mirrors/kube-router
1
0
Fork 0
mirror of https://github.com/cloudnativelabs/kube-router.git synced 2025-10-08 16:31:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

use constants for all annotations (#346)

Browse Source
This commit is contained in:
Andrew Sy Kim 2018-03-21 09:18:37 -04:00 committed by Murali Reddy
parent faead6dbeb
commit acb3dd45b7
3 changed files with 48 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
app/controllers/network_policy_controller.go
View File

@ -24,6 +24,10 @@ import (
"k8s.io/client-go/kubernetes" "k8s.io/client-go/kubernetes"
) )
const (
networkPolicyAnnotation = "net.beta.kubernetes.io/network-policy"
)
// Network policy controller provides both ingress and egress filtering for the pods as per the defined network // Network policy controller provides both ingress and egress filtering for the pods as per the defined network
// policies. Two different types of iptables chains are used. Each pod running on the node which either // policies. Two different types of iptables chains are used. Each pod running on the node which either
// requires ingress or egress filtering gets a pod specific chains. Each network policy has a iptable chain, which // requires ingress or egress filtering gets a pod specific chains. Each network policy has a iptable chain, which
@ -1245,10 +1249,10 @@ func buildBetaNetworkPoliciesInfo() (*[]networkPolicyInfo, error) {
func getNameSpaceDefaultPolicy(namespace string) (string, error) { func getNameSpaceDefaultPolicy(namespace string) (string, error) {
for _, nspw := range watchers.NamespaceWatcher.List() { for _, nspw := range watchers.NamespaceWatcher.List() {
if strings.Compare(namespace, nspw.Name) == 0 { if strings.Compare(namespace, nspw.Name) == 0 {
networkPolicyAnnotation, ok := nspw.ObjectMeta.Annotations["net.beta.kubernetes.io/network-policy"] networkPolicy, ok := nspw.ObjectMeta.Annotations[networkPolicyAnnotation]
var annot map[string]map[string]string var annot map[string]map[string]string
if ok { if ok {
err := json.Unmarshal([]byte(networkPolicyAnnotation), &annot) err := json.Unmarshal([]byte(networkPolicy), &annot)
if err == nil { if err == nil {
return annot["ingress"]["isolation"], nil return annot["ingress"]["isolation"], nil
} }

59
app/controllers/network_routes_controller.go
View File

@ -37,6 +37,30 @@ import (
"k8s.io/client-go/tools/cache" "k8s.io/client-go/tools/cache"
) )
var (
podEgressArgs = []string{"-m", "set", "--match-set", podSubnetsIPSetName, "src",
"-m", "set", "!", "--match-set", podSubnetsIPSetName, "dst",
"-m", "set", "!", "--match-set", nodeAddrsIPSetName, "dst",
"-j", "MASQUERADE"}
podEgressArgsBad = [][]string{{"-m", "set", "--match-set", podSubnetsIPSetName, "src",
"-m", "set", "!", "--match-set", podSubnetsIPSetName, "dst",
"-j", "MASQUERADE"}}
)
const (
customRouteTableID = "77"
customRouteTableName = "kube-router"
podSubnetsIPSetName = "kube-router-pod-subnets"
nodeAddrsIPSetName = "kube-router-node-ips"
nodeASNAnnotation = "kube-router.io/node.asn"
peerASNAnnotation = "kube-router.io/peer.asns"
peerIPAnnotation = "kube-router.io/peer.ips"
peerPasswordAnnotation = "kube-router.io/peer.passwords"
rrClientAnnotation = "kube-router.io/rr.client"
rrServerAnnotation = "kube-router.io/rr.server"
)
// NetworkRoutingController is struct to hold necessary information required by controller // NetworkRoutingController is struct to hold necessary information required by controller
type NetworkRoutingController struct { type NetworkRoutingController struct {
nodeIP net.IP nodeIP net.IP
@ -72,23 +96,6 @@ type NetworkRoutingController struct {
initSrcDstCheckDone bool initSrcDstCheckDone bool
} }
var (
podEgressArgs = []string{"-m", "set", "--match-set", podSubnetsIPSetName, "src",
"-m", "set", "!", "--match-set", podSubnetsIPSetName, "dst",
"-m", "set", "!", "--match-set", nodeAddrsIPSetName, "dst",
"-j", "MASQUERADE"}
podEgressArgsBad = [][]string{{"-m", "set", "--match-set", podSubnetsIPSetName, "src",
"-m", "set", "!", "--match-set", podSubnetsIPSetName, "dst",
"-j", "MASQUERADE"}}
)
const (
customRouteTableID = "77"
customRouteTableName = "kube-router"
podSubnetsIPSetName = "kube-router-pod-subnets"
nodeAddrsIPSetName = "kube-router-node-ips"
)
// Run runs forever until we are notified on stop channel // Run runs forever until we are notified on stop channel
func (nrc *NetworkRoutingController) Run(healthChan chan<- *ControllerHeartbeat, stopCh <-chan struct{}, wg *sync.WaitGroup) { func (nrc *NetworkRoutingController) Run(healthChan chan<- *ControllerHeartbeat, stopCh <-chan struct{}, wg *sync.WaitGroup) {
cidr, err := utils.GetPodCidrFromCniSpec(nrc.cniConfFile) cidr, err := utils.GetPodCidrFromCniSpec(nrc.cniConfFile)
@ -1079,7 +1086,7 @@ func (nrc *NetworkRoutingController) syncInternalPeers() {
// we are rr-client peer only with rr-server // we are rr-client peer only with rr-server
if nrc.bgpRRClient { if nrc.bgpRRClient {
if _, ok := node.ObjectMeta.Annotations["kube-router.io/rr.server"]; !ok { if _, ok := node.ObjectMeta.Annotations[rrServerAnnotation]; !ok {
continue continue
} }
} }
@ -1087,7 +1094,7 @@ func (nrc *NetworkRoutingController) syncInternalPeers() {
// if node full mesh is not requested then just peer with nodes with same ASN // if node full mesh is not requested then just peer with nodes with same ASN
// (run iBGP among same ASN peers) // (run iBGP among same ASN peers)
if !nrc.bgpFullMeshMode { if !nrc.bgpFullMeshMode {
nodeasn, ok := node.ObjectMeta.Annotations["kube-router.io/node.asn"] nodeasn, ok := node.ObjectMeta.Annotations[nodeASNAnnotation]
if !ok { if !ok {
glog.Infof("Not peering with the Node %s as ASN number of the node is unknown.", glog.Infof("Not peering with the Node %s as ASN number of the node is unknown.",
nodeIP.String()) nodeIP.String())
@ -1145,7 +1152,7 @@ func (nrc *NetworkRoutingController) syncInternalPeers() {
// we are rr-server peer with other rr-client with reflection enabled // we are rr-server peer with other rr-client with reflection enabled
if nrc.bgpRRServer { if nrc.bgpRRServer {
if _, ok := node.ObjectMeta.Annotations["kube-router.io/rr.client"]; ok { if _, ok := node.ObjectMeta.Annotations[rrClientAnnotation]; ok {
//add rr options with clusterId //add rr options with clusterId
n.RouteReflector = config.RouteReflector{ n.RouteReflector = config.RouteReflector{
Config: config.RouteReflectorConfig{ Config: config.RouteReflectorConfig{
@ -1358,7 +1365,7 @@ func (nrc *NetworkRoutingController) startBgpServer() error {
if nrc.bgpFullMeshMode { if nrc.bgpFullMeshMode {
nodeAsnNumber = nrc.defaultNodeAsnNumber nodeAsnNumber = nrc.defaultNodeAsnNumber
} else { } else {
nodeasn, ok := node.ObjectMeta.Annotations["kube-router.io/node.asn"] nodeasn, ok := node.ObjectMeta.Annotations[nodeASNAnnotation]
if !ok { if !ok {
return errors.New("Could not find ASN number for the node. " + return errors.New("Could not find ASN number for the node. " +
"Node needs to be annotated with ASN number details to start BGP server.") "Node needs to be annotated with ASN number details to start BGP server.")
@ -1372,7 +1379,7 @@ func (nrc *NetworkRoutingController) startBgpServer() error {
nrc.nodeAsnNumber = nodeAsnNumber nrc.nodeAsnNumber = nodeAsnNumber
} }
if clusterid, ok := node.ObjectMeta.Annotations["kube-router.io/rr.server"]; ok { if clusterid, ok := node.ObjectMeta.Annotations[rrServerAnnotation]; ok {
glog.Infof("Found rr.server for the node to be %s from the node annotation", clusterid) glog.Infof("Found rr.server for the node to be %s from the node annotation", clusterid)
clusterId, err := strconv.ParseUint(clusterid, 0, 32) clusterId, err := strconv.ParseUint(clusterid, 0, 32)
if err != nil { if err != nil {
@ -1380,7 +1387,7 @@ func (nrc *NetworkRoutingController) startBgpServer() error {
} }
nrc.bgpClusterId = uint32(clusterId) nrc.bgpClusterId = uint32(clusterId)
nrc.bgpRRServer = true nrc.bgpRRServer = true
} else if clusterid, ok := node.ObjectMeta.Annotations["kube-router.io/rr.client"]; ok { } else if clusterid, ok := node.ObjectMeta.Annotations[rrClientAnnotation]; ok {
glog.Infof("Found rr.client for the node to be %s from the node annotation", clusterid) glog.Infof("Found rr.client for the node to be %s from the node annotation", clusterid)
clusterId, err := strconv.ParseUint(clusterid, 0, 32) clusterId, err := strconv.ParseUint(clusterid, 0, 32)
if err != nil { if err != nil {
@ -1424,7 +1431,7 @@ func (nrc *NetworkRoutingController) startBgpServer() error {
// else attempt to get peers from node specific BGP annotations. // else attempt to get peers from node specific BGP annotations.
if len(nrc.globalPeerRouters) == 0 { if len(nrc.globalPeerRouters) == 0 {
// Get Global Peer Router ASN configs // Get Global Peer Router ASN configs
nodeBgpPeerAsnsAnnotation, ok := node.ObjectMeta.Annotations["kube-router.io/peer.asns"] nodeBgpPeerAsnsAnnotation, ok := node.ObjectMeta.Annotations[peerASNAnnotation]
if !ok { if !ok {
glog.Infof("Could not find BGP peer info for the node in the node annotations so skipping configuring peer.") glog.Infof("Could not find BGP peer info for the node in the node annotations so skipping configuring peer.")
return nil return nil
@ -1438,7 +1445,7 @@ func (nrc *NetworkRoutingController) startBgpServer() error {
} }
// Get Global Peer Router IP Address configs // Get Global Peer Router IP Address configs
nodeBgpPeersAnnotation, ok := node.ObjectMeta.Annotations["kube-router.io/peer.ips"] nodeBgpPeersAnnotation, ok := node.ObjectMeta.Annotations[peerIPAnnotation]
if !ok { if !ok {
glog.Infof("Could not find BGP peer info for the node in the node annotations so skipping configuring peer.") glog.Infof("Could not find BGP peer info for the node in the node annotations so skipping configuring peer.")
return nil return nil
@ -1452,7 +1459,7 @@ func (nrc *NetworkRoutingController) startBgpServer() error {
// Get Global Peer Router Password configs // Get Global Peer Router Password configs
var peerPasswords []string var peerPasswords []string
nodeBGPPasswordsAnnotation, ok := node.ObjectMeta.Annotations["kube-router.io/peer.passwords"] nodeBGPPasswordsAnnotation, ok := node.ObjectMeta.Annotations[peerPasswordAnnotation]
if !ok { if !ok {
glog.Infof("Could not find BGP peer password info in the node's annotations. Assuming no passwords.") glog.Infof("Could not find BGP peer password info in the node's annotations. Assuming no passwords.")
} else { } else {

13
app/controllers/network_services_controller.go
View File

@ -41,6 +41,11 @@ const (
IFACE_HAS_NO_ADDR = "cannot assign requested address" IFACE_HAS_NO_ADDR = "cannot assign requested address"
IPVS_SERVER_EXISTS = "file exists" IPVS_SERVER_EXISTS = "file exists"
namespace = "kube_router" namespace = "kube_router"
svcDSRAnnotation = "kube-router.io/service.dsr"
svcSchedulerAnnotation = "kube-router.io/service.scheduler"
svcHairpinAnnotation = "kube-router.io/service.hairpin"
svcLocalAnnotation = "kube-router.io/service.local"
) )
var ( var (
@ -847,13 +852,13 @@ func buildServicesInfo() serviceInfoMap {
externalIPs: make([]string, len(svc.Spec.ExternalIPs)), externalIPs: make([]string, len(svc.Spec.ExternalIPs)),
local: false, local: false,
} }
dsrMethod, ok := svc.ObjectMeta.Annotations["kube-router.io/service.dsr"] dsrMethod, ok := svc.ObjectMeta.Annotations[svcDSRAnnotation]
if ok { if ok {
svcInfo.directServerReturn = true svcInfo.directServerReturn = true
svcInfo.directServerReturnMethod = dsrMethod svcInfo.directServerReturnMethod = dsrMethod
} }
svcInfo.scheduler = ipvs.RoundRobin svcInfo.scheduler = ipvs.RoundRobin
schedulingMethod, ok := svc.ObjectMeta.Annotations["kube-router.io/service.scheduler"] schedulingMethod, ok := svc.ObjectMeta.Annotations[svcSchedulerAnnotation]
if ok { if ok {
if schedulingMethod == ipvs.RoundRobin { if schedulingMethod == ipvs.RoundRobin {
svcInfo.scheduler = ipvs.RoundRobin svcInfo.scheduler = ipvs.RoundRobin
@ -867,8 +872,8 @@ func buildServicesInfo() serviceInfoMap {
} }
copy(svcInfo.externalIPs, svc.Spec.ExternalIPs) copy(svcInfo.externalIPs, svc.Spec.ExternalIPs)
svcInfo.sessionAffinity = svc.Spec.SessionAffinity == "ClientIP" svcInfo.sessionAffinity = svc.Spec.SessionAffinity == "ClientIP"
_, svcInfo.hairpin = svc.ObjectMeta.Annotations["kube-router.io/service.hairpin"] _, svcInfo.hairpin = svc.ObjectMeta.Annotations[svcHairpinAnnotation]
_, svcInfo.local = svc.ObjectMeta.Annotations["kube-router.io/service.local"] _, svcInfo.local = svc.ObjectMeta.Annotations[svcLocalAnnotation]
if svc.Spec.ExternalTrafficPolicy == api.ServiceExternalTrafficPolicyTypeLocal { if svc.Spec.ExternalTrafficPolicy == api.ServiceExternalTrafficPolicyTypeLocal {
svcInfo.local = true svcInfo.local = true
} }