Install flows to skip SNAT for k8s nodes (#2708)

[leonstack]

If destination IP is nodeIPs, we must skip SNAT if egress is enabled,
no need to forward such packets to the egressIP node

Signed-off-by: Yang Li [email protected]

[leonstack]

/test-e2e

[leonstack]

/test-all

[leonstack]

/test-all

[jianjuns]

In the commit message:

If destination IP is nodeIPs, we must skip SNAT if egress is enabled, no need to forward such packets to the egressIP node

When egress is enabled, we should skip SNAT for traffic to a remote Node's transport IP, as no need to forward such packets through an egress Node.

[tnqn]

LGTM

[tnqn]

/test-all

[codecov-commenter]

Codecov Report

Merging #2762 (fbb91b3) into main (cf22420) will increase coverage by 5.02%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main    #2762      +/-   ##
==========================================
+ Coverage   60.72%   65.74%   +5.02%     
==========================================
  Files         283      284       +1     
  Lines       22839    26946    +4107     
==========================================
+ Hits        13868    17715    +3847     
- Misses       7498     7552      +54     
- Partials     1473     1679     +206     

Flag	Coverage Δ
e2e-tests	56.12% <100.00%> (?)
kind-e2e-tests	48.95% <81.81%> (+0.50%)	⬆️
unit-tests	41.07% <18.18%> (-0.04%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
pkg/agent/openflow/client.go	68.91% <100.00%> (+10.61%)	⬆️
pkg/agent/openflow/pipeline.go	82.38% <100.00%> (+7.22%)	⬆️
pkg/controller/egress/ipallocator/allocator.go	65.00% <0.00%> (-15.42%)	⬇️
pkg/controller/networkpolicy/endpoint_querier.go	77.64% <0.00%> (-13.79%)	⬇️
pkg/legacyapis/core/v1alpha2/register.go	69.23% <0.00%> (-10.77%)	⬇️
pkg/apis/stats/register.go	71.42% <0.00%> (-10.39%)	⬇️
pkg/legacyapis/stats/register.go	71.42% <0.00%> (-10.39%)	⬇️
pkg/ovs/openflow/ofctrl_meter.go	33.84% <0.00%> (-10.16%)	⬇️
pkg/legacyapis/security/v1alpha1/register.go	73.33% <0.00%> (-10.00%)	⬇️
.../registry/networkpolicy/clustergroupmember/rest.go	78.26% <0.00%> (-9.98%)	⬇️
... and 271 more

[tnqn]

@leonstack "Go / Golangci-lint" check failed. Could you fix it so we can merge it?

[leonstack]

@leonstack "Go / Golangci-lint" check failed. Could you fix it so we can merge it?

OK, I will fix it later.

[leonstack]

/test-all

[leonstack]

@tnqn hi, seems everything is OK, can you help review this PR again :-)

[leonstack]

/test-ipv6

[tnqn]

LGTM

[jianjuns]

Just to confirm - it wont affect the default masquerade behavior right?

[leonstack]

Just to confirm - it wont affect the default masquerade behavior right?

It wont affect the default masquerade behavior, and the pod will use the default masquerade to communicate with other NodeIPs.