feat(): Add slice gw edge feature to use a LB for inter-cluster traff…

…ic (test automation is WIP) (#316) * feat(): Support LB svc type for slice GW Signed-off-by: Bharath Horatti <bharath@aveshasystems.com> * feat(): Updated go.mod to pick up api changes Signed-off-by: Bharath Horatti <bharath@aveshasystems.com> * feat(): Support LB svc type for slice GW Set slicegatewayservice type in the slice object Signed-off-by: Bharath Horatti <bharath@aveshasystems.com> * fix(): Fixed LB update to workerslicegw objects Signed-off-by: Bharath Horatti <bharath@aveshasystems.com> * fix(): Cleanup logs Signed-off-by: Bharath Horatti <bharath@aveshasystems.com> * fix(): Slice Gw Edge LB support Added code comments Signed-off-by: Bharath Horatti <bharath@aveshasystems.com> * fix(): dependency update Signed-off-by: Md Imran <imranaec@outlook.com> * fix(): Added support for AWS LB Signed-off-by: Bharath Horatti <bharath@aveshasystems.com> * fix(): Added support for AWS LB Signed-off-by: Bharath Horatti <bharath@aveshasystems.com> * fix(): Updated SliceGw CRD Signed-off-by: Bharath Horatti <bharath@aveshasystems.com> * fix(): Support TCP for OpenVPN tunnels Signed-off-by: Bharath Horatti <bharath@aveshasystems.com> --------- Signed-off-by: Bharath Horatti <bharath@aveshasystems.com> Signed-off-by: Md Imran <imranaec@outlook.com> Co-authored-by: Md Imran <imranaec@outlook.com>
kubeslice · Nov 23, 2023 · 964ca09 · 964ca09
1 parent f9312ff
commit 964ca09
Show file tree

Hide file tree

Showing 331 changed files with 13,279 additions and 6,553 deletions.
diff --git a/api/v1beta1/slice_types.go b/api/v1beta1/slice_types.go
@@ -69,6 +69,10 @@ type SliceConfig struct {
 	NamespaceIsolationProfile *NamespaceIsolationProfile `json:"namespaceIsolationProfile,omitempty"`
 	//ClusterSubnetCIDR is the subnet to be used by the current cluster
 	ClusterSubnetCIDR string `json:"clusterSubnetCIDR,omitempty"`
+	// SliceGateway Service Type
+	SliceGatewayServiceType string `json:"sliceGatewayServiceType,omitempty"`
+	// SliceGateway Protocol Type: UDP or TCP
+	SliceGatewayProtocol string `json:"sliceGatewayProtocol,omitempty"`
 }
 
 // NamespaceIsolationProfile defines the namespace isolation policy for the slice

diff --git a/api/v1beta1/slicegateway_types.go b/api/v1beta1/slicegateway_types.go
@@ -67,6 +67,12 @@ type SliceGatewayConfig struct {
 	SliceGatewayRemoteClusterID string `json:"sliceGatewayRemoteClusterId,omitempty"`
 	// Intermediate Slice Gw Deployments
 	SliceGatewayIntermediateDeployments []string `json:"sliceGatewayIntermediateDeployments,omitempty"`
+	// SliceGateway Connectivity Type
+	SliceGatewayConnectivityType string `json:"sliceGatewayConnectivityType,omitempty"`
+	// SliceGateway Protocol Type: UDP or TCP
+	SliceGatewayProtocol string `json:"sliceGatewayProtocol,omitempty"`
+	// Slice gateway server LB IPs
+	SliceGatewayServerLBIPs []string `json:"sliceGatewayServerLBIps,omitempty"`
 }
 
 // SliceGatewayStatus defines the observed state of SliceGateway

diff --git a/config/crd/bases/networking.kubeslice.io_slicegateways.yaml b/config/crd/bases/networking.kubeslice.io_slicegateways.yaml
@@ -66,6 +66,9 @@ spec:
               config:
                 description: SliceGatewayConfig defines the config received from backend
                 properties:
+                  sliceGatewayConnectivityType:
+                    description: SliceGateway Connectivity Type
+                    type: string
                   sliceGatewayHostType:
                     description: 'Host Type : server or client'
                     type: string
@@ -88,6 +91,9 @@ spec:
                     items:
                       type: integer
                     type: array
+                  sliceGatewayProtocol:
+                    description: 'SliceGateway Protocol Type: UDP or TCP'
+                    type: string
                   sliceGatewayRemoteClusterId:
                     description: Remote Cluster ID
                     type: string
@@ -110,6 +116,11 @@ spec:
                   sliceGatewayRemoteVpnIp:
                     description: Remote VPN IP
                     type: string
+                  sliceGatewayServerLBIps:
+                    description: Slice gateway server LB IPs
+                    items:
+                      type: string
+                    type: array
                   sliceGatewayStatus:
                     description: SliceGateway status
                     type: string

diff --git a/config/crd/bases/networking.kubeslice.io_slices.yaml b/config/crd/bases/networking.kubeslice.io_slices.yaml
@@ -162,6 +162,12 @@ spec:
                   sliceDisplayName:
                     description: display name of the slice.
                     type: string
+                  sliceGatewayProtocol:
+                    description: 'SliceGateway Protocol Type: UDP or TCP'
+                    type: string
+                  sliceGatewayServiceType:
+                    description: SliceGateway Service Type
+                    type: string
                   sliceId:
                     description: UUID of the slice.
                     type: string

diff --git a/controllers/controller.go b/controllers/controller.go
@@ -61,6 +61,53 @@ func GetSlice(ctx context.Context, c client.Client, slice string) (*kubeslicev1b
 	return s, nil
 }
 
+// GetSliceGatewayList returns a list of slice gateway objects by slice name
+func GetSliceGatewayList(ctx context.Context, c client.Client, sliceName string) (*kubeslicev1beta1.SliceGatewayList, error) {
+	sliceGwList := &kubeslicev1beta1.SliceGatewayList{}
+	listOpts := []client.ListOption{
+		client.MatchingLabels(map[string]string{ApplicationNamespaceSelectorLabelKey: sliceName}),
+	}
+
+	err := c.List(ctx, sliceGwList, listOpts...)
+	if err != nil {
+		return nil, err
+	}
+
+	return sliceGwList, nil
+}
+
+// GetSliceGatewayServers returns a list of slice gateways that run as VPN servers
+func GetSliceGatewayServers(ctx context.Context, c client.Client, sliceName string) ([]*kubeslicev1beta1.SliceGateway, error) {
+	sliceGwList, err := GetSliceGatewayList(ctx, c, sliceName)
+	if err != nil {
+		return nil, err
+	}
+
+	var sliceGwServerList []*kubeslicev1beta1.SliceGateway = nil
+	for _, sliceGw := range sliceGwList.Items {
+		if sliceGw.Status.Config.SliceGatewayHostType == "Server" {
+			sliceGwServerList = append(sliceGwServerList, &sliceGw)
+		}
+	}
+
+	return sliceGwServerList, nil
+}
+
+// GetSliceGwServices returns a list of slice gateway service objects by slice name
+func GetSliceGwServices(ctx context.Context, c client.Client, sliceName string) (*corev1.ServiceList, error) {
+	sliceGwSvcList := &corev1.ServiceList{}
+	listOpts := []client.ListOption{
+		client.MatchingLabels(map[string]string{ApplicationNamespaceSelectorLabelKey: sliceName}),
+	}
+
+	err := c.List(ctx, sliceGwSvcList, listOpts...)
+	if err != nil {
+		return nil, err
+	}
+
+	return sliceGwSvcList, nil
+}
+
 // GetSliceIngressGwPod returns a bool to indicate if ingress gateway is enabled for the slice,  a struct of type AppPod that
 // contains info on the ingress gw pod and an error var to indicate if an error was encountered while executing the func.
 func GetSliceIngressGwPod(ctx context.Context, c client.Client, sliceName string) (bool, *kubeslicev1beta1.AppPod, error) {
@@ -152,9 +199,9 @@ func ContructNetworkPolicyObject(ctx context.Context, slice *kubeslicev1beta1.Sl
 				networkingv1.PolicyTypeEgress,
 			},
 			Ingress: []networkingv1.NetworkPolicyIngressRule{
-				networkingv1.NetworkPolicyIngressRule{
+				{
 					From: []networkingv1.NetworkPolicyPeer{
-						networkingv1.NetworkPolicyPeer{
+						{
 							NamespaceSelector: &metav1.LabelSelector{
 								MatchLabels: map[string]string{ApplicationNamespaceSelectorLabelKey: slice.Name},
 							},
@@ -163,9 +210,9 @@ func ContructNetworkPolicyObject(ctx context.Context, slice *kubeslicev1beta1.Sl
 				},
 			},
 			Egress: []networkingv1.NetworkPolicyEgressRule{
-				networkingv1.NetworkPolicyEgressRule{
+				{
 					To: []networkingv1.NetworkPolicyPeer{
-						networkingv1.NetworkPolicyPeer{
+						{
 							NamespaceSelector: &metav1.LabelSelector{
 								MatchLabels: map[string]string{ApplicationNamespaceSelectorLabelKey: slice.Name},
 							},
@@ -210,3 +257,19 @@ func exists(i []string, o string) bool {
 	}
 	return false
 }
+
+// Returns the list of slice gateway edge service objects. By default there will be only one service object. There could
+// be multiple in future enhancements.
+func GetSliceGatewayEdgeServices(ctx context.Context, c client.Client, sliceName string) (*corev1.ServiceList, error) {
+	listOpts := []client.ListOption{
+		client.MatchingLabels(map[string]string{
+			SliceGatewaySelectorLabelKey: sliceName,
+			SliceGatewayEdgeTypeLabelKey: "LoadBalancer"}),
+		client.InNamespace(ControlPlaneNamespace),
+	}
+	services := corev1.ServiceList{}
+	if err := c.List(ctx, &services, listOpts...); err != nil {
+		return nil, err
+	}
+	return &services, nil
+}
diff --git a/controllers/slice/namespaces.go b/controllers/slice/namespaces.go
@@ -243,7 +243,7 @@ func (r *SliceReconciler) reconcileAllowedNamespaces(ctx context.Context, slice
 	}
 	// Sweep the existing namespaces again to unbind any namespace that was not found in the configured list
 	// Sweep the existing namespaces again to unbind any namespace that was not found in the configured list
-	for existingAllowedNs, _ := range existingAllowedNsMap {
+	for existingAllowedNs := range existingAllowedNsMap {
 		if !existingAllowedNsMap[existingAllowedNs].marked {
 			err := r.unbindAllowedNamespace(ctx, existingAllowedNs, slice.Name)
 			if err != nil {

diff --git a/controllers/slice/reconciler.go b/controllers/slice/reconciler.go
@@ -53,13 +53,14 @@ var controllerName = "sliceReconciler"
 // SliceReconciler reconciles a Slice object
 type SliceReconciler struct {
 	client.Client
-	EventRecorder      *events.EventRecorder
-	Scheme             *runtime.Scheme
-	Log                logr.Logger
-	NetOpPods          []NetOpPod
-	HubClient          HubClientProvider
-	WorkerRouterClient WorkerRouterClientProvider
-	WorkerNetOpClient  WorkerNetOpClientProvider
+	EventRecorder           *events.EventRecorder
+	Scheme                  *runtime.Scheme
+	Log                     logr.Logger
+	NetOpPods               []NetOpPod
+	HubClient               HubClientProvider
+	WorkerRouterClient      WorkerRouterClientProvider
+	WorkerNetOpClient       WorkerNetOpClientProvider
+	WorkerGatewayEdgeClient WorkerGatewayEdgeClientProvider
 
 	// metrics
 	gaugeAppPods *prometheus.GaugeVec
@@ -192,11 +193,24 @@ func (r *SliceReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl
 	}
 
 	res, err, requeue = r.ReconcileSliceRouter(ctx, slice)
+	if err != nil {
+		log.Error(err, "Failed to reconcile slice router")
+	}
 	if requeue {
 		return res, err
 	}
 
-	debugLog.Info("fetching app pods")
+	res, err, requeue = r.ReconcileSliceGwEdge(ctx, slice)
+	if err != nil {
+		log.Error(err, "Slice Edge reconciliation failed")
+		return res, err
+	}
+	if requeue {
+		return ctrl.Result{
+			Requeue: true,
+		}, nil
+	}
+
 	appPods, err := r.getAppPods(ctx, slice)
 	debugLog.Info("app pods", "pods", appPods, "err", err)
 
@@ -210,15 +224,11 @@ func (r *SliceReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl
 
 	debugLog.Info("reconciling app pods")
 	res, err, requeue = r.ReconcileAppPod(ctx, slice)
-
+	if err != nil {
+		log.Error(err, "App pod reconciliation failed")
+		return res, err
+	}
 	if requeue {
-		log.Info("app pods reconciled")
-
-		if err != nil {
-			// app pod reconciliation failed
-			return res, err
-		}
-
 		// reconciliation success, update the app pod list in controller
 		log.Info("updating app pod list in hub workersliceconfig status")
 		sliceConfigName := slice.Name + "-" + controllers.ClusterName
@@ -227,12 +237,11 @@ func (r *SliceReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl
 			utils.RecordEvent(ctx, r.EventRecorder, slice, nil, ossEvents.EventSliceAppPodsListUpdateFailed, controllerName)
 			return ctrl.Result{}, err
 		}
-
 		return ctrl.Result{
 			Requeue: true,
 		}, nil
-
 	}
+
 	return ctrl.Result{
 		RequeueAfter: controllers.ReconcileInterval,
 	}, nil