github/multus-cni
1
0
Fork 1
mirror of https://github.com/k8snetworkplumbingwg/multus-cni.git synced 2025-08-11 13:03:59 +00:00
Code Issues Projects Releases Wiki Activity

Add multusNamespace/systemNamespaces config

Browse Source 
This change provides new configuration parameters, multusNamespace
and systemNamespaces for flexible namespace management.
The change addresses issue #252 and issue #253.
This commit is contained in:
Tomofumi Hayashi 2019-01-29 19:02:47 +09:00 committed by Tomofumi Hayashi
parent ec9dff343c
commit f0bc4fb475
6 changed files with 46 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/configuration.md
View File

@ -21,6 +21,8 @@ Following is the example of multus config file, in `/etc/cni/net.d/`.
"Note1":"NOTE: you can set clusterNetwork+defaultNetworks OR delegates!!", "Note1":"NOTE: you can set clusterNetwork+defaultNetworks OR delegates!!",
"clusterNetwork": "defaultCRD", "clusterNetwork": "defaultCRD",
"defaultNetworks": ["sidecarCRD", "flannel"], "defaultNetworks": ["sidecarCRD", "flannel"],
"systemNamespaces": ["kube-system", "admin"],
"multusNamespace": "kube-system",
"Note2":"NOTE: If you use clusterNetwork/defaultNetworks, delegates is ignored", "Note2":"NOTE: If you use clusterNetwork/defaultNetworks, delegates is ignored",
"delegates": [{ "delegates": [{
"type": "weave-net", "type": "weave-net",
@ -48,6 +50,8 @@ User should chose following parameters combination (`clusterNetwork`+`defaultNet
* `clusterNetwork` (string, required): default CNI network for pods, used in kubernetes cluster (Pod IP and so on): name of network-attachment-definition, CNI json file name (without extention, .conf/.conflist) or directory for CNI config file * `clusterNetwork` (string, required): default CNI network for pods, used in kubernetes cluster (Pod IP and so on): name of network-attachment-definition, CNI json file name (without extention, .conf/.conflist) or directory for CNI config file
* `defaultNetworks` ([]string, required): default CNI network attachment: name of network-attachment-definition, CNI json file name (without extention, .conf/.conflist) or directory for CNI config file * `defaultNetworks` ([]string, required): default CNI network attachment: name of network-attachment-definition, CNI json file name (without extention, .conf/.conflist) or directory for CNI config file
* `systemNamespaces` ([]string, optional): list of namespaces for Kubernetes system (namespaces listed here will not have `defaultNetworks` added)
* `multusNamespace` (string, optional): namespace for `clusterNetwork`/`defaultNetworks`
* `delegates` ([]map,required): number of delegate details in the Multus * `delegates` ([]map,required): number of delegate details in the Multus
### Network selection flow of clusterNetwork/defaultNetworks ### Network selection flow of clusterNetwork/defaultNetworks

18
k8sclient/k8sclient.go
View File

@ -539,17 +539,17 @@ func GetPodNetwork(k8sclient KubeClient, k8sArgs *types.K8sArgs, confdir string,
return delegates, nil return delegates, nil
} }
func getDefaultNetDelegateCRD(client KubeClient, net string, confdir string) (*types.DelegateNetConf, error) { func getDefaultNetDelegateCRD(client KubeClient, net, confdir, namespace string) (*types.DelegateNetConf, error) {
logging.Debugf("getDefaultNetDelegate: %v, %v, %s", client, net, confdir) logging.Debugf("getDefaultNetDelegate: %v, %v, %s", client, net, confdir)
rawPath := fmt.Sprintf("/apis/k8s.cni.cncf.io/v1/namespaces/%s/network-attachment-definitions/%s", "kube-system", net) rawPath := fmt.Sprintf("/apis/k8s.cni.cncf.io/v1/namespaces/%s/network-attachment-definitions/%s", namespace, net)
netData, err := client.GetRawWithPath(rawPath) netData, err := client.GetRawWithPath(rawPath)
if err != nil { if err != nil {
return nil, logging.Errorf("getDefaultNetDelegate: failed to get network resource, refer Multus README.md for the usage guide: %v", err) return nil, logging.Errorf("getDefaultNetDelegateCRD: failed to get network resource, refer Multus README.md for the usage guide: %v", err)
} }
customResource := &types.NetworkAttachmentDefinition{} customResource := &types.NetworkAttachmentDefinition{}
if err := json.Unmarshal(netData, customResource); err != nil { if err := json.Unmarshal(netData, customResource); err != nil {
return nil, logging.Errorf("getDefaultNetDelegate: failed to get the netplugin data: %v", err) return nil, logging.Errorf("getDefaultNetDelegateCRD: failed to get the netplugin data: %v", err)
} }
configBytes, err := cniConfigFromNetworkResource(customResource, confdir) configBytes, err := cniConfigFromNetworkResource(customResource, confdir)
@ -565,10 +565,10 @@ func getDefaultNetDelegateCRD(client KubeClient, net string, confdir string) (*t
return delegate, nil return delegate, nil
} }
func getNetDelegate(client KubeClient, netname string, confdir string) (*types.DelegateNetConf, error) { func getNetDelegate(client KubeClient, netname, confdir, namespace string) (*types.DelegateNetConf, error) {
logging.Debugf("getNetDelegate: %v, %v, %v", client, netname, confdir) logging.Debugf("getNetDelegate: %v, %v, %v", client, netname, confdir)
// option1) search CRD object for the network // option1) search CRD object for the network
delegate, err := getDefaultNetDelegateCRD(client, netname, confdir) delegate, err := getDefaultNetDelegateCRD(client, netname, confdir, namespace)
if err == nil { if err == nil {
return delegate, nil return delegate, nil
} }
@ -626,7 +626,7 @@ func GetDefaultNetworks(k8sArgs *types.K8sArgs, conf *types.NetConf, kubeClient
return nil return nil
} }
delegate, err := getNetDelegate(kubeClient, conf.ClusterNetwork, conf.ConfDir) delegate, err := getNetDelegate(kubeClient, conf.ClusterNetwork, conf.ConfDir, conf.MultusNamespace)
if err != nil { if err != nil {
return err return err
} }
@ -634,9 +634,9 @@ func GetDefaultNetworks(k8sArgs *types.K8sArgs, conf *types.NetConf, kubeClient
delegates = append(delegates, delegate) delegates = append(delegates, delegate)
// Pod in kube-system namespace does not have default network for now. // Pod in kube-system namespace does not have default network for now.
if string(k8sArgs.K8S_POD_NAMESPACE) != "kube-system" { if !types.CheckSystemNamespaces(string(k8sArgs.K8S_POD_NAMESPACE), conf.SystemNamespaces) {
for _, netname := range conf.DefaultNetworks { for _, netname := range conf.DefaultNetworks {
delegate, err := getNetDelegate(kubeClient, netname, conf.ConfDir) delegate, err := getNetDelegate(kubeClient, netname, conf.ConfDir, conf.MultusNamespace)
if err != nil { if err != nil {
return err return err
} }

6
multus/multus.go
View File

@ -349,7 +349,7 @@ func cmdAdd(args *skel.CmdArgs, exec invoke.Exec, kubeClient k8s.KubeClient) (cn
//create the network status, only in case Multus as kubeconfig //create the network status, only in case Multus as kubeconfig
if n.Kubeconfig != "" && kc != nil { if n.Kubeconfig != "" && kc != nil {
if kc.Podnamespace != "kube-system" { if !types.CheckSystemNamespaces(kc.Podnamespace, n.SystemNamespaces) {
delegateNetStatus, err := types.LoadNetworkStatus(tmpResult, delegate.Conf.Name, delegate.MasterPlugin) delegateNetStatus, err := types.LoadNetworkStatus(tmpResult, delegate.Conf.Name, delegate.MasterPlugin)
if err != nil { if err != nil {
return nil, logging.Errorf("Multus: Err in setting network status: %v", err) return nil, logging.Errorf("Multus: Err in setting network status: %v", err)
@ -362,7 +362,7 @@ func cmdAdd(args *skel.CmdArgs, exec invoke.Exec, kubeClient k8s.KubeClient) (cn
//set the network status annotation in apiserver, only in case Multus as kubeconfig //set the network status annotation in apiserver, only in case Multus as kubeconfig
if n.Kubeconfig != "" && kc != nil { if n.Kubeconfig != "" && kc != nil {
if kc.Podnamespace != "kube-system" { if !types.CheckSystemNamespaces(kc.Podnamespace, n.SystemNamespaces) {
err = k8s.SetNetworkStatus(kc, netStatus) err = k8s.SetNetworkStatus(kc, netStatus)
if err != nil { if err != nil {
return nil, logging.Errorf("Multus: Err set the networks status: %v", err) return nil, logging.Errorf("Multus: Err set the networks status: %v", err)
@ -436,7 +436,7 @@ func cmdDel(args *skel.CmdArgs, exec invoke.Exec, kubeClient k8s.KubeClient) err
//unset the network status annotation in apiserver, only in case Multus as kubeconfig //unset the network status annotation in apiserver, only in case Multus as kubeconfig
if in.Kubeconfig != "" && kc != nil { if in.Kubeconfig != "" && kc != nil {
if kc.Podnamespace != "kube-system" { if !types.CheckSystemNamespaces(kc.Podnamespace, in.SystemNamespaces) {
err := k8s.SetNetworkStatus(kc, nil) err := k8s.SetNetworkStatus(kc, nil)
if err != nil { if err != nil {
return logging.Errorf("Multus: Err unset the networks status: %v", err) return logging.Errorf("Multus: Err unset the networks status: %v", err)

19
types/conf.go
View File

@ -31,6 +31,7 @@ const (
defaultConfDir = "/etc/cni/multus/net.d" defaultConfDir = "/etc/cni/multus/net.d"
defaultBinDir = "/opt/cni/bin" defaultBinDir = "/opt/cni/bin"
defaultReadinessIndicatorFile = "" defaultReadinessIndicatorFile = ""
defaultMultusNamespace = "kube-system"
) )
func LoadDelegateNetConfList(bytes []byte, delegateConf *DelegateNetConf) error { func LoadDelegateNetConfList(bytes []byte, delegateConf *DelegateNetConf) error {
@ -216,6 +217,14 @@ func LoadNetConf(bytes []byte) (*NetConf, error) {
netconf.ReadinessIndicatorFile = defaultReadinessIndicatorFile netconf.ReadinessIndicatorFile = defaultReadinessIndicatorFile
} }
if len(netconf.SystemNamespaces) == 0 {
netconf.SystemNamespaces = []string{"kube-system"}
}
if netconf.MultusNamespace == "" {
netconf.MultusNamespace = defaultMultusNamespace
}
// get RawDelegates and put delegates field // get RawDelegates and put delegates field
if netconf.ClusterNetwork == "" { if netconf.ClusterNetwork == "" {
// for Delegates // for Delegates
@ -266,3 +275,13 @@ func delegateAddDeviceID(inBytes []byte, deviceID string) ([]byte, error) {
} }
return configBytes, nil return configBytes, nil
} }
// CheckSystemNamespaces checks whether given namespace is in systemNamespaces or not.
func CheckSystemNamespaces(namespace string, systemNamespaces []string) bool {
for _, nsname := range systemNamespaces {
if namespace == nsname {
return true
}
}
return false
}

7
types/conf_test.go
View File

@ -124,4 +124,11 @@ var _ = Describe("config operations", func() {
Expect(netConf.ReadinessIndicatorFile).To(Equal("/etc/cni/net.d/foo")) Expect(netConf.ReadinessIndicatorFile).To(Equal("/etc/cni/net.d/foo"))
}) })
It("check CheckSystemNamespaces() works fine", func() {
b1 := CheckSystemNamespaces("foobar", []string{"barfoo", "bafoo", "foobar"})
Expect(b1).To(Equal(true))
b2 := CheckSystemNamespaces("foobar1", []string{"barfoo", "bafoo", "foobar"})
Expect(b2).To(Equal(false))
})
}) })

4
types/types.go
View File

@ -49,6 +49,10 @@ type NetConf struct {
ReadinessIndicatorFile string `json:"readinessindicatorfile"` ReadinessIndicatorFile string `json:"readinessindicatorfile"`
// Option to isolate the usage of CR's to the namespace in which a pod resides. // Option to isolate the usage of CR's to the namespace in which a pod resides.
NamespaceIsolation bool `json:"namespaceIsolation"` NamespaceIsolation bool `json:"namespaceIsolation"`
// Option to set system namespaces (to avoid to add defaultNetworks)
SystemNamespaces []string `json:"systemNamespaces"`
// Option to set the namespace that multus-cni uses (clusterNetwork/defaultNetworks)
MultusNamespace string `json:"multusNamespace"`
} }
type RuntimeConfig struct { type RuntimeConfig struct {