Skip to content

Commit

Permalink
feat(dataplane) add ExternalTrafficPolicy to ServiceOptions (#241)
Browse files Browse the repository at this point in the history
  • Loading branch information
pmalek authored May 13, 2024
1 parent 66287ed commit 395c874
Show file tree
Hide file tree
Showing 9 changed files with 275 additions and 5 deletions.
5 changes: 5 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,11 @@

## Unreleased

### Added

- Add `ExternalTrafficPolicy` to `DataPlane`'s `ServiceOptions`
[#241](https://github.com/Kong/gateway-operator/pull/241)

### Breaking Changes

- Changes project layout to match `kubebuilder` `v4`. Some import paths (due to dir renames) have changed
Expand Down
21 changes: 21 additions & 0 deletions api/v1beta1/dataplane_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,27 @@ type ServiceOptions struct {
//
// +optional
Annotations map[string]string `json:"annotations,omitempty" protobuf:"bytes,12,rep,name=annotations"`

// ExternalTrafficPolicy describes how nodes distribute service traffic they
// receive on one of the Service's "externally-facing" addresses (NodePorts,
// ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
// the service in a way that assumes that external load balancers will take care
// of balancing the service traffic between nodes, and so each node will deliver
// traffic only to the node-local endpoints of the service, without masquerading
// the client source IP. (Traffic mistakenly sent to a node with no endpoints will
// be dropped.) The default value, "Cluster", uses the standard behavior of
// routing to all endpoints evenly (possibly modified by topology and other
// features). Note that traffic sent to an External IP or LoadBalancer IP from
// within the cluster will always get "Cluster" semantics, but clients sending to
// a NodePort from within the cluster may need to take traffic policy into account
// when picking a node.
//
// More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
//
// +optional
// +kubebuilder:default=Cluster
// +kubebuilder:validation:Enum=Cluster;Local
ExternalTrafficPolicy corev1.ServiceExternalTrafficPolicy `json:"externalTrafficPolicy,omitempty"`
}

// DataPlaneStatus defines the observed state of DataPlane
Expand Down
23 changes: 23 additions & 0 deletions config/crd/bases/gateway-operator.konghq.com_dataplanes.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8397,6 +8397,29 @@ spec:

More info: http://kubernetes.io/docs/user-guide/annotations
type: object
externalTrafficPolicy:
default: Cluster
description: |-
ExternalTrafficPolicy describes how nodes distribute service traffic they
receive on one of the Service's "externally-facing" addresses (NodePorts,
ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
the service in a way that assumes that external load balancers will take care
of balancing the service traffic between nodes, and so each node will deliver
traffic only to the node-local endpoints of the service, without masquerading
the client source IP. (Traffic mistakenly sent to a node with no endpoints will
be dropped.) The default value, "Cluster", uses the standard behavior of
routing to all endpoints evenly (possibly modified by topology and other
features). Note that traffic sent to an External IP or LoadBalancer IP from
within the cluster will always get "Cluster" semantics, but clients sending to
a NodePort from within the cluster may need to take traffic policy into account
when picking a node.


More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
enum:
- Cluster
- Local
type: string
ports:
description: |-
Ports defines the list of ports that are exposed by the service.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16254,6 +16254,29 @@ spec:

More info: http://kubernetes.io/docs/user-guide/annotations
type: object
externalTrafficPolicy:
default: Cluster
description: |-
ExternalTrafficPolicy describes how nodes distribute service traffic they
receive on one of the Service's "externally-facing" addresses (NodePorts,
ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
the service in a way that assumes that external load balancers will take care
of balancing the service traffic between nodes, and so each node will deliver
traffic only to the node-local endpoints of the service, without masquerading
the client source IP. (Traffic mistakenly sent to a node with no endpoints will
be dropped.) The default value, "Cluster", uses the standard behavior of
routing to all endpoints evenly (possibly modified by topology and other
features). Note that traffic sent to an External IP or LoadBalancer IP from
within the cluster will always get "Cluster" semantics, but clients sending to
a NodePort from within the cluster may need to take traffic policy into account
when picking a node.


More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
enum:
- Cluster
- Local
type: string
type:
default: LoadBalancer
description: |-
Expand Down
23 changes: 23 additions & 0 deletions config/crd/dataplane/gateway-operator.konghq.com_dataplanes.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8397,6 +8397,29 @@ spec:

More info: http://kubernetes.io/docs/user-guide/annotations
type: object
externalTrafficPolicy:
default: Cluster
description: |-
ExternalTrafficPolicy describes how nodes distribute service traffic they
receive on one of the Service's "externally-facing" addresses (NodePorts,
ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
the service in a way that assumes that external load balancers will take care
of balancing the service traffic between nodes, and so each node will deliver
traffic only to the node-local endpoints of the service, without masquerading
the client source IP. (Traffic mistakenly sent to a node with no endpoints will
be dropped.) The default value, "Cluster", uses the standard behavior of
routing to all endpoints evenly (possibly modified by topology and other
features). Note that traffic sent to an External IP or LoadBalancer IP from
within the cluster will always get "Cluster" semantics, but clients sending to
a NodePort from within the cluster may need to take traffic policy into account
when picking a node.


More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
enum:
- Cluster
- Local
type: string
ports:
description: |-
Ports defines the list of ports that are exposed by the service.
Expand Down
5 changes: 3 additions & 2 deletions controller/gateway/controller_reconciler_utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -134,8 +134,9 @@ func gatewayConfigDataPlaneOptionsToDataPlaneOptions(opts operatorv1beta1.Gatewa
Services: &operatorv1beta1.DataPlaneServices{
Ingress: &operatorv1beta1.DataPlaneServiceOptions{
ServiceOptions: operatorv1beta1.ServiceOptions{
Type: opts.Network.Services.Ingress.Type,
Annotations: opts.Network.Services.Ingress.Annotations,
Type: opts.Network.Services.Ingress.Type,
Annotations: opts.Network.Services.Ingress.Annotations,
ExternalTrafficPolicy: opts.Network.Services.Ingress.ExternalTrafficPolicy,
},
},
},
Expand Down
3 changes: 3 additions & 0 deletions docs/api-reference.md
Original file line number Diff line number Diff line change
Expand Up @@ -754,6 +754,7 @@ DataPlaneServiceOptions contains Services related DataPlane configuration.
| `ports` _[DataPlaneServicePort](#dataplaneserviceport) array_ | Ports defines the list of ports that are exposed by the service. The ports field allows defining the name, port and targetPort of the underlying service ports, while the protocol is defaulted to TCP, as it is the only protocol currently supported. |
| `type` _[ServiceType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#servicetype-v1-core)_ | Type determines how the Service is exposed. Defaults to `LoadBalancer`.<br /><br /> Valid options are `LoadBalancer` and `ClusterIP`.<br /><br /> `ClusterIP` allocates a cluster-internal IP address for load-balancing to endpoints.<br /><br /> `LoadBalancer` builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP.<br /><br /> More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types |
| `annotations` _object (keys:string, values:string)_ | Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.<br /><br /> More info: http://kubernetes.io/docs/user-guide/annotations |
| `externalTrafficPolicy` _[ServiceExternalTrafficPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#serviceexternaltrafficpolicy-v1-core)_ | ExternalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get "Cluster" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node.<br /><br /> More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip |


_Appears in:_
Expand Down Expand Up @@ -908,6 +909,7 @@ such as the annotations.
| --- | --- |
| `type` _[ServiceType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#servicetype-v1-core)_ | Type determines how the Service is exposed. Defaults to `LoadBalancer`.<br /><br /> Valid options are `LoadBalancer` and `ClusterIP`.<br /><br /> `ClusterIP` allocates a cluster-internal IP address for load-balancing to endpoints.<br /><br /> `LoadBalancer` builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP.<br /><br /> More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types |
| `annotations` _object (keys:string, values:string)_ | Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.<br /><br /> More info: http://kubernetes.io/docs/user-guide/annotations |
| `externalTrafficPolicy` _[ServiceExternalTrafficPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#serviceexternaltrafficpolicy-v1-core)_ | ExternalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get "Cluster" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node.<br /><br /> More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip |


_Appears in:_
Expand Down Expand Up @@ -1158,6 +1160,7 @@ such as the annotations.
| --- | --- |
| `type` _[ServiceType](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#servicetype-v1-core)_ | Type determines how the Service is exposed. Defaults to `LoadBalancer`.<br /><br /> Valid options are `LoadBalancer` and `ClusterIP`.<br /><br /> `ClusterIP` allocates a cluster-internal IP address for load-balancing to endpoints.<br /><br /> `LoadBalancer` builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP.<br /><br /> More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types |
| `annotations` _object (keys:string, values:string)_ | Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.<br /><br /> More info: http://kubernetes.io/docs/user-guide/annotations |
| `externalTrafficPolicy` _[ServiceExternalTrafficPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#serviceexternaltrafficpolicy-v1-core)_ | ExternalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get "Cluster" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node.<br /><br /> More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip |


_Appears in:_
Expand Down
17 changes: 14 additions & 3 deletions pkg/utils/kubernetes/resources/services.go
Original file line number Diff line number Diff line change
Expand Up @@ -57,9 +57,12 @@ func GenerateNewIngressServiceForDataPlane(dataplane *operatorv1beta1.DataPlane,
},
},
Spec: corev1.ServiceSpec{
Type: getDataPlaneIngressServiceType(dataplane),
Selector: map[string]string{"app": dataplane.Name},
Ports: DefaultDataPlaneIngressServicePorts,
Type: getDataPlaneIngressServiceType(dataplane),
Selector: map[string]string{
"app": dataplane.Name,
},
Ports: DefaultDataPlaneIngressServicePorts,
ExternalTrafficPolicy: getDataPlaneIngressServiceExternalTrafficPolicy(dataplane),
},
}
LabelObjectAsDataPlaneManaged(svc)
Expand Down Expand Up @@ -109,6 +112,14 @@ func getDataPlaneIngressServiceType(dataplane *operatorv1beta1.DataPlane) corev1
return dataplane.Spec.Network.Services.Ingress.Type
}

func getDataPlaneIngressServiceExternalTrafficPolicy(dataplane *operatorv1beta1.DataPlane) corev1.ServiceExternalTrafficPolicy {
if dataplane == nil || dataplane.Spec.Network.Services == nil {
return corev1.ServiceExternalTrafficPolicyCluster
}

return dataplane.Spec.Network.Services.Ingress.ExternalTrafficPolicy
}

// ServiceOpt is an option function for a Service.
type ServiceOpt func(*corev1.Service)

Expand Down
Loading

0 comments on commit 395c874

Please sign in to comment.