From f4c3dcafb10d3a8abfffe677859e95e66f020342 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8F=A9=E8=BD=A9?= Date: Tue, 26 Mar 2024 10:47:29 +0800 Subject: [PATCH] The gateway can forward traffic from extra source cidrs --- .../gateway_pickup_controller.go | 21 +++++++++++++++++++ .../controller/raven/util/constants.go | 1 + 2 files changed, 22 insertions(+) diff --git a/pkg/yurtmanager/controller/raven/gatewaypickup/gateway_pickup_controller.go b/pkg/yurtmanager/controller/raven/gatewaypickup/gateway_pickup_controller.go index 79b03829ccb..2f7e7065f45 100644 --- a/pkg/yurtmanager/controller/raven/gatewaypickup/gateway_pickup_controller.go +++ b/pkg/yurtmanager/controller/raven/gatewaypickup/gateway_pickup_controller.go @@ -189,6 +189,7 @@ func (r *ReconcileGateway) Reconcile(ctx context.Context, req reconcile.Request) } sort.Slice(nodes, func(i, j int) bool { return nodes[i].NodeName < nodes[j].NodeName }) gw.Status.Nodes = nodes + r.addExtraAllowedSubnet(&gw) err = r.Status().Update(ctx, &gw) if err != nil { if apierrs.IsConflict(err) { @@ -372,3 +373,23 @@ func (r *ReconcileGateway) configEndpoints(ctx context.Context, gw *ravenv1beta1 } return } + +func (r *ReconcileGateway) addExtraAllowedSubnet(gw *ravenv1beta1.Gateway) { + if gw.Annotations == nil || gw.Annotations[util.ExtraAllowedSourceCIDRs] == "" { + return + } + subnets := strings.Split(gw.Annotations[util.ExtraAllowedSourceCIDRs], ",") + var gatewayName string + for _, aep := range gw.Status.ActiveEndpoints { + if aep.Type == ravenv1beta1.Tunnel { + gatewayName = aep.NodeName + break + } + } + for idx, node := range gw.Status.Nodes { + if node.NodeName == gatewayName { + gw.Status.Nodes[idx].Subnets = append(gw.Status.Nodes[idx].Subnets, subnets...) + break + } + } +} diff --git a/pkg/yurtmanager/controller/raven/util/constants.go b/pkg/yurtmanager/controller/raven/util/constants.go index f8bed485c19..ccacc39b9d1 100644 --- a/pkg/yurtmanager/controller/raven/util/constants.go +++ b/pkg/yurtmanager/controller/raven/util/constants.go @@ -25,6 +25,7 @@ const ( GatewayProxyInternalService = "x-raven-proxy-internal-svc" GatewayProxyServiceNamePrefix = "x-raven-proxy-svc" GatewayTunnelServiceNamePrefix = "x-raven-tunnel-svc" + ExtraAllowedSourceCIDRs = "raven.openyurt.io/extra-allowed-source-cidrs" RavenProxyNodesConfig = "edge-tunnel-nodes" ProxyNodesKey = "tunnel-nodes"