From 413c2e77c0797563d76834c5a5f7adb11b752ab4 Mon Sep 17 00:00:00 2001 From: GreatLazyMan Date: Tue, 28 Nov 2023 09:13:03 +0800 Subject: [PATCH] title: Add ipsec support Description: now user can define PSK Signed-off-by: GreatLazyMan --- pkg/apis/kosmos/v1alpha1/constants.go | 5 +++-- .../network-manager/handlers/pod_routes.go | 16 ++++++++++++++-- pkg/clusterlink/network/xfrm_policy.go | 1 + pkg/kosmosctl/install/install.go | 1 + pkg/kosmosctl/manifest/manifest_deployments.go | 6 +++++- 5 files changed, 24 insertions(+), 5 deletions(-) diff --git a/pkg/apis/kosmos/v1alpha1/constants.go b/pkg/apis/kosmos/v1alpha1/constants.go index 64aef33fc..7361a43b1 100644 --- a/pkg/apis/kosmos/v1alpha1/constants.go +++ b/pkg/apis/kosmos/v1alpha1/constants.go @@ -30,8 +30,9 @@ const ( ) const ( - DefaultPSK string = "bfd6224354977084568832b811226b3d6cff6685" - DefaultReqID int = 336 + DefaultPSK string = "bfd6224354977084568832b811226b3d6cff6685" + DefaultPSKPreStr = "WelcometoKosmos" + DefaultReqID int = 336 ) type IPSECDirection int diff --git a/pkg/clusterlink/network-manager/handlers/pod_routes.go b/pkg/clusterlink/network-manager/handlers/pod_routes.go index 4dad839e3..ab90a94ca 100644 --- a/pkg/clusterlink/network-manager/handlers/pod_routes.go +++ b/pkg/clusterlink/network-manager/handlers/pod_routes.go @@ -2,8 +2,12 @@ package handlers import ( "bytes" + "crypto/md5" //nolint:gosec + "encoding/hex" + "fmt" "hash/crc32" "net" + "os" "k8s.io/klog/v2" @@ -156,18 +160,26 @@ func BuildRoutes(ctx *Context, target *v1alpha1.ClusterNode, cidrs []string) { bt.WriteString(n.Name) } spi := crc32.ChecksumIEEE(bt.Bytes()) + + psk_pre := md5.Sum([]byte(os.Getenv("PSK_PRE_STR"))) //nolint:gosec + psk_suffix := fmt.Sprintf("%08x", spi) + psk_suffix_byte, _ := hex.DecodeString(psk_suffix) + psk_byte := append(psk_pre[:], psk_suffix_byte...) + psk := hex.EncodeToString(psk_byte) + klog.Infof("psk_suffix: %s,psk: %s", psk_suffix, psk) + ctx.Results[n.Name].XfrmStates = append(ctx.Results[n.Name].XfrmStates, v1alpha1.XfrmState{ LeftIP: n.Spec.IP, RightIP: target.Spec.ElasticIP, ReqID: v1alpha1.DefaultReqID, - PSK: v1alpha1.DefaultPSK, + PSK: psk, SPI: spi, }) ctx.Results[n.Name].XfrmStates = append(ctx.Results[n.Name].XfrmStates, v1alpha1.XfrmState{ RightIP: n.Spec.IP, LeftIP: target.Spec.ElasticIP, ReqID: v1alpha1.DefaultReqID, - PSK: v1alpha1.DefaultPSK, + PSK: psk, SPI: spi, }) for _, ncidr := range nPodCIDRs { diff --git a/pkg/clusterlink/network/xfrm_policy.go b/pkg/clusterlink/network/xfrm_policy.go index d4a96ccb2..f9d56fbcc 100644 --- a/pkg/clusterlink/network/xfrm_policy.go +++ b/pkg/clusterlink/network/xfrm_policy.go @@ -165,6 +165,7 @@ func ListXfrmState() ([]clusterlinkv1alpha1.XfrmState, error) { RightIP: state.Dst.String(), ReqID: state.Reqid, PSK: k, + SPI: uint32(state.Spi), }) } return ret, nil diff --git a/pkg/kosmosctl/install/install.go b/pkg/kosmosctl/install/install.go index fa0f09827..742a170d0 100644 --- a/pkg/kosmosctl/install/install.go +++ b/pkg/kosmosctl/install/install.go @@ -299,6 +299,7 @@ func (o *CommandInstallOptions) runClusterlink() error { Namespace: o.Namespace, ImageRepository: o.ImageRegistry, Version: version.GetReleaseVersion().PatchRelease(), + PSKPreStr: v1alpha1.DefaultPSKPreStr, }) if err != nil { return err diff --git a/pkg/kosmosctl/manifest/manifest_deployments.go b/pkg/kosmosctl/manifest/manifest_deployments.go index 734b0eeaf..269de0d8a 100644 --- a/pkg/kosmosctl/manifest/manifest_deployments.go +++ b/pkg/kosmosctl/manifest/manifest_deployments.go @@ -34,6 +34,9 @@ spec: requests: cpu: 500m memory: 500Mi + env: + - name: PSK_PRE_STR + value: "{{ .PSKPreStr }}" ` KosmosOperatorDeployment = ` @@ -251,5 +254,6 @@ type DeploymentReplace struct { ImageRepository string Version string - UseProxy string + UseProxy string + PSKPreStr string }