kmesh-net
add bypass logic for kmesh
What type of PR is this?
What this PR does / why we need it:
This PR introduces the implementation of the bypass kmesh function and reuses the map_of_manager table. If the map contains pod data and the value of the corresponding record is 0, the traffic of the current pod is managed by kmesh. If the map contains pod data and the value of the corresponding record is 1, the traffic of the current pod is bypassed.
Which issue(s) this PR fixes: Fixes #
Special notes for your reviewer:
Self-verification report
ads module
root@ubuntu-1:~# kubectl get pods -A -owide
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
default fortio-client-deployment-6966bf9488-h8wmz 1/1 Running 0 22s 10.244.1.14 ambient-worker <none> <none>
default fortio-server-deployment-97cf895fc-k8z57 1/1 Running 0 22s 10.244.1.15 ambient-worker <none> <none>
default fortio-server-deployment-97cf895fc-s2c6t 1/1 Running 0 22s 10.244.1.13 ambient-worker <none> <none>
istio-system istio-cni-node-gtdg8 1/1 Running 0 4h46m 172.18.0.3 ambient-control-plane <none> <none>
istio-system istio-cni-node-vd6mv 1/1 Running 0 4h46m 172.18.0.2 ambient-worker <none> <none>
istio-system istiod-76c587b7cd-jt778 1/1 Running 0 4h46m 10.244.1.2 ambient-worker <none> <none>
istio-system ztunnel-8wbkn 1/1 Running 0 4h46m 10.244.1.3 ambient-worker <none> <none>
istio-system ztunnel-kjn95 1/1 Running 0 4h46m 10.244.0.5 ambient-control-plane <none> <none>
kmesh-system kmesh-n9n78 1/1 Running 0 43s 10.244.1.12 ambient-worker <none> <none>
kube-system coredns-565d847f94-7lnc8 1/1 Running 0 4h48m 10.244.0.3 ambient-control-plane <none> <none>
kube-system coredns-565d847f94-g8x4w 1/1 Running 0 4h48m 10.244.0.4 ambient-control-plane <none> <none>
kube-system etcd-ambient-control-plane 1/1 Running 0 4h48m 172.18.0.3 ambient-control-plane <none> <none>
##use fortio to test
root@ubuntu-1:~# kubectl exec -it fortio-client-deployment-6966bf9488-h8wmz -- fortio load -c 1 -t 30s -qps 0 -jitter=true 10.96.5.66
##Open a new window and enter netns in fortio-client.
root@ambient-worker:/# ss -t
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
ESTAB 0 74 10.244.1.14:43974 10.244.1.13:http-alt
enable bypass control
root@ubuntu-1:~# kubectl label pod fortio-client-deployment-6966bf9488-h8wmz kmesh.net/bypass=enabled
pod/fortio-client-deployment-6966bf9488-h8wmz labeled
##use fortio to test
root@ubuntu-1:~# kubectl exec -it fortio-client-deployment-6966bf9488-h8wmz -- fortio load -c 1 -t 30s -qps 0 -jitter=true 10.96.5.66
##Open a new window and enter netns in fortio-client.
root@ambient-worker:/# ss -t
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
ESTAB 0 74 10.244.1.14:44956 10.96.5.66:http
SYN-SENT 0 1 10.244.1.14:60300 0.0.0.1:931
disable bypass control
root@ubuntu-1:~# kubectl label pod fortio-client-deployment-6966bf9488-h8wmz kmesh.net/bypass-
pod/fortio-client-deployment-6966bf9488-h8wmz unlabeled
##Open a new window and enter netns in fortio-client.
root@ubuntu-1:~# kubectl exec -it fortio-client-deployment-6966bf9488-h8wmz -- fortio load -c 1 -t 30s -qps 0 -jitter=true 10.96.5.66
root@ambient-worker:/# ss -t
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
SYN-SENT 0 1 10.244.1.14:32894 0.0.0.1:932
ESTAB 0 74 10.244.1.14:35880 10.244.1.13:http-alt
SYN-SENT 0 1 10.244.1.14:60300 0.0.0.1:931
workload module
root@ubuntu-1:~# kubectl get pods -A -owide
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
default fortio-client-deployment-6966bf9488-k5qpd 1/1 Running 0 4h15m 10.244.1.9 ambient-worker <none> <none>
default fortio-server-deployment-97cf895fc-5qj64 1/1 Running 0 4h15m 10.244.1.8 ambient-worker <none> <none>
default fortio-server-deployment-97cf895fc-c7jz9 1/1 Running 0 4h15m 10.244.1.10 ambient-worker <none> <none>
istio-system istio-cni-node-gtdg8 1/1 Running 0 4h40m 172.18.0.3 ambient-control-plane <none> <none>
istio-system istio-cni-node-vd6mv 1/1 Running 0 4h40m 172.18.0.2 ambient-worker <none> <none>
istio-system istiod-76c587b7cd-jt778 1/1 Running 0 4h40m 10.244.1.2 ambient-worker <none> <none>
istio-system ztunnel-8wbkn 1/1 Running 0 4h40m 10.244.1.3 ambient-worker <none> <none>
istio-system ztunnel-kjn95 1/1 Running 0 4h40m 10.244.0.5 ambient-control-plane <none> <none>
kmesh-system kmesh-x7t8t 1/1 Running 0 4h21m 10.244.1.4 ambient-worker <none> <none>
kube-system coredns-565d847f94-7lnc8 1/1 Running 0 4h42m 10.244.0.3 ambient-control-plane <none> <none>
##get svc ip
root@ubuntu-1:~# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
fortio-server ClusterIP 10.96.5.66 <none> 80/TCP 4h20m
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 4h43m
##use fortio to test
root@ubuntu-1:~/lw/kmesh# kubectl exec -it fortio-client-deployment-6966bf9488-k5qpd -- fortio load -c 1 -t 30s -qps 0 -jitter=true 10.96.5.66
##Open a new window and enter netns in fortio-client.
root@ambient-worker:/# ss -t
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
ESTAB 0 74 10.244.1.9:44012 10.244.1.10:http-alt
enable bypass control
root@ubuntu-1:~# kubectl label pod fortio-client-deployment-6966bf9488-k5qpd kmesh.net/bypass=enabled
pod/fortio-client-deployment-6966bf9488-k5qpd labeled
##Open a new window and enter netns in fortio-client.
root@ambient-worker:/# ss -t
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
SYN-SENT 0 1 10.244.1.9:49046 0.0.0.1:931
ESTAB 0 74 10.244.1.9:51946 10.96.5.66:http
disable bypass control
root@ubuntu-1:~/lw/kmesh# kubectl label pod fortio-client-deployment-6966bf9488-k5qpd kmesh.net/bypass-
pod/fortio-client-deployment-6966bf9488-k5qpd unlabeled
##Open a new window and enter netns in fortio-client.
root@ambient-worker:/# ss -t
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
SYN-SENT 0 1 10.244.1.9:49046 0.0.0.1:931
SYN-SENT 0 1 10.244.1.9:36504 0.0.0.1:932
ESTAB 0 74 10.244.1.9:58812 10.244.1.10:http-alt
Does this PR introduce a user-facing change?:
Codecov Report
Attention: Patch coverage is 0% with 66 lines in your changes are missing coverage. Please review.
:exclamation: Your organization needs to install the Codecov GitHub app to enable full functionality.
| Flag | Coverage Δ | |
|---|---|---|
| unittests | 31.22% <0.00%> (?) |
Flags with carried forward coverage won't be shown. Click here to find out more.
| Files | Coverage Δ | |
|---|---|---|
| pkg/controller/bypass/bypass_controller.go | 0.00% <0.00%> (ø) |
Attention: Patch coverage is 0% with 66 lines in your changes are missing coverage. Please review.
@weli-l
Overall lgtm.
Just one cent:
should we define the port macros with right value like 0x3A1 instead of 0x3a10000
It's not just this place. The code is a bit messed up with remote_port. I'll create an issue to track it.
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: nlgwcy
The full list of commands accepted by this bot can be found here.
The pull request process is described here
- ~~OWNERS~~ [nlgwcy]
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
