feat(sandbox-gateway): add memberlist server for gateway

xianying.czy · xianying.czy · commit 050e6e35bab5 · 2026-03-25T13:30:02.000+08:00
Signed-off-by: xianying.czy &lt;xianying.czy@alibaba-inc.com&gt;
diff --git a/cmd/sandbox-gateway/main.go b/cmd/sandbox-gateway/main.go
@@ -2,12 +2,17 @@ package main
 
 import (
 	"context"
+	"os"
 
 	"github.com/envoyproxy/envoy/contrib/golang/common/go/api"
 	envoyhttp "github.com/envoyproxy/envoy/contrib/golang/filters/http/source/go/pkg/http"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
 
+	"github.com/openkruise/agents/pkg/proxy"
 	"github.com/openkruise/agents/pkg/sandbox-gateway/controller"
 	"github.com/openkruise/agents/pkg/sandbox-gateway/filter"
+	peerserver "github.com/openkruise/agents/pkg/sandbox-gateway/server"
 )
 
 func init() {
@@ -22,6 +27,31 @@ func init() {
 			api.LogErrorf("sandbox controller manager exited with error: %v", err)
 		}
 	}()
+
+	// Start the peer server for handling route synchronization from other peers
+	go func() {
+		ctx := context.Background()
+
+		// Get Kubernetes config
+		cfg, err := rest.InClusterConfig()
+		if err != nil {
+			api.LogErrorf("failed to get in-cluster config: %v", err)
+			os.Exit(1)
+		}
+
+		// Create Kubernetes client
+		client, err := kubernetes.NewForConfig(cfg)
+		if err != nil {
+			api.LogErrorf("failed to create kubernetes client: %v", err)
+			os.Exit(1)
+		}
+
+		peerServer := peerserver.NewServer(client, proxy.SystemPort)
+		if err := peerServer.Start(ctx); err != nil {
+			api.LogErrorf("failed to start peer server: %v", err)
+			os.Exit(1)
+		}
+	}()
 }
 
 func main() {}
diff --git a/pkg/sandbox-gateway/server/server.go b/pkg/sandbox-gateway/server/server.go
@@ -0,0 +1,176 @@
+package server
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"os"
+	"time"
+
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/klog/v2"
+
+	"github.com/openkruise/agents/api/v1alpha1"
+	"github.com/openkruise/agents/pkg/peers"
+	"github.com/openkruise/agents/pkg/proxy"
+	"github.com/openkruise/agents/pkg/sandbox-gateway/registry"
+	"github.com/openkruise/agents/pkg/sandbox-manager/consts"
+	"github.com/openkruise/agents/pkg/utils"
+)
+
+// Environment variable names for peer discovery
+const (
+	EnvNamespace     = "PEER_NAMESPACE"
+	EnvLabelSelector = "PEER_LABEL_SELECTOR"
+)
+
+const (
+	// MemberlistBindPort is the default port for memberlist gossip
+	MemberlistBindPort = 7946
+)
+
+// Server handles peer-to-peer communication for route synchronization
+type Server struct {
+	httpServer  *http.Server
+	peerManager *peers.MemberlistPeers
+	port        int
+	client      kubernetes.Interface
+}
+
+// NewServer creates a new peer server
+func NewServer(client kubernetes.Interface, port int) *Server {
+	if port == 0 {
+		port = proxy.SystemPort
+	}
+	return &Server{
+		port:   port,
+		client: client,
+	}
+}
+
+// Start starts the HTTP server for handling refresh requests from peers
+func (s *Server) Start(ctx context.Context) error {
+	log := klog.FromContext(ctx)
+
+	mux := http.NewServeMux()
+	mux.HandleFunc(proxy.RefreshAPI, s.handleRefresh)
+
+	s.httpServer = &http.Server{
+		Addr:              fmt.Sprintf(":%d", s.port),
+		Handler:           mux,
+		ReadHeaderTimeout: 5 * time.Second,
+	}
+
+	// Get node name from environment variables
+	nodeName := os.Getenv("HOSTNAME")
+	if nodeName == "" {
+		nodeName = os.Getenv("POD_NAME")
+	}
+	if nodeName == "" {
+		return fmt.Errorf("HOSTNAME or POD_NAME environment variable must be set")
+	}
+
+	// Get local IP
+	localIP := utils.GetFirstNonLoopbackIP()
+	if localIP == "" {
+		return fmt.Errorf("failed to determine local IP")
+	}
+
+	// Get namespace and label selector from environment variables
+	namespace := os.Getenv(EnvNamespace)
+	labelSelector := os.Getenv(EnvLabelSelector)
+
+	// Discover existing peers from Kubernetes API
+	var existingPeers []string
+	if s.client != nil && namespace != "" && labelSelector != "" {
+		log.Info("discovering existing peers for memberlist join", "namespace", namespace, "selector", labelSelector)
+		peerList, err := s.client.CoreV1().Pods(namespace).List(ctx, v1.ListOptions{
+			LabelSelector: labelSelector,
+		})
+		if err != nil {
+			log.Error(err, "failed to list peer pods, continuing without existing peers")
+		} else {
+			for _, peer := range peerList.Items {
+				ip := peer.Status.PodIP
+				if ip == "" || ip == localIP {
+					continue
+				}
+				existingPeers = append(existingPeers, fmt.Sprintf("%s:%d", ip, MemberlistBindPort))
+			}
+			log.Info("found existing peers for memberlist join", "count", len(existingPeers))
+		}
+	} else {
+		log.Info("skipping peer discovery: client not available or namespace/labelSelector not set")
+	}
+
+	s.peerManager = peers.NewMemberlistPeers(nodeName)
+
+	if err := s.peerManager.Start(ctx, localIP, MemberlistBindPort, existingPeers); err != nil {
+		return err
+	}
+
+	go func() {
+		klog.InfoS("Starting sandbox-gateway peer server", "address", s.httpServer.Addr)
+		if err := s.httpServer.ListenAndServe(); err != nil && !errors.Is(err, http.ErrServerClosed) {
+			klog.ErrorS(err, "Peer server failed to start")
+		}
+	}()
+
+	return nil
+}
+
+func (s *Server) Stop(ctx context.Context) error {
+	var errs []error
+	if s.httpServer != nil {
+		if err := s.httpServer.Shutdown(ctx); err != nil {
+			errs = append(errs, err)
+		}
+	}
+	if s.peerManager != nil {
+		if err := s.peerManager.Stop(); err != nil {
+			errs = append(errs, err)
+		}
+	}
+	if len(errs) > 0 {
+		return errors.Join(errs...)
+	}
+	return nil
+}
+
+// handleRefresh handles the /refresh endpoint for route synchronization
+func (s *Server) handleRefresh(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodPost {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	ctx := r.Context()
+	log := klog.FromContext(ctx)
+
+	var route proxy.Route
+	if err := json.NewDecoder(r.Body).Decode(&route); err != nil {
+		log.Error(err, "Failed to decode refresh request")
+		http.Error(w, fmt.Sprintf("Failed to decode request: %v", err), http.StatusBadRequest)
+		return
+	}
+
+	log.V(consts.DebugLogLevel).Info("Received route refresh", "route", route)
+
+	// Handle based on state
+	if route.State == v1alpha1.SandboxStateRunning {
+		// Update the route
+		if registry.UpdateWithVersion(route.ID, route.IP, route.ResourceVersion) {
+			log.Info("Route updated via refresh", "id", route.ID, "ip", route.IP)
+		} else {
+			log.V(consts.DebugLogLevel).Info("Route update skipped due to older resourceVersion", "id", route.ID)
+		}
+	} else {
+		// Delete the route if the sandbox is dead
+		registry.Delete(route.ID)
+	}
+
+	w.WriteHeader(http.StatusNoContent)
+}
diff --git a/pkg/sandbox-manager/core.go b/pkg/sandbox-manager/core.go
@@ -3,7 +3,6 @@ package sandbox_manager
 import (
 	"context"
 	"fmt"
-	"net"
 	"os"
 
 	"github.com/google/uuid"
@@ -13,6 +12,7 @@ import (
 	"github.com/openkruise/agents/pkg/sandbox-manager/config"
 	"github.com/openkruise/agents/pkg/sandbox-manager/infra"
 	"github.com/openkruise/agents/pkg/sandbox-manager/infra/sandboxcr"
+	"github.com/openkruise/agents/pkg/utils"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/klog/v2"
 )
@@ -57,21 +57,6 @@ func NewSandboxManager(client *clients.ClientSet, adapter proxy.RequestAdapter,
 	return m, err
 }
 
-func getFirstNonLoopbackIP() string {
-	addresses, err := net.InterfaceAddrs()
-	if err != nil {
-		return ""
-	}
-	for _, addr := range addresses {
-		if ipnet, ok := addr.(*net.IPNet); ok && !ipnet.IP.IsLoopback() {
-			if ipnet.IP.To4() != nil {
-				return ipnet.IP.String()
-			}
-		}
-	}
-	return ""
-}
-
 func (m *SandboxManager) Run(ctx context.Context, sysNs, peerSelector string) error {
 	log := klog.FromContext(ctx)
 
@@ -86,7 +71,7 @@ func (m *SandboxManager) Run(ctx context.Context, sysNs, peerSelector string) er
 	// Get pod IP for memberlist binding
 	podIP := os.Getenv("POD_IP")
 	if podIP == "" {
-		podIP = getFirstNonLoopbackIP()
+		podIP = utils.GetFirstNonLoopbackIP()
 	}
 	if podIP == "" {
 		return fmt.Errorf("failed to determine local IP for memberlist")
diff --git a/pkg/sandbox-manager/infra/sandboxcr/cache_test.go b/pkg/sandbox-manager/infra/sandboxcr/cache_test.go
@@ -598,7 +598,7 @@ func TestCache_InformerWithFilter_GetSandboxSet(t *testing.T) {
 					require.NoError(t, err, "failed to create SandboxSet %s/%s", sbs.Namespace, sbs.Name)
 				}
 			}
-			defer c.Stop()
+			defer c.Stop(t.Context())
 
 			// Wait for informer sync
 			time.Sleep(300 * time.Millisecond)
diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go
@@ -6,6 +6,7 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
+	"net"
 	"os"
 	"sync"
 
@@ -228,3 +229,18 @@ func GetSandboxControllerUsername() string {
 	}
 	return "system:serviceaccount:sandbox-system:sandbox-controller-manager"
 }
+
+func GetFirstNonLoopbackIP() string {
+	addresses, err := net.InterfaceAddrs()
+	if err != nil {
+		return ""
+	}
+	for _, addr := range addresses {
+		if ipnet, ok := addr.(*net.IPNet); ok && !ipnet.IP.IsLoopback() {
+			if ipnet.IP.To4() != nil {
+				return ipnet.IP.String()
+			}
+		}
+	}
+	return ""
+}

Original file line number	Diff line number	Diff line change
`@@ -598,7 +598,7 @@ func TestCache_InformerWithFilter_GetSandboxSet(t *testing.T) {`
`598`	`598`	`require.NoError(t, err, "failed to create SandboxSet %s/%s", sbs.Namespace, sbs.Name)`
`599`	`599`	`}`
`600`	`600`	`}`
`601`		`- defer c.Stop()`
	`601`	`+ defer c.Stop(t.Context())`
`602`	`602`
`603`	`603`	`// Wait for informer sync`
`604`	`604`	`time.Sleep(300 * time.Millisecond)`