Nat reuse router port external ip

.github/workflows/build-x86-image.yaml

@@ -1887,7 +1887,11 @@ jobs:
       - name: Install Kube-OVN
         run: make kind-install
 
-      - name: Run E2E
+      - name: Run Vip E2E
+        working-directory: ${{ env.E2E_DIR }}
+        run: make vip-conformance-e2e
+
+      - name: Run Ovn VPC NAT GW E2E
         working-directory: ${{ env.E2E_DIR }}
         run: make ovn-vpc-nat-gw-conformance-e2e
 

Makefile

@@ -910,7 +910,7 @@ lint:
 		echo "Code differs from gofmt's style" 1>&2 && exit 1; \
 	fi
 	@GOOS=linux go vet ./...
-	@GOOS=linux gosec -exclude=G204,G306,G404,G601,G301 -exclude-dir=test -exclude-dir=pkg/client ./...
+	@GOOS=linux gosec -exclude=G204,G306,G402,G404,G601,G301 -exclude-dir=test -exclude-dir=pkg/client ./...
 
 .PHONY: gofumpt
 gofumpt: gofumpt

Makefile.e2e

@@ -63,6 +63,7 @@ e2e-build:
 	ginkgo build $(E2E_BUILD_FLAGS) ./test/e2e/kube-ovn
 	ginkgo build $(E2E_BUILD_FLAGS) ./test/e2e/ovn-ic
 	ginkgo build $(E2E_BUILD_FLAGS) ./test/e2e/lb-svc
+	ginkgo build $(E2E_BUILD_FLAGS) ./test/e2e/vip
 	ginkgo build $(E2E_BUILD_FLAGS) ./test/e2e/iptables-vpc-nat-gw
 	ginkgo build $(E2E_BUILD_FLAGS) ./test/e2e/ovn-vpc-nat-gw
 	ginkgo build $(E2E_BUILD_FLAGS) ./test/e2e/ha
@@ -133,6 +134,15 @@ kube-ovn-lb-svc-conformance-e2e:
 	ginkgo $(GINKGO_PARALLEL_OPT) --randomize-all -v \
 		--focus=CNI:Kube-OVN ./test/e2e/lb-svc/lb-svc.test -- $(TEST_BIN_ARGS)
 
+.PHONY: vip-conformance-e2e
+vip-conformance-e2e:
+	ginkgo build $(E2E_BUILD_FLAGS) ./test/e2e/vip
+	E2E_BRANCH=$(E2E_BRANCH) \
+	E2E_IP_FAMILY=$(E2E_IP_FAMILY) \
+	E2E_NETWORK_MODE=$(E2E_NETWORK_MODE) \
+	ginkgo $(GINKGO_PARALLEL_OPT) --randomize-all -v \
+		--focus=CNI:Kube-OVN ./test/e2e/vip/vip.test -- $(TEST_BIN_ARGS)
+
 .PHONY: iptables-vpc-nat-gw-conformance-e2e
 iptables-vpc-nat-gw-conformance-e2e:
 	ginkgo build $(E2E_BUILD_FLAGS) ./test/e2e/iptables-vpc-nat-gw

charts/templates/kube-ovn-crd.yaml

@@ -980,8 +980,6 @@ spec:
                   type: string
                 v4Ip:
                   type: string
-                macAddress:
-                  type: string
                 vpc:
                   type: string
                 conditions:
@@ -1010,6 +1008,10 @@ spec:
                   type: string
                 ipName:
                   type: string
+                vpc:
+                  type: string
+                v4Ip:
+                  type: string
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
@@ -1038,8 +1040,8 @@ spec:
       - jsonPath: .status.v4Eip
         name: V4Eip
         type: string
-      - jsonPath: .status.v4ipCidr
-        name: V4Ip
+      - jsonPath: .status.v4IpCidr
+        name: V4IpCidr
         type: string
       - jsonPath: .status.ready
         name: Ready
@@ -1055,7 +1057,7 @@ spec:
                   type: boolean
                 v4Eip:
                   type: string
-                v4ipCidr:
+                v4IpCidr:
                   type: string
                 vpc:
                   type: string
@@ -1085,6 +1087,10 @@ spec:
                   type: string
                 ipName:
                   type: string
+                vpc:
+                  type: string
+                v4IpCidr:
+                  type: string
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
@@ -1107,6 +1113,9 @@ spec:
       subresources:
         status: {}
       additionalPrinterColumns:
+        - jsonPath: .status.vpc
+          name: Vpc
+          type: string
         - jsonPath: .spec.ovnEip
           name: Eip
           type: string
@@ -1144,8 +1153,6 @@ spec:
                   type: string
                 v4Ip:
                   type: string
-                macAddress:
-                  type: string
                 vpc:
                   type: string
                 externalPort:
@@ -1188,6 +1195,10 @@ spec:
                   type: string
                 protocol:
                   type: string
+                vpc:
+                  type: string
+                v4Ip:
+                  type: string
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition

cmd/cmdmain.go

@@ -47,11 +47,11 @@ func dumpProfile() {
 				klog.Errorf("failed to create cpu profile file: %v", err)
 				return
 			}
-			defer f.Close()
 			if err = pprof.StartCPUProfile(f); err != nil {
 				klog.Errorf("failed to start cpu profile: %v", err)
 				return
 			}
+			defer f.Close()
 			time.Sleep(30 * time.Second)
 			pprof.StopCPUProfile()
 		}
@@ -65,10 +65,10 @@ func dumpProfile() {
 				klog.Errorf("failed to create memory profile file: %v", err)
 				return
 			}
-			defer f.Close()
 			if err = pprof.WriteHeapProfile(f); err != nil {
 				klog.Errorf("failed to write memory profile file: %v", err)
 			}
+			defer f.Close()
 		}
 	}()
 }

dist/images/install.sh

@@ -1519,8 +1519,6 @@ spec:
                   type: string
                 v4Ip:
                   type: string
-                macAddress:
-                  type: string
                 vpc:
                   type: string
                 conditions:
@@ -1549,6 +1547,10 @@ spec:
                   type: string
                 ipName:
                   type: string
+                vpc:
+                  type: string
+                v4Ip:
+                  type: string
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
@@ -1577,8 +1579,8 @@ spec:
       - jsonPath: .status.v4Eip
         name: V4Eip
         type: string
-      - jsonPath: .status.v4ipCidr
-        name: V4Ip
+      - jsonPath: .status.v4IpCidr
+        name: V4IpCidr
         type: string
       - jsonPath: .status.ready
         name: Ready
@@ -1594,7 +1596,7 @@ spec:
                   type: boolean
                 v4Eip:
                   type: string
-                v4ipCidr:
+                v4IpCidr:
                   type: string
                 vpc:
                   type: string
@@ -1624,6 +1626,10 @@ spec:
                   type: string
                 ipName:
                   type: string
+                vpc:
+                  type: string
+                v4IpCidr:
+                  type: string
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
@@ -1646,6 +1652,9 @@ spec:
       subresources:
         status: {}
       additionalPrinterColumns:
+        - jsonPath: .status.vpc
+          name: Vpc
+          type: string
         - jsonPath: .spec.ovnEip
           name: Eip
           type: string
@@ -1683,8 +1692,6 @@ spec:
                     type: string
                   v4Ip:
                     type: string
-                  macAddress:
-                    type: string
                   vpc:
                     type: string
                   externalPort:
@@ -1727,6 +1734,10 @@ spec:
                     type: string
                   protocol:
                     type: string
+                  vpc:
+                    type: string
+                  v4Ip:
+                    type: string
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition

go.mod

@@ -42,17 +42,17 @@ require (
 	google.golang.org/grpc v1.59.0
 	google.golang.org/protobuf v1.31.0
 	gopkg.in/k8snetworkplumbingwg/multus-cni.v4 v4.0.2
-	k8s.io/api v0.28.2
-	k8s.io/apimachinery v0.28.2
+	k8s.io/api v0.28.3
+	k8s.io/apimachinery v0.28.3
 	k8s.io/client-go v12.0.0+incompatible
 	k8s.io/klog/v2 v2.100.1
 	k8s.io/kubectl v0.28.2
 	k8s.io/kubernetes v1.28.2
 	k8s.io/pod-security-admission v0.28.2
-	k8s.io/sample-controller v0.28.2
+	k8s.io/sample-controller v0.28.3
 	k8s.io/utils v0.0.0-20230726121419-3b25d923346b
 	kubevirt.io/client-go v1.0.0
-	sigs.k8s.io/controller-runtime v0.16.2
+	sigs.k8s.io/controller-runtime v0.16.3
 )
 
 require (
@@ -250,18 +250,18 @@ require (
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiextensions-apiserver v0.28.2 // indirect
-	k8s.io/apiserver v0.28.2 // indirect
+	k8s.io/apiextensions-apiserver v0.28.3 // indirect
+	k8s.io/apiserver v0.28.3 // indirect
 	k8s.io/cli-runtime v0.28.2 // indirect
 	k8s.io/cloud-provider v0.28.2 // indirect
 	k8s.io/cluster-bootstrap v0.28.2 // indirect
-	k8s.io/component-base v0.28.2 // indirect
+	k8s.io/component-base v0.28.3 // indirect
 	k8s.io/component-helpers v0.28.2 // indirect
 	k8s.io/controller-manager v0.28.2 // indirect
 	k8s.io/cri-api v0.28.2 // indirect
 	k8s.io/csi-translation-lib v0.28.2 // indirect
 	k8s.io/dynamic-resource-allocation v0.0.0 // indirect
-	k8s.io/kms v0.28.2 // indirect
+	k8s.io/kms v0.28.3 // indirect
 	k8s.io/kube-openapi v0.0.0-20230905202853-d090da108d2f // indirect
 	k8s.io/kube-scheduler v0.0.0 // indirect
 	k8s.io/kubelet v0.28.2 // indirect

go.sum

@@ -3049,8 +3049,9 @@ k8s.io/klog/v2 v2.40.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
 k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
-k8s.io/kms v0.28.2 h1:KhG63LHopCdzs1oKA1j+NWleuIXudgOyCqJo4yi3GaM=
 k8s.io/kms v0.28.2/go.mod h1:iAjgIqBrV2+8kmsjbbgUkAyKSuYq5g1dW9knpt6OhaE=
+k8s.io/kms v0.28.3 h1:jYwwAe96XELNjYWv1G4kNzizcFoZ50OOElvPansbw70=
+k8s.io/kms v0.28.3/go.mod h1:kSMjU2tg7vjqqoWVVCcmPmNZ/CofPsoTbSxAipCvZuE=
 k8s.io/kube-aggregator v0.28.2 h1:tCjAfB1p/v18yD2NpegNQRuahzyA/szFfcRARnpjDeo=
 k8s.io/kube-aggregator v0.28.2/go.mod h1:g4hZVjC4KhJtZHV2pyiRBiU6AdBA/sAjh9Y9GJC/SbU=
 k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E=
@@ -3076,8 +3077,8 @@ k8s.io/pod-security-admission v0.28.2 h1:3kiOL+gc6auNTGHuQ0hVsGxYu2YO/7DZb0xYR84
 k8s.io/pod-security-admission v0.28.2/go.mod h1:gReea39xbhIzf4Ry0FDuiTi8uj1N5R9YXOh8zQSuTxs=
 k8s.io/sample-apiserver v0.28.2 h1:lT4EeLgGe0yxZhWlXmUBzWtqUxUc1X+vO8PmIYuFOVw=
 k8s.io/sample-apiserver v0.28.2/go.mod h1:xLogWmyVOkxCxCTu+NlwucWi/yxb/VZlmDWEurF5rOs=
-k8s.io/sample-controller v0.28.2 h1:zIoifZJkqCitdqLdI06Uh4LOY9/w92vImSOydOMCNDI=
-k8s.io/sample-controller v0.28.2/go.mod h1:QoJ32+bl8u2nZIPG55ZzZGO/UAuKAHmaw48mTXgjQ18=
+k8s.io/sample-controller v0.28.3 h1:yS3hNgOFpgaIldluEAlSLIRk2281g07kxNrdwKBX2gM=
+k8s.io/sample-controller v0.28.3/go.mod h1:R6ahxfGNbfqHpCF53ogmYoIn80jQrBNvEjKCGAYufHQ=
 k8s.io/utils v0.0.0-20190801114015-581e00157fb1/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
 k8s.io/utils v0.0.0-20191114200735-6ca3b61696b6/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
 k8s.io/utils v0.0.0-20200414100711-2df71ebbae66/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
@@ -3134,8 +3135,8 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.1.2 h1:trsWhjU5jZrx6UvFu4WzQDrN7Pga4a7Qg+zcfcj64PA=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.1.2/go.mod h1:+qG7ISXqCDVVcyO8hLn12AKVYYUjM7ftlqsqmrhMZE0=
-sigs.k8s.io/controller-runtime v0.16.2 h1:mwXAVuEk3EQf478PQwQ48zGOXvW27UJc8NHktQVuIPU=
-sigs.k8s.io/controller-runtime v0.16.2/go.mod h1:vpMu3LpI5sYWtujJOa2uPK61nB5rbwlN7BAB8aSLvGU=
+sigs.k8s.io/controller-runtime v0.16.3 h1:2TuvuokmfXvDUamSx1SuAOO3eTyye+47mJCigwG62c4=
+sigs.k8s.io/controller-runtime v0.16.3/go.mod h1:j7bialYoSn142nv9sCOJmQgDXQXxnroFU4VnX/brVJ0=
 sigs.k8s.io/controller-tools v0.2.4/go.mod h1:m/ztfQNocGYBgTTCmFdnK94uVvgxeZeE3LtJvd/jIzA=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=

pkg/apis/kubeovn/v1/types.go

@@ -1003,6 +1003,8 @@ type OvnFipSpec struct {
 	OvnEip string `json:"ovnEip"`
 	IPType string `json:"ipType"` // vip, ip
 	IPName string `json:"ipName"` // vip, ip crd name
+	Vpc    string `json:"vpc"`
+	V4Ip   string `json:"v4Ip"`
 }
 
 // OvnFipCondition describes the state of an object at a certain point.
@@ -1012,11 +1014,10 @@ type OvnFipCondition Condition
 type OvnFipStatus struct {
 	// +optional
 	// +patchStrategy=merge
-	Ready      bool   `json:"ready" patchStrategy:"merge"`
-	V4Eip      string `json:"v4Eip" patchStrategy:"merge"`
-	V4Ip       string `json:"v4Ip" patchStrategy:"merge"`
-	MacAddress string `json:"macAddress" patchStrategy:"merge"`
-	Vpc        string `json:"vpc" patchStrategy:"merge"`
+	Vpc   string `json:"vpc" patchStrategy:"merge"`
+	V4Eip string `json:"v4Eip" patchStrategy:"merge"`
+	V4Ip  string `json:"v4Ip" patchStrategy:"merge"`
+	Ready bool   `json:"ready" patchStrategy:"merge"`
 
 	// Conditions represents the latest state of the object
 	// +optional
@@ -1051,6 +1052,8 @@ type OvnSnatRuleSpec struct {
 	OvnEip    string `json:"ovnEip"`
 	VpcSubnet string `json:"vpcSubnet"`
 	IPName    string `json:"ipName"`
+	Vpc       string `json:"vpc"`
+	V4IpCidr  string `json:"v4IpCidr"` // subnet cidr or pod ip address
 }
 
 // OvnSnatRuleCondition describes the state of an object at a certain point.
@@ -1060,10 +1063,10 @@ type OvnSnatRuleCondition Condition
 type OvnSnatRuleStatus struct {
 	// +optional
 	// +patchStrategy=merge
-	Ready    bool   `json:"ready" patchStrategy:"merge"`
-	V4Eip    string `json:"v4Eip" patchStrategy:"merge"`
-	V4IpCidr string `json:"v4ipCidr" patchStrategy:"merge"`
 	Vpc      string `json:"vpc" patchStrategy:"merge"`
+	V4Eip    string `json:"v4Eip" patchStrategy:"merge"`
+	V4IpCidr string `json:"v4IpCidr" patchStrategy:"merge"`
+	Ready    bool   `json:"ready" patchStrategy:"merge"`
 
 	// Conditions represents the latest state of the object
 	// +optional
@@ -1101,6 +1104,8 @@ type OvnDnatRuleSpec struct {
 	InternalPort string `json:"internalPort"`
 	ExternalPort string `json:"externalPort"`
 	Protocol     string `json:"protocol,omitempty"`
+	Vpc          string `json:"vpc"`
+	V4Ip         string `json:"v4Ip"`
 }
 
 // OvnDnatRuleCondition describes the state of an object at a certain point.
@@ -1111,15 +1116,14 @@ type OvnDnatRuleCondition Condition
 type OvnDnatRuleStatus struct {
 	// +optional
 	// +patchStrategy=merge
-	Ready        bool   `json:"ready" patchStrategy:"merge"`
+	Vpc          string `json:"vpc" patchStrategy:"merge"`
 	V4Eip        string `json:"v4Eip" patchStrategy:"merge"`
+	ExternalPort string `json:"externalPort"`
 	V4Ip         string `json:"v4Ip" patchStrategy:"merge"`
-	MacAddress   string `json:"macAddress" patchStrategy:"merge"`
-	Vpc          string `json:"vpc" patchStrategy:"merge"`
 	InternalPort string `json:"internalPort"`
-	ExternalPort string `json:"externalPort"`
 	Protocol     string `json:"protocol,omitempty"`
 	IPName       string `json:"ipName"`
+	Ready        bool   `json:"ready" patchStrategy:"merge"`
 
 	// Conditions represents the latest state of the object
 	// +optional