Skip to content

Commit f1c8c51

Browse files
QxBytesQxBytes
committed
snat azure dns traffic in linux podsubnet azure and cilium scenarios to node ip
todo: snat windows podsubnet azure scenario to node ip vnetscale scenarios (cilium and azure) already snat to node ip roll out after cns iptables reconciliation goes in cni still writes snat to primary ip but it is superseded by cns' rules
1 parent 21a6bf1 commit f1c8c51

File tree

1 file changed

+2
-6
lines changed

1 file changed

+2
-6
lines changed

cns/restserver/internalapi_linux.go

Lines changed: 2 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -28,10 +28,6 @@ func (service *HTTPRestService) programSNATRules(req *cns.CreateNetworkContainer
2828
service.Lock()
2929
defer service.Unlock()
3030

31-
// Parse primary ip and ipnet from nnc
32-
// in podsubnet case, ncPrimaryIP is the pod subnet's primary ip
33-
// in vnet scale case, ncPrimaryIP is the node's ip
34-
ncPrimaryIP, _, _ := net.ParseCIDR(req.IPConfiguration.IPSubnet.IPAddress + "/" + fmt.Sprintf("%d", req.IPConfiguration.IPSubnet.PrefixLength))
3531
ipt, err := service.iptables.GetIPTables()
3632
if err != nil {
3733
return types.UnexpectedError, fmt.Sprintf("[Azure CNS] Error. Failed to create iptables interface : %v", err)
@@ -103,8 +99,8 @@ func (service *HTTPRestService) programSNATRules(req *cns.CreateNetworkContainer
10399

104100
// define all rules we want in the chain
105101
rules := [][]string{
106-
{"-m", "addrtype", "!", "--dst-type", "local", "-s", podSubnet.String(), "-d", networkutils.AzureDNS, "-p", iptables.UDP, "--dport", strconv.Itoa(iptables.DNSPort), "-j", iptables.Snat, "--to", ncPrimaryIP.String()},
107-
{"-m", "addrtype", "!", "--dst-type", "local", "-s", podSubnet.String(), "-d", networkutils.AzureDNS, "-p", iptables.TCP, "--dport", strconv.Itoa(iptables.DNSPort), "-j", iptables.Snat, "--to", ncPrimaryIP.String()},
102+
{"-m", "addrtype", "!", "--dst-type", "local", "-s", podSubnet.String(), "-d", networkutils.AzureDNS, "-p", iptables.UDP, "--dport", strconv.Itoa(iptables.DNSPort), "-j", iptables.Snat, "--to", req.HostPrimaryIP},
103+
{"-m", "addrtype", "!", "--dst-type", "local", "-s", podSubnet.String(), "-d", networkutils.AzureDNS, "-p", iptables.TCP, "--dport", strconv.Itoa(iptables.DNSPort), "-j", iptables.Snat, "--to", req.HostPrimaryIP},
108104
{"-m", "addrtype", "!", "--dst-type", "local", "-s", podSubnet.String(), "-d", networkutils.AzureIMDS, "-p", iptables.TCP, "--dport", strconv.Itoa(iptables.HTTPPort), "-j", iptables.Snat, "--to", req.HostPrimaryIP},
109105
}
110106

0 commit comments

Comments
 (0)