cni-server: set node NetworkUnavailable condition after join subnet gateway check (kubeovn#4915)

Signed-off-by: zhangzujian <zhangzujian.7@gmail.com>

Author: zhangzujian

dist/images/install.sh

@@ -2341,6 +2341,7 @@ rules:
       - pods/exec
       - namespaces
       - nodes
+      - nodes/status
       - configmaps
     verbs:
       - create

kubeovn-helm/templates/ovn-CR.yaml

@@ -49,6 +49,7 @@ rules:
       - pods/exec
       - namespaces
       - nodes
+      - nodes/status
       - configmaps
     verbs:
       - create

pkg/daemon/init.go

@@ -88,7 +88,7 @@ func InitNodeGateway(config *Configuration) error {
 		klog.Errorf("failed to get ip %s with mask %s, %v", ip, cidr, err)
 		return err
 	}
-	return configureNodeNic(portName, ipAddr, gw, cidr, mac, config.MTU)
+	return configureNodeNic(config.KubeClient, config.NodeName, portName, ipAddr, gw, cidr, mac, config.MTU)
 }
 
 func InitMirror(config *Configuration) error {

pkg/daemon/ovs_linux.go

@@ -9,19 +9,20 @@ import (
 	"path"
 	"path/filepath"
 	"regexp"
+	"strconv"
 	"strings"
 	"syscall"
 	"time"
 
-	"strconv"
-
 	"github.com/Mellanox/sriovnet"
 	sriovutilfs "github.com/Mellanox/sriovnet/pkg/utils/filesystem"
 	"github.com/containernetworking/plugins/pkg/ns"
 	"github.com/containernetworking/plugins/pkg/utils/sysctl"
 	"github.com/vishvananda/netlink"
 	"golang.org/x/sys/unix"
+	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/client-go/kubernetes"
 	"k8s.io/klog/v2"
 
 	kubeovnv1 "github.com/kubeovn/kube-ovn/pkg/apis/kubeovn/v1"
@@ -419,7 +420,6 @@ func configureContainerNic(nicName, ifName string, ipAddr, gateway string, isDef
 	}
 
 	return ns.WithNetNSPath(netns.Path(), func(_ ns.NetNS) error {
-
 		if nicType != util.InternalType {
 			if err = netlink.LinkSetName(containerLink, ifName); err != nil {
 				klog.Error(err)
@@ -610,7 +610,7 @@ func waitNetworkReady(nic, ipAddr, gateway string, underlayGateway, verbose bool
 	return nil
 }
 
-func configureNodeNic(portName, ip, gw, joinCIDR string, macAddr net.HardwareAddr, mtu int) error {
+func configureNodeNic(cs kubernetes.Interface, nodeName, portName, ip, gw, joinCIDR string, macAddr net.HardwareAddr, mtu int) error {
 	ipStr := util.GetIpWithoutMask(ip)
 	raw, err := ovs.Exec(ovs.MayExist, "add-port", "br-int", util.NodeNic, "--",
 		"set", "interface", util.NodeNic, "type=internal", "--",
@@ -687,13 +687,21 @@ func configureNodeNic(portName, ip, gw, joinCIDR string, macAddr net.HardwareAdd
 	}
 
 	// ping ovn0 gw to activate the flow
-	klog.Infof("wait ovn0 gw ready")
-	if err := waitNetworkReady(util.NodeNic, ip, gw, false, true, gatewayCheckMaxRetry); err != nil {
+	klog.Info("wait ovn0 gw ready")
+	status := corev1.ConditionFalse
+	reason := "JoinSubnetGatewayReachable"
+	message := fmt.Sprintf("ping check to gateway ip %s succeeded", gw)
+	if err = waitNetworkReady(util.NodeNic, ip, gw, false, true, gatewayCheckMaxRetry); err != nil {
 		klog.Errorf("failed to init ovn0 check: %v", err)
-		return err
+		status = corev1.ConditionTrue
+		reason = "JoinSubnetGatewayUnreachable"
+		message = fmt.Sprintf("ping check to gateway ip %s failed", gw)
+	}
+	if err := util.SetNodeNetworkUnavailableCondition(cs, nodeName, status, reason, message); err != nil {
+		klog.Errorf("failed to set node network unavailable condition: %v", err)
 	}
 
-	return nil
+	return err
 }
 
 // If OVS restart, the ovn0 port will down and prevent host to pod network,
@@ -715,7 +723,31 @@ func (c *Controller) loopOvn0Check() {
 	}
 	ip := node.Annotations[util.IpAddressAnnotation]
 	gw := node.Annotations[util.GatewayAnnotation]
-	if err := waitNetworkReady(util.NodeNic, ip, gw, false, false, gatewayCheckMaxRetry); err != nil {
+	status := corev1.ConditionFalse
+	reason := "JoinSubnetGatewayReachable"
+	message := fmt.Sprintf("ping check to gateway ip %s succeeded", gw)
+	if err = waitNetworkReady(util.NodeNic, ip, gw, false, false, 5); err != nil {
+		klog.Errorf("failed to init ovn0 check: %v", err)
+		status = corev1.ConditionTrue
+		reason = "JoinSubnetGatewayUnreachable"
+		message = fmt.Sprintf("ping check to gateway ip %s failed", gw)
+	}
+
+	var alreadySet bool
+	for _, condition := range node.Status.Conditions {
+		if condition.Type == corev1.NodeNetworkUnavailable && condition.Status == corev1.ConditionTrue &&
+			condition.Reason == reason && condition.Message == message {
+			alreadySet = true
+			break
+		}
+	}
+	if !alreadySet {
+		if err := util.SetNodeNetworkUnavailableCondition(c.config.KubeClient, c.config.NodeName, status, reason, message); err != nil {
+			klog.Errorf("failed to set node network unavailable condition: %v", err)
+		}
+	}
+
+	if err != nil {
 		util.LogFatalAndExit(err, "failed to ping ovn0 gateway %s", gw)
 	}
 }
@@ -1162,7 +1194,7 @@ func setupVethPair(containerID, ifName string, mtu int) (string, string, error)
 // Setup sriov interface in the pod
 // https://github.com/ovn-org/ovn-kubernetes/commit/6c96467d0d3e58cab05641293d1c1b75e5914795
 func setupSriovInterface(containerID, deviceID, vfDriver, ifName string, mtu int, mac string) (string, string, error) {
-	var isVfioPciDriver = false
+	isVfioPciDriver := false
 	if vfDriver == "vfio-pci" {
 		matches, err := filepath.Glob(filepath.Join(util.VfioSysDir, "*"))
 		if err != nil {

pkg/daemon/ovs_windows.go

@@ -9,7 +9,9 @@ import (
 
 	"github.com/Microsoft/hcsshim"
 	"github.com/containernetworking/plugins/pkg/hns"
+	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/client-go/kubernetes"
 	"k8s.io/klog/v2"
 
 	kubeovnv1 "github.com/kubeovn/kube-ovn/pkg/apis/kubeovn/v1"
@@ -258,7 +260,7 @@ func waitNetworkReady(nic, ipAddr, gateway string, underlayGateway, verbose bool
 	return nil
 }
 
-func configureNodeNic(portName, ip, gw, joinCIDR string, macAddr net.HardwareAddr, mtu int) error {
+func configureNodeNic(cs kubernetes.Interface, nodeName, portName, ip, gw, joinCIDR string, macAddr net.HardwareAddr, mtu int) error {
 	ipStr := util.GetIpWithoutMask(ip)
 	raw, err := ovs.Exec(ovs.MayExist, "add-port", "br-int", util.NodeNic, "--",
 		"set", "interface", util.NodeNic, "type=internal", "--",
@@ -321,12 +323,20 @@ func configureNodeNic(portName, ip, gw, joinCIDR string, macAddr net.HardwareAdd
 	}
 
 	// ping ovn0 gw to activate the flow
-	klog.Infof("wait ovn0 gw ready")
-	if err := waitNetworkReady(util.NodeNic, ip, gw, false, true, gatewayCheckMaxRetry); err != nil {
+	klog.Info("wait ovn0 gw ready")
+	status := corev1.ConditionFalse
+	reason := "JoinSubnetGatewayReachable"
+	message := fmt.Sprintf("ping check to gateway ip %s succeeded", gw)
+	if err = waitNetworkReady(util.NodeNic, ip, gw, false, true, gatewayCheckMaxRetry); err != nil {
 		klog.Errorf("failed to init ovn0 check: %v", err)
-		return err
+		status = corev1.ConditionTrue
+		reason = "JoinSubnetGatewayUnreachable"
+		message = fmt.Sprintf("ping check to gateway ip %s failed", gw)
 	}
-	return nil
+	if err := util.SetNodeNetworkUnavailableCondition(cs, nodeName, status, reason, message); err != nil {
+		klog.Errorf("failed to set node network unavailable condition: %v", err)
+	}
+	return err
 }
 
 // If OVS restart, the ovn0 port will down and prevent host to pod network,

pkg/util/k8s.go

@@ -1,13 +1,17 @@
 package util
 
 import (
+	"context"
+	"encoding/json"
 	"fmt"
 	"net"
 	"net/url"
 	"strings"
 	"time"
 
 	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
 	"k8s.io/klog/v2"
 )
 
@@ -62,3 +66,31 @@ func ServiceClusterIPs(svc v1.Service) []string {
 	}
 	return ips
 }
+
+func SetNodeNetworkUnavailableCondition(cs kubernetes.Interface, nodeName string, status v1.ConditionStatus, reason, message string) error {
+	now := metav1.NewTime(time.Now())
+	patch := map[string]map[string][]v1.NodeCondition{
+		"status": {
+			"conditions": []v1.NodeCondition{{
+				Type:               v1.NodeNetworkUnavailable,
+				Status:             status,
+				Reason:             reason,
+				Message:            message,
+				LastTransitionTime: now,
+				LastHeartbeatTime:  now,
+			}},
+		},
+	}
+	data, err := json.Marshal(patch)
+	if err != nil {
+		klog.Errorf("failed to marshal patch data: %v", err)
+		return err
+	}
+
+	if _, err = cs.CoreV1().Nodes().PatchStatus(context.Background(), nodeName, data); err != nil {
+		klog.Errorf("failed to patch node %s: %v", nodeName, err)
+		return err
+	}
+
+	return nil
+}