Use k8s http-proxy or not is associated with config, instead of build time flag.

Author: renukamanavalan

Makefile.work

@@ -10,7 +10,6 @@
 #  * ENABLE_ZTP: Enables zero touch provisioning.
 #  * SHUTDOWN_BGP_ON_START: Sets admin-down state for all bgp peerings after restart.
 #  * INCLUDE_KUBERNETES: Allows including Kubernetes
-#  * USE_K8S_AS_HTTP_PROXY: Use kubernetes master as proxy
 #  * ENABLE_PFCWD_ON_START: Enable PFC Watchdog (PFCWD) on server-facing ports
 #  * by default for TOR switch.
 #  * ENABLE_SYNCD_RPC: Enables rpc-based syncd builds.
@@ -249,7 +248,6 @@ SONIC_BUILD_INSTRUCTION :=  make \
                            ENABLE_ZTP=$(ENABLE_ZTP) \
                            SHUTDOWN_BGP_ON_START=$(SHUTDOWN_BGP_ON_START) \
                            INCLUDE_KUBERNETES=$(INCLUDE_KUBERNETES) \
-                           USE_K8S_AS_HTTP_PROXY=$(USE_K8S_AS_HTTP_PROXY) \
                            KUBERNETES_VERSION=$(KUBERNETES_VERSION) \
                            KUBERNETES_CNI_VERSION=$(KUBERNETES_CNI_VERSION) \
                            K8s_GCR_IO_PAUSE_VERSION=$(K8s_GCR_IO_PAUSE_VERSION) \

build_debian.sh

@@ -223,13 +223,6 @@ fi
 # pip version of 'PyGObject' will be installed during installation of 'sonic-host-services'
 sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y remove software-properties-common gnupg2 python3-gi
 
-## Add docker config drop-in to specify dockerd command line
-sudo mkdir -p $FILESYSTEM_ROOT/etc/systemd/system/docker.service.d/
-## Note: $_ means last argument of last command
-sudo cp files/docker/*.conf $_
-## Fix systemd race between docker and containerd
-sudo sed -i '/After=/s/$/ containerd.service/' $FILESYSTEM_ROOT/lib/systemd/system/docker.service
-
 if [ "$INCLUDE_KUBERNETES" == "y" ]
 then
     ## Install Kubernetes
@@ -244,24 +237,17 @@ then
     sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install kubelet=${KUBERNETES_VERSION}-00
     sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install kubectl=${KUBERNETES_VERSION}-00
     sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install kubeadm=${KUBERNETES_VERSION}-00
-    # kubeadm package auto install kubelet & kubectl
-    if [ "$USE_K8S_AS_HTTP_PROXY" == "y" ]
-    then
-        PROXY_INFO="http://172.16.1.1:3128/"
-        cat <<EOT | sudo tee $FILESYSTEM_ROOT/etc/systemd/system/docker.service.d/http_proxy.conf > /dev/null
-[Service]
-Environment="HTTP_PROXY=${PROXY_INFO}"
-EOT
-        cat <<EOT | sudo tee $FILESYSTEM_ROOT/etc/systemd/system/docker.service.d/https_proxy.conf > /dev/null
-[Service]
-Environment="HTTPS_PROXY=${PROXY_INFO}"
-EOT
-    fi
-
 else
     echo '[INFO] Skipping Install kubernetes'
 fi
 
+## Add docker config drop-in to specify dockerd command line
+sudo mkdir -p $FILESYSTEM_ROOT/etc/systemd/system/docker.service.d/
+## Note: $_ means last argument of last command
+sudo cp files/docker/docker.service.conf $_
+## Fix systemd race between docker and containerd
+sudo sed -i '/After=/s/$/ containerd.service/' $FILESYSTEM_ROOT/lib/systemd/system/docker.service
+
 ## Create default user
 ## Note: user should be in the group with the same name, and also in sudo/docker/redis groups
 sudo LANG=C chroot $FILESYSTEM_ROOT useradd -G sudo,docker $USERNAME -c "$DEFAULT_USERINFO" -m -s /bin/bash

files/build_templates/sonic_debian_extension.j2

@@ -452,15 +452,27 @@ sudo cp ${files_path}/container_startup.py ${FILESYSTEM_ROOT_USR_SHARE_SONIC_SCR
 sudo chmod a+x ${FILESYSTEM_ROOT_USR_SHARE_SONIC_SCRIPTS}/container_startup.py
 
 # Config file used by container mgmt scripts/service
-{% if use_k8s_as_http_proxy == "y" %}
 fl="${files_path}/remote_ctr.config.json"
-python3 -c 'import json
+use_k8s_as_http_proxy=$(python3 -c 'import json
 with open("'${fl}'", "r") as s:
-    d=json.load(s);d["use_k8s_as_http_proxy"] = "y"; print(json.dumps(d, indent=4))
-' |  sudo tee ${FILESYSTEM_ROOT_ETC_SONIC}/remote_ctr.config.json
-{% else %}
+    d=json.load(s);print(d.get("use_k8s_as_http_proxy", ""))
+'
+if [ "${use_k8s_as_http_proxy}" == "y" ]; then
+    # create proxy files for docker using private IP which will
+    # be later directed to k8s master upon config
+    PROXY_INFO="http://172.16.1.1:3128/"
+    cat <<EOT | sudo tee $FILESYSTEM_ROOT/etc/systemd/system/docker.service.d/http_proxy.conf > /dev/null
+[Service]
+Environment="HTTP_PROXY=${PROXY_INFO}"
+EOT
+    cat <<EOT | sudo tee $FILESYSTEM_ROOT/etc/systemd/system/docker.service.d/https_proxy.conf > /dev/null
+[Service]
+Environment="HTTPS_PROXY=${PROXY_INFO}"
+EOT
+fi
+
+endif
 sudo cp ${files_path}/remote_ctr.config.json ${FILESYSTEM_ROOT_ETC_SONIC}/
-{% endif %}
 
 # Remote container management service files
 sudo cp ${files_path}/ctrmgrd.service ${FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM}/

rules/config

@@ -147,11 +147,6 @@ INCLUDE_NAT = y
 # run as worker node in kubernetes cluster.
 INCLUDE_KUBERNETES = n
 
-# USE_K8S_AS_HTTP_PROXY - if set to y the Kubernetes server is used as
-# HTTP-proxy for docker daemon to reach registry repo.
-# This would be effective only when INCLUDE_KUBERNETES is set to "y"
-USE_K8S_AS_HTTP_PROXY = y
-
 # INCLUDE_MACSEC - build docker-macsec for macsec support
 INCLUDE_MACSEC = y
 
@@ -160,8 +155,8 @@ INCLUDE_MACSEC = y
 # These are Used *only* when INCLUDE_KUBERNETES=y
 # NOTE: As a worker node it has to run version compatible to kubernetes master.
 #
-KUBERNETES_VERSION = 1.18.6
-KUBERNETES_CNI_VERSION = 0.8.6
+KUBERNETES_VERSION = 1.21.1
+KUBERNETES_CNI_VERSION = 0.8.7
 K8s_GCR_IO_PAUSE_VERSION = 3.2
 
 # SONIC_ENABLE_IMAGE_SIGNATURE - enable image signature

slave.mk

@@ -257,9 +257,6 @@ $(info "INCLUDE_RESTAPI"                 : "$(INCLUDE_RESTAPI)")
 $(info "INCLUDE_SFLOW"                   : "$(INCLUDE_SFLOW)")
 $(info "INCLUDE_NAT"                     : "$(INCLUDE_NAT)")
 $(info "INCLUDE_KUBERNETES"              : "$(INCLUDE_KUBERNETES)")
-ifeq ($(INCLUDE_KUBERNETES),y)
-$(info "USE_K8S_AS_HTTP_PROXY"           : "$(USE_K8S_AS_HTTP_PROXY)")
-endif
 $(info "INCLUDE_MACSEC"                  : "$(INCLUDE_MACSEC)")
 $(info "TELEMETRY_WRITABLE"              : "$(TELEMETRY_WRITABLE)")
 $(info "PDDF_SUPPORT"                    : "$(PDDF_SUPPORT)")
@@ -921,7 +918,6 @@ $(addprefix $(TARGET_PATH)/, $(SONIC_INSTALLERS)) : $(TARGET_PATH)/% : \
 	export shutdown_bgp_on_start="$(SHUTDOWN_BGP_ON_START)"
 	export default_buffer_model="$(SONIC_BUFFER_MODEL)"
 	export include_kubernetes="$(INCLUDE_KUBERNETES)"
-	export use_k8s_as_http_proxy="$(USE_K8S_AS_HTTP_PROXY)"
 	export enable_pfcwd_on_start="$(ENABLE_PFCWD_ON_START)"
 	export installer_debs="$(addprefix $(IMAGE_DISTRO_DEBS_PATH)/,$($*_INSTALLS))"
 	export lazy_installer_debs="$(foreach deb, $($*_LAZY_INSTALLS),$(foreach device, $($(deb)_PLATFORM),$(addprefix $(device)@, $(IMAGE_DISTRO_DEBS_PATH)/$(deb))))"

src/sonic-ctrmgrd/ctrmgr/ctrmgrd.py

@@ -56,7 +56,6 @@
 KUBE_LABEL_SET_KEY = "SET"
 
 remote_connected = False
-use_k8s_master_as_docker_proxy = False
 
 dflt_cfg_ser = {
         CFG_SER_IP: "",
@@ -593,14 +592,6 @@ def update_node_labels(self):
 
 
 def main():
-    global use_k8s_master_as_docker_proxy
-
-    parser = argparse.ArgumentParser(description="ctrmgrd service")
-    parser.add_argument("-p", "--proxy", action='store_true',
-            help="Act as docker http-proxy", default=False)
-    args = parser.parse_args()
-    use_k8s_master_as_docker_proxy = args.proxy
-
     init()
     server = MainServer()
     RemoteServerHandler(server)

src/sonic-ctrmgrd/ctrmgr/remote_ctr.config.json

@@ -3,6 +3,6 @@
     "retry_join_interval_seconds": 30,
     "retry_labels_update_seconds": 5,
     "revert_to_local_on_wait_seconds": 60,
-    "use_k8s_as_http_proxy": "n"
+    "use_k8s_as_http_proxy": "y"
 }