Otherwise, the latest changes to DRA (which is beta in K8s 1.32) are incompatible.
Additionally, this:
* Bumps kind version to 0.27.0
* Changes `loglevel` flag to `v` verbosity flag for `kind export logs`
* fixes lint in the Dockerfile.
* adds a couple notes in the docs.
This change introduces per-node certification for multus pods.
Once multus pod is launched, then specified bootstrap kubeconfig
is used for initial access, then multus sends CSR request to
kube API to get original certs for kube API access. Once it is
accepted then the multus pod uses generated certs for kube access.
This commit changes thin container base image to distroless
to simplify container image. It replace old shell script entrypoint
to golang implementation and implement multus installer (i.e. copy).
* multus: entrypoint: disallow incompatible cni versions
When top level CNI version is 0.4.0 or more, nested CNI version
can't be less than 0.4.0 since these are incompatible. This
closes issue #737.
Signed-off-by: Balazs Nemeth <bnemeth@redhat.com>
* multus: thick: disallow incompatible cni versions
Similarly to disallowing incompatible versions in entrypoint.sh,
add the same logic in go for the thick plugin.
Signed-off-by: Balazs Nemeth <bnemeth@redhat.com>
* multus: add unit test for incompatible cni versions
Signed-off-by: Balazs Nemeth <bnemeth@redhat.com>
Co-authored-by: Balazs Nemeth <bnemeth@redhat.com>
* multus: entrypoint: disallow incompatible cni versions
When top level CNI version is 0.4.0 or more, nested CNI version
can't be less than 0.4.0 since these are incompatible. This
closes issue #737.
Signed-off-by: Balazs Nemeth <bnemeth@redhat.com>
* multus: thick: disallow incompatible cni versions
Similarly to disallowing incompatible versions in entrypoint.sh,
add the same logic in go for the thick plugin.
Signed-off-by: Balazs Nemeth <bnemeth@redhat.com>
* multus: add unit test for incompatible cni versions
Signed-off-by: Balazs Nemeth <bnemeth@redhat.com>
* build: install the multus binary in an init container
Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
* build: generate kubeconfig via go
Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
* build: generate multus cni configuration via golang
Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
* build: provide a docker img for daemon based deployments
We will have 2 different images (only on amd64 archs):
- legacy entrypoint script based
- daemonized process
The `image-build` docker action is updated, to build these 2 images.
There will be 2 different deployment specs, along with e2e test
lanes, one for each of the aforementioned alternatives.
Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
* build: delegate CNI config watch loop via golang
For the thick-plugin alternative, provide the watch loop for
configuration regeneration via a golang binary.
Over time, this binary is expected to run the control loop to watch
out for pod updates.
To enable current multus users to chose when they upgrade to this new
deployment setup, these changes are provided in separate multus images,
having a different yaml spec files. Both of these alternatives are
tested e2e, since a new lane is introduced.
The following libraries are introduced, along with the motivation for
adding them:
- dproxy: allows traversing the default network configuration arbitrarily,
similar to what an X path / JSON path tool provides.
Repo is available at [0].
- fsnotify: watch for changes in the default CNI configuration file.
Repo is available at [1].
The config map providing the default network CNI configuration is not
copied over, since originally, the user was not required to install a
default network CNI plugin first, but, nowadays, this is a required
step of multus.
As such, it is no longer required to provide a default CNI
configuration.
[0] - https://github.com/koron/go-dproxy
[1] - https://github.com/fsnotify/fsnotify
Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
* run gofmt
Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
* refactor: make the builder pattern more idiomatic to golang
Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
* build: update github actions to release new imgs
Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
Today, Multus will always log via STDERR, and these logs will then
logged by the Kubelet. If we also choose to have Multus log to a file by
setting the LogFile option in the CNI configuration, the same logs will
be logged twice.
This commit provide the option to disable logging to STDERR.
Signed-off-by: Yun Zhou <yunz@nvidia.com>
This PR updates the GitHub Actions workflows to build multus
container images for the IBM Z architecture (s390x), and also
adds daemonsets for s390x nodes.
entrypoint.sh uses python3 when it is available, since centos images
are not available for s390x, and python2 is not installed by default
on debian-based images.
Signed-off-by: Yohei Ueda <yohei@jp.ibm.com>
entrypoint script fails with error when try reading capabilities in
non chain plugin config file when using "--multus-conf-file=auto"
Signed-off-by: Mamduh Alassi <mamduhala@mellanox.com>
