From abc60185b89c638862db6acf23d2e430f0fa102c Mon Sep 17 00:00:00 2001
From: Le Yao <le.yao@intel.com>
Date: Wed, 8 Dec 2021 05:58:45 +0000
Subject: [PATCH] Patch based on the make generate and fmt

Signed-off-by: Le Yao <le.yao@intel.com>
Change-Id: I9c28b7eace19430988ce928ca43d13c6b81a3759
---
 .../src/api/v1alpha1/cnflocalservice_types.go      | 156 ++---
 .../crd-ctrlr/src/api/v1alpha1/cnfnat_types.go     | 106 ++--
 .../src/api/v1alpha1/zz_generated.deepcopy.go      | 168 ++++++
 .../batch.sdewan.akraino.org_cnflocalservices.yaml |  78 +++
 .../bases/batch.sdewan.akraino.org_cnfnats.yaml    |  93 +++
 .../batch.sdewan.akraino.org_cnfrouterules.yaml    |  79 +++
 .../batch.sdewan.akraino.org_cnfstatuses.yaml      |   2 +-
 platform/crd-ctrlr/src/config/rbac/role.yaml       |  80 +++
 .../crd-ctrlr/src/config/webhook/manifests.yaml    |  14 +-
 .../crd-ctrlr/src/controllers/base_controller.go   |   2 +-
 .../src/controllers/cnflocalservice_controller.go  | 630 ++++++++++-----------
 .../crd-ctrlr/src/controllers/cnfnat_controller.go | 234 ++++----
 platform/crd-ctrlr/src/main.go                     |   6 +-
 platform/crd-ctrlr/src/openwrt/nat.go              | 252 ++++-----
 14 files changed, 1204 insertions(+), 696 deletions(-)
 create mode 100644 platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnflocalservices.yaml
 create mode 100644 platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnfnats.yaml
 create mode 100644 platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnfrouterules.yaml

diff --git a/platform/crd-ctrlr/src/api/v1alpha1/cnflocalservice_types.go b/platform/crd-ctrlr/src/api/v1alpha1/cnflocalservice_types.go
index 23a2545..5c5498e 100644
--- a/platform/crd-ctrlr/src/api/v1alpha1/cnflocalservice_types.go
+++ b/platform/crd-ctrlr/src/api/v1alpha1/cnflocalservice_types.go
@@ -1,78 +1,78 @@
-// SPDX-License-Identifier: Apache-2.0
-// Copyright (c) 2021 Intel Corporation
-package v1alpha1
-
-import (
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
-// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
-
-// CNFLocalServiceStatus defines the observed state of CNFLocalServiceStatus
-type CNFLocalServiceStatus struct {
-	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
-	// Important: Run "make" to regenerate code after modifying this file
-	// +optional
-	LocalIP      string `json:"localip,omitempty"`
-	// +optional
-	LocalPort     string `json:"localport,omitempty"`
-	// +optional
-	RemoteIPs    []string `json:"remoteips,omitempty"`
-	// +optional
-	RemotePort    string `json:"remoteport,omitempty"`
-	// +optional
-	Message      string `json:"message,omitempty"`
-}
-
-func (c *CNFLocalServiceStatus) IsEqual(s *CNFLocalServiceStatus) bool {
-	if c.LocalIP != s.LocalIP ||
-	   c.LocalPort != s.LocalPort ||
-	   c.RemotePort != s.RemotePort {
-	   	return false
-	   }
-	if len(c.RemoteIPs) != len(s.RemoteIPs) {
-		return false
-	}
-
-	for i:=0; i<len(c.RemoteIPs); i++ {
-		if c.RemoteIPs[i] != s.RemoteIPs[i] {
-			return false
-		}
-	}
-
-	return true
-}
-
-// CNFLocalServiceSpec defines the desired state of CNFService
-type CNFLocalServiceSpec struct {
-	LocalService string `json:"localservice,omitempty"`
-	LocalPort     string `json:"localport,omitempty"`
-	RemoteService string `json:"remoteservice,omitempty"`
-	RemotePort    string `json:"remoteport,omitempty"`
-}
-
-// +kubebuilder:object:root=true
-// +kubebuilder:subresource:status
-
-// CNFLocalService is the Schema for the cnflocalservices API
-type CNFLocalService struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	Spec   CNFLocalServiceSpec `json:"spec,omitempty"`
-	Status CNFLocalServiceStatus   `json:"status,omitempty"`
-}
-
-// +kubebuilder:object:root=true
-
-// CNFLocalServiceList contains a list of CNFLocalServiceList
-type CNFLocalServiceList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata,omitempty"`
-	Items           []CNFLocalService `json:"items"`
-}
-
-func init() {
-	SchemeBuilder.Register(&CNFLocalService{}, &CNFLocalServiceList{})
-}
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// CNFLocalServiceStatus defines the observed state of CNFLocalServiceStatus
+type CNFLocalServiceStatus struct {
+	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+	// +optional
+	LocalIP string `json:"localip,omitempty"`
+	// +optional
+	LocalPort string `json:"localport,omitempty"`
+	// +optional
+	RemoteIPs []string `json:"remoteips,omitempty"`
+	// +optional
+	RemotePort string `json:"remoteport,omitempty"`
+	// +optional
+	Message string `json:"message,omitempty"`
+}
+
+func (c *CNFLocalServiceStatus) IsEqual(s *CNFLocalServiceStatus) bool {
+	if c.LocalIP != s.LocalIP ||
+		c.LocalPort != s.LocalPort ||
+		c.RemotePort != s.RemotePort {
+		return false
+	}
+	if len(c.RemoteIPs) != len(s.RemoteIPs) {
+		return false
+	}
+
+	for i := 0; i < len(c.RemoteIPs); i++ {
+		if c.RemoteIPs[i] != s.RemoteIPs[i] {
+			return false
+		}
+	}
+
+	return true
+}
+
+// CNFLocalServiceSpec defines the desired state of CNFService
+type CNFLocalServiceSpec struct {
+	LocalService  string `json:"localservice,omitempty"`
+	LocalPort     string `json:"localport,omitempty"`
+	RemoteService string `json:"remoteservice,omitempty"`
+	RemotePort    string `json:"remoteport,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+
+// CNFLocalService is the Schema for the cnflocalservices API
+type CNFLocalService struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   CNFLocalServiceSpec   `json:"spec,omitempty"`
+	Status CNFLocalServiceStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// CNFLocalServiceList contains a list of CNFLocalServiceList
+type CNFLocalServiceList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []CNFLocalService `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&CNFLocalService{}, &CNFLocalServiceList{})
+}
diff --git a/platform/crd-ctrlr/src/api/v1alpha1/cnfnat_types.go b/platform/crd-ctrlr/src/api/v1alpha1/cnfnat_types.go
index 3d5c2c6..98a83af 100644
--- a/platform/crd-ctrlr/src/api/v1alpha1/cnfnat_types.go
+++ b/platform/crd-ctrlr/src/api/v1alpha1/cnfnat_types.go
@@ -1,53 +1,53 @@
-// SPDX-License-Identifier: Apache-2.0
-// Copyright (c) 2021 Intel Corporation
-package v1alpha1
-
-import (
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
-// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
-
-// CNFNATSpec defines the desired state of CNFNAT
-type CNFNATSpec struct {
-	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
-	// Important: Run "make" to regenerate code after modifying this file
-	Name     string `json:"name,omitempty"`
-	Src      string `json:"src,omitempty"`
-	SrcIp    string `json:"src_ip,omitempty"`
-	SrcDIp   string `json:"src_dip,omitempty"`
-	SrcPort  string `json:"src_port,omitempty"`
-	SrcDPort string `json:"src_dport,omitempty"`
-	Proto    string `json:"proto,omitempty"`
-	Dest     string `json:"dest,omitempty"`
-	DestIp   string `json:"dest_ip,omitempty"`
-	DestPort string `json:"dest_port,omitempty"`
-	Target   string `json:"target,omitempty"`
-	Index   string `json:"index,omitempty"`
-}
-
-// +kubebuilder:object:root=true
-// +kubebuilder:subresource:status
-
-// CNFNAT is the Schema for the cnfnats API
-type CNFNAT struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	Spec   CNFNATSpec `json:"spec,omitempty"`
-	Status SdewanStatus     `json:"status,omitempty"`
-}
-
-// +kubebuilder:object:root=true
-
-// CNFNATList contains a list of CNFNAT
-type CNFNATList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata,omitempty"`
-	Items           []CNFNAT `json:"items"`
-}
-
-func init() {
-	SchemeBuilder.Register(&CNFNAT{}, &CNFNATList{})
-}
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// CNFNATSpec defines the desired state of CNFNAT
+type CNFNATSpec struct {
+	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+	Name     string `json:"name,omitempty"`
+	Src      string `json:"src,omitempty"`
+	SrcIp    string `json:"src_ip,omitempty"`
+	SrcDIp   string `json:"src_dip,omitempty"`
+	SrcPort  string `json:"src_port,omitempty"`
+	SrcDPort string `json:"src_dport,omitempty"`
+	Proto    string `json:"proto,omitempty"`
+	Dest     string `json:"dest,omitempty"`
+	DestIp   string `json:"dest_ip,omitempty"`
+	DestPort string `json:"dest_port,omitempty"`
+	Target   string `json:"target,omitempty"`
+	Index    string `json:"index,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+
+// CNFNAT is the Schema for the cnfnats API
+type CNFNAT struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   CNFNATSpec   `json:"spec,omitempty"`
+	Status SdewanStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// CNFNATList contains a list of CNFNAT
+type CNFNATList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []CNFNAT `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&CNFNAT{}, &CNFNATList{})
+}
diff --git a/platform/crd-ctrlr/src/api/v1alpha1/zz_generated.deepcopy.go b/platform/crd-ctrlr/src/api/v1alpha1/zz_generated.deepcopy.go
index 685a559..3afb1e8 100644
--- a/platform/crd-ctrlr/src/api/v1alpha1/zz_generated.deepcopy.go
+++ b/platform/crd-ctrlr/src/api/v1alpha1/zz_generated.deepcopy.go
@@ -56,6 +56,174 @@ func (in BucketPermission) DeepCopy() BucketPermission {
 	return *out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CNFLocalService) DeepCopyInto(out *CNFLocalService) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	out.Spec = in.Spec
+	in.Status.DeepCopyInto(&out.Status)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CNFLocalService.
+func (in *CNFLocalService) DeepCopy() *CNFLocalService {
+	if in == nil {
+		return nil
+	}
+	out := new(CNFLocalService)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *CNFLocalService) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CNFLocalServiceList) DeepCopyInto(out *CNFLocalServiceList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]CNFLocalService, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CNFLocalServiceList.
+func (in *CNFLocalServiceList) DeepCopy() *CNFLocalServiceList {
+	if in == nil {
+		return nil
+	}
+	out := new(CNFLocalServiceList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *CNFLocalServiceList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CNFLocalServiceSpec) DeepCopyInto(out *CNFLocalServiceSpec) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CNFLocalServiceSpec.
+func (in *CNFLocalServiceSpec) DeepCopy() *CNFLocalServiceSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(CNFLocalServiceSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CNFLocalServiceStatus) DeepCopyInto(out *CNFLocalServiceStatus) {
+	*out = *in
+	if in.RemoteIPs != nil {
+		in, out := &in.RemoteIPs, &out.RemoteIPs
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CNFLocalServiceStatus.
+func (in *CNFLocalServiceStatus) DeepCopy() *CNFLocalServiceStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(CNFLocalServiceStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CNFNAT) DeepCopyInto(out *CNFNAT) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	out.Spec = in.Spec
+	in.Status.DeepCopyInto(&out.Status)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CNFNAT.
+func (in *CNFNAT) DeepCopy() *CNFNAT {
+	if in == nil {
+		return nil
+	}
+	out := new(CNFNAT)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *CNFNAT) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CNFNATList) DeepCopyInto(out *CNFNATList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]CNFNAT, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CNFNATList.
+func (in *CNFNATList) DeepCopy() *CNFNATList {
+	if in == nil {
+		return nil
+	}
+	out := new(CNFNATList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *CNFNATList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CNFNATSpec) DeepCopyInto(out *CNFNATSpec) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CNFNATSpec.
+func (in *CNFNATSpec) DeepCopy() *CNFNATSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(CNFNATSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *CNFRoute) DeepCopyInto(out *CNFRoute) {
 	*out = *in
diff --git a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnflocalservices.yaml b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnflocalservices.yaml
new file mode 100644
index 0000000..8d5d7b7
--- /dev/null
+++ b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnflocalservices.yaml
@@ -0,0 +1,78 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.2.5
+  creationTimestamp: null
+  name: cnflocalservices.batch.sdewan.akraino.org
+spec:
+  group: batch.sdewan.akraino.org
+  names:
+    kind: CNFLocalService
+    listKind: CNFLocalServiceList
+    plural: cnflocalservices
+    singular: cnflocalservice
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      description: CNFLocalService is the Schema for the cnflocalservices API
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation
+            of an object. Servers should convert recognized schemas to the latest
+            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this
+            object represents. Servers may infer this from the endpoint the client
+            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+          type: string
+        metadata:
+          type: object
+        spec:
+          description: CNFLocalServiceSpec defines the desired state of CNFService
+          properties:
+            localport:
+              type: string
+            localservice:
+              type: string
+            remoteport:
+              type: string
+            remoteservice:
+              type: string
+          type: object
+        status:
+          description: CNFLocalServiceStatus defines the observed state of CNFLocalServiceStatus
+          properties:
+            localip:
+              description: 'INSERT ADDITIONAL STATUS FIELD - define observed state
+                of cluster Important: Run "make" to regenerate code after modifying
+                this file'
+              type: string
+            localport:
+              type: string
+            message:
+              type: string
+            remoteips:
+              items:
+                type: string
+              type: array
+            remoteport:
+              type: string
+          type: object
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnfnats.yaml b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnfnats.yaml
new file mode 100644
index 0000000..d167ff6
--- /dev/null
+++ b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnfnats.yaml
@@ -0,0 +1,93 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.2.5
+  creationTimestamp: null
+  name: cnfnats.batch.sdewan.akraino.org
+spec:
+  group: batch.sdewan.akraino.org
+  names:
+    kind: CNFNAT
+    listKind: CNFNATList
+    plural: cnfnats
+    singular: cnfnat
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      description: CNFNAT is the Schema for the cnfnats API
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation
+            of an object. Servers should convert recognized schemas to the latest
+            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this
+            object represents. Servers may infer this from the endpoint the client
+            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+          type: string
+        metadata:
+          type: object
+        spec:
+          description: CNFNATSpec defines the desired state of CNFNAT
+          properties:
+            dest:
+              type: string
+            dest_ip:
+              type: string
+            dest_port:
+              type: string
+            index:
+              type: string
+            name:
+              description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+                Important: Run "make" to regenerate code after modifying this file'
+              type: string
+            proto:
+              type: string
+            src:
+              type: string
+            src_dip:
+              type: string
+            src_dport:
+              type: string
+            src_ip:
+              type: string
+            src_port:
+              type: string
+            target:
+              type: string
+          type: object
+        status:
+          description: status subsource used for Sdewan rule CRDs
+          properties:
+            appliedGeneration:
+              format: int64
+              type: integer
+            appliedTime:
+              format: date-time
+              type: string
+            message:
+              type: string
+            state:
+              type: string
+          required:
+          - state
+          type: object
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnfrouterules.yaml b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnfrouterules.yaml
new file mode 100644
index 0000000..a8656e9
--- /dev/null
+++ b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnfrouterules.yaml
@@ -0,0 +1,79 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.2.5
+  creationTimestamp: null
+  name: cnfrouterules.batch.sdewan.akraino.org
+spec:
+  group: batch.sdewan.akraino.org
+  names:
+    kind: CNFRouteRule
+    listKind: CNFRouteRuleList
+    plural: cnfrouterules
+    singular: cnfrouterule
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      description: CNFRouteRule is the Schema for the cnfrouterules API
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation
+            of an object. Servers should convert recognized schemas to the latest
+            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this
+            object represents. Servers may infer this from the endpoint the client
+            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+          type: string
+        metadata:
+          type: object
+        spec:
+          description: CNFRouteRuleSpec defines the desired state of CNFRouteRule
+          properties:
+            dst:
+              type: string
+            fwmark:
+              type: string
+            not:
+              type: boolean
+            prio:
+              type: string
+            src:
+              type: string
+            table:
+              type: string
+          type: object
+        status:
+          description: status subsource used for Sdewan rule CRDs
+          properties:
+            appliedGeneration:
+              format: int64
+              type: integer
+            appliedTime:
+              format: date-time
+              type: string
+            message:
+              type: string
+            state:
+              type: string
+          required:
+          - state
+          type: object
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnfstatuses.yaml b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnfstatuses.yaml
index 2a24a62..647f3bc 100644
--- a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnfstatuses.yaml
+++ b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnfstatuses.yaml
@@ -51,7 +51,7 @@ spec:
             information:
               items:
                 description: CNFStatusInformation defines the runtime information
-                  of a CMF
+                  of a CNF
                 properties:
                   ip:
                     type: string
diff --git a/platform/crd-ctrlr/src/config/rbac/role.yaml b/platform/crd-ctrlr/src/config/rbac/role.yaml
index 24215d5..6ece12c 100644
--- a/platform/crd-ctrlr/src/config/rbac/role.yaml
+++ b/platform/crd-ctrlr/src/config/rbac/role.yaml
@@ -22,6 +22,66 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - batch.sdewan.akraino.org
+  resources:
+  - cnflocalservices
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - batch.sdewan.akraino.org
+  resources:
+  - cnflocalservices/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - batch.sdewan.akraino.org
+  resources:
+  - cnfnats
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - batch.sdewan.akraino.org
+  resources:
+  - cnfnats/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - batch.sdewan.akraino.org
+  resources:
+  - cnfrouterules
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - batch.sdewan.akraino.org
+  resources:
+  - cnfrouterules/status
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
   - batch.sdewan.akraino.org
   resources:
@@ -62,6 +122,26 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - batch.sdewan.akraino.org
+  resources:
+  - cnfstatuses
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - batch.sdewan.akraino.org
+  resources:
+  - cnfstatuses/status
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
   - batch.sdewan.akraino.org
   resources:
diff --git a/platform/crd-ctrlr/src/config/webhook/manifests.yaml b/platform/crd-ctrlr/src/config/webhook/manifests.yaml
index c5b1135..af93287 100644
--- a/platform/crd-ctrlr/src/config/webhook/manifests.yaml
+++ b/platform/crd-ctrlr/src/config/webhook/manifests.yaml
@@ -31,7 +31,12 @@ webhooks:
     - firewallrules
     - firewallsnats
     - firewalldnats
-    - cnfservice
+    - cnfnats
+    - cnfroutes
+    - cnfrouterules
+    - cnfservices
+    - cnflocalservices
+    - cnfstatuses
     - sdewanapplication
     - ipsecproposals
     - ipsechosts
@@ -62,7 +67,12 @@ webhooks:
     - firewallrules
     - firewallsnats
     - firewalldnats
-    - cnfservice
+    - cnfnats
+    - cnfservices
+    - cnfroutes
+    - cnfrouterules
+    - cnflocalservices
+    - cnfstatuses
     - sdewanapplication
     - ipsecproposals
     - ipsechosts
diff --git a/platform/crd-ctrlr/src/controllers/base_controller.go b/platform/crd-ctrlr/src/controllers/base_controller.go
index f196c7e..7b6a78d 100644
--- a/platform/crd-ctrlr/src/controllers/base_controller.go
+++ b/platform/crd-ctrlr/src/controllers/base_controller.go
@@ -348,4 +348,4 @@ func ProcessReconcile(r client.Client, logger logr.Logger, req ctrl.Request, han
 	}
 
 	return ctrl.Result{}, nil
-}
\ No newline at end of file
+}
diff --git a/platform/crd-ctrlr/src/controllers/cnflocalservice_controller.go b/platform/crd-ctrlr/src/controllers/cnflocalservice_controller.go
index 0b5dcdf..a45fdfe 100644
--- a/platform/crd-ctrlr/src/controllers/cnflocalservice_controller.go
+++ b/platform/crd-ctrlr/src/controllers/cnflocalservice_controller.go
@@ -1,315 +1,315 @@
-// SPDX-License-Identifier: Apache-2.0
-// Copyright (c) 2021 Intel Corporation
-package controllers
-
-import (
-	"context"
-	"errors"
-	"net"
-	"strconv"
-	"strings"
-	"sync"
-	"time"
-
-	"github.com/go-logr/logr"
-	"k8s.io/apimachinery/pkg/runtime"
-	errs "k8s.io/apimachinery/pkg/api/errors"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/util/wait"
-	ctrl "sigs.k8s.io/controller-runtime"
-	"sigs.k8s.io/controller-runtime/pkg/builder"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/controller-runtime/pkg/predicate"
-
-	batchv1alpha1 "sdewan.akraino.org/sdewan/api/v1alpha1"
-)
-
-var inLSQueryStatus = false
-
-// CNFLocalServiceReconciler reconciles a CNFLocalService object
-type CNFLocalServiceReconciler struct {
-	client.Client
-	Log    logr.Logger
-	CheckInterval time.Duration
-	Scheme *runtime.Scheme
-	mux    sync.Mutex
-}
-
-// +kubebuilder:rbac:groups=batch.sdewan.akraino.org,resources=cnflocalservices,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups=batch.sdewan.akraino.org,resources=cnflocalservices/status,verbs=get;update;patch
-
-func (r *CNFLocalServiceReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
-	ctx := context.Background()
-	log := r.Log.WithValues("CNFLocalService", req.NamespacedName)
-	during, _ := time.ParseDuration("5s")
-
-	instance, err := r.getInstance(req)
-	if err != nil {
-		if errs.IsNotFound(err) {
-			// No instance
-			return ctrl.Result{}, nil
-		}
-		// Error reading the object - requeue the request.
-		return ctrl.Result{RequeueAfter: during}, nil
-	}
-
-	finalizerName := "cnflocalservice.finalizers.sdewan.akraino.org"
-	delete_timestamp := getDeletionTempstamp(instance)
-
-	if delete_timestamp.IsZero() {
-		// Creating or updating CR
-		// Process instance
-		err = r.processInstance(instance)
-		if err != nil {
-			log.Error(err, "Adding/Updating CR")
-			instance.Status.Message = err.Error()
-			r.Status().Update(ctx, instance)
-
-			return ctrl.Result{}, err
-		}
-
-		finalizers := getFinalizers(instance)
-		if !containsString(finalizers, finalizerName) {
-			appendFinalizer(instance, finalizerName)
-			if err := r.Update(ctx, instance); err != nil {
-				return ctrl.Result{}, err
-			}
-			log.Info("Added finalizer for CNFLocalService")
-		}
-	} else {
-		// Deleting CR
-		// Remove instance
-		err = r.removeInstance(instance)
-		if err != nil {
-			log.Error(err, "Deleting CR")
-			return ctrl.Result{RequeueAfter: during}, nil
-		}
-
-		finalizers := getFinalizers(instance)
-		if containsString(finalizers, finalizerName) {
-			removeFinalizer(instance, finalizerName)
-			if err := r.Update(ctx, instance); err != nil {
-				return ctrl.Result{}, err
-			}
-		}
-	}
-
-	return ctrl.Result{}, nil
-}
-
-func (r *CNFLocalServiceReconciler) getInstance(req ctrl.Request) (*batchv1alpha1.CNFLocalService, error) {
-	instance := &batchv1alpha1.CNFLocalService{}
-	err := r.Get(context.Background(), req.NamespacedName, instance)
-	return instance, err
-}
-
-func (r *CNFLocalServiceReconciler) getIP4s(dns string) ([]string, error) {
-	ips, err := net.LookupIP(dns)
-	var ip4s []string
-
-	if err == nil {
-		for _, ip := range ips {
-			if strings.Contains(ip.String(), ".") {
-				ip4s = append(ip4s, ip.String())
-			}
-		}
-	}
-
-	return ip4s, err
-}
-
-func (r *CNFLocalServiceReconciler) processInstance(instance *batchv1alpha1.CNFLocalService) error {
-	r.mux.Lock()
-	defer r.mux.Unlock()
-
-	// check local service
-	ls := instance.Spec.LocalService
-	lips, err := r.getIP4s(ls)
-	if err != nil || len(lips) == 0 {
-		if err != nil {
-			r.Log.Error(err, "Local Service")
-		}
-		return errors.New("Cannot reterive LocalService ip")
-	}
-
-	// check remote service
-	rs := instance.Spec.RemoteService
-	rips, err := r.getIP4s(rs)
-	if err != nil || len(rips) == 0 {
-		if err != nil {
-			r.Log.Error(err, "Remote Service")
-		}
-		return errors.New("Cannot reterive RemoteService ip")
-	}
-
-	// check local port
-	lp := instance.Spec.LocalPort
-	if lp != "" {
-		_, err = strconv.Atoi(lp)
-		if err != nil {
-			return errors.New("LocalPort: " + err.Error())
-		}
-	}
-
-	// check remote port
-	rp := instance.Spec.RemotePort
-	if rp != "" {
-		_, err = strconv.Atoi(rp)
-		if err != nil {
-			return errors.New("RemotePort: " + err.Error())
-		}
-	}
-
-	var curStatus = batchv1alpha1.CNFLocalServiceStatus {
-		LocalIP: lips[0],
-		LocalPort: lp,
-		RemoteIPs: rips,
-		RemotePort: rp,
-		Message: "",
-	}
-
-	if !curStatus.IsEqual(&instance.Status) {
-		r.removeNats(instance)
-		r.addNats(instance, &curStatus)
-		instance.Status = curStatus
-		r.Status().Update(context.Background(), instance)
-	}
-
-	return nil
-}
-
-func (r *CNFLocalServiceReconciler) addNats(instance *batchv1alpha1.CNFLocalService, status *batchv1alpha1.CNFLocalServiceStatus) error {
-	r.Log.Info("Creating New CNFNAT CR for Local Service : " + instance.Name)
-	nat_base_name := instance.Name + "nat"
-	for i, rip := range status.RemoteIPs {
-		nat_name := nat_base_name + strconv.Itoa(i)
-		nat_instance := &batchv1alpha1.CNFNAT{
-			ObjectMeta: metav1.ObjectMeta{
-				Name:      nat_name,
-				Namespace: instance.Namespace,
-				Labels: instance.Labels,
-			},
-			Spec: batchv1alpha1.CNFNATSpec{
-				SrcDIp: rip,
-				SrcDPort: status.RemotePort,
-				DestIp: status.LocalIP,
-				DestPort: status.LocalPort,
-				Proto: "tcp",
-				Target: "DNAT",
-			},
-		}
-
-		err := r.Create(context.Background(), nat_instance)
-		if err != nil {
-			r.Log.Error(err, "Creating NAT CR : " + nat_name)
-		}
-	}
-	return nil
-}
-
-func (r *CNFLocalServiceReconciler) removeInstance(instance *batchv1alpha1.CNFLocalService) error {
-	r.mux.Lock()
-	defer r.mux.Unlock()
-	return r.removeNats(instance)
-}
-
-func (r *CNFLocalServiceReconciler) removeNats(instance *batchv1alpha1.CNFLocalService) error {
-	r.Log.Info("Deleting CNFNAT CR for Local Service : " + instance.Name)
-	nat_base_name := instance.Name + "nat"
-	for i, _ := range instance.Status.RemoteIPs {
-		nat_name := nat_base_name + strconv.Itoa(i)
-		nat_instance := &batchv1alpha1.CNFNAT{
-			ObjectMeta: metav1.ObjectMeta{
-				Name:      nat_name,
-				Namespace: instance.Namespace,
-				Labels: instance.Labels,
-			},
-			Spec: batchv1alpha1.CNFNATSpec{},
-		}
-
-		err := r.Delete(context.Background(), nat_instance)
-		if err != nil {
-			r.Log.Error(err, "Deleting NAT CR : " + nat_name)
-		}
-
-		// check resource
-		err = wait.PollImmediate(time.Second, time.Second*10,
-			func() (bool, error) {
-				nat_instance_temp := &batchv1alpha1.CNFNAT{}
-				err_get := r.Get(context.Background(), client.ObjectKey{
-					Namespace: instance.Namespace,
-					Name:      nat_name,
-				}, nat_instance_temp)
-
-				if errs.IsNotFound(err_get) {
-					return true, nil
-				}
-				r.Log.Info("Waiting for Deleting CR : " + nat_name)
-				return false, nil
-			},
-		)
-
-		if err != nil {
-			r.Log.Error(err, "Failed to delete CR : " + nat_name)
-		}
-	}
-
-	return nil
-}
-
-// Query CNFStatus information
-func (r *CNFLocalServiceReconciler) check() {
-	ls_list := &batchv1alpha1.CNFLocalServiceList{}
-	err := r.List(context.Background(), ls_list)
-	if err != nil {
-		r.Log.Error(err, "Failed to list CNFLocalService CRs")
-	} else {
-		if len(ls_list.Items) > 0 {
-			for _, inst := range ls_list.Items {
-				r.Log.Info("Checking CNFLocalService: " + inst.Name)
-				r.processInstance(&inst)
-			}
-		}
-	}
-}
-
-// Query CNFStatus information
-func (r *CNFLocalServiceReconciler) SafeCheck() {
-	doCheck := true
-	r.mux.Lock()
-	if !inLSQueryStatus {
-		inLSQueryStatus = true
-	} else {
-		doCheck = false
-	}
-	r.mux.Unlock()
-
-	if doCheck {
-		r.check()
-
-		r.mux.Lock()
-		inLSQueryStatus = false
-		r.mux.Unlock()
-	}
-}
-
-func (r *CNFLocalServiceReconciler) SetupWithManager(mgr ctrl.Manager) error {
-	// Start the loop to check ip address change of local/remote services
-	go func() {
-			interval := time.After(r.CheckInterval)
-			for {
-				select {
-				case <-interval:
-					r.SafeCheck()
-					interval = time.After(r.CheckInterval)
-				case <-context.Background().Done():
-					return
-				}
-			}
-		}()
-
-	ps := builder.WithPredicates(predicate.GenerationChangedPredicate{})
-	return ctrl.NewControllerManagedBy(mgr).
-		For(&batchv1alpha1.CNFLocalService{}, ps).
-		Complete(r)
-}
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
+package controllers
+
+import (
+	"context"
+	"errors"
+	"net"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/go-logr/logr"
+	errs "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/util/wait"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/builder"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/predicate"
+
+	batchv1alpha1 "sdewan.akraino.org/sdewan/api/v1alpha1"
+)
+
+var inLSQueryStatus = false
+
+// CNFLocalServiceReconciler reconciles a CNFLocalService object
+type CNFLocalServiceReconciler struct {
+	client.Client
+	Log           logr.Logger
+	CheckInterval time.Duration
+	Scheme        *runtime.Scheme
+	mux           sync.Mutex
+}
+
+// +kubebuilder:rbac:groups=batch.sdewan.akraino.org,resources=cnflocalservices,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=batch.sdewan.akraino.org,resources=cnflocalservices/status,verbs=get;update;patch
+
+func (r *CNFLocalServiceReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
+	ctx := context.Background()
+	log := r.Log.WithValues("CNFLocalService", req.NamespacedName)
+	during, _ := time.ParseDuration("5s")
+
+	instance, err := r.getInstance(req)
+	if err != nil {
+		if errs.IsNotFound(err) {
+			// No instance
+			return ctrl.Result{}, nil
+		}
+		// Error reading the object - requeue the request.
+		return ctrl.Result{RequeueAfter: during}, nil
+	}
+
+	finalizerName := "cnflocalservice.finalizers.sdewan.akraino.org"
+	delete_timestamp := getDeletionTempstamp(instance)
+
+	if delete_timestamp.IsZero() {
+		// Creating or updating CR
+		// Process instance
+		err = r.processInstance(instance)
+		if err != nil {
+			log.Error(err, "Adding/Updating CR")
+			instance.Status.Message = err.Error()
+			r.Status().Update(ctx, instance)
+
+			return ctrl.Result{}, err
+		}
+
+		finalizers := getFinalizers(instance)
+		if !containsString(finalizers, finalizerName) {
+			appendFinalizer(instance, finalizerName)
+			if err := r.Update(ctx, instance); err != nil {
+				return ctrl.Result{}, err
+			}
+			log.Info("Added finalizer for CNFLocalService")
+		}
+	} else {
+		// Deleting CR
+		// Remove instance
+		err = r.removeInstance(instance)
+		if err != nil {
+			log.Error(err, "Deleting CR")
+			return ctrl.Result{RequeueAfter: during}, nil
+		}
+
+		finalizers := getFinalizers(instance)
+		if containsString(finalizers, finalizerName) {
+			removeFinalizer(instance, finalizerName)
+			if err := r.Update(ctx, instance); err != nil {
+				return ctrl.Result{}, err
+			}
+		}
+	}
+
+	return ctrl.Result{}, nil
+}
+
+func (r *CNFLocalServiceReconciler) getInstance(req ctrl.Request) (*batchv1alpha1.CNFLocalService, error) {
+	instance := &batchv1alpha1.CNFLocalService{}
+	err := r.Get(context.Background(), req.NamespacedName, instance)
+	return instance, err
+}
+
+func (r *CNFLocalServiceReconciler) getIP4s(dns string) ([]string, error) {
+	ips, err := net.LookupIP(dns)
+	var ip4s []string
+
+	if err == nil {
+		for _, ip := range ips {
+			if strings.Contains(ip.String(), ".") {
+				ip4s = append(ip4s, ip.String())
+			}
+		}
+	}
+
+	return ip4s, err
+}
+
+func (r *CNFLocalServiceReconciler) processInstance(instance *batchv1alpha1.CNFLocalService) error {
+	r.mux.Lock()
+	defer r.mux.Unlock()
+
+	// check local service
+	ls := instance.Spec.LocalService
+	lips, err := r.getIP4s(ls)
+	if err != nil || len(lips) == 0 {
+		if err != nil {
+			r.Log.Error(err, "Local Service")
+		}
+		return errors.New("Cannot reterive LocalService ip")
+	}
+
+	// check remote service
+	rs := instance.Spec.RemoteService
+	rips, err := r.getIP4s(rs)
+	if err != nil || len(rips) == 0 {
+		if err != nil {
+			r.Log.Error(err, "Remote Service")
+		}
+		return errors.New("Cannot reterive RemoteService ip")
+	}
+
+	// check local port
+	lp := instance.Spec.LocalPort
+	if lp != "" {
+		_, err = strconv.Atoi(lp)
+		if err != nil {
+			return errors.New("LocalPort: " + err.Error())
+		}
+	}
+
+	// check remote port
+	rp := instance.Spec.RemotePort
+	if rp != "" {
+		_, err = strconv.Atoi(rp)
+		if err != nil {
+			return errors.New("RemotePort: " + err.Error())
+		}
+	}
+
+	var curStatus = batchv1alpha1.CNFLocalServiceStatus{
+		LocalIP:    lips[0],
+		LocalPort:  lp,
+		RemoteIPs:  rips,
+		RemotePort: rp,
+		Message:    "",
+	}
+
+	if !curStatus.IsEqual(&instance.Status) {
+		r.removeNats(instance)
+		r.addNats(instance, &curStatus)
+		instance.Status = curStatus
+		r.Status().Update(context.Background(), instance)
+	}
+
+	return nil
+}
+
+func (r *CNFLocalServiceReconciler) addNats(instance *batchv1alpha1.CNFLocalService, status *batchv1alpha1.CNFLocalServiceStatus) error {
+	r.Log.Info("Creating New CNFNAT CR for Local Service : " + instance.Name)
+	nat_base_name := instance.Name + "nat"
+	for i, rip := range status.RemoteIPs {
+		nat_name := nat_base_name + strconv.Itoa(i)
+		nat_instance := &batchv1alpha1.CNFNAT{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      nat_name,
+				Namespace: instance.Namespace,
+				Labels:    instance.Labels,
+			},
+			Spec: batchv1alpha1.CNFNATSpec{
+				SrcDIp:   rip,
+				SrcDPort: status.RemotePort,
+				DestIp:   status.LocalIP,
+				DestPort: status.LocalPort,
+				Proto:    "tcp",
+				Target:   "DNAT",
+			},
+		}
+
+		err := r.Create(context.Background(), nat_instance)
+		if err != nil {
+			r.Log.Error(err, "Creating NAT CR : "+nat_name)
+		}
+	}
+	return nil
+}
+
+func (r *CNFLocalServiceReconciler) removeInstance(instance *batchv1alpha1.CNFLocalService) error {
+	r.mux.Lock()
+	defer r.mux.Unlock()
+	return r.removeNats(instance)
+}
+
+func (r *CNFLocalServiceReconciler) removeNats(instance *batchv1alpha1.CNFLocalService) error {
+	r.Log.Info("Deleting CNFNAT CR for Local Service : " + instance.Name)
+	nat_base_name := instance.Name + "nat"
+	for i, _ := range instance.Status.RemoteIPs {
+		nat_name := nat_base_name + strconv.Itoa(i)
+		nat_instance := &batchv1alpha1.CNFNAT{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      nat_name,
+				Namespace: instance.Namespace,
+				Labels:    instance.Labels,
+			},
+			Spec: batchv1alpha1.CNFNATSpec{},
+		}
+
+		err := r.Delete(context.Background(), nat_instance)
+		if err != nil {
+			r.Log.Error(err, "Deleting NAT CR : "+nat_name)
+		}
+
+		// check resource
+		err = wait.PollImmediate(time.Second, time.Second*10,
+			func() (bool, error) {
+				nat_instance_temp := &batchv1alpha1.CNFNAT{}
+				err_get := r.Get(context.Background(), client.ObjectKey{
+					Namespace: instance.Namespace,
+					Name:      nat_name,
+				}, nat_instance_temp)
+
+				if errs.IsNotFound(err_get) {
+					return true, nil
+				}
+				r.Log.Info("Waiting for Deleting CR : " + nat_name)
+				return false, nil
+			},
+		)
+
+		if err != nil {
+			r.Log.Error(err, "Failed to delete CR : "+nat_name)
+		}
+	}
+
+	return nil
+}
+
+// Query CNFStatus information
+func (r *CNFLocalServiceReconciler) check() {
+	ls_list := &batchv1alpha1.CNFLocalServiceList{}
+	err := r.List(context.Background(), ls_list)
+	if err != nil {
+		r.Log.Error(err, "Failed to list CNFLocalService CRs")
+	} else {
+		if len(ls_list.Items) > 0 {
+			for _, inst := range ls_list.Items {
+				r.Log.Info("Checking CNFLocalService: " + inst.Name)
+				r.processInstance(&inst)
+			}
+		}
+	}
+}
+
+// Query CNFStatus information
+func (r *CNFLocalServiceReconciler) SafeCheck() {
+	doCheck := true
+	r.mux.Lock()
+	if !inLSQueryStatus {
+		inLSQueryStatus = true
+	} else {
+		doCheck = false
+	}
+	r.mux.Unlock()
+
+	if doCheck {
+		r.check()
+
+		r.mux.Lock()
+		inLSQueryStatus = false
+		r.mux.Unlock()
+	}
+}
+
+func (r *CNFLocalServiceReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	// Start the loop to check ip address change of local/remote services
+	go func() {
+		interval := time.After(r.CheckInterval)
+		for {
+			select {
+			case <-interval:
+				r.SafeCheck()
+				interval = time.After(r.CheckInterval)
+			case <-context.Background().Done():
+				return
+			}
+		}
+	}()
+
+	ps := builder.WithPredicates(predicate.GenerationChangedPredicate{})
+	return ctrl.NewControllerManagedBy(mgr).
+		For(&batchv1alpha1.CNFLocalService{}, ps).
+		Complete(r)
+}
diff --git a/platform/crd-ctrlr/src/controllers/cnfnat_controller.go b/platform/crd-ctrlr/src/controllers/cnfnat_controller.go
index bbb7cea..bee2cff 100644
--- a/platform/crd-ctrlr/src/controllers/cnfnat_controller.go
+++ b/platform/crd-ctrlr/src/controllers/cnfnat_controller.go
@@ -1,117 +1,117 @@
-// SPDX-License-Identifier: Apache-2.0
-// Copyright (c) 2021 Intel Corporation
-package controllers
-
-import (
-	"context"
-	"reflect"
-
-	"github.com/go-logr/logr"
-	appsv1 "k8s.io/api/apps/v1"
-	"k8s.io/apimachinery/pkg/runtime"
-	ctrl "sigs.k8s.io/controller-runtime"
-	"sigs.k8s.io/controller-runtime/pkg/builder"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/controller-runtime/pkg/handler"
-	"sigs.k8s.io/controller-runtime/pkg/predicate"
-	"sigs.k8s.io/controller-runtime/pkg/source"
-
-	batchv1alpha1 "sdewan.akraino.org/sdewan/api/v1alpha1"
-	"sdewan.akraino.org/sdewan/openwrt"
-)
-
-var cnfnatHandler = new(CNFNatHandler)
-
-type CNFNatHandler struct {
-}
-
-func (m *CNFNatHandler) GetType() string {
-	return "CNFNAT"
-}
-
-func (m *CNFNatHandler) GetName(instance runtime.Object) string {
-	nat := instance.(*batchv1alpha1.CNFNAT)
-	return nat.Name
-}
-
-func (m *CNFNatHandler) GetFinalizer() string {
-	return "cnfnat.finalizers.sdewan.akraino.org"
-}
-
-func (m *CNFNatHandler) GetInstance(r client.Client, ctx context.Context, req ctrl.Request) (runtime.Object, error) {
-	instance := &batchv1alpha1.CNFNAT{}
-	err := r.Get(ctx, req.NamespacedName, instance)
-	return instance, err
-}
-
-//pupulate "nat" to target field as default value
-func (m *CNFNatHandler) Convert(instance runtime.Object, deployment appsv1.Deployment) (openwrt.IOpenWrtObject, error) {
-	cnfnat := instance.(*batchv1alpha1.CNFNAT)
-	cnfnat.Spec.Name = cnfnat.ObjectMeta.Name
-	cnfnatObject := openwrt.SdewanNat(cnfnat.Spec)
-	return &cnfnatObject, nil
-}
-
-func (m *CNFNatHandler) IsEqual(instance1 openwrt.IOpenWrtObject, instance2 openwrt.IOpenWrtObject) bool {
-	nat1 := instance1.(*openwrt.SdewanNat)
-	nat2 := instance2.(*openwrt.SdewanNat)
-	return reflect.DeepEqual(*nat1, *nat2)
-}
-
-func (m *CNFNatHandler) GetObject(clientInfo *openwrt.OpenwrtClientInfo, name string) (openwrt.IOpenWrtObject, error) {
-	openwrtClient := openwrt.GetOpenwrtClient(*clientInfo)
-	natClient := openwrt.NatClient{OpenwrtClient: openwrtClient}
-	ret, err := natClient.GetNat(name)
-	return ret, err
-}
-
-func (m *CNFNatHandler) CreateObject(clientInfo *openwrt.OpenwrtClientInfo, instance openwrt.IOpenWrtObject) (openwrt.IOpenWrtObject, error) {
-	openwrtClient := openwrt.GetOpenwrtClient(*clientInfo)
-	natClient := openwrt.NatClient{OpenwrtClient: openwrtClient}
-	nat := instance.(*openwrt.SdewanNat)
-	return natClient.CreateNat(*nat)
-}
-
-func (m *CNFNatHandler) UpdateObject(clientInfo *openwrt.OpenwrtClientInfo, instance openwrt.IOpenWrtObject) (openwrt.IOpenWrtObject, error) {
-	openwrtClient := openwrt.GetOpenwrtClient(*clientInfo)
-	natClient := openwrt.NatClient{OpenwrtClient: openwrtClient}
-	nat := instance.(*openwrt.SdewanNat)
-	return natClient.UpdateNat(*nat)
-}
-
-func (m *CNFNatHandler) DeleteObject(clientInfo *openwrt.OpenwrtClientInfo, name string) error {
-	openwrtClient := openwrt.GetOpenwrtClient(*clientInfo)
-	natClient := openwrt.NatClient{OpenwrtClient: openwrtClient}
-	return natClient.DeleteNat(name)
-}
-
-func (m *CNFNatHandler) Restart(clientInfo *openwrt.OpenwrtClientInfo) (bool, error) {
-	return true, nil
-}
-
-// CNFNATReconciler reconciles a CNFNAT object
-type CNFNATReconciler struct {
-	client.Client
-	Log    logr.Logger
-	Scheme *runtime.Scheme
-}
-
-// +kubebuilder:rbac:groups=batch.sdewan.akraino.org,resources=cnfnats,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups=batch.sdewan.akraino.org,resources=cnfnats/status,verbs=get;update;patch
-
-func (r *CNFNATReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
-	return ProcessReconcile(r, r.Log, req, cnfnatHandler)
-}
-
-func (r *CNFNATReconciler) SetupWithManager(mgr ctrl.Manager) error {
-	ps := builder.WithPredicates(predicate.GenerationChangedPredicate{})
-	return ctrl.NewControllerManagedBy(mgr).
-		For(&batchv1alpha1.CNFNAT{}, ps).
-		Watches(
-			&source.Kind{Type: &appsv1.Deployment{}},
-			&handler.EnqueueRequestsFromMapFunc{
-				ToRequests: handler.ToRequestsFunc(GetToRequestsFunc(r, &batchv1alpha1.CNFNATList{})),
-			},
-			Filter).
-		Complete(r)
-}
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
+package controllers
+
+import (
+	"context"
+	"reflect"
+
+	"github.com/go-logr/logr"
+	appsv1 "k8s.io/api/apps/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/builder"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/handler"
+	"sigs.k8s.io/controller-runtime/pkg/predicate"
+	"sigs.k8s.io/controller-runtime/pkg/source"
+
+	batchv1alpha1 "sdewan.akraino.org/sdewan/api/v1alpha1"
+	"sdewan.akraino.org/sdewan/openwrt"
+)
+
+var cnfnatHandler = new(CNFNatHandler)
+
+type CNFNatHandler struct {
+}
+
+func (m *CNFNatHandler) GetType() string {
+	return "CNFNAT"
+}
+
+func (m *CNFNatHandler) GetName(instance runtime.Object) string {
+	nat := instance.(*batchv1alpha1.CNFNAT)
+	return nat.Name
+}
+
+func (m *CNFNatHandler) GetFinalizer() string {
+	return "cnfnat.finalizers.sdewan.akraino.org"
+}
+
+func (m *CNFNatHandler) GetInstance(r client.Client, ctx context.Context, req ctrl.Request) (runtime.Object, error) {
+	instance := &batchv1alpha1.CNFNAT{}
+	err := r.Get(ctx, req.NamespacedName, instance)
+	return instance, err
+}
+
+//pupulate "nat" to target field as default value
+func (m *CNFNatHandler) Convert(instance runtime.Object, deployment appsv1.Deployment) (openwrt.IOpenWrtObject, error) {
+	cnfnat := instance.(*batchv1alpha1.CNFNAT)
+	cnfnat.Spec.Name = cnfnat.ObjectMeta.Name
+	cnfnatObject := openwrt.SdewanNat(cnfnat.Spec)
+	return &cnfnatObject, nil
+}
+
+func (m *CNFNatHandler) IsEqual(instance1 openwrt.IOpenWrtObject, instance2 openwrt.IOpenWrtObject) bool {
+	nat1 := instance1.(*openwrt.SdewanNat)
+	nat2 := instance2.(*openwrt.SdewanNat)
+	return reflect.DeepEqual(*nat1, *nat2)
+}
+
+func (m *CNFNatHandler) GetObject(clientInfo *openwrt.OpenwrtClientInfo, name string) (openwrt.IOpenWrtObject, error) {
+	openwrtClient := openwrt.GetOpenwrtClient(*clientInfo)
+	natClient := openwrt.NatClient{OpenwrtClient: openwrtClient}
+	ret, err := natClient.GetNat(name)
+	return ret, err
+}
+
+func (m *CNFNatHandler) CreateObject(clientInfo *openwrt.OpenwrtClientInfo, instance openwrt.IOpenWrtObject) (openwrt.IOpenWrtObject, error) {
+	openwrtClient := openwrt.GetOpenwrtClient(*clientInfo)
+	natClient := openwrt.NatClient{OpenwrtClient: openwrtClient}
+	nat := instance.(*openwrt.SdewanNat)
+	return natClient.CreateNat(*nat)
+}
+
+func (m *CNFNatHandler) UpdateObject(clientInfo *openwrt.OpenwrtClientInfo, instance openwrt.IOpenWrtObject) (openwrt.IOpenWrtObject, error) {
+	openwrtClient := openwrt.GetOpenwrtClient(*clientInfo)
+	natClient := openwrt.NatClient{OpenwrtClient: openwrtClient}
+	nat := instance.(*openwrt.SdewanNat)
+	return natClient.UpdateNat(*nat)
+}
+
+func (m *CNFNatHandler) DeleteObject(clientInfo *openwrt.OpenwrtClientInfo, name string) error {
+	openwrtClient := openwrt.GetOpenwrtClient(*clientInfo)
+	natClient := openwrt.NatClient{OpenwrtClient: openwrtClient}
+	return natClient.DeleteNat(name)
+}
+
+func (m *CNFNatHandler) Restart(clientInfo *openwrt.OpenwrtClientInfo) (bool, error) {
+	return true, nil
+}
+
+// CNFNATReconciler reconciles a CNFNAT object
+type CNFNATReconciler struct {
+	client.Client
+	Log    logr.Logger
+	Scheme *runtime.Scheme
+}
+
+// +kubebuilder:rbac:groups=batch.sdewan.akraino.org,resources=cnfnats,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=batch.sdewan.akraino.org,resources=cnfnats/status,verbs=get;update;patch
+
+func (r *CNFNATReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
+	return ProcessReconcile(r, r.Log, req, cnfnatHandler)
+}
+
+func (r *CNFNATReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	ps := builder.WithPredicates(predicate.GenerationChangedPredicate{})
+	return ctrl.NewControllerManagedBy(mgr).
+		For(&batchv1alpha1.CNFNAT{}, ps).
+		Watches(
+			&source.Kind{Type: &appsv1.Deployment{}},
+			&handler.EnqueueRequestsFromMapFunc{
+				ToRequests: handler.ToRequestsFunc(GetToRequestsFunc(r, &batchv1alpha1.CNFNATList{})),
+			},
+			Filter).
+		Complete(r)
+}
diff --git a/platform/crd-ctrlr/src/main.go b/platform/crd-ctrlr/src/main.go
index c10e933..e90514a 100644
--- a/platform/crd-ctrlr/src/main.go
+++ b/platform/crd-ctrlr/src/main.go
@@ -241,10 +241,10 @@ func main() {
 		os.Exit(1)
 	}
 	if err = (&controllers.CNFLocalServiceReconciler{
-		Client: mgr.GetClient(),
-		Log:    ctrl.Log.WithName("controllers").WithName("CNFLocalService"),
+		Client:        mgr.GetClient(),
+		Log:           ctrl.Log.WithName("controllers").WithName("CNFLocalService"),
 		CheckInterval: time.Duration(checkInterval) * time.Second,
-		Scheme: mgr.GetScheme(),
+		Scheme:        mgr.GetScheme(),
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "CNFLocalService")
 		os.Exit(1)
diff --git a/platform/crd-ctrlr/src/openwrt/nat.go b/platform/crd-ctrlr/src/openwrt/nat.go
index 7ca7db6..46d87ce 100644
--- a/platform/crd-ctrlr/src/openwrt/nat.go
+++ b/platform/crd-ctrlr/src/openwrt/nat.go
@@ -1,126 +1,126 @@
-// SPDX-License-Identifier: Apache-2.0
-// Copyright (c) 2021 Intel Corporation
-
-package openwrt
-
-import (
-	"encoding/json"
-)
-
-const (
-	natBaseURL = "sdewan/nat/v1/"
-)
-
-type NatClient struct {
-	OpenwrtClient *openwrtClient
-}
-
-// Nat
-type SdewanNat struct {
-	Name     string `json:"name"`
-	Src      string `json:"src"`
-	SrcIp    string `json:"src_ip"`
-	SrcDIp   string `json:"src_dip"`
-	SrcPort  string `json:"src_port"`
-	SrcDPort string `json:"src_dport"`
-	Proto    string `json:"proto"`
-	Dest     string `json:"dest"`
-	DestIp   string `json:"dest_ip"`
-	DestPort string `json:"dest_port"`
-	Target   string `json:"target"`
-	Index    string `json:"index"`
-}
-
-func (o *SdewanNat) GetName() string {
-	return o.Name
-}
-
-type SdewanNats struct {
-	Nats []SdewanNat `json:"nats"`
-}
-
-// Nat APIs
-// get nats
-func (f *NatClient) GetNats() (*SdewanNats, error) {
-	var response string
-	var err error
-	response, err = f.OpenwrtClient.Get(natBaseURL + "nats")
-	if err != nil {
-		return nil, err
-	}
-
-	var sdewanNats SdewanNats
-	err = json.Unmarshal([]byte(response), &sdewanNats)
-	if err != nil {
-		return nil, err
-	}
-
-	return &sdewanNats, nil
-}
-
-// get nat
-func (m *NatClient) GetNat(nat string) (*SdewanNat, error) {
-	var response string
-	var err error
-	response, err = m.OpenwrtClient.Get(natBaseURL + "nats/" + nat)
-	if err != nil {
-		return nil, err
-	}
-
-	var sdewanNat SdewanNat
-	err = json.Unmarshal([]byte(response), &sdewanNat)
-	if err != nil {
-		return nil, err
-	}
-
-	return &sdewanNat, nil
-}
-
-// create nat
-func (m *NatClient) CreateNat(nat SdewanNat) (*SdewanNat, error) {
-	var response string
-	var err error
-	nat_obj, _ := json.Marshal(nat)
-	response, err = m.OpenwrtClient.Post(natBaseURL+"nats", string(nat_obj))
-	if err != nil {
-		return nil, err
-	}
-
-	var sdewanNat SdewanNat
-	err = json.Unmarshal([]byte(response), &sdewanNat)
-	if err != nil {
-		return nil, err
-	}
-
-	return &sdewanNat, nil
-}
-
-// delete nat
-func (m *NatClient) DeleteNat(nat_name string) error {
-	_, err := m.OpenwrtClient.Delete(natBaseURL + "nats/" + nat_name)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// update nat
-func (m *NatClient) UpdateNat(nat SdewanNat) (*SdewanNat, error) {
-	var response string
-	var err error
-	nat_obj, _ := json.Marshal(nat)
-	nat_name := nat.Name
-	response, err = m.OpenwrtClient.Put(natBaseURL+"nats/"+nat_name, string(nat_obj))
-	if err != nil {
-		return nil, err
-	}
-
-	var sdewanNat SdewanNat
-	err = json.Unmarshal([]byte(response), &sdewanNat)
-	if err != nil {
-		return nil, err
-	}
-
-	return &sdewanNat, nil
-}
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
+
+package openwrt
+
+import (
+	"encoding/json"
+)
+
+const (
+	natBaseURL = "sdewan/nat/v1/"
+)
+
+type NatClient struct {
+	OpenwrtClient *openwrtClient
+}
+
+// Nat
+type SdewanNat struct {
+	Name     string `json:"name"`
+	Src      string `json:"src"`
+	SrcIp    string `json:"src_ip"`
+	SrcDIp   string `json:"src_dip"`
+	SrcPort  string `json:"src_port"`
+	SrcDPort string `json:"src_dport"`
+	Proto    string `json:"proto"`
+	Dest     string `json:"dest"`
+	DestIp   string `json:"dest_ip"`
+	DestPort string `json:"dest_port"`
+	Target   string `json:"target"`
+	Index    string `json:"index"`
+}
+
+func (o *SdewanNat) GetName() string {
+	return o.Name
+}
+
+type SdewanNats struct {
+	Nats []SdewanNat `json:"nats"`
+}
+
+// Nat APIs
+// get nats
+func (f *NatClient) GetNats() (*SdewanNats, error) {
+	var response string
+	var err error
+	response, err = f.OpenwrtClient.Get(natBaseURL + "nats")
+	if err != nil {
+		return nil, err
+	}
+
+	var sdewanNats SdewanNats
+	err = json.Unmarshal([]byte(response), &sdewanNats)
+	if err != nil {
+		return nil, err
+	}
+
+	return &sdewanNats, nil
+}
+
+// get nat
+func (m *NatClient) GetNat(nat string) (*SdewanNat, error) {
+	var response string
+	var err error
+	response, err = m.OpenwrtClient.Get(natBaseURL + "nats/" + nat)
+	if err != nil {
+		return nil, err
+	}
+
+	var sdewanNat SdewanNat
+	err = json.Unmarshal([]byte(response), &sdewanNat)
+	if err != nil {
+		return nil, err
+	}
+
+	return &sdewanNat, nil
+}
+
+// create nat
+func (m *NatClient) CreateNat(nat SdewanNat) (*SdewanNat, error) {
+	var response string
+	var err error
+	nat_obj, _ := json.Marshal(nat)
+	response, err = m.OpenwrtClient.Post(natBaseURL+"nats", string(nat_obj))
+	if err != nil {
+		return nil, err
+	}
+
+	var sdewanNat SdewanNat
+	err = json.Unmarshal([]byte(response), &sdewanNat)
+	if err != nil {
+		return nil, err
+	}
+
+	return &sdewanNat, nil
+}
+
+// delete nat
+func (m *NatClient) DeleteNat(nat_name string) error {
+	_, err := m.OpenwrtClient.Delete(natBaseURL + "nats/" + nat_name)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// update nat
+func (m *NatClient) UpdateNat(nat SdewanNat) (*SdewanNat, error) {
+	var response string
+	var err error
+	nat_obj, _ := json.Marshal(nat)
+	nat_name := nat.Name
+	response, err = m.OpenwrtClient.Put(natBaseURL+"nats/"+nat_name, string(nat_obj))
+	if err != nil {
+		return nil, err
+	}
+
+	var sdewanNat SdewanNat
+	err = json.Unmarshal([]byte(response), &sdewanNat)
+	if err != nil {
+		return nil, err
+	}
+
+	return &sdewanNat, nil
+}
-- 
2.16.6