Huifeng Le [Wed, 22 Dec 2021 05:50:14 +0000 (05:50 +0000)]
Merge "Enable QAT and document for it."
Le Yao [Tue, 14 Dec 2021 04:32:58 +0000 (04:32 +0000)]
Enable QAT and document for it.
Enable QAT with LKCF mode in openwrt.
Guide for IPSec accelerated by QAT.
Change-Id: I8f2d5d0a3e2dce9fafde65bab8055201efa24418
Signed-off-by: Le Yao <le.yao@intel.com>
Huifeng Le [Tue, 21 Dec 2021 09:20:16 +0000 (09:20 +0000)]
Merge "New changes in CNF"
Ruoyu Ying [Mon, 20 Dec 2021 14:43:28 +0000 (09:43 -0500)]
New changes in CNF
* Update updown scripts for edge/hub
* Upload rest of the changes in config resolution
Change-Id: Ied71d169c167cfd3b4e4b8ce44024d5d44258e81
Signed-off-by: Ruoyu Ying <ruoyu.ying@intel.com>
Le Yao [Wed, 15 Dec 2021 02:23:07 +0000 (02:23 +0000)]
Create helm chart for cnf and crd controller
Create helm chart for CNF and CRD controller.
Add example configuration file for deployment.
Guide to deploy the helm.
Signed-off-by: Le Yao <le.yao@intel.com>
Change-Id: I3982a4c17ed5f1d4fa00de865fefdda83f2a7470
Le Yao [Wed, 8 Dec 2021 05:58:45 +0000 (05:58 +0000)]
Patch based on the make generate and fmt
Signed-off-by: Le Yao <le.yao@intel.com>
Change-Id: I9c28b7eace19430988ce928ca43d13c6b81a3759
Huifeng Le [Mon, 29 Nov 2021 14:31:30 +0000 (22:31 +0800)]
Add support for NAT and LocalService
Update implementation for route and rule
Signed-off-by: Huifeng Le <huifeng.le@intel.com>
Change-Id: I314ab5fbdfec3c1b7bda5e61d373ddfd1ea57bad
Signed-off-by: Huifeng Le <huifeng.le@intel.com>
Le Yao [Fri, 24 Sep 2021 02:05:52 +0000 (02:05 +0000)]
Update base image to openwrt1907
Signed-off-by: Le Yao <le.yao@intel.com>
Change-Id: I6787fb78b1890fd0616766535f7f110f56f41bf0
Huifeng Le [Wed, 25 Aug 2021 03:33:05 +0000 (03:33 +0000)]
Merge "Istio integration guide"
Le Yao [Thu, 29 Jul 2021 05:56:52 +0000 (05:56 +0000)]
Istio integration guide
Signed-off-by: Le Yao <le.yao@intel.com>
Change-Id: I86eb9fe690d898996fb3701ec089f57ac24c19d3
Huifeng Le [Sat, 7 Aug 2021 03:34:44 +0000 (11:34 +0800)]
Remove dependency on MinIO
Signed-off-by: Huifeng Le <huifeng.le@intel.com>
Change-Id: Ife667fa1ea887e8ddd47f012c98ccd4d2807839f
Signed-off-by: Huifeng Le <huifeng.le@intel.com>
Huifeng Le [Sat, 7 Aug 2021 03:22:08 +0000 (03:22 +0000)]
Merge "Update the license"
Ruoyu [Thu, 5 Aug 2021 02:58:52 +0000 (10:58 +0800)]
Fix number of issues
- Change dependency rules set for hub-device connection
- Fix 'type' issue in ipsec.lua
- First change the updown script to create concrete vti tunnels
Change-Id: Iab381c4768240cebcf5eaff5d221349304c7bbaa
Signed-off-by: Ruoyu <ruoyu.ying@intel.com>
Huifeng Le [Wed, 4 Aug 2021 05:56:46 +0000 (13:56 +0800)]
Update the license
Signed-off-by: Huifeng Le <huifeng.le@intel.com>
Change-Id: I19b58e16ebcdc46c5a9a7b1cfc8b7c1502f49ab7
Le Yao [Fri, 9 Jul 2021 05:50:17 +0000 (05:50 +0000)]
Fix go sync null pointer bug
Signed-off-by: Le Yao <le.yao@intel.com>
Change-Id: I6e422a502be3ab10786cc72df9e363625d9c209f
Le Yao [Wed, 23 Jun 2021 08:03:14 +0000 (08:03 +0000)]
Integrate the latest cnf and crd code change
Enhance the crd controller and sdewan cnf
Signed-off-by: Le Yao <le.yao@intel.com>
Change-Id: I05f4da221e923638520d89704d85acd029d9bf97
Huifeng Le [Fri, 18 Jun 2021 01:33:20 +0000 (01:33 +0000)]
Merge "Fix IpRange amd meta check"
Le Yao [Tue, 15 Jun 2021 06:45:32 +0000 (06:45 +0000)]
Fix IpRange amd meta check
Signed-off-by: Le Yao <le.yao@intel.com>
Change-Id: Ib6be76a352ac63ae7cf18f572cf8b44ea0b50de3
Huifeng Le [Tue, 15 Jun 2021 04:18:36 +0000 (12:18 +0800)]
CLI support
Add ewoctl to support configure overlay controller through command line.
Signed-off-by: Huifeng Le <huifeng.le@intel.com>
Change-Id: I2d9c9370f561e45a84c8f2bb72181ae8dfa32b32
Le Yao [Wed, 9 Jun 2021 03:00:15 +0000 (03:00 +0000)]
Add CNF status query based on latest rsync
Signed-off-by: Le Yao <le.yao@intel.com>
Change-Id: Idd63fab9c59311f96a84caf4ca645d16a477730b
Le Yao [Mon, 24 May 2021 05:52:14 +0000 (05:52 +0000)]
Fix the entrypoint typo
Signed-off-by: Le Yao <le.yao@intel.com>
Change-Id: I4391bfa8a9bbd58fd687f489ba0ebb5b1e49be47
Ruoyu [Tue, 23 Mar 2021 07:11:46 +0000 (15:11 +0800)]
Add Overlay Controller into icn-sdwan repo
*Add base code for Overlay Controller
Signed-off-by: Ruoyu <ruoyu.ying@intel.com>
Change-Id: I4177c0b5c769ceb57399ab67acd7e1a56e7910da
Ruoyu [Thu, 4 Feb 2021 17:29:56 +0000 (12:29 -0500)]
Fix VTI support in cnf
* Add base64 decoding for cert
* Repair public key authentication
Signed-off-by: Ruoyu Ying <ruoyu.ying@intel.com>
Change-Id: I6c68143f067731118b6e175fb3523d823f26b708
Signed-off-by: Ruoyu Ying <ruoyu.ying@intel.com>
Huifeng Le [Thu, 4 Feb 2021 02:16:16 +0000 (02:16 +0000)]
Merge "Implement Route CR controller"
Huifeng Le [Thu, 4 Feb 2021 02:13:18 +0000 (02:13 +0000)]
Merge "Implement Route RESTful API"
Le Yao [Fri, 15 Jan 2021 07:32:23 +0000 (07:32 +0000)]
Implement Route CR controller
The Route CR controller handles the Route resource and call CNF Route
RESTful API to add/update/delete/get the route rule.
Signed-off-by: Le Yao <le.yao@intel.com>
Change-Id: I95871e1e95ccacf5790697d2e5105448f630aac2
Le Yao [Thu, 14 Jan 2021 07:54:13 +0000 (07:54 +0000)]
Implement Route RESTful API
Offer the Route add/del/replace APIs for users
Signed-off-by: Le Yao <le.yao@intel.com>
Change-Id: I43c44f0de048e40a254cab370a872616ecd28ad2
Huifeng Le [Thu, 14 Jan 2021 07:24:15 +0000 (15:24 +0800)]
CNFStatus CRD Controller
Add CNFStatus CRD controller to query CNF status periodically
Signed-off-by: Huifeng Le <huifeng.le@intel.com>
Change-Id: I86a7fca4fd9248a22cadda30babde4346ea29bd8
Signed-off-by: Huifeng Le <huifeng.le@intel.com>
Change-Id: Ie5ed1f5d5ad87c367ad0a3342105515a44725558
Signed-off-by: Huifeng Le <huifeng.le@intel.com>
Huifeng Le [Thu, 14 Jan 2021 05:31:45 +0000 (05:31 +0000)]
Merge "Add API for CNF's status information query"
Le Yao [Thu, 14 Jan 2021 04:56:11 +0000 (04:56 +0000)]
Register service and applicaion CR to webhook
Register new CRs to Webhook
Fix some typo errors
Signed-off-by: Le Yao <le.yao@intel.com>
Change-Id: I7a0556cf9877769b55f41598cfdca9df182b94d1
Huifeng Le [Thu, 7 Jan 2021 06:48:45 +0000 (06:48 +0000)]
Add API for CNF's status information query
Signed-off-by: Huifeng Le <huifeng.le@intel.com>
Change-Id: Ieb564cfda4cabb8994a311f0fc6a47ecf337da29
Signed-off-by: Huifeng Le <huifeng.le@intel.com>
Huifeng Le [Thu, 7 Jan 2021 03:03:08 +0000 (03:03 +0000)]
Merge "Add watch to cnf service controller"
Huifeng Le [Thu, 7 Jan 2021 03:02:14 +0000 (03:02 +0000)]
Merge "Add watch mechanism for pod to auto sync"
Le Yao [Wed, 6 Jan 2021 08:08:03 +0000 (08:08 +0000)]
Add watch to cnf service controller
Watch the CNF deployment status and sync
Signed-off-by: Le Yao <le.yao@intel.com>
Change-Id: I8cb9593e5da54bbd8662ca64ee246c107e3ecd4c
Le Yao [Fri, 25 Dec 2020 08:35:59 +0000 (08:35 +0000)]
Enhance CNF Application RESTful API
Handle NULL cases and enhance the Application reconcile workload
Signed-off-by: Le Yao <le.yao@intel.com>
Change-Id: I783a2f47743b3bdf64165f25dcbdbcef889c9f8e
Le Yao [Tue, 15 Dec 2020 08:46:57 +0000 (08:46 +0000)]
Add watch mechanism for pod to auto sync
Sync status and reconcile when pod status change
Signed-off-by: Le Yao <le.yao@intel.com>
Change-Id: Icad1caf52e43d25106753c02525e1eaceb449ba2
Huifeng Le [Tue, 15 Dec 2020 08:44:28 +0000 (08:44 +0000)]
Merge "Application CR implemention"
Le Yao [Fri, 27 Nov 2020 08:25:29 +0000 (08:25 +0000)]
Implement Application RESTful API
The API is used to add ip rules for Application in CNF
Signed-off-by: Le Yao <le.yao@intel.com>
Change-Id: I82bc0a428cc1edb8d193d8ab0bf74fc52e0715c1
Huifeng Le [Tue, 15 Dec 2020 08:01:58 +0000 (08:01 +0000)]
Merge "Handle some un-covered errors"
Huifeng Le [Tue, 15 Dec 2020 08:00:57 +0000 (08:00 +0000)]
Merge "Update the license to Apache License 2.0"
Huifeng Le [Fri, 11 Dec 2020 15:03:01 +0000 (15:03 +0000)]
Merge "Create Non-root user in CNF"
Le Yao [Mon, 23 Nov 2020 06:15:36 +0000 (06:15 +0000)]
Application CR implemention
Implement Application CR and CR controller.
Call Application RESTful API to add rules for Application deployment.
Handle missing errors.
Signed-off-by: Le Yao <le.yao@intel.com>
Change-Id: I425f431bea20f372dc95cde1439259ad29e93773
Huifeng Le [Fri, 4 Dec 2020 08:51:52 +0000 (08:51 +0000)]
Merge "Add README for e2e test"
Ruoyu [Fri, 4 Dec 2020 11:20:31 +0000 (06:20 -0500)]
Add README for e2e test
Add README to e2e test folder
Signed-off-by: Ruoyu <ruoyu.ying@intel.com>
Change-Id: I94482aaf3fc8051861edac6376fadf1e9bd1c865
Signed-off-by: Ruoyu <ruoyu.ying@intel.com>
Huifeng Le [Fri, 4 Dec 2020 08:50:49 +0000 (08:50 +0000)]
Merge "Apply changes of installer.sh"
Ruoyu [Tue, 1 Dec 2020 11:17:15 +0000 (06:17 -0500)]
Apply changes of installer.sh
Apply changes to installer.sh
to fix kubespray issue
Change-Id: Ib63e34f6f47b090802149e8ec3ba6e22dd390747
Signed-off-by: Ruoyu <ruoyu.ying@intel.com>
Kuralamudhan Ramakrishnan [Thu, 3 Dec 2020 04:38:15 +0000 (20:38 -0800)]
update readme
Signed-off-by: Kuralamudhan R <kuralamudhan.ramakrishnan@intel.com>
Change-Id: Ib43e852503addf0bf2af7154c78d6ff915304d27
Kuralamudhan Ramakrishnan [Thu, 3 Dec 2020 04:27:51 +0000 (20:27 -0800)]
adding validation and end2end test results
Signed-off-by: Kuralamudhan R <kuralamudhan.ramakrishnan@intel.com>
Change-Id: I43bacb5a9769d6c45689f042371eee3e92dce6d5
Kuralamudhan Ramakrishnan [Thu, 3 Dec 2020 03:59:42 +0000 (19:59 -0800)]
adding markdown fixes
Signed-off-by: Kuralamudhan R <kuralamudhan.ramakrishnan@intel.com>
Change-Id: I20ceb6ae8961344585be165602da2111907c65dc
Kuralamudhan Ramakrishnan [Thu, 3 Dec 2020 03:51:00 +0000 (19:51 -0800)]
update readme
Signed-off-by: Kuralamudhan R <kuralamudhan.ramakrishnan@intel.com>
Change-Id: I9b7e25ba79a6d340c328aed4607bd7acbea84499
Kuralamudhan Ramakrishnan [Thu, 3 Dec 2020 02:47:00 +0000 (18:47 -0800)]
adding contributing documents
Signed-off-by: Kuralamudhan R <kuralamudhan.ramakrishnan@intel.com>
Change-Id: I556ec1a67f3051cbfee2fbf39320a66a59c485ca
Le Yao [Wed, 2 Dec 2020 07:12:57 +0000 (07:12 +0000)]
Update the license to Apache License 2.0
Change to Apache License 2.0
Add copyright info
Signed-off-by: Le Yao <le.yao@intel.com>
Change-Id: I725ac47c82405429d5157f485ea7a229b6e63f2a
Le Yao [Tue, 1 Dec 2020 08:44:15 +0000 (08:44 +0000)]
Handle some un-covered errors
Response error code and message to client
Signed-off-by: Le Yao <le.yao@intel.com>
Change-Id: I326ccb7411ba938f37da53e57b206c4800bca2e2
Le Yao [Tue, 1 Dec 2020 05:40:01 +0000 (05:40 +0000)]
Create Non-root user in CNF
Create a non-root user wrt with privilege in CNF
Signed-off-by: Le Yao <le.yao@intel.com>
Change-Id: I083ef1fa6ea5853bb2e9eb0320c4b6a2d7034e5e
Huifeng Le [Tue, 1 Dec 2020 02:45:10 +0000 (02:45 +0000)]
Merge "Add api-server SNAT rule and enable forward"
Le Yao [Fri, 27 Nov 2020 05:54:11 +0000 (05:54 +0000)]
Fix helm issue from v2 to v3
Update the scripts to use helm v3
Signed-off-by: Le Yao <le.yao@intel.com>
Change-Id: I79496e1a92e00a9ce60ceac789e81f007dd208c0
Le Yao [Wed, 18 Nov 2020 06:28:22 +0000 (06:28 +0000)]
Add api-server SNAT rule and enable forward
Add the SNAT rule for api-server
Enable net.ipv4.ip_forward in CNF
Signed-off-by: Le Yao <le.yao@intel.com>
Change-Id: If31a6d8070d922a1f3e70bb94f85f349b3682379
Huifeng Le [Fri, 30 Oct 2020 08:19:07 +0000 (08:19 +0000)]
Merge "Add OpenAPI definition for Central Controller"
Huifeng Le [Thu, 29 Oct 2020 06:41:34 +0000 (06:41 +0000)]
Merge "Update the firewall restart script"
Huifeng Le [Thu, 29 Oct 2020 06:37:19 +0000 (06:37 +0000)]
Merge "Service CR implemention"
Huifeng Le [Thu, 29 Oct 2020 06:29:22 +0000 (14:29 +0800)]
Add OpenAPI definition for Central Controller
Signed-off-by: Huifeng Le <huifeng.le@intel.com>
Change-Id: Id4cd1ff4e53b2435aa30a116495f88931983a053
Huifeng Le [Tue, 13 Oct 2020 02:18:11 +0000 (02:18 +0000)]
Merge "Implement Service RESTful API for hub"
Yao Le [Thu, 17 Sep 2020 04:25:47 +0000 (04:25 +0000)]
Implement Service RESTful API for hub
The API handles service POST, GET and DELETE call
Signed-off-by: Yao Le <le.yao@intel.com>
Change-Id: I2e75f1ae0d7a33b58c620f5637b36994fecc7381
Yao Le [Sun, 27 Sep 2020 08:29:44 +0000 (08:29 +0000)]
Service CR implemention
When apply a Service CR, the controller will call service RESTful API
to configure iptables in CNF.
Signed-off-by: Yao Le <le.yao@intel.com>
Change-Id: Ifb645c7d0712b9719a72c09623cba9f7fe778459
Yao Le [Mon, 21 Sep 2020 03:08:44 +0000 (03:08 +0000)]
Update the firewall restart script
Get the service IP and configuration
Config the service iptables NAT rules
Signed-off-by: Yao Le <le.yao@intel.com>
Change-Id: I74bd5236f4e56ea9d20e7eee6d4210e1ab04e0c0
Huifeng Le [Wed, 23 Sep 2020 08:31:57 +0000 (16:31 +0800)]
Add license header
Change-Id: I10c93df1a3be146a1c0e3c1eb717bdfa368d3e09
Signed-off-by: Huifeng Le <huifeng.le@intel.com>
Ruoyu [Wed, 5 Aug 2020 07:26:43 +0000 (15:26 +0800)]
Minor updates for cnf
* Update the configmap for cnf
* Change default values set for dpd
* Add length check for zone name
Change-Id: Ic0d8fcca36aca2f712354ed3c03ae0e7ae961b43
Signed-off-by: Ruoyu <ruoyu.ying@intel.com>
Yao Le [Tue, 4 Aug 2020 03:16:11 +0000 (03:16 +0000)]
A service controller integrated with the watch
A watch to monitor the changes of the service cluster IP and restart the
firewall in CNF.
A controller to hold the watch function and monitor the potential CRs.
Signed-off-by: Yao Le <le.yao@intel.com>
Change-Id: I46e08e0403debd03e7f6bf7bf16507a0760382b7
Ruoyu [Thu, 23 Jul 2020 01:48:01 +0000 (09:48 +0800)]
Minor changes for Istio configuration
*Apply minor changes for remote access to Istio ingress
Change-Id: I650e57041c317fcf91c674b4ed4fd93ef3cb30df
Huifeng Le [Mon, 20 Jul 2020 06:45:27 +0000 (06:45 +0000)]
Merge "Support e2e test thru CRs"
Ruoyu [Sun, 28 Jun 2020 05:22:40 +0000 (13:22 +0800)]
Support e2e test thru CRs
* Installing the CNF and the controller with helm charts
* Applying the firewall and IPsec configs thru CRs
* Adding default policies to enable remote access to api server and Istio ingress
Issue-ID: ICN-390
Change-Id: I7c5ca03829ad1a7c3c90bc4edb5921ec60d4e530
Signed-off-by: Ruoyu <ruoyu.ying@intel.com>
chengli3 [Wed, 1 Jul 2020 00:22:18 +0000 (00:22 +0000)]
Update sdewan readme file
Marking the cnf watchting task as finished
Signed-off-by: chengli3 <cheng1.li@intel.com>
Change-Id: I81451b4a5aea38d27f1969d9852fb96775eb5516
Yao Le [Wed, 17 Jun 2020 08:40:10 +0000 (08:40 +0000)]
Apply the watch function to all controllers
Add the necessray watch for all CRs and the associated CNFs
Signed-off-by: Yao Le <le.yao@intel.com>
Change-Id: I52e53afbdcc4034820a6db90c6dd2502b8e31692
Cheng Li [Wed, 17 Jun 2020 05:43:48 +0000 (05:43 +0000)]
Merge "Add watch for CR and CNF"
Cheng Li [Wed, 17 Jun 2020 02:53:22 +0000 (02:53 +0000)]
Merge "Add CRD for IpsecSite"
root [Tue, 16 Jun 2020 09:09:49 +0000 (09:09 +0000)]
Add CRD for IpsecSite
* Add changes for another IPSec crd: IpsecSite
Issue-ID: ICN-289
Change-Id: I9c76c28ec22640b0089e0bc097a316af68b6fd19
Signed-off-by: Ruoyu <ruoyu.ying@intel.com>
Ruoyu [Thu, 4 Jun 2020 13:23:02 +0000 (21:23 +0800)]
Upgrade k8s version in e2e script
Issue-ID: ICN-314
Signed-off-by: Ruoyu<ruoyu.ying@intel.com>
Change-Id: I0878e5451a05ce0ffad2a99bd53247c1c670a93a
Yao Le [Thu, 4 Jun 2020 16:13:27 +0000 (00:13 +0800)]
Add watch for CR and CNF
Watch the CNF status and push the related CR requests to queue.
Signed-off-by: Yao Le <le.yao@intel.com>
Change-Id: Id3adaf68b860efefdb00ffe5620aef11b9aa787f
chengli3 [Fri, 12 Jun 2020 08:33:30 +0000 (08:33 +0000)]
Prevent updating CNF and CR sdewanpuporse label
In sdewan, we use label 'sdewanpurpose' to identify a cnf and to match
with CRs. Updating cnf sdewanpurpose label value means that deleting old
cnf and creating a new cnf. But K8s can only receive an "UPDATE" event,
reconcile can only get the current info of the CNF, no previous label
value. So it can't remove the old rules.
This patch is to prevent updating CNF and CR sdewanpurpose label for
simplify.
Signed-off-by: chengli3 <cheng1.li@intel.com>
Change-Id: I75b7d400981f3103b02c9d73f68d8b62db7da899
Cheng Li [Mon, 15 Jun 2020 07:24:15 +0000 (07:24 +0000)]
Merge "Add CRD for IpsecHost"
Ruoyu [Tue, 9 Jun 2020 00:37:18 +0000 (08:37 +0800)]
Add CRD for IpsecHost
* Contains changes on IpsecHost
- Add CR for IpsecHost
- Add support for 'mark' in /etc/init.d/ipsec
- Change the 'Site' to 'Remote' in rest api calls
Issue-ID: ICN-289
Change-Id: I1f07f1f8f5fdf62f082829fdedf09a7504414611
Signed-off-by: Ruoyu <ruoyu.ying@intel.com>
Cheng Li [Fri, 12 Jun 2020 02:23:45 +0000 (02:23 +0000)]
Merge "Lookup pod by owner instead of label"
Cheng Li [Tue, 9 Jun 2020 07:47:34 +0000 (07:47 +0000)]
Merge "Add CRD for IPSec Proposal"
Yao Le [Fri, 29 May 2020 07:01:37 +0000 (07:01 +0000)]
Add missing errors messages
Report the 'Pod no IP' issues
Signed-off-by: Yao Le <le.yao@intel.com>
Change-Id: Ieaf2997ca0ed1bd1f167d9d5f8c77cb43ab3fb45
chengli3 [Mon, 8 Jun 2020 03:10:21 +0000 (03:10 +0000)]
Lookup pod by owner instead of label
Currently, CNF is represented by deployment. It means that one CNF is
one deployment with special label name `SdewanPurpose`. We use
"Deployment" + "label" to identify a CNF.
To apply rules for CNF, we first need to find out the pods and then
extract the its IP address. It makes more sense to find pod by its owner
deployment/replicaset, than using the label match. Because the pod label
may not be the same with the deployment.
Signed-off-by: chengli3 <cheng1.li@intel.com>
Change-Id: I4174e502c7d50d48f47d61622380e57922b5cf32
Ruoyu [Tue, 2 Jun 2020 01:03:22 +0000 (09:03 +0800)]
Add CRD for IPSec Proposal
*Contains changes for IPSec Proposal
Issue-ID: ICN-289
Change-Id: I31e9effe6d132b9fa82f9ed9bd478255579cc476
Signed-off-by: Ruoyu <ruoyu.ying@intel.com>
Cheng Li [Thu, 4 Jun 2020 07:28:43 +0000 (07:28 +0000)]
Merge "Implemente the firewall group CRDs and Controllers"
Ruoyu [Wed, 6 May 2020 23:51:54 +0000 (07:51 +0800)]
Add ipsec dependencies for sdewan cnf
Issue-ID: ICN-355
Change-Id: I742318febe768f988edcf237b3d8171e3b607a7b
Signed-off-by: Ruoyu <ruoyu.ying@intel.com>
Cheng Li [Thu, 28 May 2020 05:51:09 +0000 (05:51 +0000)]
Merge "webhook: add bucket permission system"
chengli3 [Thu, 28 May 2020 03:01:51 +0000 (03:01 +0000)]
Implemente the firewall group CRDs and Controllers
This patch implement the firewall groups CRDs/Controllers:
- firewallzones
- firewallrules
- firewallforwardings
- firewallsnat
- firewalldnat
After these firewall* CRDs, we will implement ipsec group CRDs
Signed-off-by: chengli3 <cheng1.li@intel.com>
Change-Id: I4a792b97771e82776aaa455ad550546eb7a09f92
chengli3 [Wed, 6 May 2020 10:37:09 +0000 (10:37 +0000)]
webhook: add bucket permission system
K8s support permission control on namespace level. For example, user1 may
be able to create/update/delete one kind of resource(e.g. pod) in
namespace ns1, but not namespace ns2. For Sdewan, this can't fit our
requirement. We want label level control of Sdewan rule CRs. For
example, user_onap can create/update/delete Mwan3Rule CR of label
sdewan-bucket-type=app-intent, but not label sdewan-bucket-type=basic.
To enable label based permission validation for sdewan CRs, this patch
parse Annotations["sdewan-bucket-type-permission"] in role and clusterrole.
At the meaning time, sdewan CR Labels.sdewan-bucket-type is also parsed.
We compare role/clusterrole Annotations["sdewan-bucket-type-permission"]
and sdewan CR Labels.sdewan-bucket-type to decide if the
user/serviceaccount has the permission to create/update/delete the CR.
- We grant group "system:master" all the permissions
- We support wildcard match of the permissions
Change-Id: I644f4d3c4efc18fba4cb45cb808301a6895c70e9
Signed-off-by: chengli3 <cheng1.li@intel.com>
Kuralamudhan Ramakrishnan [Wed, 27 May 2020 00:07:10 +0000 (00:07 +0000)]
Merge "Add e2e test scripts for sdewan"
Ruoyu [Mon, 18 May 2020 12:37:52 +0000 (20:37 +0800)]
Add e2e test scripts for sdewan
* Add three vagrant vms to setup env
Three vms are created for edge-a, edge-b and sdewan-hub.
Each with a separate cluster.
* Add test scripts for the e2e IPSec scenario
Establish tunnels between edge and sdewan-hub and test the connections
between two applications reside in edge-a and edge-b.
Issue-ID: ICN-314
Change-Id: I0cb8d9d251f0f1cd8ad4c5d58b60e99809c02d0b
Signed-off-by: Ruoyu <ruoyu.ying@intel.com>
chengli3 [Tue, 26 May 2020 05:29:01 +0000 (05:29 +0000)]
Add jq and bash pkg for openwrt image
jq and bash pkg is used by openwrt entrypoint script. So we need to
install these packages when building image.
Signed-off-by: chengli3 <cheng1.li@intel.com>
Change-Id: I737d88b28189e000aae517276d42a506292dc316
chengli3 [Thu, 14 May 2020 03:18:36 +0000 (03:18 +0000)]
Extract common functions and implement mwan3rule
As we will have several crd/controllers, they have almost the same
reconcile logic. So we extract the common logic and make them as
functions. Controllers call these functions instead of code duplication.
This patch extracts common functions and implements the mwan3rule
crd/controller.
Signed-off-by: chengli3 <cheng1.li@intel.com>
Change-Id: Ie9fe7ddcac6700605dbcb48ed9d88f96981b898a
chengli3 [Wed, 22 Apr 2020 02:50:41 +0000 (02:50 +0000)]
Runable framework with Mwan3Policy implemented
We are going to implement many rule CRDs/controllers. They are
mwan3policy, mwan3rule, firewallzone, firewallrule, etc.
This patch is the first one which constructs the sdewan controller
framework with Mwan3Policy implemented.
The design is located on the wiki page[1]. The develop framework is
described in the README.md under platform/crd-ctrlr.
[1] https://wiki.akraino.org/display/AK/Sdewan+config+Agent
Signed-off-by: chengli3 <cheng1.li@intel.com>
Change-Id: I7cf3b34ece8756c80969c99d9ab8c7383c43ea53
chengli3 [Wed, 22 Apr 2020 02:37:53 +0000 (02:37 +0000)]
Remove old sdewan controller code
As we re-design/re-implemente the sdewan controller, new controller code
will be checkedin soon. I would like to remove the old controller code,
so that the reviewers can focus on the new implementation regardless of
the old version.
Signed-off-by: chengli3 <cheng1.li@intel.com>
Change-Id: If4915a57e568d6dd9c5fcf4b82a7c9867ae9c32e
Huifeng Le [Tue, 21 Apr 2020 02:26:08 +0000 (10:26 +0800)]
SDEWAN folder restructure
Restructure sdewan solution folders.
Signed-off-by: Huifeng Le <huifeng.le@intel.com>
Change-Id: I6ac8e1bfc8e92e1bdd36d523ffd048c6c77d4e89
Huifeng Le [Tue, 17 Mar 2020 06:21:46 +0000 (14:21 +0800)]
SDEWAN API update
update SDEWAN Rest API with plural format
Signed-off-by: Huifeng Le <huifeng.le@intel.com>
Change-Id: I83eb6ff24e4bb571162eb0a42df798da01ced7da
Huifeng Le [Tue, 10 Mar 2020 03:34:36 +0000 (03:34 +0000)]
Merge "SDEWAN CNF Rest API support"
Code Review / icn / sdwan.git / log