From 82f5309a1cdcaa98f9338046121cac03868e96cc Mon Sep 17 00:00:00 2001 From: magicsong Date: Mon, 2 Sep 2019 16:54:34 +0800 Subject: [PATCH 1/2] =?UTF-8?q?=E2=9C=A8suppor=20k8s=20node=20etcd?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Makefile | 4 ++ cmd/ks-network/main.go | 1 + .../{ => calico-etcd}/kustomization.yaml | 7 +- .../network/{ => calico-etcd}/network.yaml | 0 .../{ => calico-etcd}/patch_image_name.yaml | 2 +- .../{ => calico-etcd}/patch_role_binding.yaml | 2 +- kustomize/network/calico-etcd/role.yaml | 33 +++++++++ .../{rbac => calico-etcd}/role_binding.yaml | 0 .../network/calico-k8s/kustomization.yaml | 11 +++ kustomize/network/calico-k8s/network.yaml | 69 +++++++++++++++++++ .../network/calico-k8s/patch_image_name.yaml | 12 ++++ .../calico-k8s/patch_role_binding.yaml | 8 +++ kustomize/network/calico-k8s/role.yaml | 54 +++++++++++++++ kustomize/network/crds/kustomization.yaml | 3 + pkg/controller/network/provider/calico_k8s.go | 3 + pkg/controller/network/runoption/option.go | 8 +-- pkg/test/testing.go | 6 +- test/network/test.sh | 23 ++++++- 18 files changed, 232 insertions(+), 14 deletions(-) rename kustomize/network/{ => calico-etcd}/kustomization.yaml (81%) rename kustomize/network/{ => calico-etcd}/network.yaml (100%) rename kustomize/network/{ => calico-etcd}/patch_image_name.yaml (84%) rename kustomize/network/{ => calico-etcd}/patch_role_binding.yaml (81%) create mode 100644 kustomize/network/calico-etcd/role.yaml rename kustomize/network/{rbac => calico-etcd}/role_binding.yaml (100%) create mode 100644 kustomize/network/calico-k8s/kustomization.yaml create mode 100644 kustomize/network/calico-k8s/network.yaml create mode 100644 kustomize/network/calico-k8s/patch_image_name.yaml create mode 100644 kustomize/network/calico-k8s/patch_role_binding.yaml create mode 100644 kustomize/network/calico-k8s/role.yaml create mode 100644 kustomize/network/crds/kustomization.yaml create mode 100644 pkg/controller/network/provider/calico_k8s.go diff --git a/Makefile b/Makefile index 1bc1a83c1..c0345a9df 100644 --- a/Makefile +++ b/Makefile @@ -115,3 +115,7 @@ CONTROLLER_GEN=$(GOBIN)/controller-gen else CONTROLLER_GEN=$(shell which controller-gen) endif + +network-rbac: + $(CONTROLLER_GEN) paths=./pkg/controller/network/provider/ paths=./pkg/controller/network/ rbac:roleName=network-manager output:rbac:artifacts:config=kustomize/network/calico-k8s + $(CONTROLLER_GEN) paths=./pkg/controller/network/ rbac:roleName=network-manager output:rbac:artifacts:config=kustomize/network/calico-etcd diff --git a/cmd/ks-network/main.go b/cmd/ks-network/main.go index cc2e74f2b..7b3b6683d 100644 --- a/cmd/ks-network/main.go +++ b/cmd/ks-network/main.go @@ -12,6 +12,7 @@ var opt runoption.RunOption func init() { flag.StringVar(&opt.ProviderName, "np-provider", "calico", "specify the network policy provider, k8s or calico") flag.BoolVar(&opt.AllowInsecureEtcd, "allow-insecure-etcd", false, "specify allow connect to etcd using insecure http") + flag.StringVar(&opt.DataStoreType, "datastore-type", "k8s", "specify the datastore type of calico") //TODO add more flags } diff --git a/kustomize/network/kustomization.yaml b/kustomize/network/calico-etcd/kustomization.yaml similarity index 81% rename from kustomize/network/kustomization.yaml rename to kustomize/network/calico-etcd/kustomization.yaml index da53b56e8..a4f084ceb 100644 --- a/kustomize/network/kustomization.yaml +++ b/kustomize/network/calico-etcd/kustomization.yaml @@ -1,7 +1,8 @@ +bases: +- ../crds + resources: - network.yaml - - crds/wsnp.yaml - - crds/nsnp.yaml - rbac/role.yaml - rbac/role_binding.yaml @@ -19,4 +20,4 @@ secretGenerator: patchesStrategicMerge: - patch_image_name.yaml -namespace: network-test-90fa3885 +namespace: network-test-f22e8ea9 diff --git a/kustomize/network/network.yaml b/kustomize/network/calico-etcd/network.yaml similarity index 100% rename from kustomize/network/network.yaml rename to kustomize/network/calico-etcd/network.yaml diff --git a/kustomize/network/patch_image_name.yaml b/kustomize/network/calico-etcd/patch_image_name.yaml similarity index 84% rename from kustomize/network/patch_image_name.yaml rename to kustomize/network/calico-etcd/patch_image_name.yaml index acf501a32..a6133c91b 100644 --- a/kustomize/network/patch_image_name.yaml +++ b/kustomize/network/calico-etcd/patch_image_name.yaml @@ -8,5 +8,5 @@ spec: spec: containers: # Change the value of image field below to your controller image URL - - image: magicsong/ks-network:90fa3885 + - image: magicsong/ks-network:f22e8ea9 name: manager diff --git a/kustomize/network/patch_role_binding.yaml b/kustomize/network/calico-etcd/patch_role_binding.yaml similarity index 81% rename from kustomize/network/patch_role_binding.yaml rename to kustomize/network/calico-etcd/patch_role_binding.yaml index fde89179f..d5b4a3a04 100644 --- a/kustomize/network/patch_role_binding.yaml +++ b/kustomize/network/calico-etcd/patch_role_binding.yaml @@ -5,4 +5,4 @@ metadata: subjects: - kind: ServiceAccount name: default - namespace: network-test-90fa3885 + namespace: network-test-f22e8ea9 diff --git a/kustomize/network/calico-etcd/role.yaml b/kustomize/network/calico-etcd/role.yaml new file mode 100644 index 000000000..2828ab542 --- /dev/null +++ b/kustomize/network/calico-etcd/role.yaml @@ -0,0 +1,33 @@ + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: network-manager +rules: +- apiGroups: + - network.kubesphere.io + resources: + - namespacenetworkpolicies + - workspacenetworkpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - tenant.kubesphere.io + resources: + - workspaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/kustomize/network/rbac/role_binding.yaml b/kustomize/network/calico-etcd/role_binding.yaml similarity index 100% rename from kustomize/network/rbac/role_binding.yaml rename to kustomize/network/calico-etcd/role_binding.yaml diff --git a/kustomize/network/calico-k8s/kustomization.yaml b/kustomize/network/calico-k8s/kustomization.yaml new file mode 100644 index 000000000..5739564d0 --- /dev/null +++ b/kustomize/network/calico-k8s/kustomization.yaml @@ -0,0 +1,11 @@ +bases: +- ../crds + +resources: +- network.yaml +- role.yaml + +patchesStrategicMerge: + - patch_image_name.yaml + +namespace: network-test-f22e8ea9 diff --git a/kustomize/network/calico-k8s/network.yaml b/kustomize/network/calico-k8s/network.yaml new file mode 100644 index 000000000..418a01b60 --- /dev/null +++ b/kustomize/network/calico-k8s/network.yaml @@ -0,0 +1,69 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: network-system + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: network-manager + namespace: network-system + labels: + control-plane: network-manager +spec: + selector: + matchLabels: + control-plane: network-manager + replicas: 1 + template: + metadata: + labels: + control-plane: network-manager + spec: + nodeSelector: + node-role.kubernetes.io/master: "" + tolerations: + - key: "CriticalAddonsOnly" + operator: "Exists" + - key: "node-role.kubernetes.io/master" + effect: NoSchedule + serviceAccountName: network-manager + containers: + - command: + - /ks-network + args: + - -v=4 + - np-provider=calico + - datastore-type=k8s + image: network:latest + imagePullPolicy: Always + name: manager + resources: + limits: + cpu: 100m + memory: 30Mi + requests: + cpu: 100m + memory: 20Mi + terminationGracePeriodSeconds: 10 + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: net-role-binding + namespace: network-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: network-manager +subjects: +- kind: ServiceAccount + name: network-manager + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: network-manager \ No newline at end of file diff --git a/kustomize/network/calico-k8s/patch_image_name.yaml b/kustomize/network/calico-k8s/patch_image_name.yaml new file mode 100644 index 000000000..a6133c91b --- /dev/null +++ b/kustomize/network/calico-k8s/patch_image_name.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: network-manager + namespace: network-system +spec: + template: + spec: + containers: + # Change the value of image field below to your controller image URL + - image: magicsong/ks-network:f22e8ea9 + name: manager diff --git a/kustomize/network/calico-k8s/patch_role_binding.yaml b/kustomize/network/calico-k8s/patch_role_binding.yaml new file mode 100644 index 000000000..07a52955d --- /dev/null +++ b/kustomize/network/calico-k8s/patch_role_binding.yaml @@ -0,0 +1,8 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: net-role-binding +subjects: +- kind: ServiceAccount + name: network-manager + namespace: network-test-f22e8ea9 diff --git a/kustomize/network/calico-k8s/role.yaml b/kustomize/network/calico-k8s/role.yaml new file mode 100644 index 000000000..b694ba90a --- /dev/null +++ b/kustomize/network/calico-k8s/role.yaml @@ -0,0 +1,54 @@ + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: network-manager +rules: +- apiGroups: + - crd.projectcalico.org + resources: + - clusterinformations + - felixconfigurations + - globalfelixconfigs + - globalnetworkpolicies + - globalnetworksets + - hostendpoints + - ipamblocks + - ippools + - networkpolicies + - networksets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.kubesphere.io + resources: + - namespacenetworkpolicies + - workspacenetworkpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - tenant.kubesphere.io + resources: + - workspaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/kustomize/network/crds/kustomization.yaml b/kustomize/network/crds/kustomization.yaml new file mode 100644 index 000000000..6b1ee9bf4 --- /dev/null +++ b/kustomize/network/crds/kustomization.yaml @@ -0,0 +1,3 @@ +resources: + - wsnp.yaml + - nsnp.yaml \ No newline at end of file diff --git a/pkg/controller/network/provider/calico_k8s.go b/pkg/controller/network/provider/calico_k8s.go new file mode 100644 index 000000000..137cc0494 --- /dev/null +++ b/pkg/controller/network/provider/calico_k8s.go @@ -0,0 +1,3 @@ +package provider + +// +kubebuilder:rbac:groups="crd.projectcalico.org",resources=globalfelixconfigs;felixconfigurations;ippools;ipamblocks;globalnetworkpolicies;globalnetworksets;networkpolicies;networksets;clusterinformations;hostendpoints,verbs=get;list;watch;create;patch;update;delete diff --git a/pkg/controller/network/runoption/option.go b/pkg/controller/network/runoption/option.go index 1ec3b5e4e..a4c2ec23a 100644 --- a/pkg/controller/network/runoption/option.go +++ b/pkg/controller/network/runoption/option.go @@ -14,18 +14,16 @@ import ( "kubesphere.io/kubesphere/pkg/controller/network/provider" ) -type CalicoDataStoreType string - const ( certPath = "/calicocerts" - KubernetesDataStore CalicoDataStoreType = "k8s" - EtcdDataStore CalicoDataStoreType = "etcd" + KubernetesDataStore = "k8s" + EtcdDataStore = "etcd" ) type RunOption struct { ProviderName string - DataStoreType CalicoDataStoreType + DataStoreType string EtcdEndpoints string AllowInsecureEtcd bool } diff --git a/pkg/test/testing.go b/pkg/test/testing.go index c9b0aba93..9775c1632 100644 --- a/pkg/test/testing.go +++ b/pkg/test/testing.go @@ -89,7 +89,11 @@ func (t *TestCtx) Setup(yamlPath string, crdPath string, schemes ...AddToSchemeF return err } for _, f := range schemes { - f(scheme.Scheme) + err = f(scheme.Scheme) + if err != nil { + klog.Errorln("Failed to add scheme") + return err + } } extscheme.AddToScheme(scheme.Scheme) dynClient, err := client.New(cfg, client.Options{}) diff --git a/test/network/test.sh b/test/network/test.sh index e85299363..5129b092d 100755 --- a/test/network/test.sh +++ b/test/network/test.sh @@ -8,6 +8,8 @@ IMG=magicsong/ks-network:$tag DEST=/tmp/manager.yaml TEST_NS=network-test-$tag SKIP_BUILD=no +STORE_MODE=etcd +MODE=test export TEST_NAMESPACE=$TEST_NS export YAML_PATH=$DEST @@ -33,6 +35,16 @@ case $key in shift # past argument shift # past value ;; + -S|--store-mode) + STORE_MODE="$2" + shift # past argument + shift # past value + ;; + -m|--mode) + MODE="$2" + shift # past argument + shift # past value + ;; --default) DEFAULT=YES shift # past argument @@ -51,7 +63,7 @@ if [ $SKIP_BUILD == "no" ]; then docker push $IMG fi -kustomize_dir="./kustomize/network" +kustomize_dir="./kustomize/network/calico-${STORE_MODE}" if [ "$(uname)" == "Darwin" ]; then sed -i '' -e 's/namespace: .*/namespace: '"${TEST_NS}"'/' $kustomize_dir/kustomization.yaml sed -i '' -e 's/namespace: .*/namespace: '"${TEST_NS}"'/' $kustomize_dir/patch_role_binding.yaml @@ -62,6 +74,11 @@ else sed -i -e 's@image: .*@image: '"${IMG}"'@' $kustomize_dir/patch_image_name.yaml fi -kustomize build $kustomize_dir -o $DEST -ginkgo -v ./test/e2e/... +kustomize build $kustomize_dir -o $DEST +if [ $MODE == "test" ]; then + ginkgo -v ./test/e2e/... +elif [ $MODE == "debug" ]; then + kubectl create ns $TEST_NS --dry-run -o yaml | kubectl apply -f - + kubectl apply -f $DEST +fi From d3e694c6f088331ae876ffa40b3a0cecdfca8681 Mon Sep 17 00:00:00 2001 From: magicsong Date: Wed, 4 Sep 2019 17:49:44 +0800 Subject: [PATCH 2/2] change test image name --- test/network/test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/network/test.sh b/test/network/test.sh index 5129b092d..a0c97a23a 100755 --- a/test/network/test.sh +++ b/test/network/test.sh @@ -4,7 +4,7 @@ set -e workspace=`pwd` tag=`git rev-parse --short HEAD` -IMG=magicsong/ks-network:$tag +IMG=kubespheredev/ks-network:$tag DEST=/tmp/manager.yaml TEST_NS=network-test-$tag SKIP_BUILD=no