Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Modularize iptables manager #28746

Merged
merged 4 commits into from
Nov 10, 2023
Merged

Modularize iptables manager #28746

merged 4 commits into from
Nov 10, 2023

Conversation

pippolo84
Copy link
Member

@pippolo84 pippolo84 commented Oct 23, 2023
edited
Loading

Modularize the iptables configuration manager in a cell.
Direct dependency to the DaemonConfig global object is avoided through a SharedConfig privately provided to the cell. This config gets the values from all the referenced DaemonConfig helpers at startup, in order to be used by the new cell.

Also, cells depending on iptables (like the node manager one) now takes a reference to it through dependency injection instead of directly calling side effectful exported functions.

Depends on #28713

@pippolo84 pippolo84 added release-note/misc This PR makes changes that have no direct user impact. area/modularization labels Oct 23, 2023
@pippolo84
Copy link
Member Author

/test

@pippolo84 pippolo84 force-pushed the pr/pippolo84/iptables-manager-modularization branch 2 times, most recently from c15bed0 to aa4c0b0 Compare October 23, 2023 18:06
joamaki
joamaki requested changes Oct 24, 2023
View reviewed changes
pkg/modules/cell.go Outdated Show resolved Hide resolved
pkg/modules/modules.go Outdated Show resolved Hide resolved
pkg/modules/cell.go Outdated Show resolved Hide resolved
pkg/datapath/iptables/cell.go Outdated Show resolved Hide resolved
pkg/datapath/iptables/cell.go Outdated Show resolved Hide resolved
pkg/datapath/cells.go Outdated Show resolved Hide resolved
pkg/datapath/iptables/iptables.go Outdated Show resolved Hide resolved
pkg/datapath/iptables/iptables.go Outdated Show resolved Hide resolved
@joamaki joamaki mentioned this pull request Oct 24, 2023
Merged
@pippolo84 pippolo84 force-pushed the pr/pippolo84/iptables-manager-modularization branch from aa4c0b0 to 5eaef6a Compare October 24, 2023 09:48
@pippolo84
Copy link
Member Author

I've addressed all the feedbacks (the ones regarding modules manager have been pushed in the specific PR as well) but I'm planning to rework this quite a lot, so still not ready for review yet.

@pippolo84 pippolo84 force-pushed the pr/pippolo84/iptables-manager-modularization branch 5 times, most recently from 5b7d4df to 863ec7d Compare October 25, 2023 15:20
dylandreimerink
dylandreimerink requested changes Oct 26, 2023
View reviewed changes
pkg/datapath/iptables/cell.go Outdated Show resolved Hide resolved
@pippolo84 pippolo84 force-pushed the pr/pippolo84/iptables-manager-modularization branch from 863ec7d to 7ae9016 Compare October 27, 2023 09:12
@pippolo84 pippolo84 force-pushed the pr/pippolo84/iptables-manager-modularization branch 2 times, most recently from dbca706 to 0d58076 Compare November 1, 2023 08:37
@pippolo84 pippolo84 marked this pull request as ready for review November 1, 2023 08:37
@pippolo84 pippolo84 requested review from a team as code owners November 1, 2023 08:37
dylandreimerink
dylandreimerink approved these changes Nov 6, 2023
View reviewed changes
Copy link
Member

@dylandreimerink dylandreimerink left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Just one nit, but given its copied code will not block on that

pkg/datapath/iptables/iptables.go Outdated Show resolved Hide resolved
joamaki
joamaki approved these changes Nov 7, 2023
View reviewed changes
pkg/datapath/cells.go Outdated Show resolved Hide resolved
pkg/datapath/iptables/cell.go Outdated Show resolved Hide resolved
@pippolo84
iptables: Rename IptablesManager to Manager
26c0a2e 
Fix iptables manager name to avoid the repetion of "iptables" in both
package and type names (as suggested in "Effective Go" guidelines about
naming: https://go.dev/doc/effective_go#names)

Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
@pippolo84
iptables: Add a cell for iptables config manager
ab022ff 
Modularize iptables configuration manager into its own cell.

The previous Init method is replaced with an Invoke function in order to
be executed when starting the iptables manager cell.

Also, enableIPForwarding is moved in the iptables package and kept
unexported, since it is not used outside of the package.

Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
@pippolo84
iptables: Avoid depending from DaemonConfig directly
92486a1 
iptables has been modularized into a cell, but still depends directly on
option.DaemonConfig global variables and helpers.

The configuration flags that are "private" to the cell are provided
through cell.Config.
Regarding the flags and the helpers shared with other parts of the code,
a SharedConfig struct is provided in the cell itself.

Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
@pippolo84 pippolo84 force-pushed the pr/pippolo84/iptables-manager-modularization branch from 0d58076 to 6055a83 Compare November 7, 2023 18:10
mhofstetter
mhofstetter approved these changes Nov 8, 2023
View reviewed changes
Copy link
Member

@mhofstetter mhofstetter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks - LGTM!

@pippolo84
iptables: Expose ipset funcs as Manager methods
c9fa608 
Move AddToNodeIpset and RemoveFromNodeIpset into the iptables manager,
so that other cells depending on them will import the iptables config
manager through dependency injection.

Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
@pippolo84 pippolo84 force-pushed the pr/pippolo84/iptables-manager-modularization branch from 6055a83 to c9fa608 Compare November 8, 2023 09:12
@pippolo84
Copy link
Member Author

Force-pushed to fix controlplane tests: ... missing type: *iptables.Manager ...

@pippolo84
Copy link
Member Author

/test

@pippolo84 pippolo84 mentioned this pull request Nov 8, 2023
Closed
@pippolo84
Copy link
Member Author

Conformance Cluster Mesh failure tracked here, rerunning.

@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Nov 8, 2023
@pippolo84 pippolo84 mentioned this pull request Nov 9, 2023
Merged
@squeed squeed merged commit 7dc94b2 into cilium:main Nov 10, 2023
60 of 61 checks passed
@giorio94 giorio94 mentioned this pull request Dec 6, 2023
Closed
2 tasks
@qmonnet qmonnet added the backport-pending/1.14 The backport for Cilium 1.14.x for this PR is in progress. label Jan 11, 2024
@qmonnet qmonnet mentioned this pull request Jan 11, 2024
Merged
2 tasks
@github-actions github-actions bot added backport-done/1.14 The backport for Cilium 1.14.x for this PR is done. and removed backport-pending/1.14 The backport for Cilium 1.14.x for this PR is in progress. labels Jan 15, 2024
@gentoo-root gentoo-root mentioned this pull request Jan 17, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joamaki joamaki joamaki approved these changes

@dylandreimerink dylandreimerink dylandreimerink approved these changes

@mhofstetter mhofstetter mhofstetter approved these changes

Assignees
No one assigned
Labels
area/modularization backport-done/1.14 The backport for Cilium 1.14.x for this PR is done. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/misc This PR makes changes that have no direct user impact.
Projects
No open projects
cilium v1.14.6
Status: Released
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@pippolo84 @joamaki @dylandreimerink @mhofstetter @squeed @qmonnet