Skip to content

Commit

Permalink
refactor: improve performance and functionality
Browse files Browse the repository at this point in the history
- Designed and implemented an in-memory cache to determine namespace exclusion status. This optimization replaces the previous, less efficient method of performing list operations on ciliumNetworkPolicy and networkPolicy, as well as get operations on event namespace in each reconcile loop.
- Added functionality to check the MetalLB annotation `metallb.universe.tf/address-pool: vpn-access` in Service objects. This determines if a service should be exposed, and if so, adds the necessary rule to its associated CNP object. This change enhances service-level operation handling.
- Updated the cilium Go package to integrate with the latest changes, ensuring compatibility and improved performance.
  • Loading branch information
ssttehrani committed Dec 3, 2023
1 parent f03f3d5 commit 32aa054
Show file tree
Hide file tree
Showing 13 changed files with 1,271 additions and 278 deletions.
19 changes: 19 additions & 0 deletions cmd/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ limitations under the License.
package main

import (
"context"
"flag"
"os"

Expand All @@ -25,11 +26,13 @@ import (
_ "k8s.io/client-go/plugin/pkg/client/auth"

ciliumv2 "github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2"
corev1 "k8s.io/api/core/v1"
networkingv1 "k8s.io/api/networking/v1"
"k8s.io/apimachinery/pkg/runtime"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
clientgoscheme "k8s.io/client-go/kubernetes/scheme"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/healthz"
"sigs.k8s.io/controller-runtime/pkg/log/zap"

Expand Down Expand Up @@ -106,6 +109,22 @@ func main() {
os.Exit(1)
}

if err := mgr.GetFieldIndexer().IndexField(
context.Background(),
&corev1.Service{},
"spec.type",
func(object client.Object) []string {
service, ok := object.(*corev1.Service)
if !ok {
return []string{}
}

return []string{string(service.Spec.Type)}
}); err != nil {
setupLog.Error(err, "failed to create index for .spec.type", "controller", "Service")
os.Exit(1)
}

reconcilerExtended := controller.NewReconcilerExtended(mgr)

if err = reconcilerExtended.SetupWithManager(mgr); err != nil {
Expand Down
4 changes: 2 additions & 2 deletions deploy/charts/svc-lb-to-cilium-netpolicy-operator/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,9 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 1.0.2
version: 1.0.3
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.0.0"
appVersion: "1.1.0"
18 changes: 10 additions & 8 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,7 @@ module github.com/snapp-incubator/svc-lb-to-cilium-netpolicy
go 1.21.0

require (
github.com/cilium/cilium v1.13.1
github.com/fsnotify/fsnotify v1.6.0
github.com/cilium/cilium v1.14.4
github.com/go-logr/logr v1.2.4
github.com/onsi/ginkgo/v2 v2.12.0
github.com/onsi/gomega v1.27.10
Expand All @@ -13,7 +12,6 @@ require (
k8s.io/api v0.28.1
k8s.io/apimachinery v0.28.1
k8s.io/client-go v0.28.1
k8s.io/kubernetes v1.28.1
sigs.k8s.io/controller-runtime v0.15.1
)

Expand All @@ -22,10 +20,12 @@ require (
github.com/beorn7/perks v1.0.1 // indirect
github.com/blang/semver/v4 v4.0.0 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/cilium/ebpf v0.10.1-0.20230626090016-654491c8a500 // indirect
github.com/cilium/proxy v0.0.0-20230623092907-8fddead4e52c // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/emicklei/go-restful/v3 v3.10.2 // indirect
github.com/evanphx/json-patch/v5 v5.6.0 // indirect
github.com/fsnotify/fsnotify v1.6.0 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-logr/zapr v1.2.4 // indirect
github.com/go-ole/go-ole v1.2.6 // indirect
Expand All @@ -48,6 +48,7 @@ require (
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect
github.com/google/uuid v1.3.0 // indirect
github.com/hashicorp/golang-lru/v2 v2.0.4 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/imdario/mergo v0.3.12 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
Expand All @@ -74,7 +75,7 @@ require (
github.com/prometheus/client_model v0.4.0 // indirect
github.com/prometheus/common v0.44.0 // indirect
github.com/prometheus/procfs v0.11.0 // indirect
github.com/rogpeppe/go-internal v1.10.0 // indirect
github.com/rogpeppe/go-internal v1.11.0 // indirect
github.com/sasha-s/go-deadlock v0.3.1 // indirect
github.com/shirou/gopsutil/v3 v3.23.5 // indirect
github.com/sirupsen/logrus v1.9.3 // indirect
Expand All @@ -93,14 +94,15 @@ require (
go.opentelemetry.io/otel v1.16.0 // indirect
go.opentelemetry.io/otel/metric v1.16.0 // indirect
go.opentelemetry.io/otel/trace v1.16.0 // indirect
go.uber.org/dig v1.17.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.25.0 // indirect
golang.org/x/net v0.14.0 // indirect
golang.org/x/net v0.17.0 // indirect
golang.org/x/oauth2 v0.8.0 // indirect
golang.org/x/sync v0.3.0 // indirect
golang.org/x/sys v0.11.0 // indirect
golang.org/x/term v0.11.0 // indirect
golang.org/x/text v0.12.0 // indirect
golang.org/x/sys v0.13.0 // indirect
golang.org/x/term v0.13.0 // indirect
golang.org/x/text v0.13.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 // indirect
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
Expand Down
Loading

0 comments on commit 32aa054

Please sign in to comment.