feat: use host gw, subnet when in nodesubnet mode, rather than nc gw, subnet

Author: santhoshmprabhu

cni/network/invoker_cns.go

@@ -205,8 +205,7 @@ func (invoker *CNSIPAMInvoker) Add(addConfig IPAMAddConfig) (IPAMAddResult, erro
 				}
 			}
 
-			overlayMode := (invoker.ipamMode == util.V4Overlay) || (invoker.ipamMode == util.DualStackOverlay) || (invoker.ipamMode == util.Overlay)
-			if err := configureDefaultAddResult(&info, &addConfig, &addResult, overlayMode, key); err != nil {
+			if err := configureDefaultAddResult(&info, &addConfig, &addResult, key); err != nil {
 				return IPAMAddResult{}, err
 			}
 		default:
@@ -379,32 +378,48 @@ func getRoutes(cnsRoutes []cns.Route, skipDefaultRoutes bool) ([]network.RouteIn
 	return routes, nil
 }
 
-func configureDefaultAddResult(info *IPResultInfo, addConfig *IPAMAddConfig, addResult *IPAMAddResult, overlayMode bool, key string) error {
+func configureDefaultAddResult(info *IPResultInfo, addConfig *IPAMAddConfig, addResult *IPAMAddResult, key string) error {
+	ipamMode := util.IpamMode(addConfig.nwCfg.IPAM.Mode)
 	// set the NC Primary IP in options
 	// SNATIPKey is not set for ipv6
-	if net.ParseIP(info.ncPrimaryIP).To4() != nil {
+	if ipamMode != util.Nodesubnet && net.ParseIP(info.ncPrimaryIP).To4() != nil {
 		addConfig.options[network.SNATIPKey] = info.ncPrimaryIP
 	}
 
+	if ipamMode == util.Nodesubnet {
+		info.ncGatewayIPAddress = info.hostGateway
+		info.ncPrimaryIP = info.hostPrimaryIP
+		_, ncIPNet, err := net.ParseCIDR(info.hostSubnet)
+		if err != nil {
+			return errors.Wrap(err, "Unable to parse hostSubnet from response: "+info.hostSubnet+" with err %w")
+		}
+
+		maskLen, _ := ncIPNet.Mask.Size()
+		info.ncSubnetPrefix = uint8(maskLen)
+	}
+
 	ip, ncIPNet, err := net.ParseCIDR(info.podIPAddress + "/" + fmt.Sprint(info.ncSubnetPrefix))
+
 	if ip == nil || err != nil {
 		return errors.Wrap(err, "Unable to parse IP from response: "+info.podIPAddress+" with err %w")
 	}
 
-	ncgw := net.ParseIP(info.ncGatewayIPAddress)
-	if ncgw == nil {
-		// TODO: Remove v4overlay and dualstackoverlay options, after 'overlay' rolls out in AKS-RP
-		if !overlayMode {
+	podGateway := net.ParseIP(info.ncGatewayIPAddress)
+	// TODO: Remove v4overlay and dualstackoverlay options, after 'overlay' rolls out in AKS-RP
+	isPodSubnetMode := (ipamMode != util.V4Overlay) && (ipamMode != util.DualStackOverlay) && (ipamMode != util.Overlay) && (ipamMode != util.Nodesubnet)
+
+	if podGateway == nil {
+		if isPodSubnetMode {
 			return errors.Wrap(errInvalidArgs, "%w: Gateway address "+info.ncGatewayIPAddress+" from response is invalid")
 		}
 
 		if net.ParseIP(info.podIPAddress).To4() != nil { //nolint:gocritic
-			ncgw, err = getOverlayGateway(ncIPNet)
+			podGateway, err = getOverlayGateway(ncIPNet)
 			if err != nil {
 				return err
 			}
 		} else if net.ParseIP(info.podIPAddress).To16() != nil {
-			ncgw = net.ParseIP(overlayGatewayV6IP)
+			podGateway = net.ParseIP(overlayGatewayV6IP)
 		} else {
 			return errors.Wrap(err, "No podIPAddress is found: %w")
 		}
@@ -430,7 +445,7 @@ func configureDefaultAddResult(info *IPResultInfo, addConfig *IPAMAddConfig, add
 					IP:   ip,
 					Mask: ncIPNet.Mask,
 				},
-				Gateway: ncgw,
+				Gateway: podGateway,
 			})
 
 		routes, getRoutesErr := getRoutes(info.routes, info.skipDefaultRoutes)
@@ -444,7 +459,7 @@ func configureDefaultAddResult(info *IPResultInfo, addConfig *IPAMAddConfig, add
 		} else { // add default routes if none are provided
 			resRoute = append(resRoute, network.RouteInfo{
 				Dst: defaultRouteDstPrefix,
-				Gw:  ncgw,
+				Gw:  podGateway,
 			})
 		}
 
@@ -461,9 +476,8 @@ func configureDefaultAddResult(info *IPResultInfo, addConfig *IPAMAddConfig, add
 	}
 
 	// set subnet prefix for host vm
-	// setHostOptions will execute if IPAM mode is not v4 overlay and not dualStackOverlay mode
-	// TODO: Remove v4overlay and dualstackoverlay options, after 'overlay' rolls out in AKS-RP
-	if !overlayMode {
+	// setHostOptions will execute if IPAM mode is podsubnet
+	if isPodSubnetMode {
 		if err := setHostOptions(ncIPNet, addConfig.options, info); err != nil {
 			return err
 		}

cni/network/invoker_cns_test.go

@@ -2298,3 +2298,38 @@ func TestMultipleIBNICsToResult(t *testing.T) {
 		})
 	}
 }
+
+func Test_configureDefaultAddResult(t *testing.T) {
+	ipResultInfo := IPResultInfo{
+		podIPAddress:       "10.240.2.10",
+		ncSubnetPrefix:     0,
+		ncPrimaryIP:        "",
+		ncGatewayIPAddress: "",
+		hostSubnet:         "10.240.0.0/16",
+		hostPrimaryIP:      "10.240.1.246",
+		hostGateway:        "10.240.0.1",
+		nicType:            "InfraNIC",
+		macAddress:         "",
+		skipDefaultRoutes:  false,
+		routes:             []cns.Route{},
+	}
+	addResult := IPAMAddResult{interfaceInfo: make(map[string]network.InterfaceInfo)}
+	ipamAddConfig := IPAMAddConfig{nwCfg: &cni.NetworkConfig{IPAM: cni.IPAM{Type: "azure-cns", Mode: string(util.Nodesubnet)}}}
+	err := configureDefaultAddResult(
+		&ipResultInfo,
+		&ipamAddConfig,
+		&addResult,
+		"00-15-5D-3D-AD-5D")
+	if err != nil {
+		t.Fatalf("configureDefaultAddResult due to error: %v", err)
+	}
+
+	require.Equal(t, 1, len(addResult.interfaceInfo))
+	require.Equal(t, 1, len(addResult.interfaceInfo["00-15-5D-3D-AD-5D"].IPConfigs))
+	require.Equal(t, "10.240.2.10/16", addResult.interfaceInfo["00-15-5D-3D-AD-5D"].IPConfigs[0].Address.String())
+	require.Equal(t, "10.240.0.1", addResult.interfaceInfo["00-15-5D-3D-AD-5D"].IPConfigs[0].Gateway.String())
+	require.Equal(t, 1, len(addResult.interfaceInfo["00-15-5D-3D-AD-5D"].Routes))
+	require.Equal(t, "0.0.0.0/0", addResult.interfaceInfo["00-15-5D-3D-AD-5D"].Routes[0].Dst.String())
+	require.Equal(t, "10.240.0.1", addResult.interfaceInfo["00-15-5D-3D-AD-5D"].Routes[0].Gw.String())
+	require.Equal(t, cns.InfraNIC, addResult.interfaceInfo["00-15-5D-3D-AD-5D"].NICType)
+}

cni/util/const.go

@@ -16,6 +16,7 @@ const (
 	V4Overlay        IpamMode = "v4overlay"
 	DualStackOverlay IpamMode = "dualStackOverlay"
 	Overlay          IpamMode = "overlay" // Nothing changes between 'v4overlay' and 'dualStackOverlay' mode, so consolidating to one
+	Nodesubnet       IpamMode = "nodesubnet"
 )
 
 // Overlay consolidation plan

hack/aks/Makefile

@@ -9,12 +9,12 @@ AZCLI   ?= docker run --rm -v $(AZCFG):/root/.azure -v $(KUBECFG):/root/.kube -v
 
 # overrideable defaults
 AUTOUPGRADE          ?= patch
-K8S_VER              ?= 1.30
+K8S_VER              ?= 1.31
 NODE_COUNT           ?= 2
 NODE_COUNT_WIN	     ?= $(NODE_COUNT)
 NODEUPGRADE          ?= NodeImage
 OS				     ?= linux # Used to signify if you want to bring up a windows nodePool on byocni clusters
-OS_SKU               ?= Ubuntu
+OS_SKU               ?= AzureLinux
 OS_SKU_WIN           ?= Windows2022
 REGION               ?= westus2
 VM_SIZE	             ?= Standard_B2s
@@ -136,15 +136,13 @@ endif
 
 overlay-byocni-nokubeproxy-up: rg-up overlay-net-up ## Brings up an Overlay BYO CNI cluster without kube-proxy
 	$(AZCLI) aks create -n $(CLUSTER) -g $(GROUP) -l $(REGION) \
-		--auto-upgrade-channel $(AUTOUPGRADE) \
-		--node-os-upgrade-channel $(NODEUPGRADE) \
 		--kubernetes-version $(K8S_VER) \
 		--node-count $(NODE_COUNT) \
 		--node-vm-size $(VM_SIZE) \
-		--load-balancer-sku basic \
 		--network-plugin none \
 		--network-plugin-mode overlay \
 		--pod-cidr 192.168.0.0/16 \
+		--aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/UseCustomizedOSImage,OSImageSubscriptionID=109a5e88-712a-48ae-9078-9ca8b3c81345,OSImageResourceGroup=AKS-Ubuntu,OSImageGallery=AKSUbuntu,OSImageName=2404gen2containerd,OSImageVersion=202501.05.0 \
 		--vnet-subnet-id /subscriptions/$(SUB)/resourceGroups/$(GROUP)/providers/Microsoft.Network/virtualNetworks/$(VNET)/subnets/nodenet \
 		--no-ssh-key \
 		--kube-proxy-config $(KUBE_PROXY_JSON_PATH) \
@@ -163,6 +161,8 @@ overlay-cilium-up: rg-up overlay-net-up ## Brings up an Overlay Cilium cluster
 		--network-dataplane cilium \
 		--network-plugin-mode overlay \
 		--pod-cidr 192.168.0.0/16 \
+		--os-sku $(OS_SKU) \
+		--aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/AzureLinuxV3Preview \
 		--vnet-subnet-id /subscriptions/$(SUB)/resourceGroups/$(GROUP)/providers/Microsoft.Network/virtualNetworks/$(VNET)/subnets/nodenet \
 		--no-ssh-key \
 		--yes