✨suppor k8s node etcd

Makefile

@@ -115,3 +115,7 @@ CONTROLLER_GEN=$(GOBIN)/controller-gen
 else
 CONTROLLER_GEN=$(shell which controller-gen)
 endif
+
+network-rbac:
+	$(CONTROLLER_GEN) paths=./pkg/controller/network/provider/ paths=./pkg/controller/network/ rbac:roleName=network-manager output:rbac:artifacts:config=kustomize/network/calico-k8s
+	$(CONTROLLER_GEN) paths=./pkg/controller/network/ rbac:roleName=network-manager output:rbac:artifacts:config=kustomize/network/calico-etcd

cmd/ks-network/main.go

@@ -12,6 +12,7 @@ var opt runoption.RunOption
 func init() {
 	flag.StringVar(&opt.ProviderName, "np-provider", "calico", "specify the network policy provider, k8s or calico")
 	flag.BoolVar(&opt.AllowInsecureEtcd, "allow-insecure-etcd", false, "specify allow connect to etcd using insecure http")
+	flag.StringVar(&opt.DataStoreType, "datastore-type", "k8s", "specify the datastore type of calico")
 	//TODO add more flags
 }
 

kustomize/network/calico-etcd/kustomization.yaml

@@ -1,7 +1,8 @@
+bases:
+- ../crds
+
 resources:
   - network.yaml
-  - crds/wsnp.yaml
-  - crds/nsnp.yaml
   - rbac/role.yaml
   - rbac/role_binding.yaml
 
@@ -19,4 +20,4 @@ secretGenerator:
 patchesStrategicMerge:
   - patch_image_name.yaml
 
-namespace: network-test-90fa3885
+namespace: network-test-f22e8ea9

kustomize/network/calico-etcd/patch_image_name.yaml

@@ -8,5 +8,5 @@ spec:
     spec:
       containers:
       # Change the value of image field below to your controller image URL
-      - image: magicsong/ks-network:90fa3885
+      - image: magicsong/ks-network:f22e8ea9
         name: manager

kustomize/network/calico-etcd/patch_role_binding.yaml

@@ -5,4 +5,4 @@ metadata:
 subjects:
 - kind: ServiceAccount
   name: default
-  namespace: network-test-90fa3885
+  namespace: network-test-f22e8ea9

kustomize/network/calico-etcd/role.yaml

@@ -0,0 +1,33 @@
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  name: network-manager
+rules:
+- apiGroups:
+  - network.kubesphere.io
+  resources:
+  - namespacenetworkpolicies
+  - workspacenetworkpolicies
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - tenant.kubesphere.io
+  resources:
+  - workspaces
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch

kustomize/network/calico-k8s/kustomization.yaml

@@ -0,0 +1,11 @@
+bases:
+- ../crds
+
+resources:
+- network.yaml
+- role.yaml
+
+patchesStrategicMerge:
+  - patch_image_name.yaml
+
+namespace: network-test-f22e8ea9

kustomize/network/calico-k8s/network.yaml

@@ -0,0 +1,69 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name:  network-system
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: network-manager
+  namespace: network-system
+  labels:
+    control-plane: network-manager
+spec:
+  selector:
+    matchLabels:
+      control-plane: network-manager
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        control-plane: network-manager
+    spec:
+      nodeSelector:
+        node-role.kubernetes.io/master: ""
+      tolerations:
+        - key: "CriticalAddonsOnly"
+          operator: "Exists"
+        - key: "node-role.kubernetes.io/master"
+          effect: NoSchedule
+      serviceAccountName: network-manager
+      containers:
+      - command:
+        - /ks-network
+        args:
+          - -v=4
+          - np-provider=calico
+          - datastore-type=k8s
+        image: network:latest
+        imagePullPolicy: Always
+        name: manager
+        resources:
+          limits:
+            cpu: 100m
+            memory: 30Mi
+          requests:
+            cpu: 100m
+            memory: 20Mi
+      terminationGracePeriodSeconds: 10
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: net-role-binding
+  namespace: network-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: network-manager
+subjects:
+- kind: ServiceAccount
+  name: network-manager
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: network-manager

kustomize/network/calico-k8s/patch_image_name.yaml

@@ -0,0 +1,12 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: network-manager
+  namespace: network-system
+spec:
+  template:
+    spec:
+      containers:
+      # Change the value of image field below to your controller image URL
+      - image: magicsong/ks-network:f22e8ea9
+        name: manager

kustomize/network/calico-k8s/patch_role_binding.yaml

@@ -0,0 +1,8 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: net-role-binding
+subjects:
+- kind: ServiceAccount
+  name: network-manager
+  namespace: network-test-f22e8ea9

kustomize/network/calico-k8s/role.yaml

@@ -0,0 +1,54 @@
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  name: network-manager
+rules:
+- apiGroups:
+  - crd.projectcalico.org
+  resources:
+  - clusterinformations
+  - felixconfigurations
+  - globalfelixconfigs
+  - globalnetworkpolicies
+  - globalnetworksets
+  - hostendpoints
+  - ipamblocks
+  - ippools
+  - networkpolicies
+  - networksets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - network.kubesphere.io
+  resources:
+  - namespacenetworkpolicies
+  - workspacenetworkpolicies
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - tenant.kubesphere.io
+  resources:
+  - workspaces
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch

kustomize/network/crds/kustomization.yaml

@@ -0,0 +1,3 @@
+resources:
+  - wsnp.yaml
+  - nsnp.yaml

pkg/controller/network/provider/calico_k8s.go

@@ -0,0 +1,3 @@
+package provider
+
+// +kubebuilder:rbac:groups="crd.projectcalico.org",resources=globalfelixconfigs;felixconfigurations;ippools;ipamblocks;globalnetworkpolicies;globalnetworksets;networkpolicies;networksets;clusterinformations;hostendpoints,verbs=get;list;watch;create;patch;update;delete

pkg/controller/network/runoption/option.go

@@ -14,18 +14,16 @@ import (
 	"kubesphere.io/kubesphere/pkg/controller/network/provider"
 )
 
-type CalicoDataStoreType string
-
 const (
 	certPath = "/calicocerts"
 
-	KubernetesDataStore CalicoDataStoreType = "k8s"
-	EtcdDataStore       CalicoDataStoreType = "etcd"
+	KubernetesDataStore = "k8s"
+	EtcdDataStore       = "etcd"
 )
 
 type RunOption struct {
 	ProviderName      string
-	DataStoreType     CalicoDataStoreType
+	DataStoreType     string
 	EtcdEndpoints     string
 	AllowInsecureEtcd bool
 }

pkg/test/testing.go

@@ -89,7 +89,11 @@ func (t *TestCtx) Setup(yamlPath string, crdPath string, schemes ...AddToSchemeF
 		return err
 	}
 	for _, f := range schemes {
-		f(scheme.Scheme)
+		err = f(scheme.Scheme)
+		if err != nil {
+			klog.Errorln("Failed to add scheme")
+			return err
+		}
 	}
 	extscheme.AddToScheme(scheme.Scheme)
 	dynClient, err := client.New(cfg, client.Options{})

test/network/test.sh

@@ -8,6 +8,8 @@ IMG=magicsong/ks-network:$tag
 DEST=/tmp/manager.yaml
 TEST_NS=network-test-$tag
 SKIP_BUILD=no
+STORE_MODE=etcd
+MODE=test
 
 export TEST_NAMESPACE=$TEST_NS
 export YAML_PATH=$DEST
@@ -33,6 +35,16 @@ case $key in
     shift # past argument
     shift # past value
     ;;
+    -S|--store-mode)
+    STORE_MODE="$2"
+    shift # past argument
+    shift # past value
+    ;;
+    -m|--mode)
+    MODE="$2"
+    shift # past argument
+    shift # past value
+    ;;
     --default)
     DEFAULT=YES
     shift # past argument
@@ -51,7 +63,7 @@ if [ $SKIP_BUILD == "no" ]; then
     docker push $IMG
 fi
 
-kustomize_dir="./kustomize/network"
+kustomize_dir="./kustomize/network/calico-${STORE_MODE}"
 if [ "$(uname)" == "Darwin" ]; then
     sed -i '' -e  's/namespace: .*/namespace: '"${TEST_NS}"'/' $kustomize_dir/kustomization.yaml
     sed -i '' -e  's/namespace: .*/namespace: '"${TEST_NS}"'/' $kustomize_dir/patch_role_binding.yaml
@@ -62,6 +74,11 @@ else
     sed -i -e 's@image: .*@image: '"${IMG}"'@' $kustomize_dir/patch_image_name.yaml
 fi
 
-kustomize build $kustomize_dir -o $DEST 
-ginkgo -v ./test/e2e/...
+kustomize build $kustomize_dir -o $DEST
+if [ $MODE == "test" ]; then
+    ginkgo -v ./test/e2e/...
+elif  [ $MODE == "debug" ]; then
+    kubectl create ns $TEST_NS --dry-run -o yaml | kubectl apply -f -
+    kubectl apply -f $DEST
+fi