openshift · openshift-merge-robot · Sep 30, 2017 · Aug 9, 2017 · Sep 18, 2017 · Sep 20, 2017
diff --git a/pkg/network/apis/network/types.go b/pkg/network/apis/network/types.go
@@ -50,6 +50,8 @@ type HostSubnet struct {
 	Host   string
 	HostIP string
 	Subnet string
+
+	EgressIPs []string
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
@@ -65,13 +67,15 @@ type HostSubnetList struct {
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
-// NetNamespace holds the network id against its name
+// NetNamespace holds information about the SDN configuration of a Namespace
 type NetNamespace struct {
 	metav1.TypeMeta
 	metav1.ObjectMeta
 
 	NetName string
 	NetID   uint32
+
+	EgressIPs []string
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

diff --git a/pkg/network/apis/network/v1/types.go b/pkg/network/apis/network/v1/types.go
@@ -68,6 +68,9 @@ type HostSubnet struct {
 	HostIP string `json:"hostIP" protobuf:"bytes,3,opt,name=hostIP"`
 	// Subnet is the CIDR range of the overlay network assigned to the node for its pods
 	Subnet string `json:"subnet" protobuf:"bytes,4,opt,name=subnet"`
+
+	// EgressIPs is the list of automatic egress IP addresses currently hosted by this node
+	EgressIPs []string `json:"egressIPs" protobuf:"bytes,5,rep,name=egressIPs"`
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
@@ -97,6 +100,10 @@ type NetNamespace struct {
 	NetName string `json:"netname" protobuf:"bytes,2,opt,name=netname"`
 	// NetID is the network identifier of the network namespace assigned to each overlay network packet. This can be manipulated with the "oc adm pod-network" commands.
 	NetID uint32 `json:"netid" protobuf:"varint,3,opt,name=netid"`
+
+	// EgressIPs is a list of reserved IPs that will be used as the source for external traffic coming from pods in this namespace. (If empty, external traffic will be masqueraded to Node IPs.)
+	// +optional
+	EgressIPs []string `json:"egressIPs" protobuf:"bytes,4,rep,name=egressIPs"`
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

diff --git a/pkg/network/apis/network/validation/validation.go b/pkg/network/apis/network/validation/validation.go
@@ -102,8 +102,6 @@ func ValidateClusterNetworkUpdate(obj *networkapi.ClusterNetwork, old *networkap
 	return allErrs
 }
 
-// ValidateHostSubnet tests fields for the host subnet, the host should be a network resolvable string,
-//  and subnet should be a valid CIDR
 func ValidateHostSubnet(hs *networkapi.HostSubnet) field.ErrorList {
 	allErrs := validation.ValidateObjectMeta(&hs.ObjectMeta, false, path.ValidatePathSegmentName, field.NewPath("metadata"))
 
@@ -125,6 +123,13 @@ func ValidateHostSubnet(hs *networkapi.HostSubnet) field.ErrorList {
 	if net.ParseIP(hs.HostIP) == nil {
 		allErrs = append(allErrs, field.Invalid(field.NewPath("hostIP"), hs.HostIP, "invalid IP address"))
 	}
+
+	for i, egressIP := range hs.EgressIPs {
+		if net.ParseIP(egressIP) == nil {
+			allErrs = append(allErrs, field.Invalid(field.NewPath("egressIPs").Index(i), egressIP, "invalid IP address"))
+		}
+	}
+
 	return allErrs
 }
 
@@ -150,6 +155,13 @@ func ValidateNetNamespace(netnamespace *networkapi.NetNamespace) field.ErrorList
 	if err := network.ValidVNID(netnamespace.NetID); err != nil {
 		allErrs = append(allErrs, field.Invalid(field.NewPath("netid"), netnamespace.NetID, err.Error()))
 	}
+
+	for i, ip := range netnamespace.EgressIPs {
+		if net.ParseIP(ip) == nil {
+			allErrs = append(allErrs, field.Invalid(field.NewPath("egressIPs").Index(i), ip, "invalid IP address"))
+		}
+	}
+
 	return allErrs
 }
 

diff --git a/pkg/network/apis/network/validation/validation_test.go b/pkg/network/apis/network/validation/validation_test.go
@@ -299,6 +299,38 @@ func TestValidateHostSubnet(t *testing.T) {
 			},
 			expectedErrors: 1,
 		},
+		{
+			name: "Good one with EgressIPs",
+			hs: &networkapi.HostSubnet{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "abc.def.com",
+				},
+				Host:   "abc.def.com",
+				HostIP: "10.20.30.40",
+				Subnet: "8.8.8.0/24",
+				EgressIPs: []string{
+					"192.168.1.99",
+					"192.168.2.42",
+				},
+			},
+			expectedErrors: 0,
+		},
+		{
+			name: "Malformed EgressIPs",
+			hs: &networkapi.HostSubnet{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "abc.def.com",
+				},
+				Host:   "abc.def.com",
+				HostIP: "10.20.30.40",
+				Subnet: "8.8.8.0/24",
+				EgressIPs: []string{
+					"192.168.1.0/24",
+					"bob",
+				},
+			},
+			expectedErrors: 2,
+		},
 	}
 
 	for _, tc := range tests {
@@ -310,6 +342,91 @@ func TestValidateHostSubnet(t *testing.T) {
 	}
 }
 
+func TestValidateNetNamespace(t *testing.T) {
+	tests := []struct {
+		name           string
+		netns          *networkapi.NetNamespace
+		expectedErrors int
+	}{
+		{
+			name: "Good one",
+			netns: &networkapi.NetNamespace{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "abc",
+				},
+				NetName: "abc",
+				NetID:   12345,
+			},
+			expectedErrors: 0,
+		},
+		{
+			name: "Bad NetName",
+			netns: &networkapi.NetNamespace{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "abc",
+				},
+				NetName: "wrong",
+				NetID:   12345,
+			},
+			expectedErrors: 1,
+		},
+		{
+			name: "NetID too large",
+			netns: &networkapi.NetNamespace{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "abc",
+				},
+				NetName: "abc",
+				NetID:   16777217,
+			},
+			expectedErrors: 1,
+		},
+		{
+			name: "NetID in reserved range",
+			netns: &networkapi.NetNamespace{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "abc",
+				},
+				NetName: "abc",
+				NetID:   5,
+			},
+			expectedErrors: 1,
+		},
+		{
+			name: "Good with EgressIPs",
+			netns: &networkapi.NetNamespace{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "abc",
+				},
+				NetName:   "abc",
+				NetID:     12345,
+				EgressIPs: []string{"192.168.1.5", "192.168.1.7"},
+			},
+			expectedErrors: 0,
+		},
+		{
+			name: "Bad EgressIPs",
+			netns: &networkapi.NetNamespace{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "abc",
+				},
+				NetName:   "abc",
+				NetID:     12345,
+				EgressIPs: []string{"example.com", ""},
+			},
+			expectedErrors: 2,
+		},
+	}
+
+	for _, tc := range tests {
+		errs := ValidateNetNamespace(tc.netns)
+
+		if len(errs) != tc.expectedErrors {
+			t.Errorf("Test case %s expected %d error(s), got %d. %v", tc.name, tc.expectedErrors, len(errs), errs)
+		}
+	}
+}
+
 func TestValidateEgressNetworkPolicy(t *testing.T) {
 	tests := []struct {
 		name           string

diff --git a/pkg/oc/cli/describe/describer.go b/pkg/oc/cli/describe/describer.go
@@ -1741,6 +1741,7 @@ func (d *HostSubnetDescriber) Describe(namespace, name string, settings kprinter
 		formatString(out, "Node", hs.Host)
 		formatString(out, "Node IP", hs.HostIP)
 		formatString(out, "Pod Subnet", hs.Subnet)
+		formatString(out, "Egress IPs", strings.Join(hs.EgressIPs, ", "))
 		return nil
 	})
 }
@@ -1759,6 +1760,7 @@ func (d *NetNamespaceDescriber) Describe(namespace, name string, settings kprint
 		formatMeta(out, netns.ObjectMeta)
 		formatString(out, "Name", netns.NetName)
 		formatString(out, "ID", netns.NetID)
+		formatString(out, "Egress IPs", strings.Join(netns.EgressIPs, ", "))
 		return nil
 	})
 }

diff --git a/pkg/oc/cli/describe/printer.go b/pkg/oc/cli/describe/printer.go
@@ -60,8 +60,8 @@ var (
 	// IsPersonalSubjectAccessReviewColumns contains known custom role extensions
 	IsPersonalSubjectAccessReviewColumns = []string{"NAME"}
 
-	hostSubnetColumns          = []string{"NAME", "HOST", "HOST IP", "SUBNET"}
-	netNamespaceColumns        = []string{"NAME", "NETID"}
+	hostSubnetColumns          = []string{"NAME", "HOST", "HOST IP", "SUBNET", "EGRESS IPS"}
+	netNamespaceColumns        = []string{"NAME", "NETID", "EGRESS IPS"}
 	clusterNetworkColumns      = []string{"NAME", "CLUSTER NETWORKS", "SERVICE NETWORK", "PLUGIN NAME"}
 	egressNetworkPolicyColumns = []string{"NAME"}
 
@@ -1028,7 +1028,7 @@ func printGroupList(list *userapi.GroupList, w io.Writer, opts kprinters.PrintOp
 
 func printHostSubnet(h *networkapi.HostSubnet, w io.Writer, opts kprinters.PrintOptions) error {
 	name := formatResourceName(opts.Kind, h.Name, opts.WithKind)
-	_, err := fmt.Fprintf(w, "%s\t%s\t%s\t%s\n", name, h.Host, h.HostIP, h.Subnet)
+	_, err := fmt.Fprintf(w, "%s\t%s\t%s\t%s\t[%s]\n", name, h.Host, h.HostIP, h.Subnet, strings.Join(h.EgressIPs, ", "))
 	return err
 }
 
@@ -1041,9 +1041,9 @@ func printHostSubnetList(list *networkapi.HostSubnetList, w io.Writer, opts kpri
 	return nil
 }
 
-func printNetNamespace(h *networkapi.NetNamespace, w io.Writer, opts kprinters.PrintOptions) error {
-	name := formatResourceName(opts.Kind, h.NetName, opts.WithKind)
-	_, err := fmt.Fprintf(w, "%s\t%d\n", name, h.NetID)
+func printNetNamespace(n *networkapi.NetNamespace, w io.Writer, opts kprinters.PrintOptions) error {
+	name := formatResourceName(opts.Kind, n.NetName, opts.WithKind)
+	_, err := fmt.Fprintf(w, "%s\t%d\t[%s]\n", name, n.NetID, strings.Join(n.EgressIPs, ", "))
 	return err
 }