From d45b4117f30f9ad842c24f0c7c9fd8524a7f358f Mon Sep 17 00:00:00 2001 From: Krisztian Lengyel Date: Tue, 16 Jul 2019 15:09:16 +0200 Subject: [PATCH] Upgrade DANM to version 4.0 - This upgrade introduces a new component named `danm_webhook`. - Previously statically templated DANM CRDs now also come form the repo in build time. - TenantConfig is generated based on the input in userconfig. - Flannel DanmNet replaced with TenantNetwork Change-Id: Ifcc4a026af05326449070f73048393dee3f4e59e Depends-On: I7ea6fbc44396f3fe19f151a9d4912143d1a6969c Signed-off-by: Krisztian Lengyel --- SPECS/caas-danm-webhook.spec | 76 ++++++++++++++++++++ SPECS/caas-danm.spec | 16 ++++- SPECS/caas-flannel.spec | 2 +- SPECS/caas-netwatcher.spec | 4 +- SPECS/caas-svcwatcher.spec | 4 +- ansible/roles/danm_setup/defaults/main.yaml | 20 ++++++ .../danm_setup/tasks/danm-tenant-configs.yaml | 24 +++++++ ansible/roles/danm_setup/tasks/main.yaml | 47 +++++------- .../templates/danm_tenant_config.yaml.j2 | 61 ++++++++++++++++ .../danm_setup/templates/danmep_crd_schema.yaml | 31 -------- .../danm_setup/templates/danmnet_crd_schema.yaml | 83 ---------------------- ansible/roles/flannel/tasks/main.yaml | 23 +++--- ansible/roles/flannel/templates/flannel-ds.yaml | 3 +- .../{flannel_dnet.yaml => flannel_tnet.yaml.j2} | 2 +- cni-config/00-danm.conf | 3 +- docker-build/danm-webhook/Dockerfile | 68 ++++++++++++++++++ 16 files changed, 299 insertions(+), 168 deletions(-) create mode 100644 SPECS/caas-danm-webhook.spec create mode 100644 ansible/roles/danm_setup/defaults/main.yaml create mode 100644 ansible/roles/danm_setup/tasks/danm-tenant-configs.yaml create mode 100644 ansible/roles/danm_setup/templates/danm_tenant_config.yaml.j2 delete mode 100644 ansible/roles/danm_setup/templates/danmep_crd_schema.yaml delete mode 100644 ansible/roles/danm_setup/templates/danmnet_crd_schema.yaml rename ansible/roles/flannel/templates/{flannel_dnet.yaml => flannel_tnet.yaml.j2} (97%) create mode 100644 docker-build/danm-webhook/Dockerfile diff --git a/SPECS/caas-danm-webhook.spec b/SPECS/caas-danm-webhook.spec new file mode 100644 index 0000000..9b198d3 --- /dev/null +++ b/SPECS/caas-danm-webhook.spec @@ -0,0 +1,76 @@ +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +%define COMPONENT danm-webhook +%define RPM_NAME caas-%{COMPONENT} +%define RPM_MAJOR_VERSION 4.0.0 +%define RPM_MINOR_VERSION 0 +%define DANM_VERSION v%{RPM_MAJOR_VERSION} +%define IMAGE_TAG %{RPM_MAJOR_VERSION}-%{RPM_MINOR_VERSION} + +Name: %{RPM_NAME} +Version: %{RPM_MAJOR_VERSION} +Release: %{RPM_MINOR_VERSION}%{?dist} +Summary: Containers as a Service svcwatcher component +License: %{_platform_license} and BSD 3-Clause License +URL: https://github.com/nokia/danm +BuildArch: x86_64 +Vendor: %{_platform_vendor} and Nokia +Source0: %{name}-%{version}.tar.gz + +Requires: docker-ce >= 18.09.2, rsync +BuildRequires: docker-ce-cli >= 18.09.2, xz + +%description +This RPM contains the DANM project's webhook sub-component for CaaS subsystem. + +%prep +%autosetup + +%build +docker build \ + --network=host \ + --no-cache \ + --force-rm \ + --build-arg HTTP_PROXY="${http_proxy}" \ + --build-arg HTTPS_PROXY="${https_proxy}" \ + --build-arg NO_PROXY="${no_proxy}" \ + --build-arg http_proxy="${http_proxy}" \ + --build-arg https_proxy="${https_proxy}" \ + --build-arg no_proxy="${no_proxy}" \ + --build-arg DANM_WEBHOOK_VERSION="%{DANM_VERSION}" \ + --tag %{COMPONENT}:%{IMAGE_TAG} \ + %{_builddir}/%{RPM_NAME}-%{RPM_MAJOR_VERSION}/docker-build/%{COMPONENT}/ + +mkdir -p %{_builddir}/%{RPM_NAME}-%{RPM_MAJOR_VERSION}/docker-save/ + +docker save %{COMPONENT}:%{IMAGE_TAG} | xz -z -T2 > %{_builddir}/%{RPM_NAME}-%{RPM_MAJOR_VERSION}/docker-save/%{COMPONENT}:%{IMAGE_TAG}.tar + +docker rmi -f %{COMPONENT}:%{IMAGE_TAG} + +%install +mkdir -p %{buildroot}/%{_caas_container_tar_path}/ +rsync -av %{_builddir}/%{RPM_NAME}-%{RPM_MAJOR_VERSION}/docker-save/%{COMPONENT}:%{IMAGE_TAG}.tar %{buildroot}/%{_caas_container_tar_path}/ + +%files +%{_caas_container_tar_path}/%{COMPONENT}:%{IMAGE_TAG}.tar + +%preun + +%post + +%postun + +%clean +rm -rf ${buildroot} diff --git a/SPECS/caas-danm.spec b/SPECS/caas-danm.spec index 435f8c3..da00774 100644 --- a/SPECS/caas-danm.spec +++ b/SPECS/caas-danm.spec @@ -14,8 +14,8 @@ %define COMPONENT danm %define RPM_NAME caas-%{COMPONENT} -%define RPM_MAJOR_VERSION 3.3.0 -%define RPM_MINOR_VERSION 4 +%define RPM_MAJOR_VERSION 4.0.0 +%define RPM_MINOR_VERSION 0 %define DANM_VERSION v%{RPM_MAJOR_VERSION} %define CNI_VERSION 0.7.0 %define go_version 1.12.1 @@ -23,6 +23,7 @@ %define IMAGE_TAG %{RPM_MAJOR_VERSION}-%{RPM_MINOR_VERSION} %define binary_build_dir %{_builddir}/%{RPM_NAME}-%{RPM_MAJOR_VERSION}/binary-save %define docker_build_dir %{_builddir}/%{RPM_NAME}-%{RPM_MAJOR_VERSION}/docker-build +%define build_dir %{_builddir}/%{RPM_NAME}-%{RPM_MAJOR_VERSION}/build %define built_binaries_dir /binary-save Name: %{RPM_NAME} @@ -79,6 +80,11 @@ docker cp ${builder_container}:%{built_binaries_dir}/sriov %{binary_build_dir}/ docker rm -f ${builder_container} docker rmi cni-builder:%{IMAGE_TAG} +# Collect DANM CRDs +git clone https://github.com/nokia/danm.git %{build_dir}/danm +cd %{build_dir}/danm +git checkout %{DANM_VERSION} + %install mkdir -p %{buildroot}/etc/cni/net.d/ rsync -av cni-config/00-danm.conf %{buildroot}/etc/cni/net.d/00-danm.conf @@ -101,12 +107,18 @@ install -D -m 0755 %{binary_build_dir}/flannel/flannel %{buildroot}/opt/cni/bin/ # SRIOV install -D -m 0755 %{binary_build_dir}/sriov/sriov %{buildroot}/opt/cni/bin/sriov +mkdir -p %{buildroot}/%{_caas_danm_crd_path} +rsync -av %{build_dir}/danm/integration/crds/production/ %{buildroot}/%{_caas_danm_crd_path} + + %files # CONFIG /etc/cni/net.d/00-danm.conf /etc/cni/net.d/flannel.conf # CNI binaries /opt/cni/bin +# DANM CRDs +/%{_caas_danm_crd_path} %preun diff --git a/SPECS/caas-flannel.spec b/SPECS/caas-flannel.spec index 1414896..0829960 100644 --- a/SPECS/caas-flannel.spec +++ b/SPECS/caas-flannel.spec @@ -15,7 +15,7 @@ %define COMPONENT flannel %define RPM_NAME caas-%{COMPONENT} %define RPM_MAJOR_VERSION 0.11.0 -%define RPM_MINOR_VERSION 4 +%define RPM_MINOR_VERSION 5 %define IMAGE_TAG %{RPM_MAJOR_VERSION}-%{RPM_MINOR_VERSION} Name: %{RPM_NAME} diff --git a/SPECS/caas-netwatcher.spec b/SPECS/caas-netwatcher.spec index ca1e6e5..65f82fb 100644 --- a/SPECS/caas-netwatcher.spec +++ b/SPECS/caas-netwatcher.spec @@ -14,8 +14,8 @@ %define COMPONENT netwatcher %define RPM_NAME caas-%{COMPONENT} -%define RPM_MAJOR_VERSION 3.3.0 -%define RPM_MINOR_VERSION 3 +%define RPM_MAJOR_VERSION 4.0.0 +%define RPM_MINOR_VERSION 0 %define DANM_VERSION v%{RPM_MAJOR_VERSION} %define IMAGE_TAG %{RPM_MAJOR_VERSION}-%{RPM_MINOR_VERSION} diff --git a/SPECS/caas-svcwatcher.spec b/SPECS/caas-svcwatcher.spec index 9f57903..7c932b1 100644 --- a/SPECS/caas-svcwatcher.spec +++ b/SPECS/caas-svcwatcher.spec @@ -14,8 +14,8 @@ %define COMPONENT svcwatcher %define RPM_NAME caas-%{COMPONENT} -%define RPM_MAJOR_VERSION 3.3.0 -%define RPM_MINOR_VERSION 3 +%define RPM_MAJOR_VERSION 4.0.0 +%define RPM_MINOR_VERSION 0 %define DANM_VERSION v%{RPM_MAJOR_VERSION} %define IMAGE_TAG %{RPM_MAJOR_VERSION}-%{RPM_MINOR_VERSION} diff --git a/ansible/roles/danm_setup/defaults/main.yaml b/ansible/roles/danm_setup/defaults/main.yaml new file mode 100644 index 0000000..bc5f321 --- /dev/null +++ b/ansible/roles/danm_setup/defaults/main.yaml @@ -0,0 +1,20 @@ +--- +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +caas_provider_network_profiles: "{{ network_profiles | filter_network_profiles_by_type('provider_network_interfaces', 'caas') }}" +caas_sriov_network_profiles: "{{ network_profiles | filter_network_profiles_by_type('sriov_provider_networks', 'caas') }}" + +attached_caas_provider_network_profiles: "{{ hosts[hostname]['network_profiles'] | intersect(caas_provider_network_profiles.keys()) }}" +attached_caas_sriov_network_profiles: "{{ hosts[hostname]['network_profiles'] | intersect(caas_sriov_network_profiles.keys()) }}" +all_attached_caas_provider_network_profiles: "{{ attached_caas_provider_network_profiles | union(attached_caas_sriov_network_profiles) }}" diff --git a/ansible/roles/danm_setup/tasks/danm-tenant-configs.yaml b/ansible/roles/danm_setup/tasks/danm-tenant-configs.yaml new file mode 100644 index 0000000..dd696b7 --- /dev/null +++ b/ansible/roles/danm_setup/tasks/danm-tenant-configs.yaml @@ -0,0 +1,24 @@ +--- +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: template DANM tenant configs + template: + src: "danm_tenant_config.yaml.j2" + dest: "{{ caas.manifests_directory }}/danm-tenant-config.yaml" + +- name: create DANM tenant configs + kubectl: + manifest: "{{ caas.manifests_directory }}/danm-tenant-config.yaml" + state: present diff --git a/ansible/roles/danm_setup/tasks/main.yaml b/ansible/roles/danm_setup/tasks/main.yaml index 65b289c..e900209 100644 --- a/ansible/roles/danm_setup/tasks/main.yaml +++ b/ansible/roles/danm_setup/tasks/main.yaml @@ -1,46 +1,37 @@ --- # Copyright 2019 Nokia -# +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -- name: copy DANM CRD templates to infra template directory - template: - src: "{{ item }}" - dest: "{{ caas.manifests_directory }}/{{ item }}" - with_items: - - danmep_crd_schema.yaml - - danmnet_crd_schema.yaml - -- name: create DanmEp CRD API in K8s +- name: create Danm CRD APIs in K8s kubectl: - manifest: "{{ caas.manifests_directory }}/danmep_crd_schema.yaml" + manifest: "{{ item }}" state: present + with_fileglob: "{{ caas.danm_crd_dir }}/*" -- name: wait and check DanmEp API availability - shell: "kubectl get crd --all-namespaces | grep danmeps | wc -l" - register: ep_result - until: ep_result.stdout == "1" - retries: 60 - delay: 6 +- name: get CRD names + set_fact: + crd_name: "{{ lookup('file', item) | from_yaml | json_query('spec.names.plural') }}" + with_fileglob: "{{ caas.danm_crd_dir }}/*" + register: created_crds -- name: create DanmNet CRD API in K8s - kubectl: - manifest: "{{ caas.manifests_directory }}/danmnet_crd_schema.yaml" - state: present - -- name: wait and check DanmNet API availability - shell: "kubectl get crd --all-namespaces | grep danmnets | wc -l" - register: net_result - until: net_result.stdout == "1" +- name: wait and check Danm CRD availability + shell: "kubectl api-resources | grep {{ item.ansible_facts.crd_name }} | wc -l" + register: crd_result + until: crd_result.stdout == "1" retries: 60 delay: 6 + with_items: "{{ created_crds.results }}" + +- name: create tenant config + include_tasks: danm-tenant-configs.yaml diff --git a/ansible/roles/danm_setup/templates/danm_tenant_config.yaml.j2 b/ansible/roles/danm_setup/templates/danm_tenant_config.yaml.j2 new file mode 100644 index 0000000..1a2b6a1 --- /dev/null +++ b/ansible/roles/danm_setup/templates/danm_tenant_config.yaml.j2 @@ -0,0 +1,61 @@ +#jinja2: lstrip_blocks: True +{# +Copyright 2019 Nokia + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +#} +{%- macro make_host_devices(devices, provider_network) %} + {% for device in devices %} +- name: {{ device }} + {{ make_vni_config(provider_network) | indent(2) }} + {% endfor %} +{% endmacro -%} + +{%- macro make_vni_config(provider_network) %} + {% set vlan_ranges = provider_network.get('vlan_ranges', '') %} + {% set vxlan_ranges = provider_network.get('vxlan_ranges', '') %} + {% if vlan_ranges %} +vniType: vlan +vniRange: {{ vlan_ranges | replace(':', '-') }} + {% elif vxlan_ranges %} +vniType: vxlan +vniRange: {{ vxlan_ranges | replace(':', '-') }} + {% endif %} +{% endmacro -%} + +--- +apiVersion: danm.k8s.io/v1 +kind: TenantConfig +metadata: + name: danm-tenant-config +hostDevices: +{% if all_attached_caas_provider_network_profiles %} + {% for profile_name in all_attached_caas_provider_network_profiles %} + {% set profile = network_profiles[profile_name] %} + {% set caas_provider_networks = profile.get('provider_network_interfaces', {}) | filter_provider_networks_by_type('caas') %} + {% set caas_sriov_provider_networks = profile.get('sriov_provider_networks', {}) | filter_provider_networks_by_type('caas') %} + {% for tenant_network in caas.get(tenant_networks, []) %} + {% if tenant_network in caas_provider_networks | get_provider_networks %} + {{ make_host_devices(caas_provider_networks.keys(), networking['provider_networks'][tenant_network]) | indent(2) -}} + {% elif tenant_network in caas_sriov_provider_networks %} + {% set sriov_interaces = caas_sriov_provider_networks | extract_sriov_provider_network_interfaces %} + {% set sriov_device_pools = sriov_interaces | map('regex_replace', '(.*)', 'nokia.k8s.io/sriov_\\1') | list %} + {{ make_host_devices(sriov_device_pools, networking['provider_networks'][tenant_network]) | indent(2) -}} + {% endif %} + {% endfor %} + {% endfor %} +{%- else %} + [] +{% endif %} +networkIds: + flannel: flannel diff --git a/ansible/roles/danm_setup/templates/danmep_crd_schema.yaml b/ansible/roles/danm_setup/templates/danmep_crd_schema.yaml deleted file mode 100644 index 054d686..0000000 --- a/ansible/roles/danm_setup/templates/danmep_crd_schema.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{# -Copyright 2019 Nokia - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -#} ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: danmeps.danm.k8s.io -spec: - scope: Namespaced - group: danm.k8s.io - version: v1 - names: - kind: DanmEp - plural: danmeps - singular: danmep - shortNames: - - de - - dep diff --git a/ansible/roles/danm_setup/templates/danmnet_crd_schema.yaml b/ansible/roles/danm_setup/templates/danmnet_crd_schema.yaml deleted file mode 100644 index 9c07dbe..0000000 --- a/ansible/roles/danm_setup/templates/danmnet_crd_schema.yaml +++ /dev/null @@ -1,83 +0,0 @@ -{# -Copyright 2019 Nokia - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -#} ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: danmnets.danm.k8s.io -spec: - scope: Namespaced - group: danm.k8s.io - version: v1 - names: - kind: DanmNet - plural: danmnets - singular: danmnet - shortNames: - - dn - - dnet - validation: - openAPIV3Schema: - properties: - spec: - required: - - NetworkID - properties: - NetworkID: - type: string - NetworkType: - type: string - Options: - properties: - cidr: - type: string - pattern: '^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))$' - allocation_pool: - properties: - start: - type: string - pattern: '(^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$)?' - end: - type: string - pattern: '(^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$)?' - container_prefix: - type: string - host_device: - type: string - device_pool: - type: string - vxlan: - type: integer - format: int32 - minimum: 1 - maximum: 16777214 - vlan: - type: integer - format: int32 - minimum: 1 - maximum: 4094 - rt_tables: - type: integer - format: int32 - net6: - type: string - pattern: '^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))$' - routes: - type: object - additionalProperties: - routes6: - type: object - additionalProperties: diff --git a/ansible/roles/flannel/tasks/main.yaml b/ansible/roles/flannel/tasks/main.yaml index 0a3fd33..c97645b 100644 --- a/ansible/roles/flannel/tasks/main.yaml +++ b/ansible/roles/flannel/tasks/main.yaml @@ -1,12 +1,12 @@ --- # Copyright 2019 Nokia -# +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -33,19 +33,12 @@ manifest: "{{ caas.manifests_directory }}/flannel-ds.yaml" state: present -- name: template DanmNet file for Flannel network for kube-system namespace +- name: template default TenantNetwork for kube-system namespace template: - src: flannel_dnet.yaml - dest: "{{ caas.manifests_directory }}/flannel-danm_net_kube_system_ns.yaml" + src: flannel_tnet.yaml.j2 + dest: "{{ caas.manifests_directory }}/flannel-tnet_kube_system_ns.yaml" -- name: wait for DanmNet to be available - command: "kubectl api-resources" - register: kube_api_resources - until: kube_api_resources.stdout | search('danmnets') - retries: 10 - delay: 1 - -- name: create Flannel DanmNet within kube-system namespace +- name: create TenantNetwork within kube-system namespace kubectl: - manifest: "{{ caas.manifests_directory }}/flannel-danm_net_kube_system_ns.yaml" + manifest: "{{ caas.manifests_directory }}/flannel-tnet_kube_system_ns.yaml" state: present diff --git a/ansible/roles/flannel/templates/flannel-ds.yaml b/ansible/roles/flannel/templates/flannel-ds.yaml index 117f9cf..eb0c571 100644 --- a/ansible/roles/flannel/templates/flannel-ds.yaml +++ b/ansible/roles/flannel/templates/flannel-ds.yaml @@ -35,8 +35,7 @@ spec: priorityClassName: "system-node-critical" hostNetwork: true dnsPolicy: ClusterFirstWithHostNet - # TODO: figure out why flannel needs to run with root to modify network settings on the host - # Some setcap calls might be missing on its binary? + # TODO: figure out why privileged mode is also not enough for flannel to modify network settings on the host (same problem as watcher) #securityContext: # runAsUser: {{ caas.uid.flannel }} tolerations: diff --git a/ansible/roles/flannel/templates/flannel_dnet.yaml b/ansible/roles/flannel/templates/flannel_tnet.yaml.j2 similarity index 97% rename from ansible/roles/flannel/templates/flannel_dnet.yaml rename to ansible/roles/flannel/templates/flannel_tnet.yaml.j2 index dab9150..2dfacf8 100644 --- a/ansible/roles/flannel/templates/flannel_dnet.yaml +++ b/ansible/roles/flannel/templates/flannel_tnet.yaml.j2 @@ -15,7 +15,7 @@ limitations under the License. #} --- apiVersion: danm.k8s.io/v1 -kind: DanmNet +kind: TenantNetwork metadata: name: {{ caas.danmnet_default_name }} namespace: {{ caas.danmnet_default_namespace }} diff --git a/cni-config/00-danm.conf b/cni-config/00-danm.conf index 647853f..79c18d0 100644 --- a/cni-config/00-danm.conf +++ b/cni-config/00-danm.conf @@ -1,5 +1,6 @@ { "name": "meta_cni", "type": "danm", - "kubeconfig": "/etc/kubernetes/kubeconfig/danmc.yml" + "kubeconfig": "/etc/kubernetes/kubeconfig/danmc.yml", + "cniDir": "/etc/cni/net.d" } diff --git a/docker-build/danm-webhook/Dockerfile b/docker-build/danm-webhook/Dockerfile new file mode 100644 index 0000000..fa9ec09 --- /dev/null +++ b/docker-build/danm-webhook/Dockerfile @@ -0,0 +1,68 @@ +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM alpine:3.9 +MAINTAINER Levente Kale + +ARG DANM_WEBHOOK_VERSION + +ENV GOPATH /go +ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH +ENV GOOS=linux +ARG code_generator_version="kubernetes-1.13.4" + +WORKDIR / + +RUN mkdir -p $GOPATH/bin \ +&& mkdir -p $GOPATH/src + +RUN apk add --no-cache libcap iputils + +RUN apk add --no-cache --virtual .tools ca-certificates gcc musl-dev go glide git tar curl \ +&& mkdir -p $GOPATH/src/github.com/nokia/danm \ +&& git clone https://github.com/nokia/danm.git $GOPATH/src/github.com/nokia/danm \ +&& cd $GOPATH/src/github.com/nokia/danm \ +&& git fetch --tags \ +&& git checkout ${DANM_WEBHOOK_VERSION} \ +&& glide install --strip-vendor \ +&& go get -d github.com/vishvananda/netlink \ +&& go get github.com/containernetworking/plugins/pkg/ns \ +&& go get github.com/golang/groupcache/lru \ +&& rm -rf $GOPATH/src/k8s.io/code-generator \ +&& git clone -b ${code_generator_version} --depth 1 https://github.com/kubernetes/code-generator.git $GOPATH/src/k8s.io/code-generator \ +&& go install k8s.io/code-generator/cmd/deepcopy-gen \ +&& go install k8s.io/code-generator/cmd/client-gen \ +&& go install k8s.io/code-generator/cmd/lister-gen \ +&& go install k8s.io/code-generator/cmd/informer-gen \ +&& deepcopy-gen --alsologtostderr --input-dirs github.com/nokia/danm/crd/apis/danm/v1 -O zz_generated.deepcopy --bounding-dirs github.com/nokia/danm/crd/apis \ +&& client-gen --alsologtostderr --clientset-name versioned --input-base "" --input github.com/nokia/danm/crd/apis/danm/v1 --clientset-path github.com/nokia/danm/crd/client/clientset \ +&& lister-gen --alsologtostderr --input-dirs github.com/nokia/danm/crd/apis/danm/v1 --output-package github.com/nokia/danm/crd/client/listers \ +&& informer-gen --alsologtostderr --input-dirs github.com/nokia/danm/crd/apis/danm/v1 --versioned-clientset-package github.com/nokia/danm/crd/client/clientset/versioned --listers-package github.com/nokia/danm/crd/client/listers --output-package github.com/nokia/danm/crd/client/informers \ +&& go install -a -ldflags '-extldflags "-static"' github.com/nokia/danm/cmd/webhook \ +&& cp $GOPATH/bin/webhook /usr/local/bin/webhook \ +&& rm -rf $GOPATH/src \ +&& rm -rf $GOPATH/bin \ +&& apk del .tools \ +&& rm -rf /var/cache/apk/* \ +&& rm -rf /var/lib/apt/lists/* \ +&& rm -rf /tmp/* \ +&& rm -rf ~/.glide + +RUN adduser -u 147 -D -H -s /sbin/nologin danm \ +&& chown root:danm /usr/local/bin/webhook \ +&& chmod 750 /usr/local/bin/webhook + +USER danm + +ENTRYPOINT ["/usr/local/bin/webhook"] -- 2.16.6