├── mk
    ├── Version
    ├── Erlangbin.mk
    ├── Erlanglib.mk
    └── Docker.mk
├── include
    └── kube_vxlan_controller.hrl
├── rebar3
├── .gitignore
├── docker
    ├── docker-entrypoint.sh
    └── Dockerfile
├── Makefile
├── priv
    ├── account.sh
    ├── account.yaml
    ├── kube-vxlan-controller.config
    ├── test.yaml
    └── admin_bin
├── config
    ├── sys.config
    └── vm.args
├── src
    ├── kube-vxlan-controller.erl
    ├── kube_vxlan_controller_pod_sup.erl
    ├── kube-vxlan-controller.app.src.script
    ├── kube_vxlan_controller_list.erl
    ├── kube_vxlan_controller_format.erl
    ├── kube_vxlan_controller_sup.erl
    ├── kube_vxlan_controller_db.erl
    ├── kube_vxlan_controller_state.erl
    ├── kube_vxlan_controller_agent.erl
    ├── kube_vxlan_controller_inspect.erl
    ├── kube_vxlan_controller_config.erl
    ├── kube_vxlan_controller_pod_reg.erl
    ├── kube_vxlan_controller_tools.erl
    ├── kube_vxlan_controller_cli.erl
    ├── logger_sys_debug.erl
    ├── kube_vxlan_controller_net.erl
    ├── kube_vxlan_controller_k8s.erl
    ├── kube_vxlan_controller_run.erl
    └── kube_vxlan_controller_pod.erl
├── rebar.config
├── .travis.yml
├── kubernetes
    ├── bundle.yaml
    └── example.yaml
├── LICENSE.md
└── README.md


/mk/Version:
--------------------------------------------------------------------------------
1 | 1.0.0 (git-48184c1)
2 | 


--------------------------------------------------------------------------------
/include/kube_vxlan_controller.hrl:
--------------------------------------------------------------------------------
1 | -record(uid, {id, cycle}).
2 | 


--------------------------------------------------------------------------------
/rebar3:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/openvnf/kube-vxlan-controller/HEAD/rebar3


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | .eunit
 2 | deps
 3 | *.o
 4 | *.beam
 5 | *.plt
 6 | erl_crash.dump
 7 | ebin
 8 | .rebar
 9 | *~
10 | _build
11 | 


--------------------------------------------------------------------------------
/docker/docker-entrypoint.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # copy of configuration files
3 | RELPATH=$(find /opt/kube-vxlan-controller/releases/ -mindepth 1 -maxdepth 1 -type d)
4 | [ -f /config/kube-vxlan-controller/sys.config ] && cp /config/kube-vxlan-controller/sys.config $RELPATH/sys.config
5 | [ -f /config/kube-vxlan-controller/vm.args ] && cp /config/kube-vxlan-controller/vm.args $RELPATH/vm.args
6 | 
7 | exec "$@"
8 | 


--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
 1 | include mk/Erlangbin.mk
 2 | include mk/Docker.mk
 3 | 
 4 | USER = openvnf
 5 | 
 6 | RUN_ARGS = run
 7 | 
 8 | DOCKER_RUN_ARGS_EXTRA = \
 9 |     -v ${PWD}/priv/$(PROJECT).config:/etc/$(PROJECT)/config \
10 |     -v ${PWD}/pki:/var/run/$(PROJECT)/pki \
11 |     -w /var/run/$(PROJECT)
12 | 
13 | ifdef ERLANG_VERSION
14 |     DOCKER_BUILD_ARGS_EXTRA = \
15 |         --build-arg ERLANG_VERSION=$(ERLANG_VERSION)
16 | endif
17 | 


--------------------------------------------------------------------------------
/priv/account.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | kubectl apply -f priv/account.yaml
3 | 
4 | kubectl get -n kube-system secrets/kube-vxlan-controller-token-xbtcs -o=jsonpath='{.data.namespace}' | cut -d " " -f4 | base64 -d > pki/namespace
5 | kubectl get -n kube-system secrets/kube-vxlan-controller-token-xbtcs -o=jsonpath='{.data.ca\.crt}' | cut -d " " -f4 | base64 -d > pki/ca.crt
6 | kubectl get -n kube-system secrets/kube-vxlan-controller-token-xbtcs -o=jsonpath='{.data.token}' | cut -d " " -f4 | base64 -d > pki/token
7 | 


--------------------------------------------------------------------------------
/config/sys.config:
--------------------------------------------------------------------------------
 1 | %-*-Erlang-*-
 2 | [{kernel,
 3 |   [{logger_level, debug},
 4 |    {logger,
 5 |     [{handler, default, logger_std_h,
 6 |       #{level => debug,
 7 | 	formatter =>
 8 | 	    {logger_formatter,
 9 | 	     #{single_line => false,
10 | 	       legacy_header => false,
11 | 	       template => [time," ",pid," ",level,": ",msg,"\n"]
12 | 	      }},
13 | 	config =>
14 | 	    #{sync_mode_qlen => 10000,
15 | 	      drop_mode_qlen => 10000,
16 | 	      flush_qlen     => 10000}
17 |        }
18 |      }
19 |     ]}
20 |   ]}
21 | ].
22 | 


--------------------------------------------------------------------------------
/priv/account.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ServiceAccount
 3 | metadata:
 4 |   name: kube-vxlan-controller
 5 |   namespace: kube-system
 6 | ---
 7 | apiVersion: rbac.authorization.k8s.io/v1beta1
 8 | kind: ClusterRoleBinding
 9 | metadata:
10 |   name: kube-vxlan-controller
11 | roleRef:
12 |   apiGroup: rbac.authorization.k8s.io
13 |   kind: ClusterRole
14 |   name: cluster-admin
15 | subjects:
16 |   - kind: ServiceAccount
17 |     name: kube-vxlan-controller
18 |     namespace: kube-system
19 | ---
20 | apiVersion: v1
21 | kind: ConfigMap
22 | metadata:
23 |   name: kube-vxlan-controller
24 |   namespace: kube-system
25 | data:
26 |   vxeth0: id=100 up
27 |   vxeth1: id=101 up
28 |   vxeth2: id=102 up
29 |   vxeth3: id=103 up


--------------------------------------------------------------------------------
/src/kube-vxlan-controller.erl:
--------------------------------------------------------------------------------
 1 | -module('kube-vxlan-controller').
 2 | 
 3 | -behaviour(application).
 4 | 
 5 | -define(AppSup, kube_vxlan_controller_sup).
 6 | -define(Config, kube_vxlan_controller_config).
 7 | 
 8 | %% Application callbacks
 9 | -export([start/2, stop/1]).
10 | 
11 | %%%===================================================================
12 | %%% Application callbacks
13 | %%%===================================================================
14 | 
15 | start(_StartType, _StartArgs) ->
16 |     case ?Config:load(#{}) of
17 | 	{ok, Config} ->
18 | 	    ?AppSup:start_link(Config);
19 | 	{error, Reason} = Error ->
20 | 	    io:format("~p~n", [Reason]),
21 | 	    Error
22 |     end.
23 | 
24 | stop(_State) ->
25 |     ok.
26 | 


--------------------------------------------------------------------------------
/priv/kube-vxlan-controller.config:
--------------------------------------------------------------------------------
 1 | %-*-Erlang-*-
 2 | [{kernel,
 3 |   [{logger_level, debug},
 4 |    {logger,
 5 |     [{handler, default, logger_std_h,
 6 |       #{level => debug,
 7 | 	formatter =>
 8 | 	    {logger_formatter,
 9 | 	     #{single_line => false,
10 | 	       legacy_header => false,
11 | 	       template => [time," ",pid," ",level,": ",msg,"\n"]
12 | 	      }},
13 | 	config =>
14 | 	    #{sync_mode_qlen => 10000,
15 | 	      drop_mode_qlen => 10000,
16 | 	      flush_qlen     => 10000}
17 |        }
18 |      }
19 |     ]}
20 |   ]},
21 | 
22 |  {'kube-vxlan-controller',
23 |   [{server, "https://127.0.0.1:6443"},
24 |    {ca_cert_file, "pki/ca.crt"},
25 |    {namespace_file, "pki/namespace"},
26 |    {token_file, "pki/token"},
27 |    {selector, "vxlan.travelping.com"},
28 |    {annotation, "vxlan.travelping.com/networks"}
29 |   ]}
30 | ].
31 | 


--------------------------------------------------------------------------------
/src/kube_vxlan_controller_pod_sup.erl:
--------------------------------------------------------------------------------
 1 | -module(kube_vxlan_controller_pod_sup).
 2 | 
 3 | -behaviour(supervisor).
 4 | 
 5 | %% API
 6 | -export([start_link/0, start_pod/3]).
 7 | 
 8 | %% Supervisor callbacks
 9 | -export([init/1]).
10 | 
11 | -define(SERVER, ?MODULE).
12 | -define(Pod, kube_vxlan_controller_pod).
13 | 
14 | %% ===================================================================
15 | %% API functions
16 | %% ===================================================================
17 | 
18 | start_link() ->
19 |     supervisor:start_link({local, ?SERVER}, ?MODULE, []).
20 | 
21 | start_pod(Id, Event, Config) ->
22 |     supervisor:start_child(?SERVER, [Id, Event, Config]).
23 | 
24 | %% ===================================================================
25 | %% Supervisor callbacks
26 | %% ===================================================================
27 | 
28 | init([]) ->
29 |     {ok, {{simple_one_for_one, 5, 10},
30 | 	  [{?Pod, {?Pod, start_link, []}, temporary, 1000, worker, [?Pod]}]}}.
31 | 


--------------------------------------------------------------------------------
/rebar.config:
--------------------------------------------------------------------------------
 1 | %-*-Erlang-*-
 2 | {deps, [{cpflib, {git, "https://github.com/aialferov/cpflib.git", {tag, "master"}}},
 3 | 	{regine, {git, "https://github.com/travelping/regine.git", {branch, "master"}}},
 4 | 	{jsx, {git, "https://github.com/talentdeficit/jsx.git", {tag, "v3.0.0"}}},
 5 | 	{gun, {git, "https://github.com/ninenines/gun.git", {tag, "2.0.0-pre.2"}}}
 6 |        ]}.
 7 | 
 8 | {relx, [{release, {'kube-vxlan-controller', "1.0.0"},
 9 | 	 ['kube-vxlan-controller', inets, cpflib, jsx, gun, regine, sasl]},
10 | 
11 | 	{sys_config, "./config/sys.config"},
12 | 	{vm_args, "./config/vm.args"},
13 | 
14 | 	{mode, prod},
15 | 	{overlay, [
16 | 	    {mkdir, "bin"},
17 | 	    {template, "./priv/admin_bin", "bin/vxlan-admin"}
18 | 	]}
19 | ]}.
20 | 
21 | {shell, [{apps, ['kube-vxlan-controller']},
22 | 	 {config, "priv/kube-vxlan-controller.config"}]}.
23 | 
24 | %% xref checks to run
25 | {xref_checks, [locals_not_used, deprecated_function_calls,
26 | 		deprecated_functions]}.
27 | {xref_queries,
28 |  [{"(XC - UC) || (XU - X - B)", []}]}.
29 | 


--------------------------------------------------------------------------------
/docker/Dockerfile:
--------------------------------------------------------------------------------
 1 | # -- build-environment --
 2 | # see https://docs.docker.com/engine/userguide/eng-image/multistage-build/
 3 | 
 4 | FROM erlang:23.0.4-alpine AS build-env
 5 | LABEL project=kube-vxlan-controller
 6 | 
 7 | WORKDIR /build
 8 | RUN     apk update && apk --no-cache upgrade && \
 9 | 		apk --no-cache add \
10 | 			gcc \
11 | 			git \
12 | 			libc-dev libc-utils \
13 | 			libgcc \
14 | 			linux-headers \
15 | 			make bash \
16 | 			musl-dev musl-utils \
17 | 			ncurses-dev \
18 | 			pcre2 \
19 | 			pkgconf \
20 | 			scanelf \
21 | 			zlib
22 | 
23 | ADD     . /build
24 | RUN     rebar3 as prod release
25 | 
26 | # -- runtime image --
27 | 
28 | FROM alpine:3.11
29 | LABEL project=kube-vxlan-controller
30 | 
31 | WORKDIR /
32 | RUN     apk update && \
33 | 		apk --no-cache upgrade && \
34 | 		apk --no-cache add zlib ncurses-libs libcrypto1.1 tini
35 | 
36 | COPY    docker/docker-entrypoint.sh /
37 | COPY    --from=build-env /build/_build/prod/rel/ /opt/
38 | 
39 | ENTRYPOINT ["tini", "--", "/docker-entrypoint.sh"]
40 | CMD        ["/opt/kube-vxlan-controller/bin/kube-vxlan-controller", "foreground"]
41 | 


--------------------------------------------------------------------------------
/config/vm.args:
--------------------------------------------------------------------------------
 1 | ## Name of the node
 2 | -sname kube-vxlan-controller
 3 | 
 4 | ## Cookie for distributed erlang
 5 | -setcookie kube-vxlan-controller
 6 | 
 7 | ## Heartbeat management; auto-restarts VM if it dies or becomes unresponsive
 8 | ## (Disabled by default..use with caution!)
 9 | ##-heart
10 | 
11 | ## Enable kernel poll and a few async threads
12 | ##+K true
13 | ##+A 5
14 | 
15 | ## Increase number of concurrent ports/sockets
16 | ##-env ERL_MAX_PORTS 4096
17 | 
18 | ## Tweak GC to run more often
19 | ##-env ERL_FULLSWEEP_AFTER 10
20 | 
21 | # +B [c | d | i]
22 | # Option c makes Ctrl-C interrupt the current shell instead of invoking the emulator break
23 | # handler. Option d (same as specifying +B without an extra option) disables the break handler. # Option i makes the emulator ignore any break signal.
24 | # If option c is used with oldshell on Unix, Ctrl-C will restart the shell process rather than
25 | # interrupt it.
26 | # Disable the emulator break handler
27 | # it easy to accidentally type ctrl-c when trying
28 | # to reach for ctrl-d. ctrl-c on a live node can
29 | # have very undesirable results
30 | ##+Bi
31 | 


--------------------------------------------------------------------------------
/src/kube-vxlan-controller.app.src.script:
--------------------------------------------------------------------------------
 1 | {application, 'kube-vxlan-controller', [
 2 |     {description, "Kubernetes VXLAN contoller"},
 3 |     {vsn, "1.0.0"},
 4 |     {modules, []},
 5 |     {applications, [kernel, stdlib, inets, cpflib, jsx, regine, gun]},
 6 |     {mod, {'kube-vxlan-controller', []}},
 7 |     {env, [
 8 | 	{git_sha, lists:sublist(os:cmd("git rev-parse HEAD 2>/dev/null"), 8)},
 9 | 	{config_files, [
10 | 	    "priv/kube-vxlan-controller.config",
11 | 	    "/etc/kube-vxlan-controller/config"
12 | 	]},
13 | 	{db_file, "db/kube-vxlan-controller.db"},
14 | 	{server, "https://kubernetes.default"},
15 | 	{namespace_file, "/var/run/secrets/kubernetes.io/serviceaccount/namespace"},
16 | 	{ca_cert_file, "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"},
17 | 	{token_file, "/var/run/secrets/kubernetes.io/serviceaccount/token"},
18 | 	{selector, "vxlan.default"},
19 | 	{annotation, "vxlan.default/networks"},
20 | 	{configmap_name, "kube-vxlan-controller"},
21 | 	{agent_container_name, "vxlan-controller-agent"},
22 | 	{agent_init_container_name, "vxlan-controller-agent-init"},
23 | 	{fields, "pod,net,fdb"}
24 |     ]}
25 | ]}.
26 | 


--------------------------------------------------------------------------------
/src/kube_vxlan_controller_list.erl:
--------------------------------------------------------------------------------
 1 | -module(kube_vxlan_controller_list).
 2 | 
 3 | -export([
 4 |     pods/1, pods/2
 5 | ]).
 6 | 
 7 | -define(Db, kube_vxlan_controller_db).
 8 | -define(Net, kube_vxlan_controller_net).
 9 | -define(Pod, kube_vxlan_controller_pod).
10 | -define(Tools, kube_vxlan_controller_tools).
11 | 
12 | pods(Config) -> pods([], Config).
13 | 
14 | pods(PodNamePrefixes, Config) ->
15 |     SilentConfig = maps:put(silent, true, Config),
16 | 
17 |     {ok, PodResources} = ?Pod:get({label, maps:get(selector, Config)}, Config),
18 |     Pods = ?Tools:pods(PodResources, ?Db:nets_options(), [], Config),
19 | 
20 |     [io:format("~s/~s ~s ~s~n", [Namespace, PodName, NetName, Ip]) ||
21 |      Pod = #{namespace := Namespace, name := PodName} <- Pods,
22 |      PodNamePrefixes == [] orelse lists:any(
23 |         fun(Prefix) -> lists:prefix(Prefix, PodName) end,
24 |         PodNamePrefixes
25 |      ),
26 |      {NetName, _NetOptions} <- maps:get(nets, Pod),
27 |      Ip <- ips(Pod, NetName, SilentConfig)].
28 | 
29 | ips(Pod, NetName, Config) ->
30 |     case ?Net:ips(Pod, NetName, Config) of
31 |         [] -> [""];
32 |         Ips -> Ips
33 |     end.
34 | 


--------------------------------------------------------------------------------
/src/kube_vxlan_controller_format.erl:
--------------------------------------------------------------------------------
 1 | -module(kube_vxlan_controller_format).
 2 | 
 3 | -export([
 4 |     pod/1,
 5 |     pod_nets/2,
 6 |     pod_net/1,
 7 |     pod_net_options/1,
 8 | 
 9 |     fdb/2,
10 |     dev/2,
11 |     route/2
12 | ]).
13 | 
14 | pod(#{namespace := Namespace, name := Name, ip := Ip}) ->
15 |     format("~s/~s ~s", [Namespace, Name, Ip]).
16 | 
17 | pod_nets(Nets, Ident) ->
18 |     format_list([pod_net(Net) || Net <- Nets], Ident).
19 | 
20 | pod_net({Name, Options}) ->
21 |     format("~s: ~s", [Name, pod_net_options(Options)]).
22 | 
23 | pod_net_options(Options) ->
24 |     string:trim(maps:fold(fun(Name, Value, Acc) ->
25 |         Acc ++ format("~s:~s ", [Name, Value])
26 |     end, "", Options)).
27 | 
28 | dev(Dev, Ident) ->
29 |     format_list([L || [_,_,_|L] <- string:lexemes(Dev, "\n")], Ident).
30 | 
31 | fdb(Fdb, Ident) -> format_list(string:lexemes(Fdb, "\n"), Ident).
32 | route(Route, Ident) -> format_list(string:lexemes(Route, "\n"), Ident).
33 | 
34 | format_list(List, Ident) ->
35 |     IdentString = lists:duplicate(Ident, $ ),
36 |     IdentString ++ lists:join([$\n|IdentString], List).
37 | 
38 | format(Format, Args) -> lists:flatten(io_lib:format(Format, Args)).
39 | 


--------------------------------------------------------------------------------
/priv/test.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: "k8s.cni.cncf.io/v1"
 3 | kind: NetworkAttachmentDefinition
 4 | metadata:
 5 |   name: test0
 6 |   namespace: default
 7 | spec:
 8 |   config: '{
 9 |       "cniVersion": "0.3.1",
10 |       "type": "bridge",
11 |       "bridge": "br-test0",
12 |       "ipam": { }
13 |     }'
14 | ---
15 | apiVersion: apps/v1
16 | kind: Deployment
17 | metadata:
18 |   labels:
19 |     run: vxlan-test
20 |   name: vxlan-test
21 |   namespace: default
22 | spec:
23 |   replicas: 20
24 |   selector:
25 |   selector:
26 |     matchLabels:
27 |       run: vxlan-test
28 |   template:
29 |     metadata:
30 |       labels:
31 |         run: vxlan-test
32 |         vxlan.openvnf.org: "true"
33 |         vxlan.travelping.com: "true"
34 |       annotations:
35 |         vxlan.travelping.com/networks: test0
36 |         k8s.v1.cni.cncf.io/networks: default/test0@test0
37 |     spec:
38 |       initContainers:
39 |       - image: openvnf/kube-vxlan-controller-agent
40 |         resources:
41 |           limits:
42 |             cpu: "1"
43 |             memory: "200Mi"
44 |         name: vxlan-controller-agent-init
45 |         securityContext:
46 |           capabilities:
47 |             add:
48 |             - NET_ADMIN
49 |       containers:
50 |       - image: aialferov/pause
51 |         imagePullPolicy: Always
52 |         name: a
53 |       - image: openvnf/kube-vxlan-controller-agent
54 |         name: vxlan-controller-agent
55 |         securityContext:
56 |           capabilities:
57 |             add:
58 |             - NET_ADMIN
59 | 


--------------------------------------------------------------------------------
/src/kube_vxlan_controller_sup.erl:
--------------------------------------------------------------------------------
 1 | -module(kube_vxlan_controller_sup).
 2 | 
 3 | -behaviour(supervisor).
 4 | 
 5 | -include_lib("kernel/include/logger.hrl").
 6 | 
 7 | -define(Run, kube_vxlan_controller_run).
 8 | -define(K8s, kube_vxlan_controller_k8s).
 9 | -define(PodReg, kube_vxlan_controller_pod_reg).
10 | -define(PodSup, kube_vxlan_controller_pod_sup).
11 | 
12 | %% API
13 | -export([start_link/1]).
14 | 
15 | %% Supervisor callbacks
16 | -export([init/1]).
17 | 
18 | %% Helper macro for declaring children of supervisor
19 | -define(CHILD(I, Type, Args), #{id       => I,
20 | 				start    => {I, start_link, Args},
21 | 				restart  => permanent,
22 | 				shutdown => 5000,
23 | 				type     => Type,
24 | 				modules  => [I]}).
25 | 
26 | %% ===================================================================
27 | %% API functions
28 | %% ===================================================================
29 | 
30 | start_link(Config) ->
31 |     ?LOG(info, "starting ~p with ~p", [?MODULE, Config]),
32 |     supervisor:start_link({local, ?MODULE}, ?MODULE, [Config]).
33 | 
34 | %% ===================================================================
35 | %% Supervisor callbacks
36 | %% ===================================================================
37 | 
38 | init([Config]) ->
39 |     SupFlags =
40 | 	#{strategy  => one_for_one,
41 | 	  intensity => 5,
42 | 	  period    => 10},
43 |     {ok, {SupFlags,
44 | 	  [
45 | 	   ?CHILD(?PodSup, supervisor, []),
46 | 	   ?CHILD(?PodReg, worker, []),
47 | 	   ?CHILD(?K8s, worker, [Config]),
48 | 	   ?CHILD(?Run, worker, [Config])
49 | 	  ]}}.
50 | 


--------------------------------------------------------------------------------
/src/kube_vxlan_controller_db.erl:
--------------------------------------------------------------------------------
 1 | -module(kube_vxlan_controller_db).
 2 | 
 3 | %% API
 4 | -export([nets_options/0, load_db/1]).
 5 | 
 6 | 
 7 | -include_lib("kernel/include/logger.hrl").
 8 | 
 9 | -define(K8s, kube_vxlan_controller_k8s).
10 | -define(Tools, kube_vxlan_controller_tools).
11 | 
12 | -define(TABLENAME, ?MODULE).
13 | 
14 | nets_options() ->
15 |     persistent_term:get(?TABLENAME, #{}).
16 | 
17 | load_db(#{namespace := Namespace,
18 | 	  configmap_name := ConfigMapName} = Config) ->
19 |     Resource = "/api/v1/namespaces/" ++ Namespace ++
20 | 	"/configmaps/" ++ ConfigMapName,
21 |     Db =
22 | 	case ?K8s:http_request(Resource, [], Config) of
23 | 	    {ok, #{data := Data}} ->
24 | 		?LOG(debug, "load VXLAN config ~p", [Data]),
25 | 		maps:fold(fun(NetName, NetOptions, Map) ->
26 | 				  maps:put(atom_to_list(NetName), net_options(NetOptions), Map)
27 | 			  end, #{}, Data);
28 | 	    _ ->
29 | 		#{}
30 | 	end,
31 |     persistent_term:put(?TABLENAME, Db).
32 | 
33 | %%%=========================================================================
34 | %%%  internal functions
35 | %%%=========================================================================
36 | 
37 | net_options(Options) ->
38 |     maps:from_list(net_id_bc([
39 | 	?Tools:pod_read_net_option(Option) ||
40 | 	Option <- string:lexemes(binary_to_list(Options), " ")
41 |     ])).
42 | 
43 | %%% TODO: provided for BC, remove when not needed
44 | net_id_bc(Options) ->
45 |     lists:map(fun({Name, Value}) ->
46 | 	NameString = atom_to_list(Name),
47 | 	try list_to_integer(NameString) of
48 | 	    Id -> {id, integer_to_list(Id)}
49 | 	catch
50 | 	    _:_ -> {Name, Value}
51 | 	end
52 |     end, Options).
53 | %%%
54 | 


--------------------------------------------------------------------------------
/src/kube_vxlan_controller_state.erl:
--------------------------------------------------------------------------------
 1 | -module(kube_vxlan_controller_state).
 2 | 
 3 | -export([
 4 |     is/3,
 5 |     set/3,
 6 |     unset/3,
 7 | 
 8 |     resource_version/1,
 9 |     set_resource_version/2,
10 |     is_resource_version_shown/1,
11 |     set_resource_version_shown/1,
12 |     set_resource_version_unshown/1
13 | ]).
14 | 
15 | is(Event, #{pod_uid := Uid}, State) ->
16 |     sets:is_element(Uid, event(Event, State)).
17 | 
18 | set(Event, #{pod_uid := Uid}, State) ->
19 |     maps:put(Event, sets:add_element(Uid, event(Event, State)), State).
20 | 
21 | unset(Event, #{pod_uid := Uid}, State) ->
22 |     maps:put(Event, sets:del_element(Uid, event(Event, State)), State).
23 | 
24 | event(Event, State) -> maps:get(Event, State, sets:new()).
25 | 
26 | resource_version(State) ->
27 |     maps:get(resource_version, State, "0").
28 | 
29 | set_resource_version(Version, State) when is_integer(Version) ->
30 |     maps:put(resource_version, Version, State);
31 | set_resource_version(#{resource_version := Value}, State)
32 |   when is_integer(Value) ->
33 |     update_resource_version(Value, State);
34 | set_resource_version(#{resourceVersion := Value}, State)
35 |   when is_binary(Value) ->
36 |     update_resource_version(binary_to_integer(Value), State).
37 | 
38 | update_resource_version(Value, State) ->
39 |     OldValue = resource_version(State),
40 |     ProposedValue = Value,
41 | 
42 |     case ProposedValue >= OldValue of
43 |         true ->
44 |             NewValue = ProposedValue + 1,
45 |             NewState = set_resource_version_unshown(State),
46 |             set_resource_version(NewValue, NewState);
47 |         false -> State
48 |     end.
49 | 
50 | is_resource_version_shown(State) ->
51 |     maps:get(resource_version_shown, State, false).
52 | 
53 | set_resource_version_shown(State) ->
54 |     maps:put(resource_version_shown, true, State).
55 | 
56 | set_resource_version_unshown(State) ->
57 |     maps:put(resource_version_shown, false, State).
58 | 


--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
 1 | sudo: required
 2 | dist: bionic
 3 | services:
 4 |   - docker
 5 | git:
 6 |   depth: false
 7 | 
 8 | language: erlang
 9 | 
10 | otp_release:
11 |  - 22.3.4
12 |  - 23.0.2
13 | 
14 | install: "true"
15 | 
16 | env:
17 |   global:
18 |     - BUILD_IMAGE="openvnf/kube-vxlan-controller"
19 |     - DOCKER_USERNAME="openvnfdockhub"
20 |     - secure: "fn9gwy919gluWuCHRtrBd2ggrkVS3SaMVIN3+vJHi8ZpT5d5pnmJ0xD74LiRkL4rcmn4+d3obcSu6lBpyPzi3NJ2FdDXDGBrkpGqfX4WbElMe8pD9+bEZiaONF3RnC1+1VQ+6nMjrFdIDgXomkFjRW7zK4YNTxTqLOYVr4k4i6htYD7MeUwEU31P5as5KYlqAxckamIHS8M/DHijTyTnVCxTrEjbPc/AFF37tBTieyFEyJaUfYtfZ3YM84obWiD4odAsMPX8YLCirgjpz+eyjgdeA7967FmUuuPZjHyzhnBQf1bmEDQG7VVFvjxlcE8BYPrLMv/SRdK+pm5ouL/Wlim8ACPAurH9/xiyisaG1mTEb9h+aEkHXVzW6G3ciYHgPh/OagceZLnW+AyUep4O7Wu9lxdTeMrQ0cAvETOJWQqYlqYwyCYlOKiVRlnEAe0dk6tmTcSMd+jSp0eq5nWKRC2/fGkje3hyWvK7xGKTn6ekZUCDiNidhMbYq+Y9p0M4gw/xNa6z+u17GSNXtZVpvqUF7MQ6GQk9CKeXPz8fyCTg57xUa/BTA3W0twiItVzZRwQB/bN08VPSjuJKde2OxjXD0WQB2j9NCyW3veh7OS3AxxClZNQ1lwcnWP4zc4b/P76NObU+UpIoWILYSvkohUdD62h4McDc9OYks8qMaN8="
21 | 
22 | before_script:
23 |   - wget https://s3.amazonaws.com/rebar3/rebar3
24 |   - chmod u+x ./rebar3
25 | 
26 | script:
27 |   - ./rebar3 compile
28 |   - ./rebar3 do xref
29 | 
30 | jobs:
31 |   include:
32 |     -
33 |     - stage: docker
34 |       otp_release: 23.0.2
35 |       script:
36 |         - docker build -t $BUILD_IMAGE -f docker/Dockerfile .
37 |       after_success:
38 |         - docker login -u="$DOCKER_USERNAME" -p="$DOCKER_PASSWORD"
39 |         - export GIT_DESCRIBE=`git describe`
40 |         - export TAG=`if [ "$TRAVIS_EVENT_TYPE" == "pull_request" ]; then echo PR-$TRAVIS_PULL_REQUEST_BRANCH\_$TRAVIS_PULL_REQUEST_SHA ; else echo $TRAVIS_BRANCH\_$GIT_DESCRIBE ; fi`
41 |         - export TAG=`echo "$TAG" | sed -e 's,/,-,g'`
42 |         - echo "Docker image $BUILD_IMAGE:$TAG"
43 |         - if [ "$TAG" == "master" ]; then export TAG="latest"; fi
44 |         - docker tag $BUILD_IMAGE $BUILD_IMAGE:$TAG
45 |         - docker push $BUILD_IMAGE:$TAG
46 |         - echo "docker push done"
47 | 


--------------------------------------------------------------------------------
/src/kube_vxlan_controller_agent.erl:
--------------------------------------------------------------------------------
 1 | -module(kube_vxlan_controller_agent).
 2 | 
 3 | -export([terminate/2, exec/3]).
 4 | 
 5 | -define(Pod, kube_vxlan_controller_pod).
 6 | 
 7 | terminate(Pod, Config) ->
 8 |     %%% TODO: provided for BC, remove once not needed
 9 |     run(Pod, "touch /run/terminate", Config),
10 |     %%%
11 |     run(Pod, "kill -TERM 1", Config).
12 | 
13 | exec(Pod, Command, Config) ->
14 |     run(Pod, Command, Config).
15 | 
16 | run(#{namespace := Namespace, name := PodName}, Command, Config) ->
17 |     ContainerName = maps:get(agent_container_name, Config),
18 |     ?Pod:exec(Namespace, PodName, ContainerName, Command, Config).
19 | 
20 | %-define(AgentContainerName, <<"vxlan-controller-agent">>).
21 | %-define(AgentImage, <<"aialferov/kube-vxlan-controller-agent">>).
22 | 
23 | %-define(AgentSpec, #{
24 | %  spec => #{
25 | %    template => #{
26 | %      spec => #{
27 | %        containers => [
28 | %          #{name => ?AgentContainerName,
29 | %            image => ?AgentImage}
30 | %        ]}}}
31 | %}).
32 | %
33 | %embed(Namespace, DeploymentName, Config) ->
34 | %    ?LOG(info, "Embedding agent into \"~s\" deployment", [DeploymentName]),
35 | %
36 | %    Resource = "/apis/apps/v1beta2/namespaces/" ++ Namespace ++
37 | %               "/deployments/" ++ binary_to_list(DeploymentName),
38 | %    Headers = [
39 | %        {"Content-Type", <<"application/strategic-merge-patch+json">>}
40 | %    ],
41 | %    Body = jsx:encode(?AgentSpec),
42 | %
43 | %    {ok, Data} = ?K8s:http_request(patch, Resource, [], Headers, Body, Config),
44 | %    ?LOG(info, Data),
45 | %    ok.
46 | %
47 | %get_deployment_name(Namespace, ReplicaSetName) ->
48 | %   ResourceReplicaSet = "/apis/extensions/v1beta1/namespaces/" ++ Namespace ++
49 | %                        "/replicasets/" ++ binary_to_list(ReplicaSetName),
50 | %   {ok, [#{
51 | %     metadata := #{
52 | %       ownerReferences := [#{
53 | %         kind := <<"Deployment">>,
54 | %         name := DeploymentName
55 | %       }|_]
56 | %     }
57 | %   }]} = ?K8s:http_request(ResourceReplicaSet, [], Config),
58 | %   DeploymentName.
59 | 


--------------------------------------------------------------------------------
/kubernetes/bundle.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ServiceAccount
 3 | metadata:
 4 |   name: kube-vxlan-controller
 5 |   namespace: kube-system
 6 | ---
 7 | apiVersion: rbac.authorization.k8s.io/v1beta1
 8 | kind: ClusterRoleBinding
 9 | metadata:
10 |   name: kube-vxlan-controller
11 | roleRef:
12 |   apiGroup: rbac.authorization.k8s.io
13 |   kind: ClusterRole
14 |   name: cluster-admin
15 | subjects:
16 |   - kind: ServiceAccount
17 |     name: kube-vxlan-controller
18 |     namespace: kube-system
19 | ---
20 | apiVersion: v1
21 | kind: ConfigMap
22 | metadata:
23 |   name: kube-vxlan-controller
24 |   namespace: kube-system
25 | data:
26 |   vxeth0: id=100 up
27 |   vxeth1: id=101 up
28 |   vxeth2: id=102 up
29 |   vxeth3: id=103 up
30 | ---
31 | apiVersion: v1
32 | kind: ConfigMap
33 | metadata:
34 |   name: kube-vxlan-controller-config
35 |   namespace: kube-system
36 | data:
37 |   config: |
38 |     [{'kube-vxlan-controller', [
39 |         {db_file, "/usr/share/kube-vxlan-controller/db"},
40 |         {selector, "vxlan.openvnf.org"},
41 |         {annotation, "vxlan.openvnf.org/networks"}
42 |     ]}].
43 | ---
44 | apiVersion: extensions/v1beta1
45 | kind: Deployment
46 | metadata:
47 |   labels:
48 |     run: kube-vxlan-controller
49 |   name: kube-vxlan-controller
50 |   namespace: kube-system
51 | spec:
52 |   template:
53 |     metadata:
54 |       labels:
55 |         run: kube-vxlan-controller
56 |     spec:
57 |       containers:
58 |       - name: kube-vxlan-controller
59 |         image: openvnf/kube-vxlan-controller:latest
60 |         args:
61 |         - run
62 |         volumeMounts:
63 |         - name: kube-vxlan-controller-config
64 |           mountPath: /etc/kube-vxlan-controller
65 |         - name: kube-vxlan-controller-db
66 |           mountPath: /usr/share/kube-vxlan-controller
67 |       volumes:
68 |       - name: kube-vxlan-controller-config
69 |         configMap:
70 |           name: kube-vxlan-controller-config
71 |       - name: kube-vxlan-controller-db
72 |         emptyDir: {}
73 |       serviceAccount: kube-vxlan-controller
74 |       serviceAccountName: kube-vxlan-controller
75 | 


--------------------------------------------------------------------------------
/mk/Erlangbin.mk:
--------------------------------------------------------------------------------
 1 | include mk/Erlanglib.mk
 2 | 
 3 | PREFIX = usr/local
 4 | 
 5 | BINDIR = bin
 6 | BINPATH = $(DESTDIR)/$(PREFIX)/$(BINDIR)
 7 | 
 8 | BIN_PATH = $(BASE_PATH)/bin
 9 | ERL_PATH = $(BASE_PATH)/erl
10 | 
11 | USAGE_PADDING = 16
12 | 
13 | clean::
14 | 	rm -f $(BIN_PATH)/$(PROJECT)
15 | 
16 | install:
17 | 	mkdir -p $(BINPATH)
18 | 	install -p $(BIN_PATH)/$(PROJECT) $(BINPATH)
19 | 
20 | uninstall:
21 | 	rm -f $(BINPATH)/$(PROJECT)
22 | 	rmdir -p $(BINPATH) 2>/dev/null || true
23 | 
24 | run:
25 | 	$(BIN_PATH)/$(PROJECT) $(RUN_ARGS)
26 | 
27 | join:
28 | 	erl \
29 | 		-start_epmd false \
30 | 		-remsh $(PROJECT)@localhost \
31 | 		-sname $(PROJECT)-$$RANDOM \
32 | 		-setcookie $(PROJECT)
33 | 
34 | erlang: compile
35 | 	$(REBAR) erlang
36 | 	$(REBAR) unlock
37 | 
38 | erlang-clean:
39 | 	rm -rf $(ERL_PATH)
40 | 
41 | erlang-install:
42 | 	$(MAKE) -C $(ERL_PATH) install DESTDIR=$(DESTDIR) PREFIX=$(PREFIX)
43 | 
44 | package-ready: clean erlang-clean erlang install erlang-install
45 | 
46 | define usage-erlangbin-targets
47 | 	$(usage-erlanglib-targets)
48 | 	@printf '$(shell printf "    %%-$(USAGE_PADDING)s %%s\\\n%.0s" {1..8})' \
49 | 	install "Install \"$(BIN_PATH)/$(PROJECT)\" to \"$(BINPATH)\"" \
50 | 	uninstall "Remove \"$(BINPATH)/$(PROJECT)\"" \
51 | 	run "Run \"$(BIN_PATH)/$(PROJECT)\"" \
52 | 	join "Attach to the running executable Erlang machine with remote shell" \
53 | 	erlang "Create an Erlang release with runtime and libraries needed to run" \
54 | 	erlang-clean "Remove created Erlang release" \
55 | 	erlang-install \
56 | 		"Install created Erlang release to \"$(DESTDIR)/$(PREFIX)\"" \
57 | 	package-ready "Prepare for packaging"
58 | endef
59 | 
60 | define usage-erlangbin-variables
61 | 	@printf '$(shell printf "    %%-$(USAGE_PADDING)s %%s\\\n%.0s" {1..3})' \
62 | 	RUN_ARGS "Compiled binary run arguments (current: \"$(RUN_ARGS)\")" \
63 | 	DESTDIR "Compiled binary or Erlang release installation chroot (current: \"$(DESTDIR)\")" \
64 | 	PREFIX "Compiled binary or Erlang release installation prefix (current: \"$(PREFIX)\")"
65 | endef
66 | 
67 | define usage
68 | 	@echo "Usage: make <Target> [Variables]"
69 | 	@echo
70 | 	@echo "Targets"
71 | 	$(usage-erlangbin-targets)
72 | 	@echo
73 | 	@echo "Variables"
74 | 	$(usage-erlangbin-variables)
75 | endef
76 | 


--------------------------------------------------------------------------------
/src/kube_vxlan_controller_inspect.erl:
--------------------------------------------------------------------------------
 1 | -module(kube_vxlan_controller_inspect).
 2 | 
 3 | -export([
 4 |     networks/2,
 5 |     nets/2
 6 | ]).
 7 | 
 8 | -define(Db, kube_vxlan_controller_db).
 9 | -define(Net, kube_vxlan_controller_net).
10 | -define(Pod, kube_vxlan_controller_pod).
11 | -define(Agent, kube_vxlan_controller_agent).
12 | -define(Tools, kube_vxlan_controller_tools).
13 | -define(Format, kube_vxlan_controller_format).
14 | 
15 | -define(Fields, ["pod", "net", "fdb", "dev", "route"]).
16 | 
17 | networks(NetNames, Config) -> nets(NetNames, Config).
18 | 
19 | nets(NetNames, Config) ->
20 |     SilentConfig = maps:put(silent, true, Config),
21 | 
22 |     {ok, PodResources} = ?Pod:get({label, maps:get(selector, Config)}, Config),
23 |     Pods = ?Tools:pods(PodResources, ?Db:nets_options(),
24 |                        [{with_nets, NetNames}], Config),
25 |     lists:foreach(fun(NetName) ->
26 |         io:format("[~s]~n", [NetName]),
27 |         lists:foreach(fun(Pod) ->
28 |             show_pod(Pod, NetName, SilentConfig)
29 |         end, Pods)
30 |     end, NetNames).
31 | 
32 | show_pod(Pod = #{nets := Nets}, NetName, Config) ->
33 |     PodNetOptions = proplists:get_value(NetName, Nets, false),
34 |     is_map(PodNetOptions) andalso begin
35 |         CommandFdb = ?Net:cmd("bridge fdb show dev ~s", [name], Pod, NetName),
36 |         CommandDev = ?Net:cmd("ip -d addr show dev ~s", [name], Pod, NetName),
37 |         CommandRoute = ?Net:cmd("ip route show dev ~s", [name], Pod, NetName),
38 | 
39 |         FormatFun = fun(Field) ->
40 |             [$ |Field] ++ ": ~s~n"
41 |         end,
42 |         ArgFun = fun
43 |             ("pod") -> ?Format:pod(Pod);
44 |             ("net") -> ?Format:pod_net_options(PodNetOptions);
45 |             ("fdb") ->
46 |                 Fdb = ?Agent:exec(Pod, CommandFdb, Config),
47 |                 string:trim(?Format:fdb(Fdb, 6));
48 |             ("dev") ->
49 |                 Dev = ?Agent:exec(Pod, CommandDev, Config),
50 |                 string:trim(?Format:dev(Dev, 6));
51 |             ("route") ->
52 |                 Route = ?Agent:exec(Pod, CommandRoute, Config),
53 |                 string:trim(?Format:route(Route, 8))
54 |         end,
55 | 
56 |         Fields = read_fields(maps:get(fields, Config)),
57 |         Format = lists:flatten(lists:map(FormatFun, Fields)) ++ "~n",
58 |         Args = lists:map(ArgFun, Fields),
59 | 
60 |         io:format(Format, Args)
61 |     end.
62 | 
63 | read_fields("all") -> ?Fields;
64 | read_fields(Fields) ->
65 |     [Field || Field <- string:lexemes(Fields, ","),
66 |      lists:member(Field, ?Fields)].
67 | 


--------------------------------------------------------------------------------
/mk/Erlanglib.mk:
--------------------------------------------------------------------------------
 1 | PROJECT = $(shell grep {application, src/*.script | cut -d" " -f2 | tr -d "',")
 2 | VERSION = $(shell grep {vsn, src/$(PROJECT).app.src.script | cut -d\" -f2)
 3 | GIT_SHA = $(shell git rev-parse HEAD | cut -c1-8)
 4 | 
 5 | REBAR = $(shell which ./rebar3 || which rebar3)
 6 | 
 7 | BASE_PATH = _build/default
 8 | 
 9 | LIB_PATH = $(BASE_PATH)/lib
10 | PLUGIN_PATH = $(BASE_PATH)/plugins
11 | 
12 | CT_SUITES_PATH = $(LIB_PATH)/$(PROJECT)/ebin
13 | CT_LOG_PATH = $(BASE_PATH)/ct_logs
14 | 
15 | UNAME = $(shell uname)
16 | 
17 | ifeq ($(UNAME), Darwin)
18 |     CT_OPEN_CMD = open
19 | endif
20 | ifeq ($(UNAME), Linux)
21 |     CT_OPEN_CMD = xdg-open
22 | endif
23 | 
24 | USAGE_PADDING = 14
25 | 
26 | compile:
27 | 	$(REBAR) compile
28 | 	$(REBAR) unlock
29 | 
30 | check:
31 | 	$(REBAR) eunit
32 | 
33 | clean::
34 | 	find $(LIB_PATH) -type f \
35 | 		-name \*.beam -o -name \*.app -o -name erlcinfo | xargs rm -f
36 | 	find $(LIB_PATH) -type d \
37 | 		-name .rebar3 -o -name ebin | xargs rmdir 2>/dev/null || true
38 | 	find $(PLUGIN_PATH) -type f \
39 | 		-name \*.beam -o -name \*.app -o -name erlcinfo | xargs rm -f
40 | 	find $(PLUGIN_PATH) -type d \
41 | 		-name .rebar3 -o -name ebin | xargs rmdir 2>/dev/null || true
42 | 
43 | distclean:
44 | 	rm -rf _build
45 | 
46 | shell:
47 | 	$(REBAR) shell
48 | 	$(REBAR) unlock
49 | 
50 | deps:
51 | 	$(REBAR) get-deps
52 | 	$(REBAR) unlock
53 | 
54 | upgrade:
55 | 	$(REBAR) upgrade
56 | 	$(REBAR) unlock
57 | 
58 | ct:
59 | 	$(REBAR) ct \
60 | 		--dir $(CT_SUITES_PATH) \
61 | 		--logdir $(CT_LOG_PATH)
62 | 
63 | ct-open:
64 | 	$(CT_OPEN_CMD) $(CT_LOG_PATH)/index.html
65 | 
66 | git-release:
67 | 	git tag -a $(VERSION)
68 | 	git push origin $(VERSION)
69 | 
70 | version:
71 | 	@echo "Version $(VERSION) (git-$(GIT_SHA))"
72 | 
73 | help: usage
74 | usage:
75 | 	$(usage)
76 | 
77 | define usage-erlanglib-targets
78 | 	@printf '$(shell printf "    %%-$(USAGE_PADDING)s %%s\\\n%.0s" {1..11})' \
79 | 	compile \
80 | 		"Compile including downloading and compiling dependencies (default)" \
81 | 	check "Run EUnit based unit tests" \
82 | 	clean "Remove all the compilation artefacts" \
83 | 	distclean "Remove the \"_build\" directory recursively" \
84 | 	shell "Run Erlang shell with all the modules compiled and loaded" \
85 | 	deps "Download dependencies" \
86 | 	upgrade "Upgrade dependencies" \
87 | 	ct "Run Erlang Common Tests" \
88 | 	ct-open "Open browser with Common Tests results" \
89 | 	git-release "Create and push a git tag named after current version" \
90 | 	version "Print current version and git SHA"
91 | endef
92 | 
93 | define usage
94 | 	@echo "Usage: make <Target>"
95 | 	@echo
96 | 	@echo "Targets"
97 | 	$(usage-erlanglib-targets)
98 | endef
99 | 


--------------------------------------------------------------------------------
/kubernetes/example.yaml:
--------------------------------------------------------------------------------
  1 | apiVersion: extensions/v1beta1
  2 | kind: Deployment
  3 | metadata:
  4 |   name: a
  5 | spec:
  6 |   template:
  7 |     metadata:
  8 |       labels:
  9 |         run: a
 10 |         vxlan.openvnf.org: "true"
 11 |       annotations:
 12 |         vxlan.openvnf.org/networks: |
 13 |           vxeth1
 14 |             ip=192.168.11.2/29
 15 |             route=192.168.12.0/29:192.168.11.1
 16 |     spec:
 17 |       initContainers:
 18 |       - image: openvnf/kube-vxlan-controller-agent
 19 |         name: vxlan-controller-agent-init
 20 |         securityContext:
 21 |           capabilities:
 22 |             add:
 23 |             - NET_ADMIN
 24 |       containers:
 25 |       - image: aialferov/pause
 26 |         imagePullPolicy: Always
 27 |         name: a
 28 |       - image: openvnf/kube-vxlan-controller-agent
 29 |         name: vxlan-controller-agent
 30 |         securityContext:
 31 |           capabilities:
 32 |             add:
 33 |             - NET_ADMIN
 34 | ---
 35 | apiVersion: extensions/v1beta1
 36 | kind: Deployment
 37 | metadata:
 38 |   name: b
 39 | spec:
 40 |   template:
 41 |     metadata:
 42 |       labels:
 43 |         run: b
 44 |         vxlan.openvnf.org: "true"
 45 |       annotations:
 46 |         vxlan.openvnf.org/networks: |
 47 |           vxeth2
 48 |             ip=192.168.12.2/29
 49 |             route=192.168.11.0/29:192.168.12.1
 50 |     spec:
 51 |       initContainers:
 52 |       - image: openvnf/kube-vxlan-controller-agent
 53 |         name: vxlan-controller-agent-init
 54 |         securityContext:
 55 |           capabilities:
 56 |             add:
 57 |             - NET_ADMIN
 58 |       containers:
 59 |       - image: aialferov/pause
 60 |         imagePullPolicy: Always
 61 |         name: b
 62 |       - image: openvnf/kube-vxlan-controller-agent
 63 |         name: vxlan-controller-agent
 64 |         securityContext:
 65 |           capabilities:
 66 |             add:
 67 |             - NET_ADMIN
 68 | ---
 69 | apiVersion: extensions/v1beta1
 70 | kind: Deployment
 71 | metadata:
 72 |   name: gw
 73 | spec:
 74 |   template:
 75 |     metadata:
 76 |       labels:
 77 |         run: gw
 78 |         vxlan.openvnf.org: "true"
 79 |       annotations:
 80 |         vxlan.openvnf.org/networks: |
 81 |           vxeth1 ip=192.168.11.1/29
 82 |           vxeth2 ip=192.168.12.1/29
 83 |     spec:
 84 |       initContainers:
 85 |       - image: openvnf/kube-vxlan-controller-agent
 86 |         name: vxlan-controller-agent-init
 87 |         securityContext:
 88 |           capabilities:
 89 |             add:
 90 |             - NET_ADMIN
 91 |       containers:
 92 |       - image: aialferov/pause
 93 |         imagePullPolicy: Always
 94 |         name: gw
 95 |       - image: openvnf/kube-vxlan-controller-agent
 96 |         name: vxlan-controller-agent
 97 |         securityContext:
 98 |           capabilities:
 99 |             add:
100 |             - NET_ADMIN
101 | 


--------------------------------------------------------------------------------
/src/kube_vxlan_controller_config.erl:
--------------------------------------------------------------------------------
  1 | -module(kube_vxlan_controller_config).
  2 | 
  3 | -export([
  4 |     load/0, load/1,
  5 | 
  6 |     init/0,
  7 | 
  8 |     read/1,
  9 |     build/1,
 10 |     validate/1,
 11 | 
 12 |     version/0
 13 | ]).
 14 | 
 15 | -include_lib("kernel/include/logger.hrl").
 16 | 
 17 | -define(App, 'kube-vxlan-controller').
 18 | 
 19 | -define(OsEnvPrefix, "KVC_").
 20 | 
 21 | -define(ConfigKeys, [
 22 |     server,
 23 |     ca_cert_file,
 24 |     token,
 25 |     token_file,
 26 |     namespace,
 27 |     namespace_file,
 28 |     selector,
 29 |     annotation,
 30 |     configmap_name,
 31 |     agent_container_name,
 32 |     agent_init_container_name,
 33 |     db_file,
 34 |     fields
 35 | ]).
 36 | 
 37 | load() -> load(#{}).
 38 | load(Args) -> cpf_funs:apply_while([
 39 |     {init, fun init/0, []},
 40 |     {read, fun read/1, [Args]},
 41 |     {build, fun build/1, [{read}]},
 42 |     {validate, fun validate/1, [{build}]}
 43 | ]).
 44 | 
 45 | init() -> cpf_env:load(application:get_env(?App, config_files, [])).
 46 | 
 47 | read(Args) -> lists:foldl(fun read_args/2, Args, ?ConfigKeys).
 48 | 
 49 | read_args(Key, Config) ->
 50 |     case maps:find(Key, Config) of
 51 |         {ok, Value} -> maps:put(Key, {Value, arg}, Config);
 52 |         error -> read_env(Key, Config)
 53 |     end.
 54 | 
 55 | read_env(Key, Config) ->
 56 |     case os:getenv(?OsEnvPrefix ++ string:uppercase(atom_to_list(Key))) of
 57 |         Value when is_list(Value) -> maps:put(Key, {Value, env}, Config);
 58 |         false -> read_cfg(Key, Config)
 59 |     end.
 60 | 
 61 | read_cfg(Key, Config) ->
 62 |     case application:get_env(?App, Key) of
 63 |         {ok, Value} -> maps:put(Key, {Value, cfg}, Config);
 64 |         undefined -> Config
 65 |     end.
 66 | 
 67 | build(Config) -> cpf_funs:apply_while([
 68 |     {annotation, fun build/2, [annotation, unsource(Config)]},
 69 |     {token, fun build/2, [token, {annotation}]},
 70 |     {namespace, fun build/2, [namespace, {token}]}
 71 | ]).
 72 | 
 73 | build(annotation, Config) ->
 74 |     maps:put(annotation, list_to_atom(maps:get(annotation, Config)), Config);
 75 | 
 76 | build(token, Config) -> build_from_file(token, Config);
 77 | build(namespace, Config) -> build_from_file(namespace, Config).
 78 | 
 79 | validate(Config) -> {ok, Config}.
 80 | 
 81 | unsource(Config) -> maps:map(fun
 82 |     (_Key, {Value, _Source}) -> Value;
 83 |     (_Key, Value) -> Value
 84 | end, Config).
 85 | 
 86 | build_from_file(Key, Config) ->
 87 |     FileKey = list_to_atom(atom_to_list(Key) ++ "_file"),
 88 |     case maps:is_key(Key, Config) of
 89 |         true -> {ok, maps:remove(FileKey, Config)};
 90 |         false -> case maps:find(FileKey, Config) of
 91 |             {ok, FileName} ->
 92 |                 NewConfig = maps:remove(FileKey, Config),
 93 |                 maps_put_file(Key, FileName, NewConfig);
 94 |             error -> {ok, Config}
 95 |         end
 96 |     end.
 97 | 
 98 | version() ->
 99 |     {ok, Vsn} = application:get_key(?App, vsn),
100 |     {ok, GitSha} = application:get_env(?App, git_sha),
101 |     {Vsn, GitSha}.
102 | 
103 | maps_put_file(Key, FileName, Map) ->
104 |     case file:read_file(FileName) of
105 |         {ok, Binary} -> {ok, maps:put(Key, binary_to_list(Binary), Map)};
106 |         {error, Reason} -> {error, {Reason, FileName}}
107 |     end.
108 | 


--------------------------------------------------------------------------------
/mk/Docker.mk:
--------------------------------------------------------------------------------
  1 | REGISTRY = docker.io
  2 | 
  3 | IMAGE = $(REGISTRY)/$(USER)/$(PROJECT):$(VERSION)
  4 | IMAGE_LATEST = $(REGISTRY)/$(USER)/$(PROJECT):latest
  5 | 
  6 | DOCKER_RUN_ARGS = -it --rm --name $(PROJECT)
  7 | DOCKER_BUILD_ARGS = . -t $(IMAGE)
  8 | 
  9 | DOCKER_USAGE_PADDING = 24
 10 | 
 11 | docker-build:
 12 | 	docker build $(DOCKER_BUILD_ARGS_EXTRA) $(DOCKER_BUILD_ARGS)
 13 | 
 14 | docker-push:
 15 | 	docker push $(IMAGE)
 16 | 
 17 | docker-release: docker-local-release docker-push
 18 | 	docker push $(IMAGE_LATEST)
 19 | 
 20 | docker-local-release:
 21 | 	docker tag $(IMAGE) $(IMAGE_LATEST)
 22 | 
 23 | docker-run:
 24 | 	docker run $(DOCKER_RUN_ARGS) $(DOCKER_RUN_ARGS_EXTRA) $(IMAGE) $(RUN_ARGS)
 25 | 
 26 | docker-run-d:
 27 | 	docker run -d $(DOCKER_RUN_ARGS) $(DOCKER_RUN_ARGS_EXTRA) $(IMAGE) $(RUN_ARGS)
 28 | 
 29 | docker-stop:
 30 | 	docker stop $(DOCKER_STOP_ARGS) $(PROJECT)
 31 | 
 32 | docker-join:
 33 | 	docker exec \
 34 | 		-it $(PROJECT) \
 35 | 		erl \
 36 | 			-start_epmd false \
 37 | 			-remsh $(PROJECT)@localhost \
 38 | 			-sname $(PROJECT)-$$RANDOM \
 39 | 			-setcookie $(PROJECT)
 40 | 
 41 | docker-shell:
 42 | 	docker exec -it $(PROJECT) sh
 43 | 
 44 | docker-attach:
 45 | 	docker attach $(PROJECT)
 46 | 
 47 | docker-logs:
 48 | 	docker logs $(PROJECT)
 49 | 
 50 | docker-logs-f:
 51 | 	docker logs -f $(PROJECT)
 52 | 
 53 | docker-clean:
 54 | 	docker system prune -f --filter label=project=$(PROJECT)
 55 | 
 56 | docker-distclean: docker-clean
 57 | 	docker rmi $(IMAGE_LATEST) $(IMAGE) 2>/dev/null || true
 58 | 
 59 | docker-help: docker-usage
 60 | docker-usage:
 61 | 	@echo "Usage: make <Target> [Variables]"
 62 | 	@echo
 63 | 	@echo "Targets"
 64 | 	$(usage-docker-targets)
 65 | 	@echo
 66 | 	@echo "Variables"
 67 | 	$(usage-docker-variables)
 68 | 
 69 | define usage-docker-targets
 70 | 	@printf \
 71 | 		'$(shell printf "    %%-$(DOCKER_USAGE_PADDING)s %%s\\\n%.0s" {1..14})'\
 72 | 	docker-build "Build image \"$(IMAGE)\"" \
 73 | 	docker-push "Push image \"$(IMAGE)\"" \
 74 | 	docker-local-release "Tag \"$(IMAGE)\" as \"$(IMAGE_LATEST)\"" \
 75 | 	docker-release "Same as \"docker-local-release\" and push both images" \
 76 | 	docker-run "Run \"$(IMAGE)\" as container \"$(PROJECT)\""  \
 77 | 	docker-run-d "Same as \"docker-run\" but run in background" \
 78 | 	docker-stop "Stop and remove running container \"$(PROJECT)\"" \
 79 | 	docker-join \
 80 | 		"Remsh to Erlang application in running container \"$(PROJECT)\"" \
 81 | 	docker-shell "Exec shell in running container \"$(PROJECT)\"" \
 82 | 	docker-attach "Attach to running container \"$(PROJECT)\"" \
 83 | 	docker-logs "Print running \"$(PROJECT)\" container logs" \
 84 | 	docker-logs-f "Same as \"docker-logs\" but follow log output" \
 85 | 	docker-clean "Prune everything with label \"project=$(PROJECT)\"" \
 86 | 	docker-distclean "Remove images \"$(IMAGE)\" and \"$(IMAGE_LATEST)\""
 87 | endef
 88 | 
 89 | define usage-docker-variables
 90 | 	@printf \
 91 | 		'$(shell printf "    %%-$(DOCKER_USAGE_PADDING)s %%s\\\n%.0s" {1..9})' \
 92 | 	REGISTRY "Docker registry (current: \"$(REGISTRY)\")" \
 93 | 	USER "Used as Docker ID (current: \"$(USER)\")" \
 94 | 	PROJECT \
 95 | 		"Used as image and running container name (current: \"$(PROJECT)\")" \
 96 | 	VERSION "Version (current: \"$(VERSION)\")" \
 97 | 	RUN_ARGS "Container entrypoint arguments (current: \"$(RUN_ARGS)\")" \
 98 | 	DOCKER_RUN_ARGS \
 99 | 		"Container running arguments (current: \"$(DOCKER_RUN_ARGS)\")" \
100 | 	DOCKER_RUN_ARGS_EXTRA \
101 | 		"Appends to DOCKER_RUN_ARGS (current: \"$(DOCKER_RUN_ARGS_EXTRA)\")" \
102 | 	DOCKER_BUILD_ARGS \
103 | 		"Image building arguments (current: \"$(DOCKER_BUILD_ARGS)\")" \
104 | 	DOCKER_BUILD_ARGS_EXTRA \
105 | 		"Prepends to DOCKER_BUILD_ARGS (current: \"$(DOCKER_BUILD_ARGS_EXTRA)\")"
106 | endef
107 | 


--------------------------------------------------------------------------------
/src/kube_vxlan_controller_pod_reg.erl:
--------------------------------------------------------------------------------
  1 | -module(kube_vxlan_controller_pod_reg).
  2 | 
  3 | -behaviour(regine_server).
  4 | 
  5 | %% API
  6 | -export([start_link/0]).
  7 | -export([register/2, unregister/1, lookup/1, set/2, unset/1]).
  8 | -export([process_event/3, clear/0, all/0, all/1]).
  9 | 
 10 | %% regine_server callbacks
 11 | -export([init/1, handle_register/4, handle_unregister/3, handle_pid_remove/3,
 12 | 	 handle_death/3, handle_call/3, terminate/2]).
 13 | 
 14 | %% --------------------------------------------------------------------
 15 | %% Include files
 16 | %% --------------------------------------------------------------------
 17 | 
 18 | -include_lib("stdlib/include/ms_transform.hrl").
 19 | -include_lib("kernel/include/logger.hrl").
 20 | -include("include/kube_vxlan_controller.hrl").
 21 | 
 22 | -define(SERVER, ?MODULE).
 23 | -define(Pod, kube_vxlan_controller_pod).
 24 | -define(PodSup, kube_vxlan_controller_pod_sup).
 25 | 
 26 | %%%===================================================================
 27 | %%% API
 28 | %%%===================================================================
 29 | 
 30 | start_link() ->
 31 |     regine_server:start_link({local, ?SERVER}, ?MODULE, []).
 32 | 
 33 | register(Key, Pid) when is_pid(Pid) ->
 34 |     regine_server:register(?SERVER, Pid, Key, undefined).
 35 | unregister(Key) ->
 36 |     regine_server:unregister(?SERVER, Key, undefined).
 37 | 
 38 | set(Key, Value) ->
 39 |     regine_server:call(?SERVER, {set, Key, Value}).
 40 | 
 41 | unset(Key) ->
 42 |     regine_server:call(?SERVER, {set, Key, undefined}).
 43 | 
 44 | lookup(Key) ->
 45 |     case ets:lookup(?SERVER, Key) of
 46 | 	[{Key, Pid, _}] ->
 47 | 	    {ok, Pid};
 48 | 	_ ->
 49 | 	    {error, not_found}
 50 |     end.
 51 | 
 52 | clear() ->
 53 |     regine_server:call(?SERVER, clear).
 54 | 
 55 | all(Cycle) ->
 56 |     Ms = ets:fun2ms(fun({#uid{cycle = C}, _, Pod}) when C =:= Cycle, is_map(Pod) -> Pod end),
 57 |     ets:select(?SERVER, Ms).
 58 | 
 59 | all() ->
 60 |     ets:tab2list(?SERVER).
 61 | 
 62 | process_event(Id, Event, Config) ->
 63 |     case lookup(Id) of
 64 | 	{ok, Pid} ->
 65 | 	    Pid ! Event;
 66 | 	_ ->
 67 | 	    regine_server:call(?SERVER, {process_event, Id, Event, Config})
 68 |     end.
 69 | 
 70 | 
 71 | %%%===================================================================
 72 | %%% regine callbacks
 73 | %%%===================================================================
 74 | 
 75 | init([]) ->
 76 |     ets:new(?SERVER, [ordered_set, named_table, public, {keypos, 1}]),
 77 |     {ok, #{}}.
 78 | 
 79 | handle_register(Pid, Id, Value, State) ->
 80 |     case ets:insert_new(?SERVER, {Id, Pid, Value}) of
 81 | 	true ->  {ok, [Id], State};
 82 | 	false -> {error, duplicate}
 83 |     end.
 84 | 
 85 | handle_unregister(Key, _Value, State) ->
 86 |     unregister(Key, State).
 87 | 
 88 | handle_pid_remove(_Pid, Keys, State) ->
 89 |     lists:foreach(fun(Key) -> ets:delete(?SERVER, Key) end, Keys),
 90 |     maps:without(Keys, State).
 91 | 
 92 | handle_death(_Pid, _Reason, State) ->
 93 |     State.
 94 | 
 95 | handle_call({set, Key, Value}, _From, State) ->
 96 |     Result = ets:update_element(?SERVER, Key, {3, Value}),
 97 |     {reply, Result, State};
 98 | 
 99 | handle_call(clear, _From, State) ->
100 |     [?Pod:stop(Pid) || {_, Pid, _} <- ets:tab2list(?SERVER)],
101 |     ets:delete_all_objects(?SERVER),
102 |     {reply, ok, State};
103 | 
104 | handle_call({process_event, Id, Event, Config}, _From, State) ->
105 |     case lookup(Id) of
106 | 	{ok, Pid} ->
107 |             Pid ! Event,
108 |             {reply, ok, State};
109 | 	_Other ->
110 |             start_pod(Id, Event, Config, State)
111 |     end.
112 | 
113 | terminate(_Reason, _State) ->
114 |     ok.
115 | 
116 | %%%===================================================================
117 | %%% Internal functions
118 | %%%===================================================================
119 | 
120 | start_pod(Id, Event, Config, State) ->
121 |     case ?PodSup:start_pod(Id, Event, Config) of
122 | 	{ok, Pid} ->
123 |             {reply, ok, State, [{register, Pid, Id, undefined}]};
124 | 	Other ->
125 | 	    ?LOG(debug, "failed to start pod for ~p with ~p", [Id, Other]),
126 |             {reply, Other, State}
127 |     end.
128 | 
129 | unregister(Key, State) ->
130 |     Pids = [Pid || {_, Pid, _} <- ets:take(?SERVER, Key)],
131 |     {Pids, maps:remove(Key, State)}.
132 | 


--------------------------------------------------------------------------------
/src/kube_vxlan_controller_tools.erl:
--------------------------------------------------------------------------------
  1 | -module(kube_vxlan_controller_tools).
  2 | 
  3 | -include_lib("kernel/include/logger.hrl").
  4 | 
  5 | -export([
  6 |     pods/2,
  7 |     pods/4,
  8 |     pod/4,
  9 | 
 10 |     pod_nets_data/2,
 11 |     pod_nets/2,
 12 | 
 13 |     pod_read_net_option/1,
 14 |     pod_container_state/2
 15 | ]).
 16 | 
 17 | -define(NetType, "vxlan").
 18 | -define(NetDev, "eth0").
 19 | 
 20 | pods(Pods, Filters) ->
 21 |     lists:filtermap(
 22 |       fun(Pod) -> pod_apply_filters(Pod, Filters) end, Pods).
 23 | 
 24 | pods(PodResources, GlobalNetsOptions, Filters, Config) ->
 25 |     lists:filtermap(fun(PodResource) ->
 26 |         pod(PodResource, GlobalNetsOptions, Filters, Config)
 27 |     end, PodResources).
 28 | 
 29 | pod(#{
 30 |     metadata := #{
 31 |       namespace := Namespace,
 32 |       name := PodName,
 33 |       annotations := Annotations
 34 |     },
 35 |     status := Status
 36 | }, GlobalNetsOptions, Filters, Config) ->
 37 |     IsAgentRunning = is_agent_running(Status, Config),
 38 |     IsAgentRunning andalso begin
 39 |         NetsData = pod_nets_data(Annotations, Config),
 40 |         Pod = #{
 41 |             namespace => binary_to_list(Namespace),
 42 |             name => binary_to_list(PodName),
 43 |             ip => binary_to_list(maps:get(podIP, Status, <<>>)),
 44 |             nets => pod_nets(NetsData, GlobalNetsOptions)
 45 |         },
 46 |         pod_apply_filters(Pod, Filters)
 47 |     end.
 48 | 
 49 | pod_apply_filters(Pod, Filters) ->
 50 |     lists:foldl(fun pod_apply_filter/2, {true, Pod}, Filters).
 51 | 
 52 | pod_apply_filter({with_pods, PodNames}, {true, Pod}) ->
 53 |     IsMember = lists:member(maps:get(name, Pod), PodNames),
 54 |     IsMember andalso {true, Pod};
 55 | 
 56 | pod_apply_filter({without_pods, PodNames}, {true, Pod}) ->
 57 |     IsNotMember = not lists:member(maps:get(name, Pod), PodNames),
 58 |     IsNotMember andalso {true, Pod};
 59 | 
 60 | pod_apply_filter({with_nets, NetNames}, {true, Pod}) ->
 61 |     PodNets = [Net || Net = {NetName, _NetOptions} <- maps:get(nets, Pod),
 62 |                lists:member(NetName, NetNames)],
 63 |     PodNets /= [] andalso {true, maps:put(nets, PodNets, Pod)};
 64 | 
 65 | pod_apply_filter(_Filter, false) -> false.
 66 | 
 67 | pod_nets_data(Annotations, Config) ->
 68 |     binary_to_list(maps:get(maps:get(annotation, Config), Annotations, <<>>)).
 69 | 
 70 | pod_nets(NetsData, GlobalNetsOptions) ->
 71 |     TokensString = re:replace(NetsData, "\\h*,\\h*", ",",
 72 |                               [global, {return, list}]),
 73 |     Tokens = string:lexemes(TokensString, ",\n"),
 74 |     Nets = lists:reverse(lists:foldl(fun pod_nets_build/2, [], Tokens)),
 75 |     pod_nets_apply_global_options(GlobalNetsOptions, Nets).
 76 | 
 77 | pod_nets_build(Token = [$ |_], [Net|Nets]) ->
 78 |     [pod_net_add_options(string:lexemes(Token, " "), Net)|Nets];
 79 | 
 80 | pod_nets_build(Token, Nets) ->
 81 |     [NetName|NetOptions] = string:lexemes(Token, " "),
 82 |     [pod_net_add_options(NetOptions, pod_net_new(NetName))|Nets].
 83 | 
 84 | pod_net_new(NetName) ->
 85 |     {NetName, #{
 86 |         name => NetName,
 87 |         type => ?NetType,
 88 |         dev => ?NetDev
 89 |     }}.
 90 | 
 91 | pod_net_add_options(Options, Net) ->
 92 |     lists:foldl(fun pod_net_add_option/2, Net, Options).
 93 | 
 94 | pod_net_add_option(Option, {NetName, NetOptions}) ->
 95 |     {OptionName, OptionValue} = pod_read_net_option(Option),
 96 |     {NetName, maps:put(OptionName, OptionValue, NetOptions)}.
 97 | 
 98 | pod_read_net_option(Option) ->
 99 |     [Name|Value] = string:split(Option, "="),
100 |     {list_to_atom(Name), case Value of
101 |         [] -> true;
102 |         ["true"] -> true;
103 |         ["false"] -> false;
104 |         Value -> lists:flatten(Value)
105 |      end}.
106 | 
107 | pod_nets_apply_global_options(GlobalNetsOptions, Nets) ->
108 |     lists:filtermap(fun({NetName, NetOptions}) ->
109 |         GlobalNetOptions = maps:get(NetName, GlobalNetsOptions, #{}),
110 |         MergedNetOptions = maps:merge(GlobalNetOptions, NetOptions),
111 |         maps:is_key(id, MergedNetOptions) andalso
112 |             {true, {NetName, MergedNetOptions}}
113 |     end, Nets).
114 | 
115 | is_agent_running(Status, Config) ->
116 |     ContainerName = maps:get(agent_container_name, Config),
117 |     ContainerStatuses = maps:get(containerStatuses, Status, []),
118 |     pod_container_state(ContainerName, ContainerStatuses) == running.
119 | 
120 | pod_container_state(_Name, []) -> unknown;
121 | pod_container_state(Name, Statuses) ->
122 |     case [maps:keys(maps:get(state, Status)) || Status <- Statuses,
123 |           maps:get(name, Status) == list_to_binary(Name)]
124 |     of
125 |         [[State]] -> State;
126 |         [] -> unknown
127 |     end.
128 | 


--------------------------------------------------------------------------------
/priv/admin_bin:
--------------------------------------------------------------------------------
  1 | #!/bin/sh
  2 | 
  3 | # /bin/sh on Solaris is not a POSIX compatible shell, but /usr/bin/ksh is.
  4 | if [ `uname -s` = 'SunOS' -a "${POSIX_SHELL}" != "true" ]; then
  5 |     POSIX_SHELL="true"
  6 |     export POSIX_SHELL
  7 |     # To support 'whoami' add /usr/ucb to path
  8 |     PATH=/usr/ucb:$PATH
  9 |     export PATH
 10 |     exec /usr/bin/ksh $0 "$@"
 11 | fi
 12 | unset POSIX_SHELL # clear it so if we invoke other scripts, they run as ksh as well
 13 | 
 14 | 
 15 | SCRIPT=$(readlink $0 || true)
 16 | if [ -z $SCRIPT ]; then
 17 |     SCRIPT=$0
 18 | fi;
 19 | 
 20 | 
 21 | SCRIPT_DIR="$(cd `dirname "$SCRIPT"` && pwd -P)"
 22 | RELEASE_ROOT_DIR="$(cd "$SCRIPT_DIR/.." && pwd -P)"
 23 | REL_NAME="{{ release_name }}"
 24 | REL_VSN="{{ rel_vsn }}"
 25 | ERTS_VSN="{{ erts_vsn }}"
 26 | CODE_LOADING_MODE="${CODE_LOADING_MODE:-embedded}"
 27 | REL_DIR="$RELEASE_ROOT_DIR/releases/$REL_VSN"
 28 | ERL_OPTS="{{ erl_opts }}"
 29 | RUNNER_LOG_DIR="${RUNNER_LOG_DIR:-$RELEASE_ROOT_DIR/log}"
 30 | RUNNER_BASE_DIR=$RELEASE_ROOT_DIR
 31 | RUNNER_ETC_DIR="${RUNNER_ETC_DIR:-$RELEASE_ROOT_DIR/etc}"
 32 | 
 33 | find_erts_dir() {
 34 |     __erts_dir="$RELEASE_ROOT_DIR/erts-$ERTS_VSN"
 35 |     if [ -d "$__erts_dir" ]; then
 36 | 	ERTS_DIR="$__erts_dir";
 37 | 	ROOTDIR="$RELEASE_ROOT_DIR"
 38 |     else
 39 | 	__erl="$(which erl)"
 40 | 	code="io:format(\"~s\", [code:root_dir()]), halt()."
 41 | 	__erl_root="$("$__erl" -noshell -eval "$code")"
 42 | 	ERTS_DIR="$__erl_root/erts-$ERTS_VSN"
 43 | 	ROOTDIR="$__erl_root"
 44 |     fi
 45 | }
 46 | 
 47 | # Get node pid
 48 | relx_get_pid() {
 49 |     if output="$(relx_nodetool rpcterms os getpid)"
 50 |     then
 51 | 	echo "$output" | sed -e 's/"//g'
 52 | 	return 0
 53 |     else
 54 | 	echo "$output"
 55 | 	return 1
 56 |     fi
 57 | }
 58 | 
 59 | relx_get_longname() {
 60 |     id="longname$(relx_gen_id)-${NAME}"
 61 |     "$BINDIR/erl" -boot start_clean -eval 'io:format("~s~n", [node()]), halt()' -noshell -name $id | sed -e 's/.*@//g'
 62 | }
 63 | 
 64 | # Connect to a remote node
 65 | relx_rem_sh() {
 66 |     # Generate a unique id used to allow multiple remsh to the same node
 67 |     # transparently
 68 |     id="remsh$(relx_gen_id)-${NAME}"
 69 | 
 70 |     # Get the node's ticktime so that we use the same thing.
 71 |     TICKTIME="$(relx_nodetool rpcterms net_kernel get_net_ticktime)"
 72 | 
 73 |     # Setup remote shell command to control node
 74 |     exec "$BINDIR/erl" "$NAME_TYPE" "$id" -remsh "$NAME" -boot start_clean \
 75 | 	 -boot_var ERTS_LIB_DIR "$ERTS_LIB_DIR" \
 76 | 	 -setcookie "$COOKIE" -hidden -kernel net_ticktime $TICKTIME
 77 | }
 78 | 
 79 | # Generate a random id
 80 | relx_gen_id() {
 81 |     od -X -N 4 /dev/urandom | head -n1 | awk '{print $2}'
 82 | }
 83 | 
 84 | # Control a node
 85 | relx_nodetool() {
 86 |     command="$1"; shift
 87 | 
 88 |     "$ERTS_DIR/bin/escript" "$ROOTDIR/bin/nodetool" "$NAME_TYPE" "$NAME" \
 89 | 				-setcookie "$COOKIE" "$command" $@
 90 | }
 91 | 
 92 | # Run an escript in the node's environment
 93 | relx_escript() {
 94 |     shift; scriptpath="$1"; shift
 95 |     export RELEASE_ROOT_DIR
 96 | 
 97 |     "$ERTS_DIR/bin/escript" "$ROOTDIR/$scriptpath" $@
 98 | }
 99 | 
100 | # Output a start command for the last argument of run_erl
101 | relx_start_command() {
102 |     printf "exec \"%s\" \"%s\"" "$RELEASE_ROOT_DIR/bin/$REL_NAME" \
103 | 	   "$START_OPTION"
104 | }
105 | 
106 | NODE_NAME=`grep -e '-setcookie' $RUNNER_ETC_DIR/vm.args`
107 | if [ -z "$NODENAME" ]; then
108 |     echo "vm.args needs to have a -name parameter."
109 |     echo "  -sname is not supported."
110 |     exit 1
111 | else
112 |     NAME_TYPE="-name"
113 |     NAME="${NODENAME# *}"
114 | fi
115 | 
116 | PIPE_DIR="${PIPE_DIR:-/tmp/erl_pipes/$NAME/}"
117 | 
118 | # Extract the target cookie
119 | COOKIE_ARG=`grep -e '-setcookie' $RUNNER_ETC_DIR/vm.args`
120 | 
121 | find_erts_dir
122 | export ROOTDIR="$RELEASE_ROOT_DIR"
123 | export BINDIR="$ERTS_DIR/bin"
124 | export EMU="beam"
125 | export PROGNAME="erl"
126 | export LD_LIBRARY_PATH="$ERTS_DIR/lib:$LD_LIBRARY_PATH"
127 | ERTS_LIB_DIR="$ERTS_DIR/../lib"
128 | 
129 | cd "$ROOTDIR"
130 | 
131 | # Parse out release and erts info
132 | START_ERL=`cat $RUNNER_BASE_DIR/releases/start_erl.data`
133 | ERTS_VSN=${START_ERL% *}
134 | APP_VSN=${START_ERL#* }
135 | 
136 | # TODO: look in the release otherwise use which
137 | ESCRIPT=escript
138 | NODETOOL_PATH=$RUNNER_BASE_DIR/bin
139 | NODETOOL=$NODETOOL_PATH/nodetool
140 | # Setup command to control the node
141 | NODETOOL="$ESCRIPT $NODETOOL $NAME_ARG $COOKIE_ARG"
142 | 
143 | ensure_node_running()
144 | {
145 |     # Make sure the local node IS running
146 |     if ! relx_nodetool "ping"; then
147 | 	echo "Node is not running!"
148 | 	exit 1
149 |     fi
150 | }
151 | 
152 | vxlan_admin()
153 | {
154 |     ensure_node_running
155 |     relx_nodetool rpc {{ release_name }}_cli cmd "$@"
156 | }
157 | 
158 | vxlan_admin "$@"
159 | 


--------------------------------------------------------------------------------
/src/kube_vxlan_controller_cli.erl:
--------------------------------------------------------------------------------
  1 | -module(kube_vxlan_controller_cli).
  2 | 
  3 | -export([cli/1]).
  4 | 
  5 | -define(List, kube_vxlan_controller_list).
  6 | -define(Config, kube_vxlan_controller_config).
  7 | -define(Inspect, kube_vxlan_controller_inspect).
  8 | 
  9 | -define(Usage,
 10 |     "Usage: kube-vxlan-controller <Command> [Options]~n"
 11 |     "       kube-vxlan-controller help <Command>~n"
 12 |     "~n"
 13 |     "Commands~n"
 14 |     "       run         Run the controller~n"
 15 |     "       list        List specified resources or attributes~n"
 16 |     "       inspect     Print information about a desired entity~n"
 17 |     "       version     Print the controller version~n"
 18 |     "~n" ++
 19 |     ?UsageOptions
 20 | ).
 21 | -define(UsageOptions,
 22 |     "Options~n"
 23 |     "       --server=<Kubernetes API server>~n"
 24 |     "       --ca-cert-file=<filepath>~n"
 25 |     "       --token=<token>~n"
 26 |     "       --token-file=<filepath>~n"
 27 |     "       --namespace=<namespace>~n"
 28 |     "       --namespace-file=<filepath>~n"
 29 |     "       --selector=<label selector>~n"
 30 |     "       --annotation=<network list annotation>~n"
 31 |     "       --configmap-name=<network data configmap name>~n"
 32 |     "       --agent-container-name=<name>~n"
 33 |     "       --agent-init-container-name=<name>~n"
 34 |     "       --db-file=<db file path>~n"
 35 | ).
 36 | 
 37 | -define(HelpRun,
 38 |     "kube-vxlan-controller run [Options]~n"
 39 |     "~n" ++
 40 |     ?UsageOptions
 41 | ).
 42 | 
 43 | -define(HelpInspect,
 44 |     "kube-vxlan-controller inspect <Subject> [Options] [Inspect Options]~n"
 45 |     "~n"
 46 |     "Subject~n"
 47 |     "       networks~n" ++
 48 |     "~n"
 49 |     ?UsageOptions ++
 50 |     "~n" ++
 51 |     "Inspect Options~n"
 52 |     "       --fields=<Fields>~n"
 53 |     "~n"
 54 |     "Fields~n"
 55 |     "       Any combination of 'pod,net,fdb,dev,route' comma separated~n"
 56 |     "       or 'all' to include all of them. If not specified 'pod,net,fdb'~n"
 57 |     "       will be used.~n"
 58 | ).
 59 | 
 60 | -define(HelpList,
 61 |     "kube-vxlan-controller list <Subject> [Options]~n"
 62 |     "~n"
 63 |     "Subject~n"
 64 |     "       pods~n" ++
 65 |     "~n"
 66 |     ?UsageOptions ++
 67 |     "~n"
 68 | ).
 69 | 
 70 | -define(Version, "Version ~s (git-~s)~n").
 71 | 
 72 | cli(CliArgs) ->
 73 |     case args(CliArgs) of
 74 | 	{list, Subject, Args} -> do({list, Subject}, Args);
 75 | 	{inspect, Subject, Args} -> do({inspect, Subject}, Args);
 76 | 	{config, Args} -> do(config, Args);
 77 | 	{help, Command} -> io:format(help(Command));
 78 | 	version -> io:format(version(?Config:version()));
 79 | 	usage -> io:format(usage())
 80 |     end.
 81 | 
 82 | do(config, {NamedArgs, _OrderedArgs}) ->
 83 |     io:format("~p~n", [?Config:init()]),
 84 |     io:format("~p~n", [?Config:read(NamedArgs)]);
 85 | 
 86 | do(Action, {NamedArgs, OrderedArgs}) ->
 87 |     case ?Config:load(NamedArgs) of
 88 | 	{ok, Config} -> do(Action, OrderedArgs, Config);
 89 | 	{error, Reason} -> io:format("~p~n", [Reason])
 90 |     end.
 91 | 
 92 | do({list, Subject}, Args, Config) -> ?List:Subject(Args, Config);
 93 | do({inspect, Subject}, Args, Config) -> ?Inspect:Subject(Args, Config).
 94 | 
 95 | args(AllArgs) ->
 96 |     case AllArgs of
 97 | 	["run"|Args] -> {run, read_args(Args)};
 98 | 	["list", Subject|Args] -> {list, list_to_atom(Subject), read_args(Args)};
 99 | 	["inspect", Subject|Args] ->
100 | 	    {inspect, list_to_atom(Subject), read_args(Args)};
101 | 	["config"|Args] -> {config, read_args(Args)};
102 | 	["version"] -> version;
103 | 	["help", Command|_Args] -> {help, list_to_atom(Command)};
104 | 	[Command, "help"|_Args] -> {help, list_to_atom(Command)};
105 | 	_Other -> usage
106 |     end.
107 | 
108 | version({Vsn, GitSha}) -> lists:flatten(io_lib:format(?Version, [Vsn, GitSha])).
109 | 
110 | help(run) -> ?HelpRun;
111 | help(list) -> ?HelpList;
112 | help(inspect) -> ?HelpInspect;
113 | help(_Command) -> ?Usage.
114 | 
115 | usage() -> ?Usage.
116 | 
117 | read_args(Args) ->
118 |     {Named, Ordered} = lists:foldl(fun read_arg/2, {#{}, []}, Args),
119 |     {Named, lists:reverse(Ordered)}.
120 | 
121 | read_arg("--" ++ NamedArg, {Named, Ordered}) ->
122 |     case string:split(NamedArg, "=") of
123 | 	[Name] -> {add_arg(arg_name(Name), "", Named), Ordered};
124 | 	[Name, Value] -> {add_arg(arg_name(Name), Value, Named), Ordered}
125 |     end;
126 | 
127 | read_arg([$-|Switches], {Named, Ordered}) ->
128 |     {lists:foldl(fun add_switch/2, Named, Switches), Ordered};
129 | 
130 | read_arg(Arg, {Named, Ordered}) ->
131 |     {Named, [Arg|Ordered]}.
132 | 
133 | add_arg(Name, NewValue, Named) ->
134 |     case maps:find(Name, Named) of
135 | 	{ok, Value = [H|_]} when is_number(H) ->
136 | 	    maps:put(Name, [NewValue, Value], Named);
137 | 	{ok, Values = [H|_]} when is_list(H) ->
138 | 	    maps:put(Name, [NewValue|Values], Named);
139 | 	error -> maps:put(Name, NewValue, Named)
140 |     end.
141 | 
142 | add_switch(Switch, Named) ->
143 |     Name = switch_name(Switch),
144 |     maps:put(Name, maps:get(Name, Named, 0) + 1, Named).
145 | 
146 | arg_name(Key) ->
147 |     list_to_atom(lists:flatten(string:replace(Key, "-", "_", all))).
148 | 
149 | switch_name(Switch) ->
150 |     list_to_atom([Switch]).
151 | 


--------------------------------------------------------------------------------
/src/logger_sys_debug.erl:
--------------------------------------------------------------------------------
  1 | %% Copyright 2020, Travelping GmbH <info@travelping.com>
  2 | 
  3 | %% This program is free software; you can redistribute it and/or
  4 | %% modify it under the terms of the GNU General Public License
  5 | %% as published by the Free Software Foundation; either version
  6 | %% 2 of the License, or (at your option) any later version.
  7 | 
  8 | -module(logger_sys_debug).
  9 | 
 10 | -export([logger_gen_fsm_trace/3, logger_gen_statem_trace/3, logger_gen_server_trace/3]).
 11 | 
 12 | -include_lib("kernel/include/logger.hrl").
 13 | 
 14 | %%-----------------------------------------------------------------
 15 | %% Format debug messages. Print them as the call-back module sees
 16 | %% them, not as the real erlang messages.
 17 | %%
 18 | %% This a copy of gen_event:print_event/3 modified for logger debug
 19 | %%-----------------------------------------------------------------
 20 | logger_gen_fsm_trace(FuncState, {in, Msg}, {Name, StateName}) ->
 21 |     case Msg of
 22 | 	{'$gen_fsm', Event} ->
 23 | 	    ?LOG(debug, "~p:~p got event ~p in state ~w", [FuncState, Name, Event, StateName]);
 24 | 	{'$gen_all_state_event', Event} ->
 25 | 	    ?LOG(debug, "~p:~p got all_state_event ~p in state ~w", [FuncState, Name, Event, StateName]);
 26 | 	{timeout, Ref, {'$gen_timer', Message}} ->
 27 | 	    ?LOG(debug, "~p:~p got timer ~p in state ~w", [FuncState, Name, {timeout, Ref, Message}, StateName]);
 28 | 	{timeout, _Ref, {'$gen_fsm', Event}} ->
 29 | 	    ?LOG(debug, "~p:~p got timer ~p in state ~w", [FuncState, Name, Event, StateName]);
 30 | 	_ ->
 31 | 	    ?LOG(debug, "~p:~p got ~p in state ~w~n", [FuncState, Name, Msg, StateName])
 32 |     end,
 33 |     FuncState;
 34 | logger_gen_fsm_trace(FuncState, {out, Msg, To, StateName}, Name) ->
 35 |     ?LOG(debug, "~p:~p sent ~p to ~w and switched to state ~w", [FuncState, Name, Msg, To, StateName]),
 36 |     FuncState;
 37 | logger_gen_fsm_trace(FuncState, return, {Name, StateName}) ->
 38 |     ?LOG(debug, "~p:~p switched to state ~w", [FuncState, Name, StateName]),
 39 |     FuncState.
 40 | 
 41 | %%-----------------------------------------------------------------
 42 | %% Format debug messages. Print them as the call-back module sees
 43 | %% them, not as the real erlang messages.
 44 | %%
 45 | %% This a copy of gen_statem:print_event/3 modified for logger debug
 46 | %%-----------------------------------------------------------------
 47 | logger_gen_statem_trace(FuncState, {in, Event, State}, Name) ->
 48 |     ?LOG(debug, "~tp receive ~ts in state ~tp~n",
 49 | 	 [Name,event_string(Event),State]),
 50 |     FuncState;
 51 | logger_gen_statem_trace(FuncState, {code_change,Event,State}, Name) ->
 52 |     ?LOG(debug, "~tp receive ~ts after code change in state ~tp~n",
 53 | 	 [Name,event_string(Event),State]),
 54 |     FuncState;
 55 | logger_gen_statem_trace(FuncState, {out,Reply,{To,_Tag}}, Name) ->
 56 |     ?LOG(debug, "~tp send ~tp to ~tw~n",
 57 | 	 [Name,Reply,To]),
 58 |     FuncState;
 59 | logger_gen_statem_trace(FuncState, {enter,State}, Name) ->
 60 |     ?LOG(debug, "~tp enter in state ~tp~n",
 61 | 	 [Name,State]),
 62 |     FuncState;
 63 | logger_gen_statem_trace(FuncState, {start_timer,Action,State}, Name) ->
 64 |     ?LOG(debug, "~tp start_timer ~tp in state ~tp~n",
 65 | 	 [Name,Action,State]),
 66 |     FuncState;
 67 | logger_gen_statem_trace(FuncState, {insert_timeout,Event,State}, Name) ->
 68 |     ?LOG(debug, "~tp insert_timeout ~tp in state ~tp~n",
 69 | 	 [Name,Event,State]),
 70 |     FuncState;
 71 | logger_gen_statem_trace(FuncState, {terminate,Reason,State}, Name) ->
 72 |     ?LOG(debug, "~tp terminate ~tp in state ~tp~n",
 73 | 	 [Name,Reason,State]),
 74 |     FuncState;
 75 | logger_gen_statem_trace(FuncState, {Tag,Event,State,NextState}, Name)
 76 | 			when Tag =:= postpone; Tag =:= consume ->
 77 |     StateString =
 78 | 	case NextState of
 79 | 	    State ->
 80 | 		io_lib:format("~tp", [State]);
 81 | 	    _ ->
 82 | 		io_lib:format("~tp => ~tp", [State,NextState])
 83 | 	end,
 84 |     ?LOG(debug, "~tp ~tw ~ts in state ~ts~n",
 85 | 	 [Name,Tag,event_string(Event),StateString]),
 86 |     FuncState.
 87 | 
 88 | event_string(Event) ->
 89 |     case Event of
 90 | 	{{call,{Pid,_Tag}},Request} ->
 91 | 	    io_lib:format("call ~tp from ~tw", [Request,Pid]);
 92 | 	{EventType,EventContent} ->
 93 | 	    io_lib:format("~tw ~tp", [EventType,EventContent])
 94 |     end.
 95 | 
 96 | %%-----------------------------------------------------------------
 97 | %% Format debug messages. Print them as the call-back module sees
 98 | %% them, not as the real erlang messages.
 99 | %%
100 | %% This a copy of gen_server:print_event/3 modified for logger debug
101 | %%-----------------------------------------------------------------
102 | logger_gen_server_trace(FuncState, {in, Msg}, Name) ->
103 |     case Msg of
104 | 	{'$gen_call', {From, _Tag}, Call} ->
105 | 	    ?LOG(debug, "~p:~p got call ~p from ~w", [FuncState, Name, Call, From]);
106 | 	{'$gen_cast', Cast} ->
107 | 	    ?LOG(debug, "~p:~p got cast ~p", [FuncState, Name, Cast]);
108 | 	_ ->
109 | 	    ?LOG(debug, "~p:~p got ~p", [FuncState, Name, Msg])
110 |     end,
111 |     FuncState;
112 | logger_gen_server_trace(FuncState, {out, Msg, To, State}, Name) ->
113 |     ?LOG(debug, "~p:~p sent ~p to ~w, new state ~w", [FuncState, Name, Msg, To, State]),
114 |     FuncState;
115 | logger_gen_server_trace(FuncState, {noreply, State}, Name) ->
116 |     ?LOG(debug, "~p:~p new state ~w", [FuncState, Name, State]),
117 |     FuncState;
118 | logger_gen_server_trace(FuncState, Event, Name) ->
119 |     ?LOG(debug, "~p:~p dbg ~p", [FuncState, Name, Event]),
120 |     FuncState.
121 | 


--------------------------------------------------------------------------------
/src/kube_vxlan_controller_net.erl:
--------------------------------------------------------------------------------
  1 | -module(kube_vxlan_controller_net).
  2 | 
  3 | -export([
  4 |     pod_setup/2,
  5 |     pod_join/2,
  6 |     pod_leave/2,
  7 | 
  8 |     links/3, links/4, link/4,
  9 |     bridge/5,
 10 | 
 11 |     bridge_macs/4,
 12 |     vxlan_id/3,
 13 |     ips/3,
 14 | 
 15 |     common_pod_net_names/2,
 16 |     pod_net_names/1,
 17 | 
 18 |     cmd/4
 19 | ]).
 20 | 
 21 | -include_lib("kernel/include/logger.hrl").
 22 | 
 23 | -define(Pod, kube_vxlan_controller_pod).
 24 | -define(Agent, kube_vxlan_controller_agent).
 25 | 
 26 | pod_setup(Pod, Config) ->
 27 |     links(add, Pod, Config),
 28 |     links(ip, Pod, Config),
 29 |     links(up, Pod, Config),
 30 |     links(route, Pod, Config).
 31 | 
 32 | pod_join(#{version := Version} = Pod, NetPods) ->
 33 |     lists:foreach(
 34 |       fun(NetPod) ->
 35 | 	      NetNames = common_pod_net_names(Pod, NetPod),
 36 | 	      ?Pod:bridge_cmd(append, Version, NetPod, NetNames, maps:get(ip, Pod)),
 37 | 	      ?Pod:bridge_cmd(append, Version, Pod, NetNames, maps:get(ip, NetPod))
 38 |       end, NetPods).
 39 | 
 40 | pod_leave(#{version := Version} = Pod, NetPods) ->
 41 |     lists:foreach(fun(NetPod) ->
 42 | 	NetNames = common_pod_net_names(Pod, NetPod),
 43 | 	?Pod:bridge_cmd(delete, Version, Pod, NetNames, maps:get(ip, NetPod)),
 44 | 	?Pod:bridge_cmd(delete, Version, NetPod, NetNames, maps:get(ip, Pod))
 45 |     end, NetPods).
 46 | 
 47 | links(Action, Pod, Config) ->
 48 |     links(Action, Pod, pod_net_names(Pod), Config).
 49 | 
 50 | links(Action, Pod, NetNames, Config) ->
 51 |     lists:foreach(fun(NetName) ->
 52 | 	link(Action, Pod, NetName, Config)
 53 |     end, NetNames).
 54 | 
 55 | link(add, Pod, NetName, Config) ->
 56 |     Command = cmd("ip link add ~s type ~s id ~s dev ~s dstport 0",
 57 | 		  [name, type, id, dev], Pod, NetName),
 58 |     ?Agent:exec(Pod, Command, Config);
 59 | 
 60 | link(delete, Pod, NetName, Config) ->
 61 |     Command = cmd("ip link delete ~s", [name], Pod, NetName),
 62 |     ?Agent:exec(Pod, Command, Config);
 63 | 
 64 | link(up, Pod, NetName, Config) ->
 65 |     NeedUp = pod_net_option(up, NetName, Pod),
 66 |     NeedUp andalso begin
 67 | 	Command = cmd("ip link set ~s up", [name], Pod, NetName),
 68 | 	?Agent:exec(Pod, Command, Config)
 69 |     end;
 70 | 
 71 | link(down, Pod, NetName, Config) ->
 72 |     Command = cmd("ip link set ~s down", [name], Pod, NetName),
 73 |     ?Agent:exec(Pod, Command, Config);
 74 | 
 75 | link(ip, Pod, NetName, Config) ->
 76 |     Ip = pod_net_option(ip, NetName, Pod),
 77 |     Ip == false orelse begin
 78 | 	Command = cmd("ip addr add ~s dev ~s", [ip, name], Pod, NetName),
 79 | 	?Agent:exec(Pod, Command, Config)
 80 |     end;
 81 | 
 82 | link(route, Pod, NetName, Config) ->
 83 |     Route = pod_net_option(route, NetName, Pod),
 84 |     Route == false orelse begin
 85 | 	[Subnet, Gw] = string:split(Route, ":"),
 86 | 	Command = cmd("ip route add ~s via ~s", [Subnet, Gw], Pod, NetName),
 87 | 	?Agent:exec(Pod, Command, Config)
 88 |     end.
 89 | 
 90 | bridge(append, Pod, NetName, TargetIp, Config) ->
 91 |     Command = cmd("bridge fdb append to 00:00:00:00:00:00 dst ~s dev ~s",
 92 | 		  [TargetIp, name], Pod, NetName),
 93 |     ?Agent:exec(Pod, Command, Config);
 94 | 
 95 | %% we can sunconditional try to add the FDB, attempting to
 96 | %% add an existing FDB doesn't hurt
 97 | %%
 98 | %% bridge(append, Pod, NetName, TargetIp, Config) ->
 99 | %%     BridgeMacs = bridge_macs(Pod, NetName, TargetIp, Config),
100 | %%     BridgeExists = lists:member("00:00:00:00:00:00", BridgeMacs),
101 | %%     BridgeExists orelse begin
102 | %% 	Command = cmd("bridge fdb append to 00:00:00:00:00:00 dst ~s dev ~s",
103 | %% 		      [TargetIp, name], Pod, NetName),
104 | %% 	?Agent:exec(Pod, Command, Config)
105 | %%     end;
106 | 
107 | bridge(delete, Pod, NetName, TargetIp, Config) ->
108 |     lists:foreach(fun(Mac) ->
109 | 	Command = cmd("bridge fdb delete ~s dst ~s dev ~s",
110 | 		      [Mac, TargetIp, name], Pod, NetName),
111 | 	?Agent:exec(Pod, Command, Config)
112 |     end, bridge_macs(Pod, NetName, TargetIp, Config)).
113 | 
114 | bridge_macs(Pod, NetName, TargetIp, Config) ->
115 |     Command = cmd("bridge fdb show dev ~s", [name], Pod, NetName),
116 |     Result = ?Agent:exec(Pod, Command, Config),
117 |     ?LOG(debug, "Exec Result: ~p", [Result]),
118 |     [Mac || FdbRecord <- string:lexemes(binary_to_list(Result), "\n"),
119 | 	    [Mac, "dst", Ip|_ ] <- [string:lexemes(FdbRecord, " ")],
120 | 	    Ip == TargetIp].
121 | 
122 | vxlan_id(Pod, NetName, Config) ->
123 |     Command = cmd("ip -d link show ~s", [name], Pod, NetName),
124 |     Result = ?Agent:exec(Pod, Command, Config),
125 | 
126 |     List = [Id || Line <- string:lexemes(binary_to_list(Result), "\n"),
127 | 	    ["vxlan", "id", Id|_] <- [string:lexemes(Line, " ")]],
128 |     List /= [] andalso {true, hd(List)}.
129 | 
130 | ips(Pod, NetName, Config) ->
131 |     Command = cmd("ip addr show dev ~s", [name], Pod, NetName),
132 |     Result = ?Agent:exec(Pod, Command, Config),
133 | 
134 |     [Ip || Line <- string:lexemes(binary_to_list(Result), "\n"),
135 |      ["inet", Ip|_] <- [string:lexemes(Line, " ")]].
136 | 
137 | common_pod_net_names(Pod1, Pod2) ->
138 |     Pod2Nets = maps:get(nets, Pod2),
139 |     [Name || {Name, _Options} <- maps:get(nets, Pod1),
140 |      proplists:is_defined(Name, Pod2Nets)].
141 | 
142 | pod_net_names(Pod) ->
143 |     [Name || {Name, _Options} <- maps:get(nets, Pod)].
144 | 
145 | pod_net_options(NetName, Pod) ->
146 |     proplists:get_value(NetName, maps:get(nets, Pod)).
147 | 
148 | pod_net_option(OptionName, NetName, Pod) ->
149 |     maps:get(OptionName, pod_net_options(NetName, Pod), false).
150 | 
151 | cmd(Format, Args, Pod, NetName) ->
152 |     NetOptions = pod_net_options(NetName, Pod),
153 |     CmdArgs = [cmd_arg(Arg, NetOptions) || Arg <- Args],
154 |     lists:flatten(io_lib:format(Format, CmdArgs)).
155 | 
156 | cmd_arg(Arg, NetOptions) when is_atom(Arg) -> maps:get(Arg, NetOptions);
157 | cmd_arg(Arg, _NetOptions) -> Arg.
158 | 


--------------------------------------------------------------------------------
/src/kube_vxlan_controller_k8s.erl:
--------------------------------------------------------------------------------
  1 | -module(kube_vxlan_controller_k8s).
  2 | 
  3 | -export([uri_parse/1,
  4 | 	 http_request/3, http_request/6,
  5 | 	 ws_connect/3, ws_close/1, ws_recv/2]).
  6 | 
  7 | %% API
  8 | -export([start_link/1, open/0]).
  9 | 
 10 | %% gen_statem callbacks
 11 | -export([callback_mode/0, init/1, handle_event/4, terminate/3, code_change/4]).
 12 | 
 13 | -define(SERVER, ?MODULE).
 14 | 
 15 | -include_lib("kernel/include/logger.hrl").
 16 | 
 17 | %%%===================================================================
 18 | %%% API
 19 | %%%===================================================================
 20 | 
 21 | -define(DEBUG_OPTS, [{install, {fun logger_sys_debug:logger_gen_statem_trace/3, ?MODULE}}]).
 22 | -define(JsonDecodeOptions, [return_maps, {labels, atom}]).
 23 | -define(HttpStreamRecvTimeout, 60 * 1000). % milliseconds
 24 | -define(TIMEOUT, 5000).
 25 | 
 26 | start_link(Config) ->
 27 |     %%Opts = [{debug, ?DEBUG_OPTS}],
 28 |     Opts = [],
 29 |     gen_statem:start_link({local, ?SERVER}, ?MODULE, [Config], Opts).
 30 | 
 31 | open() ->
 32 |     gen_statem:call(?SERVER, get).
 33 | 
 34 | %%%===================================================================
 35 | %%% gen_statem callbacks
 36 | %%%===================================================================
 37 | 
 38 | callback_mode() -> handle_event_function.
 39 | 
 40 | init([#{server := Server, ca_cert_file := CaCertFile}]) ->
 41 |     process_flag(trap_exit, true),
 42 | 
 43 |     {Host, Port} = uri_parse(Server),
 44 |     Opts = #{connect_timeout => ?TIMEOUT,
 45 | 	     protocols => [http2],
 46 | 	     transport => tls,
 47 | 	     tls_opts => [{cacertfile, CaCertFile}]
 48 | 	    },
 49 |     {ok, ConnPid} = gun:open(Host, Port, Opts),
 50 |     ?LOG(info, "~p: connecting to ~s", [ConnPid, Server]),
 51 |     MRef = monitor(process, ConnPid),
 52 | 
 53 |     Data = #{conn => ConnPid, mref => MRef},
 54 |     {ok, init, Data}.
 55 | 
 56 | handle_event(info, {'DOWN', MRef, process, ConnPid, Reason}, _,
 57 | 	     #{mref := MRef, conn := ConnPid}) ->
 58 |     ?LOG(info, "~p: terminated with ~p", [ConnPid, Reason]),
 59 |     gun:close(ConnPid),
 60 |     {stop, normal};
 61 | 
 62 | handle_event(info, {gun_up, ConnPid, _Protocol}, init, #{conn := ConnPid} = Data) ->
 63 |     ?LOG(info, "Command Channel UP Protocol: ~p", [_Protocol]),
 64 |     {next_state, up, Data};
 65 | handle_event(info, {gun_error, ConnPid, Reason}, _, #{conn := ConnPid}) ->
 66 |     ?LOG(error, "Connection Error: ~p", [Reason]),
 67 |     gun:close(ConnPid),
 68 |     {stop, normal};
 69 | 
 70 | handle_event({call, From}, get, up, #{conn := ConnPid}) ->
 71 |     {keep_state_and_data, [{reply, From, {ok, ConnPid}}]};
 72 | handle_event({call, _From}, get, _, _Data) ->
 73 |     {keep_state_and_data, [postpone]};
 74 | 
 75 | handle_event(_Ev, _Msg, _State, _Data) ->
 76 |     ?LOG(debug, "Ev: ~p, Msg: ~p, State: ~p", [_Ev, _Msg, _State]),
 77 |     keep_state_and_data.
 78 | 
 79 | terminate(_Reason, _State, _Data) ->
 80 |     ok.
 81 | 
 82 | code_change(_OldVsn, State, Data, _Extra) ->
 83 |     {ok, State, Data}.
 84 | 
 85 | %%%=========================================================================
 86 | %%%  internal functions
 87 | %%%=========================================================================
 88 | 
 89 | http_request(Resource, Query, Config) ->
 90 |     http_request(get, Resource, Query, [], [], Config).
 91 | 
 92 | http_request(Method, Resource, Query, RequestHeaders, RequestBody,
 93 | 	     #{token := Token}) ->
 94 | 
 95 |     {ok, ConnPid} = open(),
 96 | 
 97 |     QueryStr = uri_string:compose_query(Query),
 98 |     Path = uri_string:recompose(#{path => Resource, query => QueryStr}),
 99 |     RequestOpts = #{reply_to => self()},
100 | 
101 |     StreamRef = gun:request(ConnPid, method(Method), Path,
102 | 			    headers(Token, RequestHeaders),
103 | 			    RequestBody, RequestOpts),
104 |     Response =
105 | 	case gun:await(ConnPid, StreamRef) of
106 | 	    {response, fin, Status, _Headers} ->
107 | 		{error, Status};
108 | 	    {response, nofin, 200, _Headers} ->
109 | 		{ok, Body} = gun:await_body(ConnPid, StreamRef),
110 | 		Doc = jsx:decode(Body, ?JsonDecodeOptions),
111 | 		{ok, Doc};
112 | 	    {response, nofin, Status, Headers} ->
113 | 		{ok, Body} = gun:await_body(ConnPid, StreamRef),
114 | 		{error, {Status, Headers, Body}}
115 | 	end,
116 |     Response.
117 | 
118 | ws_connect(Resource, Query,
119 | 	   #{server := Server, ca_cert_file := CaCertFile, token := Token}) ->
120 |     {Host, Port} = uri_parse(Server),
121 |     Opts = #{connect_timeout => ?HttpStreamRecvTimeout,
122 | 	     protocols => [http],
123 | 	     transport => tls,
124 | 	     tls_opts => [{cacertfile, CaCertFile}]
125 | 	    },
126 |     {ok, ConnPid} = gun:open(Host, Port, Opts),
127 |     {ok, _Protocol} = gun:await_up(ConnPid),
128 | 
129 |     QueryStr = uri_string:compose_query(Query),
130 |     Path = uri_string:recompose(#{path => Resource, query => QueryStr}),
131 | 
132 |     WsOpts =
133 | 	#{protocols =>
134 | 	      [{<<"v4.channel.k8s.io">>, gun_ws_h},
135 | 	       {<<"v3.channel.k8s.io">>, gun_ws_h},
136 | 	       {<<"v2.channel.k8s.io">>, gun_ws_h},
137 | 	       {<<"channel.k8s.io">>,    gun_ws_h}]},
138 |     StreamRef = gun:ws_upgrade(ConnPid, Path, headers(Token, []), WsOpts),
139 |     case gun:await(ConnPid, StreamRef, 5000) of
140 | 	{upgrade, [<<"websocket">>], _Headers} ->
141 | 	    {ok, ConnPid, StreamRef};
142 | 	{response, nofin, Status, _Headers} ->
143 | 	    {ok, Body} = gun:await_body(ConnPid, StreamRef),
144 | 	    ?LOG(debug, "WS upgrade failed with ~w: ~p", [Status, Body]),
145 | 	    gun:close(ConnPid),
146 | 	    {error, {Status, Body}};
147 | 	{response, fin, Status, _Headers} ->
148 | 	    ?LOG(debug, "WS upgrade failed with ~w", [Status]),
149 | 	    gun:close(ConnPid),
150 | 	    {error, {Status, <<>>}};
151 | 	_Other ->
152 | 	    ?LOG(debug, "WS upgrade failed with: ~p", [_Other]),
153 | 	    gun:close(ConnPid),
154 | 	    {error, failed}
155 |     end.
156 | 
157 | ws_recv(ConnPid, StreamRef) ->
158 |     ws_recv(ConnPid, StreamRef, #{}).
159 | 
160 | ws_recv(ConnPid, StreamRef, Output) ->
161 |     case gun:await(ConnPid, StreamRef, 5000) of
162 | 	{ws, close} ->
163 | 	    {ok, Output};
164 | 	{ws, {binary, Bin}} ->
165 | 	    ws_recv(ConnPid, StreamRef, ws_append(Bin, Output));
166 | 	{ws, {close, _, Bin}} when is_binary(Bin) ->
167 | 	    {ok, ws_append(Bin, Output)};
168 | 	{ws, Frame} ->
169 | 	    ?LOG(warning, "unknown frame format: ~p", [Frame]),
170 | 	    {error, format};
171 | 	{error, _} = Error ->
172 | 	    Error
173 |     end.
174 | 
175 | ws_close(ConnPid) ->
176 |     gun:close(ConnPid).
177 | 
178 | ws_append(<<>>, Output) ->
179 |     Output;
180 | ws_append(<<Id:8, Msg/binary>>, Output) ->
181 |     maps:update_with(Id, fun(X) -> <<X/binary, Msg/binary>> end, Msg, Output).
182 | 
183 | headers(Token, Headers) ->
184 |     [{<<"authorization">>, iolist_to_binary(["Bearer ", Token])}|Headers].
185 | 
186 | method(Method) when is_atom(Method) ->
187 |     list_to_binary(string:uppercase(atom_to_list(Method))).
188 | 
189 | uri_parse(Server) ->
190 |     #{host := Host} = URI = uri_string:parse(Server),
191 |     Port = uri_port(URI),
192 |     {Host, Port}.
193 | 
194 | uri_port(#{port := Port}) ->
195 |     Port;
196 | uri_port(_) -> 443.
197 | 


--------------------------------------------------------------------------------
/src/kube_vxlan_controller_run.erl:
--------------------------------------------------------------------------------
  1 | -module(kube_vxlan_controller_run).
  2 | 
  3 | -behavior(gen_statem).
  4 | 
  5 | %% API
  6 | -export([start_link/1]).
  7 | 
  8 | %% gen_statem callbacks
  9 | -export([callback_mode/0, init/1, handle_event/4, terminate/3, code_change/4]).
 10 | 
 11 | -define(SERVER, ?MODULE).
 12 | 
 13 | -include_lib("kernel/include/logger.hrl").
 14 | 
 15 | -define(Db, kube_vxlan_controller_db).
 16 | -define(K8s, kube_vxlan_controller_k8s).
 17 | -define(Net, kube_vxlan_controller_net).
 18 | -define(Pod, kube_vxlan_controller_pod).
 19 | -define(PodReg, kube_vxlan_controller_pod_reg).
 20 | -define(Agent, kube_vxlan_controller_agent).
 21 | -define(State, kube_vxlan_controller_state).
 22 | -define(Tools, kube_vxlan_controller_tools).
 23 | -define(Format, kube_vxlan_controller_format).
 24 | 
 25 | -define(ShortNodeName, 'kube-vxlan-controller').
 26 | -define(Cookie, 'kube-vxlan-controller').
 27 | 
 28 | -define(TIMEOUT, 5000).
 29 | 
 30 | %%%===================================================================
 31 | %%% API
 32 | %%%===================================================================
 33 | 
 34 | -define(DEBUG_OPTS, [{install, {fun logger_sys_debug:logger_gen_statem_trace/3, ?MODULE}}]).
 35 | -define(JsonDecodeOptions, [return_maps, {labels, atom}]).
 36 | 
 37 | start_link(Config) ->
 38 |     %%Opts = [{debug, ?DEBUG_OPTS}],
 39 |     Opts = [],
 40 |     gen_statem:start_link({local, ?SERVER}, ?MODULE, [Config], Opts).
 41 | 
 42 | %%%===================================================================
 43 | %%% gen_statem callbacks
 44 | %%%===================================================================
 45 | 
 46 | callback_mode() -> [handle_event_function, state_enter].
 47 | 
 48 | init([#{server := Server, ca_cert_file := CaCertFile} = Config]) ->
 49 |     process_flag(trap_exit, true),
 50 | 
 51 |     ?PodReg:clear(),
 52 |     Data0 = ?State:set_resource_version(0, Config),
 53 | 
 54 |     {Host, Port} = ?K8s:uri_parse(Server),
 55 |     Opts = #{connect_timeout => ?TIMEOUT,
 56 | 	     protocols => [http2],
 57 | 	     transport => tls,
 58 | 	     tls_opts => [{cacertfile, CaCertFile}]
 59 | 	    },
 60 |     {ok, ConnPid} = gun:open(Host, Port, Opts),
 61 |     ?LOG(info, "~p: connecting to ~s", [ConnPid, Server]),
 62 |     MRef = monitor(process, ConnPid),
 63 | 
 64 |     Data = Data0#{cycle => make_ref(),
 65 | 		  config => Config,
 66 | 		  conn => ConnPid,
 67 | 		  mref => MRef,
 68 | 		  pending => <<"">>
 69 | 		 },
 70 |     {ok, init, Data}.
 71 | 
 72 | handle_event(info, {'DOWN', MRef, process, ConnPid, Reason}, _,
 73 | 	     #{mref := MRef, conn := ConnPid}) ->
 74 |     ?LOG(info, "~p: terminated with ~p", [ConnPid, Reason]),
 75 |     {stop, normal};
 76 | 
 77 | handle_event(info, {gun_up, ConnPid, _Protocol}, init,
 78 | 	     #{conn := ConnPid,
 79 | 	       selector := Selector,
 80 | 	       token := Token} = Data) ->
 81 | 
 82 |     kube_vxlan_controller_db:load_db(Data),
 83 | 
 84 |     Resource = "/api/v1/pods",
 85 |     Query =
 86 | 	uri_string:compose_query(
 87 | 	  [{"labelSelector", Selector}
 88 | 	   %%,{"timeoutSeconds", "10"}
 89 | 	  ]),
 90 |     Path = uri_string:recompose(#{path => Resource, query => Query}),
 91 |     ?LOG(debug, "Path: ~p", [Path]),
 92 |     Headers = headers(Token),
 93 | 
 94 |     StreamRef = gun:get(ConnPid, Path, Headers),
 95 |     {next_state, {loading, init}, Data#{stream => StreamRef}};
 96 | 
 97 | handle_event(enter, _, {watch, init}, #{pending := Pending})
 98 |   when Pending =/= <<>> ->
 99 |     ?LOG(error, "initial load incomplete: ~p", [Pending]),
100 |     {stop, {error, incomplete}};
101 | 
102 | handle_event(enter, _, {watch, init},
103 | 	     #{conn := ConnPid, selector := Selector, token := Token} = Data0) ->
104 | 
105 |     init_pods(),
106 |     ResourceVersion = ?State:resource_version(Data0),
107 |     Data =
108 | 	case ?State:is_resource_version_shown(Data0) of
109 | 	    true -> Data0;
110 | 	    false ->
111 | 		?LOG(info, "Watching pods (selector: ~s) from version: ~w",
112 | 		     [Selector, ResourceVersion]),
113 | 		?State:set_resource_version_shown(Data0)
114 | 	end,
115 | 
116 |     Resource = "/api/v1/pods",
117 |     Query =
118 | 	uri_string:compose_query(
119 | 	  [{"labelSelector", Selector},
120 | 	   {"resourceVersion", integer_to_list(ResourceVersion)},
121 | 	   {"watch", "true"}
122 | 	   %%{"allowWatchBookmarks", "true"}
123 | 	   %%,{"timeoutSeconds", "10"}
124 | 	  ]),
125 |     Path = uri_string:recompose(#{path => Resource, query => Query}),
126 |     ?LOG(debug, "Path: ~p", [Path]),
127 |     Headers = headers(Token),
128 | 
129 |     StreamRef = gun:get(ConnPid, Path, Headers),
130 |     {keep_state, Data#{stream => StreamRef}};
131 | 
132 | handle_event(enter, _, _, _) ->
133 |     keep_state_and_data;
134 | 
135 | handle_event(info, {gun_response, ConnPid, _StreamRef, nofin, 200, _Headers}, {loading, init},
136 | 	     #{conn := ConnPid} = Data) ->
137 |     {next_state, {loading, data}, Data};
138 | 
139 | handle_event(info, {gun_response, ConnPid, _StreamRef, fin, 200, _Headers}, {loading, _} = State,
140 | 	     #{conn := ConnPid} = Data0) ->
141 |     Data = handle_api_data(State, <<>>, Data0),
142 |     {next_state, {watch, init}, Data};
143 | 
144 | handle_event(info, {gun_data, ConnPid, StreamRef, fin, Bin}, {loading, data} = State,
145 | 	     #{conn := ConnPid, stream := StreamRef} = Data0) ->
146 |     Data = handle_api_data(State, Bin, Data0),
147 |     {next_state, {watch, init}, Data};
148 | 
149 | handle_event(info, {gun_response, ConnPid, StreamRef, nofin, 200, _Headers}, {watch, init},
150 | 	     #{conn := ConnPid, stream := StreamRef} = Data) ->
151 |     {next_state, {watch, data}, Data};
152 | 
153 | handle_event(info, {gun_response, ConnPid, StreamRef, fin, Status, _Headers}, _,
154 | 	     #{conn := ConnPid, stream := StreamRef}) ->
155 |     ?LOG(debug, "~p: stream closed with status ~p", [ConnPid, Status]),
156 |     {stop, normal};
157 | 
158 | handle_event(info, {gun_data, ConnPid, StreamRef, nofin, Bin}, State,
159 | 	     #{conn := ConnPid, stream := StreamRef} = Data0) ->
160 |     Data = handle_api_data(State, Bin, Data0),
161 |     {keep_state, Data};
162 | 
163 | handle_event(info, {gun_data, ConnPid, StreamRef, fin, Bin}, {watch, data} = State,
164 | 	     #{conn := ConnPid, stream := StreamRef} = Data0) ->
165 |     Data = handle_api_data(State, Bin, Data0),
166 |     {next_state, {watch, init}, maps:remove(stream, Data)};
167 | 
168 | handle_event(info, {gun_down, ConnPid, _Protocol, State, _Streams}, _, #{conn := ConnPid}) ->
169 |     ?LOG(debug, "~p: connection closed with ~p", [ConnPid, State]),
170 |     {stop, normal};
171 | 
172 | %% handle_event(info, {gun_response, ConnPid, _StreamRef, fin, Status, _Headers} = _Msg, _State,
173 | %%	     #{conn := ConnPid} = _Data) ->
174 | %%     ?LOG(debug, "Info: ~p, State: ~p", [_Msg, _State]),
175 | %%     ?LOG(info, "~p: got response ~p", [ConnPid, Reason]),
176 | %%     keep_state_and_data;
177 | 
178 | handle_event(_Ev, _Msg, _State, _Data) ->
179 |     ?LOG(debug, "Ev: ~p, Msg: ~p, State: ~p", [_Ev, _Msg, _State]),
180 |     keep_state_and_data.
181 | 
182 | terminate(_Reason, _State, _Data) ->
183 |     ok.
184 | 
185 | code_change(_OldVsn, State, Data, _Extra) ->
186 |     {ok, State, Data}.
187 | 
188 | %%%=========================================================================
189 | %%%  internal functions
190 | %%%=========================================================================
191 | 
192 | headers(Token) ->
193 |     [
194 |      {<<"authorization">>, iolist_to_binary(["Bearer ", Token])},
195 |      {<<"accept">>, <<"application/json">>}
196 |     ].
197 | 
198 | handle_api_data(State, Bin, #{pending := In} = Data) ->
199 |     handle_api_data(State, Data#{pending := <<In/binary, Bin/binary>>}).
200 | 
201 | handle_api_data(State, #{pending := In} = Data0) ->
202 |     case binary:split(In, <<$\n>>) of
203 | 	[In] -> %% no newline,
204 | 	    Data0;
205 | 	[Head, Tail] ->
206 | 	    Data = process_api_data(State, Head, Data0),
207 | 	    handle_api_data(State, Data#{pending => Tail})
208 |     end.
209 | 
210 | process_api_data(State, Bin, Data0) ->
211 |     case jsx:decode(Bin, ?JsonDecodeOptions) of
212 | 	Object when is_map(Object) ->
213 | 	    process_api_object(State, Object, Data0);
214 | 
215 | 	Ev ->
216 | 	    ?LOG(info, "unexpected message from k8s: ~p", [Ev]),
217 | 	    Data0
218 |     end.
219 | 
220 | process_api_object({watch, _}, #{type := Type, object := Object}, Data) ->
221 |     {Kind, Resource} = read_event(Object, Data),
222 |     process_event(Kind, atom(Type), Resource, Data),
223 |     ?State:set_resource_version(Resource, Data);
224 | 
225 | process_api_object({loading, _}, #{items := Pods, metadata := Meta}, Data) ->
226 |     lists:foreach(
227 |       fun(Pod) ->
228 | 	      {Kind, Resource} = read_event(Pod#{kind => pod}, Data),
229 | 	      process_event(Kind, init, Resource, Data)
230 |       end, Pods),
231 |     ?State:set_resource_version(Meta, Data).
232 | 
233 | process_event(pod, Type, Pod, #{cycle := Cycle, config := Config}) ->
234 |     ?Pod:process_event(Cycle, Type, Pod, Config),
235 |     ok;
236 | process_event(_Kind, _Type, _Resource, _Data) ->
237 |     ok.
238 | 
239 | atom(Bin) when is_binary(Bin) ->
240 |     binary_to_atom(string:lowercase(Bin), latin1);
241 | atom(Atom) when is_atom(Atom) ->
242 |     Atom.
243 | 
244 | read_event(#{kind := Kind,
245 | 	     metadata :=
246 | 		 #{namespace := Namespace,
247 | 		   uid := PodUid,
248 | 		   name := PodName,
249 | 		   resourceVersion := ResourceVersion
250 | 		  } = Metadata,
251 | 	     status :=
252 | 		 #{phase := Phase} = Status}, Data) ->
253 |     Ev =
254 | 	#{resource_version => binary_to_integer(ResourceVersion),
255 | 	  namespace => binary_to_list(Namespace),
256 | 	  pod_uid => binary_to_list(PodUid),
257 | 	  pod_name => binary_to_list(PodName),
258 | 	  pod_ip => binary_to_list(maps:get(podIP, Status, <<>>)),
259 | 	  nets_data => ?Tools:pod_nets_data(
260 | 			  maps:get(annotations, Metadata, #{}),
261 | 			  Data
262 | 			 ),
263 | 	  phase => binary_to_list(Phase),
264 | 	  agent => ?Tools:pod_container_state(
265 | 		      maps:get(agent_container_name, Data),
266 | 		      maps:get(containerStatuses, Status, [])
267 | 		     ),
268 | 	  init_agent => ?Tools:pod_container_state(
269 | 			   maps:get(agent_init_container_name, Data),
270 | 			   maps:get(initContainerStatuses, Status, [])
271 | 			  )
272 | 	 },
273 |     %%?LOG(info, "ICS: ~p", [maps:get(initContainerStatuses, Status, [])]),
274 |     {atom(Kind), Ev};
275 | 
276 | read_event(#{code := Code,
277 | 	     kind := Kind,
278 | 	     message := Message = <<"too old resource version:", Versions/binary>>,
279 | 	     reason := Reason,
280 | 	     status := Status
281 | 	    }, _Data) ->
282 |     Ev =
283 | 	#{code => Code,
284 | 	  reason => binary_to_list(Reason),
285 | 	  status => binary_to_list(Status),
286 | 	  message => binary_to_list(Message),
287 | 	  resource_version =>
288 | 	      begin
289 | 		  [_DesiredVersion, OldestVersion] = string:lexemes(Versions, "( )"),
290 | 		  binary_to_integer(OldestVersion) - 1
291 | 	      end
292 | 	 },
293 |     {atom(Kind), Ev}.
294 | 
295 | init_pods() ->
296 |     lists:foreach(
297 |       fun({_Id, Pid, Pod}) when is_map(Pod) ->
298 | 	      ?Pod:init_state(Pid);
299 | 	 (_) ->
300 | 	      ok
301 |       end, ?PodReg:all()).
302 | 


--------------------------------------------------------------------------------
/src/kube_vxlan_controller_pod.erl:
--------------------------------------------------------------------------------
  1 | -module(kube_vxlan_controller_pod).
  2 | 
  3 | -behavior(gen_statem).
  4 | 
  5 | %% API
  6 | -export([start_link/3, stop/1, init_state/1, process_event/4, bridge_cmd/5]).
  7 | -export([get/1, get/2, get/3, exec/5]).
  8 | 
  9 | %% gen_statem callbacks
 10 | -export([callback_mode/0, init/1, handle_event/4, terminate/3, code_change/4]).
 11 | 
 12 | -include_lib("kernel/include/logger.hrl").
 13 | -include("include/kube_vxlan_controller.hrl").
 14 | 
 15 | -define(Db, kube_vxlan_controller_db).
 16 | -define(K8s, kube_vxlan_controller_k8s).
 17 | -define(Net, kube_vxlan_controller_net).
 18 | -define(Pod, kube_vxlan_controller_pod).
 19 | -define(Agent, kube_vxlan_controller_agent).
 20 | -define(Tools, kube_vxlan_controller_tools).
 21 | -define(Format, kube_vxlan_controller_format).
 22 | -define(PodReg, kube_vxlan_controller_pod_reg).
 23 | 
 24 | -define(STDOUT, 1).
 25 | -define(STDERR, 2).
 26 | 
 27 | -define(ExecQuery, [
 28 |     {"stdout", "true"},
 29 |     {"stderr", "true"}
 30 | ]).
 31 | 
 32 | -record(data, {uid, pod, bridges, config}).
 33 | 
 34 | %%%===================================================================
 35 | %%% API
 36 | %%%===================================================================
 37 | 
 38 | %%-define(DEBUG_OPTS, [{install, {fun logger_sys_debug:logger_gen_statem_trace/3, ?MODULE}}]).
 39 | -define(DEBUG_OPTS, []).
 40 | -define(JsonDecodeOptions, [return_maps, {labels, atom}]).
 41 | 
 42 | start_link(Id, Event, Config) ->
 43 |     Opts = [{debug, ?DEBUG_OPTS}],
 44 |     %%Opts = [],
 45 |     gen_statem:start_link(?MODULE, [Id, Event, Config], Opts).
 46 | 
 47 | stop(Server) ->
 48 |     gen_statem:cast(Server, stop).
 49 | 
 50 | init_state(Server) ->
 51 |     gen_statem:cast(Server, init).
 52 | 
 53 | process_event(Cycle, Type, #{pod_name := Name} = Pod, Config) ->
 54 |     ?PodReg:process_event(#uid{id = Name, cycle = Cycle}, {Type, Pod}, Config).
 55 | 
 56 | bridge_cmd(Action, Version, #{owner := Pid} = Pod, NetNames, IP) ->
 57 |     gen_statem:cast(Pid, {bridge_cmd, Action, Version, Pod, NetNames, IP}).
 58 | 
 59 | %%%===================================================================
 60 | %%% gen_statem callbacks
 61 | %%%===================================================================
 62 | 
 63 | callback_mode() -> [handle_event_function, state_enter].
 64 | 
 65 | init([Id, Event, Config]) ->
 66 |     ?LOG(info, "Pod ~p started", [Id]),
 67 |     Data = #data{uid = Id, pod = #{}, bridges = #{}, config = Config},
 68 |     self() ! Event,
 69 |     {ok, pending, Data}.
 70 | 
 71 | handle_event(enter, _, pending, _Data) ->
 72 |     keep_state_and_data;
 73 | 
 74 | handle_event(enter, _, setup, #data{uid = Id, config = Config,
 75 | 				    pod = #{pod_name := Name} = PodResource}) ->
 76 |     ?LOG(debug, "====== Pod ~s (~p): Setup", [Name, Id#uid.id]),
 77 | 
 78 |     UseInitAgentConfig =
 79 | 	Config#{agent_container_name => maps:get(agent_init_container_name, Config)},
 80 | 
 81 |     Pod = pod(PodResource, ?Db:nets_options()),
 82 |     ?LOG(info, "Pod setup:~n~s", [pods_format([Pod])]),
 83 |     ?Net:pod_setup(Pod, UseInitAgentConfig),
 84 |     ?Agent:terminate(Pod, UseInitAgentConfig),
 85 | 
 86 |     keep_state_and_data;
 87 | 
 88 | handle_event(enter, _, join, #data{uid = Id, pod = #{pod_name := Name} = PodResource}) ->
 89 |     ?LOG(debug, "====== Pod ~s (~p): Join", [Name, Id#uid.id]),
 90 | 
 91 |     {Pod, NetPods} = pods(Id, PodResource),
 92 |     ?LOG(info, "Pod joining (~p):~n~s", [Id#uid.id, pods_format([Pod])]),
 93 |     ?LOG(info, "Pods to join (~p):~n~s", [Id#uid.id, pods_format(NetPods)]),
 94 | 
 95 |     ?Net:pod_join(Pod, NetPods),
 96 | 
 97 |     keep_state_and_data;
 98 | 
 99 | handle_event(enter, _, leave, #data{uid = Id, pod = #{pod_name := Name} = PodResource}) ->
100 |     ?LOG(debug, "====== Pod ~s (~p): Leave", [Name, Id#uid.id]),
101 |     ?PodReg:unset(Id),
102 | 
103 |     {Pod, NetPods} = pods(Id, PodResource),
104 |     ?LOG(info, "Pod leaving (~p):~n~s", [Id#uid.id, pods_format([Pod])]),
105 |     ?LOG(info, "Pods to leave (~p):~n~s", [Id#uid.id, pods_format(NetPods)]),
106 |     ?Net:pod_leave(Pod, NetPods),
107 | 
108 |     keep_state_and_data;
109 | 
110 | handle_event(enter, _, State, #data{uid = Id, pod = #{pod_name := Name}}) ->
111 |     ?LOG(debug, "====== Pod ~s (~p): Enter ~p", [Name, Id#uid.id, State]),
112 |     keep_state_and_data;
113 | 
114 | handle_event(info, {deleted, _Pod}, join = State, #data{uid = Id} = Data) ->
115 |     ?LOG(debug, "====== Pod ~p: deleted in state ~p", [Id#uid.id, State]),
116 |     {next_state, leave, Data, [postpone]};
117 | 
118 | handle_event(info, {deleted, _Pod}, State, #data{uid = Id}) ->
119 |     ?LOG(debug, "====== Pod ~p: deleted in state ~p", [Id#uid.id, State]),
120 |     {stop, normal};
121 | 
122 | handle_event(info, {init, Pod}, State, #data{uid = Id} = Data) ->
123 |     case next_state(Pod, State) of
124 | 	leave ->
125 | 	    ok;
126 | 	_ ->
127 | 	    true = ?PodReg:set(Id, pod(Pod, ?Db:nets_options()))
128 |     end,
129 |     ?LOG(debug, "====== Pod ~p: init in ~p", [Id#uid.id, State]),
130 |     {keep_state, Data#data{pod = Pod}};
131 | 
132 | handle_event(info, {_, Pod}, State, #data{uid = Id} = Data) ->
133 |     NextState = next_state(Pod, State),
134 |     true = ?PodReg:set(Id, pod(Pod, ?Db:nets_options())),
135 |     ?LOG(debug, "====== Pod ~p: ~p -> ~p", [Id#uid.id, State, NextState]),
136 |     {next_state, NextState, Data#data{pod = Pod}};
137 | 
138 | handle_event(cast, init, pending = State, #data{uid = Id, pod = Pod} = Data) ->
139 |     NextState = next_state(Pod, State),
140 |     ?LOG(debug, "====== Pod ~p: ~p -> ~p", [Id#uid.id, State, NextState]),
141 |     {next_state, NextState, Data};
142 | 
143 | handle_event(cast, stop, State, #data{uid = Id} = _Data) ->
144 |     ?LOG(debug, "====== Pod ~p: In ~w, CleanUp Stop", [Id#uid.id, State]),
145 |     {stop, normal};
146 | 
147 | handle_event(cast, {bridge_cmd, Action, Version, Pod, NetNames, IP}, join, Data0) ->
148 |     Data = bridges(Action, Version, Pod, NetNames, IP, Data0),
149 |     {keep_state, Data};
150 | handle_event(cast, {bridge_cmd, _, _, _, _}, leave, #data{uid = Id}) ->
151 |     ?LOG(debug, "====== Pod ~p: skipping bridge_cmd in state leave", [Id]),
152 |     keet_state_and_data;
153 | handle_event(cast, {bridge_cmd, _, _, _, _}, State, #data{uid = Id}) ->
154 |     ?LOG(debug, "====== Pod ~p: postpone bridge_cmd in state ~p", [Id, State]),
155 |     {keep_state_and_data, postpone};
156 | 
157 | handle_event(_, {gun_down, _,ws ,normal, _}, _State, _Data) ->
158 |     %% normal gun Ws termination
159 |     keep_state_and_data;
160 | 
161 | handle_event(_Ev, _Msg, _State, _Data) ->
162 |     ?LOG(debug, "Ev: ~p, Msg: ~p, State: ~p", [_Ev, _Msg, _State]),
163 |     keep_state_and_data.
164 | 
165 | terminate(_Reason, _State, _Data) ->
166 |     ok.
167 | 
168 | code_change(_OldVsn, State, Data, _Extra) ->
169 |     {ok, State, Data}.
170 | 
171 | %%%=========================================================================
172 | %%%  internal functions
173 | %%%=========================================================================
174 | 
175 | next_state(#{init_agent := running}, _) ->
176 |     setup;
177 | next_state(#{agent := running}, _) ->
178 |     join;
179 | next_state(#{agent := terminated}, _) ->
180 |     leave;
181 | next_state(_, State) ->
182 |     State.
183 | 
184 | bridges(Action, Version, Pod, NetNames, IP, Data) ->
185 |     lists:foldl(
186 |       fun(NetName, D) -> bridge(Action, Version, Pod, NetName, IP, D) end, Data, NetNames).
187 | 
188 | bridge_action(delete, Key, _ActionVersion, #data{bridges = Bridges} = Data) ->
189 |     Data#data{bridges = maps:remove(Key, Bridges)};
190 | bridge_action(Action, Key, ActionVersion, #data{bridges = Bridges} = Data) ->
191 |     Data#data{bridges = maps:put(Key, ActionVersion, Bridges)}.
192 | 
193 | bridge(Action, ActionVersion, Pod, NetName, IP,
194 |        #data{uid = Id, bridges = Bridges, config = Config} = Data) ->
195 |     Key = {NetName, IP},
196 |     case maps:get(Key, Bridges, 0) of
197 | 	Version when Version < ActionVersion ->
198 | 	    ?LOG(debug, "====== Pod ~p: executing bridge_cmd ~0p for ~0p, ~0p < ~0p",
199 | 		 [Id#uid.id, Action, Key, Version, ActionVersion]),
200 | 	    ?Net:bridge(Action, Pod, NetName, IP, Config),
201 | 	    bridge_action(Action, Key, ActionVersion, Data);
202 | 	Version ->
203 | 	    ?LOG(debug, "====== Pod ~p: skipping bridge_cmd ~0p for ~0p, ~0p > ~0p",
204 | 		 [Id#uid.id, Action, Key, Version, ActionVersion]),
205 | 	    Data
206 |     end.
207 | 
208 | pods(Id, PodResource) ->
209 |     GlobalNetsOptions = ?Db:nets_options(),
210 |     Pod = pod(PodResource, GlobalNetsOptions),
211 | 
212 |     Filters =
213 | 	[{with_nets, ?Net:pod_net_names(Pod)},
214 | 	 {without_pods, [maps:get(name, Pod)]}],
215 |     NetPods = ?Tools:pods(?PodReg:all(Id#uid.cycle), Filters),
216 |     {Pod, NetPods}.
217 | 
218 | pod(#{namespace := Namespace, pod_name := PodName, pod_ip := PodIp,
219 | 	  nets_data := NetsData, resource_version := Version},
220 |     GlobalNetsOptions) ->
221 |     #{owner => self(),
222 |       version => Version,
223 |       namespace => Namespace,
224 |       name => PodName,
225 |       ip => PodIp,
226 |       nets => ?Tools:pod_nets(NetsData, GlobalNetsOptions)
227 |      }.
228 | 
229 | pods_format(Pods) ->
230 |     Indent = 2,
231 |     lists:flatten([
232 | 	?Format:pod(Pod) ++ "\n" ++
233 | 	?Format:pod_nets(maps:get(nets, Pod), Indent) ++ "\n" ||
234 | 	Pod <- Pods
235 |     ]).
236 | 
237 | get(Config) -> get(all, {label, false}, Config).
238 | get(Filter = {label, _Selector}, Config) -> get(all, Filter, Config).
239 | 
240 | get(Namespace, Filter, Config) ->
241 |     Resource = case {Namespace, Filter} of
242 | 	{all, Filter} ->
243 | 	    "/api/v1/pods";
244 | 	{Namespace, {label, _Selector}} -> fmt(
245 | 	    "/api/v1/namespaces/~s/pods", [Namespace]
246 | 	);
247 | 	{Namespace, {pod, Name}} -> fmt(
248 | 	    "/api/v1/namespaces/~s/pods/~s", [Namespace, Name]
249 | 	)
250 |     end,
251 |     Query =
252 | 	case Filter of
253 | 	    {pod, _Name}      -> [];
254 | 	    {label, false}    -> [];
255 | 	    {label, Selector} -> [{"labelSelector", Selector}]
256 |     end,
257 |     case ?K8s:http_request(Resource, Query, Config) of
258 | 	{ok, Result} -> {ok, maps:get(items, Result, Result)};
259 | 	{error, Reason} -> {error, Reason}
260 |     end.
261 | 
262 | exec(Namespace, PodName, ContainerName, Command, Config) ->
263 |     Silent = maps:get(silent, Config, false),
264 | 
265 |     Silent orelse
266 | 	?LOG(info, "~s/~s/~s: ~s", [Namespace, PodName, ContainerName, Command]),
267 | 
268 |     Resource = fmt("/api/v1/namespaces/~s/pods/~s/exec", [Namespace, PodName]),
269 | 
270 |     Query = lists:foldl(
271 | 	fun(Arg, ExecQuery) -> [{"command", Arg}|ExecQuery] end,
272 | 	[{"container", ContainerName}|?ExecQuery],
273 | 	lists:reverse(string:split(Command, " ", all))
274 |     ),
275 | 
276 |     case ?K8s:ws_connect(Resource, Query, Config) of
277 | 	{ok, ConnPid, StreamRef} ->
278 | 	    case ?K8s:ws_recv(ConnPid, StreamRef) of
279 | 		{ok, Result} ->
280 | 		    ?K8s:ws_close(ConnPid),
281 | 		    Silent orelse ?LOG(info, "~p", [Result]),
282 | 		    maps:get(?STDOUT, Result, <<>>);
283 | 		{error, Reason} ->
284 | 		    ?K8s:ws_close(ConnPid),
285 | 		    ?LOG(error, #{reason => Reason}),
286 | 		    <<>>
287 | 	    end;
288 | 	{error, Reason} ->
289 | 	    ?LOG(error, #{reason => Reason}),
290 | 	    <<>>
291 |     end.
292 | 
293 | fmt(Format, Args) -> lists:flatten(io_lib:format(Format, Args)).
294 | 


--------------------------------------------------------------------------------
/LICENSE.md:
--------------------------------------------------------------------------------
  1 | 
  2 |                                  Apache License
  3 |                            Version 2.0, January 2004
  4 |                         http://www.apache.org/licenses/
  5 | 
  6 |    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
  7 | 
  8 |    1. Definitions.
  9 | 
 10 |       "License" shall mean the terms and conditions for use, reproduction,
 11 |       and distribution as defined by Sections 1 through 9 of this document.
 12 | 
 13 |       "Licensor" shall mean the copyright owner or entity authorized by
 14 |       the copyright owner that is granting the License.
 15 | 
 16 |       "Legal Entity" shall mean the union of the acting entity and all
 17 |       other entities that control, are controlled by, or are under common
 18 |       control with that entity. For the purposes of this definition,
 19 |       "control" means (i) the power, direct or indirect, to cause the
 20 |       direction or management of such entity, whether by contract or
 21 |       otherwise, or (ii) ownership of fifty percent (50%) or more of the
 22 |       outstanding shares, or (iii) beneficial ownership of such entity.
 23 | 
 24 |       "You" (or "Your") shall mean an individual or Legal Entity
 25 |       exercising permissions granted by this License.
 26 | 
 27 |       "Source" form shall mean the preferred form for making modifications,
 28 |       including but not limited to software source code, documentation
 29 |       source, and configuration files.
 30 | 
 31 |       "Object" form shall mean any form resulting from mechanical
 32 |       transformation or translation of a Source form, including but
 33 |       not limited to compiled object code, generated documentation,
 34 |       and conversions to other media types.
 35 | 
 36 |       "Work" shall mean the work of authorship, whether in Source or
 37 |       Object form, made available under the License, as indicated by a
 38 |       copyright notice that is included in or attached to the work
 39 |       (an example is provided in the Appendix below).
 40 | 
 41 |       "Derivative Works" shall mean any work, whether in Source or Object
 42 |       form, that is based on (or derived from) the Work and for which the
 43 |       editorial revisions, annotations, elaborations, or other modifications
 44 |       represent, as a whole, an original work of authorship. For the purposes
 45 |       of this License, Derivative Works shall not include works that remain
 46 |       separable from, or merely link (or bind by name) to the interfaces of,
 47 |       the Work and Derivative Works thereof.
 48 | 
 49 |       "Contribution" shall mean any work of authorship, including
 50 |       the original version of the Work and any modifications or additions
 51 |       to that Work or Derivative Works thereof, that is intentionally
 52 |       submitted to Licensor for inclusion in the Work by the copyright owner
 53 |       or by an individual or Legal Entity authorized to submit on behalf of
 54 |       the copyright owner. For the purposes of this definition, "submitted"
 55 |       means any form of electronic, verbal, or written communication sent
 56 |       to the Licensor or its representatives, including but not limited to
 57 |       communication on electronic mailing lists, source code control systems,
 58 |       and issue tracking systems that are managed by, or on behalf of, the
 59 |       Licensor for the purpose of discussing and improving the Work, but
 60 |       excluding communication that is conspicuously marked or otherwise
 61 |       designated in writing by the copyright owner as "Not a Contribution."
 62 | 
 63 |       "Contributor" shall mean Licensor and any individual or Legal Entity
 64 |       on behalf of whom a Contribution has been received by Licensor and
 65 |       subsequently incorporated within the Work.
 66 | 
 67 |    2. Grant of Copyright License. Subject to the terms and conditions of
 68 |       this License, each Contributor hereby grants to You a perpetual,
 69 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 70 |       copyright license to reproduce, prepare Derivative Works of,
 71 |       publicly display, publicly perform, sublicense, and distribute the
 72 |       Work and such Derivative Works in Source or Object form.
 73 | 
 74 |    3. Grant of Patent License. Subject to the terms and conditions of
 75 |       this License, each Contributor hereby grants to You a perpetual,
 76 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 77 |       (except as stated in this section) patent license to make, have made,
 78 |       use, offer to sell, sell, import, and otherwise transfer the Work,
 79 |       where such license applies only to those patent claims licensable
 80 |       by such Contributor that are necessarily infringed by their
 81 |       Contribution(s) alone or by combination of their Contribution(s)
 82 |       with the Work to which such Contribution(s) was submitted. If You
 83 |       institute patent litigation against any entity (including a
 84 |       cross-claim or counterclaim in a lawsuit) alleging that the Work
 85 |       or a Contribution incorporated within the Work constitutes direct
 86 |       or contributory patent infringement, then any patent licenses
 87 |       granted to You under this License for that Work shall terminate
 88 |       as of the date such litigation is filed.
 89 | 
 90 |    4. Redistribution. You may reproduce and distribute copies of the
 91 |       Work or Derivative Works thereof in any medium, with or without
 92 |       modifications, and in Source or Object form, provided that You
 93 |       meet the following conditions:
 94 | 
 95 |       (a) You must give any other recipients of the Work or
 96 |           Derivative Works a copy of this License; and
 97 | 
 98 |       (b) You must cause any modified files to carry prominent notices
 99 |           stating that You changed the files; and
100 | 
101 |       (c) You must retain, in the Source form of any Derivative Works
102 |           that You distribute, all copyright, patent, trademark, and
103 |           attribution notices from the Source form of the Work,
104 |           excluding those notices that do not pertain to any part of
105 |           the Derivative Works; and
106 | 
107 |       (d) If the Work includes a "NOTICE" text file as part of its
108 |           distribution, then any Derivative Works that You distribute must
109 |           include a readable copy of the attribution notices contained
110 |           within such NOTICE file, excluding those notices that do not
111 |           pertain to any part of the Derivative Works, in at least one
112 |           of the following places: within a NOTICE text file distributed
113 |           as part of the Derivative Works; within the Source form or
114 |           documentation, if provided along with the Derivative Works; or,
115 |           within a display generated by the Derivative Works, if and
116 |           wherever such third-party notices normally appear. The contents
117 |           of the NOTICE file are for informational purposes only and
118 |           do not modify the License. You may add Your own attribution
119 |           notices within Derivative Works that You distribute, alongside
120 |           or as an addendum to the NOTICE text from the Work, provided
121 |           that such additional attribution notices cannot be construed
122 |           as modifying the License.
123 | 
124 |       You may add Your own copyright statement to Your modifications and
125 |       may provide additional or different license terms and conditions
126 |       for use, reproduction, or distribution of Your modifications, or
127 |       for any such Derivative Works as a whole, provided Your use,
128 |       reproduction, and distribution of the Work otherwise complies with
129 |       the conditions stated in this License.
130 | 
131 |    5. Submission of Contributions. Unless You explicitly state otherwise,
132 |       any Contribution intentionally submitted for inclusion in the Work
133 |       by You to the Licensor shall be under the terms and conditions of
134 |       this License, without any additional terms or conditions.
135 |       Notwithstanding the above, nothing herein shall supersede or modify
136 |       the terms of any separate license agreement you may have executed
137 |       with Licensor regarding such Contributions.
138 | 
139 |    6. Trademarks. This License does not grant permission to use the trade
140 |       names, trademarks, service marks, or product names of the Licensor,
141 |       except as required for reasonable and customary use in describing the
142 |       origin of the Work and reproducing the content of the NOTICE file.
143 | 
144 |    7. Disclaimer of Warranty. Unless required by applicable law or
145 |       agreed to in writing, Licensor provides the Work (and each
146 |       Contributor provides its Contributions) on an "AS IS" BASIS,
147 |       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
148 |       implied, including, without limitation, any warranties or conditions
149 |       of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
150 |       PARTICULAR PURPOSE. You are solely responsible for determining the
151 |       appropriateness of using or redistributing the Work and assume any
152 |       risks associated with Your exercise of permissions under this License.
153 | 
154 |    8. Limitation of Liability. In no event and under no legal theory,
155 |       whether in tort (including negligence), contract, or otherwise,
156 |       unless required by applicable law (such as deliberate and grossly
157 |       negligent acts) or agreed to in writing, shall any Contributor be
158 |       liable to You for damages, including any direct, indirect, special,
159 |       incidental, or consequential damages of any character arising as a
160 |       result of this License or out of the use or inability to use the
161 |       Work (including but not limited to damages for loss of goodwill,
162 |       work stoppage, computer failure or malfunction, or any and all
163 |       other commercial damages or losses), even if such Contributor
164 |       has been advised of the possibility of such damages.
165 | 
166 |    9. Accepting Warranty or Additional Liability. While redistributing
167 |       the Work or Derivative Works thereof, You may choose to offer,
168 |       and charge a fee for, acceptance of support, warranty, indemnity,
169 |       or other liability obligations and/or rights consistent with this
170 |       License. However, in accepting such obligations, You may act only
171 |       on Your own behalf and on Your sole responsibility, not on behalf
172 |       of any other Contributor, and only if You agree to indemnify,
173 |       defend, and hold each Contributor harmless for any liability
174 |       incurred by, or claims asserted against, such Contributor by reason
175 |       of your accepting any such warranty or additional liability.
176 | 
177 |    END OF TERMS AND CONDITIONS
178 | 
179 |    APPENDIX: How to apply the Apache License to your work.
180 | 
181 |       To apply the Apache License to your work, attach the following
182 |       boilerplate notice, with the fields enclosed by brackets "[]"
183 |       replaced with your own identifying information. (Don't include
184 |       the brackets!)  The text should be enclosed in the appropriate
185 |       comment syntax for the file format. We also recommend that a
186 |       file or class name and description of purpose be included on the
187 |       same "printed page" as the copyright notice for easier
188 |       identification within third-party archives.
189 | 
190 |    Copyright [yyyy] [name of copyright owner]
191 | 
192 |    Licensed under the Apache License, Version 2.0 (the "License");
193 |    you may not use this file except in compliance with the License.
194 |    You may obtain a copy of the License at
195 | 
196 |        http://www.apache.org/licenses/LICENSE-2.0
197 | 
198 |    Unless required by applicable law or agreed to in writing, software
199 |    distributed under the License is distributed on an "AS IS" BASIS,
200 |    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
201 |    See the License for the specific language governing permissions and
202 |    limitations under the License.
203 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # Kube VXLAN Controller
  2 | 
  3 | [![License: Apache-2.0][Apache 2.0 Badge]][Apache 2.0]
  4 | [![GitHub Release Badge]][GitHub Releases]
  5 | 
  6 | Any pod in a [Kubernetes] cluster can become a [VXLAN] overlay network member by
  7 | having a VXLAN type network interface set up and L2 peer forwarding entries
  8 | specified. This can be done automatically on a pod creation by using the Kube
  9 | VXLAN Controller. A pod could be configured to have any number of VXLAN
 10 | interfaces, i.e. to be a member of any number of VXLAN Segments.
 11 | 
 12 | * [Deployment](#deployment)
 13 | * [Usage](#usage)
 14 | * [Controller Workflow](#controller-workflow)
 15 | * [Example](#example)
 16 | * [Troubleshooting](#troubleshooting)
 17 | 
 18 | ## Deployment
 19 | 
 20 | The controller monitors pods using the [Kubernetes API] and could run as a
 21 | standalone application provided with a desired cluster API access. But the most
 22 | simple way is to run it as a part of the Kubernetes cluster itself, for example
 23 | as a Kubernetes deployment. This repository provides a [Bundle Manifest] to
 24 | create such a deployment and related workloads:
 25 | 
 26 | ```
 27 | $ kubectl apply -f https://raw.githubusercontent.com/openvnf/kube-vxlan-controller/master/kubernetes/bundle.yaml
 28 | ```
 29 | 
 30 | ## Usage
 31 | 
 32 | To make a pod VXLAN enabled it should answer the following conditions:
 33 | 
 34 | * have a "vxlan.openvnf.org" label set to "true"
 35 | * have a "vxlan.openvnf.org/networks" annotation describing VXLAN networks
 36 | * run a Kube VXLAN Controller Agent init container with the security context
 37 |   "NET_ADMIN" capability
 38 | * run a Kube VXLAN Controller Agent sidecar container with the security context
 39 |   "NET_ADMIN" capability.
 40 | 
 41 | These conditions could be described in a single manifest:
 42 | 
 43 | ```
 44 | spec:
 45 |   template:
 46 |     metadata:
 47 |       labels:
 48 |         vxlan.openvnf.org: "true"
 49 |       annotations:
 50 |         vxlan.openvnf.org/networks: vxeth0, vxeth1
 51 |     spec:
 52 |       initContainers:
 53 |       - name: vxlan-controller-agent-init
 54 |         image: openvnf/kube-vxlan-controller-agent
 55 |         securityContext:
 56 |           capabilities:
 57 |             add: ["NET_ADMIN"]
 58 |       containers:
 59 |       - name: vxlan-controller-agent
 60 |         image: openvnf/kube-vxlan-controller-agent
 61 |         securityContext:
 62 |           capabilities:
 63 |             add: ["NET_ADMIN"]
 64 | ```
 65 | 
 66 | This can be saved into a file (for example "patch.yaml") and applied against a
 67 | running deployment by patching it:
 68 | 
 69 | ```
 70 | $ kubectl patch deployment <name> -p "$(cat patch.yaml)"
 71 | ```
 72 | 
 73 | Or could be merged into a deployment manifest before creating it.
 74 | 
 75 | In this example "vxeth0" and "vxeth1" are the list of VXLAN network names that
 76 | will be created in a pod. In this case the network interfaces created in a pod
 77 | will have the same names as the specfied network names, i.e "vxeth0" and
 78 | "vxeth1". This could be configured via "Network Options" (see below).
 79 | 
 80 | ### VXLAN Network Identifier
 81 | 
 82 | According to [VXLAN specification] during the setup process a VXLAN should be
 83 | provided with a Segment ID or "VXLAN Network Identifier (VNI)". The controller
 84 | does that automatically using the ID specified in the network options (see
 85 | "Network Options" below).
 86 | 
 87 | ### Network Options
 88 | 
 89 | Network options define how the controller behaves setting up a particular
 90 | network interface. Options could be defined in networks defining configmap
 91 | or in a network defining annotation. Options defined in the configmap apply to
 92 | all the VXLAN enabled pods in a cluster. Options defined in a pod annotation
 93 | overrides that for the pod.
 94 | 
 95 | Example of the options defined in the configmap:
 96 | 
 97 | 
 98 | ```
 99 | data:
100 |   vxeth0: id=1000 dev=tun0
101 |   vxeth1: id=1001 up
102 | ```
103 | 
104 | Example of the options defined in a pod annotation:
105 | 
106 | ```
107 | annotations:
108 |   vxlan.openvnf.org/networks: |
109 |     vxeth0
110 |       ip=192.168.10.1/24
111 |       route=192.168.10.0/24:192.168.100.1
112 |     vxeth1
113 |       up=false
114 | ```
115 | ```
116 | annotations:
117 |   vxlan.openvnf.org/networks: vxeth0 dev=tun0, vxeth1
118 | ```
119 | 
120 | The only mandatory option for now is "id" (VNI) and should be explicitly defined
121 | in either configmap or annotation.
122 | 
123 | The manifest used in the "Deployment" section defines "kube-vxlan-controller"
124 | configmap with some options for networks named "vxlan[0-3]" including "id".
125 | Therefore, the example above with "vxeth0" and "vxeth1" networks works without
126 | complains about non-existing id.
127 | 
128 | #### type
129 | 
130 | Network interface type that will be created in a pod. Currently the "vxlan" one
131 | is only tested and supported and a default value, therefore usually should not
132 | be specified.
133 | 
134 | #### id
135 | 
136 | Defines network identified (VNI in case of VXLAN). Mandatory, no default value.
137 | Usually should be specified in the configmap. Specify it in a pod annotation
138 | if you know what you do only.
139 | 
140 | #### name
141 | 
142 | Name of the actual network interface that will be created. Will be set to a
143 | network name if not specified.
144 | 
145 | #### dev
146 | 
147 | A pod network device used to create a network interface (default: "eth0").
148 | 
149 | #### up
150 | 
151 | Defines whether a created interface should be set up. Can be set to "true" or
152 | "false". Specifying without any value implies "true". If specified globaly in
153 | the configmap, could be overriden with "up=false".
154 | 
155 | #### ip
156 | 
157 | Defines an IP address that will be assigned to a created network interface.
158 | 
159 | #### route
160 | 
161 | Defines a routing table rule that controller can create after an interface
162 | setup. The following example describes how to create a rule for routing to the 
163 | subnet "192.168.2.0/24" via the "192.168.1.1" gateway:
164 | 
165 | ```
166 | route=192.168.2.0/24:192.168.1.1
167 | ```
168 | 
169 | ## Controller Workflow
170 | 
171 | The controller is subscribed to the pod events using the [Pod Watch API]. On the
172 | "pod added" event the controller is looking for the networks annotation and
173 | sets up networks according to it (and according to the networks configmap) using
174 | the Agent init container. Thus the other init containers available in a pod can
175 | already work with the interfaces.
176 | 
177 | Once the network interfaces are created and configured according to the options,
178 | the controller sends a TERM signal to the main process of the Agent to let it
179 | terminate so that the pod could proceed with its creation.
180 | 
181 | Once a pod is running the sidecar Agent container is used to configure fdb
182 | entries to set up configured networks peers forwarding. If added or removed pod
183 | is a member of a certain network, the controller makes sure all the pods in
184 | this network get the fdb entries table updated.
185 | 
186 | The controller uses the "Pod Exec API" to execute commands in a pod via [Agent]
187 | container.
188 | 
189 | ## Example
190 | 
191 | A basic use case example demonstrates how to send packets from a pod "a" to 
192 | a pod "b" provided that the pods are in the different VXLAN networks. This would
193 | require a gateway pod being a member of the both networks and the routes set up
194 | on "a" and "b". Use [Example Manifest] to create example workloads:
195 | 
196 | ```
197 | $ kubectl create -f https://raw.githubusercontent.com/openvnf/kube-vxlan-controller/master/kubernetes/example.yaml
198 | ```
199 | 
200 | This creates deployments and the corresponding pods "a", "b" and "gw" with the
201 | VXLAN networks and the corresponding network interfaces configured the following
202 | way:
203 | 
204 | - pod "a":
205 |   - network: "vxeth1", IP: "192.168.11.2/29"
206 |   - route: "192.168.12.0/29 via 192.168.11.1"
207 | - pod "b":
208 |   - network: "vxeth2", IP: "192.168.12.2/29"
209 |   - route: "192.168.11.0/29 via 192.168.12.1"
210 | - pod "gw":
211 |   - network: "vxeth1", IP: "192.168.11.1/29"
212 |   - network: "vxeth2", IP: "192.168.12.1/29"
213 | 
214 | To check that example works as expected we can ping one pod's VXLAN network
215 | interface from another pod and vice versa:
216 | 
217 | ```
218 | $ POD_A=$(kubectl get po -l run=a -o jsonpath={.items[*].metadata.name})
219 | $ POD_B=$(kubectl get po -l run=b -o jsonpath={.items[*].metadata.name})
220 | 
221 | $ kubectl exec -it $POD_A -c a ping 192.168.12.2
222 | PING 192.168.12.2 (192.168.12.2): 56 data bytes
223 | 64 bytes from 192.168.12.2: seq=0 ttl=63 time=0.082 ms
224 | 
225 | $ kubectl exec -it $POD_B -c b ping 192.168.11.2
226 | PING 192.168.11.2 (192.168.11.2): 56 data bytes
227 | 64 bytes from 192.168.11.2: seq=0 ttl=63 time=0.107 ms
228 | ```
229 | 
230 | ## Troubleshooting
231 | 
232 | If a pod is not get provisioned with a VXLAN interface, or pods are not pingable
233 | within a VXLAN network, there are several things to check:
234 | 
235 | ### Label and Annotation
236 | 
237 | The label and annotation are named according to the current configuration. To
238 | check the configuration:
239 | 
240 | ```
241 | $ kubectl -n kube-system get cm kube-vxlan-controller-config -o jsonpath="{.data.config}"
242 | [{'kube-vxlan-controller', [
243 |     {db_file, "/usr/share/kube-vxlan-controller/db"},
244 |     {selector, "vxlan.openvnf.org"},
245 |     {annotation, "vxlan.openvnf.org/networks"}
246 | ]}].
247 | ```
248 | 
249 | In this case the label should be "vxlan.openvnf.org", the annotation —
250 | "vxlan.openvnf.org/networks".
251 | 
252 | ### Containers
253 | 
254 | Both init agent and runtime agent containers are present in a pod and named this
255 | way:
256 | 
257 | * init agent: "vxlan-controller-agent-init"
258 | * runtime agent: "vxlan-controller-agent"
259 | 
260 | Both containers should have "NET_ADMIN" capability.
261 | 
262 | 
263 | ### Logs
264 | 
265 | Check the controller logs to see if a pod was processed:
266 | 
267 | ```
268 | $ POD=$(kubectl -n kube-system get po -l run=kube-vxlan-controller -o jsonpath="{.items[*].metadata.name}")
269 | $ kubectl -n kube-system logs $POD
270 | ```
271 | 
272 | The logs should contain the pod name and records of attempts of creating VXLAN
273 | interfaces and provisioning FDB table.
274 | 
275 | ### Inspect
276 | 
277 | The VXLAN networks managed by the controller can be inspected:
278 | 
279 | ```
280 | $ POD=$(kubectl -n kube-system get po -l run=kube-vxlan-controller -o jsonpath="{.items[*].metadata.name}")
281 | $ kubectl -n kube-system exec $POD kube-vxlan-controller inspect nets <Nets>
282 | ```
283 | 
284 | Example:
285 | 
286 | ```
287 | $ kubectl -n kube-system exec $POD kube-vxlan-controller inspect nets vxeth1 vxeth2
288 | [vxeth1]
289 |  pod: default/a-5cd8c6ccb8-kkvwt 10.234.98.195
290 |  net: dev:eth0 id:101 ip:192.168.11.2/29 name:vxeth1 route:192.168.12.0/29:192.168.11.1 type:vxlan up:true
291 |  fdb: 00:00:00:00:00:00 dst 10.234.72.134 self permanent
292 | 
293 |  pod: default/gw-f87979b47-5p57h 10.234.72.134
294 |  net: dev:eth0 id:101 ip:192.168.11.1/29 name:vxeth1 type:vxlan up:true
295 |  fdb: 00:00:00:00:00:00 dst 10.234.98.195 self permanent
296 | 
297 | [vxeth2]
298 |  pod: default/b-cf894dbfd-t657f 10.234.101.131
299 |  net: dev:eth0 id:102 ip:192.168.12.2/29 name:vxeth2 route:192.168.11.0/29:192.168.12.1 type:vxlan up:true
300 |  fdb: 00:00:00:00:00:00 dst 10.234.72.134 self permanent
301 | 
302 |  pod: default/gw-f87979b47-5p57h 10.234.72.134
303 |  net: dev:eth0 id:102 ip:192.168.12.1/29 name:vxeth2 type:vxlan up:true
304 |  fdb: 00:00:00:00:00:00 dst 10.234.101.131 self permanent
305 | ```
306 | 
307 | The important part to check here is that all the desired pods are in the
308 | desired network, and "fdb" field of a particular pod has a corresponding
309 | record for each pod (by its IP address) that it supposed to be connected to.
310 | 
311 | If expected pods are missing in the corresponding "fdb" fields it worth trying
312 | to restart the pod where the records are missing.
313 | 
314 | ### List Pods
315 | 
316 | To list all the pods the controller is aware of:
317 | 
318 | ```
319 | $ POD=$(kubectl -n kube-system get po -l run=kube-vxlan-controller -o jsonpath="{.items[*].metadata.name}")
320 | $ kubectl -n kube-system exec $POD kube-vxlan-controller list pods
321 | default/a-5cd8c6ccb8-kkvwt vxeth1 192.168.11.2/29
322 | default/b-cf894dbfd-t657f vxeth2 192.168.12.2/29
323 | default/gw-f87979b47-5p57h vxeth1 192.168.11.1/29
324 | default/gw-f87979b47-5p57h vxeth2 192.168.12.1/29
325 | ```
326 | 
327 | Pod name prefix only can be used to filter:
328 | 
329 | ```
330 | $ kubectl -n kube-system exec $POD kube-vxlan-controller list pods gw
331 | default/gw-f87979b47-5p57h vxeth1 192.168.11.1/29
332 | default/gw-f87979b47-5p57h vxeth2 192.168.12.1/29
333 | ```
334 | 
335 | ### Pods Connectivity
336 | 
337 | The interpod connectivity is fundamental requirement for VXLAN network to work.
338 | Each IP address listed in the "fdb" field of a given pod
339 | (see [Inspect](#inspect)) should be pingable from that pod. If that is not the
340 | case the issue should be resolved first.
341 | 
342 | ### Stuck on a pod
343 | 
344 | If the last log record of the controller does not look similar to this:
345 | 
346 | ```
347 | Watching pods (selector: vxlan.openvnf.org) from version: 181701
348 | ```
349 | 
350 | and does not advance, that might be a sign of the controller stuck during
351 | execution a command on a stuck pod. Most likely the last log record contains 
352 | the pod name. In this case the pod should be deleted. If the controller log
353 | records do not still advance, the controller should be restarted. Either with
354 | 
355 | ```
356 | $ kill -TERM 1
357 | ```
358 | 
359 | on the controller pod or by deleting the pod.
360 | 
361 | ## License
362 | 
363 | Copyright 2018-2019 Travelping GmbH
364 | 
365 | Licensed under the Apache License, Version 2.0 (the "License");
366 | you may not use this file except in compliance with the License.
367 | You may obtain a copy of the License at
368 | 
369 |     http://www.apache.org/licenses/LICENSE-2.0
370 | 
371 | Unless required by applicable law or agreed to in writing, software
372 | distributed under the License is distributed on an "AS IS" BASIS,
373 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
374 | See the License for the specific language governing permissions and
375 | limitations under the License.
376 | 
377 | <!-- Links -->
378 | [Kubernetes]: https://kubernetes.io
379 | [Kubernetes API]: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10
380 | [Pod Watch API]: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/#watch-64
381 | [VXLAN]: https://tools.ietf.org/html/rfc7348
382 | [VXLAN specification]: https://tools.ietf.org/html/rfc7348#section-4
383 | [Agent]: https://github.com/openvnf/kube-vxlan-controller-agent
384 | [Example Manifest]: kubernetes/example.yaml
385 | [Bundle Manifest]: kubernetes/bundle.yaml
386 | [GitHub Releases]: https://github.com/openvnf/kube-vxlan-controller/releases
387 | 
388 | <!-- Badges -->
389 | 
390 | [Apache 2.0]: https://opensource.org/licenses/Apache-2.0
391 | [Apache 2.0 Badge]: https://img.shields.io/badge/License-Apache%202.0-yellowgreen.svg?style=flat-square
392 | [GitHub Releases]: https://github.com/openvnf/kube-vxlan-controller/releases
393 | [GitHub Release Badge]: https://img.shields.io/github/release/openvnf/kube-vxlan-controller/all.svg?style=flat-square
394 | 


--------------------------------------------------------------------------------