Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add usage doc for Network and LoadBalancer #1215

Merged
merged 3 commits into from
Jan 17, 2025
Merged

Add usage doc for Network and LoadBalancer #1215

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
134983c
add usage doc for network and loadbalancer
ushabelgur Jan 9, 2025
875d974
refactoring
ushabelgur Jan 9, 2025
2be7bc2
incorporating review comments
ushabelgur Jan 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
63 changes: 63 additions & 0 deletions docs/usage/networking/loadbalancer.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,64 @@
# LoadBalancer

A `LoadBalancer` resource is an L3(IP-based) load balancer service implementation provided by Ironcore. It provides an externally accessible IP address that sends traffic to the correct port on your cluster nodes. Ironcore LoadBalancer allows targeting multiple `NetworkInterfaces` and distributes traffic between them. This LoadBalancer supports dual stack IP addresses (IPv4/IPv6).

## Example Network Resource
An example of how to define a `LoadBalancer` resource in `Ironcore`
```
apiVersion: networking.ironcore.dev/v1alpha1
kind: LoadBalancer
metadata:
namespace: default
name: loadbalancer-sample
spec:
type: Public
ipFamilies: [IPv4]
networkRef:
name: network-sample
networkInterfaceSelector:
matchLabels:
app: web
ports:
- port: 80

```
(`Note`: Refer to <a href="https://github.com/ironcore-dev/ironcore/tree/main/config/samples/e2e/loadbalancer-public">E2E Examples</a> for more detailed examples.)

# Key Fields:
- `type`(`string`): The type of `LoadBalancer`. Currently two types of `Loadbalancer` are supported:
- `Public`: LoadBalancer that allocates public IP and routes a stable public IP.
- `Internal`: LoadBalancer that allocates and routes network-internal, stable IPs.
- `ipFamilies`(`list`): ipFamilies are the IP families the LoadBalancer should have(Supported values are `IPv4` and `IPv6`).
- `ips`(`list`): The ips are the list of IPs to use. This can only be used when the type is LoadBalancerTypeInternal.
- `networkRef`(`string`): networkRef is the Network this LoadBalancer should belong to.
- `networkInterfaceSelector`(`labelSelector`): networkInterfaceSelector defines the NetworkInterfaces for which this LoadBalancer should be applied
- `ports`(`list`): ports are the list of LoadBalancer ports should allow
- `protocol`(`string`): protocol is the protocol the load balancer should allow. Supported protocols are `UDP`, `TCP`, and `SCTP`, if not specified defaults to TCP.
- `port`(`int`): port is the port to allow.
- `endPort`(`int`): endPort marks the end of the port range to allow. If unspecified, only a single port `port` will be allowed.

# Reconciliation Process:

- **NetworkInterfaces selection**: LoadBalancerController continuously watches for `LoadBalancer` resources and reconciles. LoadBalancer resource dynamically selects multiple target `NetworkInterfaces` via a `networkInterfaceSelector` LabelSelector from the spec. Once the referenced Network is in `Available` state, the Loadbalancer destination IP list and referencing `NetworkInterface` is prepared by iterating over selected NetworkIntrefaces status information.

- **Preparing Routing State Object**: Once the destination list is available `LoadBalancerRouting` resource is created. `LoadBalancerRouting` describes `NetworkInterfaces` load balanced traffic is routed to. This object describes the state of the LoadBalancer and results of the LoadBalancer definition specifically `networkInterfaceSelector` and `networkRef`.
Later this information is used at the Ironcore API level to describe the explicit targets in a pool traffic is routed to.

Sample `LoadBalancerRouting` object(`Note`: it is created by LoadBalancerController)
```
apiVersion: networking.ironcore.dev/v1alpha1
kind: LoadBalancerRouting
metadata:
namespace: default
name: loadbalancer-sample # Same name as the load balancer it originates from.
# networkRef references the exact network object the routing belongs to.
networkRef:
name: network-sample
# destinations list the target network interface instances (including UID) for load balancing.
destinations:
- name: my-machine-interface-1
uid: 2020dcf9-e030-427e-b0fc-4fec2016e73a
- name: my-machine-interface-2
uid: 2020dcf9-e030-427e-b0fc-4fec2016e73d
```
**LoadBalancer status update**: The `LoadBalancerController` in ironcore-net takes care of allocating IPs for defined `ipFamilies` in the spec and updates them in its `status.ips`.
41 changes: 41 additions & 0 deletions docs/usage/networking/network.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,42 @@
# Network

A `Network` resource in `Ironcore` refers to a logically isolated network.
This further allows you to fully control your networking environment, including resource placement, connectivity, peering and security.
The `NetworkController` reconciler leverages this information to create a Network in Ironcore infrastructure.
`Machine` type is provided with provision to integrate with the Network via `NetworkInterface`.

## Example Network Resource
An example of how to define a `Network` resource in `Ironcore`
```
apiVersion: networking.ironcore.dev/v1alpha1
kind: Network
metadata:
name: network-sample
spec:
peerings:
- name: peering1
networkRef:
name: network-sample2
```

# Key Fields:
- `providerID`(`string`): providerID is the provider-internal ID of the network.
- `peerings`(`list`): peerings are the list of network peerings with this network(Optional).
- `incomingPeerings`(`list`): incomingPeerings is a list of PeeringClaimRefs which is nothing but peering claim references of other networks.

# Reconciliation Process:

- **Network creation**: `ironcore-net` which is the network provider for Ironcore realizes the `Network` resource via `apinetlet` controllers. When an Ironcore `Network` is created, a corresponding `core.apinet.ironcore.dev/Network` is created in the apinet cluster. The name of the Network in the apinet cluster is the uid of the Network in the Ironcore cluster.

Once created and with an allocated ID, the Ironcore Network will be patched with the corresponding provider ID of the apinet Network and set to state: Available. The provider ID format & parsing can be found in provider.go.
Once resource is in available state status is marked to `Available`. The format of a network provider ID is as follows:
`ironcore-net://<namespace>/<name>/<id>/<uid>`

- **Network peering process**: Network peering is a technique used to interleave two isolated networks, allowing members of both networks to communicate with each
other as if they were in the same networking domain, `NetworkPeeringController` facilitates this process.
- Information related to the referenced `Network` to be paired with is retrieved from the `peering` part of the spec.
- Validation is done to see if both Networks have specified a matching peering item (i.e. reference each other via `networkRef`) to mutually accept the peering.
- The (binding) phase of a `spec.peerings` item is reflected in a corresponding `status.peerings` item with the same name.
The phase can either be `Pending`, meaning there is no active peering or `Bound` meaning the peering as described in the `spec.peerings` item is in place.

- **Network Release Controller**: `NetworkReleaseController` continuously checks if claiming Networks in other Network's peerings section still exist if not present it will be removed from the `incomingPeerings` list.
Loading