From 1139d4f50a4f39e7833037652158ab29be64ed24 Mon Sep 17 00:00:00 2001
From: Ravi Sankar Penta <rpenta@redhat.com>
Date: Mon, 25 Jun 2018 13:06:15 -0700
Subject: [PATCH] Allow egress-router to connect to cluster service network for
 DNS, etc.

https://github.com/openshift/origin/pull/19885 allows egress routers to
connect to the node IP but when openshift node is configured to use
service network IP as DNS IP then egress router pod will not be able
to resolve DNS requests. This change will address this issue.
---
 pkg/network/node/cniserver/cniserver.go        |  5 +++--
 pkg/network/node/cniserver/cniserver_test.go   |  2 +-
 pkg/network/node/node.go                       |  3 ++-
 pkg/network/node/pod.go                        |  4 ++--
 pkg/network/node/pod_test.go                   |  4 ++--
 pkg/network/sdn-cni-plugin/openshift-sdn.go    | 18 +++++++++++++++---
 .../sdn-cni-plugin/sdn_cni_plugin_test.go      |  2 +-
 7 files changed, 26 insertions(+), 12 deletions(-)

diff --git a/pkg/network/node/cniserver/cniserver.go b/pkg/network/node/cniserver/cniserver.go
index 224473721df4..44902f74c5a4 100644
--- a/pkg/network/node/cniserver/cniserver.go
+++ b/pkg/network/node/cniserver/cniserver.go
@@ -51,13 +51,14 @@ const CNIServerRunDir string = "/var/run/openshift-sdn"
 const CNIServerSocketName string = "cni-server.sock"
 const CNIServerSocketPath string = CNIServerRunDir + "/" + CNIServerSocketName
 
-// Config file containing MTU, and default full path
+// Config file contains server to plugin config data
 const CNIServerConfigFileName string = "config.json"
 const CNIServerConfigFilePath string = CNIServerRunDir + "/" + CNIServerConfigFileName
 
 // Server-to-plugin config data
 type Config struct {
-	MTU uint32 `json:"mtu"`
+	MTU                uint32 `json:"mtu"`
+	ServiceNetworkCIDR string `json:"serviceNetworkCIDR"`
 }
 
 // Explicit type for CNI commands the server handles
diff --git a/pkg/network/node/cniserver/cniserver_test.go b/pkg/network/node/cniserver/cniserver_test.go
index bf3769e6fc9f..2e6e7dc828af 100644
--- a/pkg/network/node/cniserver/cniserver_test.go
+++ b/pkg/network/node/cniserver/cniserver_test.go
@@ -62,7 +62,7 @@ func TestCNIServer(t *testing.T) {
 	defer os.RemoveAll(tmpDir)
 	socketPath := filepath.Join(tmpDir, CNIServerSocketName)
 
-	s := NewCNIServer(tmpDir, &Config{MTU: 1500})
+	s := NewCNIServer(tmpDir, &Config{MTU: 1500, ServiceNetworkCIDR: "172.30.0.0/16"})
 	if err := s.Start(serverHandleCNI); err != nil {
 		t.Fatalf("error starting CNI server: %v", err)
 	}
diff --git a/pkg/network/node/node.go b/pkg/network/node/node.go
index fb7aac89828b..70f970b9de01 100644
--- a/pkg/network/node/node.go
+++ b/pkg/network/node/node.go
@@ -349,7 +349,8 @@ func (node *OsdnNode) Start() error {
 	}
 
 	glog.V(2).Infof("Starting openshift-sdn pod manager")
-	if err := node.podManager.Start(cniserver.CNIServerRunDir, node.localSubnetCIDR, node.networkInfo.ClusterNetworks); err != nil {
+	if err := node.podManager.Start(cniserver.CNIServerRunDir, node.localSubnetCIDR,
+		node.networkInfo.ClusterNetworks, node.networkInfo.ServiceNetwork.String()); err != nil {
 		return err
 	}
 
diff --git a/pkg/network/node/pod.go b/pkg/network/node/pod.go
index 8e59adcb963a..cc012f7a71dc 100644
--- a/pkg/network/node/pod.go
+++ b/pkg/network/node/pod.go
@@ -168,7 +168,7 @@ func getIPAMConfig(clusterNetworks []common.ClusterNetwork, localSubnet string)
 }
 
 // Start the CNI server and start processing requests from it
-func (m *podManager) Start(rundir string, localSubnetCIDR string, clusterNetworks []common.ClusterNetwork) error {
+func (m *podManager) Start(rundir string, localSubnetCIDR string, clusterNetworks []common.ClusterNetwork, serviceNetworkCIDR string) error {
 	if m.enableHostports {
 		iptInterface := utiliptables.New(utilexec.New(), utildbus.New(), utiliptables.ProtocolIpv4)
 		m.hostportSyncer = kubehostport.NewHostportSyncer(iptInterface)
@@ -181,7 +181,7 @@ func (m *podManager) Start(rundir string, localSubnetCIDR string, clusterNetwork
 
 	go m.processCNIRequests()
 
-	m.cniServer = cniserver.NewCNIServer(rundir, &cniserver.Config{MTU: m.mtu})
+	m.cniServer = cniserver.NewCNIServer(rundir, &cniserver.Config{MTU: m.mtu, ServiceNetworkCIDR: serviceNetworkCIDR})
 	return m.cniServer.Start(m.handleCNIRequest)
 }
 
diff --git a/pkg/network/node/pod_test.go b/pkg/network/node/pod_test.go
index 46f55c6110b1..704a483be090 100644
--- a/pkg/network/node/pod_test.go
+++ b/pkg/network/node/pod_test.go
@@ -318,7 +318,7 @@ func TestPodManager(t *testing.T) {
 		podManager := newDefaultPodManager()
 		podManager.podHandler = podTester
 		_, cidr, _ := net.ParseCIDR("1.2.0.0/16")
-		err := podManager.Start(tmpDir, "1.2.3.0/24", []common.ClusterNetwork{{ClusterCIDR: cidr, HostSubnetLength: 8}})
+		err := podManager.Start(tmpDir, "1.2.3.0/24", []common.ClusterNetwork{{ClusterCIDR: cidr, HostSubnetLength: 8}}, "172.30.0.0/16")
 		if err != nil {
 			t.Fatalf("could not start PodManager: %v", err)
 		}
@@ -417,7 +417,7 @@ func TestDirectPodUpdate(t *testing.T) {
 	podManager := newDefaultPodManager()
 	podManager.podHandler = podTester
 	_, cidr, _ := net.ParseCIDR("1.2.0.0/16")
-	err = podManager.Start(tmpDir, "1.2.3.0/24", []common.ClusterNetwork{{ClusterCIDR: cidr, HostSubnetLength: 8}})
+	err = podManager.Start(tmpDir, "1.2.3.0/24", []common.ClusterNetwork{{ClusterCIDR: cidr, HostSubnetLength: 8}}, "172.30.0.0/16")
 	if err != nil {
 		t.Fatalf("could not start PodManager: %v", err)
 	}
diff --git a/pkg/network/sdn-cni-plugin/openshift-sdn.go b/pkg/network/sdn-cni-plugin/openshift-sdn.go
index 8c918419fba9..bae5f4fadce2 100644
--- a/pkg/network/sdn-cni-plugin/openshift-sdn.go
+++ b/pkg/network/sdn-cni-plugin/openshift-sdn.go
@@ -213,11 +213,23 @@ func (p *cniPlugin) CmdAdd(args *skel.CmdArgs) error {
 					},
 					Gw: defaultGW,
 				}
-				err = netlink.RouteAdd(route)
-				if err != nil {
-					return fmt.Errorf("failed to configure macvlan device: %v", err)
+				if err := netlink.RouteAdd(route); err != nil {
+					return fmt.Errorf("failed to add route to node IP: %v", err)
 				}
 			}
+
+			// Add a route to service network via SDN
+			_, serviceIPNet, err := net.ParseCIDR(config.ServiceNetworkCIDR)
+			if err != nil {
+				return fmt.Errorf("failed to parse ServiceNetworkCIDR: %v", err)
+			}
+			route := &netlink.Route{
+				Dst: serviceIPNet,
+				Gw:  defaultGW,
+			}
+			if err := netlink.RouteAdd(route); err != nil {
+				return fmt.Errorf("failed to add route to service network: %v", err)
+			}
 		}
 
 		return nil
diff --git a/pkg/network/sdn-cni-plugin/sdn_cni_plugin_test.go b/pkg/network/sdn-cni-plugin/sdn_cni_plugin_test.go
index 101acc904fcb..2919a337da02 100644
--- a/pkg/network/sdn-cni-plugin/sdn_cni_plugin_test.go
+++ b/pkg/network/sdn-cni-plugin/sdn_cni_plugin_test.go
@@ -83,7 +83,7 @@ func TestOpenshiftSdnCNIPlugin(t *testing.T) {
 	defer os.RemoveAll(tmpDir)
 
 	path := filepath.Join(tmpDir, cniserver.CNIServerSocketName)
-	server := cniserver.NewCNIServer(tmpDir, &cniserver.Config{MTU: 1500})
+	server := cniserver.NewCNIServer(tmpDir, &cniserver.Config{MTU: 1500, ServiceNetworkCIDR: "172.30.0.0/16"})
 	if err := server.Start(serverHandleCNI); err != nil {
 		t.Fatalf("error starting CNI server: %v", err)
 	}