commit 0dca6c91ea9b8a14278aeb3a1a8ba6b512479862
author Lorenz Brun <lorenz@monogon.tech> Tue Jan 28 15:04:13 2025 +0100
committer Lorenz Brun <lorenz@monogon.tech> Wed Feb 05 14:55:23 2025 +0000
tree d3a4605fa9cefa9dccc79fe3df71d1e4335381a8
parent b6ed72eabf092066a837fea4b68846376bd70e8a

metropolis: use interface groups

This adds interface groups to all K8s pod interfaces via a CNI plugin
patch and corresponding configuration. It also adds an interface group
to the clusternet interface. Using these new interface groups the
nftables rules for NAT can be simplified.

These will also be used by the network policy plugin later.

Change-Id: I4638a4349ccb12b8724ad28ae34bb61cac4b4ece
Reviewed-on: https://review.monogon.dev/c/monogon/+/3814
Tested-by: Jenkins CI
Reviewed-by: Jan Schär <jan@monogon.tech>

third_party/go/patches/cniplugins-add-linkgroup.patch

diff --git a/third_party/go/patches/cniplugins-add-linkgroup.patch b/third_party/go/patches/cniplugins-add-linkgroup.patch
new file mode 100644
index 0000000..f294550
--- /dev/null
+++ b/third_party/go/patches/cniplugins-add-linkgroup.patch
@@ -0,0 +1,55 @@
+From a2c65ec075a9376e3b8e9fb72a96db36a613a1d0 Mon Sep 17 00:00:00 2001
+From: Lorenz Brun <lorenz@brun.one>
+Date: Thu, 2 Jan 2025 00:36:05 +0100
+Subject: [PATCH] Add linkGroup setting
+
+---
+ plugins/main/ptp/ptp.go | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/plugins/main/ptp/ptp.go b/plugins/main/ptp/ptp.go
+index 129146f2..aee37b11 100644
+--- a/plugins/main/ptp/ptp.go
++++ b/plugins/main/ptp/ptp.go
+@@ -46,6 +46,7 @@ type NetConf struct {
+ 	IPMasq        bool    `json:"ipMasq"`
+ 	IPMasqBackend *string `json:"ipMasqBackend,omitempty"`
+ 	MTU           int     `json:"mtu"`
++	LinkGroup     int     `json:"linkGroup,omitempty"`
+ }
+ 
+ func setupContainerVeth(netns ns.NetNS, ifName string, mtu int, pr *current.Result) (*current.Interface, *current.Interface, error) {
+@@ -145,7 +146,7 @@ func setupContainerVeth(netns ns.NetNS, ifName string, mtu int, pr *current.Resu
+ 	return hostInterface, containerInterface, nil
+ }
+ 
+-func setupHostVeth(vethName string, result *current.Result) error {
++func setupHostVeth(vethName string, group int, result *current.Result) error {
+ 	// hostVeth moved namespaces and may have a new ifindex
+ 	veth, err := netlink.LinkByName(vethName)
+ 	if err != nil {
+@@ -177,6 +178,12 @@ func setupHostVeth(vethName string, result *current.Result) error {
+ 		}
+ 	}
+ 
++	if group != 0 {
++		if err := netlink.LinkSetGroup(veth, group); err != nil {
++			return fmt.Errorf("failed to set link group for if %q: %v", vethName, err)
++		}
++	}
++
+ 	return nil
+ }
+ 
+@@ -224,7 +231,7 @@ func cmdAdd(args *skel.CmdArgs) error {
+ 		return err
+ 	}
+ 
+-	if err = setupHostVeth(hostInterface.Name, result); err != nil {
++	if err = setupHostVeth(hostInterface.Name, conf.LinkGroup, result); err != nil {
+ 		return err
+ 	}
+ 
+-- 
+2.47.1
+