Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bump k8s to v1.30.3 #4317

Merged
merged 3 commits into from
Jul 20, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ METALLB_CONTROLLER_IMAGE = quay.io/metallb/controller:v$(METALLB_VERSION)
METALLB_SPEAKER_IMAGE = quay.io/metallb/speaker:v$(METALLB_VERSION)
METALLB_FRR_IMAGE = quay.io/frrouting/frr:8.5.2

KUBEVIRT_VERSION = v0.59.2
KUBEVIRT_VERSION = v1.3.0
KUBEVIRT_OPERATOR_IMAGE = quay.io/kubevirt/virt-operator:$(KUBEVIRT_VERSION)
KUBEVIRT_API_IMAGE = quay.io/kubevirt/virt-api:$(KUBEVIRT_VERSION)
KUBEVIRT_CONTROLLER_IMAGE = quay.io/kubevirt/virt-controller:$(KUBEVIRT_VERSION)
Expand Down Expand Up @@ -869,7 +869,7 @@ lint:
@GOOS=linux gosec -exclude=G204,G301,G306,G402,G404,G601 -exclude-dir=test -exclude-dir=pkg/client ./...

.PHONY: gofumpt
gofumpt: gofumpt
gofumpt:
gofumpt -w -extra .

.PHONY: lint-windows
Expand Down
9 changes: 9 additions & 0 deletions charts/kube-ovn/templates/controller-deploy.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,7 @@ spec:
- --keep-vm-ip={{- .Values.func.ENABLE_KEEP_VM_IP }}
- --enable-metrics={{- .Values.networking.ENABLE_METRICS }}
- --node-local-dns-ip={{- .Values.networking.NODE_LOCAL_DNS_IP }}
- --secure-serving={{- .Values.func.SECURE_SERVING }}
securityContext:
runAsUser: 0
privileged: false
Expand All @@ -129,6 +130,10 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: KUBE_NAMESPACE
valueFrom:
fieldRef:
Expand All @@ -139,6 +144,10 @@ spec:
fieldPath: spec.nodeName
- name: OVN_DB_IPS
value: "{{ .Values.MASTER_NODES }}"
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_IPS
valueFrom:
fieldRef:
Expand Down
13 changes: 13 additions & 0 deletions charts/kube-ovn/templates/monitor-deploy.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ spec:
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: ["/kube-ovn/start-ovn-monitor.sh"]
args:
- --secure-serving={{- .Values.func.SECURE_SERVING }}
- --log_file=/var/log/kube-ovn/kube-ovn-monitor.log
- --logtostderr=false
- --alsologtostderr=true
Expand All @@ -58,6 +59,18 @@ spec:
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_IPS
valueFrom:
fieldRef:
Expand Down
38 changes: 36 additions & 2 deletions charts/kube-ovn/templates/ovn-CR.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,18 @@ rules:
verbs:
- get
- list

- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
Expand Down Expand Up @@ -240,7 +251,18 @@ rules:
- get
- list
- watch

- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
Expand All @@ -263,3 +285,15 @@ rules:
- daemonsets
verbs:
- get
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
44 changes: 42 additions & 2 deletions charts/kube-ovn/templates/ovn-CRB.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,20 @@ subjects:
- kind: ServiceAccount
name: ovn
namespace: kube-system

---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ovn
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: ovn
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
Expand Down Expand Up @@ -38,7 +51,20 @@ subjects:
- kind: ServiceAccount
name: kube-ovn-cni
namespace: kube-system

---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: kube-ovn-cni
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: kube-ovn-cni
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
Expand All @@ -52,3 +78,17 @@ subjects:
- kind: ServiceAccount
name: kube-ovn-app
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: kube-ovn-app
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: kube-ovn-app
namespace: kube-system
9 changes: 9 additions & 0 deletions charts/kube-ovn/templates/ovncni-ds.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,7 @@ spec:
- --kubelet-dir={{ .Values.kubelet_conf.KUBELET_DIR }}
- --enable-tproxy={{ .Values.func.ENABLE_TPROXY }}
- --ovs-vsctl-concurrency={{ .Values.performance.OVS_VSCTL_CONCURRENCY }}
- --secure-serving={{- .Values.func.SECURE_SERVING }}
securityContext:
runAsUser: 0
privileged: false
Expand All @@ -104,6 +105,14 @@ spec:
value: "{{- .Values.performance.MODULES }}"
- name: RPMS
value: "{{- .Values.performance.RPMS }}"
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_IPS
valueFrom:
fieldRef:
Expand Down
1 change: 1 addition & 0 deletions charts/kube-ovn/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ func:
LS_DNAT_MOD_DL_DST: true
LS_CT_SKIP_DST_LPORT_IPS: true
ENABLE_BIND_LOCAL_IP: true
SECURE_SERVING: false
U2O_INTERCONNECTION: false
ENABLE_TPROXY: false
ENABLE_IC: false
Expand Down
6 changes: 5 additions & 1 deletion cmd/cni/cni.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,12 @@ func main() {
// must ensure that the goroutine does not jump from OS thread to thread
runtime.LockOSThread()

funcs := skel.CNIFuncs{
Add: cmdAdd,
Del: cmdDel,
}
about := fmt.Sprintf("CNI kube-ovn plugin %s", versions.VERSION)
skel.PluginMain(cmdAdd, nil, cmdDel, version.All, about)
skel.PluginMainFuncs(funcs, version.All, about)
}

func cmdAdd(args *skel.CmdArgs) error {
Expand Down
39 changes: 18 additions & 21 deletions cmd/controller/controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ import (
"net/http"
"net/http/pprof"
"os"
"strings"
"time"

"github.com/prometheus/client_golang/prometheus/promhttp"
Expand All @@ -23,11 +22,15 @@ import (

kubeovnv1 "github.com/kubeovn/kube-ovn/pkg/apis/kubeovn/v1"
"github.com/kubeovn/kube-ovn/pkg/controller"
"github.com/kubeovn/kube-ovn/pkg/server"
"github.com/kubeovn/kube-ovn/pkg/util"
"github.com/kubeovn/kube-ovn/versions"
)

const ovnLeaderResource = "kube-ovn-controller"
const (
svcName = "kube-ovn-controller"
ovnLeaderResource = "kube-ovn-controller"
)

func CmdMain() {
defer klog.Flush()
Expand Down Expand Up @@ -68,27 +71,21 @@ func CmdMain() {
mux.HandleFunc("/debug/pprof/trace", pprof.Trace)
}

addr := "0.0.0.0"
if os.Getenv("ENABLE_BIND_LOCAL_IP") == "true" {
podIpsEnv := os.Getenv("POD_IPS")
podIps := strings.Split(podIpsEnv, ",")
// when pod in dual mode, golang can't support bind v4 and v6 address in the same time,
// so not support bind local ip when in dual mode
if len(podIps) == 1 {
addr = podIps[0]
if util.CheckProtocol(podIps[0]) == kubeovnv1.ProtocolIPv6 {
addr = fmt.Sprintf("[%s]", podIps[0])
}
addr := util.JoinHostPort(util.GetDefaultListenAddr(), config.PprofPort)
if !config.SecureServing {
server := &http.Server{
Addr: addr,
ReadHeaderTimeout: 3 * time.Second,
Handler: mux,
}
util.LogFatalAndExit(server.ListenAndServe(), "failed to listen and server on %s", server.Addr)
} else {
ch, err := server.SecureServing(addr, svcName, mux)
if err != nil {
util.LogFatalAndExit(err, "failed to serve on %s", addr)
}
<-ch
}
// conform to Gosec G114
// https://github.com/securego/gosec#available-rules
server := &http.Server{
Addr: fmt.Sprintf("%s:%d", addr, config.PprofPort),
ReadHeaderTimeout: 3 * time.Second,
Handler: mux,
}
util.LogFatalAndExit(server.ListenAndServe(), "failed to listen and server on %s", server.Addr)
}()

// ctx, cancel := context.WithCancel(context.Background())
Expand Down
14 changes: 1 addition & 13 deletions cmd/controller_health_check/controller_health_check.go
Original file line number Diff line number Diff line change
@@ -1,29 +1,17 @@
package controller_health_check

import (
"fmt"
"net"
"os"
"strings"
"time"

kubeovnv1 "github.com/kubeovn/kube-ovn/pkg/apis/kubeovn/v1"
"github.com/kubeovn/kube-ovn/pkg/util"
)

func CmdMain() {
addr := "127.0.0.1:10660"
if os.Getenv("ENABLE_BIND_LOCAL_IP") == "true" {
podIpsEnv := os.Getenv("POD_IPS")
podIps := strings.Split(podIpsEnv, ",")
// when pod in dual mode, golang can't support bind v4 and v6 address in the same time,
// so not support bind local ip when in dual mode
if len(podIps) == 1 {
addr = fmt.Sprintf("%s:10660", podIps[0])
if util.CheckProtocol(podIps[0]) == kubeovnv1.ProtocolIPv6 {
addr = fmt.Sprintf("[%s]:10660", podIps[0])
}
}
addr = util.JoinHostPort(os.Getenv("POD_IP"), 10660)
}

conn, err := net.DialTimeout("tcp", addr, 3*time.Second)
Expand Down
29 changes: 19 additions & 10 deletions cmd/daemon/cniserver.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,10 +18,13 @@ import (
kubeovninformer "github.com/kubeovn/kube-ovn/pkg/client/informers/externalversions"
"github.com/kubeovn/kube-ovn/pkg/daemon"
"github.com/kubeovn/kube-ovn/pkg/ovs"
"github.com/kubeovn/kube-ovn/pkg/server"
"github.com/kubeovn/kube-ovn/pkg/util"
"github.com/kubeovn/kube-ovn/versions"
)

const svcName = "kube-ovn-cni"

func CmdMain() {
defer klog.Flush()

Expand Down Expand Up @@ -96,31 +99,37 @@ func CmdMain() {
}

addr := util.GetDefaultListenAddr()

if config.EnableVerboseConnCheck {
go func() {
connListenaddr := fmt.Sprintf("%s:%d", addr, config.TCPConnCheckPort)
connListenaddr := util.JoinHostPort(addr, config.TCPConnCheckPort)
if err := util.TCPConnectivityListen(connListenaddr); err != nil {
util.LogFatalAndExit(err, "failed to start TCP listen on addr %s ", addr)
}
}()

go func() {
connListenaddr := fmt.Sprintf("%s:%d", addr, config.UDPConnCheckPort)
connListenaddr := util.JoinHostPort(addr, config.UDPConnCheckPort)
if err := util.UDPConnectivityListen(connListenaddr); err != nil {
util.LogFatalAndExit(err, "failed to start UDP listen on addr %s ", addr)
}
}()
}

// conform to Gosec G114
// https://github.com/securego/gosec#available-rules
server := &http.Server{
Addr: fmt.Sprintf("%s:%d", addr, config.PprofPort),
ReadHeaderTimeout: 3 * time.Second,
Handler: mux,
listenAddr := util.JoinHostPort(addr, config.PprofPort)
if !config.SecureServing {
server := &http.Server{
Addr: listenAddr,
ReadHeaderTimeout: 3 * time.Second,
Handler: mux,
}
util.LogFatalAndExit(server.ListenAndServe(), "failed to listen and server on %s", server.Addr)
} else {
ch, err := server.SecureServing(listenAddr, svcName, mux)
if err != nil {
util.LogFatalAndExit(err, "failed to serve on %s", listenAddr)
}
<-ch
}
util.LogFatalAndExit(server.ListenAndServe(), "failed to listen and serve on %s", server.Addr)
}

func mvCNIConf(configDir, configFile, confName string) error {
Expand Down
Loading
Loading