Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deploy envoy-agent for tunneling expose strategy #6445

Merged
merged 1 commit into from
Jan 27, 2021
Merged

Deploy envoy-agent for tunneling expose strategy #6445

merged 1 commit into from
Jan 27, 2021

Conversation

irozzo-1A
Copy link
Contributor

@irozzo-1A irozzo-1A commented Jan 22, 2021
edited
Loading

This PR introduces the deployment of the tunneling agent when tunneling expose strategy is used.

  • Each agent is creating a dummy interface and assigning the IP chosen by the user with host scope through init containers.
  • Envoy agent is deployed and configured to bind to such IP.

What this PR does / why we need it:

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #6392, #6445

Special notes for your reviewer:
This is not intended to be prod ready.

Documentation:

Does this PR introduce a user-facing change?:

Add Tunneling expose strategy (tech preview).

@kubermatic-bot kubermatic-bot added release-note-none Denotes a PR that doesn't merit a release note. dco-signoff: yes Denotes that all commits in the pull request have the valid DCO signoff message. sig/cluster-management Denotes a PR or issue as being assigned to SIG Cluster Management. labels Jan 22, 2021
@kubermatic-bot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: irozzo-1A

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kubermatic-bot kubermatic-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 22, 2021
@kubermatic-bot kubermatic-bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Jan 22, 2021
irozzo-1A
irozzo-1A commented Jan 26, 2021
View reviewed changes
pkg/resources/usercluster/deployment.go Outdated
@@ -151,6 +156,10 @@ func DeploymentCreator(data userclusterControllerData, openshift bool) reconcili
args = append(args, "-node-labels", labelArgsValue)
}

//if data.Cluster().Spec.ExposeStrategy == kubermaticv1.ExposeStrategyTunneling {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

clean-up this

@irozzo-1A irozzo-1A changed the title Add controller to reconcile kubernetes service endpoints Deploy tunneling agent Jan 27, 2021
@irozzo-1A irozzo-1A mentioned this pull request Jan 27, 2021
Closed
youssefazrak
youssefazrak reviewed Jan 27, 2021
View reviewed changes
cmd/user-cluster-controller-manager/main.go
@@ -107,6 +110,8 @@ func main() {
flag.StringVar(&runOp.clusterURL, "cluster-url", "", "Cluster URL")
flag.StringVar(&runOp.dnsClusterIP, "dns-cluster-ip", "", "KubeDNS service IP for the cluster")
flag.IntVar(&runOp.openvpnServerPort, "openvpn-server-port", 0, "OpenVPN server port")
flag.IntVar(&runOp.kasSecurePort, "kas-secure-port", 6443, "Secure KAS port")
flag.Var(&runOp.tunnelingAgentIP, "tunneling-agent-ip", "If specified the tunneling agent will bind to this IP address, otherwise it will not be deployed.")
Copy link
Contributor

@youssefazrak youssefazrak Jan 27, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't we put a default value (192.168.30.10, for the tech preview)? We still need a feature-gate flag to enable the new expose strategy right?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The value is provided by seed-controller-manager when the tunneling strategy is enabled, 192.168.30.10 is the default indeed. We have no feature gate on the user-controller-manager at the moment, we are using the tunnelingAgentIP presence/absence to decide whether we should deploy the agents or not.

youssefazrak
youssefazrak reviewed Jan 27, 2021
View reviewed changes
pkg/controller/seed-controller-manager/kubernetes/resources.go
@@ -212,7 +214,7 @@ func (r *Reconciler) ensureNamespaceExists(ctx context.Context, cluster *kuberma
// GetServiceCreators returns all service creators that are currently in use
func GetServiceCreators(data *resources.TemplateData) []reconciling.NamedServiceCreatorGetter {
creators := []reconciling.NamedServiceCreatorGetter{
apiserver.ServiceCreator(data.Cluster().Spec.ExposeStrategy, data.Cluster().Address.InternalName),
apiserver.ServiceCreator(data.Cluster().Spec.ExposeStrategy, data.Cluster().Address.ExternalName),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure to understand why this has been set to the ExternalName

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the hostname we are using for SNI

@youssefazrak
Copy link
Contributor

lgtm minus the failing tests and SA comment.

@kubermatic-bot kubermatic-bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed release-note-none Denotes a PR that doesn't merit a release note. labels Jan 27, 2021
@irozzo-1A irozzo-1A changed the title Deploy tunneling agent Deploy envoy-agent for tunneling expose strategy Jan 27, 2021
@irozzo-1A irozzo-1A force-pushed the reconcile-kubernetes-ep branch 2 times, most recently from 0ef6414 to 99b5da2 Compare January 27, 2021 16:13
@irozzo-1A @youssefazrak
Deploy envoy agents when tunneling strategy is used.
484043c 
Co-authored-by: irozzo-1A <iacopo@kubermatic.com>
Co-authored-by: youssefazrak <yazrak.tech@gmail.com>
@youssefazrak
Copy link
Contributor

/lgtm

@kubermatic-bot kubermatic-bot added the lgtm Indicates that a PR is ready to be merged. label Jan 27, 2021
@kubermatic-bot
Copy link
Contributor

LGTM label has been added.

Git tree hash: a896352df55c5a126b5f62fb8c41e20d6b91d1e9

@kubermatic-bot kubermatic-bot merged commit 23e493c into kubermatic:master Jan 27, 2021
@irozzo-1A irozzo-1A mentioned this pull request Jan 28, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@youssefazrak youssefazrak youssefazrak left review comments

Assignees

@youssefazrak youssefazrak

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Denotes that all commits in the pull request have the valid DCO signoff message. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/cluster-management Denotes a PR or issue as being assigned to SIG Cluster Management. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add controller to reconcile Kubernetes service EPs when Tunneling expose strategy is used
3 participants
@irozzo-1A @kubermatic-bot @youssefazrak