
     1  // Copyright 2016-2019 Authors of Cilium
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    15  package k8s
    17  import (
    18  	"context"
    19  	"encoding/json"
    20  	"fmt"
    21  	"net"
    23  	""
    24  	""
    25  	""
    26  	""
    27  	""
    28  	""
    29  	""
    30  	""
    31  	""
    33  	""
    34  	""
    35  	metav1 ""
    36  	""
    37  )
    39  // ParseNodeAddressType converts a Kubernetes NodeAddressType to a Cilium
    40  // NodeAddressType. If the Kubernetes NodeAddressType does not have a
    41  // corresponding Cilium AddressType, returns an error.
    42  func ParseNodeAddressType(k8sAddress v1.NodeAddressType) (addressing.AddressType, error) {
    44  	var err error
    45  	convertedAddr := addressing.AddressType(k8sAddress)
    47  	switch convertedAddr {
    48  	case addressing.NodeExternalDNS, addressing.NodeExternalIP, addressing.NodeHostName, addressing.NodeInternalIP, addressing.NodeInternalDNS:
    49  	default:
    50  		err = fmt.Errorf("invalid Kubernetes NodeAddressType %s", convertedAddr)
    51  	}
    52  	return convertedAddr, err
    53  }
    55  // ParseNode parses a kubernetes node to a cilium node
    56  func ParseNode(k8sNode *types.Node, source source.Source) *node.Node {
    57  	scopedLog := log.WithFields(logrus.Fields{
    58  		logfields.NodeName:  k8sNode.Name,
    59  		logfields.K8sNodeID: k8sNode.UID,
    60  	})
    61  	addrs := []node.Address{}
    62  	for _, addr := range k8sNode.StatusAddresses {
    63  		// We only care about this address types,
    64  		// we ignore all other types.
    65  		switch addr.Type {
    66  		case v1.NodeInternalIP, v1.NodeExternalIP:
    67  		default:
    68  			continue
    69  		}
    70  		// If the address is not set let's not parse it at all.
    71  		// This can be the case for v1.NodeExternalIPs
    72  		if addr.Address == "" {
    73  			continue
    74  		}
    75  		ip := net.ParseIP(addr.Address)
    76  		if ip == nil {
    77  			scopedLog.WithFields(logrus.Fields{
    78  				logfields.IPAddr: addr.Address,
    79  				"type":           addr.Type,
    80  			}).Warn("Ignoring invalid node IP")
    81  			continue
    82  		}
    84  		addressType, err := ParseNodeAddressType(addr.Type)
    86  		if err != nil {
    87  			scopedLog.WithError(err).Warn("invalid address type for node")
    88  		}
    90  		na := node.Address{
    91  			Type: addressType,
    92  			IP:   ip,
    93  		}
    94  		addrs = append(addrs, na)
    95  	}
    97  	k8sNodeAddHostIP := func(annotation string) {
    98  		if ciliumInternalIP, ok := k8sNode.Annotations[annotation]; !ok || ciliumInternalIP == "" {
    99  			scopedLog.Debugf("Missing %s. Annotation required when IPSec Enabled", annotation)
   100  		} else if ip := net.ParseIP(ciliumInternalIP); ip == nil {
   101  			scopedLog.Debugf("ParseIP %s error", ciliumInternalIP)
   102  		} else {
   103  			na := node.Address{
   104  				Type: addressing.NodeCiliumInternalIP,
   105  				IP:   ip,
   106  			}
   107  			addrs = append(addrs, na)
   108  			scopedLog.Debugf("Add NodeCiliumInternalIP: %s", ip)
   109  		}
   110  	}
   112  	k8sNodeAddHostIP(annotation.CiliumHostIP)
   113  	k8sNodeAddHostIP(annotation.CiliumHostIPv6)
   115  	newNode := &node.Node{
   116  		Name:        k8sNode.Name,
   117  		Cluster:     option.Config.ClusterName,
   118  		IPAddresses: addrs,
   119  		Source:      source,
   120  	}
   122  	if len(k8sNode.SpecPodCIDR) != 0 {
   123  		if allocCIDR, err := cidr.ParseCIDR(k8sNode.SpecPodCIDR); err != nil {
   124  			scopedLog.WithError(err).WithField(logfields.V4Prefix, k8sNode.SpecPodCIDR).Warn("Invalid PodCIDR value for node")
   125  		} else {
   126  			if allocCIDR.IP.To4() != nil {
   127  				newNode.IPv4AllocCIDR = allocCIDR
   128  			} else {
   129  				newNode.IPv6AllocCIDR = allocCIDR
   130  			}
   131  		}
   132  	}
   133  	// Spec.PodCIDR takes precedence since it's
   134  	// the CIDR assigned by k8s controller manager
   135  	// In case it's invalid or empty then we fall back to our annotations.
   136  	if newNode.IPv4AllocCIDR == nil {
   137  		if ipv4CIDR, ok := k8sNode.Annotations[annotation.V4CIDRName]; !ok || ipv4CIDR == "" {
   138  			scopedLog.Debug("Empty IPv4 CIDR annotation in node")
   139  		} else {
   140  			allocCIDR, err := cidr.ParseCIDR(ipv4CIDR)
   141  			if err != nil {
   142  				scopedLog.WithError(err).WithField(logfields.V4Prefix, ipv4CIDR).Error("BUG, invalid IPv4 annotation CIDR in node")
   143  			} else {
   144  				newNode.IPv4AllocCIDR = allocCIDR
   145  			}
   146  		}
   147  	}
   149  	if newNode.IPv6AllocCIDR == nil {
   150  		if ipv6CIDR, ok := k8sNode.Annotations[annotation.V6CIDRName]; !ok || ipv6CIDR == "" {
   151  			scopedLog.Debug("Empty IPv6 CIDR annotation in node")
   152  		} else {
   153  			allocCIDR, err := cidr.ParseCIDR(ipv6CIDR)
   154  			if err != nil {
   155  				scopedLog.WithError(err).WithField(logfields.V6Prefix, ipv6CIDR).Error("BUG, invalid IPv6 annotation CIDR in node")
   156  			} else {
   157  				newNode.IPv6AllocCIDR = allocCIDR
   158  			}
   159  		}
   160  	}
   162  	if newNode.IPv4HealthIP == nil {
   163  		if healthIP, ok := k8sNode.Annotations[annotation.V4HealthName]; !ok || healthIP == "" {
   164  			scopedLog.Debug("Empty IPv4 health endpoint annotation in node")
   165  		} else if ip := net.ParseIP(healthIP); ip == nil {
   166  			scopedLog.WithField(logfields.V4HealthIP, healthIP).Error("BUG, invalid IPv4 health endpoint annotation in node")
   167  		} else {
   168  			newNode.IPv4HealthIP = ip
   169  		}
   170  	}
   172  	if newNode.IPv6HealthIP == nil {
   173  		if healthIP, ok := k8sNode.Annotations[annotation.V6HealthName]; !ok || healthIP == "" {
   174  			scopedLog.Debug("Empty IPv6 health endpoint annotation in node")
   175  		} else if ip := net.ParseIP(healthIP); ip == nil {
   176  			scopedLog.WithField(logfields.V6HealthIP, healthIP).Error("BUG, invalid IPv6 health endpoint annotation in node")
   177  		} else {
   178  			newNode.IPv6HealthIP = ip
   179  		}
   180  	}
   182  	return newNode
   183  }
   185  // GetNode returns the kubernetes nodeName's node information from the
   186  // kubernetes api server
   187  func GetNode(c kubernetes.Interface, nodeName string) (*v1.Node, error) {
   188  	// Try to retrieve node's cidr and addresses from k8s's configuration
   189  	return c.CoreV1().Nodes().Get(nodeName, metav1.GetOptions{})
   190  }
   192  // setNodeNetworkUnavailableFalse sets Kubernetes NodeNetworkUnavailable to
   193  // false as Cilium is managing the network connectivity.
   194  //
   195  func setNodeNetworkUnavailableFalse(c kubernetes.Interface, nodeName string) error {
   196  	condition := v1.NodeCondition{
   197  		Type:               v1.NodeNetworkUnavailable,
   198  		Status:             v1.ConditionFalse,
   199  		Reason:             "CiliumIsUp",
   200  		Message:            "Cilium is running on this node",
   201  		LastTransitionTime: metav1.Now(),
   202  		LastHeartbeatTime:  metav1.Now(),
   203  	}
   204  	raw, err := json.Marshal(&[]v1.NodeCondition{condition})
   205  	if err != nil {
   206  		return err
   207  	}
   208  	patch := []byte(fmt.Sprintf(`{"status":{"conditions":%s}}`, raw))
   209  	_, err = c.CoreV1().Nodes().PatchStatus(nodeName, patch)
   210  	return err
   211  }
   213  // MarkNodeReady marks the Kubernetes node resource as ready from a networking
   214  // perspective
   215  func (k8sCli K8sClient) MarkNodeReady(nodeName string) {
   216  	log.WithField(logfields.NodeName, nodeName).Debug("Setting NetworkUnavailable=false")
   218  	controller.NewManager().UpdateController("mark-k8s-node-as-available",
   219  		controller.ControllerParams{
   220  			DoFunc: func(_ context.Context) error {
   221  				return setNodeNetworkUnavailableFalse(k8sCli, nodeName)
   222  			},
   223  		})
   224  }