add TLS annotation

loxilb-io · Jul 2, 2024 · 0f7647e · 0f7647e
1 parent c87316c
commit 0f7647e
Show file tree

Hide file tree

Showing 6 changed files with 19 additions and 4 deletions.
diff --git a/pkg/agent/manager/gatewayapi/const.go b/pkg/agent/manager/gatewayapi/const.go
@@ -23,7 +23,7 @@ const (
 	minRetryDelay  = 2 * time.Second
 	maxRetryDelay  = 120 * time.Second
 	defaultWorkers = 4
-	contextTimeout = 5 * time.Second
+	contextTimeout = 30 * time.Second
 	implementation = "kube-loxilb"
 	finalizer      = "loxilb.io"
 )
diff --git a/pkg/agent/manager/gatewayapi/gateway.go b/pkg/agent/manager/gatewayapi/gateway.go
@@ -78,7 +78,7 @@ func NewGatewayManager(
 		gatewayLister:       gatewayInformer.Lister(),
 		gatewayListerSynced: gatewayInformer.Informer().HasSynced,
 
-		queue: workqueue.NewNamedRateLimitingQueue(workqueue.NewItemExponentialFailureRateLimiter(minRetryDelay, maxRetryDelay), "gatewayClass"),
+		queue: workqueue.NewNamedRateLimitingQueue(workqueue.NewItemExponentialFailureRateLimiter(minRetryDelay, maxRetryDelay), "gateway"),
 	}
 
 	manager.gatewayInformer.Informer().AddEventHandler(

diff --git a/pkg/agent/manager/gatewayapi/tcproute.go b/pkg/agent/manager/gatewayapi/tcproute.go
@@ -82,7 +82,7 @@ func NewTCPRouteManager(
 		tcpRouteLister:       tcpRouteInformer.Lister(),
 		tcpRouteListerSynced: tcpRouteInformer.Informer().HasSynced,
 
-		queue: workqueue.NewNamedRateLimitingQueue(workqueue.NewItemExponentialFailureRateLimiter(minRetryDelay, maxRetryDelay), "gatewayClass"),
+		queue: workqueue.NewNamedRateLimitingQueue(workqueue.NewItemExponentialFailureRateLimiter(minRetryDelay, maxRetryDelay), "tcpRoute"),
 	}
 
 	manager.tcpRouteInformer.Informer().AddEventHandler(

diff --git a/pkg/agent/manager/gatewayapi/udproute.go b/pkg/agent/manager/gatewayapi/udproute.go
@@ -82,7 +82,7 @@ func NewUDPRouteManager(
 		udpRouteLister:       udpRouteInformer.Lister(),
 		udpRouteListerSynced: udpRouteInformer.Informer().HasSynced,
 
-		queue: workqueue.NewNamedRateLimitingQueue(workqueue.NewItemExponentialFailureRateLimiter(minRetryDelay, maxRetryDelay), "gatewayClass"),
+		queue: workqueue.NewNamedRateLimitingQueue(workqueue.NewItemExponentialFailureRateLimiter(minRetryDelay, maxRetryDelay), "udpRoute"),
 	}
 
 	manager.udpRouteInformer.Informer().AddEventHandler(

diff --git a/pkg/agent/manager/loadbalancer/loadbalancer.go b/pkg/agent/manager/loadbalancer/loadbalancer.go
@@ -71,6 +71,7 @@ const (
 	zoneSelAnnotation           = "loxilb.io/zoneselect"
 	prefLocalPodAnnotation      = "loxilb.io/prefLocalPod"
 	matchNodeLabelAnnotation    = "loxilb.io/nodelabel"
+	enableTlsAnnotation         = "loxilb.io/tls"
 	MaxExternalSecondaryIPsNum  = 4
 )
 
@@ -111,6 +112,7 @@ type LbArgs struct {
 	secIPs        []string
 	endpointIPs   []string
 	needPodEP     bool
+	security      int32
 }
 
 type LbModelEnt struct {
@@ -142,6 +144,7 @@ type LbCacheEntry struct {
 	ProbeTimeo     uint32
 	ProbeRetries   int
 	EpSelect       api.EpSelect
+	Security       int32
 	SecIPs         []string
 	LbServicePairs map[string]*LbServicePairEntry
 }
@@ -367,11 +370,19 @@ func (m *Manager) addLoadBalancer(svc *corev1.Service) error {
 	prefLocal := false
 	epSelect := api.LbSelRr
 	matchNodeLabel := ""
+	enableTls := int32(0)
 
 	if strings.Compare(*lbClassName, m.networkConfig.LoxilbLoadBalancerClass) != 0 && !needPodEP {
 		return nil
 	}
 
+	// Check for loxilb specific annotations - enableTlsAnnotation
+	if tls := svc.Annotations[enableTlsAnnotation]; tls != "" {
+		if tls == "true" {
+			enableTls = 1
+		}
+	}
+
 	// Check for loxilb specific annotations - MatchNodeLabel
 	if mnl := svc.Annotations[matchNodeLabelAnnotation]; mnl != "" {
 		matchNodeLabel = mnl
@@ -579,6 +590,7 @@ func (m *Manager) addLoadBalancer(svc *corev1.Service) error {
 				ProbeRetries:   probeRetries,
 				EpSelect:       epSelect,
 				Addr:           addrType,
+				Security:       enableTls,
 				SecIPs:         []string{},
 				LbServicePairs: make(map[string]*LbServicePairEntry),
 			}
@@ -843,6 +855,7 @@ func (m *Manager) addLoadBalancer(svc *corev1.Service) error {
 			probeTimeo:    m.lbCache[cacheKey].ProbeTimeo,
 			probeRetries:  m.lbCache[cacheKey].ProbeRetries,
 			sel:           m.lbCache[cacheKey].EpSelect,
+			security:      m.lbCache[cacheKey].Security,
 			needPodEP:     needPodEP,
 		}
 		lbArgs.secIPs = append(lbArgs.secIPs, m.lbCache[cacheKey].SecIPs...)
@@ -1604,6 +1617,7 @@ func (m *Manager) makeLoxiLoadBalancerModel(lbArgs *LbArgs, svc *corev1.Service,
 			ProbeTimeout: lbArgs.probeTimeo,
 			ProbeRetries: int32(lbArgs.probeRetries),
 			Sel:          lbArgs.sel,
+			Security:     lbArgs.security,
 			Name:         fmt.Sprintf("%s_%s", svc.Namespace, svc.Name),
 		},
 		SecondaryIPs: loxiSecIPModelList,

diff --git a/pkg/api/lb.go b/pkg/api/lb.go
@@ -71,6 +71,7 @@ type LoadBalancerService struct {
 	ProbeResp    string   `json:"proberesp"`
 	ProbeRetries int32    `json:"probeRetries,omitempty"`
 	ProbeTimeout uint32   `json:"probeTimeout,omitempty"`
+	Security     int32    `json:"security,omitempty"`
 	Name         string   `json:"name,omitempty"`
 	Oper         LbOP     `json:"oper,omitempty"`
 }