Skip to content

Commit

Permalink
The gateway can forward traffic from extra source cidrs (openyurtio#1993
Browse files Browse the repository at this point in the history
)

Co-authored-by: 珩轩 <hengxuan.sh@alibaba-inc.com>
  • Loading branch information
2 people authored and zyjhtangtang committed Apr 16, 2024
1 parent 5f19e89 commit 58eb8e6
Show file tree
Hide file tree
Showing 3 changed files with 99 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -189,6 +189,7 @@ func (r *ReconcileGateway) Reconcile(ctx context.Context, req reconcile.Request)
}
sort.Slice(nodes, func(i, j int) bool { return nodes[i].NodeName < nodes[j].NodeName })
gw.Status.Nodes = nodes
r.addExtraAllowedSubnet(&gw)
err = r.Status().Update(ctx, &gw)
if err != nil {
if apierrs.IsConflict(err) {
Expand Down Expand Up @@ -372,3 +373,23 @@ func (r *ReconcileGateway) configEndpoints(ctx context.Context, gw *ravenv1beta1
}
return
}

func (r *ReconcileGateway) addExtraAllowedSubnet(gw *ravenv1beta1.Gateway) {
if gw.Annotations == nil || gw.Annotations[util.ExtraAllowedSourceCIDRs] == "" {
return
}
subnets := strings.Split(gw.Annotations[util.ExtraAllowedSourceCIDRs], ",")
var gatewayName string
for _, aep := range gw.Status.ActiveEndpoints {
if aep.Type == ravenv1beta1.Tunnel {
gatewayName = aep.NodeName
break
}
}
for idx, node := range gw.Status.Nodes {
if node.NodeName == gatewayName {
gw.Status.Nodes[idx].Subnets = append(gw.Status.Nodes[idx].Subnets, subnets...)
break
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ package gatewaypickup

import (
"context"
"reflect"
"testing"

"github.com/stretchr/testify/assert"
Expand Down Expand Up @@ -465,3 +466,79 @@ func TestReconcileGateway_getPodCIDRs(t *testing.T) {
})
}
}

func TestReconcileGateway_addExtraAllowedSubnet(t *testing.T) {
mockReconciler := &ReconcileGateway{}
gw := &ravenv1beta1.Gateway{
ObjectMeta: metav1.ObjectMeta{
Name: "gateway",
Annotations: map[string]string{
util.ExtraAllowedSourceCIDRs: "1.1.1.1/32,2.2.2.2/32",
},
},
Spec: ravenv1beta1.GatewaySpec{
TunnelConfig: ravenv1beta1.TunnelConfiguration{
Replicas: 1,
},
Endpoints: []ravenv1beta1.Endpoint{
{
NodeName: "node-1",
Type: ravenv1beta1.Tunnel,
},
},
},
Status: ravenv1beta1.GatewayStatus{
ActiveEndpoints: []*ravenv1beta1.Endpoint{
{
NodeName: "node-1",
Type: ravenv1beta1.Tunnel,
},
},
Nodes: []ravenv1beta1.NodeInfo{
{
NodeName: "node-1",
PrivateIP: "10.10.10.10",
Subnets: []string{"10.244.10.0/24"},
},
},
},
}
expect := &ravenv1beta1.Gateway{
ObjectMeta: metav1.ObjectMeta{
Name: "gateway",
Annotations: map[string]string{
util.ExtraAllowedSourceCIDRs: "1.1.1.1/32,2.2.2.2/32",
},
},
Spec: ravenv1beta1.GatewaySpec{
TunnelConfig: ravenv1beta1.TunnelConfiguration{
Replicas: 1,
},
Endpoints: []ravenv1beta1.Endpoint{
{
NodeName: "node-1",
Type: ravenv1beta1.Tunnel,
},
},
},
Status: ravenv1beta1.GatewayStatus{
ActiveEndpoints: []*ravenv1beta1.Endpoint{
{
NodeName: "node-1",
Type: ravenv1beta1.Tunnel,
},
},
Nodes: []ravenv1beta1.NodeInfo{
{
NodeName: "node-1",
PrivateIP: "10.10.10.10",
Subnets: []string{"10.244.10.0/24", "1.1.1.1/32", "2.2.2.2/32"},
},
},
},
}
mockReconciler.addExtraAllowedSubnet(gw)
if !reflect.DeepEqual(gw.Status.Nodes, expect.Status.Nodes) {
t.Errorf("failed add extra allowed subnet, expect %v, but get %v", expect.Status.Nodes, gw.Status.Nodes)
}
}
1 change: 1 addition & 0 deletions pkg/yurtmanager/controller/raven/util/constants.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ const (
GatewayProxyInternalService = "x-raven-proxy-internal-svc"
GatewayProxyServiceNamePrefix = "x-raven-proxy-svc"
GatewayTunnelServiceNamePrefix = "x-raven-tunnel-svc"
ExtraAllowedSourceCIDRs = "raven.openyurt.io/extra-allowed-source-cidrs"

RavenProxyNodesConfig = "edge-tunnel-nodes"
ProxyNodesKey = "tunnel-nodes"
Expand Down

0 comments on commit 58eb8e6

Please sign in to comment.