Enable/restore eBPF DP scripts for Calico CNI

1. enable_bpf.sh
Enable eBPF dataplane, which will disable kube-proxy
at the same time;

2. restore_bpf.sh
Disable eBPF dataplane, which will enable kube-proxy
at the same time.

Signed-off-by: trevor tao <trevor.tao@arm.com>
Change-Id: I0055b3f8e40eea8e23170091281ce338e511ee10

diff --git a/src/foundation/scripts/cni/calico/k8s-new/enable_bpf.sh b/src/foundation/scripts/cni/calico/k8s-new/enable_bpf.sh
new file mode 100755 (executable)
index 0000000..1eee57e
--- /dev/null
+++ b/src/foundation/scripts/cni/calico/k8s-new/enable_bpf.sh
@@ -0,0 +1,53 @@
+#!/bin/bash
+
+set -x
+
+WORKDIR=$(pwd)
+TMP_DIR=$(mktemp -d)
+MARCH=$(uname -m)
+CALICO_VERSION=${1:-3.23.1}
+
+if [ $MARCH == "aarch64" ]; then ARCH=arm64;
+elif [ $MARCH == "x86_64" ]; then ARCH=amd64;
+else ARCH="unknown";
+fi
+echo ARCH=$ARCH
+
+k8s_ep=$(kubectl get endpoints kubernetes -o wide | grep kubernetes | cut -d " " -f 4)
+k8s_host=$(echo $k8s_ep | cut -d ":" -f 1)
+k8s_port=$(echo $k8s_ep | cut -d ":" -f 2)
+
+
+cat <<EOF > ${WORKDIR}/k8s_service.yaml
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: kubernetes-services-endpoint
+  namespace: kube-system
+data:
+  KUBERNETES_SERVICE_HOST: "__KUBERNETES_SERVICE_HOST__"
+  KUBERNETES_SERVICE_PORT: "__KUBERNETES_SERVICE_PORT__"
+EOF
+
+
+sed -i "s/__KUBERNETES_SERVICE_HOST__/${k8s_host}/" ${WORKDIR}/k8s_service.yaml
+sed -i "s/__KUBERNETES_SERVICE_PORT__/${k8s_port}/" ${WORKDIR}/k8s_service.yaml
+
+kubectl apply -f ${WORKDIR}/k8s_service.yaml
+
+echo "Disable kube-proxy:"
+kubectl patch ds -n kube-system kube-proxy -p '{"spec":{"template":{"spec":{"nodeSelector":{"non-calico": "true"}}}}}'
+
+if [ ! -f /usr/local/bin/calicoctl ]; then
+   echo "No calicoctl, install now:"
+   curl -L https://github.com/projectcalico/calico/releases/download/v${CALICO_VERSION}/calicoctl-linux-${ARCH} -o ${WORKDIR}/calicoctl;
+   chmod +x ${WORKDIR}/calicoctl;
+   sudo cp ${WORKDIR}/calicoctl /usr/local/bin;
+   rm ${WORKDIR}/calicoctl
+fi
+
+echo "Enable eBPF:"
+calicoctl patch felixconfiguration default --patch='{"spec": {"bpfEnabled": true}}'
+
+echo "Enable Direct Server Return(DSR) mode: optional"
+calicoctl patch felixconfiguration default --patch='{"spec": {"bpfExternalServiceMode": "DSR"}}'

diff --git a/src/foundation/scripts/cni/calico/k8s-new/restore_bpf.sh b/src/foundation/scripts/cni/calico/k8s-new/restore_bpf.sh
new file mode 100755 (executable)
index 0000000..7cfddef
--- /dev/null
+++ b/src/foundation/scripts/cni/calico/k8s-new/restore_bpf.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+set -x
+
+WORKDIR=$(pwd)
+TMP_DIR=$(mktemp -d)
+CALICO_VERSION=${1:-3.23.1}
+
+MARCH=$(uname -m)
+
+if [ $MARCH == "aarch64" ]; then ARCH=arm64;
+elif [ $MARCH == "x86_64" ]; then ARCH=amd64;
+else ARCH="unknown";
+fi
+
+echo ARCH=$ARCH
+
+echo "Restore kube-proxy:"
+kubectl patch ds -n kube-system kube-proxy --type merge -p '{"spec":{"template":{"spec":{"nodeSelector":{"non-calico": null}}}}}'
+
+if [ ! -f /usr/local/bin/calicoctl ]; then
+   curl -L https://github.com/projectcalico/calico/releases/download/v${CALICO_VERSION}/calicoctl-linux-${ARCH} -o ${WORKDIR}/calicoctl;
+   chmod +x ${WORKDIR}/calicoctl;
+   sudo cp ${WORKDIR}/calicoctl /usr/local/bin;
+fi
+
+echo "Restore eBPF mode:"
+calicoctl patch felixconfiguration default --patch='{"spec": {"bpfEnabled": false}}'
+
+echo "Disable Direct Server Return(DSR) mode: optional"
+calicoctl patch felixconfiguration default --patch='{"spec": {"bpfExternalServiceMode": "Tunnel"}}'
+