pkg/asset: calico: Enable hostPort for calico networking & update cniVersion to 0.3.1 #711
Conversation
|
Can one of the admins verify this patch? |
5 similar comments
|
Can one of the admins verify this patch? |
|
Can one of the admins verify this patch? |
|
Can one of the admins verify this patch? |
|
Can one of the admins verify this patch? |
|
Can one of the admins verify this patch? |
|
Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please follow instructions at https://github.com/kubernetes/kubernetes/wiki/CLA-FAQ to sign the CLA. It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
k8s-ci-robot
added
cncf-cla: no
|
I have tested on my local cluster bootstrapped with bootkube and the This should work out of the box for new clusters. For existing clusters |
weikinhuang
force-pushed
the
calico-hostport
branch
5 times, most recently
from
53ee478 to
0094350
Compare
|
I signed the CLA |
k8s-ci-robot
added
cncf-cla: yes
pkg/asset/internal/templates.go
Outdated
| "nodename": "__KUBERNETES_NODE_NAME__", | ||
| "ipam": { | ||
| "name": "k8s-pod-network", | ||
| "cniVersion": "0.3.0", |
There was a problem hiding this comment.
This should be 0.3.1 - we fixed a small bug. It doesn't require any other changes.
|
FWIW, the changes in here will also work with Flannel. I can file a PR to update that. |
weikinhuang
force-pushed
the
calico-hostport
branch
2 times, most recently
from
fa9e3a3 to
9f7f143
Compare
|
Updated |
|
bootkube won't properly support Calico networking until #714. Installing policy-only Calico on top of cluster using flannel connectivity, this may work because the new CNI config is ordered first. But its a hack on top of a hack. Let's test this following #714, in a setup that does not use flannel at all and runs Calico networking alone. |
|
Rebase please |
weikinhuang
force-pushed
the
calico-hostport
branch
from
9f7f143 to
b8fa79b
Compare
|
done |
|
coreosbot run e2e |
| { | ||
| "type": "portmap", | ||
| "capabilities": { | ||
| "portMappings": true |
There was a problem hiding this comment.
adding
"externalSetMarkChain": "KUBE-MARK-MASQ"
will reuse existing iptables chains
There was a problem hiding this comment.
Not yet - we have to do a plugins release first :-)
There was a problem hiding this comment.
latest bootkube uses https://github.com/projectcalico/cni-plugin/releases/tag/v1.11.1 which already includes portmap plugin. Isn't it enough?
There was a problem hiding this comment.
Pending support for CNI_OLD_CONF_NAME
There was a problem hiding this comment.
Do we need to wait for it?
- is bootkube concerned with compatibility with existing clusters?
- Should you name it 05-calico.conflist it will be loaded ahead of existing 10-calico.conf as per https://github.com/kubernetes/kubernetes/blob/v1.8.4/pkg/kubelet/network/cni/cni.go#L107
|
Successfully bootstrapped clusters with bootkube 0.9, this change and calico |
Yes.
We waited for flannel-cni to provide a mechanism to rotate between CNI configs (and cleanup the old manifest) to make migrations easier for downstreams. Its true you can name a new config to be alphabetically first and cleanup the old config manually or later (not great). Depends how long we'd like to wait. |
TBH I fail to see what value flannel adds comparing to calico mode where it does ipip tunneling. vxlan gives L2 overlay network, but 99.999% of users don't need L2 in kube |
|
Flannel doesn't need to rotate configs, only Kubelet does - and it will always use the "first" CNI configuration file, for which it scans every 5 seconds. The challenge, then, is ensuring that a network created with config A can be deleted with config B. In this case, it will work, since CNI delete is idempotent, and the only change is adding the Portmap plugin. |
|
@squeed , OMG, you say, that kubelet doesn't "memoize' cni config for each network it created so that it can reuse it at tear down time? That is unfortunate oversight. |
|
Looks like config cleanup is now in https://github.com/projectcalico/calico/releases/tag/v2.6.4 |
|
@dghubble should I update the version number, or do you want to do that in a separate PR, and I'll rebase this on top after a merge? |
|
Let's keep the version bump separate for revertability. Kicked off e2e tests in #818 |
weikinhuang
force-pushed
the
calico-hostport
branch
from
1c1ddf1 to
5964dfe
Compare
|
Gah, the separate sidecar image didn't get bumped to v1.11.1 |
|
haha, I'll rebase after #819 is merged |
weikinhuang
force-pushed
the
calico-hostport
branch
from
5964dfe to
bb32bb8
Compare
|
This has been rebased against #819 |
|
ping @dghubble |
|
Looks fine, but I'm on vacation til Monday and haven't validated the
in-place conf edit/migration yet. We also should be sure to have a
changelog note, similar to the one for flannel a few cycles back.
Ping @diegs
…On Wed, Jan 3, 2018, 7:31 PM Wei Kin Huang ***@***.***> wrote:
ping @dghubble <https://github.com/dghubble>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#711 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ACJidJ_rdi8u2Rwd5AGCfQCyfjTcHX6Iks5tG8eYgaJpZM4PYXMe>
.
|
|
ok to test |
pkg/asset/internal/templates.go
Outdated
| - name: CNI_CONF_NAME | ||
| value: 10-calico.conflist | ||
| - name: CNI_OLD_CONF_NAME | ||
| value: 10-calico.conf |
There was a problem hiding this comment.
I see this is the default in the sidecar so it could be left off.
* Ask the Calico sidecar to add a CNI conflist to each node (for calico and portmap plugins). Cleans up Switch from CNI conf to conflist * https://github.com/projectcalico/cni-plugin/blob/v1.11.2/k8s-install/scripts/install-cni.sh * Related kubernetes-retired/bootkube#711
weikinhuang
force-pushed
the
calico-hostport
branch
from
bb32bb8 to
b2884c6
Compare
|
Release notes blurb:
|
* node_exporter service endpoints run on hostNetwork port 9100 * Re-evaluate after kubernetes-retired/bootkube#711
No description provided.