Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement orchestrated firewall distance configuration. #24

Merged
merged 17 commits into from
Apr 13, 2023
Merged

Implement orchestrated firewall distance configuration. #24

merged 17 commits into from
Apr 13, 2023

Conversation

Gerrit91
Copy link
Contributor

@Gerrit91 Gerrit91 marked this pull request as ready for review March 31, 2023 13:12
@Gerrit91 Gerrit91 requested a review from a team as a code owner March 31, 2023 13:12
@Gerrit91
Copy link
Contributor Author

Gerrit91 commented Mar 31, 2023
edited
Loading

Has to be tested in a real environment, but we can already review.

firewall-controller needs to implement support for this before this works.

@Gerrit91
Copy link
Contributor Author

I think we can try this out in our test environment, review and merge this already. It does not hurt when the firewall-controller does not yet support it.

In the mini-lab during rolling update:

❯ k get fw,fwset,fwdeploy,fwmon -o wide                                                                                                                                                                   04:00:40
NAME                                                      PHASE      MACHINE ID                             LAST EVENT           DISTANCE   AGE   SPEC VERSION   ACTUAL VERSION
firewall.firewall.metal-stack.io/default-firewall-12e19   Running    e0ab02d2-27cd-5a5e-8efc-080ba80cf258   Phoned Home          0          13m   latest         
firewall.firewall.metal-stack.io/default-firewall-d8a9e   Creating   2294c949-88f6-5390-8154-fa53d93a3313   Booting New Kernel   3          65s   latest         

NAME                                                 REPLICAS   READY   PROGRESSING   UNHEALTHY   DISTANCE   AGE
firewallset.firewall.metal-stack.io/firewall-12dfb   1          1       0             0           0          13m
firewallset.firewall.metal-stack.io/firewall-d8a81   1          0       1             0           3          65s

NAME                                                  REPLICAS   READY   PROGRESSING   UNHEALTHY   AGE
firewalldeployment.firewall.metal-stack.io/firewall   1          0       1             0           19m

And for scaling:

❯ k scale fwdeploy firewall --replicas 4
firewalldeployment.firewall.metal-stack.io/firewall scaled


❯ k get fw,fwset,fwdeploy,fwmon -o wide
NAME                                                      PHASE      MACHINE ID                             LAST EVENT    DISTANCE   AGE     SPEC VERSION   ACTUAL VERSION
firewall.firewall.metal-stack.io/default-firewall-a74a9   Creating                                                        2                  latest         
firewall.firewall.metal-stack.io/default-firewall-a74be   Creating                                                        2                  latest         
firewall.firewall.metal-stack.io/default-firewall-a74cd   Creating                                                        1                  latest         
firewall.firewall.metal-stack.io/default-firewall-d8a9e   Running    2294c949-88f6-5390-8154-fa53d93a3313   Phoned Home   0          4h52m   latest         

NAME                                                 REPLICAS   READY   PROGRESSING   UNHEALTHY   DISTANCE   AGE
firewallset.firewall.metal-stack.io/firewall-d8a81   4          1       0             3           0          4h52m

NAME                                                  REPLICAS   READY   PROGRESSING   UNHEALTHY   AGE
firewalldeployment.firewall.metal-stack.io/firewall   4          1       0             3           5h11m

majst01
majst01 requested changes Apr 13, 2023
View reviewed changes
api/v2/types_firewallset.go Outdated Show resolved Hide resolved
@majst01
Copy link
Contributor

majst01 commented Apr 13, 2023

Looks good already, would it make sense to validate the #replicas to not exceed a certain maximum ?

@majst01 majst01 merged commit 7303a6c into main Apr 13, 2023
@majst01 majst01 deleted the implement-firewall-distance branch April 13, 2023 09:10
@Gerrit91 Gerrit91 mentioned this pull request Apr 13, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@majst01 majst01 majst01 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Gerrit91 @majst01