From e60b55003b47bf36213c24980869ffe9073f9306 Mon Sep 17 00:00:00 2001 From: Mikael Johansson Date: Wed, 13 Mar 2024 18:48:51 +0100 Subject: [PATCH] Add support for `Service` traffic policies in external services (#403) * Add support for configuring Service traffic policies Signed-off-by: Mikael Johansson * DOCKER_REPO_BASE -> DOCKER_REGISTRY_BASE Signed-off-by: Mikael Johansson * Update docs Signed-off-by: Mikael Johansson * Update changelog Signed-off-by: Mikael Johansson --------- Signed-off-by: Mikael Johansson --- CHANGELOG.md | 2 ++ api/v1/nificluster_types.go | 23 +++++++++++++++++++ api/v1/zz_generated.deepcopy.go | 5 ++++ .../nifi.konpyutaika.com_nificlusters.yaml | 4 ++++ .../nifi.konpyutaika.com_nificlusters.yaml | 4 ++++ pkg/resources/nifi/service.go | 2 ++ .../7_external_service_config.md | 12 ++++++---- site/docs/6_contributing/1_developer_guide.md | 2 +- 8 files changed, 48 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 828f524bb9..8a50c94eb1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ ### Added +- [PR #403](https://github.com/konpyutaika/nifikop/pull/403) - **[Operator/NifiCluster]** Added support to let users configure `internalTrafficPolicy` and `externalTrafficPolicy` on external services. + - [PR #391](https://github.com/konpyutaika/nifikop/pull/391) - **[Operator/NifiUserGroup]** Added settings missing for secure LDAP connections in login_identity_providers.xml - [PR #381](https://github.com/konpyutaika/nifikop/pull/381) - **[Operator/NifiUserGroup]** Added ability to set `NifiUserGroup.Spec.Identity` when users need to override the default naming convention. diff --git a/api/v1/nificluster_types.go b/api/v1/nificluster_types.go index 943995e890..0190ed2ead 100644 --- a/api/v1/nificluster_types.go +++ b/api/v1/nificluster_types.go @@ -543,6 +543,29 @@ type ExternalServiceSpec struct { // Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. // +optional LoadBalancerClass *string `json:"loadBalancerClass,omitempty" protobuf:"bytes,21,opt,name=loadBalancerClass"` + // externalTrafficPolicy describes how nodes distribute service traffic they + // receive on one of the Service's "externally-facing" addresses (NodePorts, + // ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + // the service in a way that assumes that external load balancers will take care + // of balancing the service traffic between nodes, and so each node will deliver + // traffic only to the node-local endpoints of the service, without masquerading + // the client source IP. (Traffic mistakenly sent to a node with no endpoints will + // be dropped.) The default value, "Cluster", uses the standard behavior of + // routing to all endpoints evenly (possibly modified by topology and other + // features). Note that traffic sent to an External IP or LoadBalancer IP from + // within the cluster will always get "Cluster" semantics, but clients sending to + // a NodePort from within the cluster may need to take traffic policy into account + // when picking a node. + // +optional + ExternalTrafficPolicy corev1.ServiceExternalTrafficPolicy `json:"externalTrafficPolicy,omitempty" protobuf:"bytes,22,opt,name=externalTrafficPolicy,casttype=ServiceExternalTrafficPolicy"` + // InternalTrafficPolicy describes how nodes distribute service traffic they + // receive on the ClusterIP. If set to "Local", the proxy will assume that pods + // only want to talk to endpoints of the service on the same node as the pod, + // dropping the traffic if there are no local endpoints. The default value, + // "Cluster", uses the standard behavior of routing to all endpoints evenly + // (possibly modified by topology and other features). + // +optional + InternalTrafficPolicy *corev1.ServiceInternalTrafficPolicy `json:"internalTrafficPolicy,omitempty" protobuf:"bytes,23,opt,name=internalTrafficPolicy,casttype=ServiceInternalTrafficPolicy"` } type PortConfig struct { diff --git a/api/v1/zz_generated.deepcopy.go b/api/v1/zz_generated.deepcopy.go index 675f978c67..1bff7cc9f2 100644 --- a/api/v1/zz_generated.deepcopy.go +++ b/api/v1/zz_generated.deepcopy.go @@ -218,6 +218,11 @@ func (in *ExternalServiceSpec) DeepCopyInto(out *ExternalServiceSpec) { *out = new(string) **out = **in } + if in.InternalTrafficPolicy != nil { + in, out := &in.InternalTrafficPolicy, &out.InternalTrafficPolicy + *out = new(corev1.ServiceInternalTrafficPolicy) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalServiceSpec. diff --git a/config/crd/bases/nifi.konpyutaika.com_nificlusters.yaml b/config/crd/bases/nifi.konpyutaika.com_nificlusters.yaml index f0f5a9ffa0..b681e4c9f8 100644 --- a/config/crd/bases/nifi.konpyutaika.com_nificlusters.yaml +++ b/config/crd/bases/nifi.konpyutaika.com_nificlusters.yaml @@ -69,6 +69,10 @@ spec: type: array externalName: type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string loadBalancerClass: type: string loadBalancerIP: diff --git a/helm/nifikop/crds/nifi.konpyutaika.com_nificlusters.yaml b/helm/nifikop/crds/nifi.konpyutaika.com_nificlusters.yaml index f0f5a9ffa0..b681e4c9f8 100644 --- a/helm/nifikop/crds/nifi.konpyutaika.com_nificlusters.yaml +++ b/helm/nifikop/crds/nifi.konpyutaika.com_nificlusters.yaml @@ -69,6 +69,10 @@ spec: type: array externalName: type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string loadBalancerClass: type: string loadBalancerIP: diff --git a/pkg/resources/nifi/service.go b/pkg/resources/nifi/service.go index 33a06d54f4..bc3f0d9931 100644 --- a/pkg/resources/nifi/service.go +++ b/pkg/resources/nifi/service.go @@ -70,6 +70,8 @@ func (r *Reconciler) externalServices(log zap.Logger) []runtimeClient.Object { LoadBalancerSourceRanges: eService.Spec.LoadBalancerSourceRanges, ExternalName: eService.Spec.ExternalName, LoadBalancerClass: eService.Spec.LoadBalancerClass, + InternalTrafficPolicy: eService.Spec.InternalTrafficPolicy, + ExternalTrafficPolicy: eService.Spec.ExternalTrafficPolicy, }, }) } diff --git a/site/docs/5_references/1_nifi_cluster/7_external_service_config.md b/site/docs/5_references/1_nifi_cluster/7_external_service_config.md index b2d3522eae..ac2e0ed512 100644 --- a/site/docs/5_references/1_nifi_cluster/7_external_service_config.md +++ b/site/docs/5_references/1_nifi_cluster/7_external_service_config.md @@ -49,8 +49,8 @@ externalServices: |Field|Type|Description|Required|Default| |-----|----|-----------|--------|--------| -|name|string| must be unique within a namespace. Name is primarily intended for creation idempotence and configuration.| Yes | - | -|metadata|[Metadata](#metadata)|define additionnal metadata to merge to the service associated.| No | - | +|name|string| Must be unique within a namespace. Name is primarily intended for creation idempotence and configuration.| Yes | - | +|metadata|[Metadata](#metadata)| Defines additional metadata to merge with the associated service.| No | - | |spec|[ExternalServiceSpec](#externalservicespec)| defines the behavior of a service.| Yes | | ## ExternalServiceSpec @@ -65,6 +65,8 @@ Field|Type|Description|Required|Default| |loadBalancerSourceRanges|\[ \]string| If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs | No | - | |externalName|string| externalName is the external reference that kubedns or equivalent will return as a CNAME record for this service. No proxying will be involved. | No | - | |loadBalancerClass|string| loadBalancerClass is the class of the load balancer implementation this Service belongs to. | No | - | +|externalTrafficPolicy|string| See the Kubernetes [traffic policies](https://kubernetes.io/docs/reference/networking/virtual-ips/#traffic-policies) documentation. | No | Depends on the `Service` type. | +|internalTrafficPolicy|string| See the Kubernetes [traffic policies](https://kubernetes.io/docs/reference/networking/virtual-ips/#traffic-policies) documentation. | No | Depends on the `Service` type. | ## PortConfig @@ -73,11 +75,11 @@ Field|Type|Description|Required|Default| |port|int32| The port that will be exposed by this service. | Yes | - | |internalListenerName|string| The name of the listener which will be used as target container. | Yes | - | |nodePort|int32| The port that will expose this service externally. (Only if the service is of type NodePort) | No | - | -|protocol|[Protocol](https://pkg.go.dev/k8s.io/api/core/v1#Protocol)| the network protocol for this service port. Must be one of the protocol enum values (i.e. TCP, UDP, SCTP). | No | `TCP` | +|protocol|[Protocol](https://pkg.go.dev/k8s.io/api/core/v1#Protocol)| The network protocol for this service port. Must be one of the protocol enum values (i.e. TCP, UDP, SCTP). | No | `TCP` | ## Metadata Field|Type|Description|Required|Default| |-----|----|-----------|--------|--------| -| annotations | map\[string\]string | Additionnal annotation to merge to the service associated [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/#syntax-and-character-set). |No|nil| -| labels | map\[string\]string | Additionnal labels to merge to the service associated [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#syntax-and-character-set). |No|nil| +| annotations | map\[string\]string | Additional annotations to merge with the associated service [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/#syntax-and-character-set). | No | `nil` | +| labels | map\[string\]string | Additional labels to merge with the associated service [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#syntax-and-character-set). | No | `nil` | diff --git a/site/docs/6_contributing/1_developer_guide.md b/site/docs/6_contributing/1_developer_guide.md index ca98b99e19..fc272453a7 100644 --- a/site/docs/6_contributing/1_developer_guide.md +++ b/site/docs/6_contributing/1_developer_guide.md @@ -95,7 +95,7 @@ This section provides an instructions for running the operator Helm charts with Build the image from the current branch. ```bash -export DOCKER_REPO_BASE={your-docker-repo} +export DOCKER_REGISTRY_BASE={your-docker-repo} make docker-build ```