cloudnativelabs
feat: convert execs to ip to netlink calls
Not making direct exec calls to user binary interfaces has long been a principle of kube-router. When kube-router was first coded, the netlink library was missing significant features that forced us to exec out. However, now netlink seems to have most of the functionality that we need.
This converts all of the places where we can use netlink to use the netlink functionality.
The current state of this PR is untested and still needs to undergo significant testing:
- [x] Ensure IPv4 routes are getting populated correctly
- [x] Ensure IPv4 source routing is being added to custom table
- [x] Ensure IPv6 routes are getting populated correctly
- [ ] Ensure IPv6 source routing is being added to custom table
- [x] Ensure IPv4 Service VIPs get added to the dummy interface
- [x] Ensure IPv6 Service VIPs get added to the dummy interface
- [x] Ensure DSR works
- [x] Ensure ipip encapsulation works
- [ ] Ensure fou encapsulation works
This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 10 days.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This PR is almost ready to go. There is just one small problem with IPv4 DSR service routing from a worker node in the cluster to an LB IP when the destination get's loadbalanced to another node in the cluster. During this scenario the service request times out instead of being fulfilled.
This doesn't seem to affect IPv6 traffic, or non-DSR enabled services, or IPv4 / DSR services when the traffic policy is local. Brief testing shows that this scenario also works ok with the current stable kube-router build.
There is a minor outstanding case where there is some problems with DSR traffic (see #1870) however, this was true whether netlink was used or iproute2 user-space tooling. So I think that we're fine leaving that issue alone for now.