feat: gw ha - label lb

liqotech · Oct 7, 2024 · 1c8044c · 1c8044c
1 parent 8d4fd1f
commit 1c8044c
Show file tree

Hide file tree

Showing 18 changed files with 260 additions and 34 deletions.
diff --git a/cmd/fabric/main.go b/cmd/fabric/main.go
@@ -39,6 +39,7 @@ import (
 	sourcedetector "github.com/liqotech/liqo/pkg/fabric/source-detector"
 	"github.com/liqotech/liqo/pkg/firewall"
 	"github.com/liqotech/liqo/pkg/gateway"
+	"github.com/liqotech/liqo/pkg/gateway/concurrent"
 	"github.com/liqotech/liqo/pkg/liqo-controller-manager/networking/external-network/remapping"
 	"github.com/liqotech/liqo/pkg/route"
 	flagsutils "github.com/liqotech/liqo/pkg/utils/flags"
@@ -100,6 +101,11 @@ func run(cmd *cobra.Command, _ []string) error {
 		selection.Equals,
 		[]string{gateway.GatewayComponentGateway},
 	)
+	reqActiveGatewayPods, err := labels.NewRequirement(
+		concurrent.ActiveGatewayKey,
+		selection.Equals,
+		[]string{concurrent.ActiveGatewayValue},
+	)
 	utilruntime.Must(err)
 
 	// Create the manager.
@@ -114,7 +120,7 @@ func run(cmd *cobra.Command, _ []string) error {
 		NewCache: func(config *rest.Config, opts cache.Options) (cache.Cache, error) {
 			opts.ByObject = map[client.Object]cache.ByObject{
 				&corev1.Pod{}: {
-					Label: labels.NewSelector().Add(*reqGatewayPods),
+					Label: labels.NewSelector().Add(*reqGatewayPods).Add(*reqActiveGatewayPods),
 				},
 			}
 			return cache.New(config, opts)

diff --git a/cmd/gateway/geneve/main.go b/cmd/gateway/geneve/main.go
@@ -22,7 +22,6 @@ import (
 	"github.com/spf13/cobra"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
-	"k8s.io/client-go/tools/leaderelection/resourcelock"
 	"k8s.io/klog/v2"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client/config"
@@ -33,7 +32,6 @@ import (
 	"github.com/liqotech/liqo/pkg/gateway"
 	"github.com/liqotech/liqo/pkg/gateway/fabric"
 	"github.com/liqotech/liqo/pkg/gateway/fabric/geneve"
-	"github.com/liqotech/liqo/pkg/gateway/forge"
 	flagsutils "github.com/liqotech/liqo/pkg/utils/flags"
 	"github.com/liqotech/liqo/pkg/utils/mapper"
 	"github.com/liqotech/liqo/pkg/utils/restcfg"
@@ -90,17 +88,7 @@ func run(cmd *cobra.Command, _ []string) error {
 			BindAddress: options.GwOptions.MetricsAddress,
 		},
 		HealthProbeBindAddress: options.GwOptions.ProbeAddr,
-		LeaderElection:         options.GwOptions.LeaderElection,
-		LeaderElectionID: fmt.Sprintf(
-			"%s.%s.%s.genevegateway.liqo.io",
-			forge.GatewayResourceName(options.GwOptions.Name), options.GwOptions.Namespace, options.GwOptions.Mode,
-		),
-		LeaderElectionNamespace:       options.GwOptions.Namespace,
-		LeaderElectionReleaseOnCancel: true,
-		LeaderElectionResourceLock:    resourcelock.LeasesResourceLock,
-		LeaseDuration:                 &options.GwOptions.LeaderElectionLeaseDuration,
-		RenewDeadline:                 &options.GwOptions.LeaderElectionRenewDeadline,
-		RetryPeriod:                   &options.GwOptions.LeaderElectionRetryPeriod,
+		LeaderElection:         false,
 	})
 	if err != nil {
 		return fmt.Errorf("unable to create manager: %w", err)

diff --git a/cmd/gateway/main.go b/cmd/gateway/main.go
@@ -20,19 +20,22 @@ import (
 	"os"
 
 	"github.com/spf13/cobra"
+	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/client-go/tools/leaderelection/resourcelock"
 	"k8s.io/klog/v2"
 	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/client/config"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/metrics/server"
 
 	networkingv1beta1 "github.com/liqotech/liqo/apis/networking/v1beta1"
 	"github.com/liqotech/liqo/pkg/firewall"
 	"github.com/liqotech/liqo/pkg/gateway"
+	"github.com/liqotech/liqo/pkg/gateway/concurrent"
 	"github.com/liqotech/liqo/pkg/gateway/connection"
 	"github.com/liqotech/liqo/pkg/gateway/connection/conncheck"
 	"github.com/liqotech/liqo/pkg/liqo-controller-manager/networking/external-network/remapping"
@@ -50,10 +53,12 @@ var (
 )
 
 func init() {
+	utilruntime.Must(corev1.AddToScheme(scheme))
 	utilruntime.Must(networkingv1beta1.AddToScheme(scheme))
 }
 
 // +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;create;update;delete
+// +kubebuilder:rbac:groups=core,resources=pods,verbs=get;list;watch;update;patch
 
 func main() {
 	var cmd = cobra.Command{
@@ -110,6 +115,15 @@ func run(cmd *cobra.Command, _ []string) error {
 	// Get the rest config.
 	cfg := config.GetConfigOrDie()
 
+	// Create the client. This client should be used only outside the reconciler.
+	// This client don't need a cache.
+	cl, err := client.New(cfg, client.Options{
+		Scheme: scheme,
+	})
+	if err != nil {
+		return fmt.Errorf("unable to create client: %w", err)
+	}
+
 	// Create the manager.
 	mgr, err := ctrl.NewManager(cfg, ctrl.Options{
 		MapperProvider: mapper.LiqoMapperProvider(scheme),
@@ -191,6 +205,15 @@ func run(cmd *cobra.Command, _ []string) error {
 		return fmt.Errorf("unable to setup firewall configuration reconciler: %w", err)
 	}
 
+	if err := mgr.Add(concurrent.NewConcurrentRunnable(
+		cl,
+		connoptions.GwOptions.PodName,
+		connoptions.GwOptions.Name,
+		connoptions.GwOptions.Namespace,
+	)); err != nil {
+		return fmt.Errorf("unable to add concurrent runnable: %w", err)
+	}
+
 	// Start the manager.
 	return mgr.Start(cmd.Context())
 }
diff --git a/cmd/gateway/wireguard/main.go b/cmd/gateway/wireguard/main.go
@@ -24,7 +24,6 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
-	"k8s.io/client-go/tools/leaderelection/resourcelock"
 	"k8s.io/klog/v2"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/cache"
@@ -38,7 +37,6 @@ import (
 	ipamv1alpha1 "github.com/liqotech/liqo/apis/ipam/v1alpha1"
 	networkingv1beta1 "github.com/liqotech/liqo/apis/networking/v1beta1"
 	"github.com/liqotech/liqo/pkg/gateway"
-	"github.com/liqotech/liqo/pkg/gateway/forge"
 	"github.com/liqotech/liqo/pkg/gateway/tunnel/wireguard"
 	flagsutils "github.com/liqotech/liqo/pkg/utils/flags"
 	"github.com/liqotech/liqo/pkg/utils/mapper"
@@ -112,17 +110,7 @@ func run(cmd *cobra.Command, _ []string) error {
 			BindAddress: options.GwOptions.MetricsAddress,
 		},
 		HealthProbeBindAddress: options.GwOptions.ProbeAddr,
-		LeaderElection:         options.GwOptions.LeaderElection,
-		LeaderElectionID: fmt.Sprintf(
-			"%s.%s.%s.wgtunnel.liqo.io",
-			forge.GatewayResourceName(options.GwOptions.Name), options.GwOptions.Namespace, options.GwOptions.Mode,
-		),
-		LeaderElectionNamespace:       options.GwOptions.Namespace,
-		LeaderElectionReleaseOnCancel: true,
-		LeaderElectionResourceLock:    resourcelock.LeasesResourceLock,
-		LeaseDuration:                 &options.GwOptions.LeaderElectionLeaseDuration,
-		RenewDeadline:                 &options.GwOptions.LeaderElectionRenewDeadline,
-		RetryPeriod:                   &options.GwOptions.LeaderElectionRetryPeriod,
+		LeaderElection:         false,
 	})
 	if err != nil {
 		return fmt.Errorf("unable to create manager: %w", err)

diff --git a/deployments/liqo/files/liqo-gateway-ClusterRole.yaml b/deployments/liqo/files/liqo-gateway-ClusterRole.yaml
@@ -11,6 +11,16 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - ""
   resources:

diff --git a/deployments/liqo/templates/liqo-wireguard-gateway-client-template.yaml b/deployments/liqo/templates/liqo-wireguard-gateway-client-template.yaml
@@ -45,6 +45,7 @@ spec:
                 - --remote-cluster-id={{"{{ .ClusterID }}"}}
                 - --gateway-uid={{"{{ .GatewayUID }}"}}
                 - --node-name={{"$(NODE_NAME)"}}
+                - --pod-name={{"$(POD_NAME)"}}
                 - --mode=client
                 {{- if .Values.metrics.enabled }}
                 - --metrics-address=:8080
@@ -70,6 +71,10 @@ spec:
                   valueFrom:
                     fieldRef:
                       fieldPath: spec.nodeName
+                - name: POD_NAME
+                  valueFrom:
+                    fieldRef:
+                      fieldPath: metadata.name
                 securityContext:
                   privileged: true
                   capabilities:

diff --git a/deployments/liqo/templates/liqo-wireguard-gateway-server-template-eks.yaml b/deployments/liqo/templates/liqo-wireguard-gateway-server-template-eks.yaml
@@ -71,6 +71,7 @@ spec:
                 - --namespace={{"{{ .Namespace }}"}}
                 - --remote-cluster-id={{"{{ .ClusterID }}"}}
                 - --node-name={{"$(NODE_NAME)"}}
+                - --pod-name={{"$(POD_NAME)"}}
                 - --gateway-uid={{"{{ .GatewayUID }}"}}
                 - --mode=server
                 {{- if .Values.metrics.enabled }}
@@ -97,6 +98,10 @@ spec:
                   valueFrom:
                     fieldRef:
                       fieldPath: spec.nodeName
+                - name: POD_NAME
+                  valueFrom:
+                    fieldRef:
+                      fieldPath: metadata.name
                 securityContext:
                   privileged: true
                   capabilities:
@@ -140,6 +145,7 @@ spec:
                 - --namespace={{"{{ .Namespace }}"}}
                 - --remote-cluster-id={{"{{ .ClusterID }}"}}
                 - --node-name={{"$(NODE_NAME)"}}
+                - --pod-name={{"$(POD_NAME)"}}
                 - --gateway-uid={{"{{ .GatewayUID }}"}}
                 - --mode=server
                 - --geneve-port={{ .Values.networking.genevePort }}
@@ -157,6 +163,10 @@ spec:
                   valueFrom:
                     fieldRef:
                       fieldPath: spec.nodeName
+                - name: POD_NAME
+                  valueFrom:
+                    fieldRef:
+                      fieldPath: metadata.name
                 securityContext:
                   capabilities:
                     add:

diff --git a/deployments/liqo/templates/liqo-wireguard-gateway-server-template.yaml b/deployments/liqo/templates/liqo-wireguard-gateway-server-template.yaml
@@ -62,6 +62,7 @@ spec:
                 - --namespace={{"{{ .Namespace }}"}}
                 - --remote-cluster-id={{"{{ .ClusterID }}"}}
                 - --node-name={{"$(NODE_NAME)"}}
+                - --pod-name={{"$(POD_NAME)"}}
                 - --gateway-uid={{"{{ .GatewayUID }}"}}
                 - --mode=server
                 {{- if .Values.metrics.enabled }}
@@ -88,6 +89,10 @@ spec:
                   valueFrom:
                     fieldRef:
                       fieldPath: spec.nodeName
+                - name: POD_NAME
+                  valueFrom:
+                    fieldRef:
+                      fieldPath: metadata.name
                 securityContext:
                   privileged: true
                   capabilities:
@@ -131,6 +136,7 @@ spec:
                 - --namespace={{"{{ .Namespace }}"}}
                 - --remote-cluster-id={{"{{ .ClusterID }}"}}
                 - --node-name={{"$(NODE_NAME)"}}
+                - --pod-name={{"$(POD_NAME)"}}
                 - --gateway-uid={{"{{ .GatewayUID }}"}}
                 - --mode=server
                 - --geneve-port={{ .Values.networking.genevePort }}
@@ -148,6 +154,10 @@ spec:
                   valueFrom:
                     fieldRef:
                       fieldPath: spec.nodeName
+                - name: POD_NAME
+                  valueFrom:
+                    fieldRef:
+                      fieldPath: metadata.name
                 securityContext:
                   capabilities:
                     add:

diff --git a/pkg/fabric/source-detector/gateway_controller.go b/pkg/fabric/source-detector/gateway_controller.go
@@ -108,7 +108,7 @@ func (r *GatewayReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
 func (r *GatewayReconciler) SetupWithManager(mgr ctrl.Manager) error {
 	filterByLabelsGatewayPods, err := predicate.LabelSelectorPredicate(
 		metav1.LabelSelector{
-			MatchLabels: gateway.ForgeGatewayPodLabels(),
+			MatchLabels: gateway.ForgeActiveGatewayPodLabels(),
 		},
 	)
 	if err != nil {

diff --git a/pkg/gateway/concurrent/concurrent.go b/pkg/gateway/concurrent/concurrent.go
@@ -0,0 +1,63 @@
+// Copyright 2019-2024 The Liqo Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package concurrent
+
+import (
+	"context"
+
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/manager"
+)
+
+var _ manager.Runnable = &ConcurrentRunnable{}
+
+// ConcurrentRunnable is a Runnable that manages concurrency.
+type ConcurrentRunnable struct {
+	Client client.Client
+
+	PodName        string
+	DeploymentName string
+	Namespace      string
+}
+
+func NewConcurrentRunnable(client client.Client, podName, deploymentName, namespace string) *ConcurrentRunnable {
+	return &ConcurrentRunnable{
+		Client:         client,
+		PodName:        podName,
+		DeploymentName: deploymentName,
+		Namespace:      namespace,
+	}
+}
+
+// Start starts the ConcurrentRunnable.
+func (cr *ConcurrentRunnable) Start(ctx context.Context) error {
+	pods, err := ListAllGatewaysReplicas(ctx, cr.Client, cr.Namespace, cr.DeploymentName)
+	if err != nil {
+		return err
+	}
+
+	for i := range pods {
+		if pods[i].GetName() == cr.PodName {
+			if err := AddActiveGatewayLabel(ctx, cr.Client, client.ObjectKeyFromObject(&pods[i])); err != nil {
+				return err
+			}
+		} else {
+			if err := RemoveActiveGatewayLabel(ctx, cr.Client, client.ObjectKeyFromObject(&pods[i])); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
diff --git a/pkg/gateway/concurrent/doc.go b/pkg/gateway/concurrent/doc.go
@@ -0,0 +1,20 @@
+// Copyright 2019-2024 The Liqo Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package concurrent contains the logic to manage same gateway replicas.
+// They are managed using an active/passive approach.
+// The gateway container try to acquire the active role using the controller manager lease.
+// Then, the active gateway is labeled with the ActiveGatewayKey and ActiveGatewayValue, and the passive gateways are unlabeled.
+// The gateway service target the active gateway using the ActiveGatewayKey and ActiveGatewayValue labels.
+package concurrent