diff --git a/.gitignore b/.gitignore index f1e3c517a586..99218d88a69d 100644 --- a/.gitignore +++ b/.gitignore @@ -2,6 +2,7 @@ .vscode/* .DS_Store dist/images/test-server +dist/images/kube-ovn dist/images/kube-ovn-cmd dist/images/kube-ovn-webhook dist/windows/kube-ovn.exe diff --git a/pkg/daemon/gateway_linux.go b/pkg/daemon/gateway_linux.go index 45dc72a4ba72..48ff160e3b26 100644 --- a/pkg/daemon/gateway_linux.go +++ b/pkg/daemon/gateway_linux.go @@ -39,26 +39,26 @@ const ( ) const ( - NAT = "nat" - MANGLE = "mangle" - Prerouting = "PREROUTING" - Postrouting = "POSTROUTING" - Output = "OUTPUT" - OvnPrerouting = "OVN-PREROUTING" - OvnPostrouting = "OVN-POSTROUTING" - OvnOutput = "OVN-OUTPUT" - OvnMasquerade = "OVN-MASQUERADE" - OvnNatOutGoingPolicy = "OVN-NAT-POLICY" - OvnNatOutGoingPolicySubnet = "OVN-NAT-PSUBNET-" + NAT = util.NAT + MANGLE = util.Mangle + Prerouting = util.Prerouting + Postrouting = util.Postrouting + Output = util.Output + OvnPrerouting = util.OvnPrerouting + OvnPostrouting = util.OvnPostrouting + OvnOutput = util.OvnOutput + OvnMasquerade = util.OvnMasquerade + OvnNatOutGoingPolicy = util.OvnNatOutGoingPolicy + OvnNatOutGoingPolicySubnet = util.OvnNatOutGoingPolicySubnet ) const ( OnOutGoingNatMark = "0x90001/0x90001" OnOutGoingForwardMark = "0x90002/0x90002" - TProxyOutputMark = 0x90003 - TProxyOutputMask = 0x90003 - TProxyPreroutingMark = 0x90004 - TProxyPreroutingMask = 0x90004 + TProxyOutputMark = util.TProxyOutputMark + TProxyOutputMask = util.TProxyOutputMask + TProxyPreroutingMark = util.TProxyPreroutingMark + TProxyPreroutingMask = util.TProxyPreroutingMask ) type policyRouteMeta struct { diff --git a/pkg/util/const.go b/pkg/util/const.go index 091b14e74422..f40d856a5300 100644 --- a/pkg/util/const.go +++ b/pkg/util/const.go @@ -255,6 +255,23 @@ const ( NatPolicyRuleActionForward = "forward" NatPolicyRuleIDLength = 12 + NAT = "nat" + Mangle = "mangle" + Prerouting = "PREROUTING" + Postrouting = "POSTROUTING" + Output = "OUTPUT" + OvnPrerouting = "OVN-PREROUTING" + OvnPostrouting = "OVN-POSTROUTING" + OvnOutput = "OVN-OUTPUT" + OvnMasquerade = "OVN-MASQUERADE" + OvnNatOutGoingPolicy = "OVN-NAT-POLICY" + OvnNatOutGoingPolicySubnet = "OVN-NAT-PSUBNET-" + TProxyListenPort = 8102 TProxyRouteTable = 10001 + + TProxyOutputMark = 0x90003 + TProxyOutputMask = 0x90003 + TProxyPreroutingMark = 0x90004 + TProxyPreroutingMask = 0x90004 ) diff --git a/test/e2e/kube-ovn/pod/vpc_pod_probe.go b/test/e2e/kube-ovn/pod/vpc_pod_probe.go index 1f9fe629cf7b..3b1d20fc925c 100644 --- a/test/e2e/kube-ovn/pod/vpc_pod_probe.go +++ b/test/e2e/kube-ovn/pod/vpc_pod_probe.go @@ -10,7 +10,6 @@ import ( clientset "k8s.io/client-go/kubernetes" apiv1 "github.com/kubeovn/kube-ovn/pkg/apis/kubeovn/v1" - "github.com/kubeovn/kube-ovn/pkg/daemon" "github.com/kubeovn/kube-ovn/pkg/util" "github.com/kubeovn/kube-ovn/test/e2e/framework" "github.com/kubeovn/kube-ovn/test/e2e/framework/iptables" @@ -194,8 +193,8 @@ var _ = framework.SerialDescribe("[group:pod]", func() { func checkTProxyRules(f *framework.Framework, pod *corev1.Pod, probePort int, exist bool) { nodeName := pod.Spec.NodeName - tProxyOutputMarkMask := fmt.Sprintf("%#x/%#x", daemon.TProxyOutputMark, daemon.TProxyOutputMask) - tProxyPreRoutingMarkMask := fmt.Sprintf("%#x/%#x", daemon.TProxyPreroutingMark, daemon.TProxyPreroutingMask) + tProxyOutputMarkMask := fmt.Sprintf("%#x/%#x", util.TProxyOutputMark, util.TProxyOutputMask) + tProxyPreRoutingMarkMask := fmt.Sprintf("%#x/%#x", util.TProxyPreroutingMark, util.TProxyPreroutingMask) isZeroIP := false if len(pod.Status.PodIPs) == 2 { @@ -207,7 +206,7 @@ func checkTProxyRules(f *framework.Framework, pod *corev1.Pod, probePort int, ex expectedRules := []string{ fmt.Sprintf(`-A OVN-OUTPUT -d %s/32 -p tcp -m tcp --dport %d -j MARK --set-xmark %s`, podIP.IP, probePort, tProxyOutputMarkMask), } - iptables.CheckIptablesRulesOnNode(f, nodeName, daemon.MANGLE, daemon.OvnOutput, apiv1.ProtocolIPv4, expectedRules, exist) + iptables.CheckIptablesRulesOnNode(f, nodeName, util.Mangle, util.OvnOutput, apiv1.ProtocolIPv4, expectedRules, exist) hostIP := pod.Status.HostIP if isZeroIP { hostIP = "0.0.0.0" @@ -215,12 +214,12 @@ func checkTProxyRules(f *framework.Framework, pod *corev1.Pod, probePort int, ex expectedRules = []string{ fmt.Sprintf(`-A OVN-PREROUTING -d %s/32 -p tcp -m tcp --dport %d -j TPROXY --on-port %d --on-ip %s --tproxy-mark %s`, podIP.IP, probePort, util.TProxyListenPort, hostIP, tProxyPreRoutingMarkMask), } - iptables.CheckIptablesRulesOnNode(f, nodeName, daemon.MANGLE, daemon.OvnPrerouting, apiv1.ProtocolIPv4, expectedRules, exist) + iptables.CheckIptablesRulesOnNode(f, nodeName, util.Mangle, util.OvnPrerouting, apiv1.ProtocolIPv4, expectedRules, exist) } else if util.CheckProtocol(podIP.IP) == apiv1.ProtocolIPv6 { expectedRules := []string{ fmt.Sprintf(`-A OVN-OUTPUT -d %s/128 -p tcp -m tcp --dport %d -j MARK --set-xmark %s`, podIP.IP, probePort, tProxyOutputMarkMask), } - iptables.CheckIptablesRulesOnNode(f, nodeName, daemon.MANGLE, daemon.OvnOutput, apiv1.ProtocolIPv6, expectedRules, exist) + iptables.CheckIptablesRulesOnNode(f, nodeName, util.Mangle, util.OvnOutput, apiv1.ProtocolIPv6, expectedRules, exist) hostIP := pod.Status.HostIP if isZeroIP { @@ -229,7 +228,7 @@ func checkTProxyRules(f *framework.Framework, pod *corev1.Pod, probePort int, ex expectedRules = []string{ fmt.Sprintf(`-A OVN-PREROUTING -d %s/128 -p tcp -m tcp --dport %d -j TPROXY --on-port %d --on-ip %s --tproxy-mark %s`, podIP.IP, probePort, util.TProxyListenPort, hostIP, tProxyPreRoutingMarkMask), } - iptables.CheckIptablesRulesOnNode(f, nodeName, daemon.MANGLE, daemon.OvnPrerouting, apiv1.ProtocolIPv6, expectedRules, exist) + iptables.CheckIptablesRulesOnNode(f, nodeName, util.Mangle, util.OvnPrerouting, apiv1.ProtocolIPv6, expectedRules, exist) } } }