mirrors/kube-router
1
0
Fork 0
mirror of https://github.com/cloudnativelabs/kube-router.git synced 2025-09-25 18:11:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat(cni): add binaries to host when missing

Browse Source
This commit is contained in:
Aaron U'Ren 2024-01-27 17:36:25 -06:00 committed by Aaron U'Ren
parent 98eea791d1
commit a57a2261c6
15 changed files with 172 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -6,3 +6,4 @@ _output
_cache _cache
vendor vendor
.*.sw? .*.sw?
/cni-download

9
Dockerfile
View File

@ -1,13 +1,16 @@
ARG BUILDTIME_BASE=golang:1-alpine ARG BUILDTIME_BASE=golang:1-alpine
ARG RUNTIME_BASE=alpine:latest ARG RUNTIME_BASE=alpine:latest
ARG TARGETPLATFORM
ARG CNI_VERSION
FROM ${BUILDTIME_BASE} as builder FROM ${BUILDTIME_BASE} as builder
ENV BUILD_IN_DOCKER=false ENV BUILD_IN_DOCKER=false
WORKDIR /build WORKDIR /build
COPY . /build COPY . /build
RUN apk add --no-cache make git \ RUN apk add --no-cache make git tar curl \
&& make kube-router \ && make kube-router \
&& make gobgp && make gobgp \
&& make cni-download
FROM ${RUNTIME_BASE} FROM ${RUNTIME_BASE}
@ -29,7 +32,9 @@ COPY build/image-assets/bashrc /root/.bashrc
COPY build/image-assets/profile /root/.profile COPY build/image-assets/profile /root/.profile
COPY build/image-assets/vimrc /root/.vimrc COPY build/image-assets/vimrc /root/.vimrc
COPY build/image-assets/motd-kube-router.sh /etc/motd-kube-router.sh COPY build/image-assets/motd-kube-router.sh /etc/motd-kube-router.sh
COPY build/image-assets/cni-install /usr/local/bin/cni-install
COPY --from=builder /build/kube-router /build/gobgp /usr/local/bin/ COPY --from=builder /build/kube-router /build/gobgp /usr/local/bin/
COPY --from=builder /build/cni-download /usr/libexec/cni
# Use iptables-wrappers so that correct version of iptables-legacy or iptables-nft gets used. Alpine contains both, but # Use iptables-wrappers so that correct version of iptables-legacy or iptables-nft gets used. Alpine contains both, but
# which version is used should be based on the host system as well as where rules that may have been added before # which version is used should be based on the host system as well as where rules that may have been added before

12
Makefile
View File

@ -33,6 +33,7 @@ GOBGP_VERSION=v3.19.0
QEMU_IMAGE?=multiarch/qemu-user-static QEMU_IMAGE?=multiarch/qemu-user-static
GORELEASER_VERSION=v1.21.2 GORELEASER_VERSION=v1.21.2
MOQ_VERSION=v0.3.2 MOQ_VERSION=v0.3.2
CNI_VERSION=v1.4.0
UID?=$(shell id -u) UID?=$(shell id -u)
ifeq ($(GOARCH), arm) ifeq ($(GOARCH), arm)
ARCH_TAG_PREFIX=$(GOARCH) ARCH_TAG_PREFIX=$(GOARCH)
@ -110,7 +111,7 @@ markdownlint:
run: kube-router ## Runs "kube-router --help". run: kube-router ## Runs "kube-router --help".
./kube-router --help ./kube-router --help
container: kube-router gobgp multiarch-binverify ## Builds a Docker container image. container: kube-router gobgp multiarch-binverify cni-download ## Builds a Docker container image.
@echo Starting kube-router container image build for $(GOARCH) on $(shell go env GOHOSTARCH) @echo Starting kube-router container image build for $(GOARCH) on $(shell go env GOHOSTARCH)
@if [ "$(GOARCH)" != "$(shell go env GOHOSTARCH)" ]; then \ @if [ "$(GOARCH)" != "$(shell go env GOHOSTARCH)" ]; then \
echo "Using qemu to build non-native container"; \ echo "Using qemu to build non-native container"; \
@ -182,6 +183,7 @@ release: push-release github-release ## Pushes a release to DockerHub and GitHub
clean: ## Removes the kube-router binary and Docker images clean: ## Removes the kube-router binary and Docker images
rm -f kube-router rm -f kube-router
rm -f gobgp rm -f gobgp
rm -rf cni-download
if [ $(shell $(DOCKER) images -q $(REGISTRY_DEV):$(IMG_TAG) 2> /dev/null) ]; then \ if [ $(shell $(DOCKER) images -q $(REGISTRY_DEV):$(IMG_TAG) 2> /dev/null) ]; then \
$(DOCKER) rmi $(REGISTRY_DEV):$(IMG_TAG); \ $(DOCKER) rmi $(REGISTRY_DEV):$(IMG_TAG); \
fi fi
@ -228,6 +230,14 @@ multiarch-binverify:
@echo 'Verifying kube-router gobgp for ARCH=$(FILE_ARCH) ...' @echo 'Verifying kube-router gobgp for ARCH=$(FILE_ARCH) ...'
@[ `file kube-router gobgp| cut -d, -f2 |grep -cw "$(FILE_ARCH)"` -eq 2 ] @[ `file kube-router gobgp| cut -d, -f2 |grep -cw "$(FILE_ARCH)"` -eq 2 ]
cni-download:
@echo Downloading CNI Plugins for $(GOARCH)
curl -L -o cni-plugins-$(GOARCH).tgz \
https://github.com/containernetworking/plugins/releases/download/$(CNI_VERSION)/cni-plugins-linux-$(GOARCH)-$(CNI_VERSION).tgz
mkdir -p cni-download
tar -xf cni-plugins-$(GOARCH).tgz -C cni-download
rm -f cni-plugins-$(GOARCH).tgz
# http://marmelab.com/blog/2016/02/29/auto-documented-makefile.html # http://marmelab.com/blog/2016/02/29/auto-documented-makefile.html
help: help:
@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | \ @grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | \

54
build/image-assets/cni-install Executable file
View File

@ -0,0 +1,54 @@
#!/usr/bin/env bash
set -euo pipefail -x
# CNI binaries that kube-router uses
KUBE_ROUTER_CNI_BINS=("bridge" "portmap" "host-local" "loopback")
# Local path of the CNI binaries within the kube-router container image
LOCAL_BIN_PATH="${LOCAL_BIN_PATH:-/usr/libexec/cni}"
# Path on the host where the CRI will look for the CNI binaries. This should be mounted into the initContainer so that
# the CRI can reference the binaries and this script has the intended effect.
HOST_BIN_PATH="${HOST_BIN_PATH:-/opt/cni/bin}"
setup_cni() {
local cni_bin cni_dst_path cni_loc_path
# If the host path for the binaries doesn't exist, create it
if [[ ! -d "${HOST_BIN_PATH}" ]]; then
printf "Host CNI bin path %s doesn't exist on node host, creating it\n" "${HOST_BIN_PATH}"
if mkdir -p "${HOST_BIN_PATH}" >/dev/null; then
printf "Successfully created CNI bin path\n"
else
printf "Failed to create missing CNI bin path, exiting\n"
return 1
fi
fi
# Loop over CNI binaries
for cni_bin in "${KUBE_ROUTER_CNI_BINS[@]}"; do
cni_dst_path="${HOST_BIN_PATH}/${cni_bin}"
cni_loc_path="${LOCAL_BIN_PATH}/${cni_bin}"
# Check to see if the binary already exists on the host node
if [[ -x "${cni_dst_path}" ]]; then
# If it did, then output a message and skip this loop
printf "CNI binary %s already exists and is executable, skipping\n" "${cni_dst_path}"
continue
fi
# If it didn't then try to install it
printf "CNI binary %s was missing or wasn't executable, installing it\n" "${cni_dst_path}"
if install -m 755 "${cni_loc_path}" "${cni_dst_path}" >/dev/null; then
printf "CNI install successfull\n"
else
printf "Failed to install CNI binary, exiting\n"
return 2
fi
done
printf "CNI setup completed successfully!"
return 0
}
setup_cni "${@}"
exit $?

10
daemonset/generic-kuberouter-all-features-advertise-routes.yaml
View File

@ -134,7 +134,10 @@ spec:
TMP=/var/lib/kube-router/.tmp-kubeconfig; TMP=/var/lib/kube-router/.tmp-kubeconfig;
cp /etc/kube-router/kubeconfig ${TMP}; cp /etc/kube-router/kubeconfig ${TMP};
mv ${TMP} /var/lib/kube-router/kubeconfig; mv ${TMP} /var/lib/kube-router/kubeconfig;
fi fi;
if [ -x /usr/local/bin/cni-install ]; then
/usr/local/bin/cni-install;
fi;
volumeMounts: volumeMounts:
- mountPath: /etc/cni/net.d - mountPath: /etc/cni/net.d
name: cni-conf-dir name: cni-conf-dir
@ -142,6 +145,8 @@ spec:
name: kube-router-cfg name: kube-router-cfg
- name: kubeconfig - name: kubeconfig
mountPath: /var/lib/kube-router mountPath: /var/lib/kube-router
- name: host-opt
mountPath: /opt
hostNetwork: true hostNetwork: true
hostPID: true hostPID: true
tolerations: tolerations:
@ -168,6 +173,9 @@ spec:
hostPath: hostPath:
path: /run/xtables.lock path: /run/xtables.lock
type: FileOrCreate type: FileOrCreate
- name: host-opt
hostPath:
path: /opt
--- ---
apiVersion: v1 apiVersion: v1

10
daemonset/generic-kuberouter-all-features.yaml
View File

@ -130,7 +130,10 @@ spec:
TMP=/var/lib/kube-router/.tmp-kubeconfig; TMP=/var/lib/kube-router/.tmp-kubeconfig;
cp /etc/kube-router/kubeconfig ${TMP}; cp /etc/kube-router/kubeconfig ${TMP};
mv ${TMP} /var/lib/kube-router/kubeconfig; mv ${TMP} /var/lib/kube-router/kubeconfig;
fi fi;
if [ -x /usr/local/bin/cni-install ]; then
/usr/local/bin/cni-install;
fi;
volumeMounts: volumeMounts:
- mountPath: /etc/cni/net.d - mountPath: /etc/cni/net.d
name: cni-conf-dir name: cni-conf-dir
@ -138,6 +141,8 @@ spec:
name: kube-router-cfg name: kube-router-cfg
- name: kubeconfig - name: kubeconfig
mountPath: /var/lib/kube-router mountPath: /var/lib/kube-router
- name: host-opt
mountPath: /opt
hostNetwork: true hostNetwork: true
hostPID: true hostPID: true
tolerations: tolerations:
@ -164,6 +169,9 @@ spec:
hostPath: hostPath:
path: /run/xtables.lock path: /run/xtables.lock
type: FileOrCreate type: FileOrCreate
- name: host-opt
hostPath:
path: /opt
--- ---
apiVersion: v1 apiVersion: v1

10
daemonset/generic-kuberouter.yaml
View File

@ -102,12 +102,17 @@ spec:
TMP=/etc/cni/net.d/.tmp-kuberouter-cfg; TMP=/etc/cni/net.d/.tmp-kuberouter-cfg;
cp /etc/kube-router/cni-conf.json ${TMP}; cp /etc/kube-router/cni-conf.json ${TMP};
mv ${TMP} /etc/cni/net.d/10-kuberouter.conflist; mv ${TMP} /etc/cni/net.d/10-kuberouter.conflist;
fi fi;
if [ -x /usr/local/bin/cni-install ]; then
/usr/local/bin/cni-install;
fi;
volumeMounts: volumeMounts:
- mountPath: /etc/cni/net.d - mountPath: /etc/cni/net.d
name: cni-conf-dir name: cni-conf-dir
- mountPath: /etc/kube-router - mountPath: /etc/kube-router
name: kube-router-cfg name: kube-router-cfg
- name: host-opt
mountPath: /opt
hostNetwork: true hostNetwork: true
hostPID: true hostPID: true
tolerations: tolerations:
@ -131,6 +136,9 @@ spec:
hostPath: hostPath:
path: /run/xtables.lock path: /run/xtables.lock
type: FileOrCreate type: FileOrCreate
- name: host-opt
hostPath:
path: /opt
--- ---
apiVersion: v1 apiVersion: v1

10
daemonset/kube-router-all-service-daemonset-advertise-routes.yaml
View File

@ -97,12 +97,17 @@ spec:
TMP=/etc/cni/net.d/.tmp-kuberouter-cfg; TMP=/etc/cni/net.d/.tmp-kuberouter-cfg;
cp /etc/kube-router/cni-conf.json ${TMP}; cp /etc/kube-router/cni-conf.json ${TMP};
mv ${TMP} /etc/cni/net.d/10-kuberouter.conflist; mv ${TMP} /etc/cni/net.d/10-kuberouter.conflist;
fi fi;
if [ -x /usr/local/bin/cni-install ]; then
/usr/local/bin/cni-install;
fi;
volumeMounts: volumeMounts:
- name: cni-conf-dir - name: cni-conf-dir
mountPath: /etc/cni/net.d mountPath: /etc/cni/net.d
- name: kube-router-cfg - name: kube-router-cfg
mountPath: /etc/kube-router mountPath: /etc/kube-router
- name: host-opt
mountPath: /opt
hostNetwork: true hostNetwork: true
hostPID: true hostPID: true
tolerations: tolerations:
@ -129,3 +134,6 @@ spec:
hostPath: hostPath:
path: /run/xtables.lock path: /run/xtables.lock
type: FileOrCreate type: FileOrCreate
- name: host-opt
hostPath:
path: /opt

10
daemonset/kube-router-all-service-daemonset.yaml
View File

@ -93,12 +93,17 @@ spec:
TMP=/etc/cni/net.d/.tmp-kuberouter-cfg; TMP=/etc/cni/net.d/.tmp-kuberouter-cfg;
cp /etc/kube-router/cni-conf.json ${TMP}; cp /etc/kube-router/cni-conf.json ${TMP};
mv ${TMP} /etc/cni/net.d/10-kuberouter.conflist; mv ${TMP} /etc/cni/net.d/10-kuberouter.conflist;
fi fi;
if [ -x /usr/local/bin/cni-install ]; then
/usr/local/bin/cni-install;
fi;
volumeMounts: volumeMounts:
- name: cni-conf-dir - name: cni-conf-dir
mountPath: /etc/cni/net.d mountPath: /etc/cni/net.d
- name: kube-router-cfg - name: kube-router-cfg
mountPath: /etc/kube-router mountPath: /etc/kube-router
- name: host-opt
mountPath: /opt
hostNetwork: true hostNetwork: true
hostPID: true hostPID: true
tolerations: tolerations:
@ -125,3 +130,6 @@ spec:
hostPath: hostPath:
path: /run/xtables.lock path: /run/xtables.lock
type: FileOrCreate type: FileOrCreate
- name: host-opt
hostPath:
path: /opt

10
daemonset/kube-router-firewall-daemonset.yaml
View File

@ -92,12 +92,17 @@ spec:
TMP=/etc/cni/net.d/.tmp-kuberouter-cfg; TMP=/etc/cni/net.d/.tmp-kuberouter-cfg;
cp /etc/kube-router/cni-conf.json ${TMP}; cp /etc/kube-router/cni-conf.json ${TMP};
mv ${TMP} /etc/cni/net.d/10-kuberouter.conflist; mv ${TMP} /etc/cni/net.d/10-kuberouter.conflist;
fi fi;
if [ -x /usr/local/bin/cni-install ]; then
/usr/local/bin/cni-install;
fi;
volumeMounts: volumeMounts:
- name: cni-conf-dir - name: cni-conf-dir
mountPath: /etc/cni/net.d mountPath: /etc/cni/net.d
- name: kube-router-cfg - name: kube-router-cfg
mountPath: /etc/kube-router mountPath: /etc/kube-router
- name: host-opt
mountPath: /opt
hostNetwork: true hostNetwork: true
hostPID: true hostPID: true
tolerations: tolerations:
@ -124,3 +129,6 @@ spec:
hostPath: hostPath:
path: /run/xtables.lock path: /run/xtables.lock
type: FileOrCreate type: FileOrCreate
- name: host-opt
hostPath:
path: /opt

10
daemonset/kube-router-proxy-daemonset.yaml
View File

@ -92,12 +92,17 @@ spec:
TMP=/etc/cni/net.d/.tmp-kuberouter-cfg; TMP=/etc/cni/net.d/.tmp-kuberouter-cfg;
cp /etc/kube-router/cni-conf.json ${TMP}; cp /etc/kube-router/cni-conf.json ${TMP};
mv ${TMP} /etc/cni/net.d/10-kuberouter.conflist; mv ${TMP} /etc/cni/net.d/10-kuberouter.conflist;
fi fi;
if [ -x /usr/local/bin/cni-install ]; then
/usr/local/bin/cni-install;
fi;
volumeMounts: volumeMounts:
- name: cni-conf-dir - name: cni-conf-dir
mountPath: /etc/cni/net.d mountPath: /etc/cni/net.d
- name: kube-router-cfg - name: kube-router-cfg
mountPath: /etc/kube-router mountPath: /etc/kube-router
- name: host-opt
mountPath: /opt
hostNetwork: true hostNetwork: true
hostPID: true hostPID: true
tolerations: tolerations:
@ -124,3 +129,6 @@ spec:
hostPath: hostPath:
path: /run/xtables.lock path: /run/xtables.lock
type: FileOrCreate type: FileOrCreate
- name: host-opt
hostPath:
path: /opt

10
daemonset/kubeadm-kuberouter-all-features-dsr.yaml
View File

@ -109,12 +109,17 @@ spec:
TMP=/etc/cni/net.d/.tmp-kuberouter-cfg; TMP=/etc/cni/net.d/.tmp-kuberouter-cfg;
cp /etc/kube-router/cni-conf.json ${TMP}; cp /etc/kube-router/cni-conf.json ${TMP};
mv ${TMP} /etc/cni/net.d/10-kuberouter.conflist; mv ${TMP} /etc/cni/net.d/10-kuberouter.conflist;
fi fi;
if [ -x /usr/local/bin/cni-install ]; then
/usr/local/bin/cni-install;
fi;
volumeMounts: volumeMounts:
- name: cni-conf-dir - name: cni-conf-dir
mountPath: /etc/cni/net.d mountPath: /etc/cni/net.d
- name: kube-router-cfg - name: kube-router-cfg
mountPath: /etc/kube-router mountPath: /etc/kube-router
- name: host-opt
mountPath: /opt
hostNetwork: true hostNetwork: true
hostIPC: true hostIPC: true
hostPID: true hostPID: true
@ -148,6 +153,9 @@ spec:
hostPath: hostPath:
path: /run/xtables.lock path: /run/xtables.lock
type: FileOrCreate type: FileOrCreate
- name: host-opt
hostPath:
path: /opt
--- ---
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount

10
daemonset/kubeadm-kuberouter-all-features-hostport.yaml
View File

@ -113,12 +113,17 @@ spec:
TMP=/etc/cni/net.d/.tmp-kuberouter-cfg; TMP=/etc/cni/net.d/.tmp-kuberouter-cfg;
cp /etc/kube-router/cni-conf.json ${TMP}; cp /etc/kube-router/cni-conf.json ${TMP};
mv ${TMP} /etc/cni/net.d/10-kuberouter.conflist; mv ${TMP} /etc/cni/net.d/10-kuberouter.conflist;
fi fi;
if [ -x /usr/local/bin/cni-install ]; then
/usr/local/bin/cni-install;
fi;
volumeMounts: volumeMounts:
- name: cni-conf-dir - name: cni-conf-dir
mountPath: /etc/cni/net.d mountPath: /etc/cni/net.d
- name: kube-router-cfg - name: kube-router-cfg
mountPath: /etc/kube-router mountPath: /etc/kube-router
- name: host-opt
mountPath: /opt
hostNetwork: true hostNetwork: true
hostPID: true hostPID: true
tolerations: tolerations:
@ -148,6 +153,9 @@ spec:
hostPath: hostPath:
path: /run/xtables.lock path: /run/xtables.lock
type: FileOrCreate type: FileOrCreate
- name: host-opt
hostPath:
path: /opt
--- ---
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount

10
daemonset/kubeadm-kuberouter-all-features.yaml
View File

@ -106,12 +106,17 @@ spec:
TMP=/etc/cni/net.d/.tmp-kuberouter-cfg; TMP=/etc/cni/net.d/.tmp-kuberouter-cfg;
cp /etc/kube-router/cni-conf.json ${TMP}; cp /etc/kube-router/cni-conf.json ${TMP};
mv ${TMP} /etc/cni/net.d/10-kuberouter.conflist; mv ${TMP} /etc/cni/net.d/10-kuberouter.conflist;
fi fi;
if [ -x /usr/local/bin/cni-install ]; then
/usr/local/bin/cni-install;
fi;
volumeMounts: volumeMounts:
- name: cni-conf-dir - name: cni-conf-dir
mountPath: /etc/cni/net.d mountPath: /etc/cni/net.d
- name: kube-router-cfg - name: kube-router-cfg
mountPath: /etc/kube-router mountPath: /etc/kube-router
- name: host-opt
mountPath: /opt
hostNetwork: true hostNetwork: true
hostPID: true hostPID: true
tolerations: tolerations:
@ -141,6 +146,9 @@ spec:
hostPath: hostPath:
path: /run/xtables.lock path: /run/xtables.lock
type: FileOrCreate type: FileOrCreate
- name: host-opt
hostPath:
path: /opt
--- ---
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount

10
daemonset/kubeadm-kuberouter.yaml
View File

@ -105,12 +105,17 @@ spec:
TMP=/etc/cni/net.d/.tmp-kuberouter-cfg; TMP=/etc/cni/net.d/.tmp-kuberouter-cfg;
cp /etc/kube-router/cni-conf.json ${TMP}; cp /etc/kube-router/cni-conf.json ${TMP};
mv ${TMP} /etc/cni/net.d/10-kuberouter.conflist; mv ${TMP} /etc/cni/net.d/10-kuberouter.conflist;
fi fi;
if [ -x /usr/local/bin/cni-install ]; then
/usr/local/bin/cni-install;
fi;
volumeMounts: volumeMounts:
- mountPath: /etc/cni/net.d - mountPath: /etc/cni/net.d
name: cni-conf-dir name: cni-conf-dir
- mountPath: /etc/kube-router - mountPath: /etc/kube-router
name: kube-router-cfg name: kube-router-cfg
- name: host-opt
mountPath: /opt
hostNetwork: true hostNetwork: true
hostPID: true hostPID: true
tolerations: tolerations:
@ -137,6 +142,9 @@ spec:
hostPath: hostPath:
path: /run/xtables.lock path: /run/xtables.lock
type: FileOrCreate type: FileOrCreate
- name: host-opt
hostPath:
path: /opt
--- ---
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount