Dualstack overlay cni (#1925)

Author: paulyufan2

.pipelines/singletenancy/aks-swift/e2e-step-template.yaml

@@ -111,7 +111,7 @@ steps:
 
   - task: AzureCLI@2
     inputs:
-      azureSubscription: "Azure Container Networking - Test"
+      azureSubscription: $(AZURE_TEST_AGENT_SERVICE_CONNECTION)
       scriptLocation: "inlineScript"
       scriptType: "bash"
       addSpnToEnvironment: true

.pipelines/singletenancy/cilium/cilium-e2e-step-template.yaml

@@ -143,7 +143,7 @@ steps:
 
   - task: AzureCLI@2
     inputs:
-      azureSubscription: "Azure Container Networking - Test"
+      azureSubscription: $(AZURE_TEST_AGENT_SERVICE_CONNECTION)
       scriptLocation: "inlineScript"
       scriptType: "bash"
       addSpnToEnvironment: true

.pipelines/singletenancy/overlay/overlay-e2e-step-template.yaml

@@ -148,7 +148,7 @@ steps:
 
   - task: AzureCLI@2
     inputs:
-      azureSubscription: "Azure Container Networking - Test"
+      azureSubscription: $(AZURE_TEST_AGENT_SERVICE_CONNECTION)
       scriptLocation: "inlineScript"
       scriptType: "bash"
       addSpnToEnvironment: true

Makefile

@@ -65,6 +65,7 @@ CNI_MULTITENANCY_TRANSPARENT_VLAN_BUILD_DIR = $(BUILD_DIR)/cni-multitenancy-tran
 CNI_SWIFT_BUILD_DIR = $(BUILD_DIR)/cni-swift
 CNI_OVERLAY_BUILD_DIR = $(BUILD_DIR)/cni-overlay
 CNI_BAREMETAL_BUILD_DIR = $(BUILD_DIR)/cni-baremetal
+CNI_DUALSTACK_BUILD_DIR = $(BUILD_DIR)/cni-dualstack
 CNS_BUILD_DIR = $(BUILD_DIR)/cns
 NPM_BUILD_DIR = $(BUILD_DIR)/npm
 TOOLS_DIR = $(REPO_ROOT)/build/tools
@@ -94,6 +95,7 @@ CNI_MULTITENANCY_TRANSPARENT_VLAN_ARCHIVE_NAME = azure-vnet-cni-multitenancy-tra
 CNI_SWIFT_ARCHIVE_NAME = azure-vnet-cni-swift-$(GOOS)-$(GOARCH)-$(CNI_VERSION).$(ARCHIVE_EXT)
 CNI_OVERLAY_ARCHIVE_NAME = azure-vnet-cni-overlay-$(GOOS)-$(GOARCH)-$(CNI_VERSION).$(ARCHIVE_EXT)
 CNI_BAREMETAL_ARCHIVE_NAME = azure-vnet-cni-baremetal-$(GOOS)-$(GOARCH)-$(CNI_VERSION).$(ARCHIVE_EXT)
+CNI_DUALSTACK_ARCHIVE_NAME = azure-vnet-cni-overlay-dualstack-$(GOOS)-$(GOARCH)-$(CNI_VERSION).$(ARCHIVE_EXT)
 CNM_ARCHIVE_NAME = azure-vnet-cnm-$(GOOS)-$(GOARCH)-$(ACN_VERSION).$(ARCHIVE_EXT)
 CNS_ARCHIVE_NAME = azure-cns-$(GOOS)-$(GOARCH)-$(CNS_VERSION).$(ARCHIVE_EXT)
 NPM_ARCHIVE_NAME = azure-npm-$(GOOS)-$(GOARCH)-$(NPM_VERSION).$(ARCHIVE_EXT)
@@ -624,6 +626,12 @@ endif
 	cp $(CNI_BUILD_DIR)/azure-vnet$(EXE_EXT) $(CNI_BUILD_DIR)/azure-vnet-ipam$(EXE_EXT) $(CNI_BUILD_DIR)/azure-vnet-telemetry$(EXE_EXT) $(CNI_OVERLAY_BUILD_DIR)
 	cd $(CNI_OVERLAY_BUILD_DIR) && $(ARCHIVE_CMD) $(CNI_OVERLAY_ARCHIVE_NAME) azure-vnet$(EXE_EXT) azure-vnet-ipam$(EXE_EXT) azure-vnet-telemetry$(EXE_EXT) 10-azure.conflist azure-vnet-telemetry.config
 
+	$(MKDIR) $(CNI_DUALSTACK_BUILD_DIR)
+	cp cni/azure-$(GOOS)-swift-overlay-dualstack.conflist $(CNI_DUALSTACK_BUILD_DIR)/10-azure.conflist
+	cp telemetry/azure-vnet-telemetry.config $(CNI_DUALSTACK_BUILD_DIR)/azure-vnet-telemetry.config
+	cp $(CNI_BUILD_DIR)/azure-vnet$(EXE_EXT) $(CNI_BUILD_DIR)/azure-vnet-telemetry$(EXE_EXT) $(CNI_DUALSTACK_BUILD_DIR)
+	cd $(CNI_DUALSTACK_BUILD_DIR) && $(ARCHIVE_CMD) $(CNI_DUALSTACK_ARCHIVE_NAME) azure-vnet$(EXE_EXT) azure-vnet-telemetry$(EXE_EXT) 10-azure.conflist azure-vnet-telemetry.config
+
 #baremetal mode is windows only (at least for now)
 ifeq ($(GOOS),windows)
 	$(MKDIR) $(CNI_BAREMETAL_BUILD_DIR)

cni/azure-linux-swift-overlay-dualstack.conflist

@@ -0,0 +1,22 @@
+{
+   "cniVersion":"0.3.0",
+   "name":"azure",
+   "plugins":[
+      {
+         "type":"azure-vnet",
+         "mode":"transparent",
+         "ipsToRouteViaHost":["169.254.20.10"],
+         "ipam":{
+            "type":"azure-cns",
+            "mode":"dualStackOverlay"
+         }
+      },
+      {
+         "type":"portmap",
+         "capabilities":{
+            "portMappings":true
+         },
+         "snat":true
+      }
+   ]
+}

cni/azure-windows-swift-overlay-dualstack.conflist

@@ -0,0 +1,49 @@
+{
+    "cniVersion": "0.3.0",
+    "name": "azure",
+    "adapterName" : "",
+    "plugins": [
+        {
+            "type": "azure-vnet",
+            "mode": "bridge",
+            "bridge": "azure0",
+            "capabilities": {
+                "portMappings": true,
+                "dns": true
+            },
+            "ipam": {
+                "type": "azure-cns",
+                "mode": "dualStackOverlay"
+            },
+            "dns": {
+                "Nameservers": [
+                    "10.0.0.10",
+                    "168.63.129.16"
+                ],
+                "Search": [
+                    "svc.cluster.local"
+                ]
+            },
+            "AdditionalArgs": [
+                {
+                    "Name": "EndpointPolicy",
+                    "Value": {
+                        "Type": "OutBoundNAT",
+                        "ExceptionList": [
+                            "10.240.0.0/16",
+                            "10.0.0.0/8"
+                        ]
+                    }
+                },
+                {
+                    "Name": "EndpointPolicy",
+                    "Value": {
+                        "Type": "ROUTE",
+                        "DestinationPrefix": "10.0.0.0/8",
+                        "NeedEncap": true
+                    }
+                }
+            ]
+        }
+    ]
+}

cni/network/cnsclient.go

@@ -9,6 +9,8 @@ import (
 type cnsclient interface {
 	RequestIPAddress(ctx context.Context, ipconfig cns.IPConfigRequest) (*cns.IPConfigResponse, error)
 	ReleaseIPAddress(ctx context.Context, ipconfig cns.IPConfigRequest) error
+	RequestIPs(ctx context.Context, ipconfig cns.IPConfigsRequest) (*cns.IPConfigsResponse, error)
+	ReleaseIPs(ctx context.Context, ipconfig cns.IPConfigsRequest) error
 	GetNetworkContainer(ctx context.Context, orchestratorContext []byte) (*cns.GetNetworkContainerResponse, error)
 	GetAllNetworkContainers(ctx context.Context, orchestratorContext []byte) ([]cns.GetNetworkContainerResponse, error)
 }

cni/network/invoker_azure.go

@@ -18,6 +18,11 @@ import (
 	cniTypesCurr "github.com/containernetworking/cni/pkg/types/100"
 )
 
+const (
+	bytesSize4  = 4
+	bytesSize16 = 16
+)
+
 type AzureIPAMInvoker struct {
 	plugin delegatePlugin
 	nwInfo *network.NetworkInfo
@@ -122,7 +127,7 @@ func (invoker *AzureIPAMInvoker) deleteIpamState() {
 	}
 }
 
-func (invoker *AzureIPAMInvoker) Delete(address *net.IPNet, nwCfg *cni.NetworkConfig, _ *cniSkel.CmdArgs, options map[string]interface{}) error {
+func (invoker *AzureIPAMInvoker) Delete(address *net.IPNet, nwCfg *cni.NetworkConfig, _ *cniSkel.CmdArgs, options map[string]interface{}) error { //nolint
 	if nwCfg == nil {
 		return invoker.plugin.Errorf("nil nwCfg passed to CNI ADD, stack: %+v", string(debug.Stack()))
 	}
@@ -135,25 +140,28 @@ func (invoker *AzureIPAMInvoker) Delete(address *net.IPNet, nwCfg *cni.NetworkCo
 		if err := invoker.plugin.DelegateDel(nwCfg.IPAM.Type, nwCfg); err != nil {
 			return invoker.plugin.Errorf("Attempted to release address with error:  %v", err)
 		}
-	} else if len(address.IP.To4()) == 4 {
+	} else if len(address.IP.To4()) == bytesSize4 { //nolint:gocritic
 		nwCfg.IPAM.Address = address.IP.String()
-		log.Printf("Releasing ipv4 address :%s pool: %s",
-			nwCfg.IPAM.Address, nwCfg.IPAM.Subnet)
+		log.Printf("Releasing ipv4 address :%s pool: %s", nwCfg.IPAM.Address, nwCfg.IPAM.Subnet)
 		if err := invoker.plugin.DelegateDel(nwCfg.IPAM.Type, nwCfg); err != nil {
 			log.Printf("Failed to release ipv4 address: %v", err)
-			return invoker.plugin.Errorf("Failed to release ipv4 address: %v", err)
+			return invoker.plugin.Errorf("Failed to release ipv4 address: %v with error: ", nwCfg.IPAM.Address, err)
 		}
-	} else if len(address.IP.To16()) == 16 {
+	} else if len(address.IP.To16()) == bytesSize16 {
 		nwCfgIpv6 := *nwCfg
 		nwCfgIpv6.IPAM.Environment = common.OptEnvironmentIPv6NodeIpam
 		nwCfgIpv6.IPAM.Type = ipamV6
 		nwCfgIpv6.IPAM.Address = address.IP.String()
 		if len(invoker.nwInfo.Subnets) > 1 {
-			nwCfgIpv6.IPAM.Subnet = invoker.nwInfo.Subnets[1].Prefix.String()
+			for _, subnet := range invoker.nwInfo.Subnets {
+				if subnet.Prefix.IP.To4() == nil {
+					nwCfgIpv6.IPAM.Subnet = subnet.Prefix.String()
+					break
+				}
+			}
 		}
 
-		log.Printf("Releasing ipv6 address :%s pool: %s",
-			nwCfgIpv6.IPAM.Address, nwCfgIpv6.IPAM.Subnet)
+		log.Printf("Releasing ipv6 address :%s pool: %s", nwCfgIpv6.IPAM.Address, nwCfgIpv6.IPAM.Subnet)
 		if err := invoker.plugin.DelegateDel(nwCfgIpv6.IPAM.Type, &nwCfgIpv6); err != nil {
 			log.Printf("Failed to release ipv6 address: %v", err)
 			return invoker.plugin.Errorf("Failed to release ipv6 address: %v", err)