Skip to content

Commit

Permalink
Support for netavark backed podman(4.x+) and adding the control-plane…
Browse files Browse the repository at this point in the history
… to the no_proxy list
  • Loading branch information
wherka-ama committed Aug 17, 2022
1 parent c918edb commit 8f7586b
Showing 1 changed file with 47 additions and 7 deletions.
54 changes: 47 additions & 7 deletions pkg/cluster/internal/providers/podman/provision.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ package podman

import (
"context"
"encoding/json"
"fmt"
"net"
"path/filepath"
Expand Down Expand Up @@ -251,28 +252,67 @@ func getProxyEnv(cfg *config.Cluster, networkName string) (map[string]string, er
return nil, err
}
noProxyList := append(subnets, envs[common.NOProxy])
// Add pod and service dns names to no_proxy to allow in cluster
// Add pod, service and control plane(API server) dns names to no_proxy to allow in cluster
// Note: this is best effort based on the default CoreDNS spec
// https://github.com/kubernetes/dns/blob/master/docs/specification.md
// Any user created pod/service hostnames, namespaces, custom DNS services
// are expected to be no-proxied by the user explicitly.
noProxyList = append(noProxyList, ".svc", ".svc.cluster", ".svc.cluster.local")
noProxyList = append(noProxyList, ".svc", ".svc.cluster", ".svc.cluster.local", strings.Join([]string{cfg.Name, "control-plane"}, "-"))
noProxyJoined := strings.Join(noProxyList, ",")
envs[common.NOProxy] = noProxyJoined
envs[strings.ToLower(common.NOProxy)] = noProxyJoined
}
return envs, nil
}

type PodmanNetworks []struct {
// v4+
Subnets []struct {
Subnet string `json:"subnet"`
Gateway string `json:"gateway"`
} `json:"subnets"`
// v3 and anything still using CNI/IPAM
Plugins []struct {
Ipam struct {
Ranges [][]struct {
Gateway string `json:"gateway"`
Subnet string `json:"subnet"`
} `json:"ranges"`
} `json:"ipam,omitempty"`
} `json:"plugins"`
}

func getSubnets(networkName string) ([]string, error) {
// TODO: unmarshall json and get rid of this complex query
format := `{{ range (index (index (index (index . "plugins") 0 ) "ipam" ) "ranges")}}{{ index ( index . 0 ) "subnet" }} {{end}}`
cmd := exec.Command("podman", "network", "inspect", "-f", format, networkName)
lines, err := exec.OutputLines(cmd)
cmd := exec.Command("podman", "network", "inspect", networkName)
out, err := exec.Output(cmd)

if err != nil {
return nil, errors.Wrap(err, "failed to get subnets")
}
return strings.Split(strings.TrimSpace(lines[0]), " "), nil

networks := PodmanNetworks{}
jsonErr := json.Unmarshal([]byte(out), &networks)
if jsonErr != nil {
return nil, errors.Wrap(jsonErr, "failed to get subnets")
}
subnets := []string{}
for _, network := range networks {
if len(network.Subnets) > 0 {
for _, subnet := range network.Subnets {
subnets = append(subnets, subnet.Subnet)
}
}
if len(network.Plugins) > 0 {
for _, plugin := range network.Plugins {
for _, r := range plugin.Ipam.Ranges {
for _, rr := range r {
subnets = append(subnets, rr.Subnet)
}
}
}
}
}
return subnets, nil
}

// generateMountBindings converts the mount list to a list of args for podman
Expand Down

0 comments on commit 8f7586b

Please sign in to comment.