From: Jianlin Lv Date: Mon, 28 Oct 2019 05:53:58 +0000 (+0800) Subject: Integrate Nokia/danm CNI into IEC X-Git-Tag: 2.0.0-AKRAINO~2^2 X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=commitdiff_plain;h=9bb5493922a305ff0491058a1ddffef00a3fe67c;p=iec.git Integrate Nokia/danm CNI into IEC Make master and work nodes support danm deployment 1. Implement support for danm CNI in setup-cni.sh; 2. Wrap the work node initialization function before calling setup-cni.sh; 3. Add danm CNI deployment scripts and relevant config file. Signed-off-by: Jianlin Lv Change-Id: I19564d0c1bdb183c4328d921eaab8d873f064e07 --- diff --git a/src/foundation/scripts/cni/danm/00-danm.conf b/src/foundation/scripts/cni/danm/00-danm.conf new file mode 100755 index 0000000..e328ff1 --- /dev/null +++ b/src/foundation/scripts/cni/danm/00-danm.conf @@ -0,0 +1,11 @@ +{ + "name": "meta_cni", + "plugins": [ + { + "type": "danm", + "kubernetes":{ + "kubeconfig": "/etc/kubernetes/kubelet.conf", + } + } + ] +} diff --git a/src/foundation/scripts/cni/danm/danm_install.sh b/src/foundation/scripts/cni/danm/danm_install.sh new file mode 100755 index 0000000..a727f1f --- /dev/null +++ b/src/foundation/scripts/cni/danm/danm_install.sh @@ -0,0 +1,25 @@ +#!/bin/bash +set -o xtrace +set -e + +SCRIPTS_DIR=$(dirname "${BASH_SOURCE[0]}") + +if [ "$(uname -m)" == 'aarch64' ]; then + ARCH='arm64' +else + ARCH='amd64' +fi + +echo "SCRIPTS_DIR is :$SCRIPTS_DIR" + +# Get binary +wget -P ${SCRIPTS_DIR} "https://github.com/iecedge/danm-binary/releases/download/v4.0.0/danm-${ARCH}" -O danm +wget -P ${SCRIPTS_DIR} "https://github.com/iecedge/danm-binary/releases/download/v4.0.0/fakeipam-${ARCH}" -O fakeipam +chmod +x ${SCRIPTS_DIR}/danm ${SCRIPTS_DIR}/fakeipam + +# Copy binary into CNI plugin directory +cp -f ${SCRIPTS_DIR}/danm /opt/cni/bin +cp -f ${SCRIPTS_DIR}/fakeipam /opt/cni/bin + +# Put DANM config file into CNI configuration directory +cp -f ${SCRIPTS_DIR}/00-danm.conf /etc/cni/net.d/ diff --git a/src/foundation/scripts/cni/danm/integration/crds/lightweight/DanmEp.yaml b/src/foundation/scripts/cni/danm/integration/crds/lightweight/DanmEp.yaml new file mode 100644 index 0000000..3a74820 --- /dev/null +++ b/src/foundation/scripts/cni/danm/integration/crds/lightweight/DanmEp.yaml @@ -0,0 +1,16 @@ +# yamllint disable rule:hyphens rule:commas rule:indentation +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: danmeps.danm.k8s.io +spec: + scope: Namespaced + group: danm.k8s.io + version: v1 + names: + kind: DanmEp + plural: danmeps + singular: danmep + shortNames: + - de + - dep diff --git a/src/foundation/scripts/cni/danm/integration/crds/lightweight/DanmNet.yaml b/src/foundation/scripts/cni/danm/integration/crds/lightweight/DanmNet.yaml new file mode 100644 index 0000000..abe00c4 --- /dev/null +++ b/src/foundation/scripts/cni/danm/integration/crds/lightweight/DanmNet.yaml @@ -0,0 +1,66 @@ +# yamllint disable rule:hyphens rule:commas rule:indentation rule:line-length +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: danmnets.danm.k8s.io +spec: + scope: Namespaced + group: danm.k8s.io + version: v1 + names: + kind: DanmNet + plural: danmnets + singular: danmnet + shortNames: + - dn + - dnet + validation: + openAPIV3Schema: + properties: + spec: + properties: + NetworkID: + type: string + NetworkType: + type: string + Options: + properties: + cidr: + type: string + pattern: '^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))$' + allocation_pool: + properties: + start: + type: string + pattern: '(^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$)?' + end: + type: string + pattern: '(^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$)?' + container_prefix: + type: string + host_device: + type: string + device_pool: + type: string + vxlan: + type: integer + format: int32 + minimum: 1 + maximum: 16777214 + vlan: + type: integer + format: int32 + minimum: 1 + maximum: 4094 + rt_tables: + type: integer + format: int32 + minimum: 0 + maximum: 255 + net6: + type: string + pattern: '^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))$' + routes: + type: object + routes6: + type: object diff --git a/src/foundation/scripts/cni/danm/integration/crds/production/ClusterNetwork.yaml b/src/foundation/scripts/cni/danm/integration/crds/production/ClusterNetwork.yaml new file mode 100644 index 0000000..b92536e --- /dev/null +++ b/src/foundation/scripts/cni/danm/integration/crds/production/ClusterNetwork.yaml @@ -0,0 +1,70 @@ +# yamllint disable rule:hyphens rule:commas rule:indentation rule:line-length +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusternetworks.danm.k8s.io +spec: + scope: Cluster + group: danm.k8s.io + version: v1 + names: + kind: ClusterNetwork + plural: clusternetworks + singular: clusternetwork + shortNames: + - cn + - cnet + validation: + openAPIV3Schema: + properties: + spec: + properties: + NetworkID: + type: string + NetworkType: + type: string + AllowedTenants: + type: array + items: + type: string + Options: + properties: + cidr: + type: string + pattern: '^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))$' + allocation_pool: + properties: + start: + type: string + pattern: '(^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$)?' + end: + type: string + pattern: '(^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$)?' + container_prefix: + type: string + host_device: + type: string + device_pool: + type: string + vxlan: + type: integer + format: int32 + minimum: 1 + maximum: 16777214 + vlan: + type: integer + format: int32 + minimum: 1 + maximum: 4094 + rt_tables: + type: integer + format: int32 + minimum: 0 + maximum: 255 + net6: + type: string + pattern: '^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))$' + routes: + type: object + routes6: + type: object diff --git a/src/foundation/scripts/cni/danm/integration/crds/production/DanmEp.yaml b/src/foundation/scripts/cni/danm/integration/crds/production/DanmEp.yaml new file mode 100644 index 0000000..3a74820 --- /dev/null +++ b/src/foundation/scripts/cni/danm/integration/crds/production/DanmEp.yaml @@ -0,0 +1,16 @@ +# yamllint disable rule:hyphens rule:commas rule:indentation +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: danmeps.danm.k8s.io +spec: + scope: Namespaced + group: danm.k8s.io + version: v1 + names: + kind: DanmEp + plural: danmeps + singular: danmep + shortNames: + - de + - dep diff --git a/src/foundation/scripts/cni/danm/integration/crds/production/TenantConfig.yaml b/src/foundation/scripts/cni/danm/integration/crds/production/TenantConfig.yaml new file mode 100644 index 0000000..259fcfa --- /dev/null +++ b/src/foundation/scripts/cni/danm/integration/crds/production/TenantConfig.yaml @@ -0,0 +1,16 @@ +# yamllint disable rule:hyphens rule:commas rule:indentation +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: tenantconfigs.danm.k8s.io +spec: + scope: Cluster + group: danm.k8s.io + version: v1 + names: + kind: TenantConfig + plural: tenantconfigs + singular: tenantconfig + shortNames: + - tc + - tconf diff --git a/src/foundation/scripts/cni/danm/integration/crds/production/TenantNetwork.yaml b/src/foundation/scripts/cni/danm/integration/crds/production/TenantNetwork.yaml new file mode 100644 index 0000000..8ff7a1f --- /dev/null +++ b/src/foundation/scripts/cni/danm/integration/crds/production/TenantNetwork.yaml @@ -0,0 +1,66 @@ +# yamllint disable rule:hyphens rule:commas rule:indentation rule:line-length +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: tenantnetworks.danm.k8s.io +spec: + scope: Namespaced + group: danm.k8s.io + version: v1 + names: + kind: TenantNetwork + plural: tenantnetworks + singular: tenantnetwork + shortNames: + - tn + - tnet + validation: + openAPIV3Schema: + properties: + spec: + properties: + NetworkID: + type: string + NetworkType: + type: string + Options: + properties: + cidr: + type: string + pattern: '^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))$' + allocation_pool: + properties: + start: + type: string + pattern: '(^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$)?' + end: + type: string + pattern: '(^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$)?' + container_prefix: + type: string + host_device: + type: string + device_pool: + type: string + vxlan: + type: integer + format: int32 + minimum: 1 + maximum: 16777214 + vlan: + type: integer + format: int32 + minimum: 1 + maximum: 4094 + rt_tables: + type: integer + format: int32 + minimum: 0 + maximum: 255 + net6: + type: string + pattern: '^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))$' + routes: + type: object + routes6: + type: object diff --git a/src/foundation/scripts/cni/danm/integration/manifests/netwatcher/0netwatcher_rbac.yaml b/src/foundation/scripts/cni/danm/integration/manifests/netwatcher/0netwatcher_rbac.yaml new file mode 100644 index 0000000..28a8ac2 --- /dev/null +++ b/src/foundation/scripts/cni/danm/integration/manifests/netwatcher/0netwatcher_rbac.yaml @@ -0,0 +1,44 @@ +# yamllint disable rule:hyphens rule:commas rule:indentation +apiVersion: v1 +kind: ServiceAccount +metadata: + name: netwatcher + namespace: kube-system + labels: + kubernetes.io/cluster-service: "true" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + kubernetes.io/bootstrapping: rbac-defaults + name: system:netwatcher +rules: +- apiGroups: + - "danm.k8s.io" + resources: + - danmnets + - clusternetworks + - tenantnetworks + verbs: + - get + - list + - watch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + rbac.authorization.kubernetes.io/autoupdate: "true" + labels: + kubernetes.io/bootstrapping: rbac-defaults + name: system:netwatcher +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:netwatcher +subjects: +- kind: ServiceAccount + namespace: kube-system + name: netwatcher diff --git a/src/foundation/scripts/cni/danm/integration/manifests/netwatcher/netwatcher_ds.yaml b/src/foundation/scripts/cni/danm/integration/manifests/netwatcher/netwatcher_ds.yaml new file mode 100644 index 0000000..3bfdf10 --- /dev/null +++ b/src/foundation/scripts/cni/danm/integration/manifests/netwatcher/netwatcher_ds.yaml @@ -0,0 +1,36 @@ +# yamllint disable rule:hyphens rule:commas rule:indentation +apiVersion: apps/v1beta2 +kind: DaemonSet +metadata: + name: netwatcher + namespace: kube-system +spec: + selector: + matchLabels: + danm.k8s.io: netwatcher + template: + metadata: + labels: + danm.k8s.io: netwatcher + spec: + serviceAccount: netwatcher + hostNetwork: true + dnsPolicy: ClusterFirst + hostIPC: true + hostPID: true + containers: + - name: netwatcher + image: iecedge/netwatcher:v4.0.0 + securityContext: + capabilities: + add: + - SYS_PTRACE + - SYS_ADMIN + - NET_ADMIN + - NET_RAW + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + terminationGracePeriodSeconds: 0 diff --git a/src/foundation/scripts/cni/danm/integration/manifests/svcwatcher/0svcwatcher_rbac.yaml b/src/foundation/scripts/cni/danm/integration/manifests/svcwatcher/0svcwatcher_rbac.yaml new file mode 100644 index 0000000..bb2ea02 --- /dev/null +++ b/src/foundation/scripts/cni/danm/integration/manifests/svcwatcher/0svcwatcher_rbac.yaml @@ -0,0 +1,65 @@ +# yamllint disable rule:hyphens rule:commas rule:indentation +apiVersion: v1 +kind: ServiceAccount +metadata: + name: svcwatcher + namespace: kube-system + labels: + kubernetes.io/cluster-service: "true" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + kubernetes.io/bootstrapping: rbac-defaults + name: system:svcwatcher +rules: +- apiGroups: + - "" + resources: + - endpoints + verbs: + - list + - watch + - get + - update + - create + - delete +- apiGroups: + - "" + resources: + - services + - pods + verbs: + - list + - watch + - get +- apiGroups: + - "danm.k8s.io" + resources: + - danmeps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + rbac.authorization.kubernetes.io/autoupdate: "true" + labels: + kubernetes.io/bootstrapping: rbac-defaults + name: system:svcwatcher +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:svcwatcher +subjects: +- kind: ServiceAccount + namespace: kube-system + name: svcwatcher diff --git a/src/foundation/scripts/cni/danm/integration/manifests/svcwatcher/svcwatcher_ds.yaml b/src/foundation/scripts/cni/danm/integration/manifests/svcwatcher/svcwatcher_ds.yaml new file mode 100644 index 0000000..a90b26a --- /dev/null +++ b/src/foundation/scripts/cni/danm/integration/manifests/svcwatcher/svcwatcher_ds.yaml @@ -0,0 +1,38 @@ +# yamllint disable rule:hyphens rule:commas rule:indentation +apiVersion: apps/v1beta2 +kind: DaemonSet +metadata: + name: svcwatcher + namespace: kube-system +spec: + selector: + matchLabels: + danm.k8s.io: svcwatcher + template: + metadata: + annotations: + # Adapt to your own network environment! + danm.k8s.io/interfaces: | + [ + { + "network":"flannel" + } + ] + labels: + danm.k8s.io: svcwatcher + spec: + serviceAccount: svcwatcher + dnsPolicy: ClusterFirst + nodeSelector: + "node-role.kubernetes.io/master": "" + containers: + - name: svcwatcher + image: svcwatcher + args: + - "--logtostderr" + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + terminationGracePeriodSeconds: 0 diff --git a/src/foundation/scripts/cni/danm/integration/manifests/webhook/webhook.yaml b/src/foundation/scripts/cni/danm/integration/manifests/webhook/webhook.yaml new file mode 100644 index 0000000..aef040f --- /dev/null +++ b/src/foundation/scripts/cni/danm/integration/manifests/webhook/webhook.yaml @@ -0,0 +1,135 @@ +# yamllint disable rule:hyphens rule:commas rule:indentation rule:brackets rule:line-length +apiVersion: v1 +kind: ServiceAccount +metadata: + name: danm-webhook + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: caas:danm-webhook +rules: +- apiGroups: + - danm.k8s.io + resources: + - tenantconfigs + verbs: [ "*" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: caas:danm-webhook +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: caas:danm-webhook +subjects: +- kind: ServiceAccount + name: danm-webhook + namespace: kube-system +--- +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + name: danm-webhook-config + namespace: kube-system +webhooks: + - name: danm-netvalidation.nokia.k8s.io + clientConfig: + service: + name: danm-webhook-svc + namespace: kube-system + path: "/netvalidation" + # Configure your pre-generated certificate matching the details of your environment + caBundle: + rules: + - operations: ["CREATE","UPDATE"] + apiGroups: ["danm.k8s.io"] + apiVersions: ["v1"] + resources: ["danmnets","clusternetworks","tenantnetworks"] + failurePolicy: Fail + - name: danm-configvalidation.nokia.k8s.io + clientConfig: + service: + name: danm-webhook-svc + namespace: kube-system + path: "/confvalidation" + # Configure your pre-generated certificate matching the details of your environment + caBundle: + rules: + - operations: ["CREATE","UPDATE"] + apiGroups: ["danm.k8s.io"] + apiVersions: ["v1"] + resources: ["tenantconfigs"] + failurePolicy: Fail + - name: danm-netdeletion.nokia.k8s.io + clientConfig: + service: + name: danm-webhook-svc + namespace: kube-system + path: "/netdeletion" + # Configure your pre-generated certificate matching the details of your environment + caBundle: + rules: + - operations: ["DELETE"] + apiGroups: ["danm.k8s.io"] + apiVersions: ["v1"] + resources: ["tenantnetworks"] + failurePolicy: Fail +--- +apiVersion: v1 +kind: Service +metadata: + name: danm-webhook-svc + namespace: kube-system + labels: + danm: webhook +spec: + ports: + - name: webhook + port: 443 + targetPort: 8443 + selector: + danm: webhook +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: danm-webhook-deployment + namespace: kube-system + labels: + danm: webhook +spec: + selector: + matchLabels: + danm: webhook + template: + metadata: + annotations: + # Adapt to your own network environment! + danm.k8s.io/interfaces: | + [ + { + "network":"flannel" + } + ] + name: danm-webhook + labels: + danm: webhook + spec: + serviceAccountName: danm-webhook + containers: + - name: danm-webhook + image: danm_webhook + command: [ "/usr/local/bin/webhook", "-tls-cert-bundle=/etc/webhook/certs/danm_webhook.crt", "-tls-private-key-file=/etc/webhook/certs/danm_webhook.key", "bind-port=8443" ] + imagePullPolicy: IfNotPresent + volumeMounts: + - name: webhook-certs + mountPath: /etc/webhook/certs + readOnly: true + # Configure the directory holding the Webhook's server certificates + volumes: + - name: webhook-certs + hostPath: + path: /etc/kubernetes/ssl/ diff --git a/src/foundation/scripts/setup-cni.sh b/src/foundation/scripts/setup-cni.sh index fb02ff3..61e9f06 100755 --- a/src/foundation/scripts/setup-cni.sh +++ b/src/foundation/scripts/setup-cni.sh @@ -75,6 +75,18 @@ install_ovn_kubernetes(){ } +install_danm(){ + ${SCRIPTS_DIR}/cni/danm/danm_install.sh + + # Deploying DANM suite into K8s cluster + kubectl create -f ${SCRIPTS_DIR}/cni/danm/integration/crds/lightweight/ + + # Create the netwatcher DaemonSet + kubectl create -f ${SCRIPTS_DIR}/cni/danm/integration/manifests/netwatcher/ + + #flannel as bootstrap networking solution + install_flannel +} case ${CNI_TYPE} in 'calico') @@ -93,6 +105,10 @@ case ${CNI_TYPE} in echo "Install Ovn-Kubernetes ..." install_ovn_kubernetes ;; + 'danm') + echo "Install danm ..." + install_danm + ;; *) echo "${CNI_TYPE} is not supported" exit 1 diff --git a/src/foundation/scripts/startup.sh b/src/foundation/scripts/startup.sh index 2bdc95f..cc4e669 100755 --- a/src/foundation/scripts/startup.sh +++ b/src/foundation/scripts/startup.sh @@ -33,7 +33,26 @@ display_help () { exit } - +# +# Setup system configuration before invoke setup-cni.sh +# +k8s_worker_preconfigure() { +case ${CNI_TYPE} in + contivpp) + if [ -n "${DEV_NAME[$ip_addr]}" ] + then + CONTIVPP_CONFIG="cd iec/src/foundation/scripts/cni/contivpp && sudo ./contiv-update-config.sh ${DEV_NAME[$ip_addr]}" + sshpass -p ${passwd} ssh -o StrictHostKeyChecking=no ${HOST_USER}@${ip_addr} $CONTIVPP_CONFIG + fi + ;; + danm) + DANM_CONFIG="cd iec/src/foundation/scripts/cni/danm && sudo ./danm_install.sh" + sshpass -p ${passwd} ssh -o StrictHostKeyChecking=no ${HOST_USER}@${ip_addr} $DANM_CONFIG + ;; + *) + ;; +esac +} # # Deploy k8s. @@ -71,11 +90,7 @@ deploy_k8s () { sshpass -p ${passwd} ssh -o StrictHostKeyChecking=no ${HOST_USER}@${ip_addr} ${INSTALL_SOFTWARE} sshpass -p ${passwd} ssh -o StrictHostKeyChecking=no ${HOST_USER}@${ip_addr} "echo \"sudo ${KUBEADM_JOIN_CMD}\" >> ./iec/src/foundation/scripts/k8s_worker.sh" sleep 2 - if [ -n "${CNI_TYPE}" ] && [ ${CNI_TYPE} == "contivpp" ] && [ -n "${DEV_NAME[$ip_addr]}" ] - then - CONTIVPP_CONFIG="cd iec/src/foundation/scripts/cni/contivpp && sudo ./contiv-update-config.sh ${DEV_NAME[$ip_addr]}" - sshpass -p ${passwd} ssh -o StrictHostKeyChecking=no ${HOST_USER}@${ip_addr} $CONTIVPP_CONFIG - fi + k8s_worker_preconfigure sshpass -p ${passwd} ssh -o StrictHostKeyChecking=no ${HOST_USER}@${ip_addr} ${SETUP_WORKER} sshpass -p ${passwd} ssh -o StrictHostKeyChecking=no ${HOST_USER}@${ip_addr} "sudo swapon -a"