1/* 2Copyright 2016 The Kubernetes Authors. 3 4Licensed under the Apache License, Version 2.0 (the "License"); 5you may not use this file except in compliance with the License. 6You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10Unless required by applicable law or agreed to in writing, software 11distributed under the License is distributed on an "AS IS" BASIS, 12WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13See the License for the specific language governing permissions and 14limitations under the License. 15*/ 16 17package kubelet 18 19import ( 20 "fmt" 21 22 "k8s.io/api/core/v1" 23 runtimeapi "k8s.io/cri-api/pkg/apis/runtime/v1alpha2" 24 "k8s.io/klog/v2" 25 utiliptables "k8s.io/kubernetes/pkg/util/iptables" 26) 27 28const ( 29 // KubeMarkMasqChain is the mark-for-masquerade chain 30 // TODO: clean up this logic in kube-proxy 31 KubeMarkMasqChain utiliptables.Chain = "KUBE-MARK-MASQ" 32 33 // KubeMarkDropChain is the mark-for-drop chain 34 KubeMarkDropChain utiliptables.Chain = "KUBE-MARK-DROP" 35 36 // KubePostroutingChain is kubernetes postrouting rules 37 KubePostroutingChain utiliptables.Chain = "KUBE-POSTROUTING" 38 39 // KubeFirewallChain is kubernetes firewall rules 40 KubeFirewallChain utiliptables.Chain = "KUBE-FIREWALL" 41) 42 43// providerRequiresNetworkingConfiguration returns whether the cloud provider 44// requires special networking configuration. 45func (kl *Kubelet) providerRequiresNetworkingConfiguration() bool { 46 // TODO: We should have a mechanism to say whether native cloud provider 47 // is used or whether we are using overlay networking. We should return 48 // true for cloud providers if they implement Routes() interface and 49 // we are not using overlay networking. 50 if kl.cloud == nil || kl.cloud.ProviderName() != "gce" { 51 return false 52 } 53 _, supported := kl.cloud.Routes() 54 return supported 55} 56 57// updatePodCIDR updates the pod CIDR in the runtime state if it is different 58// from the current CIDR. Return true if pod CIDR is actually changed. 59func (kl *Kubelet) updatePodCIDR(cidr string) (bool, error) { 60 kl.updatePodCIDRMux.Lock() 61 defer kl.updatePodCIDRMux.Unlock() 62 63 podCIDR := kl.runtimeState.podCIDR() 64 65 if podCIDR == cidr { 66 return false, nil 67 } 68 69 // kubelet -> generic runtime -> runtime shim -> network plugin 70 // docker/non-cri implementations have a passthrough UpdatePodCIDR 71 if err := kl.getRuntime().UpdatePodCIDR(cidr); err != nil { 72 // If updatePodCIDR would fail, theoretically pod CIDR could not change. 73 // But it is better to be on the safe side to still return true here. 74 return true, fmt.Errorf("failed to update pod CIDR: %v", err) 75 } 76 klog.InfoS("Updating Pod CIDR", "originalPodCIDR", podCIDR, "newPodCIDR", cidr) 77 kl.runtimeState.setPodCIDR(cidr) 78 return true, nil 79} 80 81// GetPodDNS returns DNS settings for the pod. 82// This function is defined in kubecontainer.RuntimeHelper interface so we 83// have to implement it. 84func (kl *Kubelet) GetPodDNS(pod *v1.Pod) (*runtimeapi.DNSConfig, error) { 85 return kl.dnsConfigurer.GetPodDNS(pod) 86} 87