Skip to content

Commit a81e531

Browse files
dilyevskydilyevsky
committed
[cmd/tunnelproxy] Support TunnelNode label selector
1 parent ddffc9d commit a81e531

File tree

2 files changed

+28
-1
lines changed

2 files changed

+28
-1
lines changed

cmd/tunnelproxy/main.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,8 @@ var (
4747
apiServerAddr = flag.String("apiserver_addr", "host.docker.internal:8443", "APIServer address.")
4848
jwksURLs = flag.String("jwks_urls", "", "Comma-separated URLs of the JWKS endpoints.")
4949

50+
tunnelNodeSelector = flag.String("label_selector", "", "Label selector for TunnelNode objects.")
51+
5052
extIPv6SubnetSize = flag.Int("ext_ipv6_subnet_size", 64, "IPv6 subnet size.")
5153
extIPv6Ifc = flag.String("ext_ipv6_ifc", "", "IPv6 interface name.")
5254
cksumRecalc = flag.Bool("cksum_recalc", false, "Recalculate checksum.")
@@ -133,6 +135,7 @@ func main() {
133135
jwtValidator,
134136
r,
135137
tunnel.WithExternalIPv6Prefix(extIPv6Prefix),
138+
tunnel.WithLabelSelector(*tunnelNodeSelector),
136139
)
137140
g.Go(func() error {
138141
log.Infof("Starting Tunnel Proxy server")

pkg/tunnel/server.go

Lines changed: 25 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,8 +25,10 @@ import (
2525
"k8s.io/client-go/util/retry"
2626
"k8s.io/utils/ptr"
2727
ctrl "sigs.k8s.io/controller-runtime"
28+
"sigs.k8s.io/controller-runtime/pkg/builder"
2829
"sigs.k8s.io/controller-runtime/pkg/client"
2930
"sigs.k8s.io/controller-runtime/pkg/log"
31+
"sigs.k8s.io/controller-runtime/pkg/predicate"
3032
"sigs.k8s.io/controller-runtime/pkg/reconcile"
3133

3234
"github.com/apoxy-dev/apoxy/pkg/tunnel/connection"
@@ -50,6 +52,7 @@ type tunnelServerOptions struct {
5052
keyPath string
5153
ipam tunnet.IPAM
5254
extIPv6Prefix netip.Prefix
55+
selector string
5356
}
5457

5558
func defaultServerOptions() *tunnelServerOptions {
@@ -60,6 +63,7 @@ func defaultServerOptions() *tunnelServerOptions {
6063
keyPath: "/etc/apoxy/certs/tunnelproxy.key",
6164
ipam: tunnet.NewRandomULA(),
6265
extIPv6Prefix: netip.MustParsePrefix("fd00::/64"),
66+
selector: "",
6367
}
6468
}
6569

@@ -106,6 +110,13 @@ func WithExternalIPv6Prefix(prefix netip.Prefix) TunnelServerOption {
106110
}
107111
}
108112

113+
// WithLabelSelector sets the label selector to filter TunnelNodes.
114+
func WithLabelSelector(labelSelector string) TunnelServerOption {
115+
return func(o *tunnelServerOptions) {
116+
o.selector = labelSelector
117+
}
118+
}
119+
109120
type TunnelServer struct {
110121
http3.Server
111122
client.Client
@@ -156,8 +167,21 @@ func NewTunnelServer(
156167
}
157168

158169
func (t *TunnelServer) SetupWithManager(mgr ctrl.Manager) error {
170+
lss, err := metav1.ParseToLabelSelector(t.options.selector)
171+
if err != nil {
172+
return fmt.Errorf("failed to parse label selector: %w", err)
173+
}
174+
ls, err := predicate.LabelSelectorPredicate(*lss)
175+
if err != nil {
176+
return fmt.Errorf("failed to create label selector predicate: %w", err)
177+
}
159178
return ctrl.NewControllerManagedBy(mgr).
160-
For(&corev1alpha.TunnelNode{}).
179+
For(&corev1alpha.TunnelNode{},
180+
builder.WithPredicates(
181+
&predicate.ResourceVersionChangedPredicate{},
182+
ls,
183+
),
184+
).
161185
Complete(reconcile.Func(t.reconcile)) // Using this contraption to keep reconcile method private.
162186
}
163187

0 commit comments

Comments
 (0)