Skip to content

Commit

Permalink
update egci crd
Browse files Browse the repository at this point in the history 
Signed-off-by: bzsuni <[email protected]>
  • Loading branch information
@bzsuni
bzsuni committed Jul 31, 2023
1 parent fbf8fe6 commit 3dd3fe7
Show file tree
Hide file tree
Showing 11 changed files with 617 additions and 485 deletions.
38 changes: 19 additions & 19 deletions charts/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,25 +23,25 @@ helm install egressgateway egressgateway/egressgateway --namespace kube-system

### Feature parameters

| Name | Description | Value |
| ----------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
| `feature.enableIPv4` | Enable IPv4 | `true` |
| `feature.enableIPv6` | Enable IPv6 | `true` |
| `feature.datapathMode` | iptables mode, [`iptables`, `ebpf`] | `iptables` |
| `feature.tunnelIpv4Subnet` | Tunnel IPv4 subnet | `172.31.0.0/16` |
| `feature.tunnelIpv6Subnet` | Tunnel IPv6 subnet | `fd11::/112` |
| `feature.tunnelDetectMethod` | Tunnel base on which interface [`defaultRouteInterface`, `interface=eth0`] | `defaultRouteInterface` |
| `feature.iptables.backendMode` | Iptables mode can be specified as `nft` or `legacy`, with `auto` meaning automatic detection. The default value is `auto`. | `auto` |
| `feature.vxlan.name` | The name of VXLAN device | `egress.vxlan` |
| `feature.vxlan.port` | VXLAN port | `7789` |
| `feature.vxlan.id` | VXLAN ID | `100` |
| `feature.vxlan.disableChecksumOffload` | Disable checksum offload | `true` |
| `feature.egressIgnoreCIDR.autoDetect.podCIDR` | cni cluster used | `calico` |
| `feature.egressIgnoreCIDR.autoDetect.clusterIP` | if ignore service ip | `true` |
| `feature.egressIgnoreCIDR.autoDetect.nodeIP` | if ignore node ip | `true` |
| `feature.egressIgnoreCIDR.custom` | CIDRs provided manually | `[]` |
| `feature.maxNumberEndpointPerSlice` | max number of endpoints per slice | `100` |
| `feature.announcedInterfacesToExclude` | The list of network interface excluded for announcing Egress IP. | `["^cali.*","br-*"]` |
| Name | Description | Value |
| -------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
| `feature.enableIPv4` | Enable IPv4 | `true` |
| `feature.enableIPv6` | Enable IPv6 | `true` |
| `feature.datapathMode` | iptables mode, [`iptables`, `ebpf`] | `iptables` |
| `feature.tunnelIpv4Subnet` | Tunnel IPv4 subnet | `172.31.0.0/16` |
| `feature.tunnelIpv6Subnet` | Tunnel IPv6 subnet | `fd11::/112` |
| `feature.tunnelDetectMethod` | Tunnel base on which interface [`defaultRouteInterface`, `interface=eth0`] | `defaultRouteInterface` |
| `feature.iptables.backendMode` | Iptables mode can be specified as `nft` or `legacy`, with `auto` meaning automatic detection. The default value is `auto`. | `auto` |
| `feature.vxlan.name` | The name of VXLAN device | `egress.vxlan` |
| `feature.vxlan.port` | VXLAN port | `7789` |
| `feature.vxlan.id` | VXLAN ID | `100` |
| `feature.vxlan.disableChecksumOffload` | Disable checksum offload | `true` |
| `feature.clusterCIDR.autoDetect.podCidrMode` | cni cluster used, it can be specified as `k8s`, `calico` or `""` | `k8s` |
| `feature.clusterCIDR.autoDetect.clusterIP` | if ignore service ip | `true` |
| `feature.clusterCIDR.autoDetect.nodeIP` | if ignore node ip | `true` |
| `feature.clusterCIDR.extraCidr` | CIDRs provided manually | `[]` |
| `feature.maxNumberEndpointPerSlice` | max number of endpoints per slice | `100` |
| `feature.announcedInterfacesToExclude` | The list of network interface excluded for announcing Egress IP. | `["^cali.*","br-*"]` |

### Egressgateway agent parameters

Expand Down
90 changes: 56 additions & 34 deletions charts/crds/egressgateway.spidernet.io_egressclusterinfos.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,44 +36,66 @@ spec:
metadata:
type: object
spec:
type: object
status:
properties:
egressIgnoreCIDR:
autoDetect:
properties:
clusterIP:
properties:
ipv4:
items:
type: string
type: array
ipv6:
items:
type: string
type: array
type: object
default: true
type: boolean
nodeIP:
properties:
ipv4:
items:
type: string
type: array
ipv6:
items:
type: string
type: array
type: object
podCIDR:
properties:
ipv4:
items:
type: string
type: array
ipv6:
items:
type: string
type: array
type: object
default: true
type: boolean
podCidrMode:
default: k8s
type: string
type: object
extraCidr:
items:
type: string
type: array
type: object
status:
properties:
clusterIP:
properties:
ipv4:
items:
type: string
type: array
ipv6:
items:
type: string
type: array
type: object
extraCidr:
items:
type: string
type: array
nodeIP:
additionalProperties:
properties:
ipv4:
items:
type: string
type: array
ipv6:
items:
type: string
type: array
type: object
type: object
podCIDR:
additionalProperties:
properties:
ipv4:
items:
type: string
type: array
ipv6:
items:
type: string
type: array
type: object
type: object
type: object
required:
Expand Down
10 changes: 10 additions & 0 deletions charts/templates/egressClusterInfo.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
apiVersion: egressgateway.spidernet.io/v1beta1
kind: EgressClusterInfo
metadata:
name: default
spec:
autoDetect:
clusterIP: {{ .Values.feature.clusterCIDR.autoDetect.clusterIP }}
podCidrMode: {{ .Values.feature.clusterCIDR.autoDetect.podCidrMode }}
nodeIP: {{ .Values.feature.clusterCIDR.autoDetect.nodeIP }}
extraCidr: {{ .Values.feature.clusterCIDR.extraCidr }}
14 changes: 7 additions & 7 deletions charts/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,16 +46,16 @@ feature:
id: 100
## @param feature.vxlan.disableChecksumOffload Disable checksum offload
disableChecksumOffload: true
egressIgnoreCIDR:
clusterCIDR:
autoDetect:
## @param feature.egressIgnoreCIDR.autoDetect.podCIDR cni cluster used
podCIDR: "calico"
## @param feature.egressIgnoreCIDR.autoDetect.clusterIP if ignore service ip
## @param feature.clusterCIDR.autoDetect.podCidrMode cni cluster used, it can be specified as `k8s`, `calico` or `""`
podCidrMode: "k8s"
## @param feature.clusterCIDR.autoDetect.clusterIP if ignore service ip
clusterIP: true
## @param feature.egressIgnoreCIDR.autoDetect.nodeIP if ignore node ip
## @param feature.clusterCIDR.autoDetect.nodeIP if ignore node ip
nodeIP: true
## @param feature.egressIgnoreCIDR.custom CIDRs provided manually
custom: []
## @param feature.clusterCIDR.extraCidr CIDRs provided manually
extraCidr: []
## @param feature.maxNumberEndpointPerSlice max number of endpoints per slice
maxNumberEndpointPerSlice: 100
## @param feature.announcedInterfacesToExclude The list of network interface excluded for announcing Egress IP.
Expand Down
31 changes: 24 additions & 7 deletions pkg/agent/police.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -565,8 +565,16 @@ func (r *policeReconciler) reconcileClusterInfo(ctx context.Context, req reconci
}
}

addIP(info.Status.EgressIgnoreCIDR.NodeIP.IPv4...)
addIP(info.Status.EgressIgnoreCIDR.NodeIP.IPv6...)
nodesIPv4 := make([]string, 0)
for _, pair := range info.Status.NodeIP {
nodesIPv4 = append(nodesIPv4, pair.IPv4...)
}
nodesIPv6 := make([]string, 0)
for _, pair := range info.Status.NodeIP {
nodesIPv6 = append(nodesIPv6, pair.IPv6...)
}
addIP(nodesIPv4...)
addIP(nodesIPv6...)

Check warning on line 577 in pkg/agent/police.go

View check run for this annotation

Codecov / codecov/patch

pkg/agent/police.go#L568-L577 

Added lines #L568 - L577 were not covered by tests

addCIDR := func(items ...string) {
for _, item := range items {
Expand All @@ -582,13 +590,22 @@ func (r *policeReconciler) reconcileClusterInfo(ctx context.Context, req reconci
}
}

addCIDR(info.Status.EgressIgnoreCIDR.PodCIDR.IPv4...)
addCIDR(info.Status.EgressIgnoreCIDR.PodCIDR.IPv6...)
v4PodCidrs := make([]string, 0)
for _, pair := range info.Status.PodCIDR {
v4PodCidrs = append(v4PodCidrs, pair.IPv4...)
}
v6PodCidrs := make([]string, 0)
for _, pair := range info.Status.PodCIDR {
v6PodCidrs = append(v6PodCidrs, pair.IPv6...)
}

Check warning on line 600 in pkg/agent/police.go

View check run for this annotation

Codecov / codecov/patch

pkg/agent/police.go#L593-L600 

Added lines #L593 - L600 were not covered by tests

addCIDR(v4PodCidrs...)
addCIDR(v6PodCidrs...)

Check warning on line 603 in pkg/agent/police.go

View check run for this annotation

Codecov / codecov/patch

pkg/agent/police.go#L602-L603 

Added lines #L602 - L603 were not covered by tests

addCIDR(info.Status.EgressIgnoreCIDR.ClusterIP.IPv4...)
addCIDR(info.Status.EgressIgnoreCIDR.ClusterIP.IPv6...)
addCIDR(info.Status.ClusterIP.IPv4...)
addCIDR(info.Status.ClusterIP.IPv6...)

Check warning on line 606 in pkg/agent/police.go

View check run for this annotation

Codecov / codecov/patch

pkg/agent/police.go#L605-L606 

Added lines #L605 - L606 were not covered by tests

addCIDR(r.cfg.FileConfig.EgressIgnoreCIDR.Custom...)
addCIDR(info.Status.ExtraCidr...)

Check warning on line 608 in pkg/agent/police.go

View check run for this annotation

Codecov / codecov/patch

pkg/agent/police.go#L608 

Added line #L608 was not covered by tests

process := func(gotList []string, expList []string, toAdd, toDel func(item string) error) error {
got := sets.NewString(gotList...)
Expand Down
42 changes: 14 additions & 28 deletions pkg/config/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,21 +66,20 @@ type EnvConfig struct {
}

type FileConfig struct {
EnableIPv4 bool `yaml:"enableIPv4"`
EnableIPv6 bool `yaml:"enableIPv6"`
IPTables IPTables `yaml:"iptables"`
DatapathMode string `yaml:"datapathMode"`
TunnelIpv4Subnet string `yaml:"tunnelIpv4Subnet"`
TunnelIpv6Subnet string `yaml:"tunnelIpv6Subnet"`
TunnelIPv4Net *net.IPNet `json:"-"`
TunnelIPv6Net *net.IPNet `json:"-"`
TunnelDetectMethod string `yaml:"tunnelDetectMethod"`
VXLAN VXLAN `yaml:"vxlan"`
EgressIgnoreCIDR EgressIgnoreCIDR `yaml:"egressIgnoreCIDR"`
MaxNumberEndpointPerSlice int `yaml:"maxNumberEndpointPerSlice"`
Mark string `yaml:"mark"`
AnnouncedInterfacesToExclude []string `yaml:"announcedInterfacesToExclude"`
AnnounceExcludeRegexp *regexp.Regexp `json:"-"`
EnableIPv4 bool `yaml:"enableIPv4"`
EnableIPv6 bool `yaml:"enableIPv6"`
IPTables IPTables `yaml:"iptables"`
DatapathMode string `yaml:"datapathMode"`
TunnelIpv4Subnet string `yaml:"tunnelIpv4Subnet"`
TunnelIpv6Subnet string `yaml:"tunnelIpv6Subnet"`
TunnelIPv4Net *net.IPNet `json:"-"`
TunnelIPv6Net *net.IPNet `json:"-"`
TunnelDetectMethod string `yaml:"tunnelDetectMethod"`
VXLAN VXLAN `yaml:"vxlan"`
MaxNumberEndpointPerSlice int `yaml:"maxNumberEndpointPerSlice"`
Mark string `yaml:"mark"`
AnnouncedInterfacesToExclude []string `yaml:"announcedInterfacesToExclude"`
AnnounceExcludeRegexp *regexp.Regexp `json:"-"`
}

const TunnelInterfaceDefaultRoute = "defaultRouteInterface"
Expand All @@ -104,11 +103,6 @@ type IPTables struct {
LockFilePath string `yaml:"lockFilePath"`
}

type EgressIgnoreCIDR struct {
AutoDetect `yaml:"autoDetect"`
Custom []string `yaml:"custom"`
}

type AutoDetect struct {
PodCIDR string `yaml:"podCIDR"`
ClusterIP bool `yaml:"clusterIP"`
Expand Down Expand Up @@ -151,14 +145,6 @@ func LoadConfig(isAgent bool) (*Config, error) {
LockFilePath: "/run/xtables.lock",
RestoreSupportsLock: restoreSupportsLock,
},
EgressIgnoreCIDR: EgressIgnoreCIDR{
AutoDetect: AutoDetect{
PodCIDR: "",
ClusterIP: true,
NodeIP: true,
},
Custom: []string{},
},
Mark: "0x26000000",
},
}
Expand Down
2 changes: 1 addition & 1 deletion pkg/controller/controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ func New(cfg *config.Config) (types.Service, error) {
if err != nil {
return nil, fmt.Errorf("failed to create egress node controller: %w", err)
}
err = newEgressClusterInfoController(mgr, log, cfg)
err = newEgressClusterInfoController(mgr, log)

Check warning on line 97 in pkg/controller/controller.go

View check run for this annotation

Codecov / codecov/patch

pkg/controller/controller.go#L97 

Added line #L97 was not covered by tests
if err != nil {
return nil, fmt.Errorf("failed to create egress cluster info controller: %w", err)
}
Expand Down
Loading

0 comments on commit 3dd3fe7

Please sign in to comment.