diff --git a/.github/workflows/k3s-loxi-gwapi.yml b/.github/workflows/k3s-loxi-gwapi.yml new file mode 100644 index 00000000..c40b82a5 --- /dev/null +++ b/.github/workflows/k3s-loxi-gwapi.yml @@ -0,0 +1,33 @@ +name: K3s-Loxi-GWAPI-Sanity-CI +on: + schedule: + # Runs "At 7:00 UTC every day-of-week" + - cron: '0 7 * * *' + workflow_dispatch: + inputs: + testName: + description: 'Test Run-Name' + required: true + default: 'k3s-loxi-gwapi' +jobs: + build: + name: k3s-loxi-gwapi-sanity + runs-on: [self-hosted, large] + if: github.repository == 'loxilb-io/loxilb' + steps: + - uses: actions/checkout@v2 + with: + submodules: recursive + - name: Run K3s LoxiGWAPI CICD + run: | + cd cicd/k3s-flannel-loxilb-gwapi + ./config.sh + ./validation.sh + ./rmconfig.sh + cd - + - name: Clean test-bed + if: success() || failure() + run: | + cd cicd/k3s-flannel-loxilb-gwapi/ || true + ./rmconfig.sh + cd - diff --git a/cicd/k3s-flannel-loxilb-gwapi/Vagrantfile b/cicd/k3s-flannel-loxilb-gwapi/Vagrantfile new file mode 100644 index 00000000..9520a9de --- /dev/null +++ b/cicd/k3s-flannel-loxilb-gwapi/Vagrantfile @@ -0,0 +1,39 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +workers = (ENV['WORKERS'] || "1").to_i +#box_name = (ENV['VAGRANT_BOX'] || "ubuntu/focal64") +box_name = (ENV['VAGRANT_BOX'] || "sysnet4admin/Ubuntu-k8s") +box_version = "0.7.1" +Vagrant.configure("2") do |config| + config.vm.box = "#{box_name}" + config.vm.box_version = "#{box_version}" + + if Vagrant.has_plugin?("vagrant-vbguest") + config.vbguest.auto_update = false + end + + config.vm.define "loxilb" do |loxilb| + loxilb.vm.hostname = 'llb1' + #loxilb.vm.network "forwarded_port", guest: 55002, host: 5502, protocol: "tcp" + loxilb.vm.network :private_network, ip: "192.168.80.90", :netmask => "255.255.255.0" + loxilb.vm.network :private_network, ip: "192.168.90.90", :netmask => "255.255.255.0" + loxilb.vm.provision :shell, :path => "loxilb.sh" + loxilb.vm.provider :virtualbox do |vbox| + vbox.customize ["modifyvm", :id, "--memory", 6000] + vbox.customize ["modifyvm", :id, "--cpus", 4] + end + end + + + config.vm.define "master" do |master| + master.vm.hostname = 'master' + master.vm.network :private_network, ip: "192.168.80.100", :netmask => "255.255.255.0" + master.vm.provision :shell, :path => "master.sh" + master.vm.provider :virtualbox do |vbox| + vbox.customize ["modifyvm", :id, "--memory", 8192] + vbox.customize ["modifyvm", :id, "--cpus", 4] + end + end + +end diff --git a/cicd/k3s-flannel-loxilb-gwapi/config.sh b/cicd/k3s-flannel-loxilb-gwapi/config.sh new file mode 100755 index 00000000..6b8ee48e --- /dev/null +++ b/cicd/k3s-flannel-loxilb-gwapi/config.sh @@ -0,0 +1,3 @@ +#!/bin/bash +vagrant global-status | grep -i virtualbox | cut -f 1 -d ' ' | xargs -L 1 vagrant destroy -f +vagrant up diff --git a/cicd/k3s-flannel-loxilb-gwapi/gateway.yaml b/cicd/k3s-flannel-loxilb-gwapi/gateway.yaml new file mode 100644 index 00000000..9e0f5932 --- /dev/null +++ b/cicd/k3s-flannel-loxilb-gwapi/gateway.yaml @@ -0,0 +1,35 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: Gateway +metadata: + name: test-gateway + namespace: kube-system +spec: + gatewayClassName: test-gc + listeners: + - name: tcp-listener + protocol: TCP + port: 21818 + allowedRoutes: + kinds: + - kind: TCPRoute + - name: udp-listener + protocol: UDP + port: 21819 + allowedRoutes: + kinds: + - kind: UDPRoute + - name: http-listener + protocol: HTTP + port: 80 + allowedRoutes: + kinds: + - kind: HTTPRoute + - name: https-listener + protocol: HTTPS # Other possible value is `TLS` + port: 443 + tls: + mode: Terminate # If protocol is `TLS`, `Passthrough` is a possible mode + certificateRefs: + - kind: Secret + group: "" + name: loxilb-ssl diff --git a/cicd/k3s-flannel-loxilb-gwapi/gatewayclass.yaml b/cicd/k3s-flannel-loxilb-gwapi/gatewayclass.yaml new file mode 100644 index 00000000..9e1f67e2 --- /dev/null +++ b/cicd/k3s-flannel-loxilb-gwapi/gatewayclass.yaml @@ -0,0 +1,7 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: GatewayClass +metadata: + name: test-gc + namespace: kube-system +spec: + controllerName: "loxilb.io/loxilb" diff --git a/cicd/k3s-flannel-loxilb-gwapi/httpRoute.yaml b/cicd/k3s-flannel-loxilb-gwapi/httpRoute.yaml new file mode 100644 index 00000000..ab370bb8 --- /dev/null +++ b/cicd/k3s-flannel-loxilb-gwapi/httpRoute.yaml @@ -0,0 +1,56 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: http-deployment +spec: + replicas: 2 + selector: + matchLabels: + app: http + template: + metadata: + labels: + app: http + spec: + containers: + - name: http-pod + image: ghcr.io/loxilb-io/nginx:stable + imagePullPolicy: Always + ports: + - containerPort: 8080 + +--- +apiVersion: v1 +kind: Service +metadata: + name: http-service +spec: + selector: + app: http + ports: + - protocol: TCP + name: tcpport81 + port: 81 + targetPort: 8081 + - protocol: TCP + name: tcpport80 + port: 80 + targetPort: 8080 +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: test-http-route + namespace: kube-system +spec: + parentRefs: + - name: test-gateway + namespace: kube-system + sectionName: http-listener + hostnames: + - "test.loxilb.gateway.http" + rules: + - backendRefs: + - name: http-service + namespace: default + port: 80 diff --git a/cicd/k3s-flannel-loxilb-gwapi/httpsRoute.yaml b/cicd/k3s-flannel-loxilb-gwapi/httpsRoute.yaml new file mode 100644 index 00000000..49eae66f --- /dev/null +++ b/cicd/k3s-flannel-loxilb-gwapi/httpsRoute.yaml @@ -0,0 +1,56 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: https-deployment +spec: + replicas: 2 + selector: + matchLabels: + app: https + template: + metadata: + labels: + app: https + spec: + containers: + - name: https-pod + image: ghcr.io/loxilb-io/nginx:stable + imagePullPolicy: Always + ports: + - containerPort: 8080 + +--- +apiVersion: v1 +kind: Service +metadata: + name: https-service +spec: + selector: + app: https + ports: + - protocol: TCP + name: tcpport81 + port: 81 + targetPort: 8081 + - protocol: TCP + name: tcpport80 + port: 80 + targetPort: 8080 +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: test-https-route + namespace: kube-system +spec: + parentRefs: + - name: test-gateway + namespace: kube-system + sectionName: https-listener + hostnames: + - "test.loxilb.gateway.https" + rules: + - backendRefs: + - name: https-service + namespace: default + port: 80 diff --git a/cicd/k3s-flannel-loxilb-gwapi/ingress/loxilb-ingress-deploy.yml b/cicd/k3s-flannel-loxilb-gwapi/ingress/loxilb-ingress-deploy.yml new file mode 100644 index 00000000..054d4709 --- /dev/null +++ b/cicd/k3s-flannel-loxilb-gwapi/ingress/loxilb-ingress-deploy.yml @@ -0,0 +1,139 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + app.kubernetes.io/instance: loxilb-ingress + app.kubernetes.io/name: loxilb-ingress + name: loxilb-ingress +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: loxilb-ingress + app.kubernetes.io/name: loxilb-ingress + name: loxilb-ingress + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: loxilb-ingress + app.kubernetes.io/name: loxilb-ingress + name: loxilb-ingress +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - endpoints + - services + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: loxilb-ingress + app.kubernetes.io/name: loxilb-ingress + name: loxilb-ingress +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: loxilb-ingress +subjects: +- kind: ServiceAccount + name: loxilb-ingress + namespace: kube-system +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: loxilb-ingress + namespace: kube-system +spec: + selector: + matchLabels: + app: loxilb-ingress-app + app.kubernetes.io/instance: loxilb-ingress + app.kubernetes.io/name: loxilb-ingress + template: + metadata: + name: loxilb-ingress + labels: + app: loxilb-ingress-app + app.kubernetes.io/instance: loxilb-ingress + app.kubernetes.io/name: loxilb-ingress + spec: + #hostNetwork: true + #dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: loxilb-ingress + containers: + - name: loxilb-ingress + volumeMounts: + - mountPath: "/opt/loxilb/cert/" + name: loxilb-ssl + image: "ghcr.io/loxilb-io/loxilb-ingress:latest" + imagePullPolicy: Always + command: [ "/bin/loxilb-ingress" ] + ports: + - containerPort: 11111 + livenessProbe: + httpGet: + path: netlox/v1/config/loadbalancer/all + port: 11111 + initialDelaySeconds: 30 + periodSeconds: 20 + timeoutSeconds: 5 + volumes: + - name: loxilb-ssl + secret: + secretName: loxilb-ssl diff --git a/cicd/k3s-flannel-loxilb-gwapi/k3s.yaml b/cicd/k3s-flannel-loxilb-gwapi/k3s.yaml new file mode 100644 index 00000000..fdf0e0ad --- /dev/null +++ b/cicd/k3s-flannel-loxilb-gwapi/k3s.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +clusters: +- cluster: + certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUzTXpBME5UWTBNakF3SGhjTk1qUXhNVEF4TVRBeU1ESXdXaGNOTXpReE1ETXdNVEF5TURJdwpXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUzTXpBME5UWTBNakF3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFUOFNDRXB0NTBVc2lYVVM1WTlyUXNCRVZPb2ZMTWZWL1JYRlZGV2xNaDEKS2JXblFtMVIzTUJrYzhMNHdXalBlK3haRXdKVThFSmYySVZNWFFxOUZBTVdvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVXR6ejBNRnd0SEVWMTZ2ckNBVXpQCkFpdlRGNHd3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQUlMN29pQjBJVHk2NFlVNjl6SGtzMHdmdW81SnJMOTgKT0lZb0kxVHc0Tmw1QWlCTk8xclptNkVJODZ6a3ArWFpCMG9ENU93cjl3T3c3QkxYZCtsZ1JyZ2VRdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + server: https://192.168.80.100:6443 + name: default +contexts: +- context: + cluster: default + user: default + name: default +current-context: default +kind: Config +preferences: {} +users: +- name: default + user: + client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJrVENDQVRlZ0F3SUJBZ0lJVWdabHVzR21TSFV3Q2dZSUtvWkl6ajBFQXdJd0l6RWhNQjhHQTFVRUF3d1kKYXpOekxXTnNhV1Z1ZEMxallVQXhOek13TkRVMk5ESXdNQjRYRFRJME1URXdNVEV3TWpBeU1Gb1hEVEkxTVRFdwpNVEV3TWpBeU1Gb3dNREVYTUJVR0ExVUVDaE1PYzNsemRHVnRPbTFoYzNSbGNuTXhGVEFUQmdOVkJBTVRESE41CmMzUmxiVHBoWkcxcGJqQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJJcFVGM2dGRDFuT2FrRlYKWjJzZk50MHE4RjVVUm81ZWUzK0JHSHN2K3lQWC9ucVJ0UmVpcGZUaVljQ1p3Ry9jL2VEMCtSMFp0aGIvWnNMcApaclJndlhDalNEQkdNQTRHQTFVZER3RUIvd1FFQXdJRm9EQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBakFmCkJnTlZIU01FR0RBV2dCUjlxUzZJNDRFRkVHLzBRNysvczlheVR2VkxzakFLQmdncWhrak9QUVFEQWdOSUFEQkYKQWlFQWdsY2NydkZQNjFvMVYwbjNIWWkxdG1vSHhRNUdEbUtHZnZiRTFEUVo1ZWtDSUhTa2hUYmE5elA3MGNFZQpaQndOSlRTN1JneVlEYmpxYUFoazhNcFB6OHM5Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkakNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdFkyeHAKWlc1MExXTmhRREUzTXpBME5UWTBNakF3SGhjTk1qUXhNVEF4TVRBeU1ESXdXaGNOTXpReE1ETXdNVEF5TURJdwpXakFqTVNFd0h3WURWUVFEREJock0zTXRZMnhwWlc1MExXTmhRREUzTXpBME5UWTBNakF3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFTc0E2U1ZGS3E0QnJWcmwxUUtmNjFseHpNQjQwWmlwRmYraC9lYmlsTkwKaWNRSlRjbkJ3WllLS0tIQmRaVHRMY3AyNzlzcHBGT2lKOUZCSkNUNnF6RGRvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVWZha3VpT09CQlJCdjlFTy92N1BXCnNrNzFTN0l3Q2dZSUtvWkl6ajBFQXdJRFJ3QXdSQUlnRGJtQTZ4ME1rTStCZlhNN3ZtR1RhQ1dqbmtMYy9DU1cKU2lPcER1UHBPeXNDSUZQQU1DTXlkK2lQT0srQU53d0hEc1BVcmJrYkRkRmVNVDd3aWVpU0dQMGEKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + client-key-data: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUdNSzZsSFpUendsSGU1U3lNQzIxV2loRG9HK3FQNXBkaUM4UTA1UmZVM0xvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFaWxRWGVBVVBXYzVxUVZWbmF4ODIzU3J3WGxSR2psNTdmNEVZZXkvN0k5ZitlcEcxRjZLbAo5T0pod0puQWI5ejk0UFQ1SFJtMkZ2OW13dWxtdEdDOWNBPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo= diff --git a/cicd/k3s-flannel-loxilb-gwapi/kube-loxilb.yaml b/cicd/k3s-flannel-loxilb-gwapi/kube-loxilb.yaml new file mode 100644 index 00000000..68a36bd9 --- /dev/null +++ b/cicd/k3s-flannel-loxilb-gwapi/kube-loxilb.yaml @@ -0,0 +1,211 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kube-loxilb + namespace: kube-system +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: kube-loxilb +rules: + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - watch + - list + - patch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - watch + - list + - patch + - apiGroups: + - "" + resources: + - endpoints + - services + - namespaces + - services/status + verbs: + - get + - watch + - list + - patch + - create + - update + - delete + - apiGroups: + - gateway.networking.k8s.io + resources: + - gatewayclasses + - gatewayclasses/status + - gateways + - gateways/status + - tcproutes + - udproutes + - httproutes + verbs: ["get", "watch", "list", "patch", "update"] + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - patch + - create + - update + - delete + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - watch + - list + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - watch + - list + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - bgppeer.loxilb.io + resources: + - bgppeerservices + verbs: + - get + - watch + - list + - create + - update + - delete + - apiGroups: + - bgppolicydefinedsets.loxilb.io + resources: + - bgppolicydefinedsetsservices + verbs: + - get + - watch + - list + - create + - update + - delete + - apiGroups: + - bgppolicydefinition.loxilb.io + resources: + - bgppolicydefinitionservices + verbs: + - get + - watch + - list + - create + - update + - delete + - apiGroups: + - bgppolicyapply.loxilb.io + resources: + - bgppolicyapplyservices + verbs: + - get + - watch + - list + - create + - update + - delete + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: kube-loxilb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kube-loxilb +subjects: + - kind: ServiceAccount + name: kube-loxilb + namespace: kube-system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kube-loxilb + namespace: kube-system + labels: + app: kube-loxilb-app +spec: + replicas: 1 + selector: + matchLabels: + app: kube-loxilb-app + template: + metadata: + labels: + app: kube-loxilb-app + spec: + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + tolerations: + # Mark the pod as a critical add-on for rescheduling. + - key: CriticalAddonsOnly + operator: Exists + priorityClassName: system-node-critical + serviceAccountName: kube-loxilb + terminationGracePeriodSeconds: 0 + containers: + - name: kube-loxilb + image: ghcr.io/loxilb-io/kube-loxilb:latest + imagePullPolicy: Always + command: + - /bin/kube-loxilb + args: + #- --loxiURL=http://12.12.12.1:11111,http://14.14.14.1:11111 + - --loxiURL=http://192.168.80.90:11111 + - --cidrPools=defaultPool=192.168.80.90/32 + #- --monitor + #- --setBGP=64512 + #- --listenBGPPort=1791 + - --setRoles=0.0.0.0 + - --gatewayAPI + - --v=4 + #- --extBGPPeers=50.50.50.1:65101,51.51.51.1:65102 + - --setLBMode=1 + #- --config=/opt/loxilb/agent/kube-loxilb.conf + resources: + requests: + cpu: "100m" + memory: "50Mi" + limits: + cpu: "100m" + memory: "50Mi" + securityContext: + privileged: true + capabilities: + add: ["NET_ADMIN", "NET_RAW"] diff --git a/cicd/k3s-flannel-loxilb-gwapi/loxilb.sh b/cicd/k3s-flannel-loxilb-gwapi/loxilb.sh new file mode 100644 index 00000000..74e66ae9 --- /dev/null +++ b/cicd/k3s-flannel-loxilb-gwapi/loxilb.sh @@ -0,0 +1,13 @@ +export LOXILB_IP=$(ip a |grep global | grep -v '10.0.2.15' | grep -v '192.168.80' | awk '{print $2}' | cut -f1 -d '/') + +apt-get update +apt-get install -y software-properties-common +curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - +add-apt-repository -y "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" +apt-get update +apt-get install -y docker-ce +docker run -u root --cap-add SYS_ADMIN --restart unless-stopped --privileged -dit -v /dev/log:/dev/log --net=host --name loxilb ghcr.io/loxilb-io/loxilb:latest +echo alias loxicmd=\"sudo docker exec -it loxilb loxicmd\" >> ~/.bashrc +echo alias loxilb=\"sudo docker exec -it loxilb \" >> ~/.bashrc + +echo $LOXILB_IP > /vagrant/loxilb-ip diff --git a/cicd/k3s-flannel-loxilb-gwapi/master.sh b/cicd/k3s-flannel-loxilb-gwapi/master.sh new file mode 100755 index 00000000..c062575d --- /dev/null +++ b/cicd/k3s-flannel-loxilb-gwapi/master.sh @@ -0,0 +1,39 @@ +export MASTER_IP=$(ip a |grep global | grep -v '10.0.2.15' | grep '192.168.80' | awk '{print $2}' | cut -f1 -d '/') + +apt-get update && apt install -y libnss3-tools +ldconfig /usr/local/lib64/ | true +mkdir certs +cd certs +wget --retry-connrefused --waitretry=1 --read-timeout=20 --timeout=15 -t 3 https://github.com/FiloSottile/mkcert/releases/download/v1.4.3/mkcert-v1.4.3-linux-amd64 +chmod +x mkcert-v1.4.3-linux-amd64 +mv mkcert-v1.4.3-linux-amd64 mkcert +mkdir loxilb.io +export CAROOT=`pwd`/loxilb.io +./mkcert -install +./mkcert loxilb.io +mv loxilb.io.pem ../server.crt +mv loxilb.io-key.pem ../server.key +cd - + +curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--disable traefik --disable servicelb --node-ip=${MASTER_IP}" sh - + +echo $MASTER_IP > /vagrant/master-ip +sudo cp /var/lib/rancher/k3s/server/node-token /vagrant/node-token +sudo sed -i -e "s/127.0.0.1/${MASTER_IP}/g" /etc/rancher/k3s/k3s.yaml +sudo cp /etc/rancher/k3s/k3s.yaml /vagrant/k3s.yaml +sudo kubectl create secret tls loxilb-ssl --cert server.crt --key server.key -n kube-system -o yaml --dry-run >> loxilb-secret.yml +sed -i -e 's/tls.key/server.key/g' ./loxilb-secret.yml +sed -i -e 's/tls.crt/server.crt/g' ./loxilb-secret.yml +sed -i -e 's/kubernetes.io\/tls/Opaque/g' ./loxilb-secret.yml +sudo kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/experimental-install.yaml +sudo kubectl apply -f /vagrant/kube-loxilb.yaml +sudo kubectl apply -f loxilb-secret.yml +sudo kubectl apply -f /vagrant/ingress/loxilb-ingress-deploy.yml +sudo kubectl apply -f /vagrant/gatewayclass.yaml +sudo kubectl apply -f /vagrant/gateway.yaml +sudo kubectl apply -f /vagrant/tcpRoute.yaml +sudo kubectl apply -f /vagrant/udpRoute.yaml +sudo kubectl apply -f /vagrant/httpRoute.yaml +sudo kubectl apply -f /vagrant/httpsRoute.yaml +sleep 30 +/vagrant/wait_ready.sh diff --git a/cicd/k3s-flannel-loxilb-gwapi/rmconfig.sh b/cicd/k3s-flannel-loxilb-gwapi/rmconfig.sh new file mode 100755 index 00000000..f157b24b --- /dev/null +++ b/cicd/k3s-flannel-loxilb-gwapi/rmconfig.sh @@ -0,0 +1,3 @@ +#!/bin/bash +vagrant destroy -f master +vagrant destroy -f loxilb diff --git a/cicd/k3s-flannel-loxilb-gwapi/tcpRoute.yaml b/cicd/k3s-flannel-loxilb-gwapi/tcpRoute.yaml new file mode 100644 index 00000000..fa22ab4e --- /dev/null +++ b/cicd/k3s-flannel-loxilb-gwapi/tcpRoute.yaml @@ -0,0 +1,44 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tcproute-deployment + namespace: kube-system +spec: + selector: + matchLabels: + app: tcproute-pod + replicas: 2 + template: + metadata: + labels: + app: tcproute-pod + spec: + containers: + - name: tcproute-pod + image: ghcr.io/loxilb-io/nginx:stable + ports: + - containerPort: 8080 +--- +apiVersion: gateway.networking.k8s.io/v1alpha2 +kind: TCPRoute +metadata: + name: test-tcproute + namespace: kube-system + labels: + selectorkey: app + selectorvalue: tcproute-pod + serviceBehaviour: create + annotations: + ### https://loxilb-io.github.io/loxilbdocs/kube-loxilb/ + #loxilb.io/liveness: "yes" + loxilb.io/lbmode: "fullnat" +spec: + # find gateway and gateway's listener + parentRefs: + - name: test-gateway # name of gateway + namespace: kube-system + sectionName: tcp-listener # name of listener + rules: + - backendRefs: + - name: tcproute-lb-service + port: 80 diff --git a/cicd/k3s-flannel-loxilb-gwapi/udpRoute.yaml b/cicd/k3s-flannel-loxilb-gwapi/udpRoute.yaml new file mode 100644 index 00000000..5999ff22 --- /dev/null +++ b/cicd/k3s-flannel-loxilb-gwapi/udpRoute.yaml @@ -0,0 +1,44 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: udproute-deployment + namespace: kube-system +spec: + selector: + matchLabels: + app: udproute-pod + replicas: 2 + template: + metadata: + labels: + app: udproute-pod + spec: + containers: + - name: udproute-pod + image: ghcr.io/loxilb-io/udp-echo:latest + ports: + - containerPort: 33333 +--- +apiVersion: gateway.networking.k8s.io/v1alpha2 +kind: UDPRoute +metadata: + name: test-udproute + namespace: kube-system + labels: + selectorkey: app + selectorvalue: udproute-pod + serviceBehaviour: create + annotations: + ### https://loxilb-io.github.io/loxilbdocs/kube-loxilb/ + #loxilb.io/liveness: "yes" + loxilb.io/lbmode: "fullnat" +spec: + # find gateway and gateway's listener + parentRefs: + - name: test-gateway # name of gateway + namespace: kube-system + sectionName: udp-listener # name of listener + rules: + - backendRefs: + - name: udproute-lb-service + port: 33333 diff --git a/cicd/k3s-flannel-loxilb-gwapi/validation.sh b/cicd/k3s-flannel-loxilb-gwapi/validation.sh new file mode 100755 index 00000000..83ccb155 --- /dev/null +++ b/cicd/k3s-flannel-loxilb-gwapi/validation.sh @@ -0,0 +1,65 @@ +#!/bin/bash +source ../common.sh +echo k3s-loxi-gwapi + +if [ "$1" ]; then + KUBECONFIG="$1" +fi + +# Set space as the delimiter +IFS=' ' + +#sleep 45 + +echo -e "\n\nGateway Info\n" +vagrant ssh master -c 'sudo kubectl get gateway -A' 2> /dev/null +echo -e "\n\nTCPRoute Info\n" +vagrant ssh master -c 'sudo kubectl get tcproute -A' 2> /dev/null +echo -e "\n\nUDPRoute Info\n" +vagrant ssh master -c 'sudo kubectl get udproute -A' 2> /dev/null +echo -e "\n\nHTTPRoute Info\n" +vagrant ssh master -c 'sudo kubectl get httproute -A' 2> /dev/null +echo -e "\n\nService Info\n" +vagrant ssh master -c 'sudo kubectl get svc -A' 2> /dev/null +echo -e "\n\nEP Info\n" +vagrant ssh master -c 'sudo kubectl get ep -A' 2> /dev/null +echo -e "\n\nIngress Info\n" +vagrant ssh master -c 'sudo kubectl get ingress -A' 2> /dev/null +echo -e "\n\nLB service Info\n" +vagrant ssh loxilb -c 'sudo docker exec -i loxilb loxicmd get lb -o wide' 2> /dev/null +echo -e "\n\nLB ep Info\n" +vagrant ssh loxilb -c 'sudo docker exec -i loxilb loxicmd get ep -o wide' 2> /dev/null +echo -e "\n\n" +out=$(curl -s http://192.168.80.90:21818) +if [[ ${out} == *"Welcome to nginx"* ]]; then + echo -e "k3s-loxi-gwapi tcpRoute \t\t[OK]" +else + echo -e "k3s-loxi-gwapi tcpRoute \t\t[FAILED]" + code=1 +fi + +out=$(timeout 10 ../common/udp_client 192.168.80.90 21819) +if [[ ${out} == *"Client"* ]]; then + echo -e "k3s-loxi-gwapi udpRoute \t\t[OK]" +else + echo -e "k3s-loxi-gwapi udpRoute \t\t[FAILED]" + code=1 +fi + +out=$(curl -s --connect-timeout 30 -H "Application/json" -H "Content-type: application/json" -H "HOST: test.loxilb.gateway.http" http://192.168.80.90:80) +if [[ ${out} == *"Welcome to nginx"* ]]; then + echo -e "k3s-loxi-gwapi httpRoute \t\t[OK]" +else + echo -e "k3s-loxi-gwapi httpRoute \t\t[FAILED]" + code=1 +fi + +out=$(curl -s --connect-timeout 30 -H "Application/json" -H "Content-type: application/json" -H "HOST: test.loxilb.gateway.https" --insecure https://192.168.80.90:443) +if [[ ${out} == *"Welcome to nginx"* ]]; then + echo -e "k3s-loxi-gwapi httpRoute(https) \t[OK]" +else + echo -e "k3s-loxi-gwapi httpRoute(https) \t[FAILED]" + code=1 +fi + +exit $code diff --git a/cicd/k3s-flannel-loxilb-gwapi/wait_ready.sh b/cicd/k3s-flannel-loxilb-gwapi/wait_ready.sh new file mode 100755 index 00000000..3736a1ba --- /dev/null +++ b/cicd/k3s-flannel-loxilb-gwapi/wait_ready.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +function wait_cluster_ready_full { + sudo kubectl wait pod --all --for=condition=Ready --namespace=kube-system --timeout=240s + sudo kubectl wait pod --all --for=condition=Ready --namespace=default --timeout=60s +} + +wait_cluster_ready_full