backporting functions outside of overlay expansion

rejain789 · rejain789 · commit 7e5b2558d4e2 · 2025-11-11T23:56:45.000Z
diff --git a/cns/restserver/internalapi.go b/cns/restserver/internalapi.go
@@ -586,6 +586,136 @@ func (service *HTTPRestService) CreateOrUpdateNetworkContainerInternal(req *cns.
 	return returnCode
 }
 
+func (service *HTTPRestService) ReconcileIPAssignment(podInfoByIP map[string]cns.PodInfo, ncReqs []*cns.CreateNetworkContainerRequest) types.ResponseCode {
+	// index all the secondary IP configs for all the nc reqs, for easier lookup later on.
+	allSecIPsIdx := make(map[string]*cns.CreateNetworkContainerRequest)
+	for i := range ncReqs {
+		for _, secIPConfig := range ncReqs[i].SecondaryIPConfigs {
+			allSecIPsIdx[secIPConfig.IPAddress] = ncReqs[i]
+		}
+	}
+
+	// we now need to reconcile IP assignment.
+	// considering that a single pod may have multiple ips (such as in dual stack scenarios)
+	// and that IP assignment in CNS (as done by requestIPConfigsHelper) does not allow
+	// updates (it returns the existing state if one already exists for the pod's interface),
+	// we need to assign all IPs for a pod interface or name+namespace at the same time.
+	//
+	// iterating over single IPs is not appropriate then, since assignment for the first IP for
+	// a pod will prevent the second IP from being added. the following function call transforms
+	// pod info indexed by ip address:
+	//
+	//   {
+	//     "10.0.0.1": podInfo{interface: "aaa-eth0"},
+	//     "fe80::1":  podInfo{interface: "aaa-eth0"},
+	//   }
+	//
+	// to pod IPs indexed by pod key (interface or name+namespace, depending on scenario):
+	//
+	//   {
+	//     "aaa-eth0": podIPs{v4IP: 10.0.0.1, v6IP: fe80::1}
+	//   }
+	//
+	// such that we can iterate over pod interfaces, and assign all IPs for it at once.
+
+	podKeyToPodIPs, err := newPodKeyToPodIPsMap(podInfoByIP)
+	if err != nil {
+		logger.Errorf("could not transform pods indexed by IP address to pod IPs indexed by interface: %v", err)
+		return types.UnexpectedError
+	}
+
+	for podKey, podIPs := range podKeyToPodIPs {
+		var (
+			desiredIPs []string
+			ncIDs      []string
+		)
+
+		var ips []net.IP
+		if podIPs.v4IP != nil {
+			ips = append(ips, podIPs.v4IP)
+		}
+
+		if podIPs.v6IP != nil {
+			ips = append(ips, podIPs.v6IP)
+		}
+
+		for _, ip := range ips {
+			if ncReq, ok := allSecIPsIdx[ip.String()]; ok {
+				desiredIPs = append(desiredIPs, ip.String())
+				ncIDs = append(ncIDs, ncReq.NetworkContainerid)
+			} else {
+				// it might still be possible to see host networking pods here (where ips are not from ncs) if we are restoring using the kube podinfo provider
+				// todo: once kube podinfo provider reconcile flow is removed, this line will not be necessary/should be removed.
+				logger.Errorf("ip %s assigned to pod %+v but not found in any nc", ip, podIPs)
+			}
+		}
+
+		if len(desiredIPs) == 0 {
+			// this may happen for pods in the host network
+			continue
+		}
+
+		jsonContext, err := podIPs.OrchestratorContext()
+		if err != nil {
+			logger.Errorf("Failed to marshal KubernetesPodInfo, error: %v", err)
+			return types.UnexpectedError
+		}
+
+		ipconfigsRequest := cns.IPConfigsRequest{
+			DesiredIPAddresses:  desiredIPs,
+			OrchestratorContext: jsonContext,
+			InfraContainerID:    podIPs.InfraContainerID(),
+			PodInterfaceID:      podIPs.InterfaceID(),
+		}
+
+		if _, err := requestIPConfigsHelper(service, ipconfigsRequest); err != nil {
+			//nolint:staticcheck // SA1019: suppress deprecated logger.Printf usage. Todo: legacy logger usage is consistent in cns repo. Migrates when all logger usage is migrated
+			logger.Errorf("requestIPConfigsHelper failed for pod key %s, podInfo %+v, ncIDs %v, error: %v", podKey, podIPs, ncIDs, err)
+			return types.FailedToAllocateIPConfig
+		}
+	}
+
+	return types.Success
+}
+
+func (service *HTTPRestService) CreateNCs(ncReqs []*cns.CreateNetworkContainerRequest) types.ResponseCode {
+	for _, ncReq := range ncReqs {
+		returnCode := service.CreateOrUpdateNetworkContainerInternal(ncReq)
+		if returnCode != types.Success {
+			return returnCode
+		}
+	}
+
+	return types.Success
+}
+
+func (service *HTTPRestService) ReconcileIPAMStateForSwift(ncReqs []*cns.CreateNetworkContainerRequest, podInfoByIP map[string]cns.PodInfo, nnc *v1alpha.NodeNetworkConfig) types.ResponseCode {
+	logger.Printf("Reconciling CNS IPAM state with nc requests: [%+v], PodInfo [%+v], NNC: [%+v]", ncReqs, podInfoByIP, nnc)
+	// if no nc reqs, there is no CRD state yet
+	if len(ncReqs) == 0 {
+		logger.Printf("CNS starting with no NC state, podInfoMap count %d", len(podInfoByIP))
+		return types.Success
+	}
+
+	// first step in reconciliation is to create all the NCs in CNS, no IP assignment yet.
+	if returnCode := service.CreateNCs(ncReqs); returnCode != types.Success {
+		return returnCode
+	}
+
+	logger.Debugf("ncReqs created successfully, now save IPs")
+	// now reconcile IPAM state.
+	if returnCode := service.ReconcileIPAssignment(podInfoByIP, ncReqs); returnCode != types.Success {
+		return returnCode
+	}
+
+	if err := service.MarkExistingIPsAsPendingRelease(nnc.Spec.IPsNotInUse); err != nil {
+		logger.Errorf("[Azure CNS] Error. Failed to mark IPs as pending %v", nnc.Spec.IPsNotInUse)
+		return types.UnexpectedError
+	}
+
+	return types.Success
+}
+
 // IsCIDRSuperset returns true if newCIDR is a superset of oldCIDR (i.e., all IPs in oldCIDR are contained in newCIDR).
 func validateCIDRSuperset(newCIDR, oldCIDR string) bool {
 	// Parse newCIDR and oldCIDR into netip.Prefix
