-
Notifications
You must be signed in to change notification settings - Fork 370
/
install_cni
executable file
·78 lines (64 loc) · 3.25 KB
/
install_cni
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
#!/usr/bin/env bash
# Copyright 2022 Antrea Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -euo pipefail
source module_utils
# Fetching the list of the binaries that user wants to skip installing.
IFS=',' read -r -a binaries <<< "${SKIP_CNI_BINARIES:-}"
# Todo: check version and continue installation only for a newer version
# Install Antrea binary file
install -m 755 /usr/local/bin/antrea-cni /host/opt/cni/bin/antrea
# Checking the condition before installing the binaries, to ensure that user
# does not want to skip the corressponding CNI binary file
# Install the loopback plugin.
# It is required by kubelet on Linux when using docker as the container runtime.
# We replace the binary files even they are already present on the Node to make
# sure expected versions are used.
if [[ ! " ${binaries[*]} " =~ " loopback " ]]; then
install -m 755 /opt/cni/bin/loopback /host/opt/cni/bin/loopback
fi
# Install PortMap CNI binary file. It is required to support hostPort.
if [[ ! " ${binaries[*]} " =~ " portmap " ]]; then
install -m 755 /opt/cni/bin/portmap /host/opt/cni/bin/portmap
fi
# Install bandwidth CNI binary file. It is required to support traffic shaping.
if [[ ! " ${binaries[*]} " =~ " bandwidth " ]]; then
install -m 755 /opt/cni/bin/bandwidth /host/opt/cni/bin/bandwidth
fi
# Install Antrea configuration file.
# Note that it needs to be executed after installing the above binaries because container runtimes such as cri-o may
# watch the conf directory and try to validate the config and binaries immediately once there is a change.
install -m 644 /etc/antrea/antrea-cni.conflist /host/etc/cni/net.d/10-antrea.conflist
# If more than one CNI config file exists, the file with the lowest name is
# chosen i.e. existing 10-antrea.conf will be chosen over 10-antrea.conflist.
# Hence, delete older 10-antrea.conf file.
rm -f /host/etc/cni/net.d/10-antrea.conf
if [[ -z "${SKIP_LOADING_KERNEL_MODULES:-}" ]]; then
# Load the OVS kernel module if not built-in
if ! is_module_builtin "openvswitch"; then
modprobe openvswitch || (echo "Failed to load the OVS kernel module from the container, try running 'modprobe openvswitch' on your Nodes"; exit 1)
else
echo "Module openvswitch is built-in"
fi
# Load the WireGuard kernel module if not built-in. This is only required when WireGuard
# encryption is enabled. We could parse the antrea config file in the init-container to
# dynamically load this kernel module in the future.
if ! is_module_builtin "wireguard"; then
modprobe wireguard || (echo "Failed to load the WireGuard kernel module, WireGuard encryption will not be available")
else
echo "Module wireguard is built-in"
fi
fi
# Change the default permissions of the run directory.
chmod 0750 /var/run/antrea