datapath: enable networkpolicy equal to datapathv2

Signed-off-by: l1b0k <[email protected]>
AliyunContainerService · Dec 3, 2024 · 11bac74 · 11bac74
1 parent 9e5b7a1
commit 11bac74
Show file tree

Hide file tree

Showing 2 changed files with 105 additions and 26 deletions.
diff --git a/cmd/terway-cli/cni.go b/cmd/terway-cli/cni.go
@@ -213,54 +213,60 @@ func mergeConfigList(configs [][]byte, f *feature) (string, error) {
 			if !ebpfSupport {
 				_ = plugin.Delete("eniip_virtual_type")
 			} else {
-				requireIPvlan := false
-
 				switch strings.ToLower(virtualType) {
 				case dataPathVeth, dataPathDefault:
 					datapath = dataPathVeth
 
-					// only for terway-eniip
 					if ebpfSupport && networkPolicyProvider == NetworkPolicyProviderEBPF {
 						allow, err := allowEBPFNetworkPolicy(f.EnableNetworkPolicy)
 						if err != nil {
 							return "", err
 						}
 						if allow {
-							requireEBPFChainer = true
+							datapath = dataPathV2
 						}
 					}
 				case dataPathIPvlan:
-					requireIPvlan = true
 					datapath = dataPathIPvlan
 
-					fallthrough
-				case dataPathV2:
-					requireEBPFChainer = true
-
-					if requireIPvlan && !_switchDataPathV2() {
-						fmt.Printf("keep ipvlan mode %v %v\n", requireIPvlan, !_switchDataPathV2())
-						_, err = plugin.Set(dataPathIPvlan, "eniip_virtual_type")
-						if err != nil {
-							return "", err
-						}
-					} else {
-						fmt.Printf("datapathv2 enabled\n")
-						_, err = plugin.Set(dataPathV2, "eniip_virtual_type")
-						if err != nil {
-							return "", err
-						}
-
+					if _switchDataPathV2() {
 						datapath = dataPathV2
 					}
+				case dataPathV2:
+					datapath = dataPathV2
+				}
 
-					if edtSupport {
-						_, err = plugin.Set("edt", "bandwidth_mode")
-					} else {
-						_, err = plugin.Set("tc", "bandwidth_mode")
+				switch datapath {
+				case dataPathVeth:
+					requireEBPFChainer = false
+					edtSupport = false
+					_, err = plugin.Set(dataPathVeth, "eniip_virtual_type")
+					if err != nil {
+						return "", err
+					}
+				case dataPathIPvlan:
+					requireEBPFChainer = true
+					_, err = plugin.Set(dataPathIPvlan, "eniip_virtual_type")
+					if err != nil {
+						return "", err
 					}
+				case dataPathV2:
+					requireEBPFChainer = true
+					_, err = plugin.Set(dataPathV2, "eniip_virtual_type")
 					if err != nil {
 						return "", err
 					}
+				default:
+					return "", fmt.Errorf("invalid datapath %s", datapath)
+				}
+
+				if edtSupport {
+					_, err = plugin.Set("edt", "bandwidth_mode")
+				} else {
+					_, err = plugin.Set("tc", "bandwidth_mode")
+				}
+				if err != nil {
+					return "", err
 				}
 			}
 		}

diff --git a/cmd/terway-cli/cni_test.go b/cmd/terway-cli/cni_test.go
@@ -58,6 +58,7 @@ func Test_mergeConfigList_ipvl(t *testing.T) {
 	assert.Equal(t, "terway", g.Path("plugins.0.type").Data())
 	assert.Equal(t, "bar", g.Path("plugins.0.foo").Data())
 	assert.Equal(t, "cilium-cni", g.Path("plugins.2.type").Data())
+	assert.Equal(t, "ipvlan", g.Path("plugins.0.eniip_virtual_type").Data())
 }
 
 func Test_mergeConfigList_ipvl_exist(t *testing.T) {
@@ -196,3 +197,75 @@ func Test_mergeConfigList_datapathv2(t *testing.T) {
 	assert.Equal(t, "datapathv2", g.Path("plugins.1.datapath").Data())
 	assert.Equal(t, "portmap", g.Path("plugins.2.type").Data())
 }
+
+func TestVeth(t *testing.T) {
+	_switchDataPathV2 = func() bool {
+		return true
+	}
+	out, err := mergeConfigList([][]byte{
+		[]byte(`{
+			"type":"terway",
+			"foo":"bar"
+		}`)}, &feature{
+		EBPF:                true,
+		EDT:                 true,
+		EnableNetworkPolicy: true,
+	})
+	assert.NoError(t, err)
+
+	g, err := gabs.ParseJSON([]byte(out))
+	assert.NoError(t, err)
+
+	assert.Equal(t, "terway", g.Path("plugins.0.type").Data())
+	assert.Equal(t, "veth", g.Path("plugins.0.eniip_virtual_type").Data())
+	assert.Equal(t, 1, len(g.Path("plugins").Children()))
+}
+
+func TestVethWithNoPolicy(t *testing.T) {
+	_switchDataPathV2 = func() bool {
+		return true
+	}
+	out, err := mergeConfigList([][]byte{
+		[]byte(`{
+			"type":"terway",
+			"foo":"bar",
+            "network_policy_provider": "ebpf"
+		}`)}, &feature{
+		EBPF:                true,
+		EDT:                 true,
+		EnableNetworkPolicy: false,
+	})
+	assert.NoError(t, err)
+
+	g, err := gabs.ParseJSON([]byte(out))
+	assert.NoError(t, err)
+
+	assert.Equal(t, "terway", g.Path("plugins.0.type").Data())
+	assert.Equal(t, "veth", g.Path("plugins.0.eniip_virtual_type").Data())
+	assert.Equal(t, 1, len(g.Path("plugins").Children()))
+}
+
+func TestVethToDatapathV2(t *testing.T) {
+	_switchDataPathV2 = func() bool {
+		return true
+	}
+	out, err := mergeConfigList([][]byte{
+		[]byte(`{
+			"type":"terway",
+			"foo":"bar",
+            "network_policy_provider": "ebpf"
+		}`)}, &feature{
+		EBPF:                true,
+		EDT:                 true,
+		EnableNetworkPolicy: true,
+	})
+	assert.NoError(t, err)
+
+	g, err := gabs.ParseJSON([]byte(out))
+	assert.NoError(t, err)
+
+	assert.Equal(t, "terway", g.Path("plugins.0.type").Data())
+	assert.Equal(t, 2, len(g.Path("plugins").Children()))
+	assert.Equal(t, "datapathv2", g.Path("plugins.0.eniip_virtual_type").Data())
+	assert.Equal(t, "cilium-cni", g.Path("plugins.1.type").Data())
+}