Network: gateway routes

Author: cheina97

.github/workflows/integration.yml

@@ -8,6 +8,7 @@ on:
       - network-general
       - network-external
       - network-internal
+      - frc/gatewayroute 
   repository_dispatch:
     types:
       - test-command

cmd/gateway/geneve/main.go

@@ -33,7 +33,6 @@ import (
 	networkingv1alpha1 "github.com/liqotech/liqo/apis/networking/v1alpha1"
 	"github.com/liqotech/liqo/pkg/gateway"
 	"github.com/liqotech/liqo/pkg/gateway/fabric/geneve"
-	"github.com/liqotech/liqo/pkg/route"
 	flagsutils "github.com/liqotech/liqo/pkg/utils/flags"
 	"github.com/liqotech/liqo/pkg/utils/mapper"
 	"github.com/liqotech/liqo/pkg/utils/restcfg"
@@ -113,20 +112,6 @@ func run(cmd *cobra.Command, _ []string) error {
 		return fmt.Errorf("unable to create manager: %w", err)
 	}
 
-	rcr, err := route.NewRouteConfigurationReconcilerWithoutFinalizer(
-		mgr.GetClient(),
-		mgr.GetScheme(),
-		mgr.GetEventRecorderFor("routeconfiguration-controller"),
-		geneve.ForgeRouteTargetLabels(options.GwOptions.Name),
-	)
-	if err != nil {
-		return fmt.Errorf("unable to create routeconfiguration reconciler: %w", err)
-	}
-
-	if err := rcr.SetupWithManager(mgr); err != nil {
-		return fmt.Errorf("unable to setup routeconfiguration reconciler: %w", err)
-	}
-
 	inr, err := geneve.NewInternalNodeReconciler(
 		mgr.GetClient(),
 		mgr.GetScheme(),

cmd/gateway/main.go

@@ -37,7 +37,9 @@ import (
 	"github.com/liqotech/liqo/pkg/gateway"
 	"github.com/liqotech/liqo/pkg/gateway/connection"
 	"github.com/liqotech/liqo/pkg/gateway/connection/conncheck"
+	"github.com/liqotech/liqo/pkg/gateway/fabric/geneve"
 	"github.com/liqotech/liqo/pkg/gateway/remapping"
+	"github.com/liqotech/liqo/pkg/route"
 	flagsutils "github.com/liqotech/liqo/pkg/utils/flags"
 	"github.com/liqotech/liqo/pkg/utils/mapper"
 	"github.com/liqotech/liqo/pkg/utils/restcfg"
@@ -151,6 +153,20 @@ func run(cmd *cobra.Command, _ []string) error {
 		}
 	}
 
+	rcr, err := route.NewRouteConfigurationReconcilerWithoutFinalizer(
+		mgr.GetClient(),
+		mgr.GetScheme(),
+		mgr.GetEventRecorderFor("routeconfiguration-controller"),
+		geneve.ForgeRouteTargetLabels(connoptions.GwOptions.Name),
+	)
+	if err != nil {
+		return fmt.Errorf("unable to create routeconfiguration reconciler: %w", err)
+	}
+
+	if err := rcr.SetupWithManager(mgr); err != nil {
+		return fmt.Errorf("unable to setup routeconfiguration reconciler: %w", err)
+	}
+
 	// Setup the firewall configuration controller.
 	fwcr, err := firewall.NewFirewallConfigurationReconcilerWithoutFinalizer(
 		mgr.GetClient(),

cmd/liqo-controller-manager/main.go

@@ -68,6 +68,7 @@ import (
 	clientoperator "github.com/liqotech/liqo/pkg/liqo-controller-manager/external-network/client-operator"
 	configurationcontroller "github.com/liqotech/liqo/pkg/liqo-controller-manager/external-network/configuration-controller"
 	externalnetworkcontroller "github.com/liqotech/liqo/pkg/liqo-controller-manager/external-network/externalnetwork-controller"
+	externalnetworkroute "github.com/liqotech/liqo/pkg/liqo-controller-manager/external-network/route"
 	serveroperator "github.com/liqotech/liqo/pkg/liqo-controller-manager/external-network/server-operator"
 	wggatewaycontrollers "github.com/liqotech/liqo/pkg/liqo-controller-manager/external-network/wireguard"
 	foreignclusteroperator "github.com/liqotech/liqo/pkg/liqo-controller-manager/foreign-cluster-operator"
@@ -676,12 +677,20 @@ func main() {
 			os.Exit(1)
 		}
 
-		cfgr := configurationcontroller.NewConfigurationReconciler(mgr.GetClient(), mgr.GetScheme(), mgr.GetEventRecorderFor("configuration-controller"))
-		if err = cfgr.SetupWithManager(mgr); err != nil {
+		intcfgr := configurationcontroller.NewConfigurationReconciler(mgr.GetClient(), mgr.GetScheme(),
+			mgr.GetEventRecorderFor("internal.-configuration-controller"))
+		if err = intcfgr.SetupWithManager(mgr); err != nil {
 			klog.Errorf("unable to create controller ConfigurationReconciler: %s", err)
 			os.Exit(1)
 		}
 
+		extcfg := externalnetworkroute.NewConfigurationReconciler(mgr.GetClient(), mgr.GetScheme(),
+			mgr.GetEventRecorderFor("external-configuration-controller"))
+		if err = extcfg.SetupWithManager(mgr); err != nil {
+			klog.Errorf("unable to create controller ExternalConfigurationReconciler: %s", err)
+			os.Exit(1)
+		}
+
 		wgServerRec := wggatewaycontrollers.NewWgGatewayServerReconciler(
 			mgr.GetClient(), mgr.GetScheme(), auxmgrExtNetworkPods.GetClient(), wgGatewayServerClusterRoleName)
 		if err = wgServerRec.SetupWithManager(mgr); err != nil {

pkg/firewall/firewallconfiguration_controller.go

@@ -149,11 +149,14 @@ func (r *FirewallConfigurationReconciler) Reconcile(ctx context.Context, req ctr
 		return ctrl.Result{}, err
 	}
 
+	klog.Infof("Applied firewallconfiguration %s", req.String())
+
 	return ctrl.Result{}, nil
 }
 
 // SetupWithManager register the FirewallConfigurationReconciler to the manager.
 func (r *FirewallConfigurationReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	klog.Infof("Starting FirewallConfiguration controller with labels %v", r.Labels)
 	filterByLabelsPredicate, err := predicate.LabelSelectorPredicate(metav1.LabelSelector{MatchLabels: r.Labels})
 	if err != nil {
 		return err

pkg/liqo-controller-manager/external-network/route/configuration_controller.go

@@ -0,0 +1,107 @@
+// Copyright 2019-2024 The Liqo Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package route
+
+import (
+	"context"
+	"fmt"
+
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/client-go/tools/record"
+	"k8s.io/klog/v2"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/handler"
+	"sigs.k8s.io/controller-runtime/pkg/reconcile"
+
+	networkingv1alpha1 "github.com/liqotech/liqo/apis/networking/v1alpha1"
+	"github.com/liqotech/liqo/pkg/consts"
+	"github.com/liqotech/liqo/pkg/utils/getters"
+)
+
+// ConfigurationReconciler manage Configuration.
+type ConfigurationReconciler struct {
+	client.Client
+	Scheme         *runtime.Scheme
+	EventsRecorder record.EventRecorder
+}
+
+// NewConfigurationReconciler returns a new ConfigurationReconciler.
+func NewConfigurationReconciler(cl client.Client, s *runtime.Scheme,
+	er record.EventRecorder) *ConfigurationReconciler {
+	return &ConfigurationReconciler{
+		Client:         cl,
+		Scheme:         s,
+		EventsRecorder: er,
+	}
+}
+
+// cluster-role
+// +kubebuilder:rbac:groups=networking.liqo.io,resources=configurations,verbs=get;list;watch;update;patch
+// +kubebuilder:rbac:groups=networking.liqo.io,resources=routeconfigurations,verbs=get;list;watch;update;patch;create;delete
+
+// Reconcile manage Configurations.
+func (r *ConfigurationReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+	var err error
+	configuration := &networkingv1alpha1.Configuration{}
+	if err = r.Get(ctx, req.NamespacedName, configuration); err != nil {
+		if apierrors.IsNotFound(err) {
+			klog.Infof("There is no configuration %s", req.String())
+			return ctrl.Result{}, nil
+		}
+		return ctrl.Result{}, fmt.Errorf("unable to get the configuration %q: %w", req.NamespacedName, err)
+	}
+
+	klog.V(4).Infof("Reconciling configuration %s", req.String())
+
+	return ctrl.Result{}, enforeRouteConfigurationPresence(ctx, r.Client, r.Scheme, configuration)
+}
+
+// SetupWithManager register the ConfigurationReconciler to the manager.
+func (r *ConfigurationReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	return ctrl.NewControllerManagedBy(mgr).
+		For(&networkingv1alpha1.Configuration{}).
+		Watches(
+			&networkingv1alpha1.GatewayServer{},
+			handler.EnqueueRequestsFromMapFunc(r.configurationEnqueuerByRemoteID()),
+		).
+		Watches(
+			&networkingv1alpha1.GatewayClient{},
+			handler.EnqueueRequestsFromMapFunc(r.configurationEnqueuerByRemoteID()),
+		).
+		Complete(r)
+}
+
+func (r *ConfigurationReconciler) configurationEnqueuerByRemoteID() handler.MapFunc {
+	return func(ctx context.Context, obj client.Object) []reconcile.Request {
+		labels := obj.GetLabels()
+		if labels == nil {
+			klog.Errorf("unable to get the labels of gateway %s", obj.GetName())
+			return nil
+		}
+		remoteID, ok := labels[consts.RemoteClusterID]
+		if !ok {
+			klog.Errorf("unable to get the remote cluster ID from the labels of gateway %s", obj.GetName())
+			return nil
+		}
+		cfg, err := getters.GetConfigurationByClusterID(ctx, r.Client, remoteID)
+		if err != nil {
+			klog.Errorf("unable to get the configuration for cluster %s: %s", remoteID, err)
+			return nil
+		}
+		return []reconcile.Request{{NamespacedName: client.ObjectKeyFromObject(cfg)}}
+	}
+}

pkg/liqo-controller-manager/external-network/route/doc.go

@@ -0,0 +1,16 @@
+// Copyright 2019-2024 The Liqo Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package route contains the logic to manage the routesconfiguration for the external-network.
+package route

pkg/liqo-controller-manager/external-network/route/k8s.go

@@ -0,0 +1,151 @@
+// Copyright 2019-2024 The Liqo Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package route
+
+import (
+	"context"
+	"fmt"
+
+	kerrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/utils/ptr"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
+
+	"github.com/liqotech/liqo/apis/discovery/v1alpha1"
+	networkingv1alpha1 "github.com/liqotech/liqo/apis/networking/v1alpha1"
+	"github.com/liqotech/liqo/pkg/consts"
+	"github.com/liqotech/liqo/pkg/gateway"
+	"github.com/liqotech/liqo/pkg/gateway/fabric/geneve"
+	"github.com/liqotech/liqo/pkg/gateway/tunnel/common"
+	"github.com/liqotech/liqo/pkg/utils/getters"
+)
+
+// GetRemoteClusterID returns the remote cluster ID of the Configuration.
+func GetRemoteClusterID(cfg *networkingv1alpha1.Configuration) (string, error) {
+	if cfg.GetLabels() == nil {
+		return "", fmt.Errorf("configuration %s/%s has no labels", cfg.Namespace, cfg.Name)
+	}
+	remoteID, ok := cfg.GetLabels()[consts.RemoteClusterID]
+	if !ok {
+		return "", fmt.Errorf("configuration %s/%s has no remote cluster ID label", cfg.Namespace, cfg.Name)
+	}
+	return remoteID, nil
+}
+
+// enforceRouteConfigurationPresence creates or updates a RouteConfiguration object.
+func enforeRouteConfigurationPresence(ctx context.Context, cl client.Client, scheme *runtime.Scheme,
+	cfg *networkingv1alpha1.Configuration) error {
+	remoteClusterID, err := GetRemoteClusterID(cfg)
+	if err != nil {
+		return err
+	}
+
+	mode, err := GetGatewayMode(ctx, cl, remoteClusterID)
+	if err != nil {
+		return err
+	}
+	// If the Gateway is not already present, we are not able to understand if it will be a server or a client
+	if mode == "" {
+		return nil
+	}
+
+	remoteInterfaceIP, err := common.GetRemoteInterfaceIP(mode)
+	if err != nil {
+		return err
+	}
+
+	routecfg := &networkingv1alpha1.RouteConfiguration{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      fmt.Sprintf("%s-gw-ext", cfg.Name),
+			Namespace: cfg.Namespace,
+		},
+	}
+
+	_, err = controllerutil.CreateOrUpdate(ctx, cl, routecfg,
+		forgeMutateRouteConfiguration(cfg, routecfg, scheme, remoteClusterID, remoteInterfaceIP))
+	return err
+}
+
+// forgeMutateRouteConfiguration mutates a RouteConfiguration object.
+func forgeMutateRouteConfiguration(cfg *networkingv1alpha1.Configuration,
+	routecfg *networkingv1alpha1.RouteConfiguration, scheme *runtime.Scheme, remoteClusterID string, remoteInterfaceIP string) func() error {
+	return func() error {
+		var err error
+
+		if err = controllerutil.SetOwnerReference(cfg, routecfg, scheme); err != nil {
+			return err
+		}
+
+		routecfg.ObjectMeta.Labels = geneve.ForgeRouteTargetLabels(remoteClusterID)
+		if err != nil {
+			return err
+		}
+
+		routecfg.Spec = networkingv1alpha1.RouteConfigurationSpec{
+			Table: networkingv1alpha1.Table{
+				Name: cfg.Name,
+				Rules: []networkingv1alpha1.Rule{
+					{
+						Dst: &cfg.Status.Remote.CIDR.Pod,
+						Routes: []networkingv1alpha1.Route{
+							{
+								Dst: &cfg.Status.Remote.CIDR.Pod,
+								Gw:  ptr.To(networkingv1alpha1.IP(remoteInterfaceIP)),
+							},
+						},
+					},
+					{
+						Dst: &cfg.Status.Remote.CIDR.External,
+						Routes: []networkingv1alpha1.Route{
+							{
+								Dst: &cfg.Status.Remote.CIDR.External,
+								Gw:  ptr.To(networkingv1alpha1.IP(remoteInterfaceIP)),
+							},
+						},
+					},
+				},
+			},
+		}
+		return nil
+	}
+}
+
+// GetGatewayMode returns the mode of the Gateway related to the Configuration.
+func GetGatewayMode(ctx context.Context, cl client.Client, remoteClusterID string) (gateway.Mode, error) {
+	gwclient, err := getters.GetGatewayClientByClusterID(ctx, cl, &v1alpha1.ClusterIdentity{ClusterID: remoteClusterID})
+	if err != nil && !kerrors.IsNotFound(err) {
+		return "", err
+	}
+
+	gwserver, err := getters.GetGatewayServerByClusterID(ctx, cl, &v1alpha1.ClusterIdentity{ClusterID: remoteClusterID})
+	if err != nil && !kerrors.IsNotFound(err) {
+		return "", err
+	}
+
+	switch {
+	case gwclient == nil && gwserver == nil:
+		return "", nil
+	case gwclient != nil && gwserver != nil:
+		return "", fmt.Errorf("multiple Gateways found for cluster %s", remoteClusterID)
+	case gwclient == nil && gwserver != nil:
+		return gateway.ModeServer, nil
+	case gwclient != nil && gwserver == nil:
+		return gateway.ModeClient, nil
+	}
+
+	return "", fmt.Errorf("unable to determine Gateway mode for cluster %s", remoteClusterID)
+}

pkg/liqo-controller-manager/internal-network/internalfabric-controller/internalfabric_controller.go

@@ -111,7 +111,7 @@ func (r *InternalFabricReconciler) ensureRouteConfiguration(ctx context.Context,
 
 	route := &networkingv1alpha1.RouteConfiguration{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      internalFabric.Name,
+			Name:      fmt.Sprintf("%s-node-gw", internalFabric.Name),
 			Namespace: internalFabric.Namespace,
 		},
 	}