Merge pull request #16561 from danwinship/auto-egress-ip

Automatic merge from submit-queue.

Semi-automatic egress IP

This is the first half of the automatic egress IP work; it handles routing traffic through egress IPs, but not the assigning of IPs to nodes, which must be done manually by the administrator at this point (by editing the HostSubnet records; in the future the SDN master will do this automatically based on annotations on the Node records).

The set of Egress IPs active on a node was stored in HostSubnet rather than Node because (a) there are no upstream compatibility issues to deal with that way, and (b) nodes already have a HostSubnet watch, but not a Node watch. (And Node statuses change constantly, while HostSubnets are much more low-bandwidth.)

Oh, the other thing that's there for future expansion is that a NetNamespace can have an array of EgressIPs, but only the first one gets used. In the future we will likely support multiple IPs, either at the same time, or sequentially failing over.

@openshift/sig-networking PTAL

Author: openshift-merge-robot

api/docs/apis-network.openshift.io/v1.HostSubnet.adoc

@@ -19,7 +19,9 @@ Expand or mouse-over a field for more information about it.
 ++++
 <pre>
 <div style="margin-left:13px;"><span title="(string) APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources">apiVersion</span>:
-</div><div style="margin-left:13px;"><span title="(string) Host is the name of the node. (This is the same as the object&#39;s name, but both fields must be set.)">host</span>:
+</div><details><summary><span title="(array) EgressIPs is the list of automatic egress IP addresses currently hosted by this node">egressIPs</span>:
+</summary><div style="margin-left:13px;">- <span title="(string)">[string]</span>:
+</div></details><div style="margin-left:13px;"><span title="(string) Host is the name of the node. (This is the same as the object&#39;s name, but both fields must be set.)">host</span>:
 </div><div style="margin-left:13px;"><span title="(string) HostIP is the IP address to be used as a VTEP by other nodes in the overlay network">hostIP</span>:
 </div><div style="margin-left:13px;"><span title="(string) Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds">kind</span>:
 </div><details open><summary><span title="(v1.ObjectMeta) Standard object&#39;s metadata.">metadata</span>:

api/docs/apis-network.openshift.io/v1.NetNamespace.adoc

@@ -19,7 +19,9 @@ Expand or mouse-over a field for more information about it.
 ++++
 <pre>
 <div style="margin-left:13px;"><span title="(string) APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources">apiVersion</span>:
-</div><div style="margin-left:13px;"><span title="(string) Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds">kind</span>:
+</div><details><summary><span title="(array) EgressIPs is a list of reserved IPs that will be used as the source for external traffic coming from pods in this namespace. (If empty, external traffic will be masqueraded to Node IPs.)">egressIPs</span>:
+</summary><div style="margin-left:13px;">- <span title="(string)">[string]</span>:
+</div></details><div style="margin-left:13px;"><span title="(string) Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds">kind</span>:
 </div><details open><summary><span title="(v1.ObjectMeta) Standard object&#39;s metadata.">metadata</span>:
 </summary><details><summary>  <span title="(object) Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations">annotations</span>:
 </summary><div style="margin-left:13px;">    <span title="(string)">[string]</span>:

api/docs/oapi/v1.HostSubnet.adoc

@@ -19,7 +19,9 @@ Expand or mouse-over a field for more information about it.
 ++++
 <pre>
 <div style="margin-left:13px;"><span title="(string) APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources">apiVersion</span>:
-</div><div style="margin-left:13px;"><span title="(string) Host is the name of the node. (This is the same as the object&#39;s name, but both fields must be set.)">host</span>:
+</div><details><summary><span title="(array) EgressIPs is the list of automatic egress IP addresses currently hosted by this node">egressIPs</span>:
+</summary><div style="margin-left:13px;">- <span title="(string)">[string]</span>:
+</div></details><div style="margin-left:13px;"><span title="(string) Host is the name of the node. (This is the same as the object&#39;s name, but both fields must be set.)">host</span>:
 </div><div style="margin-left:13px;"><span title="(string) HostIP is the IP address to be used as a VTEP by other nodes in the overlay network">hostIP</span>:
 </div><div style="margin-left:13px;"><span title="(string) Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds">kind</span>:
 </div><details open><summary><span title="(v1.ObjectMeta) Standard object&#39;s metadata.">metadata</span>:

api/docs/oapi/v1.NetNamespace.adoc

@@ -19,7 +19,9 @@ Expand or mouse-over a field for more information about it.
 ++++
 <pre>
 <div style="margin-left:13px;"><span title="(string) APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources">apiVersion</span>:
-</div><div style="margin-left:13px;"><span title="(string) Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds">kind</span>:
+</div><details><summary><span title="(array) EgressIPs is a list of reserved IPs that will be used as the source for external traffic coming from pods in this namespace. (If empty, external traffic will be masqueraded to Node IPs.)">egressIPs</span>:
+</summary><div style="margin-left:13px;">- <span title="(string)">[string]</span>:
+</div></details><div style="margin-left:13px;"><span title="(string) Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds">kind</span>:
 </div><details open><summary><span title="(v1.ObjectMeta) Standard object&#39;s metadata.">metadata</span>:
 </summary><details><summary>  <span title="(object) Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations">annotations</span>:
 </summary><div style="margin-left:13px;">    <span title="(string)">[string]</span>:

api/protobuf-spec/github_com_openshift_origin_pkg_network_apis_network_v1.proto

@@ -25756,7 +25756,8 @@
     "required": [
      "host",
      "hostIP",
-     "subnet"
+     "subnet",
+     "egressIPs"
     ],
     "properties": {
      "kind": {
@@ -25782,6 +25783,13 @@
      "subnet": {
       "type": "string",
       "description": "Subnet is the CIDR range of the overlay network assigned to the node for its pods"
+     },
+     "egressIPs": {
+      "type": "array",
+      "items": {
+       "type": "string"
+      },
+      "description": "EgressIPs is the list of automatic egress IP addresses currently hosted by this node"
      }
     }
    },
@@ -26908,7 +26916,8 @@
     "description": "NetNamespace describes a single isolated network. When using the redhat/openshift-ovs-multitenant plugin, every Namespace will have a corresponding NetNamespace object with the same name. (When using redhat/openshift-ovs-subnet, NetNamespaces are not used.)",
     "required": [
      "netname",
-     "netid"
+     "netid",
+     "egressIPs"
     ],
     "properties": {
      "kind": {
@@ -26930,6 +26939,13 @@
      "netid": {
       "type": "integer",
       "description": "NetID is the network identifier of the network namespace assigned to each overlay network packet. This can be manipulated with the \"oc adm pod-network\" commands."
+     },
+     "egressIPs": {
+      "type": "array",
+      "items": {
+       "type": "string"
+      },
+      "description": "EgressIPs is a list of reserved IPs that will be used as the source for external traffic coming from pods in this namespace. (If empty, external traffic will be masqueraded to Node IPs.)"
      }
     }
    },

api/swagger-spec/oapi-v1.json

@@ -90978,13 +90978,21 @@
     "required": [
      "host",
      "hostIP",
-     "subnet"
+     "subnet",
+     "egressIPs"
     ],
     "properties": {
      "apiVersion": {
       "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources",
       "type": "string"
      },
+     "egressIPs": {
+      "description": "EgressIPs is the list of automatic egress IP addresses currently hosted by this node",
+      "type": "array",
+      "items": {
+       "type": "string"
+      }
+     },
      "host": {
       "description": "Host is the name of the node. (This is the same as the object's name, but both fields must be set.)",
       "type": "string"
@@ -91069,6 +91077,13 @@
       "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources",
       "type": "string"
      },
+     "egressIPs": {
+      "description": "EgressIPs is a list of reserved IPs that will be used as the source for external traffic coming from pods in this namespace. (If empty, external traffic will be masqueraded to Node IPs.)",
+      "type": "array",
+      "items": {
+       "type": "string"
+      }
+     },
      "kind": {
       "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds",
       "type": "string"

api/swagger-spec/openshift-openapi-spec.json

@@ -50,6 +50,8 @@ type HostSubnet struct {
 	Host   string
 	HostIP string
 	Subnet string
+
+	EgressIPs []string
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
@@ -65,13 +67,15 @@ type HostSubnetList struct {
 // +genclient:nonNamespaced
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
-// NetNamespace holds the network id against its name
+// NetNamespace holds information about the SDN configuration of a Namespace
 type NetNamespace struct {
 	metav1.TypeMeta
 	metav1.ObjectMeta
 
 	NetName string
 	NetID   uint32
+
+	EgressIPs []string
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object