CKO: Changes added to handle cko-calico flavor configuration #17
Conversation
abhis2112
commented
Nov 19, 2021
abhis2112
commented
- Added a new task file which run cko calico side changes via acc-provision
- Added the new net-operator-controller deployment alongwith the CRD and CR in templates folder.
- Dockerfile acc-provision branch changes
|
It's a First Draft. Kindly review with all possible comments |
| image_prefix: quay.io/noirolabs | ||
| image_pull_secret: noiro-docker-registry-secret | ||
| openvswitch_version: kmr2-test | ||
| opflex_agent_version: kmr2-test |
| - name: Collecting config-map spec | ||
| set_fact: | ||
| cmap_input: "{{ cmap_data['resources'][0]['data']['spec'] }}" | ||
|
|
There was a problem hiding this comment.
L8 to L28 are not relevant (there is no config-map that is going to be used)
There was a problem hiding this comment.
the config-map holds the original structure of acc_provision_input yaml, which will be used to create a new input yaml from the CR if we update any value in the CR. The values in CR will be deep merged with its original content. Although, we can discuss it if we are going to have just calico config and nothing else as per related to acc_provision_input.yaml
abhis2112
force-pushed
the
abhi-cko-calico
branch
5 times, most recently
from
b25e637 to
58c3012
Compare
| apiVersion: v1 | ||
| kind: Namespace | ||
| metadata: | ||
| name: aci-containers-system |
There was a problem hiding this comment.
this is okay for now, but over time we should change this to be network-operator-controller
roles/accprovision/manifests/net-operator-controller-deployment.yaml
Outdated
Show resolved
Hide resolved
| - '*' | ||
| verbs: | ||
| - '*' | ||
| - apiGroups: |
There was a problem hiding this comment.
all the aci-cni specific details should be removed
There was a problem hiding this comment.
- apiGroups:
- aci.ctrl
resources: - accprovisioninputs
- accprovisioninputs/status
- accprovisioninputs/finalizers
- aci.ctrl
these are only the ones that are there as we have kept the name the same for the CR
There was a problem hiding this comment.
Check the ones below, they are all aci-cni specific and unnecessary...
There was a problem hiding this comment.
L55-61 and L85-122 should be removed.
| \ \"node_svc_subnet\": \"15.5.168.1/21\",\n \"interface_mtu\"\ | ||
| : 1400,\n \"pod_subnet_chunk_size\": 24,\n \"node_subnet\"\ | ||
| : \"15.11.0.1/27\",\n \"pod_subnet\": \"15.128.0.1/16\"\n }\n\ | ||
| \ }\n }" |
There was a problem hiding this comment.
i think this spec string should be different, in fact it should ideally be empty to begin with...
There was a problem hiding this comment.
Checked. Currently needed the pod_subnet and rest other fields in net_config. Otherwise, it says missing option. We need to support the downstream acc-provision to remove the rest of the irrelevant fields.
There was a problem hiding this comment.
HI @abhis2112, I have removed the "node_svc_subnet", "pod_subnet_chunk_size" and "extern_static" fields from the required options in my acc-provision branch. When using "cko-calico" flavor, these fields are no longer required and can be safely removed.
abhis2112
force-pushed
the
abhi-cko-calico
branch
2 times, most recently
from
07544b1 to
66846fb
Compare
| - '*' | ||
| verbs: | ||
| - '*' | ||
| - apiGroups: |
There was a problem hiding this comment.
L55-61 and L85-122 should be removed.
| \ \"extern_dynamic\"\ | ||
| : \"151.9.1.1/24\",\n\ | ||
| \ \"node_subnet\": \"15.11.0.2/27\",\n \"pod_subnet\": \"\ | ||
| 15.128.0.1/27\"\n }\n }\n }" |
There was a problem hiding this comment.
The above spec should not have any fabric-specific hard-coded values.
There was a problem hiding this comment.
Putting "dummy" as the value
| encap_type: vxlan | ||
| mcast_range: | ||
| start: 225.20.1.1 | ||
| end: 225.20.255.255 |
There was a problem hiding this comment.
removing assuming backend acc-provision supports the removal
| net_config: {} | ||
| nodepodif_config: {} | ||
| operator_managed_config: | ||
| enable_updates: false |
| cnideploy_version: kmr2-test | ||
| opflex_agent_version: kmr2-test | ||
| openvswitch_version: kmr2-test | ||
| aci_containers_operator_version: kmr2-test |
abhis2112
force-pushed
the
abhi-cko-calico
branch
from
66846fb to
f2f9317
Compare
abhis2112
force-pushed
the
abhi-cko-calico
branch
from
f2f9317 to
e6d2f88
Compare
1. Added a new task file which run cko calico side changes via acc-provision 2. Created a new namespace net-operator-controller 3. Added the new net-operator-controller deployment in manifest folder alongwith the CRD, and CR in templates folder. 4. Updated CRD schema according to control cluster deployment 5. Dockerfile acc-provision branch changes 6. Provided sample CR with all dummy details
abhis2112
force-pushed
the
abhi-cko-calico
branch
from
e6d2f88 to
542c43d
Compare
| kind: ClusterRole | ||
| metadata: | ||
| labels: | ||
| network-plugin: calico |
There was a problem hiding this comment.
This label is not relevant.
| apiVersion: v1 | ||
| kind: ServiceAccount | ||
| metadata: | ||
| name: net-operator-controller |
There was a problem hiding this comment.
Lets keep the namespace name as "net-operator-controller" but change all other occurrences below to network-operator-fabric-controller.
There was a problem hiding this comment.
I think the "controller" terminology is confusing. Let's use "manager" instead. Apologies for the repeated changes, so lets call this net-operator-manager.
| verbs: | ||
| - '*' | ||
| - apiGroups: | ||
| - aci.ctrl |
There was a problem hiding this comment.
lets call this something that reflects "network operator fabric manager"
| status: {} | ||
| schema: | ||
| openAPIV3Schema: | ||
| description: accprovisioninput defines the input configuration for ACI CNI |
There was a problem hiding this comment.
Update the description here and below to remove references to ACI CNI.
| spec: "{}" | ||
| kind: ConfigMap | ||
| metadata: | ||
| name: acc-provision-config |
| - apiGroups: | ||
| - aci.ctrl | ||
| resources: | ||
| - accprovisioninputs |
There was a problem hiding this comment.
Let's replace all occurrences of "accprovision" here and below with "clusterinput" or "ClusterInput" or "cluster-input" as relevant.
| scheduler.alpha.kubernetes.io/critical-pod: '' | ||
| labels: | ||
| name: net-operator-controller | ||
| network-plugin: aci-containers |
| - name: ACC_PROVISION_FLAVOR | ||
| value: cko-calico | ||
| - name: ACC_PROVISION_INPUT_CR_NAME | ||
| value: accprovisioninput |
There was a problem hiding this comment.
change this name and value to reflect "cluster input" naming convention
| value: accprovisioninput | ||
| image: quay.io/noirolabs/acc-provision-operator:abhishek | ||
| imagePullPolicy: Always | ||
| name: acc-provision-operator |
There was a problem hiding this comment.
network-operator-fabric-controller
|
|
||
|
|
||
| - name: Generate new deployment yaml | ||
| shell: "acc-provision -c {{ acc_provision_file_name }} -f {{ lookup('env', 'ACC_PROVISION_FLAVOR') }} -o {{ aci_cni_deployment_file }}" |
There was a problem hiding this comment.
can we rename aci_cni_deployment_file to: network_operator_deployment_file
| @@ -0,0 +1,94 @@ | |||
| apiVersion: aci.ctrl/v1alpha1 | |||
| kind: AccProvisionInput | |||
There was a problem hiding this comment.
Update as per earlier changes here and below
| @@ -13,11 +13,11 @@ COPY docker/licenses /licenses | |||
| # Export http and https proxy here if building locally for dev | |||
There was a problem hiding this comment.
We need a new docker file for this, we keep the acc-provision-operator docker file as is
