configutils: Enable egress configuration

Introduce the possibility of configuring egress for any `*rest.Config`
obtained via `configutils.GetConfig`.

Author: adracus

configutils/configutils.go

@@ -21,6 +21,7 @@ import (
 	"os/user"
 	"path/filepath"
 
+	"k8s.io/apiserver/pkg/server/egressselector"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
 	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
@@ -32,13 +33,44 @@ var (
 	log = ctrl.Log.WithName("configutils")
 )
 
+// EgressSelectionName is the name of the egress configuration to use.
+type EgressSelectionName string
+
+const (
+	// EgressSelectionNameControlPlane instructs to use the controlplane egress selection.
+	EgressSelectionNameControlPlane EgressSelectionName = "controlplane"
+	// EgressSelectionNameEtcd instructs to use the etcd egress selection.
+	EgressSelectionNameEtcd EgressSelectionName = "etcd"
+	// EgressSelectionNameCluster instructs to use the cluster egress selection.
+	EgressSelectionNameCluster EgressSelectionName = "cluster"
+)
+
+// NetworkContext returns the corresponding network context of the egress selection.
+func (n EgressSelectionName) NetworkContext() (egressselector.NetworkContext, error) {
+	switch n {
+	case EgressSelectionNameControlPlane:
+		return egressselector.ControlPlane.AsNetworkContext(), nil
+	case EgressSelectionNameEtcd:
+		return egressselector.Etcd.AsNetworkContext(), nil
+	case EgressSelectionNameCluster:
+		return egressselector.Cluster.AsNetworkContext(), nil
+	default:
+		return egressselector.NetworkContext{}, fmt.Errorf("unknown egress selection name %q", n)
+	}
+}
+
 // GetConfigOptions are options to supply for a GetConfig call.
 type GetConfigOptions struct {
 	// Context is the kubeconfig context to load.
 	Context string
 	// Kubeconfig is the path to a kubeconfig to load.
 	// If unset, the '--kubeconfig' flag is used.
 	Kubeconfig *string
+	// EgressSelectorConfig is the path to an egress selector config to load.
+	EgressSelectorConfig string
+	// EgressSelectionName is the name of the egress configuration to use.
+	// Defaults to EgressSelectionNameControlPlane.
+	EgressSelectionName EgressSelectionName
 }
 
 // ApplyToGetConfig implements GetConfigOption.
@@ -49,6 +81,12 @@ func (o *GetConfigOptions) ApplyToGetConfig(o2 *GetConfigOptions) {
 	if o.Kubeconfig != nil {
 		o2.Kubeconfig = pointer.String(*o.Kubeconfig)
 	}
+	if o.EgressSelectorConfig != "" {
+		o2.EgressSelectorConfig = o.EgressSelectorConfig
+	}
+	if o.EgressSelectionName != "" {
+		o2.EgressSelectionName = o.EgressSelectionName
+	}
 }
 
 // ApplyOptions applies all GetConfigOption tro this GetConfigOptions.
@@ -74,6 +112,20 @@ func (c Context) ApplyToGetConfig(o *GetConfigOptions) {
 	o.Context = string(c)
 }
 
+// EgressSelectorConfig allows specifying the path to an egress selector config to use.
+type EgressSelectorConfig string
+
+func (c EgressSelectorConfig) ApplyToGetConfig(o *GetConfigOptions) {
+	o.EgressSelectorConfig = string(c)
+}
+
+type WithEgressSelectionName EgressSelectionName
+
+// ApplyToGetConfig implements GetConfigOption.
+func (w WithEgressSelectionName) ApplyToGetConfig(o *GetConfigOptions) {
+	o.EgressSelectionName = EgressSelectionName(w)
+}
+
 // GetConfigOption are options to a GetConfig call.
 type GetConfigOption interface {
 	// ApplyToGetConfig modifies the underlying GetConfigOptions.
@@ -105,6 +157,12 @@ func getKubeconfigFlag() string {
 	return f.Value.String()
 }
 
+func setGetConfigOptionsDefaults(o *GetConfigOptions) {
+	if o.EgressSelectionName == "" {
+		o.EgressSelectionName = EgressSelectionNameControlPlane
+	}
+}
+
 // GetConfig creates a *rest.Config for talking to a Kubernetes API server.
 // Kubeconfig / the '--kubeconfig' flag instruct to use the kubeconfig file at that location.
 // Otherwise, will assume running in cluster and use the cluster provided kubeconfig.
@@ -124,6 +182,7 @@ func getKubeconfigFlag() string {
 func GetConfig(opts ...GetConfigOption) (*rest.Config, error) {
 	o := &GetConfigOptions{}
 	o.ApplyOptions(opts)
+	setGetConfigOptionsDefaults(o)
 
 	var kubeconfig string
 	if o.Kubeconfig != nil {
@@ -132,9 +191,22 @@ func GetConfig(opts ...GetConfigOption) (*rest.Config, error) {
 		kubeconfig = getKubeconfigFlag()
 	}
 
+	cfg, err := loadConfig(kubeconfig, o.Context)
+	if err != nil {
+		return nil, fmt.Errorf("error loading config: %w", err)
+	}
+
+	if err := applyEgressSelector(o.EgressSelectorConfig, o.EgressSelectionName, cfg); err != nil {
+		return nil, fmt.Errorf("error applying egress selector: %w", err)
+	}
+
+	return cfg, nil
+}
+
+func loadConfig(kubeconfig, context string) (*rest.Config, error) {
 	// If a flag is specified with the config location, use that
 	if len(kubeconfig) > 0 {
-		return loadConfigWithContext("", &clientcmd.ClientConfigLoadingRules{ExplicitPath: kubeconfig}, o.Context)
+		return loadConfigWithContext("", &clientcmd.ClientConfigLoadingRules{ExplicitPath: kubeconfig}, context)
 	}
 
 	// If the recommended kubeconfig env variable is not specified,
@@ -155,7 +227,39 @@ func GetConfig(opts ...GetConfigOption) (*rest.Config, error) {
 		loadingRules.Precedence = append(loadingRules.Precedence, filepath.Join(u.HomeDir, clientcmd.RecommendedHomeDir, clientcmd.RecommendedFileName))
 	}
 
-	return loadConfigWithContext("", loadingRules, o.Context)
+	return loadConfigWithContext("", loadingRules, context)
+}
+
+func applyEgressSelector(egressSelectorConfig string, egressSelectionName EgressSelectionName, cfg *rest.Config) error {
+	if egressSelectorConfig == "" {
+		return nil
+	}
+
+	networkContext, err := egressSelectionName.NetworkContext()
+	if err != nil {
+		return fmt.Errorf("error obtaining network context: %w", err)
+	}
+
+	egressSelectorCfg, err := egressselector.ReadEgressSelectorConfiguration(egressSelectorConfig)
+	if err != nil {
+		return fmt.Errorf("error reading egress selector configuration: %w", err)
+	}
+
+	egressSelector, err := egressselector.NewEgressSelector(egressSelectorCfg)
+	if err != nil {
+		return fmt.Errorf("error creating egress selector: %w", err)
+	}
+
+	dial, err := egressSelector.Lookup(networkContext)
+	if err != nil {
+		return fmt.Errorf("error looking up network context %s: %w", networkContext.EgressSelectionName.String(), err)
+	}
+	if dial == nil {
+		return fmt.Errorf("no dialer for network context %s", networkContext.EgressSelectionName.String())
+	}
+
+	cfg.Dial = dial
+	return nil
 }
 
 // GetConfigOrDie creates a *rest.Config for talking to a Kubernetes apiserver.

configutils/configutils_test.go

@@ -17,10 +17,16 @@ package configutils
 import (
 	"flag"
 	"os"
+	"path/filepath"
 
 	"github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apiextensions-apiserver/pkg/apiserver"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/serializer/json"
+	apiserverv1beta1 "k8s.io/apiserver/pkg/apis/apiserver/v1beta1"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
 	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
@@ -31,11 +37,25 @@ func setKubeconfigFlag(kubeconfig string) {
 }
 
 var _ = ginkgo.Describe("Configutils", func() {
+	apiServerSerializer := json.NewSerializerWithOptions(
+		json.DefaultMetaFactory,
+		apiserver.Scheme,
+		apiserver.Scheme,
+		json.SerializerOptions{
+			Yaml: true,
+		},
+	)
+
 	ginkgo.Describe("GetConfig", func() {
+
 		var (
-			apiConfig   *clientcmdapi.Config
-			config      *rest.Config
-			otherConfig *rest.Config
+			apiConfig    *clientcmdapi.Config
+			egressConfig *apiserverv1beta1.EgressSelectorConfiguration
+			config       *rest.Config
+			otherConfig  *rest.Config
+
+			configFile       string
+			egressConfigFile string
 		)
 		ginkgo.BeforeEach(func() {
 			apiConfig = &clientcmdapi.Config{
@@ -71,6 +91,31 @@ var _ = ginkgo.Describe("Configutils", func() {
 			otherConfig = &rest.Config{
 				Host: "http://other.example.org",
 			}
+			egressConfig = &apiserverv1beta1.EgressSelectorConfiguration{
+				TypeMeta: metav1.TypeMeta{
+					APIVersion: apiserverv1beta1.SchemeGroupVersion.String(),
+					Kind:       "EgressSelectorConfiguration",
+				},
+				EgressSelections: []apiserverv1beta1.EgressSelection{
+					{
+						Name: "controlplane",
+						Connection: apiserverv1beta1.Connection{
+							ProxyProtocol: apiserverv1beta1.ProtocolDirect,
+						},
+					},
+				},
+			}
+
+			tempDir := ginkgo.GinkgoT().TempDir()
+
+			configFile = filepath.Join(tempDir, "kubeconfig")
+			Expect(clientcmd.WriteToFile(*apiConfig, configFile)).To(Succeed())
+
+			egressConfigData, err := runtime.Encode(apiServerSerializer, egressConfig)
+			Expect(err).NotTo(HaveOccurred())
+
+			egressConfigFile = filepath.Join(tempDir, "egress-config.yaml")
+			Expect(os.WriteFile(egressConfigFile, egressConfigData, 0666)).To(Succeed())
 		})
 
 		ginkgo.It("should load the config at the kubeconfig path", func() {
@@ -122,5 +167,24 @@ var _ = ginkgo.Describe("Configutils", func() {
 			_, err := GetConfig()
 			Expect(err).To(HaveOccurred())
 		})
+
+		ginkgo.It("should load the kubeconfig and apply the egress selector", func() {
+			cfg, err := GetConfig(Kubeconfig(configFile), EgressSelectorConfig(egressConfigFile))
+			Expect(err).NotTo(HaveOccurred())
+			Expect(cfg.Dial).NotTo(BeNil())
+		})
+
+		ginkgo.It("should error if the egress selector config file does not exist", func() {
+			_, err := GetConfig(Kubeconfig(configFile), EgressSelectorConfig("should-never-exist"))
+			Expect(err).To(HaveOccurred())
+		})
+
+		ginkgo.It("should error if the egress context does not exist", func() {
+			_, err := GetConfig(Kubeconfig(configFile),
+				EgressSelectorConfig(egressConfigFile),
+				WithEgressSelectionName(EgressSelectionNameEtcd),
+			)
+			Expect(err).To(HaveOccurred())
+		})
 	})
 })

go.mod

@@ -13,6 +13,7 @@ require (
 	k8s.io/api v0.24.3
 	k8s.io/apiextensions-apiserver v0.24.3
 	k8s.io/apimachinery v0.24.3
+	k8s.io/apiserver v0.24.3
 	k8s.io/client-go v0.24.3
 	k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9
 	sigs.k8s.io/controller-runtime v0.12.3
@@ -21,14 +22,21 @@ require (
 )
 
 require (
+	github.com/NYTimes/gziphandler v1.1.1 // indirect
 	github.com/PuerkitoBio/purell v1.1.1 // indirect
 	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
+	github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210826220005-b48c857c3a0e // indirect
+	github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/bmatcuk/doublestar/v4 v4.0.2 // indirect
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
+	github.com/coreos/go-semver v0.3.0 // indirect
+	github.com/coreos/go-systemd/v22 v22.3.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/emicklei/go-restful v2.9.5+incompatible // indirect
 	github.com/evanphx/json-patch v4.12.0+incompatible // indirect
+	github.com/felixge/httpsnoop v1.0.1 // indirect
 	github.com/fsnotify/fsnotify v1.5.1 // indirect
 	github.com/go-errors/errors v1.0.1 // indirect
 	github.com/go-logr/logr v1.2.3 // indirect
@@ -38,16 +46,21 @@ require (
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/google/cel-go v0.10.1 // indirect
 	github.com/google/gnostic v0.5.7-v3refs // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/gofuzz v1.1.0 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/google/uuid v1.1.2 // indirect
+	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
+	github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect
 	github.com/imdario/mergo v0.3.12 // indirect
+	github.com/inconshreveable/mousetrap v1.0.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/mailru/easyjson v0.7.6 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
+	github.com/mitchellh/mapstructure v1.4.1 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
@@ -58,9 +71,28 @@ require (
 	github.com/prometheus/client_model v0.2.0 // indirect
 	github.com/prometheus/common v0.32.1 // indirect
 	github.com/prometheus/procfs v0.7.3 // indirect
+	github.com/spf13/cobra v1.4.0 // indirect
+	github.com/stoewer/go-strcase v1.2.0 // indirect
 	github.com/stretchr/objx v0.5.0 // indirect
 	github.com/xlab/treeprint v1.1.0 // indirect
+	go.etcd.io/etcd/api/v3 v3.5.1 // indirect
+	go.etcd.io/etcd/client/pkg/v3 v3.5.1 // indirect
+	go.etcd.io/etcd/client/v3 v3.5.1 // indirect
+	go.opentelemetry.io/contrib v0.20.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0 // indirect
+	go.opentelemetry.io/otel v0.20.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp v0.20.0 // indirect
+	go.opentelemetry.io/otel/metric v0.20.0 // indirect
+	go.opentelemetry.io/otel/sdk v0.20.0 // indirect
+	go.opentelemetry.io/otel/sdk/export/metric v0.20.0 // indirect
+	go.opentelemetry.io/otel/sdk/metric v0.20.0 // indirect
+	go.opentelemetry.io/otel/trace v0.20.0 // indirect
+	go.opentelemetry.io/proto/otlp v0.7.0 // indirect
 	go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect
+	go.uber.org/atomic v1.7.0 // indirect
+	go.uber.org/multierr v1.6.0 // indirect
+	go.uber.org/zap v1.19.1 // indirect
 	golang.org/x/mod v0.6.0 // indirect
 	golang.org/x/net v0.1.0 // indirect
 	golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect
@@ -72,13 +104,16 @@ require (
 	golang.org/x/tools v0.2.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368 // indirect
+	google.golang.org/grpc v1.40.0 // indirect
 	google.golang.org/protobuf v1.28.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/component-base v0.24.3 // indirect
 	k8s.io/klog/v2 v2.60.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20220401212409-b28bf2818661 // indirect
+	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.30 // indirect
 	sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect