liqotech · adamjensenbot · Oct 18, 2024 · Oct 17, 2024
diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml
@@ -37,11 +37,11 @@ jobs:
           echo "pr-number=${{ github.event.client_payload.github.payload.issue.number }}" >> $GITHUB_OUTPUT
         elif [ "${{ steps.get_version.outputs.VERSION }}" != "" ]; then
           echo "master=false" >> $GITHUB_OUTPUT
-          echo "architectures=linux/amd64,linux/arm64" >> $GITHUB_OUTPUT
+          echo "architectures=linux/amd64,linux/arm64,linux/arm/v7" >> $GITHUB_OUTPUT
           echo "commit-ref=${{ steps.get_version.outputs.VERSION }}" >> $GITHUB_OUTPUT
         elif [ "${{ github.ref_name }}" == "master" ]; then
           echo "master=true" >> $GITHUB_OUTPUT
-          echo "architectures=linux/amd64,linux/arm64" >> $GITHUB_OUTPUT
+          echo "architectures=linux/amd64,linux/arm64,linux/arm/v7" >> $GITHUB_OUTPUT
           echo "commit-ref=${{ github.sha }}" >> $GITHUB_OUTPUT
         else
           echo "master=false" >> $GITHUB_OUTPUT
@@ -95,6 +95,14 @@ jobs:
         - gateway/geneve
         - fabric
     steps:
+      - name: Set architectures
+        id: set-architectures
+        run: |
+          ARCHITECTURES=${{ needs.configure.outputs.architectures }}
+          if [ "${{ matrix.component }}" == "proxy" ]; then
+            ARCHITECTURES=$(echo ${ARCHITECTURES} | sed 's/,linux\/arm\/v7//')
+          fi
+          echo "ARCHITECTURES=${ARCHITECTURES}" >> $GITHUB_ENV
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3.2.0
         with:
@@ -138,7 +146,7 @@ jobs:
           DOCKER_BUILD_RECORD_UPLOAD: false
         with:
           context: .
-          platforms: ${{ needs.configure.outputs.architectures }}
+          platforms: ${{ env.ARCHITECTURES }}
           tags: |
             ghcr.io/${{ github.repository_owner }}/${{ matrix.component }}${{ needs.configure.outputs.repo-suffix }}:latest
             ghcr.io/${{ github.repository_owner }}/${{ matrix.component }}${{ needs.configure.outputs.repo-suffix }}:${{ needs.configure.outputs.commit-ref }}
@@ -205,10 +213,15 @@ jobs:
     strategy:
       matrix:
         goos: [ linux, windows, darwin ]
-        goarch: [ arm64, amd64 ]
+        goarch: [ arm64, amd64, arm ]
         exclude:
           - goarch: arm64
             goos: windows
+          - goarch: arm
+            goos: windows
+          - goarch: arm
+            goos: darwin
+
 
     steps:
 

diff --git a/cmd/liqo-controller-manager/main.go b/cmd/liqo-controller-manager/main.go
@@ -163,6 +163,9 @@ func main() {
 	shadowEndpointSliceWorkers := pflag.Int("shadow-endpointslice-ctrl-workers", 10,
 		"The number of workers used to reconcile ShadowEndpointSlice resources.")
 
+	// CROSS MODULE
+	enableAPIServerIPRemapping := pflag.Bool("enable-api-server-ip-remapping", true, "Enable the API server IP remapping")
+
 	liqoerrors.InitFlags(nil)
 	restcfg.InitFlags(nil)
 	flagsutils.InitKlogFlags(nil)
@@ -382,9 +385,11 @@ func main() {
 			os.Exit(1)
 		}
 
-		if err := ipamips.EnforceAPIServerIPRemapping(ctx, uncachedClient, *liqoNamespace); err != nil {
-			klog.Errorf("Unable to enforce the API server IP remapping: %v", err)
-			os.Exit(1)
+		if *enableAPIServerIPRemapping {
+			if err := ipamips.EnforceAPIServerIPRemapping(ctx, uncachedClient, *liqoNamespace); err != nil {
+				klog.Errorf("Unable to enforce the API server IP remapping: %v", err)
+				os.Exit(1)
+			}
 		}
 
 		if err := ipamips.EnforceAPIServerProxyIPRemapping(ctx, uncachedClient, *liqoNamespace); err != nil {

diff --git a/deployments/liqo/README.md b/deployments/liqo/README.md
@@ -146,13 +146,15 @@
 | openshiftConfig.enable | bool | `false` | Enable/Disable the OpenShift support, enabling Openshift-specific resources, and setting the pod security contexts in a way that is compatible with Openshift. |
 | openshiftConfig.virtualKubeletSCCs | list | `["anyuid"]` | Security context configurations granted to the virtual kubelet in the local cluster. The configuration of one or more SCCs for the virtual kubelet is not strictly required, and privileges can be reduced in production environments. Still, the default configuration (i.e., anyuid) is suggested to prevent problems (i.e., the virtual kubelet fails to add the appropriate labels) when attempting to offload pods not managed by higher-level abstractions (e.g., Deployments), and not associated with a properly privileged service account. Indeed, "anyuid" is the SCC automatically associated with pods created by cluster administrators. Any pod granted a more privileged SCC and not linked to an adequately privileged service account will fail to be offloaded. |
 | proxy.config.listeningPort | int | `8118` | Port used by the proxy pod. |
+| proxy.enabled | bool | `true` | Enable/Disable the proxy pod. This pod is mandatory to allow in-band peering  and to connect to the consumer k8s api server from a remotly offloaded pod. |
 | proxy.image.name | string | `"ghcr.io/liqotech/proxy"` | Image repository for the proxy pod. |
 | proxy.image.version | string | `""` | Custom version for the proxy image. If not specified, the global tag is used. |
 | proxy.pod.annotations | object | `{}` | Annotations for the proxy pod. |
 | proxy.pod.extraArgs | list | `[]` | Extra arguments for the proxy pod. |
 | proxy.pod.labels | object | `{}` | Labels for the proxy pod. |
 | proxy.pod.priorityClassName | string | `""` | PriorityClassName (https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority) for the proxy pod. |
 | proxy.pod.resources | object | `{"limits":{},"requests":{}}` | Resource requests and limits (https://kubernetes.io/docs/user-guide/compute-resources/) for the proxy pod. |
+| proxy.replicas | int | `1` | Set the number of replicas for the proxy deployments  |
 | proxy.service.annotations | object | `{}` |  |
 | proxy.service.type | string | `"ClusterIP"` |  |
 | pullPolicy | string | `"IfNotPresent"` | The pullPolicy for liqo pods. |

diff --git a/deployments/liqo/templates/liqo-controller-manager-deployment.yaml b/deployments/liqo/templates/liqo-controller-manager-deployment.yaml
@@ -118,6 +118,7 @@ spec:
           {{- if gt .Values.controllerManager.replicas 1.0 }}
           - --enable-leader-election=true
           {{- end }}
+          - --enable-api-server-ip-remapping={{ .Values.proxy.enabled }}
         env:
           - name: CLUSTER_ID
             valueFrom:

diff --git a/deployments/liqo/templates/liqo-proxy-configmap.yaml b/deployments/liqo/templates/liqo-proxy-configmap.yaml
@@ -1,5 +1,7 @@
 {{- $proxyConfig := (merge (dict "name" "proxy" "module" "networking") .) -}}
 
+{{- if .Values.proxy.enabled }}
+
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -74,3 +76,5 @@ data:
                        socket_address:
                          address: kubernetes.default
                          port_value: 443
+
+{{- end }}
diff --git a/deployments/liqo/templates/liqo-proxy-deployment.yaml b/deployments/liqo/templates/liqo-proxy-deployment.yaml
@@ -1,13 +1,15 @@
 {{- $proxyConfig := (merge (dict "name" "proxy" "module" "networking"  "version" .Values.proxy.image.version) .) -}}
 
+{{- if .Values.proxy.enabled }}
+
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   labels:
     {{- include "liqo.labels" $proxyConfig | nindent 4 }}
   name: {{ include "liqo.prefixedName" $proxyConfig }}
 spec:
-  replicas: 1
+  replicas: {{ .Values.proxy.replicas }}
   selector:
     matchLabels:
       {{- include "liqo.selectorLabels" $proxyConfig | nindent 6 }}
@@ -66,3 +68,5 @@ spec:
       {{- if .Values.proxy.pod.priorityClassName }}
       priorityClassName: {{ .Values.proxy.pod.priorityClassName }}
       {{- end }}
+
+{{- end }}
diff --git a/deployments/liqo/templates/liqo-proxy-service.yaml b/deployments/liqo/templates/liqo-proxy-service.yaml
@@ -1,5 +1,7 @@
 {{- $proxyConfig := (merge (dict "name" "proxy" "module" "networking") .) -}}
 
+{{- if .Values.proxy.enabled }}
+
 apiVersion: v1
 kind: Service
 metadata:
@@ -18,4 +20,6 @@ spec:
       targetPort: {{ .Values.proxy.config.listeningPort }}
       protocol: TCP
   selector:
-    {{- include "liqo.selectorLabels" $proxyConfig | nindent 4 }}
+    {{- include "liqo.selectorLabels" $proxyConfig | nindent 4 }}
+
+{{- end }}
diff --git a/deployments/liqo/values.yaml b/deployments/liqo/values.yaml
@@ -616,6 +616,12 @@ uninstaller:
     version: ""
 
 proxy:
+  # -- Enable/Disable the proxy pod.
+  # This pod is mandatory to allow in-band peering 
+  # and to connect to the consumer k8s api server from a remotly offloaded pod.
+  enabled: true
+  # -- Set the number of replicas for the proxy deployments 
+  replicas: 1
   pod:
     # -- Annotations for the proxy pod.
     annotations: {}