implement new feature: external gateway

Gateway node(s) forward egress traffic to external gateway based on policy routing. Support both distributed and centralized gateway modes. New properties are available in subnet spec: externalGateway, policyRoutingPriority & policyRoutingTableID.
kubeovn · May 11, 2021 · 17fe230 · 17fe230
1 parent 39789c7
commit 17fe230
Show file tree

Hide file tree

Showing 11 changed files with 721 additions and 70 deletions.
diff --git a/dist/images/install-pre-1.16.sh b/dist/images/install-pre-1.16.sh
@@ -232,6 +232,15 @@ spec:
     - name: NAT
       type: boolean
       JSONPath: .spec.natOutgoing
+    - name: ExternalGateway
+      type: string
+      JSONPath: .spec.externalGateway
+    - name: PolicyRoutingPriority
+      type: integer
+      JSONPath: .spec.policyRoutingPriority
+    - name: PolicyRoutingTableID
+      type: integer
+      JSONPath: .spec.policyRoutingTableID
     - name: Default
       type: boolean
       JSONPath: .spec.default
@@ -306,6 +315,22 @@ spec:
               type: string
             natOutgoing:
               type: boolean
+            externalGateway:
+              type: string
+            policyRoutingPriority:
+              type: integer
+              minimum: 1
+              maximum: 32765
+            policyRoutingTableID:
+              type: integer
+              minimum: 1
+              maximum: 2147483647
+              not:
+                enum:
+                  - 252 # compat
+                  - 253 # default
+                  - 254 # main
+                  - 255 # local
             private:
               type: boolean
             vlan:

diff --git a/dist/images/install.sh b/dist/images/install.sh
@@ -414,6 +414,15 @@ spec:
       - name: NAT
         type: boolean
         jsonPath: .spec.natOutgoing
+      - name: ExternalGateway
+        type: string
+        jsonPath: .spec.externalGateway
+      - name: PolicyRoutingPriority
+        type: integer
+        jsonPath: .spec.policyRoutingPriority
+      - name: PolicyRoutingTableID
+        type: integer
+        jsonPath: .spec.policyRoutingTableID
       - name: Default
         type: boolean
         jsonPath: .spec.default
@@ -499,6 +508,22 @@ spec:
                   type: string
                 natOutgoing:
                   type: boolean
+                externalGateway:
+                  type: string
+                policyRoutingPriority:
+                  type: integer
+                  minimum: 1
+                  maximum: 32765
+                policyRoutingTableID:
+                  type: integer
+                  minimum: 1
+                  maximum: 2147483647
+                  not:
+                    enum:
+                      - 252 # compat
+                      - 253 # default
+                      - 254 # main
+                      - 255 # local
                 private:
                   type: boolean
                 vlan:

diff --git a/pkg/apis/kubeovn/v1/types.go b/pkg/apis/kubeovn/v1/types.go
@@ -88,6 +88,10 @@ type SubnetSpec struct {
 	GatewayNode string `json:"gatewayNode"`
 	NatOutgoing bool   `json:"natOutgoing"`
 
+	ExternalGateway       string `json:"externalGateway,omitempty"`
+	PolicyRoutingPriority uint32 `json:"policyRoutingPriority,omitempty"`
+	PolicyRoutingTableID  uint32 `json:"policyRoutingTableID,omitempty"`
+
 	Private      bool     `json:"private"`
 	AllowSubnets []string `json:"allowSubnets,omitempty"`
 

diff --git a/pkg/controller/subnet.go b/pkg/controller/subnet.go
@@ -528,8 +528,20 @@ func (c *Controller) handleAddOrUpdateSubnet(key string) error {
 	}
 
 	for _, sub := range subnetList {
-		if sub.Spec.Vpc == subnet.Spec.Vpc && sub.Name != subnet.Name && util.CIDRConflict(sub.Spec.CIDRBlock, subnet.Spec.CIDRBlock) {
-			err = fmt.Errorf("subnet %s cidr %s conflict with subnet %s cidr %s", subnet.Name, subnet.Spec.CIDRBlock, sub.Name, sub.Spec.CIDRBlock)
+		if sub.Spec.Vpc != subnet.Spec.Vpc || sub.Name == subnet.Name {
+			continue
+		}
+
+		if util.CIDRConflict(sub.Spec.CIDRBlock, subnet.Spec.CIDRBlock) {
+			err = fmt.Errorf("subnet %s cidr %s is conflict with subnet %s cidr %s", subnet.Name, subnet.Spec.CIDRBlock, sub.Name, sub.Spec.CIDRBlock)
+			klog.Error(err)
+			c.patchSubnetStatus(subnet, "ValidateLogicalSwitchFailed", err.Error())
+			return err
+		}
+
+		if subnet.Spec.ExternalGateway != "" && sub.Spec.ExternalGateway != "" &&
+			subnet.Spec.PolicyRoutingTableID == sub.Spec.PolicyRoutingTableID {
+			err = fmt.Errorf("subnet %s policy routing table ID %d is conflict with subnet %s policy routing table ID %d", subnet.Name, subnet.Spec.PolicyRoutingTableID, sub.Name, sub.Spec.PolicyRoutingTableID)
 			klog.Error(err)
 			c.patchSubnetStatus(subnet, "ValidateLogicalSwitchFailed", err.Error())
 			return err