Merge pull request #305 from hhyasdf/improve/make-cni-conf-configurable

mars1024 · web-flow · commit 1b0c58f433a9 · 2022-08-15T17:57:00.000+08:00
make cni conf configurable
diff --git a/charts/hybridnet/templates/configmaps.yaml b/charts/hybridnet/templates/configmaps.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: hybridnet-cni-conf
+  namespace: kube-system
+data:
+  cni-config: |-
+    {
+        "name":"hybridnet",
+        "cniVersion":"0.3.1",
+        "plugins":[
+            {
+                "type":"hybridnet",
+                "server_socket":"/run/cni/hybridnet.sock"
+            },{
+                "type": "bandwidth",
+                "capabilities": {"bandwidth": true}
+            }
+        ]
+    }
diff --git a/charts/hybridnet/templates/daemonsets.yaml b/charts/hybridnet/templates/daemonsets.yaml
@@ -33,6 +33,12 @@ spec:
               name: cni-conf
             - mountPath: /opt/cni/bin
               name: cni-bin
+            - mountPath: /hybridnet/00-hybridnet.conflist
+              name: cni-conf-source
+              subPath: cni-config
+          env:
+            - name: NEEDED_COMMUNITY_CNI_PLUGINS
+              value: {{ .Values.daemon.neededCommunityCNIPlugins }}
       containers:
         - name: cni-daemon
           image: "{{ .Values.images.registryURL }}/{{ .Values.images.hybridnet.image }}:{{ .Values.images.hybridnet.tag }}"
@@ -86,18 +92,6 @@ spec:
               name: host-modules
             - mountPath: /run/xtables.lock
               name: xtables-lock
-            - mountPath: /var/run/netns
-              mountPropagation: HostToContainer
-              name: host-var-run-netns
-            - mountPath: /var/run/docker/netns
-              mountPropagation: HostToContainer
-              name: host-var-docker-netns
-            - mountPath: /run/netns
-              mountPropagation: HostToContainer
-              name: host-run-netns
-            - mountPath: /run/docker/netns
-              mountPropagation: HostToContainer
-              name: host-docker-netns
           # TODO: add liveness probe
         {{ if .Values.daemon.enableNetworkPolicy }}
         - name: policy
@@ -137,15 +131,10 @@ spec:
           hostPath:
             path: /run/xtables.lock
             type: FileOrCreate
-        - name: host-run-netns
-          hostPath:
-            path: /run/netns
-        - name: host-docker-netns
-          hostPath:
-            path: /run/docker/netns
-        - name: host-var-run-netns
-          hostPath:
-            path: /var/run/netns
-        - name: host-var-docker-netns
-          hostPath:
-            path: /var/run/docker/netns
+        - name: cni-conf-source
+          configMap:
+            name: hybridnet-cni-conf
+            items:
+              - key: cni-config
+                path: cni-config
+
diff --git a/charts/hybridnet/values.yaml b/charts/hybridnet/values.yaml
@@ -61,6 +61,12 @@ daemon:
   ## randomly. If is is not empty, the first result matches any of the CIDRs will be chose as VTEP address.
   vtepAddressCIDRs: "0.0.0.0/0,::/0"
 
+  # -- The community CNI plugins needed to be copied by hybridnet from inside container to the /opt/cni/bin/ directory of host
+  neededCommunityCNIPlugins: "loopback,bandwidth"
+
+  # -- The name of hybridnet CNI conf file generated in the /etc/cni/net.d/ directory of host
+  cniConfName: "06-hybridnet.conflist"
+
 # -- Whether pod IP of stateful workloads will be retained by default. true or false
 ## Ref: https://github.com/alibaba/hybridnet/wiki/Static-pod-ip-addresses-for-StatefulSet
 defaultIPRetain: true
diff --git a/dist/images/00-hybridnet.conflist b/dist/images/00-hybridnet.conflist
@@ -5,10 +5,6 @@
         {
             "type":"hybridnet",
             "server_socket":"/run/cni/hybridnet.sock"
-        },
-        {
-            "type": "bandwidth",
-            "capabilities": {"bandwidth": true}
         }
     ]
-}
+}
diff --git a/dist/images/install-cni.sh b/dist/images/install-cni.sh
@@ -33,16 +33,19 @@ fi
 CNI_BIN_SRC=/hybridnet/hybridnet
 CNI_BIN_DST=/opt/cni/bin/hybridnet
 
-CNI_CONF_SRC=/hybridnet/00-hybridnet.conflist
-CNI_CONF_DST=/etc/cni/net.d/00-hybridnet.conflist
+COMMUNITY_CNI_PLUGINS_SRC_DIR=/cni-plugins
+COMMUNITY_CNI_PLUGINS_DST_DIR=/opt/cni/bin
 
-LOOPBACK_BIN_SRC=/cni-plugins/loopback
-LOOPBACK_BIN_DST=/opt/cni/bin/loopback
+PLUGINS=${NEEDED_COMMUNITY_CNI_PLUGINS-"loopback"}
+for plugin in ${PLUGINS//,/ }
+do
+  cp -f $COMMUNITY_CNI_PLUGINS_SRC_DIR/"$plugin" $COMMUNITY_CNI_PLUGINS_DST_DIR/"$plugin"
+done
 
-BANDWIDTH_BIN_SRC=/cni-plugins/bandwidth
-BANDWIDTH_BIN_DST=/opt/cni/bin/bandwidth
-
-cp -f $LOOPBACK_BIN_SRC $LOOPBACK_BIN_DST
-cp -f $BANDWIDTH_BIN_SRC $BANDWIDTH_BIN_DST
 cp -f $CNI_BIN_SRC $CNI_BIN_DST
-cp -f $CNI_CONF_SRC $CNI_CONF_DST
+
+# clean the out-of-date configuration
+rm -rf /etc/cni/net.d/*-hybridnet.conflist
+
+CNI_CONF_DST=/etc/cni/net.d/${CNI_CONF_NAME-"06-hybridnet.conflist"}
+cp -f "${CNI_CONF_SRC-"/hybridnet/00-hybridnet.conflist"}" "$CNI_CONF_DST"
diff --git a/pkg/constants/netns.go b/pkg/constants/netns.go
diff --git a/pkg/daemon/controller/controller.go b/pkg/daemon/controller/controller.go
@@ -92,8 +92,6 @@ type CtrlHub struct {
 
 	nodeIPCache *NodeIPCache
 
-	upgradeWorkDone bool
-
 	logger logr.Logger
 }
 
diff --git a/pkg/daemon/controller/ipinstance.go b/pkg/daemon/controller/ipinstance.go
@@ -19,10 +19,7 @@ package controller
 import (
 	"context"
 	"fmt"
-	"io/ioutil"
 	"net"
-	"os"
-	"strings"
 	"time"
 
 	ctrl "sigs.k8s.io/controller-runtime"
@@ -32,21 +29,14 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/predicate"
 	"sigs.k8s.io/controller-runtime/pkg/source"
 
-	"github.com/go-logr/logr"
-
 	"k8s.io/apimachinery/pkg/types"
 
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 
-	"github.com/containernetworking/plugins/pkg/ip"
-	"github.com/containernetworking/plugins/pkg/ns"
-	"github.com/vishvananda/netlink"
-
 	networkingv1 "github.com/alibaba/hybridnet/pkg/apis/networking/v1"
 	"github.com/alibaba/hybridnet/pkg/constants"
-	"github.com/alibaba/hybridnet/pkg/daemon/containernetwork"
 	daemonutils "github.com/alibaba/hybridnet/pkg/daemon/utils"
 )
 
@@ -64,13 +54,6 @@ func (r *ipInstanceReconciler) Reconcile(ctx context.Context, request reconcile.
 		logger.V(2).Info("IPInstance information reconciled", "time", endTime)
 	}()
 
-	if !r.ctrlHubRef.upgradeWorkDone {
-		if err := ensureExistPodConfigs(r.ctrlHubRef.config.LocalDirectTableNum, logger); err != nil {
-			return reconcile.Result{Requeue: true}, fmt.Errorf("failed to ensure exist pod config: %v", err)
-		}
-		r.ctrlHubRef.upgradeWorkDone = true
-	}
-
 	ipInstanceList := &networkingv1.IPInstanceList{}
 	if err := r.List(ctx, ipInstanceList,
 		client.MatchingLabels{constants.LabelNode: r.ctrlHubRef.config.NodeName}); err != nil {
@@ -219,140 +202,3 @@ func (r *ipInstanceReconciler) SetupWithManager(mgr ctrl.Manager) error {
 
 	return nil
 }
-
-// TODO: update logic, need to be removed further
-func ensureExistPodConfigs(localDirectTableNum int, logger logr.Logger) error {
-	var netnsPaths []string
-	var netnsDir string
-
-	if daemonutils.ValidDockerNetnsDir(constants.DockerNetnsDir) {
-		netnsDir = constants.DockerNetnsDir
-	} else {
-		logger.Info("docker netns path not exist, try containerd netns path",
-			"docker-netns-path", constants.DockerNetnsDir,
-			"containerd-netns-path", constants.ContainerdNetnsDir)
-		netnsDir = constants.ContainerdNetnsDir
-	}
-
-	files, err := ioutil.ReadDir(netnsDir)
-	if err != nil && !os.IsNotExist(err) {
-		return err
-	}
-
-	for _, f := range files {
-		if f.Name() == "default" {
-			continue
-		}
-		fpath := netnsDir + "/" + f.Name()
-		if daemonutils.IsProcFS(fpath) || daemonutils.IsNsFS(fpath) {
-			netnsPaths = append(netnsPaths, fpath)
-		}
-	}
-
-	logger.Info("load exist netns", "netns-path", netnsPaths)
-
-	var hostLinkIndex int
-	allocatedIPs := map[networkingv1.IPVersion]*daemonutils.IPInfo{}
-
-	for _, netns := range netnsPaths {
-		nsHandler, err := ns.GetNS(netns)
-		if err != nil {
-			return fmt.Errorf("get ns error: %v", err)
-		}
-
-		err = nsHandler.Do(func(netNS ns.NetNS) error {
-			link, err := netlink.LinkByName(constants.ContainerNicName)
-			if err != nil {
-				return fmt.Errorf("get container interface error: %v", err)
-			}
-
-			v4Addrs, err := netlink.AddrList(link, netlink.FAMILY_V4)
-			if err != nil {
-				return fmt.Errorf("failed to get v4 container interface addr: %v", err)
-			}
-
-			var v4GatewayIP net.IP
-			if len(v4Addrs) == 0 {
-				allocatedIPs[networkingv1.IPv4] = nil
-			} else {
-				defaultRoute, err := daemonutils.GetDefaultRoute(netlink.FAMILY_V4)
-				if err != nil {
-					return fmt.Errorf("failed to get ipv4 default route: %v", err)
-				}
-				v4GatewayIP = defaultRoute.Gw
-			}
-
-			for _, addr := range v4Addrs {
-				allocatedIPs[networkingv1.IPv4] = &daemonutils.IPInfo{
-					Addr: addr.IP,
-					Gw:   v4GatewayIP,
-				}
-			}
-
-			v6Addrs, err := netlink.AddrList(link, netlink.FAMILY_V6)
-			if err != nil {
-				return fmt.Errorf("failed to get v6 container interface addr: %v", err)
-			}
-
-			var v6GatewayIP net.IP
-			if len(v6Addrs) == 0 {
-				allocatedIPs[networkingv1.IPv6] = nil
-			} else {
-				defaultRoute, err := daemonutils.GetDefaultRoute(netlink.FAMILY_V6)
-				if err != nil {
-					return fmt.Errorf("failed to get ipv6 default route: %v", err)
-				}
-				v6GatewayIP = defaultRoute.Gw
-			}
-
-			for _, addr := range v6Addrs {
-				allocatedIPs[networkingv1.IPv6] = &daemonutils.IPInfo{
-					Addr: addr.IP,
-					Gw:   v6GatewayIP,
-				}
-			}
-
-			_, hostLinkIndex, err = ip.GetVethPeerIfindex(constants.ContainerNicName)
-			if err != nil {
-				return fmt.Errorf("get host link index error: %v", err)
-			}
-
-			return nil
-		})
-
-		if err != nil {
-			logger.Error(err, "get pod addresses and host link index error")
-		}
-
-		if hostLinkIndex == 0 {
-			continue
-		}
-
-		hostLink, err := netlink.LinkByIndex(hostLinkIndex)
-		if err != nil {
-			return fmt.Errorf("failed to get host link by index %v: %v", hostLinkIndex, err)
-		}
-
-		// this container doesn't belong to k8s
-		if !strings.HasSuffix(hostLink.Attrs().Name, "_h") {
-			continue
-		}
-
-		if hostLink.Attrs().MasterIndex != 0 {
-			bridge, err := netlink.LinkByIndex(hostLink.Attrs().MasterIndex)
-			if err != nil {
-				return fmt.Errorf("failed to get bridge by index %v: %v", hostLink.Attrs().MasterIndex, err)
-			}
-
-			if err := netlink.LinkDel(bridge); err != nil {
-				return fmt.Errorf("failed to delete bridge %v: %v", bridge.Attrs().Name, err)
-			}
-		}
-
-		if err := containernetwork.ConfigureHostNic(hostLink.Attrs().Name, allocatedIPs, localDirectTableNum); err != nil {
-			return fmt.Errorf("failed to reconfigure host nic %v: %v", hostLink.Attrs().Name, err)
-		}
-	}
-
-	return nil
-}

Original file line number	Diff line number	Diff line change
`@@ -5,10 +5,6 @@`
`5`	`5`	`{`
`6`	`6`	`"type":"hybridnet",`
`7`	`7`	`"server_socket":"/run/cni/hybridnet.sock"`
`8`		`- },`
`9`		`- {`
`10`		`- "type": "bandwidth",`
`11`		`- "capabilities": {"bandwidth": true}`
`12`	`8`	`}`
`13`	`9`	`]`
`14`		`-}`
	`10`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -92,8 +92,6 @@ type CtrlHub struct {`
`92`	`92`
`93`	`93`	`nodeIPCache *NodeIPCache`
`94`	`94`
`95`		`- upgradeWorkDone bool`
`96`		`-`
`97`	`95`	`logger logr.Logger`
`98`	`96`	`}`
`99`	`97`