From cd569333f67e7855b9fc03a151ee9aed7c6e7e76 Mon Sep 17 00:00:00 2001 From: Miguel Angel Ajo Date: Wed, 17 Nov 2021 20:08:41 +0100 Subject: [PATCH] Fix the flannel deployment Flannel wasn't completely installed, since the host needs the flannel binary in /opt/cni/bin for crio to find, and forceAddress is necessary to make sure that the cni0 bridge will have the address requested by flannel. An alternative to this could be creating a flannel-cni rpm sub-package to be installed on the host. Signed-off-by: Miguel Angel Ajo --- assets/apps/0000_00_flannel-daemonset.yaml | 16 +++- assets/core/0000_00_flannel-configmap.yaml | 1 + packaging/images/components/build.sh | 7 +- .../components/flannel-cni/Dockerfile | 12 +++ .../components/flannel-cni/Dockerfile.riscv64 | 7 ++ .../components/flannel-cni/build_binaries | 7 ++ .../components/components/flannel-cni/commit | 1 + .../components/components/flannel-cni/repo | 1 + pkg/assets/apps/bindata.go | 16 +++- pkg/assets/core/bindata.go | 84 ++++++++++--------- pkg/release/release.go | 1 + pkg/release/release_amd64.go | 1 + 12 files changed, 108 insertions(+), 46 deletions(-) create mode 100644 packaging/images/components/components/flannel-cni/Dockerfile create mode 100644 packaging/images/components/components/flannel-cni/Dockerfile.riscv64 create mode 100755 packaging/images/components/components/flannel-cni/build_binaries create mode 100644 packaging/images/components/components/flannel-cni/commit create mode 100644 packaging/images/components/components/flannel-cni/repo diff --git a/assets/apps/0000_00_flannel-daemonset.yaml b/assets/apps/0000_00_flannel-daemonset.yaml index 457205a1ba..c29c24e147 100644 --- a/assets/apps/0000_00_flannel-daemonset.yaml +++ b/assets/apps/0000_00_flannel-daemonset.yaml @@ -32,6 +32,17 @@ spec: effect: NoSchedule serviceAccountName: flannel initContainers: + - name: install-cni-bin + image: {{ .ReleaseImage.kube_flannel_cni }} + command: + - cp + args: + - -f + - /flannel + - /opt/cni/bin/flannel + volumeMounts: + - name: cni-plugin + mountPath: /opt/cni/bin - name: install-cni image: {{ .ReleaseImage.kube_flannel }} command: @@ -87,4 +98,7 @@ spec: path: /etc/cni/net.d - name: flannel-cfg configMap: - name: kube-flannel-cfg \ No newline at end of file + name: kube-flannel-cfg + - name: cni-plugin + hostPath: + path: /opt/cni/bin \ No newline at end of file diff --git a/assets/core/0000_00_flannel-configmap.yaml b/assets/core/0000_00_flannel-configmap.yaml index 7a0750c6c2..e42bc8619c 100644 --- a/assets/core/0000_00_flannel-configmap.yaml +++ b/assets/core/0000_00_flannel-configmap.yaml @@ -16,6 +16,7 @@ data: "type": "flannel", "delegate": { "hairpinMode": true, + "forceAddress": true, "isDefaultGateway": true } }, diff --git a/packaging/images/components/build.sh b/packaging/images/components/build.sh index 70c2c59508..c373f6e863 100755 --- a/packaging/images/components/build.sh +++ b/packaging/images/components/build.sh @@ -4,7 +4,7 @@ set -e # input parameters via env variables DEST_REGISTRY=${DEST_REGISTRY:-"quay.io/microshift"} -COMPONENTS=${COMPONENTS:-"base-image pause cli coredns flannel haproxy-router hostpath-provisioner kube-rbac-proxy service-ca-operator"} +COMPONENTS=${COMPONENTS:-"base-image pause cli coredns flannel flannel-cni haproxy-router hostpath-provisioner kube-rbac-proxy service-ca-operator"} ARCHITECTURES=${ARCHITECTURES:-"amd64 arm64 arm ppc64le riscv64"} PUSH=${PUSH:-no} PARALLEL=${PARALLEL:-yes} @@ -112,6 +112,7 @@ function build_multiarch_image { else for ARCH in ${ARCHITECTURES} do + ARCH_IMAGE="${MULTIARCH_MANIFEST}-${ARCH}" echo "" echo -e "${GRAY}> preparing arch image ${ARCH_IMAGE} ${CLEAR}" build_arch_image |& sed "s/^/[${COMPONENT}:${ARCH}] /" @@ -158,9 +159,9 @@ function build_using_dockerfile { BUILD_ARGS="${BUILD_ARGS} --build-arg REGISTRY=${DEST_REGISTRY} --build-arg OKD_TAG=${OKD_BASE_TAG}" - buildah build-using-dockerfile --override-arch "${ARCH}" "$BUILD_ARGS" . || \ + buildah build-using-dockerfile --override-arch "${ARCH}" $BUILD_ARGS . || \ if [ "${ARCH}" == arm ]; then # fedora registry uses armhfp instead for arm (arm32 with floating point) - buildah build-using-dockerfile --override-arch "armhfp" "$BUILD_ARGS" . + buildah build-using-dockerfile --override-arch "armhfp" $BUILD_ARGS . fi } diff --git a/packaging/images/components/components/flannel-cni/Dockerfile b/packaging/images/components/components/flannel-cni/Dockerfile new file mode 100644 index 0000000000..37263d8943 --- /dev/null +++ b/packaging/images/components/components/flannel-cni/Dockerfile @@ -0,0 +1,12 @@ +# we just need cp to use during init containers, using base-image or ubi8 seems wasteful +# this needs a better strategy in the long term, probably just creating a flannel subpackage +# in RPM ? +FROM alpine + +ARG TARGETARCH + +COPY bin/flannel-$TARGETARCH /flannel + +LABEL io.k8s.display-name="Flannel CNI" \ + io.k8s.description="Flannel CNI interface binaries to be copied to the host /opt/cni/bin" \ + maintainer="dev@microshift.io" diff --git a/packaging/images/components/components/flannel-cni/Dockerfile.riscv64 b/packaging/images/components/components/flannel-cni/Dockerfile.riscv64 new file mode 100644 index 0000000000..a3f28578b3 --- /dev/null +++ b/packaging/images/components/components/flannel-cni/Dockerfile.riscv64 @@ -0,0 +1,7 @@ +FROM docker.io/debian:sid-slim + +ARG TARGETARCH + +LABEL maintainer="Carlos Eduardo " + +COPY bin/flannel-$TARGETARCH /flannel diff --git a/packaging/images/components/components/flannel-cni/build_binaries b/packaging/images/components/components/flannel-cni/build_binaries new file mode 100755 index 0000000000..6574a24248 --- /dev/null +++ b/packaging/images/components/components/flannel-cni/build_binaries @@ -0,0 +1,7 @@ +#!/bin/sh + +mkdir -p bin + +cd src +CGO_ENABLED=0 GOOS=linux GOARCH=$1 scripts/build_flannel.sh && mv dist/flannel-$1 ../bin/flannel-$1 + diff --git a/packaging/images/components/components/flannel-cni/commit b/packaging/images/components/components/flannel-cni/commit new file mode 100644 index 0000000000..0ec25f7505 --- /dev/null +++ b/packaging/images/components/components/flannel-cni/commit @@ -0,0 +1 @@ +v1.0.0 diff --git a/packaging/images/components/components/flannel-cni/repo b/packaging/images/components/components/flannel-cni/repo new file mode 100644 index 0000000000..a3709ca794 --- /dev/null +++ b/packaging/images/components/components/flannel-cni/repo @@ -0,0 +1 @@ +https://github.com/flannel-io/cni-plugin diff --git a/pkg/assets/apps/bindata.go b/pkg/assets/apps/bindata.go index 2d83e07f68..444e6bd06a 100644 --- a/pkg/assets/apps/bindata.go +++ b/pkg/assets/apps/bindata.go @@ -93,6 +93,17 @@ spec: effect: NoSchedule serviceAccountName: flannel initContainers: + - name: install-cni-bin + image: {{ .ReleaseImage.kube_flannel_cni }} + command: + - cp + args: + - -f + - /flannel + - /opt/cni/bin/flannel + volumeMounts: + - name: cni-plugin + mountPath: /opt/cni/bin - name: install-cni image: {{ .ReleaseImage.kube_flannel }} command: @@ -148,7 +159,10 @@ spec: path: /etc/cni/net.d - name: flannel-cfg configMap: - name: kube-flannel-cfg`) + name: kube-flannel-cfg + - name: cni-plugin + hostPath: + path: /opt/cni/bin`) func assetsApps0000_00_flannelDaemonsetYamlBytes() ([]byte, error) { return _assetsApps0000_00_flannelDaemonsetYaml, nil diff --git a/pkg/assets/core/bindata.go b/pkg/assets/core/bindata.go index c5fbf26810..604800d503 100644 --- a/pkg/assets/core/bindata.go +++ b/pkg/assets/core/bindata.go @@ -13,10 +13,10 @@ // assets/core/0000_80_hostpath-provisioner-namespace.yaml // assets/core/0000_80_hostpath-provisioner-serviceaccount.yaml // assets/core/0000_80_openshift-router-cm.yaml +// assets/core/0000_80_openshift-router-external-service.yaml // assets/core/0000_80_openshift-router-namespace.yaml // assets/core/0000_80_openshift-router-service-account.yaml // assets/core/0000_80_openshift-router-service.yaml -// assets/core/0000_80_openshift-router-external-service.yaml package assets import ( @@ -88,6 +88,7 @@ data: "type": "flannel", "delegate": { "hairpinMode": true, + "forceAddress": true, "isDefaultGateway": true } }, @@ -446,6 +447,45 @@ func assetsCore0000_80_openshiftRouterCmYaml() (*asset, error) { return a, nil } +var _assetsCore0000_80_openshiftRouterExternalServiceYaml = []byte(`kind: Service +apiVersion: v1 +metadata: + annotations: + service.alpha.openshift.io/serving-cert-secret-name: router-certs-default + labels: + ingresscontroller.operator.openshift.io/deployment-ingresscontroller: default + name: router-external-default + namespace: openshift-ingress +spec: + selector: + ingresscontroller.operator.openshift.io/deployment-ingresscontroller: default + type: NodePort + ports: + - name: http + port: 80 + targetPort: 80 + nodePort: 30001 + - name: https + port: 443 + targetPort: 443 + nodePort: 30002 +`) + +func assetsCore0000_80_openshiftRouterExternalServiceYamlBytes() ([]byte, error) { + return _assetsCore0000_80_openshiftRouterExternalServiceYaml, nil +} + +func assetsCore0000_80_openshiftRouterExternalServiceYaml() (*asset, error) { + bytes, err := assetsCore0000_80_openshiftRouterExternalServiceYamlBytes() + if err != nil { + return nil, err + } + + info := bindataFileInfo{name: "assets/core/0000_80_openshift-router-external-service.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} + a := &asset{bytes: bytes, info: info} + return a, nil +} + var _assetsCore0000_80_openshiftRouterNamespaceYaml = []byte(`kind: Namespace apiVersion: v1 metadata: @@ -546,45 +586,6 @@ func assetsCore0000_80_openshiftRouterServiceYaml() (*asset, error) { return a, nil } -var _assetsCore0000_80_openshiftRouterExternalServiceYaml = []byte(`kind: Service -apiVersion: v1 -metadata: - annotations: - service.alpha.openshift.io/serving-cert-secret-name: router-certs-default - labels: - ingresscontroller.operator.openshift.io/deployment-ingresscontroller: default - name: router-external-default - namespace: openshift-ingress -spec: - selector: - ingresscontroller.operator.openshift.io/deployment-ingresscontroller: default - type: NodePort - ports: - - name: external-http - port: 80 - targetPort: 80 - nodePort: 30001 - - name: external-https - port: 443 - targetPort: 443 - nodePort: 30002 -`) - -func assetsCore0000_80_openshiftRouterExternalServiceYamlBytes() ([]byte, error) { - return _assetsCore0000_80_openshiftRouterExternalServiceYaml, nil -} - -func assetsCore0000_80_openshiftRouterExternalServiceYaml() (*asset, error) { - bytes, err := assetsCore0000_80_openshiftRouterExternalServiceYamlBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "assets/core/0000_80_openshift-router-service.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - // Asset loads and returns the asset for the given name. // It returns an error if the asset could not be found or // could not be loaded. @@ -650,10 +651,10 @@ var _bindata = map[string]func() (*asset, error){ "assets/core/0000_80_hostpath-provisioner-namespace.yaml": assetsCore0000_80_hostpathProvisionerNamespaceYaml, "assets/core/0000_80_hostpath-provisioner-serviceaccount.yaml": assetsCore0000_80_hostpathProvisionerServiceaccountYaml, "assets/core/0000_80_openshift-router-cm.yaml": assetsCore0000_80_openshiftRouterCmYaml, + "assets/core/0000_80_openshift-router-external-service.yaml": assetsCore0000_80_openshiftRouterExternalServiceYaml, "assets/core/0000_80_openshift-router-namespace.yaml": assetsCore0000_80_openshiftRouterNamespaceYaml, "assets/core/0000_80_openshift-router-service-account.yaml": assetsCore0000_80_openshiftRouterServiceAccountYaml, "assets/core/0000_80_openshift-router-service.yaml": assetsCore0000_80_openshiftRouterServiceYaml, - "assets/core/0000_80_openshift-router-external-service.yaml": assetsCore0000_80_openshiftRouterExternalServiceYaml, } // AssetDir returns the file names below a certain @@ -712,6 +713,7 @@ var _bintree = &bintree{nil, map[string]*bintree{ "0000_80_hostpath-provisioner-namespace.yaml": {assetsCore0000_80_hostpathProvisionerNamespaceYaml, map[string]*bintree{}}, "0000_80_hostpath-provisioner-serviceaccount.yaml": {assetsCore0000_80_hostpathProvisionerServiceaccountYaml, map[string]*bintree{}}, "0000_80_openshift-router-cm.yaml": {assetsCore0000_80_openshiftRouterCmYaml, map[string]*bintree{}}, + "0000_80_openshift-router-external-service.yaml": {assetsCore0000_80_openshiftRouterExternalServiceYaml, map[string]*bintree{}}, "0000_80_openshift-router-namespace.yaml": {assetsCore0000_80_openshiftRouterNamespaceYaml, map[string]*bintree{}}, "0000_80_openshift-router-service-account.yaml": {assetsCore0000_80_openshiftRouterServiceAccountYaml, map[string]*bintree{}}, "0000_80_openshift-router-service.yaml": {assetsCore0000_80_openshiftRouterServiceYaml, map[string]*bintree{}}, diff --git a/pkg/release/release.go b/pkg/release/release.go index 4764a6ca16..b6951dc388 100644 --- a/pkg/release/release.go +++ b/pkg/release/release.go @@ -23,6 +23,7 @@ var Image = map[string]string{ "coredns": "quay.io/microshift/coredns:" + Base, "haproxy_router": "quay.io/microshift/haproxy-router:" + Base, "kube_flannel": "quay.io/microshift/flannel:" + Base, + "kube_flannel_cni": "quay.io/microshift/flannel-cni:" + Base, "kube_rbac_proxy": "quay.io/microshift/kube-rbac-proxy:" + Base, "kubevirt_hostpath_provisioner": "quay.io/microshift/hostpath-provisioner:" + Base, "pause": "quay.io/microshift/pause:" + Base, diff --git a/pkg/release/release_amd64.go b/pkg/release/release_amd64.go index 992d3821ec..2727358a2b 100644 --- a/pkg/release/release_amd64.go +++ b/pkg/release/release_amd64.go @@ -25,6 +25,7 @@ func init() { "coredns": "quay.io/openshift/okd-content@sha256:bcdefdbcee8af1e634e68a850c52fe1e9cb31364525e30f5b20ee4eacb93c3e8", "haproxy_router": "quay.io/openshift/okd-content@sha256:01cfbbfdc11e2cbb8856f31a65c83acc7cfbd1986c1309f58c255840efcc0b64", "kube_flannel": "quay.io/coreos/flannel:v0.14.0", + "kube_flannel_cni": "quay.io/microshift/flannel-cni:" + Base, "kube_rbac_proxy": "quay.io/openshift/okd-content@sha256:459f15f0e457edaf04fa1a44be6858044d9af4de276620df46dc91a565ddb4ec", "kubevirt_hostpath_provisioner": "quay.io/kubevirt/hostpath-provisioner:v0.8.0", "pause": "k8s.gcr.io/pause",