EWAN config agent is the controller of Sdewan(a CRD) instance. When a Sdewan instance is created, the agent creates the pod running OpenWRT. The OpenWRT could be a sdwan, an ipsec tunnel or a firewall, depends on the rules applied to the openwrt instand.
CRDs
Sdewan CRD depends on some CRDs. So we list the related CRDs here.
Name | Kind | Component |
---|
networks | Network | ovn4nfv-k8s-plugin |
providernetworks | ProviderNetwork | ovn4nfv-k8s-plugin |
network-attachment-definitions | NetworkAttachmentDefinition | multus |
new CRDs in EWAN will be like the below samples.
Code Block |
---|
language | yml |
---|
title | Sdewan CRD |
---|
|
apiVersion: batch.sdewan.akraino.org/v1alpha1
kind: Sdewan
metadata:
name: example-sdwan
spec:
node: node1
networks:
- name: ovn-net1
isProvider: true
- name: ovn-net2
isProvider: false
mwan3Conf: example1-conf |
Code Block |
---|
language | yml |
---|
title | Mwan3Rule |
---|
|
apiVersion: batch.sdewan.akraino.org/v1alpha1
kind: Mwan3Conf
metadata:
name: example1-conf
spec:
policy:
balance1:
members:
- nework: ovn-net1
weight: 2
metric: 2
- network: ovn-net2
weight: 3
metric: 3
rule:
https:
policy: balance1
dest_ip: 0.0.0.0/0
dest_port: 443
http:
policy: balance1
dest_ip: 0.0.0.0/0
dest_port: 80 |
The controller behave
- Monitor Sdwan instance and SdwanRule instance
- When SdwanRule instance created/update:
- If this SdwanRule instance is used by any Sdwan instance, then apply the rule to related Sdwan instance by calling api
- When SdwanRule instance deleted:
- If this SdwanRule instance is used by any Sdwan instance, prevent the delete action
- When Sdwan instance created/updated:
- If the rule specified doesn't exist, prevent the create/update action
- Creates sdwan deployment/pod if it does not exist
- Apply the rules if the rule changes
- When Sdwan instance deleted:
- Delete the deployment/pod