/cert" + SslKeyPath = "/var/run/tls/key" +) + +const ( + ContentTypeJSON = "application/json" + ContentTypeProtobuf = runtime.ContentTypeProtobuf + AcceptContentTypes = runtime.ContentTypeProtobuf + "," + "application/json" +) + // Readonly kinds of Kubernetes objects var ( KindStatefulSet = ObjectKind[*appsv1.StatefulSet]() diff --git a/pkg/util/k8s.go b/pkg/util/k8s.go index a4ab893b7aa..8cc4bb1e6c1 100644 --- a/pkg/util/k8s.go +++ b/pkg/util/k8s.go @@ -8,6 +8,7 @@ import ( "fmt" "net" "net/url" + "os" "reflect" "strings" "time" @@ -215,6 +216,13 @@ func SetNodeNetworkUnavailableCondition(cs kubernetes.Interface, nodeName string return nil } +// InjectedServiceVariables returns the environment variable values for the given service name. +// For a service named "my-service", it returns values of "MY_SERVICE_SERVICE_HOST" and "MY_SERVICE_SERVICE_PORT". +func InjectedServiceVariables(service string) (string, string) { + prefix := strings.ToUpper(strings.ReplaceAll(service, "-", "_")) + return os.Getenv(prefix + "_SERVICE_HOST"), os.Getenv(prefix + "_SERVICE_PORT") +} + // ObjectKind returns the kind name of the given k8s object type T. // If T is a pointer type, it returns the kind name of the underlying type. // For example, if T is v1.Pod, it returns "Pod". diff --git a/pkg/util/k8s_test.go b/pkg/util/k8s_test.go index d3bb571e606..cca8241c4c6 100644 --- a/pkg/util/k8s_test.go +++ b/pkg/util/k8s_test.go @@ -705,6 +705,50 @@ func TestDeploymentIsReady(t *testing.T) { } } +func TestInjectedServiceVariables(t *testing.T) { + tests := []struct { + name string + serviceName string + injectedEnv map[string]string + expectedHost string + expectedPort string + }{ + { + name: "simple service name", + serviceName: "foo", + injectedEnv: map[string]string{ + "FOO_SERVICE_HOST": "1.1.1.1", + "FOO_SERVICE_PORT": "8080", + }, + expectedHost: "1.1.1.1", + expectedPort: "8080", + }, + { + name: "service name with dashes", + serviceName: "example-service-name", + injectedEnv: map[string]string{ + "EXAMPLE_SERVICE_NAME_SERVICE_HOST": "::1", + }, + expectedHost: "::1", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + for k, v := range tt.injectedEnv { + t.Setenv(k, v) + } + hostVar, portVar := InjectedServiceVariables(tt.serviceName) + if hostVar != tt.expectedHost { + t.Errorf("InjectedServiceVariables(%q) host = %q, want %q", tt.serviceName, hostVar, tt.expectedHost) + } + if portVar != tt.expectedPort { + t.Errorf("InjectedServiceVariables(%q) port = %q, want %q", tt.serviceName, portVar, tt.expectedPort) + } + }) + } +} + func TestObjectKind(t *testing.T) { tests := []struct { name string diff --git a/pkg/util/klog_test.go b/pkg/util/klog_test.go index 6a2884aae26..0547d7375d9 100644 --- a/pkg/util/klog_test.go +++ b/pkg/util/klog_test.go @@ -9,11 +9,13 @@ import ( "testing" ) +const envHelperProcess = "GO_WANT_HELPER_PROCESS" + func TestLogFatalAndExit(t *testing.T) { expectedMessage := "An error occurred: test error" cmd := exec.Command(os.Args[0], "-test.run=TestHelperProcess") - cmd.Env = append(os.Environ(), "GO_WANT_HELPER_PROCESS=1") + cmd.Env = append(os.Environ(), envHelperProcess+"=1") cmd.Stderr = &bytes.Buffer{} err := cmd.Run() @@ -30,7 +32,7 @@ func TestLogFatalAndExit(t *testing.T) { } func TestHelperProcess(*testing.T) { - if os.Getenv("GO_WANT_HELPER_PROCESS") != "1" { + if os.Getenv(envHelperProcess) != "1" { return } err := errors.New("test error") diff --git a/pkg/util/net.go b/pkg/util/net.go index e7b794da171..6e077a64338 100644 --- a/pkg/util/net.go +++ b/pkg/util/net.go @@ -750,7 +750,7 @@ func UDPConnectivityListen(endpoint string) error { func GetDefaultListenAddr() []string { if os.Getenv("ENABLE_BIND_LOCAL_IP") == "true" { - if podIPs := os.Getenv("POD_IPS"); podIPs != "" { + if podIPs := os.Getenv(EnvPodIPs); podIPs != "" { return strings.Split(podIPs, ",") } klog.Error("environment variable POD_IPS is not set, cannot bind to local ip") diff --git a/pkg/util/validator.go b/pkg/util/validator.go index b7e4a3d0be2..50e929900d7 100644 --- a/pkg/util/validator.go +++ b/pkg/util/validator.go @@ -36,7 +36,7 @@ func ValidateSubnet(subnet kubeovnv1.Subnet) error { return err } if CheckProtocol(subnet.Spec.CIDRBlock) == "" { - return fmt.Errorf("CIDRBlock: %s formal error", subnet.Spec.CIDRBlock) + return fmt.Errorf("CIDRBlock: %q format error", subnet.Spec.CIDRBlock) } excludeIps := subnet.Spec.ExcludeIps for _, ipr := range excludeIps { @@ -124,7 +124,7 @@ func ValidateSubnet(subnet kubeovnv1.Subnet) error { } if subnet.Spec.Vpc == DefaultVpc { - k8sAPIServer := os.Getenv("KUBERNETES_SERVICE_HOST") + k8sAPIServer := os.Getenv(EnvKubernetesServiceHost) if k8sAPIServer != "" && CIDRContainIP(subnet.Spec.CIDRBlock, k8sAPIServer) { return fmt.Errorf("subnet %s cidr %s conflicts with k8s apiserver svc ip %s", subnet.Name, subnet.Spec.CIDRBlock, k8sAPIServer) } diff --git a/pkg/util/validator_test.go b/pkg/util/validator_test.go index daca38f0705..8a8c21f5e15 100644 --- a/pkg/util/validator_test.go +++ b/pkg/util/validator_test.go @@ -1,7 +1,6 @@ package util import ( - "os" "testing" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -10,225 +9,163 @@ import ( ) func TestValidateSubnet(t *testing.T) { - os.Setenv("KUBERNETES_SERVICE_HOST", "10.20.0.1") + t.Setenv(EnvKubernetesServiceHost, "10.20.0.1") + tests := []struct { - name string - asubnet kubeovnv1.Subnet - err string + name string + subnet kubeovnv1.Subnet + err string }{ { name: "correct", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ - Name: "utest", - GenerateName: "", - Namespace: "", - SelfLink: "", - UID: "", - ResourceVersion: "", - Generation: 0, - CreationTimestamp: metav1.Time{}, - DeletionTimestamp: nil, - DeletionGracePeriodSeconds: nil, - Labels: nil, - Annotations: nil, - OwnerReferences: nil, - Finalizers: nil, - ManagedFields: nil, + Name: "utest", }, Spec: kubeovnv1.SubnetSpec{ - Default: true, - Vpc: "ovn-cluster", - Protocol: kubeovnv1.ProtocolIPv4, - Namespaces: nil, - CIDRBlock: "10.16.0.0/16", - Gateway: "10.16.0.1", - ExcludeIps: []string{"10.16.0.1"}, - Provider: OvnProvider, - GatewayType: kubeovnv1.GWDistributedType, - GatewayNode: "", - NatOutgoing: false, - ExternalEgressGateway: "", - PolicyRoutingPriority: 0, - PolicyRoutingTableID: 0, - Private: false, - AllowSubnets: nil, - Vlan: "", - Vips: nil, - LogicalGateway: false, - DisableGatewayCheck: false, - DisableInterConnection: false, - EnableDHCP: false, - DHCPv4Options: "", - DHCPv6Options: "", - EnableIPv6RA: false, - IPv6RAConfigs: "", - Acls: nil, - }, - Status: kubeovnv1.SubnetStatus{}, + Default: true, + Vpc: DefaultVpc, + Protocol: kubeovnv1.ProtocolIPv4, + CIDRBlock: "10.16.0.0/16", + Gateway: "10.16.0.1", + ExcludeIps: []string{"10.16.0.1"}, + Provider: OvnProvider, + GatewayType: kubeovnv1.GWDistributedType, + }, }, - err: "", }, { name: "GatewayUppercaseErr", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "ut-gateway-uppercase-err", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv6, - Namespaces: nil, CIDRBlock: "2001:db8::/32", Gateway: "2001:Db8::1", ExcludeIps: []string{"2001:db8::a"}, - Provider: "ovn", + Provider: OvnProvider, GatewayType: kubeovnv1.GWDistributedType, }, - Status: kubeovnv1.SubnetStatus{}, }, err: "subnet gateway 2001:Db8::1 v6 ip address can not contain upper case", }, { name: "CICDblockFormalErr", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ - Name: "ut-cicd-block-formal-err", + Name: "ut-cicd-block-format-err", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv4, - Namespaces: nil, - CIDRBlock: "", - Gateway: "", ExcludeIps: []string{"10.16.0.1"}, - Provider: "ovn", + Provider: OvnProvider, GatewayType: kubeovnv1.GWDistributedType, }, - Status: kubeovnv1.SubnetStatus{}, }, - err: "CIDRBlock: formal error", + err: `CIDRBlock: "" format error`, }, { name: "ExcludeIpsUppercaseErr", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "ut-exclude-ips-uppercase-err", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv6, - Namespaces: nil, CIDRBlock: "2001:db8::/32", Gateway: "2001:db8::1", ExcludeIps: []string{"2001:db8::A"}, - Provider: "ovn", + Provider: OvnProvider, GatewayType: kubeovnv1.GWDistributedType, }, - Status: kubeovnv1.SubnetStatus{}, }, err: "subnet exclude ip 2001:db8::A can not contain upper case", }, { name: "CidrBlockUppercaseErr", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "ut-cidr-block-uppercase-err", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv6, - Namespaces: nil, CIDRBlock: "2001:Db8::/32", Gateway: "2001:db8::1", ExcludeIps: []string{"2001:db8::a"}, - Provider: "ovn", + Provider: OvnProvider, GatewayType: kubeovnv1.GWDistributedType, }, - Status: kubeovnv1.SubnetStatus{}, }, err: "subnet cidr block 2001:Db8::/32 v6 ip address can not contain upper case", }, { name: "InvalidZeroCIDRErr", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "ut-invalid-zero-cidr-err", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv4, - Namespaces: nil, CIDRBlock: "0.0.0.0", - Gateway: "", ExcludeIps: []string{"10.16.0.1"}, - Provider: "ovn", + Provider: OvnProvider, GatewayType: kubeovnv1.GWDistributedType, }, - Status: kubeovnv1.SubnetStatus{}, }, - err: "invalid zero cidr \"0.0.0.0\"", + err: `invalid zero cidr "0.0.0.0"`, }, { name: "InvalidCIDRErr", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "ut-invalid-cidr-err", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv4, - Namespaces: nil, CIDRBlock: "192.168.1.0/invalid", - Gateway: "", ExcludeIps: []string{"10.16.0.1"}, - Provider: "ovn", + Provider: OvnProvider, GatewayType: kubeovnv1.GWDistributedType, }, - Status: kubeovnv1.SubnetStatus{}, }, err: "subnet ut-invalid-cidr-err cidr 192.168.1.0/invalid is invalid", }, { name: "ProtocolInvalidErr", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "ut-protocol-invalid-err", }, Spec: kubeovnv1.SubnetSpec{ - Default: true, - Vpc: "ovn-cluster", - Protocol: "ipv5", - Namespaces: nil, - CIDRBlock: "10.16.0.0/16", - Gateway: "10.16.0.1", - ExcludeIps: []string{"10.16.0.1"}, - Provider: "ovn", - + Default: true, + Vpc: DefaultVpc, + Protocol: "ipv5", + CIDRBlock: "10.16.0.0/16", + Gateway: "10.16.0.1", + ExcludeIps: []string{"10.16.0.1"}, + Provider: OvnProvider, GatewayType: kubeovnv1.GWDistributedType, }, - Status: kubeovnv1.SubnetStatus{}, }, err: "ipv5 is not a valid protocol type", }, { name: "SubnetVpcSameNameErr", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "same-name", }, @@ -236,21 +173,18 @@ func TestValidateSubnet(t *testing.T) { Default: true, Vpc: "same-name", Protocol: kubeovnv1.ProtocolIPv4, - Namespaces: nil, CIDRBlock: "10.16.0.0/16", Gateway: "10.16.0.1", ExcludeIps: []string{"10.16.0.1"}, - Provider: "ovn", + Provider: OvnProvider, GatewayType: kubeovnv1.GWDistributedType, }, - Status: kubeovnv1.SubnetStatus{}, }, err: "subnet same-name and vpc same-name cannot have the same name", }, { name: "SubnetVpcDifferentNameCorrect", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "subnet-name", }, @@ -258,349 +192,300 @@ func TestValidateSubnet(t *testing.T) { Default: true, Vpc: "vpc-name", Protocol: kubeovnv1.ProtocolIPv4, - Namespaces: nil, CIDRBlock: "10.16.0.0/16", Gateway: "10.16.0.1", ExcludeIps: []string{"10.16.0.1"}, - Provider: "ovn", + Provider: OvnProvider, GatewayType: kubeovnv1.GWDistributedType, }, - Status: kubeovnv1.SubnetStatus{}, }, - err: "", }, { name: "ExternalEgressGatewayUpperCaseErr", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "ut-external-egress-gateway-uppercase-err", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv6, - Namespaces: nil, CIDRBlock: "2001:db8::/32", Gateway: "2001:db8::1", ExcludeIps: []string{"2001:db8::a"}, - Provider: "ovn", + Provider: OvnProvider, ExternalEgressGateway: "2001:dB8::2", GatewayType: kubeovnv1.GWDistributedType, }, - Status: kubeovnv1.SubnetStatus{}, }, err: "subnet ut-external-egress-gateway-uppercase-err external egress gateway 2001:dB8::2 v6 ip address can not contain upper case", }, { name: "VipsUpperCaseErr", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "ut-vips-uppercase-err", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv6, - Namespaces: nil, CIDRBlock: "2001:db8::/32", Gateway: "2001:db8::1", ExcludeIps: []string{"2001:db8::a"}, - Provider: "ovn", + Provider: OvnProvider, Vips: []string{"2001:dB8::2"}, GatewayType: kubeovnv1.GWDistributedType, }, - Status: kubeovnv1.SubnetStatus{}, }, err: "subnet ut-vips-uppercase-err vips 2001:dB8::2 v6 ip address can not contain upper case", }, { name: "LogicalGatewayU2OInterconnectionSametimeTrueErr", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "ut-logical-gateway-u2o-interconnection-sametime-true-err", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv6, - Namespaces: nil, CIDRBlock: "2001:db8::/32", Gateway: "2001:db8::1", ExcludeIps: []string{"2001:db8::a"}, - Provider: "ovn", + Provider: OvnProvider, GatewayType: kubeovnv1.GWDistributedType, LogicalGateway: true, U2OInterconnection: true, }, - Status: kubeovnv1.SubnetStatus{}, }, err: "logicalGateway and u2oInterconnection can't be opened at the same time", }, { name: "ValidateNatOutgoingPolicyRulesErr", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "ut-validate-nat-outgoing-policy-rules-err", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv6, - Namespaces: nil, CIDRBlock: "2001:db8::/32", Gateway: "2001:db8::1", ExcludeIps: []string{"2001:db8::a"}, - Provider: "ovn", + Provider: OvnProvider, GatewayType: kubeovnv1.GWDistributedType, - NatOutgoingPolicyRules: []kubeovnv1.NatOutgoingPolicyRule{ - { - Match: kubeovnv1.NatOutGoingPolicyMatch{SrcIPs: "2001:db8::/32,192.168.0.1/24", DstIPs: "2001:db8::/32"}, - Action: "ACCEPT", - }, - }, + NatOutgoingPolicyRules: []kubeovnv1.NatOutgoingPolicyRule{{ + Match: kubeovnv1.NatOutGoingPolicyMatch{SrcIPs: "2001:db8::/32,192.168.0.1/24", DstIPs: "2001:db8::/32"}, + Action: "ACCEPT", + }}, }, - Status: kubeovnv1.SubnetStatus{}, }, err: "validate nat policy rules src ips 2001:db8::/32,192.168.0.1/24 failed with err match ips 2001:db8::/32,192.168.0.1/24 protocol is not consistent", }, { name: "U2oInterconnectionIpUppercaseErr", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "ut-u2o-interconnection-ip-uppercase-err", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv6, - Namespaces: nil, CIDRBlock: "2001:db8::/32", Gateway: "2001:db8::1", ExcludeIps: []string{"2001:db8::a"}, - Provider: "ovn", + Provider: OvnProvider, GatewayType: kubeovnv1.GWDistributedType, U2OInterconnectionIP: "2001:dB8::2", }, - Status: kubeovnv1.SubnetStatus{}, }, err: "subnet ut-u2o-interconnection-ip-uppercase-err U2O interconnection ip 2001:dB8::2 v6 ip address can not contain upper case", }, { name: "U2oInterConnectionIpNotInCidrErr", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "ut-u2o-interconnection-ip-not-in-cidr-err", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv6, - Namespaces: nil, CIDRBlock: "2001:db8::/32", Gateway: "2001:db8::1", ExcludeIps: []string{"2001:db8::a"}, - Provider: "ovn", + Provider: OvnProvider, GatewayType: kubeovnv1.GWDistributedType, U2OInterconnectionIP: "3001:db8::2", }, - Status: kubeovnv1.SubnetStatus{}, }, err: "u2oInterconnectionIP 3001:db8::2 is not in subnet ut-u2o-interconnection-ip-not-in-cidr-err cidr 2001:db8::/32", }, { name: "GatewayErr", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "utest-gatewayerr", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv4, - Namespaces: nil, CIDRBlock: "10.16.0.0/16", Gateway: "10.17.0.1", ExcludeIps: []string{"10.16.0.1"}, Provider: OvnProvider, GatewayType: kubeovnv1.GWDistributedType, }, - Status: kubeovnv1.SubnetStatus{}, }, err: "gateway 10.17.0.1 is not in cidr 10.16.0.0/16", }, { name: "CIDRUnicastErr", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "utest-unicasterr", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv4, - Namespaces: nil, CIDRBlock: "127.0.0.1/8", Gateway: "127.0.0.1", ExcludeIps: []string{"127.0.0.1"}, Provider: OvnProvider, GatewayType: kubeovnv1.GWDistributedType, }, - Status: kubeovnv1.SubnetStatus{}, }, err: "127.0.0.1/8 conflict with v4 loopback cidr 127.0.0.1/8", }, { name: "CIDRNotIPErr", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "utest-cidryerr", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv4, - Namespaces: nil, CIDRBlock: "127.0.1/8", Gateway: "127.0.0.1", ExcludeIps: []string{"127.0.0.1"}, Provider: OvnProvider, GatewayType: kubeovnv1.GWDistributedType, }, - Status: kubeovnv1.SubnetStatus{}, }, err: "gateway 127.0.0.1 is not in cidr 127.0.1/8", }, { name: "CIDRNotIPErr", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "utest-cidrerr", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv4, - Namespaces: nil, CIDRBlock: "127.0.1/8", Gateway: "127.0.0.1", ExcludeIps: []string{"127.0.0.1"}, Provider: OvnProvider, GatewayType: kubeovnv1.GWDistributedType, }, - Status: kubeovnv1.SubnetStatus{}, }, err: "gateway 127.0.0.1 is not in cidr 127.0.1/8", }, { name: "ExcludeIPFormatErr1", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "utest-excludeiperr", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv4, - Namespaces: nil, CIDRBlock: "10.16.0.0/16", Gateway: "10.16.0.1", ExcludeIps: []string{"10.16.0.1..10.16.0.10..10.16.0.12"}, Provider: OvnProvider, GatewayType: kubeovnv1.GWDistributedType, }, - Status: kubeovnv1.SubnetStatus{}, }, err: "in excludeIps is not a valid ip range", }, { name: "ExcludeIPFormatErr2", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "utest-excludeiperr", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv4, - Namespaces: nil, CIDRBlock: "10.16.0.0/16", Gateway: "10.16.0.1", ExcludeIps: []string{"10.16.0.1.."}, Provider: OvnProvider, GatewayType: kubeovnv1.GWDistributedType, }, - Status: kubeovnv1.SubnetStatus{}, }, err: "excludeIps is not a valid address", }, { name: "ExcludeIPNotIPErr", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "utest-excludeiperr", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv4, - Namespaces: nil, CIDRBlock: "10.16.0.0/16", Gateway: "10.16.0.1", ExcludeIps: []string{"10.16.1..10.16.10"}, Provider: OvnProvider, GatewayType: kubeovnv1.GWDistributedType, }, - Status: kubeovnv1.SubnetStatus{}, }, err: "in excludeIps is not a valid address", }, { name: "ExcludeIPRangeErr", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "utest-excludecidrerr", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv4, - Namespaces: nil, CIDRBlock: "10.16.0.0/16", Gateway: "10.16.0.1", ExcludeIps: []string{"10.16.0.2..10.16.0.1"}, Provider: OvnProvider, GatewayType: kubeovnv1.GWDistributedType, }, - Status: kubeovnv1.SubnetStatus{}, }, err: "10.16.0.2..10.16.0.1 in excludeIps is not a valid ip range", }, { name: "AllowCIDRErr", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "utest-allowcidrerr", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv4, - Namespaces: nil, CIDRBlock: "10.16.0.0/16", Gateway: "10.16.0.1", ExcludeIps: []string{"10.16.0.1..10.16.0.10"}, @@ -609,22 +494,19 @@ func TestValidateSubnet(t *testing.T) { Private: true, AllowSubnets: []string{"10.18.0/16"}, }, - Status: kubeovnv1.SubnetStatus{}, }, err: "10.18.0/16 in allowSubnets is not a valid address", }, { name: "AllowSubnetsUppercaseErr", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "ut-allow-subnets-uppercase-err", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv6, - Namespaces: nil, CIDRBlock: "2001:db8::/32", Gateway: "2001:db8::1", ExcludeIps: []string{"2001:db8::a"}, @@ -633,66 +515,57 @@ func TestValidateSubnet(t *testing.T) { Private: true, AllowSubnets: []string{"2001:dB8::/32"}, }, - Status: kubeovnv1.SubnetStatus{}, }, err: "subnet ut-allow-subnets-uppercase-err allow subnet 2001:dB8::/32 v6 ip address can not contain upper case", }, { name: "gatewaytypeErr", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "utest-gatewaytypeerr", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv4, - Namespaces: nil, CIDRBlock: "10.16.0.0/16", Gateway: "10.16.0.1", ExcludeIps: []string{"10.16.0.1..10.16.0.10"}, Provider: OvnProvider, GatewayType: "damn", }, - Status: kubeovnv1.SubnetStatus{}, }, err: "damn is not a valid gateway type", }, { name: "apiserverSVCErr", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "utest-apisvcerr", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv4, - Namespaces: nil, CIDRBlock: "10.20.0.0/16", Gateway: "10.20.0.1", ExcludeIps: []string{"10.20.0.1..10.20.0.10"}, Provider: OvnProvider, GatewayType: kubeovnv1.GWDistributedType, }, - Status: kubeovnv1.SubnetStatus{}, }, err: "subnet utest-apisvcerr cidr 10.20.0.0/16 conflicts with k8s apiserver svc ip 10.20.0.1", }, { name: "ExgressGWErr1", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "utest-exgatewayerr", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv4, - Namespaces: nil, CIDRBlock: "10.16.0.0/16", Gateway: "10.16.0.1", ExcludeIps: []string{"10.16.0.1..10.16.0.10"}, @@ -701,70 +574,59 @@ func TestValidateSubnet(t *testing.T) { ExternalEgressGateway: "192.178.2.1", NatOutgoing: true, }, - Status: kubeovnv1.SubnetStatus{}, }, err: "conflict configuration: natOutgoing and externalEgressGateway", }, { name: "ExgressGWErr2", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "utest-exgatewayerr", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv4, - Namespaces: nil, CIDRBlock: "10.16.0.0/16", Gateway: "10.16.0.1", ExcludeIps: []string{"10.16.0.2..10.16.0.10"}, Provider: OvnProvider, GatewayType: kubeovnv1.GWDistributedType, ExternalEgressGateway: "192.178.2.1,192.178.2.2,192.178.2.3", - NatOutgoing: false, }, - Status: kubeovnv1.SubnetStatus{}, }, err: "invalid external egress gateway configuration", }, { name: "ExgressGWErr3", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "utest-exgatewayerr", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv4, - Namespaces: nil, CIDRBlock: "10.16.0.0/16", Gateway: "10.16.0.1", ExcludeIps: []string{"10.16.0.2..10.16.0.10"}, Provider: OvnProvider, GatewayType: kubeovnv1.GWDistributedType, ExternalEgressGateway: "192.178.2.1,192.178..2", - NatOutgoing: false, }, - Status: kubeovnv1.SubnetStatus{}, }, err: "IP 192.178..2 in externalEgressGateway is not a valid address", }, { name: "ExgressGWErr4", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "utest-exgatewayerr", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv4, - Namespaces: nil, CIDRBlock: "10.16.0.0/16", Gateway: "10.16.0.1", ExcludeIps: []string{"10.16.0.1"}, @@ -772,22 +634,19 @@ func TestValidateSubnet(t *testing.T) { GatewayType: kubeovnv1.GWDistributedType, ExternalEgressGateway: "192.178.2.1,fd00:10:16::1", }, - Status: kubeovnv1.SubnetStatus{}, }, err: "invalid external egress gateway configuration: address family is conflict with CIDR", }, { name: "ExgressGWErr5", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "utest-exgatewayerr", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv4, - Namespaces: nil, CIDRBlock: "10.16.0.0/16", Gateway: "10.16.0.1", ExcludeIps: []string{"10.16.0.1..10.16.0.10"}, @@ -795,95 +654,81 @@ func TestValidateSubnet(t *testing.T) { GatewayType: kubeovnv1.GWDistributedType, Vips: []string{"10.17.2.1"}, }, - Status: kubeovnv1.SubnetStatus{}, }, err: "vip 10.17.2.1 conflicts with subnet utest-exgatewayerr cidr 10.16.0.0/16", }, { name: "CIDRformErr", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "utest", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv4, - Namespaces: nil, CIDRBlock: "10.16.0/16", Gateway: "10.16.0.1", ExcludeIps: []string{"10.16.0.1"}, Provider: OvnProvider, GatewayType: kubeovnv1.GWDistributedType, }, - Status: kubeovnv1.SubnetStatus{}, }, err: "gateway 10.16.0.1 is not in cidr 10.16.0/16", }, { name: "ExcludeIPErr", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "utest", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv4, - Namespaces: nil, CIDRBlock: "10.16.0.0/16", Gateway: "10.16.0.1", ExcludeIps: []string{"10.16.1"}, Provider: OvnProvider, GatewayType: kubeovnv1.GWDistributedType, }, - Status: kubeovnv1.SubnetStatus{}, }, err: "ip 10.16.1 in excludeIps is not a valid address", }, { name: "ValidPTPSubnet", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "utest-ptpsubnet", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv4, - Namespaces: nil, CIDRBlock: "10.16.0.0/31", Gateway: "10.16.0.0", ExcludeIps: []string{"10.16.0.0"}, Provider: OvnProvider, GatewayType: kubeovnv1.GWDistributedType, }, - Status: kubeovnv1.SubnetStatus{}, }, - err: "", }, { name: "Invalid/32Subnet", - asubnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, + subnet: kubeovnv1.Subnet{ ObjectMeta: metav1.ObjectMeta{ Name: "utest-ptpsubnet", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv4, - Namespaces: nil, CIDRBlock: "10.16.0.0/32", Gateway: "10.16.0.0", ExcludeIps: []string{"10.16.0.0"}, Provider: OvnProvider, GatewayType: kubeovnv1.GWDistributedType, }, - Status: kubeovnv1.SubnetStatus{}, }, err: "validate gateway 10.16.0.0 for cidr 10.16.0.0/32 failed: subnet 10.16.0.0/32 is configured with /32 or /128 netmask", }, @@ -891,9 +736,9 @@ func TestValidateSubnet(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - ret := ValidateSubnet(tt.asubnet) + ret := ValidateSubnet(tt.subnet) if !ErrorContains(ret, tt.err) { - t.Errorf("got %v, want a %v", ret, tt.err) + t.Errorf("got %v, want %v", ret, tt.err) } }) } @@ -908,119 +753,119 @@ func TestValidatePodNetwork(t *testing.T) { { name: "podIP", annotations: map[string]string{ - "ovn.kubernetes.io/ip_address": "10.16.0.15", - "ovn.kubernetes.io/mac_address": "00:00:00:54:17:2A", - "ovn.kubernetes.io/ip_pool": "10.16.0.15,10.16.0.16,10.16.0.17", - "ovn.kubernetes.io/ingress_rate": "3", - "ovn.kubernetes.io/egress_rate": "1", - "ovn.kubernetes.io/cidr": "10.16.0.0/16", + IPAddressAnnotation: "10.16.0.15", + MacAddressAnnotation: "00:00:00:54:17:2A", + IPPoolAnnotation: "10.16.0.15,10.16.0.16,10.16.0.17", + IngressRateAnnotation: "3", + EgressRateAnnotation: "1", + CidrAnnotation: "10.16.0.0/16", }, err: "", }, { name: "podIPDual", annotations: map[string]string{ - "ovn.kubernetes.io/ip_address": "10.244.0.0/16,fd00:10:244:0:2::/80", - "ovn.kubernetes.io/mac_address": "00:00:00:54:17:2A", - "ovn.kubernetes.io/ip_pool": "10.16.0.15,10.16.0.16,10.16.0.17", - "ovn.kubernetes.io/ingress_rate": "3", - "ovn.kubernetes.io/egress_rate": "1", + IPAddressAnnotation: "10.244.0.0/16,fd00:10:244:0:2::/80", + MacAddressAnnotation: "00:00:00:54:17:2A", + IPPoolAnnotation: "10.16.0.15,10.16.0.16,10.16.0.17", + IngressRateAnnotation: "3", + EgressRateAnnotation: "1", }, err: "", }, { name: "podIPErr1", annotations: map[string]string{ - "ovn.kubernetes.io/ip_address": "10.244.000.0/16,fd00:10:244:0:2::/80", - "ovn.kubernetes.io/mac_address": "00:00:00:54:17:2A", - "ovn.kubernetes.io/ip_pool": "10.16.0.15,10.16.0.16,10.16.0.17", - "ovn.kubernetes.io/ingress_rate": "3", - "ovn.kubernetes.io/egress_rate": "1", + IPAddressAnnotation: "10.244.000.0/16,fd00:10:244:0:2::/80", + MacAddressAnnotation: "00:00:00:54:17:2A", + IPPoolAnnotation: "10.16.0.15,10.16.0.16,10.16.0.17", + IngressRateAnnotation: "3", + EgressRateAnnotation: "1", }, - err: "10.244.000.0/16 is not a valid ovn.kubernetes.io/ip_address", + err: "10.244.000.0/16 is not a valid " + IPAddressAnnotation, }, { name: "podIPNotCIDRErr", annotations: map[string]string{ - "ovn.kubernetes.io/ip_address": "10.244.0.0/16,fd00:10:244:0:2::::", - "ovn.kubernetes.io/mac_address": "00:00:00:54:17:2A", - "ovn.kubernetes.io/ip_pool": "10.16.0.15,10.16.0.16,10.16.0.17", - "ovn.kubernetes.io/ingress_rate": "3", - "ovn.kubernetes.io/egress_rate": "1", + IPAddressAnnotation: "10.244.0.0/16,fd00:10:244:0:2::::", + MacAddressAnnotation: "00:00:00:54:17:2A", + IPPoolAnnotation: "10.16.0.15,10.16.0.16,10.16.0.17", + IngressRateAnnotation: "3", + EgressRateAnnotation: "1", }, - err: "fd00:10:244:0:2:::: is not a valid ovn.kubernetes.io/ip_address", + err: "fd00:10:244:0:2:::: is not a valid " + IPAddressAnnotation, }, { name: "podIPCIDRErr", annotations: map[string]string{ - "ovn.kubernetes.io/ip_address": "10.244.0.0/16,fd00:10:244:0:2::/80", - "ovn.kubernetes.io/mac_address": "00:00:00:54:17:2A", - "ovn.kubernetes.io/ip_pool": "10.16.0.15,10.16.0.16,10.16.0.17", - "ovn.kubernetes.io/ingress_rate": "3", - "ovn.kubernetes.io/egress_rate": "1", - "ovn.kubernetes.io/cidr": "10.16.0/16", + IPAddressAnnotation: "10.244.0.0/16,fd00:10:244:0:2::/80", + MacAddressAnnotation: "00:00:00:54:17:2A", + IPPoolAnnotation: "10.16.0.15,10.16.0.16,10.16.0.17", + IngressRateAnnotation: "3", + EgressRateAnnotation: "1", + CidrAnnotation: "10.16.0/16", }, err: "invalid cidr 10.16.0/16", }, { name: "podIPErr4", annotations: map[string]string{ - "ovn.kubernetes.io/ip_address": "10.244.0.0/16,fd00:10:244:0:2::/80", - "ovn.kubernetes.io/mac_address": "00:00:00:54:17:2A", - "ovn.kubernetes.io/ip_pool": "10.16.0.15,10.16.0.16,10.16.0.17", - "ovn.kubernetes.io/ingress_rate": "3", - "ovn.kubernetes.io/egress_rate": "1", - "ovn.kubernetes.io/cidr": "10.16.0.0/16", + IPAddressAnnotation: "10.244.0.0/16,fd00:10:244:0:2::/80", + MacAddressAnnotation: "00:00:00:54:17:2A", + IPPoolAnnotation: "10.16.0.15,10.16.0.16,10.16.0.17", + IngressRateAnnotation: "3", + EgressRateAnnotation: "1", + CidrAnnotation: "10.16.0.0/16", }, err: "10.244.0.0/16 not in cidr 10.16.0.0/16", }, { name: "podMacErr", annotations: map[string]string{ - "ovn.kubernetes.io/ip_address": "10.16.0.15", - "ovn.kubernetes.io/mac_address": "00:00:54:17:2A", - "ovn.kubernetes.io/ip_pool": "10.16.0.15,10.16.0.16,10.16.0.17", - "ovn.kubernetes.io/ingress_rate": "3", - "ovn.kubernetes.io/egress_rate": "1", - "ovn.kubernetes.io/cidr": "10.16.0.0/16", + IPAddressAnnotation: "10.16.0.15", + MacAddressAnnotation: "00:00:54:17:2A", + IPPoolAnnotation: "10.16.0.15,10.16.0.16,10.16.0.17", + IngressRateAnnotation: "3", + EgressRateAnnotation: "1", + CidrAnnotation: "10.16.0.0/16", }, - err: "00:00:54:17:2A is not a valid ovn.kubernetes.io/mac_address", + err: "00:00:54:17:2A is not a valid " + MacAddressAnnotation, }, { name: "podIPPollErr", annotations: map[string]string{ - "ovn.kubernetes.io/ip_address": "10.16.0.15", - "ovn.kubernetes.io/mac_address": "00:00:00:54:17:2A", - "ovn.kubernetes.io/ip_pool": "10.16.1111.15,10.16.0.16,10.16.0.17", - "ovn.kubernetes.io/ingress_rate": "3", - "ovn.kubernetes.io/egress_rate": "1", - "ovn.kubernetes.io/cidr": "10.16.0.0/16", + IPAddressAnnotation: "10.16.0.15", + MacAddressAnnotation: "00:00:00:54:17:2A", + IPPoolAnnotation: "10.16.1111.15,10.16.0.16,10.16.0.17", + IngressRateAnnotation: "3", + EgressRateAnnotation: "1", + CidrAnnotation: "10.16.0.0/16", }, - err: "10.16.1111.15 in ovn.kubernetes.io/ip_pool is not a valid address", + err: "10.16.1111.15 in " + IPPoolAnnotation + " is not a valid address", }, { name: "ingRaErr", annotations: map[string]string{ - "ovn.kubernetes.io/ip_address": "10.16.0.15", - "ovn.kubernetes.io/mac_address": "00:00:00:54:17:2A", - "ovn.kubernetes.io/ip_pool": "10.16.0.15,10.16.0.16,10.16.0.17", - "ovn.kubernetes.io/ingress_rate": "a3", - "ovn.kubernetes.io/egress_rate": "1", - "ovn.kubernetes.io/cidr": "10.16.0.0/16", + IPAddressAnnotation: "10.16.0.15", + MacAddressAnnotation: "00:00:00:54:17:2A", + IPPoolAnnotation: "10.16.0.15,10.16.0.16,10.16.0.17", + IngressRateAnnotation: "a3", + EgressRateAnnotation: "1", + CidrAnnotation: "10.16.0.0/16", }, - err: "a3 is not a valid ovn.kubernetes.io/ingress_rate", + err: "a3 is not a valid " + IngressRateAnnotation, }, { name: "EgRatErr", annotations: map[string]string{ - "ovn.kubernetes.io/ip_address": "10.16.0.15", - "ovn.kubernetes.io/mac_address": "00:00:00:54:17:2A", - "ovn.kubernetes.io/ip_pool": "10.16.0.15,10.16.0.16,10.16.0.17", - "ovn.kubernetes.io/ingress_rate": "3", - "ovn.kubernetes.io/egress_rate": "a1", - "ovn.kubernetes.io/cidr": "10.16.0.0/16", + IPAddressAnnotation: "10.16.0.15", + MacAddressAnnotation: "00:00:00:54:17:2A", + IPPoolAnnotation: "10.16.0.15,10.16.0.16,10.16.0.17", + IngressRateAnnotation: "3", + EgressRateAnnotation: "a1", + CidrAnnotation: "10.16.0.0/16", }, - err: "a1 is not a valid ovn.kubernetes.io/egress_rate", + err: "a1 is not a valid " + EgressRateAnnotation, }, } for _, tt := range tests { @@ -1028,7 +873,7 @@ func TestValidatePodNetwork(t *testing.T) { t.Logf("test case %v", tt.name) ret := ValidatePodNetwork(tt.annotations) if !ErrorContains(ret, tt.err) { - t.Errorf("got %v, want a error %v", ret, tt.err) + t.Errorf("got %v, want error %v", ret, tt.err) } }) } @@ -1076,7 +921,7 @@ func TestValidateNetworkBroadcast(t *testing.T) { t.Run(tt.name, func(t *testing.T) { ret := ValidateNetworkBroadcast(tt.cidr, tt.ip) if !ErrorContains(ret, tt.err) { - t.Errorf("got %v, want a error %v", ret, tt.err) + t.Errorf("got %v, want error %v", ret, tt.err) } }) } @@ -1092,15 +937,13 @@ func TestValidateCidrConflict(t *testing.T) { { name: "base", subnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, ObjectMeta: metav1.ObjectMeta{ Name: "utest0", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv4, - Namespaces: nil, CIDRBlock: "10.16.0.0/16", Gateway: "10.17.0.1", ExcludeIps: []string{"10.16.0.1"}, @@ -1108,43 +951,34 @@ func TestValidateCidrConflict(t *testing.T) { GatewayType: kubeovnv1.GWDistributedType, Vlan: "123", }, - Status: kubeovnv1.SubnetStatus{}, }, - subnetList: []kubeovnv1.Subnet{ - { - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, - ObjectMeta: metav1.ObjectMeta{ - Name: "utest0", - }, - Spec: kubeovnv1.SubnetSpec{ - Default: true, - Vpc: "ovn-cluster11", - Protocol: kubeovnv1.ProtocolIPv4, - Namespaces: nil, - CIDRBlock: "10.16.0.0/16", - Gateway: "10.17.0.1", - ExcludeIps: []string{"10.16.0.1"}, - Provider: OvnProvider, - GatewayType: kubeovnv1.GWDistributedType, - Vlan: "1234", - }, - Status: kubeovnv1.SubnetStatus{}, + subnetList: []kubeovnv1.Subnet{{ + ObjectMeta: metav1.ObjectMeta{ + Name: "utest0", }, - }, - err: "", + Spec: kubeovnv1.SubnetSpec{ + Default: true, + Vpc: "ovn-cluster11", + Protocol: kubeovnv1.ProtocolIPv4, + CIDRBlock: "10.16.0.0/16", + Gateway: "10.17.0.1", + ExcludeIps: []string{"10.16.0.1"}, + Provider: OvnProvider, + GatewayType: kubeovnv1.GWDistributedType, + Vlan: "1234", + }, + }}, }, { name: "cidrOverlapErr", subnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, ObjectMeta: metav1.ObjectMeta{ Name: "utest0", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv4, - Namespaces: nil, CIDRBlock: "10.16.0.0/16", Gateway: "10.17.0.1", ExcludeIps: []string{"10.16.0.1"}, @@ -1152,43 +986,35 @@ func TestValidateCidrConflict(t *testing.T) { GatewayType: kubeovnv1.GWDistributedType, Vlan: "123", }, - Status: kubeovnv1.SubnetStatus{}, }, - subnetList: []kubeovnv1.Subnet{ - { - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, - ObjectMeta: metav1.ObjectMeta{ - Name: "utest1", - }, - Spec: kubeovnv1.SubnetSpec{ - Default: true, - Vpc: "ovn-cluster", - Protocol: kubeovnv1.ProtocolIPv4, - Namespaces: nil, - CIDRBlock: "10.16.0.0/16", - Gateway: "10.17.0.1", - ExcludeIps: []string{"10.16.0.1"}, - Provider: OvnProvider, - GatewayType: kubeovnv1.GWDistributedType, - Vlan: "123", - }, - Status: kubeovnv1.SubnetStatus{}, + subnetList: []kubeovnv1.Subnet{{ + ObjectMeta: metav1.ObjectMeta{ + Name: "utest1", }, - }, + Spec: kubeovnv1.SubnetSpec{ + Default: true, + Vpc: DefaultVpc, + Protocol: kubeovnv1.ProtocolIPv4, + CIDRBlock: "10.16.0.0/16", + Gateway: "10.17.0.1", + ExcludeIps: []string{"10.16.0.1"}, + Provider: OvnProvider, + GatewayType: kubeovnv1.GWDistributedType, + Vlan: "123", + }, + }}, err: "10.16.0.0/16 is conflict with subnet utest1 cidr 10.16.0.0/16", }, { name: "cidrOverlapErr", subnet: kubeovnv1.Subnet{ - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, ObjectMeta: metav1.ObjectMeta{ Name: "utest0", }, Spec: kubeovnv1.SubnetSpec{ Default: true, - Vpc: "ovn-cluster", + Vpc: DefaultVpc, Protocol: kubeovnv1.ProtocolIPv4, - Namespaces: nil, CIDRBlock: "10.16.0.0/16", Gateway: "10.16.0.1", ExcludeIps: []string{"10.16.0.1"}, @@ -1198,31 +1024,25 @@ func TestValidateCidrConflict(t *testing.T) { ExternalEgressGateway: "12.12.123.12", PolicyRoutingTableID: 111, }, - Status: kubeovnv1.SubnetStatus{}, }, - subnetList: []kubeovnv1.Subnet{ - { - TypeMeta: metav1.TypeMeta{Kind: "Subnet", APIVersion: "kubeovn.io/v1"}, - ObjectMeta: metav1.ObjectMeta{ - Name: "utest1", - }, - Spec: kubeovnv1.SubnetSpec{ - Default: true, - Vpc: "ovn-cluster", - Protocol: kubeovnv1.ProtocolIPv4, - Namespaces: nil, - CIDRBlock: "10.17.0.0/16", - Gateway: "10.17.0.1", - ExcludeIps: []string{"10.16.0.1"}, - Provider: OvnProvider, - GatewayType: kubeovnv1.GWDistributedType, - Vlan: "123", - ExternalEgressGateway: "12.12.123.12", - PolicyRoutingTableID: 111, - }, - Status: kubeovnv1.SubnetStatus{}, + subnetList: []kubeovnv1.Subnet{{ + ObjectMeta: metav1.ObjectMeta{ + Name: "utest1", }, - }, + Spec: kubeovnv1.SubnetSpec{ + Default: true, + Vpc: DefaultVpc, + Protocol: kubeovnv1.ProtocolIPv4, + CIDRBlock: "10.17.0.0/16", + Gateway: "10.17.0.1", + ExcludeIps: []string{"10.16.0.1"}, + Provider: OvnProvider, + GatewayType: kubeovnv1.GWDistributedType, + Vlan: "123", + ExternalEgressGateway: "12.12.123.12", + PolicyRoutingTableID: 111, + }, + }}, err: "subnet utest0 policy routing table ID 111 is conflict with subnet utest1 policy routing table ID 111", }, } @@ -1230,7 +1050,7 @@ func TestValidateCidrConflict(t *testing.T) { t.Run(tt.name, func(t *testing.T) { ret := ValidateCidrConflict(tt.subnet, tt.subnetList) if !ErrorContains(ret, tt.err) { - t.Errorf("got %v, want a error", ret) + t.Errorf("got %v, want error %v", ret, tt.err) } }) } @@ -1246,30 +1066,25 @@ func TestValidateNatOutgoingPolicyRules(t *testing.T) { name: "valid rules", subnet: kubeovnv1.Subnet{ Spec: kubeovnv1.SubnetSpec{ - NatOutgoingPolicyRules: []kubeovnv1.NatOutgoingPolicyRule{ - { - Match: kubeovnv1.NatOutGoingPolicyMatch{ - SrcIPs: "10.0.0.0/24", - DstIPs: "192.168.0.0/16", - }, + NatOutgoingPolicyRules: []kubeovnv1.NatOutgoingPolicyRule{{ + Match: kubeovnv1.NatOutGoingPolicyMatch{ + SrcIPs: "10.0.0.0/24", + DstIPs: "192.168.0.0/16", }, - }, + }}, }, }, - err: "", }, { name: "invalid src ips", subnet: kubeovnv1.Subnet{ Spec: kubeovnv1.SubnetSpec{ - NatOutgoingPolicyRules: []kubeovnv1.NatOutgoingPolicyRule{ - { - Match: kubeovnv1.NatOutGoingPolicyMatch{ - SrcIPs: "invalid", - DstIPs: "192.168.0.0/16", - }, + NatOutgoingPolicyRules: []kubeovnv1.NatOutgoingPolicyRule{{ + Match: kubeovnv1.NatOutGoingPolicyMatch{ + SrcIPs: "invalid", + DstIPs: "192.168.0.0/16", }, - }, + }}, }, }, err: "validate nat policy rules src ips invalid failed with err", @@ -1294,14 +1109,12 @@ func TestValidateNatOutgoingPolicyRules(t *testing.T) { name: "mismatched protocols", subnet: kubeovnv1.Subnet{ Spec: kubeovnv1.SubnetSpec{ - NatOutgoingPolicyRules: []kubeovnv1.NatOutgoingPolicyRule{ - { - Match: kubeovnv1.NatOutGoingPolicyMatch{ - SrcIPs: "10.0.0.0/24", - DstIPs: "2001:db8::/64", - }, + NatOutgoingPolicyRules: []kubeovnv1.NatOutgoingPolicyRule{{ + Match: kubeovnv1.NatOutGoingPolicyMatch{ + SrcIPs: "10.0.0.0/24", + DstIPs: "2001:db8::/64", }, - }, + }}, }, }, err: "Match.SrcIPS protocol IPv4 not equal to Match.DstIPs protocol IPv6", @@ -1329,23 +1142,17 @@ func TestValidateVpc(t *testing.T) { name: "valid vpc", vpc: &kubeovnv1.Vpc{ Spec: kubeovnv1.VpcSpec{ - StaticRoutes: []*kubeovnv1.StaticRoute{ - { - CIDR: "192.168.0.0/24", - NextHopIP: "10.0.0.1", - }, - }, - PolicyRoutes: []*kubeovnv1.PolicyRoute{ - { - Action: kubeovnv1.PolicyRouteActionAllow, - NextHopIP: "10.0.0.1", - }, - }, - VpcPeerings: []*kubeovnv1.VpcPeering{ - { - LocalConnectIP: "192.168.1.0/24", - }, - }, + StaticRoutes: []*kubeovnv1.StaticRoute{{ + CIDR: "192.168.0.0/24", + NextHopIP: "10.0.0.1", + }}, + PolicyRoutes: []*kubeovnv1.PolicyRoute{{ + Action: kubeovnv1.PolicyRouteActionAllow, + NextHopIP: "10.0.0.1", + }}, + VpcPeerings: []*kubeovnv1.VpcPeering{{ + LocalConnectIP: "192.168.1.0/24", + }}, }, }, wantErr: false, @@ -1354,13 +1161,11 @@ func TestValidateVpc(t *testing.T) { name: "invalid static route policy", vpc: &kubeovnv1.Vpc{ Spec: kubeovnv1.VpcSpec{ - StaticRoutes: []*kubeovnv1.StaticRoute{ - { - CIDR: "192.168.0.0/24", - NextHopIP: "10.0.0.1", - Policy: "invalid", - }, - }, + StaticRoutes: []*kubeovnv1.StaticRoute{{ + CIDR: "192.168.0.0/24", + NextHopIP: "10.0.0.1", + Policy: "invalid", + }}, }, }, wantErr: true, @@ -1369,23 +1174,17 @@ func TestValidateVpc(t *testing.T) { name: "invalid vpc static route CIDR", vpc: &kubeovnv1.Vpc{ Spec: kubeovnv1.VpcSpec{ - StaticRoutes: []*kubeovnv1.StaticRoute{ - { - CIDR: "192.168.%.0/24", - NextHopIP: "10.0.0.1", - }, - }, - PolicyRoutes: []*kubeovnv1.PolicyRoute{ - { - Action: kubeovnv1.PolicyRouteActionAllow, - NextHopIP: "10.0.0.1", - }, - }, - VpcPeerings: []*kubeovnv1.VpcPeering{ - { - LocalConnectIP: "192.168.1.0/24", - }, - }, + StaticRoutes: []*kubeovnv1.StaticRoute{{ + CIDR: "192.168.%.0/24", + NextHopIP: "10.0.0.1", + }}, + PolicyRoutes: []*kubeovnv1.PolicyRoute{{ + Action: kubeovnv1.PolicyRouteActionAllow, + NextHopIP: "10.0.0.1", + }}, + VpcPeerings: []*kubeovnv1.VpcPeering{{ + LocalConnectIP: "192.168.1.0/24", + }}, }, }, @@ -1396,12 +1195,10 @@ func TestValidateVpc(t *testing.T) { name: "invalid static route CIDR", vpc: &kubeovnv1.Vpc{ Spec: kubeovnv1.VpcSpec{ - StaticRoutes: []*kubeovnv1.StaticRoute{ - { - CIDR: "invalid", - NextHopIP: "10.0.0.1", - }, - }, + StaticRoutes: []*kubeovnv1.StaticRoute{{ + CIDR: "invalid", + NextHopIP: "10.0.0.1", + }}, }, }, wantErr: true, @@ -1410,12 +1207,10 @@ func TestValidateVpc(t *testing.T) { name: "invalid static route NextHopIP", vpc: &kubeovnv1.Vpc{ Spec: kubeovnv1.VpcSpec{ - StaticRoutes: []*kubeovnv1.StaticRoute{ - { - CIDR: "192.168.0.0/24", - NextHopIP: "invalid", - }, - }, + StaticRoutes: []*kubeovnv1.StaticRoute{{ + CIDR: "192.168.0.0/24", + NextHopIP: "invalid", + }}, }, }, wantErr: true, @@ -1424,12 +1219,10 @@ func TestValidateVpc(t *testing.T) { name: "invalid policy route action", vpc: &kubeovnv1.Vpc{ Spec: kubeovnv1.VpcSpec{ - PolicyRoutes: []*kubeovnv1.PolicyRoute{ - { - Action: "invalid", - NextHopIP: "10.0.0.1", - }, - }, + PolicyRoutes: []*kubeovnv1.PolicyRoute{{ + Action: "invalid", + NextHopIP: "10.0.0.1", + }}, }, }, wantErr: true, @@ -1438,12 +1231,10 @@ func TestValidateVpc(t *testing.T) { name: "invalid policy route NextHopIP", vpc: &kubeovnv1.Vpc{ Spec: kubeovnv1.VpcSpec{ - PolicyRoutes: []*kubeovnv1.PolicyRoute{ - { - Action: kubeovnv1.PolicyRouteActionReroute, - NextHopIP: "invalid", - }, - }, + PolicyRoutes: []*kubeovnv1.PolicyRoute{{ + Action: kubeovnv1.PolicyRouteActionReroute, + NextHopIP: "invalid", + }}, }, }, wantErr: true, @@ -1452,11 +1243,9 @@ func TestValidateVpc(t *testing.T) { name: "invalid vpc peering LocalConnectIP", vpc: &kubeovnv1.Vpc{ Spec: kubeovnv1.VpcSpec{ - VpcPeerings: []*kubeovnv1.VpcPeering{ - { - LocalConnectIP: "invalid", - }, - }, + VpcPeerings: []*kubeovnv1.VpcPeering{{ + LocalConnectIP: "invalid", + }}, }, }, wantErr: true, diff --git a/pkg/util/vpc_nat_gateway.go b/pkg/util/vpc_nat_gateway.go index ee88aac89fa..4b5a4c663af 100644 --- a/pkg/util/vpc_nat_gateway.go +++ b/pkg/util/vpc_nat_gateway.go @@ -146,11 +146,11 @@ func GenNatGwBgpSpeakerContainer(speakerParams kubeovnv1.VpcBgpSpeaker, speakerI ImagePullPolicy: corev1.PullIfNotPresent, Env: []corev1.EnvVar{ { - Name: GatewayNameEnv, + Name: EnvGatewayName, Value: gatewayName, }, { - Name: "POD_IP", + Name: EnvPodIP, ValueFrom: &corev1.EnvVarSource{ FieldRef: &corev1.ObjectFieldSelector{ FieldPath: "status.podIP", @@ -158,7 +158,7 @@ func GenNatGwBgpSpeakerContainer(speakerParams kubeovnv1.VpcBgpSpeaker, speakerI }, }, { - Name: "POD_IPS", + Name: EnvPodIPs, ValueFrom: &corev1.EnvVarSource{ FieldRef: &corev1.ObjectFieldSelector{ FieldPath: "status.podIPs", diff --git a/pkg/util/vpc_nat_gateway_test.go b/pkg/util/vpc_nat_gateway_test.go index f7adf3638d0..8aa7a29c78f 100644 --- a/pkg/util/vpc_nat_gateway_test.go +++ b/pkg/util/vpc_nat_gateway_test.go @@ -393,7 +393,7 @@ func TestGenNatGwBgpSpeakerContainer(t *testing.T) { // Check we inject the gateway name correctly, used by the speaker to retrieve EIPs by ownership firstEnv := result.Env[0] - if firstEnv.Name != GatewayNameEnv || firstEnv.Value != tc.gatewayName { + if firstEnv.Name != EnvGatewayName || firstEnv.Value != tc.gatewayName { t.Errorf("gateway name env injection is faulty, got %v", firstEnv) } }) diff --git a/test/e2e/framework/ovn_address_set.go b/test/e2e/framework/ovn_address_set.go index 1211e51ad73..54e9411c5f8 100644 --- a/test/e2e/framework/ovn_address_set.go +++ b/test/e2e/framework/ovn_address_set.go @@ -231,7 +231,7 @@ func resolveOVNNbConnection() (string, error) { } var targets []string - port := int32(6641) + port := util.NBDatabasePort if dbIPs != "" { for _, host := range splitAndTrim(dbIPs) { diff --git a/test/e2e/non-primary-cni/e2e_test.go b/test/e2e/non-primary-cni/e2e_test.go index 0e988a06343..e013d2c7ec9 100644 --- a/test/e2e/non-primary-cni/e2e_test.go +++ b/test/e2e/non-primary-cni/e2e_test.go @@ -13,6 +13,7 @@ import ( "testing" "time" + nadv1 "github.com/k8snetworkplumbingwg/network-attachment-definition-client/pkg/apis/k8s.cni.cncf.io/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" clientset "k8s.io/client-go/kubernetes" @@ -262,10 +263,12 @@ func waitForResourceReady(name string, getFunc func(string) any, readyFunc func( }, 60*time.Second, 2*time.Second).Should(gomega.BeTrue(), fmt.Sprintf("Resource %s should be ready", name)) } -// Helper function to get pod IP (primary or non-primary) -func getPodIP(pod *corev1.Pod) string { +// Helper function to get pod IPs (primary or non-primary) +func getPodIPs(pod *corev1.Pod) []string { + ginkgo.GinkgoHelper() + if isKubeOVNPrimaryCNI() { - return pod.Status.PodIP + return util.PodIPs(*pod) } return getPodNonPrimaryIP(pod) } @@ -327,15 +330,18 @@ var _ = framework.SerialDescribe("[group:non-primary-cni]", func() { pod2 := podClient.GetPod(podNames[1]) // Get pod IPs - pod1IP := getPodIP(pod1) - pod2IP := getPodIP(pod2) + pod1IPs := getPodIPs(pod1) + pod2IPs := getPodIPs(pod2) - framework.ExpectNotEmpty(pod1IP, "Pod1 should have an IP address") - framework.ExpectNotEmpty(pod2IP, "Pod2 should have an IP address") + framework.ExpectNotEmpty(pod1IPs, "Pod1 should have at least one IP address") + framework.ExpectNotEmpty(pod2IPs, "Pod2 should have at least one IP address") - description := fmt.Sprintf("from %s (%s) to %s (%s)", pod1.Name, pod1IP, pod2.Name, pod2IP) - err := testPodConnectivity(pod1, pod2IP, description) - framework.ExpectNoError(err, "Ping should succeed between pods in VPC") + pod1IP := strings.Join(pod1IPs, ",") + for _, pod2IP := range pod2IPs { + description := fmt.Sprintf("from %s (%s) to %s (%s)", pod1.Name, pod1IP, pod2.Name, pod2IP) + err := testPodConnectivity(pod1, pod2IP, description) + framework.ExpectNoError(err, "Ping should succeed between pods in VPC") + } }) }) }) @@ -471,8 +477,9 @@ var _ = framework.SerialDescribe("[group:non-primary-cni]", func() { framework.ExpectNotEmpty(snatEip.Status.IP, "EIP should have an IP address for SNAT testing") // Get source pod IP for SNAT - sourcePodIP := getPodIP(podObjs[i]) - framework.ExpectNotEmpty(sourcePodIP, "Source pod should have an IP address for SNAT testing") + sourcePodIPs := getPodIPs(podObjs[i]) + sourcePodIP := strings.Join(sourcePodIPs, ",") + framework.ExpectNotEmpty(sourcePodIPs, "Source pod should have an IP address for SNAT testing") ginkgo.By(fmt.Sprintf("Verifying SNAT mapping from pod %s (%s) to EIP %s", podObjs[i].Name, sourcePodIP, snatEip.Status.IP)) @@ -512,17 +519,22 @@ var _ = framework.SerialDescribe("[group:non-primary-cni]", func() { framework.ExpectNotEmpty(dnatEip.Status.IP, "EIP should have an IP address for DNAT testing") // Get target pod IP for DNAT - targetPodIP := getPodIP(podObjs[i]) - framework.ExpectNotEmpty(targetPodIP, "Target pod should have an IP address for DNAT testing") + targetPodIPs := getPodIPs(podObjs[i]) + framework.ExpectNotEmpty(targetPodIPs, "Target pod should have an IP address for DNAT testing") - ginkgo.By(fmt.Sprintf("Verifying DNAT mapping from EIP %s to pod %s (%s)", - dnatEip.Status.IP, podObjs[i].Name, targetPodIP)) - // We do not test the actual packet forwarding here, just the rule configuration - // The actual packet forwarding is not tested since it needs done from outside the cluster - // Use helper function to verify DNAT rule configuration - verifyDNATRule(&dnatRule, targetPodIP, dnatEip) - ginkgo.By(fmt.Sprintf("DNAT rule %s properly configured: EIP=%s -> Internal=%s", - dnatRule.Name, dnatRule.Spec.EIP, dnatRule.Spec.InternalIP)) + for _, targetPodIP := range targetPodIPs { + if util.CheckProtocol(targetPodIP) != util.CheckProtocol(dnatEip.Status.IP) { + continue + } + ginkgo.By(fmt.Sprintf("Verifying DNAT mapping from EIP %s to pod %s (%s)", + dnatEip.Status.IP, podObjs[i].Name, targetPodIP)) + // We do not test the actual packet forwarding here, just the rule configuration + // The actual packet forwarding is not tested since it needs done from outside the cluster + // Use helper function to verify DNAT rule configuration + verifyDNATRule(&dnatRule, targetPodIP, dnatEip) + ginkgo.By(fmt.Sprintf("DNAT rule %s properly configured: EIP=%s -> Internal=%s", + dnatRule.Name, dnatRule.Spec.EIP, dnatRule.Spec.InternalIP)) + } } ginkgo.By("Test pod-to-pod connectivity within VPC") @@ -531,12 +543,14 @@ var _ = framework.SerialDescribe("[group:non-primary-cni]", func() { pod1 := podObjs[0] pod2 := podObjs[1] - pod1IP := getPodIP(pod1) - pod2IP := getPodIP(pod2) + pod1IPs := getPodIPs(pod1) + pod2IPs := getPodIPs(pod2) - framework.ExpectNotEmpty(pod1IP, "Pod1 should have an IP address") - framework.ExpectNotEmpty(pod2IP, "Pod2 should have an IP address") + framework.ExpectNotEmpty(pod1IPs, "Pod1 should have at lease one IP address") + framework.ExpectNotEmpty(pod2IPs, "Pod2 should have at lease one IP address") + pod1IP := strings.Join(pod1IPs, ",") + pod2IP := strings.Join(pod2IPs, ",") description := fmt.Sprintf("pod-to-pod within VPC from %s (%s) to %s (%s)", pod1.Name, pod1IP, pod2.Name, pod2IP) err = testPodConnectivity(pod1, pod2IP, description) @@ -618,52 +632,59 @@ var _ = framework.SerialDescribe("[group:non-primary-cni]", func() { pod2 := podClient.GetPod(podNames[1]) // Get pod IPs - pod1IP := getPodIP(pod1) - pod2IP := getPodIP(pod2) - - framework.ExpectNotEmpty(pod1IP, "Pod1 should have an IP address") - framework.ExpectNotEmpty(pod2IP, "Pod2 should have an IP address") - - description := fmt.Sprintf("from %s (%s) to %s (%s)", pod1.Name, pod1IP, pod2.Name, pod2IP) - err := testPodConnectivity(pod1, pod2IP, description) - framework.ExpectNoError(err, "Ping should succeed between pods in logical network") + pod1IPs := getPodIPs(pod1) + pod2IPs := getPodIPs(pod2) + framework.ExpectNotEmpty(pod1IPs, "Pod1 should have at lease one IP address") + framework.ExpectNotEmpty(pod2IPs, "Pod2 should have at lease one IP address") + + pod1IP := strings.Join(pod1IPs, ",") + for _, pod2IP := range pod2IPs { + description := fmt.Sprintf("from %s (%s) to %s (%s)", pod1.Name, pod1IP, pod2.Name, pod2IP) + err := testPodConnectivity(pod1, pod2IP, description) + framework.ExpectNoError(err, "Ping should succeed between pods in logical network") + } }) }) }) // Helper function to get non-primary IP from pod annotation -func getPodNonPrimaryIP(pod *corev1.Pod) string { +func getPodNonPrimaryIP(pod *corev1.Pod) []string { + ginkgo.GinkgoHelper() + // For non-primary CNI, look for k8s.v1.cni.cncf.io/networks annotation - networkStatus := pod.Annotations["k8s.v1.cni.cncf.io/networks"] - if networkStatus == "" { - return "" + network := pod.Annotations[nadv1.NetworkAttachmentAnnot] + if network == "" { + return nil + } + + ips, err := util.PodAttachmentIPs(pod, network) + framework.ExpectNoError(err, "Failed to get pod attachment IPs for pod %s", pod.Name) + if len(ips) != 0 { + return ips } + // For Kube-OVN non-primary CNI, the IP is stored in a specific annotation format: // {network-attachment-name}.{namespace}.ovn.kubernetes.io/ip_address // Example: vpc-simple-nad.vpc-simple-ns.ovn.kubernetes.io/ip_address: 10.100.0.2 // Extract the network attachment definition name from the networks annotation // Format: namespace/nad-name (e.g., "vpc-simple-ns/vpc-simple-nad") - nadName := networkStatus - if nadName == "" { - return "" - } // Convert namespace/nad-name to nad-name.namespace.ovn.kubernetes.io/ip_address format - parts := strings.Split(nadName, "/") + parts := strings.Split(network, "/") if len(parts) != 2 { - return "" + return nil } namespace := parts[0] name := parts[1] // Construct the Kube-OVN IP annotation key - ipAnnotationKey := fmt.Sprintf("%s.%s.ovn.kubernetes.io/ip_address", name, namespace) + ipAnnotationKey := fmt.Sprintf(util.IPAddressAnnotationTemplate, fmt.Sprintf("%s.%s", name, namespace)) // Get the IP from the annotation ip := pod.Annotations[ipAnnotationKey] if ip != "" { - return ip + return strings.Split(ip, ",") } - return "" + return nil } // Helper function to verify DNAT rule configuration diff --git a/test/e2e/security/e2e_test.go b/test/e2e/security/e2e_test.go index da6dc289486..dfeae69e41c 100644 --- a/test/e2e/security/e2e_test.go +++ b/test/e2e/security/e2e_test.go @@ -22,6 +22,7 @@ import ( "github.com/onsi/ginkgo/v2" + "github.com/kubeovn/kube-ovn/pkg/util" "github.com/kubeovn/kube-ovn/test/e2e/framework" "github.com/kubeovn/kube-ovn/test/e2e/framework/docker" ) @@ -131,7 +132,7 @@ var _ = framework.Describe("[group:security]", func() { }) framework.ConformanceIt("ovn db should listen on specified addresses for client connections", func() { - checkDeployment(f, "ovn-central", "ovsdb-server", "6641", "6642") + checkDeployment(f, "ovn-central", "ovsdb-server", strconv.Itoa(int(util.NBDatabasePort)), strconv.Itoa(int(util.SBDatabasePort))) }) framework.ConformanceIt("kube-ovn-controller should listen on specified addresses", func() { diff --git a/yamls/speaker.yaml b/yamls/speaker.yaml index 0124a8a9afb..67c959bd09b 100644 --- a/yamls/speaker.yaml +++ b/yamls/speaker.yaml @@ -42,7 +42,7 @@ spec: - --neighbor-as=65030 - --cluster-as=65000 env: - - name: KUBE_NODE_NAME + - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName