fix(cnivpc): When pod enable static ip, block ip assignment without ipamd (#34)

fioncat · web-flow · commit 495b15661fc2 · 2023-11-23T14:02:08.000+08:00
diff --git a/Makefile b/Makefile
@@ -35,8 +35,8 @@ all: cnivpc
 
 .PHONY: cnivpc-bin
 cnivpc-bin:
-	go build ${LDFLAGS} -o ./bin/cnivpc ./cmd/cnivpc
-	go build ${LDFLAGS} -o ./bin/cnivpctl ./cmd/cnivpctl
+	CGO_ENABLED=0 GOOS="linux" GOARCH="amd64" go build ${LDFLAGS} -o ./bin/cnivpc ./cmd/cnivpc
+	CGO_ENABLED=0 GOOS="linux" GOARCH="amd64" go build ${LDFLAGS} -o ./bin/cnivpctl ./cmd/cnivpctl
 
 .PHONY: cnivpc
 cnivpc: cnivpc-bin
@@ -46,14 +46,14 @@ cnivpc: cnivpc-bin
 
 .PHONY: ipamd
 ipamd:
-	go build ${LDFLAGS} -o ./bin/cnivpc-ipamd ./cmd/cnivpc-ipamd
+	CGO_ENABLED=0 GOOS="linux" GOARCH="amd64" go build ${LDFLAGS} -o ./bin/cnivpc-ipamd ./cmd/cnivpc-ipamd
 	$(DOCKER_CMD) build -t $(IPAMD_IMAGE) -f dockerfiles/ipamd/Dockerfile .
 	$(DOCKER_CMD) push $(IPAMD_IMAGE)
 	@echo "Build done: $(IPAMD_IMAGE)"
 
 .PHONY: vip-controller
 vip-controller:
-	go build ${LDFLAGS} -o ./bin/vip-controller ./cmd/vip-controller
+	CGO_ENABLED=0 GOOS="linux" GOARCH="amd64" go build ${LDFLAGS} -o ./bin/vip-controller ./cmd/vip-controller
 	$(DOCKER_CMD) build -t $(VIP_CONTROLLER_IMAGE) -f dockerfiles/vip-controller/Dockerfile .
 	$(DOCKER_CMD) push $(VIP_CONTROLLER_IMAGE)
 	@echo "Build done: $(VIP_CONTROLLER_IMAGE)"
diff --git a/cmd/cnivpc/rpc.go b/cmd/cnivpc/rpc.go
@@ -20,6 +20,7 @@ import (
 
 	"github.com/ucloud/uk8s-cni-vpc/pkg/database"
 	"github.com/ucloud/uk8s-cni-vpc/pkg/iputils"
+	"github.com/ucloud/uk8s-cni-vpc/pkg/kubeclient"
 	"github.com/ucloud/uk8s-cni-vpc/pkg/uapi"
 
 	"github.com/ucloud/ucloud-sdk-go/ucloud"
@@ -67,6 +68,19 @@ func assignPodIp(podName, podNS, netNS, sandboxId string) (*rpc.PodNetwork, bool
 		}
 	}
 
+	kubeClient, err := kubeclient.GetNodeClient()
+	if err != nil {
+		return nil, false, fmt.Errorf("failed to get node kube client: %v", err)
+	}
+	enableStaticIP, _, err := ipamd.IsPodEnableStaticIP(kubeClient, podName, podNS)
+	if err != nil {
+		return nil, false, fmt.Errorf("failed to check pod static ip enable: %v", err)
+	}
+	if enableStaticIP {
+		// If pod enable static ip, we donot allow it to allocate ip without ipamd
+		return nil, false, fmt.Errorf("pod %s/%s enable static ip, but ipamd is not enabled", podNS, podName)
+	}
+
 	uapi, err := uapi.NewClient()
 	if err != nil {
 		return nil, false, fmt.Errorf("failed to init uapi client: %v", err)
diff --git a/pkg/ipamd/k8s.go b/pkg/ipamd/k8s.go
@@ -27,6 +27,7 @@ import (
 
 	"github.com/ucloud/uk8s-cni-vpc/pkg/ulog"
 	"k8s.io/apimachinery/pkg/fields"
+	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/util/retry"
 )
 
@@ -187,10 +188,14 @@ func (s *ipamServer) setAnnotationForCalicoPolicy(pod *v1.Pod, network *rpc.PodN
 }
 
 func (s *ipamServer) podEnableStaticIP(podName, podNS string) (bool, *v1.Pod, error) {
+	return IsPodEnableStaticIP(s.kubeClient, podName, podNS)
+}
+
+func IsPodEnableStaticIP(client *kubernetes.Clientset, podName, podNS string) (bool, *v1.Pod, error) {
 	statefulset := false
-	pod, err := s.getPod(podName, podNS)
+	pod, err := client.CoreV1().Pods(podNS).Get(context.Background(), podName, metav1.GetOptions{})
 	if err != nil {
-		ulog.Errorf("Get pod error: %v", err)
+		ulog.Errorf("Get %s/%s pod error: %v", podNS, podName, err)
 		return false, nil, err
 	}
 
