Add Kubernetes API server invocation proxy handler
Change-Id: Iadcbe4c2969e36e1f7bf10caff4926c5662d0df6
diff --git a/apps/k8s-networking/api/src/main/java/org/onosproject/k8snetworking/api/Constants.java b/apps/k8s-networking/api/src/main/java/org/onosproject/k8snetworking/api/Constants.java
index 7526fdd..763bae6 100644
--- a/apps/k8s-networking/api/src/main/java/org/onosproject/k8snetworking/api/Constants.java
+++ b/apps/k8s-networking/api/src/main/java/org/onosproject/k8snetworking/api/Constants.java
@@ -31,7 +31,7 @@
public static final String ARP_PROXY_MODE = "proxy";
public static final String DEFAULT_GATEWAY_MAC_STR = "fe:00:00:00:00:02";
- public static final String DEFAULT_HOST_MAC_STR = "fe:00:00:00:00:08";
+
public static final MacAddress DEFAULT_GATEWAY_MAC =
MacAddress.valueOf(DEFAULT_GATEWAY_MAC_STR);
@@ -45,10 +45,7 @@
// flow priority
public static final int PRIORITY_SNAT_RULE = 26000;
public static final int PRIORITY_TUNNEL_TAG_RULE = 30000;
- public static final int PRIORITY_DHCP_RULE = 42000;
- public static final int PRIORITY_ADMIN_RULE = 32000;
- public static final int PRIORITY_ACL_RULE = 31000;
- public static final int PRIORITY_ACL_INGRESS_RULE = 30000;
+ public static final int PRIORITY_TRANSLATION_RULE = 30000;
public static final int PRIORITY_CT_HOOK_RULE = 30500;
public static final int PRIORITY_CT_RULE = 32000;
public static final int PRIORITY_CT_DROP_RULE = 32500;
@@ -66,10 +63,6 @@
public static final int STAT_INBOUND_TABLE = 0;
public static final int VTAP_INBOUND_TABLE = 1;
public static final int VTAP_INBOUND_MIRROR_TABLE = 2;
- public static final int STAT_FLAT_OUTBOUND_TABLE = 10;
- public static final int VTAP_FLAT_OUTBOUND_TABLE = 11;
- public static final int VTAP_FLAT_OUTBOUND_MIRROR_TABLE = 12;
- public static final int DHCP_TABLE = 5;
public static final int VTAG_TABLE = 30;
public static final int ARP_TABLE = 35;
public static final int ACL_EGRESS_TABLE = 40;
@@ -83,9 +76,4 @@
public static final int VTAP_OUTBOUND_MIRROR_TABLE = 72;
public static final int FORWARDING_TABLE = 80;
public static final int ERROR_TABLE = 100;
-
- // group table index
- public static final int VTAP_INBOUND_GROUP_TABLE = 1;
- public static final int VTAP_FLAT_OUTBOUND_GROUP_TABLE = 2;
- public static final int VTAP_OUTBOUND_GROUP_TABLE = 3;
}
diff --git a/apps/k8s-networking/app/BUILD b/apps/k8s-networking/app/BUILD
index e6b5753..0a9af85 100644
--- a/apps/k8s-networking/app/BUILD
+++ b/apps/k8s-networking/app/BUILD
@@ -4,6 +4,7 @@
"//protocols/ovsdb/rfc:onos-protocols-ovsdb-rfc",
"//apps/k8s-node/api:onos-apps-k8s-node-api",
"//apps/k8s-networking/api:onos-apps-k8s-networking-api",
+ "@commons_codec//jar",
]
TEST_DEPS = TEST_ADAPTERS + TEST_REST + [
diff --git a/apps/k8s-networking/app/src/main/java/org/onosproject/k8snetworking/impl/K8sApiServerProxyHandler.java b/apps/k8s-networking/app/src/main/java/org/onosproject/k8snetworking/impl/K8sApiServerProxyHandler.java
new file mode 100644
index 0000000..ef1acaa
--- /dev/null
+++ b/apps/k8s-networking/app/src/main/java/org/onosproject/k8snetworking/impl/K8sApiServerProxyHandler.java
@@ -0,0 +1,217 @@
+/*
+ * Copyright 2019-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.k8snetworking.impl;
+
+import org.onlab.packet.Ethernet;
+import org.onlab.packet.IPv4;
+import org.onlab.packet.IpAddress;
+import org.onlab.packet.IpPrefix;
+import org.onlab.packet.TpPort;
+import org.onosproject.cluster.ClusterService;
+import org.onosproject.cluster.LeadershipService;
+import org.onosproject.cluster.NodeId;
+import org.onosproject.core.ApplicationId;
+import org.onosproject.core.CoreService;
+import org.onosproject.k8snetworking.api.K8sFlowRuleService;
+import org.onosproject.k8snode.api.K8sNode;
+import org.onosproject.k8snode.api.K8sNodeEvent;
+import org.onosproject.k8snode.api.K8sNodeListener;
+import org.onosproject.k8snode.api.K8sNodeService;
+import org.onosproject.net.PortNumber;
+import org.onosproject.net.flow.DefaultTrafficSelector;
+import org.onosproject.net.flow.DefaultTrafficTreatment;
+import org.onosproject.net.flow.TrafficSelector;
+import org.onosproject.net.flow.TrafficTreatment;
+import org.onosproject.net.packet.PacketService;
+import org.osgi.service.component.annotations.Activate;
+import org.osgi.service.component.annotations.Component;
+import org.osgi.service.component.annotations.Deactivate;
+import org.osgi.service.component.annotations.Reference;
+import org.osgi.service.component.annotations.ReferenceCardinality;
+import org.slf4j.Logger;
+
+import java.util.Objects;
+import java.util.concurrent.ExecutorService;
+
+import static java.util.concurrent.Executors.newSingleThreadExecutor;
+import static org.onlab.util.Tools.groupedThreads;
+import static org.onosproject.k8snetworking.api.Constants.FORWARDING_TABLE;
+import static org.onosproject.k8snetworking.api.Constants.K8S_NETWORKING_APP_ID;
+import static org.onosproject.k8snetworking.api.Constants.PRIORITY_TRANSLATION_RULE;
+import static org.onosproject.k8snetworking.api.Constants.STAT_OUTBOUND_TABLE;
+import static org.slf4j.LoggerFactory.getLogger;
+
+/**
+ * Handles kubernetes API server requests from pods.
+ */
+@Component(immediate = true)
+public class K8sApiServerProxyHandler {
+ protected final Logger log = getLogger(getClass());
+
+ private static final String API_SERVER_CLUSTER_IP = "10.96.0.1";
+ private static final int API_SERVER_CLUSTER_PORT = 443;
+ private static final String API_SERVER_IP = "10.10.10.1";
+ private static final int API_SERVER_PORT = 6443;
+ private static final int PREFIX_LENGTH = 32;
+
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
+ protected CoreService coreService;
+
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
+ protected PacketService packetService;
+
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
+ protected ClusterService clusterService;
+
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
+ protected LeadershipService leadershipService;
+
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
+ protected K8sNodeService k8sNodeService;
+
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
+ protected K8sFlowRuleService k8sFlowRuleService;
+
+ private final ExecutorService eventExecutor = newSingleThreadExecutor(
+ groupedThreads(this.getClass().getSimpleName(), "event-handler", log));
+ private final K8sNodeListener k8sNodeListener = new InternalNodeEventListener();
+
+ private ApplicationId appId;
+ private NodeId localNodeId;
+
+ @Activate
+ protected void activate() {
+ appId = coreService.registerApplication(K8S_NETWORKING_APP_ID);
+ localNodeId = clusterService.getLocalNode().id();
+ k8sNodeService.addListener(k8sNodeListener);
+ leadershipService.runForLeadership(appId.name());
+
+ log.info("Started");
+ }
+
+ @Deactivate
+ protected void deactivate() {
+ k8sNodeService.removeListener(k8sNodeListener);
+ leadershipService.withdraw(appId.name());
+ eventExecutor.shutdown();
+
+ log.info("Stopped");
+ }
+
+ private class InternalNodeEventListener implements K8sNodeListener {
+
+ private boolean isRelevantHelper() {
+ return Objects.equals(localNodeId, leadershipService.getLeader(appId.name()));
+ }
+
+ @Override
+ public void event(K8sNodeEvent event) {
+ K8sNode k8sNode = event.subject();
+ switch (event.type()) {
+ case K8S_NODE_COMPLETE:
+ eventExecutor.execute(() -> processNodeCompletion(k8sNode));
+ break;
+ case K8S_NODE_INCOMPLETE:
+ eventExecutor.execute(() -> processNodeIncompletion(k8sNode));
+ break;
+ default:
+ break;
+ }
+ }
+
+ private void processNodeCompletion(K8sNode k8sNode) {
+ if (!isRelevantHelper()) {
+ return;
+ }
+
+ setRequestTranslationRule(k8sNode, true);
+ setResponseTranslationRule(k8sNode, true);
+ }
+
+ private void processNodeIncompletion(K8sNode k8sNode) {
+ if (!isRelevantHelper()) {
+ return;
+ }
+
+ setRequestTranslationRule(k8sNode, false);
+ setResponseTranslationRule(k8sNode, false);
+ }
+
+ /**
+ * Installs k8s API server rule for receiving all API request packets.
+ *
+ * @param k8sNode kubernetes node
+ * @param install installation flag
+ */
+ private void setRequestTranslationRule(K8sNode k8sNode, boolean install) {
+ TrafficSelector selector = DefaultTrafficSelector.builder()
+ .matchEthType(Ethernet.TYPE_IPV4)
+ .matchIPProtocol(IPv4.PROTOCOL_TCP)
+ .matchIPDst(IpPrefix.valueOf(
+ IpAddress.valueOf(API_SERVER_CLUSTER_IP), PREFIX_LENGTH))
+ .matchTcpDst(TpPort.tpPort(API_SERVER_CLUSTER_PORT))
+ .build();
+
+ TrafficTreatment treatment = DefaultTrafficTreatment.builder()
+ .setIpDst(IpAddress.valueOf(API_SERVER_IP))
+ .setTcpDst(TpPort.tpPort(API_SERVER_PORT))
+ .setOutput(PortNumber.LOCAL)
+ .build();
+
+ k8sFlowRuleService.setRule(
+ appId,
+ k8sNode.intgBridge(),
+ selector,
+ treatment,
+ PRIORITY_TRANSLATION_RULE,
+ STAT_OUTBOUND_TABLE,
+ install
+ );
+ }
+
+ /**
+ * Installs k8s API server rule for receiving all API response packets.
+ *
+ * @param k8sNode kubernetes node
+ * @param install installation flag
+ */
+ private void setResponseTranslationRule(K8sNode k8sNode, boolean install) {
+ TrafficSelector selector = DefaultTrafficSelector.builder()
+ .matchEthType(Ethernet.TYPE_IPV4)
+ .matchIPProtocol(IPv4.PROTOCOL_TCP)
+ .matchIPSrc(IpPrefix.valueOf(
+ IpAddress.valueOf(API_SERVER_IP), PREFIX_LENGTH))
+ .matchTcpSrc(TpPort.tpPort(API_SERVER_PORT))
+ .build();
+
+ TrafficTreatment treatment = DefaultTrafficTreatment.builder()
+ .setIpSrc(IpAddress.valueOf(API_SERVER_CLUSTER_IP))
+ .setTcpSrc(TpPort.tpPort(API_SERVER_CLUSTER_PORT))
+ .transition(FORWARDING_TABLE)
+ .build();
+
+ k8sFlowRuleService.setRule(
+ appId,
+ k8sNode.intgBridge(),
+ selector,
+ treatment,
+ PRIORITY_TRANSLATION_RULE,
+ STAT_OUTBOUND_TABLE,
+ install
+ );
+ }
+ }
+}
diff --git a/apps/k8s-networking/app/src/main/java/org/onosproject/k8snetworking/impl/K8sFlowRuleManager.java b/apps/k8s-networking/app/src/main/java/org/onosproject/k8snetworking/impl/K8sFlowRuleManager.java
index 52844d5..b0993bf 100644
--- a/apps/k8s-networking/app/src/main/java/org/onosproject/k8snetworking/impl/K8sFlowRuleManager.java
+++ b/apps/k8s-networking/app/src/main/java/org/onosproject/k8snetworking/impl/K8sFlowRuleManager.java
@@ -57,7 +57,6 @@
import static org.onosproject.k8snetworking.api.Constants.ACL_EGRESS_TABLE;
import static org.onosproject.k8snetworking.api.Constants.ARP_TABLE;
import static org.onosproject.k8snetworking.api.Constants.DEFAULT_GATEWAY_MAC;
-import static org.onosproject.k8snetworking.api.Constants.DHCP_TABLE;
import static org.onosproject.k8snetworking.api.Constants.FORWARDING_TABLE;
import static org.onosproject.k8snetworking.api.Constants.JUMP_TABLE;
import static org.onosproject.k8snetworking.api.Constants.K8S_NETWORKING_APP_ID;
@@ -217,10 +216,7 @@
// for inbound table transition
connectTables(deviceId, STAT_INBOUND_TABLE, VTAP_INBOUND_TABLE);
- connectTables(deviceId, VTAP_INBOUND_TABLE, DHCP_TABLE);
-
- // for DHCP and vTag table transition
- connectTables(deviceId, DHCP_TABLE, VTAG_TABLE);
+ connectTables(deviceId, VTAP_INBOUND_TABLE, VTAG_TABLE);
// for vTag and ARP table transition
connectTables(deviceId, VTAG_TABLE, ARP_TABLE);
diff --git a/apps/k8s-networking/app/src/main/java/org/onosproject/k8snetworking/impl/K8sSwitchingArpHandler.java b/apps/k8s-networking/app/src/main/java/org/onosproject/k8snetworking/impl/K8sSwitchingArpHandler.java
index 90ad174..1bf2150 100644
--- a/apps/k8s-networking/app/src/main/java/org/onosproject/k8snetworking/impl/K8sSwitchingArpHandler.java
+++ b/apps/k8s-networking/app/src/main/java/org/onosproject/k8snetworking/impl/K8sSwitchingArpHandler.java
@@ -90,6 +90,8 @@
private final Logger log = LoggerFactory.getLogger(getClass());
+ private static final String API_SERVER_CLUSTER_IP = "10.96.0.1";
+
@Reference(cardinality = ReferenceCardinality.MANDATORY)
protected CoreService coreService;
@@ -212,7 +214,7 @@
.filter(n -> n.gatewayIp().equals(targetIp))
.count();
- if (gwIpCnt > 0) {
+ if (gwIpCnt > 0 || targetIp.equals(IpAddress.valueOf(API_SERVER_CLUSTER_IP))) {
replyMac = gwMacAddress;
}
diff --git a/apps/k8s-networking/app/src/main/resources/definitions/K8sNetwork.json b/apps/k8s-networking/app/src/main/resources/definitions/K8sNetwork.json
index 1a5a7f2..5653ae8 100644
--- a/apps/k8s-networking/app/src/main/resources/definitions/K8sNetwork.json
+++ b/apps/k8s-networking/app/src/main/resources/definitions/K8sNetwork.json
@@ -13,17 +13,17 @@
"properties": {
"networkId": {
"type": "string",
- "example": "a87cc70a-3e15-4acf-8205-9b711a3531b7",
+ "example": "sona-network",
"description": "The ID of the attached network."
},
"type": {
"type": "string",
- "example": "MINION",
- "description": "Type of kubernetes node."
+ "example": "VXLAN",
+ "description": "Type of kubernetes network."
},
"name": {
"type": "string",
- "example": "my_network",
+ "example": "sona-network",
"description": "The name of network."
},
"segmentId": {
@@ -38,7 +38,7 @@
},
"cidr": {
"type": "string",
- "example": "32",
+ "example": "10.10.10.0/24",
"description": "The CIDR of this network."
},
"mtu": {