Network: fwcfg and rtcfg reque

cheina97 · adamjensenbot · commit f89702f881ef · 2024-05-08T11:12:20.000+02:00
diff --git a/deployments/liqo/templates/liqo-wireguard-gateway-client-template.yaml b/deployments/liqo/templates/liqo-wireguard-gateway-client-template.yaml
@@ -24,6 +24,8 @@ spec:
           {{- include "liqo.metadataTemplate" $templateConfig | nindent 10 }}
         spec:
           replicas: {{ .Values.networking.gatewayTemplates.replicas }}
+          strategy:
+            type: Recreate
           selector:
             matchLabels:
               {{- include "liqo.labelsTemplate" $templateConfig | nindent 14 }}
diff --git a/deployments/liqo/templates/liqo-wireguard-gateway-server-template.yaml b/deployments/liqo/templates/liqo-wireguard-gateway-server-template.yaml
@@ -42,6 +42,8 @@ spec:
           {{- include "liqo.metadataTemplate" $templateConfig | nindent 10 }}
         spec:
           replicas: {{ .Values.networking.gatewayTemplates.replicas }}
+          strategy:
+            type: Recreate
           selector:
             matchLabels:
               {{- include "liqo.labelsTemplate" $templateConfig | nindent 14 }}
diff --git a/pkg/firewall/firewallconfiguration_controller.go b/pkg/firewall/firewallconfiguration_controller.go
@@ -18,6 +18,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"time"
 
 	"github.com/google/nftables"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -152,7 +153,7 @@ func (r *FirewallConfigurationReconciler) Reconcile(ctx context.Context, req ctr
 
 	klog.Infof("Applied firewallconfiguration %s", req.String())
 
-	return ctrl.Result{}, nil
+	return ctrl.Result{RequeueAfter: 5 * time.Second}, nil
 }
 
 // SetupWithManager register the FirewallConfigurationReconciler to the manager.
diff --git a/pkg/gateway/tunnel/wireguard/netlink.go b/pkg/gateway/tunnel/wireguard/netlink.go
@@ -15,6 +15,7 @@
 package wireguard
 
 import (
+	"errors"
 	"fmt"
 
 	"github.com/vishvananda/netlink"
@@ -29,6 +30,15 @@ import (
 
 // InitWireguardLink inits the Wireguard interface.
 func InitWireguardLink(options *Options) error {
+	exists, err := existsLink()
+	if err != nil {
+		return fmt.Errorf("cannot check if Wireguard interface exists: %w", err)
+	}
+	if exists {
+		klog.Infof("Wireguard interface %q already exists", tunnel.TunnelInterfaceName)
+		return nil
+	}
+
 	if err := createLink(options); err != nil {
 		return fmt.Errorf("cannot create Wireguard interface: %w", err)
 	}
@@ -75,3 +85,14 @@ func createLink(options *Options) error {
 	}
 	return nil
 }
+
+func existsLink() (bool, error) {
+	_, err := common.GetLink(tunnel.TunnelInterfaceName)
+	if err != nil {
+		if errors.As(err, &netlink.LinkNotFoundError{}) {
+			return false, nil
+		}
+		return false, err
+	}
+	return true, nil
+}
diff --git a/pkg/gateway/tunnel/wireguard/publickeys_controller.go b/pkg/gateway/tunnel/wireguard/publickeys_controller.go
@@ -32,6 +32,7 @@ import (
 
 	networkingv1alpha1 "github.com/liqotech/liqo/apis/networking/v1alpha1"
 	"github.com/liqotech/liqo/pkg/consts"
+	"github.com/liqotech/liqo/pkg/gateway"
 )
 
 // cluster-role
@@ -72,6 +73,12 @@ func (r *PublicKeysReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 		return ctrl.Result{}, fmt.Errorf("unable to get the publicKey %q: %w", req.NamespacedName, err)
 	}
 
+	if r.Options.GwOptions.Mode == gateway.ModeClient && r.Options.EndpointIP == nil {
+		// We don't need to retry because the DNS resolution routine will wakeup this controller.
+		klog.Warning("EndpointIP is not set yet. Maybe the DNS resolution is still in progress")
+		return ctrl.Result{}, nil
+	}
+
 	if err := configureDevice(r.Wgcl, r.Options, wgtypes.Key(publicKey.Spec.PublicKey)); err != nil {
 		return ctrl.Result{}, err
 	}
diff --git a/pkg/liqo-controller-manager/external-network/remapping/ip.go b/pkg/liqo-controller-manager/external-network/remapping/ip.go
@@ -126,14 +126,14 @@ func mutateFirewallConfigurationMasquerade(fwcfg *networkingv1alpha1.FirewallCon
 
 func enforceFirewallConfigurationSpec(fwcfg *networkingv1alpha1.FirewallConfiguration, ip *ipamv1alpha1.IP) {
 	table := &fwcfg.Spec.Table
-	table.Name = &TableIPMappingGwName
+	table.Name = ptr.To(fmt.Sprintf("%s-%s", TableIPMappingGwName, fwcfg.Namespace))
 	table.Family = ptr.To(firewall.TableFamilyIPv4)
 	enforceFirewallConfigurationChains(fwcfg, ip)
 }
 
 func enforceFirewallConfigurationMasqSpec(fwcfg *networkingv1alpha1.FirewallConfiguration, ip *ipamv1alpha1.IP) {
 	table := &fwcfg.Spec.Table
-	table.Name = &TableIPMappingFabricName
+	table.Name = ptr.To(fmt.Sprintf("%s-%s", TableIPMappingFabricName, fwcfg.Namespace))
 	table.Family = ptr.To(firewall.TableFamilyIPv4)
 	enforceFirewallConfigurationMasqChains(fwcfg, ip)
 }
diff --git a/pkg/route/routeconfiguration_controller.go b/pkg/route/routeconfiguration_controller.go
@@ -18,6 +18,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"time"
 
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -165,7 +166,7 @@ func (r *RouteConfigurationReconciler) Reconcile(ctx context.Context, req ctrl.R
 
 	klog.Infof("Applied routeconfiguration %s", req.String())
 
-	return ctrl.Result{}, nil
+	return ctrl.Result{RequeueAfter: 5 * time.Second}, nil
 }
 
 // SetupWithManager register the RouteConfigurationReconciler to the manager.
diff --git a/pkg/utils/network/geneve/netlink.go b/pkg/utils/network/geneve/netlink.go
@@ -76,8 +76,11 @@ func CreateGeneveInterface(name string, local, remote net.IP, id uint32, enableA
 		if !geneveLink.Remote.Equal(remote) {
 			klog.Warningf("geneve link already exists with different remote IP (%s -> %s), modifyng it",
 				geneveLink.Remote.String(), remote.String())
+			if err := netlink.LinkDel(geneveLink); err != nil {
+				return fmt.Errorf("cannot delete geneve link: %w", err)
+			}
 			geneveLink = ForgeGeneveInterface(name, remote, id)
-			if err := netlink.LinkModify(geneveLink); err != nil {
+			if err := netlink.LinkAdd(geneveLink); err != nil {
 				return fmt.Errorf("cannot modify geneve link: %w", err)
 			}
 		}

Original file line number	Diff line number	Diff line change
`@@ -32,6 +32,7 @@ import (`
`32`	`32`
`33`	`33`	`networkingv1alpha1 "github.com/liqotech/liqo/apis/networking/v1alpha1"`
`34`	`34`	`"github.com/liqotech/liqo/pkg/consts"`
	`35`	`+ "github.com/liqotech/liqo/pkg/gateway"`
`35`	`36`	`)`
`36`	`37`
`37`	`38`	`// cluster-role`
`@@ -72,6 +73,12 @@ func (r *PublicKeysReconciler) Reconcile(ctx context.Context, req ctrl.Request)`
`72`	`73`	`return ctrl.Result{}, fmt.Errorf("unable to get the publicKey %q: %w", req.NamespacedName, err)`
`73`	`74`	`}`
`74`	`75`
	`76`	`+ if r.Options.GwOptions.Mode == gateway.ModeClient && r.Options.EndpointIP == nil {`
	`77`	`+ // We don't need to retry because the DNS resolution routine will wakeup this controller.`
	`78`	`+ klog.Warning("EndpointIP is not set yet. Maybe the DNS resolution is still in progress")`
	`79`	`+ return ctrl.Result{}, nil`
	`80`	`+ }`
	`81`	`+`
`75`	`82`	`if err := configureDevice(r.Wgcl, r.Options, wgtypes.Key(publicKey.Spec.PublicKey)); err != nil {`
`76`	`83`	`return ctrl.Result{}, err`
`77`	`84`	`}`
Original file line number	Diff line number	Diff line change
`@@ -76,8 +76,11 @@ func CreateGeneveInterface(name string, local, remote net.IP, id uint32, enableA`
`76`	`76`	`if !geneveLink.Remote.Equal(remote) {`
`77`	`77`	`klog.Warningf("geneve link already exists with different remote IP (%s -> %s), modifyng it",`
`78`	`78`	`geneveLink.Remote.String(), remote.String())`
	`79`	`+ if err := netlink.LinkDel(geneveLink); err != nil {`
	`80`	`+ return fmt.Errorf("cannot delete geneve link: %w", err)`
	`81`	`+ }`
`79`	`82`	`geneveLink = ForgeGeneveInterface(name, remote, id)`
`80`		`- if err := netlink.LinkModify(geneveLink); err != nil {`
	`83`	`+ if err := netlink.LinkAdd(geneveLink); err != nil {`
`81`	`84`	`return fmt.Errorf("cannot modify geneve link: %w", err)`
`82`	`85`	`}`
`83`	`86`	`}`