Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Cilium extension to support Cilium 1.15 #403

Merged
merged 38 commits into from
Oct 24, 2024
Merged

Update Cilium extension to support Cilium 1.15 #403

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
38 commits
Select commit Hold shift + click to select a range
3c470ed
replace gardener-extension-networking-cilium by fork
iljarotar Jun 4, 2024
4cf8fe6
add more cilium defaults
iljarotar Jun 4, 2024
d553d42
fix missing function
iljarotar Jun 4, 2024
31b5ee9
fix test
iljarotar Jun 4, 2024
2c9aa0d
add loadbalancer env var
iljarotar Jun 6, 2024
73208f7
Merge branch 'master' into update-cilium-extension
iljarotar Jun 6, 2024
adaa147
Merge branch 'master' into update-cilium-extension
robertvolkmann Jun 18, 2024
613b687
Use loadBalancer instead of loadbalancer
robertvolkmann Jun 19, 2024
0449a53
remove ip families defaults
iljarotar Jun 20, 2024
2278177
use dsr instead of snat as default
iljarotar Jun 20, 2024
9091e2b
check if metallb needs to be deployed
iljarotar Jun 20, 2024
4a3c8e5
fix test
iljarotar Jun 20, 2024
64be1f1
remove ip families from test
iljarotar Jun 20, 2024
02c608d
skip metallb health check for cilium
iljarotar Jun 24, 2024
8b4fb72
Skip rbac for metallb crds for cilium
robertvolkmann Jul 3, 2024
d9ca0c0
Add rbac for cilium crds
robertvolkmann Jul 3, 2024
0382528
DROP: Checkout pull request HEAD commit instead of merge commit
robertvolkmann Aug 1, 2024
3e5a4d6
Merge tag 'refs/tags/v0.24.0' into update-cilium-extension
robertvolkmann Aug 1, 2024
db73f54
Merge tag 'v0.24.1' into update-cilium-extension
simcod Aug 7, 2024
f88b134
DROP: Allow building container image on merge conflicts
robertvolkmann Aug 7, 2024
d301a52
Merge tag 'refs/tags/v0.24.2' into update-cilium-extension
robertvolkmann Aug 7, 2024
9fb55eb
Use update cilium extension
robertvolkmann Sep 5, 2024
3e2115d
It is unnecessary to specify "--devices=lo,..." with Cilium 1.15.8
robertvolkmann Sep 5, 2024
6c19c9a
Merge tag 'v0.24.3' into update-cilium-extension
robertvolkmann Sep 5, 2024
1f7db92
Merge tag 'v0.24.4' into update-cilium-extension
robertvolkmann Sep 5, 2024
f06cf65
Revert "It is unnecessary to specify "--devices=lo,..." with Cilium 1…
robertvolkmann Sep 5, 2024
77f3ada
Merge tag 'v0.24.5' into update-cilium-extension
robertvolkmann Sep 18, 2024
be287f7
Merge tag 'v0.24.6' into update-cilium-extension
robertvolkmann Sep 24, 2024
f477828
Merge tag 'v0.24.7' into update-cilium-extension
robertvolkmann Sep 26, 2024
7c26113
Merge tag 'v0.24.8' into update-cilium-extension
robertvolkmann Oct 10, 2024
b37b15c
Fix go.sum
robertvolkmann Oct 10, 2024
9517153
Merge tag 'v0.24.9' into update-cilium-extension
robertvolkmann Oct 16, 2024
cd62740
Revert "DROP: Allow building container image on merge conflicts"
robertvolkmann Oct 16, 2024
fc0d626
Revert "DROP: Checkout pull request HEAD commit instead of merge commit"
robertvolkmann Oct 16, 2024
81883c2
Merge remote-tracking branch 'origin/master' into update-cilium-exten…
robertvolkmann Oct 16, 2024
5110640
Use gardener extension networking cilium 1.35.0
robertvolkmann Oct 16, 2024
f1c4516
Merge branch 'master' into update-cilium-extension
robertvolkmann Oct 21, 2024
30b5b5b
Merge remote-tracking branch 'origin/master' into update-cilium-exten…
robertvolkmann Oct 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions charts/internal/control-plane/templates/cloud-controller-manager.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,8 @@ spec:
value: {{ .Values.cloudControllerManager.additionalNetworks }}
- name: METAL_SSH_PUBLICKEY
value: {{ .Values.cloudControllerManager.sshPublicKey | quote }}
- name: LOADBALANCER
value: {{ .Values.cloudControllerManager.loadBalancer }}
livenessProbe:
httpGet:
path: /healthz
Expand Down
1 change: 1 addition & 0 deletions charts/internal/control-plane/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ cloudControllerManager:
clusterID: cluster-id
defaultExternalNetwork: external-network-id
additionalNetworks: internet,mpls
loadBalancer: metallb
sshPublicKey: publickey
metal:
endpoint: api-url
Expand Down
2 changes: 2 additions & 0 deletions charts/internal/shoot-control-plane/templates/metallb-crds.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if .Values.metallb.enabled }}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
Expand Down Expand Up @@ -1057,3 +1058,4 @@ spec:
storage: true
subresources:
status: {}
{{- end }}
2 changes: 2 additions & 0 deletions charts/internal/shoot-control-plane/templates/metallb.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if .Values.metallb.enabled }}
apiVersion: v1
kind: Namespace
metadata:
Expand Down Expand Up @@ -671,3 +672,4 @@ roleRef:
subjects:
- kind: ServiceAccount
name: controller
{{- end }}
29 changes: 28 additions & 1 deletion charts/internal/shoot-control-plane/templates/rbac-node-controller.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,33 @@ rules:
- get
- create
- update
{{- if .Values.cilium.enabled }}
- apiGroups:
- cilium.io
resources:
- ciliumbgppeeringpolicies
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cilium.io
resources:
- ciliumloadbalancerippools
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
{{- end }}
{{- if .Values.metallb.enabled }}
- apiGroups:
- metallb.io
resources:
Expand All @@ -156,7 +183,6 @@ rules:
resources:
- ipaddresspools
verbs:
- create
- create
- delete
- get
Expand All @@ -176,6 +202,7 @@ rules:
- patch
- update
- watch
{{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
Expand Down
6 changes: 6 additions & 0 deletions charts/internal/shoot-control-plane/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,12 @@ duros:
enabled: false
endpoints: []

cilium:
enabled: false

metallb:
enabled: true

nodeInit:
enabled: true

Expand Down
2 changes: 1 addition & 1 deletion go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ require (
github.com/gardener/etcd-druid v0.22.0
github.com/gardener/gardener v1.96.6
github.com/gardener/gardener-extension-networking-calico v1.39.1
github.com/gardener/gardener-extension-networking-cilium v1.34.0
github.com/gardener/gardener-extension-networking-cilium v1.35.0
github.com/gardener/machine-controller-manager v0.53.0
github.com/go-logr/logr v1.4.2
github.com/go-openapi/strfmt v0.23.0
Expand Down
4 changes: 2 additions & 2 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,8 +104,8 @@ github.com/gardener/gardener v1.96.6 h1:SWiK4U8UdxIb9GvN9XcZa1GIQEP+Ul5wAlgl5st0
github.com/gardener/gardener v1.96.6/go.mod h1:wXAk6DzltkuJzWvAmIvw1/GscfCn2Po3LWWCr4oCbiQ=
github.com/gardener/gardener-extension-networking-calico v1.39.1 h1:x/PeBSXTasyeSHY6Q0czp9mhCsF0N1FHsH3j0/EEqMc=
github.com/gardener/gardener-extension-networking-calico v1.39.1/go.mod h1:02QjW3PPk4gzGZAcKiEMBtUOfBw+6rPgYt4ZGRkbJbY=
github.com/gardener/gardener-extension-networking-cilium v1.34.0 h1:GpTNR6Ra+J8jv77S9GCh+JnpA+MN2/42TbkcZWcOB7Y=
github.com/gardener/gardener-extension-networking-cilium v1.34.0/go.mod h1:2b2ED5C7Nch4r772YKRDEpC/9Ak8SJB9gblDqBfysYM=
github.com/gardener/gardener-extension-networking-cilium v1.35.0 h1:yKkiOcs1YybHEiExR2tOLD5lF3c96fS6RrNvit1xdM8=
github.com/gardener/gardener-extension-networking-cilium v1.35.0/go.mod h1:zMsv8Hv+MSr3R/OQ0a+fJesygCXJNuIUPmcRol/R4W8=
github.com/gardener/hvpa-controller/api v0.15.0 h1:igsalL5Z6kFMn1+Kv1Eq0cRjYW+4oBA1aEY/yDO2QtI=
github.com/gardener/hvpa-controller/api v0.15.0/go.mod h1:fqb4wNrQLESDKpm7ppXyCM2Gvx96wRlLL35aH0ge07U=
github.com/gardener/machine-controller-manager v0.53.0 h1:g2O0F7nEYZ9LjyPY6Gew8+q0n+rU88deexNq5k8CKks=
Expand Down
10 changes: 9 additions & 1 deletion pkg/admission/mutator/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,15 @@ func (c *config) ciliumTunnel() ciliumextensionv1alpha1.TunnelMode {
}

func (c *config) ciliumDevices() []string {
return c.slice("DEFAULTER_CILIUMDEVICES", []string{"lan+"})
return c.slice("DEFAULTER_CILIUMDEVICES", []string{"lan+", "lo"})
}

func (c *config) ciliumDirectRoutingDevice() string {
return c.string("DEFAULTER_CILIUMDIRECTROUTINGDEVICE", "lo")
}

func (c *config) bgpControlPlaneEnabled() bool {
return c.bool("DEFAULTER_CILIUMBGPCONTROLPLANE", true)
}

func (c *config) ciliumIPv4NativeRoutingCIDREnabled() bool {
Expand Down
10 changes: 10 additions & 0 deletions pkg/admission/mutator/defaulter.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,16 @@ func (d *defaulter) defaultCiliumConfig(shoot *gardenv1beta1.Shoot) error {
networkConfig.Devices = d.c.ciliumDevices()
}

if networkConfig.DirectRoutingDevice == nil {
networkConfig.DirectRoutingDevice = pointer.Pointer(d.c.ciliumDirectRoutingDevice())
}

if networkConfig.BGPControlPlane == nil {
networkConfig.BGPControlPlane = &ciliumextensionv1alpha1.BGPControlPlane{
Enabled: d.c.bgpControlPlaneEnabled(),
}
}

if networkConfig.IPv4NativeRoutingCIDREnabled == nil {
networkConfig.IPv4NativeRoutingCIDREnabled = pointer.Pointer(d.c.ciliumIPv4NativeRoutingCIDREnabled())
}
Expand Down
4 changes: 3 additions & 1 deletion pkg/admission/mutator/defaulter_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -342,9 +342,11 @@ func Test_defaulter_defaultShoot(t *testing.T) {
},
TunnelMode: pointer.Pointer(ciliumextensionv1alpha1.Disabled),
MTU: pointer.Pointer(1440),
Devices: []string{"lan+"},
Devices: []string{"lan+", "lo"},
DirectRoutingDevice: pointer.Pointer("lo"),
LoadBalancingMode: pointer.Pointer(ciliumextensionv1alpha1.DSR),
IPv4NativeRoutingCIDREnabled: pointer.Pointer(true),
BGPControlPlane: &ciliumextensionv1alpha1.BGPControlPlane{Enabled: true},
},
},
},
Expand Down
19 changes: 18 additions & 1 deletion pkg/controller/controlplane/valuesprovider.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,9 +29,10 @@ import (
apismetal "github.com/metal-stack/gardener-extension-provider-metal/pkg/apis/metal"
"github.com/metal-stack/gardener-extension-provider-metal/pkg/apis/metal/helper"

metalclient "github.com/metal-stack/gardener-extension-provider-metal/pkg/metal/client"
metalgo "github.com/metal-stack/metal-go"

metalclient "github.com/metal-stack/gardener-extension-provider-metal/pkg/metal/client"

admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
Expand Down Expand Up @@ -488,10 +489,18 @@ func (vp *valuesProvider) getControlPlaneShootChartValues(ctx context.Context, c
"enabled": vp.controllerConfig.Storage.Duros.Enabled,
}

ciliumValues := map[string]any{
"enabled": false,
}
metallbValues := map[string]any{
"enabled": true,
}
nodeInitValues := map[string]any{
"enabled": true,
}
if pointer.SafeDeref(pointer.SafeDeref(cluster.Shoot.Spec.Networking).Type) == "cilium" {
ciliumValues["enabled"] = true
metallbValues["enabled"] = false
nodeInitValues["enabled"] = false
}

Expand Down Expand Up @@ -608,6 +617,8 @@ func (vp *valuesProvider) getControlPlaneShootChartValues(ctx context.Context, c
"apiserverIPs": apiserverIPs,
"nodeCIDR": nodeCIDR,
"duros": durosValues,
"cilium": ciliumValues,
"metallb": metallbValues,
"nodeInit": nodeInitValues,
"restrictEgress": map[string]any{ // FIXME remove
"enabled": cpConfig.FeatureGates.RestrictEgress != nil && *cpConfig.FeatureGates.RestrictEgress,
Expand Down Expand Up @@ -733,6 +744,11 @@ func getCCMChartValues(
return nil, fmt.Errorf("secret %q not found", metal.CloudControllerManagerServerName)
}

loadBalancer := "metallb"
if pointer.SafeDeref(cluster.Shoot.Spec.Networking.Type) == "cilium" {
loadBalancer = "cilium"
}

values := map[string]interface{}{
"cloudControllerManager": map[string]interface{}{
"replicas": extensionscontroller.GetControlPlaneReplicas(cluster, scaledDown, 1),
Expand All @@ -743,6 +759,7 @@ func getCCMChartValues(
"podNetwork": extensionscontroller.GetPodNetwork(cluster),
"defaultExternalNetwork": defaultExternalNetwork,
"additionalNetworks": strings.Join(infrastructureConfig.Firewall.Networks, ","),
"loadBalancer": loadBalancer,
"sshPublicKey": string(sshSecret.Data["id_rsa.pub"]),
"metal": map[string]interface{}{
"endpoint": mcp.Endpoint,
Expand Down
5 changes: 5 additions & 0 deletions pkg/controller/healthcheck/add.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
healthcheckconfig "github.com/gardener/gardener/extensions/pkg/apis/config"
"github.com/metal-stack/gardener-extension-provider-metal/pkg/apis/config"
"github.com/metal-stack/gardener-extension-provider-metal/pkg/metal"
"github.com/metal-stack/metal-lib/pkg/pointer"

extensionscontroller "github.com/gardener/gardener/extensions/pkg/controller"
genericcontrolplaneactuator "github.com/gardener/gardener/extensions/pkg/controller/controlplane/genericactuator"
Expand Down Expand Up @@ -47,6 +48,9 @@ func RegisterHealthChecks(ctx context.Context, mgr manager.Manager, opts AddOpti
durosPreCheck := func(_ context.Context, _ client.Client, _ client.Object, _ *extensionscontroller.Cluster) bool {
return opts.ControllerConfig.Storage.Duros.Enabled
}
metallbPreCheck := func(_ context.Context, _ client.Client, _ client.Object, cluster *extensionscontroller.Cluster) bool {
return pointer.SafeDeref(cluster.Shoot.Spec.Networking.Type) == "calico"
}

if err := healthcheck.DefaultRegistration(
ctx,
Expand Down Expand Up @@ -82,6 +86,7 @@ func RegisterHealthChecks(ctx context.Context, mgr manager.Manager, opts AddOpti
{
ConditionType: string(gardencorev1beta1.ShootSystemComponentsHealthy),
HealthCheck: CheckMetalLB(),
PreCheckFunc: metallbPreCheck,
},
},
// TODO(acumino): Remove this condition in a future release.
Expand Down
7 changes: 4 additions & 3 deletions pkg/controller/worker/actuator.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,14 @@ import (
"github.com/gardener/gardener/extensions/pkg/controller/worker"
"github.com/gardener/gardener/extensions/pkg/controller/worker/genericactuator"
gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1"
"github.com/metal-stack/gardener-extension-provider-metal/pkg/apis/config"
apismetal "github.com/metal-stack/gardener-extension-provider-metal/pkg/apis/metal"
metalclient "github.com/metal-stack/gardener-extension-provider-metal/pkg/metal/client"
metalgo "github.com/metal-stack/metal-go"
"github.com/metal-stack/metal-go/api/models"
"github.com/metal-stack/metal-lib/pkg/cache"

"github.com/metal-stack/gardener-extension-provider-metal/pkg/apis/config"
apismetal "github.com/metal-stack/gardener-extension-provider-metal/pkg/apis/metal"
metalclient "github.com/metal-stack/gardener-extension-provider-metal/pkg/metal/client"

extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1"
gardener "github.com/gardener/gardener/pkg/client/kubernetes"

Expand Down