Merge pull request #154 from cloudnativelabs/disable_ipip

Adding ability to disable IP-in-IP tunnelining

Author: murali-reddy

app/controllers/network_routes_controller.go

@@ -54,6 +54,7 @@ type NetworkRoutingController struct {
 	globalPeerAsnNumber  uint32
 	bgpFullMeshMode      bool
 	podSubnetsIpSet      *ipset.IPSet
+	enableOverlays       bool
 }
 
 var (
@@ -464,6 +465,24 @@ func (nrc *NetworkRoutingController) injectRoute(path *table.Path) error {
 	if !nrc.nodeSubnet.Contains(nexthop) {
 		tunnelName := "tun-" + strings.Replace(nexthop.String(), ".", "", -1)
 		glog.Infof("Found node: " + nexthop.String() + " to be in different subnet.")
+
+		// if overlay is not enabled then skip creating tunnels and adding route
+		if !nrc.enableOverlays {
+			glog.Infof("Found node: " + nexthop.String() + " to be in different subnet but overlays are " +
+				"disabled so not creating any tunnel and injecting route for the node's pod CIDR.")
+			glog.Infof("Cleaning up if there is any existing tunnel interface for the node")
+			link, err := netlink.LinkByName(tunnelName)
+			if err != nil {
+				return nil
+			}
+			err = netlink.LinkDel(link)
+			if err != nil {
+				glog.Errorf("Failed to delete tunnel link for the node due to " + err.Error())
+			}
+			return nil
+		}
+
+		// create ip-in-ip tunnel and inject route as overlay is enabled
 		var link netlink.Link
 		var err error
 		link, err = netlink.LinkByName(tunnelName)
@@ -1007,6 +1026,8 @@ func NewNetworkRoutingController(clientset *kubernetes.Clientset,
 
 	nrc.advertiseClusterIp = kubeRouterConfig.AdvertiseClusterIp
 
+	nrc.enableOverlays = kubeRouterConfig.EnableOverlay
+
 	if (len(kubeRouterConfig.PeerRouter) != 0 && len(kubeRouterConfig.PeerAsn) == 0) ||
 		(len(kubeRouterConfig.PeerRouter) == 0 && len(kubeRouterConfig.PeerAsn) != 0) {
 		return nil, errors.New("Either both or none of the params --peer-asn, --peer-router must be specified")

app/options/options.go

@@ -29,13 +29,15 @@ type KubeRouterConfig struct {
 	FullMeshMode        bool
 	GlobalHairpinMode   bool
 	NodePortBindOnAllIp bool
+	EnableOverlay       bool
 }
 
 func NewKubeRouterConfig() *KubeRouterConfig {
 	return &KubeRouterConfig{ConfigSyncPeriod: 1 * time.Minute,
 		IpvsSyncPeriod:     1 * time.Minute,
 		IPTablesSyncPeriod: 1 * time.Minute,
 		RoutesSyncPeriod:   1 * time.Minute,
+		EnableOverlay:      true,
 	}
 }
 
@@ -84,4 +86,7 @@ func (s *KubeRouterConfig) AddFlags(fs *pflag.FlagSet) {
 		"Add iptable rules for every Service Endpoint to support hairpin traffic.")
 	fs.BoolVar(&s.NodePortBindOnAllIp, "nodeport-bindon-all-ip", false,
 		"For service of NodePort type create IPVS service that listens on all IP's of the node.")
+	fs.BoolVar(&s.EnableOverlay, "enable-overlay", true,
+		"When enable-overlay set to true, IP-in-IP tunneling is used for pod-to-pod networking across nodes in different subnets. "+
+			"When set to false no tunneling is used and routing infrastrcture is expected to route traffic for pod-to-pod networking across nodes in different subnets")
 }