diff --git a/.github/workflows/advanced-lb-sanity-ubuntu-22.yml b/.github/workflows/advanced-lb-sanity-ubuntu-22.yml
index 4b77bbdd..aa1264a7 100644
--- a/.github/workflows/advanced-lb-sanity-ubuntu-22.yml
+++ b/.github/workflows/advanced-lb-sanity-ubuntu-22.yml
@@ -1,11 +1,9 @@
name: Adv-LB-Sanity-CI-Ubuntu-22
on:
- #push:
- # branches:
- # - main
- #pull_request:
- # branches: [ "main" ]
+ schedule:
+ # Runs "At 18:00 UTC every day-of-week"
+ - cron: '0 18 * * *'
workflow_dispatch:
inputs:
logLevel:
@@ -14,11 +12,17 @@ on:
default: 'warning'
tags:
description: 'Advanced LB Sanity ubuntu 22'
+ workflow_run:
+ workflows: ["Docker-Multi-Arch"]
+ types:
+ - completed
jobs:
build:
name: advanced-lb-sanity-ubuntu-22
runs-on: ubuntu-22.04
+ if: github.repository == 'loxilb-io/loxilb'
+ && github.event.inputs.tagName == ''
steps:
- uses: actions/checkout@v2
with:
@@ -28,25 +32,7 @@ jobs:
with:
go-version: '>=1.18.0'
- run: sudo apt-get update
- - run: sudo apt-get -y install clang-13 llvm libelf-dev gcc-multilib libpcap-dev linux-tools-$(uname -r) elfutils dwarves git libbsd-dev bridge-utils unzip build-essential bison flex iperf iproute2 nodejs socat ethtool lksctp-tools
- - run: |
- git clone --recurse-submodules https://github.com/loxilb-io/iproute2 iproute2-main
- cd iproute2-main/libbpf/src/
- sudo make install
- mkdir build
- DESTDIR=build OBJDIR=build make install
- cd -
- cd iproute2-main/
- export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:`pwd`/libbpf/src/ && LIBBPF_FORCE=on LIBBPF_DIR=`pwd`/libbpf/src/build ./configure && make && sudo cp -f tc/tc /usr/local/sbin/ntc && cd -
- - run: loxilb-ebpf/utils/mkllb_bpffs.sh
- - run: sudo -E env "PATH=$PATH" make
- - run: sudo -E env "PATH=$PATH" make test
- - run: docker pull ghcr.io/loxilb-io/loxilb:latest
- - run: docker run -u root --cap-add SYS_ADMIN --restart unless-stopped --privileged -dit -v /dev/log:/dev/log --name loxilb ghcr.io/loxilb-io/loxilb:latest
- - run: pwd && ls && sudo -E env "PATH=$PATH" make docker-cp
- - run: docker exec -dit loxilb mkllb_bpffs
- - run: id=`docker ps -f name=loxilb | cut -d " " -f 1 | grep -iv "CONTAINER"` && docker commit $id ghcr.io/loxilb-io/loxilb:latest
- - run: docker stop loxilb && docker rm loxilb
+ - run: sudo apt-get -y install linux-tools-$(uname -r) bridge-utils iperf iproute2 nodejs socat ethtool lksctp-tools
- run: |
cd cicd/k8slbsim/
./config.sh
@@ -101,3 +87,9 @@ jobs:
./validation.sh
./rmconfig.sh
cd -
+ - run: |
+ cd cicd/tcplbmaxep/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
diff --git a/.github/workflows/advanced-lb-sanity-ubuntu-24.yml b/.github/workflows/advanced-lb-sanity-ubuntu-24.yml
new file mode 100644
index 00000000..254ce6a8
--- /dev/null
+++ b/.github/workflows/advanced-lb-sanity-ubuntu-24.yml
@@ -0,0 +1,95 @@
+name: Adv-LB-Sanity-CI-Ubuntu-24
+
+on:
+ schedule:
+ # Runs "At 11:00 UTC every day-of-week"
+ - cron: '0 11 * * *'
+ workflow_dispatch:
+ inputs:
+ logLevel:
+ description: 'Log level'
+ required: true
+ default: 'warning'
+ tags:
+ description: 'Advanced LB Sanity ubuntu 24'
+ workflow_run:
+ workflows: ["Docker-Multi-Arch"]
+ types:
+ - completed
+
+jobs:
+ build:
+ name: advanced-lb-sanity-ubuntu-24
+ runs-on: ubuntu-24.04
+ if: github.repository == 'loxilb-io/loxilb'
+ && github.event.inputs.tagName == ''
+ steps:
+ - uses: actions/checkout@v4
+ with:
+ submodules: recursive
+ - uses: actions/setup-python@v2
+ - uses: actions/setup-go@v3
+ with:
+ go-version: '>=1.18.0'
+ - run: sudo apt-get update
+ - run: sudo apt-get -y install linux-tools-$(uname -r) bridge-utils iperf iproute2 nodejs socat ethtool lksctp-tools
+ - run: |
+ cd cicd/k8slbsim/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: |
+ cd cicd/onearml2/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: |
+ cd cicd/ulcltcplb/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: |
+ cd cicd/ulclsctplb/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: |
+ cd cicd/tcptunlb/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: |
+ cd cicd/sctptunlb/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: |
+ cd cicd/wrrtcplb1/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: |
+ cd cicd/wrrtcplb2/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: |
+ cd cicd/nat64tcp/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: |
+ cd cicd/tcplbmaxep/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
diff --git a/.github/workflows/advanced-lb-sanity.yml b/.github/workflows/advanced-lb-sanity.yml
index 23549a66..0b3e82ab 100644
--- a/.github/workflows/advanced-lb-sanity.yml
+++ b/.github/workflows/advanced-lb-sanity.yml
@@ -29,15 +29,6 @@ jobs:
go-version: '>=1.18.0'
- run: sudo apt-get update
- run: sudo apt-get -y install clang-10 llvm libelf-dev gcc-multilib libpcap-dev linux-tools-$(uname -r) elfutils dwarves git libbsd-dev bridge-utils unzip build-essential bison flex iperf iproute2 nodejs socat ethtool
- - run: |
- git clone --recurse-submodules https://github.com/loxilb-io/iproute2 iproute2-main
- cd iproute2-main/libbpf/src/
- sudo make install
- mkdir build
- DESTDIR=build OBJDIR=build make install
- cd -
- cd iproute2-main/
- export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:`pwd`/libbpf/src/ && LIBBPF_FORCE=on LIBBPF_DIR=`pwd`/libbpf/src/build ./configure && make && sudo cp -f tc/tc /usr/local/sbin/ntc && cd -
- run: loxilb-ebpf/utils/mkllb_bpffs.sh
- run: sudo -E env "PATH=$PATH" make
- run: sudo -E env "PATH=$PATH" make test
@@ -101,15 +92,27 @@ jobs:
./validation.sh
./rmconfig.sh
cd -
+ - run: |
+ cd cicd/tcplbmaxep/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
- run: |
cd cicd/ipmasquerade/
./config.sh
./validation.sh
./rmconfig.sh
cd -
- #- run: |
- # cd cicd/httpsproxy/
- # ./config.sh
- # ./validation.sh
- # ./rmconfig.sh
- # cd -
+ - run: |
+ cd cicd/httpsproxy/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: |
+ cd cicd/e2ehttpsproxy/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
diff --git a/.github/workflows/basic-sanity-ubuntu-22.yml b/.github/workflows/basic-sanity-ubuntu-22.yml
index 34ceed77..9f4ad7c2 100644
--- a/.github/workflows/basic-sanity-ubuntu-22.yml
+++ b/.github/workflows/basic-sanity-ubuntu-22.yml
@@ -39,15 +39,6 @@ jobs:
- run: |
sudo ip netns add test
sudo ip netns del test
- - run: |
- git clone --recurse-submodules https://github.com/loxilb-io/iproute2 iproute2-main
- cd iproute2-main/libbpf/src/
- sudo make install
- mkdir build
- DESTDIR=build OBJDIR=build make install
- cd -
- cd iproute2-main/
- export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:`pwd`/libbpf/src/ && LIBBPF_FORCE=on LIBBPF_DIR=`pwd`/libbpf/src/build ./configure && make && sudo cp -f tc/tc /usr/local/sbin/ntc && cd -
- run: loxilb-ebpf/utils/mkllb_bpffs.sh
- run: sudo -E env "PATH=$PATH" make
- run: sudo -E env "PATH=$PATH" make test
diff --git a/.github/workflows/basic-sanity-ubuntu-24.yml b/.github/workflows/basic-sanity-ubuntu-24.yml
new file mode 100644
index 00000000..529ebec2
--- /dev/null
+++ b/.github/workflows/basic-sanity-ubuntu-24.yml
@@ -0,0 +1,51 @@
+name: Sanity-CI-Ubuntu-24
+on:
+ schedule:
+ # Runs "At 11:00 UTC every day-of-week"
+ - cron: '0 11 * * *'
+ pull_request:
+ branches: [ "main" ]
+ workflow_dispatch:
+ inputs:
+ testName:
+ description: 'Test Run-Name'
+ required: true
+ default: 'Sanity-BuildCI-u24'
+ workflow_run:
+ workflows: ["Docker-Multi-Arch"]
+ types:
+ - completed
+jobs:
+ build:
+ name: basic-sanity-ubuntu-24
+ runs-on: ubuntu-24.04
+ if: github.repository == 'loxilb-io/loxilb'
+ && github.event.inputs.tagName == ''
+ steps:
+ - uses: actions/checkout@v4
+ with:
+ submodules: recursive
+
+ - name: Login to GitHub Container Registry
+ uses: docker/login-action@v1
+ with:
+ registry: ghcr.io
+ username: ${{ github.actor }}
+ password: ${{ secrets.GITHUB_TOKEN }}
+
+ - uses: actions/setup-python@v2
+ - uses: actions/setup-go@v3
+ with:
+ go-version: '>=1.18.0'
+ - run: |
+ cd cicd/sconnect/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: |
+ cd cicd/tcplb/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
diff --git a/.github/workflows/basic-sanity.yml b/.github/workflows/basic-sanity.yml
index f4afa8ab..5a9df820 100644
--- a/.github/workflows/basic-sanity.yml
+++ b/.github/workflows/basic-sanity.yml
@@ -21,15 +21,6 @@ jobs:
go-version: '>=1.18.0'
- run: sudo apt-get update
- run: sudo apt-get -y install clang-10 llvm libelf-dev gcc-multilib libpcap-dev elfutils dwarves git linux-tools-$(uname -r) libbsd-dev bridge-utils unzip build-essential bison flex iproute2
- - run: |
- git clone --recurse-submodules https://github.com/loxilb-io/iproute2 iproute2-main
- cd iproute2-main/libbpf/src/
- sudo make install
- mkdir build
- DESTDIR=build OBJDIR=build make install
- cd -
- cd iproute2-main/
- export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:`pwd`/libbpf/src/ && LIBBPF_FORCE=on LIBBPF_DIR=`pwd`/libbpf/src/build ./configure && make && sudo cp -f tc/tc /usr/local/sbin/ntc && cd -
- run: loxilb-ebpf/utils/mkllb_bpffs.sh
- run: sudo -E env "PATH=$PATH" make
- run: sudo -E env "PATH=$PATH" make test
diff --git a/.github/workflows/cluster-sanity-ubuntu-22.yml b/.github/workflows/cluster-sanity-ubuntu-22.yml
index 95eca4ad..b3e1c92f 100644
--- a/.github/workflows/cluster-sanity-ubuntu-22.yml
+++ b/.github/workflows/cluster-sanity-ubuntu-22.yml
@@ -1,6 +1,9 @@
name: Cluster-Sanity-CI-Ubuntu-22
on:
+ # schedule:
+ # Runs "At 18:00 UTC every day-of-week"
+ #- cron: '0 18 * * *'
workflow_dispatch:
inputs:
userInput:
@@ -9,11 +12,17 @@ on:
default: 'Finished'
tags:
description: 'Cluster Sanity Ubuntu 22'
+ #workflow_run:
+ # workflows: ["Docker-Multi-Arch"]
+ # types:
+ # - completed
jobs:
build:
name: cluster-sanity-ubuntu-22
runs-on: ubuntu-22.04
+ if: github.repository == 'loxilb-io/loxilb'
+ && github.event.inputs.tagName == ''
steps:
- uses: actions/checkout@v2
with:
@@ -23,24 +32,7 @@ jobs:
with:
go-version: '>=1.18.0'
- run: sudo apt-get update
- - run: sudo apt-get -y install clang-13 llvm libelf-dev gcc-multilib libpcap-dev linux-tools-$(uname -r) elfutils dwarves git libbsd-dev bridge-utils unzip build-essential bison flex iperf iproute2 nodejs socat lksctp-tools
- - run: |
- git clone --recurse-submodules https://github.com/loxilb-io/iproute2 iproute2-main
- cd iproute2-main/libbpf/src/
- sudo make install
- mkdir build
- DESTDIR=build OBJDIR=build make install
- cd -
- cd iproute2-main/
- export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:`pwd`/libbpf/src/ && LIBBPF_FORCE=on LIBBPF_DIR=`pwd`/libbpf/src/build ./configure && make && sudo cp -f tc/tc /usr/local/sbin/ntc && cd -
- - run: loxilb-ebpf/utils/mkllb_bpffs.sh
- - run: sudo -E env "PATH=$PATH" make
- - run: sudo -E env "PATH=$PATH" make test
- - run: docker pull ghcr.io/loxilb-io/loxilb:latest
- - run: docker run -u root --cap-add SYS_ADMIN --restart unless-stopped --privileged -dit -v /dev/log:/dev/log --name loxilb ghcr.io/loxilb-io/loxilb:latest
- - run: pwd && ls && sudo -E env "PATH=$PATH" make docker-cp
- - run: id=`docker ps -f name=loxilb | cut -d " " -f 1 | grep -iv "CONTAINER"` && docker commit $id ghcr.io/loxilb-io/loxilb:latest
- - run: docker stop loxilb && docker rm loxilb
+ - run: sudo apt-get -y install lksctp-tools
- run: |
cd cicd/cluster1/
./config.sh
diff --git a/.github/workflows/cluster-sanity-ubuntu-24.yml b/.github/workflows/cluster-sanity-ubuntu-24.yml
new file mode 100644
index 00000000..526024db
--- /dev/null
+++ b/.github/workflows/cluster-sanity-ubuntu-24.yml
@@ -0,0 +1,52 @@
+name: Cluster-Sanity-CI-Ubuntu-24
+
+on:
+ #schedule:
+ # Runs "At 11:00 UTC every day-of-week"
+ #- cron: '0 11 * * *'
+ workflow_dispatch:
+ inputs:
+ userInput:
+ description: 'Enter string to print at end'
+ required: true
+ default: 'Finished'
+ tags:
+ description: 'Cluster Sanity Ubuntu 24'
+ #workflow_run:
+ # workflows: ["Docker-Multi-Arch"]
+ # types:
+ # - completed
+
+jobs:
+ build:
+ name: cluster-sanity-ubuntu-24
+ runs-on: ubuntu-22.04
+ if: github.repository == 'loxilb-io/loxilb'
+ && github.event.inputs.tagName == ''
+ steps:
+ - uses: actions/checkout@v4
+ with:
+ submodules: recursive
+ - uses: actions/setup-python@v2
+ - uses: actions/setup-go@v3
+ with:
+ go-version: '>=1.18.0'
+ - run: sudo apt-get update
+ - run: sudo apt-get -y install linux-tools-$(uname -r) bridge-utils unzip iperf iproute2 nodejs socat lksctp-tools
+ - run: |
+ cd cicd/cluster1/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ cd cicd/cluster2/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ cd cicd/cluster3/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: echo ${{ github.event.inputs.userInput }}
diff --git a/.github/workflows/cluster-sanity.yml b/.github/workflows/cluster-sanity.yml
index 89d15b88..a23ae569 100644
--- a/.github/workflows/cluster-sanity.yml
+++ b/.github/workflows/cluster-sanity.yml
@@ -24,15 +24,6 @@ jobs:
go-version: '>=1.18.0'
- run: sudo apt-get update
- run: sudo apt-get -y install clang-10 llvm libelf-dev gcc-multilib libpcap-dev linux-tools-$(uname -r) elfutils dwarves git libbsd-dev bridge-utils unzip build-essential bison flex iperf iproute2 nodejs socat
- - run: |
- git clone --recurse-submodules https://github.com/loxilb-io/iproute2 iproute2-main
- cd iproute2-main/libbpf/src/
- sudo make install
- mkdir build
- DESTDIR=build OBJDIR=build make install
- cd -
- cd iproute2-main/
- export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:`pwd`/libbpf/src/ && LIBBPF_FORCE=on LIBBPF_DIR=`pwd`/libbpf/src/build ./configure && make && sudo cp -f tc/tc /usr/local/sbin/ntc && cd -
- run: loxilb-ebpf/utils/mkllb_bpffs.sh
- run: sudo -E env "PATH=$PATH" make
- run: sudo -E env "PATH=$PATH" make test
diff --git a/.github/workflows/data-store-CI.yml b/.github/workflows/data-store-CI.yml
index 9f562437..5d34407f 100644
--- a/.github/workflows/data-store-CI.yml
+++ b/.github/workflows/data-store-CI.yml
@@ -23,13 +23,14 @@ on:
options:
- ubuntu-20.04
- ubuntu-22.04
+ - ubuntu-24.04
jobs:
build:
name: data-store
runs-on: ${{ github.event.inputs.runsOn }}
steps:
- - uses: actions/checkout@v2
+ - uses: actions/checkout@v4
with:
submodules: recursive
- uses: actions/setup-python@v2
@@ -37,24 +38,7 @@ jobs:
with:
go-version: '>=1.18.0'
- run: sudo apt-get update
- - run: if [[ ${{ github.event.inputs.runsOn }} == 'ubuntu-22.04' ]]; then sudo apt-get -y install clang-13 lksctp-tools; else sudo apt-get -y install clang-10; fi
- - run: sudo apt-get -y install llvm libelf-dev gcc-multilib libpcap-dev linux-tools-$(uname -r) elfutils dwarves git libbsd-dev bridge-utils unzip build-essential bison flex iperf iproute2 nodejs socat
- - run: |
- git clone --recurse-submodules https://github.com/loxilb-io/iproute2 iproute2-main
- cd iproute2-main/libbpf/src/
- sudo make install
- mkdir build
- DESTDIR=build OBJDIR=build make install
- cd -
- cd iproute2-main/
- export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:`pwd`/libbpf/src/ && LIBBPF_FORCE=on LIBBPF_DIR=`pwd`/libbpf/src/build ./configure && make && sudo cp -f tc/tc /usr/local/sbin/ntc && cd -
- - run: loxilb-ebpf/utils/mkllb_bpffs.sh
- - run: sudo -E env "PATH=$PATH" make
- - run: docker pull ghcr.io/loxilb-io/loxilb:latest
- - run: docker run -u root --cap-add SYS_ADMIN --restart unless-stopped --privileged -dit -v /dev/log:/dev/log --name loxilb ghcr.io/loxilb-io/loxilb:latest
- - run: pwd && ls && sudo -E env "PATH=$PATH" make docker-cp
- - run: id=`docker ps -f name=loxilb | cut -d " " -f 1 | grep -iv "CONTAINER"` && docker commit $id ghcr.io/loxilb-io/loxilb:latest
- - run: docker stop loxilb && docker rm loxilb
+ - run: sudo apt-get -y install lksctp-tools linux-tools-$(uname -r) bridge-utils iperf iproute2 nodejs socat
- run: |
cd cicd/data-store/
./test.sh ${{ github.event.inputs.testName }}
diff --git a/.github/workflows/ipsec-sanity-rh9.yml b/.github/workflows/ipsec-sanity-rh9.yml
index dae4a911..826c3640 100644
--- a/.github/workflows/ipsec-sanity-rh9.yml
+++ b/.github/workflows/ipsec-sanity-rh9.yml
@@ -41,6 +41,12 @@ jobs:
./validation.sh
./rmconfig.sh
cd -
+ - run: |
+ cd cicd/ipsec-e2e/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
- run: echo ${{ github.event.inputs.userInput }}
- name: Clean test-bed
if: success() || failure()
diff --git a/.github/workflows/ipsec-sanity-ubuntu-22.yml b/.github/workflows/ipsec-sanity-ubuntu-22.yml
index af07185c..f90e4304 100644
--- a/.github/workflows/ipsec-sanity-ubuntu-22.yml
+++ b/.github/workflows/ipsec-sanity-ubuntu-22.yml
@@ -29,15 +29,6 @@ jobs:
go-version: '>=1.18.0'
- run: sudo apt-get update
- run: sudo apt-get -y install clang-13 llvm libelf-dev gcc-multilib libpcap-dev linux-tools-$(uname -r) elfutils dwarves git libbsd-dev bridge-utils unzip build-essential bison flex iperf iproute2 nodejs socat
- - run: |
- git clone --recurse-submodules https://github.com/loxilb-io/iproute2 iproute2-main
- cd iproute2-main/libbpf/src/
- sudo make install
- mkdir build
- DESTDIR=build OBJDIR=build make install
- cd -
- cd iproute2-main/
- export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:`pwd`/libbpf/src/ && LIBBPF_FORCE=on LIBBPF_DIR=`pwd`/libbpf/src/build ./configure && make && sudo cp -f tc/tc /usr/local/sbin/ntc && cd -
- run: loxilb-ebpf/utils/mkllb_bpffs.sh
- run: sudo -E env "PATH=$PATH" make
- run: sudo -E env "PATH=$PATH" make test
@@ -65,4 +56,10 @@ jobs:
./validation.sh
./rmconfig.sh
cd -
+ - run: |
+ cd cicd/ipsec-e2e/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
- run: echo ${{ github.event.inputs.userInput }}
diff --git a/.github/workflows/ipsec-sanity-ubuntu-24.yml b/.github/workflows/ipsec-sanity-ubuntu-24.yml
new file mode 100644
index 00000000..bbeb2282
--- /dev/null
+++ b/.github/workflows/ipsec-sanity-ubuntu-24.yml
@@ -0,0 +1,57 @@
+name: IPsec-Sanity-CI-Ubuntu-24
+
+on:
+ schedule:
+ # Runs "At 11:00 UTC every day-of-week"
+ - cron: '0 11 * * *'
+ workflow_dispatch:
+ inputs:
+ userInput:
+ description: 'Enter string to print at end'
+ required: true
+ default: 'Finished'
+ tags:
+ description: 'IPSec Sanity Ubuntu 24'
+ workflow_run:
+ workflows: ["Docker-Multi-Arch"]
+ types:
+ - completed
+jobs:
+ build:
+ name: ipsec-sanity-ubuntu-24
+ runs-on: ubuntu-24.04
+ if: github.repository == 'loxilb-io/loxilb'
+ && github.event.inputs.tagName == ''
+ steps:
+ - uses: actions/checkout@v4
+ with:
+ submodules: recursive
+ - uses: actions/setup-python@v2
+ - uses: actions/setup-go@v3
+ with:
+ go-version: '>=1.18.0'
+ - run: |
+ cd cicd/ipsec1/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: |
+ cd cicd/ipsec2/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: |
+ cd cicd/ipsec3/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: |
+ cd cicd/ipsec-e2e/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: echo ${{ github.event.inputs.userInput }}
diff --git a/.github/workflows/ipsec-sanity.yml b/.github/workflows/ipsec-sanity.yml
index ce467c4b..3ac2517c 100644
--- a/.github/workflows/ipsec-sanity.yml
+++ b/.github/workflows/ipsec-sanity.yml
@@ -29,15 +29,6 @@ jobs:
go-version: '>=1.18.0'
- run: sudo apt-get update
- run: sudo apt-get -y install clang-10 llvm libelf-dev gcc-multilib libpcap-dev linux-tools-$(uname -r) elfutils dwarves git libbsd-dev bridge-utils unzip build-essential bison flex iperf iproute2 nodejs socat
- - run: |
- git clone --recurse-submodules https://github.com/loxilb-io/iproute2 iproute2-main
- cd iproute2-main/libbpf/src/
- sudo make install
- mkdir build
- DESTDIR=build OBJDIR=build make install
- cd -
- cd iproute2-main/
- export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:`pwd`/libbpf/src/ && LIBBPF_FORCE=on LIBBPF_DIR=`pwd`/libbpf/src/build ./configure && make && sudo cp -f tc/tc /usr/local/sbin/ntc && cd -
- run: loxilb-ebpf/utils/mkllb_bpffs.sh
- run: sudo -E env "PATH=$PATH" make
- run: sudo -E env "PATH=$PATH" make test
@@ -65,4 +56,10 @@ jobs:
./validation.sh
./rmconfig.sh
cd -
+ - run: |
+ cd cicd/ipsec-e2e/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
- run: echo ${{ github.event.inputs.userInput }}
diff --git a/.github/workflows/k3s-calico-ubuntu-24.yml b/.github/workflows/k3s-calico-ubuntu-24.yml
new file mode 100644
index 00000000..337d3e76
--- /dev/null
+++ b/.github/workflows/k3s-calico-ubuntu-24.yml
@@ -0,0 +1,51 @@
+name: K3s-Calico-Sanity-CI-Ubuntu-24
+on:
+ #schedule:
+ # Runs "At 11:00 UTC every day-of-week"
+ #- cron: '0 11 * * *'
+ workflow_dispatch:
+ inputs:
+ testName:
+ description: 'Test Run-Name'
+ required: true
+ default: 'k3s-calico-ubuntu-24'
+ #workflow_run:
+ # workflows: ["Docker-Multi-Arch"]
+ # types:
+ # - completed
+jobs:
+ build:
+ name: k3s-calico-sanity
+ runs-on: ubuntu-24.04
+ if: github.repository == 'loxilb-io/loxilb'
+ && github.event.inputs.tagName == ''
+ steps:
+ - run: |
+ echo "KUBECONFIG=--kubeconfig=/etc/rancher/k3s/k3s.yaml" >> $GITHUB_ENV
+ - uses: actions/checkout@v2
+ with:
+ submodules: recursive
+ - run: sudo apt-get -y install lksctp-tools
+ - run: curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.22.9+k3s1 INSTALL_K3S_EXEC="server --disable traefik --disable servicelb --disable-cloud-controller --kubelet-arg cloud-provider=external --flannel-backend=none --cluster-cidr=10.42.0.0/16" K3S_KUBECONFIG_MODE="644" sh -
+ - run: |
+ sleep 10
+ kubectl "${{ env.KUBECONFIG }}" create -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/tigera-operator.yaml
+ - run: |
+ sleep 10
+ kubectl "${{ env.KUBECONFIG }}" create -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/custom-resources.yaml
+ - run: |
+ sleep 10
+ kubectl "${{ env.KUBECONFIG }}" taint nodes --all node.cloudprovider.kubernetes.io/uninitialized=false:NoSchedule-
+ sleep 60
+ kubectl "${{ env.KUBECONFIG }}" get nodes
+ kubectl "${{ env.KUBECONFIG }}" get pods -A
+ wget https://github.com/loxilb-io/loxi-ccm/raw/master/manifests/loxi-ccm-k3s.yaml
+ kubectl "${{ env.KUBECONFIG }}" apply -f ./loxi-ccm-k3s.yaml
+ sleep 60
+ kubectl "${{ env.KUBECONFIG }}" get pods -A
+ - run: |
+ cd cicd/k3s-calico/
+ ./config.sh "${{ env.KUBECONFIG }}"
+ ./validation.sh "${{ env.KUBECONFIG }}"
+ ./rmconfig.sh "${{ env.KUBECONFIG }}"
+ cd -
diff --git a/.github/workflows/k3s-loxi-ingress.yml b/.github/workflows/k3s-loxi-ingress.yml
new file mode 100644
index 00000000..570596c6
--- /dev/null
+++ b/.github/workflows/k3s-loxi-ingress.yml
@@ -0,0 +1,33 @@
+name: K3s-Loxi-Ingress-Sanity-CI
+on:
+ schedule:
+ # Runs "At 6:00 UTC every day-of-week"
+ - cron: '0 6 * * *'
+ workflow_dispatch:
+ inputs:
+ testName:
+ description: 'Test Run-Name'
+ required: true
+ default: 'k3s-loxi-ingress'
+jobs:
+ build:
+ name: k3s-loxi-ingress-sanity
+ runs-on: [self-hosted, large]
+ if: github.repository == 'loxilb-io/loxilb'
+ steps:
+ - uses: actions/checkout@v2
+ with:
+ submodules: recursive
+ - name: Run K3s LoxiIngress CICD
+ run: |
+ cd cicd/k3s-flannel-loxilb-ingress
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - name: Clean test-bed
+ if: success() || failure()
+ run: |
+ cd cicd/k3s-flannel-loxilb-ingress/ || true
+ ./rmconfig.sh
+ cd -
diff --git a/.github/workflows/k3s-sctpmh-ubuntu-24.yml b/.github/workflows/k3s-sctpmh-ubuntu-24.yml
new file mode 100644
index 00000000..f09818d7
--- /dev/null
+++ b/.github/workflows/k3s-sctpmh-ubuntu-24.yml
@@ -0,0 +1,58 @@
+name: K3s-SCTPMH-Sanity-CI-Ubuntu-24
+on:
+ schedule:
+ # Runs "At 11:00 UTC every day-of-week"
+ - cron: '0 11 * * *'
+ workflow_dispatch:
+ inputs:
+ testName:
+ description: 'Test Run-Name'
+ required: true
+ default: 'k3s-sctpmh-ubuntu-24'
+ workflow_run:
+ workflows: ["Docker-Multi-Arch"]
+ types:
+ - completed
+jobs:
+ build:
+ name: k3s-sctpmh-sanity-ubuntu-24
+ runs-on: ubuntu-24.04
+ if: github.repository == 'loxilb-io/loxilb'
+ && github.event.inputs.tagName == ''
+ steps:
+ - run: |
+ for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do sudo apt-get remove $pkg; done
+ sudo apt-get update
+ sudo apt-get install ca-certificates curl gnupg
+ sudo install -m 0755 -d /etc/apt/keyrings
+ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+ sudo chmod a+r /etc/apt/keyrings/docker.gpg
+ echo \
+ "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
+ "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
+ sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+ sudo apt-get update
+ sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+ - run: sudo apt-get -y install bridge-utils iproute2 lksctp-tools iputils-ping net-tools
+ - run: |
+ echo "KUBECONFIG=--kubeconfig=/etc/rancher/k3s/k3s.yaml" >> $GITHUB_ENV
+ - uses: actions/checkout@v2
+ with:
+ submodules: recursive
+ - run: curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="server --disable traefik --disable servicelb --disable-cloud-controller --kubelet-arg cloud-provider=external" K3S_KUBECONFIG_MODE="644" sh -
+ - run: |
+ sleep 10
+ kubectl "${{ env.KUBECONFIG }}" taint nodes --all node.cloudprovider.kubernetes.io/uninitialized=false:NoSchedule-
+ sleep 60
+ kubectl "${{ env.KUBECONFIG }}" get nodes
+ kubectl "${{ env.KUBECONFIG }}" get pods -A
+ wget https://github.com/loxilb-io/loxi-ccm/raw/master/manifests/loxi-ccm-k3s.yaml
+ kubectl "${{ env.KUBECONFIG }}" apply -f ./loxi-ccm-k3s.yaml
+ sleep 60
+ kubectl "${{ env.KUBECONFIG }}" get pods -A
+ - run: |
+ cd cicd/k3s-sctpmh/
+ ./config.sh "${{ env.KUBECONFIG }}"
+ ./validation.sh "${{ env.KUBECONFIG }}"
+ ./rmconfig.sh "${{ env.KUBECONFIG }}"
+ cd -
diff --git a/.github/workflows/k8s-calico-incluster.yml b/.github/workflows/k8s-calico-incluster.yml
new file mode 100644
index 00000000..eb92d5f7
--- /dev/null
+++ b/.github/workflows/k8s-calico-incluster.yml
@@ -0,0 +1,36 @@
+name: K8s-Calico-Incluster-Sanity-CI
+on:
+ # schedule:
+ # Runs "At 11:00 UTC every day-of-week"
+ #- cron: '0 11 * * *'
+ workflow_dispatch:
+ inputs:
+ testName:
+ description: 'Test Run-Name'
+ required: true
+ default: 'k8s-calico-incluster'
+jobs:
+ test-runner:
+ name: k8s-calico-incluster-sanity
+ runs-on: [self-hosted, large]
+ if: github.repository == 'loxilb-io/loxilb'
+ && github.event.inputs.tagName == ''
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v2
+ with:
+ submodules: recursive
+
+ - name: Run the test
+ run: |
+ cd cicd/k8s-calico-incluster
+ ./config.sh
+ ./validation.sh
+ cd -
+
+ - name: Clean test-bed
+ if: success() || failure()
+ run: |
+ cd cicd/k8s-calico-incluster || true
+ ./rmconfig.sh
+ cd -
diff --git a/.github/workflows/liveness-sanity-ubuntu-22.yml b/.github/workflows/liveness-sanity-ubuntu-22.yml
index d5983ab8..24ce44c6 100644
--- a/.github/workflows/liveness-sanity-ubuntu-22.yml
+++ b/.github/workflows/liveness-sanity-ubuntu-22.yml
@@ -1,11 +1,8 @@
name: Liveness-LB-Sanity-CI-Ubuntu-22
-
on:
- #push:
- # branches:
- # - main
- #pull_request:
- # branches: [ "main" ]
+ schedule:
+ # Runs "At 17:00 UTC every day-of-week"
+ - cron: '0 17 * * *'
workflow_dispatch:
inputs:
logLevel:
@@ -14,11 +11,16 @@ on:
default: 'warning'
tags:
description: 'Liveness LB Sanity Ubuntu 22'
+ workflow_run:
+ workflows: ["Docker-Multi-Arch"]
+ types:
+ - completed
jobs:
build:
name: liveness-lb-sanity-ubuntu-22
runs-on: ubuntu-22.04
+ if: github.repository == 'loxilb-io/loxilb'
steps:
- uses: actions/checkout@v2
with:
@@ -28,25 +30,7 @@ jobs:
with:
go-version: '>=1.18.0'
- run: sudo apt-get update
- - run: sudo apt-get -y install clang-13 llvm libelf-dev gcc-multilib libpcap-dev linux-tools-$(uname -r) elfutils dwarves git libbsd-dev bridge-utils unzip build-essential bison flex iperf iproute2 nodejs socat ethtool lksctp-tools
- - run: |
- git clone --recurse-submodules https://github.com/loxilb-io/iproute2 iproute2-main
- cd iproute2-main/libbpf/src/
- sudo make install
- mkdir build
- DESTDIR=build OBJDIR=build make install
- cd -
- cd iproute2-main/
- export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:`pwd`/libbpf/src/ && LIBBPF_FORCE=on LIBBPF_DIR=`pwd`/libbpf/src/build ./configure && make && sudo cp -f tc/tc /usr/local/sbin/ntc && cd -
- - run: loxilb-ebpf/utils/mkllb_bpffs.sh
- - run: sudo -E env "PATH=$PATH" make
- - run: sudo -E env "PATH=$PATH" make test
- - run: docker pull ghcr.io/loxilb-io/loxilb:latest
- - run: docker run -u root --cap-add SYS_ADMIN --restart unless-stopped --privileged -dit -v /dev/log:/dev/log --name loxilb ghcr.io/loxilb-io/loxilb:latest
- - run: pwd && ls && sudo -E env "PATH=$PATH" make docker-cp
- - run: docker exec -dit loxilb mkllb_bpffs
- - run: id=`docker ps -f name=loxilb | cut -d " " -f 1 | grep -iv "CONTAINER"` && docker commit $id ghcr.io/loxilb-io/loxilb:latest
- - run: docker stop loxilb && docker rm loxilb
+ - run: sudo apt-get -y install iperf iproute2 nodejs socat ethtool lksctp-tools
- run: |
cd cicd/tcplbmon/
./config.sh
diff --git a/.github/workflows/liveness-sanity-ubuntu-24.yml b/.github/workflows/liveness-sanity-ubuntu-24.yml
new file mode 100644
index 00000000..3a61c5fc
--- /dev/null
+++ b/.github/workflows/liveness-sanity-ubuntu-24.yml
@@ -0,0 +1,89 @@
+name: Liveness-LB-Sanity-CI-Ubuntu-24
+
+on:
+ schedule:
+ # Runs "At 11:00 UTC every day-of-week"
+ - cron: '0 11 * * *'
+ workflow_dispatch:
+ inputs:
+ logLevel:
+ description: 'Log level'
+ required: true
+ default: 'warning'
+ tags:
+ description: 'Liveness LB Sanity Ubuntu 24'
+ workflow_run:
+ workflows: ["Docker-Multi-Arch"]
+ types:
+ - completed
+
+jobs:
+ build:
+ name: liveness-lb-sanity-ubuntu-24
+ runs-on: ubuntu-24.04
+ if: github.repository == 'loxilb-io/loxilb'
+ && github.event.inputs.tagName == ''
+ steps:
+ - uses: actions/checkout@v4
+ with:
+ submodules: recursive
+ - uses: actions/setup-python@v2
+ - uses: actions/setup-go@v3
+ with:
+ go-version: '>=1.18.0'
+ - run: sudo apt-get update
+ - run: sudo apt-get -y install linux-tools-$(uname -r) bridge-utils iperf iproute2 nodejs socat ethtool lksctp-tools
+ - run: |
+ cd cicd/tcplbmon/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: |
+ cd cicd/udplbmon/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: |
+ cd cicd/sctplbmon/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: |
+ cd cicd/tcplbmon6/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: |
+ cd cicd/tcplbepmod/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: |
+ cd cicd/lbtimeout/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: |
+ cd cicd/lb6timeout/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: |
+ cd cicd/httpsep/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: |
+ cd cicd/http2ep/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
diff --git a/.github/workflows/liveness-sanity.yml b/.github/workflows/liveness-sanity.yml
index ddeadc1d..f1ebcc78 100644
--- a/.github/workflows/liveness-sanity.yml
+++ b/.github/workflows/liveness-sanity.yml
@@ -29,15 +29,6 @@ jobs:
go-version: '>=1.18.0'
- run: sudo apt-get update
- run: sudo apt-get -y install clang-10 llvm libelf-dev gcc-multilib libpcap-dev linux-tools-$(uname -r) elfutils dwarves git libbsd-dev bridge-utils unzip build-essential bison flex iperf iproute2 nodejs socat ethtool
- - run: |
- git clone --recurse-submodules https://github.com/loxilb-io/iproute2 iproute2-main
- cd iproute2-main/libbpf/src/
- sudo make install
- mkdir build
- DESTDIR=build OBJDIR=build make install
- cd -
- cd iproute2-main/
- export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:`pwd`/libbpf/src/ && LIBBPF_FORCE=on LIBBPF_DIR=`pwd`/libbpf/src/build ./configure && make && sudo cp -f tc/tc /usr/local/sbin/ntc && cd -
- run: loxilb-ebpf/utils/mkllb_bpffs.sh
- run: sudo -E env "PATH=$PATH" make
- run: sudo -E env "PATH=$PATH" make test
diff --git a/.github/workflows/nat66-sanity-ubuntu-22.yml b/.github/workflows/nat66-sanity-ubuntu-22.yml
index 3abcd4c9..073a8b52 100644
--- a/.github/workflows/nat66-sanity-ubuntu-22.yml
+++ b/.github/workflows/nat66-sanity-ubuntu-22.yml
@@ -29,15 +29,6 @@ jobs:
go-version: '>=1.18.0'
- run: sudo apt-get update
- run: sudo apt-get -y install clang-13 llvm libelf-dev gcc-multilib libpcap-dev linux-tools-$(uname -r) elfutils dwarves git libbsd-dev bridge-utils unzip build-essential bison flex iperf iproute2 nodejs socat ethtool
- - run: |
- git clone --recurse-submodules https://github.com/loxilb-io/iproute2 iproute2-main
- cd iproute2-main/libbpf/src/
- sudo make install
- mkdir build
- DESTDIR=build OBJDIR=build make install
- cd -
- cd iproute2-main/
- export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:`pwd`/libbpf/src/ && LIBBPF_FORCE=on LIBBPF_DIR=`pwd`/libbpf/src/build ./configure && make && sudo cp -f tc/tc /usr/local/sbin/ntc && cd -
- run: loxilb-ebpf/utils/mkllb_bpffs.sh
- run: sudo -E env "PATH=$PATH" make
- run: sudo -E env "PATH=$PATH" make test
diff --git a/.github/workflows/nat66-sanity-ubuntu-24.yml b/.github/workflows/nat66-sanity-ubuntu-24.yml
new file mode 100644
index 00000000..9b52b87e
--- /dev/null
+++ b/.github/workflows/nat66-sanity-ubuntu-24.yml
@@ -0,0 +1,53 @@
+name: NAT66-LB-Sanity-CI-Ubuntu-24
+
+on:
+ schedule:
+ # Runs "At 11:00 UTC every day-of-week"
+ - cron: '0 11 * * *'
+ workflow_dispatch:
+ inputs:
+ logLevel:
+ description: 'Log level'
+ required: true
+ default: 'warning'
+ tags:
+ description: 'NAT66 LB Sanity Ubuntu 24'
+ workflow_run:
+ workflows: ["Docker-Multi-Arch"]
+ types:
+ - completed
+
+jobs:
+ build:
+ name: nat66-lb-sanity-ubuntu-24
+ runs-on: ubuntu-24.04
+ if: github.repository == 'loxilb-io/loxilb'
+ && github.event.inputs.tagName == ''
+ steps:
+ - uses: actions/checkout@v4
+ with:
+ submodules: recursive
+ - uses: actions/setup-python@v2
+ - uses: actions/setup-go@v3
+ with:
+ go-version: '>=1.18.0'
+ - run: sudo apt-get update
+ - run: sudo apt-get -y install linux-tools-$(uname -r) bridge-utils iperf iproute2 nodejs socat ethtool
+ - run: |
+ cd cicd/nat66tcp/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: |
+ cd cicd/nat66udp/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: |
+ cd cicd/nat66sctp/
+ #./config.sh
+ #./validation.sh
+ #./rmconfig.sh
+ cd -
diff --git a/.github/workflows/nat66-sanity.yml b/.github/workflows/nat66-sanity.yml
index 4938899c..8a4351b2 100644
--- a/.github/workflows/nat66-sanity.yml
+++ b/.github/workflows/nat66-sanity.yml
@@ -29,15 +29,6 @@ jobs:
go-version: '>=1.18.0'
- run: sudo apt-get update
- run: sudo apt-get -y install clang-10 llvm libelf-dev gcc-multilib libpcap-dev linux-tools-$(uname -r) elfutils dwarves git libbsd-dev bridge-utils unzip build-essential bison flex iperf iproute2 nodejs socat ethtool
- - run: |
- git clone --recurse-submodules https://github.com/loxilb-io/iproute2 iproute2-main
- cd iproute2-main/libbpf/src/
- sudo make install
- mkdir build
- DESTDIR=build OBJDIR=build make install
- cd -
- cd iproute2-main/
- export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:`pwd`/libbpf/src/ && LIBBPF_FORCE=on LIBBPF_DIR=`pwd`/libbpf/src/build ./configure && make && sudo cp -f tc/tc /usr/local/sbin/ntc && cd -
- run: loxilb-ebpf/utils/mkllb_bpffs.sh
- run: sudo -E env "PATH=$PATH" make
- run: sudo -E env "PATH=$PATH" make test
diff --git a/.github/workflows/perf.yml b/.github/workflows/perf.yml
index 9c3c55cf..4988105f 100644
--- a/.github/workflows/perf.yml
+++ b/.github/workflows/perf.yml
@@ -23,7 +23,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
- os: [ubuntu-20.04, ubuntu-22.04]
+ os: [ubuntu-20.04, ubuntu-22.04, ubuntu-24.04]
steps:
- uses: actions/checkout@v2
with:
@@ -33,24 +33,7 @@ jobs:
with:
go-version: '>=1.18.0'
- run: sudo apt-get update
- - run: if [[ ${{ matrix.os }} == 'ubuntu-22.04' ]]; then sudo apt-get -y install clang-13 lksctp-tools; else sudo apt-get -y install clang-10; fi
- - run: sudo apt-get -y install llvm libelf-dev gcc-multilib libpcap-dev linux-tools-$(uname -r) elfutils dwarves git libbsd-dev bridge-utils unzip build-essential bison flex iperf iproute2 nodejs socat iperf3
- - run: |
- git clone --recurse-submodules https://github.com/loxilb-io/iproute2 iproute2-main
- cd iproute2-main/libbpf/src/
- sudo make install
- mkdir build
- DESTDIR=build OBJDIR=build make install
- cd -
- cd iproute2-main/
- export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:`pwd`/libbpf/src/ && LIBBPF_FORCE=on LIBBPF_DIR=`pwd`/libbpf/src/build ./configure && make && sudo cp -f tc/tc /usr/local/sbin/ntc && cd -
- - run: loxilb-ebpf/utils/mkllb_bpffs.sh
- - run: sudo -E env "PATH=$PATH" make
- - run: docker pull ghcr.io/loxilb-io/loxilb:latest
- - run: docker run -u root --cap-add SYS_ADMIN --restart unless-stopped --privileged -dit -v /dev/log:/dev/log --name loxilb ghcr.io/loxilb-io/loxilb:latest
- - run: pwd && ls && sudo -E env "PATH=$PATH" make docker-cp-ebpf
- - run: id=`docker ps -f name=loxilb | cut -d " " -f 1 | grep -iv "CONTAINER"` && docker commit $id ghcr.io/loxilb-io/loxilb:latest
- - run: docker stop loxilb && docker rm loxilb
+ - run: sudo apt-get -y install lksctp-tools linux-tools-$(uname -r) bridge-utils iperf iproute2 nodejs socat iperf3
- run: |
cd cicd/tcpsctpperf
./config.sh
diff --git a/.github/workflows/scale-sanity-ubuntu-22.yml b/.github/workflows/scale-sanity-ubuntu-22.yml
index 50eb2c07..085e5a31 100644
--- a/.github/workflows/scale-sanity-ubuntu-22.yml
+++ b/.github/workflows/scale-sanity-ubuntu-22.yml
@@ -29,15 +29,6 @@ jobs:
go-version: '>=1.18.0'
- run: sudo apt-get update
- run: sudo apt-get -y install clang-13 llvm libelf-dev gcc-multilib libpcap-dev linux-tools-$(uname -r) elfutils dwarves git libbsd-dev bridge-utils unzip build-essential bison flex iperf iproute2 nodejs socat lksctp-tools
- - run: |
- git clone --recurse-submodules https://github.com/loxilb-io/iproute2 iproute2-main
- cd iproute2-main/libbpf/src/
- sudo make install
- mkdir build
- DESTDIR=build OBJDIR=build make install
- cd -
- cd iproute2-main/
- export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:`pwd`/libbpf/src/ && LIBBPF_FORCE=on LIBBPF_DIR=`pwd`/libbpf/src/build ./configure && make && sudo cp -f tc/tc /usr/local/sbin/ntc && cd -
- run: loxilb-ebpf/utils/mkllb_bpffs.sh
- run: sudo -E env "PATH=$PATH" make
- run: sudo -E env "PATH=$PATH" make test
diff --git a/.github/workflows/scale-sanity-ubuntu-24.yml b/.github/workflows/scale-sanity-ubuntu-24.yml
new file mode 100644
index 00000000..fff77c7a
--- /dev/null
+++ b/.github/workflows/scale-sanity-ubuntu-24.yml
@@ -0,0 +1,41 @@
+name: Scale-Sanity-CI-Ubuntu-24
+
+on:
+ schedule:
+ # Runs "At 11:00 UTC every day-of-week"
+ - cron: '0 11 * * *'
+ workflow_dispatch:
+ inputs:
+ userInput:
+ description: 'Enter string to print at end'
+ required: true
+ default: 'Finished'
+ tags:
+ description: 'Scale Sanity Ubuntu 24'
+ workflow_run:
+ workflows: ["Docker-Multi-Arch"]
+ types:
+ - completed
+
+jobs:
+ build:
+ name: scale-sanity-ubuntu-24
+ runs-on: ubuntu-24.04
+ if: github.repository == 'loxilb-io/loxilb'
+ && github.event.inputs.tagName == ''
+ steps:
+ - uses: actions/checkout@v4
+ with:
+ submodules: recursive
+ - uses: actions/setup-python@v2
+ - uses: actions/setup-go@v3
+ with:
+ go-version: '>=1.18.0'
+ - run: sudo apt-get update
+ - run: sudo apt-get -y install linux-tools-$(uname -r) bridge-utils iperf iproute2 nodejs socat lksctp-tools
+ - run: |
+ cd cicd/tcpepscale/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
diff --git a/.github/workflows/scale-sanity.yml b/.github/workflows/scale-sanity.yml
index ca4d8807..35fd189d 100644
--- a/.github/workflows/scale-sanity.yml
+++ b/.github/workflows/scale-sanity.yml
@@ -29,15 +29,6 @@ jobs:
go-version: '>=1.18.0'
- run: sudo apt-get update
- run: sudo apt-get -y install clang-10 llvm libelf-dev gcc-multilib libpcap-dev linux-tools-$(uname -r) elfutils dwarves git libbsd-dev bridge-utils unzip build-essential bison flex iperf iproute2 nodejs socat
- - run: |
- git clone --recurse-submodules https://github.com/loxilb-io/iproute2 iproute2-main
- cd iproute2-main/libbpf/src/
- sudo make install
- mkdir build
- DESTDIR=build OBJDIR=build make install
- cd -
- cd iproute2-main/
- export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:`pwd`/libbpf/src/ && LIBBPF_FORCE=on LIBBPF_DIR=`pwd`/libbpf/src/build ./configure && make && sudo cp -f tc/tc /usr/local/sbin/ntc && cd -
- run: loxilb-ebpf/utils/mkllb_bpffs.sh
- run: sudo -E env "PATH=$PATH" make
- run: sudo -E env "PATH=$PATH" make test
diff --git a/.github/workflows/sctp-sanity-ubuntu-22.yml b/.github/workflows/sctp-sanity-ubuntu-22.yml
index 32cb151f..a5b75331 100644
--- a/.github/workflows/sctp-sanity-ubuntu-22.yml
+++ b/.github/workflows/sctp-sanity-ubuntu-22.yml
@@ -1,11 +1,11 @@
name: SCTP-LB-Sanity-CI-Ubuntu-22
on:
- #push:
- # branches:
- # - main
- #pull_request:
- # branches: [ "main" ]
+ push:
+ branches:
+ - main
+ pull_request:
+ branches: [ "main" ]
workflow_dispatch:
inputs:
logLevel:
@@ -29,15 +29,6 @@ jobs:
go-version: '>=1.18.0'
- run: sudo apt-get update
- run: sudo apt-get -y install clang-13 llvm libelf-dev gcc-multilib libpcap-dev linux-tools-$(uname -r) elfutils dwarves git libbsd-dev bridge-utils unzip build-essential bison flex iperf iproute2 nodejs socat ethtool lksctp-tools
- - run: |
- git clone --recurse-submodules https://github.com/loxilb-io/iproute2 iproute2-main
- cd iproute2-main/libbpf/src/
- sudo make install
- mkdir build
- DESTDIR=build OBJDIR=build make install
- cd -
- cd iproute2-main/
- export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:`pwd`/libbpf/src/ && LIBBPF_FORCE=on LIBBPF_DIR=`pwd`/libbpf/src/build ./configure && make && sudo cp -f tc/tc /usr/local/sbin/ntc && cd -
- run: loxilb-ebpf/utils/mkllb_bpffs.sh
- run: sudo -E env "PATH=$PATH" make
- run: sudo -E env "PATH=$PATH" make test
diff --git a/.github/workflows/sctp-sanity-ubuntu-24.yml b/.github/workflows/sctp-sanity-ubuntu-24.yml
new file mode 100644
index 00000000..82b74b01
--- /dev/null
+++ b/.github/workflows/sctp-sanity-ubuntu-24.yml
@@ -0,0 +1,59 @@
+name: SCTP-LB-Sanity-CI-Ubuntu-24
+
+on:
+ schedule:
+ # Runs "At 11:00 UTC every day-of-week"
+ - cron: '0 11 * * *'
+ workflow_dispatch:
+ inputs:
+ logLevel:
+ description: 'Log level'
+ required: true
+ default: 'warning'
+ tags:
+ description: 'SCTP LB Sanity Ubuntu 24'
+ workflow_run:
+ workflows: ["Docker-Multi-Arch"]
+ types:
+ - completed
+
+jobs:
+ build:
+ name: sctp-lb-sanity-ubuntu-24
+ runs-on: ubuntu-24.04
+ if: github.repository == 'loxilb-io/loxilb'
+ && github.event.inputs.tagName == ''
+ steps:
+ - uses: actions/checkout@v4
+ with:
+ submodules: recursive
+ - uses: actions/setup-python@v2
+ - uses: actions/setup-go@v3
+ with:
+ go-version: '>=1.18.0'
+ - run: sudo apt-get update
+ - run: sudo apt-get -y install linux-tools-$(uname -r) iperf iproute2 nodejs socat ethtool lksctp-tools
+ - run: |
+ cd cicd/sctplb/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: |
+ cd cicd/sctponearm/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: |
+ cd cicd/sctplbdsr/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: |
+ cd cicd/sctplblc/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
diff --git a/.github/workflows/sctp-sanity.yml b/.github/workflows/sctp-sanity.yml
index 7abdc368..637b0feb 100644
--- a/.github/workflows/sctp-sanity.yml
+++ b/.github/workflows/sctp-sanity.yml
@@ -29,15 +29,6 @@ jobs:
go-version: '>=1.18.0'
- run: sudo apt-get update
- run: sudo apt-get -y install clang-10 llvm libelf-dev gcc-multilib libpcap-dev linux-tools-$(uname -r) elfutils dwarves git libbsd-dev bridge-utils unzip build-essential bison flex iperf iproute2 nodejs socat ethtool
- - run: |
- git clone --recurse-submodules https://github.com/loxilb-io/iproute2 iproute2-main
- cd iproute2-main/libbpf/src/
- sudo make install
- mkdir build
- DESTDIR=build OBJDIR=build make install
- cd -
- cd iproute2-main/
- export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:`pwd`/libbpf/src/ && LIBBPF_FORCE=on LIBBPF_DIR=`pwd`/libbpf/src/build ./configure && make && sudo cp -f tc/tc /usr/local/sbin/ntc && cd -
- run: loxilb-ebpf/utils/mkllb_bpffs.sh
- run: sudo -E env "PATH=$PATH" make
- run: sudo -E env "PATH=$PATH" make test
diff --git a/.github/workflows/sctpmh-sanity.yml b/.github/workflows/sctpmh-sanity.yml
index 1bfcb7a5..facc8fbb 100644
--- a/.github/workflows/sctpmh-sanity.yml
+++ b/.github/workflows/sctpmh-sanity.yml
@@ -29,15 +29,6 @@ jobs:
go-version: '>=1.18.0'
- run: sudo apt-get update
- run: sudo apt-get -y install clang-10 llvm libelf-dev gcc-multilib libpcap-dev linux-tools-$(uname -r) elfutils dwarves git libbsd-dev bridge-utils unzip build-essential bison flex iperf iproute2 nodejs socat ethtool curl lksctp-tools
- - run: |
- git clone --recurse-submodules https://github.com/loxilb-io/iproute2 iproute2-main
- cd iproute2-main/libbpf/src/
- sudo make install
- mkdir build
- DESTDIR=build OBJDIR=build make install
- cd -
- cd iproute2-main/
- export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:`pwd`/libbpf/src/ && LIBBPF_FORCE=on LIBBPF_DIR=`pwd`/libbpf/src/build ./configure && make && sudo cp -f tc/tc /usr/local/sbin/ntc && cd -
- run: loxilb-ebpf/utils/mkllb_bpffs.sh
- run: sudo -E env "PATH=$PATH" make
- run: sudo -E env "PATH=$PATH" make test
diff --git a/.github/workflows/tcp-sanity-ubuntu-22.yml b/.github/workflows/tcp-sanity-ubuntu-22.yml
index 0f01a8de..ba91c851 100644
--- a/.github/workflows/tcp-sanity-ubuntu-22.yml
+++ b/.github/workflows/tcp-sanity-ubuntu-22.yml
@@ -29,15 +29,6 @@ jobs:
go-version: '>=1.18.0'
- run: sudo apt-get update
- run: sudo apt-get -y install clang-13 llvm libelf-dev gcc-multilib libpcap-dev linux-tools-$(uname -r) elfutils dwarves git libbsd-dev bridge-utils unzip build-essential bison flex iperf iproute2 nodejs socat ethtool
- - run: |
- git clone --recurse-submodules https://github.com/loxilb-io/iproute2 iproute2-main
- cd iproute2-main/libbpf/src/
- sudo make install
- mkdir build
- DESTDIR=build OBJDIR=build make install
- cd -
- cd iproute2-main/
- export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:`pwd`/libbpf/src/ && LIBBPF_FORCE=on LIBBPF_DIR=`pwd`/libbpf/src/build ./configure && make && sudo cp -f tc/tc /usr/local/sbin/ntc && cd -
- run: loxilb-ebpf/utils/mkllb_bpffs.sh
- run: sudo -E env "PATH=$PATH" make
- run: sudo -E env "PATH=$PATH" make test
diff --git a/.github/workflows/tcp-sanity-ubuntu-24.yml b/.github/workflows/tcp-sanity-ubuntu-24.yml
new file mode 100644
index 00000000..e0c78eb5
--- /dev/null
+++ b/.github/workflows/tcp-sanity-ubuntu-24.yml
@@ -0,0 +1,71 @@
+name: TCP-LB-Sanity-CI-Ubuntu-24
+
+on:
+ schedule:
+ # Runs "At 11:00 UTC every day-of-week"
+ - cron: '0 11 * * *'
+ workflow_dispatch:
+ inputs:
+ logLevel:
+ description: 'Log level'
+ required: true
+ default: 'warning'
+ tags:
+ description: 'TCP LB Sanity Ubuntu 24'
+ workflow_run:
+ workflows: ["Docker-Multi-Arch"]
+ types:
+ - completed
+
+jobs:
+ build:
+ name: tcp-lb-sanity-ubuntu-24
+ runs-on: ubuntu-24.04
+ if: github.repository == 'loxilb-io/loxilb'
+ && github.event.inputs.tagName == ''
+ steps:
+ - uses: actions/checkout@v4
+ with:
+ submodules: recursive
+ - uses: actions/setup-python@v2
+ - uses: actions/setup-go@v3
+ with:
+ go-version: '>=1.18.0'
+ - run: sudo apt-get update
+ - run: sudo apt-get -y install linux-tools-$(uname -r) bridge-utils iperf iproute2 nodejs socat ethtool
+ - run: |
+ cd cicd/tcplb/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: |
+ cd cicd/tcplbmark/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: |
+ cd cicd/tcplbdsr1/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: |
+ cd cicd/tcplbdsr2/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: |
+ cd cicd/tcplbl3dsr/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
+ - run: |
+ cd cicd/tcplbhash/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
diff --git a/.github/workflows/tcp-sanity.yml b/.github/workflows/tcp-sanity.yml
index 6610eeda..083cee68 100644
--- a/.github/workflows/tcp-sanity.yml
+++ b/.github/workflows/tcp-sanity.yml
@@ -29,15 +29,6 @@ jobs:
go-version: '>=1.18.0'
- run: sudo apt-get update
- run: sudo apt-get -y install clang-10 llvm libelf-dev gcc-multilib libpcap-dev linux-tools-$(uname -r) elfutils dwarves git libbsd-dev bridge-utils unzip build-essential bison flex iperf iproute2 nodejs socat ethtool
- - run: |
- git clone --recurse-submodules https://github.com/loxilb-io/iproute2 iproute2-main
- cd iproute2-main/libbpf/src/
- sudo make install
- mkdir build
- DESTDIR=build OBJDIR=build make install
- cd -
- cd iproute2-main/
- export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:`pwd`/libbpf/src/ && LIBBPF_FORCE=on LIBBPF_DIR=`pwd`/libbpf/src/build ./configure && make && sudo cp -f tc/tc /usr/local/sbin/ntc && cd -
- run: loxilb-ebpf/utils/mkllb_bpffs.sh
- run: sudo -E env "PATH=$PATH" make
- run: sudo -E env "PATH=$PATH" make test
diff --git a/.github/workflows/tcpkali-longrun.yml b/.github/workflows/tcpkali-longrun.yml
new file mode 100644
index 00000000..971b19b1
--- /dev/null
+++ b/.github/workflows/tcpkali-longrun.yml
@@ -0,0 +1,37 @@
+name: TCPKALI-Longrun-CI
+on:
+ schedule:
+ # Runs "At 13:00 UTC every day-of-week"
+ - cron: '0 13 * * *'
+ workflow_dispatch:
+ inputs:
+ testName:
+ description: 'Test Run-Name'
+ required: true
+ default: 'tcpkali-longrun'
+jobs:
+ test-runner:
+ name: tcpkali-longrun
+ runs-on: [self-hosted, sb]
+ if: github.repository == 'loxilb-io/loxilb'
+ && github.event.inputs.tagName == ''
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v2
+ with:
+ submodules: recursive
+
+ - name: Run the test
+ run: |
+ cd cicd/tcpkali
+ ./config.sh
+ ./validation.sh
+ cd -
+
+ - name: Clean test-bed
+ if: success() || failure()
+ run: |
+ cd cicd/tcpkali || true
+ ./rmconfig.sh
+ docker images -a | grep "loxilb-io/loxilb" | awk '{print $3}' | xargs docker rmi
+ cd -
diff --git a/.github/workflows/test-scenario.yml b/.github/workflows/test-scenario.yml
index e1488dfa..9781d2a5 100644
--- a/.github/workflows/test-scenario.yml
+++ b/.github/workflows/test-scenario.yml
@@ -15,6 +15,7 @@ on:
options:
- ubuntu-20.04
- ubuntu-22.04
+ - ubuntu-24.04
jobs:
build:
@@ -29,25 +30,7 @@ jobs:
with:
go-version: '>=1.18.0'
- run: sudo apt-get update
- - run: if [[ ${{ github.event.inputs.runsOn }} == 'ubuntu-22.04' ]]; then sudo apt-get -y install clang-13 lksctp-tools; else sudo apt-get -y install clang-10; fi
- - run: sudo apt-get -y install llvm libelf-dev gcc-multilib libpcap-dev linux-tools-$(uname -r) elfutils dwarves git libbsd-dev bridge-utils unzip build-essential bison flex iperf iproute2 nodejs socat
- - run: |
- git clone --recurse-submodules https://github.com/loxilb-io/iproute2 iproute2-main
- cd iproute2-main/libbpf/src/
- sudo make install
- mkdir build
- DESTDIR=build OBJDIR=build make install
- cd -
- cd iproute2-main/
- export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:`pwd`/libbpf/src/ && LIBBPF_FORCE=on LIBBPF_DIR=`pwd`/libbpf/src/build ./configure && make && sudo cp -f tc/tc /usr/local/sbin/ntc && cd -
- - run: loxilb-ebpf/utils/mkllb_bpffs.sh
- - run: sudo -E env "PATH=$PATH" make
- - run: docker pull ghcr.io/loxilb-io/loxilb:latest
- - run: docker run -u root --cap-add SYS_ADMIN --restart unless-stopped --privileged -dit -v /dev/log:/dev/log --name loxilb ghcr.io/loxilb-io/loxilb:latest
- - run: pwd && ls && sudo -E env "PATH=$PATH" make docker-cp
- - run: docker exec -dit loxilb mkllb_bpffs
- - run: id=`docker ps -f name=loxilb | cut -d " " -f 1 | grep -iv "CONTAINER"` && docker commit $id ghcr.io/loxilb-io/loxilb:latest
- - run: docker stop loxilb && docker rm loxilb
+ - run: sudo apt-get -y install lksctp-tools linux-tools-$(uname -r) bridge-utils iperf iproute2 nodejs socat
- run: |
cd cicd/${{ github.event.inputs.testName }}/
./config.sh
diff --git a/.github/workflows/udp-sanity-ubuntu-22.yml b/.github/workflows/udp-sanity-ubuntu-22.yml
index 8ac6ab24..3ea2a3f8 100644
--- a/.github/workflows/udp-sanity-ubuntu-22.yml
+++ b/.github/workflows/udp-sanity-ubuntu-22.yml
@@ -29,15 +29,6 @@ jobs:
go-version: '>=1.18.0'
- run: sudo apt-get update
- run: sudo apt-get -y install clang-13 llvm libelf-dev gcc-multilib libpcap-dev linux-tools-$(uname -r) elfutils dwarves git libbsd-dev bridge-utils unzip build-essential bison flex iperf iproute2 nodejs socat ethtool
- - run: |
- git clone --recurse-submodules https://github.com/loxilb-io/iproute2 iproute2-main
- cd iproute2-main/libbpf/src/
- sudo make install
- mkdir build
- DESTDIR=build OBJDIR=build make install
- cd -
- cd iproute2-main/
- export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:`pwd`/libbpf/src/ && LIBBPF_FORCE=on LIBBPF_DIR=`pwd`/libbpf/src/build ./configure && make && sudo cp -f tc/tc /usr/local/sbin/ntc && cd -
- run: loxilb-ebpf/utils/mkllb_bpffs.sh
- run: sudo -E env "PATH=$PATH" make
- run: sudo -E env "PATH=$PATH" make test
diff --git a/.github/workflows/udp-sanity-ubuntu-24.yml b/.github/workflows/udp-sanity-ubuntu-24.yml
new file mode 100644
index 00000000..e2794439
--- /dev/null
+++ b/.github/workflows/udp-sanity-ubuntu-24.yml
@@ -0,0 +1,41 @@
+name: UDP-LB-Sanity-CI-Ubuntu-24
+
+on:
+ schedule:
+ # Runs "At 11:00 UTC every day-of-week"
+ - cron: '0 11 * * *'
+ workflow_dispatch:
+ inputs:
+ logLevel:
+ description: 'Log level'
+ required: true
+ default: 'warning'
+ tags:
+ description: 'UDP LB Sanity Ubuntu 24'
+ workflow_run:
+ workflows: ["Docker-Multi-Arch"]
+ types:
+ - completed
+
+jobs:
+ build:
+ name: udp-lb-sanity-ubuntu-24
+ runs-on: ubuntu-24.04
+ if: github.repository == 'loxilb-io/loxilb'
+ && github.event.inputs.tagName == ''
+ steps:
+ - uses: actions/checkout@v4
+ with:
+ submodules: recursive
+ - uses: actions/setup-python@v2
+ - uses: actions/setup-go@v3
+ with:
+ go-version: '>=1.18.0'
+ - run: sudo apt-get update
+ - run: sudo apt-get -y install linux-tools-$(uname -r) elfutils dwarves git libbsd-dev bridge-utils unzip build-essential bison flex iperf iproute2 nodejs socat ethtool
+ - run: |
+ cd cicd/udplb/
+ ./config.sh
+ ./validation.sh
+ ./rmconfig.sh
+ cd -
diff --git a/.github/workflows/udp-sanity.yml b/.github/workflows/udp-sanity.yml
index 3bcd88b2..d46d4ab2 100644
--- a/.github/workflows/udp-sanity.yml
+++ b/.github/workflows/udp-sanity.yml
@@ -29,15 +29,6 @@ jobs:
go-version: '>=1.18.0'
- run: sudo apt-get update
- run: sudo apt-get -y install clang-10 llvm libelf-dev gcc-multilib libpcap-dev linux-tools-$(uname -r) elfutils dwarves git libbsd-dev bridge-utils unzip build-essential bison flex iperf iproute2 nodejs socat ethtool
- - run: |
- git clone --recurse-submodules https://github.com/loxilb-io/iproute2 iproute2-main
- cd iproute2-main/libbpf/src/
- sudo make install
- mkdir build
- DESTDIR=build OBJDIR=build make install
- cd -
- cd iproute2-main/
- export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:`pwd`/libbpf/src/ && LIBBPF_FORCE=on LIBBPF_DIR=`pwd`/libbpf/src/build ./configure && make && sudo cp -f tc/tc /usr/local/sbin/ntc && cd -
- run: loxilb-ebpf/utils/mkllb_bpffs.sh
- run: sudo -E env "PATH=$PATH" make
- run: sudo -E env "PATH=$PATH" make test
diff --git a/ADOPTERS.md b/ADOPTERS.md
new file mode 100644
index 00000000..a2bef1da
--- /dev/null
+++ b/ADOPTERS.md
@@ -0,0 +1,24 @@
+# LoxiLB Adopters
+
+This list captures the set of organizations that are using LoxiLB within their environments
+(in production or at stages of R&D). If you are an adopter of LoxiLB and not yet on this
+list, we encourage you to add your organization here as well!
+
+The goal for this list is to be the complete and authoritative source for the entire community of
+LoxiLB adopters, and give inspiration to others that are earlier in their LoxiLB journey.
+
+Contributing to this list is a small effort that has a **big impact** to the project's growth,
+maturity, and momentum. Thank you to all adopters and contributors of the LoxiLB project!
+Feel free to edit this file and open a Pull-Request to get your organization listed.
+
+## Adopters (in alphabetical order)
+
+| Organization | Contact/Reference | Status | Description of Use |
+| ------------ | ------- | ------| ------------------ |
+| [BPFire](http://www.firebeeos.com/) | @vincentmli |  | eBPF based “BPFire” Distro |
+| [Friedrich-Alexander-Universität](https://www.fau.de/)| [Research Paper](https://arxiv.org/pdf/2405.00078) |  | eBPF Runtime Security |
+| [KETI](https://www.keti.re.kr/main/main.php) | [JinWon Park](mailto:jwpark9010@keti.re.kr?subject=LoxiLB) |  | Cloud-native LB for on-prem MLOps Deployment |
+| [Kookmin University](https://english.kookmin.ac.kr/) | *TBD* |  | Cloud-native LB for on-prem ORAN Testbed |
+| [Oracle OCI](https://www.oracle.com/) | @esirame |  | Telco cloud-native LB/Ingress for N2 interface |
+| [Samsung](https://www.samsung.com/) | [Conference Presentation](https://blog.naver.com/PostView.naver?blogId=n_cloudplatform&logNo=223518118906&navType=by) |  | Telco cloud-native LB/Ingress for N2/N4 interface |
+| [Viettel](https://vietteltelecom.vn/) | @chuhuutiennam |  | SCP for cloud-native telco deployments|
diff --git a/Dockerfile b/Dockerfile
index afb1ecec..86b5d1b5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -21,27 +21,19 @@ RUN mkdir -p /opt/loxilb && \
apt-get update && apt-get install -y wget && \
arch=$(arch | sed s/aarch64/arm64/ | sed s/x86_64/amd64/) && echo $arch && if [ "$arch" = "arm64" ] ; then apt-get install -y gcc-multilib-arm-linux-gnueabihf; else apt-get update && apt-get install -y gcc-multilib;fi && \
# Arch specific packages - GoLang
- wget https://go.dev/dl/go1.22.0.linux-${arch}.tar.gz && tar -xzf go1.22.0.linux-${arch}.tar.gz --directory /usr/local/ && rm go1.22.0.linux-${arch}.tar.gz && \
+ wget https://go.dev/dl/go1.23.0.linux-${arch}.tar.gz && tar -xzf go1.23.0.linux-${arch}.tar.gz --directory /usr/local/ && rm go1.23.0.linux-${arch}.tar.gz && \
# Dev and util packages
- apt-get install -y clang llvm libelf-dev libpcap-dev vim net-tools \
+ apt-get install -y clang llvm libelf-dev libpcap-dev vim net-tools ca-certificates \
elfutils dwarves git libbsd-dev bridge-utils wget unzip build-essential \
bison flex sudo iproute2 pkg-config tcpdump iputils-ping curl bash-completion && \
- # Install openssl-3.0.0
- wget https://www.openssl.org/source/openssl-3.0.0.tar.gz && tar -xvzf openssl-3.0.0.tar.gz && \
- cd openssl-3.0.0 && ./Configure enable-ktls '-Wl,-rpath,$(LIBRPATH)' --prefix=/usr/local/build && \
+ # Install openssl-3.3.1
+ wget https://github.com/openssl/openssl/releases/download/openssl-3.3.1/openssl-3.3.1.tar.gz && tar -xvzf openssl-3.3.1.tar.gz && \
+ cd openssl-3.3.1 && ./Configure enable-ktls '-Wl,-rpath,$(LIBRPATH)' --prefix=/usr/local/build && \
make -j$(nproc) && make install_dev install_modules && cd - && \
cp -a /usr/local/build/include/openssl /usr/include/ && \
if [ -d /usr/local/build/lib64 ] ; then mv /usr/local/build/lib64 /usr/local/build/lib; fi && \
cp -fr /usr/local/build/lib/* /usr/lib/ && ldconfig && \
- rm -fr openssl-3.0.0* && \
- # Install loxilb's custom ntc tool
- wget https://github.com/loxilb-io/iproute2/archive/refs/heads/main.zip && \
- unzip main.zip && cd iproute2-main/ && rm -fr libbpf && wget https://github.com/loxilb-io/libbpf/archive/refs/heads/main.zip && \
- unzip main.zip && mv libbpf-main libbpf && cd libbpf/src/ && mkdir build && \
- make install && DESTDIR=build OBJDIR=build make install && cd - && \
- export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:`pwd`/libbpf/src/ && \
- LIBBPF_FORCE=on LIBBPF_DIR=`pwd`/libbpf/src/build ./configure && make && \
- cp -f tc/tc /usr/local/sbin/ntc && cd .. && rm -fr main.zip iproute2-main && \
+ rm -fr openssl-3.3.1* && \
# Install bpftool
wget https://github.com/libbpf/bpftool/releases/download/v7.2.0/bpftool-libbpf-v7.2.0-sources.tar.gz && \
tar -xvzf bpftool-libbpf-v7.2.0-sources.tar.gz && cd bpftool/src/ && \
@@ -65,8 +57,8 @@ RUN mkdir -p /opt/loxilb && \
rm -fr /root/loxilb-io/loxilb/.github && mkdir -p /root/loxilb-io/loxilb/ && \
cp /usr/local/sbin/loxilb /root/loxilb-io/loxilb/loxilb && rm /usr/local/sbin/loxilb && \
# Install gobgp
- wget https://github.com/osrg/gobgp/releases/download/v3.5.0/gobgp_3.5.0_linux_amd64.tar.gz && \
- tar -xzf gobgp_3.5.0_linux_amd64.tar.gz && rm gobgp_3.5.0_linux_amd64.tar.gz && \
+ wget https://github.com/osrg/gobgp/releases/download/v3.29.0/gobgp_3.29.0_linux_${arch}.tar.gz && \
+ tar -xzf gobgp_3.29.0_linux_${arch}.tar.gz && rm gobgp_3.29.0_linux_${arch}.tar.gz && \
mv gobgp* /usr/sbin/ && rm LICENSE README.md && \
apt-get purge -y clang llvm libelf-dev libpcap-dev libbsd-dev build-essential \
elfutils dwarves git bison flex wget unzip && apt-get -y autoremove && \
@@ -96,7 +88,7 @@ ENV PATH="${PATH}:/usr/local/go/bin"
ENV LD_LIBRARY_PATH="${LD_LIBRARY_PATH}:/usr/lib64/"
RUN apt-get update && apt-get install -y --no-install-recommends sudo \
- libbsd-dev iproute2 tcpdump bridge-utils net-tools libllvm10 && \
+ libbsd-dev iproute2 tcpdump bridge-utils net-tools libllvm10 ca-certificates && \
rm -rf /var/lib/apt/lists/* && apt clean
COPY --from=build /usr/lib64/libbpf* /usr/lib64/
@@ -108,7 +100,6 @@ COPY --from=build /usr/local/sbin/loxilb_dp_debug /usr/local/sbin/loxilb_dp_debu
COPY --from=build /usr/local/sbin/loxicmd /usr/local/sbin/loxicmd
COPY --from=build /opt/loxilb /opt/loxilb
COPY --from=build /root/loxilb-io/loxilb/loxilb /root/loxilb-io/loxilb/loxilb
-COPY --from=build /usr/local/sbin/ntc /usr/local/sbin/ntc
COPY --from=build /usr/local/sbin/bpftool /usr/local/sbin/bpftool
COPY --from=build /usr/sbin/gobgp* /usr/sbin/
COPY --from=build /root/.bashrc /root/.bashrc
diff --git a/MAINTAINERS.md b/MAINTAINERS.md
index 9dbf90ed..427b122a 100644
--- a/MAINTAINERS.md
+++ b/MAINTAINERS.md
@@ -1,12 +1,13 @@
# LoxiLB Maintainers
-This is the list of LoxiLB project Maintainers.
+
+This is the current list of LoxiLB project Maintainers.
| | Name | Company |
|:---------------------------------------------------------------------------:|:-----------------------------------------------------:|:------------:|
-| 
| [PacketCrunch](https://github.com/PacketCrunch) | Netlox |
| 
| [UltraInstinct14](https://github.com/UltraInstinct14) | Netlox |
| 
| [Trekkie](https://github.com/TrekkieCoder) | Netlox |
| 
| [Nikhil Malik](https://github.com/nik-netlox) | Netlox |
| 
| [BackGuyn Jung](https://github.com/backguynn) | Netlox |
| 
| [Inho Gog](https://github.com/inhogog2) | Netlox |
-| 
| [SeokHwan Kong](https://github.com/NLX-SeokHwanKong) | Netlox |
+
+If any person or an organization wants to become a maintainer of LoxiLB, please feel free to go through LoxiLB [Governance Guide](https://github.com/loxilb-io/loxilb/blob/main/GOVERNANCE.md) for further details.
diff --git a/README-KOR.md b/README-KOR.md
new file mode 100644
index 00000000..ae54f67e
--- /dev/null
+++ b/README-KOR.md
@@ -0,0 +1,176 @@
+
+
+
+[](https://www.loxilb.io) [](https://ebpf.io/projects#loxilb) [](https://goreportcard.com/report/github.com/loxilb-io/loxilb) [](https://www.bestpractices.dev/projects/8472)  
+ [![Info][docs-shield]][docs-url] [](https://join.slack.com/t/loxilb/shared_invite/zt-2b3xx14wg-P7WHj5C~OEON_jviF0ghcQ)
+
+## loxilb란 무엇인가?
+loxilb는 GoLang/eBPF를 기반으로 한 오픈 소스 클라우드 네이티브 로드 밸런서로, 온-프레미스, 퍼블릭 클라우드 또는 하이브리드 K8s 환경 전반에 걸쳐 호환성을 달성하는 것을 목표로 합니다. loxilb는 텔코 클라우드(5G/6G), 모빌리티 및 엣지 컴퓨팅에서 클라우드 네이티브 기술 채택을 지원하기 위해 개발되고 있습니다.
+
+## loxilb와 함께하는 Kubernetes
+
+Kubernetes는 ClusterIP, NodePort, LoadBalancer, Ingress 등 여러 서비스 구조를 정의하여 파드에서 파드로, 파드에서 서비스로, 외부 에서 서비스로의 통신을 가능하게 합니다.
+
+
+
+이 모든 서비스는 Layer4/Layer7에서 작동하는 로드 밸런서/프록시가 제공합니다. Kubernetes는 매우 모듈화되어 있으며, 다양한 소프트웨어 모듈이 이러한 서비스를 제공할 수 있습니다. 예를 들어, kube-proxy는 기본적으로 ClusterIP 와 NodePort 서비스를 제공하지만, LoadBalancer 와 Ingress 같은 일부 서비스는 기본적으로 제공되지 않습니다.
+
+로드 밸런서 서비스는 일반적으로 퍼블릭 클라우드 제공자가 관리 구성 요소로 함께 제공합니다. 그러나 온프레미스 및 자체 관리 클러스터의 경우 사용할 수 있는 옵션이 제한적입니다. 매니지드 K8S 서비스(예: EKS)의 경우에도 로드 밸런서를 클러스터 어디서나 가져오려는 사람들이 많습니다. 추가적으로, 텔코 5G/6G 및 엣지 서비스는 GTP, SCTP, SRv6, DTLS와 같은 범용적이지 않은 프로토콜 사용으로 인해 기존 K8S 서비스에서의 원활한 통합이 특히 어렵습니다. loxilb는 로드 밸런서 서비스 유형 기능을 주요 사용 사례로 제공합니다. loxilb는 사용자의 필요에 따라 클러스터 내 또는 클러스터 외부에서 실행할 수 있습니다.
+
+loxilb는 기본적으로 L4 로드 밸런서/서비스 프록시로 작동합니다. L4 로드 밸런싱이 우수한 성능과 기능을 제공하지만, 다양한 사용 사례를 위해 K8s에서 동일하게 성능이 뛰어난 L7 로드 밸런서도 필요합니다. loxilb는 또한 eBPF SOCKMAP Helper를 사용하여 향상된 Kubernetes Ingress 구현 형태로 L7 로드 밸런싱을 지원합니다. 이는 동일한 환경에서 L4와 L7 로드 밸런싱이 필요한 사용자에게도 유리합니다.
+
+추가적으로 loxilb는 다음을 지원합니다:
+- [x] eBPF를 통한 kube-proxy 교체(Kubernetes의 전체 클러스터 메쉬 구현)
+- [x] 인그레스 지원
+- [x] Kubernetes Gateway API
+- [ ] Kubernetes 네트워크 정책
+
+## loxilb와 함께하는 텔코 클라우드
+클라우드 네이티브 기능으로 텔코-클라우드를 배포하려면 loxilb를 SCP(Service Communication Proxy: 서비스 통신 프록시)로 사용할 수 있습니다. SCP는 [3GPP](https://www.etsi.org/deliver/etsi_ts/129500_129599/129500/16.04.00_60/ts_129500v160400p.pdf)에서 정의한 통신 프록시로, 클라우드 네이티브 환경에서 실행되는 텔코 마이크로 서비스에 목적을 두고 있습니다. 자세한 내용은 이 [블로그](https://dev.to/nikhilmalik/5g-service-communication-proxy-with-loxilb-4242)를 참조하십시오.
+
+
+텔코-클라우드는 N2, N4, E2(ORAN), S6x, 5GLAN, GTP 등 다양한 인터페이스와 표준을 통한 로드 밸런싱 및 통신을 필요로 합니다. 각각 고유한 챌린지를 요구하며, loxilb는 이를 해결하는 것을 목표로 합니다. 예를 들어:
+- N4는 PFCP 수준의 세션 인텔리전스를 요구합니다.
+- N2는 NGAP 파싱 기능이 필요합니다(관련 블로그 - [블로그-1](https://www.loxilb.io/post/ngap-load-balancing-with-loxilb), [블로그-2](https://futuredon.medium.com/5g-sctp-loadbalancer-using-loxilb-b525198a9103), [블로그-3](https://medium.com/@ben0978327139/5g-sctp-loadbalancer-using-loxilb-applying-on-free5gc-b5c05bb723f0)).
+- S6x는 Diameter/SCTP 멀티-호밍 LB 지원이 필요합니다(관련 [블로그](https://www.loxilb.io/post/k8s-introducing-sctp-multihoming-functionality-with-loxilb)).
+- MEC 사용 사례는 UL-CL 이해가 필요할 수 있습니다(관련 [블로그](https://futuredon.medium.com/5g-uplink-classifier-using-loxilb-7593a4d66f4c)).
+- 미션 크리티컬 애플리케이션을 위해 히트리스 장애 조치 지원이 필수적일 수 있습니다.
+- E2는 OpenVPN과 번들된 SCTP-LB가 필요할 수 있습니다.
+- 클라우드 네이티브 VOIP를 가능하게 하는 SIP 지원이 필요합니다.
+
+## loxilb를 선택해야 하는 이유?
+
+- 다양한 아키텍처 전반에서 경쟁자보다 ```성능```이 훨씬 뛰어납니다.
+ * [싱글 노드 성능](https://loxilb-io.github.io/loxilbdocs/perf-single/)
+ * [멀티 노드 성능](https://loxilb-io.github.io/loxilbdocs/perf-multi/)
+ * [ARM에서의 성능](https://www.loxilb.io/post/running-loxilb-on-aws-graviton2-based-ec2-instance)
+ * [성능 관련 데모](https://www.youtube.com/watch?v=MJXcM0x6IeQ)
+- ebpf를 활용하여 ```유연```하고 ```사용자 정의```가 가능합니다.
+- 워크로드에 대한 고급 ```서비스 품질```(LB별, 엔드포인트별 또는 클라이언트별)
+- ```어떤``` Kubernetes 배포판/CNI와도 호환 - k8s/k3s/k0s/kind/OpenShift + Calico/Flannel/Cilium/Weave/Multus 등
+- loxilb를 사용한 kube-proxy 교체는 ```간단한 플러그인```으로 기존에 배포된 파드 네트워킹 소프트웨어와 통합이 가능합니다.
+- K8s에서 ```SCTP 워크로드```(멀티-호밍 포함)에 대한 광범위한 지원
+- ```NAT66, NAT64```를 지원하는 듀얼 스택 K8s
+- ```멀티 클러스터``` K8s 지원 (계획 중 🚧)
+- ```어떤``` 클라우드(퍼블릭 클라우드/온프레미스) 또는 ```독립형``` 환경에서도 실행 가능
+
+## loxilb의 전반적인 기능
+- L4/NAT 상태 저장 로드밸런서
+ * NAT44, NAT66, NAT64를 지원하며 One-ARM, FullNAT, DSR 등 다양한 모드 제공
+ * TCP, UDP, SCTP(멀티-호밍 포함), QUIC, FTP, TFTP 등 지원
+- Hiteless/maglev/cgnat 클러스터링을 위한 BFD 감지로 고가용성 지원
+- 클라우드 네이티브 환경을 위한 광범위하고 확장 가능한 엔드포인트 라이브니스 프로브
+- 상태 저장 방화벽 및 IPSEC/Wireguard 지원
+- [Conntrack](https://thermalcircle.de/doku.php?id=blog:linux:connection_tracking_1_modules_and_hooks), QoS 등 기능의 최적화된 구현
+- ipvs와 완전 호환(ipvs 정책 자동 상속 가능)
+- 정책 지향 L7 프록시 지원 - HTTP1.0, 1.1, 2.0, 3.0
+
+## loxilb의 구성 요소
+- GoLang 기반의 제어 평면 구성 요소
+- 확장 가능하고 효율적인 [eBPF](https://ebpf.io/) 기반 데이터 경로 구현
+- 통합된 goBGP 기반 라우팅 스택
+- Go로 작성된 Kubernetes 오퍼레이터 [kube-loxilb](https://github.com/loxilb-io/kube-loxilb)
+- Kubernetes 인그레스 구현
+
+## 아키텍처 고려 사항
+- [kube-loxilb와 함께하는 loxilb 모드 및 배포 이해하기](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/kube-loxilb.md)
+- [loxilb와 함께하는 고가용성 이해하기](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/ha-deploy.md)
+
+## 시작하기
+#### 클러스터 외부에서 loxilb 실행
+- [K3s : flannel & loxilb](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/k3s_quick_start_flannel.md)
+- [K3s : calico & loxilb](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/k3s_quick_start_calico.md)
+- [K3s : cilium & loxilb](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/quick_start_with_cilium.md)
+- [K0s : kube-router & loxilb](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/k0s_quick_start.md)
+- [EKS : loxilb 외부 모드](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/eks-external.md)
+
+#### 클러스터 내에서 loxilb 실행
+- [K3s : loxilb 인-클러스터](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/k3s_quick_start_incluster.md)
+- [K0s : loxilb 인-클러스터](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/k0s_quick_start_incluster.md)
+- [MicroK8s : loxilb 인-클러스터](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/microk8s_quick_start_incluster.md)
+- [EKS : loxilb 인-클러스터](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/eks-incluster.md)
+
+#### 서비스 프록시로서의 loxilb(kube-proxy 대체)
+- [K3s : flannel 서비스 프록시 & loxilb](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/service-proxy-flannel.md)
+- [K3s : calico 서비스 프록시 & loxilb](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/service-proxy-calico.md)
+
+#### Kubernetes 인그레스로서의 loxilb
+- [K3s: loxilb-ingress 실행 방법](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/loxilb-ingress.md)
+
+#### 독립형 모드에서 loxilb 실행
+- [독립형 모드에서 loxilb 실행](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/standalone.md)
+
+## 고급 가이드
+- [How-To : loxilb와 함께하는 서비스 그룹 존 설정](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/service-zones.md)
+- [How-To : K8s 외부의 엔드포인트에 접근하기](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/ext-ep.md)
+- [How-To : loxilb를 사용한 멀티 서버 K3s HA 배포](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/k3s-multi-master.md)
+- [How-To : AWS에서 멀티-AZ HA 지원과 함께 loxilb 배포](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/aws-multi-az.md)
+- [How-To : ingress-nginx와 함께 loxilb 배포](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/loxilb-nginx-ingress.md)
+
+## 배경 지식
+- [eBPF란 무엇인가](ebpf.md)
+- [k8s 서비스 - 로드 밸런서란 무엇인가](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/lb.md)
+- [간단한 아키텍처](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/arch.md)
+- [코드 조직](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/code.md)
+- [loxilb의 eBPF 내부](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/loxilbebpf.md)
+- [loxilb NAT 모드란 무엇인가](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/nat.md)
+- [loxilb 로드 밸런서 알고리즘](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/lb-algo.md)
+- [수동 빌드/실행 단계](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/run.md)
+- [loxilb 디버깅](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/debugging.md)
+- [loxicmd 커맨드 사용법](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/cmd.md)
+- [loxicmd 개발자 가이드](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/cmd-dev.md)
+- [loxilb API 개발자 가이드](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/api-dev.md)
+- [API 참조 - loxilb 웹 API](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/api.md)
+- [성능 보고서](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/perf.md)
+- [개발 로드맵](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/roadmap.md)
+- [기여하기](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/contribute.md)
+- [시스템 요구 사항](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/requirements.md)
+- [자주 묻는 질문(FAQ)](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/faq.md)
+- [블로그](https://www.loxilb.io/blog)
+- [데모 비디오](https://www.youtube.com/@loxilb697)
+
+## 커뮤니티
+
+### Slack
+loxilb 개발자 및 다른 loxilb 사용자와 채팅을 하려면 loxilb [Slack](https://www.loxilb.io/members) 채널에 가입하세요. 이곳은 loxilb에 대해 배우고, 질문을 하고, 협력작업을 하기에 좋은 장소입니다.
+
+### 일반 토론
+GitHub [토론](https://github.com/loxilb-io/loxilb/discussions)에 자유롭게 질문을 게시하세요. 문제나 버그가 발견되면 GitHub에서 [이슈](https://github.com/loxilb-io/loxilb/issues)를 제기해 주세요. loxilb 커뮤니티의 멤버들이 도와드릴 것입니다.
+
+## CICD 워크플로우 상태
+
+| 기능(Ubuntu20.04) | 기능(Ubuntu22.04)| 기능(RedHat9)|
+|:----------|:-------------|:-------------|
+|  | [](https://github.com/loxilb-io/loxilb/actions/workflows/docker-multiarch.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/sctp-sanity-rh9.yml) |
+|  | [](https://github.com/loxilb-io/loxilb/actions/workflows/basic-sanity-ubuntu-22.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/basic-sanity-rh9.yml) |
+| [](https://github.com/loxilb-io/loxilb/actions/workflows/tcp-sanity.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/tcp-sanity-ubuntu-22.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/tcp-sanity-rh9.yml) |
+| [](https://github.com/loxilb-io/loxilb/actions/workflows/udp-sanity.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/udp-sanity-ubuntu-22.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/udp-sanity-rh9.yml) |
+| [](https://github.com/loxilb-io/loxilb/actions/workflows/sctp-sanity.yml) |  | [](https://github.com/loxilb-io/loxilb/actions/workflows/ipsec-sanity-rh9.yml) |
+|  |  | [](https://github.com/loxilb-io/loxilb/actions/workflows/nat66-sanity-rh9.yml) |
+|  | [](https://github.com/loxilb-io/loxilb/actions/workflows/scale-sanity-ubuntu-22.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/advanced-lb-sanity-rh9.yml) |
+|  | [](https://github.com/loxilb-io/loxilb/actions/workflows/perf.yml) | |
+| [](https://github.com/loxilb-io/loxilb/actions/workflows/liveness-sanity.yml) | | |
+|  | | |
+| [](https://github.com/loxilb-io/loxilb/actions/workflows/perf.yml) | | |
+
+| K3s 테스트 | K8s 클러스터 테스트 | EKS 테스트 |
+|:-------------|:-------------|:-------------|
+|[](https://github.com/loxilb-io/loxilb/actions/workflows/k3s-base-sanity.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/k8s-calico-ipvs.yml) |  |
+| [](https://github.com/loxilb-io/loxilb/actions/workflows/k3s-flannel.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/k8s-calico-ipvs2.yml) | |
+| [](https://github.com/loxilb-io/loxilb/actions/workflows/k3s-flannel-ubuntu-22.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/k8s-calico-ipvs3.yml) | |
+|[](https://github.com/loxilb-io/loxilb/actions/workflows/k3s-flannel-cluster.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/k8s-calico-ipvs3-ha.yml) | |
+| [](https://github.com/loxilb-io/loxilb/actions/workflows/k3s-flannel-incluster.yml) | | |
+|[](https://github.com/loxilb-io/loxilb/actions/workflows/k3s-flannel-incluster-l2.yml) | | |
+| [](https://github.com/loxilb-io/loxilb/actions/workflows/k3s-calico.yml) | | |
+| [](https://github.com/loxilb-io/loxilb/actions/workflows/k3s-cilium-cluster.yml) | |
+| [](https://github.com/loxilb-io/loxilb/actions/workflows/k3s-sctpmh.yml) | | |
+| [](https://github.com/loxilb-io/loxilb/actions/workflows/k3s-sctpmh-ubuntu22.yml) | | |
+| [](https://github.com/loxilb-io/loxilb/actions/workflows/k3s-sctpmh-2.yml) | | |
+
+
+## 📚 자세한 정보는 loxilb [웹사이트](https://www.loxilb.io)를 확인하십시오.
+
+[docs-shield]: https://img.shields.io/badge/info-docs-blue
+[docs-url]: https://loxilb-io.github.io/loxilbdocs/
+[slack=shield]: https://img.shields.io/badge/Community-Join%20Slack-blue
+[slack-url]: https://www.loxilb.io/members
diff --git a/README.md b/README.md
index d6263a00..c0b15b75 100644
--- a/README.md
+++ b/README.md
@@ -5,20 +5,39 @@
 [![Info][docs-shield]][docs-url] [](https://join.slack.com/t/loxilb/shared_invite/zt-2b3xx14wg-P7WHj5C~OEON_jviF0ghcQ)
## What is loxilb
-loxilb is an open source cloud-native load-balancer based on GoLang/eBPF with the goal of achieving cross-compatibility across a wide range of on-prem, public-cloud or hybrid K8s environments.
+loxilb is an open source cloud-native load-balancer based on GoLang/eBPF with the goal of achieving cross-compatibility across a wide range of on-prem, public-cloud or hybrid K8s environments. loxilb is being developed to support the adoption of cloud-native tech in telco, mobility, and edge computing.
## Kubernetes with loxilb
-Kubernetes defines many service constructs like cluster-ip, node-port, load-balancer etc for pod to pod, pod to service and service from outside communication.
-
-
-
+Kubernetes defines many service constructs like cluster-ip, node-port, load-balancer, ingress etc for pod to pod, pod to service and outside-world to service communication.
-All these services are provided by load-balancers/proxies operating at Layer4/Layer7. Since Kubernetes's is highly modular, these services can be provided by different software modules. For example, kube-proxy is used by default to provide cluster-ip and node-port services.
+
-Service type load-balancer is usually provided by public cloud-provider(s) as a managed entity. But for on-prem and self-managed clusters, there are only a few good options available. Even for provider-managed K8s like EKS, there are many who would want to bring their own LB to clusters running anywhere. loxilb provides service type load-balancer as its main use-case. loxilb can be run in-cluster or ext-to-cluster as per user need.
+All these services are provided by load-balancers/proxies operating at Layer4/Layer7. Since Kubernetes's is highly modular, these services can be provided by different software modules. For example, kube-proxy is used by default to provide cluster-ip and node-port services. For some services like LB and Ingress, no default is usually provided.
-Additionally, loxilb can also support cluster-ip and node-port services, thereby providing full cluster-mesh implementation for Kubernetes (replacment of kube-proxy).
+Service type load-balancer is usually provided by public cloud-provider(s) as a managed entity. But for on-prem and self-managed clusters, there are only a few good options available. Even for provider-managed K8s like EKS, there are many who would want to bring their own LB to clusters running anywhere. Additionally, Telco 5G and edge services introduce unique challenges due to the variety of exotic protocols involved, including GTP, SCTP, SRv6, SEPP, and DTLS, making seamless integration particularly challenging. loxilb provides service type load-balancer as its main use-case. loxilb can be run in-cluster or ext-to-cluster as per user need.
+
+loxilb works as a L4 load-balancer/service-proxy by default. Although L4 load-balancing provides great performance and functionality, an equally performant L7 load-balancer is also necessary in K8s for various use-cases. loxilb also supports L7 load-balancing in the form of Kubernetes Ingress implementation which is enhanced with eBPF sockmap helpers. This also benefit users who need L4 and L7 load-balancing under the same hood.
+
+Additionally, loxilb also supports:
+- [x] kube-proxy replacement with eBPF(full cluster-mesh implementation for Kubernetes)
+- [x] Ingress Support
+- [x] Kubernetes Gateway API
+- [ ] Kubernetes Network Policies
+
+## Telco-Cloud with loxilb
+For deploying telco-cloud with cloud-native functions, loxilb can be used as an enhanced SCP(service communication proxy). SCP is a communication proxy defined by [3GPP](https://www.etsi.org/deliver/etsi_ts/129500_129599/129500/16.04.00_60/ts_129500v160400p.pdf) and aimed at telco micro-services running in cloud-native environment. Read more in this [blog](https://dev.to/nikhilmalik/5g-service-communication-proxy-with-loxilb-4242)
+
+
+Telco-cloud requires load-balancing and communication across various interfaces/standards like N2, N4, E2(ORAN), S6x, 5GLAN, GTP etc. Each of these present its own unique challenges which loxilb aims to solve e.g.:
+- N4 requires PFCP level session-intelligence
+- N2 requires NGAP parsing capability(Related Blogs - [Blog-1](https://www.loxilb.io/post/ngap-load-balancing-with-loxilb), [Blog-2](https://futuredon.medium.com/5g-sctp-loadbalancer-using-loxilb-b525198a9103), [Blog-3](https://medium.com/@ben0978327139/5g-sctp-loadbalancer-using-loxilb-applying-on-free5gc-b5c05bb723f0))
+- S6x requires Diameter/SCTP multi-homing LB support(Related [Blog](https://www.loxilb.io/post/k8s-introducing-sctp-multihoming-functionality-with-loxilb))
+- MEC use-cases might require UL-CL understanding(Related [Blog](https://futuredon.medium.com/5g-uplink-classifier-using-loxilb-7593a4d66f4c))
+- Hitless failover support might be essential for mission-critical applications
+- E2 might require SCTP-LB with OpenVPN bundled together
+- SIP support is needed to enable cloud-native VOIP
+- N32 requires support for Security Edge Protection Proxy(SEPP)
## Why choose loxilb?
@@ -45,26 +64,14 @@ Additionally, loxilb can also support cluster-ip and node-port services, thereby
- Stateful firewalling and IPSEC/Wireguard support
- Optimized implementation for features like [Conntrack](https://thermalcircle.de/doku.php?id=blog:linux:connection_tracking_1_modules_and_hooks), QoS etc
- Full compatibility for ipvs (ipvs policies can be auto inherited)
-- Policy oriented L7 proxy support - HTTP1.0, 1.1, 2.0 etc (planned 🚧)
+- Policy oriented L7 proxy support - HTTP1.0, 1.1, 2.0, 3.0
## Components of loxilb
- GoLang based control plane components
- A scalable/efficient [eBPF](https://ebpf.io/) based data-path implementation
- Integrated goBGP based routing stack
-- A kubernetes agent [kube-loxilb](https://github.com/loxilb-io/kube-loxilb) written in Go
-
-## Layer4 Vs Layer7
-loxilb works as a L4 load-balancer/service-proxy by default. Although it provides great performance, at times, L7 load-balancing might become necessary in K8s. There are many good L7 proxies already available for K8s. Still, we are working on providing a great L7 solution natively in eBPF. It is a tough endeavor one which should reap great benefits once completed. Please keep an eye for updates on this.
-
-## Telco-Cloud with loxilb
-For deploying telco-cloud with cloud-native functions, loxilb can be used as a SCP(service communication proxy). SCP is a communication proxy defined by [3GPP](https://www.etsi.org/deliver/etsi_ts/129500_129599/129500/16.04.00_60/ts_129500v160400p.pdf) and aimed at telco micro-services running in cloud-native environment. Telco-cloud requires load-balancing and communication across various interfaces/standards like N2, N4, E2(ORAN), S6x, 5GLAN, GTP etc. Each of these present its own unique challenges which loxilb aims to solve e.g.:
-- N4 requires PFCP level session-intelligence
-- N2 requires NGAP parsing capability
-- S6x requires Diameter/SCTP multi-homing LB support
-- MEC use-cases might require UL-CL understanding
-- Hitless failover support might be essential for mission-critical applications
-- E2 might require SCTP-LB with OpenVPN bundled together
-- SIP support is needed to enable cloud-native VOIP
+- A kubernetes operator [kube-loxilb](https://github.com/loxilb-io/kube-loxilb) written in Go
+- A kubernetes ingress [implementation](https://github.com/loxilb-io/loxilb-ingress)
## Architectural Considerations
- [Understanding loxilb modes and deployment in K8s with kube-loxilb](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/kube-loxilb.md)
@@ -88,6 +95,9 @@ For deploying telco-cloud with cloud-native functions, loxilb can be used as a S
- [K3s : loxilb service-proxy with flannel](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/service-proxy-flannel.md)
- [K3s : loxilb service-proxy with calico](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/service-proxy-calico.md)
+#### loxilb as Kubernetes Ingress
+- [K3s: How to run loxilb-ingress](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/loxilb-ingress.md)
+
#### loxilb in standalone mode
- [Run loxilb standalone](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/standalone.md)
@@ -96,7 +106,8 @@ For deploying telco-cloud with cloud-native functions, loxilb can be used as a S
- [How-To : Access end-points outside K8s](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/ext-ep.md)
- [How-To : Deploy multi-server K3s HA with loxilb](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/k3s-multi-master.md)
- [How-To : Deploy loxilb with multi-AZ HA support in AWS](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/aws-multi-az.md)
-- [How-To : Deploy loxilb with Ingress](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/loxilb-nginx-ingress.md)
+- [How-To : Deploy loxilb with multi-cloud HA support](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/multi-cloud-ha.md)
+- [How-To : Deploy loxilb with ingress-nginx](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/loxilb-nginx-ingress.md)
## Knowledge-Base
- [What is eBPF](ebpf.md)
@@ -118,6 +129,7 @@ For deploying telco-cloud with cloud-native functions, loxilb can be used as a S
- [System Requirements](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/requirements.md)
- [Frequenctly Asked Questions- FAQs](https://github.com/loxilb-io/loxilbdocs/blob/main/docs/faq.md)
- [Blogs](https://www.loxilb.io/blog)
+- [Demo Videos](https://www.youtube.com/@loxilb697)
## Community
@@ -127,21 +139,29 @@ Join the loxilb [Slack](https://www.loxilb.io/members) channel to chat with loxi
### General Discussion
Feel free to post your queries in github [discussion](https://github.com/loxilb-io/loxilb/discussions). If you find any issue/bugs, please raise an [issue](https://github.com/loxilb-io/loxilb/issues) in github and members from loxilb community will be happy to help.
+### Community Posts
+- [5G SCTP Load Balancer using LoxiLB](https://futuredon.medium.com/5g-sctp-loadbalancer-using-loxilb-b525198a9103)
+- [5G Uplink Classifier using LoxiLB](https://futuredon.medium.com/5g-uplink-classifier-using-loxilb-7593a4d66f4c)
+- [5G SCTP Load Balancer with free5gc](https://medium.com/@ben0978327139/5g-sctp-loadbalancer-using-loxilb-applying-on-free5gc-b5c05bb723f0)
+- [K8s - Bring load balancing to Multus workloads with LoxiLB](https://cloudybytes.medium.com/k8s-bringing-load-balancing-to-multus-workloads-with-loxilb-a0746f270abe)
+- [K3s - Using LoxiLB as External Service Load Balancer](https://cloudybytes.medium.com/k3s-using-loxilb-as-external-service-lb-2ea4ce61e159)
+- [Kubernetes Services - Achieving Optimal performance is elusive](https://cloudybytes.medium.com/kubernetes-services-achieving-optimal-performance-is-elusive-5def5183c281)
+
## CICD Workflow Status
-| Features(Ubuntu20.04) | Features(Ubuntu22.04)| Features(RedHat9)|
-|:----------|:-------------|:-------------|
-|  | [](https://github.com/loxilb-io/loxilb/actions/workflows/docker-multiarch.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/sctp-sanity-rh9.yml) |
-|  | [](https://github.com/loxilb-io/loxilb/actions/workflows/basic-sanity-ubuntu-22.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/basic-sanity-rh9.yml) |
-| [](https://github.com/loxilb-io/loxilb/actions/workflows/tcp-sanity.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/tcp-sanity-ubuntu-22.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/tcp-sanity-rh9.yml) |
-| [](https://github.com/loxilb-io/loxilb/actions/workflows/udp-sanity.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/udp-sanity-ubuntu-22.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/udp-sanity-rh9.yml) |
-| [](https://github.com/loxilb-io/loxilb/actions/workflows/sctp-sanity.yml) |  | [](https://github.com/loxilb-io/loxilb/actions/workflows/ipsec-sanity-rh9.yml) |
-|  |  | [](https://github.com/loxilb-io/loxilb/actions/workflows/nat66-sanity-rh9.yml) |
-|  | [](https://github.com/loxilb-io/loxilb/actions/workflows/scale-sanity-ubuntu-22.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/advanced-lb-sanity-rh9.yml) |
-|  | [](https://github.com/loxilb-io/loxilb/actions/workflows/perf.yml) | |
-| [](https://github.com/loxilb-io/loxilb/actions/workflows/liveness-sanity.yml) | | |
-|  | | |
-| [](https://github.com/loxilb-io/loxilb/actions/workflows/perf.yml) | | |
+| Features(Ubuntu20.04) | Features(Ubuntu22.04)| Features(Ubuntu24.04)| Features(RedHat9)|
+|:----------|:-------------|:-------------|:-------------|
+| [](https://github.com/loxilb-io/loxilb/actions/workflows/docker-image.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/docker-multiarch.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/docker-multiarch.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/docker-multiarch.yml) |
+| [](https://github.com/loxilb-io/loxilb/actions/workflows/basic-sanity.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/basic-sanity-ubuntu-22.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/basic-sanity-ubuntu-24.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/basic-sanity-rh9.yml) |
+| [](https://github.com/loxilb-io/loxilb/actions/workflows/tcp-sanity.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/tcp-sanity-ubuntu-22.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/tcp-sanity-ubuntu-24.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/tcp-sanity-rh9.yml) |
+| [](https://github.com/loxilb-io/loxilb/actions/workflows/udp-sanity.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/udp-sanity-ubuntu-22.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/udp-sanity-ubuntu-24.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/udp-sanity-rh9.yml) |
+| [](https://github.com/loxilb-io/loxilb/actions/workflows/sctp-sanity.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/sctp-sanity-ubuntu-22.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/sctp-sanity-ubuntu-24.yml) |[](https://github.com/loxilb-io/loxilb/actions/workflows/sctp-sanity-rh9.yml) |
+| [](https://github.com/loxilb-io/loxilb/actions/workflows/advanced-lb-sanity.yml)| [](https://github.com/loxilb-io/loxilb/actions/workflows/advanced-lb-sanity-ubuntu-22.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/advanced-lb-sanity-ubuntu-24.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/advanced-lb-sanity-rh9.yml)|
+| [](https://github.com/loxilb-io/loxilb/actions/workflows/nat66-sanity.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/nat66-sanity-ubuntu-22.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/nat66-sanity-ubuntu-24.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/nat66-sanity-rh9.yml) |
+| [](https://github.com/loxilb-io/loxilb/actions/workflows/ipsec-sanity.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/ipsec-sanity-ubuntu-22.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/ipsec-sanity-ubuntu-24.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/ipsec-sanity-rh9.yml) |
+| [](https://github.com/loxilb-io/loxilb/actions/workflows/liveness-sanity.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/liveness-sanity-ubuntu-22.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/liveness-sanity-ubuntu-24.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/liveness-sanity-rh9.yml) |
+| | [](https://github.com/loxilb-io/loxilb/actions/workflows/scale-sanity-ubuntu-22.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/scale-sanity-ubuntu-24.yml) | |
+|[](https://github.com/loxilb-io/loxilb/actions/workflows/perf.yml) | [](https://github.com/loxilb-io/loxilb/actions/workflows/perf.yml) |[](https://github.com/loxilb-io/loxilb/actions/workflows/perf.yml) | |
| K3s Tests | K8s Cluster Tests | EKS Test |
|:-------------|:-------------|:-------------|
@@ -158,9 +178,6 @@ Feel free to post your queries in github [discussion](https://github.com/loxilb-
| [](https://github.com/loxilb-io/loxilb/actions/workflows/k3s-sctpmh-2.yml) | | |
-
-
-
## 📚 Please check loxilb [website](https://www.loxilb.io) for more detailed info.
[docs-shield]: https://img.shields.io/badge/info-docs-blue
diff --git a/api/loxinlp/nlp.go b/api/loxinlp/nlp.go
index 4bdce6cf..bcc15c16 100644
--- a/api/loxinlp/nlp.go
+++ b/api/loxinlp/nlp.go
@@ -86,6 +86,8 @@ type NlH struct {
IMap map[string]Intf
BlackList string
BLRgx *regexp.Regexp
+ WhiteList string
+ WLRgx *regexp.Regexp
}
var (
@@ -97,7 +99,12 @@ func NlpRegister(hook cmn.NetHookInterface) {
hooks = hook
}
-func iSBlackListedIntf(name string, masterIdx int) bool {
+func NlpIsBlackListedIntf(name string, masterIdx int) bool {
+ if nNl.WhiteList != "none" {
+ filter := nNl.WLRgx.MatchString(name)
+ return !filter
+ }
+
if name == "lo" {
return true
}
@@ -1189,8 +1196,18 @@ func AddRoute(route nlp.Route) int {
ipNet = *route.Dst
}
- ret, err := hooks.NetRouteAdd(&cmn.RouteMod{Protocol: int(route.Protocol), Flags: route.Flags,
- Gw: route.Gw, LinkIndex: route.LinkIndex, Dst: ipNet})
+ var gws []cmn.GWInfo
+
+ if len(route.MultiPath) <= 0 {
+ gw := cmn.GWInfo{Gw: route.Gw, LinkIndex: route.LinkIndex}
+ gws = append(gws, gw)
+ } else {
+ for i := range route.MultiPath {
+ gws = append(gws, cmn.GWInfo{Gw: route.MultiPath[i].Gw, LinkIndex: route.MultiPath[i].LinkIndex})
+ }
+ }
+
+ ret, err := hooks.NetRouteAdd(&cmn.RouteMod{Protocol: int(route.Protocol), Flags: route.Flags, Dst: ipNet, GWs: gws})
if err != nil {
if route.Gw != nil {
tk.LogIt(tk.LogError, "[NLP] RT %s via %s proto %d add failed-%s\n", ipNet.String(),
@@ -1279,7 +1296,7 @@ func DelRoute(route nlp.Route) int {
func LUWorkSingle(m nlp.LinkUpdate) int {
var ret int
- if iSBlackListedIntf(m.Link.Attrs().Name, m.Link.Attrs().MasterIndex) {
+ if NlpIsBlackListedIntf(m.Link.Attrs().Name, m.Link.Attrs().MasterIndex) {
return -1
}
@@ -1332,7 +1349,7 @@ func NUWorkSingle(m nlp.NeighUpdate) int {
return -1
}
- if iSBlackListedIntf(link.Attrs().Name, link.Attrs().MasterIndex) {
+ if NlpIsBlackListedIntf(link.Attrs().Name, link.Attrs().MasterIndex) {
return -1
}
@@ -1350,14 +1367,28 @@ func NUWorkSingle(m nlp.NeighUpdate) int {
func RUWorkSingle(m nlp.RouteUpdate) int {
var ret int
- link, err := nlp.LinkByIndex(m.LinkIndex)
- if err != nil {
- fmt.Println(err)
- return -1
- }
+ if len(m.MultiPath) <= 0 {
+ link, err := nlp.LinkByIndex(m.LinkIndex)
+ if err != nil {
+ tk.LogIt(tk.LogError, "RUWorkSingle: link find error %s\n", err)
+ return -1
+ }
- if iSBlackListedIntf(link.Attrs().Name, link.Attrs().MasterIndex) {
- return -1
+ if NlpIsBlackListedIntf(link.Attrs().Name, link.Attrs().MasterIndex) {
+ return -1
+ }
+ } else {
+ for _, path := range m.MultiPath {
+ link, err := nlp.LinkByIndex(path.LinkIndex)
+ if err != nil {
+ tk.LogIt(tk.LogError, "RUWorkSingle: link find error %s\n", err)
+ return -1
+ }
+
+ if NlpIsBlackListedIntf(link.Attrs().Name, link.Attrs().MasterIndex) {
+ return -1
+ }
+ }
}
if skipIfRoute {
@@ -1430,7 +1461,7 @@ func NLWorker(nNl *NlH, bgpPeerMode bool, ch chan bool, wch chan bool) {
defer func() {
if e := recover(); e != nil {
- tk.LogIt(tk.LogCritical, "%s: %s", e, debug.Stack())
+ tk.LogIt(tk.LogCritical, "%s: %s\n", e, debug.Stack())
}
hooks.NetHandlePanic()
os.Exit(1)
@@ -1458,7 +1489,7 @@ func GetBridges() {
return
}
for _, link := range links {
- if iSBlackListedIntf(link.Attrs().Name, link.Attrs().MasterIndex) {
+ if NlpIsBlackListedIntf(link.Attrs().Name, link.Attrs().MasterIndex) {
continue
}
switch link.(type) {
@@ -1484,7 +1515,7 @@ func NlpGet(ch chan bool) int {
for _, link := range links {
- if iSBlackListedIntf(link.Attrs().Name, link.Attrs().MasterIndex) {
+ if NlpIsBlackListedIntf(link.Attrs().Name, link.Attrs().MasterIndex) {
continue
}
@@ -1496,7 +1527,7 @@ func NlpGet(ch chan bool) int {
for _, link := range links {
- if iSBlackListedIntf(link.Attrs().Name, link.Attrs().MasterIndex) {
+ if NlpIsBlackListedIntf(link.Attrs().Name, link.Attrs().MasterIndex) {
// Need addresss to work with
addrs, err := nlp.AddrList(link, nlp.FAMILY_ALL)
if err != nil {
@@ -1559,25 +1590,28 @@ func NlpGet(ch chan bool) int {
AddNeigh(neigh, link)
}
}
+ }
- /* Get Routes */
- routes, err := nlp.RouteList(link, nlp.FAMILY_ALL)
- if err != nil {
- tk.LogIt(tk.LogError, "[NLP] Error getting route list %v\n", err)
- }
+ /* Get Routes */
+ routes, err := nlp.RouteList(nil, nlp.FAMILY_ALL)
+ if err != nil {
+ tk.LogIt(tk.LogError, "[NLP] Error getting route list %v\n", err)
+ }
- if len(routes) == 0 {
- tk.LogIt(tk.LogDebug, "[NLP] No STATIC routes found for intf %s\n", link.Attrs().Name)
- } else {
- for _, route := range routes {
- if skipIfRoute {
- if route.Scope.String() == "link" && tk.IsNetIPv4(route.Dst.IP.String()) {
- continue
- }
+ if len(routes) == 0 {
+ tk.LogIt(tk.LogDebug, "[NLP] No STATIC routes found\n")
+ } else {
+ for _, route := range routes {
+ var m nlp.RouteUpdate
+ if skipIfRoute {
+ if route.Scope.String() == "link" && tk.IsNetIPv4(route.Dst.IP.String()) {
+ continue
}
-
- AddRoute(route)
}
+ m.Type = syscall.RTM_NEWROUTE
+ m.Route = route
+
+ RUWorkSingle(m)
}
}
tk.LogIt(tk.LogInfo, "[NLP] nlp get done\n")
@@ -1642,12 +1676,14 @@ func LbSessionGet(done bool) int {
return 0
}
-func NlpInit(bgpPeerMode bool, blackList string, ipvsCompat bool) *NlH {
+func NlpInit(bgpPeerMode bool, blackList, whitelist string, ipvsCompat bool) *NlH {
nNl = new(NlH)
nNl.BlackList = blackList
nNl.BLRgx = regexp.MustCompile(blackList)
+ nNl.WhiteList = whitelist
+ nNl.WLRgx = regexp.MustCompile(whitelist)
checkInit := make(chan bool)
waitInit := make(chan bool)
diff --git a/api/models/loadbalance_entry.go b/api/models/loadbalance_entry.go
index 79cb9f18..a7920530 100644
--- a/api/models/loadbalance_entry.go
+++ b/api/models/loadbalance_entry.go
@@ -315,9 +315,12 @@ type LoadbalanceEntryServiceArguments struct {
// block-number if any of this LB entry
Block uint16 `json:"block,omitempty"`
- // IP address for externel access
+ // IP address for external access
ExternalIP string `json:"externalIP,omitempty"`
+ // Ingress specific host URL path
+ Host string `json:"host,omitempty"`
+
// value for inactivity timeout (in seconds)
InactiveTimeOut int32 `json:"inactiveTimeOut,omitempty"`
@@ -339,6 +342,9 @@ type LoadbalanceEntryServiceArguments struct {
// port number for the access
Port int64 `json:"port,omitempty"`
+ // private IP (NAT'd) address for external access
+ PrivateIP string `json:"privateIP,omitempty"`
+
// value for probe retries
ProbeRetries int32 `json:"probeRetries,omitempty"`
diff --git a/api/models/route_get_entry.go b/api/models/route_get_entry.go
index f83534b4..e0c59c4c 100644
--- a/api/models/route_get_entry.go
+++ b/api/models/route_get_entry.go
@@ -32,7 +32,7 @@ type RouteGetEntry struct {
HardwareMark int64 `json:"hardwareMark,omitempty"`
// Route protocol
- Protocol int64 `json:"protocol,omitempty"`
+ Protocol string `json:"protocol,omitempty"`
// statistic
Statistic *RouteGetEntryStatistic `json:"statistic,omitempty"`
diff --git a/api/restapi/configure_loxilb_rest_api.go b/api/restapi/configure_loxilb_rest_api.go
index df3fd873..8d2735c4 100644
--- a/api/restapi/configure_loxilb_rest_api.go
+++ b/api/restapi/configure_loxilb_rest_api.go
@@ -60,7 +60,8 @@ func configureAPI(api *operations.LoxilbRestAPIAPI) http.Handler {
// Load balancer add and delete and get
api.PostConfigLoadbalancerHandler = operations.PostConfigLoadbalancerHandlerFunc(handler.ConfigPostLoadbalancer)
- api.DeleteConfigLoadbalancerExternalipaddressIPAddressPortPortProtocolProtoHandler = operations.DeleteConfigLoadbalancerExternalipaddressIPAddressPortPortProtocolProtoHandlerFunc(handler.ConfigDeleteLoadbalancer)
+ api.DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoHandler = operations.DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoHandlerFunc(handler.ConfigDeleteLoadbalancer)
+ api.DeleteConfigLoadbalancerExternalipaddressIPAddressPortPortProtocolProtoHandler = operations.DeleteConfigLoadbalancerExternalipaddressIPAddressPortPortProtocolProtoHandlerFunc(handler.ConfigDeleteLoadbalancerWithoutPath)
api.GetConfigLoadbalancerAllHandler = operations.GetConfigLoadbalancerAllHandlerFunc(handler.ConfigGetLoadbalancer)
api.DeleteConfigLoadbalancerAllHandler = operations.DeleteConfigLoadbalancerAllHandlerFunc(handler.ConfigDeleteAllLoadbalancer)
api.DeleteConfigLoadbalancerNameLbNameHandler = operations.DeleteConfigLoadbalancerNameLbNameHandlerFunc(handler.ConfigDeleteLoadbalancerByName)
diff --git a/api/restapi/embedded_spec.go b/api/restapi/embedded_spec.go
index ffc261a1..2ea83877 100644
--- a/api/restapi/embedded_spec.go
+++ b/api/restapi/embedded_spec.go
@@ -2124,6 +2124,101 @@ func init() {
}
}
},
+ "/config/loadbalancer/hosturl/{hosturl}/externalipaddress/{ip_address}/port/{port}/protocol/{proto}": {
+ "delete": {
+ "description": "Delete an existing load balancer service with .",
+ "summary": "Delete an existing Load balancer service",
+ "parameters": [
+ {
+ "type": "string",
+ "description": "Attributes for load balance service",
+ "name": "hosturl",
+ "in": "path",
+ "required": true
+ },
+ {
+ "type": "string",
+ "description": "Attributes for load balance service",
+ "name": "ip_address",
+ "in": "path",
+ "required": true
+ },
+ {
+ "type": "number",
+ "description": "Attributes for load balance service",
+ "name": "port",
+ "in": "path",
+ "required": true
+ },
+ {
+ "type": "string",
+ "description": "Attributes for load balance service",
+ "name": "proto",
+ "in": "path",
+ "required": true
+ },
+ {
+ "type": "boolean",
+ "description": "option for BGP enable",
+ "name": "bgp",
+ "in": "query"
+ },
+ {
+ "type": "number",
+ "description": "block value if any",
+ "name": "block",
+ "in": "query"
+ }
+ ],
+ "responses": {
+ "204": {
+ "description": "OK"
+ },
+ "400": {
+ "description": "Malformed arguments for API call",
+ "schema": {
+ "$ref": "#/definitions/Error"
+ }
+ },
+ "401": {
+ "description": "Invalid authentication credentials",
+ "schema": {
+ "$ref": "#/definitions/Error"
+ }
+ },
+ "403": {
+ "description": "Capacity insufficient",
+ "schema": {
+ "$ref": "#/definitions/Error"
+ }
+ },
+ "404": {
+ "description": "Resource not found",
+ "schema": {
+ "$ref": "#/definitions/Error"
+ }
+ },
+ "409": {
+ "description": "Resource Conflict. VLAN already exists OR dependency VRF/VNET not found",
+ "schema": {
+ "$ref": "#/definitions/Error"
+ }
+ },
+ "500": {
+ "description": "Internal service error",
+ "schema": {
+ "$ref": "#/definitions/Error"
+ }
+ },
+ "503": {
+ "description": "Maintanence mode",
+ "schema": {
+ "$ref": "#/definitions/Error"
+ }
+ }
+ }
+ }
+ },
"/config/loadbalancer/name/{lb_name}": {
"delete": {
"description": "Delete an existing load balancer service with name.",
@@ -4920,7 +5015,11 @@ func init() {
"format": "uint16"
},
"externalIP": {
- "description": "IP address for externel access",
+ "description": "IP address for external access",
+ "type": "string"
+ },
+ "host": {
+ "description": "Ingress specific host URL path",
"type": "string"
},
"inactiveTimeOut": {
@@ -4954,6 +5053,10 @@ func init() {
"description": "port number for the access",
"type": "integer"
},
+ "privateIP": {
+ "description": "private IP (NAT'd) address for external access",
+ "type": "string"
+ },
"probeRetries": {
"description": "value for probe retries",
"type": "integer",
@@ -5441,7 +5544,7 @@ func init() {
},
"protocol": {
"description": "Route protocol",
- "type": "integer"
+ "type": "string"
},
"statistic": {
"type": "object",
@@ -7732,6 +7835,101 @@ func init() {
}
}
},
+ "/config/loadbalancer/hosturl/{hosturl}/externalipaddress/{ip_address}/port/{port}/protocol/{proto}": {
+ "delete": {
+ "description": "Delete an existing load balancer service with .",
+ "summary": "Delete an existing Load balancer service",
+ "parameters": [
+ {
+ "type": "string",
+ "description": "Attributes for load balance service",
+ "name": "hosturl",
+ "in": "path",
+ "required": true
+ },
+ {
+ "type": "string",
+ "description": "Attributes for load balance service",
+ "name": "ip_address",
+ "in": "path",
+ "required": true
+ },
+ {
+ "type": "number",
+ "description": "Attributes for load balance service",
+ "name": "port",
+ "in": "path",
+ "required": true
+ },
+ {
+ "type": "string",
+ "description": "Attributes for load balance service",
+ "name": "proto",
+ "in": "path",
+ "required": true
+ },
+ {
+ "type": "boolean",
+ "description": "option for BGP enable",
+ "name": "bgp",
+ "in": "query"
+ },
+ {
+ "type": "number",
+ "description": "block value if any",
+ "name": "block",
+ "in": "query"
+ }
+ ],
+ "responses": {
+ "204": {
+ "description": "OK"
+ },
+ "400": {
+ "description": "Malformed arguments for API call",
+ "schema": {
+ "$ref": "#/definitions/Error"
+ }
+ },
+ "401": {
+ "description": "Invalid authentication credentials",
+ "schema": {
+ "$ref": "#/definitions/Error"
+ }
+ },
+ "403": {
+ "description": "Capacity insufficient",
+ "schema": {
+ "$ref": "#/definitions/Error"
+ }
+ },
+ "404": {
+ "description": "Resource not found",
+ "schema": {
+ "$ref": "#/definitions/Error"
+ }
+ },
+ "409": {
+ "description": "Resource Conflict. VLAN already exists OR dependency VRF/VNET not found",
+ "schema": {
+ "$ref": "#/definitions/Error"
+ }
+ },
+ "500": {
+ "description": "Internal service error",
+ "schema": {
+ "$ref": "#/definitions/Error"
+ }
+ },
+ "503": {
+ "description": "Maintanence mode",
+ "schema": {
+ "$ref": "#/definitions/Error"
+ }
+ }
+ }
+ }
+ },
"/config/loadbalancer/name/{lb_name}": {
"delete": {
"description": "Delete an existing load balancer service with name.",
@@ -10957,7 +11155,11 @@ func init() {
"format": "uint16"
},
"externalIP": {
- "description": "IP address for externel access",
+ "description": "IP address for external access",
+ "type": "string"
+ },
+ "host": {
+ "description": "Ingress specific host URL path",
"type": "string"
},
"inactiveTimeOut": {
@@ -10991,6 +11193,10 @@ func init() {
"description": "port number for the access",
"type": "integer"
},
+ "privateIP": {
+ "description": "private IP (NAT'd) address for external access",
+ "type": "string"
+ },
"probeRetries": {
"description": "value for probe retries",
"type": "integer",
@@ -11084,7 +11290,11 @@ func init() {
"format": "uint16"
},
"externalIP": {
- "description": "IP address for externel access",
+ "description": "IP address for external access",
+ "type": "string"
+ },
+ "host": {
+ "description": "Ingress specific host URL path",
"type": "string"
},
"inactiveTimeOut": {
@@ -11118,6 +11328,10 @@ func init() {
"description": "port number for the access",
"type": "integer"
},
+ "privateIP": {
+ "description": "private IP (NAT'd) address for external access",
+ "type": "string"
+ },
"probeRetries": {
"description": "value for probe retries",
"type": "integer",
@@ -11859,7 +12073,7 @@ func init() {
},
"protocol": {
"description": "Route protocol",
- "type": "integer"
+ "type": "string"
},
"statistic": {
"type": "object",
diff --git a/api/restapi/handler/loadbalancer.go b/api/restapi/handler/loadbalancer.go
index c1110b0a..585abdfc 100644
--- a/api/restapi/handler/loadbalancer.go
+++ b/api/restapi/handler/loadbalancer.go
@@ -29,6 +29,7 @@ func ConfigPostLoadbalancer(params operations.PostConfigLoadbalancerParams) midd
var lbRules cmn.LbRuleMod
lbRules.Serv.ServIP = params.Attr.ServiceArguments.ExternalIP
+ lbRules.Serv.PrivateIP = params.Attr.ServiceArguments.PrivateIP
lbRules.Serv.ServPort = uint16(params.Attr.ServiceArguments.Port)
lbRules.Serv.Proto = params.Attr.ServiceArguments.Protocol
lbRules.Serv.BlockNum = params.Attr.ServiceArguments.Block
@@ -47,6 +48,7 @@ func ConfigPostLoadbalancer(params operations.PostConfigLoadbalancerParams) midd
lbRules.Serv.ProbeRetries = int(params.Attr.ServiceArguments.ProbeRetries)
lbRules.Serv.Name = params.Attr.ServiceArguments.Name
lbRules.Serv.Oper = cmn.LBOp(params.Attr.ServiceArguments.Oper)
+ lbRules.Serv.HostUrl = params.Attr.ServiceArguments.Host
if lbRules.Serv.Proto == "sctp" {
for _, data := range params.Attr.SecondaryIPs {
@@ -77,7 +79,7 @@ func ConfigPostLoadbalancer(params operations.PostConfigLoadbalancerParams) midd
return &ResultResponse{Result: "Success"}
}
-func ConfigDeleteLoadbalancer(params operations.DeleteConfigLoadbalancerExternalipaddressIPAddressPortPortProtocolProtoParams) middleware.Responder {
+func ConfigDeleteLoadbalancer(params operations.DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoParams) middleware.Responder {
tk.LogIt(tk.LogDebug, "[API] Load balancer %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL)
var lbServ cmn.LbServiceArg
@@ -85,6 +87,11 @@ func ConfigDeleteLoadbalancer(params operations.DeleteConfigLoadbalancerExternal
lbServ.ServIP = params.IPAddress
lbServ.ServPort = uint16(params.Port)
lbServ.Proto = params.Proto
+ if params.Hosturl == "any" {
+ lbServ.HostUrl = ""
+ } else {
+ lbServ.HostUrl = params.Hosturl
+ }
if params.Block != nil {
lbServ.BlockNum = uint16(*params.Block)
}
@@ -102,6 +109,32 @@ func ConfigDeleteLoadbalancer(params operations.DeleteConfigLoadbalancerExternal
return &ResultResponse{Result: "Success"}
}
+func ConfigDeleteLoadbalancerWithoutPath(params operations.DeleteConfigLoadbalancerExternalipaddressIPAddressPortPortProtocolProtoParams) middleware.Responder {
+ tk.LogIt(tk.LogDebug, "[API] Load balancer %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL)
+
+ var lbServ cmn.LbServiceArg
+ var lbRules cmn.LbRuleMod
+ lbServ.ServIP = params.IPAddress
+ lbServ.ServPort = uint16(params.Port)
+ lbServ.Proto = params.Proto
+ lbServ.HostUrl = ""
+ if params.Block != nil {
+ lbServ.BlockNum = uint16(*params.Block)
+ }
+ if params.Bgp != nil {
+ lbServ.Bgp = *params.Bgp
+ }
+
+ lbRules.Serv = lbServ
+ tk.LogIt(tk.LogDebug, "[API] lbRules (w/o Path): %v\n", lbRules)
+ _, err := ApiHooks.NetLbRuleDel(&lbRules)
+ if err != nil {
+ tk.LogIt(tk.LogDebug, "[API] Error occur : %v\n", err)
+ return &ResultResponse{Result: err.Error()}
+ }
+ return &ResultResponse{Result: "Success"}
+}
+
func ConfigGetLoadbalancer(params operations.GetConfigLoadbalancerAllParams) middleware.Responder {
// Get LB rules
tk.LogIt(tk.LogDebug, "[API] Load balancer %s API called. url : %s\n", params.HTTPRequest.Method, params.HTTPRequest.URL)
@@ -133,6 +166,7 @@ func ConfigGetLoadbalancer(params operations.GetConfigLoadbalancerAllParams) mid
tmpSvc.Probeport = lb.Serv.ProbePort
tmpSvc.Name = lb.Serv.Name
tmpSvc.Snat = lb.Serv.Snat
+ tmpSvc.Host = lb.Serv.HostUrl
tmpLB.ServiceArguments = &tmpSvc
diff --git a/api/restapi/handler/route.go b/api/restapi/handler/route.go
index c911bfe7..7d4515f8 100644
--- a/api/restapi/handler/route.go
+++ b/api/restapi/handler/route.go
@@ -17,13 +17,13 @@ package handler
import (
"fmt"
- "strings"
-
"github.com/go-openapi/runtime/middleware"
"github.com/loxilb-io/loxilb/api/loxinlp"
"github.com/loxilb-io/loxilb/api/models"
"github.com/loxilb-io/loxilb/api/restapi/operations"
tk "github.com/loxilb-io/loxilib"
+ "strconv"
+ "strings"
)
func ConfigPostRoute(params operations.PostConfigRouteParams) middleware.Responder {
@@ -58,7 +58,20 @@ func ConfigGetRoute(params operations.GetConfigRouteAllParams) middleware.Respon
tmpResult.Flags = strings.TrimSpace(route.Flags)
tmpResult.Gateway = route.Gw
tmpResult.HardwareMark = int64(route.HardwareMark)
- tmpResult.Protocol = int64(route.Protocol)
+ protoStr := strconv.Itoa(route.Protocol)
+ switch route.Protocol {
+ case 0:
+ protoStr = "unspec"
+ case 1:
+ protoStr = "redirect"
+ case 2:
+ protoStr = "kernel"
+ case 3:
+ protoStr = "boot"
+ case 4:
+ protoStr = "static"
+ }
+ tmpResult.Protocol = protoStr
tmpResult.Sync = int64(route.Sync)
tmpStats := new(models.RouteGetEntryStatistic)
diff --git a/api/restapi/operations/delete_config_loadbalancer_hosturl_hosturl_externalipaddress_ip_address_port_port_protocol_proto.go b/api/restapi/operations/delete_config_loadbalancer_hosturl_hosturl_externalipaddress_ip_address_port_port_protocol_proto.go
new file mode 100644
index 00000000..d8f7773b
--- /dev/null
+++ b/api/restapi/operations/delete_config_loadbalancer_hosturl_hosturl_externalipaddress_ip_address_port_port_protocol_proto.go
@@ -0,0 +1,58 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package operations
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+ "net/http"
+
+ "github.com/go-openapi/runtime/middleware"
+)
+
+// DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoHandlerFunc turns a function with the right signature into a delete config loadbalancer hosturl hosturl externalipaddress IP address port port protocol proto handler
+type DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoHandlerFunc func(DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoParams) middleware.Responder
+
+// Handle executing the request and returning a response
+func (fn DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoHandlerFunc) Handle(params DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoParams) middleware.Responder {
+ return fn(params)
+}
+
+// DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoHandler interface for that can handle valid delete config loadbalancer hosturl hosturl externalipaddress IP address port port protocol proto params
+type DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoHandler interface {
+ Handle(DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoParams) middleware.Responder
+}
+
+// NewDeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProto creates a new http.Handler for the delete config loadbalancer hosturl hosturl externalipaddress IP address port port protocol proto operation
+func NewDeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProto(ctx *middleware.Context, handler DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoHandler) *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProto {
+ return &DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProto{Context: ctx, Handler: handler}
+}
+
+/*
+ DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProto swagger:route DELETE /config/loadbalancer/hosturl/{hosturl}/externalipaddress/{ip_address}/port/{port}/protocol/{proto} deleteConfigLoadbalancerHosturlHosturlExternalipaddressIpAddressPortPortProtocolProto
+
+# Delete an existing Load balancer service
+
+Delete an existing load balancer service with .
+*/
+type DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProto struct {
+ Context *middleware.Context
+ Handler DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoHandler
+}
+
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProto) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+ route, rCtx, _ := o.Context.RouteInfo(r)
+ if rCtx != nil {
+ *r = *rCtx
+ }
+ var Params = NewDeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoParams()
+ if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
+ o.Context.Respond(rw, r, route.Produces, route, err)
+ return
+ }
+
+ res := o.Handler.Handle(Params) // actually handle the request
+ o.Context.Respond(rw, r, route.Produces, route, res)
+
+}
diff --git a/api/restapi/operations/delete_config_loadbalancer_hosturl_hosturl_externalipaddress_ip_address_port_port_protocol_proto_parameters.go b/api/restapi/operations/delete_config_loadbalancer_hosturl_hosturl_externalipaddress_ip_address_port_port_protocol_proto_parameters.go
new file mode 100644
index 00000000..4caef334
--- /dev/null
+++ b/api/restapi/operations/delete_config_loadbalancer_hosturl_hosturl_externalipaddress_ip_address_port_port_protocol_proto_parameters.go
@@ -0,0 +1,216 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package operations
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+ "net/http"
+
+ "github.com/go-openapi/errors"
+ "github.com/go-openapi/runtime"
+ "github.com/go-openapi/runtime/middleware"
+ "github.com/go-openapi/strfmt"
+ "github.com/go-openapi/swag"
+)
+
+// NewDeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoParams creates a new DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoParams object
+//
+// There are no default values defined in the spec.
+func NewDeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoParams() DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoParams {
+
+ return DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoParams{}
+}
+
+// DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoParams contains all the bound params for the delete config loadbalancer hosturl hosturl externalipaddress IP address port port protocol proto operation
+// typically these are obtained from a http.Request
+//
+// swagger:parameters DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProto
+type DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoParams struct {
+
+ // HTTP Request Object
+ HTTPRequest *http.Request `json:"-"`
+
+ /*option for BGP enable
+ In: query
+ */
+ Bgp *bool
+ /*block value if any
+ In: query
+ */
+ Block *float64
+ /*Attributes for load balance service
+ Required: true
+ In: path
+ */
+ Hosturl string
+ /*Attributes for load balance service
+ Required: true
+ In: path
+ */
+ IPAddress string
+ /*Attributes for load balance service
+ Required: true
+ In: path
+ */
+ Port float64
+ /*Attributes for load balance service
+ Required: true
+ In: path
+ */
+ Proto string
+}
+
+// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
+// for simple values it will use straight method calls.
+//
+// To ensure default values, the struct must have been initialized with NewDeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoParams() beforehand.
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+ var res []error
+
+ o.HTTPRequest = r
+
+ qs := runtime.Values(r.URL.Query())
+
+ qBgp, qhkBgp, _ := qs.GetOK("bgp")
+ if err := o.bindBgp(qBgp, qhkBgp, route.Formats); err != nil {
+ res = append(res, err)
+ }
+
+ qBlock, qhkBlock, _ := qs.GetOK("block")
+ if err := o.bindBlock(qBlock, qhkBlock, route.Formats); err != nil {
+ res = append(res, err)
+ }
+
+ rHosturl, rhkHosturl, _ := route.Params.GetOK("hosturl")
+ if err := o.bindHosturl(rHosturl, rhkHosturl, route.Formats); err != nil {
+ res = append(res, err)
+ }
+
+ rIPAddress, rhkIPAddress, _ := route.Params.GetOK("ip_address")
+ if err := o.bindIPAddress(rIPAddress, rhkIPAddress, route.Formats); err != nil {
+ res = append(res, err)
+ }
+
+ rPort, rhkPort, _ := route.Params.GetOK("port")
+ if err := o.bindPort(rPort, rhkPort, route.Formats); err != nil {
+ res = append(res, err)
+ }
+
+ rProto, rhkProto, _ := route.Params.GetOK("proto")
+ if err := o.bindProto(rProto, rhkProto, route.Formats); err != nil {
+ res = append(res, err)
+ }
+ if len(res) > 0 {
+ return errors.CompositeValidationError(res...)
+ }
+ return nil
+}
+
+// bindBgp binds and validates parameter Bgp from query.
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoParams) bindBgp(rawData []string, hasKey bool, formats strfmt.Registry) error {
+ var raw string
+ if len(rawData) > 0 {
+ raw = rawData[len(rawData)-1]
+ }
+
+ // Required: false
+ // AllowEmptyValue: false
+
+ if raw == "" { // empty values pass all other validations
+ return nil
+ }
+
+ value, err := swag.ConvertBool(raw)
+ if err != nil {
+ return errors.InvalidType("bgp", "query", "bool", raw)
+ }
+ o.Bgp = &value
+
+ return nil
+}
+
+// bindBlock binds and validates parameter Block from query.
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoParams) bindBlock(rawData []string, hasKey bool, formats strfmt.Registry) error {
+ var raw string
+ if len(rawData) > 0 {
+ raw = rawData[len(rawData)-1]
+ }
+
+ // Required: false
+ // AllowEmptyValue: false
+
+ if raw == "" { // empty values pass all other validations
+ return nil
+ }
+
+ value, err := swag.ConvertFloat64(raw)
+ if err != nil {
+ return errors.InvalidType("block", "query", "float64", raw)
+ }
+ o.Block = &value
+
+ return nil
+}
+
+// bindHosturl binds and validates parameter Hosturl from path.
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoParams) bindHosturl(rawData []string, hasKey bool, formats strfmt.Registry) error {
+ var raw string
+ if len(rawData) > 0 {
+ raw = rawData[len(rawData)-1]
+ }
+
+ // Required: true
+ // Parameter is provided by construction from the route
+ o.Hosturl = raw
+
+ return nil
+}
+
+// bindIPAddress binds and validates parameter IPAddress from path.
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoParams) bindIPAddress(rawData []string, hasKey bool, formats strfmt.Registry) error {
+ var raw string
+ if len(rawData) > 0 {
+ raw = rawData[len(rawData)-1]
+ }
+
+ // Required: true
+ // Parameter is provided by construction from the route
+ o.IPAddress = raw
+
+ return nil
+}
+
+// bindPort binds and validates parameter Port from path.
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoParams) bindPort(rawData []string, hasKey bool, formats strfmt.Registry) error {
+ var raw string
+ if len(rawData) > 0 {
+ raw = rawData[len(rawData)-1]
+ }
+
+ // Required: true
+ // Parameter is provided by construction from the route
+
+ value, err := swag.ConvertFloat64(raw)
+ if err != nil {
+ return errors.InvalidType("port", "path", "float64", raw)
+ }
+ o.Port = value
+
+ return nil
+}
+
+// bindProto binds and validates parameter Proto from path.
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoParams) bindProto(rawData []string, hasKey bool, formats strfmt.Registry) error {
+ var raw string
+ if len(rawData) > 0 {
+ raw = rawData[len(rawData)-1]
+ }
+
+ // Required: true
+ // Parameter is provided by construction from the route
+ o.Proto = raw
+
+ return nil
+}
diff --git a/api/restapi/operations/delete_config_loadbalancer_hosturl_hosturl_externalipaddress_ip_address_port_port_protocol_proto_responses.go b/api/restapi/operations/delete_config_loadbalancer_hosturl_hosturl_externalipaddress_ip_address_port_port_protocol_proto_responses.go
new file mode 100644
index 00000000..682cbbf7
--- /dev/null
+++ b/api/restapi/operations/delete_config_loadbalancer_hosturl_hosturl_externalipaddress_ip_address_port_port_protocol_proto_responses.go
@@ -0,0 +1,354 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package operations
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+ "net/http"
+
+ "github.com/go-openapi/runtime"
+
+ "github.com/loxilb-io/loxilb/api/models"
+)
+
+// DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoNoContentCode is the HTTP code returned for type DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoNoContent
+const DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoNoContentCode int = 204
+
+/*
+DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoNoContent OK
+
+swagger:response deleteConfigLoadbalancerHosturlHosturlExternalipaddressIpAddressPortPortProtocolProtoNoContent
+*/
+type DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoNoContent struct {
+}
+
+// NewDeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoNoContent creates DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoNoContent with default headers values
+func NewDeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoNoContent() *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoNoContent {
+
+ return &DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoNoContent{}
+}
+
+// WriteResponse to the client
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoNoContent) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+ rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+ rw.WriteHeader(204)
+}
+
+// DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoBadRequestCode is the HTTP code returned for type DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoBadRequest
+const DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoBadRequestCode int = 400
+
+/*
+DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoBadRequest Malformed arguments for API call
+
+swagger:response deleteConfigLoadbalancerHosturlHosturlExternalipaddressIpAddressPortPortProtocolProtoBadRequest
+*/
+type DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoBadRequest struct {
+
+ /*
+ In: Body
+ */
+ Payload *models.Error `json:"body,omitempty"`
+}
+
+// NewDeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoBadRequest creates DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoBadRequest with default headers values
+func NewDeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoBadRequest() *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoBadRequest {
+
+ return &DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoBadRequest{}
+}
+
+// WithPayload adds the payload to the delete config loadbalancer hosturl hosturl externalipaddress Ip address port port protocol proto bad request response
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoBadRequest) WithPayload(payload *models.Error) *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoBadRequest {
+ o.Payload = payload
+ return o
+}
+
+// SetPayload sets the payload to the delete config loadbalancer hosturl hosturl externalipaddress Ip address port port protocol proto bad request response
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoBadRequest) SetPayload(payload *models.Error) {
+ o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoBadRequest) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+ rw.WriteHeader(400)
+ if o.Payload != nil {
+ payload := o.Payload
+ if err := producer.Produce(rw, payload); err != nil {
+ panic(err) // let the recovery middleware deal with this
+ }
+ }
+}
+
+// DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoUnauthorizedCode is the HTTP code returned for type DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoUnauthorized
+const DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoUnauthorizedCode int = 401
+
+/*
+DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoUnauthorized Invalid authentication credentials
+
+swagger:response deleteConfigLoadbalancerHosturlHosturlExternalipaddressIpAddressPortPortProtocolProtoUnauthorized
+*/
+type DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoUnauthorized struct {
+
+ /*
+ In: Body
+ */
+ Payload *models.Error `json:"body,omitempty"`
+}
+
+// NewDeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoUnauthorized creates DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoUnauthorized with default headers values
+func NewDeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoUnauthorized() *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoUnauthorized {
+
+ return &DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoUnauthorized{}
+}
+
+// WithPayload adds the payload to the delete config loadbalancer hosturl hosturl externalipaddress Ip address port port protocol proto unauthorized response
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoUnauthorized) WithPayload(payload *models.Error) *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoUnauthorized {
+ o.Payload = payload
+ return o
+}
+
+// SetPayload sets the payload to the delete config loadbalancer hosturl hosturl externalipaddress Ip address port port protocol proto unauthorized response
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoUnauthorized) SetPayload(payload *models.Error) {
+ o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoUnauthorized) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+ rw.WriteHeader(401)
+ if o.Payload != nil {
+ payload := o.Payload
+ if err := producer.Produce(rw, payload); err != nil {
+ panic(err) // let the recovery middleware deal with this
+ }
+ }
+}
+
+// DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoForbiddenCode is the HTTP code returned for type DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoForbidden
+const DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoForbiddenCode int = 403
+
+/*
+DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoForbidden Capacity insufficient
+
+swagger:response deleteConfigLoadbalancerHosturlHosturlExternalipaddressIpAddressPortPortProtocolProtoForbidden
+*/
+type DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoForbidden struct {
+
+ /*
+ In: Body
+ */
+ Payload *models.Error `json:"body,omitempty"`
+}
+
+// NewDeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoForbidden creates DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoForbidden with default headers values
+func NewDeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoForbidden() *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoForbidden {
+
+ return &DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoForbidden{}
+}
+
+// WithPayload adds the payload to the delete config loadbalancer hosturl hosturl externalipaddress Ip address port port protocol proto forbidden response
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoForbidden) WithPayload(payload *models.Error) *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoForbidden {
+ o.Payload = payload
+ return o
+}
+
+// SetPayload sets the payload to the delete config loadbalancer hosturl hosturl externalipaddress Ip address port port protocol proto forbidden response
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoForbidden) SetPayload(payload *models.Error) {
+ o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoForbidden) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+ rw.WriteHeader(403)
+ if o.Payload != nil {
+ payload := o.Payload
+ if err := producer.Produce(rw, payload); err != nil {
+ panic(err) // let the recovery middleware deal with this
+ }
+ }
+}
+
+// DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoNotFoundCode is the HTTP code returned for type DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoNotFound
+const DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoNotFoundCode int = 404
+
+/*
+DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoNotFound Resource not found
+
+swagger:response deleteConfigLoadbalancerHosturlHosturlExternalipaddressIpAddressPortPortProtocolProtoNotFound
+*/
+type DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoNotFound struct {
+
+ /*
+ In: Body
+ */
+ Payload *models.Error `json:"body,omitempty"`
+}
+
+// NewDeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoNotFound creates DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoNotFound with default headers values
+func NewDeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoNotFound() *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoNotFound {
+
+ return &DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoNotFound{}
+}
+
+// WithPayload adds the payload to the delete config loadbalancer hosturl hosturl externalipaddress Ip address port port protocol proto not found response
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoNotFound) WithPayload(payload *models.Error) *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoNotFound {
+ o.Payload = payload
+ return o
+}
+
+// SetPayload sets the payload to the delete config loadbalancer hosturl hosturl externalipaddress Ip address port port protocol proto not found response
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoNotFound) SetPayload(payload *models.Error) {
+ o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoNotFound) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+ rw.WriteHeader(404)
+ if o.Payload != nil {
+ payload := o.Payload
+ if err := producer.Produce(rw, payload); err != nil {
+ panic(err) // let the recovery middleware deal with this
+ }
+ }
+}
+
+// DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoConflictCode is the HTTP code returned for type DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoConflict
+const DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoConflictCode int = 409
+
+/*
+DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoConflict Resource Conflict. VLAN already exists OR dependency VRF/VNET not found
+
+swagger:response deleteConfigLoadbalancerHosturlHosturlExternalipaddressIpAddressPortPortProtocolProtoConflict
+*/
+type DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoConflict struct {
+
+ /*
+ In: Body
+ */
+ Payload *models.Error `json:"body,omitempty"`
+}
+
+// NewDeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoConflict creates DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoConflict with default headers values
+func NewDeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoConflict() *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoConflict {
+
+ return &DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoConflict{}
+}
+
+// WithPayload adds the payload to the delete config loadbalancer hosturl hosturl externalipaddress Ip address port port protocol proto conflict response
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoConflict) WithPayload(payload *models.Error) *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoConflict {
+ o.Payload = payload
+ return o
+}
+
+// SetPayload sets the payload to the delete config loadbalancer hosturl hosturl externalipaddress Ip address port port protocol proto conflict response
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoConflict) SetPayload(payload *models.Error) {
+ o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoConflict) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+ rw.WriteHeader(409)
+ if o.Payload != nil {
+ payload := o.Payload
+ if err := producer.Produce(rw, payload); err != nil {
+ panic(err) // let the recovery middleware deal with this
+ }
+ }
+}
+
+// DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoInternalServerErrorCode is the HTTP code returned for type DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoInternalServerError
+const DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoInternalServerErrorCode int = 500
+
+/*
+DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoInternalServerError Internal service error
+
+swagger:response deleteConfigLoadbalancerHosturlHosturlExternalipaddressIpAddressPortPortProtocolProtoInternalServerError
+*/
+type DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoInternalServerError struct {
+
+ /*
+ In: Body
+ */
+ Payload *models.Error `json:"body,omitempty"`
+}
+
+// NewDeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoInternalServerError creates DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoInternalServerError with default headers values
+func NewDeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoInternalServerError() *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoInternalServerError {
+
+ return &DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoInternalServerError{}
+}
+
+// WithPayload adds the payload to the delete config loadbalancer hosturl hosturl externalipaddress Ip address port port protocol proto internal server error response
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoInternalServerError) WithPayload(payload *models.Error) *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoInternalServerError {
+ o.Payload = payload
+ return o
+}
+
+// SetPayload sets the payload to the delete config loadbalancer hosturl hosturl externalipaddress Ip address port port protocol proto internal server error response
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoInternalServerError) SetPayload(payload *models.Error) {
+ o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoInternalServerError) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+ rw.WriteHeader(500)
+ if o.Payload != nil {
+ payload := o.Payload
+ if err := producer.Produce(rw, payload); err != nil {
+ panic(err) // let the recovery middleware deal with this
+ }
+ }
+}
+
+// DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoServiceUnavailableCode is the HTTP code returned for type DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoServiceUnavailable
+const DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoServiceUnavailableCode int = 503
+
+/*
+DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoServiceUnavailable Maintanence mode
+
+swagger:response deleteConfigLoadbalancerHosturlHosturlExternalipaddressIpAddressPortPortProtocolProtoServiceUnavailable
+*/
+type DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoServiceUnavailable struct {
+
+ /*
+ In: Body
+ */
+ Payload *models.Error `json:"body,omitempty"`
+}
+
+// NewDeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoServiceUnavailable creates DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoServiceUnavailable with default headers values
+func NewDeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoServiceUnavailable() *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoServiceUnavailable {
+
+ return &DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoServiceUnavailable{}
+}
+
+// WithPayload adds the payload to the delete config loadbalancer hosturl hosturl externalipaddress Ip address port port protocol proto service unavailable response
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoServiceUnavailable) WithPayload(payload *models.Error) *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoServiceUnavailable {
+ o.Payload = payload
+ return o
+}
+
+// SetPayload sets the payload to the delete config loadbalancer hosturl hosturl externalipaddress Ip address port port protocol proto service unavailable response
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoServiceUnavailable) SetPayload(payload *models.Error) {
+ o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoServiceUnavailable) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+ rw.WriteHeader(503)
+ if o.Payload != nil {
+ payload := o.Payload
+ if err := producer.Produce(rw, payload); err != nil {
+ panic(err) // let the recovery middleware deal with this
+ }
+ }
+}
diff --git a/api/restapi/operations/delete_config_loadbalancer_hosturl_hosturl_externalipaddress_ip_address_port_port_protocol_proto_urlbuilder.go b/api/restapi/operations/delete_config_loadbalancer_hosturl_hosturl_externalipaddress_ip_address_port_port_protocol_proto_urlbuilder.go
new file mode 100644
index 00000000..f6e9f09e
--- /dev/null
+++ b/api/restapi/operations/delete_config_loadbalancer_hosturl_hosturl_externalipaddress_ip_address_port_port_protocol_proto_urlbuilder.go
@@ -0,0 +1,148 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package operations
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+ "errors"
+ "net/url"
+ golangswaggerpaths "path"
+ "strings"
+
+ "github.com/go-openapi/swag"
+)
+
+// DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoURL generates an URL for the delete config loadbalancer hosturl hosturl externalipaddress IP address port port protocol proto operation
+type DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoURL struct {
+ Hosturl string
+ IPAddress string
+ Port float64
+ Proto string
+
+ Bgp *bool
+ Block *float64
+
+ _basePath string
+ // avoid unkeyed usage
+ _ struct{}
+}
+
+// WithBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoURL) WithBasePath(bp string) *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoURL {
+ o.SetBasePath(bp)
+ return o
+}
+
+// SetBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoURL) SetBasePath(bp string) {
+ o._basePath = bp
+}
+
+// Build a url path and query string
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoURL) Build() (*url.URL, error) {
+ var _result url.URL
+
+ var _path = "/config/loadbalancer/hosturl/{hosturl}/externalipaddress/{ip_address}/port/{port}/protocol/{proto}"
+
+ hosturl := o.Hosturl
+ if hosturl != "" {
+ _path = strings.Replace(_path, "{hosturl}", hosturl, -1)
+ } else {
+ return nil, errors.New("hosturl is required on DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoURL")
+ }
+
+ iPAddress := o.IPAddress
+ if iPAddress != "" {
+ _path = strings.Replace(_path, "{ip_address}", iPAddress, -1)
+ } else {
+ return nil, errors.New("ipAddress is required on DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoURL")
+ }
+
+ port := swag.FormatFloat64(o.Port)
+ if port != "" {
+ _path = strings.Replace(_path, "{port}", port, -1)
+ } else {
+ return nil, errors.New("port is required on DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoURL")
+ }
+
+ proto := o.Proto
+ if proto != "" {
+ _path = strings.Replace(_path, "{proto}", proto, -1)
+ } else {
+ return nil, errors.New("proto is required on DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoURL")
+ }
+
+ _basePath := o._basePath
+ if _basePath == "" {
+ _basePath = "/netlox/v1"
+ }
+ _result.Path = golangswaggerpaths.Join(_basePath, _path)
+
+ qs := make(url.Values)
+
+ var bgpQ string
+ if o.Bgp != nil {
+ bgpQ = swag.FormatBool(*o.Bgp)
+ }
+ if bgpQ != "" {
+ qs.Set("bgp", bgpQ)
+ }
+
+ var blockQ string
+ if o.Block != nil {
+ blockQ = swag.FormatFloat64(*o.Block)
+ }
+ if blockQ != "" {
+ qs.Set("block", blockQ)
+ }
+
+ _result.RawQuery = qs.Encode()
+
+ return &_result, nil
+}
+
+// Must is a helper function to panic when the url builder returns an error
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoURL) Must(u *url.URL, err error) *url.URL {
+ if err != nil {
+ panic(err)
+ }
+ if u == nil {
+ panic("url can't be nil")
+ }
+ return u
+}
+
+// String returns the string representation of the path with query string
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoURL) String() string {
+ return o.Must(o.Build()).String()
+}
+
+// BuildFull builds a full url with scheme, host, path and query string
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoURL) BuildFull(scheme, host string) (*url.URL, error) {
+ if scheme == "" {
+ return nil, errors.New("scheme is required for a full url on DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoURL")
+ }
+ if host == "" {
+ return nil, errors.New("host is required for a full url on DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoURL")
+ }
+
+ base, err := o.Build()
+ if err != nil {
+ return nil, err
+ }
+
+ base.Scheme = scheme
+ base.Host = host
+ return base, nil
+}
+
+// StringFull returns the string representation of a complete url
+func (o *DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoURL) StringFull(scheme, host string) string {
+ return o.Must(o.BuildFull(scheme, host)).String()
+}
diff --git a/api/restapi/operations/loxilb_rest_api_api.go b/api/restapi/operations/loxilb_rest_api_api.go
index 088e4243..4d0909b7 100644
--- a/api/restapi/operations/loxilb_rest_api_api.go
+++ b/api/restapi/operations/loxilb_rest_api_api.go
@@ -75,6 +75,9 @@ func NewLoxilbRestAPIAPI(spec *loads.Document) *LoxilbRestAPIAPI {
DeleteConfigLoadbalancerExternalipaddressIPAddressPortPortProtocolProtoHandler: DeleteConfigLoadbalancerExternalipaddressIPAddressPortPortProtocolProtoHandlerFunc(func(params DeleteConfigLoadbalancerExternalipaddressIPAddressPortPortProtocolProtoParams) middleware.Responder {
return middleware.NotImplemented("operation DeleteConfigLoadbalancerExternalipaddressIPAddressPortPortProtocolProto has not yet been implemented")
}),
+ DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoHandler: DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoHandlerFunc(func(params DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoParams) middleware.Responder {
+ return middleware.NotImplemented("operation DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProto has not yet been implemented")
+ }),
DeleteConfigLoadbalancerNameLbNameHandler: DeleteConfigLoadbalancerNameLbNameHandlerFunc(func(params DeleteConfigLoadbalancerNameLbNameParams) middleware.Responder {
return middleware.NotImplemented("operation DeleteConfigLoadbalancerNameLbName has not yet been implemented")
}),
@@ -310,6 +313,8 @@ type LoxilbRestAPIAPI struct {
DeleteConfigLoadbalancerAllHandler DeleteConfigLoadbalancerAllHandler
// DeleteConfigLoadbalancerExternalipaddressIPAddressPortPortProtocolProtoHandler sets the operation handler for the delete config loadbalancer externalipaddress IP address port port protocol proto operation
DeleteConfigLoadbalancerExternalipaddressIPAddressPortPortProtocolProtoHandler DeleteConfigLoadbalancerExternalipaddressIPAddressPortPortProtocolProtoHandler
+ // DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoHandler sets the operation handler for the delete config loadbalancer hosturl hosturl externalipaddress IP address port port protocol proto operation
+ DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoHandler DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoHandler
// DeleteConfigLoadbalancerNameLbNameHandler sets the operation handler for the delete config loadbalancer name lb name operation
DeleteConfigLoadbalancerNameLbNameHandler DeleteConfigLoadbalancerNameLbNameHandler
// DeleteConfigMirrorIdentIdentHandler sets the operation handler for the delete config mirror ident ident operation
@@ -538,6 +543,9 @@ func (o *LoxilbRestAPIAPI) Validate() error {
if o.DeleteConfigLoadbalancerExternalipaddressIPAddressPortPortProtocolProtoHandler == nil {
unregistered = append(unregistered, "DeleteConfigLoadbalancerExternalipaddressIPAddressPortPortProtocolProtoHandler")
}
+ if o.DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoHandler == nil {
+ unregistered = append(unregistered, "DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoHandler")
+ }
if o.DeleteConfigLoadbalancerNameLbNameHandler == nil {
unregistered = append(unregistered, "DeleteConfigLoadbalancerNameLbNameHandler")
}
@@ -850,6 +858,10 @@ func (o *LoxilbRestAPIAPI) initHandlerCache() {
if o.handlers["DELETE"] == nil {
o.handlers["DELETE"] = make(map[string]http.Handler)
}
+ o.handlers["DELETE"]["/config/loadbalancer/hosturl/{hosturl}/externalipaddress/{ip_address}/port/{port}/protocol/{proto}"] = NewDeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProto(o.context, o.DeleteConfigLoadbalancerHosturlHosturlExternalipaddressIPAddressPortPortProtocolProtoHandler)
+ if o.handlers["DELETE"] == nil {
+ o.handlers["DELETE"] = make(map[string]http.Handler)
+ }
o.handlers["DELETE"]["/config/loadbalancer/name/{lb_name}"] = NewDeleteConfigLoadbalancerNameLbName(o.context, o.DeleteConfigLoadbalancerNameLbNameHandler)
if o.handlers["DELETE"] == nil {
o.handlers["DELETE"] = make(map[string]http.Handler)
diff --git a/api/restapi/server.go b/api/restapi/server.go
index c61df9e2..97f5e78d 100644
--- a/api/restapi/server.go
+++ b/api/restapi/server.go
@@ -8,7 +8,6 @@ import (
"crypto/x509"
"errors"
"fmt"
- "github.com/loxilb-io/loxilb/options"
"log"
"net"
"net/http"
@@ -26,6 +25,7 @@ import (
"golang.org/x/net/netutil"
"github.com/loxilb-io/loxilb/api/restapi/operations"
+ "github.com/loxilb-io/loxilb/options"
)
const (
@@ -82,7 +82,7 @@ type Server struct {
ListenLimit int `long:"listen-limit" description:"limit the number of outstanding requests"`
KeepAlive time.Duration `long:"keep-alive" description:"sets the TCP keep-alive timeouts on accepted connections. It prunes dead TCP connections ( e.g. closing laptop mid-download)" default:"3m"`
ReadTimeout time.Duration `long:"read-timeout" description:"maximum duration before timing out read of the request" default:"30s"`
- WriteTimeout time.Duration `long:"write-timeout" description:"maximum duration before timing out write of the response" default:"60s"`
+ WriteTimeout time.Duration `long:"write-timeout" description:"maximum duration before timing out write of the response" default:"30s"`
httpServerL net.Listener
TLSHost string `long:"tls-host" description:"the IP to listen on for tls, when not specified it's the same as --host" env:"TLS_HOST"`
diff --git a/api/swagger.yml b/api/swagger.yml
index adca60e6..2e930bfe 100644
--- a/api/swagger.yml
+++ b/api/swagger.yml
@@ -234,6 +234,71 @@ paths:
description: Maintanence mode
schema:
$ref: '#/definitions/Error'
+ '/config/loadbalancer/hosturl/{hosturl}/externalipaddress/{ip_address}/port/{port}/protocol/{proto}':
+ delete:
+ summary: Delete an existing Load balancer service
+ description: Delete an existing load balancer service with .
+ parameters:
+ - name: hosturl
+ in: path
+ type: string
+ required: true
+ description: Attributes for load balance service
+ - name: ip_address
+ in: path
+ type: string
+ required: true
+ description: Attributes for load balance service
+ - name: port
+ in: path
+ type: number
+ required: true
+ description: Attributes for load balance service
+ - name: proto
+ in: path
+ type: string
+ required: true
+ description: Attributes for load balance service
+ - name: bgp
+ in: query
+ type: boolean
+ description: option for BGP enable
+ - name: block
+ in: query
+ type: number
+ required: false
+ description: block value if any
+ responses:
+ '204':
+ description: OK
+ '400':
+ description: Malformed arguments for API call
+ schema:
+ $ref: '#/definitions/Error'
+ '401':
+ description: Invalid authentication credentials
+ schema:
+ $ref: '#/definitions/Error'
+ '403':
+ description: Capacity insufficient
+ schema:
+ $ref: '#/definitions/Error'
+ '404':
+ description: Resource not found
+ schema:
+ $ref: '#/definitions/Error'
+ '409':
+ description: Resource Conflict. VLAN already exists OR dependency VRF/VNET not found
+ schema:
+ $ref: '#/definitions/Error'
+ '500':
+ description: Internal service error
+ schema:
+ $ref: '#/definitions/Error'
+ '503':
+ description: Maintanence mode
+ schema:
+ $ref: '#/definitions/Error'
#----------------------------------------------
# Conntrack
#----------------------------------------------
@@ -2835,7 +2900,10 @@ definitions:
properties:
externalIP:
type: string
- description: IP address for externel access
+ description: IP address for external access
+ privateIP:
+ type: string
+ description: private IP (NAT'd) address for external access
port:
type: integer
description: port number for the access
@@ -2901,6 +2969,9 @@ definitions:
type: integer
format: int32
description: end-point specific op (0-create, 1-attachEP, 2-detachEP)
+ host:
+ type: string
+ description: Ingress specific host URL path
endpoints:
type: array
@@ -2958,7 +3029,7 @@ definitions:
type: integer
description: index of the route
protocol:
- type: integer
+ type: string
description: Route protocol
flags:
type: string
diff --git a/cicd/common.sh b/cicd/common.sh
index fcf7ea8e..619a1c36 100644
--- a/cicd/common.sh
+++ b/cicd/common.sh
@@ -16,6 +16,7 @@ hostdocker="ghcr.io/loxilb-io/nettest:latest"
cluster_opts=""
extra_opts=""
ka_opts=""
+docker_extra_opts=""
#var=$(lsb_release -r | cut -f2)
#if [[ $var == *"22.04"* ]];then
# lxdocker="ghcr.io/loxilb-io/loxilb:latestu22"
@@ -76,7 +77,7 @@ spawn_docker_host() {
fi
shift 2
;;
- -d | --ka-config )
+ -n | --ka-config )
kpath="$2"
if [[ -z ${ka+x} ]]; then
ka="in"
@@ -87,6 +88,10 @@ spawn_docker_host() {
extra_opts="$2"
shift 2
;;
+ -x | --docker-args)
+ docker_extra_opts="$2"
+ shift 2
+ ;;
-*|--*)
echo "Unknown option $1"
exit
@@ -109,11 +114,11 @@ spawn_docker_host() {
fi
if [[ ! -z ${ka+x} ]]; then
sudo mkdir -p /etc/shared/$dname/
- docker run -u root --cap-add SYS_ADMIN --restart unless-stopped --privileged -dt --pid=host --cgroupns=host --entrypoint /bin/bash $bgp_conf -v /dev/log:/dev/log -v /etc/shared/$dname:/etc/shared $loxilb_config --name $dname $lxdocker
+ docker run -u root --cap-add SYS_ADMIN --restart unless-stopped --privileged -dt $docker_extra_opts --entrypoint /bin/bash $bgp_conf -v /dev/log:/dev/log -v /etc/shared/$dname:/etc/shared $loxilb_config --name $dname $lxdocker
get_llb_peerIP $dname
docker exec -dt $dname /root/loxilb-io/loxilb/loxilb $bgp_opts $cluster_opts $ka_opts $extra_opts
else
- docker run -u root --cap-add SYS_ADMIN --restart unless-stopped --privileged -dt --pid=host --cgroupns=host --entrypoint /bin/bash $bgp_conf -v /dev/log:/dev/log $loxilb_config --name $dname $lxdocker $bgp_opts
+ docker run -u root --cap-add SYS_ADMIN --restart unless-stopped --privileged -dt $docker_extra_opts --entrypoint /bin/bash $bgp_conf -v /dev/log:/dev/log $loxilb_config --name $dname $lxdocker $bgp_opts
docker exec -dt $dname /root/loxilb-io/loxilb/loxilb $bgp_opts $cluster_opts $extra_opts
fi
elif [[ "$dtype" == "host" ]]; then
@@ -552,8 +557,12 @@ function create_lb_rule() {
echo "$1: loxicmd create lb ${args[*]}"
$dexec $1 loxicmd create lb ${args[*]}
- hook=$($dexec llb1 ntc filter show dev eth0 ingress | grep tc_packet_hook)
- if [[ $hook != *"tc_packet_hook"* ]]; then
+ if [[ ${args[*]} == *"--mode=fullproxy"* ]]; then
+ return
+ fi
+
+ hook=$($dexec llb1 tc filter show dev eth0 ingress | grep tc_packet_func)
+ if [[ $hook != *"tc_packet_func"* ]]; then
echo "ERROR : No hook point found";
exit 1
fi
diff --git a/cicd/common/tcp_https_server.js b/cicd/common/tcp_https_server.js
new file mode 100644
index 00000000..678063cf
--- /dev/null
+++ b/cicd/common/tcp_https_server.js
@@ -0,0 +1,17 @@
+// tcp_https_server.js
+
+var certdir = "./"
+if (process.argv[3]) {
+ certdir = process.argv[3]
+}
+const https = require('https');
+const fs = require('fs');
+
+https.createServer({
+ cert: fs.readFileSync(certdir + '/server.crt'),
+ key: fs.readFileSync(certdir + '/server.key')
+}, (req, res) => {
+ res.writeHead(200);
+ res.end(process.argv[2]);
+}).listen(8080);
+console.log("Server listening on https://localhost:8080/");
diff --git a/cicd/docker-k0s-lb/common.sh b/cicd/docker-k0s-lb/common.sh
index 87d08bd5..01c5a55a 100755
--- a/cicd/docker-k0s-lb/common.sh
+++ b/cicd/docker-k0s-lb/common.sh
@@ -532,8 +532,8 @@ function create_lb_rule() {
echo "$1: loxicmd create lb ${args[*]}"
$dexec $1 loxicmd create lb ${args[*]}
- hook=$($dexec llb1 ntc filter show dev eth0 ingress | grep tc_packet_hook)
- if [[ $hook != *"tc_packet_hook"* ]]; then
+ hook=$($dexec llb1 tc filter show dev eth0 ingress | grep tc_packet_func)
+ if [[ $hook != *"tc_packet_func"* ]]; then
echo "ERROR : No hook point found";
exit 1
fi
diff --git a/cicd/docker-k3s-calico/common.sh b/cicd/docker-k3s-calico/common.sh
index b82f6e0e..ea119602 100644
--- a/cicd/docker-k3s-calico/common.sh
+++ b/cicd/docker-k3s-calico/common.sh
@@ -536,8 +536,8 @@ function create_lb_rule() {
echo "$1: loxicmd create lb ${args[*]}"
$dexec $1 loxicmd create lb ${args[*]}
- hook=$($dexec llb1 ntc filter show dev eth0 ingress | grep tc_packet_hook)
- if [[ $hook != *"tc_packet_hook"* ]]; then
+ hook=$($dexec llb1 tc filter show dev eth0 ingress | grep tc_packet_func)
+ if [[ $hook != *"tc_packet_func"* ]]; then
echo "ERROR : No hook point found";
exit 1
fi
diff --git a/cicd/docker-k3s-cilium/common.sh b/cicd/docker-k3s-cilium/common.sh
index b82f6e0e..ea119602 100644
--- a/cicd/docker-k3s-cilium/common.sh
+++ b/cicd/docker-k3s-cilium/common.sh
@@ -536,8 +536,8 @@ function create_lb_rule() {
echo "$1: loxicmd create lb ${args[*]}"
$dexec $1 loxicmd create lb ${args[*]}
- hook=$($dexec llb1 ntc filter show dev eth0 ingress | grep tc_packet_hook)
- if [[ $hook != *"tc_packet_hook"* ]]; then
+ hook=$($dexec llb1 tc filter show dev eth0 ingress | grep tc_packet_func)
+ if [[ $hook != *"tc_packet_func"* ]]; then
echo "ERROR : No hook point found";
exit 1
fi
diff --git a/cicd/docker-k3s-lb/common.sh b/cicd/docker-k3s-lb/common.sh
index b82f6e0e..ea119602 100644
--- a/cicd/docker-k3s-lb/common.sh
+++ b/cicd/docker-k3s-lb/common.sh
@@ -536,8 +536,8 @@ function create_lb_rule() {
echo "$1: loxicmd create lb ${args[*]}"
$dexec $1 loxicmd create lb ${args[*]}
- hook=$($dexec llb1 ntc filter show dev eth0 ingress | grep tc_packet_hook)
- if [[ $hook != *"tc_packet_hook"* ]]; then
+ hook=$($dexec llb1 tc filter show dev eth0 ingress | grep tc_packet_func)
+ if [[ $hook != *"tc_packet_func"* ]]; then
echo "ERROR : No hook point found";
exit 1
fi
diff --git a/cicd/e2ehttpsproxy/config.sh b/cicd/e2ehttpsproxy/config.sh
new file mode 100755
index 00000000..50ad10c8
--- /dev/null
+++ b/cicd/e2ehttpsproxy/config.sh
@@ -0,0 +1,53 @@
+#!/bin/bash
+
+source ../common.sh
+
+echo "#########################################"
+echo "Spawning all hosts"
+echo "#########################################"
+
+spawn_docker_host --dock-type loxilb --dock-name llb1 --extra-args "--proxyonlymode"
+spawn_docker_host --dock-type host --dock-name l3h1
+spawn_docker_host --dock-type host --dock-name l3ep1
+spawn_docker_host --dock-type host --dock-name l3ep2
+spawn_docker_host --dock-type host --dock-name l3ep3
+
+echo "#########################################"
+echo "Connecting and configuring hosts"
+echo "#########################################"
+
+
+connect_docker_hosts l3h1 llb1
+connect_docker_hosts l3ep1 llb1
+connect_docker_hosts l3ep2 llb1
+connect_docker_hosts l3ep3 llb1
+
+sleep 5
+
+#L3 config
+config_docker_host --host1 l3h1 --host2 llb1 --ptype phy --addr 10.10.10.1/24 --gw 10.10.10.254
+config_docker_host --host1 l3ep1 --host2 llb1 --ptype phy --addr 31.31.31.1/24 --gw 31.31.31.254
+config_docker_host --host1 l3ep2 --host2 llb1 --ptype phy --addr 32.32.32.1/24 --gw 32.32.32.254
+config_docker_host --host1 l3ep3 --host2 llb1 --ptype phy --addr 33.33.33.1/24 --gw 33.33.33.254
+config_docker_host --host1 llb1 --host2 l3h1 --ptype phy --addr 10.10.10.254/24
+config_docker_host --host1 llb1 --host2 l3ep1 --ptype phy --addr 31.31.31.254/24
+config_docker_host --host1 llb1 --host2 l3ep2 --ptype phy --addr 32.32.32.254/24
+config_docker_host --host1 llb1 --host2 l3ep3 --ptype phy --addr 33.33.33.254/24
+
+$dexec llb1 ip addr add 10.10.10.3/32 dev lo
+
+#Prepare certificates
+rm -fr 10.10.10.254
+rm -fr loxilb.io
+rm -fr minica*.pem
+./minica -ip-addresses 10.10.10.254
+./minica -domains loxilb.io
+mv loxilb.io/cert.pem loxilb.io/server.crt
+mv loxilb.io/key.pem loxilb.io/server.key
+
+docker cp minica.pem llb1:/opt/loxilb/cert/rootCA.crt
+docker cp 10.10.10.254/cert.pem llb1:/opt/loxilb/cert/server.crt
+docker cp 10.10.10.254/key.pem llb1:/opt/loxilb/cert/server.key
+
+sleep 5
+create_lb_rule llb1 10.10.10.254 --tcp=2020:8080 --endpoints=31.31.31.1:1,32.32.32.1:1,33.33.33.1:1 --mode=fullproxy --security=e2ehttps --host=loxilb.io
diff --git a/cicd/e2ehttpsproxy/minica b/cicd/e2ehttpsproxy/minica
new file mode 100755
index 00000000..a152b166
Binary files /dev/null and b/cicd/e2ehttpsproxy/minica differ
diff --git a/cicd/e2ehttpsproxy/rmconfig.sh b/cicd/e2ehttpsproxy/rmconfig.sh
new file mode 100755
index 00000000..9ea80577
--- /dev/null
+++ b/cicd/e2ehttpsproxy/rmconfig.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+source ../common.sh
+
+disconnect_docker_hosts l3h1 llb1
+disconnect_docker_hosts l3ep1 llb1
+disconnect_docker_hosts l3ep2 llb1
+disconnect_docker_hosts l3ep3 llb1
+
+delete_docker_host llb1
+delete_docker_host l3h1
+delete_docker_host l3ep1
+delete_docker_host l3ep2
+delete_docker_host l3ep3
+
+echo "#########################################"
+echo "Deleted testbed"
+echo "#########################################"
diff --git a/cicd/e2ehttpsproxy/validation.sh b/cicd/e2ehttpsproxy/validation.sh
new file mode 100755
index 00000000..c9a3d00e
--- /dev/null
+++ b/cicd/e2ehttpsproxy/validation.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+source ../common.sh
+echo SCENARIO-e2ehttps-tcplb
+$hexec l3ep1 node ../common/tcp_https_server.js server1 loxilb.io &
+$hexec l3ep2 node ../common/tcp_https_server.js server2 loxilb.io &
+$hexec l3ep3 node ../common/tcp_https_server.js server3 loxilb.io &
+
+sleep 5
+code=0
+servIP=( "10.10.10.254" )
+servArr=( "server1" "server2" "server3" )
+ep=( "31.31.31.1" "32.32.32.1" "33.33.33.1" )
+j=0
+waitCount=0
+
+for k in {0..0}
+do
+echo "Testing Service IP: ${servIP[k]}"
+lcode=0
+for i in {1..4}
+do
+for j in {0..2}
+do
+ res=$($hexec l3h1 curl --max-time 10 -H "Application/json" -H "Content-type: application/json" -H "HOST: loxilb.io" --insecure -s https://${servIP[k]}:2020)
+ echo $res
+ if [[ $res != "${servArr[j]}" ]]
+ then
+ lcode=1
+ fi
+ sleep 1
+done
+done
+if [[ $lcode == 0 ]]
+then
+ echo SCENARIO-e2ehttps-tcplb with ${servIP[k]} [OK]
+else
+ echo SCENARIO-e2ehttps-tcplb with ${servIP[k]} [FAILED]
+ code=1
+fi
+done
+
+sudo killall -9 node 2>&1 > /dev/null
+exit $code
diff --git a/cicd/httpproxy/config.sh b/cicd/httpproxy/config.sh
new file mode 100644
index 00000000..51ef2cea
--- /dev/null
+++ b/cicd/httpproxy/config.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+source ../common.sh
+
+echo "#########################################"
+echo "Spawning all hosts"
+echo "#########################################"
+
+spawn_docker_host --dock-type loxilb --dock-name llb1
+spawn_docker_host --dock-type host --dock-name l3h1
+spawn_docker_host --dock-type host --dock-name l3ep1
+spawn_docker_host --dock-type host --dock-name l3ep2
+spawn_docker_host --dock-type host --dock-name l3ep3
+
+echo "#########################################"
+echo "Connecting and configuring hosts"
+echo "#########################################"
+
+
+connect_docker_hosts l3h1 llb1
+connect_docker_hosts l3ep1 llb1
+connect_docker_hosts l3ep2 llb1
+connect_docker_hosts l3ep3 llb1
+
+sleep 5
+
+#L3 config
+config_docker_host --host1 l3h1 --host2 llb1 --ptype phy --addr 10.10.10.1/24 --gw 10.10.10.254
+config_docker_host --host1 l3ep1 --host2 llb1 --ptype phy --addr 31.31.31.1/24 --gw 31.31.31.254
+config_docker_host --host1 l3ep2 --host2 llb1 --ptype phy --addr 32.32.32.1/24 --gw 32.32.32.254
+config_docker_host --host1 l3ep3 --host2 llb1 --ptype phy --addr 33.33.33.1/24 --gw 33.33.33.254
+config_docker_host --host1 llb1 --host2 l3h1 --ptype phy --addr 10.10.10.254/24
+config_docker_host --host1 llb1 --host2 l3ep1 --ptype phy --addr 31.31.31.254/24
+config_docker_host --host1 llb1 --host2 l3ep2 --ptype phy --addr 32.32.32.254/24
+config_docker_host --host1 llb1 --host2 l3ep3 --ptype phy --addr 33.33.33.254/24
+
+sleep 5
+create_lb_rule llb1 10.10.10.254 --tcp=2020:8080 --endpoints=31.31.31.1:1,32.32.32.1:1,33.33.33.1:1 --mode=fullproxy
diff --git a/cicd/httpproxy/rmconfig.sh b/cicd/httpproxy/rmconfig.sh
new file mode 100644
index 00000000..9ea80577
--- /dev/null
+++ b/cicd/httpproxy/rmconfig.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+source ../common.sh
+
+disconnect_docker_hosts l3h1 llb1
+disconnect_docker_hosts l3ep1 llb1
+disconnect_docker_hosts l3ep2 llb1
+disconnect_docker_hosts l3ep3 llb1
+
+delete_docker_host llb1
+delete_docker_host l3h1
+delete_docker_host l3ep1
+delete_docker_host l3ep2
+delete_docker_host l3ep3
+
+echo "#########################################"
+echo "Deleted testbed"
+echo "#########################################"
diff --git a/cicd/httpproxy/validation.sh b/cicd/httpproxy/validation.sh
new file mode 100644
index 00000000..356e0755
--- /dev/null
+++ b/cicd/httpproxy/validation.sh
@@ -0,0 +1,64 @@
+#!/bin/bash
+source ../common.sh
+echo SCENARIO-http-tcplb
+$hexec l3ep1 node ../common/tcp_server.js server1 &
+$hexec l3ep2 node ../common/tcp_server.js server2 &
+$hexec l3ep3 node ../common/tcp_server.js server3 &
+
+sleep 5
+code=0
+servIP=( "10.10.10.254" )
+servArr=( "server1" "server2" "server3" )
+ep=( "31.31.31.1" "32.32.32.1" "33.33.33.1" )
+j=0
+waitCount=0
+while [ $j -le 2 ]
+do
+ res=$($hexec l3h1 curl --max-time 10 -s ${ep[j]}:8080)
+ #echo $res
+ if [[ $res == "${servArr[j]}" ]]
+ then
+ echo "$res UP"
+ j=$(( $j + 1 ))
+ else
+ echo "Waiting for ${servArr[j]}(${ep[j]})"
+ waitCount=$(( $waitCount + 1 ))
+ if [[ $waitCount == 10 ]];
+ then
+ echo "All Servers are not UP"
+ echo SCENARIO-http-tcplb [FAILED]
+ sudo killall -9 node 2>&1 > /dev/null
+ exit 1
+ fi
+ fi
+ sleep 1
+done
+
+for k in {0..0}
+do
+echo "Testing Service IP: ${servIP[k]}"
+lcode=0
+for i in {1..4}
+do
+for j in {0..2}
+do
+ res=$($hexec l3h1 curl --max-time 10 -s http://${servIP[k]}:2020)
+ echo $res
+ if [[ $res != "${servArr[j]}" ]]
+ then
+ lcode=1
+ fi
+ sleep 1
+done
+done
+if [[ $lcode == 0 ]]
+then
+ echo SCENARIO-http-tcplb with ${servIP[k]} [OK]
+else
+ echo SCENARIO-http-tcplb with ${servIP[k]} [FAILED]
+ code=1
+fi
+done
+
+sudo killall -9 node 2>&1 > /dev/null
+exit $code
diff --git a/cicd/httpshostproxy/config.sh b/cicd/httpshostproxy/config.sh
new file mode 100755
index 00000000..192e9058
--- /dev/null
+++ b/cicd/httpshostproxy/config.sh
@@ -0,0 +1,45 @@
+#!/bin/bash
+
+source ../common.sh
+
+echo "#########################################"
+echo "Spawning all hosts"
+echo "#########################################"
+
+spawn_docker_host --dock-type loxilb --dock-name llb1 --extra-args "--proxyonlymode"
+spawn_docker_host --dock-type host --dock-name l3h1
+spawn_docker_host --dock-type host --dock-name l3ep1
+spawn_docker_host --dock-type host --dock-name l3ep2
+spawn_docker_host --dock-type host --dock-name l3ep3
+
+echo "#########################################"
+echo "Connecting and configuring hosts"
+echo "#########################################"
+
+
+connect_docker_hosts l3h1 llb1
+connect_docker_hosts l3ep1 llb1
+connect_docker_hosts l3ep2 llb1
+connect_docker_hosts l3ep3 llb1
+
+sleep 5
+
+#L3 config
+config_docker_host --host1 l3h1 --host2 llb1 --ptype phy --addr 10.10.10.1/24 --gw 10.10.10.254
+config_docker_host --host1 l3ep1 --host2 llb1 --ptype phy --addr 31.31.31.1/24 --gw 31.31.31.254
+config_docker_host --host1 l3ep2 --host2 llb1 --ptype phy --addr 32.32.32.1/24 --gw 32.32.32.254
+config_docker_host --host1 l3ep3 --host2 llb1 --ptype phy --addr 33.33.33.1/24 --gw 33.33.33.254
+config_docker_host --host1 llb1 --host2 l3h1 --ptype phy --addr 10.10.10.254/24
+config_docker_host --host1 llb1 --host2 l3ep1 --ptype phy --addr 31.31.31.254/24
+config_docker_host --host1 llb1 --host2 l3ep2 --ptype phy --addr 32.32.32.254/24
+config_docker_host --host1 llb1 --host2 l3ep3 --ptype phy --addr 33.33.33.254/24
+
+$dexec llb1 ip addr add 10.10.10.3/32 dev lo
+./minica -ip-addresses 10.10.10.254
+
+docker cp minica.pem llb1:/opt/loxilb/cert/rootCA.crt
+docker cp 10.10.10.254/cert.pem llb1:/opt/loxilb/cert/server.crt
+docker cp 10.10.10.254/key.pem llb1:/opt/loxilb/cert/server.key
+
+sleep 5
+create_lb_rule llb1 10.10.10.254 --tcp=2020:8080 --endpoints=31.31.31.1:1,32.32.32.1:1,33.33.33.1:1 --mode=fullproxy --security=https --host=loxilb.io
diff --git a/cicd/httpshostproxy/minica b/cicd/httpshostproxy/minica
new file mode 100755
index 00000000..a152b166
Binary files /dev/null and b/cicd/httpshostproxy/minica differ
diff --git a/cicd/httpshostproxy/rmconfig.sh b/cicd/httpshostproxy/rmconfig.sh
new file mode 100755
index 00000000..9ea80577
--- /dev/null
+++ b/cicd/httpshostproxy/rmconfig.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+source ../common.sh
+
+disconnect_docker_hosts l3h1 llb1
+disconnect_docker_hosts l3ep1 llb1
+disconnect_docker_hosts l3ep2 llb1
+disconnect_docker_hosts l3ep3 llb1
+
+delete_docker_host llb1
+delete_docker_host l3h1
+delete_docker_host l3ep1
+delete_docker_host l3ep2
+delete_docker_host l3ep3
+
+echo "#########################################"
+echo "Deleted testbed"
+echo "#########################################"
diff --git a/cicd/httpshostproxy/validation.sh b/cicd/httpshostproxy/validation.sh
new file mode 100755
index 00000000..199d80d2
--- /dev/null
+++ b/cicd/httpshostproxy/validation.sh
@@ -0,0 +1,64 @@
+#!/bin/bash
+source ../common.sh
+echo SCENARIO-https-tcplb
+$hexec l3ep1 node ../common/tcp_server.js server1 &
+$hexec l3ep2 node ../common/tcp_server.js server2 &
+$hexec l3ep3 node ../common/tcp_server.js server3 &
+
+sleep 5
+code=0
+servIP=( "10.10.10.254" )
+servArr=( "server1" "server2" "server3" )
+ep=( "31.31.31.1" "32.32.32.1" "33.33.33.1" )
+j=0
+waitCount=0
+while [ $j -le 2 ]
+do
+ res=$($hexec l3h1 curl --max-time 10 -s ${ep[j]}:8080)
+ #echo $res
+ if [[ $res == "${servArr[j]}" ]]
+ then
+ echo "$res UP"
+ j=$(( $j + 1 ))
+ else
+ echo "Waiting for ${servArr[j]}(${ep[j]})"
+ waitCount=$(( $waitCount + 1 ))
+ if [[ $waitCount == 10 ]];
+ then
+ echo "All Servers are not UP"
+ echo SCENARIO-tcplb [FAILED]
+ sudo killall -9 node 2>&1 > /dev/null
+ exit 1
+ fi
+ fi
+ sleep 1
+done
+
+for k in {0..0}
+do
+echo "Testing Service IP: ${servIP[k]}"
+lcode=0
+for i in {1..4}
+do
+for j in {0..2}
+do
+ res=$($hexec l3h1 curl --max-time 10 -H "Application/json" -H "Content-type: application/json" -H "HOST: loxilb.io" --insecure -s https://${servIP[k]}:2020)
+ echo $res
+ if [[ $res != "${servArr[j]}" ]]
+ then
+ lcode=1
+ fi
+ sleep 1
+done
+done
+if [[ $lcode == 0 ]]
+then
+ echo SCENARIO-https-tcplb with ${servIP[k]} [OK]
+else
+ echo SCENARIO-https-tcplb with ${servIP[k]} [FAILED]
+ code=1
+fi
+done
+
+sudo killall -9 node 2>&1 > /dev/null
+exit $code
diff --git a/cicd/httpsproxy/config.sh b/cicd/httpsproxy/config.sh
index 0d3ce4b2..b0b60342 100755
--- a/cicd/httpsproxy/config.sh
+++ b/cicd/httpsproxy/config.sh
@@ -6,7 +6,7 @@ echo "#########################################"
echo "Spawning all hosts"
echo "#########################################"
-spawn_docker_host --dock-type loxilb --dock-name llb1
+spawn_docker_host --dock-type loxilb --dock-name llb1 --extra-args "--proxyonlymode"
spawn_docker_host --dock-type host --dock-name l3h1
spawn_docker_host --dock-type host --dock-name l3ep1
spawn_docker_host --dock-type host --dock-name l3ep2
diff --git a/cicd/ipsec-e2e/config.sh b/cicd/ipsec-e2e/config.sh
new file mode 100755
index 00000000..4994d916
--- /dev/null
+++ b/cicd/ipsec-e2e/config.sh
@@ -0,0 +1,149 @@
+#!/bin/bash
+source ../common.sh
+
+echo "#########################################"
+echo "Spawning all hosts"
+echo "#########################################"
+
+spawn_docker_host --dock-type loxilb --dock-name lgw1
+spawn_docker_host --dock-type loxilb --dock-name llb1
+spawn_docker_host --dock-type loxilb --dock-name rgw1
+spawn_docker_host --dock-type loxilb --dock-name rgw2
+spawn_docker_host --dock-type host --dock-name lh1
+spawn_docker_host --dock-type host --dock-name rh1
+spawn_docker_host --dock-type host --dock-name rh2
+
+$dexec lgw1 bash -c "apt-get update && apt-get install -y iputils-ping curl"
+$dexec llb1 bash -c "apt-get update && apt-get install -y iputils-ping curl"
+$dexec rgw1 bash -c "apt-get update && apt-get install -y iputils-ping curl"
+$dexec rgw2 bash -c "apt-get update && apt-get install -y iputils-ping curl"
+
+echo "#########################################"
+echo "Connecting and configuring hosts"
+echo "#########################################"
+
+connect_docker_hosts lh1 lgw1
+connect_docker_hosts lgw1 llb1
+connect_docker_hosts llb1 rgw1
+connect_docker_hosts llb1 rgw2
+connect_docker_hosts rh1 rgw1
+connect_docker_hosts rh2 rgw2
+
+config_docker_host --host1 lh1 --host2 lgw1 --ptype phy --addr 192.168.10.175/24 --gw 192.168.10.1
+config_docker_host --host1 lgw1 --host2 lh1 --ptype phy --addr 192.168.10.1/24
+config_docker_host --host1 lgw1 --host2 llb1 --ptype phy --addr 7.7.7.1/24
+config_docker_host --host1 llb1 --host2 lgw1 --ptype phy --addr 7.7.7.254/24
+
+#Tunnel 1
+#xfrm Config(Left)
+$dexec lgw1 ip link add vti100 type vti key 100 remote 7.7.7.254 local 7.7.7.1
+$dexec lgw1 ip link set vti100 up
+$dexec lgw1 ip addr add 77.77.77.1/24 remote 77.77.77.254/24 dev vti100
+$dexec lgw1 sysctl -w "net.ipv4.conf.vti100.disable_policy=1"
+$dexec lgw1 sysctl -w "net.ipv4.conf.elgw1lh1.proxy_arp=1"
+
+$dexec lgw1 ip route add 192.168.10.200/32 via 77.77.77.254
+
+#xfrm Config(Right)
+$dexec llb1 ip link add vti100 type vti key 100 remote 7.7.7.1 local 7.7.7.254
+$dexec llb1 ip link set vti100 up
+$dexec llb1 ip addr add 77.77.77.254/24 remote 77.77.77.1/24 dev vti100
+$dexec llb1 sysctl -w "net.ipv4.conf.vti100.disable_policy=1"
+#$dexec llb1 sysctl -w "net.ipv4.conf.ellb1lgw1.proxy_arp=1"
+
+$dexec llb1 ip addr add 192.168.10.200/32 dev lo
+$dexec llb1 ip route add 192.168.10.175/32 via 77.77.77.1 dev vti100
+$dexec llb1 loxicmd create lb 192.168.10.200 --tcp=2020:8080 --endpoints=192.168.10.10:1,192.168.10.11:1 --mode=fullnat
+$dexec llb1 loxicmd create ep 192.168.10.10 --name=192.168.10.10_tcp_2020 --probetype=none
+$dexec llb1 loxicmd create ep 192.168.10.11 --name=192.168.10.11_tcp_2020 --probetype=none
+
+#Route towards Host(lh1)
+$dexec llb1 ip route add 192.168.10.175/32 via 77.77.77.1 dev vti100
+
+
+
+create_docker_host_vlan --host1 llb1 --host2 rgw1 --id 1000 --ptype untagged
+create_docker_host_vlan --host1 llb1 --host2 rgw2 --id 1000 --ptype untagged
+
+config_docker_host --host1 rgw1 --host2 llb1 --ptype phy --addr 8.7.7.1/24
+config_docker_host --host1 rgw2 --host2 llb1 --ptype phy --addr 8.7.7.2/24
+
+config_docker_host --host1 llb1 --host2 rgw1 --ptype vlan --id 1000 --addr 8.7.7.254/24
+
+#Tunnel-2
+
+#xfrm Config(Right)
+$dexec llb1 ip link add vti200 type vti key 200 remote 8.7.7.1 local 8.7.7.254
+$dexec llb1 ip link set vti200 up
+$dexec llb1 ip addr add 8.7.200.254/24 remote 8.7.200.1/24 dev vti200
+$dexec llb1 sysctl -w "net.ipv4.conf.vti200.disable_policy=1"
+
+#Route towards EP(rh1)
+$dexec llb1 ip route add 192.168.10.10/32 via 8.7.200.1 dev vti200
+
+
+#xfrm Config(Left)
+$dexec rgw1 ip link add vti200 type vti key 200 remote 8.7.7.254 local 8.7.7.1
+$dexec rgw1 ip link set vti200 up
+$dexec rgw1 ip addr add 8.7.200.1/24 remote 8.7.200.254/24 dev vti200
+$dexec rgw1 sysctl -w "net.ipv4.conf.vti200.disable_policy=1"
+$dexec rgw1 sysctl -w "net.ipv4.conf.ergw1rh1.proxy_arp=1"
+#Route towards llb1
+$dexec rgw1 ip route add 192.168.10.200/32 via 8.7.200.254
+
+
+#Tunnel-3
+
+#xfrm Config(Right)
+$dexec llb1 ip link add vti201 type vti key 201 remote 8.7.7.2 local 8.7.7.254
+$dexec llb1 ip link set vti201 up
+$dexec llb1 ip addr add 8.7.201.254/24 remote 8.7.201.1/24 dev vti201
+$dexec llb1 sysctl -w "net.ipv4.conf.vti201.disable_policy=1"
+
+#Route towards EP(rh2)
+$dexec llb1 ip route add 192.168.10.11/32 via 8.7.201.1 dev vti201
+
+$dexec rgw2 ip link add vti201 type vti key 201 remote 8.7.7.254 local 8.7.7.2
+$dexec rgw2 ip link set vti201 up
+$dexec rgw2 ip addr add 8.7.201.1/24 remote 8.7.201.254/24 dev vti201
+$dexec rgw2 sysctl -w "net.ipv4.conf.vti201.disable_policy=1"
+$dexec rgw2 sysctl -w "net.ipv4.conf.ergw2rh2.proxy_arp=1"
+#Route towards llb1
+$dexec rgw2 ip route add 192.168.10.200/32 via 8.7.201.254
+
+
+
+config_docker_host --host1 rgw1 --host2 rh1 --ptype phy --addr 192.168.10.2/24
+config_docker_host --host1 rh1 --host2 rgw1 --ptype phy --addr 192.168.10.10/24 --gw 192.168.10.2
+
+config_docker_host --host1 rgw2 --host2 rh2 --ptype phy --addr 192.168.10.3/24
+config_docker_host --host1 rh2 --host2 rgw2 --ptype phy --addr 192.168.10.11/24 --gw 192.168.10.3
+
+#$dexec lgw1 apt-get update
+$dexec lgw1 apt-get install -y iptables strongswan strongswan-swanctl systemctl
+docker cp lgw1_ipsec_config/ipsec.conf lgw1:/etc/
+docker cp lgw1_ipsec_config/ipsec.secrets lgw1:/etc/
+docker cp lgw1_ipsec_config/charon.conf lgw1:/etc/strongswan.d/
+$dexec lgw1 systemctl restart strongswan-starter
+
+#$dexec llb1 apt-get update
+$dexec llb1 apt-get install -y strongswan strongswan-swanctl systemctl
+docker cp llb1_ipsec_config/ipsec.conf llb1:/etc/
+docker cp llb1_ipsec_config/ipsec.secrets llb1:/etc/
+docker cp llb1_ipsec_config/charon.conf llb1:/etc/strongswan.d/
+$dexec llb1 systemctl restart strongswan-starter
+
+#$dexec rgw1 apt-get update
+$dexec rgw1 apt-get install -y iptables strongswan strongswan-swanctl systemctl
+docker cp rgw1_ipsec_config/ipsec.conf rgw1:/etc/
+docker cp rgw1_ipsec_config/ipsec.secrets rgw1:/etc/
+docker cp rgw1_ipsec_config/charon.conf rgw1:/etc/strongswan.d/
+$dexec rgw1 systemctl restart strongswan-starter
+
+#$dexec rgw2 apt-get update
+$dexec rgw2 apt-get install -y iptables strongswan strongswan-swanctl systemctl
+docker cp rgw2_ipsec_config/ipsec.conf rgw2:/etc/
+docker cp rgw2_ipsec_config/ipsec.secrets rgw2:/etc/
+docker cp rgw2_ipsec_config/charon.conf rgw2:/etc/strongswan.d/
+$dexec rgw2 systemctl restart strongswan-starter
+
diff --git a/cicd/ipsec-e2e/lgw1_ipsec_config/charon.conf b/cicd/ipsec-e2e/lgw1_ipsec_config/charon.conf
new file mode 100644
index 00000000..926ae24a
--- /dev/null
+++ b/cicd/ipsec-e2e/lgw1_ipsec_config/charon.conf
@@ -0,0 +1,376 @@
+# Options for the charon IKE daemon.
+charon {
+
+ # Accept unencrypted ID and HASH payloads in IKEv1 Main Mode.
+ # accept_unencrypted_mainmode_messages = no
+
+ # Maximum number of half-open IKE_SAs for a single peer IP.
+ # block_threshold = 5
+
+ # Whether Certificate Revocation Lists (CRLs) fetched via HTTP or LDAP
+ # should be saved under a unique file name derived from the public key of
+ # the Certification Authority (CA) to /etc/ipsec.d/crls (stroke) or
+ # /etc/swanctl/x509crl (vici), respectively.
+ # cache_crls = no
+
+ # Whether relations in validated certificate chains should be cached in
+ # memory.
+ # cert_cache = yes
+
+ # Send Cisco Unity vendor ID payload (IKEv1 only).
+ # cisco_unity = no
+
+ # Close the IKE_SA if setup of the CHILD_SA along with IKE_AUTH failed.
+ # close_ike_on_child_failure = no
+
+ # Number of half-open IKE_SAs that activate the cookie mechanism.
+ # cookie_threshold = 10
+
+ # Delete CHILD_SAs right after they got successfully rekeyed (IKEv1 only).
+ # delete_rekeyed = no
+
+ # Delay in seconds until inbound IPsec SAs are deleted after rekeyings
+ # (IKEv2 only).
+ # delete_rekeyed_delay = 5
+
+ # Use ANSI X9.42 DH exponent size or optimum size matched to cryptographic
+ # strength.
+ # dh_exponent_ansi_x9_42 = yes
+
+ # Use RTLD_NOW with dlopen when loading plugins and IMV/IMCs to reveal
+ # missing symbols immediately.
+ # dlopen_use_rtld_now = no
+
+ # DNS server assigned to peer via configuration payload (CP).
+ # dns1 =
+
+ # DNS server assigned to peer via configuration payload (CP).
+ # dns2 =
+
+ # Enable Denial of Service protection using cookies and aggressiveness
+ # checks.
+ # dos_protection = yes
+
+ # Compliance with the errata for RFC 4753.
+ # ecp_x_coordinate_only = yes
+
+ # Free objects during authentication (might conflict with plugins).
+ # flush_auth_cfg = no
+
+ # Whether to follow IKEv2 redirects (RFC 5685).
+ # follow_redirects = yes
+
+ # Maximum size (complete IP datagram size in bytes) of a sent IKE fragment
+ # when using proprietary IKEv1 or standardized IKEv2 fragmentation, defaults
+ # to 1280 (use 0 for address family specific default values, which uses a
+ # lower value for IPv4). If specified this limit is used for both IPv4 and
+ # IPv6.
+ # fragment_size = 1280
+
+ # Name of the group the daemon changes to after startup.
+ # group =
+
+ # Timeout in seconds for connecting IKE_SAs (also see IKE_SA_INIT DROPPING).
+ # half_open_timeout = 30
+
+ # Enable hash and URL support.
+ # hash_and_url = no
+
+ # Allow IKEv1 Aggressive Mode with pre-shared keys as responder.
+ # i_dont_care_about_security_and_use_aggressive_mode_psk = no
+
+ # Whether to ignore the traffic selectors from the kernel's acquire events
+ # for IKEv2 connections (they are not used for IKEv1).
+ # ignore_acquire_ts = no
+
+ # A space-separated list of routing tables to be excluded from route
+ # lookups.
+ # ignore_routing_tables =
+
+ # Maximum number of IKE_SAs that can be established at the same time before
+ # new connection attempts are blocked.
+ # ikesa_limit = 0
+
+ # Number of exclusively locked segments in the hash table.
+ # ikesa_table_segments = 1
+
+ # Size of the IKE_SA hash table.
+ # ikesa_table_size = 1
+
+ # Whether to close IKE_SA if the only CHILD_SA closed due to inactivity.
+ # inactivity_close_ike = no
+
+ # Limit new connections based on the current number of half open IKE_SAs,
+ # see IKE_SA_INIT DROPPING in strongswan.conf(5).
+ # init_limit_half_open = 0
+
+ # Limit new connections based on the number of queued jobs.
+ # init_limit_job_load = 0
+
+ # Causes charon daemon to ignore IKE initiation requests.
+ # initiator_only = no
+
+ # Install routes into a separate routing table for established IPsec
+ # tunnels.
+ install_routes = no
+
+ # Install virtual IP addresses.
+ install_virtual_ip = no
+
+ # The name of the interface on which virtual IP addresses should be
+ # installed.
+ # install_virtual_ip_on =
+
+ # Check daemon, libstrongswan and plugin integrity at startup.
+ # integrity_test = no
+
+ # A comma-separated list of network interfaces that should be ignored, if
+ # interfaces_use is specified this option has no effect.
+ # interfaces_ignore =
+
+ # A comma-separated list of network interfaces that should be used by
+ # charon. All other interfaces are ignored.
+ # interfaces_use =
+
+ # NAT keep alive interval.
+ # keep_alive = 20s
+
+ # Plugins to load in the IKE daemon charon.
+ # load =
+
+ # Determine plugins to load via each plugin's load option.
+ # load_modular = no
+
+ # Initiate IKEv2 reauthentication with a make-before-break scheme.
+ # make_before_break = no
+
+ # Maximum number of IKEv1 phase 2 exchanges per IKE_SA to keep state about
+ # and track concurrently.
+ # max_ikev1_exchanges = 3
+
+ # Maximum packet size accepted by charon.
+ # max_packet = 10000
+
+ # Enable multiple authentication exchanges (RFC 4739).
+ # multiple_authentication = yes
+
+ # WINS servers assigned to peer via configuration payload (CP).
+ # nbns1 =
+
+ # WINS servers assigned to peer via configuration payload (CP).
+ # nbns2 =
+
+ # UDP port used locally. If set to 0 a random port will be allocated.
+ # port = 500
+
+ # UDP port used locally in case of NAT-T. If set to 0 a random port will be
+ # allocated. Has to be different from charon.port, otherwise a random port
+ # will be allocated.
+ # port_nat_t = 4500
+
+ # Whether to prefer updating SAs to the path with the best route.
+ # prefer_best_path = no
+
+ # Prefer locally configured proposals for IKE/IPsec over supplied ones as
+ # responder (disabling this can avoid keying retries due to
+ # INVALID_KE_PAYLOAD notifies).
+ # prefer_configured_proposals = yes
+
+ # Controls whether permanent or temporary IPv6 addresses are used as source,
+ # or announced as additional addresses if MOBIKE is used.
+ # prefer_temporary_addrs = no
+
+ # Process RTM_NEWROUTE and RTM_DELROUTE events.
+ # process_route = yes
+
+ # How RDNs in subject DNs of certificates are matched against configured
+ # identities (strict, reordered, or relaxed).
+ # rdn_matching = strict
+
+ # Delay in ms for receiving packets, to simulate larger RTT.
+ # receive_delay = 0
+
+ # Delay request messages.
+ # receive_delay_request = yes
+
+ # Delay response messages.
+ # receive_delay_response = yes
+
+ # Specific IKEv2 message type to delay, 0 for any.
+ # receive_delay_type = 0
+
+ # Size of the AH/ESP replay window, in packets.
+ # replay_window = 32
+
+ # Base to use for calculating exponential back off, see IKEv2 RETRANSMISSION
+ # in strongswan.conf(5).
+ # retransmit_base = 1.8
+
+ # Maximum jitter in percent to apply randomly to calculated retransmission
+ # timeout (0 to disable).
+ # retransmit_jitter = 0
+
+ # Upper limit in seconds for calculated retransmission timeout (0 to
+ # disable).
+ # retransmit_limit = 0
+
+ # Timeout in seconds before sending first retransmit.
+ # retransmit_timeout = 4.0
+
+ # Number of times to retransmit a packet before giving up.
+ # retransmit_tries = 5
+
+ # Interval in seconds to use when retrying to initiate an IKE_SA (e.g. if
+ # DNS resolution failed), 0 to disable retries.
+ # retry_initiate_interval = 0
+
+ # Initiate CHILD_SA within existing IKE_SAs (always enabled for IKEv1).
+ # reuse_ikesa = yes
+
+ # Numerical routing table to install routes to.
+ # routing_table =
+
+ # Priority of the routing table.
+ # routing_table_prio =
+
+ # Whether to use RSA with PSS padding instead of PKCS#1 padding by default.
+ # rsa_pss = no
+
+ # Delay in ms for sending packets, to simulate larger RTT.
+ # send_delay = 0
+
+ # Delay request messages.
+ # send_delay_request = yes
+
+ # Delay response messages.
+ # send_delay_response = yes
+
+ # Specific IKEv2 message type to delay, 0 for any.
+ # send_delay_type = 0
+
+ # Send strongSwan vendor ID payload
+ # send_vendor_id = no
+
+ # Whether to enable Signature Authentication as per RFC 7427.
+ # signature_authentication = yes
+
+ # Whether to enable constraints against IKEv2 signature schemes.
+ # signature_authentication_constraints = yes
+
+ # Value mixed into the local IKE SPIs after applying spi_mask.
+ # spi_label = 0x0000000000000000
+
+ # Mask applied to local IKE SPIs before mixing in spi_label (bits set will
+ # be replaced with spi_label).
+ # spi_mask = 0x0000000000000000
+
+ # The upper limit for SPIs requested from the kernel for IPsec SAs.
+ # spi_max = 0xcfffffff
+
+ # The lower limit for SPIs requested from the kernel for IPsec SAs.
+ # spi_min = 0xc0000000
+
+ # Number of worker threads in charon.
+ # threads = 16
+
+ # Name of the user the daemon changes to after startup.
+ # user =
+
+ crypto_test {
+
+ # Benchmark crypto algorithms and order them by efficiency.
+ # bench = no
+
+ # Buffer size used for crypto benchmark.
+ # bench_size = 1024
+
+ # Time in ms during which crypto algorithm performance is measured.
+ # bench_time = 50
+
+ # Test crypto algorithms during registration (requires test vectors
+ # provided by the test-vectors plugin).
+ # on_add = no
+
+ # Test crypto algorithms on each crypto primitive instantiation.
+ # on_create = no
+
+ # Strictly require at least one test vector to enable an algorithm.
+ # required = no
+
+ # Whether to test RNG with TRUE quality; requires a lot of entropy.
+ # rng_true = no
+
+ }
+
+ host_resolver {
+
+ # Maximum number of concurrent resolver threads (they are terminated if
+ # unused).
+ # max_threads = 3
+
+ # Minimum number of resolver threads to keep around.
+ # min_threads = 0
+
+ }
+
+ leak_detective {
+
+ # Includes source file names and line numbers in leak detective output.
+ # detailed = yes
+
+ # Threshold in bytes for leaks to be reported (0 to report all).
+ # usage_threshold = 10240
+
+ # Threshold in number of allocations for leaks to be reported (0 to
+ # report all).
+ # usage_threshold_count = 0
+
+ }
+
+ processor {
+
+ # Section to configure the number of reserved threads per priority class
+ # see JOB PRIORITY MANAGEMENT in strongswan.conf(5).
+ priority_threads {
+
+ }
+
+ }
+
+ # Section containing a list of scripts (name = path) that are executed when
+ # the daemon is started.
+ start-scripts {
+
+ }
+
+ # Section containing a list of scripts (name = path) that are executed when
+ # the daemon is terminated.
+ stop-scripts {
+
+ }
+
+ tls {
+
+ # List of TLS encryption ciphers.
+ # cipher =
+
+ # List of TLS key exchange methods.
+ # key_exchange =
+
+ # List of TLS MAC algorithms.
+ # mac =
+
+ # List of TLS cipher suites.
+ # suites =
+
+ }
+
+ x509 {
+
+ # Discard certificates with unsupported or unknown critical extensions.
+ # enforce_critical = yes
+
+ }
+
+}
+
diff --git a/cicd/ipsec-e2e/lgw1_ipsec_config/ipsec.conf b/cicd/ipsec-e2e/lgw1_ipsec_config/ipsec.conf
new file mode 100644
index 00000000..c1314eb9
--- /dev/null
+++ b/cicd/ipsec-e2e/lgw1_ipsec_config/ipsec.conf
@@ -0,0 +1,78 @@
+#@ /etc/strongswan/ipsec.conf (Centos) or /etc/ipsec.conf (Ubuntu)
+
+# ipsec.conf - strongSwan IPsec configuration file
+
+# basic configuration
+
+config setup
+ charondebug="cfg 2, ike 3"
+# strictcrlpolicy=yes
+# uniqueids = no
+
+# Add connections here.
+
+# Sample VPN connections
+
+#conn sample-self-signed
+# leftsubnet=10.1.0.0/16
+# leftcert=selfCert.der
+# leftsendcert=never
+# right=192.168.0.2
+# rightsubnet=10.2.0.0/16
+# rightcert=peerCert.der
+# auto=start
+
+#conn sample-with-ca-cert
+# leftsubnet=10.1.0.0/16
+# leftcert=myCert.pem
+# right=192.168.0.2
+# rightsubnet=10.2.0.0/16
+# rightid="C=CH, O=Linux strongSwan CN=peer name"
+# auto=start
+
+
+conn default
+ leftauth=psk
+ rightauth=psk
+ # Encryption Algorithm : aes-128-cbc
+ # Authentication Algorithm : sha1
+ # Perfect Forward Secrecy : Diffie-Hellman Group 2
+ ike=aes256-sha256-modp2048s256,aes128-sha1-modp1024!
+ # Lifetime : 28800 seconds
+ ikelifetime=28800s
+ # Phase 1 Negotiation Mode : main
+ aggressive=no
+ # Protocol : esp
+ # Encryption Algorithm : aes-128-cbc
+ # Authentication Algorithm : hmac-sha1-96
+ # Perfect Forward Secrecy : Diffie-Hellman Group 2
+ esp=aes128-sha256-modp2048s256,aes128-sha1-modp1024!
+ # Lifetime : 3600 seconds
+ lifetime=3600s
+ # Mode : tunnel
+ type=tunnel
+ # DPD Interval : 10
+ dpddelay=10s
+ # DPD Retries : 3
+ dpdtimeout=30s
+ # Tuning Parameters for AWS Virtual Private Gateway:
+ keyexchange=ikev2
+ #keyingtries=%forever
+ rekey=yes
+ reauth=no
+ dpdaction=restart
+ closeaction=restart
+ #left=%defaultroute
+ #leftsubnet=0.0.0.0/0,::/0
+ #rightsubnet=0.0.0.0/0,::/0
+ leftsubnet=192.168.10.175
+ rightsubnet=192.168.10.200
+ #leftupdown=/etc/strongswan/ipsec-vti.sh
+ left=7.7.7.1
+ right=7.7.7.254
+ installpolicy=yes
+ compress=no
+ mobike=no
+ #VTI Key
+ mark=100
+ auto=start
diff --git a/cicd/ipsec-e2e/lgw1_ipsec_config/ipsec.secrets b/cicd/ipsec-e2e/lgw1_ipsec_config/ipsec.secrets
new file mode 100644
index 00000000..318cc964
--- /dev/null
+++ b/cicd/ipsec-e2e/lgw1_ipsec_config/ipsec.secrets
@@ -0,0 +1,3 @@
+#@ /etc/strongswan/ipsec.secrets (Centos) or /etc/ipsec.secrets (Ubuntu)
+
+7.7.7.1 7.7.7.254 : PSK "loxilb@1234!"
diff --git a/cicd/ipsec-e2e/llb1_ipsec_config/charon.conf b/cicd/ipsec-e2e/llb1_ipsec_config/charon.conf
new file mode 100644
index 00000000..926ae24a
--- /dev/null
+++ b/cicd/ipsec-e2e/llb1_ipsec_config/charon.conf
@@ -0,0 +1,376 @@
+# Options for the charon IKE daemon.
+charon {
+
+ # Accept unencrypted ID and HASH payloads in IKEv1 Main Mode.
+ # accept_unencrypted_mainmode_messages = no
+
+ # Maximum number of half-open IKE_SAs for a single peer IP.
+ # block_threshold = 5
+
+ # Whether Certificate Revocation Lists (CRLs) fetched via HTTP or LDAP
+ # should be saved under a unique file name derived from the public key of
+ # the Certification Authority (CA) to /etc/ipsec.d/crls (stroke) or
+ # /etc/swanctl/x509crl (vici), respectively.
+ # cache_crls = no
+
+ # Whether relations in validated certificate chains should be cached in
+ # memory.
+ # cert_cache = yes
+
+ # Send Cisco Unity vendor ID payload (IKEv1 only).
+ # cisco_unity = no
+
+ # Close the IKE_SA if setup of the CHILD_SA along with IKE_AUTH failed.
+ # close_ike_on_child_failure = no
+
+ # Number of half-open IKE_SAs that activate the cookie mechanism.
+ # cookie_threshold = 10
+
+ # Delete CHILD_SAs right after they got successfully rekeyed (IKEv1 only).
+ # delete_rekeyed = no
+
+ # Delay in seconds until inbound IPsec SAs are deleted after rekeyings
+ # (IKEv2 only).
+ # delete_rekeyed_delay = 5
+
+ # Use ANSI X9.42 DH exponent size or optimum size matched to cryptographic
+ # strength.
+ # dh_exponent_ansi_x9_42 = yes
+
+ # Use RTLD_NOW with dlopen when loading plugins and IMV/IMCs to reveal
+ # missing symbols immediately.
+ # dlopen_use_rtld_now = no
+
+ # DNS server assigned to peer via configuration payload (CP).
+ # dns1 =
+
+ # DNS server assigned to peer via configuration payload (CP).
+ # dns2 =
+
+ # Enable Denial of Service protection using cookies and aggressiveness
+ # checks.
+ # dos_protection = yes
+
+ # Compliance with the errata for RFC 4753.
+ # ecp_x_coordinate_only = yes
+
+ # Free objects during authentication (might conflict with plugins).
+ # flush_auth_cfg = no
+
+ # Whether to follow IKEv2 redirects (RFC 5685).
+ # follow_redirects = yes
+
+ # Maximum size (complete IP datagram size in bytes) of a sent IKE fragment
+ # when using proprietary IKEv1 or standardized IKEv2 fragmentation, defaults
+ # to 1280 (use 0 for address family specific default values, which uses a
+ # lower value for IPv4). If specified this limit is used for both IPv4 and
+ # IPv6.
+ # fragment_size = 1280
+
+ # Name of the group the daemon changes to after startup.
+ # group =
+
+ # Timeout in seconds for connecting IKE_SAs (also see IKE_SA_INIT DROPPING).
+ # half_open_timeout = 30
+
+ # Enable hash and URL support.
+ # hash_and_url = no
+
+ # Allow IKEv1 Aggressive Mode with pre-shared keys as responder.
+ # i_dont_care_about_security_and_use_aggressive_mode_psk = no
+
+ # Whether to ignore the traffic selectors from the kernel's acquire events
+ # for IKEv2 connections (they are not used for IKEv1).
+ # ignore_acquire_ts = no
+
+ # A space-separated list of routing tables to be excluded from route
+ # lookups.
+ # ignore_routing_tables =
+
+ # Maximum number of IKE_SAs that can be established at the same time before
+ # new connection attempts are blocked.
+ # ikesa_limit = 0
+
+ # Number of exclusively locked segments in the hash table.
+ # ikesa_table_segments = 1
+
+ # Size of the IKE_SA hash table.
+ # ikesa_table_size = 1
+
+ # Whether to close IKE_SA if the only CHILD_SA closed due to inactivity.
+ # inactivity_close_ike = no
+
+ # Limit new connections based on the current number of half open IKE_SAs,
+ # see IKE_SA_INIT DROPPING in strongswan.conf(5).
+ # init_limit_half_open = 0
+
+ # Limit new connections based on the number of queued jobs.
+ # init_limit_job_load = 0
+
+ # Causes charon daemon to ignore IKE initiation requests.
+ # initiator_only = no
+
+ # Install routes into a separate routing table for established IPsec
+ # tunnels.
+ install_routes = no
+
+ # Install virtual IP addresses.
+ install_virtual_ip = no
+
+ # The name of the interface on which virtual IP addresses should be
+ # installed.
+ # install_virtual_ip_on =
+
+ # Check daemon, libstrongswan and plugin integrity at startup.
+ # integrity_test = no
+
+ # A comma-separated list of network interfaces that should be ignored, if
+ # interfaces_use is specified this option has no effect.
+ # interfaces_ignore =
+
+ # A comma-separated list of network interfaces that should be used by
+ # charon. All other interfaces are ignored.
+ # interfaces_use =
+
+ # NAT keep alive interval.
+ # keep_alive = 20s
+
+ # Plugins to load in the IKE daemon charon.
+ # load =
+
+ # Determine plugins to load via each plugin's load option.
+ # load_modular = no
+
+ # Initiate IKEv2 reauthentication with a make-before-break scheme.
+ # make_before_break = no
+
+ # Maximum number of IKEv1 phase 2 exchanges per IKE_SA to keep state about
+ # and track concurrently.
+ # max_ikev1_exchanges = 3
+
+ # Maximum packet size accepted by charon.
+ # max_packet = 10000
+
+ # Enable multiple authentication exchanges (RFC 4739).
+ # multiple_authentication = yes
+
+ # WINS servers assigned to peer via configuration payload (CP).
+ # nbns1 =
+
+ # WINS servers assigned to peer via configuration payload (CP).
+ # nbns2 =
+
+ # UDP port used locally. If set to 0 a random port will be allocated.
+ # port = 500
+
+ # UDP port used locally in case of NAT-T. If set to 0 a random port will be
+ # allocated. Has to be different from charon.port, otherwise a random port
+ # will be allocated.
+ # port_nat_t = 4500
+
+ # Whether to prefer updating SAs to the path with the best route.
+ # prefer_best_path = no
+
+ # Prefer locally configured proposals for IKE/IPsec over supplied ones as
+ # responder (disabling this can avoid keying retries due to
+ # INVALID_KE_PAYLOAD notifies).
+ # prefer_configured_proposals = yes
+
+ # Controls whether permanent or temporary IPv6 addresses are used as source,
+ # or announced as additional addresses if MOBIKE is used.
+ # prefer_temporary_addrs = no
+
+ # Process RTM_NEWROUTE and RTM_DELROUTE events.
+ # process_route = yes
+
+ # How RDNs in subject DNs of certificates are matched against configured
+ # identities (strict, reordered, or relaxed).
+ # rdn_matching = strict
+
+ # Delay in ms for receiving packets, to simulate larger RTT.
+ # receive_delay = 0
+
+ # Delay request messages.
+ # receive_delay_request = yes
+
+ # Delay response messages.
+ # receive_delay_response = yes
+
+ # Specific IKEv2 message type to delay, 0 for any.
+ # receive_delay_type = 0
+
+ # Size of the AH/ESP replay window, in packets.
+ # replay_window = 32
+
+ # Base to use for calculating exponential back off, see IKEv2 RETRANSMISSION
+ # in strongswan.conf(5).
+ # retransmit_base = 1.8
+
+ # Maximum jitter in percent to apply randomly to calculated retransmission
+ # timeout (0 to disable).
+ # retransmit_jitter = 0
+
+ # Upper limit in seconds for calculated retransmission timeout (0 to
+ # disable).
+ # retransmit_limit = 0
+
+ # Timeout in seconds before sending first retransmit.
+ # retransmit_timeout = 4.0
+
+ # Number of times to retransmit a packet before giving up.
+ # retransmit_tries = 5
+
+ # Interval in seconds to use when retrying to initiate an IKE_SA (e.g. if
+ # DNS resolution failed), 0 to disable retries.
+ # retry_initiate_interval = 0
+
+ # Initiate CHILD_SA within existing IKE_SAs (always enabled for IKEv1).
+ # reuse_ikesa = yes
+
+ # Numerical routing table to install routes to.
+ # routing_table =
+
+ # Priority of the routing table.
+ # routing_table_prio =
+
+ # Whether to use RSA with PSS padding instead of PKCS#1 padding by default.
+ # rsa_pss = no
+
+ # Delay in ms for sending packets, to simulate larger RTT.
+ # send_delay = 0
+
+ # Delay request messages.
+ # send_delay_request = yes
+
+ # Delay response messages.
+ # send_delay_response = yes
+
+ # Specific IKEv2 message type to delay, 0 for any.
+ # send_delay_type = 0
+
+ # Send strongSwan vendor ID payload
+ # send_vendor_id = no
+
+ # Whether to enable Signature Authentication as per RFC 7427.
+ # signature_authentication = yes
+
+ # Whether to enable constraints against IKEv2 signature schemes.
+ # signature_authentication_constraints = yes
+
+ # Value mixed into the local IKE SPIs after applying spi_mask.
+ # spi_label = 0x0000000000000000
+
+ # Mask applied to local IKE SPIs before mixing in spi_label (bits set will
+ # be replaced with spi_label).
+ # spi_mask = 0x0000000000000000
+
+ # The upper limit for SPIs requested from the kernel for IPsec SAs.
+ # spi_max = 0xcfffffff
+
+ # The lower limit for SPIs requested from the kernel for IPsec SAs.
+ # spi_min = 0xc0000000
+
+ # Number of worker threads in charon.
+ # threads = 16
+
+ # Name of the user the daemon changes to after startup.
+ # user =
+
+ crypto_test {
+
+ # Benchmark crypto algorithms and order them by efficiency.
+ # bench = no
+
+ # Buffer size used for crypto benchmark.
+ # bench_size = 1024
+
+ # Time in ms during which crypto algorithm performance is measured.
+ # bench_time = 50
+
+ # Test crypto algorithms during registration (requires test vectors
+ # provided by the test-vectors plugin).
+ # on_add = no
+
+ # Test crypto algorithms on each crypto primitive instantiation.
+ # on_create = no
+
+ # Strictly require at least one test vector to enable an algorithm.
+ # required = no
+
+ # Whether to test RNG with TRUE quality; requires a lot of entropy.
+ # rng_true = no
+
+ }
+
+ host_resolver {
+
+ # Maximum number of concurrent resolver threads (they are terminated if
+ # unused).
+ # max_threads = 3
+
+ # Minimum number of resolver threads to keep around.
+ # min_threads = 0
+
+ }
+
+ leak_detective {
+
+ # Includes source file names and line numbers in leak detective output.
+ # detailed = yes
+
+ # Threshold in bytes for leaks to be reported (0 to report all).
+ # usage_threshold = 10240
+
+ # Threshold in number of allocations for leaks to be reported (0 to
+ # report all).
+ # usage_threshold_count = 0
+
+ }
+
+ processor {
+
+ # Section to configure the number of reserved threads per priority class
+ # see JOB PRIORITY MANAGEMENT in strongswan.conf(5).
+ priority_threads {
+
+ }
+
+ }
+
+ # Section containing a list of scripts (name = path) that are executed when
+ # the daemon is started.
+ start-scripts {
+
+ }
+
+ # Section containing a list of scripts (name = path) that are executed when
+ # the daemon is terminated.
+ stop-scripts {
+
+ }
+
+ tls {
+
+ # List of TLS encryption ciphers.
+ # cipher =
+
+ # List of TLS key exchange methods.
+ # key_exchange =
+
+ # List of TLS MAC algorithms.
+ # mac =
+
+ # List of TLS cipher suites.
+ # suites =
+
+ }
+
+ x509 {
+
+ # Discard certificates with unsupported or unknown critical extensions.
+ # enforce_critical = yes
+
+ }
+
+}
+
diff --git a/cicd/ipsec-e2e/llb1_ipsec_config/ipsec.conf b/cicd/ipsec-e2e/llb1_ipsec_config/ipsec.conf
new file mode 100644
index 00000000..785532f9
--- /dev/null
+++ b/cicd/ipsec-e2e/llb1_ipsec_config/ipsec.conf
@@ -0,0 +1,169 @@
+#@ /etc/strongswan/ipsec.conf (Centos) or /etc/ipsec.conf (Ubuntu)
+
+# ipsec.conf - strongSwan IPsec configuration file
+
+# basic configuration
+
+config setup
+ charondebug="cfg 2, ike 3"
+# strictcrlpolicy=yes
+# uniqueids = no
+
+# Add connections here.
+
+# Sample VPN connections
+
+#conn sample-self-signed
+# leftsubnet=10.1.0.0/16
+# leftcert=selfCert.der
+# leftsendcert=never
+# right=192.168.0.2
+# rightsubnet=10.2.0.0/16
+# rightcert=peerCert.der
+# auto=start
+
+#conn sample-with-ca-cert
+# leftsubnet=10.1.0.0/16
+# leftcert=myCert.pem
+# right=192.168.0.2
+# rightsubnet=10.2.0.0/16
+# rightid="C=CH, O=Linux strongSwan CN=peer name"
+# auto=start
+
+conn llb1-to-lgw1
+ leftauth=psk
+ rightauth=psk
+ # Encryption Algorithm : aes-128-cbc
+ # Authentication Algorithm : sha1
+ # Perfect Forward Secrecy : Diffie-Hellman Group 2
+ ike=aes256-sha256-modp2048s256,aes128-sha1-modp1024!
+ # Lifetime : 28800 seconds
+ ikelifetime=28800s
+ # Phase 1 Negotiation Mode : main
+ aggressive=no
+ # Protocol : esp
+ # Encryption Algorithm : aes-128-cbc
+ # Authentication Algorithm : hmac-sha1-96
+ # Perfect Forward Secrecy : Diffie-Hellman Group 2
+ esp=aes128-sha256-modp2048s256,aes128-sha1-modp1024!
+ # Lifetime : 3600 seconds
+ lifetime=3600s
+ # Mode : tunnel
+ type=tunnel
+ # DPD Interval : 10
+ dpddelay=10s
+ # DPD Retries : 3
+ dpdtimeout=30s
+ # Tuning Parameters for AWS Virtual Private Gateway:
+ keyexchange=ikev2
+ #keyingtries=%forever
+ rekey=yes
+ reauth=no
+ dpdaction=restart
+ closeaction=restart
+ #left=%defaultroute
+ #leftsubnet=0.0.0.0/0,::/0
+ #rightsubnet=0.0.0.0/0,::/0
+ leftsubnet=192.168.10.200
+ rightsubnet=192.168.10.175
+ #leftupdown=/etc/strongswan/ipsec-vti.sh
+ left=7.7.7.254
+ right=7.7.7.1
+ installpolicy=yes
+ compress=no
+ mobike=no
+ #VTI Key
+ mark=100
+ auto=start
+
+conn llb1-to-rgw1
+ leftauth=psk
+ rightauth=psk
+ # Encryption Algorithm : aes-128-cbc
+ # Authentication Algorithm : sha1
+ # Perfect Forward Secrecy : Diffie-Hellman Group 2
+ ike=aes256-sha256-modp2048s256,aes128-sha1-modp1024!
+ # Lifetime : 28800 seconds
+ ikelifetime=28800s
+ # Phase 1 Negotiation Mode : main
+ aggressive=no
+ # Protocol : esp
+ # Encryption Algorithm : aes-128-cbc
+ # Authentication Algorithm : hmac-sha1-96
+ # Perfect Forward Secrecy : Diffie-Hellman Group 2
+ esp=aes128-sha256-modp2048s256,aes128-sha1-modp1024!
+ # Lifetime : 3600 seconds
+ lifetime=3600s
+ # Mode : tunnel
+ type=tunnel
+ # DPD Interval : 10
+ dpddelay=10s
+ # DPD Retries : 3
+ dpdtimeout=30s
+ # Tuning Parameters for AWS Virtual Private Gateway:
+ keyexchange=ikev2
+ #keyingtries=%forever
+ rekey=yes
+ reauth=no
+ dpdaction=restart
+ closeaction=restart
+ #left=%defaultroute
+ #leftsubnet=0.0.0.0/0,::/0
+ #rightsubnet=0.0.0.0/0,::/0
+ leftsubnet=192.168.10.200
+ rightsubnet=192.168.10.10
+ #leftupdown=/etc/strongswan/ipsec-vti.sh
+ left=8.7.7.254
+ right=8.7.7.1
+ installpolicy=yes
+ compress=no
+ mobike=no
+ #VTI Key
+ mark=200
+ auto=start
+
+conn llb1-to-rgw2
+ leftauth=psk
+ rightauth=psk
+ # Encryption Algorithm : aes-128-cbc
+ # Authentication Algorithm : sha1
+ # Perfect Forward Secrecy : Diffie-Hellman Group 2
+ ike=aes256-sha256-modp2048s256,aes128-sha1-modp1024!
+ # Lifetime : 28800 seconds
+ ikelifetime=28800s
+ # Phase 1 Negotiation Mode : main
+ aggressive=no
+ # Protocol : esp
+ # Encryption Algorithm : aes-128-cbc
+ # Authentication Algorithm : hmac-sha1-96
+ # Perfect Forward Secrecy : Diffie-Hellman Group 2
+ esp=aes128-sha256-modp2048s256,aes128-sha1-modp1024!
+ # Lifetime : 3600 seconds
+ lifetime=3600s
+ # Mode : tunnel
+ type=tunnel
+ # DPD Interval : 10
+ dpddelay=10s
+ # DPD Retries : 3
+ dpdtimeout=30s
+ # Tuning Parameters for AWS Virtual Private Gateway:
+ keyexchange=ikev2
+ #keyingtries=%forever
+ rekey=yes
+ reauth=no
+ dpdaction=restart
+ closeaction=restart
+ #left=%defaultroute
+ #leftsubnet=0.0.0.0/0,::/0
+ #rightsubnet=0.0.0.0/0,::/0
+ leftsubnet=192.168.10.200
+ rightsubnet=192.168.10.11
+ #leftupdown=/etc/strongswan/ipsec-vti.sh
+ left=8.7.7.254
+ right=8.7.7.2
+ installpolicy=yes
+ compress=no
+ mobike=no
+ #VTI Key
+ mark=201
+ auto=start
diff --git a/cicd/ipsec-e2e/llb1_ipsec_config/ipsec.secrets b/cicd/ipsec-e2e/llb1_ipsec_config/ipsec.secrets
new file mode 100644
index 00000000..ff2e3907
--- /dev/null
+++ b/cicd/ipsec-e2e/llb1_ipsec_config/ipsec.secrets
@@ -0,0 +1,5 @@
+#@ /etc/strongswan/ipsec.secrets (Centos) or /etc/ipsec.secrets (Ubuntu)
+
+7.7.7.254 7.7.7.1 : PSK "loxilb@1234!"
+8.7.7.254 8.7.7.1 : PSK "loxilb@1234!"
+8.7.7.254 8.7.7.2 : PSK "loxilb@1234!"
diff --git a/cicd/ipsec-e2e/rgw1_ipsec_config/charon.conf b/cicd/ipsec-e2e/rgw1_ipsec_config/charon.conf
new file mode 100644
index 00000000..926ae24a
--- /dev/null
+++ b/cicd/ipsec-e2e/rgw1_ipsec_config/charon.conf
@@ -0,0 +1,376 @@
+# Options for the charon IKE daemon.
+charon {
+
+ # Accept unencrypted ID and HASH payloads in IKEv1 Main Mode.
+ # accept_unencrypted_mainmode_messages = no
+
+ # Maximum number of half-open IKE_SAs for a single peer IP.
+ # block_threshold = 5
+
+ # Whether Certificate Revocation Lists (CRLs) fetched via HTTP or LDAP
+ # should be saved under a unique file name derived from the public key of
+ # the Certification Authority (CA) to /etc/ipsec.d/crls (stroke) or
+ # /etc/swanctl/x509crl (vici), respectively.
+ # cache_crls = no
+
+ # Whether relations in validated certificate chains should be cached in
+ # memory.
+ # cert_cache = yes
+
+ # Send Cisco Unity vendor ID payload (IKEv1 only).
+ # cisco_unity = no
+
+ # Close the IKE_SA if setup of the CHILD_SA along with IKE_AUTH failed.
+ # close_ike_on_child_failure = no
+
+ # Number of half-open IKE_SAs that activate the cookie mechanism.
+ # cookie_threshold = 10
+
+ # Delete CHILD_SAs right after they got successfully rekeyed (IKEv1 only).
+ # delete_rekeyed = no
+
+ # Delay in seconds until inbound IPsec SAs are deleted after rekeyings
+ # (IKEv2 only).
+ # delete_rekeyed_delay = 5
+
+ # Use ANSI X9.42 DH exponent size or optimum size matched to cryptographic
+ # strength.
+ # dh_exponent_ansi_x9_42 = yes
+
+ # Use RTLD_NOW with dlopen when loading plugins and IMV/IMCs to reveal
+ # missing symbols immediately.
+ # dlopen_use_rtld_now = no
+
+ # DNS server assigned to peer via configuration payload (CP).
+ # dns1 =
+
+ # DNS server assigned to peer via configuration payload (CP).
+ # dns2 =
+
+ # Enable Denial of Service protection using cookies and aggressiveness
+ # checks.
+ # dos_protection = yes
+
+ # Compliance with the errata for RFC 4753.
+ # ecp_x_coordinate_only = yes
+
+ # Free objects during authentication (might conflict with plugins).
+ # flush_auth_cfg = no
+
+ # Whether to follow IKEv2 redirects (RFC 5685).
+ # follow_redirects = yes
+
+ # Maximum size (complete IP datagram size in bytes) of a sent IKE fragment
+ # when using proprietary IKEv1 or standardized IKEv2 fragmentation, defaults
+ # to 1280 (use 0 for address family specific default values, which uses a
+ # lower value for IPv4). If specified this limit is used for both IPv4 and
+ # IPv6.
+ # fragment_size = 1280
+
+ # Name of the group the daemon changes to after startup.
+ # group =
+
+ # Timeout in seconds for connecting IKE_SAs (also see IKE_SA_INIT DROPPING).
+ # half_open_timeout = 30
+
+ # Enable hash and URL support.
+ # hash_and_url = no
+
+ # Allow IKEv1 Aggressive Mode with pre-shared keys as responder.
+ # i_dont_care_about_security_and_use_aggressive_mode_psk = no
+
+ # Whether to ignore the traffic selectors from the kernel's acquire events
+ # for IKEv2 connections (they are not used for IKEv1).
+ # ignore_acquire_ts = no
+
+ # A space-separated list of routing tables to be excluded from route
+ # lookups.
+ # ignore_routing_tables =
+
+ # Maximum number of IKE_SAs that can be established at the same time before
+ # new connection attempts are blocked.
+ # ikesa_limit = 0
+
+ # Number of exclusively locked segments in the hash table.
+ # ikesa_table_segments = 1
+
+ # Size of the IKE_SA hash table.
+ # ikesa_table_size = 1
+
+ # Whether to close IKE_SA if the only CHILD_SA closed due to inactivity.
+ # inactivity_close_ike = no
+
+ # Limit new connections based on the current number of half open IKE_SAs,
+ # see IKE_SA_INIT DROPPING in strongswan.conf(5).
+ # init_limit_half_open = 0
+
+ # Limit new connections based on the number of queued jobs.
+ # init_limit_job_load = 0
+
+ # Causes charon daemon to ignore IKE initiation requests.
+ # initiator_only = no
+
+ # Install routes into a separate routing table for established IPsec
+ # tunnels.
+ install_routes = no
+
+ # Install virtual IP addresses.
+ install_virtual_ip = no
+
+ # The name of the interface on which virtual IP addresses should be
+ # installed.
+ # install_virtual_ip_on =
+
+ # Check daemon, libstrongswan and plugin integrity at startup.
+ # integrity_test = no
+
+ # A comma-separated list of network interfaces that should be ignored, if
+ # interfaces_use is specified this option has no effect.
+ # interfaces_ignore =
+
+ # A comma-separated list of network interfaces that should be used by
+ # charon. All other interfaces are ignored.
+ # interfaces_use =
+
+ # NAT keep alive interval.
+ # keep_alive = 20s
+
+ # Plugins to load in the IKE daemon charon.
+ # load =
+
+ # Determine plugins to load via each plugin's load option.
+ # load_modular = no
+
+ # Initiate IKEv2 reauthentication with a make-before-break scheme.
+ # make_before_break = no
+
+ # Maximum number of IKEv1 phase 2 exchanges per IKE_SA to keep state about
+ # and track concurrently.
+ # max_ikev1_exchanges = 3
+
+ # Maximum packet size accepted by charon.
+ # max_packet = 10000
+
+ # Enable multiple authentication exchanges (RFC 4739).
+ # multiple_authentication = yes
+
+ # WINS servers assigned to peer via configuration payload (CP).
+ # nbns1 =
+
+ # WINS servers assigned to peer via configuration payload (CP).
+ # nbns2 =
+
+ # UDP port used locally. If set to 0 a random port will be allocated.
+ # port = 500
+
+ # UDP port used locally in case of NAT-T. If set to 0 a random port will be
+ # allocated. Has to be different from charon.port, otherwise a random port
+ # will be allocated.
+ # port_nat_t = 4500
+
+ # Whether to prefer updating SAs to the path with the best route.
+ # prefer_best_path = no
+
+ # Prefer locally configured proposals for IKE/IPsec over supplied ones as
+ # responder (disabling this can avoid keying retries due to
+ # INVALID_KE_PAYLOAD notifies).
+ # prefer_configured_proposals = yes
+
+ # Controls whether permanent or temporary IPv6 addresses are used as source,
+ # or announced as additional addresses if MOBIKE is used.
+ # prefer_temporary_addrs = no
+
+ # Process RTM_NEWROUTE and RTM_DELROUTE events.
+ # process_route = yes
+
+ # How RDNs in subject DNs of certificates are matched against configured
+ # identities (strict, reordered, or relaxed).
+ # rdn_matching = strict
+
+ # Delay in ms for receiving packets, to simulate larger RTT.
+ # receive_delay = 0
+
+ # Delay request messages.
+ # receive_delay_request = yes
+
+ # Delay response messages.
+ # receive_delay_response = yes
+
+ # Specific IKEv2 message type to delay, 0 for any.
+ # receive_delay_type = 0
+
+ # Size of the AH/ESP replay window, in packets.
+ # replay_window = 32
+
+ # Base to use for calculating exponential back off, see IKEv2 RETRANSMISSION
+ # in strongswan.conf(5).
+ # retransmit_base = 1.8
+
+ # Maximum jitter in percent to apply randomly to calculated retransmission
+ # timeout (0 to disable).
+ # retransmit_jitter = 0
+
+ # Upper limit in seconds for calculated retransmission timeout (0 to
+ # disable).
+ # retransmit_limit = 0
+
+ # Timeout in seconds before sending first retransmit.
+ # retransmit_timeout = 4.0
+
+ # Number of times to retransmit a packet before giving up.
+ # retransmit_tries = 5
+
+ # Interval in seconds to use when retrying to initiate an IKE_SA (e.g. if
+ # DNS resolution failed), 0 to disable retries.
+ # retry_initiate_interval = 0
+
+ # Initiate CHILD_SA within existing IKE_SAs (always enabled for IKEv1).
+ # reuse_ikesa = yes
+
+ # Numerical routing table to install routes to.
+ # routing_table =
+
+ # Priority of the routing table.
+ # routing_table_prio =
+
+ # Whether to use RSA with PSS padding instead of PKCS#1 padding by default.
+ # rsa_pss = no
+
+ # Delay in ms for sending packets, to simulate larger RTT.
+ # send_delay = 0
+
+ # Delay request messages.
+ # send_delay_request = yes
+
+ # Delay response messages.
+ # send_delay_response = yes
+
+ # Specific IKEv2 message type to delay, 0 for any.
+ # send_delay_type = 0
+
+ # Send strongSwan vendor ID payload
+ # send_vendor_id = no
+
+ # Whether to enable Signature Authentication as per RFC 7427.
+ # signature_authentication = yes
+
+ # Whether to enable constraints against IKEv2 signature schemes.
+ # signature_authentication_constraints = yes
+
+ # Value mixed into the local IKE SPIs after applying spi_mask.
+ # spi_label = 0x0000000000000000
+
+ # Mask applied to local IKE SPIs before mixing in spi_label (bits set will
+ # be replaced with spi_label).
+ # spi_mask = 0x0000000000000000
+
+ # The upper limit for SPIs requested from the kernel for IPsec SAs.
+ # spi_max = 0xcfffffff
+
+ # The lower limit for SPIs requested from the kernel for IPsec SAs.
+ # spi_min = 0xc0000000
+
+ # Number of worker threads in charon.
+ # threads = 16
+
+ # Name of the user the daemon changes to after startup.
+ # user =
+
+ crypto_test {
+
+ # Benchmark crypto algorithms and order them by efficiency.
+ # bench = no
+
+ # Buffer size used for crypto benchmark.
+ # bench_size = 1024
+
+ # Time in ms during which crypto algorithm performance is measured.
+ # bench_time = 50
+
+ # Test crypto algorithms during registration (requires test vectors
+ # provided by the test-vectors plugin).
+ # on_add = no
+
+ # Test crypto algorithms on each crypto primitive instantiation.
+ # on_create = no
+
+ # Strictly require at least one test vector to enable an algorithm.
+ # required = no
+
+ # Whether to test RNG with TRUE quality; requires a lot of entropy.
+ # rng_true = no
+
+ }
+
+ host_resolver {
+
+ # Maximum number of concurrent resolver threads (they are terminated if
+ # unused).
+ # max_threads = 3
+
+ # Minimum number of resolver threads to keep around.
+ # min_threads = 0
+
+ }
+
+ leak_detective {
+
+ # Includes source file names and line numbers in leak detective output.
+ # detailed = yes
+
+ # Threshold in bytes for leaks to be reported (0 to report all).
+ # usage_threshold = 10240
+
+ # Threshold in number of allocations for leaks to be reported (0 to
+ # report all).
+ # usage_threshold_count = 0
+
+ }
+
+ processor {
+
+ # Section to configure the number of reserved threads per priority class
+ # see JOB PRIORITY MANAGEMENT in strongswan.conf(5).
+ priority_threads {
+
+ }
+
+ }
+
+ # Section containing a list of scripts (name = path) that are executed when
+ # the daemon is started.
+ start-scripts {
+
+ }
+
+ # Section containing a list of scripts (name = path) that are executed when
+ # the daemon is terminated.
+ stop-scripts {
+
+ }
+
+ tls {
+
+ # List of TLS encryption ciphers.
+ # cipher =
+
+ # List of TLS key exchange methods.
+ # key_exchange =
+
+ # List of TLS MAC algorithms.
+ # mac =
+
+ # List of TLS cipher suites.
+ # suites =
+
+ }
+
+ x509 {
+
+ # Discard certificates with unsupported or unknown critical extensions.
+ # enforce_critical = yes
+
+ }
+
+}
+
diff --git a/cicd/ipsec-e2e/rgw1_ipsec_config/ipsec.conf b/cicd/ipsec-e2e/rgw1_ipsec_config/ipsec.conf
new file mode 100644
index 00000000..43da92c5
--- /dev/null
+++ b/cicd/ipsec-e2e/rgw1_ipsec_config/ipsec.conf
@@ -0,0 +1,76 @@
+#@ /etc/strongswan/ipsec.conf (Centos) or /etc/ipsec.conf (Ubuntu)
+
+# ipsec.conf - strongSwan IPsec configuration file
+
+# basic configuration
+
+config setup
+ charondebug="cfg 2, ike 3"
+# strictcrlpolicy=yes
+# uniqueids = no
+
+# Add connections here.
+
+# Sample VPN connections
+
+#conn sample-self-signed
+# leftsubnet=10.1.0.0/16
+# leftcert=selfCert.der
+# leftsendcert=never
+# right=192.168.0.2
+# rightsubnet=10.2.0.0/16
+# rightcert=peerCert.der
+# auto=start
+
+#conn sample-with-ca-cert
+# leftsubnet=10.1.0.0/16
+# leftcert=myCert.pem
+# right=192.168.0.2
+# rightsubnet=10.2.0.0/16
+# rightid="C=CH, O=Linux strongSwan CN=peer name"
+# auto=start
+
+
+conn rgw1-to-llb1
+ leftauth=psk
+ rightauth=psk
+ # Encryption Algorithm : aes-128-cbc
+ # Authentication Algorithm : sha1
+ # Perfect Forward Secrecy : Diffie-Hellman Group 2
+ ike=aes256-sha256-modp2048s256,aes128-sha1-modp1024!
+ # Lifetime : 28800 seconds
+ ikelifetime=28800s
+ # Phase 1 Negotiation Mode : main
+ aggressive=no
+ # Protocol : esp
+ # Encryption Algorithm : aes-128-cbc
+ # Authentication Algorithm : hmac-sha1-96
+ # Perfect Forward Secrecy : Diffie-Hellman Group 2
+ esp=aes128-sha256-modp2048s256,aes128-sha1-modp1024!
+ # Lifetime : 3600 seconds
+ lifetime=3600s
+ # Mode : tunnel
+ type=tunnel
+ # DPD Interval : 10
+ dpddelay=10s
+ # DPD Retries : 3
+ dpdtimeout=30s
+ # Tuning Parameters for AWS Virtual Private Gateway:
+ keyexchange=ikev2
+ #keyingtries=%forever
+ rekey=yes
+ reauth=no
+ dpdaction=restart
+ closeaction=restart
+ #left=%defaultroute
+ leftsubnet=192.168.10.10
+ rightsubnet=192.168.10.200
+ #leftupdown=/etc/strongswan/ipsec-vti.sh
+ left=8.7.7.1
+ right=8.7.7.254
+ installpolicy=yes
+ compress=no
+ mobike=no
+ #VTI Key
+ mark=200
+ auto=start
diff --git a/cicd/ipsec-e2e/rgw1_ipsec_config/ipsec.secrets b/cicd/ipsec-e2e/rgw1_ipsec_config/ipsec.secrets
new file mode 100644
index 00000000..4e71446d
--- /dev/null
+++ b/cicd/ipsec-e2e/rgw1_ipsec_config/ipsec.secrets
@@ -0,0 +1,3 @@
+#@ /etc/strongswan/ipsec.secrets (Centos) or /etc/ipsec.secrets (Ubuntu)
+
+8.7.7.1 8.7.7.254 : PSK "loxilb@1234!"
diff --git a/cicd/ipsec-e2e/rgw2_ipsec_config/charon.conf b/cicd/ipsec-e2e/rgw2_ipsec_config/charon.conf
new file mode 100644
index 00000000..926ae24a
--- /dev/null
+++ b/cicd/ipsec-e2e/rgw2_ipsec_config/charon.conf
@@ -0,0 +1,376 @@
+# Options for the charon IKE daemon.
+charon {
+
+ # Accept unencrypted ID and HASH payloads in IKEv1 Main Mode.
+ # accept_unencrypted_mainmode_messages = no
+
+ # Maximum number of half-open IKE_SAs for a single peer IP.
+ # block_threshold = 5
+
+ # Whether Certificate Revocation Lists (CRLs) fetched via HTTP or LDAP
+ # should be saved under a unique file name derived from the public key of
+ # the Certification Authority (CA) to /etc/ipsec.d/crls (stroke) or
+ # /etc/swanctl/x509crl (vici), respectively.
+ # cache_crls = no
+
+ # Whether relations in validated certificate chains should be cached in
+ # memory.
+ # cert_cache = yes
+
+ # Send Cisco Unity vendor ID payload (IKEv1 only).
+ # cisco_unity = no
+
+ # Close the IKE_SA if setup of the CHILD_SA along with IKE_AUTH failed.
+ # close_ike_on_child_failure = no
+
+ # Number of half-open IKE_SAs that activate the cookie mechanism.
+ # cookie_threshold = 10
+
+ # Delete CHILD_SAs right after they got successfully rekeyed (IKEv1 only).
+ # delete_rekeyed = no
+
+ # Delay in seconds until inbound IPsec SAs are deleted after rekeyings
+ # (IKEv2 only).
+ # delete_rekeyed_delay = 5
+
+ # Use ANSI X9.42 DH exponent size or optimum size matched to cryptographic
+ # strength.
+ # dh_exponent_ansi_x9_42 = yes
+
+ # Use RTLD_NOW with dlopen when loading plugins and IMV/IMCs to reveal
+ # missing symbols immediately.
+ # dlopen_use_rtld_now = no
+
+ # DNS server assigned to peer via configuration payload (CP).
+ # dns1 =
+
+ # DNS server assigned to peer via configuration payload (CP).
+ # dns2 =
+
+ # Enable Denial of Service protection using cookies and aggressiveness
+ # checks.
+ # dos_protection = yes
+
+ # Compliance with the errata for RFC 4753.
+ # ecp_x_coordinate_only = yes
+
+ # Free objects during authentication (might conflict with plugins).
+ # flush_auth_cfg = no
+
+ # Whether to follow IKEv2 redirects (RFC 5685).
+ # follow_redirects = yes
+
+ # Maximum size (complete IP datagram size in bytes) of a sent IKE fragment
+ # when using proprietary IKEv1 or standardized IKEv2 fragmentation, defaults
+ # to 1280 (use 0 for address family specific default values, which uses a
+ # lower value for IPv4). If specified this limit is used for both IPv4 and
+ # IPv6.
+ # fragment_size = 1280
+
+ # Name of the group the daemon changes to after startup.
+ # group =
+
+ # Timeout in seconds for connecting IKE_SAs (also see IKE_SA_INIT DROPPING).
+ # half_open_timeout = 30
+
+ # Enable hash and URL support.
+ # hash_and_url = no
+
+ # Allow IKEv1 Aggressive Mode with pre-shared keys as responder.
+ # i_dont_care_about_security_and_use_aggressive_mode_psk = no
+
+ # Whether to ignore the traffic selectors from the kernel's acquire events
+ # for IKEv2 connections (they are not used for IKEv1).
+ # ignore_acquire_ts = no
+
+ # A space-separated list of routing tables to be excluded from route
+ # lookups.
+ # ignore_routing_tables =
+
+ # Maximum number of IKE_SAs that can be established at the same time before
+ # new connection attempts are blocked.
+ # ikesa_limit = 0
+
+ # Number of exclusively locked segments in the hash table.
+ # ikesa_table_segments = 1
+
+ # Size of the IKE_SA hash table.
+ # ikesa_table_size = 1
+
+ # Whether to close IKE_SA if the only CHILD_SA closed due to inactivity.
+ # inactivity_close_ike = no
+
+ # Limit new connections based on the current number of half open IKE_SAs,
+ # see IKE_SA_INIT DROPPING in strongswan.conf(5).
+ # init_limit_half_open = 0
+
+ # Limit new connections based on the number of queued jobs.
+ # init_limit_job_load = 0
+
+ # Causes charon daemon to ignore IKE initiation requests.
+ # initiator_only = no
+
+ # Install routes into a separate routing table for established IPsec
+ # tunnels.
+ install_routes = no
+
+ # Install virtual IP addresses.
+ install_virtual_ip = no
+
+ # The name of the interface on which virtual IP addresses should be
+ # installed.
+ # install_virtual_ip_on =
+
+ # Check daemon, libstrongswan and plugin integrity at startup.
+ # integrity_test = no
+
+ # A comma-separated list of network interfaces that should be ignored, if
+ # interfaces_use is specified this option has no effect.
+ # interfaces_ignore =
+
+ # A comma-separated list of network interfaces that should be used by
+ # charon. All other interfaces are ignored.
+ # interfaces_use =
+
+ # NAT keep alive interval.
+ # keep_alive = 20s
+
+ # Plugins to load in the IKE daemon charon.
+ # load =
+
+ # Determine plugins to load via each plugin's load option.
+ # load_modular = no
+
+ # Initiate IKEv2 reauthentication with a make-before-break scheme.
+ # make_before_break = no
+
+ # Maximum number of IKEv1 phase 2 exchanges per IKE_SA to keep state about
+ # and track concurrently.
+ # max_ikev1_exchanges = 3
+
+ # Maximum packet size accepted by charon.
+ # max_packet = 10000
+
+ # Enable multiple authentication exchanges (RFC 4739).
+ # multiple_authentication = yes
+
+ # WINS servers assigned to peer via configuration payload (CP).
+ # nbns1 =
+
+ # WINS servers assigned to peer via configuration payload (CP).
+ # nbns2 =
+
+ # UDP port used locally. If set to 0 a random port will be allocated.
+ # port = 500
+
+ # UDP port used locally in case of NAT-T. If set to 0 a random port will be
+ # allocated. Has to be different from charon.port, otherwise a random port
+ # will be allocated.
+ # port_nat_t = 4500
+
+ # Whether to prefer updating SAs to the path with the best route.
+ # prefer_best_path = no
+
+ # Prefer locally configured proposals for IKE/IPsec over supplied ones as
+ # responder (disabling this can avoid keying retries due to
+ # INVALID_KE_PAYLOAD notifies).
+ # prefer_configured_proposals = yes
+
+ # Controls whether permanent or temporary IPv6 addresses are used as source,
+ # or announced as additional addresses if MOBIKE is used.
+ # prefer_temporary_addrs = no
+
+ # Process RTM_NEWROUTE and RTM_DELROUTE events.
+ # process_route = yes
+
+ # How RDNs in subject DNs of certificates are matched against configured
+ # identities (strict, reordered, or relaxed).
+ # rdn_matching = strict
+
+ # Delay in ms for receiving packets, to simulate larger RTT.
+ # receive_delay = 0
+
+ # Delay request messages.
+ # receive_delay_request = yes
+
+ # Delay response messages.
+ # receive_delay_response = yes
+
+ # Specific IKEv2 message type to delay, 0 for any.
+ # receive_delay_type = 0
+
+ # Size of the AH/ESP replay window, in packets.
+ # replay_window = 32
+
+ # Base to use for calculating exponential back off, see IKEv2 RETRANSMISSION
+ # in strongswan.conf(5).
+ # retransmit_base = 1.8
+
+ # Maximum jitter in percent to apply randomly to calculated retransmission
+ # timeout (0 to disable).
+ # retransmit_jitter = 0
+
+ # Upper limit in seconds for calculated retransmission timeout (0 to
+ # disable).
+ # retransmit_limit = 0
+
+ # Timeout in seconds before sending first retransmit.
+ # retransmit_timeout = 4.0
+
+ # Number of times to retransmit a packet before giving up.
+ # retransmit_tries = 5
+
+ # Interval in seconds to use when retrying to initiate an IKE_SA (e.g. if
+ # DNS resolution failed), 0 to disable retries.
+ # retry_initiate_interval = 0
+
+ # Initiate CHILD_SA within existing IKE_SAs (always enabled for IKEv1).
+ # reuse_ikesa = yes
+
+ # Numerical routing table to install routes to.
+ # routing_table =
+
+ # Priority of the routing table.
+ # routing_table_prio =
+
+ # Whether to use RSA with PSS padding instead of PKCS#1 padding by default.
+ # rsa_pss = no
+
+ # Delay in ms for sending packets, to simulate larger RTT.
+ # send_delay = 0
+
+ # Delay request messages.
+ # send_delay_request = yes
+
+ # Delay response messages.
+ # send_delay_response = yes
+
+ # Specific IKEv2 message type to delay, 0 for any.
+ # send_delay_type = 0
+
+ # Send strongSwan vendor ID payload
+ # send_vendor_id = no
+
+ # Whether to enable Signature Authentication as per RFC 7427.
+ # signature_authentication = yes
+
+ # Whether to enable constraints against IKEv2 signature schemes.
+ # signature_authentication_constraints = yes
+
+ # Value mixed into the local IKE SPIs after applying spi_mask.
+ # spi_label = 0x0000000000000000
+
+ # Mask applied to local IKE SPIs before mixing in spi_label (bits set will
+ # be replaced with spi_label).
+ # spi_mask = 0x0000000000000000
+
+ # The upper limit for SPIs requested from the kernel for IPsec SAs.
+ # spi_max = 0xcfffffff
+
+ # The lower limit for SPIs requested from the kernel for IPsec SAs.
+ # spi_min = 0xc0000000
+
+ # Number of worker threads in charon.
+ # threads = 16
+
+ # Name of the user the daemon changes to after startup.
+ # user =
+
+ crypto_test {
+
+ # Benchmark crypto algorithms and order them by efficiency.
+ # bench = no
+
+ # Buffer size used for crypto benchmark.
+ # bench_size = 1024
+
+ # Time in ms during which crypto algorithm performance is measured.
+ # bench_time = 50
+
+ # Test crypto algorithms during registration (requires test vectors
+ # provided by the test-vectors plugin).
+ # on_add = no
+
+ # Test crypto algorithms on each crypto primitive instantiation.
+ # on_create = no
+
+ # Strictly require at least one test vector to enable an algorithm.
+ # required = no
+
+ # Whether to test RNG with TRUE quality; requires a lot of entropy.
+ # rng_true = no
+
+ }
+
+ host_resolver {
+
+ # Maximum number of concurrent resolver threads (they are terminated if
+ # unused).
+ # max_threads = 3
+
+ # Minimum number of resolver threads to keep around.
+ # min_threads = 0
+
+ }
+
+ leak_detective {
+
+ # Includes source file names and line numbers in leak detective output.
+ # detailed = yes
+
+ # Threshold in bytes for leaks to be reported (0 to report all).
+ # usage_threshold = 10240
+
+ # Threshold in number of allocations for leaks to be reported (0 to
+ # report all).
+ # usage_threshold_count = 0
+
+ }
+
+ processor {
+
+ # Section to configure the number of reserved threads per priority class
+ # see JOB PRIORITY MANAGEMENT in strongswan.conf(5).
+ priority_threads {
+
+ }
+
+ }
+
+ # Section containing a list of scripts (name = path) that are executed when
+ # the daemon is started.
+ start-scripts {
+
+ }
+
+ # Section containing a list of scripts (name = path) that are executed when
+ # the daemon is terminated.
+ stop-scripts {
+
+ }
+
+ tls {
+
+ # List of TLS encryption ciphers.
+ # cipher =
+
+ # List of TLS key exchange methods.
+ # key_exchange =
+
+ # List of TLS MAC algorithms.
+ # mac =
+
+ # List of TLS cipher suites.
+ # suites =
+
+ }
+
+ x509 {
+
+ # Discard certificates with unsupported or unknown critical extensions.
+ # enforce_critical = yes
+
+ }
+
+}
+
diff --git a/cicd/ipsec-e2e/rgw2_ipsec_config/ipsec.conf b/cicd/ipsec-e2e/rgw2_ipsec_config/ipsec.conf
new file mode 100644
index 00000000..f173a905
--- /dev/null
+++ b/cicd/ipsec-e2e/rgw2_ipsec_config/ipsec.conf
@@ -0,0 +1,76 @@
+#@ /etc/strongswan/ipsec.conf (Centos) or /etc/ipsec.conf (Ubuntu)
+
+# ipsec.conf - strongSwan IPsec configuration file
+
+# basic configuration
+
+config setup
+ charondebug="cfg 2, ike 3"
+# strictcrlpolicy=yes
+# uniqueids = no
+
+# Add connections here.
+
+# Sample VPN connections
+
+#conn sample-self-signed
+# leftsubnet=10.1.0.0/16
+# leftcert=selfCert.der
+# leftsendcert=never
+# right=192.168.0.2
+# rightsubnet=10.2.0.0/16
+# rightcert=peerCert.der
+# auto=start
+
+#conn sample-with-ca-cert
+# leftsubnet=10.1.0.0/16
+# leftcert=myCert.pem
+# right=192.168.0.2
+# rightsubnet=10.2.0.0/16
+# rightid="C=CH, O=Linux strongSwan CN=peer name"
+# auto=start
+
+
+conn rgw2-to-llb1
+ leftauth=psk
+ rightauth=psk
+ # Encryption Algorithm : aes-128-cbc
+ # Authentication Algorithm : sha1
+ # Perfect Forward Secrecy : Diffie-Hellman Group 2
+ ike=aes256-sha256-modp2048s256,aes128-sha1-modp1024!
+ # Lifetime : 28800 seconds
+ ikelifetime=28800s
+ # Phase 1 Negotiation Mode : main
+ aggressive=no
+ # Protocol : esp
+ # Encryption Algorithm : aes-128-cbc
+ # Authentication Algorithm : hmac-sha1-96
+ # Perfect Forward Secrecy : Diffie-Hellman Group 2
+ esp=aes128-sha256-modp2048s256,aes128-sha1-modp1024!
+ # Lifetime : 3600 seconds
+ lifetime=3600s
+ # Mode : tunnel
+ type=tunnel
+ # DPD Interval : 10
+ dpddelay=10s
+ # DPD Retries : 3
+ dpdtimeout=30s
+ # Tuning Parameters for AWS Virtual Private Gateway:
+ keyexchange=ikev2
+ #keyingtries=%forever
+ rekey=yes
+ reauth=no
+ dpdaction=restart
+ closeaction=restart
+ #left=%defaultroute
+ leftsubnet=192.168.10.11
+ rightsubnet=192.168.10.200
+ #leftupdown=/etc/strongswan/ipsec-vti.sh
+ left=8.7.7.2
+ right=8.7.7.254
+ installpolicy=yes
+ compress=no
+ mobike=no
+ #VTI Key
+ mark=201
+ auto=start
diff --git a/cicd/ipsec-e2e/rgw2_ipsec_config/ipsec.secrets b/cicd/ipsec-e2e/rgw2_ipsec_config/ipsec.secrets
new file mode 100644
index 00000000..b24a6b9b
--- /dev/null
+++ b/cicd/ipsec-e2e/rgw2_ipsec_config/ipsec.secrets
@@ -0,0 +1,3 @@
+#@ /etc/strongswan/ipsec.secrets (Centos) or /etc/ipsec.secrets (Ubuntu)
+
+8.7.7.2 8.7.7.254 : PSK "loxilb@1234!"
diff --git a/cicd/ipsec-e2e/rmconfig.sh b/cicd/ipsec-e2e/rmconfig.sh
new file mode 100755
index 00000000..a7406048
--- /dev/null
+++ b/cicd/ipsec-e2e/rmconfig.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+source ../common.sh
+
+disconnect_docker_hosts lh1 lgw1
+disconnect_docker_hosts lgw1 llb1
+disconnect_docker_hosts llb1 rgw1
+disconnect_docker_hosts llb1 rgw2
+disconnect_docker_hosts rgw1 rh1
+disconnect_docker_hosts rgw2 rh2
+
+delete_docker_host llb1
+delete_docker_host lgw1
+delete_docker_host rgw1
+delete_docker_host rgw2
+delete_docker_host lh1
+delete_docker_host rh1
+delete_docker_host rh2
+
+echo "#########################################"
+echo "Deleted testbed"
+echo "#########################################"
diff --git a/cicd/ipsec-e2e/validation.sh b/cicd/ipsec-e2e/validation.sh
new file mode 100755
index 00000000..e28b28d1
--- /dev/null
+++ b/cicd/ipsec-e2e/validation.sh
@@ -0,0 +1,61 @@
+#!/bin/bash
+source ../common.sh
+echo IPSEC-e2e
+$hexec rh1 node ../common/tcp_server.js server1 &
+$hexec rh2 node ../common/tcp_server.js server2 &
+
+sleep 2
+lgw1_rx1=`$hexec lgw1 ifconfig vti100 | grep "RX packets" | cut -d " " -f 11`
+lgw1_tx1=`$hexec lgw1 ifconfig vti100 | grep "TX packets" | cut -d " " -f 11`
+llb1_rx1=`$hexec llb1 ifconfig vti100 | grep "RX packets" | cut -d " " -f 11`
+llb1_tx1=`$hexec llb1 ifconfig vti100 | grep "TX packets" | cut -d " " -f 11`
+llb1_rx2=`$hexec llb1 ifconfig vti200 | grep "RX packets" | cut -d " " -f 11`
+llb1_tx2=`$hexec llb1 ifconfig vti200 | grep "TX packets" | cut -d " " -f 11`
+llb1_rx3=`$hexec llb1 ifconfig vti201 | grep "RX packets" | cut -d " " -f 11`
+llb1_tx3=`$hexec llb1 ifconfig vti201 | grep "TX packets" | cut -d " " -f 11`
+
+rgw1_rx1=`$hexec rgw1 ifconfig vti200 | grep "RX packets" | cut -d " " -f 11`
+rgw1_tx1=`$hexec rgw1 ifconfig vti200 | grep "TX packets" | cut -d " " -f 11`
+rgw2_rx1=`$hexec rgw2 ifconfig vti201 | grep "RX packets" | cut -d " " -f 11`
+rgw2_tx1=`$hexec rgw2 ifconfig vti201 | grep "TX packets" | cut -d " " -f 11`
+
+code=0
+servArr=( "server1" "server2" )
+vip=( "192.168.10.200" )
+
+for j in {0..3}
+do
+for i in {0..1}
+do
+ res=`$hexec lh1 curl --max-time 10 -s http://${vip[0]}:2020`
+ echo -e $res
+ if [[ "x$res" != "x${servArr[$i]}" ]]
+ then
+ echo -e "Expected ${servArr[$i]}, Received : $res"
+ if [[ "$res" != *"server"* ]];
+ then
+ echo "lgw1 ct"
+ $dexec lgw1 loxicmd get ct
+ echo "llb1 ct"
+ $dexec llb1 loxicmd get ct
+ echo "rgw1 ct"
+ $dexec rgw1 loxicmd get ct
+ echo "rgw2 ct"
+ $dexec rgw2 loxicmd get ct
+ echo "llb1 ip neigh"
+ $dexec llb1 ip neigh
+ fi
+ code=1
+ fi
+ sleep 1
+done
+done
+if [[ $code == 0 ]]
+then
+ echo IPSEC-3 [OK]
+else
+ echo IPSEC-3 [FAILED]
+fi
+sudo pkill node
+exit $code
+
diff --git a/cicd/k0s-incluster/common.sh b/cicd/k0s-incluster/common.sh
index b82f6e0e..ea119602 100755
--- a/cicd/k0s-incluster/common.sh
+++ b/cicd/k0s-incluster/common.sh
@@ -536,8 +536,8 @@ function create_lb_rule() {
echo "$1: loxicmd create lb ${args[*]}"
$dexec $1 loxicmd create lb ${args[*]}
- hook=$($dexec llb1 ntc filter show dev eth0 ingress | grep tc_packet_hook)
- if [[ $hook != *"tc_packet_hook"* ]]; then
+ hook=$($dexec llb1 tc filter show dev eth0 ingress | grep tc_packet_func)
+ if [[ $hook != *"tc_packet_func"* ]]; then
echo "ERROR : No hook point found";
exit 1
fi
diff --git a/cicd/k3s-flannel-loxilb-ingress/Vagrantfile b/cicd/k3s-flannel-loxilb-ingress/Vagrantfile
new file mode 100644
index 00000000..69cb4c0b
--- /dev/null
+++ b/cicd/k3s-flannel-loxilb-ingress/Vagrantfile
@@ -0,0 +1,39 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+workers = (ENV['WORKERS'] || "1").to_i
+#box_name = (ENV['VAGRANT_BOX'] || "ubuntu/focal64")
+box_name = (ENV['VAGRANT_BOX'] || "sysnet4admin/Ubuntu-k8s")
+box_version = "0.7.1"
+Vagrant.configure("2") do |config|
+ config.vm.box = "#{box_name}"
+ config.vm.box_version = "#{box_version}"
+
+ if Vagrant.has_plugin?("vagrant-vbguest")
+ config.vbguest.auto_update = false
+ end
+
+ config.vm.define "loxilb" do |loxilb|
+ loxilb.vm.hostname = 'llb1'
+ #loxilb.vm.network "forwarded_port", guest: 55002, host: 5502, protocol: "tcp"
+ loxilb.vm.network :private_network, ip: "192.168.80.9", :netmask => "255.255.255.0"
+ loxilb.vm.network :private_network, ip: "192.168.90.9", :netmask => "255.255.255.0"
+ loxilb.vm.provision :shell, :path => "loxilb.sh"
+ loxilb.vm.provider :virtualbox do |vbox|
+ vbox.customize ["modifyvm", :id, "--memory", 6000]
+ vbox.customize ["modifyvm", :id, "--cpus", 4]
+ end
+ end
+
+
+ config.vm.define "master" do |master|
+ master.vm.hostname = 'master'
+ master.vm.network :private_network, ip: "192.168.80.10", :netmask => "255.255.255.0"
+ master.vm.provision :shell, :path => "master.sh"
+ master.vm.provider :virtualbox do |vbox|
+ vbox.customize ["modifyvm", :id, "--memory", 8192]
+ vbox.customize ["modifyvm", :id, "--cpus", 4]
+ end
+ end
+
+end
diff --git a/cicd/k3s-flannel-loxilb-ingress/config.sh b/cicd/k3s-flannel-loxilb-ingress/config.sh
new file mode 100755
index 00000000..6b8ee48e
--- /dev/null
+++ b/cicd/k3s-flannel-loxilb-ingress/config.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+vagrant global-status | grep -i virtualbox | cut -f 1 -d ' ' | xargs -L 1 vagrant destroy -f
+vagrant up
diff --git a/cicd/k3s-flannel-loxilb-ingress/ingress/loxilb-ingress-deploy.yml b/cicd/k3s-flannel-loxilb-ingress/ingress/loxilb-ingress-deploy.yml
new file mode 100644
index 00000000..457cf9cd
--- /dev/null
+++ b/cicd/k3s-flannel-loxilb-ingress/ingress/loxilb-ingress-deploy.yml
@@ -0,0 +1,266 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ labels:
+ app.kubernetes.io/instance: loxilb-ingress
+ app.kubernetes.io/name: loxilb-ingress
+ name: loxilb-ingress
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/instance: loxilb-ingress
+ app.kubernetes.io/name: loxilb-ingress
+ name: loxilb-ingress
+ namespace: kube-system
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: loxilb-ingress
+ namespace: kube-system
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - get
+ - watch
+ - list
+ - patch
+ - apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - get
+ - watch
+ - list
+ - patch
+ - apiGroups:
+ - ""
+ resources:
+ - endpoints
+ - services
+ - services/status
+ verbs:
+ - get
+ - watch
+ - list
+ - patch
+ - update
+ - apiGroups:
+ - discovery.k8s.io
+ resources:
+ - endpointslices
+ verbs:
+ - get
+ - watch
+ - list
+ - apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+ - apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+ - apiGroups:
+ - networking.k8s.io
+ resources:
+ - ingresses
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - networking.k8s.io
+ resources:
+ - ingresses/status
+ verbs:
+ - update
+ - apiGroups:
+ - networking.k8s.io
+ resources:
+ - ingressclasses
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - create
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+ - apiGroups:
+ - discovery.k8s.io
+ resources:
+ - endpointslices
+ verbs:
+ - list
+ - watch
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/instance: loxilb-ingress
+ app.kubernetes.io/name: loxilb-ingress
+ name: loxilb-ingress
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ - endpoints
+ - nodes
+ - pods
+ - secrets
+ - namespaces
+ verbs:
+ - list
+ - watch
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - get
+- apiGroups:
+ - ""
+ resources:
+ - services
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - networking.k8s.io
+ - extensions
+ resources:
+ - ingresses
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+- apiGroups:
+ - networking.k8s.io
+ resources:
+ - ingresses/status
+ verbs:
+ - update
+- apiGroups:
+ - networking.k8s.io
+ resources:
+ - ingressclasses
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - discovery.k8s.io
+ resources:
+ - endpointslices
+ verbs:
+ - list
+ - watch
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/instance: loxilb-ingress
+ app.kubernetes.io/name: loxilb-ingress
+ name: loxilb-ingress
+ namespace: kube-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: loxilb-ingress
+subjects:
+- kind: ServiceAccount
+ name: loxilb-ingress
+ namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/instance: loxilb-ingress
+ app.kubernetes.io/name: loxilb-ingress
+ name: loxilb-ingress
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: loxilb-ingress
+subjects:
+- kind: ServiceAccount
+ name: loxilb-ingress
+ namespace: kube-system
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: loxilb-ingress
+ namespace: kube-system
+spec:
+ selector:
+ matchLabels:
+ app: loxilb-ingress
+ app.kubernetes.io/instance: loxilb-ingress
+ app.kubernetes.io/name: loxilb-ingress
+ template:
+ metadata:
+ name: loxilb-ingress
+ labels:
+ app: loxilb-ingress
+ app.kubernetes.io/instance: loxilb-ingress
+ app.kubernetes.io/name: loxilb-ingress
+ spec:
+ #hostNetwork: true
+ #dnsPolicy: ClusterFirstWithHostNet
+ serviceAccountName: loxilb-ingress
+ containers:
+ - name: loxilb-ingress
+ volumeMounts:
+ - mountPath: "/opt/loxilb/cert/"
+ name: loxilb-ssl
+ image: "ghcr.io/loxilb-io/loxilb-ingress:latest"
+ imagePullPolicy: Always
+ command: [ "/bin/loxilb-ingress" ]
+ ports:
+ - containerPort: 11111
+ volumes:
+ - name: loxilb-ssl
+ secret:
+ secretName: loxilb-ssl
diff --git a/cicd/k3s-flannel-loxilb-ingress/ingress/loxilb-ingress-svc.yml b/cicd/k3s-flannel-loxilb-ingress/ingress/loxilb-ingress-svc.yml
new file mode 100644
index 00000000..698bd2aa
--- /dev/null
+++ b/cicd/k3s-flannel-loxilb-ingress/ingress/loxilb-ingress-svc.yml
@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: loxilb-ingress-manager
+ namespace: kube-system
+ annotations:
+ loxilb.io/lbmode: "onearm"
+spec:
+ externalTrafficPolicy: Local
+ loadBalancerClass: loxilb.io/loxilb
+ selector:
+ app.kubernetes.io/instance: loxilb-ingress
+ app.kubernetes.io/name: loxilb-ingress
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: 80
+ - name: https
+ port: 443
+ protocol: TCP
+ targetPort: 443
+ type: LoadBalancer
diff --git a/cicd/k3s-flannel-loxilb-ingress/ingress/loxilb-ingress.yml b/cicd/k3s-flannel-loxilb-ingress/ingress/loxilb-ingress.yml
new file mode 100644
index 00000000..1808b48d
--- /dev/null
+++ b/cicd/k3s-flannel-loxilb-ingress/ingress/loxilb-ingress.yml
@@ -0,0 +1,55 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: site
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ name: site-handler
+ template:
+ metadata:
+ labels:
+ name: site-handler
+ spec:
+ containers:
+ - name: blog
+ image: ghcr.io/loxilb-io/nginx:stable
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: site-handler-service
+spec:
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: 80
+ selector:
+ name: site-handler
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: site-loxilb-ingress
+spec:
+ ingressClassName: loxilb
+ tls:
+ - hosts:
+ - loxilb.io
+ secretName: loxilb-ssl
+ rules:
+ - host: loxilb.io
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: site-handler-service
+ port:
+ number: 80
diff --git a/cicd/k3s-flannel-loxilb-ingress/ingress/loxilb-secret.yml b/cicd/k3s-flannel-loxilb-ingress/ingress/loxilb-secret.yml
new file mode 100644
index 00000000..73d69182
--- /dev/null
+++ b/cicd/k3s-flannel-loxilb-ingress/ingress/loxilb-secret.yml
@@ -0,0 +1,10 @@
+apiVersion: v1
+data:
+ server.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDVENDQXZHZ0F3SUJBZ0lVSENPekxWNlRFeVg2cjIxNllycFlOWWZOY2Zzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZERVNNQkFHQTFVRUF3d0piRzk0YVd4aUxtbHZNQjRYRFRJME1EZ3dPREEyTXpNeE5Gb1hEVEkxTURndwpPREEyTXpNeE5Gb3dGREVTTUJBR0ExVUVBd3dKYkc5NGFXeGlMbWx2TUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGCkFBT0NBZzhBTUlJQ0NnS0NBZ0VBb2hMNWgxSlFFVVlpRExvR0hzdDNmM3ZrWkcyMWU1LzM2Rml1WDhsa1pOTkwKZUlUZmUzR1E0ci96K253N0oxSXdlc2VHdkkyZW5FNWtLYVdsZHhpekNEd2JxS21GRk1EMk1zQklEUlRJb2d4NgpOak1YUFlqQ1VxUlhVODJwNzhUa1Bvd1FqdllhcExiZ3REcWdiWWxMZC95VUg5aWdmcHo5VFY2d2grQlMvUDJwCnc1MUMrckRIUHdSM0JNL2hGNUtpeVZway9GNmJNQjZRSFE2bGk5SmR4ZEVNSGtDRXhPWUo1R01kVkEvRmUzODMKbTNwK2JucVd2OXdLTXF0d29LVVVEOFJ0TmdkUXJxSmp0elV3YXRmT0VkY3ptTG1uVXg2VjgyMk9weFhQeG4vSApiSmxUcy8vblRrV0FCWmFEVGFqQ2FnZUpCQnZ4Rk1Eci9mVUdQWlRPRUdEZkxxaE9HM0g4UDJmMGp1OHFpMUJ0Cnp0ODBmT2N2eElLME8veWJnemRINjB6YXJFcEZFRjFEcGF3a0hGWmZHYmVTdnpUeTZSVm0zWWxRRjc2NFZHTDQKSCtMMFFEcVI2Zm0veHoxaEhLbER6dFA2VUV1MjExUUc4RDUvQ1ZUVzdQQUIrMkRWbk1vN0JqRzYrVG55Z0ZqNApOUXZEaW9VQ1NwZzdRT2g2RWw0UjgwVHR1Vmo5bEsvbnVIR08yQ0hwclhnTzUyeWgrZzNzOUJVeXQ5eXVQQVFxCkhIeWsyT3hIc1dURnFTQ3VaNHo0NVI0NWFTcmNDd2t6N09xbWlVWTUrenduT1F5WlN3Y2JzUVhzbVNEUm9KUVcKR2lwSUp0VVZjcnZSbWIzWkFnRDVNdlVQRXpEYjVTME5La1lqczNvWnVBZXVjSGJSS080RkFMRlRDYi9JR2E4QwpBd0VBQWFOVE1GRXdIUVlEVlIwT0JCWUVGTDRJZFpKNE9Obk53cVVmdFhCR25STndwN0V0TUI4R0ExVWRJd1FZCk1CYUFGTDRJZFpKNE9Obk53cVVmdFhCR25STndwN0V0TUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3RFFZSktvWkkKaHZjTkFRRUxCUUFEZ2dJQkFFWHg0Q3pUMnNTOCtMVjRHc0I2bDFtRWM5UFJiT205Q1pQK3M2MzQ5QVd5MXh3cwppUmlaYVJVcEJ2Skk1MHZYMjhaeWJRVXpPdVg3ZGE5bFIzWEhLM01QdHlVUk5NYkcySzlmbzVZQ1RqV3lTZEg1CnpJQm1RZVV0cXE1OVMwdytSQytUcC9xd3lveUlUajk2dGU0YmdheGhUV2RtazZUNFZjWkgwY1NQU0hEMG9DeFkKcHJDOVdnQ21kQ3JOWWQ0T2pxaUhwOERhWHFybGhmbWZXdThHaFJlcVNmL1pEOTBrSUw3aEx0OHBXYXRpQnZ3UAowRmtGMjNWcFBwZ0s0MElKM1NBcllSWXlIUllKaDNLK1QzZ2RQY0pOdUloaENrRE1YNUtKdlI1QXdUdWpEL1lKCjNTTVRzL1F0SnZScDd0Q0kxM1lwZXFiaHFoQnBtdzdVWFpSUnh4WURiNHU2L25oZUZkMS9NNjdsYTJtUmpvZlIKUDQxc2pRa1lQSkhsY2hVMHRkQnRjN203bVkrdFo1U2h4bklKZnFBS1pqTEpEZUJyYlhrS2hjNms4NFpBM09vQwpCajl1U3V1RERlUUJ0VDlYUHppOVZaV2pVWis2Zk42QlB0RHVRa0x4V2xacHN0TXJIUEhia1gvVXhmU2NuZEpiCkw0ZXBhTVVqUDJDWnd2NGFraUxjZmQzVXEwaENQZzVZNTNOL1cyWlJ2Y204aGlpcXptaDIyeUxMYUZEQXBOaGEKZitXdUNxNU1HQ2Rib3U1Wnk4TXRoaXZwRnhEUXAzWkh4RktXTGw3VGZpR0hRYXZVK0ZnUVdQUFUrOVVmYksyZQpQYmRSSmxoaVE1Z09VbHBWT1V6bGVxR3lhVldDRHpuQ3JlVWFVcnNzbkNZejdzQmNORTViYUl4dlptUmkKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+ server.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRQ2lFdm1IVWxBUlJpSU0KdWdZZXkzZC9lK1JrYmJWN24vZm9XSzVmeVdSazAwdDRoTjk3Y1pEaXYvUDZmRHNuVWpCNng0YThqWjZjVG1RcApwYVYzR0xNSVBCdW9xWVVVd1BZeXdFZ05GTWlpREhvMk14YzlpTUpTcEZkVHphbnZ4T1ErakJDTzlocWt0dUMwCk9xQnRpVXQzL0pRZjJLQituUDFOWHJDSDRGTDgvYW5EblVMNnNNYy9CSGNFeitFWGtxTEpXbVQ4WHBzd0hwQWQKRHFXTDBsM0YwUXdlUUlURTVnbmtZeDFVRDhWN2Z6ZWJlbjV1ZXBhLzNBb3lxM0NncFJRUHhHMDJCMUN1b21PMwpOVEJxMTg0UjF6T1l1YWRUSHBYemJZNm5GYy9HZjhkc21WT3ovK2RPUllBRmxvTk5xTUpxQjRrRUcvRVV3T3Y5CjlRWTlsTTRRWU44dXFFNGJjZncvWi9TTzd5cUxVRzNPM3pSODV5L0VnclE3L0p1RE4wZnJUTnFzU2tVUVhVT2wKckNRY1ZsOFp0NUsvTlBMcEZXYmRpVkFYdnJoVVl2Z2Y0dlJBT3BIcCtiL0hQV0VjcVVQTzAvcFFTN2JYVkFidwpQbjhKVk5iczhBSDdZTldjeWpzR01icjVPZktBV1BnMUM4T0toUUpLbUR0QTZIb1NYaEh6Uk8yNVdQMlVyK2U0CmNZN1lJZW10ZUE3bmJLSDZEZXowRlRLMzNLNDhCQ29jZktUWTdFZXhaTVdwSUs1bmpQamxIamxwS3R3TENUUHMKNnFhSlJqbjdQQ2M1REpsTEJ4dXhCZXlaSU5HZ2xCWWFLa2dtMVJWeXU5R1p2ZGtDQVBreTlROFRNTnZsTFEwcQpSaU96ZWhtNEI2NXdkdEVvN2dVQXNWTUp2OGdacndJREFRQUJBb0lDQUFKVCt3SE5iUnA3c28zenpnYm1zWlNOCldpSFkyYWxwSHFmWHBOSmdWTkR4aTZUQ3Q0ZFRsaHNPbC9jZXR6RE8wc09tS3cvcDhDT1RQWklCR05KRE9tSXAKS0hqelp6Zjl3aVBsNHBKdERRK3dtRkFYQ0l0ZUhQM25RNzRaN0xnZUNSWFc2c2FJWHc2dkFFbFYwcytETHZvZApiUHZUdVNYUlp4MHRRWEVpaC93VUlVU2pSeE16OE5GaFg3MENmeTF5VTI2NU1rTFYyVXY2Z3M4N2o4UmJEZjlBCnBhWnFKNWp6NUJTYTVsaHl5cFpZQ3pVam9NMm5meTF5OE9BOVZIaDl5SGMxYjFMMmtzYlJBQTJQalBoRjF4bHUKeVE5OUs3Qk9nUEg4VGROVDZVSms1UXNQcE5mR1V0U2hEZkR2a1RNNjZkZlcwTFc2cVJtWlBJdlpUVERkM0J2SwpCN1NnOUs3bXZCbVlsNEpMM05pZXBJVjkvNEVPRzZsNi9QaGxUR0JVRUdrTmdNQ2dTaWxyc05qU2E4ZW9SZHdzCm40VmN5enNWeWZYaGFSTVBFTklLVWZJTmFuenpYRkY2ZFRyd3Azelo0RDNhVzNLdWltYUxJR0hCNXZZaGRFTGoKUE9PQVVXRkVXUjMxMVFMZ3hUUm53aStnRUNlMmhPVmNyUkZVcjhDdlVrWWRUT0FGQzdjUnBOUW5rSVdQNU1QbQpXZkRvM2dZRnkyZU45NGR1MHBzTzVabzlHMm5UMlpiTjl1d0FCMk1ibk91R0xiWVRFbWpHdVRIUVc5Uzd6TFBzCnJMUmtVdndvYWE4cVBmaGc4SWw2ak1mcG5heUdETnU1S2tVV05KcGFZaGp5Y2l6SkVGUjVicTF6UU1QZjE2Qk0KdVloWVMySEhuS1VhdFRmZ3hyNmxBb0lCQVFEa0E3UlB2MURtNmxKTXYzaUU0K1FRYzUyTDdueUJHc3FueEVzdwo1Ly9PN2gvd2ZMMkd4VzFzRXcrSUNDd1VmVjNwZjBqWEl2dktjM3V0YXByWjc2Tk5uWnJJU0syYnFCamZpc2VrCk9vMWRlRlQvNlVaOGxhOWVDMFF3UlVWMWdmZ1I2K0VCayttUDJjSWpJRDVKbkx1b1lLSFNwenRmZG15UEUrODUKVUtXRU5rR1BsN200aStqTzRwWUhYQXdhZVFkU2NSbjVPdVUyY3FBTkZVbmpRbmtQNnp6U2tJVkNUaFNGVkpUYgplZEpIOFNwbW9YL0IzL3VVSm9vVGFvWXQwb1V4NnJsR0xqTDhadUx0TUlVU1J0WUJNd2JuMDVQQkZ0cStuaitlClVtWEJqUEgxbURRN0tlWG1yZHlldHYzQWRUQjdjWUhMZW1GL0lNL1g5N3Brb2twVEFvSUJBUUMxOTJheDhReTkKWGkrNmlVNDIzTEx1R3p3a3EwNlVHeVdSMlBHM3pCeDlHRU5KNS9rV0FrSUdPWjlSMG1xOGRuTnJOeitROTFlawp4QlFJS0xGZzEvMVFWZ2VOMEw3TVJySWxSelBsa2NZYUkrNDFhbktKYUpsd3BMaDEza0RmdzRMUXpOLzhDcElrCk9KajBZWFpNNkpSbHlmTE5jQ1pURFBKVjY0R24vaFNDZ3RISndaRk9MdWZsalIzSVpQbEphcHBTNlNRUDBkVDYKeExmUEsyUWZGR251UTBETitsQjdPVTJMT3d4enF0UldsYWFjTnpOU3B0cUJ2NzMvVFFoQ1l5eVc0RnBReER4Vgo3MzJWZ0tvWVQ3dElpZFF5Z2NrWnp0NnFhRUNVQ0o3UmtuUVNyZDEvUHBITDBrdXkxNDIxc0VLdkUyWVpON21WCkNGYVlzRGdqb0orMUFvSUJBUURFckpGT0xEYUxSMWkvekhRWEpEN25GZUt4L1g2MUdiZnQ1N24zc0ZXTlZ3YUQKdUFUK2g3S3ZndTFscDY3bDZaRWt3OTYvZXZSMmx3LzU4RGNyZnJGOFZGSmJLWjFkNHl1NVBncWdGTVUwOTROUgp6aFEzaUNGZzNCVHdFZ0Fzc0hPYWVieDJVUEFvWFd0QVF5S1crak0vdEVKQTRuQ3JFZ25uakFsUGhjbU85Z0dzCjZ2R09SbGdFZzV0bk03Vlk3RVl0alZNYkQvci84UFV1ODhyczFMeDV4NjJKN3BDVE5hZ3JyVjVNeFpKazdaZG0KT1MxcXZGbFRXNzdEcXFHY1NyY0s3R3p0SlJKamRoZU5BY24yanRVdTZhV3VOMmgrSjhsOG5DRkIzYzdabVVwbgpUZWJYbFhjeGQ0d1I5c04veTFXTFZNZmhER21tYjFYMzhqMTdhaVR6QW9JQkFGN0VLTXlWSURCakkvSSszZWYrCmlvVXMwK2E0L0tSdmV1SjVISEcvTURzSjdzbEhzVlovK0lpcmE4aStEKzUwdGVscGpZWmUrbHNKN3ZETTJJdjYKRUtmTkZnUUthY09UTWVYdUxoM3FERVRDMzZVYitlaUwvQlZKQS9RR3VyeU9Zc3VCVjBrNDdDRkhCSW1KVklYNwpQb1hBWmQ0T0FUZVJiNGZGcmZHaWhtWHQ0WG4wZ0VzNmJIVUZTRFI4T2NPOWEvK3dBYUxuZ2NiVHVuSi9RNVpZCkdFOEk0WEFrWTlPNDVTU1VyUWgwT0QrYmtuaWEydlM1aHVTNXlpWnlwTkdHT3N1Y3JneVFGbWdlNE1XQ2k1TTcKdXVxdE5VRFVqTG9QSGJHYnQ3NGd1eTJqMnlWN1BQYXV6RmxjL1NWMzB3cURjRWNqa0RHajd0ZXB6d2VZQnJTdgpTMTBDZ2dFQUNqSHBrZE5VZkdzOGZnN0x4WDlFcURRZjY4SkhIblBscTQ1azFwN0U4UExmRytFVWNIMnUzekRzCjhmZDByTHAwb2Z3VEhONUNPMmhJVWhCVC9UU0poQ1VaOTZ2ZlRyeXVVWVJjdjZ2NkEvaW1OdFQ3MEQ0ZkZ0cXoKWnB3Si9GNzFwdVlJTmtwSEpteWIvSHdIZmxEdURyVkRjMFF3VmY2WkFPcE9QbnhzM0VHUElqNGdVcDFYMEdVcAp1TERCdVJtR0RFNEVKYUhYUjFHemM0YkduZVlUV0FnY1IxQ2MrbThuWnR3a2dxQWVia0ZtaXFmZDBPOGNkUDlUCkZKWjNSbkRJZHBCYmw0b0hJS0NiTWY0M2pkdlZnM2RTb0hwUTlXUkZ1MEhVQURqenJUS2Z5c0JLMFM3WnlZRmEKc1RoOGJ6QU01YXpBWlZSeHNTbXJiSm95VFRZM3pBPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
+kind: Secret
+metadata:
+ creationTimestamp: null
+ name: loxilb-ssl
+ namespace: kube-system
+type: Opaque
diff --git a/cicd/k3s-flannel-loxilb-ingress/kube-loxilb.yml b/cicd/k3s-flannel-loxilb-ingress/kube-loxilb.yml
new file mode 100644
index 00000000..93a52b37
--- /dev/null
+++ b/cicd/k3s-flannel-loxilb-ingress/kube-loxilb.yml
@@ -0,0 +1,133 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: kube-loxilb
+ namespace: kube-system
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: kube-loxilb
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - get
+ - watch
+ - list
+ - patch
+ - apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - get
+ - watch
+ - list
+ - patch
+ - apiGroups:
+ - ""
+ resources:
+ - endpoints
+ - services
+ - services/status
+ verbs:
+ - get
+ - watch
+ - list
+ - patch
+ - update
+ - apiGroups:
+ - discovery.k8s.io
+ resources:
+ - endpointslices
+ verbs:
+ - get
+ - watch
+ - list
+ - apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+ - apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: kube-loxilb
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: kube-loxilb
+subjects:
+ - kind: ServiceAccount
+ name: kube-loxilb
+ namespace: kube-system
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: kube-loxilb
+ namespace: kube-system
+ labels:
+ app: kube-loxilb-app
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: kube-loxilb-app
+ template:
+ metadata:
+ labels:
+ app: kube-loxilb-app
+ spec:
+ hostNetwork: true
+ dnsPolicy: ClusterFirstWithHostNet
+ tolerations:
+ - effect: NoSchedule
+ operator: Exists
+ # Mark the pod as a critical add-on for rescheduling.
+ - key: CriticalAddonsOnly
+ operator: Exists
+ - effect: NoExecute
+ operator: Exists
+ priorityClassName: system-node-critical
+ serviceAccountName: kube-loxilb
+ terminationGracePeriodSeconds: 0
+ containers:
+ - name: kube-loxilb
+ image: ghcr.io/loxilb-io/kube-loxilb:latest
+ imagePullPolicy: Always
+ command:
+ - /bin/kube-loxilb
+ args:
+ - --loxiURL=http://192.168.80.9:11111
+ - --externalCIDR=192.168.80.9/32
+ #- --zone=aws
+ #- --setBGP=64512
+ #- --setRoles=0.0.0.0
+ #- --extBGPPeers=192.168.90.9:64511
+ #- --monitor
+ #- --setLBMode=1
+ #- --config=/opt/loxilb/agent/kube-loxilb.conf
+ resources:
+ requests:
+ cpu: "100m"
+ memory: "50Mi"
+ limits:
+ cpu: "100m"
+ memory: "50Mi"
+ securityContext:
+ privileged: true
+ capabilities:
+ add: ["NET_ADMIN", "NET_RAW"]
diff --git a/cicd/k3s-flannel-loxilb-ingress/loxilb.sh b/cicd/k3s-flannel-loxilb-ingress/loxilb.sh
new file mode 100644
index 00000000..74e66ae9
--- /dev/null
+++ b/cicd/k3s-flannel-loxilb-ingress/loxilb.sh
@@ -0,0 +1,13 @@
+export LOXILB_IP=$(ip a |grep global | grep -v '10.0.2.15' | grep -v '192.168.80' | awk '{print $2}' | cut -f1 -d '/')
+
+apt-get update
+apt-get install -y software-properties-common
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
+add-apt-repository -y "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
+apt-get update
+apt-get install -y docker-ce
+docker run -u root --cap-add SYS_ADMIN --restart unless-stopped --privileged -dit -v /dev/log:/dev/log --net=host --name loxilb ghcr.io/loxilb-io/loxilb:latest
+echo alias loxicmd=\"sudo docker exec -it loxilb loxicmd\" >> ~/.bashrc
+echo alias loxilb=\"sudo docker exec -it loxilb \" >> ~/.bashrc
+
+echo $LOXILB_IP > /vagrant/loxilb-ip
diff --git a/cicd/k3s-flannel-loxilb-ingress/master.sh b/cicd/k3s-flannel-loxilb-ingress/master.sh
new file mode 100755
index 00000000..e78fce62
--- /dev/null
+++ b/cicd/k3s-flannel-loxilb-ingress/master.sh
@@ -0,0 +1,15 @@
+export MASTER_IP=$(ip a |grep global | grep -v '10.0.2.15' | grep '192.168.80' | awk '{print $2}' | cut -f1 -d '/')
+
+curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--disable traefik --disable servicelb --node-ip=${MASTER_IP}" sh -
+
+echo $MASTER_IP > /vagrant/master-ip
+sudo cp /var/lib/rancher/k3s/server/node-token /vagrant/node-token
+sudo sed -i -e "s/127.0.0.1/${MASTER_IP}/g" /etc/rancher/k3s/k3s.yaml
+sudo cp /etc/rancher/k3s/k3s.yaml /vagrant/k3s.yaml
+sudo kubectl apply -f /vagrant/kube-loxilb.yml
+sudo kubectl apply -f /vagrant/ingress/loxilb-secret.yml
+sudo kubectl apply -f /vagrant/ingress/loxilb-ingress-deploy.yml
+sudo kubectl apply -f /vagrant/ingress/loxilb-ingress-svc.yml
+sudo kubectl apply -f /vagrant/ingress/loxilb-ingress.yml
+sleep 30
+/vagrant/wait_ready.sh
diff --git a/cicd/k3s-flannel-loxilb-ingress/rmconfig.sh b/cicd/k3s-flannel-loxilb-ingress/rmconfig.sh
new file mode 100755
index 00000000..f157b24b
--- /dev/null
+++ b/cicd/k3s-flannel-loxilb-ingress/rmconfig.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+vagrant destroy -f master
+vagrant destroy -f loxilb
diff --git a/cicd/k3s-flannel-loxilb-ingress/validation.sh b/cicd/k3s-flannel-loxilb-ingress/validation.sh
new file mode 100755
index 00000000..296b29f1
--- /dev/null
+++ b/cicd/k3s-flannel-loxilb-ingress/validation.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+source ../common.sh
+echo k3s-loxi-ingress
+
+if [ "$1" ]; then
+ KUBECONFIG="$1"
+fi
+
+# Set space as the delimiter
+IFS=' '
+
+sleep 45
+
+echo "Service Info"
+vagrant ssh master -c 'sudo kubectl get svc -A'
+echo "Ingress Info"
+vagrant ssh master -c 'sudo kubectl get ingress -A'
+echo "LB Info"
+vagrant ssh loxilb -c 'sudo docker exec -i loxilb loxicmd get lb -o wide'
+echo "EP Info"
+vagrant ssh loxilb -c 'sudo docker exec -i loxilb loxicmd get ep -o wide'
+
+print_debug_info() {
+ echo "llb1 route-info"
+ vagrant ssh loxilb -c 'ip route'
+ vagrant ssh master -c 'sudo kubectl get pods -A'
+ vagrant ssh master -c 'sudo kubectl get svc'
+ vagrant ssh master -c 'sudo kubectl get nodes'
+}
+
+out=$(curl -s --connect-timeout 30 -H "Application/json" -H "Content-type: application/json" -H "HOST: loxilb.io" --insecure https://192.168.80.9:443)
+if [[ ${out} == *"Welcome to nginx"* ]]; then
+ echo "k3s-loxi-ingress tcp [OK]"
+else
+ echo "k3s-loxi-ingress tcp [FAILED]"
+ print_debug_info
+ exit 1
+fi
+
+exit
diff --git a/cicd/k3s-flannel-loxilb-ingress/wait_ready.sh b/cicd/k3s-flannel-loxilb-ingress/wait_ready.sh
new file mode 100755
index 00000000..3736a1ba
--- /dev/null
+++ b/cicd/k3s-flannel-loxilb-ingress/wait_ready.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+function wait_cluster_ready_full {
+ sudo kubectl wait pod --all --for=condition=Ready --namespace=kube-system --timeout=240s
+ sudo kubectl wait pod --all --for=condition=Ready --namespace=default --timeout=60s
+}
+
+wait_cluster_ready_full
diff --git a/cicd/k3s-incluster/common.sh b/cicd/k3s-incluster/common.sh
index b82f6e0e..ea119602 100644
--- a/cicd/k3s-incluster/common.sh
+++ b/cicd/k3s-incluster/common.sh
@@ -536,8 +536,8 @@ function create_lb_rule() {
echo "$1: loxicmd create lb ${args[*]}"
$dexec $1 loxicmd create lb ${args[*]}
- hook=$($dexec llb1 ntc filter show dev eth0 ingress | grep tc_packet_hook)
- if [[ $hook != *"tc_packet_hook"* ]]; then
+ hook=$($dexec llb1 tc filter show dev eth0 ingress | grep tc_packet_func)
+ if [[ $hook != *"tc_packet_func"* ]]; then
echo "ERROR : No hook point found";
exit 1
fi
diff --git a/cicd/k3s-rabbitmq-incluster/Vagrantfile b/cicd/k3s-rabbitmq-incluster/Vagrantfile
new file mode 100644
index 00000000..fc1347f4
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/Vagrantfile
@@ -0,0 +1,51 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+workers = (ENV['WORKERS'] || "3").to_i
+box_name = (ENV['VAGRANT_BOX'] || "sysnet4admin/Ubuntu-k8s")
+box_version = "0.7.1"
+Vagrant.configure("2") do |config|
+ config.vm.box = "#{box_name}"
+ config.vm.box_version = "#{box_version}"
+
+ if Vagrant.has_plugin?("vagrant-vbguest")
+ config.vbguest.auto_update = false
+ end
+
+ config.vm.define "host" do |host|
+ host.vm.hostname = 'host'
+ host.vm.network :private_network, ip: "192.168.80.9", :netmask => "255.255.255.0"
+ host.vm.network :private_network, ip: "192.168.90.9", :netmask => "255.255.255.0"
+ host.vm.provision :shell, :path => "host.sh"
+ host.vm.provider :virtualbox do |vbox|
+ vbox.memory = "4096"
+ vbox.cpus = "8"
+ vbox.default_nic_type = "virtio"
+ end
+ end
+
+ config.vm.define "master" do |master|
+ master.vm.hostname = 'master'
+ master.vm.network :private_network, ip: "192.168.80.10", :netmask => "255.255.255.0"
+ master.vm.provision :shell, :path => "master.sh"
+ master.vm.provider :virtualbox do |vbox|
+ vbox.memory = "4096"
+ vbox.cpus = "4"
+ vbox.default_nic_type = "virtio"
+ end
+ end
+
+ (1..workers).each do |node_number|
+ config.vm.define "worker#{node_number}" do |worker|
+ worker.vm.hostname = "worker#{node_number}"
+ ip = node_number + 100
+ worker.vm.network :private_network, ip: "192.168.80.#{ip}", :netmask => "255.255.255.0"
+ worker.vm.provision :shell, :path => "worker.sh"
+ worker.vm.provider :virtualbox do |vbox|
+ vbox.memory = "4096"
+ vbox.cpus = "4"
+ vbox.default_nic_type = "virtio"
+ end
+ end
+ end
+end
diff --git a/cicd/k3s-rabbitmq-incluster/config.sh b/cicd/k3s-rabbitmq-incluster/config.sh
new file mode 100755
index 00000000..6b8ee48e
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/config.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+vagrant global-status | grep -i virtualbox | cut -f 1 -d ' ' | xargs -L 1 vagrant destroy -f
+vagrant up
diff --git a/cicd/k3s-rabbitmq-incluster/grafana.yaml b/cicd/k3s-rabbitmq-incluster/grafana.yaml
new file mode 100644
index 00000000..b41ec540
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/grafana.yaml
@@ -0,0 +1,84 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: grafana-pvc
+spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 1Gi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app: grafana
+ name: grafana
+spec:
+ selector:
+ matchLabels:
+ app: grafana
+ template:
+ metadata:
+ labels:
+ app: grafana
+ spec:
+ securityContext:
+ fsGroup: 472
+ supplementalGroups:
+ - 0
+ containers:
+ - name: grafana
+ image: grafana/grafana:9.1.0
+ imagePullPolicy: IfNotPresent
+ ports:
+ - containerPort: 3000
+ name: http-grafana
+ protocol: TCP
+ readinessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /robots.txt
+ port: 3000
+ scheme: HTTP
+ initialDelaySeconds: 10
+ periodSeconds: 30
+ successThreshold: 1
+ timeoutSeconds: 2
+ livenessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ successThreshold: 1
+ tcpSocket:
+ port: 3000
+ timeoutSeconds: 1
+ resources:
+ requests:
+ cpu: 250m
+ memory: 750Mi
+ volumeMounts:
+ - mountPath: /var/lib/grafana
+ name: grafana-pv
+ volumes:
+ - name: grafana-pv
+ persistentVolumeClaim:
+ claimName: grafana-pvc
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: grafana
+spec:
+ ports:
+ - port: 3000
+ protocol: TCP
+ targetPort: http-grafana
+ selector:
+ app: grafana
+ sessionAffinity: None
+ type: LoadBalancer
+ externalTrafficPolicy: Local
+ loadBalancerClass: loxilb.io/loxilb
diff --git a/cicd/k3s-rabbitmq-incluster/host.sh b/cicd/k3s-rabbitmq-incluster/host.sh
new file mode 100644
index 00000000..f29d40e7
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/host.sh
@@ -0,0 +1,10 @@
+apt-get update
+apt-get install -y software-properties-common
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
+add-apt-repository -y "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
+apt-get update
+apt-get install -y docker-ce
+
+#curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
+#add-apt-repository -y "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
+apt-get install -y iperf iperf3
diff --git a/cicd/k3s-rabbitmq-incluster/install_cilium.sh b/cicd/k3s-rabbitmq-incluster/install_cilium.sh
new file mode 100755
index 00000000..7206c022
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/install_cilium.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+#Install Cilium
+CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/master/stable.txt)
+CLI_ARCH=amd64
+if [ "$(uname -m)" = "aarch64" ]; then CLI_ARCH=arm64; fi
+curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}
+sha256sum --check cilium-linux-${CLI_ARCH}.tar.gz.sha256sum
+sudo tar xzvfC cilium-linux-${CLI_ARCH}.tar.gz /usr/local/bin
+rm cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}
+mkdir -p ~/.kube/
+sudo cat /etc/rancher/k3s/k3s.yaml > ~/.kube/config
+cilium install
diff --git a/cicd/k3s-rabbitmq-incluster/iperf-service.yml b/cicd/k3s-rabbitmq-incluster/iperf-service.yml
new file mode 100644
index 00000000..1d23f273
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/iperf-service.yml
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: iperf-service
+ annotations:
+ loxilb.io/lbmode: "onearm"
+spec:
+ externalTrafficPolicy: Local
+ loadBalancerClass: loxilb.io/loxilb
+ selector:
+ what: perf-test
+ ports:
+ - port: 55001
+ targetPort: 5001
+ type: LoadBalancer
+---
+apiVersion: v1
+kind: Pod
+metadata:
+ name: iperf1
+ labels:
+ what: perf-test
+spec:
+ containers:
+ - name: iperf
+ image: eyes852/ubuntu-iperf-test:0.5
+ command:
+ - iperf
+ - "-s"
+ ports:
+ - containerPort: 5001
+
diff --git a/cicd/k3s-rabbitmq-incluster/k3s.yaml b/cicd/k3s-rabbitmq-incluster/k3s.yaml
new file mode 100644
index 00000000..546f1c3f
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/k3s.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+clusters:
+- cluster:
+ certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkakNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUzTVRBNE1qWXhOVEl3SGhjTk1qUXdNekU1TURVeU9URXlXaGNOTXpRd016RTNNRFV5T1RFeQpXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUzTVRBNE1qWXhOVEl3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFRcjhwZm83akZnSUN1WkZlVkdCZVRrc01PdElZWjZidWVVYVFBc1BLbU0KTGVYbm9Uc1JzRFJ5Wi92Vmw1NzNZZHNHeTYxSHh1WFN3bTNPUFhvS25DKzFvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVVltWTVuMnhPdUpmNEgvUmt5aDJwCnpPaDE4K3d3Q2dZSUtvWkl6ajBFQXdJRFJ3QXdSQUlnSnUvbVRlUk9qeC8rdGdNckxQdC9NMmF0a1RqRUw3NkkKU2xQV0N3eEticlVDSUhRZFZEQVJGVWtPd1ZNNEppdVhTaG5JYkt1OXJBNzdocXZBdlZ0ZFEzWEMKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+ server: https://192.168.80.10:6443
+ name: default
+contexts:
+- context:
+ cluster: default
+ user: default
+ name: default
+current-context: default
+kind: Config
+preferences: {}
+users:
+- name: default
+ user:
+ client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJrRENDQVRlZ0F3SUJBZ0lJRUk5Tm02SXBsdzB3Q2dZSUtvWkl6ajBFQXdJd0l6RWhNQjhHQTFVRUF3d1kKYXpOekxXTnNhV1Z1ZEMxallVQXhOekV3T0RJMk1UVXlNQjRYRFRJME1ETXhPVEExTWpreE1sb1hEVEkxTURNeApPVEExTWpreE1sb3dNREVYTUJVR0ExVUVDaE1PYzNsemRHVnRPbTFoYzNSbGNuTXhGVEFUQmdOVkJBTVRESE41CmMzUmxiVHBoWkcxcGJqQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJONlJVVGVwcnZBRkNuN2EKcDZndmRUMmxPN1MrWXd3bTZ3em45T2xXcWw4ZnJqNTgwcktEWVNxVmFCdkxUL2IrZytBL0pQRUV6TXFscWdYTwpGYWo0TElTalNEQkdNQTRHQTFVZER3RUIvd1FFQXdJRm9EQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBakFmCkJnTlZIU01FR0RBV2dCVGRNaERoRUZQOEdlMVBSblh4d2hWcGltUHZYakFLQmdncWhrak9QUVFEQWdOSEFEQkUKQWlBaGNVd1d3WE1iRGZaVkE2NHVSemhweDR5dmg0UUNEM0ZZa2YwQkwwQ2FlZ0lnTmZ4enArenUxWk5PZWpoTAo2d3ZXVXhuekZpQ2xZYUpzNDVrcCt6ZFJuME09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdFkyeHAKWlc1MExXTmhRREUzTVRBNE1qWXhOVEl3SGhjTk1qUXdNekU1TURVeU9URXlXaGNOTXpRd016RTNNRFV5T1RFeQpXakFqTVNFd0h3WURWUVFEREJock0zTXRZMnhwWlc1MExXTmhRREUzTVRBNE1qWXhOVEl3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFUTUoxd1ZOcEIwS0N6MWx5bWhRRGc3UDhRSGxGcHBUOHc5blFCWGYyeGQKMWtTb2RyS3RvSzlQYTJtelNiWFNtei9acTBpQk94SkY3aTdyT3BhQzZXUHdvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVTNUSVE0UkJUL0JudFQwWjE4Y0lWCmFZcGo3MTR3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQUlRN3ZNVldZNkMxaVdLakIzNEYzdVZFQS9GSVpKVVAKRWM1bEFLS0JSWW8vQWlBbUFVVnQzRkRrSEYreFhJWUlzenBscWVDNWZ0Y0g1azJDaFFrbXFZaThXQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+ client-key-data: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSU9KamZxUm90eWRLd0poQkY5SHJlTG1RNExSYVp2NFFiRXp0K0I0WnBTeWNvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFM3BGUk42bXU4QVVLZnRxbnFDOTFQYVU3dEw1akRDYnJET2YwNlZhcVh4K3VQbnpTc29OaApLcFZvRzh0UDl2NkQ0RDhrOFFUTXlxV3FCYzRWcVBnc2hBPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
diff --git a/cicd/k3s-rabbitmq-incluster/kube-loxilb.yml b/cicd/k3s-rabbitmq-incluster/kube-loxilb.yml
new file mode 100644
index 00000000..f6d54ad8
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/kube-loxilb.yml
@@ -0,0 +1,130 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: kube-loxilb
+ namespace: kube-system
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: kube-loxilb
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - get
+ - watch
+ - list
+ - patch
+ - apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - get
+ - watch
+ - list
+ - patch
+ - apiGroups:
+ - ""
+ resources:
+ - endpoints
+ - services
+ - services/status
+ verbs:
+ - get
+ - watch
+ - list
+ - patch
+ - update
+ - apiGroups:
+ - discovery.k8s.io
+ resources:
+ - endpointslices
+ verbs:
+ - get
+ - watch
+ - list
+ - apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+ - apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: kube-loxilb
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: kube-loxilb
+subjects:
+ - kind: ServiceAccount
+ name: kube-loxilb
+ namespace: kube-system
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: kube-loxilb
+ namespace: kube-system
+ labels:
+ app: loxilb
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: loxilb
+ template:
+ metadata:
+ labels:
+ app: loxilb
+ spec:
+ hostNetwork: true
+ tolerations:
+ - effect: NoSchedule
+ operator: Exists
+ # Mark the pod as a critical add-on for rescheduling.
+ - key: CriticalAddonsOnly
+ operator: Exists
+ - effect: NoExecute
+ operator: Exists
+ priorityClassName: system-node-critical
+ serviceAccountName: kube-loxilb
+ terminationGracePeriodSeconds: 0
+ containers:
+ - name: kube-loxilb
+ image: ghcr.io/loxilb-io/kube-loxilb:latest
+ imagePullPolicy: Always
+ command:
+ - /bin/kube-loxilb
+ args:
+ #- --loxiURL=http://192.168.80.9:11111
+ - --externalCIDR=192.168.80.20/32
+ - --setRoles=0.0.0.0
+ #- --monitor
+ #- --setBGP
+ - --setLBMode=1
+ #- --config=/opt/loxilb/agent/kube-loxilb.conf
+ resources:
+ requests:
+ cpu: "100m"
+ memory: "50Mi"
+ limits:
+ cpu: "100m"
+ memory: "50Mi"
+ securityContext:
+ privileged: true
+ capabilities:
+ add: ["NET_ADMIN", "NET_RAW"]
diff --git a/cicd/k3s-rabbitmq-incluster/loxilb.sh b/cicd/k3s-rabbitmq-incluster/loxilb.sh
new file mode 100644
index 00000000..74e66ae9
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/loxilb.sh
@@ -0,0 +1,13 @@
+export LOXILB_IP=$(ip a |grep global | grep -v '10.0.2.15' | grep -v '192.168.80' | awk '{print $2}' | cut -f1 -d '/')
+
+apt-get update
+apt-get install -y software-properties-common
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
+add-apt-repository -y "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
+apt-get update
+apt-get install -y docker-ce
+docker run -u root --cap-add SYS_ADMIN --restart unless-stopped --privileged -dit -v /dev/log:/dev/log --net=host --name loxilb ghcr.io/loxilb-io/loxilb:latest
+echo alias loxicmd=\"sudo docker exec -it loxilb loxicmd\" >> ~/.bashrc
+echo alias loxilb=\"sudo docker exec -it loxilb \" >> ~/.bashrc
+
+echo $LOXILB_IP > /vagrant/loxilb-ip
diff --git a/cicd/k3s-rabbitmq-incluster/loxilb.yml b/cicd/k3s-rabbitmq-incluster/loxilb.yml
new file mode 100644
index 00000000..30cf81d9
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/loxilb.yml
@@ -0,0 +1,77 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: loxilb-lb
+ namespace: kube-system
+ labels:
+ app: loxilb-app
+spec:
+ selector:
+ matchLabels:
+ app: loxilb-app
+ template:
+ metadata:
+ labels:
+ app: loxilb-app
+ spec:
+ hostNetwork: true
+ dnsPolicy: ClusterFirstWithHostNet
+ tolerations:
+ - key: "node-role.kubernetes.io/master"
+ operator: Exists
+ - key: "node-role.kubernetes.io/control-plane"
+ operator: Exists
+ #affinity:
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: "node-role.kubernetes.io/master"
+ # operator: Exists
+ # - key: "node-role.kubernetes.io/control-plane"
+ # operator: Exists
+ priorityClassName: system-node-critical
+ serviceAccountName: kube-loxilb
+ containers:
+ - name: loxilb-lb
+ image: "ghcr.io/loxilb-io/loxilb:latest"
+ imagePullPolicy: Always
+ #command: [ "/root/loxilb-io/loxilb/loxilb", "--egr-hooks", "--blacklist=cni.|veth.|flannel.|cali.|tunl.|vxlan[.]calico", "--ipvs-compat", "--k8s-api=cluster" ]
+ command: [ "/root/loxilb-io/loxilb/loxilb", "--ipvs-compat"]
+ ports:
+ - containerPort: 11111
+ - containerPort: 179
+ - containerPort: 50051
+ securityContext:
+ privileged: true
+ capabilities:
+ add:
+ - SYS_ADMIN
+ env:
+ - name: MY_NODE_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.hostIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: loxilb-lb-service
+ namespace: kube-system
+spec:
+ clusterIP: None
+ selector:
+ app: loxilb-app
+ ports:
+ - name: loxilb-app
+ port: 11111
+ targetPort: 11111
+ protocol: TCP
+ - name: loxilb-app-bgp
+ port: 179
+ targetPort: 179
+ protocol: TCP
+ - name: loxilb-app-gobgp
+ port: 50051
+ targetPort: 50051
+ protocol: TCP
diff --git a/cicd/k3s-rabbitmq-incluster/manifests/cilium-ippool.yaml b/cicd/k3s-rabbitmq-incluster/manifests/cilium-ippool.yaml
new file mode 100644
index 00000000..5dd56500
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/manifests/cilium-ippool.yaml
@@ -0,0 +1,7 @@
+apiVersion: "cilium.io/v2alpha1"
+kind: CiliumLoadBalancerIPPool
+metadata:
+ name: "lb-pool"
+spec:
+ cidrs:
+ - cidr: "192.168.80.20/24"
diff --git a/cicd/k3s-rabbitmq-incluster/manifests/cilium-policy.yaml b/cicd/k3s-rabbitmq-incluster/manifests/cilium-policy.yaml
new file mode 100644
index 00000000..b155ad31
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/manifests/cilium-policy.yaml
@@ -0,0 +1,9 @@
+apiVersion: "cilium.io/v2alpha1"
+kind: CiliumL2AnnouncementPolicy
+metadata:
+ name: basic-policy
+spec:
+ interfaces:
+ - eth1
+ externalIPs: true
+ loadBalancerIPs: true
diff --git a/cicd/k3s-rabbitmq-incluster/manifests/iperf-service-loxilb.yml b/cicd/k3s-rabbitmq-incluster/manifests/iperf-service-loxilb.yml
new file mode 100644
index 00000000..1d23f273
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/manifests/iperf-service-loxilb.yml
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: iperf-service
+ annotations:
+ loxilb.io/lbmode: "onearm"
+spec:
+ externalTrafficPolicy: Local
+ loadBalancerClass: loxilb.io/loxilb
+ selector:
+ what: perf-test
+ ports:
+ - port: 55001
+ targetPort: 5001
+ type: LoadBalancer
+---
+apiVersion: v1
+kind: Pod
+metadata:
+ name: iperf1
+ labels:
+ what: perf-test
+spec:
+ containers:
+ - name: iperf
+ image: eyes852/ubuntu-iperf-test:0.5
+ command:
+ - iperf
+ - "-s"
+ ports:
+ - containerPort: 5001
+
diff --git a/cicd/k3s-rabbitmq-incluster/manifests/iperf-service-metallb.yml b/cicd/k3s-rabbitmq-incluster/manifests/iperf-service-metallb.yml
new file mode 100644
index 00000000..066c796e
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/manifests/iperf-service-metallb.yml
@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: iperf-service
+spec:
+ externalTrafficPolicy: Local
+ selector:
+ what: perf-test
+ ports:
+ - port: 55001
+ targetPort: 5001
+ type: LoadBalancer
+---
+apiVersion: v1
+kind: Pod
+metadata:
+ name: iperf1
+ labels:
+ what: perf-test
+spec:
+ containers:
+ - name: iperf
+ image: eyes852/ubuntu-iperf-test:0.5
+ command:
+ - iperf
+ - "-s"
+ ports:
+ - containerPort: 5001
+
diff --git a/cicd/k8s-calico-incluster/yaml/kube-loxilb.yml b/cicd/k3s-rabbitmq-incluster/manifests/kube-loxilb.yml
similarity index 93%
rename from cicd/k8s-calico-incluster/yaml/kube-loxilb.yml
rename to cicd/k3s-rabbitmq-incluster/manifests/kube-loxilb.yml
index 3d8478c4..9357b17b 100644
--- a/cicd/k8s-calico-incluster/yaml/kube-loxilb.yml
+++ b/cicd/k3s-rabbitmq-incluster/manifests/kube-loxilb.yml
@@ -92,7 +92,6 @@ spec:
app: loxilb
spec:
hostNetwork: true
- dnsPolicy: ClusterFirstWithHostNet
tolerations:
- effect: NoSchedule
operator: Exists
@@ -111,10 +110,8 @@ spec:
command:
- /bin/kube-loxilb
args:
- #- --loxiURL=http://192.168.80.10:11111
- - --externalCIDR=123.123.123.1/24
- - --setBGP=64512
- - --listenBGPPort=1791
+ #- --loxiURL=http://192.168.80.9:11111
+ - --externalCIDR=192.168.80.20/32
- --setRoles=0.0.0.0
#- --monitor
#- --setBGP
diff --git a/cicd/k3s-rabbitmq-incluster/manifests/loxilb.yml b/cicd/k3s-rabbitmq-incluster/manifests/loxilb.yml
new file mode 100644
index 00000000..cd783e48
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/manifests/loxilb.yml
@@ -0,0 +1,67 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: loxilb-lb
+ namespace: kube-system
+ labels:
+ app: loxilb-app
+spec:
+ selector:
+ matchLabels:
+ app: loxilb-app
+ template:
+ metadata:
+ labels:
+ app: loxilb-app
+ spec:
+ hostNetwork: true
+ dnsPolicy: ClusterFirstWithHostNet
+ tolerations:
+ - key: "node-role.kubernetes.io/master"
+ operator: Exists
+ - key: "node-role.kubernetes.io/control-plane"
+ operator: Exists
+ priorityClassName: system-node-critical
+ serviceAccountName: kube-loxilb
+ containers:
+ - name: loxilb-lb
+ image: "ghcr.io/loxilb-io/loxilb:latest"
+ imagePullPolicy: Always
+ command: [ "/root/loxilb-io/loxilb/loxilb", "--egr-hooks", "--blacklist=cni.|veth.|flannel.|cali.|tunl.|vxlan[.]calico", "--ipvs-compat", "--k8s-api=cluster" ]
+ ports:
+ - containerPort: 11111
+ - containerPort: 179
+ - containerPort: 50051
+ securityContext:
+ privileged: true
+ capabilities:
+ add:
+ - SYS_ADMIN
+ env:
+ - name: MY_NODE_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.hostIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: loxilb-lb-service
+ namespace: kube-system
+spec:
+ clusterIP: None
+ selector:
+ app: loxilb-app
+ ports:
+ - name: loxilb-app
+ port: 11111
+ targetPort: 11111
+ protocol: TCP
+ - name: loxilb-app-bgp
+ port: 179
+ targetPort: 179
+ protocol: TCP
+ - name: loxilb-app-gobgp
+ port: 50051
+ targetPort: 50051
+ protocol: TCP
diff --git a/cicd/k3s-rabbitmq-incluster/manifests/metallb-addr-pool.yml b/cicd/k3s-rabbitmq-incluster/manifests/metallb-addr-pool.yml
new file mode 100644
index 00000000..ea7d2ba4
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/manifests/metallb-addr-pool.yml
@@ -0,0 +1,8 @@
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+ name: cheap
+ namespace: metallb-system
+spec:
+ addresses:
+ - 192.168.80.20/32
diff --git a/cicd/k3s-rabbitmq-incluster/manifests/metallb-native.yaml b/cicd/k3s-rabbitmq-incluster/manifests/metallb-native.yaml
new file mode 100644
index 00000000..f8a80308
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/manifests/metallb-native.yaml
@@ -0,0 +1,2042 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ labels:
+ pod-security.kubernetes.io/audit: privileged
+ pod-security.kubernetes.io/enforce: privileged
+ pod-security.kubernetes.io/warn: privileged
+ name: metallb-system
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.11.1
+ creationTimestamp: null
+ name: addresspools.metallb.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGWlRDQ0EwMmdBd0lCQWdJVU5GRW1XcTM3MVpKdGkrMmlSQzk1WmpBV1MxZ3dEUVlKS29aSWh2Y05BUUVMDQpCUUF3UWpFTE1Ba0dBMVVFQmhNQ1dGZ3hGVEFUQmdOVkJBY01ERVJsWm1GMWJIUWdRMmwwZVRFY01Cb0dBMVVFDQpDZ3dUUkdWbVlYVnNkQ0JEYjIxd1lXNTVJRXgwWkRBZUZ3MHlNakEzTVRrd09UTXlNek5hRncweU1qQTRNVGd3DQpPVE15TXpOYU1FSXhDekFKQmdOVkJBWVRBbGhZTVJVd0V3WURWUVFIREF4RVpXWmhkV3gwSUVOcGRIa3hIREFhDQpCZ05WQkFvTUUwUmxabUYxYkhRZ1EyOXRjR0Z1ZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDDQpEd0F3Z2dJS0FvSUNBUUNxVFpxMWZRcC9vYkdlenhES0o3OVB3Ny94azJwellualNzMlkzb1ZYSm5sRmM4YjVlDQpma2ZZQnY2bndscW1keW5PL2phWFBaQmRQSS82aFdOUDBkdVhadEtWU0NCUUpyZzEyOGNXb3F0MGNTN3pLb1VpDQpvcU1tQ0QvRXVBeFFNZjhRZDF2c1gvVllkZ0poVTZBRXJLZEpIaXpFOUJtUkNkTDBGMW1OVW55Rk82UnRtWFZUDQpidkxsTDVYeTc2R0FaQVBLOFB4aVlDa0NtbDdxN0VnTWNiOXlLWldCYmlxQ3VkTXE5TGJLNmdKNzF6YkZnSXV4DQo1L1pXK2JraTB2RlplWk9ZODUxb1psckFUNzJvMDI4NHNTWW9uN0pHZVZkY3NoUnh5R1VpSFpSTzdkaXZVTDVTDQpmM2JmSDFYbWY1ZDQzT0NWTWRuUUV2NWVaOG8zeWVLa3ZrbkZQUGVJMU9BbjdGbDlFRVNNR2dhOGFaSG1URSttDQpsLzlMSmdDYjBnQmtPT0M0WnV4bWh2aERKV1EzWnJCS3pMQlNUZXN0NWlLNVlwcXRWVVk2THRyRW9FelVTK1lsDQpwWndXY2VQWHlHeHM5ZURsR3lNVmQraW15Y3NTU1UvVno2Mmx6MnZCS21NTXBkYldDQWhud0RsRTVqU2dyMjRRDQp0eGNXLys2N3d5KzhuQlI3UXdqVTFITndVRjBzeERWdEwrZ1NHVERnSEVZSlhZelYvT05zMy94TkpoVFNPSkxNDQpoeXNVdyttaGdackdhbUdXcHVIVU1DUitvTWJzMTc1UkcrQjJnUFFHVytPTjJnUTRyOXN2b0ZBNHBBQm8xd1dLDQpRYjRhY3pmeVVscElBOVFoSmFsZEY3S3dPSHVlV3gwRUNrNXg0T2tvVDBvWVp0dzFiR0JjRGtaSmF3SURBUUFCDQpvMU13VVRBZEJnTlZIUTRFRmdRVW90UlNIUm9IWTEyRFZ4R0NCdEhpb1g2ZmVFQXdId1lEVlIwakJCZ3dGb0FVDQpvdFJTSFJvSFkxMkRWeEdDQnRIaW9YNmZlRUF3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCDQpBUXNGQUFPQ0FnRUFSbkpsWWRjMTFHd0VxWnh6RDF2R3BDR2pDN2VWTlQ3aVY1d3IybXlybHdPYi9aUWFEa0xYDQpvVStaOVVXT1VlSXJTdzUydDdmQUpvVVAwSm5iYkMveVIrU1lqUGhvUXNiVHduOTc2ZldBWTduM3FMOXhCd1Y0DQphek41OXNjeUp0dlhMeUtOL2N5ak1ReDRLajBIMFg0bWJ6bzVZNUtzWWtYVU0vOEFPdWZMcEd0S1NGVGgrSEFDDQpab1Q5YnZHS25adnNHd0tYZFF0Wnh0akhaUjVqK3U3ZGtQOTJBT051RFNabS8rWVV4b2tBK09JbzdSR3BwSHNXDQo1ZTdNY0FTVXRtb1FORXd6dVFoVkJaRWQ1OGtKYjUrV0VWbGNzanlXNnRTbzErZ25tTWNqR1BsMWgxR2hVbjV4DQpFY0lWRnBIWXM5YWo1NmpBSjk1MVQvZjhMaWxmTlVnanBLQ0c1bnl0SUt3emxhOHNtdGlPdm1UNEpYbXBwSkI2DQo4bmdHRVluVjUrUTYwWFJ2OEhSSGp1VG9CRHVhaERrVDA2R1JGODU1d09FR2V4bkZpMXZYWUxLVllWb1V2MXRKDQo4dVdUR1pwNllDSVJldlBqbzg5ZytWTlJSaVFYUThJd0dybXE5c0RoVTlqTjA0SjdVL1RvRDFpNHE3VnlsRUc5DQorV1VGNkNLaEdBeTJIaEhwVncyTGFoOS9lUzdZMUZ1YURrWmhPZG1laG1BOCtqdHNZamJadnR5Mm1SWlF0UUZzDQpUU1VUUjREbUR2bVVPRVRmeStpRHdzK2RkWXVNTnJGeVVYV2dkMnpBQU4ydVl1UHFGY2pRcFNPODFzVTJTU3R3DQoxVzAyeUtYOGJEYmZFdjBzbUh3UzliQnFlSGo5NEM1Mjg0YXpsdTBmaUdpTm1OUEM4ckJLRmhBPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==
+ service:
+ name: webhook-service
+ namespace: metallb-system
+ path: /convert
+ conversionReviewVersions:
+ - v1alpha1
+ - v1beta1
+ group: metallb.io
+ names:
+ kind: AddressPool
+ listKind: AddressPoolList
+ plural: addresspools
+ singular: addresspool
+ scope: Namespaced
+ versions:
+ - deprecated: true
+ deprecationWarning: metallb.io v1alpha1 AddressPool is deprecated
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: AddressPool is the Schema for the addresspools API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: AddressPoolSpec defines the desired state of AddressPool.
+ properties:
+ addresses:
+ description: A list of IP address ranges over which MetalLB has authority.
+ You can list multiple ranges in a single pool, they will all share
+ the same settings. Each range can be either a CIDR prefix, or an
+ explicit start-end range of IPs.
+ items:
+ type: string
+ type: array
+ autoAssign:
+ default: true
+ description: AutoAssign flag used to prevent MetallB from automatic
+ allocation for a pool.
+ type: boolean
+ bgpAdvertisements:
+ description: When an IP is allocated from this pool, how should it
+ be translated into BGP announcements?
+ items:
+ properties:
+ aggregationLength:
+ default: 32
+ description: The aggregation-length advertisement option lets
+ you “roll up” the /32s into a larger prefix.
+ format: int32
+ minimum: 1
+ type: integer
+ aggregationLengthV6:
+ default: 128
+ description: Optional, defaults to 128 (i.e. no aggregation)
+ if not specified.
+ format: int32
+ type: integer
+ communities:
+ description: BGP communities
+ items:
+ type: string
+ type: array
+ localPref:
+ description: BGP LOCAL_PREF attribute which is used by BGP best
+ path algorithm, Path with higher localpref is preferred over
+ one with lower localpref.
+ format: int32
+ type: integer
+ type: object
+ type: array
+ protocol:
+ description: Protocol can be used to select how the announcement is
+ done.
+ enum:
+ - layer2
+ - bgp
+ type: string
+ required:
+ - addresses
+ - protocol
+ type: object
+ status:
+ description: AddressPoolStatus defines the observed state of AddressPool.
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - deprecated: true
+ deprecationWarning: metallb.io v1beta1 AddressPool is deprecated, consider using
+ IPAddressPool
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: AddressPool represents a pool of IP addresses that can be allocated
+ to LoadBalancer services. AddressPool is deprecated and being replaced by
+ IPAddressPool.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: AddressPoolSpec defines the desired state of AddressPool.
+ properties:
+ addresses:
+ description: A list of IP address ranges over which MetalLB has authority.
+ You can list multiple ranges in a single pool, they will all share
+ the same settings. Each range can be either a CIDR prefix, or an
+ explicit start-end range of IPs.
+ items:
+ type: string
+ type: array
+ autoAssign:
+ default: true
+ description: AutoAssign flag used to prevent MetallB from automatic
+ allocation for a pool.
+ type: boolean
+ bgpAdvertisements:
+ description: Drives how an IP allocated from this pool should translated
+ into BGP announcements.
+ items:
+ properties:
+ aggregationLength:
+ default: 32
+ description: The aggregation-length advertisement option lets
+ you “roll up” the /32s into a larger prefix.
+ format: int32
+ minimum: 1
+ type: integer
+ aggregationLengthV6:
+ default: 128
+ description: Optional, defaults to 128 (i.e. no aggregation)
+ if not specified.
+ format: int32
+ type: integer
+ communities:
+ description: BGP communities to be associated with the given
+ advertisement.
+ items:
+ type: string
+ type: array
+ localPref:
+ description: BGP LOCAL_PREF attribute which is used by BGP best
+ path algorithm, Path with higher localpref is preferred over
+ one with lower localpref.
+ format: int32
+ type: integer
+ type: object
+ type: array
+ protocol:
+ description: Protocol can be used to select how the announcement is
+ done.
+ enum:
+ - layer2
+ - bgp
+ type: string
+ required:
+ - addresses
+ - protocol
+ type: object
+ status:
+ description: AddressPoolStatus defines the observed state of AddressPool.
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.11.1
+ creationTimestamp: null
+ name: bfdprofiles.metallb.io
+spec:
+ group: metallb.io
+ names:
+ kind: BFDProfile
+ listKind: BFDProfileList
+ plural: bfdprofiles
+ singular: bfdprofile
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.passiveMode
+ name: Passive Mode
+ type: boolean
+ - jsonPath: .spec.transmitInterval
+ name: Transmit Interval
+ type: integer
+ - jsonPath: .spec.receiveInterval
+ name: Receive Interval
+ type: integer
+ - jsonPath: .spec.detectMultiplier
+ name: Multiplier
+ type: integer
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: BFDProfile represents the settings of the bfd session that can
+ be optionally associated with a BGP session.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: BFDProfileSpec defines the desired state of BFDProfile.
+ properties:
+ detectMultiplier:
+ description: Configures the detection multiplier to determine packet
+ loss. The remote transmission interval will be multiplied by this
+ value to determine the connection loss detection timer.
+ format: int32
+ maximum: 255
+ minimum: 2
+ type: integer
+ echoInterval:
+ description: Configures the minimal echo receive transmission interval
+ that this system is capable of handling in milliseconds. Defaults
+ to 50ms
+ format: int32
+ maximum: 60000
+ minimum: 10
+ type: integer
+ echoMode:
+ description: Enables or disables the echo transmission mode. This
+ mode is disabled by default, and not supported on multi hops setups.
+ type: boolean
+ minimumTtl:
+ description: 'For multi hop sessions only: configure the minimum expected
+ TTL for an incoming BFD control packet.'
+ format: int32
+ maximum: 254
+ minimum: 1
+ type: integer
+ passiveMode:
+ description: 'Mark session as passive: a passive session will not
+ attempt to start the connection and will wait for control packets
+ from peer before it begins replying.'
+ type: boolean
+ receiveInterval:
+ description: The minimum interval that this system is capable of receiving
+ control packets in milliseconds. Defaults to 300ms.
+ format: int32
+ maximum: 60000
+ minimum: 10
+ type: integer
+ transmitInterval:
+ description: The minimum transmission interval (less jitter) that
+ this system wants to use to send BFD control packets in milliseconds.
+ Defaults to 300ms
+ format: int32
+ maximum: 60000
+ minimum: 10
+ type: integer
+ type: object
+ status:
+ description: BFDProfileStatus defines the observed state of BFDProfile.
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.11.1
+ creationTimestamp: null
+ name: bgpadvertisements.metallb.io
+spec:
+ group: metallb.io
+ names:
+ kind: BGPAdvertisement
+ listKind: BGPAdvertisementList
+ plural: bgpadvertisements
+ singular: bgpadvertisement
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.ipAddressPools
+ name: IPAddressPools
+ type: string
+ - jsonPath: .spec.ipAddressPoolSelectors
+ name: IPAddressPool Selectors
+ type: string
+ - jsonPath: .spec.peers
+ name: Peers
+ type: string
+ - jsonPath: .spec.nodeSelectors
+ name: Node Selectors
+ priority: 10
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: BGPAdvertisement allows to advertise the IPs coming from the
+ selected IPAddressPools via BGP, setting the parameters of the BGP Advertisement.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: BGPAdvertisementSpec defines the desired state of BGPAdvertisement.
+ properties:
+ aggregationLength:
+ default: 32
+ description: The aggregation-length advertisement option lets you
+ “roll up” the /32s into a larger prefix. Defaults to 32. Works for
+ IPv4 addresses.
+ format: int32
+ minimum: 1
+ type: integer
+ aggregationLengthV6:
+ default: 128
+ description: The aggregation-length advertisement option lets you
+ “roll up” the /128s into a larger prefix. Defaults to 128. Works
+ for IPv6 addresses.
+ format: int32
+ type: integer
+ communities:
+ description: The BGP communities to be associated with the announcement.
+ Each item can be a standard community of the form 1234:1234, a large
+ community of the form large:1234:1234:1234 or the name of an alias
+ defined in the Community CRD.
+ items:
+ type: string
+ type: array
+ ipAddressPoolSelectors:
+ description: A selector for the IPAddressPools which would get advertised
+ via this advertisement. If no IPAddressPool is selected by this
+ or by the list, the advertisement is applied to all the IPAddressPools.
+ items:
+ description: A label selector is a label query over a set of resources.
+ The result of matchLabels and matchExpressions are ANDed. An empty
+ label selector matches all objects. A null label selector matches
+ no objects.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ ipAddressPools:
+ description: The list of IPAddressPools to advertise via this advertisement,
+ selected by name.
+ items:
+ type: string
+ type: array
+ localPref:
+ description: The BGP LOCAL_PREF attribute which is used by BGP best
+ path algorithm, Path with higher localpref is preferred over one
+ with lower localpref.
+ format: int32
+ type: integer
+ nodeSelectors:
+ description: NodeSelectors allows to limit the nodes to announce as
+ next hops for the LoadBalancer IP. When empty, all the nodes having are
+ announced as next hops.
+ items:
+ description: A label selector is a label query over a set of resources.
+ The result of matchLabels and matchExpressions are ANDed. An empty
+ label selector matches all objects. A null label selector matches
+ no objects.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ peers:
+ description: Peers limits the bgppeer to advertise the ips of the
+ selected pools to. When empty, the loadbalancer IP is announced
+ to all the BGPPeers configured.
+ items:
+ type: string
+ type: array
+ type: object
+ status:
+ description: BGPAdvertisementStatus defines the observed state of BGPAdvertisement.
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.11.1
+ creationTimestamp: null
+ name: bgppeers.metallb.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGWlRDQ0EwMmdBd0lCQWdJVU5GRW1XcTM3MVpKdGkrMmlSQzk1WmpBV1MxZ3dEUVlKS29aSWh2Y05BUUVMDQpCUUF3UWpFTE1Ba0dBMVVFQmhNQ1dGZ3hGVEFUQmdOVkJBY01ERVJsWm1GMWJIUWdRMmwwZVRFY01Cb0dBMVVFDQpDZ3dUUkdWbVlYVnNkQ0JEYjIxd1lXNTVJRXgwWkRBZUZ3MHlNakEzTVRrd09UTXlNek5hRncweU1qQTRNVGd3DQpPVE15TXpOYU1FSXhDekFKQmdOVkJBWVRBbGhZTVJVd0V3WURWUVFIREF4RVpXWmhkV3gwSUVOcGRIa3hIREFhDQpCZ05WQkFvTUUwUmxabUYxYkhRZ1EyOXRjR0Z1ZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDDQpEd0F3Z2dJS0FvSUNBUUNxVFpxMWZRcC9vYkdlenhES0o3OVB3Ny94azJwellualNzMlkzb1ZYSm5sRmM4YjVlDQpma2ZZQnY2bndscW1keW5PL2phWFBaQmRQSS82aFdOUDBkdVhadEtWU0NCUUpyZzEyOGNXb3F0MGNTN3pLb1VpDQpvcU1tQ0QvRXVBeFFNZjhRZDF2c1gvVllkZ0poVTZBRXJLZEpIaXpFOUJtUkNkTDBGMW1OVW55Rk82UnRtWFZUDQpidkxsTDVYeTc2R0FaQVBLOFB4aVlDa0NtbDdxN0VnTWNiOXlLWldCYmlxQ3VkTXE5TGJLNmdKNzF6YkZnSXV4DQo1L1pXK2JraTB2RlplWk9ZODUxb1psckFUNzJvMDI4NHNTWW9uN0pHZVZkY3NoUnh5R1VpSFpSTzdkaXZVTDVTDQpmM2JmSDFYbWY1ZDQzT0NWTWRuUUV2NWVaOG8zeWVLa3ZrbkZQUGVJMU9BbjdGbDlFRVNNR2dhOGFaSG1URSttDQpsLzlMSmdDYjBnQmtPT0M0WnV4bWh2aERKV1EzWnJCS3pMQlNUZXN0NWlLNVlwcXRWVVk2THRyRW9FelVTK1lsDQpwWndXY2VQWHlHeHM5ZURsR3lNVmQraW15Y3NTU1UvVno2Mmx6MnZCS21NTXBkYldDQWhud0RsRTVqU2dyMjRRDQp0eGNXLys2N3d5KzhuQlI3UXdqVTFITndVRjBzeERWdEwrZ1NHVERnSEVZSlhZelYvT05zMy94TkpoVFNPSkxNDQpoeXNVdyttaGdackdhbUdXcHVIVU1DUitvTWJzMTc1UkcrQjJnUFFHVytPTjJnUTRyOXN2b0ZBNHBBQm8xd1dLDQpRYjRhY3pmeVVscElBOVFoSmFsZEY3S3dPSHVlV3gwRUNrNXg0T2tvVDBvWVp0dzFiR0JjRGtaSmF3SURBUUFCDQpvMU13VVRBZEJnTlZIUTRFRmdRVW90UlNIUm9IWTEyRFZ4R0NCdEhpb1g2ZmVFQXdId1lEVlIwakJCZ3dGb0FVDQpvdFJTSFJvSFkxMkRWeEdDQnRIaW9YNmZlRUF3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCDQpBUXNGQUFPQ0FnRUFSbkpsWWRjMTFHd0VxWnh6RDF2R3BDR2pDN2VWTlQ3aVY1d3IybXlybHdPYi9aUWFEa0xYDQpvVStaOVVXT1VlSXJTdzUydDdmQUpvVVAwSm5iYkMveVIrU1lqUGhvUXNiVHduOTc2ZldBWTduM3FMOXhCd1Y0DQphek41OXNjeUp0dlhMeUtOL2N5ak1ReDRLajBIMFg0bWJ6bzVZNUtzWWtYVU0vOEFPdWZMcEd0S1NGVGgrSEFDDQpab1Q5YnZHS25adnNHd0tYZFF0Wnh0akhaUjVqK3U3ZGtQOTJBT051RFNabS8rWVV4b2tBK09JbzdSR3BwSHNXDQo1ZTdNY0FTVXRtb1FORXd6dVFoVkJaRWQ1OGtKYjUrV0VWbGNzanlXNnRTbzErZ25tTWNqR1BsMWgxR2hVbjV4DQpFY0lWRnBIWXM5YWo1NmpBSjk1MVQvZjhMaWxmTlVnanBLQ0c1bnl0SUt3emxhOHNtdGlPdm1UNEpYbXBwSkI2DQo4bmdHRVluVjUrUTYwWFJ2OEhSSGp1VG9CRHVhaERrVDA2R1JGODU1d09FR2V4bkZpMXZYWUxLVllWb1V2MXRKDQo4dVdUR1pwNllDSVJldlBqbzg5ZytWTlJSaVFYUThJd0dybXE5c0RoVTlqTjA0SjdVL1RvRDFpNHE3VnlsRUc5DQorV1VGNkNLaEdBeTJIaEhwVncyTGFoOS9lUzdZMUZ1YURrWmhPZG1laG1BOCtqdHNZamJadnR5Mm1SWlF0UUZzDQpUU1VUUjREbUR2bVVPRVRmeStpRHdzK2RkWXVNTnJGeVVYV2dkMnpBQU4ydVl1UHFGY2pRcFNPODFzVTJTU3R3DQoxVzAyeUtYOGJEYmZFdjBzbUh3UzliQnFlSGo5NEM1Mjg0YXpsdTBmaUdpTm1OUEM4ckJLRmhBPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==
+ service:
+ name: webhook-service
+ namespace: metallb-system
+ path: /convert
+ conversionReviewVersions:
+ - v1beta1
+ - v1beta2
+ group: metallb.io
+ names:
+ kind: BGPPeer
+ listKind: BGPPeerList
+ plural: bgppeers
+ singular: bgppeer
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.peerAddress
+ name: Address
+ type: string
+ - jsonPath: .spec.peerASN
+ name: ASN
+ type: string
+ - jsonPath: .spec.bfdProfile
+ name: BFD Profile
+ type: string
+ - jsonPath: .spec.ebgpMultiHop
+ name: Multi Hops
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: BGPPeer is the Schema for the peers API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: BGPPeerSpec defines the desired state of Peer.
+ properties:
+ bfdProfile:
+ type: string
+ ebgpMultiHop:
+ description: EBGP peer is multi-hops away
+ type: boolean
+ holdTime:
+ description: Requested BGP hold time, per RFC4271.
+ type: string
+ keepaliveTime:
+ description: Requested BGP keepalive time, per RFC4271.
+ type: string
+ myASN:
+ description: AS number to use for the local end of the session.
+ format: int32
+ maximum: 4294967295
+ minimum: 0
+ type: integer
+ nodeSelectors:
+ description: Only connect to this peer on nodes that match one of
+ these selectors.
+ items:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ minItems: 1
+ type: array
+ required:
+ - key
+ - operator
+ - values
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ type: array
+ password:
+ description: Authentication password for routers enforcing TCP MD5
+ authenticated sessions
+ type: string
+ peerASN:
+ description: AS number to expect from the remote end of the session.
+ format: int32
+ maximum: 4294967295
+ minimum: 0
+ type: integer
+ peerAddress:
+ description: Address to dial when establishing the session.
+ type: string
+ peerPort:
+ description: Port to dial when establishing the session.
+ maximum: 16384
+ minimum: 0
+ type: integer
+ routerID:
+ description: BGP router ID to advertise to the peer
+ type: string
+ sourceAddress:
+ description: Source address to use when establishing the session.
+ type: string
+ required:
+ - myASN
+ - peerASN
+ - peerAddress
+ type: object
+ status:
+ description: BGPPeerStatus defines the observed state of Peer.
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .spec.peerAddress
+ name: Address
+ type: string
+ - jsonPath: .spec.peerASN
+ name: ASN
+ type: string
+ - jsonPath: .spec.bfdProfile
+ name: BFD Profile
+ type: string
+ - jsonPath: .spec.ebgpMultiHop
+ name: Multi Hops
+ type: string
+ name: v1beta2
+ schema:
+ openAPIV3Schema:
+ description: BGPPeer is the Schema for the peers API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: BGPPeerSpec defines the desired state of Peer.
+ properties:
+ bfdProfile:
+ description: The name of the BFD Profile to be used for the BFD session
+ associated to the BGP session. If not set, the BFD session won't
+ be set up.
+ type: string
+ ebgpMultiHop:
+ description: To set if the BGPPeer is multi-hops away. Needed for
+ FRR mode only.
+ type: boolean
+ holdTime:
+ description: Requested BGP hold time, per RFC4271.
+ type: string
+ keepaliveTime:
+ description: Requested BGP keepalive time, per RFC4271.
+ type: string
+ myASN:
+ description: AS number to use for the local end of the session.
+ format: int32
+ maximum: 4294967295
+ minimum: 0
+ type: integer
+ nodeSelectors:
+ description: Only connect to this peer on nodes that match one of
+ these selectors.
+ items:
+ description: A label selector is a label query over a set of resources.
+ The result of matchLabels and matchExpressions are ANDed. An empty
+ label selector matches all objects. A null label selector matches
+ no objects.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ password:
+ description: Authentication password for routers enforcing TCP MD5
+ authenticated sessions
+ type: string
+ passwordSecret:
+ description: passwordSecret is name of the authentication secret for
+ BGP Peer. the secret must be of type "kubernetes.io/basic-auth",
+ and created in the same namespace as the MetalLB deployment. The
+ password is stored in the secret as the key "password".
+ properties:
+ name:
+ description: name is unique within a namespace to reference a
+ secret resource.
+ type: string
+ namespace:
+ description: namespace defines the space within which the secret
+ name must be unique.
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ peerASN:
+ description: AS number to expect from the remote end of the session.
+ format: int32
+ maximum: 4294967295
+ minimum: 0
+ type: integer
+ peerAddress:
+ description: Address to dial when establishing the session.
+ type: string
+ peerPort:
+ default: 179
+ description: Port to dial when establishing the session.
+ maximum: 16384
+ minimum: 0
+ type: integer
+ routerID:
+ description: BGP router ID to advertise to the peer
+ type: string
+ sourceAddress:
+ description: Source address to use when establishing the session.
+ type: string
+ vrf:
+ description: To set if we want to peer with the BGPPeer using an interface
+ belonging to a host vrf
+ type: string
+ required:
+ - myASN
+ - peerASN
+ - peerAddress
+ type: object
+ status:
+ description: BGPPeerStatus defines the observed state of Peer.
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.11.1
+ creationTimestamp: null
+ name: communities.metallb.io
+spec:
+ group: metallb.io
+ names:
+ kind: Community
+ listKind: CommunityList
+ plural: communities
+ singular: community
+ scope: Namespaced
+ versions:
+ - name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Community is a collection of aliases for communities. Users can
+ define named aliases to be used in the BGPPeer CRD.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: CommunitySpec defines the desired state of Community.
+ properties:
+ communities:
+ items:
+ properties:
+ name:
+ description: The name of the alias for the community.
+ type: string
+ value:
+ description: The BGP community value corresponding to the given
+ name. Can be a standard community of the form 1234:1234 or
+ a large community of the form large:1234:1234:1234.
+ type: string
+ type: object
+ type: array
+ type: object
+ status:
+ description: CommunityStatus defines the observed state of Community.
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.11.1
+ creationTimestamp: null
+ name: ipaddresspools.metallb.io
+spec:
+ group: metallb.io
+ names:
+ kind: IPAddressPool
+ listKind: IPAddressPoolList
+ plural: ipaddresspools
+ singular: ipaddresspool
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.autoAssign
+ name: Auto Assign
+ type: boolean
+ - jsonPath: .spec.avoidBuggyIPs
+ name: Avoid Buggy IPs
+ type: boolean
+ - jsonPath: .spec.addresses
+ name: Addresses
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: IPAddressPool represents a pool of IP addresses that can be allocated
+ to LoadBalancer services.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: IPAddressPoolSpec defines the desired state of IPAddressPool.
+ properties:
+ addresses:
+ description: A list of IP address ranges over which MetalLB has authority.
+ You can list multiple ranges in a single pool, they will all share
+ the same settings. Each range can be either a CIDR prefix, or an
+ explicit start-end range of IPs.
+ items:
+ type: string
+ type: array
+ autoAssign:
+ default: true
+ description: AutoAssign flag used to prevent MetallB from automatic
+ allocation for a pool.
+ type: boolean
+ avoidBuggyIPs:
+ default: false
+ description: AvoidBuggyIPs prevents addresses ending with .0 and .255
+ to be used by a pool.
+ type: boolean
+ serviceAllocation:
+ description: AllocateTo makes ip pool allocation to specific namespace
+ and/or service. The controller will use the pool with lowest value
+ of priority in case of multiple matches. A pool with no priority
+ set will be used only if the pools with priority can't be used.
+ If multiple matching IPAddressPools are available it will check
+ for the availability of IPs sorting the matching IPAddressPools
+ by priority, starting from the highest to the lowest. If multiple
+ IPAddressPools have the same priority, choice will be random.
+ properties:
+ namespaceSelectors:
+ description: NamespaceSelectors list of label selectors to select
+ namespace(s) for ip pool, an alternative to using namespace
+ list.
+ items:
+ description: A label selector is a label query over a set of
+ resources. The result of matchLabels and matchExpressions
+ are ANDed. An empty label selector matches all objects. A
+ null label selector matches no objects.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ namespaces:
+ description: Namespaces list of namespace(s) on which ip pool
+ can be attached.
+ items:
+ type: string
+ type: array
+ priority:
+ description: Priority priority given for ip pool while ip allocation
+ on a service.
+ type: integer
+ serviceSelectors:
+ description: ServiceSelectors list of label selector to select
+ service(s) for which ip pool can be used for ip allocation.
+ items:
+ description: A label selector is a label query over a set of
+ resources. The result of matchLabels and matchExpressions
+ are ANDed. An empty label selector matches all objects. A
+ null label selector matches no objects.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values.
+ If the operator is In or NotIn, the values array
+ must be non-empty. If the operator is Exists or
+ DoesNotExist, the values array must be empty. This
+ array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs.
+ A single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is
+ "key", the operator is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ type: object
+ required:
+ - addresses
+ type: object
+ status:
+ description: IPAddressPoolStatus defines the observed state of IPAddressPool.
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.11.1
+ creationTimestamp: null
+ name: l2advertisements.metallb.io
+spec:
+ group: metallb.io
+ names:
+ kind: L2Advertisement
+ listKind: L2AdvertisementList
+ plural: l2advertisements
+ singular: l2advertisement
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.ipAddressPools
+ name: IPAddressPools
+ type: string
+ - jsonPath: .spec.ipAddressPoolSelectors
+ name: IPAddressPool Selectors
+ type: string
+ - jsonPath: .spec.interfaces
+ name: Interfaces
+ type: string
+ - jsonPath: .spec.nodeSelectors
+ name: Node Selectors
+ priority: 10
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: L2Advertisement allows to advertise the LoadBalancer IPs provided
+ by the selected pools via L2.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: L2AdvertisementSpec defines the desired state of L2Advertisement.
+ properties:
+ interfaces:
+ description: A list of interfaces to announce from. The LB IP will
+ be announced only from these interfaces. If the field is not set,
+ we advertise from all the interfaces on the host.
+ items:
+ type: string
+ type: array
+ ipAddressPoolSelectors:
+ description: A selector for the IPAddressPools which would get advertised
+ via this advertisement. If no IPAddressPool is selected by this
+ or by the list, the advertisement is applied to all the IPAddressPools.
+ items:
+ description: A label selector is a label query over a set of resources.
+ The result of matchLabels and matchExpressions are ANDed. An empty
+ label selector matches all objects. A null label selector matches
+ no objects.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ ipAddressPools:
+ description: The list of IPAddressPools to advertise via this advertisement,
+ selected by name.
+ items:
+ type: string
+ type: array
+ nodeSelectors:
+ description: NodeSelectors allows to limit the nodes to announce as
+ next hops for the LoadBalancer IP. When empty, all the nodes having are
+ announced as next hops.
+ items:
+ description: A label selector is a label query over a set of resources.
+ The result of matchLabels and matchExpressions are ANDed. An empty
+ label selector matches all objects. A null label selector matches
+ no objects.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that
+ contains values, a key, and an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the
+ operator is In or NotIn, the values array must be non-empty.
+ If the operator is Exists or DoesNotExist, the values
+ array must be empty. This array is replaced during a
+ strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single
+ {key,value} in the matchLabels map is equivalent to an element
+ of matchExpressions, whose key field is "key", the operator
+ is "In", and the values array contains only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ type: object
+ status:
+ description: L2AdvertisementStatus defines the observed state of L2Advertisement.
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app: metallb
+ name: controller
+ namespace: metallb-system
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app: metallb
+ name: speaker
+ namespace: metallb-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ app: metallb
+ name: controller
+ namespace: metallb-system
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - ""
+ resourceNames:
+ - memberlist
+ resources:
+ - secrets
+ verbs:
+ - list
+- apiGroups:
+ - apps
+ resourceNames:
+ - controller
+ resources:
+ - deployments
+ verbs:
+ - get
+- apiGroups:
+ - metallb.io
+ resources:
+ - bgppeers
+ verbs:
+ - get
+ - list
+- apiGroups:
+ - metallb.io
+ resources:
+ - addresspools
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - metallb.io
+ resources:
+ - bfdprofiles
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - metallb.io
+ resources:
+ - ipaddresspools
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - metallb.io
+ resources:
+ - bgpadvertisements
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - metallb.io
+ resources:
+ - l2advertisements
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - metallb.io
+ resources:
+ - communities
+ verbs:
+ - get
+ - list
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ app: metallb
+ name: pod-lister
+ namespace: metallb-system
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - list
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - metallb.io
+ resources:
+ - addresspools
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - metallb.io
+ resources:
+ - bfdprofiles
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - metallb.io
+ resources:
+ - bgppeers
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - metallb.io
+ resources:
+ - l2advertisements
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - metallb.io
+ resources:
+ - bgpadvertisements
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - metallb.io
+ resources:
+ - ipaddresspools
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - metallb.io
+ resources:
+ - communities
+ verbs:
+ - get
+ - list
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app: metallb
+ name: metallb-system:controller
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - services
+ - namespaces
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - list
+- apiGroups:
+ - ""
+ resources:
+ - services/status
+ verbs:
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+- apiGroups:
+ - policy
+ resourceNames:
+ - controller
+ resources:
+ - podsecuritypolicies
+ verbs:
+ - use
+- apiGroups:
+ - admissionregistration.k8s.io
+ resourceNames:
+ - metallb-webhook-configuration
+ resources:
+ - validatingwebhookconfigurations
+ - mutatingwebhookconfigurations
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - admissionregistration.k8s.io
+ resources:
+ - validatingwebhookconfigurations
+ - mutatingwebhookconfigurations
+ verbs:
+ - list
+ - watch
+- apiGroups:
+ - apiextensions.k8s.io
+ resourceNames:
+ - addresspools.metallb.io
+ - bfdprofiles.metallb.io
+ - bgpadvertisements.metallb.io
+ - bgppeers.metallb.io
+ - ipaddresspools.metallb.io
+ - l2advertisements.metallb.io
+ - communities.metallb.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - list
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app: metallb
+ name: metallb-system:speaker
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - services
+ - endpoints
+ - nodes
+ - namespaces
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - discovery.k8s.io
+ resources:
+ - endpointslices
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+- apiGroups:
+ - policy
+ resourceNames:
+ - speaker
+ resources:
+ - podsecuritypolicies
+ verbs:
+ - use
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ app: metallb
+ name: controller
+ namespace: metallb-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: controller
+subjects:
+- kind: ServiceAccount
+ name: controller
+ namespace: metallb-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ app: metallb
+ name: pod-lister
+ namespace: metallb-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: pod-lister
+subjects:
+- kind: ServiceAccount
+ name: speaker
+ namespace: metallb-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ app: metallb
+ name: metallb-system:controller
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: metallb-system:controller
+subjects:
+- kind: ServiceAccount
+ name: controller
+ namespace: metallb-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ app: metallb
+ name: metallb-system:speaker
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: metallb-system:speaker
+subjects:
+- kind: ServiceAccount
+ name: speaker
+ namespace: metallb-system
+---
+apiVersion: v1
+data:
+ excludel2.yaml: |
+ announcedInterfacesToExclude: ["^docker.*", "^cbr.*", "^dummy.*", "^virbr.*", "^lxcbr.*", "^veth.*", "^lo$", "^cali.*", "^tunl.*", "^flannel.*", "^kube-ipvs.*", "^cni.*", "^nodelocaldns.*"]
+kind: ConfigMap
+metadata:
+ name: metallb-excludel2
+ namespace: metallb-system
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: webhook-server-cert
+ namespace: metallb-system
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: webhook-service
+ namespace: metallb-system
+spec:
+ ports:
+ - port: 443
+ targetPort: 9443
+ selector:
+ component: controller
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app: metallb
+ component: controller
+ name: controller
+ namespace: metallb-system
+spec:
+ revisionHistoryLimit: 3
+ selector:
+ matchLabels:
+ app: metallb
+ component: controller
+ template:
+ metadata:
+ annotations:
+ prometheus.io/port: "7472"
+ prometheus.io/scrape: "true"
+ labels:
+ app: metallb
+ component: controller
+ spec:
+ containers:
+ - args:
+ - --port=7472
+ - --log-level=info
+ env:
+ - name: METALLB_ML_SECRET_NAME
+ value: memberlist
+ - name: METALLB_DEPLOYMENT
+ value: controller
+ image: quay.io/metallb/controller:v0.13.12
+ livenessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /metrics
+ port: monitoring
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ name: controller
+ ports:
+ - containerPort: 7472
+ name: monitoring
+ - containerPort: 9443
+ name: webhook-server
+ protocol: TCP
+ readinessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /metrics
+ port: monitoring
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - all
+ readOnlyRootFilesystem: true
+ volumeMounts:
+ - mountPath: /tmp/k8s-webhook-server/serving-certs
+ name: cert
+ readOnly: true
+ nodeSelector:
+ kubernetes.io/os: linux
+ securityContext:
+ fsGroup: 65534
+ runAsNonRoot: true
+ runAsUser: 65534
+ serviceAccountName: controller
+ terminationGracePeriodSeconds: 0
+ volumes:
+ - name: cert
+ secret:
+ defaultMode: 420
+ secretName: webhook-server-cert
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ labels:
+ app: metallb
+ component: speaker
+ name: speaker
+ namespace: metallb-system
+spec:
+ selector:
+ matchLabels:
+ app: metallb
+ component: speaker
+ template:
+ metadata:
+ annotations:
+ prometheus.io/port: "7472"
+ prometheus.io/scrape: "true"
+ labels:
+ app: metallb
+ component: speaker
+ spec:
+ containers:
+ - args:
+ - --port=7472
+ - --log-level=info
+ env:
+ - name: METALLB_NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: METALLB_HOST
+ valueFrom:
+ fieldRef:
+ fieldPath: status.hostIP
+ - name: METALLB_ML_BIND_ADDR
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ - name: METALLB_ML_LABELS
+ value: app=metallb,component=speaker
+ - name: METALLB_ML_SECRET_KEY_PATH
+ value: /etc/ml_secret_key
+ image: quay.io/metallb/speaker:v0.13.12
+ livenessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /metrics
+ port: monitoring
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ name: speaker
+ ports:
+ - containerPort: 7472
+ name: monitoring
+ - containerPort: 7946
+ name: memberlist-tcp
+ - containerPort: 7946
+ name: memberlist-udp
+ protocol: UDP
+ readinessProbe:
+ failureThreshold: 3
+ httpGet:
+ path: /metrics
+ port: monitoring
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ add:
+ - NET_RAW
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ volumeMounts:
+ - mountPath: /etc/ml_secret_key
+ name: memberlist
+ readOnly: true
+ - mountPath: /etc/metallb
+ name: metallb-excludel2
+ readOnly: true
+ hostNetwork: true
+ nodeSelector:
+ kubernetes.io/os: linux
+ serviceAccountName: speaker
+ terminationGracePeriodSeconds: 2
+ tolerations:
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/master
+ operator: Exists
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/control-plane
+ operator: Exists
+ volumes:
+ - name: memberlist
+ secret:
+ defaultMode: 420
+ secretName: memberlist
+ - configMap:
+ defaultMode: 256
+ name: metallb-excludel2
+ name: metallb-excludel2
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+ creationTimestamp: null
+ name: metallb-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: webhook-service
+ namespace: metallb-system
+ path: /validate-metallb-io-v1beta2-bgppeer
+ failurePolicy: Fail
+ name: bgppeersvalidationwebhook.metallb.io
+ rules:
+ - apiGroups:
+ - metallb.io
+ apiVersions:
+ - v1beta2
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - bgppeers
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: webhook-service
+ namespace: metallb-system
+ path: /validate-metallb-io-v1beta1-addresspool
+ failurePolicy: Fail
+ name: addresspoolvalidationwebhook.metallb.io
+ rules:
+ - apiGroups:
+ - metallb.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - addresspools
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: webhook-service
+ namespace: metallb-system
+ path: /validate-metallb-io-v1beta1-bfdprofile
+ failurePolicy: Fail
+ name: bfdprofilevalidationwebhook.metallb.io
+ rules:
+ - apiGroups:
+ - metallb.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - DELETE
+ resources:
+ - bfdprofiles
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: webhook-service
+ namespace: metallb-system
+ path: /validate-metallb-io-v1beta1-bgpadvertisement
+ failurePolicy: Fail
+ name: bgpadvertisementvalidationwebhook.metallb.io
+ rules:
+ - apiGroups:
+ - metallb.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - bgpadvertisements
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: webhook-service
+ namespace: metallb-system
+ path: /validate-metallb-io-v1beta1-community
+ failurePolicy: Fail
+ name: communityvalidationwebhook.metallb.io
+ rules:
+ - apiGroups:
+ - metallb.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - communities
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: webhook-service
+ namespace: metallb-system
+ path: /validate-metallb-io-v1beta1-ipaddresspool
+ failurePolicy: Fail
+ name: ipaddresspoolvalidationwebhook.metallb.io
+ rules:
+ - apiGroups:
+ - metallb.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - ipaddresspools
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: webhook-service
+ namespace: metallb-system
+ path: /validate-metallb-io-v1beta1-l2advertisement
+ failurePolicy: Fail
+ name: l2advertisementvalidationwebhook.metallb.io
+ rules:
+ - apiGroups:
+ - metallb.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - l2advertisements
+ sideEffects: None
diff --git a/cicd/k3s-rabbitmq-incluster/master.sh b/cicd/k3s-rabbitmq-incluster/master.sh
new file mode 100644
index 00000000..7f6f9171
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/master.sh
@@ -0,0 +1,14 @@
+export MASTER_IP=$(ip a |grep global | grep -v '10.0.2.15' | grep '192.168.80' | awk '{print $2}' | cut -f1 -d '/')
+
+curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--disable traefik --disable servicelb --disable-cloud-controller --kube-proxy-arg proxy-mode=ipvs --flannel-iface=eth1 \
+--disable-network-policy \
+--node-ip=${MASTER_IP} --node-external-ip=${MASTER_IP} \
+--bind-address=${MASTER_IP}" sh -
+
+echo $MASTER_IP > /vagrant/master-ip
+sudo cp /var/lib/rancher/k3s/server/node-token /vagrant/node-token
+sudo cp /etc/rancher/k3s/k3s.yaml /vagrant/k3s.yaml
+sudo sed -i -e "s/127.0.0.1/${MASTER_IP}/g" /vagrant/k3s.yaml
+#sudo kubectl apply -f "https://github.com/rabbitmq/cluster-operator/releases/latest/download/cluster-operator.yml"
+#sudo kubectl apply -f /vagrant/rmq/rabbitmq.yaml
+/vagrant/wait_ready.sh
diff --git a/cicd/k3s-rabbitmq-incluster/master_with_cilium.sh b/cicd/k3s-rabbitmq-incluster/master_with_cilium.sh
new file mode 100644
index 00000000..01ad60b7
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/master_with_cilium.sh
@@ -0,0 +1,29 @@
+export MASTER_IP=$(ip a |grep global | grep -v '10.0.2.15' | grep '192.168.80' | awk '{print $2}' | cut -f1 -d '/')
+
+#curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--disable traefik --disable servicelb --disable-cloud-controller --kube-proxy-arg proxy-mode=ipvs --flannel-iface=eth1 \
+
+curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--disable traefik --disable servicelb --disable-cloud-controller \
+--flannel-backend=none \
+--disable-network-policy \
+--node-ip=${MASTER_IP} --node-external-ip=${MASTER_IP} \
+--bind-address=${MASTER_IP}" sh -
+
+#Install Cilium
+CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/master/stable.txt)
+CLI_ARCH=amd64
+if [ "$(uname -m)" = "aarch64" ]; then CLI_ARCH=arm64; fi
+curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}
+sha256sum --check cilium-linux-${CLI_ARCH}.tar.gz.sha256sum
+sudo tar xzvfC cilium-linux-${CLI_ARCH}.tar.gz /usr/local/bin
+rm cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}
+mkdir -p ~/.kube/
+sudo cat /etc/rancher/k3s/k3s.yaml > ~/.kube/config
+cilium install
+
+echo $MASTER_IP > /vagrant/master-ip
+sudo cp /var/lib/rancher/k3s/server/node-token /vagrant/node-token
+sudo cp /etc/rancher/k3s/k3s.yaml /vagrant/k3s.yaml
+sudo sed -i -e "s/127.0.0.1/${MASTER_IP}/g" /vagrant/k3s.yaml
+#sudo kubectl apply -f "https://github.com/rabbitmq/cluster-operator/releases/latest/download/cluster-operator.yml"
+#sudo kubectl apply -f /vagrant/rmq/rabbitmq.yaml
+/vagrant/wait_ready.sh
diff --git a/cicd/k3s-rabbitmq-incluster/prom_rbac.yaml b/cicd/k3s-rabbitmq-incluster/prom_rbac.yaml
new file mode 100644
index 00000000..967e1436
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/prom_rbac.yaml
@@ -0,0 +1,42 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: prometheus
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: prometheus
+rules:
+- apiGroups: [""]
+ resources:
+ - nodes
+ - nodes/metrics
+ - services
+ - endpoints
+ - pods
+ verbs: ["get", "list", "watch"]
+- apiGroups: [""]
+ resources:
+ - configmaps
+ verbs: ["get"]
+- apiGroups:
+ - networking.k8s.io
+ resources:
+ - ingresses
+ verbs: ["get", "list", "watch"]
+- nonResourceURLs: ["/metrics"]
+ verbs: ["get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: prometheus
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: prometheus
+subjects:
+- kind: ServiceAccount
+ name: prometheus
+ namespace: default
diff --git a/cicd/k3s-rabbitmq-incluster/prom_svc.yaml b/cicd/k3s-rabbitmq-incluster/prom_svc.yaml
new file mode 100644
index 00000000..c6eebe80
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/prom_svc.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: prometheus
+ labels:
+ app: prometheus
+spec:
+ #externalTrafficPolicy: Local
+ #loadBalancerClass: loxilb.io/loxilb
+ #type: LoadBalancer
+ ports:
+ - name: web
+ port: 9090
+ targetPort: web
+ selector:
+ app.kubernetes.io/name: prometheus
+ sessionAffinity: ClientIP
diff --git a/cicd/k3s-rabbitmq-incluster/prometheus.yaml b/cicd/k3s-rabbitmq-incluster/prometheus.yaml
new file mode 100644
index 00000000..c8a2c55b
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/prometheus.yaml
@@ -0,0 +1,21 @@
+apiVersion: monitoring.coreos.com/v1
+kind: Prometheus
+metadata:
+ name: prometheus
+ labels:
+ app: prometheus
+spec:
+ image: quay.io/prometheus/prometheus:v2.22.1
+ nodeSelector:
+ kubernetes.io/os: linux
+ replicas: 3
+ resources:
+ requests:
+ memory: 400Mi
+ securityContext:
+ fsGroup: 2000
+ runAsNonRoot: true
+ runAsUser: 1000
+ serviceAccountName: prometheus
+ version: v2.22.1
+ serviceMonitorSelector: {}
diff --git a/cicd/k3s-rabbitmq-incluster/prometheus_servicemonitor.yaml b/cicd/k3s-rabbitmq-incluster/prometheus_servicemonitor.yaml
new file mode 100644
index 00000000..ea252e6d
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/prometheus_servicemonitor.yaml
@@ -0,0 +1,13 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: prometheus-self
+ labels:
+ app: prometheus
+spec:
+ endpoints:
+ - interval: 5s
+ port: web
+ selector:
+ matchLabels:
+ app: prometheus
diff --git a/cicd/k3s-rabbitmq-incluster/rmconfig.sh b/cicd/k3s-rabbitmq-incluster/rmconfig.sh
new file mode 100755
index 00000000..096e37b7
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/rmconfig.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+vagrant destroy -f worker1
+vagrant destroy -f master
+vagrant destroy -f host
diff --git a/cicd/k3s-rabbitmq-incluster/rmq/client-service.yaml b/cicd/k3s-rabbitmq-incluster/rmq/client-service.yaml
new file mode 100644
index 00000000..c3dfc6bc
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/rmq/client-service.yaml
@@ -0,0 +1,24 @@
+kind: Service
+apiVersion: v1
+metadata:
+ namespace: test-rabbitmq
+ name: rabbitmq-client
+ labels:
+ app: rabbitmq
+ type: LoadBalancer
+spec:
+ type: LoadBalancer
+ loadBalancerClass: loxilb.io/loxilb
+ externalTrafficPolicy: Local
+ ports:
+ - name: http
+ protocol: TCP
+ port: 15672
+ - name: prometheus
+ protocol: TCP
+ port: 15692
+ - name: amqp
+ protocol: TCP
+ port: 5672
+ selector:
+ app: rabbitmq
diff --git a/cicd/k3s-rabbitmq-incluster/rmq/configmap.yaml b/cicd/k3s-rabbitmq-incluster/rmq/configmap.yaml
new file mode 100644
index 00000000..5360b145
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/rmq/configmap.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: rabbitmq-config
+ namespace: test-rabbitmq
+data:
+ enabled_plugins: |
+ [rabbitmq_peer_discovery_k8s, rabbitmq_management, rabbitmq_prometheus].
+ rabbitmq.conf: |
+ cluster_formation.peer_discovery_backend = k8s
+ cluster_formation.k8s.host = kubernetes.default.svc.cluster.local
+ cluster_formation.k8s.address_type = hostname
+ cluster_formation.k8s.service_name = rabbitmq-headless
+
+ queue_master_locator=min-masters
diff --git a/cicd/k3s-rabbitmq-incluster/rmq/headless-service.yaml b/cicd/k3s-rabbitmq-incluster/rmq/headless-service.yaml
new file mode 100644
index 00000000..37b1222d
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/rmq/headless-service.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: rabbitmq-headless
+ namespace: test-rabbitmq
+spec:
+ clusterIP: None
+ ports:
+ - name: epmd
+ port: 4369
+ protocol: TCP
+ targetPort: 4369
+ - name: cluster-rpc
+ port: 25672
+ protocol: TCP
+ targetPort: 25672
+ selector:
+ app: rabbitmq
+ type: ClusterIP
+ sessionAffinity: None
diff --git a/cicd/k3s-rabbitmq-incluster/rmq/namespace.yaml b/cicd/k3s-rabbitmq-incluster/rmq/namespace.yaml
new file mode 100644
index 00000000..e2ef8f8b
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/rmq/namespace.yaml
@@ -0,0 +1,6 @@
+## All resources will be created in this namespace
+## To delete all resources created by this example, simply delete this namespace:
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: test-rabbitmq
diff --git a/cicd/k3s-rabbitmq-incluster/rmq/rabbitmq.yaml b/cicd/k3s-rabbitmq-incluster/rmq/rabbitmq.yaml
new file mode 100644
index 00000000..4e84bb50
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/rmq/rabbitmq.yaml
@@ -0,0 +1,24 @@
+apiVersion: rabbitmq.com/v1beta1
+kind: RabbitmqCluster
+metadata:
+ name: hello-world
+spec:
+ replicas: 3
+ service:
+ type: LoadBalancer
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: "node-role.kubernetes.io/master"
+ operator: DoesNotExist
+ - key: "node-role.kubernetes.io/control-plane"
+ operator: DoesNotExist
+ override:
+ service:
+ spec:
+ loadBalancerClass: loxilb.io/loxilb
+ externalTrafficPolicy: Local
+ ports:
+ - port: 5672
diff --git a/cicd/k3s-rabbitmq-incluster/rmq/rbac.yaml b/cicd/k3s-rabbitmq-incluster/rmq/rbac.yaml
new file mode 100644
index 00000000..6403f39c
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/rmq/rbac.yaml
@@ -0,0 +1,33 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: rabbitmq
+ namespace: test-rabbitmq
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: rabbitmq
+ namespace: test-rabbitmq
+rules:
+- apiGroups: [""]
+ resources: ["endpoints"]
+ verbs: ["get"]
+- apiGroups: [""]
+ resources: ["events"]
+ verbs: ["create"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: rabbitmq
+ namespace: test-rabbitmq
+subjects:
+- kind: ServiceAccount
+ name: rabbitmq
+ namespace: test-rabbitmq
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: rabbitmq
diff --git a/cicd/k3s-rabbitmq-incluster/rmq/statefulset.yaml b/cicd/k3s-rabbitmq-incluster/rmq/statefulset.yaml
new file mode 100644
index 00000000..6422406e
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/rmq/statefulset.yaml
@@ -0,0 +1,142 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: rabbitmq
+ namespace: test-rabbitmq
+spec:
+ selector:
+ matchLabels:
+ app: "rabbitmq"
+ # headless service that gives network identity to the RMQ nodes, and enables them to cluster
+ serviceName: rabbitmq-headless # serviceName is the name of the service that governs this StatefulSet. This service must exist before the StatefulSet, and is responsible for the network identity of the set. Pods get DNS/hostnames that follow the pattern: pod-specific-string.serviceName.default.svc.cluster.local where "pod-specific-string" is managed by the StatefulSet controller.
+ volumeClaimTemplates:
+ - metadata:
+ name: rabbitmq-data
+ namespace: test-rabbitmq
+ spec:
+ storageClassName: standard
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: "3Gi"
+ template:
+ metadata:
+ name: rabbitmq
+ namespace: test-rabbitmq
+ labels:
+ app: rabbitmq
+ spec:
+ initContainers:
+ # Since k8s 1.9.4, config maps mount read-only volumes. Since the Docker image also writes to the config file,
+ # the file must be mounted as read-write. We use init containers to copy from the config map read-only
+ # path, to a read-write path
+ - name: "rabbitmq-config"
+ image: busybox:1.32.0
+ volumeMounts:
+ - name: rabbitmq-config
+ mountPath: /tmp/rabbitmq
+ - name: rabbitmq-config-rw
+ mountPath: /etc/rabbitmq
+ command:
+ - sh
+ - -c
+ # the newline is needed since the Docker image entrypoint scripts appends to the config file
+ - cp /tmp/rabbitmq/rabbitmq.conf /etc/rabbitmq/rabbitmq.conf && echo '' >> /etc/rabbitmq/rabbitmq.conf;
+ cp /tmp/rabbitmq/enabled_plugins /etc/rabbitmq/enabled_plugins
+ volumes:
+ - name: rabbitmq-config
+ configMap:
+ name: rabbitmq-config
+ optional: false
+ items:
+ - key: enabled_plugins
+ path: "enabled_plugins"
+ - key: rabbitmq.conf
+ path: "rabbitmq.conf"
+ # read-write volume into which to copy the rabbitmq.conf and enabled_plugins files
+ # this is needed since the docker image writes to the rabbitmq.conf file
+ # and Kubernetes Config Maps are mounted as read-only since Kubernetes 1.9.4
+ - name: rabbitmq-config-rw
+ emptyDir: {}
+ - name: rabbitmq-data
+ persistentVolumeClaim:
+ claimName: rabbitmq-data
+ serviceAccount: rabbitmq
+ # The Docker image runs as the `rabbitmq` user with uid 999
+ # and writes to the `rabbitmq.conf` file
+ # The security context is needed since the image needs
+ # permission to write to this file. Without the security
+ # context, `rabbitmq.conf` is owned by root and inaccessible
+ # by the `rabbitmq` user
+ securityContext:
+ fsGroup: 999
+ runAsUser: 999
+ runAsGroup: 999
+ containers:
+ - name: rabbitmq
+ # Community Docker Image
+ image: rabbitmq:latest
+ volumeMounts:
+ # mounting rabbitmq.conf and enabled_plugins
+ # this should have writeable access, this might be a problem
+ - name: rabbitmq-config-rw
+ mountPath: "/etc/rabbitmq"
+ # mountPath: "/etc/rabbitmq/conf.d/"
+ # rabbitmq data directory
+ - name: rabbitmq-data
+ mountPath: "/var/lib/rabbitmq/mnesia"
+ env:
+ - name: RABBITMQ_DEFAULT_PASS
+ valueFrom:
+ secretKeyRef:
+ name: rabbitmq-admin
+ key: pass
+ - name: RABBITMQ_DEFAULT_USER
+ valueFrom:
+ secretKeyRef:
+ name: rabbitmq-admin
+ key: user
+ - name: RABBITMQ_ERLANG_COOKIE
+ valueFrom:
+ secretKeyRef:
+ name: erlang-cookie
+ key: cookie
+ ports:
+ - name: amqp
+ containerPort: 5672
+ protocol: TCP
+ - name: management
+ containerPort: 15672
+ protocol: TCP
+ - name: prometheus
+ containerPort: 15692
+ protocol: TCP
+ - name: epmd
+ containerPort: 4369
+ protocol: TCP
+ livenessProbe:
+ exec:
+ # This is just an example. There is no "one true health check" but rather
+ # several rabbitmq-diagnostics commands that can be combined to form increasingly comprehensive
+ # and intrusive health checks.
+ # Learn more at https://www.rabbitmq.com/monitoring.html#health-checks.
+ #
+ # Stage 2 check:
+ command: ["rabbitmq-diagnostics", "status"]
+ initialDelaySeconds: 60
+ # See https://www.rabbitmq.com/monitoring.html for monitoring frequency recommendations.
+ periodSeconds: 60
+ timeoutSeconds: 15
+ readinessProbe: # probe to know when RMQ is ready to accept traffic
+ exec:
+ # This is just an example. There is no "one true health check" but rather
+ # several rabbitmq-diagnostics commands that can be combined to form increasingly comprehensive
+ # and intrusive health checks.
+ # Learn more at https://www.rabbitmq.com/monitoring.html#health-checks.
+ #
+ # Stage 1 check:
+ command: ["rabbitmq-diagnostics", "ping"]
+ initialDelaySeconds: 20
+ periodSeconds: 60
+ timeoutSeconds: 10
diff --git a/cicd/k3s-rabbitmq-incluster/validation.sh b/cicd/k3s-rabbitmq-incluster/validation.sh
new file mode 100755
index 00000000..c96f4ff1
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/validation.sh
@@ -0,0 +1,58 @@
+#!/bin/bash
+source ../common.sh
+echo k3s-flannel-cluster
+
+if [ "$1" ]; then
+ KUBECONFIG="$1"
+fi
+
+# Set space as the delimiter
+IFS=' '
+
+sleep 45
+extIP="123.123.123.1"
+echo $extIP
+
+echo "Service Info"
+vagrant ssh master -c 'sudo kubectl get svc'
+echo "LB Info"
+vagrant ssh loxilb -c 'sudo docker exec -i loxilb loxicmd get lb -o wide'
+echo "EP Info"
+vagrant ssh loxilb -c 'sudo docker exec -i loxilb loxicmd get ep -o wide'
+
+print_debug_info() {
+ echo "llb1 route-info"
+ vagrant ssh loxilb -c 'ip route'
+ vagrant ssh master -c 'sudo kubectl get pods -A'
+ vagrant ssh master -c 'sudo kubectl get svc'
+ vagrant ssh master -c 'sudo kubectl get nodes'
+}
+
+out=$(curl -s --connect-timeout 10 http://$extIP:55002)
+if [[ ${out} == *"Welcome to nginx"* ]]; then
+ echo "k3s-flannel-cluster (kube-loxilb) tcp [OK]"
+else
+ echo "k3s-flannel-cluster (kube-loxilb) tcp [FAILED]"
+ print_debug_info
+ exit 1
+fi
+
+out=$(timeout 10 ../common/udp_client $extIP 55003)
+if [[ ${out} == *"Client"* ]]; then
+ echo "k3s-flannel-cluster (kube-loxilb) udp [OK]"
+else
+ echo "k3s-flannel-cluster (kube-loxilb) udp [FAILED]"
+ print_debug_info
+ exit 1
+fi
+
+out=$(timeout 10 ../common/sctp_client 192.168.90.1 41291 $extIP 55004)
+if [[ ${out} == *"server1"* ]]; then
+ echo "k3s-flannel-cluster (kube-loxilb) sctp [OK]"
+else
+ echo "k3s-flannel-cluster (kube-loxilb) sctp [FAILED]"
+ print_debug_info
+ exit 1
+fi
+
+exit
diff --git a/cicd/k3s-rabbitmq-incluster/wait_ready.sh b/cicd/k3s-rabbitmq-incluster/wait_ready.sh
new file mode 100755
index 00000000..b0e69d01
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/wait_ready.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+function wait_cluster_ready {
+ Res=$(sudo kubectl get pods -A |
+ while IFS= read -r line; do
+ if [[ "$line" != *"Running"* && "$line" != *"READY"* ]]; then
+ echo "$line: not ready"
+ return
+ fi
+ done)
+ if [[ $Res == *"not ready"* ]]; then
+ echo $Res
+ return 1
+ fi
+ return 0
+}
+
+function wait_cluster_ready_full {
+ i=1
+ nr=0
+ for ((;;)) do
+ wait_cluster_ready
+ nr=$?
+ if [[ $nr == 0 ]]; then
+ echo "Cluster is ready"
+ break
+ fi
+ i=$(( $i + 1 ))
+ if [[ $i -ge 40 ]]; then
+ echo "Cluster is not ready.Giving up"
+ exit 1
+ fi
+ echo "Cluster is not ready...."
+ sleep 10
+ done
+}
+
+wait_cluster_ready_full
diff --git a/cicd/k3s-rabbitmq-incluster/worker.sh b/cicd/k3s-rabbitmq-incluster/worker.sh
new file mode 100644
index 00000000..5da2836b
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/worker.sh
@@ -0,0 +1,13 @@
+export WORKER_ADDR=$(ip a |grep global | grep -v '10.0.2.15' | grep '192.168.80' | awk '{print $2}' | cut -f1 -d '/')
+export MASTER_ADDR=$(cat /vagrant/master-ip)
+export NODE_TOKEN=$(cat /vagrant/node-token)
+
+sudo mkdir -p /etc/rancher/k3s
+sudo cp -f /vagrant/k3s.yaml /etc/rancher/k3s/k3s.yaml
+
+curl -sfL https://get.k3s.io | K3S_URL="https://${MASTER_ADDR}:6443" K3S_TOKEN="${NODE_TOKEN}" INSTALL_K3S_EXEC="--node-ip=${WORKER_ADDR} --node-external-ip=${WORKER_ADDR} --kube-proxy-arg proxy-mode=ipvs --flannel-iface=eth1" sh -
+#sudo kubectl apply -f /vagrant/nginx.yml
+#sudo kubectl apply -f /vagrant/udp.yml
+#sudo kubectl apply -f /vagrant/iperf-service.yml
+#sudo kubectl apply -f /vagrant/loxilb.yml
+/vagrant/wait_ready.sh
diff --git a/cicd/k3s-rabbitmq-incluster/worker_with_cilium.sh b/cicd/k3s-rabbitmq-incluster/worker_with_cilium.sh
new file mode 100644
index 00000000..0e7be7c6
--- /dev/null
+++ b/cicd/k3s-rabbitmq-incluster/worker_with_cilium.sh
@@ -0,0 +1,14 @@
+export WORKER_ADDR=$(ip a |grep global | grep -v '10.0.2.15' | grep '192.168.80' | awk '{print $2}' | cut -f1 -d '/')
+export MASTER_ADDR=$(cat /vagrant/master-ip)
+export NODE_TOKEN=$(cat /vagrant/node-token)
+
+sudo mkdir -p /etc/rancher/k3s
+sudo cp -f /vagrant/k3s.yaml /etc/rancher/k3s/k3s.yaml
+curl -sfL https://get.k3s.io | K3S_URL="https://${MASTER_ADDR}:6443" K3S_TOKEN="${NODE_TOKEN}" INSTALL_K3S_EXEC="--node-ip=${WORKER_ADDR} --node-external-ip=${WORKER_ADDR}" sh -
+
+#curl -sfL https://get.k3s.io | K3S_URL="https://${MASTER_ADDR}:6443" K3S_TOKEN="${NODE_TOKEN}" INSTALL_K3S_EXEC="--node-ip=${WORKER_ADDR} --node-external-ip=${WORKER_ADDR} --kube-proxy-arg proxy-mode=ipvs --flannel-iface=eth1" sh -
+#sudo kubectl apply -f /vagrant/nginx.yml
+#sudo kubectl apply -f /vagrant/udp.yml
+#sudo kubectl apply -f /vagrant/iperf-service.yml
+#sudo kubectl apply -f /vagrant/loxilb.yml
+/vagrant/wait_ready.sh
diff --git a/cicd/k8s-calico-incluster/Vagrantfile b/cicd/k8s-calico-incluster/Vagrantfile
index e68faecb..5653a665 100644
--- a/cicd/k8s-calico-incluster/Vagrantfile
+++ b/cicd/k8s-calico-incluster/Vagrantfile
@@ -5,32 +5,29 @@ require "yaml"
settings = YAML.load_file "yaml/settings.yaml"
workers = settings["nodes"]["workers"]["count"]
+loxilbs = (ENV['LOXILBS'] || "2").to_i
Vagrant.configure("2") do |config|
if Vagrant.has_plugin?("vagrant-vbguest")
config.vbguest.auto_update = false
end
-
- config.vm.box = settings["software"]["cluster"]["box"]["name"]
- config.vm.box_version = settings["software"]["cluster"]["box"]["version"]
-
- config.vm.define "host" do |host|
+ config.vm.define "host" do |host|
host.vm.hostname = 'host1'
- host.vm.network :private_network, ip: settings["network"]["client_ip"], :netmask => "255.255.255.0"
+ host.vm.box = settings["software"]["cluster"]["box"]
host.vm.network :private_network, ip: "192.168.80.9", :netmask => "255.255.255.0"
host.vm.network :private_network, ip: "192.168.90.9", :netmask => "255.255.255.0"
host.vm.provision :shell, :path => "node_scripts/host.sh"
host.vm.provider :virtualbox do |vbox|
vbox.customize ["modifyvm", :id, "--memory", 2048]
- vbox.customize ["modifyvm", :id, "--cpus", 1]
+ vbox.customize ["modifyvm", :id, "--cpus", 2]
end
end
config.vm.define "master" do |master|
- master.vm.hostname = 'master1'
+ master.vm.box = settings["software"]["cluster"]["box"]
+ master.vm.hostname = 'master'
master.vm.network :private_network, ip: settings["network"]["control_ip"], :netmask => "255.255.255.0"
- master.vm.network :private_network, ip: settings["network"]["control_ip2"], :netmask => "255.255.255.0"
master.vm.provision "shell",
env: {
"DNS_SERVERS" => settings["network"]["dns_servers"].join(" "),
@@ -50,14 +47,16 @@ Vagrant.configure("2") do |config|
master.vm.provider :virtualbox do |vbox|
vbox.customize ["modifyvm", :id, "--memory", 4096]
- vbox.customize ["modifyvm", :id, "--cpus", 3]
+ vbox.customize ["modifyvm", :id, "--cpus", 2]
+ vbox.customize ["modifyvm", :id, "--nicpromisc2", "allow-all"]
end
end
(1..workers).each do |node_number|
config.vm.define "worker#{node_number}" do |worker|
+ worker.vm.box = settings["software"]["cluster"]["box"]
worker.vm.hostname = "worker#{node_number}"
- ip = node_number + 100
+ ip = node_number + 200
worker.vm.network :private_network, ip: "192.168.80.#{ip}", :netmask => "255.255.255.0"
worker.vm.provision "shell",
env: {
@@ -70,8 +69,9 @@ Vagrant.configure("2") do |config|
worker.vm.provision "shell", path: "node_scripts/worker.sh"
worker.vm.provider :virtualbox do |vbox|
- vbox.customize ["modifyvm", :id, "--memory", 2048]
+ vbox.customize ["modifyvm", :id, "--memory", 4096]
vbox.customize ["modifyvm", :id, "--cpus", 2]
+ vbox.customize ["modifyvm", :id, "--nicpromisc2", "allow-all"]
end
end
end
diff --git a/cicd/k8s-calico-incluster/config.sh b/cicd/k8s-calico-incluster/config.sh
index 5c415494..6abfc021 100755
--- a/cicd/k8s-calico-incluster/config.sh
+++ b/cicd/k8s-calico-incluster/config.sh
@@ -30,8 +30,38 @@ do
sleep 10
done
-# Create fullnat Services
+sudo sysctl net.ipv4.conf.vboxnet1.arp_accept=1
+
+#Create fullnat Service
+vagrant ssh master -c 'kubectl apply -f /vagrant/yaml/tcp_onearm.yml' 2> /dev/null
+vagrant ssh master -c 'kubectl apply -f /vagrant/yaml/udp_onearm.yml' 2> /dev/null
+vagrant ssh master -c 'kubectl apply -f /vagrant/yaml/sctp_onearm.yml' 2> /dev/null
vagrant ssh master -c 'kubectl apply -f /vagrant/yaml/tcp_fullnat.yml' 2> /dev/null
vagrant ssh master -c 'kubectl apply -f /vagrant/yaml/udp_fullnat.yml' 2> /dev/null
vagrant ssh master -c 'kubectl apply -f /vagrant/yaml/sctp_fullnat.yml' 2> /dev/null
-vagrant ssh master -c 'kubectl apply -f /vagrant/yaml/sctp.yml' 2> /dev/null
+
+for((i=1; i<=60; i++))
+do
+ fin=1
+ pods=$(vagrant ssh master -c 'kubectl get pods -A' 2> /dev/null | grep -v "NAMESPACE")
+
+ while IFS= read -a pods; do
+ read -a pod <<< "$pods"
+ if [[ ${pod[3]} != *"Running"* ]]; then
+ echo "${pod[1]} is not UP yet"
+ fin=0
+ fi
+ done <<< "$pods"
+ if [ $fin == 1 ];
+ then
+ echo "Cluster is ready"
+ break;
+ fi
+ echo "Will try after 10s"
+ sleep 10
+done
+
+if [[ $fin == 0 ]]; then
+ echo "Cluster is not ready"
+ exit 1
+fi
diff --git a/cicd/k8s-calico-incluster/node_scripts/common.sh b/cicd/k8s-calico-incluster/node_scripts/common.sh
index cf1e66f1..c01ad688 100644
--- a/cicd/k8s-calico-incluster/node_scripts/common.sh
+++ b/cicd/k8s-calico-incluster/node_scripts/common.sh
@@ -26,7 +26,7 @@ sudo apt-get update -y
# Install CRI-O Runtime
VERSION="$(echo ${KUBERNETES_VERSION} | grep -oE '[0-9]+\.[0-9]+')"
-
+CRIO_VERSION=1.27
# Create the .conf file to load the modules at bootup
cat < /etc/default/kubelet << EOF
diff --git a/cicd/k8s-calico-incluster/node_scripts/host.sh b/cicd/k8s-calico-incluster/node_scripts/host.sh
index c4c22d55..6fbeb164 100755
--- a/cicd/k8s-calico-incluster/node_scripts/host.sh
+++ b/cicd/k8s-calico-incluster/node_scripts/host.sh
@@ -1,10 +1,5 @@
-sudo su
-sudo apt-get install -y lksctp-tools socat
-wget https://github.com/loxilb-io/loxilb/raw/main/cicd/common/sctp_client
-wget https://github.com/loxilb-io/loxilb/raw/main/cicd/common/udp_client
-chmod 777 sctp_client
-chmod 777 udp_client
-echo "123.123.123.1 k8s-svc" >> /etc/hosts
-ifconfig eth2 mtu 1450
-ip route add 123.123.123.0/24 via 192.168.90.10
+# Install Bird to work with k3s
+sudo apt-get update
+sudo apt-get -y install socat lksctp-tools
+
echo "Host is up"
diff --git a/cicd/k8s-calico-incluster/node_scripts/loxilb.sh b/cicd/k8s-calico-incluster/node_scripts/loxilb.sh
index 74e66ae9..6df67208 100644
--- a/cicd/k8s-calico-incluster/node_scripts/loxilb.sh
+++ b/cicd/k8s-calico-incluster/node_scripts/loxilb.sh
@@ -7,7 +7,3 @@ add-apt-repository -y "deb [arch=amd64] https://download.docker.com/linux/ubuntu
apt-get update
apt-get install -y docker-ce
docker run -u root --cap-add SYS_ADMIN --restart unless-stopped --privileged -dit -v /dev/log:/dev/log --net=host --name loxilb ghcr.io/loxilb-io/loxilb:latest
-echo alias loxicmd=\"sudo docker exec -it loxilb loxicmd\" >> ~/.bashrc
-echo alias loxilb=\"sudo docker exec -it loxilb \" >> ~/.bashrc
-
-echo $LOXILB_IP > /vagrant/loxilb-ip
diff --git a/cicd/k8s-calico-incluster/node_scripts/master.sh b/cicd/k8s-calico-incluster/node_scripts/master.sh
index 9d83b513..bcc75785 100644
--- a/cicd/k8s-calico-incluster/node_scripts/master.sh
+++ b/cicd/k8s-calico-incluster/node_scripts/master.sh
@@ -10,14 +10,13 @@ sudo kubeadm config images pull
echo "Preflight Check Passed: Downloaded All Required Images"
-sudo kubeadm init --apiserver-advertise-address=$CONTROL_IP --apiserver-cert-extra-sans=$CONTROL_IP --pod-network-cidr=$POD_CIDR --service-cidr=$SERVICE_CIDR --node-name "$NODENAME" --ignore-preflight-errors Swap
+#sudo kubeadm init --apiserver-advertise-address=$CONTROL_IP --apiserver-cert-extra-sans=$CONTROL_IP --pod-network-cidr=$POD_CIDR --service-cidr=$SERVICE_CIDR --node-name "$NODENAME" --ignore-preflight-errors Swap
+sudo kubeadm init --ignore-preflight-errors Swap --config /vagrant/yaml/kubeadm-config.yaml
mkdir -p "$HOME"/.kube
sudo cp -i /etc/kubernetes/admin.conf "$HOME"/.kube/config
sudo chown "$(id -u)":"$(id -g)" "$HOME"/.kube/config
-curl -sfL https://github.com/loxilb-io/loxilb-ebpf/raw/main/kprobe/install.sh | sh -
-
# Save Configs to shared /Vagrant location
# For Vagrant re-runs, check if there is existing configs in the location and delete it for saving new configuration.
@@ -54,6 +53,6 @@ EOF
kubectl apply -f https://raw.githubusercontent.com/techiescamp/kubeadm-scripts/main/manifests/metrics-server.yaml
# Install loxilb
-kubectl apply -f /vagrant/yaml/loxilb.yml
-kubectl apply -f /vagrant/yaml/loxilb-peer.yml
-kubectl apply -f /vagrant/yaml/kube-loxilb.yml
+curl -sfL https://github.com/loxilb-io/loxilb-ebpf/raw/main/kprobe/install.sh | sh -
+kubectl apply -f /vagrant/yaml/kube-loxilb.yaml
+kubectl apply -f /vagrant/yaml/loxilb.yaml
diff --git a/cicd/k8s-calico-incluster/node_scripts/worker.sh b/cicd/k8s-calico-incluster/node_scripts/worker.sh
index a5754170..f3d4c70e 100644
--- a/cicd/k8s-calico-incluster/node_scripts/worker.sh
+++ b/cicd/k8s-calico-incluster/node_scripts/worker.sh
@@ -16,3 +16,4 @@ sudo chown 1000:1000 /home/vagrant/.kube/config
NODENAME=$(hostname -s)
kubectl label node $(hostname -s) node-role.kubernetes.io/worker=worker
EOF
+curl -sfL https://github.com/loxilb-io/loxilb-ebpf/raw/main/kprobe/install.sh | sh -
diff --git a/cicd/k8s-calico-incluster/udp_client b/cicd/k8s-calico-incluster/udp_client
new file mode 100755
index 00000000..b70cd81f
Binary files /dev/null and b/cicd/k8s-calico-incluster/udp_client differ
diff --git a/cicd/k8s-calico-incluster/validation.sh b/cicd/k8s-calico-incluster/validation.sh
index d1f77ee9..0a0c74b9 100755
--- a/cicd/k8s-calico-incluster/validation.sh
+++ b/cicd/k8s-calico-incluster/validation.sh
@@ -8,7 +8,7 @@ fi
# Set space as the delimiter
IFS=' '
-
+alloc=0
for((i=0; i<120; i++))
do
extLB=$(vagrant ssh master -c 'kubectl get svc' 2> /dev/null | grep "tcp-lb-fullnat")
@@ -19,16 +19,32 @@ do
sleep 1
continue
fi
- if [[ ${strarr[3]} != *"none"* ]]; then
+ if [[ ${strarr[3]} != *"none"* || ${strarr[3]} != *"pending"* ]]; then
extIP="$(cut -d'-' -f2 <<<${strarr[3]})"
+ alloc=1
break
fi
echo "No external LB allocated"
sleep 1
done
+if [[ $alloc != 1 ]]; then
+ echo "No external LB allocated. Check kube-loxilb and loxilb logs"
+ echo "******************************************************************************"
+ vagrant ssh master -c 'kubectl get endpoints -A' 2> /dev/null
+ echo "******************************************************************************"
+ echo -e "\nSVC List"
+ echo "******************************************************************************"
+ vagrant ssh master -c 'kubectl get svc' 2> /dev/null
+ echo "******************************************************************************"
+ echo -e "\nPod List"
+ echo "******************************************************************************"
+ vagrant ssh master -c 'kubectl get pods -A' 2> /dev/null
+ exit 1
+fi
+
## Any routing updates ??
-sleep 30
+#sleep 30
echo Service IP : $extIP
echo -e "\nEnd Points List"
@@ -45,14 +61,15 @@ vagrant ssh master -c 'kubectl get pods -A' 2> /dev/null
echo -e "\nTEST RESULTS"
echo "******************************************************************************"
-mode=( "fullnat" )
-tcp_port=( 57002 )
-udp_port=( 57003 )
-sctp_port=( 57004 )
+mode=( "onearm" "fullnat" )
+tcp_port=( 56002 57002 )
+udp_port=( 56003 57003 )
+sctp_port=( 56004 57004 )
code=0
-for ((i=0;i<1;i++)); do
-out=$(vagrant ssh host -c "curl -s --connect-timeout 10 http://$extIP:${tcp_port[i]}")
-echo $out
+
+for ((i=0;i<=1;i++)); do
+out=$(vagrant ssh host -c "curl -s --connect-timeout 10 http://$extIP:${tcp_port[i]}" 2> /dev/null)
+#echo $out
if [[ ${out} == *"nginx"* ]]; then
echo -e "K8s-calico-incluster TCP\t(${mode[i]})\t[OK]"
else
@@ -60,7 +77,8 @@ else
code=1
fi
-out=$(vagrant ssh host -c "timeout 5 ./udp_client $extIP ${udp_port[i]}")
+out=$(vagrant ssh host -c "timeout 5 /vagrant/udp_client $extIP ${udp_port[i]}" 2> /dev/null)
+#echo $out
if [[ ${out} == *"Client"* ]]; then
echo -e "K8s-calico-incluster UDP\t(${mode[i]})\t[OK]"
else
@@ -68,7 +86,8 @@ else
code=1
fi
-out=$(vagrant ssh host -c "socat -T10 - SCTP:$extIP:${sctp_port[i]},bind=192.168.90.9")
+out=$(vagrant ssh host -c "socat -T10 - SCTP:$extIP:${sctp_port[i]}" 2> /dev/null)
+#echo $out
if [[ ${out} == *"server"* ]]; then
echo -e "K8s-calico-incluster SCTP\t(${mode[i]})\t[OK]"
else
@@ -77,16 +96,4 @@ else
fi
done
-mode=( "default" )
-sctp_port=( 55004 )
-code=0
-
-out=$(vagrant ssh host -c "socat -T10 - SCTP:$extIP:${sctp_port[0]},bind=192.168.90.9")
-if [[ ${out} == *"server"* ]]; then
- echo -e "K8s-calico-incluster SCTP\t(${mode[0]})\t[OK]"
-else
- echo -e "K8s-calico-incluster SCTP\t(${mode[0]})\t[FAILED]"
- code=1
-fi
-
exit $code
diff --git a/cicd/k8s-calico-incluster/yaml/kube-loxilb.yaml b/cicd/k8s-calico-incluster/yaml/kube-loxilb.yaml
new file mode 100644
index 00000000..fe029313
--- /dev/null
+++ b/cicd/k8s-calico-incluster/yaml/kube-loxilb.yaml
@@ -0,0 +1,185 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: kube-loxilb
+ namespace: kube-system
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: kube-loxilb
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - get
+ - watch
+ - list
+ - patch
+ - apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - get
+ - watch
+ - list
+ - patch
+ - apiGroups:
+ - ""
+ resources:
+ - endpoints
+ - services
+ - services/status
+ verbs:
+ - get
+ - watch
+ - list
+ - patch
+ - update
+ - apiGroups:
+ - gateway.networking.k8s.io
+ resources:
+ - gatewayclasses
+ - gatewayclasses/status
+ - gateways
+ - gateways/status
+ - tcproutes
+ - udproutes
+ verbs: ["get", "watch", "list", "patch", "update"]
+ - apiGroups:
+ - discovery.k8s.io
+ resources:
+ - endpointslices
+ verbs:
+ - get
+ - watch
+ - list
+ - apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+ - apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+ - apiGroups:
+ - bgppeer.loxilb.io
+ resources:
+ - bgppeerservices
+ verbs:
+ - get
+ - watch
+ - list
+ - create
+ - update
+ - delete
+ - apiGroups:
+ - bgppolicydefinedsets.loxilb.io
+ resources:
+ - bgppolicydefinedsetsservices
+ verbs:
+ - get
+ - watch
+ - list
+ - create
+ - update
+ - delete
+ - apiGroups:
+ - bgppolicydefinition.loxilb.io
+ resources:
+ - bgppolicydefinitionservices
+ verbs:
+ - get
+ - watch
+ - list
+ - create
+ - update
+ - delete
+ - apiGroups:
+ - bgppolicyapply.loxilb.io
+ resources:
+ - bgppolicyapplyservices
+ verbs:
+ - get
+ - watch
+ - list
+ - create
+ - update
+ - delete
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: kube-loxilb
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: kube-loxilb
+subjects:
+ - kind: ServiceAccount
+ name: kube-loxilb
+ namespace: kube-system
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: kube-loxilb
+ namespace: kube-system
+ labels:
+ app: kube-loxilb-app
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: kube-loxilb-app
+ template:
+ metadata:
+ labels:
+ app: kube-loxilb-app
+ spec:
+ hostNetwork: true
+ dnsPolicy: ClusterFirstWithHostNet
+ tolerations:
+ # Mark the pod as a critical add-on for rescheduling.
+ - key: CriticalAddonsOnly
+ operator: Exists
+ priorityClassName: system-node-critical
+ serviceAccountName: kube-loxilb
+ terminationGracePeriodSeconds: 0
+ containers:
+ - name: kube-loxilb
+ image: ghcr.io/loxilb-io/kube-loxilb:latest
+ imagePullPolicy: Always
+ command:
+ - /bin/kube-loxilb
+ args:
+ #- --loxiURL=http://192.168.80.10:11111
+ - --externalCIDR=192.168.80.5/32
+ #- --externalSecondaryCIDRs=124.124.124.1/24,125.125.125.1/24
+ #- --setBGP=64512
+ #- --listenBGPPort=1791
+ - --setRoles=0.0.0.0
+ #- --monitor
+ #- --extBGPPeers=50.50.50.1:65101,51.51.51.1:65102
+ #- --setLBMode=1
+ #- --config=/opt/loxilb/agent/kube-loxilb.conf
+ resources:
+ requests:
+ cpu: "100m"
+ memory: "50Mi"
+ limits:
+ cpu: "100m"
+ memory: "50Mi"
+ securityContext:
+ privileged: true
+ capabilities:
+ add: ["NET_ADMIN", "NET_RAW"]
diff --git a/cicd/k8s-calico-incluster/yaml/kubeadm-config.yaml b/cicd/k8s-calico-incluster/yaml/kubeadm-config.yaml
new file mode 100644
index 00000000..245a6255
--- /dev/null
+++ b/cicd/k8s-calico-incluster/yaml/kubeadm-config.yaml
@@ -0,0 +1,69 @@
+apiVersion: kubeadm.k8s.io/v1beta3
+bootstrapTokens:
+- groups:
+ - system:bootstrappers:kubeadm:default-node-token
+ ttl: 24h0m0s
+ usages:
+ - signing
+ - authentication
+kind: InitConfiguration
+localAPIEndpoint:
+ advertiseAddress: 192.168.80.250
+ bindPort: 6443
+nodeRegistration:
+ imagePullPolicy: IfNotPresent
+ name: master
+ taints: null
+---
+apiVersion: kubeadm.k8s.io/v1beta3
+certificatesDir: /etc/kubernetes/pki
+kind: ClusterConfiguration
+apiServer:
+ timeoutForControlPlane: 4m0s
+ certSANs:
+ - 192.168.80.250
+controlPlaneEndpoint: 192.168.80.250:6443
+clusterName: kubernetes
+controllerManager: {}
+dns: {}
+etcd:
+ local:
+ dataDir: /var/lib/etcd
+imageRepository: registry.k8s.io
+kubernetesVersion: v1.29.2
+networking:
+ dnsDomain: cluster.local
+ podSubnet: 172.16.1.0/16
+ serviceSubnet: 172.17.1.0/18
+scheduler: {}
+---
+apiVersion: kubeproxy.config.k8s.io/v1alpha1
+bindAddress: 0.0.0.0
+clientConnection:
+ acceptContentTypes: ""
+ burst: 10
+ contentType: application/vnd.kubernetes.protobuf
+ kubeconfig: /var/lib/kube-proxy/kubeconfig.conf
+ qps: 5
+clusterCIDR: ""
+configSyncPeriod: 15m0s
+#featureGates: "SupportIPVSProxyMode=true"
+mode: ipvs
+enableProfiling: false
+healthzBindAddress: 0.0.0.0:10256
+hostnameOverride: ""
+iptables:
+ masqueradeAll: false
+ masqueradeBit: 14
+ minSyncPeriod: 0s
+ syncPeriod: 30s
+ipvs:
+ excludeCIDRs: null
+ minSyncPeriod: 0s
+ scheduler: ""
+ syncPeriod: 30s
+kind: KubeProxyConfiguration
+metricsBindAddress: 127.0.0.1:10249
+nodePortAddresses: null
+oomScoreAdj: -999
+portRange: ""
diff --git a/cicd/k8s-calico-incluster/yaml/loxilb-localvip.yaml b/cicd/k8s-calico-incluster/yaml/loxilb-localvip.yaml
new file mode 100644
index 00000000..3bcfce43
--- /dev/null
+++ b/cicd/k8s-calico-incluster/yaml/loxilb-localvip.yaml
@@ -0,0 +1,110 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: loxilb-lb
+ namespace: kube-system
+spec:
+ selector:
+ matchLabels:
+ app: loxilb-app
+ template:
+ metadata:
+ name: loxilb-lb
+ labels:
+ app: loxilb-app
+ spec:
+ hostNetwork: true
+ hostPID: true
+ dnsPolicy: ClusterFirstWithHostNet
+ tolerations:
+ #- key: "node-role.kubernetes.io/master"
+ #operator: Exists
+ - key: "node-role.kubernetes.io/control-plane"
+ operator: Exists
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ # - key: "node-role.kubernetes.io/master"
+ # operator: Exists
+ - key: "node-role.kubernetes.io/control-plane"
+ operator: Exists
+ initContainers:
+ - name: mkllb-cgroup
+ command:
+ - sh
+ - -ec
+ - |
+ ls /usr/local/sbin/mkllb_cgroup && chmod 777 /usr/local/sbin/mkllb_cgroup;
+ cp -f /usr/local/sbin/mkllb_cgroup /hbin/mkllb_cgroup;
+ nsenter --cgroup=/hproc/1/ns/cgroup --mount=/hproc/1/ns/mnt /bin/mkllb_cgroup;
+ echo done;
+ rm /hbin/mkllb_cgroup;
+ image: "ghcr.io/loxilb-io/loxilb:latest"
+ imagePullPolicy: Always
+ volumeMounts:
+ - name: hproc
+ mountPath: /hproc
+ - name: hbin
+ mountPath: /hbin
+ terminationMessagePolicy: FallbackToLogsOnError
+ securityContext:
+ privileged: true
+ capabilities:
+ add:
+ - SYS_ADMIN
+ containers:
+ - name: loxilb-app
+ image: "ghcr.io/loxilb-io/loxilb:latest"
+ imagePullPolicy: IfNotPresent
+ command: [ "/root/loxilb-io/loxilb/loxilb", "--egr-hooks", "--blacklist=cni[0-9a-z]|veth.|flannel.|cali.|tunl.|vxlan[.]calico", "--localsockpolicy" ]
+ ports:
+ - containerPort: 11111
+ - containerPort: 179
+ - containerPort: 50051
+ volumeMounts:
+ - name: llb-cgroup
+ mountPath: /opt/loxilb/cgroup
+ securityContext:
+ privileged: true
+ runAsUser: 0
+ capabilities:
+ add:
+ - SYS_ADMIN
+ volumes:
+ - name: hproc
+ hostPath:
+ path: /proc
+ type: Directory
+ - name: hbin
+ hostPath:
+ path: /bin
+ type: Directory
+ - name: llb-cgroup
+ hostPath:
+ path: /opt/loxilb/cgroup
+ type: DirectoryOrCreate
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: loxilb-lb-service
+ namespace: kube-system
+spec:
+ clusterIP: None
+ selector:
+ app: loxilb-app
+ ports:
+ - name: loxilb-app
+ port: 11111
+ targetPort: 11111
+ protocol: TCP
+ - name: loxilb-app-bgp
+ port: 179
+ targetPort: 179
+ protocol: TCP
+ - name: loxilb-app-gobgp
+ port: 50051
+ targetPort: 50051
+ protocol: TCP
diff --git a/cicd/k8s-calico-incluster/yaml/loxilb-peer.yml b/cicd/k8s-calico-incluster/yaml/loxilb-peer.yml
deleted file mode 100644
index 5b35cd2e..00000000
--- a/cicd/k8s-calico-incluster/yaml/loxilb-peer.yml
+++ /dev/null
@@ -1,64 +0,0 @@
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
- name: loxilb-peer
- namespace: kube-system
-spec:
- selector:
- matchLabels:
- app: loxilb-peer-app
- template:
- metadata:
- name: loxilb-peer
- labels:
- app: loxilb-peer-app
- spec:
- hostNetwork: true
- dnsPolicy: ClusterFirstWithHostNet
- affinity:
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: "node-role.kubernetes.io/master"
- operator: DoesNotExist
- - key: "node-role.kubernetes.io/control-plane"
- operator: DoesNotExist
- containers:
- - name: loxilb-peer-app
- image: "ghcr.io/loxilb-io/loxilb:latest"
- command: [ "/root/loxilb-io/loxilb/loxilb", "--peer" ]
- ports:
- - containerPort: 11111
- - containerPort: 1791
- - containerPort: 50051
- securityContext:
- privileged: true
- capabilities:
- add:
- - SYS_ADMIN
----
-apiVersion: v1
-kind: Service
-metadata:
- name: loxilb-peer-service
- namespace: kube-system
-spec:
- clusterIP: None
- selector:
- app: loxilb-peer-app
- ports:
- - name: loxilb-peer-app
- port: 11111
- targetPort: 11111
- protocol: TCP
- - name: loxilb-peer-bgp
- port: 1791
- targetPort: 1791
- protocol: TCP
- - name: loxilb-peer-gobgp
- port: 50051
- targetPort: 50051
- protocol: TCP
-
-
diff --git a/cicd/k8s-calico-incluster/yaml/loxilb.yml b/cicd/k8s-calico-incluster/yaml/loxilb.yaml
similarity index 78%
rename from cicd/k8s-calico-incluster/yaml/loxilb.yml
rename to cicd/k8s-calico-incluster/yaml/loxilb.yaml
index 0a118b61..5ced543b 100644
--- a/cicd/k8s-calico-incluster/yaml/loxilb.yml
+++ b/cicd/k8s-calico-incluster/yaml/loxilb.yaml
@@ -16,6 +16,8 @@ spec:
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
tolerations:
+ #- key: "node-role.kubernetes.io/master"
+ #operator: Exists
- key: "node-role.kubernetes.io/control-plane"
operator: Exists
affinity:
@@ -23,16 +25,18 @@ spec:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
+ #- key: "node-role.kubernetes.io/master"
+ # operator: Exists
- key: "node-role.kubernetes.io/control-plane"
operator: Exists
containers:
- name: loxilb-app
image: "ghcr.io/loxilb-io/loxilb:latest"
imagePullPolicy: Always
- command: [ "/root/loxilb-io/loxilb/loxilb", "--bgp", "--egr-hooks", "--blacklist=cali.|tunl.|vxlan[.]calico|veth." ]
+ command: [ "/root/loxilb-io/loxilb/loxilb", "--egr-hooks", "--blacklist=cni[0-9a-z]|veth.|flannel.|cali.|tunl.|vxlan[.]calico" ]
ports:
- containerPort: 11111
- - containerPort: 1791
+ - containerPort: 179
- containerPort: 50051
securityContext:
privileged: true
@@ -55,8 +59,8 @@ spec:
targetPort: 11111
protocol: TCP
- name: loxilb-app-bgp
- port: 1791
- targetPort: 1791
+ port: 179
+ targetPort: 179
protocol: TCP
- name: loxilb-app-gobgp
port: 50051
diff --git a/cicd/k8s-calico-incluster/yaml/sctp.yml b/cicd/k8s-calico-incluster/yaml/sctp.yml
deleted file mode 100644
index 5991cb1d..00000000
--- a/cicd/k8s-calico-incluster/yaml/sctp.yml
+++ /dev/null
@@ -1,50 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: sctp-lb-default
- annotations:
- loxilb.io/lbmode: "default"
-spec:
- loadBalancerClass: loxilb.io/loxilb
- externalTrafficPolicy: Local
- selector:
- what: sctp-default-test
- ports:
- - port: 55004
- protocol: SCTP
- targetPort: 9999
- type: LoadBalancer
----
-apiVersion: v1
-kind: Pod
-metadata:
- name: sctp-default-test
- labels:
- what: sctp-default-test
-spec:
- tolerations:
- - key: "node-role.kubernetes.io/control-plane"
- operator: Exists
- affinity:
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: "node-role.kubernetes.io/control-plane"
- operator: Exists
- containers:
- - name: sctp-default-test
- image: ghcr.io/loxilb-io/alpine-socat:latest
- command: [ "sh", "-c"]
- args:
- - while true; do
- socat -v -T2 sctp-l:9999,reuseaddr,fork system:"echo 'server1'; cat";
- sleep 20;
- done;
- ports:
- - containerPort: 9999
- env:
- - name: MY_POD_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
diff --git a/cicd/k8s-calico-incluster/yaml/sctp_fullnat.yml b/cicd/k8s-calico-incluster/yaml/sctp_fullnat.yml
index b6eae03d..5ac9a69b 100644
--- a/cicd/k8s-calico-incluster/yaml/sctp_fullnat.yml
+++ b/cicd/k8s-calico-incluster/yaml/sctp_fullnat.yml
@@ -3,6 +3,7 @@ kind: Service
metadata:
name: sctp-lb-fullnat
annotations:
+ #loxilb.io/num-secondary-networks: "2"
loxilb.io/liveness: "yes"
loxilb.io/lbmode: "fullnat"
spec:
@@ -25,7 +26,10 @@ metadata:
spec:
containers:
- name: sctp-fullnat-test
+ #image: loxilbio/sctp-darn:latest
image: ghcr.io/loxilb-io/alpine-socat:latest
+ imagePullPolicy: Always
+ #command: ["sctp_darn","-H", "0.0.0.0","-P", "9999", "-l"]
command: [ "sh", "-c"]
args:
- while true; do
diff --git a/cicd/k8s-calico-incluster/yaml/settings.yaml b/cicd/k8s-calico-incluster/yaml/settings.yaml
index 7b6e513b..492519dc 100644
--- a/cicd/k8s-calico-incluster/yaml/settings.yaml
+++ b/cicd/k8s-calico-incluster/yaml/settings.yaml
@@ -9,12 +9,10 @@ cluster_name: Kubernetes Cluster
# NO_PROXY=127.0.0.1,localhost,master-node,node01,node02,node03
# All IPs/CIDRs should be private and allowed in /etc/vbox/networks.conf.
network:
+ iloxilb_ip: 192.168.80.253
+ oloxilb_ip: 192.168.90.253
# Worker IPs are simply incremented from the control IP.
- client_ip: 192.168.90.9
- control_ip: 192.168.80.10
- control_ip2: 192.168.90.10
- control2_ip: 192.168.80.11
- control2_ip2: 192.168.90.11
+ control_ip: 192.168.80.250
dns_servers:
- 8.8.8.8
- 1.1.1.1
@@ -22,11 +20,11 @@ network:
service_cidr: 172.17.1.0/18
nodes:
control:
- cpu: 4
+ cpu: 2
memory: 4096
workers:
count: 2
- cpu: 2
+ cpu: 1
memory: 2048
# Mount additional shared folders from the host into each virtual machine.
# Note that the project directory is automatically mounted at /vagrant.
@@ -34,11 +32,14 @@ nodes:
# - host_path: ../images
# vm_path: /vagrant/images
software:
- cluster:
+ loxilb:
box:
name: sysnet4admin/Ubuntu-k8s
version: 0.7.1
+ cluster:
+ box: bento/ubuntu-22.04
+ version: 202401.31.0
calico: 3.26.0
# To skip the dashboard installation, set its version to an empty value or comment it out:
- kubernetes: 1.27.1-00
+ kubernetes: 1.29.2
os: xUbuntu_22.04
diff --git a/cicd/k8s-calico-incluster/yaml/tcp.yml b/cicd/k8s-calico-incluster/yaml/tcp.yml
deleted file mode 100644
index 8c898340..00000000
--- a/cicd/k8s-calico-incluster/yaml/tcp.yml
+++ /dev/null
@@ -1,29 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: tcp-lb-default
- annotations:
- loxilb.io/liveness: "yes"
- loxilb.io/lbmode: "default"
-spec:
- externalTrafficPolicy: Local
- loadBalancerClass: loxilb.io/loxilb
- selector:
- what: tcp-default-test
- ports:
- - port: 55002
- targetPort: 80
- type: LoadBalancer
----
-apiVersion: v1
-kind: Pod
-metadata:
- name: tcp-default-test
- labels:
- what: tcp-default-test
-spec:
- containers:
- - name: tcp-default-test
- image: ghcr.io/loxilb-io/nginx:stable
- ports:
- - containerPort: 80
diff --git a/cicd/k8s-calico-incluster/yaml/udp.yml b/cicd/k8s-calico-incluster/yaml/udp.yml
deleted file mode 100644
index ac6ef997..00000000
--- a/cicd/k8s-calico-incluster/yaml/udp.yml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: udp-lb-default
- annotations:
- loxilb.io/liveness: "yes"
- loxilb.io/lbmode: "default"
-spec:
- loadBalancerClass: loxilb.io/loxilb
- externalTrafficPolicy: Local
- selector:
- what: udp-default-test
- ports:
- - port: 55003
- protocol: UDP
- targetPort: 33333
- type: LoadBalancer
----
-apiVersion: v1
-kind: Pod
-metadata:
- name: udp-default-test
- labels:
- what: udp-default-test
-spec:
- containers:
- - name: udp-default-test
- image: ghcr.io/loxilb-io/udp-echo:latest
- ports:
- - containerPort: 33333
diff --git a/cicd/microk8s-incluster/common.sh b/cicd/microk8s-incluster/common.sh
index b82f6e0e..c65963cd 100755
--- a/cicd/microk8s-incluster/common.sh
+++ b/cicd/microk8s-incluster/common.sh
@@ -536,7 +536,7 @@ function create_lb_rule() {
echo "$1: loxicmd create lb ${args[*]}"
$dexec $1 loxicmd create lb ${args[*]}
- hook=$($dexec llb1 ntc filter show dev eth0 ingress | grep tc_packet_hook)
+ hook=$($dexec llb1 tc filter show dev eth0 ingress | grep tc_packet_hook)
if [[ $hook != *"tc_packet_hook"* ]]; then
echo "ERROR : No hook point found";
exit 1
diff --git a/cicd/sconnect/config.sh b/cicd/sconnect/config.sh
index 3f250176..1efd3744 100755
--- a/cicd/sconnect/config.sh
+++ b/cicd/sconnect/config.sh
@@ -229,4 +229,4 @@ create_docker_host_vxlan --host1 llb1 --host2 l3vxh2 --id 60 --uif phy --lip 5.5
create_docker_host_vxlan --host1 llb1 --host2 l3vxh2 --id 60 --ep 5.5.5.2
config_docker_host --host1 llb1 --host2 l3vxh2 --ptype vlan --id 60 --addr 60.60.60.254/24
-sleep 25
+sleep 60
diff --git a/cicd/tcpkali/config.sh b/cicd/tcpkali/config.sh
new file mode 100755
index 00000000..3b24ef11
--- /dev/null
+++ b/cicd/tcpkali/config.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+
+source ../common.sh
+
+echo "#########################################"
+echo "Spawning all hosts"
+echo "#########################################"
+
+spawn_docker_host --dock-type loxilb --dock-name llb1
+spawn_docker_host --dock-type host --dock-name l3h1
+spawn_docker_host --dock-type host --dock-name l3h2
+spawn_docker_host --dock-type host --dock-name l3ep1
+spawn_docker_host --dock-type host --dock-name l3ep2
+spawn_docker_host --dock-type host --dock-name l3ep3
+
+echo "#########################################"
+echo "Connecting and configuring hosts"
+echo "#########################################"
+
+
+connect_docker_hosts l3h1 llb1
+connect_docker_hosts l3h2 llb1
+connect_docker_hosts l3ep1 llb1
+connect_docker_hosts l3ep2 llb1
+connect_docker_hosts l3ep3 llb1
+
+sleep 5
+
+#L3 config
+config_docker_host --host1 l3h1 --host2 llb1 --ptype phy --addr 10.10.10.1/24 --gw 10.10.10.254
+config_docker_host --host1 l3h2 --host2 llb1 --ptype phy --addr 10.10.11.1/24 --gw 10.10.11.254
+config_docker_host --host1 l3ep1 --host2 llb1 --ptype phy --addr 31.31.31.1/24 --gw 31.31.31.254
+config_docker_host --host1 l3ep2 --host2 llb1 --ptype phy --addr 32.32.32.1/24 --gw 32.32.32.254
+config_docker_host --host1 l3ep3 --host2 llb1 --ptype phy --addr 33.33.33.1/24 --gw 33.33.33.254
+config_docker_host --host1 llb1 --host2 l3h1 --ptype phy --addr 10.10.10.254/24
+config_docker_host --host1 llb1 --host2 l3h2 --ptype phy --addr 10.10.11.254/24
+config_docker_host --host1 llb1 --host2 l3ep1 --ptype phy --addr 31.31.31.254/24
+config_docker_host --host1 llb1 --host2 l3ep2 --ptype phy --addr 32.32.32.254/24
+config_docker_host --host1 llb1 --host2 l3ep3 --ptype phy --addr 33.33.33.254/24
+
+$dexec llb1 ip addr add 10.10.10.3/32 dev lo
+
+sleep 5
+create_lb_rule llb1 20.20.20.1 --tcp=2020:8080 --endpoints=31.31.31.1:1,32.32.32.1:1,33.33.33.1:1
+create_lb_rule llb1 10.10.10.254 --tcp=2020:8080 --endpoints=31.31.31.1:1,32.32.32.1:1,33.33.33.1:1
+create_lb_rule llb1 10.10.10.3 --tcp=2020:8080 --endpoints=31.31.31.1:1,32.32.32.1:1,33.33.33.1:1
diff --git a/cicd/tcpkali/pps.sh b/cicd/tcpkali/pps.sh
new file mode 100755
index 00000000..d1651534
--- /dev/null
+++ b/cicd/tcpkali/pps.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+i="1" # one second
+time=$1
+int1=$2 # network interface
+int2=$3 # network interface
+
+end=$((SECONDS + $time))
+
+while [ $SECONDS -lt $end ]; do
+ txpkts_old1="`cat /sys/class/net/$int1/statistics/tx_packets`" # sent packets
+ rxpkts_old1="`cat /sys/class/net/$int1/statistics/rx_packets`" # recv packets
+ txpkts_old2="`cat /sys/class/net/$int2/statistics/tx_packets`" # sent packets
+ rxpkts_old2="`cat /sys/class/net/$int2/statistics/rx_packets`" # recv packets
+ txpkts_old="`expr $txpkts_old1 + $txpkts_old2`"
+ rxpkts_old="`expr $rxpkts_old1 + $rxpkts_old2`"
+ sleep $i
+ txpkts_new1="`cat /sys/class/net/$int1/statistics/tx_packets`" # sent packets
+ rxpkts_new1="`cat /sys/class/net/$int1/statistics/rx_packets`" # recv packets
+ txpkts_new2="`cat /sys/class/net/$int2/statistics/tx_packets`" # sent packets
+ rxpkts_new2="`cat /sys/class/net/$int2/statistics/rx_packets`" # recv packets
+
+ txpkts_new="`expr $txpkts_new1 + $txpkts_new2`"
+ rxpkts_new="`expr $rxpkts_new1 + $rxpkts_new2`"
+
+ txpkts="`expr $txpkts_new - $txpkts_old`" # evaluate expressions for sent packets
+ rxpkts="`expr $rxpkts_new - $rxpkts_old`" # evaluate expressions for recv packets
+ echo "tx $txpkts pkts/s - rx $rxpkts pkts/ on interface $int1 and $int2"
+done
+
diff --git a/cicd/tcpkali/rmconfig.sh b/cicd/tcpkali/rmconfig.sh
new file mode 100755
index 00000000..1d5243a0
--- /dev/null
+++ b/cicd/tcpkali/rmconfig.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+source ../common.sh
+
+disconnect_docker_hosts l3h1 llb1
+disconnect_docker_hosts l3h2 llb1
+disconnect_docker_hosts l3ep1 llb1
+disconnect_docker_hosts l3ep2 llb1
+disconnect_docker_hosts l3ep3 llb1
+
+delete_docker_host llb1
+delete_docker_host l3h1
+delete_docker_host l3h2
+delete_docker_host l3ep1
+delete_docker_host l3ep2
+delete_docker_host l3ep3
+
+echo "#########################################"
+echo "Deleted testbed"
+echo "#########################################"
diff --git a/cicd/tcpkali/validation.sh b/cicd/tcpkali/validation.sh
new file mode 100755
index 00000000..447b4e66
--- /dev/null
+++ b/cicd/tcpkali/validation.sh
@@ -0,0 +1,85 @@
+#!/bin/bash
+source ../common.sh
+echo SCENARIO-tcpkali
+$hexec l3ep1 node ../common/tcp_server.js server1 &
+$hexec l3ep2 node ../common/tcp_server.js server2 &
+$hexec l3ep3 node ../common/tcp_server.js server3 &
+
+conn=400
+
+time=14400 #4hrs
+
+stime=$(( $time + 10 ))
+sleep 2
+code=0
+servIP="20.20.20.1"
+servArr=( "server1" "server2" "server3" )
+ep=( "31.31.31.1" "32.32.32.1" "33.33.33.1" )
+host=( "l3h1" "l3h2" )
+i=0
+waitCount=0
+while [ $i -le 1 ]
+do
+j=0
+echo "Check connectivity from ${host[i]}"
+while [ $j -le 2 ]
+do
+ res=$($hexec ${host[i]} curl --max-time 10 -s ${ep[j]}:8080)
+ #echo $res
+ if [[ $res == "${servArr[j]}" ]]
+ then
+ echo "$res UP"
+ j=$(( $j + 1 ))
+ else
+ echo "Waiting for ${servArr[j]}(${ep[j]})"
+ waitCount=$(( $waitCount + 1 ))
+ if [[ $waitCount == 10 ]];
+ then
+ echo "All Servers are not UP"
+ echo SCENARIO-tcpkali [FAILED]
+ sudo killall -9 node 2>&1 > /dev/null
+ exit 1
+ fi
+ fi
+ sleep 1
+done
+i=$(( $i + 1 ))
+done
+
+sudo killall -9 node 2>&1 > /dev/null
+
+$hexec l3ep1 tcpkali -l 8080 -T $stime 2>&1> /dev/null &
+$hexec l3ep2 tcpkali -l 8080 -T $stime 2>&1> /dev/null &
+$hexec l3ep3 tcpkali -l 8080 -T $stime 2>&1> /dev/null &
+
+sleep 2
+
+for k in {0..1}
+do
+ echo "${host[k]}: Testing Service IP: $servIP - connections: $conn duration: $time secs"
+ lcode=0
+ $hexec ${host[k]} stdbuf -oL tcpkali -c $conn -T $time -w 8 -m "message" -r 2000 $servIP:2020 2> ${host[k]}.log &
+done
+
+#sleep $stime
+$hexec llb1 ./pps.sh $time ellb1l3h1 ellb1l3h2
+
+conn1=$( tail -n 2 l3h1.log | xargs | cut -d ' ' -f 11 | cut -d ')' -f 1 )
+conn2=$( tail -n 2 l3h2.log | xargs | cut -d ' ' -f 11 | cut -d ')' -f 1 )
+
+if [[ $conn1 == $conn && $conn2 == $conn ]]
+then
+ echo SCENARIO-tcpkali with ${servIP[k]} [OK]
+else
+ echo SCENARIO-tcpkali with ${servIP[k]} [FAILED]
+ echo "l3h1 tcpkali"
+ tail -n 2 l3h1.log
+ echo "l3h2 tcpkali"
+ tail -n 2 l3h2.log
+ code=1
+fi
+
+rm l3h1.log l3h2.log
+
+#sudo killall -9 tcpkali 2>&1 > /dev/null
+exit $code
diff --git a/cicd/tcplb-local/config.sh b/cicd/tcplb-local/config.sh
index b5fe0db0..ef756955 100755
--- a/cicd/tcplb-local/config.sh
+++ b/cicd/tcplb-local/config.sh
@@ -6,7 +6,7 @@ echo "#########################################"
echo "Spawning all hosts"
echo "#########################################"
-spawn_docker_host --dock-type loxilb --dock-name llb1 --extra-args "--localsockpolicy"
+spawn_docker_host --dock-type loxilb --dock-name llb1 --docker-args "--pid=host --cgroupns=host" --extra-args "--localsockpolicy"
spawn_docker_host --dock-type host --dock-name l3h1
spawn_docker_host --dock-type host --dock-name l3ep1
spawn_docker_host --dock-type host --dock-name l3ep2
diff --git a/cicd/tcplbmaxep/config.sh b/cicd/tcplbmaxep/config.sh
new file mode 100755
index 00000000..b5285bd9
--- /dev/null
+++ b/cicd/tcplbmaxep/config.sh
@@ -0,0 +1,54 @@
+#!/bin/bash
+
+source ../common.sh
+
+echo "#########################################"
+echo "Spawning all hosts"
+echo "#########################################"
+
+spawn_docker_host --dock-type loxilb --dock-name llb1
+spawn_docker_host --dock-type host --dock-name l3h1
+spawn_docker_host --dock-type host --dock-name l3ep1
+spawn_docker_host --dock-type host --dock-name l3ep2
+spawn_docker_host --dock-type host --dock-name l3ep3
+spawn_docker_host --dock-type host --dock-name l3ep4
+
+echo "#########################################"
+echo "Connecting and configuring hosts"
+echo "#########################################"
+
+
+connect_docker_hosts l3h1 llb1
+connect_docker_hosts l3ep1 llb1
+connect_docker_hosts l3ep2 llb1
+connect_docker_hosts l3ep3 llb1
+connect_docker_hosts l3ep4 llb1
+
+sleep 5
+
+#configure pods
+config_docker_host --host1 l3h1 --host2 llb1 --ptype phy --addr 10.10.10.1/24 --gw 10.10.10.254
+config_docker_host --host1 l3ep1 --host2 llb1 --ptype phy --addr 31.31.31.1/24 --gw 31.31.31.254
+config_docker_host --host1 l3ep2 --host2 llb1 --ptype phy --addr 32.32.32.1/24 --gw 32.32.32.254
+config_docker_host --host1 l3ep3 --host2 llb1 --ptype phy --addr 33.33.33.1/24 --gw 33.33.33.254
+config_docker_host --host1 l3ep4 --host2 llb1 --ptype phy --addr 34.34.34.1/24 --gw 34.34.34.254
+config_docker_host --host1 llb1 --host2 l3h1 --ptype phy --addr 10.10.10.254/24
+config_docker_host --host1 llb1 --host2 l3ep1 --ptype phy --addr 31.31.31.254/24
+config_docker_host --host1 llb1 --host2 l3ep2 --ptype phy --addr 32.32.32.254/24
+config_docker_host --host1 llb1 --host2 l3ep3 --ptype phy --addr 33.33.33.254/24
+config_docker_host --host1 llb1 --host2 l3ep4 --ptype phy --addr 34.34.34.254/24
+
+for i in {1..4}
+do
+for j in {1..8}
+do
+ $hexec l3ep$i ip addr add 35.$i.$j.1/24 dev el3ep${i}llb1
+ $hexec llb1 ip addr add 35.$i.$j.254/24 dev ellb1l3ep${i}
+done
+done
+
+sleep 5
+
+#configure LB
+
+create_lb_rule llb1 20.20.20.1 --tcp=2020:8080 --endpoints=35.1.1.1:1,35.1.2.1:1,35.1.3.1:1,35.1.4.1:1,35.1.5.1:1,35.1.6.1:1,35.1.7.1:1,35.1.8.1:1,35.2.1.1:1,35.2.2.1:1,35.2.3.1:1,35.2.4.1:1,35.2.5.1:1,35.2.6.1:1,35.2.7.1:1,35.2.8.1:1,35.3.1.1:1,35.3.2.1:1,35.3.3.1:1,35.3.4.1:1,35.3.5.1:1,35.3.6.1:1,35.3.7.1:1,35.3.8.1:1,35.4.1.1:1,35.4.2.1:1,35.4.3.1:1,35.4.4.1:1,35.4.5.1:1,35.4.6.1:1,35.4.7.1:1,35.4.8.1:1
diff --git a/cicd/tcplbmaxep/rmconfig.sh b/cicd/tcplbmaxep/rmconfig.sh
new file mode 100755
index 00000000..88d12508
--- /dev/null
+++ b/cicd/tcplbmaxep/rmconfig.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+source ../common.sh
+
+disconnect_docker_hosts l3h1 llb1
+disconnect_docker_hosts l3ep1 llb1
+disconnect_docker_hosts l3ep2 llb1
+disconnect_docker_hosts l3ep3 llb1
+disconnect_docker_hosts l3ep4 llb1
+
+delete_docker_host llb1
+delete_docker_host l3h1
+delete_docker_host l3ep1
+delete_docker_host l3ep2
+delete_docker_host l3ep3
+delete_docker_host l3ep4
+
+echo "#########################################"
+echo "Deleted testbed"
+echo "#########################################"
diff --git a/cicd/tcplbmaxep/validation.sh b/cicd/tcplbmaxep/validation.sh
new file mode 100755
index 00000000..f528dabe
--- /dev/null
+++ b/cicd/tcplbmaxep/validation.sh
@@ -0,0 +1,75 @@
+#!/bin/bash
+source ../common.sh
+echo SCENARIO-tcplb-maxep
+$hexec l3ep1 node ../common/tcp_server.js server1 &
+$hexec l3ep2 node ../common/tcp_server.js server2 &
+$hexec l3ep3 node ../common/tcp_server.js server3 &
+$hexec l3ep4 node ../common/tcp_server.js server4 &
+
+sleep 5
+code=0
+servIP=( "20.20.20.1" )
+servArr=(
+ "server1" "server2" "server3" "server4"
+ "server1" "server2" "server3" "server4"
+ "server1" "server2" "server3" "server4"
+ "server1" "server2" "server3" "server4"
+ "server1" "server2" "server3" "server4"
+ "server1" "server2" "server3" "server4"
+ "server1" "server2" "server3" "server4"
+ "server1" "server2" "server3" "server4"
+ )
+ep=( "31.31.31.1" "32.32.32.1" "33.33.33.1" "34.34.34.1" )
+j=0
+waitCount=0
+while [ $j -le 3 ]
+do
+ res=$($hexec l3h1 curl --max-time 10 -s ${ep[j]}:8080)
+ #echo $res
+ if [[ $res == "${servArr[j]}" ]]
+ then
+ echo "$res UP"
+ j=$(( $j + 1 ))
+ else
+ echo "Waiting for ${servArr[j]}(${ep[j]})"
+ waitCount=$(( $waitCount + 1 ))
+ if [[ $waitCount == 10 ]];
+ then
+ echo "All Servers are not UP"
+ echo SCENARIO-tcplb-maxep [FAILED]
+ sudo killall -9 node 2>&1 > /dev/null
+ exit 1
+ fi
+ fi
+ sleep 1
+done
+
+echo "Testing Service IP: ${servIP[0]}"
+lcode=0
+for i in {0..31}
+do
+ res=$($hexec l3h1 curl --max-time 10 -s ${servIP[0]}:2020)
+ echo $res
+ if [[ $res != "${servArr[i]}" ]]
+ then
+ lcode=1
+ fi
+ sleep 1
+
+ if [[ $lcode == 0 ]]
+ then
+ echo SCENARIO-tcplb-maxep with ep${i+1} 35.${i}.${j}.1 [OK]
+ else
+ echo SCENARIO-tcplb-maxep with ep${i+1} 35.${i}.${j}.1 [FAILED]
+ code=1
+ fi
+done
+
+if [[ $code == 0 ]]; then
+ echo SCENARIO-tcplb-maxep [OK]
+else
+ echo SCENARIO-tcplb-maxep [FAILED]
+fi
+
+sudo killall -9 node 2>&1 > /dev/null
+exit $code
diff --git a/cicd/wrrtcplb1/validation.sh b/cicd/wrrtcplb1/validation.sh
index 4d269403..a2ef39f6 100755
--- a/cicd/wrrtcplb1/validation.sh
+++ b/cicd/wrrtcplb1/validation.sh
@@ -37,14 +37,19 @@ respArr=( "server1" "server1" "server1"
"server1" "server1" "server1"
"server1" "server1" "server1"
"server1" "server1" "server1"
+ "server1" "server1" "server1"
+ "server1" "server1" "server1"
+ "server1" "server1" "server1"
+ "server1" "server1" "server1"
+ "server1" "server2" "server2"
"server2" "server2" "server2"
- "server1"
+ "server2" "server1"
)
-for i in {0..15}
+for i in {0..31}
do
res=$($hexec l3h1 curl --max-time 10 -s 20.20.20.1:2020)
- echo $res
+ echo $i:$res
if [[ $res != "${respArr[i]}" ]]
then
echo "expected ${respArr[i]} rcvd $res"
diff --git a/cicd/wrrtcplb2/validation.sh b/cicd/wrrtcplb2/validation.sh
index 0531742b..9e2f769c 100755
--- a/cicd/wrrtcplb2/validation.sh
+++ b/cicd/wrrtcplb2/validation.sh
@@ -35,16 +35,21 @@ done
respArr=( "server1" "server1" "server1"
"server1" "server1" "server1"
+ "server1" "server1" "server1"
+ "server1" "server1" "server1"
+ "server2" "server2" "server2"
"server2" "server2" "server2"
"server2" "server2" "server2"
+ "server2" "server2" "server2"
+ "server3" "server3" "server3"
"server3" "server3" "server3"
- "server1"
+ "server1" "server1"
)
-for i in {0..15}
+for i in {0..31}
do
res=$($hexec l3h1 curl --max-time 10 -s 20.20.20.1:2020)
- echo $res
+ echo $i:$res
if [[ $res != "${respArr[i]}" ]]
then
echo "expected ${respArr[i]} rcvd $res"
diff --git a/common/common.go b/common/common.go
index e4395d4b..5c24ce37 100644
--- a/common/common.go
+++ b/common/common.go
@@ -369,16 +369,22 @@ type RouteGet struct {
Sync DpStatusT
}
+// GWInfo - Info about gateway
+type GWInfo struct {
+ // Gw - gateway information if any
+ Gw net.IP
+ // LinkIndex - OS allocated index
+ LinkIndex int
+}
+
// RouteMod - Info about a route
type RouteMod struct {
// Protocol - Protocol type
Protocol int
// Flags - flag type
Flags int
- // Gw - gateway information if any
- Gw net.IP
- // LinkIndex - OS allocated index
- LinkIndex int
+ // GWs - gateway information if any
+ GWs []GWInfo
// Dst - ip addr
Dst net.IPNet
}
@@ -519,14 +525,18 @@ type LBSec int32
const (
// LBServPlain - Plain mode
LBServPlain LBSec = iota
- // LBServHttps - HTTPS termination
- LBServHttps
+ // LBServHTTPS - HTTPS termination
+ LBServHTTPS
+ // LBServE2EHTTPS - HTTPS proxy
+ LBServE2EHTTPS
)
// LbServiceArg - Information related to load-balancer service
type LbServiceArg struct {
// ServIP - the service ip or vip of the load-balancer rule
ServIP string `json:"externalIP"`
+ // PrivateIP - the private service ip or vip of the load-balancer rule
+ PrivateIP string `json:"privateIP"`
// ServPort - the service port of the load-balancer rule
ServPort uint16 `json:"port"`
// Proto - the service protocol of the load-balancer rule
@@ -567,6 +577,8 @@ type LbServiceArg struct {
PersistTimeout uint32 `json:"persistTimeout"`
// Snat - Do SNAT
Snat bool `json:"snat"`
+ // HostUrl - Ingress Specific URL path
+ HostUrl string `json:"path"`
}
// LbEndPointArg - Information related to load-balancer end-point
diff --git a/go.mod b/go.mod
index fe00b93c..f334c037 100644
--- a/go.mod
+++ b/go.mod
@@ -1,8 +1,11 @@
module github.com/loxilb-io/loxilb
-go 1.22.0
+go 1.23.0
require (
+ github.com/aws/aws-sdk-go-v2/config v1.27.11
+ github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1
+ github.com/aws/aws-sdk-go-v2/service/ec2 v1.159.1
github.com/go-openapi/errors v0.20.3
github.com/go-openapi/loads v0.21.2
github.com/go-openapi/runtime v0.24.1
@@ -12,11 +15,11 @@ require (
github.com/go-openapi/validate v0.22.0
github.com/jessevdk/go-flags v1.5.0
github.com/loxilb-io/ipvs v0.1.0
- github.com/loxilb-io/loxilib v0.8.9-0.20240620071157-28d3880edd8f
- github.com/osrg/gobgp/v3 v3.5.0
+ github.com/loxilb-io/loxilib v0.8.9-0.20240906040045-9ad9b8b549d3
+ github.com/osrg/gobgp/v3 v3.29.0
github.com/prometheus-community/pro-bing v0.1.0
github.com/prometheus/client_model v0.3.0
- github.com/vishvananda/netlink v1.1.1-0.20210330154013-f5de75959ad5
+ github.com/vishvananda/netlink v1.2.1-beta.2
golang.org/x/net v0.23.0
golang.org/x/sys v0.18.0
google.golang.org/grpc v1.56.3
@@ -27,6 +30,17 @@ require (
)
require (
+ github.com/aws/aws-sdk-go-v2 v1.26.1 // indirect
+ github.com/aws/aws-sdk-go-v2/credentials v1.17.11 // indirect
+ github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 // indirect
+ github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 // indirect
+ github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
+ github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect
+ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 // indirect
+ github.com/aws/aws-sdk-go-v2/service/sso v1.20.5 // indirect
+ github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 // indirect
+ github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 // indirect
+ github.com/aws/smithy-go v1.20.2 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
@@ -37,16 +51,17 @@ require (
github.com/google/go-cmp v0.6.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/imdario/mergo v0.3.6 // indirect
+ github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/loxilb-io/sctp v0.0.0-20230519081703-6d1baec82fd4 // indirect
- github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
+ github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
github.com/moby/ipvs v1.1.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
- github.com/prometheus/common v0.37.0 // indirect
- github.com/prometheus/procfs v0.8.0 // indirect
- github.com/sirupsen/logrus v1.9.0 // indirect
+ github.com/prometheus/common v0.42.0 // indirect
+ github.com/prometheus/procfs v0.10.1 // indirect
+ github.com/sirupsen/logrus v1.9.3 // indirect
github.com/spf13/pflag v1.0.5 // indirect
golang.org/x/oauth2 v0.10.0 // indirect
golang.org/x/term v0.18.0 // indirect
@@ -69,15 +84,15 @@ require (
github.com/go-openapi/jsonpointer v0.19.6 // indirect
github.com/go-openapi/jsonreference v0.20.2 // indirect
github.com/golang/protobuf v1.5.4 // indirect
- github.com/google/uuid v1.3.0 // indirect
+ github.com/google/uuid v1.3.1 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
- github.com/mitchellh/mapstructure v1.4.3 // indirect
+ github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/oklog/ulid v1.3.1 // indirect
- github.com/prometheus/client_golang v1.14.0
- github.com/vishvananda/netns v0.0.2 // indirect
+ github.com/prometheus/client_golang v1.16.0
+ github.com/vishvananda/netns v0.0.4 // indirect
go.mongodb.org/mongo-driver v1.11.6 // indirect
- golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f // indirect
+ golang.org/x/sync v0.2.0 // indirect
golang.org/x/text v0.14.0 // indirect
google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
diff --git a/go.sum b/go.sum
index 9be9a10d..0919b40b 100644
--- a/go.sum
+++ b/go.sum
@@ -1,62 +1,41 @@
-cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
-cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
-cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
-cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
-cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
-cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
-cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
-cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
-cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
-cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
-cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
-cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
-cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
-cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
-cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
-cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
-cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
-cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
-cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
-cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
-cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
-cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
-cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
-cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
-cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
-cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
-cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
-cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
-cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
-dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
-github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
-github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
+github.com/aws/aws-sdk-go-v2 v1.26.1 h1:5554eUqIYVWpU0YmeeYZ0wU64H2VLBs8TlhRB2L+EkA=
+github.com/aws/aws-sdk-go-v2 v1.26.1/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
+github.com/aws/aws-sdk-go-v2/config v1.27.11 h1:f47rANd2LQEYHda2ddSCKYId18/8BhSRM4BULGmfgNA=
+github.com/aws/aws-sdk-go-v2/config v1.27.11/go.mod h1:SMsV78RIOYdve1vf36z8LmnszlRWkwMQtomCAI0/mIE=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.11 h1:YuIB1dJNf1Re822rriUOTxopaHHvIq0l/pX3fwO+Tzs=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.11/go.mod h1:AQtFPsDH9bI2O+71anW6EKL+NcD7LG3dpKGMV4SShgo=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 h1:FVJ0r5XTHSmIHJV6KuDmdYhEpvlHpiSd38RQWhut5J4=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1/go.mod h1:zusuAeqezXzAB24LGuzuekqMAEgWkVYukBec3kr3jUg=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 h1:aw39xVGeRWlWx9EzGVnhOR4yOjQDHPQ6o6NmBlscyQg=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5/go.mod h1:FSaRudD0dXiMPK2UjknVwwTYyZMRsHv3TtkabsZih5I=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 h1:PG1F3OD1szkuQPzDw3CIQsRIrtTlUC3lP84taWzHlq0=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5/go.mod h1:jU1li6RFryMz+so64PpKtudI+QzbKoIEivqdf6LNpOc=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY=
+github.com/aws/aws-sdk-go-v2/service/ec2 v1.159.1 h1:ZwDFKZ40MQyVmHAAEmSe63FPKkMhNO//Yom+WvdszfA=
+github.com/aws/aws-sdk-go-v2/service/ec2 v1.159.1/go.mod h1:xejKuuRDjz6z5OqyeLsz01MlOqqW7CqpAB4PabNvpu8=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 h1:ogRAwT1/gxJBcSWDMZlgyFUM962F51A5CRhDLbxLdmo=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7/go.mod h1:YCsIZhXfRPLFFCl5xxY+1T9RKzOKjCut+28JSX2DnAk=
+github.com/aws/aws-sdk-go-v2/service/sso v1.20.5 h1:vN8hEbpRnL7+Hopy9dzmRle1xmDc7o8tmY0klsr175w=
+github.com/aws/aws-sdk-go-v2/service/sso v1.20.5/go.mod h1:qGzynb/msuZIE8I75DVRCUXw3o3ZyBmUvMwQ2t/BrGM=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 h1:Jux+gDDyi1Lruk+KHF91tK2KCuY61kzoCpvtvJJBtOE=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4/go.mod h1:mUYPBhaF2lGiukDEjJX2BLRRKTmoUSitGDUgM4tRxak=
+github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 h1:cwIxeBttqPN3qkaAjcEcsh8NYr8n2HZPkcKgPAi1phU=
+github.com/aws/aws-sdk-go-v2/service/sts v1.28.6/go.mod h1:FZf1/nKNEkHdGGJP/cI2MoIMquumuRK6ol3QQJNDxmw=
+github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q=
+github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
@@ -65,21 +44,6 @@ github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw
github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
-github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
-github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
-github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0=
-github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
-github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
-github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/go-openapi/analysis v0.21.2/go.mod h1:HZwRk4RRisyG8vx2Oe6aqeSQcoxRp47Xkp3+K6q+LdY=
@@ -124,8 +88,8 @@ github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/me
github.com/go-stack/stack v1.8.1/go.mod h1:dcoOX6HbPZSZptuspn9bctJ+N/CnF5gGygcUP3XYfe4=
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
-github.com/go-test/deep v1.0.8 h1:TDsG77qcSprGbC6vTN8OuXp5g+J+b5Pcguhf7Zt61VM=
-github.com/go-test/deep v1.0.8/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
+github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg=
+github.com/go-test/deep v1.1.0/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0=
github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY=
github.com/gobuffalo/depgen v0.1.0/go.mod h1:+ifsuy7fhi15RWncXQQKjWS9JPkdah5sZvtHc2RXGlg=
@@ -150,97 +114,42 @@ github.com/gobuffalo/packd v0.1.0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWe
github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGtJQZ0Odn4pQ=
github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0=
github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw=
-github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
-github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
-github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
-github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
-github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
-github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
-github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
-github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
-github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
-github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
-github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
-github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
-github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
-github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
+github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28=
github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
github.com/jessevdk/go-flags v1.5.0 h1:1jKYvbxEjfUl0fmqTCOfonvskHHXMjBySTLW4y9LFvc=
github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
+github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
+github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
-github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
-github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
-github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
-github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4=
github.com/karrick/godirwalk v1.10.3/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA=
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
@@ -248,8 +157,6 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o
github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
@@ -260,10 +167,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/loxilb-io/ipvs v0.1.0 h1:TpTkwh5CLgJ7YW86rvWyqJPEpQFqs2TNbRG/IECeq+w=
github.com/loxilb-io/ipvs v0.1.0/go.mod h1:EKjimnzyVL9AXMMNfPWeokxF1uNeuDrEGF5gPFMdmIo=
-github.com/loxilb-io/loxilib v0.8.9-0.20240124072521-f37fbddfb4e8 h1:PYkgIX2fv1UluRR82SAot3O5YnwwCbcWc7VULvPv3QM=
-github.com/loxilb-io/loxilib v0.8.9-0.20240124072521-f37fbddfb4e8/go.mod h1:LoQCxBz+N0fO9rGwRmPHrQPHol/jUf4MNpph63Cydkg=
-github.com/loxilb-io/loxilib v0.8.9-0.20240620071157-28d3880edd8f h1:Zeas0eEF60hK+UwMp9QRqPtUuFQV6pC0X2re+yuqCEM=
-github.com/loxilb-io/loxilib v0.8.9-0.20240620071157-28d3880edd8f/go.mod h1:LoQCxBz+N0fO9rGwRmPHrQPHol/jUf4MNpph63Cydkg=
+github.com/loxilb-io/loxilib v0.8.9-0.20240906040045-9ad9b8b549d3 h1:wM/yKX43GxROxnU9Qop8QMYFjlDOIALRgi9i7CxsM0s=
+github.com/loxilb-io/loxilib v0.8.9-0.20240906040045-9ad9b8b549d3/go.mod h1:LoQCxBz+N0fO9rGwRmPHrQPHol/jUf4MNpph63Cydkg=
github.com/loxilb-io/sctp v0.0.0-20230519081703-6d1baec82fd4 h1:oDc2lsbfuQEcVP3k+Pw4v6Xdm3t4M9vBc1Y9egszv6g=
github.com/loxilb-io/sctp v0.0.0-20230519081703-6d1baec82fd4/go.mod h1:1a6hv8ISVQhnW5IVpW9o+OL6BAFlWiVpC0O4d19g+wQ=
github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
@@ -273,26 +178,23 @@ github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0
github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE=
github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
-github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
-github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
+github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
-github.com/mitchellh/mapstructure v1.4.3 h1:OVowDSCllw/YjdLkam3/sm7wEtOy59d8ndGgCcyj8cs=
github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
+github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/moby/ipvs v1.1.0 h1:ONN4pGaZQgAx+1Scz5RvWV4Q7Gb+mvfRh3NsPS+1XQQ=
github.com/moby/ipvs v1.1.0/go.mod h1:4VJMWuf098bsUMmZEiD4Tjk/O7mOn3l1PTD3s4OoYAs=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4=
github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
@@ -301,8 +203,8 @@ github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/
github.com/onsi/gomega v1.31.0 h1:54UJxxj6cPInHS3a35wm6BK/F9nHYueZ1NVujHDrnXE=
github.com/onsi/gomega v1.31.0/go.mod h1:DW9aCi7U6Yi40wNVAvT6kzFnEVEI5n3DloYBiKiT6zk=
github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
-github.com/osrg/gobgp/v3 v3.5.0 h1:GH1mr/I1fGDhrgwQF+X9EzDLR+oSEbSI0ibTH9rwv/w=
-github.com/osrg/gobgp/v3 v3.5.0/go.mod h1:fKQPuk7+4qMiDT5viZTXT/aSEn8yYDkEs5p3NjmU2bw=
+github.com/osrg/gobgp/v3 v3.29.0 h1:ISWjY5YQ45THcvXWdG2ykzXWxS22rgE6U9YWdaI/ki8=
+github.com/osrg/gobgp/v3 v3.29.0/go.mod h1:ZGeSti9mURR/o5hf5R6T1FM5g1yiEBZbhP+TuqYJUpI=
github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE=
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -311,44 +213,24 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/prometheus-community/pro-bing v0.1.0 h1:zjzLGhfNPP0bP1OlzGB+SJcguOViw7df12LPg2vUJh8=
github.com/prometheus-community/pro-bing v0.1.0/go.mod h1:BpWlHurD9flHtzq8wrh8QGWYz9ka9z9ZJAyOel8ej58=
-github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
-github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
-github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
-github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
-github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw=
-github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y=
-github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8=
+github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc=
github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4=
github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w=
-github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
-github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
-github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
-github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE=
-github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA=
-github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
-github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
-github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
+github.com/prometheus/common v0.42.0 h1:EKsfXEYo4JpWMHH5cg+KOUWeuJSov1Id8zGR8eeI1YM=
+github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc=
+github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg=
+github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM=
github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
-github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
-github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
-github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
@@ -359,7 +241,6 @@ github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSS
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
@@ -369,20 +250,18 @@ github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcU
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4=
github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
-github.com/vishvananda/netlink v1.1.1-0.20210330154013-f5de75959ad5 h1:+UB2BJA852UkGH42H+Oee69djmxS3ANzl2b/JtT1YiA=
-github.com/vishvananda/netlink v1.1.1-0.20210330154013-f5de75959ad5/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
+github.com/vishvananda/netlink v1.2.1-beta.2 h1:Llsql0lnQEbHj0I1OuKyp8otXp0r3q0mPkuhwHfStVs=
+github.com/vishvananda/netlink v1.2.1-beta.2/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
-github.com/vishvananda/netns v0.0.2 h1:Cn05BRLm+iRP/DZxyVSsfVyrzgjDbwHwkVt38qvXnNI=
-github.com/vishvananda/netns v0.0.2/go.mod h1:yitZXdAVI+yPFSb4QUe+VW3vOVl4PZPNcBgbPxAtJxw=
+github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8=
+github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs=
github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g=
github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM=
github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8=
github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
-github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
go.mongodb.org/mongo-driver v1.7.3/go.mod h1:NqaYOwnXWr5Pm7AOpO5QFxKJ503nbMse/R79oO62zWg=
go.mongodb.org/mongo-driver v1.7.5/go.mod h1:VXEWRZ6URJIkUq2SCAyapmhH0ZLRBP+FT4xhp5Zvxng=
@@ -390,159 +269,56 @@ go.mongodb.org/mongo-driver v1.8.3/go.mod h1:0sQWfOeY63QTntERDJJ/0SuKK0T1uVSgKCu
go.mongodb.org/mongo-driver v1.10.0/go.mod h1:wsihk0Kdgv8Kqu1Anit4sfK+22vSFbUrAVEYRhCXrA8=
go.mongodb.org/mongo-driver v1.11.6 h1:XM7G6PjiGAO5betLF13BIa5TlLUUE3uJ/2Ox3Lz1K+o=
go.mongodb.org/mongo-driver v1.11.6/go.mod h1:G9TgswdsWjX4tmDA5zfs2+6AEPpYJwqblyjsfuh8oXY=
-go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
-go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
-go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
-golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
-golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
-golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
-golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
-golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
-golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
-golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
-golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
-golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
-golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
-golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
-golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM=
-golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
golang.org/x/oauth2 v0.10.0 h1:zHCpF2Khkwy4mMB4bv0U37YtJdTGW8jI0glAApi0Kh8=
golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190412183630-56d357773e84/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f h1:Ax0t5p6N38Ga0dThY21weqDEyz2oklo4IvDkpigvkD8=
-golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI=
+golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190419153524-e8e3143a4f4a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190531175056-4c3a928424d2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
@@ -550,9 +326,7 @@ golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9sn
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=
golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
-golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -560,56 +334,15 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190329151228-23e29df326fe/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190416151739-9c9e1878f421/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190420181800-aa740d480789/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
golang.org/x/tools v0.0.0-20190531172133-b3315ee88b7d/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
-golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ=
golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg=
@@ -617,105 +350,24 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
-google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
-google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
-google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
-google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
-google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
-google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
-google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
-google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
-google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A=
google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU=
-google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
-google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
-google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
-google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
-google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
-google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
google.golang.org/grpc v1.56.3 h1:8I4C0Yq1EjstUzUJzpcRVbuYA2mODtEmpWiQoN/b2nc=
google.golang.org/grpc v1.56.3/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s=
-google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
-google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
-google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
-google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
-google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
-google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
-google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
-gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
@@ -724,13 +376,6 @@ gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
-honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
k8s.io/api v0.29.0 h1:NiCdQMY1QOp1H8lfRyeEf8eOwV6+0xA6XEE44ohDX2A=
k8s.io/api v0.29.0/go.mod h1:sdVmXoz2Bo/cb77Pxi71IPTSErEW32xa4aXwKH7gfBA=
k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA=
@@ -743,9 +388,6 @@ k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7F
k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98=
k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI=
k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
-rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
-rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
diff --git a/loxilb-ebpf b/loxilb-ebpf
index ce219cbe..dc6cb12e 160000
--- a/loxilb-ebpf
+++ b/loxilb-ebpf
@@ -1 +1 @@
-Subproject commit ce219cbe43efb89bb39e6f063f751bfbe0a48903
+Subproject commit dc6cb12e876c873241558f1bbb9cf3e353965bc5
diff --git a/main.go b/main.go
index 48359fae..d717bd1b 100644
--- a/main.go
+++ b/main.go
@@ -26,7 +26,7 @@ import (
ln "github.com/loxilb-io/loxilb/pkg/loxinet"
)
-var version string = "0.9.5-beta"
+var version string = "0.9.6-beta"
var buildInfo string = ""
func main() {
diff --git a/options/options.go b/options/options.go
index a0633ee8..e334eb4a 100644
--- a/options/options.go
+++ b/options/options.go
@@ -34,5 +34,10 @@ var Opts struct {
FallBack bool `long:"fallback" description:"Fallback to system default networking(experimental)"`
LocalSockPolicy bool `long:"localsockpolicy" description:"support local socket policies (experimental)"`
SockMapSupport bool `long:"sockmapsupport" description:"Support sockmap based L4 proxying (experimental)"`
+ Cloud string `long:"cloud" description:"cloud type if any e.g aws,ncloud" default:"on-prem"`
+ CloudCIDRBlock string `long:"cloudcidrblock" description:"cloud implementations need VIP cidr blocks(experimental)"`
+ CloudInstance string `long:"cloudinstance" description:"instance-name to distinguish instance sets running in a same cloud-region"`
ConfigPath string `long:"config-path" description:"Config file path" default:"/etc/loxilb/"`
+ ProxyModeOnly bool `long:"proxyonlymode" description:"Run loxilb in proxy mode only, no Datapath"`
+ WhiteList string `long:"whitelist" description:"Regex string of whitelisted interface(experimental)" default:"none"`
}
diff --git a/pkg/loxinet/apiclient.go b/pkg/loxinet/apiclient.go
index f82f8bfd..69bde364 100644
--- a/pkg/loxinet/apiclient.go
+++ b/pkg/loxinet/apiclient.go
@@ -279,29 +279,35 @@ func (na *NetAPIStruct) NetRouteAdd(rm *cmn.RouteMod) (int, error) {
var ret int
var err error
+ if len(rm.GWs) <= 0 {
+ return RtNhErr, errors.New("invalid gws")
+ }
if na.BgpPeerMode {
return RtNhErr, errors.New("running in bgp only mode")
}
intfRt := false
mlen, _ := rm.Dst.Mask.Size()
- if rm.Gw == nil {
+ if rm.GWs[0].Gw == nil {
// This is an interface route
if (tk.IsNetIPv4(rm.Dst.IP.String()) && mlen == 32) || (tk.IsNetIPv6(rm.Dst.IP.String()) && mlen == 128) {
intfRt = true
- rm.Gw = rm.Dst.IP
+ rm.GWs[0].Gw = rm.Dst.IP
}
}
mh.mtx.Lock()
defer mh.mtx.Unlock()
- ra := RtAttr{Protocol: rm.Protocol, OSFlags: rm.Flags, HostRoute: false, Ifi: rm.LinkIndex, IfRoute: intfRt}
- if rm.Gw != nil {
- na := []RtNhAttr{{rm.Gw, rm.LinkIndex}}
+ ra := RtAttr{Protocol: rm.Protocol, OSFlags: rm.Flags, HostRoute: false, Ifi: rm.GWs[0].LinkIndex, IfRoute: intfRt}
+ if rm.GWs[0].Gw != nil {
+ var na []RtNhAttr
+ for _, gw := range rm.GWs {
+ na = append(na, RtNhAttr{gw.Gw, gw.LinkIndex})
+ }
ret, err = mh.zr.Rt.RtAdd(rm.Dst, RootZone, ra, na)
+
} else {
ret, err = mh.zr.Rt.RtAdd(rm.Dst, RootZone, ra, nil)
}
-
return ret, err
}
diff --git a/pkg/loxinet/cluster.go b/pkg/loxinet/cluster.go
index 486bd4c3..c795e155 100644
--- a/pkg/loxinet/cluster.go
+++ b/pkg/loxinet/cluster.go
@@ -223,7 +223,7 @@ func (h *CIStateH) CIStateUpdate(cm cmn.HASMod) (int, error) {
if mh.bgp != nil {
mh.bgp.UpdateCIState(cm.Instance, ci.State, ci.Vip)
}
- mh.zr.Rules.RuleVIPSyncToClusterState()
+ go mh.zr.Rules.RuleVIPSyncToClusterState()
return ci.State, nil
}
diff --git a/pkg/loxinet/dpbroker.go b/pkg/loxinet/dpbroker.go
index 0818a20d..457314b6 100644
--- a/pkg/loxinet/dpbroker.go
+++ b/pkg/loxinet/dpbroker.go
@@ -168,7 +168,8 @@ type RouteDpWorkQ struct {
Dst net.IPNet
RtType int
RtMark int
- NMark int
+ NMax int
+ NMark [8]int
}
// StatDpWorkQ - work queue entry for stat operation
@@ -275,6 +276,15 @@ type NatEP struct {
InActive bool
}
+// SecT - type of SecT
+type SecT uint8
+
+// security type constants
+const (
+ DpTermHTTPS SecT = iota + 1
+ DpE2EHTTPS
+)
+
// NatDpWorkQ - work queue entry for nat related operation
type NatDpWorkQ struct {
Work DpWorkT
@@ -285,7 +295,8 @@ type NatDpWorkQ struct {
BlockNum uint16
DsrMode bool
CsumDis bool
- TermHTTPs bool
+ SecMode SecT
+ HostURL string
Proto uint8
Mark int
NatType NatT
diff --git a/pkg/loxinet/dpebpf_linux.go b/pkg/loxinet/dpebpf_linux.go
index 243d8688..2bb55e8a 100644
--- a/pkg/loxinet/dpebpf_linux.go
+++ b/pkg/loxinet/dpebpf_linux.go
@@ -129,7 +129,7 @@ type (
rtDat C.struct_dp_rt_tact
rtL3NhAct C.struct_dp_rt_nh_act
natKey C.struct_dp_nat_key
- natActs C.struct_dp_nat_tacts
+ proxyActs C.struct_dp_proxy_tacts
nxfrmAct C.struct_mf_xfrm_inf
sess4Key C.struct_dp_sess4_key
sessAct C.struct_dp_sess_tact
@@ -251,8 +251,9 @@ func DpEbpfDPLogLevel(cfg *C.struct_ebpfcfg, debug tk.LogLevelT) {
cfg.loglevel = 3 // LOG_WARNING
case tk.LogInfo:
cfg.loglevel = 2 // LOG_INFO
- case tk.LogDebug:
+ case tk.LogTrace:
cfg.loglevel = 0 // LOG_TRACE
+ case tk.LogDebug:
default:
cfg.loglevel = 1 // LOG_DEBUG
}
@@ -267,7 +268,7 @@ func DpEbpfSetLogLevel(logLevel tk.LogLevelT) {
}
// DpEbpfInit - initialize the ebpf dp subsystem
-func DpEbpfInit(clusterEn, rssEn, egrHooks, localSockPolicy, sockMapEn bool, nodeNum int, logLevel tk.LogLevelT) *DpEbpfH {
+func DpEbpfInit(clusterEn, rssEn, egrHooks, localSockPolicy, sockMapEn bool, nodeNum int, disBPF bool, logLevel tk.LogLevelT) *DpEbpfH {
var cfg C.struct_ebpfcfg
if clusterEn {
@@ -291,6 +292,12 @@ func DpEbpfInit(clusterEn, rssEn, egrHooks, localSockPolicy, sockMapEn bool, nod
cfg.have_sockmap = 0
}
+ if disBPF {
+ cfg.have_noebpf = 1
+ } else {
+ cfg.have_noebpf = 0
+ }
+
cfg.nodenum = C.int(nodeNum)
cfg.loglevel = 1
cfg.no_loader = 0
@@ -404,6 +411,9 @@ func convDPv6Addr2NetIP(addr unsafe.Pointer) net.IP {
// loadEbpfPgm - load loxilb eBPF program to an interface
func (e *DpEbpfH) loadEbpfPgm(name string) int {
+ if mh.disBPF {
+ return 0
+ }
ifStr := C.CString(name)
xSection := C.CString(string(C.XDP_LL_SEC_DEFAULT))
link, err := nlp.LinkByName(name)
@@ -425,7 +435,7 @@ func (e *DpEbpfH) loadEbpfPgm(name string) int {
ret := -1
for _, f := range filters {
if t, ok := f.(*nlp.BpfFilter); ok {
- if strings.Contains(t.Name, C.TC_LL_SEC_DEFAULT) {
+ if strings.Contains(t.Name, "tc_packet_func") {
ret = 0
break
}
@@ -439,6 +449,9 @@ func (e *DpEbpfH) loadEbpfPgm(name string) int {
// unLoadEbpfPgm - unload loxilb eBPF program from an interface
func (e *DpEbpfH) unLoadEbpfPgm(name string) int {
+ if mh.disBPF {
+ return 0
+ }
ifStr := C.CString(name)
xSection := C.CString(string(C.XDP_LL_SEC_DEFAULT))
@@ -698,7 +711,7 @@ func DpRouterMacMod(w *RouterMacDpWorkQ) int {
rtNhAct := (*rtNhAct)(getPtrOffset(unsafe.Pointer(dat),
C.sizeof_struct_dp_cmn_act))
C.memset(unsafe.Pointer(rtNhAct), 0, C.sizeof_struct_dp_rt_nh_act)
- rtNhAct.nh_num = 0
+ rtNhAct.nh_num[0] = 0
rtNhAct.tid = 0
rtNhAct.bd = C.ushort(w.BD)
} else {
@@ -710,7 +723,7 @@ func DpRouterMacMod(w *RouterMacDpWorkQ) int {
C.sizeof_struct_dp_cmn_act))
C.memset(unsafe.Pointer(rtNhAct), 0, C.sizeof_struct_dp_rt_nh_act)
- rtNhAct.nh_num = C.ushort(w.NhNum)
+ rtNhAct.nh_num[0] = C.ushort(w.NhNum)
tid := ((w.TunID << 8) & 0xffffff00)
rtNhAct.tid = C.uint(tk.Htonl(tid))
}
@@ -723,9 +736,16 @@ func DpRouterMacMod(w *RouterMacDpWorkQ) int {
unsafe.Pointer(dat))
if ret != 0 {
+ if w.Status != nil {
+ *w.Status = DpCreateErr
+ }
return EbpfErrTmacAdd
}
+ if w.Status != nil {
+ *w.Status = 0
+ }
+
return 0
} else if w.Work == DpRemove {
@@ -875,13 +895,23 @@ func DpRouteMod(w *RouteDpWorkQ) int {
dat := new(rtDat)
C.memset(unsafe.Pointer(dat), 0, C.sizeof_struct_dp_rt_tact)
- if w.NMark >= 0 {
+ if w.NMax > 0 {
dat.ca.act_type = C.DP_SET_RT_NHNUM
act = (*rtL3NhAct)(getPtrOffset(unsafe.Pointer(dat),
C.sizeof_struct_dp_cmn_act))
- act.nh_num = C.ushort(w.NMark)
+ act.naps = C.ushort(w.NMax)
+ for i := range w.NMark {
+ if i < C.DP_MAX_ACTIVE_PATHS {
+ act.nh_num[i] = C.ushort(w.NMark[i])
+ }
+ }
} else {
- dat.ca.act_type = C.DP_SET_TOCP
+ mLen, _ := w.Dst.Mask.Size()
+ if mLen == 32 || mLen == 128 {
+ dat.ca.act_type = C.DP_SET_TOCP
+ } else {
+ dat.ca.act_type = C.DP_SET_NOP
+ }
}
if w.RtMark > 0 {
@@ -941,98 +971,103 @@ func DpNatLbRuleMod(w *NatDpWorkQ) int {
key.zone = C.ushort(w.ZoneNum)
}
- if w.Work == DpCreate {
- dat := new(natActs)
- C.memset(unsafe.Pointer(dat), 0, C.sizeof_struct_dp_nat_tacts)
- if w.NatType == DpSnat {
- dat.ca.act_type = C.DP_SET_SNAT
- } else if w.NatType == DpDnat || w.NatType == DpFullNat {
- dat.ca.act_type = C.DP_SET_DNAT
- } else if w.NatType == DpFullProxy {
- dat.ca.act_type = C.DP_SET_FULLPROXY
- } else {
- tk.LogIt(tk.LogDebug, "[DP] LB rule %s add[NOK] - EbpfErrNat4Add\n", w.ServiceIP.String())
- return EbpfErrNat4Add
- }
-
- // seconds to nanoseconds
- dat.ito = C.uint64_t(w.InActTo * 1000000000)
- dat.pto = C.uint64_t(w.PersistTo * 1000000000)
- dat.base_to = 0
+ dat := new(proxyActs)
+ C.memset(unsafe.Pointer(dat), 0, C.sizeof_struct_dp_proxy_tacts)
+ if w.NatType == DpSnat {
+ dat.ca.act_type = C.DP_SET_SNAT
+ } else if w.NatType == DpDnat || w.NatType == DpFullNat {
+ dat.ca.act_type = C.DP_SET_DNAT
+ } else if w.NatType == DpFullProxy {
+ dat.ca.act_type = C.DP_SET_FULLPROXY
+ } else {
+ tk.LogIt(tk.LogDebug, "[DP] LB rule %s add[NOK] - EbpfErrNat4Add\n", w.ServiceIP.String())
+ return EbpfErrNat4Add
+ }
- /*dat.npmhh = 2
- dat.pmhh[0] = 0x64646464
- dat.pmhh[1] = 0x65656565*/
- for i, k := range w.secIP {
- dat.pmhh[i] = C.uint(tk.IPtonl(k))
- }
- dat.npmhh = C.uchar(len(w.secIP))
+ // seconds to nanoseconds
+ dat.ito = C.uint64_t(w.InActTo * 1000000000)
+ dat.pto = C.uint64_t(w.PersistTo * 1000000000)
+ dat.base_to = 0
- switch {
- case w.EpSel == EpRR:
- dat.sel_type = C.NAT_LB_SEL_RR
- case w.EpSel == EpHash:
- dat.sel_type = C.NAT_LB_SEL_HASH
- case w.EpSel == EpRRPersist:
- dat.sel_type = C.NAT_LB_SEL_RR_PERSIST
- case w.EpSel == EpLeastConn:
- dat.sel_type = C.NAT_LB_SEL_LC
- case w.EpSel == EpN2:
- dat.sel_type = C.NAT_LB_SEL_N2
- /* Currently not implemented in DP */
- /*case w.EpSel == EP_PRIO:
- dat.sel_type = C.NAT_LB_SEL_PRIO*/
- default:
- dat.sel_type = C.NAT_LB_SEL_RR
- }
- dat.ca.cidx = C.uint(w.Mark)
- if w.DsrMode {
- dat.ca.oaux = 1
- }
+ /*dat.npmhh = 2
+ dat.pmhh[0] = 0x64646464
+ dat.pmhh[1] = 0x65656565*/
+ for i, k := range w.secIP {
+ dat.pmhh[i] = C.uint(tk.IPtonl(k))
+ }
+ dat.npmhh = C.uchar(len(w.secIP))
- nxfa := (*nxfrmAct)(unsafe.Pointer(&dat.nxfrms[0]))
+ switch {
+ case w.EpSel == EpRR:
+ dat.sel_type = C.NAT_LB_SEL_RR
+ case w.EpSel == EpHash:
+ dat.sel_type = C.NAT_LB_SEL_HASH
+ case w.EpSel == EpRRPersist:
+ dat.sel_type = C.NAT_LB_SEL_RR_PERSIST
+ case w.EpSel == EpLeastConn:
+ dat.sel_type = C.NAT_LB_SEL_LC
+ case w.EpSel == EpN2:
+ dat.sel_type = C.NAT_LB_SEL_N2
+ /* Currently not implemented in DP */
+ /*case w.EpSel == EP_PRIO:
+ dat.sel_type = C.NAT_LB_SEL_PRIO*/
+ default:
+ dat.sel_type = C.NAT_LB_SEL_RR
+ }
+ dat.ca.cidx = C.uint(w.Mark)
+ if w.DsrMode {
+ dat.ca.oaux = 1
+ }
- for _, k := range w.endPoints {
- nxfa.wprio = C.uchar(k.Weight)
- nxfa.nat_xport = C.ushort(tk.Htons(k.XPort))
- if tk.IsNetIPv6(k.XIP.String()) {
- convNetIP2DPv6Addr(unsafe.Pointer(&nxfa.nat_xip[0]), k.XIP)
+ nxfa := (*nxfrmAct)(unsafe.Pointer(&dat.nxfrms[0]))
- if tk.IsNetIPv6(k.RIP.String()) {
- convNetIP2DPv6Addr(unsafe.Pointer(&nxfa.nat_rip[0]), k.RIP)
- }
- nxfa.nv6 = 1
- } else {
- nxfa.nat_xip[0] = C.uint(tk.IPtonl(k.XIP))
- nxfa.nat_rip[0] = C.uint(tk.IPtonl(k.RIP))
- nxfa.nv6 = 0
- }
+ for _, k := range w.endPoints {
+ nxfa.wprio = C.uchar(k.Weight)
+ nxfa.nat_xport = C.ushort(tk.Htons(k.XPort))
+ if tk.IsNetIPv6(k.XIP.String()) {
+ convNetIP2DPv6Addr(unsafe.Pointer(&nxfa.nat_xip[0]), k.XIP)
- if k.InActive {
- nxfa.inactive = 1
+ if tk.IsNetIPv6(k.RIP.String()) {
+ convNetIP2DPv6Addr(unsafe.Pointer(&nxfa.nat_rip[0]), k.RIP)
}
-
- nxfa = (*nxfrmAct)(getPtrOffset(unsafe.Pointer(nxfa),
- C.sizeof_struct_mf_xfrm_inf))
+ nxfa.nv6 = 1
+ } else {
+ nxfa.nat_xip[0] = C.uint(tk.IPtonl(k.XIP))
+ nxfa.nat_rip[0] = C.uint(tk.IPtonl(k.RIP))
+ nxfa.nv6 = 0
}
- // Any unused end-points should be marked inactive
- for i := len(w.endPoints); i < C.LLB_MAX_NXFRMS; i++ {
- nxfa := (*nxfrmAct)(unsafe.Pointer(&dat.nxfrms[i]))
+ if k.InActive {
nxfa.inactive = 1
}
- dat.nxfrm = C.ushort(len(w.endPoints))
- if w.CsumDis {
- dat.cdis = 1
- } else {
- dat.cdis = 0
- }
+ nxfa = (*nxfrmAct)(getPtrOffset(unsafe.Pointer(nxfa),
+ C.sizeof_struct_mf_xfrm_inf))
+ }
- if w.TermHTTPs {
- dat.sec_mode = C.SEC_MODE_HTTPS
- }
+ // Any unused end-points should be marked inactive
+ for i := len(w.endPoints); i < C.LLB_MAX_NXFRMS; i++ {
+ nxfa := (*nxfrmAct)(unsafe.Pointer(&dat.nxfrms[i]))
+ nxfa.inactive = 1
+ }
+
+ dat.nxfrm = C.ushort(len(w.endPoints))
+ if w.CsumDis {
+ dat.cdis = 1
+ } else {
+ dat.cdis = 0
+ }
+ if w.SecMode == DpTermHTTPS {
+ dat.sec_mode = C.SEC_MODE_HTTPS
+ } else if w.SecMode == DpE2EHTTPS {
+ dat.sec_mode = C.SEC_MODE_HTTPS_E2E
+ }
+
+ hostURLStr := C.CString(w.HostURL)
+ C.memcpy(unsafe.Pointer(&dat.host_url[0]), unsafe.Pointer(hostURLStr), C.ulong(len(w.HostURL))+1)
+
+ if w.Work == DpCreate {
ret := C.llb_add_map_elem(C.LL_DP_NAT_MAP,
unsafe.Pointer(key),
unsafe.Pointer(dat))
@@ -1044,7 +1079,9 @@ func DpNatLbRuleMod(w *NatDpWorkQ) int {
tk.LogIt(tk.LogDebug, "[DP] LB rule %s add[OK]\n", w.ServiceIP.String())
return 0
} else if w.Work == DpRemove {
- C.llb_del_map_elem(C.LL_DP_NAT_MAP, unsafe.Pointer(key))
+ C.llb_del_map_elem_wval(C.LL_DP_NAT_MAP,
+ unsafe.Pointer(key),
+ unsafe.Pointer(dat))
return 0
}
diff --git a/pkg/loxinet/layer2.go b/pkg/loxinet/layer2.go
index cc1961c1..5370e8ce 100644
--- a/pkg/loxinet/layer2.go
+++ b/pkg/loxinet/layer2.go
@@ -213,7 +213,10 @@ func (l2 *L2H) L2FdbAdd(key FdbKey, attr FdbAttr) (int, error) {
p := l2.Zone.Ports.PortFindByName(attr.Oif)
if p == nil || !p.SInfo.PortActive {
tk.LogIt(tk.LogDebug, "fdb port not found %s\n", attr.Oif)
- return L2OifErr, errors.New("no such port")
+ p = l2.Zone.Ports.PortFindByName("lo")
+ if p == nil {
+ return L2OifErr, errors.New("no such port")
+ }
}
fdb, found := l2.FdbMap[key]
@@ -315,7 +318,19 @@ func (l2 *L2H) FdbTicker(f *FdbEnt) {
// This scans for inconsistencies in a fdb
// 1. Do garbage cleaning if underlying oif or vlan is not valid anymore
// 2. If FDB is a TunFDB, we need to make sure NH is reachable
- if f.Port.SInfo.PortActive == false {
+ if f.Port.Name == "lo" || f.FdbKey.BridgeID != f.Port.L2.Vid {
+ p := l2.Zone.Ports.PortFindByName(f.FdbAttr.Oif)
+ if p != nil && p.SInfo.PortActive {
+ if f.Port.L2.Vid != f.FdbKey.BridgeID {
+ tk.LogIt(tk.LogDebug, "fdb ent, %v BD mismatch\n", f)
+ return
+ }
+ tk.LogIt(tk.LogDebug, "fdb ent, %v - reset port: %s\n", f, p.Name)
+ f.Port = p
+ // Force Resync
+ f.Sync = DpCreateErr
+ }
+ } else if f.Port.SInfo.PortActive == false {
l2.L2FdbDel(f.FdbKey)
} else if f.unReach == true {
tk.LogIt(tk.LogDebug, "unrch scan - %v\n", f)
@@ -383,10 +398,21 @@ func (l2 *L2H) L2DestructAll() {
// DP - Sync state of L2 entities to data-path
func (f *FdbEnt) DP(work DpWorkT) int {
+ if f.Port.Name == "lo" {
+ f.Sync = DpCreateErr
+ return -1
+ }
+
if work == DpCreate && f.unReach == true {
return 0
}
+ if f.Port.L2.Vid != f.FdbKey.BridgeID {
+ tk.LogIt(tk.LogDebug, "fdb ent, can't sync %v (%v)\n", f.FdbKey, f.Port.L2.Vid)
+ f.Sync = DpCreateErr
+ return -1
+ }
+
l2Wq := new(L2AddrDpWorkQ)
l2Wq.Work = work
l2Wq.Status = &f.Sync
diff --git a/pkg/loxinet/layer3.go b/pkg/loxinet/layer3.go
index c2a01cea..a1e9bf9d 100644
--- a/pkg/loxinet/layer3.go
+++ b/pkg/loxinet/layer3.go
@@ -19,11 +19,11 @@ package loxinet
import (
"errors"
"fmt"
- "net"
-
- tk "github.com/loxilb-io/loxilib"
-
+ nlp "github.com/loxilb-io/loxilb/api/loxinlp"
cmn "github.com/loxilb-io/loxilb/common"
+ tk "github.com/loxilb-io/loxilib"
+ "net"
+ "strings"
)
// constants
@@ -523,11 +523,37 @@ func (l3 *L3H) IfaGet() []cmn.IPAddrGet {
return ret
}
+// IfaTicker - Periodic ticker for checking Ifas
+func (l3 *L3H) IfasTicker() {
+ for _, ifa := range l3.IfaMap {
+ if ifa.Key.Obj == "lo" {
+ continue
+ }
+
+ canSync := false
+ for _, ifaEnt := range ifa.Ifas {
+ if nlp.NlpIsBlackListedIntf(ifa.Key.Obj, 0) || ifaEnt.Secondary {
+ continue
+ }
+ canSync = true
+ }
+
+ if canSync && ifa.Sync != 0 {
+ tk.LogIt(tk.LogDebug, "defer resync ifa obj : %s\n", ifa.Key.Obj)
+ ifa.DP(DpCreate)
+ }
+ }
+}
+
// DP - Sync state of L3 entities to data-path
func (ifa *Ifa) DP(work DpWorkT) int {
port := ifa.Zone.Ports.PortFindByName(ifa.Key.Obj)
if port == nil {
+ if ifa.Key.Obj != "lo" && !strings.Contains(ifa.Key.Obj, "llb-rule") {
+ tk.LogIt(tk.LogError, "No such obj : %s\n", ifa.Key.Obj)
+ ifa.Sync = DpCreateErr
+ }
return -1
}
diff --git a/pkg/loxinet/loxinet.go b/pkg/loxinet/loxinet.go
index 6235ceda..9abac7ed 100644
--- a/pkg/loxinet/loxinet.go
+++ b/pkg/loxinet/loxinet.go
@@ -79,6 +79,10 @@ type loxiNetH struct {
eHooks bool
lSockPolicy bool
sockMapEn bool
+ cloudLabel string
+ cloudHook CloudHookInterface
+ cloudInst string
+ disBPF bool
pFile *os.File
}
@@ -104,6 +108,8 @@ func (mh *loxiNetH) ParamSet(param cmn.ParamMod) (int, error) {
func (mh *loxiNetH) ParamGet(param *cmn.ParamMod) (int, error) {
logLevel := "n/a"
switch mh.logger.CurrLogLevel {
+ case tk.LogTrace:
+ logLevel = "trace"
case tk.LogDebug:
logLevel = "debug"
case tk.LogInfo:
@@ -203,14 +209,16 @@ func loxiNetInit() {
// It is important to make sure loxilb's eBPF filesystem
// is in place and mounted to make sure maps are pinned properly
- if !utils.FileExists(BpfFsCheckFile) {
- if utils.FileExists(MkfsScript) {
- RunCommand(MkfsScript, true)
+ if !opts.Opts.ProxyModeOnly {
+ if !utils.FileExists(BpfFsCheckFile) {
+ if utils.FileExists(MkfsScript) {
+ RunCommand(MkfsScript, true)
+ }
+
}
+ utils.MkTunFsIfNotExist()
+ sysctlInit()
}
- utils.MkTunFsIfNotExist()
-
- sysctlInit()
mh.self = opts.Opts.ClusterSelf
mh.rssEn = opts.Opts.RssEnable
@@ -219,9 +227,20 @@ func loxiNetInit() {
mh.pProbe = opts.Opts.PassiveEPProbe
mh.lSockPolicy = opts.Opts.LocalSockPolicy
mh.sockMapEn = opts.Opts.SockMapSupport
+ mh.cloudLabel = opts.Opts.Cloud
+ mh.cloudHook = CloudHookNew(mh.cloudLabel)
+ mh.cloudInst = opts.Opts.CloudInstance
+ mh.disBPF = opts.Opts.ProxyModeOnly
mh.sigCh = make(chan os.Signal, 5)
signal.Notify(mh.sigCh, os.Interrupt, syscall.SIGCHLD, syscall.SIGHUP, syscall.SIGINT, syscall.SIGTERM)
+ if mh.cloudHook != nil {
+ err := mh.cloudHook.CloudAPIInit(opts.Opts.CloudCIDRBlock)
+ if err != nil {
+ os.Exit(1)
+ }
+ }
+
// Check if profiling is enabled
if opts.Opts.CPUProfile != "none" {
var err error
@@ -247,7 +266,7 @@ func loxiNetInit() {
RunCommand(MkMountCG2, false)
}
// Initialize the ebpf datapath subsystem
- mh.dpEbpf = DpEbpfInit(clusterMode, mh.rssEn, mh.eHooks, mh.lSockPolicy, mh.sockMapEn, mh.self, -1)
+ mh.dpEbpf = DpEbpfInit(clusterMode, mh.rssEn, mh.eHooks, mh.lSockPolicy, mh.sockMapEn, mh.self, mh.disBPF, -1)
mh.dp = DpBrokerInit(mh.dpEbpf, rpcMode)
// Initialize the security zone subsystem
@@ -300,7 +319,7 @@ func loxiNetInit() {
// Initialize the nlp subsystem
if !opts.Opts.NoNlp {
nlp.NlpRegister(NetAPIInit(opts.Opts.BgpPeerMode))
- nlp.NlpInit(opts.Opts.BgpPeerMode, opts.Opts.BlackList, opts.Opts.IPVSCompat)
+ nlp.NlpInit(opts.Opts.BgpPeerMode, opts.Opts.BlackList, opts.Opts.WhiteList, opts.Opts.IPVSCompat)
}
// Initialize the k8s subsystem
diff --git a/pkg/loxinet/neighbor.go b/pkg/loxinet/neighbor.go
index 07f60504..a01cd6d7 100644
--- a/pkg/loxinet/neighbor.go
+++ b/pkg/loxinet/neighbor.go
@@ -361,11 +361,13 @@ func (n *NeighH) NeighAdd(Addr net.IP, Zone string, Attr NeighAttr) (int, error)
zeroHwAddr, _ := net.ParseMAC("00:00:00:00:00:00")
ne, found := n.NeighMap[key]
+ add2Map := !found
+
port := n.Zone.Ports.PortFindByOSID(Attr.OSLinkIndex)
if port == nil {
tk.LogIt(tk.LogError, "neigh add - %s:%s no oport\n", Addr.String(), Zone)
if !found {
- n.NeighMap[key] = &Neigh{Dummy: true, Attr: Attr, NhRtm: make(map[RtKey]*Rt)}
+ n.NeighMap[key] = &Neigh{Key: key, Dummy: true, Addr: Addr, Attr: Attr, Inactive: true, NhRtm: make(map[RtKey]*Rt)}
} else {
ne.Dummy = true
ne.OifPort = nil
@@ -392,14 +394,13 @@ func (n *NeighH) NeighAdd(Addr net.IP, Zone string, Attr NeighAttr) (int, error)
ra := RtAttr{0, 0, true, Attr.OSLinkIndex, false}
na := []RtNhAttr{{Addr, Attr.OSLinkIndex}}
- if found == true {
+ if found {
ne.Inactive = false
ne.Dummy = false
- if bytes.Equal(Attr.HardwareAddr, zeroHwAddr) == true {
+ if bytes.Equal(Attr.HardwareAddr, zeroHwAddr) {
ne.Resolved = false
} else {
- if bytes.Equal(Attr.HardwareAddr, ne.Attr.HardwareAddr) == false ||
- ne.Resolved == false {
+ if !bytes.Equal(Attr.HardwareAddr, ne.Attr.HardwareAddr) || !ne.Resolved {
ne.Attr.HardwareAddr = Attr.HardwareAddr
ne.Resolved = true
n.NeighRecursiveResolve(ne)
@@ -412,30 +413,34 @@ func (n *NeighH) NeighAdd(Addr net.IP, Zone string, Attr NeighAttr) (int, error)
return NeighExistsErr, errors.New("nh exists")
}
- idx, err = n.NeighID.GetCounter()
- if err != nil {
- tk.LogIt(tk.LogError, "neigh add - %s:%s no marks\n", Addr.String(), Zone)
- return NeighRangeErr, errors.New("nh-hwm error")
- }
-
if ne == nil {
ne = new(Neigh)
+ ne.Key = key
+ }
+
+ if ne.Mark == 0 {
+ idx, err = n.NeighID.GetCounter()
+ if err != nil {
+ tk.LogIt(tk.LogError, "neigh add - %s:%s no marks\n", Addr.String(), Zone)
+ return NeighRangeErr, errors.New("nh-hwm error")
+ }
+ ne.Mark = idx
}
ne.Dummy = false
- ne.Key = key
ne.Addr = Addr
ne.Attr = Attr
ne.OifPort = port
- ne.Mark = idx
ne.Type |= NhNormal
if ne.NhRtm == nil {
ne.NhRtm = make(map[RtKey]*Rt)
}
ne.Inactive = false
-
n.NeighRecursiveResolve(ne)
- n.NeighMap[ne.Key] = ne
+
+ if add2Map {
+ n.NeighMap[ne.Key] = ne
+ }
ne.DP(DpCreate)
NhExist:
@@ -451,17 +456,11 @@ NhExist:
//Add a related L2 Pair entry if needed
if port.IsSlavePort() == false && port.IsLeafPort() == true && ne.Resolved {
var fdbAddr [6]byte
- var vid int
for i := 0; i < 6; i++ {
fdbAddr[i] = uint8(ne.Attr.HardwareAddr[i])
}
- if port.SInfo.PortType&cmn.PortReal != 0 {
- vid = port.PortNo + RealPortIDB
- } else {
- vid = port.PortNo + BondIDB
- }
- fdbKey := FdbKey{fdbAddr, vid}
+ fdbKey := FdbKey{fdbAddr, port.L2.Vid}
fdbAttr := FdbAttr{port.Name, net.ParseIP("0.0.0.0"), cmn.FdbPhy}
code, err := n.Zone.L2.L2FdbAdd(fdbKey, fdbAttr)
@@ -485,7 +484,7 @@ func (n *NeighH) NeighDelete(Addr net.IP, Zone string) (int, error) {
key := NeighKey{Addr.String(), Zone}
ne, found := n.NeighMap[key]
- if found == false {
+ if !found {
tk.LogIt(tk.LogError, "neigh delete - %s:%s doesnt exist\n", Addr.String(), Zone)
return NeighNoEntErr, errors.New("no-nh error")
}
@@ -513,17 +512,11 @@ func (n *NeighH) NeighDelete(Addr net.IP, Zone string) (int, error) {
port := ne.OifPort
if port != nil && port.IsSlavePort() == false && port.IsLeafPort() == true && ne.Resolved {
var fdbAddr [6]byte
- var vid int
for i := 0; i < 6; i++ {
fdbAddr[i] = uint8(ne.Attr.HardwareAddr[i])
}
- if port.SInfo.PortType&cmn.PortReal != 0 {
- vid = port.PortNo + RealPortIDB
- } else {
- vid = port.PortNo + BondIDB
- }
- fdbKey := FdbKey{fdbAddr, vid}
+ fdbKey := FdbKey{fdbAddr, port.L2.Vid}
n.Zone.L2.L2FdbDel(fdbKey)
}
@@ -607,12 +600,12 @@ func (n *NeighH) NeighPairRt(ne *Neigh, rt *Rt) int {
func (n *NeighH) NeighUnPairRt(ne *Neigh, rt *Rt) int {
_, found := ne.NhRtm[rt.Key]
- if found == false {
+ if !found {
return -1
}
delete(ne.NhRtm, rt.Key)
- if len(ne.NhRtm) < 1 && ne.Inactive == true {
+ if len(ne.NhRtm) < 1 && ne.Inactive {
// Safely remove
tk.LogIt(tk.LogDebug, "neigh rt unpair - %s->%s\n", rt.Key.RtCidr, ne.Key.NhString)
n.NeighDelete(ne.Addr, ne.Key.Zone)
@@ -664,7 +657,6 @@ func (n *NeighH) NeighTicker(ne *Neigh) {
_, err := zone.Nh.NeighAdd(net.ParseIP(ne.Key.NhString), ne.Key.Zone, ne.Attr)
if err == nil {
-
tk.LogIt(tk.LogInfo, "nh defer added - %s:%s\n", ne.Key.NhString, ne.Key.Zone)
}
diff --git a/pkg/loxinet/route.go b/pkg/loxinet/route.go
index bdec9bf5..7e7064a9 100644
--- a/pkg/loxinet/route.go
+++ b/pkg/loxinet/route.go
@@ -138,7 +138,7 @@ func (r *RtH) RtFind(Dst net.IPNet, Zone string) *Rt {
key := RtKey{Dst.String(), Zone}
rt, found := r.RtMap[key]
- if found == true {
+ if found {
return rt
}
return nil
@@ -151,9 +151,12 @@ func (r *RtH) RouteGet() ([]cmn.RouteGet, error) {
var tmpRt cmn.RouteGet
tmpRt.Dst = rk.RtCidr
tmpRt.Flags = GetFlagToString(r2.TFlags)
- if len(r2.NhAttr) != 0 {
- // TODO : Current multiple gw not showing. So I added as a static code
- tmpRt.Gw = r2.NhAttr[0].NhAddr.String()
+ tmpRt.Gw = ""
+ for i, gw := range r2.NextHops {
+ if i != 0 {
+ tmpRt.Gw += ","
+ }
+ tmpRt.Gw += gw.Addr.String()
}
tmpRt.HardwareMark = int(r2.Mark)
tmpRt.Protocol = r2.Attr.Protocol
@@ -199,20 +202,15 @@ func (r *RtH) RtAdd(Dst net.IPNet, Zone string, Ra RtAttr, Na []RtNhAttr) (int,
}
}
- if nhLen > 1 {
- tk.LogIt(tk.LogError, "rt add - %s:%s ecmp not supported\n", Dst.String(), Zone)
- return RtNhErr, errors.New("ecmp-rt error not supported")
- }
-
rt, found := r.RtMap[key]
- if found == true {
+ if found {
rtMod := false
if len(rt.NhAttr) != nhLen {
rtMod = true
} else {
for i := 0; i < nhLen; i++ {
// FIXME - Need to sort before comparing
- if Na[i].NhAddr.Equal(rt.NhAttr[i].NhAddr) == false {
+ if !Na[i].NhAddr.Equal(rt.NhAttr[i].NhAddr) {
rtMod = false
break
}
@@ -275,7 +273,7 @@ func (r *RtH) RtAdd(Dst net.IPNet, Zone string, Ra RtAttr, Na []RtNhAttr) (int,
hwmac, _ := net.ParseMAC("00:00:00:00:00:00")
- for i := 0; i < len(Na); i++ {
+ for i := range Na {
nh, _ := r.Zone.Nh.NeighFind(Na[i].NhAddr, Zone)
if nh == nil {
@@ -307,7 +305,7 @@ func (r *RtH) RtAdd(Dst net.IPNet, Zone string, Ra RtAttr, Na []RtNhAttr) (int,
// Pair this route with appropriate neighbor
//if rt.TFlags & RT_TYPE_HOST != RT_TYPE_HOST {
- for i := 0; i < len(rt.NextHops); i++ {
+ for i := range rt.NextHops {
r.Zone.Nh.NeighPairRt(rt.NextHops[i], rt)
}
//}
@@ -334,14 +332,13 @@ func (r *RtH) RtAdd(Dst net.IPNet, Zone string, Ra RtAttr, Na []RtNhAttr) (int,
}
delete(r.RtMap, rt.Key)
r.Mark.PutCounter(rt.Mark)
- fmt.Printf("rt add - %s:%s lpm add fail\n", Dst.String(), Zone)
tk.LogIt(tk.LogError, "rt add - %s:%s lpm add fail\n", Dst.String(), Zone)
return RtTrieAddErr, errors.New("RT Trie Err")
}
rt.DP(DpCreate)
- tk.LogIt(tk.LogDebug, "rt added - %s:%s\n", Dst.String(), Zone)
+ tk.LogIt(tk.LogDebug, "rt added - %s:%s mark:%s\n", Dst.String(), Zone, rt.RtNhMarkString())
return 0, nil
}
@@ -534,10 +531,22 @@ func (r *RtH) RoutesTicker() {
r.RoutesSync()
}
+// RtNhMarkString - get the rt-entry's neighbor in string format
+func (rt *Rt) RtNhMarkString() string {
+ str := ""
+ for i, nh := range rt.NextHops {
+ if i != 0 {
+ str += ","
+ }
+ str += fmt.Sprintf("%v", nh.Mark)
+ }
+ return str
+}
+
// RtGetNhMark - get the rt-entry's neighbor identifier
-func (rt *Rt) RtGetNhMark() uint64 {
- if len(rt.NextHops) > 0 {
- return rt.NextHops[0].Mark
+func (rt *Rt) RtGetNhMark(n int) uint64 {
+ if len(rt.NextHops) > 0 && n < len(rt.NextHops) {
+ return rt.NextHops[n].Mark
}
return ^uint64(0)
}
@@ -570,7 +579,10 @@ func (rt *Rt) DP(work DpWorkT) int {
rtWq.Dst = *rtNet
rtWq.RtType = rt.TFlags
rtWq.RtMark = int(rt.Mark)
- rtWq.NMark = int(rt.RtGetNhMark())
+ rtWq.NMax = len(rt.NextHops)
+ for i := range rt.NextHops {
+ rtWq.NMark[i] = int(rt.RtGetNhMark(i))
+ }
mh.dp.ToDpCh <- rtWq
diff --git a/pkg/loxinet/rules.go b/pkg/loxinet/rules.go
index 1776cef2..a67d974b 100644
--- a/pkg/loxinet/rules.go
+++ b/pkg/loxinet/rules.go
@@ -78,7 +78,7 @@ const (
// constants
const (
- MaxNatEndPoints = 16
+ MaxNatEndPoints = 32
DflLbaInactiveTries = 2 // Default number of inactive tries before LB arm is turned off
MaxDflLbaInactiveTries = 100 // Max number of inactive tries before LB arm is turned off
DflLbaCheckTimeout = 10 // Default timeout for checking LB arms
@@ -155,6 +155,7 @@ type ruleTuples struct {
inL4Src rule16Tuple
inL4Dst rule16Tuple
pref uint16
+ path string
}
type ruleTActType uint
@@ -282,6 +283,7 @@ type ruleEnt struct {
iTO uint32
pTO uint32
act ruleAct
+ privIP net.IP
secIP []ruleNatSIP
stat ruleStat
name string
@@ -324,13 +326,18 @@ type epChecker struct {
tD chan bool
}
+type vipElem struct {
+ ref int
+ pVIP net.IP
+}
+
// RuleH - context container
type RuleH struct {
zone *Zone
cfg RuleCfg
tables [RtMax]ruleTable
epMap map[string]*epHost
- vipMap map[string]int
+ vipMap map[string]*vipElem
epCs [MaxEndPointCheckers]epChecker
wg sync.WaitGroup
lepHID uint8
@@ -348,7 +355,7 @@ func RulesInit(zone *Zone) *RuleH {
nRh.cfg.RuleInactChkTime = DflLbaCheckTimeout
nRh.cfg.RuleInactTries = DflLbaInactiveTries
- nRh.vipMap = make(map[string]int)
+ nRh.vipMap = make(map[string]*vipElem)
nRh.epMap = make(map[string]*epHost)
nRh.tables[RtFw].tableMatch = RmMax - 1
nRh.tables[RtFw].tableType = RtMf
@@ -365,7 +372,12 @@ func RulesInit(zone *Zone) *RuleH {
nRh.epCs[i].hChk = time.NewTicker(EndPointCheckerDuration * time.Second)
go epTicker(nRh, i)
}
- nRh.rootCAPool = x509.NewCertPool()
+ rootCAPool, err := x509.SystemCertPool()
+ if err == nil {
+ nRh.rootCAPool = rootCAPool
+ } else {
+ nRh.rootCAPool = x509.NewCertPool()
+ }
rootCACertile := cmn.CertPath + cmn.CACertFileName
// Check if there exist a common CA certificate
@@ -476,9 +488,11 @@ func (r *ruleTuples) ruleMkKeyCompliance(match ruleTMatch) {
}
func (r *ruleTuples) ruleKey() string {
- var ks string
-
- ks = fmt.Sprintf("%s", r.port.val)
+ ks := ""
+ if r.path != "" {
+ ks += r.path
+ }
+ ks += fmt.Sprintf("%s", r.port.val)
ks += fmt.Sprintf("%02x:%02x:%02x:%02x:%02x:%02x",
r.l2Dst.addr[0]&r.l2Dst.valid[0],
r.l2Dst.addr[1]&r.l2Dst.valid[1],
@@ -547,10 +561,14 @@ func checkValidMACTuple(mt ruleMacTuple) bool {
}
func (r *ruleTuples) String() string {
- var ks string
+
+ ks := ""
+ if r.path != "" {
+ ks += fmt.Sprintf("%s:", r.path)
+ }
if r.port.val != "" {
- ks = fmt.Sprintf("inp-%s,", r.port.val)
+ ks += fmt.Sprintf("inp-%s,", r.port.val)
}
if checkValidMACTuple(r.l2Dst) {
@@ -785,6 +803,7 @@ func (R *RuleH) GetNatLbRule() ([]cmn.LbRuleMod, error) {
ret.Serv.ProbeReq = data.hChk.prbReq
ret.Serv.ProbeResp = data.hChk.prbResp
ret.Serv.Name = data.name
+ ret.Serv.HostUrl = data.tuples.path
if data.act.actType == RtActSnat {
ret.Serv.Snat = true
}
@@ -942,7 +961,7 @@ func (R *RuleH) GetNatLbRuleByServArgs(serv cmn.LbServiceArg) *ruleEnt {
l4prot := rule8Tuple{ipProto, 0xff}
l3dst := ruleIPTuple{*sNetAddr}
l4dst := rule16Tuple{serv.ServPort, 0xffff}
- rt := ruleTuples{l3Dst: l3dst, l4Prot: l4prot, l4Dst: l4dst, pref: serv.BlockNum}
+ rt := ruleTuples{l3Dst: l3dst, l4Prot: l4prot, l4Dst: l4dst, pref: serv.BlockNum, path: serv.HostUrl}
return R.tables[RtLB].eMap[rt.ruleKey()]
}
@@ -970,7 +989,7 @@ func (R *RuleH) GetNatLbRuleSecIPs(serv cmn.LbServiceArg) []string {
l4prot := rule8Tuple{ipProto, 0xff}
l3dst := ruleIPTuple{*sNetAddr}
l4dst := rule16Tuple{serv.ServPort, 0xffff}
- rt := ruleTuples{l3Dst: l3dst, l4Prot: l4prot, l4Dst: l4dst, pref: serv.BlockNum}
+ rt := ruleTuples{l3Dst: l3dst, l4Prot: l4prot, l4Dst: l4dst, pref: serv.BlockNum, path: serv.HostUrl}
if R.tables[RtLB].eMap[rt.ruleKey()] != nil {
for _, ip := range R.tables[RtLB].eMap[rt.ruleKey()].secIP {
ips = append(ips, ip.sIP.String())
@@ -1013,7 +1032,7 @@ func (R *RuleH) electEPSrc(r *ruleEnt) bool {
} else if na.mode == cmn.LBModeFullNAT {
mode = "fullnat"
if !mh.has.IsCIKAMode() {
- sip = r.tuples.l3Dst.addr.IP.Mask(r.tuples.l3Dst.addr.Mask)
+ sip = r.RuleVIP2PrivIP()
if np.xIP.Equal(sip) {
sip = net.IPv4(0, 0, 0, 0)
} else if utils.IsIPHostAddr(np.xIP.String()) {
@@ -1253,23 +1272,11 @@ func (R *RuleH) unFoldRecursiveEPs(r *ruleEnt) {
// addVIPSys - system specific operations for VIPs of a LB rule
func (R *RuleH) addVIPSys(r *ruleEnt) {
if r.act.actType != RtActSnat && !strings.Contains(r.name, "ipvs") && !strings.Contains(r.name, "static") {
-
- if !r.tuples.l3Dst.addr.IP.IsUnspecified() {
- R.vipMap[r.tuples.l3Dst.addr.IP.String()]++
-
- if R.vipMap[r.tuples.l3Dst.addr.IP.String()] == 1 {
- R.AdvRuleVIPIfL2(r.tuples.l3Dst.addr.IP)
- }
- }
+ R.AddRuleVIP(r.tuples.l3Dst.addr.IP, r.RuleVIP2PrivIP())
// Take care of any secondary VIPs
for _, sVIP := range r.secIP {
- if !sVIP.sIP.IsUnspecified() {
- R.vipMap[sVIP.sIP.String()]++
- if R.vipMap[sVIP.sIP.String()] == 1 {
- R.AdvRuleVIPIfL2(sVIP.sIP)
- }
- }
+ R.AddRuleVIP(sVIP.sIP, sVIP.sIP)
}
}
}
@@ -1345,6 +1352,7 @@ func (R *RuleH) AddNatLbRule(serv cmn.LbServiceArg, servSecIPs []cmn.LbSecIPArg,
var natActs ruleNatActs
var nSecIP []ruleNatSIP
var ipProto uint8
+ var privIP net.IP
// Validate service args
service := ""
@@ -1358,6 +1366,14 @@ func (R *RuleH) AddNatLbRule(serv cmn.LbServiceArg, servSecIPs []cmn.LbSecIPArg,
return RuleUnknownServiceErr, errors.New("malformed-service error")
}
+ privIP = nil
+ if serv.PrivateIP != "" {
+ privIP = net.ParseIP(serv.PrivateIP)
+ if privIP == nil {
+ return RuleUnknownServiceErr, errors.New("malformed-service privateIP error")
+ }
+ }
+
// Validate inactivity timeout
if serv.InactiveTimeout > LbMaxInactiveTimeout {
return RuleArgsErr, errors.New("service-args error")
@@ -1491,7 +1507,7 @@ func (R *RuleH) AddNatLbRule(serv cmn.LbServiceArg, servSecIPs []cmn.LbSecIPArg,
l4prot := rule8Tuple{ipProto, 0xff}
l3dst := ruleIPTuple{*sNetAddr}
l4dst := rule16Tuple{serv.ServPort, 0xffff}
- rt := ruleTuples{l3Dst: l3dst, l4Prot: l4prot, l4Dst: l4dst, pref: serv.BlockNum}
+ rt := ruleTuples{l3Dst: l3dst, l4Prot: l4prot, l4Dst: l4dst, pref: serv.BlockNum, path: serv.HostUrl}
eRule := R.tables[RtLB].eMap[rt.ruleKey()]
@@ -1515,6 +1531,10 @@ func (R *RuleH) AddNatLbRule(serv cmn.LbServiceArg, servSecIPs []cmn.LbSecIPArg,
return RuleExistsErr, errors.New("lbrule-exists error")
}
+ if eRule.secMode != serv.Security {
+ return RuleExistsErr, errors.New("lbrule-exist error: cant modify rule security mode")
+ }
+
if len(retEps) == 0 {
tk.LogIt(tk.LogDebug, "nat lb-rule %s has no-endpoints: to be deleted\n", eRule.tuples.String())
return R.DeleteNatLbRule(serv)
@@ -1596,6 +1616,7 @@ func (R *RuleH) AddNatLbRule(serv cmn.LbServiceArg, servSecIPs []cmn.LbSecIPArg,
r.iTO = serv.InactiveTimeout
r.bgp = serv.Bgp
r.ci = cmn.CIDefault
+ r.privIP = privIP
r.pTO = 0
if serv.Sel == cmn.LbSelRrPersist {
if serv.PersistTimeout == 0 || serv.PersistTimeout > 24*60*60 {
@@ -1622,7 +1643,6 @@ func (R *RuleH) AddNatLbRule(serv cmn.LbServiceArg, servSecIPs []cmn.LbSecIPArg,
R.tables[RtLB].rArr[r.ruleNum] = r
}
R.addVIPSys(r)
-
r.DP(DpCreate)
return 0, nil
@@ -1631,39 +1651,11 @@ func (R *RuleH) AddNatLbRule(serv cmn.LbServiceArg, servSecIPs []cmn.LbSecIPArg,
// deleteVIPSys - system specific operations for deleting VIPs of a LB rule
func (R *RuleH) deleteVIPSys(r *ruleEnt) {
if r.act.actType != RtActSnat && !strings.Contains(r.name, "ipvs") && !strings.Contains(r.name, "static") {
-
- if !r.tuples.l3Dst.addr.IP.IsUnspecified() {
- R.vipMap[r.tuples.l3Dst.addr.IP.String()]--
-
- if R.vipMap[r.tuples.l3Dst.addr.IP.String()] == 0 {
- if utils.IsIPHostAddr(r.tuples.l3Dst.addr.IP.String()) {
- loxinlp.DelAddrNoHook(r.tuples.l3Dst.addr.IP.String()+"/32", "lo")
- }
- dev := fmt.Sprintf("llb-rule-%s", r.tuples.l3Dst.addr.IP.String())
- ret, _ := mh.zr.L3.IfaFind(dev, r.tuples.l3Dst.addr.IP)
- if ret == 0 {
- mh.zr.L3.IfaDelete(dev, r.tuples.l3Dst.addr.IP.String()+"/32")
- }
- delete(R.vipMap, r.tuples.l3Dst.addr.IP.String())
- }
- }
+ R.DeleteRuleVIP(r.tuples.l3Dst.addr.IP)
// Take care of any secondary VIPs
for _, sVIP := range r.secIP {
- if !sVIP.sIP.IsUnspecified() {
- R.vipMap[sVIP.sIP.String()]--
- if R.vipMap[sVIP.sIP.String()] == 0 {
- if utils.IsIPHostAddr(sVIP.sIP.String()) {
- loxinlp.DelAddrNoHook(sVIP.sIP.String()+"/32", "lo")
- }
- dev := fmt.Sprintf("llb-rule-%s", sVIP.sIP.String())
- ret, _ := mh.zr.L3.IfaFind(dev, sVIP.sIP)
- if ret == 0 {
- mh.zr.L3.IfaDelete(dev, sVIP.sIP.String()+"/32")
- }
- delete(R.vipMap, sVIP.sIP.String())
- }
- }
+ R.DeleteRuleVIP(sVIP.sIP)
}
}
}
@@ -1702,7 +1694,7 @@ func (R *RuleH) DeleteNatLbRule(serv cmn.LbServiceArg) (int, error) {
l4prot := rule8Tuple{ipProto, 0xff}
l3dst := ruleIPTuple{*sNetAddr}
l4dst := rule16Tuple{serv.ServPort, 0xffff}
- rt := ruleTuples{l3Dst: l3dst, l4Prot: l4prot, l4Dst: l4dst, pref: serv.BlockNum}
+ rt := ruleTuples{l3Dst: l3dst, l4Prot: l4prot, l4Dst: l4dst, pref: serv.BlockNum, path: serv.HostUrl}
rule := R.tables[RtLB].eMap[rt.ruleKey()]
if rule == nil {
@@ -2263,6 +2255,10 @@ func (R *RuleH) epCheckNow(ep *epHost) {
ep.opts.probeType == HostProbeConnectSCTP {
if ep.opts.probeType == HostProbeConnectTCP {
sType = "tcp"
+ ret, sIP, _ := R.zone.L3.IfaSelectAny(net.ParseIP(ep.hostName), true)
+ if ret == 0 {
+ sHint = sIP.String()
+ }
} else if ep.opts.probeType == HostProbeConnectUDP {
sType = "udp"
ret, sIP, _ := R.zone.L3.IfaSelectAny(net.ParseIP(ep.hostName), true)
@@ -2452,10 +2448,13 @@ func (R *RuleH) RulesSync() {
}
if time.Duration(time.Since(R.vipST).Seconds()) > time.Duration(VIPSweepDuration) {
- for vip := range R.vipMap {
- ip := net.ParseIP(vip)
+ for vip, vipElem := range R.vipMap {
+ ip := vipElem.pVIP
+ if ip == nil {
+ ip = net.ParseIP(vip)
+ }
if ip != nil {
- R.AdvRuleVIPIfL2(ip)
+ R.AdvRuleVIPIfL2(ip, net.ParseIP(vip))
}
}
R.vipST = time.Now()
@@ -2574,16 +2573,19 @@ func (r *ruleEnt) Nat2DP(work DpWorkT) int {
nWork.Work = work
nWork.Status = &r.sync
nWork.ZoneNum = r.zone.ZoneNum
- if r.secMode == cmn.LBServHttps {
- nWork.TermHTTPs = true
+ nWork.ServiceIP = r.RuleVIP2PrivIP()
+ if r.secMode == cmn.LBServHTTPS {
+ nWork.SecMode = DpTermHTTPS
+ } else if r.secMode == cmn.LBServE2EHTTPS {
+ nWork.SecMode = DpE2EHTTPS
}
- nWork.ServiceIP = r.tuples.l3Dst.addr.IP.Mask(r.tuples.l3Dst.addr.Mask)
nWork.L4Port = r.tuples.l4Dst.val
nWork.Proto = r.tuples.l4Prot.val
nWork.Mark = int(r.ruleNum)
nWork.BlockNum = r.tuples.pref
nWork.InActTo = uint64(r.iTO)
nWork.PersistTo = uint64(r.pTO)
+ nWork.HostURL = r.tuples.path
if r.act.actType == RtActDnat {
nWork.NatType = DpDnat
@@ -2903,7 +2905,7 @@ func (r *ruleEnt) DP(work DpWorkT) int {
}
-func (R *RuleH) AdvRuleVIPIfL2(IP net.IP) error {
+func (R *RuleH) AdvRuleVIPIfL2(IP net.IP, eIP net.IP) error {
ciState, _ := mh.has.CIStateGetInst(cmn.CIDefault)
if ciState == "MASTER" {
dev := fmt.Sprintf("llb-rule-%s", IP.String())
@@ -2914,6 +2916,14 @@ func (R *RuleH) AdvRuleVIPIfL2(IP net.IP) error {
ev, _, iface := R.zone.L3.IfaSelectAny(IP, false)
if ev == 0 {
if !utils.IsIPHostAddr(IP.String()) {
+ if mh.cloudHook != nil {
+ err := mh.cloudHook.CloudUpdatePrivateIP(IP, eIP, true)
+ if err != nil {
+ tk.LogIt(tk.LogError, "%s: lb-rule vip %s add failed. err: %v\n", mh.cloudLabel, IP.String(), err)
+ return err
+ }
+ }
+
if loxinlp.AddAddrNoHook(IP.String()+"/32", "lo") != 0 {
tk.LogIt(tk.LogError, "nat lb-rule vip %s:%s add failed\n", IP.String(), "lo")
} else {
@@ -2958,11 +2968,82 @@ func (R *RuleH) AdvRuleVIPIfL2(IP net.IP) error {
}
func (R *RuleH) RuleVIPSyncToClusterState() {
- for vip := range R.vipMap {
- ip := net.ParseIP(vip)
+
+ ciState, _ := mh.has.CIStateGetInst(cmn.CIDefault)
+ if mh.cloudHook != nil {
+ if ciState == "MASTER" {
+ mh.cloudHook.CloudPrepareVIPNetWork()
+ } else if ciState == "BACKUP" {
+ mh.cloudHook.CloudUnPrepareVIPNetWork()
+ }
+ }
+
+ for vip, vipElem := range R.vipMap {
+ ip := vipElem.pVIP
+ if ip == nil {
+ ip = net.ParseIP(vip)
+ }
if ip != nil {
- R.AdvRuleVIPIfL2(ip)
+ R.AdvRuleVIPIfL2(ip, net.ParseIP(vip))
+ }
+ }
+}
+
+func (r *ruleEnt) RuleVIP2PrivIP() net.IP {
+ if r.privIP == nil || r.privIP.IsUnspecified() {
+ return r.tuples.l3Dst.addr.IP.Mask(r.tuples.l3Dst.addr.Mask)
+ } else {
+ return r.privIP
+ }
+}
+
+func (R *RuleH) AddRuleVIP(VIP net.IP, pVIP net.IP) {
+ vipEnt := R.vipMap[VIP.String()]
+ if vipEnt == nil {
+ vipEnt = new(vipElem)
+ vipEnt.ref = 1
+ vipEnt.pVIP = pVIP
+ R.vipMap[VIP.String()] = vipEnt
+ } else {
+ vipEnt.ref++
+ }
+
+ if vipEnt.ref == 1 {
+ if pVIP == nil {
+ R.AdvRuleVIPIfL2(VIP, VIP)
+ } else {
+ R.AdvRuleVIPIfL2(pVIP, VIP)
+ }
+ }
+}
+
+func (R *RuleH) DeleteRuleVIP(VIP net.IP) {
+
+ vipEnt := R.vipMap[VIP.String()]
+ if vipEnt != nil {
+ vipEnt.ref--
+ }
+
+ if vipEnt != nil && vipEnt.ref == 0 {
+ xVIP := VIP
+ if vipEnt.pVIP != nil {
+ xVIP = vipEnt.pVIP
+ }
+ if utils.IsIPHostAddr(xVIP.String()) {
+ loxinlp.DelAddrNoHook(xVIP.String()+"/32", "lo")
+ if mh.cloudHook != nil {
+ err := mh.cloudHook.CloudUpdatePrivateIP(xVIP, VIP, false)
+ if err != nil {
+ tk.LogIt(tk.LogError, "%s: lb-rule vip %s delete failed. err: %v\n", mh.cloudLabel, xVIP.String(), err)
+ }
+ }
+ }
+ dev := fmt.Sprintf("llb-rule-%s", xVIP.String())
+ ret, _ := mh.zr.L3.IfaFind(dev, xVIP)
+ if ret == 0 {
+ mh.zr.L3.IfaDelete(dev, xVIP.String()+"/32")
}
+ delete(R.vipMap, VIP.String())
}
}
diff --git a/pkg/loxinet/utils.go b/pkg/loxinet/utils.go
index 0351092c..a3f93862 100644
--- a/pkg/loxinet/utils.go
+++ b/pkg/loxinet/utils.go
@@ -75,6 +75,9 @@ func LogString2Level(logStr string) tk.LogLevelT {
logLevel = tk.LogCritical
case "emergency":
logLevel = tk.LogEmerg
+ case "trace":
+ logLevel = tk.LogTrace
+ case "debug":
default:
logLevel = tk.LogDebug
}
diff --git a/pkg/loxinet/utils_aws.go b/pkg/loxinet/utils_aws.go
new file mode 100644
index 00000000..8554b022
--- /dev/null
+++ b/pkg/loxinet/utils_aws.go
@@ -0,0 +1,738 @@
+/*
+ * Copyright (c) 2023 NetLOX Inc
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package loxinet
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "github.com/aws/aws-sdk-go-v2/config"
+ "github.com/aws/aws-sdk-go-v2/feature/ec2/imds"
+ "github.com/aws/aws-sdk-go-v2/service/ec2"
+ "github.com/aws/aws-sdk-go-v2/service/ec2/types"
+ utils "github.com/loxilb-io/loxilb/pkg/utils"
+ tk "github.com/loxilb-io/loxilib"
+ nl "github.com/vishvananda/netlink"
+ "io"
+ "net"
+ "strings"
+ "time"
+)
+
+var (
+ imdsClient *imds.Client
+ ec2Client *ec2.Client
+ vpcID string
+ instanceID string
+ azName string
+ awsCIDRnet *net.IPNet
+ loxiEniID string
+ intfENIName string
+ setDFLRoute bool
+)
+
+// AWSAPIStruct - empty struct for anchoring AWS routines
+type AWSAPIStruct struct {
+}
+
+func awsGetInstanceIDInfo(ctx context.Context) (string, error) {
+ resp, err := imdsClient.GetMetadata(ctx, &imds.GetMetadataInput{
+ Path: "instance-id",
+ })
+ if err != nil {
+ return "", err
+ }
+ defer resp.Content.Close()
+
+ instanceID, err := io.ReadAll(resp.Content)
+ if err != nil {
+ return "", err
+ }
+
+ return string(instanceID), nil
+}
+
+func awsGetInstanceVPCInfo(ctx context.Context) (string, error) {
+ resp, err := imdsClient.GetMetadata(ctx, &imds.GetMetadataInput{
+ Path: "mac",
+ })
+ if err != nil {
+ return "", err
+ }
+ defer resp.Content.Close()
+
+ mac, err := io.ReadAll(resp.Content)
+ if err != nil {
+ return "", err
+ }
+
+ vpcPath := fmt.Sprintf("network/interfaces/macs/%s/vpc-id", string(mac))
+ resp2, err := imdsClient.GetMetadata(ctx, &imds.GetMetadataInput{
+ Path: vpcPath,
+ })
+ if err != nil {
+ return "", err
+ }
+ defer resp2.Content.Close()
+
+ vpc, err := io.ReadAll(resp2.Content)
+ if err != nil {
+ return "", err
+ }
+
+ return string(vpc), nil
+}
+
+func awsGetInstanceAvailabilityZone(ctx context.Context) (string, error) {
+ resp, err := imdsClient.GetMetadata(ctx, &imds.GetMetadataInput{
+ Path: "placement/availability-zone",
+ })
+ if err != nil {
+ return "", err
+ }
+ defer resp.Content.Close()
+
+ az, err := io.ReadAll(resp.Content)
+ if err != nil {
+ return "", err
+ }
+
+ return string(az), nil
+}
+
+func awsPrepDFLRoute() error {
+
+ if !setDFLRoute {
+ return nil
+ }
+
+ if intfENIName == "" {
+ tk.LogIt(tk.LogError, "failed to get ENI intf name (%s)\n", intfENIName)
+ return nil
+ }
+
+ _, defaultDst, _ := net.ParseCIDR("0.0.0.0/0")
+ gw := awsCIDRnet.IP.Mask(awsCIDRnet.Mask)
+ gw[3]++
+
+ if false {
+ link, err := nl.LinkByName(intfENIName)
+ if err != nil {
+ tk.LogIt(tk.LogError, "failed to get ENI link (%s)\n", intfENIName)
+ return err
+ }
+
+ nl.RouteDel(&nl.Route{
+ Dst: defaultDst,
+ })
+ err = nl.RouteAdd(&nl.Route{
+ LinkIndex: link.Attrs().Index,
+ Gw: gw,
+ Dst: defaultDst,
+ })
+ if err != nil {
+ tk.LogIt(tk.LogError, "failed to set default gw %s\n", gw.String())
+ return err
+ }
+ } else {
+ link, err := nl.LinkByName(intfENIName)
+ if err != nil {
+ tk.LogIt(tk.LogError, "failed to get ENI link (%s)\n", intfENIName)
+ return err
+ }
+
+ mh.zr.Rt.RtDelete(*defaultDst, RootZone)
+
+ ra := RtAttr{HostRoute: false, Ifi: link.Attrs().Index, IfRoute: false}
+ na := []RtNhAttr{{gw, link.Attrs().Index}}
+ _, err = mh.zr.Rt.RtAdd(*defaultDst, RootZone, ra, na)
+ if err != nil {
+ tk.LogIt(tk.LogError, "failed to set loxidefault gw %s\n", gw.String())
+ return err
+ }
+ utils.ArpResolver(tk.IPtonl(gw))
+ }
+ setDFLRoute = false
+ return nil
+}
+
+// CloudPrepareVIPNetWork - Prepare the VIP network on mastership transition
+func (aws *AWSAPIStruct) CloudPrepareVIPNetWork() error {
+ if awsCIDRnet == nil {
+ return nil
+ }
+
+ setDFLRoute = true
+
+ ctx, cancel := context.WithTimeout(context.Background(), time.Duration(time.Second*30))
+ defer cancel()
+
+ subnets := []string{}
+ loxilbKey := "loxiType"
+ loxilbIfKeyVal := fmt.Sprintf("loxilb-eni%s", mh.cloudInst)
+ loxilbSubNetKeyVal := fmt.Sprintf("loxilb-subnet%s", mh.cloudInst)
+ filterStr := fmt.Sprintf("%s:%s", "tag", loxilbKey)
+
+ output, err := ec2Client.DescribeNetworkInterfaces(ctx, &ec2.DescribeNetworkInterfacesInput{
+ Filters: []types.Filter{
+ {Name: &filterStr, Values: []string{loxilbIfKeyVal}},
+ },
+ })
+
+ if err != nil || (output != nil && len(output.NetworkInterfaces) <= 0) {
+ tk.LogIt(tk.LogError, "no loxiType intf found\n")
+ subnetOutput, err := ec2Client.DescribeSubnets(ctx, &ec2.DescribeSubnetsInput{
+ Filters: []types.Filter{
+ {Name: &filterStr, Values: []string{loxilbSubNetKeyVal}},
+ },
+ })
+ if err == nil {
+ for _, subnet := range subnetOutput.Subnets {
+ subnets = append(subnets, *subnet.SubnetId)
+ }
+ }
+ } else {
+ for _, intf := range output.NetworkInterfaces {
+ subnets = append(subnets, *intf.SubnetId)
+ if intf.Attachment != nil {
+ force := true
+ _, err := ec2Client.DetachNetworkInterface(ctx, &ec2.DetachNetworkInterfaceInput{AttachmentId: intf.Attachment.AttachmentId, Force: &force})
+ if err != nil {
+ tk.LogIt(tk.LogError, "failed to detach intf (%s):%s\n", *intf.NetworkInterfaceId, err)
+ return err
+ }
+ }
+ loop := 20
+ for loop > 0 {
+ ctx2, cancel2 := context.WithTimeout(context.Background(), time.Duration(time.Second*10))
+ _, err2 := ec2Client.DeleteNetworkInterface(ctx2, &ec2.DeleteNetworkInterfaceInput{NetworkInterfaceId: intf.NetworkInterfaceId})
+ cancel2()
+ if err2 != nil {
+ tk.LogIt(tk.LogError, "failed to delete intf (%s):%s\n", *intf.NetworkInterfaceId, err2)
+ time.Sleep(2 * time.Second)
+ loop--
+ if loop <= 0 {
+ return err2
+ }
+ continue
+ }
+ break
+ }
+ }
+ }
+
+ ctx3, cancel3 := context.WithTimeout(context.Background(), time.Duration(time.Second*30))
+ defer cancel3()
+
+ for _, subnet := range subnets {
+ _, err := ec2Client.DeleteSubnet(ctx3, &ec2.DeleteSubnetInput{SubnetId: &subnet})
+ if err != nil {
+ tk.LogIt(tk.LogError, "failed to delete subnet (%s):%s\n", subnet, err)
+ return err
+ }
+ }
+
+ cidrBlock := awsCIDRnet.String()
+ vpcFilterStr := "cidr-block-association.cidr-block"
+ vpcOut, err := ec2Client.DescribeVpcs(ctx3, &ec2.DescribeVpcsInput{
+ Filters: []types.Filter{
+ {Name: &vpcFilterStr, Values: []string{cidrBlock}},
+ },
+ })
+
+ if err != nil {
+ tk.LogIt(tk.LogError, "DescribeVpcs failed (%s)\n", err)
+ return err
+ }
+ needCIDRAssoc := true
+ if len(vpcOut.Vpcs) >= 1 {
+ for _, vpc := range vpcOut.Vpcs {
+ if vpc.VpcId != nil {
+ for _, cbAs := range vpc.CidrBlockAssociationSet {
+ if cbAs.CidrBlockState != nil && cbAs.CidrBlockState.State == types.VpcCidrBlockStateCodeAssociated &&
+ cbAs.CidrBlock != nil && *cbAs.CidrBlock == cidrBlock {
+ if *vpc.VpcId == vpcID {
+ needCIDRAssoc = false
+ break
+ }
+ // CIDR is not in the current VPC. There should be no attached subnets/interfaces at this point
+ _, err := ec2Client.DisassociateVpcCidrBlock(ctx3, &ec2.DisassociateVpcCidrBlockInput{AssociationId: cbAs.AssociationId})
+ if err != nil {
+ tk.LogIt(tk.LogError, "cidrBlock (%s) dissassociate failed in VPC %s:%s\n", cidrBlock, *vpcOut.Vpcs[0].VpcId, err)
+ return err
+ } else {
+ tk.LogIt(tk.LogInfo, "cidrBlock (%s) dissassociated from VPC %s\n", cidrBlock, *vpcOut.Vpcs[0].VpcId)
+ }
+ break
+ }
+ }
+ }
+ }
+ }
+
+ if needCIDRAssoc {
+ // Reassociate this CIDR block
+ _, err := ec2Client.AssociateVpcCidrBlock(ctx,
+ &ec2.AssociateVpcCidrBlockInput{VpcId: &vpcID, CidrBlock: &cidrBlock})
+ if err != nil {
+ tk.LogIt(tk.LogError, "cidrBlock (%s) associate failed in VPC %s:%s\n", cidrBlock, vpcID, err)
+ return err
+ } else {
+ tk.LogIt(tk.LogError, "cidrBlock (%s) associated to VPC %s\n", cidrBlock, vpcID)
+ }
+ }
+
+ ointfs, err := net.Interfaces()
+ if err != nil {
+ tk.LogIt(tk.LogError, "failed to get sys ifs\n")
+ return err
+ }
+
+ subnetTag := types.Tag{Key: &loxilbKey, Value: &loxilbSubNetKeyVal}
+ subnetTags := []types.Tag{subnetTag}
+ subOutput, err := ec2Client.CreateSubnet(ctx3, &ec2.CreateSubnetInput{
+ VpcId: &vpcID,
+ AvailabilityZone: &azName,
+ CidrBlock: &cidrBlock,
+ TagSpecifications: []types.TagSpecification{{ResourceType: types.ResourceTypeSubnet,
+ Tags: subnetTags},
+ },
+ })
+ if err != nil {
+ tk.LogIt(tk.LogError, "failed to create subnet for loxilb instance %v:%s\n", vpcID, err)
+ return nil
+ }
+
+ sgList, err := awsImdsGetSecurityGroups(ctx3)
+ if err != nil {
+ tk.LogIt(tk.LogWarning, "failed to get instance security groups: %s\n", err.Error())
+ }
+ intfDesc := "loxilb-eni"
+ loxilbIntfKey := "loxiType"
+ loxilbIntfKeyVal := fmt.Sprintf("loxilb-eni%s", mh.cloudInst)
+ intfTag := types.Tag{Key: &loxilbIntfKey, Value: &loxilbIntfKeyVal}
+ intfTags := []types.Tag{intfTag}
+ intfOutput, err := ec2Client.CreateNetworkInterface(ctx3, &ec2.CreateNetworkInterfaceInput{
+ SubnetId: subOutput.Subnet.SubnetId,
+ Description: &intfDesc,
+ Groups: sgList,
+ TagSpecifications: []types.TagSpecification{{ResourceType: types.ResourceTypeNetworkInterface,
+ Tags: intfTags},
+ },
+ })
+ if err != nil {
+ tk.LogIt(tk.LogError, "failed to create interface for loxilb instance %v:%s\n", vpcID, err)
+ return nil
+ }
+
+ loxiEniPrivIP := *intfOutput.NetworkInterface.PrivateIpAddress
+ loxiEniID = *intfOutput.NetworkInterface.NetworkInterfaceId
+
+ tk.LogIt(tk.LogInfo, "Created interface (%s:%s) for loxilb instance %v\n", *intfOutput.NetworkInterface.NetworkInterfaceId, loxiEniPrivIP, vpcID)
+
+ devIdx := int32(1)
+ aniOut, err := ec2Client.AttachNetworkInterface(ctx3, &ec2.AttachNetworkInterfaceInput{DeviceIndex: &devIdx,
+ InstanceId: &instanceID,
+ NetworkInterfaceId: intfOutput.NetworkInterface.NetworkInterfaceId,
+ })
+ if err != nil {
+ tk.LogIt(tk.LogError, "failed to attach interface for loxilb instance %v:%s\n", vpcID, err)
+ return nil
+ }
+
+ tk.LogIt(tk.LogInfo, "Attached interface (%d) for loxilb instance %v\n", *aniOut.NetworkCardIndex, vpcID)
+
+ tryCount := 0
+ newIntfName := ""
+
+ sourceDestCheck := false
+ _, err = ec2Client.ModifyNetworkInterfaceAttribute(ctx3, &ec2.ModifyNetworkInterfaceAttributeInput{
+ NetworkInterfaceId: intfOutput.NetworkInterface.NetworkInterfaceId,
+ SourceDestCheck: &types.AttributeBooleanValue{Value: &sourceDestCheck},
+ })
+ if err != nil {
+ tk.LogIt(tk.LogError, "failed to modify interface(disable source/dest check):%s\n", err.Error())
+ }
+
+retry:
+ nintfs, _ := net.Interfaces()
+ if err != nil {
+ tk.LogIt(tk.LogError, "failed to get sys ifs\n")
+ return err
+ }
+
+ for _, nintf := range nintfs {
+ found := false
+ for _, ointf := range ointfs {
+ if nintf.Name == ointf.Name {
+ found = true
+ break
+ }
+ }
+ if !found {
+ tk.LogIt(tk.LogInfo, "aws: new interface config %s\n", nintf.Name)
+ link, err := nl.LinkByName(nintf.Name)
+ if err != nil {
+ tk.LogIt(tk.LogError, "failed to get link (%s)\n", nintf.Name)
+ }
+ err = nl.LinkSetUp(link)
+ if err != nil {
+ tk.LogIt(tk.LogError, "failed to set link (%s) up :%s\n", nintf.Name, err)
+ }
+
+ err = nl.LinkSetMTU(link, 9000)
+ if err != nil {
+ tk.LogIt(tk.LogError, "failed to set link (%s) mtu:%s\n", nintf.Name, err)
+ }
+
+ ones, _ := awsCIDRnet.Mask.Size()
+ subStr := fmt.Sprintf("/%d", ones)
+ Address, err := nl.ParseAddr(loxiEniPrivIP + subStr)
+ if err != nil {
+ tk.LogIt(tk.LogWarning, "privIP %s parse fail\n", loxiEniPrivIP)
+ return err
+ }
+ err = nl.AddrAdd(link, Address)
+ if err != nil {
+ tk.LogIt(tk.LogWarning, "privIP %s:%s add failed\n", loxiEniPrivIP, nintf.Name)
+ }
+ newIntfName = nintf.Name
+ }
+ }
+ if newIntfName == "" {
+ if tryCount < 10 {
+ time.Sleep(1 * time.Second)
+ tryCount++
+ goto retry
+ }
+ } else {
+ intfENIName = newIntfName
+ }
+
+ return nil
+}
+
+func (aws *AWSAPIStruct) CloudUnPrepareVIPNetWork() error {
+ _, defaultDst, _ := net.ParseCIDR("0.0.0.0/0")
+ if intfENIName == "" {
+ tk.LogIt(tk.LogError, "failed to get ENI intf name (%s)\n", intfENIName)
+ return nil
+ }
+
+ _, err := nl.LinkByName(intfENIName)
+ if err != nil {
+ intfENIName = ""
+ tk.LogIt(tk.LogError, "failed to get ENI link (%s)\n", intfENIName)
+ return err
+ }
+
+ mh.zr.Rt.RtDelete(*defaultDst, RootZone)
+ intfENIName = ""
+
+ chkIP := net.ParseIP("8.8.8.8")
+ defaultRT, err := nl.RouteGet(chkIP)
+ if err != nil {
+ tk.LogIt(tk.LogError, "AWSUnPrepVIPNetwork(): failed to get sys default route\n")
+ return err
+ }
+
+ ra := RtAttr{HostRoute: false, Ifi: defaultRT[0].LinkIndex, IfRoute: false}
+ na := []RtNhAttr{{defaultRT[0].Gw, defaultRT[0].LinkIndex}}
+ _, err = mh.zr.Rt.RtAdd(*defaultDst, RootZone, ra, na)
+ if err != nil {
+ tk.LogIt(tk.LogError, "failed to set loxidefault gw %s\n", defaultRT[0].Gw.String())
+ return err
+ }
+
+ return nil
+}
+
+func awsGetNetworkInterface(ctx context.Context, instanceID string, vIP net.IP) (string, error) {
+ filterStr := "attachment.instance-id"
+ output, err := ec2Client.DescribeNetworkInterfaces(ctx, &ec2.DescribeNetworkInterfacesInput{
+ Filters: []types.Filter{
+ {Name: &filterStr, Values: []string{instanceID}},
+ },
+ })
+ if err != nil {
+ return "", err
+ }
+
+ for _, i := range output.NetworkInterfaces {
+ path := fmt.Sprintf("network/interfaces/macs/%s/subnet-ipv4-cidr-block", *i.MacAddress)
+ cidr, err := imdsClient.GetMetadata(ctx, &imds.GetMetadataInput{
+ Path: path,
+ })
+ if err != nil {
+ continue
+ }
+
+ b, err := io.ReadAll(cidr.Content)
+ cidr.Content.Close()
+ if err != nil {
+ continue
+ }
+
+ _, ips, err := net.ParseCIDR(string(b))
+ if err != nil {
+ continue
+ }
+
+ if ips.Contains(vIP) {
+ if i.NetworkInterfaceId != nil {
+ return *i.NetworkInterfaceId, nil
+ }
+ }
+ }
+
+ return "", errors.New("not found interface")
+}
+
+func awsCreatePrivateIp(ctx context.Context, ni string, vIP net.IP) error {
+ allowReassign := true
+ input := &ec2.AssignPrivateIpAddressesInput{
+ NetworkInterfaceId: &ni,
+ PrivateIpAddresses: []string{vIP.String()},
+ AllowReassignment: &allowReassign,
+ }
+ _, err := ec2Client.AssignPrivateIpAddresses(ctx, input)
+ if err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func awsDeletePrivateIp(ctx context.Context, ni string, vIP net.IP) error {
+ input := &ec2.UnassignPrivateIpAddressesInput{
+ NetworkInterfaceId: &ni,
+ PrivateIpAddresses: []string{vIP.String()},
+ }
+ _, err := ec2Client.UnassignPrivateIpAddresses(ctx, input)
+ if err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func awsUpdatePrivateIP(vIP net.IP, add bool) error {
+ ctx, cancel := context.WithTimeout(context.Background(), time.Duration(time.Second*30))
+ defer cancel()
+
+ var niID string
+ var err error
+ if awsCIDRnet == nil || loxiEniID == "" {
+ niID, err = awsGetNetworkInterface(ctx, instanceID, vIP)
+ if err != nil {
+ tk.LogIt(tk.LogError, "AWS get network interface failed: %v\n", err)
+ return err
+ }
+ } else {
+ niID = loxiEniID
+ }
+
+ if !add {
+ return awsDeletePrivateIp(ctx, niID, vIP)
+ }
+
+ return awsCreatePrivateIp(ctx, niID, vIP)
+}
+
+func awsAssociateElasticIp(vIP, eIP net.IP, add bool) error {
+
+ if intfENIName == "" {
+ tk.LogIt(tk.LogError, "associate elasticIP: failed to get ENI intf name\n")
+ return errors.New("no loxi-eni found")
+ }
+
+ ctx, cancel := context.WithTimeout(context.Background(), time.Second*30)
+ defer cancel()
+
+ var niID string
+ var err error
+ if awsCIDRnet == nil || loxiEniID == "" {
+ niID, err = awsGetNetworkInterface(ctx, instanceID, vIP)
+ if err != nil {
+ tk.LogIt(tk.LogError, "AWS get network interface failed: %v\n", err)
+ return err
+ }
+ } else {
+ niID = loxiEniID
+ }
+
+ eipID, eipAssociateID, err := awsGetElasticIpId(ctx, eIP)
+ if err != nil {
+ tk.LogIt(tk.LogError, "AWS get elastic IP failed: %v\n", err)
+ return err
+ }
+
+ tk.LogIt(tk.LogInfo, "AWS adding elastic IP : %s\n", eIP.String())
+ if !add {
+ return awsDisassociateElasticIpWithInterface(ctx, eipAssociateID, niID)
+ }
+ return awsAssociateElasticIpWithInterface(ctx, eipID, niID, vIP)
+}
+
+func awsAssociateElasticIpWithInterface(ctx context.Context, eipID, niID string, privateIP net.IP) error {
+ allowReassign := true
+ input := &ec2.AssociateAddressInput{
+ AllocationId: &eipID,
+ NetworkInterfaceId: &niID,
+ AllowReassociation: &allowReassign,
+ }
+ if privateIP != nil {
+ if err := awsCreatePrivateIp(ctx, niID, privateIP); err != nil {
+ tk.LogIt(tk.LogError, "AWS create priv IP failed: %s\n", err)
+ return err
+ }
+ ipstr := privateIP.String()
+ input.PrivateIpAddress = &ipstr
+ }
+ _, err := ec2Client.AssociateAddress(ctx, input)
+ if err != nil {
+ tk.LogIt(tk.LogError, "AWS associate address eIP failed: %s\n", err)
+ }
+ return err
+}
+
+func awsDisassociateElasticIpWithInterface(ctx context.Context, eipAssociateID, niID string) error {
+ _, err := ec2Client.DisassociateAddress(ctx, &ec2.DisassociateAddressInput{
+ AssociationId: &eipAssociateID,
+ })
+ return err
+}
+
+func awsGetElasticIpId(ctx context.Context, eIP net.IP) (string, string, error) {
+ filterStr := "public-ip"
+ output, err := ec2Client.DescribeAddresses(ctx, &ec2.DescribeAddressesInput{
+ Filters: []types.Filter{
+ {Name: &filterStr, Values: []string{eIP.String()}},
+ }},
+ )
+ if err != nil {
+ return "", "", err
+ }
+ if len(output.Addresses) <= 0 {
+ return "", "", fmt.Errorf("not found Elastic IP %s", eIP.String())
+ }
+ var allocateId, associateId string
+ if output.Addresses[0].AllocationId != nil {
+ allocateId = *output.Addresses[0].AllocationId
+ }
+ if output.Addresses[0].AssociationId != nil {
+ associateId = *output.Addresses[0].AssociationId
+ }
+ return allocateId, associateId, nil
+}
+
+// CloudAPIInit - Initialize the AWS cloud API
+func (aws *AWSAPIStruct) CloudAPIInit(cloudCIDRBlock string) error {
+
+ // Using the SDK's default configuration, loading additional config
+ // and credentials values from the environment variables, shared
+ // credentials, and shared configuration files
+ cfg, err := config.LoadDefaultConfig(context.TODO())
+ if err != nil {
+ tk.LogIt(tk.LogError, "failed to load cloud config\n")
+ return err
+ }
+
+ if cloudCIDRBlock != "" {
+ _, awsCIDRnet, err = net.ParseCIDR(cloudCIDRBlock)
+ if err != nil {
+ tk.LogIt(tk.LogError, "failed to parse cloud cidr block %s\n", cloudCIDRBlock)
+ return err
+ }
+ }
+
+ // Using the Config value, create the DynamoDB client
+ imdsClient = imds.NewFromConfig(cfg)
+ ec2Client = ec2.NewFromConfig(cfg)
+
+ ctx, cancel := context.WithTimeout(context.Background(), time.Second*30)
+ defer cancel()
+
+ vpcID, err = awsGetInstanceVPCInfo(ctx)
+ if err != nil {
+ tk.LogIt(tk.LogError, "failed to find vpcid for instance\n")
+ return err
+ }
+
+ azName, err = awsGetInstanceAvailabilityZone(ctx)
+ if err != nil {
+ tk.LogIt(tk.LogError, "failed to find az for instance %v:%s\n", vpcID, err)
+ return err
+ }
+
+ instanceID, err = awsGetInstanceIDInfo(ctx)
+ if err != nil {
+ tk.LogIt(tk.LogError, "failed to find instanceID for instance %v:%s\n", vpcID, err)
+ return err
+ }
+
+ tk.LogIt(tk.LogInfo, "AWS API init - instance %s vpc %s az %s\n", instanceID, vpcID, instanceID)
+ return nil
+}
+
+func awsImdsGetSecurityGroups(ctx context.Context) ([]string, error) {
+ macResp, err := imdsClient.GetMetadata(ctx, &imds.GetMetadataInput{
+ Path: "mac",
+ })
+ if err != nil {
+ return nil, err
+ }
+ defer macResp.Content.Close()
+
+ macByte, err := io.ReadAll(macResp.Content)
+ if err != nil {
+ return nil, err
+ }
+
+ sgResp, err := imdsClient.GetMetadata(ctx, &imds.GetMetadataInput{
+ Path: fmt.Sprintf("network/interfaces/macs/%s/security-group-ids", string(macByte)),
+ })
+ if err != nil {
+ return nil, err
+ }
+ defer sgResp.Content.Close()
+
+ sgByte, err := io.ReadAll(sgResp.Content)
+ if err != nil {
+ return nil, err
+ }
+
+ sgList := strings.Split(string(sgByte), "\n")
+ return sgList, nil
+}
+
+// CloudUpdatePrivateIP - Update private IP related to an elastic IP
+func (aws *AWSAPIStruct) CloudUpdatePrivateIP(vIP net.IP, eIP net.IP, add bool) error {
+ if vIP.Equal(eIP) { // no use EIP
+ return awsUpdatePrivateIP(vIP, add)
+ } else { // use EIP
+ if err := awsAssociateElasticIp(vIP, eIP, add); err != nil {
+ return err
+ }
+ return awsPrepDFLRoute()
+ }
+}
+
+// AWSCloudHookNew - Create AWS specific API hooks
+func AWSCloudHookNew() *AWSAPIStruct {
+ return &AWSAPIStruct{}
+}
diff --git a/pkg/loxinet/utils_cloud.go b/pkg/loxinet/utils_cloud.go
new file mode 100644
index 00000000..38279989
--- /dev/null
+++ b/pkg/loxinet/utils_cloud.go
@@ -0,0 +1,36 @@
+/*
+ * Copyright (c) 2024 NetLOX Inc
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package loxinet
+
+import (
+ "net"
+)
+
+// CloudHookInterface - Go interface which needs to be implemented to
+type CloudHookInterface interface {
+ CloudAPIInit(cloudCIDRBlock string) error
+ CloudPrepareVIPNetWork() error
+ CloudUnPrepareVIPNetWork() error
+ CloudUpdatePrivateIP(vIP net.IP, eIP net.IP, add bool) error
+}
+
+func CloudHookNew(cloudLabel string) CloudHookInterface {
+ if mh.cloudLabel == "aws" {
+ return AWSCloudHookNew()
+ }
+ return nil
+}
diff --git a/pkg/loxinet/utils_naver.go b/pkg/loxinet/utils_naver.go
new file mode 100644
index 00000000..28945d0f
--- /dev/null
+++ b/pkg/loxinet/utils_naver.go
@@ -0,0 +1,254 @@
+/*
+ * Copyright (c) 2023 NetLOX Inc
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package loxinet
+
+import (
+ "crypto/hmac"
+ "crypto/sha256"
+ "encoding/base64"
+ "encoding/json"
+ "fmt"
+ "io"
+ "net"
+ "net/http"
+ "os"
+ "os/user"
+ "strconv"
+ "strings"
+ "time"
+
+ tk "github.com/loxilb-io/loxilib"
+)
+
+var (
+ nClient *NcloudClient
+)
+
+type NcloudConfig struct {
+ AccessKey string
+ SecretKey string
+}
+
+type NcloudClient struct {
+ config *NcloudConfig
+ client *http.Client
+ serverURL string
+}
+
+func (n *NcloudClient) NcloudGetMetadataInterfaceID() (string, error) {
+ metadataURL := "http://169.254.169.254"
+ urls := "/latest/meta-data/networkInterfaceNoList/0"
+ req, err := http.NewRequest(http.MethodGet, metadataURL+urls, nil)
+ if err != nil {
+ return "", err
+ }
+
+ n.setHeaders(req, urls)
+ res, err := n.client.Do(req)
+ if err != nil {
+ return "", err
+ }
+
+ defer res.Body.Close()
+ resBody, err := io.ReadAll(res.Body)
+ if err != nil {
+ return "", err
+ }
+
+ return strings.TrimSpace(string(resBody)), nil
+}
+
+func (n *NcloudClient) NcloudCreatePrivateIp(ni string, vIP net.IP) error {
+ urls := fmt.Sprintf("%s?networkInterfaceNo=%s&secondaryIpList.1=%s&allowReassign=true&responseFormatType=json", "/vserver/v2/assignSecondaryIps", ni, vIP.String())
+ req, err := http.NewRequest(http.MethodGet, n.serverURL+urls, nil)
+ if err != nil {
+ return err
+ }
+
+ n.setHeaders(req, urls)
+ res, err := n.client.Do(req)
+ if err != nil {
+ return err
+ }
+
+ defer res.Body.Close()
+ respBody, err := io.ReadAll(res.Body)
+ if err != nil {
+ return err
+ }
+
+ type AssignSecondaryIpsResponse struct {
+ ReturnMessage string `json:"returnMessage"`
+ }
+ type ncloudResponse struct {
+ AssignSecondaryIpsResponse AssignSecondaryIpsResponse `json:"assignSecondaryIpsResponse"`
+ }
+
+ checkReturn := ncloudResponse{}
+ if err := json.Unmarshal(respBody, &checkReturn); err != nil {
+ return err
+ }
+
+ if checkReturn.AssignSecondaryIpsResponse.ReturnMessage != "success" {
+ return fmt.Errorf(string(respBody))
+ }
+
+ return nil
+}
+
+func (n *NcloudClient) NcloudDeletePrivateIp(ni string, vIP net.IP) error {
+ urls := fmt.Sprintf("%s?networkInterfaceNo=%s&secondaryIpList.1=%s&responseFormatType=json", "/vserver/v2/unassignSecondaryIps", ni, vIP.String())
+ req, err := http.NewRequest(http.MethodGet, n.serverURL+urls, nil)
+ if err != nil {
+ return err
+ }
+
+ n.setHeaders(req, urls)
+ res, err := n.client.Do(req)
+ if err != nil {
+ return err
+ }
+
+ defer res.Body.Close()
+ respBody, err := io.ReadAll(res.Body)
+ if err != nil {
+ return err
+ }
+
+ type UnassignSecondaryIpsResponse struct {
+ ReturnMessage string `json:"returnMessage"`
+ }
+ type ncloudResponse struct {
+ UnassignSecondaryIpsResponse UnassignSecondaryIpsResponse `json:"unassignSecondaryIpsResponse"`
+ }
+
+ checkReturn := ncloudResponse{}
+ if err := json.Unmarshal(respBody, &checkReturn); err != nil {
+ return err
+ }
+
+ if checkReturn.UnassignSecondaryIpsResponse.ReturnMessage != "success" {
+ return fmt.Errorf(string(respBody))
+ }
+
+ return nil
+}
+
+func (n *NcloudClient) NcloudUpdatePrivateIp(vIP net.IP, add bool) error {
+ if n.checkNcloudCredential(); n.config == nil {
+ return fmt.Errorf("failed to load Ncloud credential")
+ }
+
+ niID, err := n.NcloudGetMetadataInterfaceID()
+ if err != nil {
+ tk.LogIt(tk.LogError, "NCloud get instance failed: %v\n", err)
+ return err
+ }
+
+ if !add {
+ return n.NcloudDeletePrivateIp(niID, vIP)
+ }
+
+ return n.NcloudCreatePrivateIp(niID, vIP)
+}
+
+func (n *NcloudClient) getUnixMilliTimeString() string {
+ currentTime := time.Now().UnixMilli()
+ return strconv.FormatInt(currentTime, 10)
+}
+
+func (n *NcloudClient) createSignature(method string, urls string, timestamp string) string {
+ message := fmt.Sprintf("%s %s\n%s\n%s", method, urls, timestamp, n.config.AccessKey)
+
+ hmac256 := hmac.New(sha256.New, []byte(n.config.SecretKey))
+ hmac256.Write([]byte(message))
+ hmacSum := hmac256.Sum(nil)
+
+ return base64.StdEncoding.EncodeToString(hmacSum)
+}
+
+func (n *NcloudClient) setHeaders(req *http.Request, urls string) {
+ timestamp := n.getUnixMilliTimeString()
+ signature := n.createSignature(http.MethodGet, urls, timestamp)
+ req.Header.Set("x-ncp-apigw-timestamp", timestamp)
+ req.Header.Set("x-ncp-iam-access-key", n.config.AccessKey)
+ req.Header.Set("x-ncp-apigw-signature-v2", signature)
+}
+
+func (n *NcloudClient) checkNcloudCredential() {
+ if n.config != nil {
+ return
+ }
+
+ cfg, err := loadDefaultConfig()
+ if err != nil {
+ tk.LogIt(tk.LogInfo, "failed to get NCloud credential")
+ return
+ }
+ n.config = cfg
+}
+
+func NcloudApiInit() error {
+ cfg, err := loadDefaultConfig()
+ if err != nil {
+ tk.LogIt(tk.LogInfo, "failed to get NCloud credential. error: %s", err.Error())
+ }
+
+ // Using the Config value, create the DynamoDB client
+ nClient = newFromConfig(cfg)
+
+ tk.LogIt(tk.LogInfo, "NCloud API init\n")
+ return nil
+}
+
+func newFromConfig(cfg *NcloudConfig) *NcloudClient {
+ return &NcloudClient{
+ config: cfg,
+ client: &http.Client{},
+ serverURL: "https://ncloud.apigw.ntruss.com",
+ }
+}
+
+func loadDefaultConfig() (*NcloudConfig, error) {
+ var ncloudConfig NcloudConfig
+
+ user, err := user.Current()
+ if err != nil {
+ return nil, err
+ }
+
+ path := user.HomeDir + "/.ncloud/credential"
+ b, err := os.ReadFile(path)
+ if err != nil {
+ return nil, err
+ }
+
+ credentials := strings.Split(string(b), "\n")
+ for _, credential := range credentials {
+ keyValues := strings.Split(credential, "=")
+ if strings.Contains(keyValues[0], "ncloud_access_key_id") {
+ ncloudConfig.AccessKey = strings.TrimSpace(keyValues[1])
+ } else if strings.Contains(keyValues[0], "ncloud_secret_access_key") {
+ ncloudConfig.SecretKey = strings.TrimSpace(keyValues[1])
+ }
+ }
+ if ncloudConfig.AccessKey == "" || ncloudConfig.SecretKey == "" {
+ return nil, fmt.Errorf("failed to get access key or secret key")
+ }
+
+ return &ncloudConfig, nil
+}
diff --git a/pkg/loxinet/zones.go b/pkg/loxinet/zones.go
index bfdc5392..d77357fc 100644
--- a/pkg/loxinet/zones.go
+++ b/pkg/loxinet/zones.go
@@ -238,5 +238,6 @@ func (z *ZoneH) ZoneTicker() {
zone.Sess.SessionTicker()
zone.Pols.PolTicker()
zone.Mirrs.MirrTicker()
+ zone.L3.IfasTicker()
}
}