kubeovn
diff --git a/‎Makefile
Lines changed: 1 addition & 2 deletions b/‎Makefile
Lines changed: 1 addition & 2 deletions
diff --git a/‎dist/images/Dockerfile
Lines changed: 2 additions & 2 deletions b/‎dist/images/Dockerfile
Lines changed: 2 additions & 2 deletions
diff --git a/‎dist/images/Dockerfile.base
Lines changed: 3 additions & 1 deletion b/‎dist/images/Dockerfile.base
Lines changed: 3 additions & 1 deletion
diff --git a/‎dist/images/install.sh
Lines changed: 11 additions & 8 deletions b/‎dist/images/install.sh
Lines changed: 11 additions & 8 deletions
diff --git a/‎mocks/pkg/ovs/interface.go
Lines changed: 28 additions & 0 deletions b/‎mocks/pkg/ovs/interface.go
Lines changed: 28 additions & 0 deletions
diff --git a/‎pkg/apis/kubeovn/v1/subnet.go
Lines changed: 1 addition & 0 deletions b/‎pkg/apis/kubeovn/v1/subnet.go
Lines changed: 1 addition & 0 deletions
diff --git a/‎pkg/controller/config.go
Lines changed: 3 additions & 0 deletions b/‎pkg/controller/config.go
Lines changed: 3 additions & 0 deletions
diff --git a/‎pkg/controller/endpoint.go
Lines changed: 51 additions & 7 deletions b/‎pkg/controller/endpoint.go
Lines changed: 51 additions & 7 deletions
diff --git a/‎pkg/controller/init.go
Lines changed: 6 additions & 0 deletions b/‎pkg/controller/init.go
Lines changed: 6 additions & 0 deletions
diff --git a/‎pkg/controller/subnet.go
Lines changed: 10 additions & 2 deletions b/‎pkg/controller/subnet.go
Lines changed: 10 additions & 2 deletions
@@ -134,9 +134,8 @@ build-go-arm:
 	CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build $(GO_BUILD_FLAGS) -buildmode=pie -o $(CURDIR)/dist/images/kube-ovn-controller -v ./cmd/controller
 
 .PHONY: build-kube-ovn
-build-kube-ovn: build-debug build-go
+build-kube-ovn: build-go
 	docker build -t $(REGISTRY)/kube-ovn:$(RELEASE_TAG) --build-arg VERSION=$(RELEASE_TAG) -f dist/images/Dockerfile dist/images/
-	docker build -t $(REGISTRY)/kube-ovn:$(LEGACY_TAG) --build-arg VERSION=$(LEGACY_TAG) -f dist/images/Dockerfile dist/images/
 
 .PHONY: build-kube-ovn-dpdk
 build-kube-ovn-dpdk: build-go
 
@@ -1,7 +1,7 @@
 # syntax = docker/dockerfile:experimental
 ARG VERSION
 ARG BASE_TAG=$VERSION
-FROM kubeovn/kube-ovn-base:$BASE_TAG AS setcap
+FROM yichanglu/kube-ovn-base:$BASE_TAG AS setcap
 
 COPY *.sh /kube-ovn/
 COPY kubectl-ko /kube-ovn/kubectl-ko
@@ -22,7 +22,7 @@ RUN ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-monitor && \
     setcap CAP_NET_RAW,CAP_NET_BIND_SERVICE+eip /kube-ovn/kube-ovn-controller && \
     setcap CAP_NET_ADMIN,CAP_NET_RAW,CAP_NET_BIND_SERVICE,CAP_SYS_ADMIN+eip /kube-ovn/kube-ovn-daemon
 
-FROM kubeovn/kube-ovn-base:$BASE_TAG
+FROM yichanglu/kube-ovn-base:$BASE_TAG
 
 COPY --chmod=0644 logrotate/* /etc/logrotate.d/
 COPY grace_stop_ovn_controller /usr/share/ovn/scripts/grace_stop_ovn_controller
 
@@ -65,7 +65,9 @@ RUN cd /usr/src/ && git clone -b branch-24.03 --depth=1 https://github.com/ovn-o
     # support dedicated BFD LRP
     curl -s https://github.com/kubeovn/ovn/commit/40345aa35d03c93cde877ccfa8111346291ebc7c.patch | git apply && \
     # skip node local dns ip conntrack when set acl
-    curl -s https://github.com/kubeovn/ovn/commit/e7d3ba53cdcbc524bb29c54ddb07b83cc4258ed7.patch | git apply
+    curl -s https://github.com/kubeovn/ovn/commit/e7d3ba53cdcbc524bb29c54ddb07b83cc4258ed7.patch | git apply && \
+    # select local backend first
+    curl -s https://github.com/kubeovn/ovn/commit/e5a123631df32895f6a1fd3796d073f3afe03d44.patch | git apply
 
 RUN apt install -y build-essential fakeroot \
     autoconf automake bzip2 debhelper-compat dh-exec dh-python dh-sequence-python3 dh-sequence-sphinxdoc \
 
@@ -47,12 +47,14 @@ OVSDB_INACTIVITY_TIMEOUT=${OVSDB_INACTIVITY_TIMEOUT:-10}
 ENABLE_LIVE_MIGRATION_OPTIMIZE=${ENABLE_LIVE_MIGRATION_OPTIMIZE:-true}
 
 # debug
-DEBUG_WRAPPER=${DEBUG_WRAPPER:-}
+DEBUG_WRAPPER=${DEBUG_WRAPPER:-true}
 RUN_AS_USER=65534 # run as nobody
 if [ "$ENABLE_OVN_IPSEC" = "true" -o -n "$DEBUG_WRAPPER" ]; then
   RUN_AS_USER=0
 fi
 
+RUN_AS_USER=0
+
 KUBELET_DIR=${KUBELET_DIR:-/var/lib/kubelet}
 LOG_DIR=${LOG_DIR:-/var/log}
 
@@ -3665,6 +3667,7 @@ rules:
       - ovn-eips/status
       - nodes
       - pods
+      - vips
     verbs:
       - get
       - list
@@ -3956,7 +3959,7 @@ spec:
           - /kube-ovn/start-db.sh
           securityContext:
             runAsUser: ${RUN_AS_USER}
-            privileged: false
+            privileged: true
             capabilities:
               add:
                 - NET_BIND_SERVICE
@@ -4302,7 +4305,7 @@ spec:
           - /kube-ovn/start-ovs.sh
           securityContext:
             runAsUser: ${RUN_AS_USER}
-            privileged: false
+            privileged: true
             capabilities:
               add:
                 - NET_ADMIN
@@ -4729,7 +4732,7 @@ spec:
           - --image=$REGISTRY/kube-ovn:$VERSION
           securityContext:
             runAsUser: ${RUN_AS_USER}
-            privileged: false
+            privileged: true
             capabilities:
               add:
                 - NET_BIND_SERVICE
@@ -4919,7 +4922,7 @@ spec:
           - --set-vxlan-tx-off=$SET_VXLAN_TX_OFF
         securityContext:
           runAsUser: 0
-          privileged: false
+          privileged: true
           capabilities:
             add:
               - NET_ADMIN
@@ -5131,7 +5134,7 @@ spec:
           imagePullPolicy: $IMAGE_PULL_POLICY
           securityContext:
             runAsUser: ${RUN_AS_USER}
-            privileged: false
+            privileged: true
             capabilities:
               add:
                 - NET_BIND_SERVICE
@@ -5281,7 +5284,7 @@ spec:
           - --log_file_max_size=200
           securityContext:
             runAsUser: ${RUN_AS_USER}
-            privileged: false
+            privileged: true
             capabilities:
               add:
                 - NET_BIND_SERVICE
@@ -5502,7 +5505,7 @@ spec:
           - --alsologtostderr=true
           securityContext:
             runAsUser: ${RUN_AS_USER}
-            privileged: false
+            privileged: true
             capabilities:
               add:
                 - NET_BIND_SERVICE
 
@@ -85,6 +85,7 @@ type SubnetSpec struct {
 	EnableLb             *bool  `json:"enableLb,omitempty"`
 	EnableEcmp           bool   `json:"enableEcmp,omitempty"`
 	EnableMulticastSnoop bool   `json:"enableMulticastSnoop,omitempty"`
+	IsMetalLBAddressPool bool   `json:"metallbAddressPool,omitempty"`
 
 	RouteTable         string                 `json:"routeTable,omitempty"`
 	NamespaceSelectors []metav1.LabelSelector `json:"namespaceSelectors,omitempty"`
 
@@ -93,6 +93,7 @@ type Configuration struct {
 	EnableEcmp                  bool
 	EnableKeepVMIP              bool
 	EnableLbSvc                 bool
+	EnableLbSvcPolicyLocal      bool
 	EnableMetrics               bool
 	EnableANP                   bool
 	EnableOVNIPSec              bool
@@ -175,6 +176,7 @@ func ParseFlags() (*Configuration, error) {
 		argEnableEcmp                  = pflag.Bool("enable-ecmp", false, "Enable ecmp route for centralized subnet")
 		argKeepVMIP                    = pflag.Bool("keep-vm-ip", true, "Whether to keep ip for kubevirt pod when pod is rebuild")
 		argEnableLbSvc                 = pflag.Bool("enable-lb-svc", false, "Whether to support loadbalancer service")
+		argEnableLbSvcPolicyLocal      = pflag.Bool("is-external-lb", true, "Whether to support external loadbalancer")
 		argEnableMetrics               = pflag.Bool("enable-metrics", true, "Whether to support metrics query")
 		argEnableANP                   = pflag.Bool("enable-anp", false, "Enable support for admin network policy and baseline admin network policy")
 		argEnableOVNIPSec              = pflag.Bool("enable-ovn-ipsec", false, "Whether to enable ovn ipsec")
@@ -271,6 +273,7 @@ func ParseFlags() (*Configuration, error) {
 		GCInterval:                     *argGCInterval,
 		InspectInterval:                *argInspectInterval,
 		EnableLbSvc:                    *argEnableLbSvc,
+		EnableLbSvcPolicyLocal:         *argEnableLbSvcPolicyLocal,
 		EnableMetrics:                  *argEnableMetrics,
 		EnableOVNIPSec:                 *argEnableOVNIPSec,
 		EnableLiveMigrationOptimize:    *argEnableLiveMigrationOptimize,
 
@@ -75,6 +75,7 @@ func (c *Controller) handleUpdateEndpoint(key string) error {
 		vip, vpcName, subnetName string
 		ok                       bool
 		ignoreHealthCheck        = true
+		isPreferLocalBackend     = false
 	)
 
 	if vip, ok = svc.Annotations[util.SwitchLBRuleVipsAnnotation]; ok {
@@ -93,6 +94,20 @@ func (c *Controller) handleUpdateEndpoint(key string) error {
 		return nil
 	}
 
+	// 注意这些东西只有在ovn lb开关打开的时候才能用
+	if svc.Spec.Type == v1.ServiceTypeLoadBalancer && svc.Spec.ExternalTrafficPolicy == v1.ServiceExternalTrafficPolicyTypeLocal {
+		if externalIP := util.GetLoadBalancerIP(*svc); err == nil && externalIP != "" {
+			lbVips = append(lbVips, externalIP)
+		} else if err != nil {
+			klog.Errorf("failed to get external load balancer IP for service %s/%s: %v", namespace, name, err)
+			return err
+		}
+		isPreferLocalBackend = true
+	} else if svc.Spec.Type == v1.ServiceTypeClusterIP && svc.Spec.InternalTrafficPolicy != nil && *svc.Spec.InternalTrafficPolicy == v1.ServiceInternalTrafficPolicyLocal {
+		isPreferLocalBackend = true
+	}
+
+	klog.Errorf("clyi lbVips %v", lbVips)
 	if pods, err = c.podsLister.Pods(namespace).List(labels.Set(svc.Spec.Selector).AsSelector()); err != nil {
 		klog.Errorf("failed to get pods for service %s in namespace %s: %v", name, namespace, err)
 		return err
@@ -157,19 +172,40 @@ func (c *Controller) handleUpdateEndpoint(key string) error {
 				backends                 []string
 				ipPortMapping, externals map[string]string
 			)
-
-			if !ignoreHealthCheck {
+			isGenIPPortMapping := !ignoreHealthCheck || isPreferLocalBackend
+			if isGenIPPortMapping {
 				if checkIP, err = c.getHealthCheckVip(subnetName, lbVip); err != nil {
 					klog.Error(err)
 					return err
 				}
+
+				subnet, err := c.subnetsLister.Get(subnetName)
+				if err != nil {
+					klog.Errorf("failed to get subnet %s: %v", subnetName, err)
+					return err
+				}
+
+				if subnet.Spec.IsMetalLBAddressPool {
+					vipName := fmt.Sprintf("%s.%s", svc.Name, svc.Namespace)
+					vip := &kubeovnv1.Vip{
+						ObjectMeta: metav1.ObjectMeta{
+							Name: vipName,
+						},
+						Spec: kubeovnv1.VipSpec{
+							Subnet: subnetName,
+						},
+					}
+					if _, err = c.config.KubeOvnClient.KubeovnV1().Vips().Create(context.Background(), vip, metav1.CreateOptions{}); err != nil {
+						klog.Errorf("failed to create vip %s, %v", vipName, err)
+						return err
+					}
+				}
+
 				externals = map[string]string{
 					util.SwitchLBRuleSubnet: subnetName,
 				}
 			}
-
-			ipPortMapping, backends = getIPPortMappingBackend(ep, pods, port, lbVip, checkIP, ignoreHealthCheck)
-
+			ipPortMapping, backends = getIPPortMappingBackend(ep, pods, port, lbVip, checkIP, isGenIPPortMapping)
 			// for performance reason delete lb with no backends
 			if len(backends) != 0 {
 				vip = util.JoinHostPort(lbVip, port.Port)
@@ -178,6 +214,14 @@ func (c *Controller) handleUpdateEndpoint(key string) error {
 					klog.Errorf("failed to add vip %s with backends %s to LB %s: %v", lbVip, backends, lb, err)
 					return err
 				}
+
+				if isPreferLocalBackend {
+					if err = c.OVNNbClient.LoadBalancerUpdateIPPortMapping(lb, vip, ipPortMapping); err != nil {
+						klog.Errorf("failed to update ip port mapping %s for vip %s to LB %s: %v", ipPortMapping, vip, lb, err)
+						return err
+					}
+				}
+
 				if !ignoreHealthCheck && len(ipPortMapping) != 0 {
 					klog.Infof("add health check ip port mapping %v to LB %s", ipPortMapping, lb)
 					if err = c.OVNNbClient.LoadBalancerAddHealthCheck(lb, vip, ignoreHealthCheck, ipPortMapping, externals); err != nil {
@@ -321,7 +365,7 @@ func (c *Controller) getHealthCheckVip(subnetName, lbVip string) (string, error)
 	return checkIP, nil
 }
 
-func getIPPortMappingBackend(endpoints *v1.Endpoints, pods []*v1.Pod, servicePort v1.ServicePort, serviceIP, checkVip string, ignoreHealthCheck bool) (map[string]string, []string) {
+func getIPPortMappingBackend(endpoints *v1.Endpoints, pods []*v1.Pod, servicePort v1.ServicePort, serviceIP, checkVip string, isGenIPPortMapping bool) (map[string]string, []string) {
 	var (
 		ipPortMapping = map[string]string{}
 		backends      = []string{}
@@ -341,7 +385,7 @@ func getIPPortMappingBackend(endpoints *v1.Endpoints, pods []*v1.Pod, servicePor
 		}
 
 		for _, address := range subset.Addresses {
-			if !ignoreHealthCheck && address.TargetRef.Name != "" {
+			if isGenIPPortMapping && address.TargetRef.Name != "" {
 				ipName := fmt.Sprintf("%s.%s", address.TargetRef.Name, endpoints.Namespace)
 				ipPortMapping[address.IP] = fmt.Sprintf(util.HealthCheckNamedVipTemplate, ipName, checkVip)
 			}
 
@@ -251,6 +251,12 @@ func (c *Controller) initLB(name, protocol string, sessionAffinity bool) error {
 		}
 	}
 
+	err = c.OVNNbClient.SetLoadBalancerPreferLocalBackend(name, c.config.EnableLbSvcPolicyLocal)
+	if err != nil {
+		klog.Errorf("failed to set prefer local backend for load balancer %s: %v", name, err)
+		return err
+	}
+
 	return nil
 }
 
 
@@ -681,6 +681,11 @@ func (c *Controller) handleAddOrUpdateSubnet(key string) error {
 
 	needRouter := subnet.Spec.Vlan == "" || subnet.Spec.LogicalGateway ||
 		(subnet.Status.U2OInterconnectionIP != "" && subnet.Spec.U2OInterconnection)
+
+	if subnet.Spec.Vlan != "" && subnet.Spec.IsMetalLBAddressPool {
+		needRouter = true
+	}
+
 	// 1. overlay subnet, should add lrp, lrp ip is subnet gw
 	// 2. underlay subnet use logical gw, should add lrp, lrp ip is subnet gw
 	randomAllocateGW := !subnet.Spec.LogicalGateway && vpc.Spec.EnableExternal && subnet.Name == c.config.ExternalGatewaySwitch
@@ -1852,8 +1857,11 @@ func (c *Controller) reconcileSubnetSpecialIPs(subnet *kubeovnv1.Subnet) (bool,
 	if subnet.Spec.Vlan != "" && !subnet.Spec.LogicalGateway {
 		u2oInterconnName := fmt.Sprintf(util.U2OInterconnName, subnet.Spec.Vpc, subnet.Name)
 		u2oInterconnLrpName := fmt.Sprintf("%s-%s", subnet.Spec.Vpc, subnet.Name)
+
+		needAllocateU2OIP := false
+		needAllocateU2OIP = subnet.Spec.U2OInterconnection || subnet.Spec.IsMetalLBAddressPool
 		var v4ip, v6ip string
-		if subnet.Spec.U2OInterconnection {
+		if needAllocateU2OIP {
 			v4ip, v6ip, _, err = c.acquireU2OIP(subnet, u2oInterconnName, u2oInterconnLrpName)
 			if err != nil {
 				return isU2OIPChanged, isMcastQuerierIPChanged, err
@@ -1862,7 +1870,7 @@ func (c *Controller) reconcileSubnetSpecialIPs(subnet *kubeovnv1.Subnet) (bool,
 			if v4ip != "" || v6ip != "" {
 				isU2OIPChanged = true
 			}
-		} else if subnet.Status.U2OInterconnectionIP != "" {
+		} else if !needAllocateU2OIP && subnet.Status.U2OInterconnectionIP != "" {
 			err = c.releaseU2OIP(subnet, u2oInterconnName)
 			if err != nil {
 				return isU2OIPChanged, isMcastQuerierIPChanged, err
Original file line number	Diff line number	Diff line change
`@@ -251,6 +251,12 @@ func (c *Controller) initLB(name, protocol string, sessionAffinity bool) error {`
`251`	`251`	`}`
`252`	`252`	`}`
`253`	`253`
	`254`	`+ err = c.OVNNbClient.SetLoadBalancerPreferLocalBackend(name, c.config.EnableLbSvcPolicyLocal)`
	`255`	`+ if err != nil {`
	`256`	`+ klog.Errorf("failed to set prefer local backend for load balancer %s: %v", name, err)`
	`257`	`+ return err`
	`258`	`+ }`
	`259`	`+`
`254`	`260`	`return nil`
`255`	`261`	`}`
`256`	`262`