hotfix: detect enable ipv6 for envoy (#387)

* hotfix: detect enable ipv6 for envoy * hotfix: detect pod enable ipv6 for envoy * hotfix: optimize code
kubenetworks · Dec 6, 2024 · 1dc3c05 · 1dc3c05
1 parent 81f62ea
commit 1dc3c05
Show file tree

Hide file tree

Showing 4 changed files with 93 additions and 3 deletions.
diff --git a/pkg/inject/controller.go b/pkg/inject/controller.go
@@ -17,6 +17,9 @@ import (
 //go:embed envoy.yaml
 var envoyConfig []byte
 
+//go:embed envoy_ipv4.yaml
+var envoyConfigIPv4 []byte
+
 func RemoveContainers(spec *v1.PodTemplateSpec) {
 	for i := 0; i < len(spec.Spec.Containers); i++ {
 		if sets.New[string](config.ContainerSidecarEnvoyProxy, config.ContainerSidecarVPN).Has(spec.Spec.Containers[i].Name) {
@@ -27,7 +30,7 @@ func RemoveContainers(spec *v1.PodTemplateSpec) {
 }
 
 // AddMeshContainer todo envoy support ipv6
-func AddMeshContainer(spec *v1.PodTemplateSpec, nodeId string, c util.PodRouteConfig) {
+func AddMeshContainer(spec *v1.PodTemplateSpec, nodeId string, c util.PodRouteConfig, ipv6 bool) {
 	// remove envoy proxy containers if already exist
 	RemoveContainers(spec)
 
@@ -140,7 +143,12 @@ kubevpn serve -L "tun:/localhost:8422?net=${TunIPv4}&route=${CIDR4}" -F "tcp://$
 			"--config-yaml",
 		},
 		Args: []string{
-			string(envoyConfig),
+			func() string {
+				if ipv6 {
+					return string(envoyConfig)
+				}
+				return string(envoyConfigIPv4)
+			}(),
 		},
 		Resources: v1.ResourceRequirements{
 			Requests: map[v1.ResourceName]resource.Quantity{

diff --git a/pkg/inject/envoy_ipv4.yaml b/pkg/inject/envoy_ipv4.yaml
@@ -0,0 +1,51 @@
+admin:
+  access_log_path: /dev/null
+  address:
+    socket_address:
+      address: "0.0.0.0"
+      port_value: 9003
+dynamic_resources:
+  ads_config:
+    api_type: GRPC
+    transport_api_version: V3
+    grpc_services:
+      - envoy_grpc:
+          cluster_name: xds_cluster
+    set_node_on_first_message_only: true
+  cds_config:
+    resource_api_version: V3
+    ads: { }
+  lds_config:
+    resource_api_version: V3
+    ads: { }
+static_resources:
+  listeners:
+    - name: default_listener
+      address:
+        socket_address:
+          address: "0.0.0.0"
+          port_value: 15006
+      use_original_dst: true
+      filter_chains:
+        - filters:
+            - name: envoy.filters.network.tcp_proxy
+              typed_config:
+                "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
+                stat_prefix: tcp
+                cluster: origin_cluster
+  clusters:
+    - name: xds_cluster
+      connect_timeout: 2s
+      type: STRICT_DNS
+      lb_policy: ROUND_ROBIN
+      load_assignment:
+        cluster_name: xds_cluster
+        endpoints:
+          - lb_endpoints:
+              - endpoint:
+                  address:
+                    socket_address:
+                      address: kubevpn-traffic-manager
+                      port_value: 9002
+                      ipv4_compat: true
+      http2_protocol_options: { }
diff --git a/pkg/inject/mesh.go b/pkg/inject/mesh.go
@@ -102,6 +102,8 @@ func InjectVPNAndEnvoySidecar(ctx1 context.Context, factory cmdutil.Factory, cli
 		log.Infof("Workload %s/%s has already been injected with sidecar", namespace, workload)
 		return nil
 	}
+
+	enableIPv6, _ := util.DetectPodSupportIPv6(ctx1, factory, namespace)
 	// (1) add mesh container
 	removePatch, restorePatch := patch(*origin, path)
 	var b []byte
@@ -111,7 +113,7 @@ func InjectVPNAndEnvoySidecar(ctx1 context.Context, factory cmdutil.Factory, cli
 		return err
 	}
 
-	AddMeshContainer(templateSpec, nodeID, c)
+	AddMeshContainer(templateSpec, nodeID, c, enableIPv6)
 	helper := pkgresource.NewHelper(object.Client, object.Mapping)
 	ps := []P{
 		{

diff --git a/pkg/util/pod.go b/pkg/util/pod.go
@@ -8,6 +8,7 @@ import (
 	"net"
 	"net/http"
 	"os"
+	"strconv"
 	"strings"
 	"text/tabwriter"
 	"time"
@@ -39,6 +40,8 @@ import (
 	scheme2 "k8s.io/kubectl/pkg/scheme"
 	"k8s.io/kubectl/pkg/util/podutils"
 	pkgclient "sigs.k8s.io/controller-runtime/pkg/client"
+
+	"github.com/wencaiwulue/kubevpn/v2/pkg/config"
 )
 
 type PodRouteConfig struct {
@@ -520,3 +523,29 @@ func UpdateImage(ctx context.Context, factory util.Factory, ns string, deployNam
 	err = RolloutStatus(ctx, factory, ns, fmt.Sprintf("deployments/%s", deployName), time.Minute*60)
 	return err
 }
+
+func DetectPodSupportIPv6(ctx context.Context, factory util.Factory, namespace string) (bool, error) {
+	clientSet, err := factory.KubernetesClientSet()
+	if err != nil {
+		return false, err
+	}
+	restConfig, err := factory.ToRESTConfig()
+	if err != nil {
+		return false, err
+	}
+	label := fields.OneTermEqualSelector("app", config.ConfigMapPodTrafficManager).String()
+	list, err := GetRunningPodList(ctx, clientSet, namespace, label)
+	if err != nil {
+		return false, err
+	}
+	cmd := []string{"cat", "/proc/sys/net/ipv6/conf/all/disable_ipv6"}
+	shell, err := Shell(ctx, clientSet, restConfig, list[0].Name, config.ContainerSidecarVPN, namespace, cmd)
+	if err != nil {
+		return false, err
+	}
+	disableIPv6, err := strconv.Atoi(shell)
+	if err != nil {
+		return false, err
+	}
+	return disableIPv6 == 0, nil
+}