From bfae48c08dc667628711e19dfdc6c398a81e37c2 Mon Sep 17 00:00:00 2001 From: Artem Yarmoliuk Date: Sat, 23 Mar 2019 18:36:37 +0200 Subject: [PATCH 1/2] Add IptablesResyncSeconds to flannel spec --- pkg/apis/kops/networking.go | 2 ++ pkg/apis/kops/v1alpha1/networking.go | 2 ++ pkg/apis/kops/v1alpha1/zz_generated.conversion.go | 2 ++ pkg/apis/kops/v1alpha1/zz_generated.deepcopy.go | 7 ++++++- pkg/apis/kops/v1alpha2/networking.go | 2 ++ pkg/apis/kops/v1alpha2/zz_generated.conversion.go | 2 ++ pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go | 7 ++++++- pkg/apis/kops/zz_generated.deepcopy.go | 7 ++++++- 8 files changed, 28 insertions(+), 3 deletions(-) diff --git a/pkg/apis/kops/networking.go b/pkg/apis/kops/networking.go index 9f1e0265d2c87..25d588f9adb91 100644 --- a/pkg/apis/kops/networking.go +++ b/pkg/apis/kops/networking.go @@ -69,6 +69,8 @@ type WeaveNetworkingSpec struct { type FlannelNetworkingSpec struct { // Backend is the backend overlay type we want to use (vxlan or udp) Backend string `json:"backend,omitempty"` + // IptablesResyncSeconds sets resync period for iptables rules, in seconds + IptablesResyncSeconds *int32 `json:"iptablesResyncSeconds,omitempty"` } // CalicoNetworkingSpec declares that we want Calico networking diff --git a/pkg/apis/kops/v1alpha1/networking.go b/pkg/apis/kops/v1alpha1/networking.go index 469e3651e533b..bfbbe1aa4864b 100644 --- a/pkg/apis/kops/v1alpha1/networking.go +++ b/pkg/apis/kops/v1alpha1/networking.go @@ -69,6 +69,8 @@ type WeaveNetworkingSpec struct { type FlannelNetworkingSpec struct { // Backend is the backend overlay type we want to use (vxlan or udp) Backend string `json:"backend,omitempty"` + // IptablesResyncSeconds sets resync period for iptables rules, in seconds + IptablesResyncSeconds *int32 `json:"iptablesResyncSeconds,omitempty"` } // CalicoNetworkingSpec declares that we want Calico networking diff --git a/pkg/apis/kops/v1alpha1/zz_generated.conversion.go b/pkg/apis/kops/v1alpha1/zz_generated.conversion.go index c95bf479beca1..3aefdb7854445 100644 --- a/pkg/apis/kops/v1alpha1/zz_generated.conversion.go +++ b/pkg/apis/kops/v1alpha1/zz_generated.conversion.go @@ -2413,6 +2413,7 @@ func Convert_kops_FileAssetSpec_To_v1alpha1_FileAssetSpec(in *kops.FileAssetSpec func autoConvert_v1alpha1_FlannelNetworkingSpec_To_kops_FlannelNetworkingSpec(in *FlannelNetworkingSpec, out *kops.FlannelNetworkingSpec, s conversion.Scope) error { out.Backend = in.Backend + out.IptablesResyncSeconds = in.IptablesResyncSeconds return nil } @@ -2423,6 +2424,7 @@ func Convert_v1alpha1_FlannelNetworkingSpec_To_kops_FlannelNetworkingSpec(in *Fl func autoConvert_kops_FlannelNetworkingSpec_To_v1alpha1_FlannelNetworkingSpec(in *kops.FlannelNetworkingSpec, out *FlannelNetworkingSpec, s conversion.Scope) error { out.Backend = in.Backend + out.IptablesResyncSeconds = in.IptablesResyncSeconds return nil } diff --git a/pkg/apis/kops/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/kops/v1alpha1/zz_generated.deepcopy.go index f955b0c539d1b..44f3374e132e2 100644 --- a/pkg/apis/kops/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/kops/v1alpha1/zz_generated.deepcopy.go @@ -1207,6 +1207,11 @@ func (in *FileAssetSpec) DeepCopy() *FileAssetSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *FlannelNetworkingSpec) DeepCopyInto(out *FlannelNetworkingSpec) { *out = *in + if in.IptablesResyncSeconds != nil { + in, out := &in.IptablesResyncSeconds, &out.IptablesResyncSeconds + *out = new(int32) + **out = **in + } return } @@ -2503,7 +2508,7 @@ func (in *NetworkingSpec) DeepCopyInto(out *NetworkingSpec) { if in.Flannel != nil { in, out := &in.Flannel, &out.Flannel *out = new(FlannelNetworkingSpec) - **out = **in + (*in).DeepCopyInto(*out) } if in.Calico != nil { in, out := &in.Calico, &out.Calico diff --git a/pkg/apis/kops/v1alpha2/networking.go b/pkg/apis/kops/v1alpha2/networking.go index e617fee3a97f6..6d7d180f8ed7d 100644 --- a/pkg/apis/kops/v1alpha2/networking.go +++ b/pkg/apis/kops/v1alpha2/networking.go @@ -69,6 +69,8 @@ type WeaveNetworkingSpec struct { type FlannelNetworkingSpec struct { // Backend is the backend overlay type we want to use (vxlan or udp) Backend string `json:"backend,omitempty"` + // IptablesResyncSeconds sets resync period for iptables rules, in seconds + IptablesResyncSeconds *int32 `json:"iptablesResyncSeconds,omitempty"` } // CalicoNetworkingSpec declares that we want Calico networking diff --git a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go index f73fd006d1708..dfcabda06ae12 100644 --- a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go +++ b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go @@ -2530,6 +2530,7 @@ func Convert_kops_FileAssetSpec_To_v1alpha2_FileAssetSpec(in *kops.FileAssetSpec func autoConvert_v1alpha2_FlannelNetworkingSpec_To_kops_FlannelNetworkingSpec(in *FlannelNetworkingSpec, out *kops.FlannelNetworkingSpec, s conversion.Scope) error { out.Backend = in.Backend + out.IptablesResyncSeconds = in.IptablesResyncSeconds return nil } @@ -2540,6 +2541,7 @@ func Convert_v1alpha2_FlannelNetworkingSpec_To_kops_FlannelNetworkingSpec(in *Fl func autoConvert_kops_FlannelNetworkingSpec_To_v1alpha2_FlannelNetworkingSpec(in *kops.FlannelNetworkingSpec, out *FlannelNetworkingSpec, s conversion.Scope) error { out.Backend = in.Backend + out.IptablesResyncSeconds = in.IptablesResyncSeconds return nil } diff --git a/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go b/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go index 4def0f107df6b..639f68ba5a9be 100644 --- a/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go +++ b/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go @@ -1164,6 +1164,11 @@ func (in *FileAssetSpec) DeepCopy() *FileAssetSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *FlannelNetworkingSpec) DeepCopyInto(out *FlannelNetworkingSpec) { *out = *in + if in.IptablesResyncSeconds != nil { + in, out := &in.IptablesResyncSeconds, &out.IptablesResyncSeconds + *out = new(int32) + **out = **in + } return } @@ -2574,7 +2579,7 @@ func (in *NetworkingSpec) DeepCopyInto(out *NetworkingSpec) { if in.Flannel != nil { in, out := &in.Flannel, &out.Flannel *out = new(FlannelNetworkingSpec) - **out = **in + (*in).DeepCopyInto(*out) } if in.Calico != nil { in, out := &in.Calico, &out.Calico diff --git a/pkg/apis/kops/zz_generated.deepcopy.go b/pkg/apis/kops/zz_generated.deepcopy.go index 43b0581de4878..2f05bab6afb20 100644 --- a/pkg/apis/kops/zz_generated.deepcopy.go +++ b/pkg/apis/kops/zz_generated.deepcopy.go @@ -1330,6 +1330,11 @@ func (in *FileAssetSpec) DeepCopy() *FileAssetSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *FlannelNetworkingSpec) DeepCopyInto(out *FlannelNetworkingSpec) { *out = *in + if in.IptablesResyncSeconds != nil { + in, out := &in.IptablesResyncSeconds, &out.IptablesResyncSeconds + *out = new(int32) + **out = **in + } return } @@ -2772,7 +2777,7 @@ func (in *NetworkingSpec) DeepCopyInto(out *NetworkingSpec) { if in.Flannel != nil { in, out := &in.Flannel, &out.Flannel *out = new(FlannelNetworkingSpec) - **out = **in + (*in).DeepCopyInto(*out) } if in.Calico != nil { in, out := &in.Calico, &out.Calico From db6b29ba1019d7cbbc479ddb5c69e1840bb5fc9c Mon Sep 17 00:00:00 2001 From: Artem Yarmoliuk Date: Sat, 23 Mar 2019 18:37:36 +0200 Subject: [PATCH 2/2] Update flannel manifest to v0.11.0 and add iptables-resync flag --- docs/networking.md | 13 +++++++++++++ .../networking.flannel/k8s-1.12.yaml.template | 10 +++++++--- .../addons/networking.flannel/k8s-1.6.yaml.template | 10 +++++++--- .../networking.flannel/pre-k8s-1.6.yaml.template | 12 ++++++++---- 4 files changed, 35 insertions(+), 10 deletions(-) diff --git a/docs/networking.md b/docs/networking.md index d9c75d06ddd01..ecff4948b9ce9 100644 --- a/docs/networking.md +++ b/docs/networking.md @@ -440,6 +440,19 @@ For support with Cilium Network Policies you can reach out on Slack or Github: - [Cilium Github](https://github.com/cilium/cilium) - [Cilium Slack](https://cilium.io/slack) +### Flannel Example for CNI + +#### Configuraing Flannel iptables resync period + +Flannel iptables resync option is configurable via editing a cluster and adding +`iptablesResyncSeconds` option to spec: + +``` + networking: + flannel: + iptablesResyncSeconds: 360 +``` + ### Validating CNI Installation You will notice that `kube-dns` fails to start properly until you deploy your CNI provider. diff --git a/upup/models/cloudup/resources/addons/networking.flannel/k8s-1.12.yaml.template b/upup/models/cloudup/resources/addons/networking.flannel/k8s-1.12.yaml.template index cc4d197662dab..4260d430f9748 100644 --- a/upup/models/cloudup/resources/addons/networking.flannel/k8s-1.12.yaml.template +++ b/upup/models/cloudup/resources/addons/networking.flannel/k8s-1.12.yaml.template @@ -104,7 +104,7 @@ spec: - operator: Exists initContainers: - name: install-cni - image: quay.io/coreos/flannel:v0.10.0-amd64 + image: quay.io/coreos/flannel:v0.11.0-amd64 command: - cp args: @@ -118,8 +118,12 @@ spec: mountPath: /etc/kube-flannel/ containers: - name: kube-flannel - image: quay.io/coreos/flannel:v0.10.0-amd64 - command: [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr" ] + image: quay.io/coreos/flannel:v0.11.0-amd64 + command: + - "/opt/bin/flanneld" + - "--ip-masq" + - "--kube-subnet-mgr" + - "--iptables-resync={{- or .Networking.Flannel.IptablesResyncSeconds "5" }}" securityContext: privileged: true env: diff --git a/upup/models/cloudup/resources/addons/networking.flannel/k8s-1.6.yaml.template b/upup/models/cloudup/resources/addons/networking.flannel/k8s-1.6.yaml.template index 9021411272d2c..a04d96a78dc58 100644 --- a/upup/models/cloudup/resources/addons/networking.flannel/k8s-1.6.yaml.template +++ b/upup/models/cloudup/resources/addons/networking.flannel/k8s-1.6.yaml.template @@ -99,7 +99,7 @@ spec: - operator: Exists initContainers: - name: install-cni - image: quay.io/coreos/flannel:v0.10.0-amd64 + image: quay.io/coreos/flannel:v0.11.0-amd64 command: - cp args: @@ -113,8 +113,12 @@ spec: mountPath: /etc/kube-flannel/ containers: - name: kube-flannel - image: quay.io/coreos/flannel:v0.10.0-amd64 - command: [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr" ] + image: quay.io/coreos/flannel:v0.11.0-amd64 + command: + - "/opt/bin/flanneld" + - "--ip-masq" + - "--kube-subnet-mgr" + - "--iptables-resync={{- or .Networking.Flannel.IptablesResyncSeconds "5" }}" securityContext: privileged: true env: diff --git a/upup/models/cloudup/resources/addons/networking.flannel/pre-k8s-1.6.yaml.template b/upup/models/cloudup/resources/addons/networking.flannel/pre-k8s-1.6.yaml.template index 4ca35a4eb6348..f314c362054b7 100644 --- a/upup/models/cloudup/resources/addons/networking.flannel/pre-k8s-1.6.yaml.template +++ b/upup/models/cloudup/resources/addons/networking.flannel/pre-k8s-1.6.yaml.template @@ -54,8 +54,12 @@ spec: serviceAccountName: flannel containers: - name: kube-flannel - image: quay.io/coreos/flannel:v0.10.0-amd64 - command: [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr" ] + image: quay.io/coreos/flannel:v0.11.0-amd64 + command: + - "/opt/bin/flanneld" + - "--ip-masq" + - "--kube-subnet-mgr" + - "--iptables-resync={{- or .Networking.Flannel.IptablesResyncSeconds "5" }}" securityContext: privileged: true env: @@ -79,7 +83,7 @@ spec: - name: flannel-cfg mountPath: /etc/kube-flannel/ - name: install-cni - image: quay.io/coreos/flannel:v0.10.0-amd64 + image: quay.io/coreos/flannel:v0.11.0-amd64 command: [ "/bin/sh", "-c", "set -e -x; cp -f /etc/kube-flannel/cni-conf.json /etc/cni/net.d/10-flannel.conf; while true; do sleep 3600; done" ] resources: limits: @@ -102,4 +106,4 @@ spec: path: /etc/cni/net.d - name: flannel-cfg configMap: - name: kube-flannel-cfg \ No newline at end of file + name: kube-flannel-cfg