From 1277cc5cfb20426ebaeadb9b5f5edcc22de3f3e6 Mon Sep 17 00:00:00 2001
From: Alexander Constantinescu <aconstan@redhat.com>
Date: Thu, 2 Jul 2020 10:49:59 +0200
Subject: [PATCH] Configuring OVN for egressIP

Signed-off-by: Alexander Constantinescu <aconstan@redhat.com>
---
 contrib/kind.sh                       | 4 +++-
 dist/images/daemonset.sh              | 9 +++++++++
 dist/images/ovnkube.sh                | 5 +++++
 dist/templates/ovn-setup.yaml.j2      | 5 +++++
 dist/templates/ovnkube-master.yaml.j2 | 2 ++
 dist/templates/ovnkube-node.yaml.j2   | 2 ++
 dist/yaml/.gitignore                  | 1 +
 7 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/contrib/kind.sh b/contrib/kind.sh
index 2f61bb76642..a36ed114bae 100755
--- a/contrib/kind.sh
+++ b/contrib/kind.sh
@@ -280,10 +280,12 @@ docker build -t ovn-daemonset-f:dev -f Dockerfile.fedora .
   --k8s-apiserver=https://[${API_IP}]:11337 \
   --ovn-master-count=${KIND_NUM_MASTER} \
   --kind \
-  --master-loglevel=5
+  --master-loglevel=5 \
+  --egress-ip-enable=true
 popd
 kind load docker-image ovn-daemonset-f:dev --name ${KIND_CLUSTER_NAME}
 pushd ../dist/yaml
+run_kubectl apply -f k8s.ovn.org_egressips.yaml 
 run_kubectl apply -f ovn-setup.yaml
 CONTROL_NODES=$(docker ps -f name=ovn-control | grep -v NAMES | awk '{ print $NF }')
 for n in $CONTROL_NODES; do
diff --git a/dist/images/daemonset.sh b/dist/images/daemonset.sh
index a9ea8c09d30..1f15623e1e1 100755
--- a/dist/images/daemonset.sh
+++ b/dist/images/daemonset.sh
@@ -35,6 +35,7 @@ OVN_MASTER_COUNT=""
 OVN_REMOTE_PROBE_INTERVAL=""
 OVN_HYBRID_OVERLAY_ENABLE=""
 OVN_MULTICAST_ENABLE=""
+OVN_EGRESSIP_ENABLE=
 
 # Parse parameters given as arguments to this script.
 while [ "$1" != "" ]; do
@@ -131,6 +132,9 @@ while [ "$1" != "" ]; do
   --multicast-enabled)
     OVN_MULTICAST_ENABLE=$VALUE
     ;;
+  --egress-ip-enable)
+    OVN_EGRESSIP_ENABLE=$VALUE
+    ;;
   *)
     echo "WARNING: unknown parameter \"$PARAM\""
     exit 1
@@ -180,6 +184,8 @@ ovnkube_logfile_maxage=${OVNKUBE_LOGFILE_MAXAGE:-"5"}
 echo "ovnkube_logfile_maxage: ${ovnkube_logfile_maxage}"
 ovn_hybrid_overlay_enable=${OVN_HYBRID_OVERLAY_ENABLE}
 echo "ovn_hybrid_overlay_enable: ${ovn_hybrid_overlay_enable}"
+ovn_egress_ip_enable=${OVN_EGRESSIP_ENABLE}
+echo "ovn_egress_ip_enable: ${ovn_egress_ip_enable}"
 ovn_hybrid_overlay_net_cidr=${OVN_HYBRID_OVERLAY_NET_CIDR}
 echo "ovn_hybrid_overlay_net_cidr: ${ovn_hybrid_overlay_net_cidr}"
 ovn_ssl_en=${OVN_SSL_ENABLE:-"no"}
@@ -216,6 +222,7 @@ ovn_image=${image} \
   ovn_hybrid_overlay_net_cidr=${ovn_hybrid_overlay_net_cidr} \
   ovn_hybrid_overlay_enable=${ovn_hybrid_overlay_enable} \
   ovn_multicast_enable=${ovn_multicast_enable} \
+  ovn_egress_ip_enable=${ovn_egress_ip_enable} \
   ovn_ssl_en=${ovn_ssl_en} \
   ovn_remote_probe_interval=${ovn_remote_probe_interval} \
   j2 ../templates/ovnkube-node.yaml.j2 -o ../yaml/ovnkube-node.yaml
@@ -231,6 +238,7 @@ ovn_image=${image} \
   ovn_hybrid_overlay_net_cidr=${ovn_hybrid_overlay_net_cidr} \
   ovn_hybrid_overlay_enable=${ovn_hybrid_overlay_enable} \
   ovn_multicast_enable=${ovn_multicast_enable} \
+  ovn_egress_ip_enable=${ovn_egress_ip_enable} \
   ovn_ssl_en=${ovn_ssl_en} \
   ovn_master_count=${ovn_master_count} \
   ovn_gateway_mode=${ovn_gateway_mode} \
@@ -275,5 +283,6 @@ net_cidr=${net_cidr} svc_cidr=${svc_cidr} \
   j2 ../templates/ovn-setup.yaml.j2 -o ../yaml/ovn-setup.yaml
 
 cp ../templates/ovnkube-monitor.yaml.j2 ../yaml/ovnkube-monitor.yaml
+cp ../templates/k8s.ovn.org_egressips.yaml.j2 ../yaml/k8s.ovn.org_egressips.yaml
 
 exit 0
diff --git a/dist/images/ovnkube.sh b/dist/images/ovnkube.sh
index cf95e36cc2f..f882252150b 100755
--- a/dist/images/ovnkube.sh
+++ b/dist/images/ovnkube.sh
@@ -66,6 +66,7 @@ fi
 # OVN_SB_RAFT_ELECTION_TIMER - ovn south db election timer in ms (default 1000)
 # OVN_SSL_ENABLE - use SSL transport to NB/SB db and northd (default: no)
 # OVN_REMOTE_PROBE_INTERVAL - ovn remote probe interval in ms (default 100000)
+# OVN_EGRESSIP_ENABLE - enable egress IP for ovn-kubernetes
 
 # The argument to the command is the operation to be performed
 # ovn-master ovn-controller ovn-node display display_env ovn_debug
@@ -175,6 +176,8 @@ ovn_hybrid_overlay_net_cidr=${OVN_HYBRID_OVERLAY_NET_CIDR:-}
 #OVN_REMOTE_PROBE_INTERVAL - ovn remote probe interval in ms (default 100000)
 ovn_remote_probe_interval=${OVN_REMOTE_PROBE_INTERVAL:-100000}
 ovn_multicast_enable=${OVN_MULTICAST_ENABLE:-}
+#OVN_EGRESSIP_ENABLE - enable egress IP for ovn-kubernetes
+egressip_enable=${OVN_EGRESSIP_ENABLE:-false}
 
 # Determine the ovn rundir.
 if [[ -f /usr/bin/ovn-appctl ]]; then
@@ -797,6 +800,7 @@ ovn-master() {
     --logfile /var/log/ovn-kubernetes/ovnkube-master.log \
     ${ovn_master_ssl_opts} \
     ${multicast_enabled_flag} \
+    --egress-ip-enable ${egressip_enable} \
     --metrics-bind-address "0.0.0.0:9409" &
   echo "=============== ovn-master ========== running"
   wait_for_event attempts=3 process_ready ovnkube-master
@@ -923,6 +927,7 @@ ovn-node() {
     ${ovn_node_ssl_opts} \
     --inactivity-probe=${ovn_remote_probe_interval} \
     ${multicast_enabled_flag} \
+    --egress-ip-enable ${egressip_enable} \
     --metrics-bind-address "0.0.0.0:9410" &
 
   wait_for_event attempts=3 process_ready ovnkube
diff --git a/dist/templates/ovn-setup.yaml.j2 b/dist/templates/ovn-setup.yaml.j2
index 858847cbafc..b475ef5458f 100644
--- a/dist/templates/ovn-setup.yaml.j2
+++ b/dist/templates/ovn-setup.yaml.j2
@@ -69,6 +69,11 @@ rules:
   - nodes
   - pods
   verbs: ["patch", "update"]
+- apiGroups:
+  - k8s.ovn.org
+  resources:
+  - egressips
+  verbs: ["create", "list", "get", "watch", "patch", "update"]
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1
diff --git a/dist/templates/ovnkube-master.yaml.j2 b/dist/templates/ovnkube-master.yaml.j2
index 5e52a53516c..0e56e9fcad7 100644
--- a/dist/templates/ovnkube-master.yaml.j2
+++ b/dist/templates/ovnkube-master.yaml.j2
@@ -234,6 +234,8 @@ spec:
               fieldPath: metadata.namespace
         - name: OVN_HYBRID_OVERLAY_ENABLE
           value: "{{ ovn_hybrid_overlay_enable }}"
+        - name: OVN_EGRESSIP_ENABLE
+          value: "{{ ovn_egress_ip_enable }}"
         - name: OVN_HYBRID_OVERLAY_NET_CIDR
           value: "{{ ovn_hybrid_overlay_net_cidr }}"
         - name: OVN_SSL_ENABLE
diff --git a/dist/templates/ovnkube-node.yaml.j2 b/dist/templates/ovnkube-node.yaml.j2
index d06d24ff9cc..be7362be4df 100644
--- a/dist/templates/ovnkube-node.yaml.j2
+++ b/dist/templates/ovnkube-node.yaml.j2
@@ -244,6 +244,8 @@ spec:
           value: "{{ ovn_gateway_opts }}"
         - name: OVN_HYBRID_OVERLAY_ENABLE
           value: "{{ ovn_hybrid_overlay_enable }}"
+        - name: OVN_EGRESSIP_ENABLE
+          value: "{{ ovn_egress_ip_enable }}"
         - name: OVN_HYBRID_OVERLAY_NET_CIDR
           value: "{{ ovn_hybrid_overlay_net_cidr }}"
         - name: OVN_SSL_ENABLE
diff --git a/dist/yaml/.gitignore b/dist/yaml/.gitignore
index 4db0fdc6cec..2a91861cc13 100644
--- a/dist/yaml/.gitignore
+++ b/dist/yaml/.gitignore
@@ -4,3 +4,4 @@ ovnkube-db.yaml
 ovnkube-node.yaml
 ovnkube-monitor.yaml
 ovnkube-db-raft.yaml
+k8s.ovn.org_egressips.yaml