Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Kubespan native route #6494

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions api/resource/definitions/kubespan/kubespan.proto
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ message ConfigSpec {
bool force_routing = 4;
bool advertise_kubernetes_networks = 5;
uint32 mtu = 6;
repeated string filter_endpoints = 7;
repeated string filter_native_route = 8;
}

// EndpointSpec describes Endpoint state.
Expand Down
14 changes: 12 additions & 2 deletions internal/app/machined/pkg/controllers/cluster/local_affiliate.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import (
"github.com/cosi-project/runtime/pkg/safe"
"github.com/cosi-project/runtime/pkg/state"
"github.com/siderolabs/go-pointer"
"github.com/siderolabs/net"
"go.uber.org/zap"

"github.com/siderolabs/talos/pkg/machinery/constants"
Expand Down Expand Up @@ -216,9 +217,18 @@ func (ctrl *LocalAffiliateController) Run(ctx context.Context, r controller.Runt
spec.KubeSpan.AdditionalAddresses = nil
}

endpoints := make([]netip.AddrPort, 0, len(nodeIPs))
endpointsIP := nodeIPs

for _, ip := range nodeIPs {
if len(kubespanConfig.TypedSpec().FilterEndpoints) > 0 {
endpointsIP, err = net.FilterIPs(nodeIPs, kubespanConfig.TypedSpec().FilterEndpoints)
if err != nil {
return fmt.Errorf("error filtering KubeSpanEndpoints IPs: %w", err)
}
}

endpoints := make([]netip.AddrPort, 0, len(endpointsIP))

for _, ip := range endpointsIP {
if ip == spec.KubeSpan.Address {
// skip kubespan local address
continue
Expand Down
2 changes: 2 additions & 0 deletions internal/app/machined/pkg/controllers/kubespan/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,8 @@ func (ctrl *ConfigController) Run(ctx context.Context, r controller.Runtime, log
res.(*kubespan.Config).TypedSpec().ForceRouting = c.Machine().Network().KubeSpan().ForceRouting()
res.(*kubespan.Config).TypedSpec().AdvertiseKubernetesNetworks = c.Machine().Network().KubeSpan().AdvertiseKubernetesNetworks()
res.(*kubespan.Config).TypedSpec().MTU = c.Machine().Network().KubeSpan().MTU()
res.(*kubespan.Config).TypedSpec().FilterEndpoints = c.Machine().Network().KubeSpan().Filters().Endpoints()
res.(*kubespan.Config).TypedSpec().FilterNativeRoute = c.Machine().Network().KubeSpan().Filters().NativeRoute()

return nil
}); err != nil {
Expand Down
8 changes: 8 additions & 0 deletions internal/app/machined/pkg/controllers/kubespan/manager.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ import (
"github.com/cosi-project/runtime/pkg/state"
"github.com/siderolabs/gen/value"
"github.com/siderolabs/go-pointer"
"github.com/siderolabs/net"
"go.uber.org/zap"
"go4.org/netipx"
"golang.zx2c4.com/wireguard/wgctrl"
Expand Down Expand Up @@ -358,6 +359,13 @@ func (ctrl *ManagerController) Run(ctx context.Context, r controller.Runtime, lo
// or if the peer connection state is up.
if cfgSpec.ForceRouting || peerStatus.State == kubespan.PeerStateUp {
for _, prefix := range peerSpec.AllowedIPs {
// For optimization purposes.
if cfgSpec.FilterNativeRoute != nil && prefix.IsSingleIP() {
if exist, err := net.FilterIPs([]netip.Addr{prefix.Addr()}, cfgSpec.FilterNativeRoute); err == nil && exist != nil {
continue
}
}

allowedIPsBuilder.AddPrefix(prefix)
}
}
Expand Down
162 changes: 92 additions & 70 deletions pkg/machinery/api/resource/definitions/kubespan/kubespan.pb.go

Large diffs are not rendered by default.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 7 additions & 0 deletions pkg/machinery/config/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -292,6 +292,13 @@ type KubeSpan interface {
ForceRouting() bool
AdvertiseKubernetesNetworks() bool
MTU() uint32
Filters() KubeSpanFilters
}

// KubeSpanFilters configures KubeSpan filters.
type KubeSpanFilters interface {
Endpoints() []string
NativeRoute() []string
}

// NetworkDeviceSelector defines the set of fields that can be used to pick network a device.
Expand Down
27 changes: 27 additions & 0 deletions pkg/machinery/config/types/v1alpha1/v1alpha1_provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -1024,6 +1024,33 @@ func (k *NetworkKubeSpan) MTU() uint32 {
return pointer.SafeDeref(k.KubeSpanMTU)
}

// Filters implements the KubeSpan interface.
func (k *NetworkKubeSpan) Filters() config.KubeSpanFilters {
if k.KubeSpanFilters == nil {
return &KubeSpanFilters{}
}

return k.KubeSpanFilters
}

// Endpoints implements the config.KubeSpanFilters interface.
func (k *KubeSpanFilters) Endpoints() []string {
if k.KubeSpanFiltersEndpoints == nil {
return []string{"0.0.0.0/0", "::/0"}
}

return k.KubeSpanFiltersEndpoints
}

// NativeRoute implements the config.KubeSpanFilters interface.
func (k *KubeSpanFilters) NativeRoute() []string {
if k.KubeSpanFiltersNativeRoute == nil {
return nil
}

return k.KubeSpanFiltersNativeRoute
}

// Disabled implements the config.Provider interface.
func (t *TimeConfig) Disabled() bool {
return pointer.SafeDeref(t.TimeDisabled)
Expand Down
20 changes: 20 additions & 0 deletions pkg/machinery/config/types/v1alpha1/v1alpha1_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -2505,6 +2505,26 @@ type NetworkKubeSpan struct {
// KubeSpan link MTU size.
// Default value is 1420.
KubeSpanMTU *uint32 `yaml:"mtu,omitempty"`
// description: |
// KubeSpan filters.
KubeSpanFilters *KubeSpanFilters `yaml:"filters,omitempty"`
}

// KubeSpanFilters struct describes KubeSpan filters.
type KubeSpanFilters struct {
// description: |
// CIDR list of node IPs, which will use for p2p connections.
// Default value: [0.0.0.0/0, ::/0]
// examples:
// - name: Uncomment this to use only IPv4 stack.
// value: '[]string{"0.0.0.0/0"}'
KubeSpanFiltersEndpoints []string `yaml:"endpoints,omitempty"`
// description: |
// Skip sending traffic via KubeSpan if the destination in that CIDR list.
// examples:
// - name: Do not use KubeSpan to route 10.0.0.0/8 subnet.
// value: '[]string{"10.0.0.0/8"}'
KubeSpanFiltersNativeRoute []string `yaml:"nativeRoute,omitempty"`
}

// NetworkDeviceSelector struct describes network device selector.
Expand Down
38 changes: 37 additions & 1 deletion pkg/machinery/config/types/v1alpha1/v1alpha1_types_doc.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

31 changes: 31 additions & 0 deletions pkg/machinery/config/types/v1alpha1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 4 additions & 0 deletions pkg/machinery/resources/kubespan/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,10 @@ type ConfigSpec struct {
AdvertiseKubernetesNetworks bool `yaml:"advertiseKubernetesNetworks" protobuf:"5"`
// Force kubeSpan MTU size.
MTU uint32 `yaml:"mtu,omitempty" protobuf:"6"`
// Allowed list of node endpoints.
FilterEndpoints []string `yaml:"filterEndpoints,omitempty" protobuf:"7"`
// FilterNativeRoute skip destination CIDR list.
FilterNativeRoute []string `yaml:"filterNativeRoute,omitempty" protobuf:"8"`
}

// NewConfig initializes a Config resource.
Expand Down
Loading