From 11bac7401bec622919de5615b26a3740b49f870a Mon Sep 17 00:00:00 2001 From: l1b0k Date: Tue, 3 Dec 2024 10:25:23 +0800 Subject: [PATCH] datapath: enable networkpolicy equal to datapathv2 Signed-off-by: l1b0k --- cmd/terway-cli/cni.go | 58 ++++++++++++++++-------------- cmd/terway-cli/cni_test.go | 73 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 105 insertions(+), 26 deletions(-) diff --git a/cmd/terway-cli/cni.go b/cmd/terway-cli/cni.go index 52cd67d4..c9a4f04d 100644 --- a/cmd/terway-cli/cni.go +++ b/cmd/terway-cli/cni.go @@ -213,54 +213,60 @@ func mergeConfigList(configs [][]byte, f *feature) (string, error) { if !ebpfSupport { _ = plugin.Delete("eniip_virtual_type") } else { - requireIPvlan := false - switch strings.ToLower(virtualType) { case dataPathVeth, dataPathDefault: datapath = dataPathVeth - // only for terway-eniip if ebpfSupport && networkPolicyProvider == NetworkPolicyProviderEBPF { allow, err := allowEBPFNetworkPolicy(f.EnableNetworkPolicy) if err != nil { return "", err } if allow { - requireEBPFChainer = true + datapath = dataPathV2 } } case dataPathIPvlan: - requireIPvlan = true datapath = dataPathIPvlan - fallthrough - case dataPathV2: - requireEBPFChainer = true - - if requireIPvlan && !_switchDataPathV2() { - fmt.Printf("keep ipvlan mode %v %v\n", requireIPvlan, !_switchDataPathV2()) - _, err = plugin.Set(dataPathIPvlan, "eniip_virtual_type") - if err != nil { - return "", err - } - } else { - fmt.Printf("datapathv2 enabled\n") - _, err = plugin.Set(dataPathV2, "eniip_virtual_type") - if err != nil { - return "", err - } - + if _switchDataPathV2() { datapath = dataPathV2 } + case dataPathV2: + datapath = dataPathV2 + } - if edtSupport { - _, err = plugin.Set("edt", "bandwidth_mode") - } else { - _, err = plugin.Set("tc", "bandwidth_mode") + switch datapath { + case dataPathVeth: + requireEBPFChainer = false + edtSupport = false + _, err = plugin.Set(dataPathVeth, "eniip_virtual_type") + if err != nil { + return "", err + } + case dataPathIPvlan: + requireEBPFChainer = true + _, err = plugin.Set(dataPathIPvlan, "eniip_virtual_type") + if err != nil { + return "", err } + case dataPathV2: + requireEBPFChainer = true + _, err = plugin.Set(dataPathV2, "eniip_virtual_type") if err != nil { return "", err } + default: + return "", fmt.Errorf("invalid datapath %s", datapath) + } + + if edtSupport { + _, err = plugin.Set("edt", "bandwidth_mode") + } else { + _, err = plugin.Set("tc", "bandwidth_mode") + } + if err != nil { + return "", err } } } diff --git a/cmd/terway-cli/cni_test.go b/cmd/terway-cli/cni_test.go index c5501fa3..b59d804c 100644 --- a/cmd/terway-cli/cni_test.go +++ b/cmd/terway-cli/cni_test.go @@ -58,6 +58,7 @@ func Test_mergeConfigList_ipvl(t *testing.T) { assert.Equal(t, "terway", g.Path("plugins.0.type").Data()) assert.Equal(t, "bar", g.Path("plugins.0.foo").Data()) assert.Equal(t, "cilium-cni", g.Path("plugins.2.type").Data()) + assert.Equal(t, "ipvlan", g.Path("plugins.0.eniip_virtual_type").Data()) } func Test_mergeConfigList_ipvl_exist(t *testing.T) { @@ -196,3 +197,75 @@ func Test_mergeConfigList_datapathv2(t *testing.T) { assert.Equal(t, "datapathv2", g.Path("plugins.1.datapath").Data()) assert.Equal(t, "portmap", g.Path("plugins.2.type").Data()) } + +func TestVeth(t *testing.T) { + _switchDataPathV2 = func() bool { + return true + } + out, err := mergeConfigList([][]byte{ + []byte(`{ + "type":"terway", + "foo":"bar" + }`)}, &feature{ + EBPF: true, + EDT: true, + EnableNetworkPolicy: true, + }) + assert.NoError(t, err) + + g, err := gabs.ParseJSON([]byte(out)) + assert.NoError(t, err) + + assert.Equal(t, "terway", g.Path("plugins.0.type").Data()) + assert.Equal(t, "veth", g.Path("plugins.0.eniip_virtual_type").Data()) + assert.Equal(t, 1, len(g.Path("plugins").Children())) +} + +func TestVethWithNoPolicy(t *testing.T) { + _switchDataPathV2 = func() bool { + return true + } + out, err := mergeConfigList([][]byte{ + []byte(`{ + "type":"terway", + "foo":"bar", + "network_policy_provider": "ebpf" + }`)}, &feature{ + EBPF: true, + EDT: true, + EnableNetworkPolicy: false, + }) + assert.NoError(t, err) + + g, err := gabs.ParseJSON([]byte(out)) + assert.NoError(t, err) + + assert.Equal(t, "terway", g.Path("plugins.0.type").Data()) + assert.Equal(t, "veth", g.Path("plugins.0.eniip_virtual_type").Data()) + assert.Equal(t, 1, len(g.Path("plugins").Children())) +} + +func TestVethToDatapathV2(t *testing.T) { + _switchDataPathV2 = func() bool { + return true + } + out, err := mergeConfigList([][]byte{ + []byte(`{ + "type":"terway", + "foo":"bar", + "network_policy_provider": "ebpf" + }`)}, &feature{ + EBPF: true, + EDT: true, + EnableNetworkPolicy: true, + }) + assert.NoError(t, err) + + g, err := gabs.ParseJSON([]byte(out)) + assert.NoError(t, err) + + assert.Equal(t, "terway", g.Path("plugins.0.type").Data()) + assert.Equal(t, 2, len(g.Path("plugins").Children())) + assert.Equal(t, "datapathv2", g.Path("plugins.0.eniip_virtual_type").Data()) + assert.Equal(t, "cilium-cni", g.Path("plugins.1.type").Data()) +}