chore(liqoctl): move proxy to helm chart

The deployment of the proxy used in liqoctl connect has
been moved from the liqoctl tool to the helm chart

Author: alacuku

deployments/liqo/README.md

@@ -68,6 +68,13 @@
 | networkManager.pod.extraArgs | list | `[]` | networkManager pod extra arguments |
 | networkManager.pod.labels | object | `{}` | networkManager pod labels |
 | openshiftConfig.enable | bool | `false` | enable the OpenShift support |
+| proxy.config.listeningPort | int | `8118` | port used by envoy proxy |
+| proxy.imageName | string | `"envoyproxy/envoy:v1.21.0"` | proxy image repository |
+| proxy.pod.annotations | object | `{}` | proxy pod annotations |
+| proxy.pod.extraArgs | list | `[]` | proxy pod extra arguments |
+| proxy.pod.labels | object | `{}` | proxy pod labels |
+| proxy.service.annotations | object | `{}` |  |
+| proxy.service.type | string | `"ClusterIP"` |  |
 | pullPolicy | string | `"IfNotPresent"` | The pullPolicy for liqo pods |
 | route.imageName | string | `"liqo/liqonet"` | route image repository |
 | route.pod.annotations | object | `{}` | route pod annotations |

deployments/liqo/templates/liqo-proxy-configmap.yaml

@@ -0,0 +1,75 @@
+---
+{{- $proxyConfig := (merge (dict "name" "proxy" "module" "networking") .) -}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "liqo.prefixedName" $proxyConfig }}
+{{- if .Values.proxy.service.annotations }}
+  annotations:
+    {{- toYaml .Values.proxy.service.annotations | nindent 4 }}
+{{- end}}
+  labels:
+    {{- include "liqo.labels" $proxyConfig | nindent 4 }}
+data:
+  config: |
+    admin:
+      address:
+        socket_address:
+          protocol: TCP
+          address: 0.0.0.0
+          port_value: 9901
+    static_resources:
+     listeners:
+       - name: listener_http
+         address:
+           socket_address:
+             protocol: TCP
+             address: 0.0.0.0
+             port_value: {{ .Values.proxy.config.listeningPort }}
+         access_log:
+           name: envoy.access_loggers.file
+           typed_config:
+             "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
+             path: /dev/stdout
+         filter_chains:
+           - filters:
+               - name: envoy.filters.network.http_connection_manager
+                 typed_config:
+                   "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+                   stat_prefix: ingress_http
+                   route_config:
+                     name: local_route
+                     virtual_hosts:
+                       - name: local_service
+                         domains:
+                           - "*"
+                         routes:
+                           - match:
+                               connect_matcher:
+                                 {}
+                             route:
+                               cluster: api_server
+                               upgrade_configs:
+                                 - upgrade_type: CONNECT
+                                   connect_config:
+                                     {}
+                   http_filters:
+                     - name: envoy.filters.http.router
+     clusters:
+       - name: api_server
+         connect_timeout: 1.25s
+         type: STRICT_DNS
+         respect_dns_ttl: true
+         dns_lookup_family: V4_ONLY
+         dns_refresh_rate: 300s
+         lb_policy: ROUND_ROBIN
+         load_assignment:
+           cluster_name: api_server
+           endpoints:
+             - lb_endpoints:
+                 - endpoint:
+                     address:
+                       socket_address:
+                         address: kubernetes.default
+                         port_value: 443

deployments/liqo/templates/liqo-proxy-deployment.yaml

@@ -0,0 +1,48 @@
+---
+{{- $proxyConfig := (merge (dict "name" "proxy" "module" "networking") .) -}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    {{- include "liqo.labels" $proxyConfig | nindent 4 }}
+  name: {{ include "liqo.prefixedName" $proxyConfig }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      {{- include "liqo.selectorLabels" $proxyConfig | nindent 6 }}
+  template:
+    metadata:
+    {{- if .Values.proxy.pod.annotations }}
+      annotations:
+      {{- toYaml .Values.proxy.pod.annotations | nindent 8 }}
+    {{- end }}
+      labels:
+        {{- include "liqo.labels" $proxyConfig | nindent 8 }}
+        {{- if .Values.proxy.pod.labels }}
+          {{- toYaml .Values.proxy.pod.labels | nindent 8 }}
+        {{- end }}
+    spec:
+      securityContext:
+        {{- include "liqo.podSecurityContext" . | nindent 8 }}
+      containers:
+        - image: {{ .Values.proxy.imageName }}
+          imagePullPolicy: {{ .Values.pullPolicy }}
+          name: {{ $proxyConfig.name }}
+          securityContext:
+            {{- include "liqo.containerSecurityContext" . | nindent 12 }}
+          ports:
+          - containerPort: {{ .Values.proxy.config.listeningPort }}
+          resources:
+            requests:
+              cpu: 250m
+              memory: 100M
+          volumeMounts:
+          - mountPath: /etc/envoy/envoy.yaml
+            name: config-volume
+            subPath: config
+      volumes:
+      - name: config-volume
+        configMap:
+          name: {{ include "liqo.prefixedName" $proxyConfig }}

deployments/liqo/templates/liqo-proxy-service.yaml

@@ -0,0 +1,22 @@
+---
+{{- $proxyConfig := (merge (dict "name" "proxy" "module" "networking") .) -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "liqo.prefixedName" $proxyConfig }}
+{{- if .Values.proxy.service.annotations }}
+  annotations:
+    {{- toYaml .Values.proxy.service.annotations | nindent 4 }}
+{{- end}}
+  labels:
+    {{- include "liqo.labels" $proxyConfig | nindent 4 }}
+spec:
+  type: {{ .Values.proxy.service.type }}
+  ports:
+    - name: http
+      port: {{ .Values.proxy.config.listeningPort }}
+      targetPort: {{ .Values.proxy.config.listeningPort }}
+      protocol: TCP
+  selector:
+    {{- include "liqo.selectorLabels" $proxyConfig | nindent 4 }}

deployments/liqo/values.yaml

@@ -223,6 +223,23 @@ virtualKubelet:
       # -- virtual node extra labels
       labels: {}
 
+proxy:
+  pod:
+    # -- proxy pod annotations
+    annotations: {}
+    # -- proxy pod labels
+    labels: {}
+    # -- proxy pod extra arguments
+    extraArgs: []
+  # -- proxy image repository
+  imageName: "envoyproxy/envoy:v1.21.0"
+  service:
+    type: "ClusterIP"
+    annotations: {}
+  config:
+    # -- port used by envoy proxy
+    listeningPort: 8118
+
 storage:
   # -- enable the liqo virtual storage class on the local cluster. You will be able to
   # offload your persistent volumes and other clusters will be able to schedule their

docs/pages/installation/chart_values.md

@@ -73,6 +73,13 @@ weight: 5
 | networkManager.pod.extraArgs | list | `[]` | networkManager pod extra arguments |
 | networkManager.pod.labels | object | `{}` | networkManager pod labels |
 | openshiftConfig.enable | bool | `false` | enable the OpenShift support |
+| proxy.config.listeningPort | int | `8118` | port used by envoy proxy |
+| proxy.imageName | string | `"envoyproxy/envoy:v1.21.0"` | proxy image repository |
+| proxy.pod.annotations | object | `{}` | proxy pod annotations |
+| proxy.pod.extraArgs | list | `[]` | proxy pod extra arguments |
+| proxy.pod.labels | object | `{}` | proxy pod labels |
+| proxy.service.annotations | object | `{}` |  |
+| proxy.service.type | string | `"ClusterIP"` |  |
 | pullPolicy | string | `"IfNotPresent"` | The pullPolicy for liqo pods |
 | route.imageName | string | `"liqo/liqonet"` | route image repository |
 | route.pod.annotations | object | `{}` | route pod annotations |

pkg/consts/labels.go

@@ -36,7 +36,7 @@ const (
 	NetworkManagerAppName = "network-manager"
 
 	// APIServerProxyAppName label value that denotes the name of the liqo-api-server-proxy deployment.
-	APIServerProxyAppName = "api-server-proxy"
+	APIServerProxyAppName = "proxy"
 	// NatMappingResourceLabelKey is the constant representing
 	// the key of the label assigned to all NatMapping resources.
 	NatMappingResourceLabelKey = "net.liqo.io/natmapping"

pkg/liqoctl/common/cluster.go

@@ -63,7 +63,8 @@ const (
 
 	proxyName = "liqo-proxy"
 
-	authPort = "https"
+	authPort  = "https"
+	proxyPort = "http"
 )
 
 var (
@@ -286,6 +287,25 @@ func (c *Cluster) Init(ctx context.Context) error {
 	}
 	s.Success("authentication endpoint correctly retrieved")
 
+	// Get proxy endpoint.
+	s, _ = c.printer.Spinner.Start("retrieving proxy endpoint")
+	selector, err = metav1.LabelSelectorAsSelector(&liqolabels.ProxyServiceLabelSelector)
+	if err != nil {
+		s.Fail(fmt.Sprintf("an error occurred while retrieving proxy endpoint: %v", err))
+		return err
+	}
+	svc, err = liqogetters.GetServiceByLabel(ctx, c.locCtrlRunClient, c.namespace, selector)
+	if err != nil {
+		s.Fail(fmt.Sprintf("an error occurred while retrieving proxy endpoint: %v", err))
+		return err
+	}
+	ipProxy, portProxy, err := liqogetters.RetrieveEndpointFromService(svc, corev1.ServiceTypeClusterIP, proxyPort)
+	if err != nil {
+		s.Fail(fmt.Sprintf("an error occurred while retrieving proxy endpoint: %v", err))
+		return err
+	}
+	s.Success("proxy endpoint correctly retrieved")
+
 	// Set configuration
 	c.clusterID = clusterID
 	c.netConfig = netcfg
@@ -304,6 +324,11 @@ func (c *Cluster) Init(ctx context.Context) error {
 		port: portAuth,
 	}
 
+	c.proxyEP = &Endpoint{
+		ip:   ipProxy,
+		port: portProxy,
+	}
+
 	return nil
 }
 
@@ -631,22 +656,6 @@ func (c *Cluster) StopPortForwardIPAM() {
 	s.Success(fmt.Sprintf("IPAM service port-forward correctly stopped {%s}", c.PortForwardOpts.Ports[0]))
 }
 
-// SetUpProxy configures the proxy deployment.
-func (c *Cluster) SetUpProxy(ctx context.Context) error {
-	s, _ := c.printer.Spinner.Start(fmt.Sprintf("configuring proxy pod {%s} and service in namespace {%s}", proxyName, c.namespace))
-
-	ep, err := createProxyDeployment(ctx, c.locK8sClient, proxyName, c.namespace)
-	if err != nil {
-		s.Fail(fmt.Sprintf("an error occurred while setting up proxy {%s} in namespace {%s}: %v", proxyName, c.namespace, err))
-		return err
-	}
-	s.Success(fmt.Sprintf("proxy {%s} correctly configured in namespace {%s}", proxyName, c.namespace))
-
-	c.proxyEP = ep
-
-	return nil
-}
-
 // MapProxyIPForCluster maps the ClusterIP address of the local proxy on the local external CIDR as seen by the remote cluster.
 func (c *Cluster) MapProxyIPForCluster(ctx context.Context, ipamClient ipam.IpamClient, remoteCluster *discoveryv1alpha1.ClusterIdentity) error {
 	clusterName := remoteCluster.ClusterName
@@ -670,36 +679,10 @@ func (c *Cluster) MapProxyIPForCluster(ctx context.Context, ipamClient ipam.Ipam
 // UnmapProxyIPForCluster unmaps the ClusterIP address of the local proxy on the local external CIDR as seen by the remote cluster.
 func (c *Cluster) UnmapProxyIPForCluster(ctx context.Context, ipamClient ipam.IpamClient, remoteCluster *discoveryv1alpha1.ClusterIdentity) error {
 	clusterName := remoteCluster.ClusterName
-
-	// TODO: this logic will be moved on the Init function once
-	// the creation of the proxy deployment and service will be
-	// done at install time of liqo through the helm chart.
+	ipToBeUnmapped := c.proxyEP.GetIP()
 
 	s, _ := c.printer.Spinner.Start(fmt.Sprintf("unmapping proxy ip for cluster {%s}", clusterName))
 
-	selector, err := metav1.LabelSelectorAsSelector(&liqolabels.ProxyServiceLabelSelector)
-	if err != nil {
-		s.Fail(fmt.Sprintf("an error occurred while retrieving proxy endpoint: %v", err))
-		return err
-	}
-	svc, err := liqogetters.GetServiceByLabel(ctx, c.locCtrlRunClient, c.namespace, selector)
-	if client.IgnoreNotFound(err) != nil {
-		s.Fail(fmt.Sprintf("an error occurred while retrieving proxy endpoint: %v", err))
-		return err
-	}
-	if k8serrors.IsNotFound(err) {
-		s.Warning(fmt.Sprintf("service for proxy not found, unable to unmap proxy ip for cluster {%s}", clusterName))
-		return nil
-	}
-
-	ipAuth, _, err := liqogetters.RetrieveEndpointFromService(svc, corev1.ServiceTypeClusterIP, "http")
-	if err != nil {
-		s.Fail(fmt.Sprintf("an error occurred while retrieving proxy endpoint: %v", err))
-		return err
-	}
-
-	ipToBeUnmapped := ipAuth
-
 	if err := unmapServiceForCluster(ctx, ipamClient, ipToBeUnmapped, remoteCluster); err != nil {
 		s.Fail(fmt.Sprintf("an error occurred while unmapping proxy address {%s} for cluster {%s}: %v", ipToBeUnmapped, clusterName, err))
 		return err
@@ -713,19 +696,19 @@ func (c *Cluster) UnmapProxyIPForCluster(ctx context.Context, ipamClient ipam.Ip
 // MapAuthIPForCluster maps the ClusterIP address of the local auth service on the local external CIDR as seen by the remote cluster.
 func (c *Cluster) MapAuthIPForCluster(ctx context.Context, ipamClient ipam.IpamClient, remoteCluster *discoveryv1alpha1.ClusterIdentity) error {
 	clusterName := remoteCluster.ClusterName
-	ipToBeUnmapped := c.authEP.GetIP()
+	ipToBeRemapped := c.authEP.GetIP()
 
-	s, _ := c.printer.Spinner.Start(fmt.Sprintf("mapping auth ip {%s} for cluster {%s}", ipToBeUnmapped, clusterName))
+	s, _ := c.printer.Spinner.Start(fmt.Sprintf("mapping auth ip {%s} for cluster {%s}", ipToBeRemapped, clusterName))
 
-	ip, err := mapServiceForCluster(ctx, ipamClient, ipToBeUnmapped, remoteCluster)
+	ip, err := mapServiceForCluster(ctx, ipamClient, ipToBeRemapped, remoteCluster)
 	if err != nil {
-		s.Fail(fmt.Sprintf("an error occurred while mapping auth address {%s} for cluster {%s}: %v", ipToBeUnmapped, clusterName, err))
+		s.Fail(fmt.Sprintf("an error occurred while mapping auth address {%s} for cluster {%s}: %v", ipToBeRemapped, clusterName, err))
 		return err
 	}
 
 	c.authEP.SetRemappedIP(ip)
 
-	s.Success(fmt.Sprintf("auth address {%s} remapped to {%s} for remote cluster {%s}", ipToBeUnmapped, ip, clusterName))
+	s.Success(fmt.Sprintf("auth address {%s} remapped to {%s} for remote cluster {%s}", ipToBeRemapped, ip, clusterName))
 
 	return nil
 }