mirrors/kube-router
1
0
Fork 0
mirror of https://github.com/cloudnativelabs/kube-router.git synced 2025-11-18 11:31:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add hairpin support for externalIps

Browse Source 
Add an extra annotation for service in order to generate haipin related
iptables rules for externalsIps of the service.
This commit is contained in:
Aurélien Dunand 2020-08-04 12:15:52 +02:00 committed by Aaron U'Ren
parent 7d47aefe7d
commit 5fc39db6a0
2 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/user-guide.md
View File

@ -216,6 +216,11 @@ To enable hairpin traffic for Service `my-service`:
kubectl annotate service my-service "kube-router.io/service.hairpin=" kubectl annotate service my-service "kube-router.io/service.hairpin="
``` ```
If you want hairpin also apply on externalIPs declared for Service `my-service`:
```
kubectl annotate service my-service "kube-router.io/service.hairpin.externalips="
```
## Direct server return ## Direct server return
Please read below blog on how to user DSR in combination with `--advertise-external-ip` to build highly scalable and available ingress. Please read below blog on how to user DSR in combination with `--advertise-external-ip` to build highly scalable and available ingress.

11
pkg/controllers/proxy/network_services_controller.go
View File

@ -50,6 +50,7 @@ const (
svcDSRAnnotation = "kube-router.io/service.dsr" svcDSRAnnotation = "kube-router.io/service.dsr"
svcSchedulerAnnotation = "kube-router.io/service.scheduler" svcSchedulerAnnotation = "kube-router.io/service.scheduler"
svcHairpinAnnotation = "kube-router.io/service.hairpin" svcHairpinAnnotation = "kube-router.io/service.hairpin"
svcHairpinExternalIPsAnnotation = "kube-router.io/service.hairpin.externalips"
svcLocalAnnotation = "kube-router.io/service.local" svcLocalAnnotation = "kube-router.io/service.local"
svcSkipLbIpsAnnotation = "kube-router.io/service.skiplbips" svcSkipLbIpsAnnotation = "kube-router.io/service.skiplbips"
svcSchedFlagsAnnotation = "kube-router.io/service.schedflags" svcSchedFlagsAnnotation = "kube-router.io/service.schedflags"
@ -257,6 +258,7 @@ type serviceInfo struct {
scheduler string scheduler string
directServerReturnMethod string directServerReturnMethod string
hairpin bool hairpin bool
hairpinExternalIPs bool
skipLbIps bool skipLbIps bool
externalIPs []string externalIPs []string
loadBalancerIPs []string loadBalancerIPs []string
@ -1399,6 +1401,7 @@ func (nsc *NetworkServicesController) buildServicesInfo() serviceInfoMap {
svcInfo.sessionAffinityTimeoutSeconds = *svc.Spec.SessionAffinityConfig.ClientIP.TimeoutSeconds svcInfo.sessionAffinityTimeoutSeconds = *svc.Spec.SessionAffinityConfig.ClientIP.TimeoutSeconds
} }
_, svcInfo.hairpin = svc.ObjectMeta.Annotations[svcHairpinAnnotation] _, svcInfo.hairpin = svc.ObjectMeta.Annotations[svcHairpinAnnotation]
_, svcInfo.hairpinExternalIPs = svc.ObjectMeta.Annotations[svcHairpinExternalIPsAnnotation]
_, svcInfo.local = svc.ObjectMeta.Annotations[svcLocalAnnotation] _, svcInfo.local = svc.ObjectMeta.Annotations[svcLocalAnnotation]
_, svcInfo.skipLbIps = svc.ObjectMeta.Annotations[svcSkipLbIpsAnnotation] _, svcInfo.skipLbIps = svc.ObjectMeta.Annotations[svcSkipLbIpsAnnotation]
if svc.Spec.ExternalTrafficPolicy == api.ServiceExternalTrafficPolicyTypeLocal { if svc.Spec.ExternalTrafficPolicy == api.ServiceExternalTrafficPolicyTypeLocal {
@ -1574,6 +1577,14 @@ func (nsc *NetworkServicesController) syncHairpinIptablesRules() error {
rule, ruleArgs := hairpinRuleFrom(svcInfo.clusterIP.String(), ep.ip, svcInfo.port) rule, ruleArgs := hairpinRuleFrom(svcInfo.clusterIP.String(), ep.ip, svcInfo.port)
rulesNeeded[rule] = ruleArgs rulesNeeded[rule] = ruleArgs
// Handle ExternalIPs if requested
if svcInfo.hairpinExternalIPs {
for _, extip := range svcInfo.externalIPs {
rule, ruleArgs := hairpinRuleFrom(extip, ep.ip, svcInfo.port)
rulesNeeded[rule] = ruleArgs
}
}
// Handle NodePort Service // Handle NodePort Service
if svcInfo.nodePort != 0 { if svcInfo.nodePort != 0 {
rule, ruleArgs := hairpinRuleFrom(nsc.nodeIP.String(), ep.ip, svcInfo.nodePort) rule, ruleArgs := hairpinRuleFrom(nsc.nodeIP.String(), ep.ip, svcInfo.nodePort)