title: Add ipsec support

Description: now user can define PSK Signed-off-by: GreatLazyMan <[email protected]>
GreatLazyMan · Nov 28, 2023 · 413c2e7 · 413c2e7
1 parent 5b71e84
commit 413c2e7
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 5 deletions.
diff --git a/pkg/apis/kosmos/v1alpha1/constants.go b/pkg/apis/kosmos/v1alpha1/constants.go
@@ -30,8 +30,9 @@ const (
 )
 
 const (
-	DefaultPSK   string = "bfd6224354977084568832b811226b3d6cff6685"
-	DefaultReqID int    = 336
+	DefaultPSK       string = "bfd6224354977084568832b811226b3d6cff6685"
+	DefaultPSKPreStr        = "WelcometoKosmos"
+	DefaultReqID     int    = 336
 )
 
 type IPSECDirection int

diff --git a/pkg/clusterlink/network-manager/handlers/pod_routes.go b/pkg/clusterlink/network-manager/handlers/pod_routes.go
@@ -2,8 +2,12 @@ package handlers
 
 import (
 	"bytes"
+	"crypto/md5" //nolint:gosec
+	"encoding/hex"
+	"fmt"
 	"hash/crc32"
 	"net"
+	"os"
 
 	"k8s.io/klog/v2"
 
@@ -156,18 +160,26 @@ func BuildRoutes(ctx *Context, target *v1alpha1.ClusterNode, cidrs []string) {
 						bt.WriteString(n.Name)
 					}
 					spi := crc32.ChecksumIEEE(bt.Bytes())
+
+					psk_pre := md5.Sum([]byte(os.Getenv("PSK_PRE_STR"))) //nolint:gosec
+					psk_suffix := fmt.Sprintf("%08x", spi)
+					psk_suffix_byte, _ := hex.DecodeString(psk_suffix)
+					psk_byte := append(psk_pre[:], psk_suffix_byte...)
+					psk := hex.EncodeToString(psk_byte)
+					klog.Infof("psk_suffix: %s,psk: %s", psk_suffix, psk)
+
 					ctx.Results[n.Name].XfrmStates = append(ctx.Results[n.Name].XfrmStates, v1alpha1.XfrmState{
 						LeftIP:  n.Spec.IP,
 						RightIP: target.Spec.ElasticIP,
 						ReqID:   v1alpha1.DefaultReqID,
-						PSK:     v1alpha1.DefaultPSK,
+						PSK:     psk,
 						SPI:     spi,
 					})
 					ctx.Results[n.Name].XfrmStates = append(ctx.Results[n.Name].XfrmStates, v1alpha1.XfrmState{
 						RightIP: n.Spec.IP,
 						LeftIP:  target.Spec.ElasticIP,
 						ReqID:   v1alpha1.DefaultReqID,
-						PSK:     v1alpha1.DefaultPSK,
+						PSK:     psk,
 						SPI:     spi,
 					})
 					for _, ncidr := range nPodCIDRs {

diff --git a/pkg/clusterlink/network/xfrm_policy.go b/pkg/clusterlink/network/xfrm_policy.go
@@ -165,6 +165,7 @@ func ListXfrmState() ([]clusterlinkv1alpha1.XfrmState, error) {
 			RightIP: state.Dst.String(),
 			ReqID:   state.Reqid,
 			PSK:     k,
+			SPI:     uint32(state.Spi),
 		})
 	}
 	return ret, nil

diff --git a/pkg/kosmosctl/install/install.go b/pkg/kosmosctl/install/install.go
@@ -299,6 +299,7 @@ func (o *CommandInstallOptions) runClusterlink() error {
 		Namespace:       o.Namespace,
 		ImageRepository: o.ImageRegistry,
 		Version:         version.GetReleaseVersion().PatchRelease(),
+		PSKPreStr:       v1alpha1.DefaultPSKPreStr,
 	})
 	if err != nil {
 		return err

diff --git a/pkg/kosmosctl/manifest/manifest_deployments.go b/pkg/kosmosctl/manifest/manifest_deployments.go
@@ -34,6 +34,9 @@ spec:
             requests:
               cpu: 500m
               memory: 500Mi
+          env:
+          - name: PSK_PRE_STR
+            value: "{{ .PSKPreStr }}"
 `
 
 	KosmosOperatorDeployment = `
@@ -251,5 +254,6 @@ type DeploymentReplace struct {
 	ImageRepository string
 	Version         string
 
-	UseProxy string
+	UseProxy  string
+	PSKPreStr string
 }