Merge pull request #422 from yanjianbo1983/change-ipset-name

Let agent, cloud-agent, connector use the same ipset names
FabEdge · Oct 20, 2023 · f83a35d · f83a35d
2 parents ce31ff0 + 8042b33
commit f83a35d
Show file tree

Hide file tree

Showing 5 changed files with 57 additions and 57 deletions.
diff --git a/pkg/agent/iptables.go b/pkg/agent/iptables.go
@@ -73,8 +73,8 @@ func (m *Manager) ensureIPTablesRules() error {
 	subnetsIP4, subnetsIP6 := classifySubnets(current.Subnets)
 
 	if !areSubnetsEqual(current.Subnets, m.lastSubnets) {
-		m.ipt = iptables.NewApplierCleaner(iptables.ProtocolIPv4, jumpChains, buildRuleData(IPSetFabEdgePeerCIDR, subnetsIP4))
-		m.ipt6 = iptables.NewApplierCleaner(iptables.ProtocolIPv6, jumpChains, buildRuleData(IPSetFabEdgePeerCIDR6, subnetsIP6))
+		m.ipt = iptables.NewApplierCleaner(iptables.ProtocolIPv4, jumpChains, buildRuleData(ipset.RemoteCIDR, subnetsIP4))
+		m.ipt6 = iptables.NewApplierCleaner(iptables.ProtocolIPv6, jumpChains, buildRuleData(ipset.RemoteCIDR6, subnetsIP6))
 		m.lastSubnets = current.Subnets
 	}
 
@@ -84,8 +84,8 @@ func (m *Manager) ensureIPTablesRules() error {
 		peerIPSet  sets.String
 		ipt        iptables.ApplierCleaner
 	}{
-		{IPSetFabEdgePeerCIDR, ipset.ProtocolFamilyIPV4, peerIPSet4, m.ipt},
-		{IPSetFabEdgePeerCIDR6, ipset.ProtocolFamilyIPV6, peerIPSet6, m.ipt6},
+		{ipset.RemoteCIDR, ipset.ProtocolFamilyIPV4, peerIPSet4, m.ipt},
+		{ipset.RemoteCIDR6, ipset.ProtocolFamilyIPV6, peerIPSet6, m.ipt6},
 	}
 
 	var errors []error

diff --git a/pkg/agent/manager.go b/pkg/agent/manager.go
@@ -36,11 +36,6 @@ import (
 	"github.com/fabedge/fabedge/third_party/ipvs"
 )
 
-const (
-	IPSetFabEdgePeerCIDR  = "FABEDGE-PEER-CIDR"
-	IPSetFabEdgePeerCIDR6 = "FABEDGE-PEER-CIDR6"
-)
-
 type Manager struct {
 	Config
 

diff --git a/pkg/cloud-agent/iptables.go b/pkg/cloud-agent/iptables.go
@@ -16,19 +16,22 @@ package cloud_agent
 
 import (
 	"bytes"
+	"text/template"
+
+	"k8s.io/apimachinery/pkg/util/sets"
+
 	"github.com/fabedge/fabedge/pkg/util/ipset"
 	ipsetutil "github.com/fabedge/fabedge/pkg/util/ipset"
 	"github.com/fabedge/fabedge/pkg/util/iptables"
-	"k8s.io/apimachinery/pkg/util/sets"
-	"text/template"
 )
 
 type IptablesHandler struct {
-	ipset      ipsetutil.Interface
 	ipsetName  string
 	hashFamily string
-	helper     iptables.ApplierCleaner
-	rulesData  []byte
+	ipset      ipsetutil.Interface
+
+	helper    iptables.ApplierCleaner
+	rulesData []byte
 }
 
 func newIptableHandler() (*IptablesHandler, error) {
@@ -40,7 +43,7 @@ func newIptableHandler() (*IptablesHandler, error) {
 
 	return &IptablesHandler{
 		ipset:      ipsetutil.New(),
-		ipsetName:  ipset.IPSetRemotePodCIDR,
+		ipsetName:  ipset.RemotePodCIDR,
 		hashFamily: ipsetutil.ProtocolFamilyIPV4,
 		helper:     iptables.NewApplierCleaner(iptables.ProtocolIPv4, jumpChains, rulesData.Bytes()),
 		rulesData:  rulesData.Bytes(),
@@ -56,7 +59,7 @@ func newIp6tableHandler() (*IptablesHandler, error) {
 
 	return &IptablesHandler{
 		ipset:      ipsetutil.New(),
-		ipsetName:  ipset.IPSetRemotePodCIDR6,
+		ipsetName:  ipset.RemotePodCIDR6,
 		hashFamily: ipsetutil.ProtocolFamilyIPV6,
 		helper:     iptables.NewApplierCleaner(iptables.ProtocolIPv6, jumpChains, rulesData.Bytes()),
 		rulesData:  rulesData.Bytes(),
@@ -88,7 +91,7 @@ var jumpChains = []iptables.JumpChain{
 }
 
 func (h IptablesHandler) maintainRules(remotePodCIDRs []string) {
-	if err := h.syncRemotePodCIDRSet(remotePodCIDRs); err != nil {
+	if err := h.ensureIPSet(remotePodCIDRs); err != nil {
 		logger.Error(err, "failed to sync ipset", "setName", h.ipsetName, "remotePodCIDRs", remotePodCIDRs)
 	} else {
 		logger.V(5).Info("ipset is synced", "setName", h.ipsetName, "remotePodCIDRs", remotePodCIDRs)
@@ -101,7 +104,7 @@ func (h IptablesHandler) maintainRules(remotePodCIDRs []string) {
 	}
 }
 
-func (h IptablesHandler) syncRemotePodCIDRSet(remotePodCIDRs []string) error {
+func (h IptablesHandler) ensureIPSet(remotePodCIDRs []string) error {
 	set := &ipsetutil.IPSet{
 		Name:       h.ipsetName,
 		HashFamily: h.hashFamily,

diff --git a/pkg/connector/iptables.go b/pkg/connector/iptables.go
@@ -38,19 +38,19 @@ var tmpl = template.Must(template.New("iptables").Parse(`
 -A FABEDGE-INPUT -p ah -j ACCEPT
 
 -A FABEDGE-FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
--A FABEDGE-FORWARD -m set --match-set {{ .CloudPodCIDR }} src -j ACCEPT
--A FABEDGE-FORWARD -m set --match-set {{ .CloudPodCIDR }} dst -j ACCEPT
--A FABEDGE-FORWARD -m set --match-set {{ .CloudNodeCIDR }} src -j ACCEPT
--A FABEDGE-FORWARD -m set --match-set {{ .CloudNodeCIDR }} dst -j ACCEPT
+-A FABEDGE-FORWARD -m set --match-set {{ .LocalPodCIDR }} src -j ACCEPT
+-A FABEDGE-FORWARD -m set --match-set {{ .LocalPodCIDR }} dst -j ACCEPT
+-A FABEDGE-FORWARD -m set --match-set {{ .LocalNodeCIDR }} src -j ACCEPT
+-A FABEDGE-FORWARD -m set --match-set {{ .LocalNodeCIDR }} dst -j ACCEPT
 COMMIT
 
 *nat
 :FABEDGE-POSTROUTING - [0:0]
--A FABEDGE-POSTROUTING -m set --match-set {{ .CloudPodCIDR }} src -m set --match-set {{ .EdgePodCIDR}} dst -j ACCEPT
--A FABEDGE-POSTROUTING -m set --match-set {{ .EdgePodCIDR }} src -m set --match-set {{ .CloudPodCIDR }} dst -j ACCEPT
--A FABEDGE-POSTROUTING -m set --match-set {{ .CloudPodCIDR }} src -m set --match-set {{ .EdgeNodeCIDR }} dst -j ACCEPT
--A FABEDGE-POSTROUTING -m set --match-set {{ .EdgePodCIDR }} src -m set --match-set {{ .CloudNodeCIDR }} dst -j MASQUERADE
--A FABEDGE-POSTROUTING -m set --match-set {{ .EdgeNodeCIDR }} src -m set --match-set {{ .CloudPodCIDR}} dst -j MASQUERADE
+-A FABEDGE-POSTROUTING -m set --match-set {{ .LocalPodCIDR }} src -m set --match-set {{ .RemotePodCIDR}} dst -j ACCEPT
+-A FABEDGE-POSTROUTING -m set --match-set {{ .RemotePodCIDR }} src -m set --match-set {{ .LocalPodCIDR }} dst -j ACCEPT
+-A FABEDGE-POSTROUTING -m set --match-set {{ .LocalPodCIDR }} src -m set --match-set {{ .RemoteNodeCIDR }} dst -j ACCEPT
+-A FABEDGE-POSTROUTING -m set --match-set {{ .RemotePodCIDR }} src -m set --match-set {{ .LocalNodeCIDR }} dst -j MASQUERADE
+-A FABEDGE-POSTROUTING -m set --match-set {{ .RemoteNodeCIDR }} src -m set --match-set {{ .LocalPodCIDR}} dst -j MASQUERADE
 COMMIT
 `))
 
@@ -125,19 +125,19 @@ func (h *IPTablesHandler) setIPSetEntrySet(edgePodCIDRSet, edgeNodeCIDRSet, clou
 
 	h.specs = []IPSetSpec{
 		{
-			Name:     h.names.EdgePodCIDR,
+			Name:     h.names.RemotePodCIDR,
 			EntrySet: edgePodCIDRSet,
 		},
 		{
-			Name:     h.names.EdgeNodeCIDR,
+			Name:     h.names.RemoteNodeCIDR,
 			EntrySet: edgeNodeCIDRSet,
 		},
 		{
-			Name:     h.names.CloudPodCIDR,
+			Name:     h.names.LocalPodCIDR,
 			EntrySet: cloudPodCIDRSet,
 		},
 		{
-			Name:     h.names.CloudNodeCIDR,
+			Name:     h.names.LocalNodeCIDR,
 			EntrySet: cloudNodeCIDRSet,
 		},
 	}
@@ -179,7 +179,7 @@ func (h *IPTablesHandler) getEdgeNodeCIDRs() []string {
 	h.lock.RUnlock()
 
 	for _, spec := range specs {
-		if spec.Name == ipset.IPSetEdgeNodeCIDR {
+		if spec.Name == ipset.RemoteNodeCIDR {
 			return spec.EntrySet.List()
 		}
 	}

diff --git a/pkg/util/ipset/ipset.go b/pkg/util/ipset/ipset.go
@@ -36,42 +36,44 @@ const (
 	ProtocolFamilyIPV6 = ipset.ProtocolFamilyIPV6
 )
 
+// Remote refers to nodes or pods in different LANs, maybe even not in the same cluster,
+// while Local refers to nodes or pods in the same LAN and the same cluster.
 const (
-	IPSetEdgePodCIDR    = "FABEDGE-EDGE-POD-CIDR"
-	IPSetEdgePodCIDR6   = "FABEDGE-EDGE-POD-CIDR6"
-	IPSetEdgeNodeCIDR   = "FABEDGE-EDGE-NODE-CIDR"
-	IPSetEdgeNodeCIDR6  = "FABEDGE-EDGE-NODE-CIDR6"
-	IPSetCloudPodCIDR   = "FABEDGE-CLOUD-POD-CIDR"
-	IPSetCloudPodCIDR6  = "FABEDGE-CLOUD-POD-CIDR6"
-	IPSetCloudNodeCIDR  = "FABEDGE-CLOUD-NODE-CIDR"
-	IPSetCloudNodeCIDR6 = "FABEDGE-CLOUD-NODE-CIDR6"
-	IPSetRemotePodCIDR  = "FABEDGE-REMOTE-POD-CIDR"
-	IPSetRemotePodCIDR6 = "FABEDGE-REMOTE-POD-CIDR6"
+	RemotePodCIDR   = "FABEDGE-REMOTE-POD-CIDR"
+	RemotePodCIDR6  = "FABEDGE-REMOTE-POD-CIDR6"
+	RemoteNodeCIDR  = "FABEDGE-REMOTE-NODE-CIDR"
+	RemoteNodeCIDR6 = "FABEDGE-REMOTE-NODE-CIDR6"
+	LocalPodCIDR    = "FABEDGE-LOCAL-POD-CIDR"
+	LocalPodCIDR6   = "FABEDGE-LOCAL-POD-CIDR6"
+	LocalNodeCIDR   = "FABEDGE-LOCAL-NODE-CIDR"
+	LocalNodeCIDR6  = "FABEDGE-LOCAL-NODE-CIDR6"
+	RemoteCIDR      = "FABEDGE-REMOTE-CIDR"
+	RemoteCIDR6     = "FABEDGE-REMOTE-CIDR6"
 )
 
 type IPSetNames struct {
-	EdgePodCIDR   string
-	EdgeNodeCIDR  string
-	CloudPodCIDR  string
-	CloudNodeCIDR string
-	RemotePodCIDR string
+	RemotePodCIDR  string
+	RemoteNodeCIDR string
+	LocalPodCIDR   string
+	LocalNodeCIDR  string
+	RemoteCIDR     string
 }
 
 var (
 	Names4 = IPSetNames{
-		EdgeNodeCIDR:  IPSetEdgeNodeCIDR,
-		EdgePodCIDR:   IPSetEdgePodCIDR,
-		CloudPodCIDR:  IPSetCloudPodCIDR,
-		CloudNodeCIDR: IPSetCloudNodeCIDR,
-		RemotePodCIDR: IPSetRemotePodCIDR,
+		RemoteNodeCIDR: RemoteNodeCIDR,
+		RemotePodCIDR:  RemotePodCIDR,
+		LocalPodCIDR:   LocalPodCIDR,
+		LocalNodeCIDR:  LocalNodeCIDR,
+		RemoteCIDR:     RemoteCIDR,
 	}
 
 	Names6 = IPSetNames{
-		EdgeNodeCIDR:  IPSetEdgeNodeCIDR6,
-		EdgePodCIDR:   IPSetEdgePodCIDR6,
-		CloudPodCIDR:  IPSetCloudPodCIDR6,
-		CloudNodeCIDR: IPSetCloudNodeCIDR6,
-		RemotePodCIDR: IPSetRemotePodCIDR6,
+		RemoteNodeCIDR: RemoteNodeCIDR6,
+		RemotePodCIDR:  RemotePodCIDR6,
+		LocalPodCIDR:   LocalPodCIDR6,
+		LocalNodeCIDR:  LocalNodeCIDR6,
+		RemoteCIDR:     RemoteCIDR6,
 	}
 )