Merge pull request #155 from inhogog2/main

Added BGP Policy CRD

Author: backguynn

README.md

@@ -48,6 +48,7 @@ wget https://github.com/loxilb-io/kube-loxilb/raw/main/manifest/ext-cluster/kube
             #- --monitor
             #- --setBGP=65100
             #- --extBGPPeers=50.50.50.1:65101,51.51.51.1:65102
+            #- --enableBGPCRDs
             #- --setRoles=0.0.0.0
             #- --setLBMode=1
             #- --setUniqueIP=false
@@ -67,6 +68,7 @@ The arguments have the following meaning :
 | setLBMode | 0, 1, 2 <br> 0 - default (only DNAT, preserves source-IP) <br> 1 - onearm (source IP is changed to load balancer’s interface IP) <br> 2 - fullNAT (sourceIP is changed to virtual IP) | 
 | setUniqueIP | Allocate unique service-IP per LB service (default : false) | 
 | externalSecondaryCIDRs | Secondary CIDR or IPAddress ranges to allocate addresses from in case of multi-homing support |   
+| enableBGPCRDs | Enable BGP Policy and Peer CRDs |   
 
 Many of the above flags and arguments can be overriden on a per-service basis based on loxilb specific annotation as mentioned below.   
 
@@ -205,10 +207,30 @@ Thereafter, the process of service creation remains the same as explained in pre
 Kube-loxilb provides Custom Resource Definition (CRD). Current the following operations are supported (which would be continually updated):   
 -  Add a BGP Peer   
 -  Delete a BGP Peer   
+-  Add/Delete a BGP Policy
+
+For information on BGP Policy CRD, please refer [here.](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/k8s_bgp_policy_crd.md)
 
 An example of CRD is stored in  manifest/crds. Setting up a BGP Peer as an example is as follows:   
 
-1. Pre-Processing (Register kube-loxilb CRDs with K8s). Apply lbpeercrd.yaml as first step   
+1. Pre-Processing (Register kube-loxilb CRDs with K8s). 
+
+First of all change the kube-loxilb.yaml arguments. It need to add  `- --enableBGPCRDs` option.
+```
+        args:
+            - --loxiURL=http://12.12.12.1:11111
+            - --externalCIDR=123.123.123.1/24
+            #- --externalSecondaryCIDRs=124.124.124.1/24,125.125.125.1/24
+            #- --externalCIDR6=3ffe::1/96
+            #- --monitor
+            #- --setBGP=65100
+            #- --extBGPPeers=50.50.50.1:65101,51.51.51.1:65102
+            - --enableBGPCRDs
+            #- --setRoles=0.0.0.0
+            #- --setLBMode=1
+            #- --setUniqueIP=false
+```
+And Apply lbpeercrd.yaml
 ```
 kubectl apply -f manifest/crds/lbpeercrd.yaml
 ```

cmd/loxilb-agent/agent.go

@@ -25,6 +25,9 @@ import (
 
 	"github.com/loxilb-io/kube-loxilb/pkg/agent/config"
 	"github.com/loxilb-io/kube-loxilb/pkg/agent/manager/bgppeer"
+	"github.com/loxilb-io/kube-loxilb/pkg/agent/manager/bgppolicyapply"
+	"github.com/loxilb-io/kube-loxilb/pkg/agent/manager/bgppolicydefinedsets"
+	"github.com/loxilb-io/kube-loxilb/pkg/agent/manager/bgppolicydefinition"
 	"github.com/loxilb-io/kube-loxilb/pkg/agent/manager/gatewayapi"
 	"github.com/loxilb-io/kube-loxilb/pkg/agent/manager/loadbalancer"
 	"github.com/loxilb-io/kube-loxilb/pkg/api"
@@ -66,6 +69,9 @@ func run(o *Options) error {
 	informerFactory := informers.NewSharedInformerFactory(k8sClient, informerDefaultResync)
 	crdInformerFactory := crdinformers.NewSharedInformerFactory(crdClient, informerDefaultResync)
 	BGPPeerInformer := crdInformerFactory.Bgppeer().V1().BGPPeerServices()
+	BGPPolicyDefinedSetInformer := crdInformerFactory.Bgppolicydefinedsets().V1().BGPPolicyDefinedSetsServices()
+	BGPPolicyDefinitionInformer := crdInformerFactory.Bgppolicydefinition().V1().BGPPolicyDefinitionServices()
+	BGPPolicyApplyInformer := crdInformerFactory.Bgppolicyapply().V1().BGPPolicyApplyServices()
 	sigsInformerFactory := sigsInformer.NewSharedInformerFactory(sigsClient, informerDefaultResync)
 
 	// networkReadyCh is used to notify that the Node's network is ready.
@@ -200,6 +206,30 @@ func run(o *Options) error {
 		BGPPeerInformer,
 		lbManager,
 	)
+
+	BGPPolicyDefinedSetsManager := bgppolicydefinedsets.NewBGPPolicyDefinedSetsManager(
+		k8sClient,
+		crdClient,
+		networkConfig,
+		BGPPolicyDefinedSetInformer,
+		lbManager,
+	)
+
+	BGPPolicyDefinitionManager := bgppolicydefinition.NewBGPPolicyDefinitionManager(
+		k8sClient,
+		crdClient,
+		networkConfig,
+		BGPPolicyDefinitionInformer,
+		lbManager,
+	)
+	BGPPolicyApplyManager := bgppolicyapply.NewBGPPolicyApplyManager(
+		k8sClient,
+		crdClient,
+		networkConfig,
+		BGPPolicyApplyInformer,
+		lbManager,
+	)
+
 	go func() {
 		for {
 			select {
@@ -226,7 +256,13 @@ func run(o *Options) error {
 	informerFactory.Start(stopCh)
 
 	go lbManager.Run(stopCh, loxiLBLiveCh, loxiLBPurgeCh, loxiLBSelMasterEvent)
-	go BgpPeerManager.Run(stopCh, loxiLBLiveCh, loxiLBPurgeCh, loxiLBSelMasterEvent)
+	if o.config.EnableBGPCRDs {
+		crdInformerFactory.Start(stopCh)
+		go BgpPeerManager.Run(stopCh, loxiLBLiveCh, loxiLBPurgeCh, loxiLBSelMasterEvent)
+		go BGPPolicyDefinedSetsManager.Run(stopCh, loxiLBLiveCh, loxiLBPurgeCh, loxiLBSelMasterEvent)
+		go BGPPolicyDefinitionManager.Run(stopCh, loxiLBLiveCh, loxiLBPurgeCh, loxiLBSelMasterEvent)
+		go BGPPolicyApplyManager.Run(stopCh, loxiLBLiveCh, loxiLBPurgeCh, loxiLBSelMasterEvent)
+	}
 
 	// Run gateway API managers
 	if o.config.EnableGatewayAPI {

cmd/loxilb-agent/config.go

@@ -75,4 +75,6 @@ type AgentConfig struct {
 	// Specify aws secondary IP. Used when configuring HA in AWS.
 	// The specified private IP is assigned to the loxilb instance and is associated with EIP.
 	PrivateCIDR string `yaml:"privateCIDR,omitempty"`
+	// enable Gateway API
+	EnableBGPCRDs bool `yaml:"enableBGPCRDs,omitempty"`
 }

cmd/loxilb-agent/options.go

@@ -62,6 +62,7 @@ func (o *Options) addFlags(fs *pflag.FlagSet) {
 	fs.StringVar(&secondaryCIDRs6, "externalSecondaryCIDRs6", secondaryCIDRs6, "External Secondary CIDR6 Range(s)")
 	fs.StringVar(&o.config.LoxilbLoadBalancerClass, "loxilbLoadBalancerClass", o.config.LoxilbLoadBalancerClass, "Load-Balancer Class Name")
 	fs.BoolVar(&o.config.EnableGatewayAPI, "gatewayAPI", false, "Enable gateway API managers")
+	fs.BoolVar(&o.config.EnableBGPCRDs, "enableBGPCRDs", false, "Enable BGP CRDs")
 	fs.StringVar(&o.config.LoxilbGatewayClass, "loxilbGatewayClass", o.config.LoxilbGatewayClass, "GatewayClass manager Name")
 	fs.Uint16Var(&o.config.SetBGP, "setBGP", o.config.SetBGP, "Use BGP routing")
 	fs.Uint16Var(&o.config.ListenBGPPort, "listenBGPPort", o.config.ListenBGPPort, "Custom BGP listen port")

manifest/crds/bgp-policy-apply-service.yaml

@@ -0,0 +1,44 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.13.0
+  name: bgppolicyapplyservices.bgppolicyapply.loxilb.io
+spec:
+  group: bgppolicyapply.loxilb.io
+  names:
+    kind: BGPPolicyApplyService
+    listKind: BGPPolicyApplyServiceList
+    plural: bgppolicyapplyservices
+    singular: bgppolicyapplyservice
+  scope: Cluster
+  versions:
+    - name: v1
+      served: true
+      storage: true
+      additionalPrinterColumns:
+      - name: Name
+        type: string
+        priority: 0
+        jsonPath: .spec.ipAddress
+        description: Applied policy IP address    
+      schema:
+        openAPIV3Schema:
+          type: object
+          properties:
+            spec:
+              type: object
+              properties:
+                ipAddress:
+                  type: string
+                policyType:
+                  type: string
+                policies:
+                  type: array
+                  items:
+                    type: string
+                routeAction:
+                  type: string
+            status:
+              type: object
+              x-kubernetes-preserve-unknown-fields: true

manifest/crds/bgp-policy-apply.yaml

@@ -0,0 +1,10 @@
+apiVersion: bgppolicyapply.loxilb.io/v1
+kind: BGPPolicyApplyService
+metadata:
+  name: policy-apply
+spec:
+  ipAddress: "10.10.10.254"
+  policyType: "import"
+  policies:
+  - "poltest6"
+  routeAction: "accept"

manifest/crds/bgp-policy-defined-sets-service.yaml

@@ -0,0 +1,53 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.13.0
+  name: bgppolicydefinedsetsservices.bgppolicydefinedsets.loxilb.io
+spec:
+  group: bgppolicydefinedsets.loxilb.io
+  names:
+    kind: BGPPolicyDefinedSetsService
+    listKind: BGPPolicyDefinedSetsServiceList
+    plural: bgppolicydefinedsetsservices
+    singular: bgppolicydefinedsetsservice
+  scope: Cluster
+  versions:
+    - name: v1
+      served: true
+      storage: true
+      additionalPrinterColumns:
+      - name: Name
+        type: string
+        priority: 0
+        jsonPath: .spec.name
+        description: Defined Set Name        
+      schema:
+        openAPIV3Schema:
+          type: object
+          properties:
+            spec:
+              type: object
+              properties:
+                name:
+                  type: string
+                definedType:
+                  type: string
+                List:
+                  type: array
+                  items:
+                    type: string
+                prefixList:
+                  type: array
+                  items:
+                    type: object
+                    properties:
+                      ipPrefix:
+                        type: string
+                      masklengthRange:
+                        type: string
+              required:
+                - name
+            status:
+              type: object
+              x-kubernetes-preserve-unknown-fields: true

manifest/crds/bgp-policy-defined-sets.yaml

@@ -0,0 +1,10 @@
+apiVersion: bgppolicydefinedsets.loxilb.io/v1
+kind: BGPPolicyDefinedSetsService
+metadata:
+  name: policy-prefix
+spec:
+  name: "ps2"
+  definedType: "prefix"
+  prefixList:
+    - ipPrefix: "192.168.0.0/16"
+      masklengthRange: "16..24"