-
Notifications
You must be signed in to change notification settings - Fork 11
Add usage doc for Network and LoadBalancer
#1215
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
afritzler
merged 3 commits into
ironcore-dev:main
from
opensovereigncloud:osc/enh/doc_networking
Jan 17, 2025
Merged
Changes from all commits
Commits
Show all changes
3 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1,64 @@ | ||
| # LoadBalancer | ||
|
|
||
| A `LoadBalancer` resource is an L3(IP-based) load balancer service implementation provided by Ironcore. It provides an externally accessible IP address that sends traffic to the correct port on your cluster nodes. Ironcore LoadBalancer allows targeting multiple `NetworkInterfaces` and distributes traffic between them. This LoadBalancer supports dual stack IP addresses (IPv4/IPv6). | ||
|
|
||
| ## Example Network Resource | ||
| An example of how to define a `LoadBalancer` resource in `Ironcore` | ||
| ``` | ||
| apiVersion: networking.ironcore.dev/v1alpha1 | ||
| kind: LoadBalancer | ||
| metadata: | ||
| namespace: default | ||
| name: loadbalancer-sample | ||
| spec: | ||
| type: Public | ||
| ipFamilies: [IPv4] | ||
| networkRef: | ||
| name: network-sample | ||
| networkInterfaceSelector: | ||
| matchLabels: | ||
| app: web | ||
| ports: | ||
| - port: 80 | ||
|
|
||
| ``` | ||
| (`Note`: Refer to <a href="https://github.com/ironcore-dev/ironcore/tree/main/config/samples/e2e/loadbalancer-public">E2E Examples</a> for more detailed examples.) | ||
|
|
||
| # Key Fields: | ||
| - `type`(`string`): The type of `LoadBalancer`. Currently two types of `Loadbalancer` are supported: | ||
| - `Public`: LoadBalancer that allocates public IP and routes a stable public IP. | ||
| - `Internal`: LoadBalancer that allocates and routes network-internal, stable IPs. | ||
| - `ipFamilies`(`list`): ipFamilies are the IP families the LoadBalancer should have(Supported values are `IPv4` and `IPv6`). | ||
| - `ips`(`list`): The ips are the list of IPs to use. This can only be used when the type is LoadBalancerTypeInternal. | ||
| - `networkRef`(`string`): networkRef is the Network this LoadBalancer should belong to. | ||
| - `networkInterfaceSelector`(`labelSelector`): networkInterfaceSelector defines the NetworkInterfaces for which this LoadBalancer should be applied | ||
| - `ports`(`list`): ports are the list of LoadBalancer ports should allow | ||
| - `protocol`(`string`): protocol is the protocol the load balancer should allow. Supported protocols are `UDP`, `TCP`, and `SCTP`, if not specified defaults to TCP. | ||
| - `port`(`int`): port is the port to allow. | ||
| - `endPort`(`int`): endPort marks the end of the port range to allow. If unspecified, only a single port `port` will be allowed. | ||
|
|
||
| # Reconciliation Process: | ||
|
|
||
| - **NetworkInterfaces selection**: LoadBalancerController continuously watches for `LoadBalancer` resources and reconciles. LoadBalancer resource dynamically selects multiple target `NetworkInterfaces` via a `networkInterfaceSelector` LabelSelector from the spec. Once the referenced Network is in `Available` state, the Loadbalancer destination IP list and referencing `NetworkInterface` is prepared by iterating over selected NetworkIntrefaces status information. | ||
|
|
||
| - **Preparing Routing State Object**: Once the destination list is available `LoadBalancerRouting` resource is created. `LoadBalancerRouting` describes `NetworkInterfaces` load balanced traffic is routed to. This object describes the state of the LoadBalancer and results of the LoadBalancer definition specifically `networkInterfaceSelector` and `networkRef`. | ||
| Later this information is used at the Ironcore API level to describe the explicit targets in a pool traffic is routed to. | ||
|
|
||
| Sample `LoadBalancerRouting` object(`Note`: it is created by LoadBalancerController) | ||
| ``` | ||
| apiVersion: networking.ironcore.dev/v1alpha1 | ||
| kind: LoadBalancerRouting | ||
| metadata: | ||
| namespace: default | ||
| name: loadbalancer-sample # Same name as the load balancer it originates from. | ||
| # networkRef references the exact network object the routing belongs to. | ||
| networkRef: | ||
| name: network-sample | ||
| # destinations list the target network interface instances (including UID) for load balancing. | ||
| destinations: | ||
| - name: my-machine-interface-1 | ||
| uid: 2020dcf9-e030-427e-b0fc-4fec2016e73a | ||
| - name: my-machine-interface-2 | ||
| uid: 2020dcf9-e030-427e-b0fc-4fec2016e73d | ||
| ``` | ||
| **LoadBalancer status update**: The `LoadBalancerController` in ironcore-net takes care of allocating IPs for defined `ipFamilies` in the spec and updates them in its `status.ips`. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1,42 @@ | ||
| # Network | ||
|
|
||
| A `Network` resource in `Ironcore` refers to a logically isolated network. | ||
| This further allows you to fully control your networking environment, including resource placement, connectivity, peering and security. | ||
| The `NetworkController` reconciler leverages this information to create a Network in Ironcore infrastructure. | ||
| `Machine` type is provided with provision to integrate with the Network via `NetworkInterface`. | ||
|
|
||
| ## Example Network Resource | ||
| An example of how to define a `Network` resource in `Ironcore` | ||
| ``` | ||
| apiVersion: networking.ironcore.dev/v1alpha1 | ||
| kind: Network | ||
| metadata: | ||
| name: network-sample | ||
| spec: | ||
| peerings: | ||
| - name: peering1 | ||
| networkRef: | ||
| name: network-sample2 | ||
| ``` | ||
|
|
||
| # Key Fields: | ||
| - `providerID`(`string`): providerID is the provider-internal ID of the network. | ||
| - `peerings`(`list`): peerings are the list of network peerings with this network(Optional). | ||
| - `incomingPeerings`(`list`): incomingPeerings is a list of PeeringClaimRefs which is nothing but peering claim references of other networks. | ||
|
|
||
| # Reconciliation Process: | ||
|
|
||
| - **Network creation**: `ironcore-net` which is the network provider for Ironcore realizes the `Network` resource via `apinetlet` controllers. When an Ironcore `Network` is created, a corresponding `core.apinet.ironcore.dev/Network` is created in the apinet cluster. The name of the Network in the apinet cluster is the uid of the Network in the Ironcore cluster. | ||
|
|
||
| Once created and with an allocated ID, the Ironcore Network will be patched with the corresponding provider ID of the apinet Network and set to state: Available. The provider ID format & parsing can be found in provider.go. | ||
| Once resource is in available state status is marked to `Available`. The format of a network provider ID is as follows: | ||
| `ironcore-net://<namespace>/<name>/<id>/<uid>` | ||
|
|
||
| - **Network peering process**: Network peering is a technique used to interleave two isolated networks, allowing members of both networks to communicate with each | ||
| other as if they were in the same networking domain, `NetworkPeeringController` facilitates this process. | ||
| - Information related to the referenced `Network` to be paired with is retrieved from the `peering` part of the spec. | ||
| - Validation is done to see if both Networks have specified a matching peering item (i.e. reference each other via `networkRef`) to mutually accept the peering. | ||
| - The (binding) phase of a `spec.peerings` item is reflected in a corresponding `status.peerings` item with the same name. | ||
| The phase can either be `Pending`, meaning there is no active peering or `Bound` meaning the peering as described in the `spec.peerings` item is in place. | ||
|
|
||
| - **Network Release Controller**: `NetworkReleaseController` continuously checks if claiming Networks in other Network's peerings section still exist if not present it will be removed from the `incomingPeerings` list. | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.