feat: CNS writes CNI conflist on Windows. #2281

nddq · 2023-10-09T16:07:29Z

Reason for Change:

Allow CNS to write CNI conflist for SWIFT and SWIFT Overlay scenario on Windows.

Issue Fixed:

Requirements:

uses conventional commit messages
includes documentation
adds unit tests
relevant PR labels added

Notes:

nddq · 2023-10-10T15:20:44Z

/azp run

azure-pipelines · 2023-10-10T15:21:09Z

Azure Pipelines successfully started running 2 pipeline(s).

nddq · 2023-10-10T21:16:54Z

/azp run

azure-pipelines · 2023-10-10T21:17:23Z

Azure Pipelines successfully started running 2 pipeline(s).

camrynl · 2023-10-16T17:04:54Z

cns/cniconflist/generator_windows.go

+                        	"ExceptionList": [
+                            	"10.240.0.0/16",
+                            	"10.0.0.0/8"
+                        	]
+						}`),
+					},
+					{
+						Name: "EndpointPolicy",
+						Value: []byte(`{
+							"Type": "ROUTE",
+							"DestinationPrefix": "10.0.0.0/8",
+                        	"NeedEncap": true


could you fix the indentation spaces here?

@nddq it's a mix of spaces and tabs, you should replace it with all tabs

camrynl · 2023-10-16T17:05:08Z

cns/cniconflist/generator_windows.go

+                        	"ExceptionList": [
+                            	"10.240.0.0/16",
+                            	"10.0.0.0/8"
+                        	]
+						}`),
+					},
+					{
+						Name: "EndpointPolicy",
+						Value: []byte(`{
+							"Type": "ROUTE",
+							"DestinationPrefix": "10.0.0.0/8",
+                        	"NeedEncap": true


camrynl · 2023-10-16T17:08:08Z

cns/cniconflist/generator_windows.go

this could come in a later PR, but we should test this feature on our pipeline clusters

pjohnst5 · 2023-11-02T16:10:47Z

cns/cniconflist/testdata/fixtures/azure-windows-swift-overlay.conflist

@@ -0,0 +1,52 @@
+{


I know that in Windows AKS, the CNI conflist is generated dynamically based on a few things:

If the customer specified DisableOutboundNAT, then a certain ExceptionList for an EndpointPolicy will not be present

In the conflist I commented down below, this block is what I'm talking about:

{ "Name": "EndpointPolicy", "Value": { "Type": "OutBoundNAT", "ExceptionList": [ "fddc:be24:d690:87d::/64" ] } },

There are other settings that are dynamic, based on a few customer inputs, so we'll need to take all that into account when generating these Windows conflists

Here is where the Conflists are configured (altered) in Windows AKS: AgentBaker - azurecnifunc.ps1

I would also talk to @AbelHu about what all settings in a customer cluster, can change the Conflist (or read the script I linked, he gave it to me originally)

pjohnst5 · 2023-11-02T16:11:22Z

cns/cniconflist/testdata/fixtures/azure-windows-swift-overlay.conflist

@@ -0,0 +1,52 @@
+{
+	"cniVersion": "0.3.0",


Here is an example overlay conflist today in AKS, from a cluster that I just made once:

{ "cniVersion": "0.3.0", "name": "azure", "adapterName": "", "plugins": [ { "type": "azure-vnet", "mode": "bridge", "bridge": "azure0", "capabilities": { "portMappings": true, "dns": true }, "ipam": { "type": "azure-cns", "mode": "overlay" }, "dns": { "Nameservers": [ "10.0.0.10", "168.63.129.16" ], "Search": [ "svc.cluster.local" ] }, "AdditionalArgs": [ { "Name": "EndpointPolicy", "Value": { "Type": "OutBoundNAT", "ExceptionList": [ "10.244.0.0/16" ] } }, { "Name": "EndpointPolicy", "Value": { "Type": "OutBoundNAT", "ExceptionList": [ "fddc:be24:d690:87d::/64" ] } }, { "Name": "EndpointPolicy", "Value": { "Type": "ACL", "Protocols": "6", "Action": "Block", "Direction": "Out", "RemoteAddresses": "168.63.129.16/32", "RemotePorts": "80", "Priority": 200, "RuleType": "Switch" } }, { "Name": "EndpointPolicy", "Value": { "Type": "ACL", "Action": "Allow", "Direction": "In", "Priority": 65500 } }, { "Name": "EndpointPolicy", "Value": { "Type": "ACL", "Action": "Allow", "Direction": "Out", "Priority": 65500 } } ], "windowsSettings": { "enableLoopbackDSR": true } } ] }

github-actions · 2023-12-20T00:01:12Z

This pull request is stale because it has been open for 2 weeks with no activity. Remove stale label or comment or this will be closed in 7 days

github-actions · 2023-12-28T00:01:06Z

Pull request closed due to inactivity.

nddq added cns Related to CNS. cni Related to CNI. swift Related to SWIFT networking. windows labels Oct 9, 2023

nddq requested review from rbtr, camrynl, pjohnst5 and thatmattlong October 9, 2023 16:07

nddq self-assigned this Oct 9, 2023

nddq requested review from a team as code owners October 9, 2023 16:07

nddq force-pushed the feat/cns-writes-cni-conflist-on-windows branch 2 times, most recently from eb34786 to d1fa944 Compare October 9, 2023 20:27

nddq enabled auto-merge (squash) October 10, 2023 21:16

nddq force-pushed the feat/cns-writes-cni-conflist-on-windows branch 4 times, most recently from 71293ae to ad104ca Compare October 16, 2023 16:29

camrynl reviewed Oct 16, 2023

View reviewed changes

nddq force-pushed the feat/cns-writes-cni-conflist-on-windows branch from ad104ca to ec788d4 Compare October 17, 2023 19:56

rbtr requested a review from jaer-tsun October 23, 2023 20:08

rbtr force-pushed the feat/cns-writes-cni-conflist-on-windows branch from ec788d4 to 327b97b Compare October 24, 2023 19:31

nddq force-pushed the feat/cns-writes-cni-conflist-on-windows branch from 327b97b to 10324cc Compare October 27, 2023 00:55

pjohnst5 reviewed Nov 2, 2023

View reviewed changes

nddq added 2 commits November 2, 2023 16:27

init commit

7721a96

test: add tests

394f296

nddq added 3 commits November 2, 2023 16:27

refractor: change v4overlay to overlay

40dbfb4

fix: linter issue

b57df44

fix: use []byte instead of json.RawMessage

26c1d07

nddq force-pushed the feat/cns-writes-cni-conflist-on-windows branch from 10324cc to 26c1d07 Compare November 2, 2023 20:27

auto-merge was automatically disabled December 19, 2023 23:02
Merge queue setting changed

github-actions bot added the stale Stale due to inactivity. label Dec 20, 2023

github-actions bot closed this Dec 28, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: CNS writes CNI conflist on Windows. #2281

feat: CNS writes CNI conflist on Windows. #2281

nddq commented Oct 9, 2023

nddq commented Oct 10, 2023

azure-pipelines bot commented Oct 10, 2023

nddq commented Oct 10, 2023

azure-pipelines bot commented Oct 10, 2023

camrynl Oct 16, 2023

rbtr Oct 27, 2023

camrynl Oct 16, 2023

camrynl Oct 16, 2023

pjohnst5 Nov 2, 2023

pjohnst5 Nov 2, 2023

github-actions bot commented Dec 20, 2023

github-actions bot commented Dec 28, 2023

feat: CNS writes CNI conflist on Windows. #2281

feat: CNS writes CNI conflist on Windows. #2281

Conversation

nddq commented Oct 9, 2023

nddq commented Oct 10, 2023

azure-pipelines bot commented Oct 10, 2023

nddq commented Oct 10, 2023

azure-pipelines bot commented Oct 10, 2023

camrynl Oct 16, 2023

Choose a reason for hiding this comment

rbtr Oct 27, 2023

Choose a reason for hiding this comment

camrynl Oct 16, 2023

Choose a reason for hiding this comment

camrynl Oct 16, 2023

Choose a reason for hiding this comment

pjohnst5 Nov 2, 2023

Choose a reason for hiding this comment

pjohnst5 Nov 2, 2023

Choose a reason for hiding this comment

github-actions bot commented Dec 20, 2023

github-actions bot commented Dec 28, 2023