feat: add azure ip masq merger #3737
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
merges ip masq agent configs into one configmap and outputs to a directory adds the non masquerade ips list together and ORs the other flags together if no configmap that starts with ip-masq exists, no merged configmap is output and any previously created merged configmap in the merged-config directory is deleted this binary is separate from the rest of the repo similar to azure-ipam
ip masq merger is only meant to work on linux since ip masq agent only runs on linux
rename ip masq merger to be consistent with other files add golangci yml for linting fix shadowing issues with err and use newer method to check file not found error fix linter issues use require for tests
There was a problem hiding this comment.
Pull Request Overview
This PR introduces a new binary called "azure ip masq merger" to merge multiple IP masquerade configurations for Azure Container Networking. Key changes include:
- New implementation of the merger logic in ip_masq_merger.go.
- Comprehensive unit tests in ip_masq_merger_test.go.
- Updates to Dockerfile, Makefile, and go.mod to support building and packaging the new binary.
Reviewed Changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| azure-ip-masq-merger/ip_masq_merger.go | New merger implementation and underlying config validation. |
| azure-ip-masq-merger/ip_masq_merger_test.go | Added unit tests for merging and CIDR validation. |
| azure-ip-masq-merger/go.mod | Module and dependency management updates. |
| azure-ip-masq-merger/Dockerfile | Dockerfile updates to build multi-platform images. |
| azure-ip-masq-merger/.golangci.yml | Linters configuration for code quality. |
| Makefile | Build targets and packaging instructions for the new binary. |
Comments suppressed due to low confidence (1)
azure-ip-masq-merger/ip_masq_merger.go:250
- Consider sorting 'cidrsList' after merging to ensure deterministic ordering of CIDRs, which could aid in debugging and configuration comparisons.
for cidr := range cidrsSet { cidrsList = append(cidrsList, cidr) } 
camrynl previously approved these changes Jun 12, 2025
There was a problem hiding this comment.
Lgtm!
Summarizing our discussion offline for context: ip masq merger will merge configs when ebpf host routing and bpf ip masq agent is enabled. It will be deployed to clusters either with sidecare or initcontainer in the cilium daemonset. Dockerfile images will be updated in later stages along with pipeline image builds.
jpayne3506 reviewed Jun 13, 2025
camrynl previously approved these changes Jun 13, 2025
santhoshmprabhu previously approved these changes Jun 16, 2025
jpayne3506 reviewed Jun 16, 2025
jpayne3506 approved these changes Jun 16, 2025
| /azp run Azure Container Networking PR |
| Azure Pipelines successfully started running 1 pipeline(s). |
camrynl approved these changes Jun 16, 2025
4 tasks
github-merge-queue bot removed this pull request from the merge queue due to failed status checks 
| /azp run Azure Container Networking PR |
| Azure Pipelines successfully started running 1 pipeline(s). |
github-merge-queue bot removed this pull request from the merge queue due to failed status checks sivakami-projects pushed a commit that referenced this pull request Oct 23, 2025
* add azure ip masq merger merges ip masq agent configs into one configmap and outputs to a directory adds the non masquerade ips list together and ORs the other flags together if no configmap that starts with ip-masq exists, no merged configmap is output and any previously created merged configmap in the merged-config directory is deleted this binary is separate from the rest of the repo similar to azure-ipam * add azure ip masq merger make targets ip masq merger is only meant to work on linux since ip masq agent only runs on linux * add ip masq merger tests rename ip masq merger to be consistent with other files add golangci yml for linting fix shadowing issues with err and use newer method to check file not found error fix linter issues use require for tests * add make test for azure ip masq merger tested * add input output configuration * update images to mariner 3.0 * update temp base to 3.0 and fix formatting
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Add this suggestion to a batch that can be applied as a single commit. This suggestion is invalid because no changes were made to the code. Suggestions cannot be applied while the pull request is closed. Suggestions cannot be applied while viewing a subset of changes. Only one suggestion per line can be applied in a batch. Add this suggestion to a batch that can be applied as a single commit. Applying suggestions on deleted lines is not supported. You must change the existing code in this line in order to create a valid suggestion. Outdated suggestions cannot be applied. This suggestion has been applied or marked resolved. Suggestions cannot be applied from pending reviews. Suggestions cannot be applied on multi-line comments. Suggestions cannot be applied while the pull request is queued to merge. Suggestion cannot be applied right now. Please check back later.
Reason for Change:
This PR creates a new binary ip masq merger binary which merges two ip masq configs together and places them in an output directory for consumption. If no configmaps are found, it will also automatically delete the previously merged configmap. Adds makefile targets for building the binary and image with the appropriate dockerfile. Does not make pipeline changes. Tested on a cluster as a sidecar.
Issue Fixed:
Requirements:
Notes: