Skip to content

Commit

Permalink
gateway server and client controllers
Browse files Browse the repository at this point in the history
  • Loading branch information
aleoli committed Sep 25, 2023
1 parent ab4496f commit 98b97ef
Show file tree
Hide file tree
Showing 21 changed files with 1,100 additions and 0 deletions.
37 changes: 37 additions & 0 deletions cmd/liqo-controller-manager/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ import (
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/selection"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
"k8s.io/client-go/dynamic"
"k8s.io/client-go/dynamic/dynamicinformer"
"k8s.io/client-go/kubernetes"
clientgoscheme "k8s.io/client-go/kubernetes/scheme"
_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
Expand All @@ -53,12 +55,16 @@ import (
discoveryv1alpha1 "github.com/liqotech/liqo/apis/discovery/v1alpha1"
ipamv1alpha1 "github.com/liqotech/liqo/apis/ipam/v1alpha1"
netv1alpha1 "github.com/liqotech/liqo/apis/net/v1alpha1"
networkingv1alpha1 "github.com/liqotech/liqo/apis/networking/v1alpha1"
offloadingv1alpha1 "github.com/liqotech/liqo/apis/offloading/v1alpha1"
sharingv1alpha1 "github.com/liqotech/liqo/apis/sharing/v1alpha1"
virtualkubeletv1alpha1 "github.com/liqotech/liqo/apis/virtualkubelet/v1alpha1"
"github.com/liqotech/liqo/cmd/virtual-kubelet/root"
"github.com/liqotech/liqo/pkg/consts"
identitymanager "github.com/liqotech/liqo/pkg/identityManager"
clientoperator "github.com/liqotech/liqo/pkg/liqo-controller-manager/external-network/client-operator"
serveroperator "github.com/liqotech/liqo/pkg/liqo-controller-manager/external-network/server-operator"
enutils "github.com/liqotech/liqo/pkg/liqo-controller-manager/external-network/utils"
foreignclusteroperator "github.com/liqotech/liqo/pkg/liqo-controller-manager/foreign-cluster-operator"
ipctrl "github.com/liqotech/liqo/pkg/liqo-controller-manager/ip-controller"
mapsctrl "github.com/liqotech/liqo/pkg/liqo-controller-manager/namespacemap-controller"
Expand Down Expand Up @@ -107,6 +113,7 @@ func init() {
_ = offloadingv1alpha1.AddToScheme(scheme)
_ = virtualkubeletv1alpha1.AddToScheme(scheme)
_ = ipamv1alpha1.AddToScheme(scheme)
_ = networkingv1alpha1.AddToScheme(scheme)
}

func main() {
Expand All @@ -121,6 +128,8 @@ func main() {
var labelsNotReflected argsutils.StringList
var annotationsNotReflected argsutils.StringList
var ipamClient ipam.IpamClient
var gatewayServerResources argsutils.StringList
var gatewayClientResources argsutils.StringList

webhookPort := flag.Uint("webhook-port", 9443, "The port the webhook server binds to")
metricsAddr := flag.String("metrics-address", ":8080", "The address the metric endpoint binds to")
Expand Down Expand Up @@ -203,6 +212,10 @@ func main() {
// Node failure controller parameter
enableNodeFailureController := flag.Bool("enable-node-failure-controller", false, "Enable the node failure controller")

// External network parameters
flag.Var(&gatewayServerResources, "gateway-server-resources", "The list of resource types that implements the gateway server. They must be in the form <group>/<version>/<resource>")
flag.Var(&gatewayClientResources, "gateway-client-resources", "The list of resource types that implements the gateway client. They must be in the form <group>/<version>/<resource>")

liqoerrors.InitFlags(nil)
restcfg.InitFlags(nil)
klog.InitFlags(nil)
Expand Down Expand Up @@ -237,6 +250,11 @@ func main() {

config := restcfg.SetRateLimiter(ctrl.GetConfigOrDie())

dynClient := dynamic.NewForConfigOrDie(config)
factory := &enutils.RunnableFactory{
DynamicSharedInformerFactory: dynamicinformer.NewFilteredDynamicSharedInformerFactory(dynClient, 0, corev1.NamespaceAll, nil),
}

// Create a label selector to filter only the events for pods managed by a ShadowPod (i.e., remote offloaded pods),
// as those are the only ones we are interested in to implement the resiliency mechanism.
reqRemoteLiqoPods, err := labels.NewRequirement(consts.ManagedByLabelKey, selection.Equals, []string{consts.ManagedByShadowPodValue})
Expand Down Expand Up @@ -269,6 +287,11 @@ func main() {
os.Exit(1)
}

if err = mgr.Add(factory); err != nil {
klog.Error(err)
os.Exit(1)
}

// Create a label selector to filter only the events for local offloaded pods
reqLocalLiqoPods, err := labels.NewRequirement(consts.LocalPodLabelKey, selection.Equals, []string{consts.LocalPodLabelValue})
utilruntime.Must(err)
Expand Down Expand Up @@ -495,6 +518,20 @@ func main() {
klog.Fatal(err)
}

serverReconciler := serveroperator.NewServerReconciler(mgr.GetClient(),
dynClient, factory, mgr.GetScheme(), gatewayServerResources.StringList)
if err := serverReconciler.SetupWithManager(mgr); err != nil {
klog.Error(err)
os.Exit(1)
}

clientReconciler := clientoperator.NewClientReconciler(mgr.GetClient(),
dynClient, factory, mgr.GetScheme(), gatewayClientResources.StringList)
if err := clientReconciler.SetupWithManager(mgr); err != nil {
klog.Error(err)
os.Exit(1)
}

// Start the handler to approve the virtual kubelet certificate signing requests.
csrWatcher := csr.NewWatcher(clientset, *resyncPeriod, labels.Everything(), fields.Everything())
csrWatcher.RegisterHandler(csr.ApproverHandler(clientset, "LiqoApproval", "This CSR was approved by Liqo",
Expand Down
2 changes: 2 additions & 0 deletions deployments/liqo/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -107,11 +107,13 @@
| networkManager.pod.extraArgs | list | `[]` | Extra arguments for the networkManager pod. |
| networkManager.pod.labels | object | `{}` | Labels for the networkManager pod. |
| networkManager.pod.resources | object | `{"limits":{},"requests":{}}` | Resource requests and limits (https://kubernetes.io/docs/user-guide/compute-resources/) for the networkManager pod. |
| networking.clientResources | list | `[{"apiVersion":"networking.liqo.io/v1alpha1","resource":"wggatewayclients"}]` | Set the list of resources that implement the GatewayClient |
| networking.internal | bool | `true` | Use the default Liqo network manager. |
| networking.iptables | object | `{"mode":"nf_tables"}` | Iptables configuration tuning. |
| networking.iptables.mode | string | `"nf_tables"` | Select the iptables mode to use. Possible values are "legacy" and "nf_tables". |
| networking.mtu | int | `1340` | Set the MTU for the interfaces managed by liqo: vxlan, tunnel and veth interfaces. The value is used by the gateway and route operators. The default value is configured to ensure correct behavior regardless of the combination of the underlying environments (e.g., cloud providers). This guarantees improved compatibility at the cost of possible limited performance drops. |
| networking.reflectIPs | bool | `true` | Reflect pod IPs and EnpointSlices to the remote clusters. |
| networking.serverResources | list | `[{"apiVersion":"networking.liqo.io/v1alpha1","resource":"wggatewayservers"}]` | Set the list of resources that implement the GatewayServer |
| openshiftConfig.enable | bool | `false` | Enable/Disable the OpenShift support, enabling Openshift-specific resources, and setting the pod security contexts in a way that is compatible with Openshift. |
| openshiftConfig.virtualKubeletSCCs | list | `["anyuid"]` | Security context configurations granted to the virtual kubelet in the local cluster. The configuration of one or more SCCs for the virtual kubelet is not strictly required, and privileges can be reduced in production environments. Still, the default configuration (i.e., anyuid) is suggested to prevent problems (i.e., the virtual kubelet fails to add the appropriate labels) when attempting to offload pods not managed by higher-level abstractions (e.g., Deployments), and not associated with a properly privileged service account. Indeed, "anyuid" is the SCC automatically associated with pods created by cluster administrators. Any pod granted a more privileged SCC and not linked to an adequately privileged service account will fail to be offloaded. |
| proxy.config.listeningPort | int | `8118` | Port used by the proxy pod. |
Expand Down
Empty file.
Empty file.
104 changes: 104 additions & 0 deletions deployments/liqo/files/liqo-controller-manager-ClusterRole.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -375,6 +375,110 @@ rules:
- get
- update
- watch
- apiGroups:
- networking.liqo.io
resources:
- gatewayclients
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- networking.liqo.io
resources:
- gatewayclients/status
verbs:
- get
- patch
- update
- apiGroups:
- networking.liqo.io
resources:
- gatewayservers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- networking.liqo.io
resources:
- gatewayservers/status
verbs:
- get
- patch
- update
- apiGroups:
- networking.liqo.io
resources:
- wggatewayclients
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- networking.liqo.io
resources:
- wggatewayclients/status
verbs:
- get
- patch
- update
- apiGroups:
- networking.liqo.io
resources:
- wggatewayclienttemplates
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- networking.liqo.io
resources:
- wggatewayservers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- networking.liqo.io
resources:
- wggatewayservers/status
verbs:
- get
- patch
- update
- apiGroups:
- networking.liqo.io
resources:
- wggatewayservertemplates
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- offloading.liqo.io
resources:
Expand Down
11 changes: 11 additions & 0 deletions deployments/liqo/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,17 @@ Concatenates a values list into a string in the form "--commandName=val1,val2"
- {{ trimSuffix "," $res }}
{{- end -}}

{{/*
Concatenates a values list of groupVersionResources into a string in the form "--commandName=group1/version1/resource1,group2/version2/resource2"
*/}}
{{- define "liqo.concatenateGroupVersionResources" -}}
{{- $res := print .commandName "=" -}}
{{- range $val := .list -}}
{{- $res = print $res $val.apiVersion "/" $val.resource "," -}}
{{- end -}}
- {{ trimSuffix "," $res }}
{{- end -}}

{{/*
Get the liqo clusterID ConfigMap name
*/}}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,10 @@ spec:
- --configmap-reflection-type={{ .Values.reflection.configmap.type }}
- --secret-reflection-type={{ .Values.reflection.secret.type }}
- --event-reflection-type={{ .Values.reflection.event.type }}
{{- $d := dict "commandName" "--gateway-server-resources" "list" .Values.networking.serverResources }}
{{- include "liqo.concatenateGroupVersionResources" $d | nindent 10 }}
{{- $d := dict "commandName" "--gateway-client-resources" "list" .Values.networking.clientResources }}
{{- include "liqo.concatenateGroupVersionResources" $d | nindent 10 }}
{{- if .Values.reflection.skip.labels }}
{{- $d := dict "commandName" "--labels-not-reflected" "list" .Values.reflection.skip.labels }}
{{- include "liqo.concatenateList" $d | nindent 10 }}
Expand Down
8 changes: 8 additions & 0 deletions deployments/liqo/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,14 @@ networking:
# The default value is configured to ensure correct behavior regardless of the combination of the underlying environments
# (e.g., cloud providers). This guarantees improved compatibility at the cost of possible limited performance drops.
mtu: 1340
# -- Set the list of resources that implement the GatewayServer
serverResources:
- apiVersion: networking.liqo.io/v1alpha1
resource: wggatewayservers
# -- Set the list of resources that implement the GatewayClient
clientResources:
- apiVersion: networking.liqo.io/v1alpha1
resource: wggatewayclients

reflection:
skip:
Expand Down
Loading

0 comments on commit 98b97ef

Please sign in to comment.