From b9ef60e89b590fa7451877f1c2a51c2978fb0eb1 Mon Sep 17 00:00:00 2001 From: Cyclinder Kuo Date: Fri, 13 Dec 2024 19:01:01 +0800 Subject: [PATCH] bump multus to v4 Signed-off-by: Cyclinder Kuo --- charts/spiderpool/README.md | 2 +- charts/spiderpool/templates/configmap.yaml | 152 ++++++++++++++++++++- charts/spiderpool/templates/daemonset.yaml | 63 ++++++--- charts/spiderpool/templates/pod.yaml | 6 - charts/spiderpool/values.yaml | 3 +- cmd/spiderpool-init/cmd/config.go | 7 - cmd/spiderpool-init/cmd/multus.go | 116 ---------------- cmd/spiderpool-init/cmd/root.go | 4 - test/e2e/common/constant.go | 2 +- 9 files changed, 194 insertions(+), 161 deletions(-) diff --git a/charts/spiderpool/README.md b/charts/spiderpool/README.md index 780c3b59e4..3f65ce21c5 100644 --- a/charts/spiderpool/README.md +++ b/charts/spiderpool/README.md @@ -198,7 +198,7 @@ helm install spiderpool spiderpool/spiderpool --wait --namespace kube-system \ | `multus.multusCNI.image.repository` | the multus-CNI image repository | `k8snetworkplumbingwg/multus-cni` | | `multus.multusCNI.image.pullPolicy` | the multus-CNI image pullPolicy | `IfNotPresent` | | `multus.multusCNI.image.digest` | the multus-CNI image digest | `""` | -| `multus.multusCNI.image.tag` | the multus-CNI image tag | `v3.9.3` | +| `multus.multusCNI.image.tag` | the multus-CNI image tag | `v4.1.4` | | `multus.multusCNI.image.imagePullSecrets` | the multus-CNI image imagePullSecrets | `[]` | | `multus.multusCNI.defaultCniCRName` | if this value is empty, multus will automatically get default CNI according to the existed CNI conf file in /etc/cni/net.d/, if no cni files found in /etc/cni/net.d, A Spidermultusconfig CR named default will be created, please update the related SpiderMultusConfig for default CNI after installation. The namespace of defaultCniCRName follows with the release namespace of spdierpool | `""` | | `multus.multusCNI.securityContext.privileged` | the securityContext privileged of multus-CNI daemonset pod | `true` | diff --git a/charts/spiderpool/templates/configmap.yaml b/charts/spiderpool/templates/configmap.yaml index 2202605c5c..f51ae95a31 100644 --- a/charts/spiderpool/templates/configmap.yaml +++ b/charts/spiderpool/templates/configmap.yaml @@ -13,6 +13,7 @@ metadata: {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} data: + clusterNetwork: {{ .Values.multus.multusCNI.defaultCniCRName | quote }} conf.yml: | ipamUnixSocketPath: {{ .Values.global.ipamUNIXSocketHostPath }} enableIPv4: {{ .Values.ipam.enableIPv4 }} @@ -36,7 +37,7 @@ data: kind: ConfigMap apiVersion: v1 metadata: - name: {{ .Values.multus.multusCNI.name | trunc 63 | trimSuffix "-" }} + name: {{ .Values.multus.multusCNI.name | trunc 63 | trimSuffix "-" }}-entrypoint namespace: {{ .Release.Namespace | quote }} labels: {{- include "spiderpool.multus.labels" . | nindent 4 }} @@ -44,23 +45,160 @@ metadata: {{- include "tplvalues.render" ( dict "value" .Values.global.commonLabels "context" $ ) | nindent 4 }} {{- end }} data: - cni-conf.json: | + entrypoint.sh: | + #!/bin/bash + set -e + + function log(){ + echo "INFO: $(date --iso-8601=seconds) ${1}" + } + function error(){ + log "ERR: {$1}" + } + function warn(){ + log "WARN: {$1}" + } + + function generateKubeConfig { + # Check if we're running as a k8s pod. + if [ -f "$SERVICE_ACCOUNT_TOKEN_PATH" ]; then + # We're running as a k8d pod - expect some variables. + if [ -z ${KUBERNETES_SERVICE_HOST} ]; then + error "KUBERNETES_SERVICE_HOST not set"; exit 1; + fi + if [ -z ${KUBERNETES_SERVICE_PORT} ]; then + error "KUBERNETES_SERVICE_PORT not set"; exit 1; + fi + + if [ "$SKIP_TLS_VERIFY" == "true" ]; then + TLS_CFG="insecure-skip-tls-verify: true" + elif [ -f "$KUBE_CA_FILE" ]; then + TLS_CFG="certificate-authority-data: $(cat $KUBE_CA_FILE | base64 | tr -d '\n')" + fi + + # Get the contents of service account token. + SERVICEACCOUNT_TOKEN=$(cat $SERVICE_ACCOUNT_TOKEN_PATH) + + SKIP_TLS_VERIFY=${SKIP_TLS_VERIFY:-false} + + # Write a kubeconfig file for the CNI plugin. Do this + # to skip TLS verification for now. We should eventually support + # writing more complete kubeconfig files. This is only used + # if the provided CNI network config references it. + touch $MULTUS_TEMP_KUBECONFIG + chmod ${KUBECONFIG_MODE:-600} $MULTUS_TEMP_KUBECONFIG + # Write the kubeconfig to a temp file first. + timenow=$(date) + cat > $MULTUS_TEMP_KUBECONFIG < $MULTUS_TEMP_CONFIG << EOF { "cniVersion": "0.3.1", "name": "multus-cni-network", "type": "multus", "confDir": "/etc/cni/net.d/" , - "logLevel": "{{ .Values.multus.multusCNI.log.logLevel }}", - "logFile": "{{ .Values.multus.multusCNI.log.logFile }}", + "logLevel": "debug", + "logFile": "/var/log/multus.log", "capabilities": { "portMappings": true, "bandwidth": true }, "namespaceIsolation": false, - "clusterNetwork": "{{ .Values.multus.multusCNI.defaultCniCRName }}", + "clusterNetwork": "$MULTUS_CLUSTER_NETWORK", "defaultNetworks": [], - "multusNamespace": "{{ .Release.Namespace }}", + "multusNamespace": "$MULTUS_NAMESPACE", "systemNamespaces": [], "kubeconfig": "/etc/cni/net.d/multus.d/multus.kubeconfig" } -{{- end }} + EOF + + if [ -z "${MULTUS_CLUSTER_NETWORK}" ]; then + log "ENV MULTUS_CLUSTER_NETWORK is empty, Detecting default cni in the ${CNI_CONF_DIR}" + DEFAULT_CNI_FILEPATH=$(ls -l ${CNI_CONF_DIR} | grep ^- | grep -v -i multus | awk '{print $9}' | grep -E '(*\.conf|*\.conflist|*\.json)' | head -n 1) + if [ -z "$DEFAULT_CNI_FILEPATH" ] ; then + error "No default cni file found in ${CNI_CONF_DIR}, please install your default cni in the cluster first" && exit 1 + fi + + log "Found the default-cni file: ${DEFAULT_CNI_FILEPATH}" + log "cat /host/etc/cni/net.d/${DEFAULT_CNI_FILEPATH}:" + cat /host/etc/cni/net.d/${DEFAULT_CNI_FILEPATH} + + echo "" + DEFAULT_CNI_NAME=$(grep '"name":' ${CNI_CONF_DIR}/${DEFAULT_CNI_FILEPATH} | awk '{print $2}' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' | tr -d ',' | tr -d '"') + if [ -z "$DEFAULT_CNI_NAME" ] ; then + error "The name fleid shouldn't be empty, please check the default cni: ${DEFAULT_CNI_FILEPATH}" && exit 1 + fi + + log "Updating the clusterNetwork of the multus-cni config to $DEFAULT_CNI_NAME" + sed -i "s?\"clusterNetwork\": \"\"?\"clusterNetwork\": \"${DEFAULT_CNI_NAME}\"?g" /tmp/00-multus.conf + else + log "User set multus ClusterNetwork: $MULTUS_CLUSTER_NETWORK" + fi + + generateKubeConfig + log "multus kubeconfig is generated." + + cp $MULTUS_TEMP_CONFIG /host/etc/cni/net.d + log "multus config file ${MULTUS_TEMP_CONFIG} is copied to ${CNI_CONF_DIR}." + log "cat ${CNI_CONF_DIR}/00-multus.conf" + cat ${CNI_CONF_DIR}/00-multus.conf + + log "Entering watch loop..." + while true; do + + # Check the md5sum of the service account token and ca. + svcaccountsum=$(md5sum $SERVICE_ACCOUNT_TOKEN_PATH | awk '{print $1}') + casum=$(md5sum $KUBE_CA_FILE | awk '{print $1}') + if [ "$svcaccountsum" != "$LAST_SERVICEACCOUNT_MD5SUM" ] || [ "$casum" != "$LAST_KUBE_CA_FILE_MD5SUM" ]; then + log "Detected service account or CA file change, regenerating kubeconfig..." + generateKubeConfig + fi + + # todo: watch the default cni file is changed. + sleep 10 + done +{{- end }} \ No newline at end of file diff --git a/charts/spiderpool/templates/daemonset.yaml b/charts/spiderpool/templates/daemonset.yaml index af672a82b1..2478b35628 100644 --- a/charts/spiderpool/templates/daemonset.yaml +++ b/charts/spiderpool/templates/daemonset.yaml @@ -106,6 +106,22 @@ spec: - name: cni-bin-path mountPath: /host/opt/cni/bin {{- end }} + {{- if .Values.multus.multusCNI.install }} + - name: install-multus-binary + image: {{ include "spiderpool.multus.image" . | quote }} + imagePullPolicy: IfNotPresent + command: + - /install_multus + args: + - --type + - thin + securityContext: + privileged: true + volumeMounts: + - mountPath: /host/opt/cni/bin + mountPropagation: Bidirectional + name: cni-bin-path + {{- end }} containers: - name: {{ .Values.spiderpoolAgent.name | trunc 63 | trimSuffix "-" }} image: {{ include "spiderpool.spiderpoolAgent.image" . | quote }} @@ -234,21 +250,30 @@ spec: {{- end }} {{- if .Values.multus.multusCNI.install }} - name: multus-cni - imagePullPolicy: {{ .Values.multus.multusCNI.image.pullPolicy }} - image: {{ include "spiderpool.multus.image" . | quote }} + image: {{ include "spiderpool.spiderpoolAgent.image" . | quote }} + imagePullPolicy: {{ .Values.spiderpoolAgent.image.pullPolicy }} command: - - "/bin/sh" - - "-c" - - | - ITEM="multus" - rm -f /host/opt/cni/bin/${ITEM}.old || true - ( [ -f "/host/opt/cni/bin/${ITEM}" ] && mv /host/opt/cni/bin/${ITEM} /host/opt/cni/bin/${ITEM}.old ) || true - cp /usr/src/multus-cni/bin/${ITEM} /host/opt/cni/bin/${ITEM} - rm -f /host/opt/cni/bin/${ITEM}.old &>/dev/null || true - ./entrypoint.sh --multus-conf-file=/tmp/multus-conf/00-multus.conf \ - --cni-version=0.3.1 + - "/home/entrypoint.sh" securityContext: privileged: true + env: + - name: MULTUS_CLUSTER_NETWORK + valueFrom: + configMapKeyRef: + key: clusterNetwork + name: spiderpool-conf + - name: MULTUS_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 50Mi + requests: + cpu: 100m + memory: 50Mi {{- if .Values.multus.multusCNI.uninstall }} lifecycle: preStop: @@ -264,11 +289,8 @@ spec: volumeMounts: - name: cni mountPath: /host/etc/cni/net.d - - name: cni-bin-path - mountPath: /host/opt/cni/bin - mountPropagation: Bidirectional - - name: multus-cfg - mountPath: /tmp/multus-conf + - mountPath: /home + name: multus-entrypoint {{- if .Values.multus.multusCNI.extraVolumes }} {{- include "tplvalues.render" ( dict "value" .Values.multus.multusCNI.extraVolumeMounts "context" $ ) | nindent 12 }} {{- end }} @@ -304,6 +326,13 @@ spec: items: - key: cni-conf.json path: 00-multus.conf + - name: multus-entrypoint + configMap: + name: {{ .Values.multus.multusCNI.name | trunc 63 | trimSuffix "-" }}-entrypoint + defaultMode: 511 + items: + - key: entrypoint.sh + path: entrypoint.sh {{- end }} {{- if .Values.spiderpoolAgent.extraVolumeMounts }} {{- include "tplvalues.render" ( dict "value" .Values.spiderpoolAgent.extraVolumeMounts "context" $ ) | nindent 6 }} diff --git a/charts/spiderpool/templates/pod.yaml b/charts/spiderpool/templates/pod.yaml index 5e178ea694..8ccf724b87 100644 --- a/charts/spiderpool/templates/pod.yaml +++ b/charts/spiderpool/templates/pod.yaml @@ -80,19 +80,13 @@ spec: {{- end }} - name: SPIDERPOOL_INIT_ENABLE_MULTUS_CONFIG value: {{ .Values.multus.enableMultusConfig | quote }} - - name: SPIDERPOOL_INIT_INSTALL_MULTUS - value: {{ .Values.multus.multusCNI.install | quote }} - name: SPIDERPOOL_INIT_DEFAULT_CNI_NAME value: {{ .Values.multus.multusCNI.defaultCniCRName | quote }} - name: SPIDERPOOL_INIT_DEFAULT_CNI_NAMESPACE value: {{ .Release.Namespace | quote }} - - name: SPIDERPOOL_INIT_MULTUS_CONFIGMAP - value: {{ .Values.multus.multusCNI.name | trunc 63 | trimSuffix "-" | quote }} {{- if eq .Values.multus.multusCNI.defaultCniCRName "" }} - name: SPIDERPOOL_INIT_DEFAULT_CNI_DIR value: {{ .Values.global.cniConfHostPath | quote }} - - name: SPIDERPOOL_INIT_READINESS_FILE - value: "/etc/spiderpool/ready" volumeMounts: - name: cni mountPath: {{ .Values.global.cniConfHostPath }} diff --git a/charts/spiderpool/values.yaml b/charts/spiderpool/values.yaml index c355f4486c..70ac21eac0 100644 --- a/charts/spiderpool/values.yaml +++ b/charts/spiderpool/values.yaml @@ -233,8 +233,7 @@ multus: digest: "" ## @param multus.multusCNI.image.tag the multus-CNI image tag - tag: v3.9.3 - # tag: v4.0.2-thick + tag: v4.1.4 ## @param multus.multusCNI.image.imagePullSecrets the multus-CNI image imagePullSecrets imagePullSecrets: [] diff --git a/cmd/spiderpool-init/cmd/config.go b/cmd/spiderpool-init/cmd/config.go index 65fe70948c..c45c3587b1 100644 --- a/cmd/spiderpool-init/cmd/config.go +++ b/cmd/spiderpool-init/cmd/config.go @@ -90,7 +90,6 @@ type InitDefaultConfig struct { // multuscniconfig enableMultusConfig bool - installMultusCNI bool DefaultCNIDir string DefaultCNIName string DefaultCNINamespace string @@ -280,12 +279,6 @@ func parseENVAsDefault() InitDefaultConfig { logger.Sugar().Fatalf("ENV %s: %s invalid: %v", ENVEnableMultusConfig, enableMultusConfig, err) } - installMultusCNI := strings.ReplaceAll(os.Getenv(ENVInstallMultusCNI), "\"", "") - config.installMultusCNI, err = strconv.ParseBool(installMultusCNI) - if err != nil { - logger.Sugar().Fatalf("ENV %s: %s invalid: %v", ENVInstallMultusCNI, installMultusCNI, err) - } - config.DefaultCNIDir = strings.ReplaceAll(os.Getenv(ENVDefaultCNIDir), "\"", "") if config.DefaultCNIDir != "" { _, err = os.ReadDir(config.DefaultCNIDir) diff --git a/cmd/spiderpool-init/cmd/multus.go b/cmd/spiderpool-init/cmd/multus.go index e59712bc6e..800aaacea6 100644 --- a/cmd/spiderpool-init/cmd/multus.go +++ b/cmd/spiderpool-init/cmd/multus.go @@ -4,42 +4,12 @@ package cmd import ( "context" - "encoding/json" "fmt" - "os" - "path" - - v1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - apitypes "k8s.io/apimachinery/pkg/types" - controller_client "sigs.k8s.io/controller-runtime/pkg/client" "github.com/spidernet-io/spiderpool/pkg/constant" "github.com/spidernet-io/spiderpool/pkg/utils" ) -// MultusNetConf for cni config file written in json -// Note: please keep this fields be consistent with multus configMap -// in charts/spiderpool/templates/multus/multus-daemonset.yaml -type MultusNetConf struct { - CNIVersion string `json:"cniVersion,omitempty"` - Name string `json:"name,omitempty"` - Type string `json:"type,omitempty"` - ConfDir string `json:"confDir"` - LogLevel string `json:"logLevel"` - LogFile string `json:"logFile"` - Capabilities map[string]bool `json:"capabilities,omitempty"` - // Option to isolate the usage of CR's to the namespace in which a pod resides. - NamespaceIsolation bool `json:"namespaceIsolation"` - ClusterNetwork string `json:"clusterNetwork"` - DefaultNetworks []string `json:"defaultNetworks"` - // Option to set the namespace that multus-cni uses (clusterNetwork/defaultNetworks) - MultusNamespace string `json:"multusNamespace"` - // Option to set system namespaces (to avoid to add defaultNetworks) - SystemNamespaces []string `json:"systemNamespaces"` - Kubeconfig string `json:"kubeconfig"` -} - func InitMultusDefaultCR(ctx context.Context, config *InitDefaultConfig, client *CoreClient) error { defaultCNIName, defaultCNIType, err := fetchDefaultCNIName(config.DefaultCNIName, config.DefaultCNIDir) if err != nil { @@ -50,64 +20,6 @@ func InitMultusDefaultCR(ctx context.Context, config *InitDefaultConfig, client return err } - if !config.installMultusCNI { - logger.Sugar().Infof("No install MultusCNI, Ignore update clusterNetwork for multus configMap") - return nil - } - - // get multus configMap - cm, err := getConfigMap(ctx, client, config.DefaultCNINamespace, config.MultusConfigMap) - if err != nil { - logger.Sugar().Errorf("get configMap: %v", err) - return err - } - - var multusConfig MultusNetConf - cniConfig := cm.Data["cni-conf.json"] - if err := json.Unmarshal([]byte(cniConfig), &multusConfig); err != nil { - return fmt.Errorf("failed to unmarshal multus config: %v", err) - } - - if multusConfig.ClusterNetwork == defaultCNIName { - // if clusterNetwork is expected, just return - logger.Sugar().Infof("multus clusterNetwork is %s, don't need to update multus configMap", defaultCNIName) - return nil - } - - oldConfigMap := cm.DeepCopy() - multusConfig.ClusterNetwork = defaultCNIName - configDatas, err := json.Marshal(multusConfig) - if err != nil { - return fmt.Errorf("failed to marshal multus config: %v", err) - } - cm.Data["cni-conf.json"] = string(configDatas) - - logger.Sugar().Infof("Try to patch multus configMap %s: %s", config.MultusConfigMap, configDatas) - if err = client.Patch(ctx, cm, controller_client.MergeFrom(oldConfigMap)); err != nil { - return fmt.Errorf("failed to patch multus configMap: %v", err) - } - - // we need restart spideragent-pod after we patch the configmap, make sure these changes works immediately - if err = restartSpiderAgent(ctx, client, config.AgentName, config.DefaultCNINamespace); err != nil { - return err - } - - logger.Sugar().Infof("successfully restart spiderpool-agent") - return nil -} - -func makeReadinessReady(config *InitDefaultConfig) error { - // tell readness by writing to the file that the spiderpool is ready - readinessDir := path.Dir(config.ReadinessFile) - err := os.MkdirAll(readinessDir, 0644) - if err != nil { - return err - } - - if err = os.WriteFile(config.ReadinessFile, []byte("ready"), 0777); err != nil { - return err - } - logger.Sugar().Infof("success to make spiderpool-init pod's readiness to ready") return nil } @@ -123,31 +35,3 @@ func fetchDefaultCNIName(defaultCNIName, cniDir string) (cniName, cniType string } return parseCNIFromConfig(defaultCNIConfPath) } - -func getConfigMap(ctx context.Context, client *CoreClient, namespace, name string) (*corev1.ConfigMap, error) { - var cm corev1.ConfigMap - if err := client.Get(ctx, apitypes.NamespacedName{Name: name, Namespace: namespace}, &cm); err != nil { - return nil, err - } - - return &cm, nil -} - -func restartSpiderAgent(ctx context.Context, client *CoreClient, name, ns string) error { - logger.Sugar().Infof("Try to restart spiderpoo-agent daemonSet: %s/%s", ns, name) - - var spiderAgent v1.DaemonSet - var err error - if err = client.Get(ctx, apitypes.NamespacedName{Name: name, Namespace: ns}, &spiderAgent); err != nil { - return err - } - - if err = client.DeleteAllOf(ctx, &corev1.Pod{}, controller_client.InNamespace(ns), controller_client.MatchingLabels(spiderAgent.Spec.Template.Labels)); err != nil { - return err - } - - if err = client.WaitPodListReady(ctx, ns, spiderAgent.Spec.Template.Labels); err != nil { - return err - } - return nil -} diff --git a/cmd/spiderpool-init/cmd/root.go b/cmd/spiderpool-init/cmd/root.go index 151ac337b2..672faa4603 100644 --- a/cmd/spiderpool-init/cmd/root.go +++ b/cmd/spiderpool-init/cmd/root.go @@ -153,9 +153,5 @@ func Execute() { } } - if err = makeReadinessReady(&config); err != nil { - logger.Fatal(err.Error()) - } - logger.Info("Finish init") } diff --git a/test/e2e/common/constant.go b/test/e2e/common/constant.go index 7edf7fb617..f768b90f6e 100644 --- a/test/e2e/common/constant.go +++ b/test/e2e/common/constant.go @@ -57,7 +57,7 @@ var ( // multus CNI MultusDefaultNetwork = "v1.multus-cni.io/default-network" MultusNetworks = "k8s.v1.cni.cncf.io/networks" - PodMultusNetworksStatus = "k8s.v1.cni.cncf.io/networks-status" + PodMultusNetworksStatus = "k8s.v1.cni.cncf.io/network-status" CalicoCNIName string = "k8s-pod-network" CiliumCNIName string = "cilium"