Skip add primary ip's to secondary config for swiftv2 pon scenarios

Author: NihaNallappagari

cns/kubecontroller/nodenetworkconfig/conversion.go

@@ -7,6 +7,7 @@ import (
 	"strings"
 
 	"github.com/Azure/azure-container-networking/cns"
+	"github.com/Azure/azure-container-networking/cns/configuration"
 	"github.com/Azure/azure-container-networking/crd/nodenetworkconfig/api/v1alpha"
 	"github.com/pkg/errors"
 )
@@ -73,7 +74,7 @@ func CreateNCRequestFromDynamicNC(nc v1alpha.NetworkContainer) (*cns.CreateNetwo
 // CreateNCRequestFromStaticNC generates a CreateNetworkContainerRequest from a static NetworkContainer.
 //
 //nolint:gocritic //ignore hugeparam
-func CreateNCRequestFromStaticNC(nc v1alpha.NetworkContainer) (*cns.CreateNetworkContainerRequest, error) {
+func CreateNCRequestFromStaticNC(nc v1alpha.NetworkContainer, config *configuration.CNSConfig) (*cns.CreateNetworkContainerRequest, error) {
 	if nc.Type == v1alpha.Overlay {
 		nc.Version = 0 // fix for NMA always giving us version 0 for Overlay NCs
 	}
@@ -97,7 +98,7 @@ func CreateNCRequestFromStaticNC(nc v1alpha.NetworkContainer) (*cns.CreateNetwor
 		subnet.IPAddress = primaryPrefix.Addr().String()
 	}
 
-	req, err := createNCRequestFromStaticNCHelper(nc, primaryPrefix, subnet)
+	req, err := createNCRequestFromStaticNCHelper(nc, primaryPrefix, subnet, config)
 	if err != nil {
 		return nil, errors.Wrapf(err, "error while creating NC request from static NC")
 	}

cns/kubecontroller/nodenetworkconfig/conversion_linux.go

@@ -5,6 +5,7 @@ import (
 	"strconv"
 
 	"github.com/Azure/azure-container-networking/cns"
+	"github.com/Azure/azure-container-networking/cns/configuration"
 	"github.com/Azure/azure-container-networking/crd/nodenetworkconfig/api/v1alpha"
 	"github.com/pkg/errors"
 )
@@ -13,17 +14,18 @@ import (
 // by adding all IPs in the the block to the secondary IP configs list. It does not skip any IPs.
 //
 //nolint:gocritic //ignore hugeparam
-func createNCRequestFromStaticNCHelper(nc v1alpha.NetworkContainer, primaryIPPrefix netip.Prefix, subnet cns.IPSubnet) (*cns.CreateNetworkContainerRequest, error) {
+func createNCRequestFromStaticNCHelper(nc v1alpha.NetworkContainer, primaryIPPrefix netip.Prefix, subnet cns.IPSubnet, config *configuration.CNSConfig) (*cns.CreateNetworkContainerRequest, error) {
 	secondaryIPConfigs := map[string]cns.SecondaryIPConfig{}
 
-	// Todo: Segregate the NIC’s primary IP from the list of secondary IPs to ensure the primary IP is not assigned to pods
-	// WorkItem: https://msazure.visualstudio.com/One/_workitems/edit/33460135
 	// iterate through all IP addresses in the subnet described by primaryPrefix and
 	// add them to the request as secondary IPConfigs.
-	for addr := primaryIPPrefix.Masked().Addr(); primaryIPPrefix.Contains(addr); addr = addr.Next() {
-		secondaryIPConfigs[addr.String()] = cns.SecondaryIPConfig{
-			IPAddress: addr.String(),
-			NCVersion: int(nc.Version),
+	// Process primary prefix IPs in all scenarios except when nc.Type is v1alpha.VNETBlock AND SwiftV2 is enabled
+	if !(config.EnableSwiftV2 && nc.Type == v1alpha.VNETBlock) {
+		for addr := primaryIPPrefix.Masked().Addr(); primaryIPPrefix.Contains(addr); addr = addr.Next() {
+			secondaryIPConfigs[addr.String()] = cns.SecondaryIPConfig{
+				IPAddress: addr.String(),
+				NCVersion: int(nc.Version),
+			}
 		}
 	}
 

cns/kubecontroller/nodenetworkconfig/conversion_test.go

@@ -5,6 +5,7 @@ import (
 	"testing"
 
 	"github.com/Azure/azure-container-networking/cns"
+	"github.com/Azure/azure-container-networking/cns/configuration"
 	"github.com/Azure/azure-container-networking/crd/nodenetworkconfig/api/v1alpha"
 	"github.com/stretchr/testify/assert"
 )
@@ -339,7 +340,144 @@ func TestCreateNCRequestFromStaticNC(t *testing.T) {
 	for _, tt := range tests {
 		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
-			got, err := CreateNCRequestFromStaticNC(tt.input)
+			config := &configuration.CNSConfig{}
+			got, err := CreateNCRequestFromStaticNC(tt.input, config)
+			if tt.wantErr {
+				assert.Error(t, err)
+				return
+			}
+			assert.NoError(t, err)
+			assert.EqualValues(t, tt.want, got)
+		})
+	}
+}
+
+func TestCreateNCRequestFromStaticNCWithConfig(t *testing.T) {
+	tests := []struct {
+		name    string
+		input   v1alpha.NetworkContainer
+		config  *configuration.CNSConfig
+		want    *cns.CreateNetworkContainerRequest
+		wantErr bool
+	}{
+		{
+			name: "SwiftV2 enabled with VNETBlock - should NOT process all IPs in prefix",
+			input: v1alpha.NetworkContainer{
+				ID:                 ncID,
+				PrimaryIP:          "10.0.0.0/32",
+				NodeIP:             "10.0.0.1",
+				Type:               v1alpha.VNETBlock,
+				SubnetAddressSpace: "10.0.0.0/24",
+				DefaultGateway:     "10.0.0.1",
+				Version:            1,
+				Status:             "Available",
+			},
+			config: &configuration.CNSConfig{
+				EnableSwiftV2: true,
+			},
+			want: &cns.CreateNetworkContainerRequest{
+				NetworkContainerid:   ncID,
+				NetworkContainerType: cns.Docker,
+				Version:              "1",
+				HostPrimaryIP:        "10.0.0.1",
+				IPConfiguration: cns.IPConfiguration{
+					IPSubnet: cns.IPSubnet{
+						IPAddress:    "10.0.0.1",
+						PrefixLength: 24,
+					},
+					GatewayIPAddress: "10.0.0.1",
+				},
+				SecondaryIPConfigs: map[string]cns.SecondaryIPConfig{
+					// No IPs from primary prefix
+				},
+				NCStatus: "Available",
+			},
+			wantErr: false,
+		},
+		{
+			name: "SwiftV2 disabled with VNETBlock - should process all IP in prefix",
+			input: v1alpha.NetworkContainer{
+				ID:                 ncID,
+				PrimaryIP:          "10.0.0.0/32",
+				NodeIP:             "10.0.0.1",
+				Type:               v1alpha.VNETBlock,
+				SubnetAddressSpace: "10.0.0.0/24",
+				DefaultGateway:     "10.0.0.1",
+				Version:            1,
+				Status:             "Available",
+				IPAssignments: []v1alpha.IPAssignment{
+					{
+						Name: "test-ip",
+						IP:   "10.0.0.10/32",
+					},
+				},
+			},
+			config: &configuration.CNSConfig{},
+			want: &cns.CreateNetworkContainerRequest{
+				NetworkContainerid:   ncID,
+				NetworkContainerType: cns.Docker,
+				Version:              "1",
+				HostPrimaryIP:        "10.0.0.1",
+				IPConfiguration: cns.IPConfiguration{
+					IPSubnet: cns.IPSubnet{
+						IPAddress:    "10.0.0.1",
+						PrefixLength: 24,
+					},
+					GatewayIPAddress: "10.0.0.1",
+				},
+				SecondaryIPConfigs: map[string]cns.SecondaryIPConfig{
+					"10.0.0.0": {IPAddress: "10.0.0.0", NCVersion: 1},
+					// IP assignments
+					"10.0.0.10": {IPAddress: "10.0.0.10", NCVersion: 1},
+				},
+				NCStatus: "Available",
+			},
+			wantErr: false,
+		},
+		{
+			name: "SwiftV2 disabled with non-VNETBlock type - should process IP in prefix",
+			input: v1alpha.NetworkContainer{
+				ID:                 ncID,
+				PrimaryIP:          "10.0.0.0/32",
+				NodeIP:             "10.0.0.1",
+				Type:               v1alpha.Overlay,
+				SubnetAddressSpace: "10.0.0.0/24",
+				DefaultGateway:     "10.0.0.1",
+				Version:            1,
+				Status:             "Available",
+				IPAssignments: []v1alpha.IPAssignment{
+					{
+						Name: "test-ip",
+						IP:   "10.0.0.10/32",
+					},
+				},
+			},
+			config: &configuration.CNSConfig{},
+			want: &cns.CreateNetworkContainerRequest{
+				NetworkContainerid:   ncID,
+				NetworkContainerType: cns.Docker,
+				Version:              "0",
+				HostPrimaryIP:        "10.0.0.1",
+				IPConfiguration: cns.IPConfiguration{
+					IPSubnet: cns.IPSubnet{
+						IPAddress:    "10.0.0.0",
+						PrefixLength: 24,
+					},
+					GatewayIPAddress: "10.0.0.1",
+				},
+				SecondaryIPConfigs: map[string]cns.SecondaryIPConfig{
+					"10.0.0.0": {IPAddress: "10.0.0.0", NCVersion: 0},
+				},
+				NCStatus: "Available",
+			},
+			wantErr: false,
+		},
+	}
+
+	for _, tt := range tests {
+		tt := tt
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := CreateNCRequestFromStaticNC(tt.input, tt.config)
 			if tt.wantErr {
 				assert.Error(t, err)
 				return

cns/kubecontroller/nodenetworkconfig/conversion_windows.go

@@ -5,6 +5,7 @@ import (
 	"strconv"
 
 	"github.com/Azure/azure-container-networking/cns"
+	"github.com/Azure/azure-container-networking/cns/configuration"
 	"github.com/Azure/azure-container-networking/crd/nodenetworkconfig/api/v1alpha"
 	"github.com/pkg/errors"
 )
@@ -14,7 +15,7 @@ import (
 // secondary IPs. If the gateway is not empty, it will not reserve the 2nd IP and add it as a secondary IP.
 //
 //nolint:gocritic //ignore hugeparam
-func createNCRequestFromStaticNCHelper(nc v1alpha.NetworkContainer, primaryIPPrefix netip.Prefix, subnet cns.IPSubnet) (*cns.CreateNetworkContainerRequest, error) {
+func createNCRequestFromStaticNCHelper(nc v1alpha.NetworkContainer, primaryIPPrefix netip.Prefix, subnet cns.IPSubnet, config *configuration.CNSConfig) (*cns.CreateNetworkContainerRequest, error) {
 	secondaryIPConfigs := map[string]cns.SecondaryIPConfig{}
 	// the masked address is the 0th IP in the subnet and startingAddr is the 2nd IP (*.1)
 	startingAddr := primaryIPPrefix.Masked().Addr().Next()
@@ -27,12 +28,15 @@ func createNCRequestFromStaticNCHelper(nc v1alpha.NetworkContainer, primaryIPPre
 
 	// iterate through all IP addresses in the subnet described by primaryPrefix and
 	// add them to the request as secondary IPConfigs.
-	for addr := startingAddr; primaryIPPrefix.Contains(addr); addr = addr.Next() {
-		secondaryIPConfigs[addr.String()] = cns.SecondaryIPConfig{
-			IPAddress: addr.String(),
-			NCVersion: int(nc.Version),
+	// Process primary prefix IPs in all scenarios except when nc.Type is v1alpha.VNETBlock AND SwiftV2 is enabled
+	if !(config.EnableSwiftV2 && nc.Type == v1alpha.VNETBlock) {
+		for addr := startingAddr; primaryIPPrefix.Contains(addr); addr = addr.Next() {
+			secondaryIPConfigs[addr.String()] = cns.SecondaryIPConfig{
+				IPAddress: addr.String(),
+				NCVersion: int(nc.Version),
+			}
+			lastAddr = addr
 		}
-		lastAddr = addr
 	}
 
 	if nc.Type == v1alpha.VNETBlock {

cns/kubecontroller/nodenetworkconfig/reconciler.go

@@ -5,6 +5,7 @@ import (
 	"sync"
 
 	"github.com/Azure/azure-container-networking/cns"
+	"github.com/Azure/azure-container-networking/cns/configuration"
 	"github.com/Azure/azure-container-networking/cns/logger"
 	"github.com/Azure/azure-container-networking/cns/restserver"
 	cnstypes "github.com/Azure/azure-container-networking/cns/types"
@@ -43,18 +44,20 @@ type Reconciler struct {
 	once               sync.Once
 	started            chan interface{}
 	nodeIP             string
+	config             *configuration.CNSConfig
 }
 
 // NewReconciler creates a NodeNetworkConfig Reconciler which will get updates from the Kubernetes
 // apiserver for NNC events.
 // Provided nncListeners are passed the NNC after the Reconcile preprocesses it. Note: order matters! The
 // passed Listeners are notified in the order provided.
-func NewReconciler(cnscli cnsClient, ipampoolmonitorcli nodeNetworkConfigListener, nodeIP string) *Reconciler {
+func NewReconciler(cnscli cnsClient, ipampoolmonitorcli nodeNetworkConfigListener, nodeIP string, config *configuration.CNSConfig) *Reconciler {
 	return &Reconciler{
 		cnscli:             cnscli,
 		ipampoolmonitorcli: ipampoolmonitorcli,
 		started:            make(chan interface{}),
 		nodeIP:             nodeIP,
+		config:             config,
 	}
 }
 
@@ -104,7 +107,7 @@ func (r *Reconciler) Reconcile(ctx context.Context, req reconcile.Request) (reco
 		switch nnc.Status.NetworkContainers[i].AssignmentMode { //nolint:exhaustive // skipping dynamic case
 		// For Overlay and Vnet Scale Scenarios
 		case v1alpha.Static:
-			req, err = CreateNCRequestFromStaticNC(nnc.Status.NetworkContainers[i])
+			req, err = CreateNCRequestFromStaticNC(nnc.Status.NetworkContainers[i], r.config)
 		// For Pod Subnet scenario
 		default: // For backward compatibility, default will be treated as Dynamic too.
 			req, err = CreateNCRequestFromDynamicNC(nnc.Status.NetworkContainers[i])

cns/kubecontroller/nodenetworkconfig/reconciler_test.go

@@ -5,6 +5,7 @@ import (
 	"testing"
 
 	"github.com/Azure/azure-container-networking/cns"
+	"github.com/Azure/azure-container-networking/cns/configuration"
 	"github.com/Azure/azure-container-networking/cns/logger"
 	cnstypes "github.com/Azure/azure-container-networking/cns/types"
 	"github.com/Azure/azure-container-networking/crd/nodenetworkconfig/api/v1alpha"
@@ -192,7 +193,8 @@ func TestReconcile(t *testing.T) {
 		}
 
 		t.Run(tt.name, func(t *testing.T) {
-			r := NewReconciler(&tt.cnsClient, &tt.cnsClient, tt.nodeIP)
+			config := &configuration.CNSConfig{} // Use default config for tests
+			r := NewReconciler(&tt.cnsClient, &tt.cnsClient, tt.nodeIP, config)
 			r.nnccli = &tt.ncGetter
 			got, err := r.Reconcile(context.Background(), tt.in)
 			if tt.wantErr {
@@ -249,7 +251,8 @@ func TestReconcileStaleNCs(t *testing.T) {
 		return &nncLog[len(nncLog)-1], nil
 	}
 
-	r := NewReconciler(&cnsClient, &cnsClient, nodeIP)
+	config := &configuration.CNSConfig{} // Use default config for tests
+	r := NewReconciler(&cnsClient, &cnsClient, nodeIP, config)
 	r.nnccli = &mockNCGetter{get: nncIterator}
 
 	_, err := r.Reconcile(context.Background(), reconcile.Request{})

cns/service/main.go

@@ -1311,7 +1311,7 @@ type ipamStateReconciler interface {
 
 // TODO(rbtr) where should this live??
 // reconcileInitialCNSState initializes cns by passing pods and a CreateNetworkContainerRequest
-func reconcileInitialCNSState(ctx context.Context, cli nodeNetworkConfigGetter, ipamReconciler ipamStateReconciler, podInfoByIPProvider cns.PodInfoByIPProvider) error {
+func reconcileInitialCNSState(ctx context.Context, cli nodeNetworkConfigGetter, ipamReconciler ipamStateReconciler, podInfoByIPProvider cns.PodInfoByIPProvider, config *configuration.CNSConfig) error {
 	// Get nnc using direct client
 	nnc, err := cli.Get(ctx)
 	if err != nil {
@@ -1350,7 +1350,7 @@ func reconcileInitialCNSState(ctx context.Context, cli nodeNetworkConfigGetter,
 		)
 		switch nnc.Status.NetworkContainers[i].AssignmentMode { //nolint:exhaustive // skipping dynamic case
 		case v1alpha.Static:
-			ncRequest, err = nncctrl.CreateNCRequestFromStaticNC(nnc.Status.NetworkContainers[i])
+			ncRequest, err = nncctrl.CreateNCRequestFromStaticNC(nnc.Status.NetworkContainers[i], config)
 		default: // For backward compatibility, default will be treated as Dynamic too.
 			ncRequest, err = nncctrl.CreateNCRequestFromDynamicNC(nnc.Status.NetworkContainers[i])
 		}
@@ -1458,7 +1458,7 @@ func InitializeCRDState(ctx context.Context, z *zap.Logger, httpRestService cns.
 	_ = retry.Do(func() error {
 		attempt++
 		logger.Printf("reconciling initial CNS state attempt: %d", attempt)
-		err = reconcileInitialCNSState(ctx, directscopedcli, httpRestServiceImplementation, podInfoByIPProvider)
+		err = reconcileInitialCNSState(ctx, directscopedcli, httpRestServiceImplementation, podInfoByIPProvider, cnsconfig)
 		if err != nil {
 			logger.Errorf("failed to reconcile initial CNS state, attempt: %d err: %v", attempt, err)
 			nncInitFailure.Inc()
@@ -1555,7 +1555,7 @@ func InitializeCRDState(ctx context.Context, z *zap.Logger, httpRestService cns.
 
 	// get CNS Node IP to compare NC Node IP with this Node IP to ensure NCs were created for this node
 	nodeIP := configuration.NodeIP()
-	nncReconciler := nncctrl.NewReconciler(httpRestServiceImplementation, poolMonitor, nodeIP)
+	nncReconciler := nncctrl.NewReconciler(httpRestServiceImplementation, poolMonitor, nodeIP, cnsconfig)
 	// pass Node to the Reconciler for Controller xref
 	// IPAMv1 - reconcile only status changes (where generation doesn't change).
 	// IPAMv2 - reconcile all updates.