func()

in controllers/daemon/staticgatewayconfiguration_controller.go [158:229]

• 56 lines of code
• 10 McCabe index (conditional complexity)

func (r *StaticGatewayConfigurationReconciler) reconcile(
	ctx context.Context,
	gwConfig *egressgatewayv1alpha1.StaticGatewayConfiguration,
) error {
	log := log.FromContext(ctx)
	log.Info("Reconciling gateway configuration")

	// get wireguard private key from secret
	privateKey, err := r.getWireguardPrivateKey(ctx, gwConfig)
	if err != nil {
		return err
	}

	// add lb ip (if not exists) to eth0
	if err := r.reconcileIlbIPOnHost(ctx, gwConfig.Status.GatewayServerProfile.Ip); err != nil {
		return err
	}

	// remove secondary ip from eth0
	vmPrimaryIP, vmSecondaryIP, err := r.getVMIP(ctx, gwConfig)
	if err != nil {
		return err
	}

	if err := r.removeSecondaryIpFromHost(ctx, vmSecondaryIP); err != nil {
		return err
	}

	// avoid masquerading packets from gateway namespace, as they're already sNATed
	if err := r.ensureIPTablesChain(
		ctx,
		utiliptables.TableNAT,
		utiliptables.Chain("EGRESS-GATEWAY-SNAT"), // target chain
		utiliptables.ChainPostrouting,             // source chain
		"kube-egress-gateway no MASQUERADE",
		nil); err != nil {
		return err
	}

	if err := r.ensureIPTablesChain(
		ctx,
		utiliptables.TableNAT,
		utiliptables.Chain(fmt.Sprintf("EGRESS-%s", strings.ReplaceAll(vmSecondaryIP, ".", "-"))), // target chain
		utiliptables.Chain("EGRESS-GATEWAY-SNAT"),                                                 // source chain
		fmt.Sprintf("kube-egress-gateway no sNAT packet from ip %s", vmSecondaryIP),
		[][]string{
			{"-s", vmSecondaryIP + "/32", "-j", "ACCEPT"},
		}); err != nil {
		return err
	}

	// configure gateway namespace (if not exists)
	if err := r.configureGatewayNamespace(ctx, gwConfig, privateKey, vmPrimaryIP, vmSecondaryIP); err != nil {
		return err
	}

	// update gateway status
	gwStatus := egressgatewayv1alpha1.GatewayConfiguration{
		StaticGatewayConfiguration: fmt.Sprintf("%s/%s", gwConfig.Namespace, gwConfig.Name),
		InterfaceName:              getWireguardInterfaceName(gwConfig),
	}
	if err := r.updateGatewayNodeStatus(ctx, gwStatus, true /* add */); err != nil {
		return err
	}

	if err := r.LBProbeServer.AddGateway(string(gwConfig.GetUID())); err != nil {
		return err
	}

	log.Info("Gateway configuration reconciled")
	return nil
}