fix(): Slice Gw Edge LB support

Added code comments

Signed-off-by: Bharath Horatti <[email protected]>

api/v1beta1/slicegateway_types.go

@@ -68,9 +68,9 @@ type SliceGatewayConfig struct {
 	// Intermediate Slice Gw Deployments
 	SliceGatewayIntermediateDeployments []string `json:"sliceGatewayIntermediateDeployments,omitempty"`
 	// SliceGateway Service Type
-	SliceGatewayConnectivityType string `json:"sliceGatewayServiceType,omitempty"`
+	SliceGatewayConnectivityType string `json:"sliceGatewayConnectivityType,omitempty"`
 	// Slice gateway server LB IPs
-	SliceGatewayServerLBIPs []string `json:"sliceGatewayServerLBIps,omitempty"`
+	SliceGatewayServerLBIPs []string `json:"sliceGatewayServerLBIPs,omitempty"`
 }
 
 // SliceGatewayStatus defines the observed state of SliceGateway

config/crd/bases/networking.kubeslice.io_slicegateways.yaml

@@ -66,6 +66,9 @@ spec:
               config:
                 description: SliceGatewayConfig defines the config received from backend
                 properties:
+                  sliceGatewayConnectivityType:
+                    description: SliceGateway Service Type
+                    type: string
                   sliceGatewayHostType:
                     description: 'Host Type : server or client'
                     type: string
@@ -110,14 +113,11 @@ spec:
                   sliceGatewayRemoteVpnIp:
                     description: Remote VPN IP
                     type: string
-                  sliceGatewayServerLBIps:
+                  sliceGatewayServerLBIPs:
                     description: Slice gateway server LB IPs
                     items:
                       type: string
                     type: array
-                  sliceGatewayServiceType:
-                    description: SliceGateway Service Type
-                    type: string
                   sliceGatewayStatus:
                     description: SliceGateway status
                     type: string

controllers/controller.go

@@ -61,7 +61,7 @@ func GetSlice(ctx context.Context, c client.Client, slice string) (*kubeslicev1b
 	return s, nil
 }
 
-// GetSlice returns slice object by slice name
+// GetSliceGatewayList returns a list of slice gateway objects by slice name
 func GetSliceGatewayList(ctx context.Context, c client.Client, sliceName string) (*kubeslicev1beta1.SliceGatewayList, error) {
 	sliceGwList := &kubeslicev1beta1.SliceGatewayList{}
 	listOpts := []client.ListOption{
@@ -76,7 +76,7 @@ func GetSliceGatewayList(ctx context.Context, c client.Client, sliceName string)
 	return sliceGwList, nil
 }
 
-// GetSlice returns slice object by slice name
+// GetSliceGatewayServers returns a list of slice gateways that run as VPN servers
 func GetSliceGatewayServers(ctx context.Context, c client.Client, sliceName string) ([]*kubeslicev1beta1.SliceGateway, error) {
 	sliceGwList, err := GetSliceGatewayList(ctx, c, sliceName)
 	if err != nil {
@@ -93,6 +93,7 @@ func GetSliceGatewayServers(ctx context.Context, c client.Client, sliceName stri
 	return sliceGwServerList, nil
 }
 
+// GetSliceGwServices returns a list of slice gateway service objects by slice name
 func GetSliceGwServices(ctx context.Context, c client.Client, sliceName string) (*corev1.ServiceList, error) {
 	sliceGwSvcList := &corev1.ServiceList{}
 	listOpts := []client.ListOption{
@@ -257,6 +258,8 @@ func exists(i []string, o string) bool {
 	return false
 }
 
+// Returns the list of slice gateway edge service objects. By default there will be only one service object. There could
+// be multiple in future enhancements.
 func GetSliceGatewayEdgeServices(ctx context.Context, c client.Client, sliceName string) (*corev1.ServiceList, error) {
 	listOpts := []client.ListOption{
 		client.MatchingLabels(map[string]string{

controllers/slice/slice_gw_edge.go

@@ -1,3 +1,21 @@
+/*
+ *  Copyright (c) 2023 Avesha, Inc. All rights reserved.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
 package slice
 
 import (
@@ -164,7 +182,9 @@ func (r *SliceReconciler) reconcileSliceGatewayEdgeService(ctx context.Context,
 		return ctrl.Result{Requeue: true}, nil, true
 	}
 
-	// Check if update is needed
+	// Check if an update is needed.
+	// An update is needed if there is a new slice gw pair added or an old one deleted.
+	// The port list in the LB service must include all the NodePorts of the slice gw servers.
 	if !allPortsAccountedInEdgeSvc(&gwEdgeSvc.Items[0], &portmap) {
 		gwEdgeSvc.Items[0].Spec.Ports = *getPortListForEdgeSvc(&portmap)
 		log.Info("Updating edge svc", "updated port list", gwEdgeSvc.Items[0].Spec.Ports)
@@ -181,7 +201,12 @@ func deploymentForSliceGatewayEdge(sliceName, depName string) *appsv1.Deployment
 	var replicas int32 = 1
 	var privileged = true
 
-	gwEdgeImg := "aveshatest/kubeslice-gateway-edge:1.0.0"
+	gwEdgeImg := os.Getenv("AVESHA_SLICE_GW_EDGE_IMAGE")
+	if gwEdgeImg == "" {
+		// TODO: Push the default image to aveshalabs nexus
+		gwEdgeImg = "aveshatest/kubeslice-gateway-edge:1.0.0"
+	}
+
 	imgPullPolicy := corev1.PullAlways
 
 	dep := &appsv1.Deployment{
@@ -293,6 +318,10 @@ func (r *SliceReconciler) getSliceGatewayEdgePods(ctx context.Context, sliceName
 	return &healthyGwEdgePods, nil
 }
 
+// Send the mapping between the NodePort number of the VPN service and the clusterIP of that service.
+// The inter-cluster traffic coming into the slice passes through the LB and goes to the edge pod. The edge
+// has to decide which VPN server pod the traffic needs to be forwarded to. The distinction is made using the
+// destination port number of the traffic. It would be the NodePort number of the recipient VPN server.
 func (r *SliceReconciler) syncSliceGwServiceMap(ctx context.Context, slice *kubeslicev1beta1.Slice) error {
 	log := r.Log.WithValues("slice", slice.Name)
 	gwEdgePodList, err := r.getSliceGatewayEdgePods(ctx, slice.Name)
@@ -310,7 +339,7 @@ func (r *SliceReconciler) syncSliceGwServiceMap(ctx context.Context, slice *kube
 		return err
 	}
 
-	// Construct the message structure
+	// Construct the grpc message
 	svcmap := gatewayedge.SliceGwServiceMap{}
 	svcmap.SliceName = slice.Name
 	for _, svc := range sliceGwSvcList.Items {
@@ -379,6 +408,11 @@ func (r *SliceReconciler) ReconcileSliceGwEdge(ctx context.Context, slice *kubes
 		return ctrl.Result{}, nil, false
 	}
 
+	// There would be one slice gateway edge deployment that would handle traffic for all the
+	// cluster pairs of a slice. It is only created on clusters that are marked to be VPN servers.
+	// The edge is a simple passthrough proxy that does not terminate any
+	// network connections, it merely applies NAT rules to redirect traffic to the right slice gateway
+	// server pods.
 	res, err, requeue := r.reconcileSliceGatewayEdgeDeployment(ctx, slice)
 	if err != nil {
 		return ctrl.Result{}, err, true
@@ -387,6 +421,8 @@ func (r *SliceReconciler) ReconcileSliceGwEdge(ctx context.Context, slice *kubes
 		return res, nil, true
 	}
 
+	// The edge needs to know the mapping of port numbers to the clusterIP of the VPN services. It needs this
+	// info to set up the NATing rules.
 	err = r.syncSliceGwServiceMap(ctx, slice)
 	if err != nil {
 		return ctrl.Result{}, err, true

controllers/slicegateway/slicegateway.go

@@ -870,6 +870,7 @@ func (r *SliceGwReconciler) createHeadlessServiceForGwServer(slicegateway *kubes
 
 func (r *SliceGwReconciler) createEndpointForGatewayServer(slicegateway *kubeslicev1beta1.SliceGateway) *corev1.Endpoints {
 	endpointIPs := slicegateway.Status.Config.SliceGatewayRemoteNodeIPs
+	// TODO: Remove the env var that overrides the slicegateway config coming from the controller
 	if slicegateway.Status.Config.SliceGatewayConnectivityType == "LoadBalancer" || os.Getenv("ENABLE_GW_LB_EDGE") != "" {
 		endpointIPs = slicegateway.Status.Config.SliceGatewayServerLBIPs
 		if os.Getenv("GW_LB_IP") != "" {