loxilb-iogh-877 Initial support for egress

TrekkieCoder · Dec 9, 2024 · 7db0331 · 7db0331
1 parent c199d1e
commit 7db0331
Show file tree

Hide file tree

Showing 6 changed files with 33 additions and 0 deletions.
diff --git a/api/models/loadbalance_entry.go b/api/models/loadbalance_entry.go
diff --git a/api/restapi/embedded_spec.go b/api/restapi/embedded_spec.go
diff --git a/api/restapi/handler/loadbalancer.go b/api/restapi/handler/loadbalancer.go
@@ -50,6 +50,7 @@ func ConfigPostLoadbalancer(params operations.PostConfigLoadbalancerParams) midd
 	lbRules.Serv.Oper = cmn.LBOp(params.Attr.ServiceArguments.Oper)
 	lbRules.Serv.HostUrl = params.Attr.ServiceArguments.Host
 	lbRules.Serv.ProxyProtocolV2 = params.Attr.ServiceArguments.Proxyprotocolv2
+	lbRules.Serv.Egress = params.Attr.ServiceArguments.Egress
 
 	if lbRules.Serv.Proto == "sctp" {
 		for _, data := range params.Attr.SecondaryIPs {
@@ -175,6 +176,7 @@ func ConfigGetLoadbalancer(params operations.GetConfigLoadbalancerAllParams) mid
 		tmpSvc.Snat = lb.Serv.Snat
 		tmpSvc.Host = lb.Serv.HostUrl
 		tmpSvc.Proxyprotocolv2 = lb.Serv.ProxyProtocolV2
+		tmpSvc.Egress = lb.Serv.Egress
 
 		tmpLB.ServiceArguments = &tmpSvc
 

diff --git a/api/swagger.yml b/api/swagger.yml
@@ -3041,6 +3041,9 @@ definitions:
           proxyprotocolv2:
             type: boolean
             description: flag to enable proxy protocol v2
+          egress:
+            type: boolean
+            description: flag to indicate an egress rule
 
       endpoints:
         type: array

diff --git a/common/common.go b/common/common.go
@@ -583,6 +583,8 @@ type LbServiceArg struct {
 	HostUrl string `json:"path"`
 	// ProxyProtocolV2 - Enable proxy protocol v2
 	ProxyProtocolV2 bool `json:"proxyprotocolv2"`
+	// Egress - Egress Rule
+	Egress bool `json:"egress"`
 }
 
 // LbEndPointArg - Information related to load-balancer end-point

diff --git a/pkg/loxinet/rules.go b/pkg/loxinet/rules.go
@@ -293,6 +293,7 @@ type ruleEnt struct {
 	inst     string
 	secMode  cmn.LBSec
 	ppv2En   bool
+	egress   bool
 	srcList  []*allowedSrcElem
 	locIPs   map[string]struct{}
 }
@@ -821,6 +822,7 @@ func (R *RuleH) GetLBRule() ([]cmn.LbRuleMod, error) {
 		ret.Serv.Name = data.name
 		ret.Serv.HostUrl = data.tuples.path
 		ret.Serv.ProxyProtocolV2 = data.ppv2En
+		ret.Serv.Egress = data.egress
 		if data.act.actType == RtActSnat {
 			ret.Serv.Snat = true
 		}
@@ -1696,6 +1698,10 @@ func (R *RuleH) AddLbRule(serv cmn.LbServiceArg, servSecIPs []cmn.LbSecIPArg, al
 			return RuleExistsErr, errors.New("lbrule-exist error: cant modify rule security mode")
 		}
 
+		if eRule.egress != serv.Egress {
+			return RuleExistsErr, errors.New("lbrule-exist error: cant modify rule egress mode")
+		}
+
 		if len(retEps) == 0 {
 			tk.LogIt(tk.LogDebug, "lb-rule %s has no-endpoints: to be deleted\n", eRule.tuples.String())
 			return R.DeleteLbRule(serv)
@@ -1790,6 +1796,7 @@ func (R *RuleH) AddLbRule(serv cmn.LbServiceArg, servSecIPs []cmn.LbSecIPArg, al
 	r.secIP = nSecIP
 	r.secMode = serv.Security
 	r.ppv2En = serv.ProxyProtocolV2
+	r.egress = serv.Egress
 
 	// Per LB end-point health-check is supposed to be handled at kube-loxilb/CCM,
 	// but it certain cases like stand-alone mode, loxilb can do its own
@@ -2786,6 +2793,10 @@ func (r *ruleEnt) LB2DP(work DpWorkT) int {
 		return -1
 	}
 
+	if r.egress {
+		return 0
+	}
+
 	nWork := new(LBDpWorkQ)
 
 	nWork.Work = work