cilium-cni: Add support for route/rules creation on Kubernetes IPAM#658
Merged
HadrienPatte merged 1 commit intov1.19-ddfrom Apr 1, 2026
Merged
cilium-cni: Add support for route/rules creation on Kubernetes IPAM#658HadrienPatte merged 1 commit intov1.19-ddfrom
HadrienPatte merged 1 commit intov1.19-ddfrom
Conversation
Enable multi-VNIC routing for Kubernetes IPAM mode, targeting environments like Oracle Cloud where pods need per-interface routing rules (similar to what ENI/Azure modes already provide). The change has three parts: 1. hostScopeAllocator (pkg/ipam/hostscope.go): At allocator construction time, scan netlink interfaces to find one whose subnet contains the allocation CIDR. If found, cache its MAC, interface index, CIDR, and derived gateway IP. Stamp this routing info onto every AllocationResult, making it available to downstream consumers without per-allocation syscalls. 2. infra_ip_allocation.go: Relax the routing-setup guards from explicit IPAM mode checks (ENI/AlibabaCloud/Azure) to presence checks on the routing fields (GatewayIP, PrimaryMAC, CIDRs). This is a no-op for ENI/Azure (their CRD allocator already populates these fields) but enables Kubernetes IPAM to configure the same per-interface routes and rules when routing info is available. 3. cilium-cni cmd.go: Extend needsEndpointRoutingOnHost to also return true for Kubernetes IPAM when gateway and MAC are present, so the CNI plugin sets up endpoint routes on the host for multi-VNIC pods. Signed-off-by: Hadrien Patte <hadrien.patte@datadoghq.com>
41ks
approved these changes
Mar 31, 2026
|
Hope we can get this patch merged upstream without a lot of trouble. It seems pretty safe. Though, I don't know if there are potential edge cases in some random config that would break this. Hopefully not ... |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Enable multi-VNIC routing for Kubernetes IPAM mode, targeting environments like Oracle Cloud where pods need per-interface routing rules (similar to what ENI/Azure modes already provide).
The change has three parts:
hostScopeAllocator (pkg/ipam/hostscope.go): At allocator construction time, scan netlink interfaces to find one whose subnet contains the allocation CIDR. If found, cache its MAC, interface index, CIDR, and derived gateway IP. Stamp this routing info onto every AllocationResult, making it available to downstream consumers without per-allocation syscalls.
infra_ip_allocation.go: Relax the routing-setup guards from explicit IPAM mode checks (ENI/AlibabaCloud/Azure) to presence checks on the routing fields (GatewayIP, PrimaryMAC, CIDRs). This is a no-op for ENI/Azure (their CRD allocator already populates these fields) but enables Kubernetes IPAM to configure the same per-interface routes and rules when routing info is available.
cilium-cni cmd.go: Extend needsEndpointRoutingOnHost to also return true for Kubernetes IPAM when gateway and MAC are present, so the CNI plugin sets up endpoint routes on the host for multi-VNIC pods.