Skip to content

Commit

Permalink
Merge branch 'main' into prometheus-option-api
Browse files Browse the repository at this point in the history
  • Loading branch information
Bangseungjae committed Oct 14, 2024
2 parents 6e1781e + f919f5a commit 35cd975
Show file tree
Hide file tree
Showing 5 changed files with 81 additions and 11 deletions.
10 changes: 7 additions & 3 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,11 @@ ARG TAG=main
ENV PATH="${PATH}:/usr/local/go/bin"
ENV LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:/usr/lib64/"

RUN mkdir -p /root/loxilb-io/loxilb
COPY . /root/loxilb-io/loxilb/

# Install loxilb related packages
RUN mkdir -p /opt/loxilb && \
mkdir -p /root/loxilb-io/loxilb/ && \
mkdir -p /usr/lib64/ && \
mkdir -p /opt/loxilb/cert/ && \
mkdir -p /etc/loxilb/certs/ && \
Expand Down Expand Up @@ -45,11 +47,12 @@ RUN mkdir -p /opt/loxilb && \
make && cp ./loxicmd /usr/local/sbin/loxicmd && cd - && rm -fr loxicmd && \
/usr/local/sbin/loxicmd completion bash > /etc/bash_completion.d/loxi_completion && \
# Install loxilb
git clone --recurse-submodules https://github.com/loxilb-io/loxilb /root/loxilb-io/loxilb/ && \
# git clone --recurse-submodules https://github.com/loxilb-io/loxilb /root/loxilb-io/loxilb/ && \
cd /root/loxilb-io/loxilb/ && git fetch --all --tags && git checkout $TAG && \
cd loxilb-ebpf && git fetch --all --tags && git checkout $TAG && cd .. \
go get . && if [ "$arch" = "arm64" ] ; then DOCKER_BUILDX_ARM64=true make; \
else make ;fi && cp loxilb-ebpf/utils/mkllb_bpffs.sh /usr/local/sbin/mkllb_bpffs && \
cp tools/k8s/mkllb-url /usr/local/sbin/mkllb-url && \
cp loxilb-ebpf/utils/mkllb_cgroup.sh /usr/local/sbin/mkllb_cgroup && \
cp /root/loxilb-io/loxilb/loxilb-ebpf/kernel/loxilb_dp_debug /usr/local/sbin/loxilb_dp_debug && \
cp /root/loxilb-io/loxilb/loxilb /usr/local/sbin/loxilb && \
Expand Down Expand Up @@ -87,14 +90,15 @@ ARG DEBIAN_FRONTEND=noninteractive
ENV PATH="${PATH}:/usr/local/go/bin"
ENV LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:/usr/lib64/"

RUN apt-get update && apt-get install -y --no-install-recommends sudo \
RUN apt-get update && apt-get install -y --no-install-recommends sudo wget \
libbsd-dev iproute2 tcpdump bridge-utils net-tools libllvm10 ca-certificates && \
rm -rf /var/lib/apt/lists/* && apt clean

COPY --from=build /usr/lib64/libbpf* /usr/lib64/
COPY --from=build /usr/local/build/lib/* /usr/lib64
COPY --from=build /usr/local/go/bin /usr/local/go/bin
COPY --from=build /usr/local/sbin/mkllb_bpffs /usr/local/sbin/mkllb_bpffs
COPY --from=build /usr/local/sbin/mkllb-url /usr/local/sbin/mkllb-url
COPY --from=build /usr/local/sbin/mkllb_cgroup /usr/local/sbin/mkllb_cgroup
COPY --from=build /usr/local/sbin/loxilb_dp_debug /usr/local/sbin/loxilb_dp_debug
COPY --from=build /usr/local/sbin/loxicmd /usr/local/sbin/loxicmd
Expand Down
8 changes: 4 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ Kubernetes defines many service constructs like cluster-ip, node-port, load-bala

![LoxiLB Cover](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/photos/loxilb-cover.png)

All these services are provided by load-balancers/proxies operating at Layer4/Layer7. Since Kubernetes's is highly modular, these services can be provided by different software modules. For example, kube-proxy is used by default to provide cluster-ip and node-port services. For some services like LB and Ingress, no default is usually provided.
All these services are provided by load-balancers/proxies operating at Layer4/Layer7. Since Kubernetes is highly modular, these services can be provided by different software modules. For example, kube-proxy is used by default to provide cluster-ip and node-port services. For some services like LB and Ingress, no default is usually provided.

Service type load-balancer is usually provided by public cloud-provider(s) as a managed entity. But for on-prem and self-managed clusters, there are only a few good options available. Even for provider-managed K8s like EKS, there are many who would want to bring their own LB to clusters running anywhere. Additionally, Telco 5G and edge services introduce unique challenges due to the variety of exotic protocols involved, including GTP, SCTP, SRv6, SEPP, and DTLS, making seamless integration particularly challenging. <b>loxilb provides service type load-balancer as its main use-case</b>. loxilb can be run in-cluster or ext-to-cluster as per user need.

Expand Down Expand Up @@ -46,7 +46,7 @@ Telco-cloud requires load-balancing and communication across various interfaces/
* [Multi-Node Performance](https://loxilb-io.github.io/loxilbdocs/perf-multi/)
* [Performance on ARM](https://www.loxilb.io/post/running-loxilb-on-aws-graviton2-based-ec2-instance)
* [Short Demo on Performance](https://www.youtube.com/watch?v=MJXcM0x6IeQ)
- Utitlizes ebpf which makes it ```flexible``` as well as ```customizable```
- Utilizes ebpf which makes it ```flexible``` as well as ```customizable```
- Advanced ```quality of service``` for workloads (per LB, per end-point or per client)
- Works with ```any``` Kubernetes distribution/CNI - k8s/k3s/k0s/kind/OpenShift + Calico/Flannel/Cilium/Weave/Multus etc
- Kube-proxy replacement with loxilb allows ```simple plug-in``` with any existing/deployed pod-networking software
Expand All @@ -62,7 +62,7 @@ Telco-cloud requires load-balancing and communication across various interfaces/
- High-availability support with BFD detection for hitless/maglev/cgnat clustering
- Extensive and scalable end-point liveness probes for cloud-native environments
- Stateful firewalling and IPSEC/Wireguard support
- Optimized implementation for features like [Conntrack](https://thermalcircle.de/doku.php?id=blog:linux:connection_tracking_1_modules_and_hooks), QoS etc
- Optimized implementation for features like [Conntrack](https://thermalcircle.de/doku.php?id=blog:linux:connection_tracking_1_modules_and_hooks), QoS, etc
- Full compatibility for ipvs (ipvs policies can be auto inherited)
- Policy oriented L7 proxy support - HTTP1.0, 1.1, 2.0, 3.0

Expand Down Expand Up @@ -131,7 +131,7 @@ Telco-cloud requires load-balancing and communication across various interfaces/
- [Development Roadmap](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/roadmap.md)
- [Contribute](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/contribute.md)
- [System Requirements](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/requirements.md)
- [Frequenctly Asked Questions- FAQs](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/faq.md)
- [Frequently Asked Questions- FAQs](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/faq.md)
- [Blogs](https://www.loxilb.io/blog)
- [Demo Videos](https://www.youtube.com/@loxilb697)

Expand Down
18 changes: 15 additions & 3 deletions api/restapi/handler/firewall.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ import (
)

func ConfigPostFW(params operations.PostConfigFirewallParams) middleware.Responder {
tk.LogIt(tk.LogDebug, "[API] Firewall %s API callded. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL)
tk.LogIt(tk.LogDebug, "[API] Firewall %s API called by IP: %s. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.RemoteAddr, params.HTTPRequest.URL)
Opts := cmn.FwOptArg{}
Rules := cmn.FwRuleArg{}
FW := cmn.FwRuleMod{}
Expand Down Expand Up @@ -62,6 +62,15 @@ func ConfigPostFW(params operations.PostConfigFirewallParams) middleware.Respond

FW.Rule = Rules
FW.Opts = Opts

if Opts.Allow {
tk.LogIt(tk.LogInfo, "[FW] Allowed traffic: SrcIP: %s, DstIP: %s, Protocol: %d, SrcPortMin: %d, SrcPortMax: %d, DstPortMin: %d, DstPortMax: %d, Preference: %d, InPort: %s\n",
Rules.SrcIP, Rules.DstIP, Rules.Proto, Rules.SrcPortMin, Rules.SrcPortMax, Rules.DstPortMin, Rules.DstPortMax, Rules.Pref, Rules.InPort)
} else if Opts.Drop {
tk.LogIt(tk.LogInfo, "[FW] Dropped traffic: SrcIP: %s, DstIP: %s, Protocol: %d, SrcPortMin: %d, SrcPortMax: %d, DstPortMin: %d, DstPortMax: %d, Preference: %d, InPort: %s\n",
Rules.SrcIP, Rules.DstIP, Rules.Proto, Rules.SrcPortMin, Rules.SrcPortMax, Rules.DstPortMin, Rules.DstPortMax, Rules.Pref, Rules.InPort)
}

fmt.Printf("FW: %v\n", FW)
_, err := ApiHooks.NetFwRuleAdd(&FW)
if err != nil {
Expand All @@ -71,7 +80,7 @@ func ConfigPostFW(params operations.PostConfigFirewallParams) middleware.Respond
}

func ConfigDeleteFW(params operations.DeleteConfigFirewallParams) middleware.Responder {
tk.LogIt(tk.LogDebug, "[API] Firewall %s API callded. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL)
tk.LogIt(tk.LogDebug, "[API] Firewall %s API called by IP: %s. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.RemoteAddr, params.HTTPRequest.URL)

Rules := cmn.FwRuleArg{}
FW := cmn.FwRuleMod{}
Expand Down Expand Up @@ -128,11 +137,14 @@ func ConfigDeleteFW(params operations.DeleteConfigFirewallParams) middleware.Res
return &ResultResponse{Result: "fail"}
}

tk.LogIt(tk.LogInfo, "[FW] Deleted traffic rule: SrcIP: %s, DstIP: %s, Protocol: %d, SrcPortMin: %d, SrcPortMax: %d, DstPortMin: %d, DstPortMax: %d, Preference: %d, InPort: %s\n",
Rules.SrcIP, Rules.DstIP, Rules.Proto, Rules.SrcPortMin, Rules.SrcPortMax, Rules.DstPortMin, Rules.DstPortMax, Rules.Pref, Rules.InPort)

return &ResultResponse{Result: "Success"}
}

func ConfigGetFW(params operations.GetConfigFirewallAllParams) middleware.Responder {
tk.LogIt(tk.LogDebug, "[API] Firewall %s API callded. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL)
tk.LogIt(tk.LogDebug, "[API] Firewall %s API called by IP: %s. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.RemoteAddr, params.HTTPRequest.URL)
res, _ := ApiHooks.NetFwRuleGet()
var result []*models.FirewallEntry
result = make([]*models.FirewallEntry, 0)
Expand Down
2 changes: 1 addition & 1 deletion loxilb-ebpf
54 changes: 54 additions & 0 deletions tools/k8s/mkllb-url
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
#!/bin/bash

usage() {
echo "Usage: $0 -a <ip-addr> -z <zone> -t <type>"
echo " $0 -a <ip-addr> -z <zone> -t <type> -d"
}

if [[ $# -gt 7 ]] || [[ $# -lt 6 ]]; then
usage
exit
fi

if [[ ! -f /usr/local/sbin/kubectl ]]; then
apt-get update && apt-get install -y curl
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
chmod +x kubectl
sudo mv kubectl /usr/local/sbin/kubectl
fi

addr=""
zone="llb"
utype="default"
cmd="apply"

while getopts a:z:t:x opt
do
case "${opt}" in
a) addr=${OPTARG};;
z) zone=${OPTARG};;
t) utype=${OPTARG};;
x) cmd="delete";;
?) usage;exit;;
esac
done

echo "============"
echo "Applying CRD"
echo "============"
echo addr $addr
echo zone $zone
echo utype $utype
echo cmd $cmd
echo "============"

cat <<EOF | kubectl ${cmd} -f -
apiVersion: "loxiurl.loxilb.io/v1"
kind: LoxiURL
metadata:
name: llb-${addr}
spec:
loxiURL: http://${addr}:11111
zone: llb
type: ${utype}
EOF

0 comments on commit 35cd975

Please sign in to comment.