Skip to content

Commit

Permalink
Add support for Service traffic policies in external services (konp…
Browse files Browse the repository at this point in the history
…yutaika#403)

* Add support for configuring Service traffic policies

Signed-off-by: Mikael Johansson <[email protected]>

* DOCKER_REPO_BASE -> DOCKER_REGISTRY_BASE

Signed-off-by: Mikael Johansson <[email protected]>

* Update docs

Signed-off-by: Mikael Johansson <[email protected]>

* Update changelog

Signed-off-by: Mikael Johansson <[email protected]>

---------

Signed-off-by: Mikael Johansson <[email protected]>
  • Loading branch information
mikejoh authored Mar 13, 2024
1 parent 9c0f96e commit e60b550
Show file tree
Hide file tree
Showing 8 changed files with 48 additions and 6 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@

### Added

- [PR #403](https://github.com/konpyutaika/nifikop/pull/403) - **[Operator/NifiCluster]** Added support to let users configure `internalTrafficPolicy` and `externalTrafficPolicy` on external services.

- [PR #391](https://github.com/konpyutaika/nifikop/pull/391) - **[Operator/NifiUserGroup]** Added settings missing for secure LDAP connections in login_identity_providers.xml

- [PR #381](https://github.com/konpyutaika/nifikop/pull/381) - **[Operator/NifiUserGroup]** Added ability to set `NifiUserGroup.Spec.Identity` when users need to override the default naming convention.
Expand Down
23 changes: 23 additions & 0 deletions api/v1/nificluster_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -543,6 +543,29 @@ type ExternalServiceSpec struct {
// Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
// +optional
LoadBalancerClass *string `json:"loadBalancerClass,omitempty" protobuf:"bytes,21,opt,name=loadBalancerClass"`
// externalTrafficPolicy describes how nodes distribute service traffic they
// receive on one of the Service's "externally-facing" addresses (NodePorts,
// ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure
// the service in a way that assumes that external load balancers will take care
// of balancing the service traffic between nodes, and so each node will deliver
// traffic only to the node-local endpoints of the service, without masquerading
// the client source IP. (Traffic mistakenly sent to a node with no endpoints will
// be dropped.) The default value, "Cluster", uses the standard behavior of
// routing to all endpoints evenly (possibly modified by topology and other
// features). Note that traffic sent to an External IP or LoadBalancer IP from
// within the cluster will always get "Cluster" semantics, but clients sending to
// a NodePort from within the cluster may need to take traffic policy into account
// when picking a node.
// +optional
ExternalTrafficPolicy corev1.ServiceExternalTrafficPolicy `json:"externalTrafficPolicy,omitempty" protobuf:"bytes,22,opt,name=externalTrafficPolicy,casttype=ServiceExternalTrafficPolicy"`
// InternalTrafficPolicy describes how nodes distribute service traffic they
// receive on the ClusterIP. If set to "Local", the proxy will assume that pods
// only want to talk to endpoints of the service on the same node as the pod,
// dropping the traffic if there are no local endpoints. The default value,
// "Cluster", uses the standard behavior of routing to all endpoints evenly
// (possibly modified by topology and other features).
// +optional
InternalTrafficPolicy *corev1.ServiceInternalTrafficPolicy `json:"internalTrafficPolicy,omitempty" protobuf:"bytes,23,opt,name=internalTrafficPolicy,casttype=ServiceInternalTrafficPolicy"`
}

type PortConfig struct {
Expand Down
5 changes: 5 additions & 0 deletions api/v1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 4 additions & 0 deletions config/crd/bases/nifi.konpyutaika.com_nificlusters.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,10 @@ spec:
type: array
externalName:
type: string
externalTrafficPolicy:
type: string
internalTrafficPolicy:
type: string
loadBalancerClass:
type: string
loadBalancerIP:
Expand Down
4 changes: 4 additions & 0 deletions helm/nifikop/crds/nifi.konpyutaika.com_nificlusters.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,10 @@ spec:
type: array
externalName:
type: string
externalTrafficPolicy:
type: string
internalTrafficPolicy:
type: string
loadBalancerClass:
type: string
loadBalancerIP:
Expand Down
2 changes: 2 additions & 0 deletions pkg/resources/nifi/service.go
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,8 @@ func (r *Reconciler) externalServices(log zap.Logger) []runtimeClient.Object {
LoadBalancerSourceRanges: eService.Spec.LoadBalancerSourceRanges,
ExternalName: eService.Spec.ExternalName,
LoadBalancerClass: eService.Spec.LoadBalancerClass,
InternalTrafficPolicy: eService.Spec.InternalTrafficPolicy,
ExternalTrafficPolicy: eService.Spec.ExternalTrafficPolicy,
},
})
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -49,8 +49,8 @@ externalServices:
|Field|Type|Description|Required|Default|
|-----|----|-----------|--------|--------|
|name|string| must be unique within a namespace. Name is primarily intended for creation idempotence and configuration.| Yes | - |
|metadata|[Metadata](#metadata)|define additionnal metadata to merge to the service associated.| No | - |
|name|string| Must be unique within a namespace. Name is primarily intended for creation idempotence and configuration.| Yes | - |
|metadata|[Metadata](#metadata)| Defines additional metadata to merge with the associated service.| No | - |
|spec|[ExternalServiceSpec](#externalservicespec)| defines the behavior of a service.| Yes | |
## ExternalServiceSpec
Expand All @@ -65,6 +65,8 @@ Field|Type|Description|Required|Default|
|loadBalancerSourceRanges|\[&nbsp;\]string| If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs | No | - |
|externalName|string| externalName is the external reference that kubedns or equivalent will return as a CNAME record for this service. No proxying will be involved. | No | - |
|loadBalancerClass|string| loadBalancerClass is the class of the load balancer implementation this Service belongs to. | No | - |
|externalTrafficPolicy|string| See the Kubernetes [traffic policies](https://kubernetes.io/docs/reference/networking/virtual-ips/#traffic-policies) documentation. | No | Depends on the `Service` type. |
|internalTrafficPolicy|string| See the Kubernetes [traffic policies](https://kubernetes.io/docs/reference/networking/virtual-ips/#traffic-policies) documentation. | No | Depends on the `Service` type. |

## PortConfig

Expand All @@ -73,11 +75,11 @@ Field|Type|Description|Required|Default|
|port|int32| The port that will be exposed by this service. | Yes | - |
|internalListenerName|string| The name of the listener which will be used as target container. | Yes | - |
|nodePort|int32| The port that will expose this service externally. (Only if the service is of type NodePort) | No | - |
|protocol|[Protocol](https://pkg.go.dev/k8s.io/api/core/v1#Protocol)| the network protocol for this service port. Must be one of the protocol enum values (i.e. TCP, UDP, SCTP). | No | `TCP` |
|protocol|[Protocol](https://pkg.go.dev/k8s.io/api/core/v1#Protocol)| The network protocol for this service port. Must be one of the protocol enum values (i.e. TCP, UDP, SCTP). | No | `TCP` |

## Metadata

Field|Type|Description|Required|Default|
|-----|----|-----------|--------|--------|
| annotations | map\[string\]string | Additionnal annotation to merge to the service associated [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/#syntax-and-character-set). |No|nil|
| labels | map\[string\]string | Additionnal labels to merge to the service associated [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#syntax-and-character-set). |No|nil|
| annotations | map\[string\]string | Additional annotations to merge with the associated service [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/#syntax-and-character-set). | No | `nil` |
| labels | map\[string\]string | Additional labels to merge with the associated service [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#syntax-and-character-set). | No | `nil` |
2 changes: 1 addition & 1 deletion site/docs/6_contributing/1_developer_guide.md
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ This section provides an instructions for running the operator Helm charts with
Build the image from the current branch.

```bash
export DOCKER_REPO_BASE={your-docker-repo}
export DOCKER_REGISTRY_BASE={your-docker-repo}
make docker-build
```

Expand Down

0 comments on commit e60b550

Please sign in to comment.