Support different uplink interfaces for Antrea SecondaryNetwork

cmd/antrea-agent/options.go

@@ -792,9 +792,17 @@ func (o *Options) validateSecondaryNetworkConfig() error {
 	if brConfig.BridgeName == "" {
 		return fmt.Errorf("bridge name is not provided for the secondary network OVS bridge")
 	}
-	if len(brConfig.PhysicalInterfaces) > 8 {
+	physicalInterfacesLen := len(brConfig.PhysicalInterfaces)
+	nodePoolsLen := len(brConfig.NodePools)
+	if physicalInterfacesLen > 8 {
 		return fmt.Errorf("at most eight physical interfaces can be specified for the secondary network OVS bridge")
 	}
+	if nodePoolsLen > 8 {
+		return fmt.Errorf("at most eight node pools can be specified for the secondary network OVS bridge")
+	}
+	if nodePoolsLen != 0 && physicalInterfacesLen != nodePoolsLen {
+		return fmt.Errorf("the number of physical interfaces and node pools must be the same for the secondary network OVS bridge")
+	}
 
 	return nil
 }

pkg/agent/secondarynetwork/init.go

@@ -39,9 +39,12 @@
 )
 
 type Controller struct {
+	client          clientset.Interface
 	ovsBridgeClient ovsconfig.OVSBridgeClient
 	secNetConfig    *agentconfig.SecondaryNetworkConfig
 	podController   *podwatch.PodController
+
+	nodeConfig *config.NodeConfig
 }
 
 func NewController(
@@ -78,7 +81,8 @@
 	return &Controller{
 		ovsBridgeClient: ovsBridgeClient,
 		secNetConfig:    secNetConfig,
-		podController:   podWatchController}, nil
+		podController:   podWatchController,
+		nodeConfig:      nodeConfig}, nil
 }
 
 // Run starts the Pod controller for secondary networks.

pkg/agent/secondarynetwork/init_linux.go

@@ -35,37 +35,80 @@ var (
 
 // Initialize sets up OVS bridges.
 func (c *Controller) Initialize() error {
+	klog.InfoS("Configuring physical interface for node", "node", c.nodeConfig.Name)
 	// We only support moving and restoring of interface configuration to OVS Bridge for the single physical interface case.
 	if len(c.secNetConfig.OVSBridges) != 0 {
 		phyInterfaces := make([]string, len(c.secNetConfig.OVSBridges[0].PhysicalInterfaces))
 		copy(phyInterfaces, c.secNetConfig.OVSBridges[0].PhysicalInterfaces)
-		if len(phyInterfaces) == 1 {
-			bridgedName, _, err := util.PrepareHostInterfaceConnection(
-				c.ovsBridgeClient,
-				phyInterfaces[0],
-				0,
-				map[string]interface{}{
-					interfacestore.AntreaInterfaceTypeKey: interfacestore.AntreaHost,
-				},
-				0, // do not request a specific MTU
-			)
-			if err != nil {
-				return err
+
+		nodePoolSize := len(c.secNetConfig.OVSBridges[0].NodePools)
+		if nodePoolSize == 0 {
+			if len(phyInterfaces) == 1 {
+				bridgedName, _, err := util.PrepareHostInterfaceConnection(
+					c.ovsBridgeClient,
+					phyInterfaces[0],
+					0,
+					map[string]interface{}{
+						interfacestore.AntreaInterfaceTypeKey: interfacestore.AntreaHost,
+					},
+					0, // do not request a specific MTU
+				)
+				if err != nil {
+					return err
+				}
+				phyInterfaces[0] = bridgedName
+			}
+		} else {
+			nodePools := make([]string, nodePoolSize)
+			copy(nodePools, c.secNetConfig.OVSBridges[0].NodePools)
+			for i, np := range nodePools {
+				if c.nodeConfig.Name == np {
+					klog.InfoS("Configuring physical interface for node pool", "nodePool", np, "interface", phyInterfaces[i])
+					phyInterfaces[i] = c.secNetConfig.OVSBridges[0].PhysicalInterfaces[i]
+					bridgedName, _, err := util.PrepareHostInterfaceConnection(
+						c.ovsBridgeClient,
+						phyInterfaces[i],
+						0,
+						map[string]interface{}{
+							interfacestore.AntreaInterfaceTypeKey: interfacestore.AntreaHost,
+						},
+						0, // do not request a specific MTU
+					)
+					if err != nil {
+						return err
+					}
+					phyInterfaceToBridge := []string{bridgedName}
+					if err := connectPhyInterfacesToOVSBridge(c.ovsBridgeClient, phyInterfaceToBridge); err != nil {
+						return err
+					}
+				}
 			}
-			phyInterfaces[0] = bridgedName
-		}
-		if err := connectPhyInterfacesToOVSBridge(c.ovsBridgeClient, phyInterfaces); err != nil {
-			return err
 		}
 	}
 	return nil
 }
 
 // Restore restores interface configuration from secondary-bridge back to host-interface.
 func (c *Controller) Restore() {
-	if len(c.secNetConfig.OVSBridges) != 0 && len(c.secNetConfig.OVSBridges[0].PhysicalInterfaces) == 1 {
-		util.RestoreHostInterfaceConfiguration(c.secNetConfig.OVSBridges[0].BridgeName, c.secNetConfig.OVSBridges[0].PhysicalInterfaces[0])
+	klog.InfoS("restoring bridge", "node", c.nodeConfig.Name)
+	if len(c.secNetConfig.OVSBridges) != 0 {
+		phyInterfaceSize := len(c.secNetConfig.OVSBridges[0].PhysicalInterfaces)
+		if phyInterfaceSize == 0 {
+			return
+		}
+		if phyInterfaceSize == 1 {
+			util.RestoreHostInterfaceConfiguration(c.secNetConfig.OVSBridges[0].BridgeName, c.secNetConfig.OVSBridges[0].PhysicalInterfaces[0])
+		} else {
+			for i := range c.secNetConfig.OVSBridges[0].PhysicalInterfaces {
+				klog.InfoS("restore bridge", "node", c.nodeConfig.Name, "nodePool", c.secNetConfig.OVSBridges[0].NodePools[i], "interface", c.secNetConfig.OVSBridges[0].PhysicalInterfaces[i])
+				if c.nodeConfig.Name == c.secNetConfig.OVSBridges[0].NodePools[i] {
+					bridgedName := util.GenerateUplinkInterfaceName(c.secNetConfig.OVSBridges[0].PhysicalInterfaces[i])
+					util.RestoreHostInterfaceConfiguration(c.secNetConfig.OVSBridges[0].BridgeName, bridgedName)
+				}
+			}
+		}
 	}
+
 }
 
 func connectPhyInterfacesToOVSBridge(ovsBridgeClient ovsconfig.OVSBridgeClient, phyInterfaces []string) error {

pkg/config/agent/config.go

@@ -428,6 +428,7 @@ type OVSBridgeConfig struct {
 	BridgeName string `yaml:"bridgeName"`
 	// Names of physical interfaces to be connected to the bridge.
 	PhysicalInterfaces []string `yaml:"physicalInterfaces,omitempty"`
+	NodePools          []string `yaml:"nodePools,omitempty"`
 	// Enable multicast snooping on the bridge, allowing the bridge to learn about multicast group memberships and
 	// forward multicast traffic only to ports that have interested receivers. When disabled, multicast traffic is
 	// flooded to all ports in the bridge.