From bf8c38a13036ac507b3a8f79add3d41902f4615a Mon Sep 17 00:00:00 2001 From: trevor tao Date: Wed, 13 Jul 2022 18:51:33 +0800 Subject: [PATCH] Enable/restore eBPF DP scripts for Calico CNI 1. enable_bpf.sh Enable eBPF dataplane, which will disable kube-proxy at the same time; 2. restore_bpf.sh Disable eBPF dataplane, which will enable kube-proxy at the same time. Signed-off-by: trevor tao Change-Id: I0055b3f8e40eea8e23170091281ce338e511ee10 --- .../scripts/cni/calico/k8s-new/enable_bpf.sh | 53 ++++++++++++++++++++++ .../scripts/cni/calico/k8s-new/restore_bpf.sh | 32 +++++++++++++ 2 files changed, 85 insertions(+) create mode 100755 src/foundation/scripts/cni/calico/k8s-new/enable_bpf.sh create mode 100755 src/foundation/scripts/cni/calico/k8s-new/restore_bpf.sh diff --git a/src/foundation/scripts/cni/calico/k8s-new/enable_bpf.sh b/src/foundation/scripts/cni/calico/k8s-new/enable_bpf.sh new file mode 100755 index 0000000..1eee57e --- /dev/null +++ b/src/foundation/scripts/cni/calico/k8s-new/enable_bpf.sh @@ -0,0 +1,53 @@ +#!/bin/bash + +set -x + +WORKDIR=$(pwd) +TMP_DIR=$(mktemp -d) +MARCH=$(uname -m) +CALICO_VERSION=${1:-3.23.1} + +if [ $MARCH == "aarch64" ]; then ARCH=arm64; +elif [ $MARCH == "x86_64" ]; then ARCH=amd64; +else ARCH="unknown"; +fi +echo ARCH=$ARCH + +k8s_ep=$(kubectl get endpoints kubernetes -o wide | grep kubernetes | cut -d " " -f 4) +k8s_host=$(echo $k8s_ep | cut -d ":" -f 1) +k8s_port=$(echo $k8s_ep | cut -d ":" -f 2) + + +cat < ${WORKDIR}/k8s_service.yaml +kind: ConfigMap +apiVersion: v1 +metadata: + name: kubernetes-services-endpoint + namespace: kube-system +data: + KUBERNETES_SERVICE_HOST: "__KUBERNETES_SERVICE_HOST__" + KUBERNETES_SERVICE_PORT: "__KUBERNETES_SERVICE_PORT__" +EOF + + +sed -i "s/__KUBERNETES_SERVICE_HOST__/${k8s_host}/" ${WORKDIR}/k8s_service.yaml +sed -i "s/__KUBERNETES_SERVICE_PORT__/${k8s_port}/" ${WORKDIR}/k8s_service.yaml + +kubectl apply -f ${WORKDIR}/k8s_service.yaml + +echo "Disable kube-proxy:" +kubectl patch ds -n kube-system kube-proxy -p '{"spec":{"template":{"spec":{"nodeSelector":{"non-calico": "true"}}}}}' + +if [ ! -f /usr/local/bin/calicoctl ]; then + echo "No calicoctl, install now:" + curl -L https://github.com/projectcalico/calico/releases/download/v${CALICO_VERSION}/calicoctl-linux-${ARCH} -o ${WORKDIR}/calicoctl; + chmod +x ${WORKDIR}/calicoctl; + sudo cp ${WORKDIR}/calicoctl /usr/local/bin; + rm ${WORKDIR}/calicoctl +fi + +echo "Enable eBPF:" +calicoctl patch felixconfiguration default --patch='{"spec": {"bpfEnabled": true}}' + +echo "Enable Direct Server Return(DSR) mode: optional" +calicoctl patch felixconfiguration default --patch='{"spec": {"bpfExternalServiceMode": "DSR"}}' diff --git a/src/foundation/scripts/cni/calico/k8s-new/restore_bpf.sh b/src/foundation/scripts/cni/calico/k8s-new/restore_bpf.sh new file mode 100755 index 0000000..7cfddef --- /dev/null +++ b/src/foundation/scripts/cni/calico/k8s-new/restore_bpf.sh @@ -0,0 +1,32 @@ +#!/bin/bash + +set -x + +WORKDIR=$(pwd) +TMP_DIR=$(mktemp -d) +CALICO_VERSION=${1:-3.23.1} + +MARCH=$(uname -m) + +if [ $MARCH == "aarch64" ]; then ARCH=arm64; +elif [ $MARCH == "x86_64" ]; then ARCH=amd64; +else ARCH="unknown"; +fi + +echo ARCH=$ARCH + +echo "Restore kube-proxy:" +kubectl patch ds -n kube-system kube-proxy --type merge -p '{"spec":{"template":{"spec":{"nodeSelector":{"non-calico": null}}}}}' + +if [ ! -f /usr/local/bin/calicoctl ]; then + curl -L https://github.com/projectcalico/calico/releases/download/v${CALICO_VERSION}/calicoctl-linux-${ARCH} -o ${WORKDIR}/calicoctl; + chmod +x ${WORKDIR}/calicoctl; + sudo cp ${WORKDIR}/calicoctl /usr/local/bin; +fi + +echo "Restore eBPF mode:" +calicoctl patch felixconfiguration default --patch='{"spec": {"bpfEnabled": false}}' + +echo "Disable Direct Server Return(DSR) mode: optional" +calicoctl patch felixconfiguration default --patch='{"spec": {"bpfExternalServiceMode": "Tunnel"}}' + -- 2.16.6