openstack/kuryr-kubernetes
Code Issues Proposed changes
be428a5b4b
kuryr-kubernetes/kuryr_kubernetes/config.py

396 lines
18 KiB
Python
Raw Normal View History

Introduce `kuryr-k8s` service This commit introduces the `kuryr-k8s` service by adding the service binary and focusing on loading configuration options. The configuration options are inherited from kuryr-lib project (http://github.com/openstack/kuryr) and loaded at runtime, together with the project ones. These configuration options can be also generated using the `oslo-config-generator` utility by using: tox -e genconfig The service runs as any other OpenStack-based service: kuryr-k8s [--debug] [--config-file foo] ... Partial-Implements: blueprint kuryr-k8s-integration Change-Id: I7e52aef8fb2767dcc46317f2212f4285a17b11da Signed-off-by: Jaume Devesa <devvesa@gmail.com> Co-Authored-By: Taku Fukushima <f.tac.mac@gmail.com>
2016-08-24 13:27:04 +02:00
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import os
import sys
Remove log translations Log messages are no longer being translated. This removes all use of the _LE, _LI, and _LW translation markers to simplify logging and to avoid confusion with new contributions. See: http://lists.openstack.org/pipermail/openstack-i18n/2016-November/002574.html http://lists.openstack.org/pipermail/openstack-dev/2017-March/113365.html Change-Id: If4735fc3ac1803585efd90657539e540d157a59a
2017-03-28 09:47:09 +08:00
from kuryr.lib._i18n import _
Introduce `kuryr-k8s` service This commit introduces the `kuryr-k8s` service by adding the service binary and focusing on loading configuration options. The configuration options are inherited from kuryr-lib project (http://github.com/openstack/kuryr) and loaded at runtime, together with the project ones. These configuration options can be also generated using the `oslo-config-generator` utility by using: tox -e genconfig The service runs as any other OpenStack-based service: kuryr-k8s [--debug] [--config-file foo] ... Partial-Implements: blueprint kuryr-k8s-integration Change-Id: I7e52aef8fb2767dcc46317f2212f4285a17b11da Signed-off-by: Jaume Devesa <devvesa@gmail.com> Co-Authored-By: Taku Fukushima <f.tac.mac@gmail.com>
2016-08-24 13:27:04 +02:00
from kuryr.lib import config as lib_config
from oslo_config import cfg
from oslo_log import log as logging
Implement Guru meditation reports Guru Meditation report can log runtime configuration of a given process, along with thread status and greenthread status. It greatly helps to check the process runtime status. The usage is simple: kill -SIGUSR2 {process-id} With this we can show report of kuryr-kubernetes Change-Id: I4cb2314bd25d3200781582b1e188139751666fd3 Implements: blueprint oslo-gmr
2017-03-21 08:11:41 +00:00
Support sriovdp arbitrary resource names This patch adds ability to work with new sriov device plugin's feature. This feature implies arbitrary names for resource. So kuryr-kubernetes should also know about such resources. Resources are listed in /etc/pcidp/config.json If physnet_resource_mappings is not specified it's assumed resource name is physnet. Implements: blueprint move-to-new-sriovdp Change-Id: I07c5338b6d5b431435c467b0c52b50fe3385a86a Signed-off-by: Alexey Perevalov <a.perevalov@samsung.com>
2019-01-30 12:52:57 +03:00
from kuryr_kubernetes import constants
Implement Guru meditation reports Guru Meditation report can log runtime configuration of a given process, along with thread status and greenthread status. It greatly helps to check the process runtime status. The usage is simple: kill -SIGUSR2 {process-id} With this we can show report of kuryr-kubernetes Change-Id: I4cb2314bd25d3200781582b1e188139751666fd3 Implements: blueprint oslo-gmr
2017-03-21 08:11:41 +00:00
from kuryr_kubernetes import version
Introduce `kuryr-k8s` service This commit introduces the `kuryr-k8s` service by adding the service binary and focusing on loading configuration options. The configuration options are inherited from kuryr-lib project (http://github.com/openstack/kuryr) and loaded at runtime, together with the project ones. These configuration options can be also generated using the `oslo-config-generator` utility by using: tox -e genconfig The service runs as any other OpenStack-based service: kuryr-k8s [--debug] [--config-file foo] ... Partial-Implements: blueprint kuryr-k8s-integration Change-Id: I7e52aef8fb2767dcc46317f2212f4285a17b11da Signed-off-by: Jaume Devesa <devvesa@gmail.com> Co-Authored-By: Taku Fukushima <f.tac.mac@gmail.com>
2016-08-24 13:27:04 +02:00
LOG = logging.getLogger(__name__)
kuryr_k8s_opts = [
cfg.StrOpt('pybasedir',
Enforce E128 pep8 check This commit removes the last pep8 check that was excluded (E128 continuation line under-indented for visual indent), and cleans up code to match pep8. Change-Id: Ia1a6d672df521c35bbd1579971d27d546f4f5481
2017-06-08 15:53:52 +03:00
help=_('Directory where Kuryr-kubernetes python module is '
'installed.'),
default=os.path.abspath(
os.path.join(os.path.dirname(__file__),
'../../'))),
Introduce `kuryr-k8s` service This commit introduces the `kuryr-k8s` service by adding the service binary and focusing on loading configuration options. The configuration options are inherited from kuryr-lib project (http://github.com/openstack/kuryr) and loaded at runtime, together with the project ones. These configuration options can be also generated using the `oslo-config-generator` utility by using: tox -e genconfig The service runs as any other OpenStack-based service: kuryr-k8s [--debug] [--config-file foo] ... Partial-Implements: blueprint kuryr-k8s-integration Change-Id: I7e52aef8fb2767dcc46317f2212f4285a17b11da Signed-off-by: Jaume Devesa <devvesa@gmail.com> Co-Authored-By: Taku Fukushima <f.tac.mac@gmail.com>
2016-08-24 13:27:04 +02:00
]
CNI split - introducing CNI daemon This commit implements basic CNI daemon service. The aim of this new entity is to increase scalability of CNI operations by moving watching for VIF to a separate process. This commit: * Introduces kuryr-daemon service * Implements communication between CNI driver and CNI daemon using HTTP * Consolidates watching for VIF on CNI side to a single Watcher that looks for all the pods on the node it is running on. * Solves bug 1731485 when running with CNI daemon. * Enables new service in DevStack plugin * Provides unit tests for new code. Follow up patches will include: - Documentation. - Support for running in containerized mode. To test the patch add `enable_service kuryr-daemon` to your DevStack's local.conf file. Partial-Bug: 1731485 Co-Authored-By: Janonymous <janonymous.codevulture@gmail.com> Implements: blueprint cni-split-exec-daemon Change-Id: I1bd6406dacab0735a94474e146645c63d933be16
2017-10-25 21:29:22 +02:00
daemon_opts = [
cfg.StrOpt('bind_address',
help=_('Bind address for CNI daemon HTTP server. It is '
'recommened to allow only local connections.'),
Use non local port for CNI Daemon This port 50036 can be already used in the system, due to it's in range for egress ports. Closes-Bug: 1829188 Change-Id: Ieee291893ca342867eb408d65402a8576327ac6d Signed-off-by: Alexey Perevalov <a.perevalov@samsung.com>
2019-05-20 18:11:42 +03:00
default='127.0.0.1:5036'),
CNI split - introducing CNI daemon This commit implements basic CNI daemon service. The aim of this new entity is to increase scalability of CNI operations by moving watching for VIF to a separate process. This commit: * Introduces kuryr-daemon service * Implements communication between CNI driver and CNI daemon using HTTP * Consolidates watching for VIF on CNI side to a single Watcher that looks for all the pods on the node it is running on. * Solves bug 1731485 when running with CNI daemon. * Enables new service in DevStack plugin * Provides unit tests for new code. Follow up patches will include: - Documentation. - Support for running in containerized mode. To test the patch add `enable_service kuryr-daemon` to your DevStack's local.conf file. Partial-Bug: 1731485 Co-Authored-By: Janonymous <janonymous.codevulture@gmail.com> Implements: blueprint cni-split-exec-daemon Change-Id: I1bd6406dacab0735a94474e146645c63d933be16
2017-10-25 21:29:22 +02:00
cfg.IntOpt('worker_num',
help=_('Maximum number of processes that will be spawned to '
'process requests from CNI driver.'),
default=30),
cfg.IntOpt('vif_annotation_timeout',
help=_('Time (in seconds) the CNI daemon will wait for VIF '
'annotation to appear in pod metadata before failing '
'the CNI request.'),
default=60),
cfg.IntOpt('pyroute2_timeout',
help=_('Kuryr uses pyroute2 library to manipulate networking '
'interfaces. When processing a high number of Kuryr '
'requests in parallel, it may take kernel more time to '
'process all networking stack changes. This option '
'allows to tune internal pyroute2 timeout.'),
default=10),
Support kuryr-daemon when running containerized This commit implements kuryr-daemon support when KURYR_K8S_CONTAINERIZED_DEPLOYMENT=True. It's done by: * CNI docker image installs Kuryr-Kubernetes pip package and adds exectution of kuryr-daemon into entrypoint script. * Hosts /proc and /var/run/openvswitch are mounted into the CNI container. * Code is changed to use /host_proc instead of /proc when in a container (it's impossible to mount host's /proc into container's /proc). Implements: blueprint cni-split-exec-daemon Change-Id: I9155a2cba28f578cee129a4c40066209f7ab543d
2017-11-03 13:25:15 +01:00
cfg.BoolOpt('docker_mode',
help=_('Set to True when you are running kuryr-daemon inside '
'a Docker container on Kubernetes host. E.g. as '
'DaemonSet on Kubernetes cluster Kuryr is supposed to '
Add missing ws separator between words This is to add missing ws separator between words. Change-Id: I1df1d4aa8f84fb20a509f8e7130f218cafef32a7
2018-11-21 16:04:19 +08:00
'provide networking for. This mainly means that '
Support kuryr-daemon when running containerized This commit implements kuryr-daemon support when KURYR_K8S_CONTAINERIZED_DEPLOYMENT=True. It's done by: * CNI docker image installs Kuryr-Kubernetes pip package and adds exectution of kuryr-daemon into entrypoint script. * Hosts /proc and /var/run/openvswitch are mounted into the CNI container. * Code is changed to use /host_proc instead of /proc when in a container (it's impossible to mount host's /proc into container's /proc). Implements: blueprint cni-split-exec-daemon Change-Id: I9155a2cba28f578cee129a4c40066209f7ab543d
2017-11-03 13:25:15 +01:00
'kuryr-daemon will look for network namespaces in '
'$netns_proc_dir instead of /proc.'),
default=False),
cfg.StrOpt('netns_proc_dir',
help=_("When docker_mode is set to True, this config option "
"should be set to where host's /proc directory is "
"mounted. Please note that mounting it is necessary to "
"allow Kuryr-Kubernetes to move host interfaces between "
"host network namespaces, which is essential for Kuryr "
"to work."),
default=None),
Add readiness and liveness checks to CNI. This patch adds readiness and liveness to CNI. It checks presence of NET_ADMIN capabilities, IPDB in working order, connection to Kubernetes API, quantity of CNI add failures, health of CNI components and existence of memory leaks. Implements: blueprint cni-daemon-readiness-liveness Change-Id: I9a4b871d196dbadfed687df93bb3cad97c957bfb
2018-01-25 02:05:44 +00:00
cfg.IntOpt('cni_failures_count',
help=_('Maximum number of consecutive failures of kuryr-daemon '
'when processing requests. If this number is exceeded, '
'kuryr-daemon will be marked as unhealthy.'),
default=3),
CNI split - introducing CNI daemon This commit implements basic CNI daemon service. The aim of this new entity is to increase scalability of CNI operations by moving watching for VIF to a separate process. This commit: * Introduces kuryr-daemon service * Implements communication between CNI driver and CNI daemon using HTTP * Consolidates watching for VIF on CNI side to a single Watcher that looks for all the pods on the node it is running on. * Solves bug 1731485 when running with CNI daemon. * Enables new service in DevStack plugin * Provides unit tests for new code. Follow up patches will include: - Documentation. - Support for running in containerized mode. To test the patch add `enable_service kuryr-daemon` to your DevStack's local.conf file. Partial-Bug: 1731485 Co-Authored-By: Janonymous <janonymous.codevulture@gmail.com> Implements: blueprint cni-split-exec-daemon Change-Id: I1bd6406dacab0735a94474e146645c63d933be16
2017-10-25 21:29:22 +02:00
]
Introduce `kuryr-k8s` service This commit introduces the `kuryr-k8s` service by adding the service binary and focusing on loading configuration options. The configuration options are inherited from kuryr-lib project (http://github.com/openstack/kuryr) and loaded at runtime, together with the project ones. These configuration options can be also generated using the `oslo-config-generator` utility by using: tox -e genconfig The service runs as any other OpenStack-based service: kuryr-k8s [--debug] [--config-file foo] ... Partial-Implements: blueprint kuryr-k8s-integration Change-Id: I7e52aef8fb2767dcc46317f2212f4285a17b11da Signed-off-by: Jaume Devesa <devvesa@gmail.com> Co-Authored-By: Taku Fukushima <f.tac.mac@gmail.com>
2016-08-24 13:27:04 +02:00
k8s_opts = [
cfg.StrOpt('api_root',
Enforce E128 pep8 check This commit removes the last pep8 check that was excluded (E128 continuation line under-indented for visual indent), and cleans up code to match pep8. Change-Id: Ia1a6d672df521c35bbd1579971d27d546f4f5481
2017-06-08 15:53:52 +03:00
help=_("The root URL of the Kubernetes API"),
Use kubeadm for installing Kubernetes on devstack. Till now, for installing kuryr-kubernetes and one of the crucial service - kubernetes, there has been used manual method for installing it in specified version. Over time it became a burden to follow requirements and constraints, therefore decision has been made to use recommended way of installing Kubernetes - kubeadm. In this patch devstack installation of the kuryr-kubernetes and its dependences has been heavily reworked. Other than that, OpenShift related functions has been removed, since they were all outdated and non-working for the long time. Change-Id: Ife21874c0a71ba07723094c0f880aabcf5825b77
2021-02-24 12:18:13 +01:00
default=os.environ.get('K8S_API', 'https://localhost:6443')),
Add support for HTTPS client Add support to use cert and key files for watching a HTTPS enabled K8S api server. Change-Id: I0978531caa2c35031041450f86db9e90ce5efbb0 Closes-bug: #1670346
2017-03-03 13:54:38 +05:30
cfg.StrOpt('ssl_client_crt_file',
Enforce E128 pep8 check This commit removes the last pep8 check that was excluded (E128 continuation line under-indented for visual indent), and cleans up code to match pep8. Change-Id: Ia1a6d672df521c35bbd1579971d27d546f4f5481
2017-06-08 15:53:52 +03:00
help=_("Absolute path to client cert to "
"connect to HTTPS K8S_API")),
Add support for HTTPS client Add support to use cert and key files for watching a HTTPS enabled K8S api server. Change-Id: I0978531caa2c35031041450f86db9e90ce5efbb0 Closes-bug: #1670346
2017-03-03 13:54:38 +05:30
cfg.StrOpt('ssl_client_key_file',
Enforce E128 pep8 check This commit removes the last pep8 check that was excluded (E128 continuation line under-indented for visual indent), and cleans up code to match pep8. Change-Id: Ia1a6d672df521c35bbd1579971d27d546f4f5481
2017-06-08 15:53:52 +03:00
help=_("Absolute path client key file to "
"connect to HTTPS K8S_API")),
Add support for HTTPS client Add support to use cert and key files for watching a HTTPS enabled K8S api server. Change-Id: I0978531caa2c35031041450f86db9e90ce5efbb0 Closes-bug: #1670346
2017-03-03 13:54:38 +05:30
cfg.StrOpt('ssl_ca_crt_file',
Enforce E128 pep8 check This commit removes the last pep8 check that was excluded (E128 continuation line under-indented for visual indent), and cleans up code to match pep8. Change-Id: Ia1a6d672df521c35bbd1579971d27d546f4f5481
2017-06-08 15:53:52 +03:00
help=_("Absolute path to ca cert file to "
Set defaults for certs and token on the k8s client Change-Id: Id74eb4d8a7b1ea7ec97085de85f29244bbda25ea
2019-12-10 18:15:19 +01:00
"connect to HTTPS K8S_API"),
default='/var/run/secrets/kubernetes.io/serviceaccount/ca.crt'),
Add support for HTTPS client Add support to use cert and key files for watching a HTTPS enabled K8S api server. Change-Id: I0978531caa2c35031041450f86db9e90ce5efbb0 Closes-bug: #1670346
2017-03-03 13:54:38 +05:30
cfg.BoolOpt('ssl_verify_server_crt',
Enforce E128 pep8 check This commit removes the last pep8 check that was excluded (E128 continuation line under-indented for visual indent), and cleans up code to match pep8. Change-Id: Ia1a6d672df521c35bbd1579971d27d546f4f5481
2017-06-08 15:53:52 +03:00
help=_("HTTPS K8S_API server identity verification"),
default=False),
k8s bearer token support Co-Authored-By: Vikas Choudhary <vichoudh@redhat.com> Change-Id: I9c8becf15c9fd5141a5f4468a04665fd09f8eaa6 Implements: blueprint token-auth-support
2017-05-10 11:55:57 -04:00
cfg.StrOpt('token_file',
Enforce E128 pep8 check This commit removes the last pep8 check that was excluded (E128 continuation line under-indented for visual indent), and cleans up code to match pep8. Change-Id: Ia1a6d672df521c35bbd1579971d27d546f4f5481
2017-06-08 15:53:52 +03:00
help=_("The token to talk to the k8s API"),
Set defaults for certs and token on the k8s client Change-Id: Id74eb4d8a7b1ea7ec97085de85f29244bbda25ea
2019-12-10 18:15:19 +01:00
default='/var/run/secrets/kubernetes.io/serviceaccount/token'),
Controller driver base and pod project driver This patch adds stevedore-based driver support to the controller and implements a driver to determine OpenStack project ID used to create pod ports. Change-Id: I0002ce1c1f7985955b7f66902dcf5386db212a1a Partially-Implements: blueprint kuryr-k8s-integration
2016-11-15 20:21:27 +03:00
cfg.StrOpt('pod_project_driver',
Support specify project id by annotation The implementation have some difference with the description of blueprint. For more strict isolation, we only get project id from namespace annotaion or configure option. The other resources's project id inherit it's project or get from configiure option. Implements: blueprint specify-project-by-annotation Change-Id: Ia82cce6b211226599b4e1ca0d10416ed5e519ea2
2022-04-29 13:44:47 +08:00
help=_("The driver to determine OpenStack project for pod "
"ports (default or annotation)"),
Enforce E128 pep8 check This commit removes the last pep8 check that was excluded (E128 continuation line under-indented for visual indent), and cleans up code to match pep8. Change-Id: Ia1a6d672df521c35bbd1579971d27d546f4f5481
2017-06-08 15:53:52 +03:00
default='default'),
K8s Services support: LBaaSSpecHandler This patch introduces LBaaSSpecHandler that handles K8s Service events and updates related Endpoints with LBaaSServiceSpec when necessary. Change-Id: I09a0235842edd06827437f37aeac7ca5daeb1774 Partially-Implements: blueprint kuryr-k8s-integration
2017-01-31 23:19:32 +03:00
cfg.StrOpt('service_project_driver',
Support specify project id by annotation The implementation have some difference with the description of blueprint. For more strict isolation, we only get project id from namespace annotaion or configure option. The other resources's project id inherit it's project or get from configiure option. Implements: blueprint specify-project-by-annotation Change-Id: Ia82cce6b211226599b4e1ca0d10416ed5e519ea2
2022-04-29 13:44:47 +08:00
help=_("The driver to determine OpenStack project for "
"services (default or annotation)"),
Enforce E128 pep8 check This commit removes the last pep8 check that was excluded (E128 continuation line under-indented for visual indent), and cleans up code to match pep8. Change-Id: Ia1a6d672df521c35bbd1579971d27d546f4f5481
2017-06-08 15:53:52 +03:00
default='default'),
Add default namespace project driver This patch adds a new default driver to get the project ID associated to a namespace. Same as the pod and service project drivers Partially Implements: blueprint network-namespace Change-Id: Ib4306ba2c3d07ddfa311e2970b67d8b617c951e7
2018-07-10 17:19:53 +02:00
cfg.StrOpt('namespace_project_driver',
Support specify project id by annotation The implementation have some difference with the description of blueprint. For more strict isolation, we only get project id from namespace annotaion or configure option. The other resources's project id inherit it's project or get from configiure option. Implements: blueprint specify-project-by-annotation Change-Id: Ia82cce6b211226599b4e1ca0d10416ed5e519ea2
2022-04-29 13:44:47 +08:00
help=_("The driver to determine OpenStack project for "
"namespaces (default or annotation)"),
Add default namespace project driver This patch adds a new default driver to get the project ID associated to a namespace. Same as the pod and service project drivers Partially Implements: blueprint network-namespace Change-Id: Ib4306ba2c3d07ddfa311e2970b67d8b617c951e7
2018-07-10 17:19:53 +02:00
default='default'),
Add Network Policies Driver This patch adds the driver skel for Network Policy Support and hooks the previously merged handler to use it. Follow up patches will provide translation between NP and Neutron security groups and driver implementation. Partially Implements: blueprint k8s-network-policies Co-Authored-By: Eyal Leshem <eyal.leshem@toganetworks.com> Change-Id: Ie8cca7b717677347f6a100e8d3b3912bdc20a148
2018-07-09 04:39:05 -04:00
cfg.StrOpt('network_policy_project_driver',
Support specify project id by annotation The implementation have some difference with the description of blueprint. For more strict isolation, we only get project id from namespace annotaion or configure option. The other resources's project id inherit it's project or get from configiure option. Implements: blueprint specify-project-by-annotation Change-Id: Ia82cce6b211226599b4e1ca0d10416ed5e519ea2
2022-04-29 13:44:47 +08:00
help=_("The driver to determine OpenStack project for network "
"policies (default or annotation)"),
Add Network Policies Driver This patch adds the driver skel for Network Policy Support and hooks the previously merged handler to use it. Follow up patches will provide translation between NP and Neutron security groups and driver implementation. Partially Implements: blueprint k8s-network-policies Co-Authored-By: Eyal Leshem <eyal.leshem@toganetworks.com> Change-Id: Ie8cca7b717677347f6a100e8d3b3912bdc20a148
2018-07-09 04:39:05 -04:00
default='default'),
Default pod subnet driver and os-vif utils This patch adds a new driver type used to determine Neutron subnet that should be used for Kubernetes pods' ports. This patch also provides a default subnet driver implementation that uses a subnet set in configuration file. This patch also introduces the 'os_vif_util' module that contains functions to translate data structures returned by Neutron client to os-vif objects. Only the subnet-related functions are added in this patch. Change-Id: I643b22858239ce7f64e6ba81822b31e788fc9990 Partially-Implements: blueprint kuryr-k8s-integration
2016-11-16 15:19:11 +03:00
cfg.StrOpt('pod_subnets_driver',
Enforce E128 pep8 check This commit removes the last pep8 check that was excluded (E128 continuation line under-indented for visual indent), and cleans up code to match pep8. Change-Id: Ia1a6d672df521c35bbd1579971d27d546f4f5481
2017-06-08 15:53:52 +03:00
help=_("The driver to determine Neutron "
"subnets for pod ports"),
default='default'),
K8s Services support: LBaaSSpecHandler This patch introduces LBaaSSpecHandler that handles K8s Service events and updates related Endpoints with LBaaSServiceSpec when necessary. Change-Id: I09a0235842edd06827437f37aeac7ca5daeb1774 Partially-Implements: blueprint kuryr-k8s-integration
2017-01-31 23:19:32 +03:00
cfg.StrOpt('service_subnets_driver',
Enforce E128 pep8 check This commit removes the last pep8 check that was excluded (E128 continuation line under-indented for visual indent), and cleans up code to match pep8. Change-Id: Ia1a6d672df521c35bbd1579971d27d546f4f5481
2017-06-08 15:53:52 +03:00
help=_("The driver to determine Neutron "
"subnets for services"),
default='default'),
Default pod security groups driver This patch adds a new driver type used to determine Neutron security groups that should be used for Kubernetes pods. This patch also provides a default driver implementation that uses a list of security groups set in configuration file. Change-Id: Id76f70b8a99ffa8372dfd3d199371e7db46fb812 Partially-Implements: blueprint kuryr-k8s-integration
2016-11-18 13:43:46 +03:00
cfg.StrOpt('pod_security_groups_driver',
Enforce E128 pep8 check This commit removes the last pep8 check that was excluded (E128 continuation line under-indented for visual indent), and cleans up code to match pep8. Change-Id: Ia1a6d672df521c35bbd1579971d27d546f4f5481
2017-06-08 15:53:52 +03:00
help=_("The driver to determine Neutron "
"security groups for pods"),
default='default'),
K8s Services support: LBaaSSpecHandler This patch introduces LBaaSSpecHandler that handles K8s Service events and updates related Endpoints with LBaaSServiceSpec when necessary. Change-Id: I09a0235842edd06827437f37aeac7ca5daeb1774 Partially-Implements: blueprint kuryr-k8s-integration
2017-01-31 23:19:32 +03:00
cfg.StrOpt('service_security_groups_driver',
Enforce E128 pep8 check This commit removes the last pep8 check that was excluded (E128 continuation line under-indented for visual indent), and cleans up code to match pep8. Change-Id: Ia1a6d672df521c35bbd1579971d27d546f4f5481
2017-06-08 15:53:52 +03:00
help=_("The driver to determine Neutron "
"security groups for services"),
default='default'),
Generic VIF controller driver This patch introduces a driver that manages normal Neutron ports to provide VIFs for Kubernetes Pods. Change-Id: Ice32e96e107f7b7331caca3b79c488532710b4a2 Partially-Implements: blueprint kuryr-k8s-integration
2016-11-21 04:18:05 +03:00
cfg.StrOpt('pod_vif_driver',
Enforce E128 pep8 check This commit removes the last pep8 check that was excluded (E128 continuation line under-indented for visual indent), and cleans up code to match pep8. Change-Id: Ia1a6d672df521c35bbd1579971d27d546f4f5481
2017-06-08 15:53:52 +03:00
help=_("The driver that provides VIFs for Kubernetes Pods."),
default='neutron-vif'),
K8s Services support: LoadBalancerHandler This patch implements LoadBalancerHandler that handles K8s Endpoints events and tracks changes in LBaaSServiceSpec to update Neutron LBaaS accordingly and to reflect its' actual state in LBaaSState. Change-Id: I718daf6d3def981c1bde5ca9831f955766935fbd Partially-Implements: blueprint kuryr-k8s-integration
2017-03-28 18:43:26 +03:00
cfg.StrOpt('endpoints_lbaas_driver',
Enforce E128 pep8 check This commit removes the last pep8 check that was excluded (E128 continuation line under-indented for visual indent), and cleans up code to match pep8. Change-Id: Ia1a6d672df521c35bbd1579971d27d546f4f5481
2017-06-08 15:53:52 +03:00
help=_("The driver that provides LoadBalancers for "
"Kubernetes Endpoints"),
Removing lbaasv2 related code LBaaSv2 was deprecated in favor of Octavia. This patch is removing the remaining gates for lbaasv2 and the specific code for handling the services when haproxy was used Implements: blueprint remove-lbaasv2 Change-Id: I601a62640838557697887aea1a778e67449f68a5
2019-01-16 16:40:03 +01:00
default='lbaasv2'),
Add support for OVN provider in Endpoint LBaaS driver The OVN provider was added to Octavia in addition to the 'amphora' [1]. When the Octavia Load Balancer provider is set to 'ovn', the Load balancing is executed by the virtual switch data-path engine and there is no need to create a VM ('amphora') per LB. This patch does two things: 1. Allows the user to configure the load balancer provider, where the default value is set to Octavia's default provider. 2. Updates Kubernetes Endpoints LBaaS driver to support load balancer provider. [1] https://github.com/openstack/networking-ovn/commit/66502f19f2994512fb89e6e453429e140da5fa4b Partially Implements: blueprint octavia-ovn-provider Change-Id: I1d1fc521902a593192e832e324bf68baa943f73f
2018-09-17 17:58:46 +03:00
cfg.StrOpt('endpoints_driver_octavia_provider',
help=_("The Octavia load balancer provider that will be used "
"to support Kubernetes Endpoints"),
default='default'),
Adding support for vif pool driver Every time a container is created or deleted there is a call from Kuryr to Neutron to create/remove the port used by the container. In order to speed up both container creation and deletion a vif pool driver is added, enabling the posibility of performing Neutron resource management actions before/after containers creation/deletion process. This patch introduces a basic structure for the driver to trigger ports creation and cleanup as part of the vif pool management. Note it will be followed up with extended versions of the drivers to support the extra ports pool functionality. Partially Implements blueprint ports-pool Change-Id: I441aa8f8ef567414f38d40365e3799de33de5b8c
2017-02-22 10:18:37 +01:00
cfg.StrOpt('vif_pool_driver',
Enforce E128 pep8 check This commit removes the last pep8 check that was excluded (E128 continuation line under-indented for visual indent), and cleans up code to match pep8. Change-Id: Ia1a6d672df521c35bbd1579971d27d546f4f5481
2017-06-08 15:53:52 +03:00
help=_("The driver that manages VIFs pools for "
Add Octavia L2 member mode support This patch introduces the modifications needed to support L2 member mode communication between the loadbalancer and the pool members (i.e., the pods belonging to the service). It also includes the needed changes to set up the environment with devstack. Implements: blueprint octavia-layer2-member-connectivity Change-Id: I345a71fbdf6f30f314b12aed1fc6f59177c03d00
2017-08-30 10:07:11 +00:00
"Kubernetes Pods"),
Enforce E128 pep8 check This commit removes the last pep8 check that was excluded (E128 continuation line under-indented for visual indent), and cleans up code to match pep8. Change-Id: Ia1a6d672df521c35bbd1579971d27d546f4f5481
2017-06-08 15:53:52 +03:00
default='noop'),
Introduce NodesSubnetsDriver In order to have more control over the nodes subnets we expect instead of relying on static configuration option it's better to have flexibility. This commit introduces NodesSubnetsDriver model that will allow writing more complicated drivers providing the worker_nodes_subnets setting. A use case in mind is to use OpenShift Machine Custom Resources in order to discover subnets the nodes are using. Change-Id: I0eb5d9ad50895151967c23d3ad6d1237cc4d9667
2020-12-23 17:39:11 +01:00
cfg.StrOpt('nodes_subnets_driver',
help=_("The driver that manages listing K8s nodes subnet_ids."),
default='config'),
Avoid port update neutron call during pods boot up This patches removes the need to update the port name when it is associated to a pod. It still allows it by enabling the port_debug option at kuryr.conf. By default is set to False, which means it will not set any name for the ports being used by the pods, nor to the pods available in the port pools. This makes it similar to VMs booted with Nova, where unless a predefined port is used, the port will be created and used without setting any name. Thanks to disabling the port_debug, a call to Neutron to update the port name is saved, with the consequent speed up in containers boot up time, as well as minimization of congestion on the Neutron side in case of many containers being created at the same time. Partially Implements blueprint port-creation-control-plane-perf Change-Id: I674fd948569558d3cc8f13f920c1793e056dfd92
2017-09-18 11:22:22 +00:00
cfg.BoolOpt('port_debug',
help=_('Enable port debug to force kuryr port names to be '
'set to their corresponding pod names.'),
default=False),
Add support for service type=LoadBalancer Service loadbalancerIP could be one of the following : 1. loadbalancerIP allocated from pre-defined pool k8s service.spec.type = 'LoadBalancer' 2. loadbalancerIP specified by user k8s service.spec.type = 'LoadBalancer' and service.spec.loadBalancerIP='x.y.z.t' This commit extend service capability to support '1' and '2' Implements: blueprint k8s-service-type-loadbalancer Change-Id: I98f56692e143aa7ab14dd9920139819c7026acce
2017-08-27 12:27:18 +03:00
cfg.StrOpt('service_public_ip_driver',
help=_("The driver that provides external IP for LB at "
"Kubernetes"),
default='neutron_floating_ip'),
Add Pool Manager to handle subports This patch introduces a ports pool manager that runs as an http server thread belonging to the VIF handler. This Manager handles the requests to populate and/or empty given subport pools so that they can be easily managed. It also includes a client and documentation to test/use the new functionality. Implements: blueprint kuryr-manager-cli-tool Change-Id: I495c0ca3ed997ab9da1763d8a3e60bbf7ac618b9
2017-08-29 08:43:34 +02:00
cfg.BoolOpt('enable_manager',
help=_("Enable Manager to manage the pools."),
default=False),
Watcher restarts watching resources in failure kuryr-kubernetes watcher watches k8s resources and trigger registered pipeline. This patch handles restarting watching when watch thread has failed. Change-Id: I27a719a326dc37f97c46b88d0c171d0f12ded605 Closes-Bug: 1739776 Related-Bug: 1705429 Signed-off-by: Eunsoo Park <esevan.park@gmail.com>
2018-02-22 16:12:34 +09:00
cfg.IntOpt('watch_retry_timeout',
help=_('Time (in seconds) the watcher retries watching for.'),
default=60),
Timeout connections when watching K8s API Turns out that without `timeout` parameter, requests library is unable to see connection interruption if those were "silent" (i.e. firewall blocked the connection for a period long enough for K8s API to drop the connection). This can be fixed by adding the `timeout` parameter to the `requests.get()` invocation in `watch()` and retrying on receiving `requests.ReadTimeout` exception. This commit does so by setting the connection and read timeouts to 30 and 60 respectively and implementing the retry logic using last seen resourceVersion to restart the watching connection. Change-Id: I19df95aaae404b5a936c469085b1f80f9eb99e2e Closes-Bug: 1842689
2019-09-04 18:41:32 +02:00
cfg.IntOpt('watch_connection_timeout',
help=_('TCP connection timeout (in seconds) for the watcher '
'connections to K8s API.'),
default=30),
cfg.IntOpt('watch_read_timeout',
help=_('TCP read timeout (in seconds) for the watcher '
'connections to K8s API. This affects reaction to time '
'when there are no events being streamed from K8s API. '
'When too low, Kuryr will reconnect more often. When '
'too high, Kuryr will take longer to reconnect when K8s '
'API stream was being silently broken.'),
default=60),
Periodically fetch full list of watched resources Kuryr-Kubernetes relies on watching resources in K8s API using an HTTP stream served by kube-apiserver. In such a distributed system this is sometimes unstable and e.g. etcd issues can cause some events to be omitted. To prevent controller from such situations this patch makes sure that periodically a full list of resources is fetched and injected as events into the handlers. We should probably do the same for kuryr-daemon watcher, but that case is less problematic as it'll be restarted in event of ADD requests timing out. Change-Id: I67874d086043071de072420df9ea5e86b3f2582e
2020-06-23 17:43:50 +02:00
cfg.IntOpt('watch_reconcile_period',
help=_('Period (in seconds) between iterations of fetching '
'full list of watched K8s API resources and putting '
'them into the enabled handlers. Setting 0 disables the '
'periodic reconciling. The reconciliation is done to '
'prevent Kuryr from missing events due to K8s API or '
'etcd issues.'),
default=120),
Kuryr-Controller: make handlers pluggable This patch introduces a new way for configuring which handlers the Kuryr controller should be using. This will allow people to use externally provided handlers as long as they are installed as entrypoints of the right namespace. Implements: blueprint kuryr-pluggable-handlers Change-Id: I52ce0ef00771c8587d7f7113cc5eb4839d1309a5 Signed-off-by: Antoni Segura Puimedon <antonisp@celebdor.com>
2018-03-23 11:46:19 +01:00
cfg.ListOpt('enabled_handlers',
help=_("The comma-separated handlers that should be "
"registered for watching in the pipeline."),
corrects Kubernetes Services handlers The handlers that need to be enabled to correctly handle Kubernetes Services events are (endpoints,service,kuryrloadbalancer) and not (lb,lbaasspec) as placed in most of the docs. This was due to the recent movement to KuryrLoadBalancer custom resources definitions (CRD). Change-Id: I0eff3b68839a659d39650e2cb22956e30d2c7332 Closes-Bug: #1899013
2020-10-12 08:52:19 -07:00
default=['vif', 'endpoints', 'service', 'kuryrloadbalancer',
'kuryrport']),
kuryr-controller A/P HA This commit implements initial version of high availability support in kuryr-controller - Active/Passive mode. In this mode only one instance of controller is processing the resources while other ones are in standby mode. If current leader dies, one of standbys is taking the leader role and starts processing resources. Please note that as leader election is based on Kubernetes mechanisms, this is only supported when kuryr-controller is run as Pod on Kubernetes cluster. Implements: bp high-availability Change-Id: I2c6c9315612d64158fb9f8284e0abb065aca7208
2018-04-23 12:49:37 +02:00
cfg.BoolOpt('controller_ha',
help=_('Enable kuryr-controller active/passive HA. Only '
'supported in containerized deployments on Kubernetes '
'or OpenShift.'),
default=False),
cfg.PortOpt('controller_ha_elector_port',
help=_('Port on which leader-elector pod is listening to.'),
default=16401),
Add Network Policies Driver This patch adds the driver skel for Network Policy Support and hooks the previously merged handler to use it. Follow up patches will provide translation between NP and Neutron security groups and driver implementation. Partially Implements: blueprint k8s-network-policies Co-Authored-By: Eyal Leshem <eyal.leshem@toganetworks.com> Change-Id: Ie8cca7b717677347f6a100e8d3b3912bdc20a148
2018-07-09 04:39:05 -04:00
cfg.StrOpt('network_policy_driver',
help=_("Driver for network policies"),
default='default'),
Implement multi-vif driver This patch implements the multi-vif of VIF-Handler And Vif Drivers Design. This patch creates a new driver type MultiVIFDriver. It will be the base class of real drivers like sriov, additional_subnet and npwg_multiple_interfaces. Each of the derived driver should implement the parsing of the additional interfaces definition in K8S pods, and call VIF driver to either create or acquire the Neutron port and its VIF object. A list of enabled drivers can be returned by its class method. So that the VIFHandler can invoke each driver one by one to get the whole list of interfaces for one pod. Partially Implements: blueprint multi-vif-pods Change-Id: I8b5175a4637b18a0b574e27674a217865afb22b7 Signed-off-by: Peng Liu <pliu@redhat.com>
2018-06-15 14:11:34 +08:00
cfg.ListOpt('multi_vif_drivers',
Add missing ws separator between words This is to add missing ws separator between words. Change-Id: I1df1d4aa8f84fb20a509f8e7130f218cafef32a7
2018-11-21 16:04:19 +08:00
help=_("The drivers that provide additional VIFs for "
Implement multi-vif driver This patch implements the multi-vif of VIF-Handler And Vif Drivers Design. This patch creates a new driver type MultiVIFDriver. It will be the base class of real drivers like sriov, additional_subnet and npwg_multiple_interfaces. Each of the derived driver should implement the parsing of the additional interfaces definition in K8S pods, and call VIF driver to either create or acquire the Neutron port and its VIF object. A list of enabled drivers can be returned by its class method. So that the VIFHandler can invoke each driver one by one to get the whole list of interfaces for one pod. Partially Implements: blueprint multi-vif-pods Change-Id: I8b5175a4637b18a0b574e27674a217865afb22b7 Signed-off-by: Peng Liu <pliu@redhat.com>
2018-06-15 14:11:34 +08:00
"Kubernetes Pods."),
default='noop'),
Have configurable additional vifs prefix Allowing user to configure the addtional_ifname_prefix allows kuryr-kubernetes to work more smoothly with other CNI plugins (when using multus or multiple chained CNIs for example). Change-Id: I4ce35e939c1564c1ba0bd2ae55c09fa24a35c9ed Signed-off-by: Yash Gupta <y.gupta@samsung.com>
2019-09-30 14:15:26 +09:00
cfg.StrOpt('additional_ifname_prefix',
help=_("The prefix to use for additional vifs created by "
" multi_vif drivers"),
default='eth'),
Add config option to enable Kubernetes Event creation. Kuryr can (or rather: soon will be able to) leverage events for certain actions where Kuryr is involved, like creating pod networking, services, network policies and so on. This is a nice addition to the logging, where operator can just use typical kubectl commands to get the idea in what state are his resources. This feature can be turned on by using configuration: [kubernetes] use_events = true in kuryr.conf, although it might have an performance impact on kubernetes cluster. Change-Id: Ia25e1309157e49992119709fb546fd5baa2462a4
2021-12-01 11:25:39 +01:00
cfg.BoolOpt('use_events',
help=_('Use Kubernetes Events objects to indicate status of '
'Kuryr created OpenStack objects like networking for '
'pods (Neutron ports) or services (Octavia '
'loadbalancers). It might have impact on performance '
'on Kubernetes cluster, since all objects (so the '
'Event objects too) are stored on etcd.'),
default=True),
Introduce `kuryr-k8s` service This commit introduces the `kuryr-k8s` service by adding the service binary and focusing on loading configuration options. The configuration options are inherited from kuryr-lib project (http://github.com/openstack/kuryr) and loaded at runtime, together with the project ones. These configuration options can be also generated using the `oslo-config-generator` utility by using: tox -e genconfig The service runs as any other OpenStack-based service: kuryr-k8s [--debug] [--config-file foo] ... Partial-Implements: blueprint kuryr-k8s-integration Change-Id: I7e52aef8fb2767dcc46317f2212f4285a17b11da Signed-off-by: Jaume Devesa <devvesa@gmail.com> Co-Authored-By: Taku Fukushima <f.tac.mac@gmail.com>
2016-08-24 13:27:04 +02:00
]
Controller driver base and pod project driver This patch adds stevedore-based driver support to the controller and implements a driver to determine OpenStack project ID used to create pod ports. Change-Id: I0002ce1c1f7985955b7f66902dcf5386db212a1a Partially-Implements: blueprint kuryr-k8s-integration
2016-11-15 20:21:27 +03:00
neutron_defaults = [
cfg.StrOpt('project',
Enforce E128 pep8 check This commit removes the last pep8 check that was excluded (E128 continuation line under-indented for visual indent), and cleans up code to match pep8. Change-Id: Ia1a6d672df521c35bbd1579971d27d546f4f5481
2017-06-08 15:53:52 +03:00
help=_("Default OpenStack project ID for "
"Kubernetes resources")),
Default pod subnet driver and os-vif utils This patch adds a new driver type used to determine Neutron subnet that should be used for Kubernetes pods' ports. This patch also provides a default subnet driver implementation that uses a subnet set in configuration file. This patch also introduces the 'os_vif_util' module that contains functions to translate data structures returned by Neutron client to os-vif objects. Only the subnet-related functions are added in this patch. Change-Id: I643b22858239ce7f64e6ba81822b31e788fc9990 Partially-Implements: blueprint kuryr-k8s-integration
2016-11-16 15:19:11 +03:00
cfg.StrOpt('pod_subnet',
Enforce E128 pep8 check This commit removes the last pep8 check that was excluded (E128 continuation line under-indented for visual indent), and cleans up code to match pep8. Change-Id: Ia1a6d672df521c35bbd1579971d27d546f4f5481
2017-06-08 15:53:52 +03:00
help=_("Default Neutron subnet ID for Kubernetes pods")),
Default pod security groups driver This patch adds a new driver type used to determine Neutron security groups that should be used for Kubernetes pods. This patch also provides a default driver implementation that uses a list of security groups set in configuration file. Change-Id: Id76f70b8a99ffa8372dfd3d199371e7db46fb812 Partially-Implements: blueprint kuryr-k8s-integration
2016-11-18 13:43:46 +03:00
cfg.ListOpt('pod_security_groups',
Enforce E128 pep8 check This commit removes the last pep8 check that was excluded (E128 continuation line under-indented for visual indent), and cleans up code to match pep8. Change-Id: Ia1a6d672df521c35bbd1579971d27d546f4f5481
2017-06-08 15:53:52 +03:00
help=_("Default Neutron security groups' IDs "
"for Kubernetes pods")),
Port-to-VIF os-vif translator for hybrid OVS case This patch introduces Port-to-VIF translation to 'os_vif_util' and implements a translator that supports hybrid OpenVSwitch plugging case. Change-Id: I9f5c36fa32b51da8cccf377455b096270f23a782 Partially-Implements: blueprint kuryr-k8s-integration
2016-11-20 15:45:45 +03:00
cfg.StrOpt('ovs_bridge',
Enforce E128 pep8 check This commit removes the last pep8 check that was excluded (E128 continuation line under-indented for visual indent), and cleans up code to match pep8. Change-Id: Ia1a6d672df521c35bbd1579971d27d546f4f5481
2017-06-08 15:53:52 +03:00
help=_("Default OpenVSwitch integration bridge"),
sample_default="br-int"),
K8s Services support: LBaaSSpecHandler This patch introduces LBaaSSpecHandler that handles K8s Service events and updates related Endpoints with LBaaSServiceSpec when necessary. Change-Id: I09a0235842edd06827437f37aeac7ca5daeb1774 Partially-Implements: blueprint kuryr-k8s-integration
2017-01-31 23:19:32 +03:00
cfg.StrOpt('service_subnet',
Enforce E128 pep8 check This commit removes the last pep8 check that was excluded (E128 continuation line under-indented for visual indent), and cleans up code to match pep8. Change-Id: Ia1a6d672df521c35bbd1579971d27d546f4f5481
2017-06-08 15:53:52 +03:00
help=_("Default Neutron subnet ID for Kubernetes services")),
Make ext subnet config optional It is common for Neutron deployment's policy to forbid GETs to the public subnet, only allowing GETs for the public net. Since the only required field of those two for creating a FIP is the public net, let's change public net to be the only required config option and have the subnet stick around as optional. Change-Id: I31c3c51ad2dc12f8f560cbab01c86d04aabb754e Closes-Bug: 1749921 Signed-off-by: Antoni Segura Puimedon <antonisp@celebdor.com>
2018-02-16 12:13:17 +01:00
cfg.StrOpt('external_svc_net',
help=_("Default external network ID for Kubernetes services")),
Add support for service type=LoadBalancer Service loadbalancerIP could be one of the following : 1. loadbalancerIP allocated from pre-defined pool k8s service.spec.type = 'LoadBalancer' 2. loadbalancerIP specified by user k8s service.spec.type = 'LoadBalancer' and service.spec.loadBalancerIP='x.y.z.t' This commit extend service capability to support '1' and '2' Implements: blueprint k8s-service-type-loadbalancer Change-Id: I98f56692e143aa7ab14dd9920139819c7026acce
2017-08-27 12:27:18 +03:00
cfg.StrOpt('external_svc_subnet',
Make ext subnet config optional It is common for Neutron deployment's policy to forbid GETs to the public subnet, only allowing GETs for the public net. Since the only required field of those two for creating a FIP is the public net, let's change public net to be the only required config option and have the subnet stick around as optional. Change-Id: I31c3c51ad2dc12f8f560cbab01c86d04aabb754e Closes-Bug: 1749921 Signed-off-by: Antoni Segura Puimedon <antonisp@celebdor.com>
2018-02-16 12:13:17 +01:00
help=_("Optional external subnet ID for Kubernetes services"),
default=None),
fix kury-cni exits unexpectedly when MTU of network is 0 If the MTU of the netowrk of interface is 0, "Netlink Error, invalid argument" will be raised, and kury-cni exits unexpectedly. When mtu is 0, 1. dhcp-option-force of dnsmasq for is not set, and mtu of interface of vm is set to be 1500 by default 2. mtu of qvo-xxx and qvb-xxx is set to 1500, which is determined by configuration,network_device_mtu. Fix this by adding default network device MTU configuration, which is used instead if MTU of network is 0 Change-Id: I7c1140b116aa6304aca13479a7d7eb82d828d16f Close-Bug: 1738812
2018-03-14 17:41:14 +08:00
cfg.IntOpt('network_device_mtu',
help='Default MTU setting for network interface.',
Allow to config network MTU We should allow the user to config the mtu for the namespace networks and for VIFs when the bridge driver is used. Change-Id: I1685e31825f15387b6486713ce007b62e915df28
2020-10-21 21:56:22 +00:00
default=0,),
Make Neutron LBaaS Activation Timeout configurable This changes _ACTIVATION_TIMEOUT of LBaaS driver from constant to configurable value in order to make it flexible to production environment. This commit also increases the timeout value in DevStack plugin to make sure Octavia has time to run Amphorae in the gate. Co-Authored-By: Michał Dulko <mdulko@redhat.com> Change-Id: I895d3e5af71ccc7219be422b9ca9e9f8833bad8f Related-Bug: 1753653 Signed-off-by: Eunsoo Park <esevan.park@gmail.com>
2018-03-06 15:02:48 +09:00
cfg.IntOpt('lbaas_activation_timeout',
help=_("Time (in seconds) that kuryr controller waits for "
"neutron LBaaS to be activated"),
default=300),
Use default subnet mapping if subnet is not specified This commit introduces default subnet mapping that maps different driverTypes to default subnet related to sertain driverType. Mapping is used then subnet is not specified in net-attach-def and continues previously merged patch that closes bug 1810344 Change-Id: I558cd73f9a30a684d99bab9b2a251ae24e5a4397 Closes-Bug: 1811243
2019-01-10 17:43:21 +03:00
cfg.DictOpt('subnet_mapping',
help=_("A mapping of default subnets for certain driverType "
"in a form of <driverType>:<SUBNET-ID>"),
default={}),
Add option to tag Neutron resources created by us If we consider a K8s cluster running on OpenStack VM's, which is a perfect use case for Kuryr-Kubernetes, we can easily imagine creating multiple clusters in a single OpenStack public or private cloud. In such use case those K8s clusters may come and go. As Kuryr is creating some OpenStack resources, such as ports, networks, subnets, floating IP's or SG's, it's useful to have a way of identifying those Kuryr-created resources to delete them along with the K8s cluster that used them. This commit makes that possible by adding an option to add tag to all Neutron resources created by Kuryr. Change-Id: If75028e17d13ec62fb414fa9797ee7ac02d948d1 Implements: blueprint kuryr-resources-tagging
2019-02-13 10:04:08 +01:00
cfg.ListOpt('resource_tags',
help=_("List of tags that will be applied to all OpenStack "
"(Neutron and Octavia) resources created by Kuryr. "
"This can be used to identify and garbage-collect "
"them when Kubernetes cluster Kuryr was serving is no "
"longer needed."),
Fixes race cond. during updates of neutron resources When macvlan driver updates neutron resources during pods creation in short period of time, only last address pair remains in Neutron. We need to utilize revision_number feature of neutron api, to detect such race condition and attempt to resend updated api request in such case. Co-Authored-By: Michał Dulko <mdulko@redhat.com> Closes-Bug: 1845307 Change-Id: I01c544cc284f4e7bc339ac4f422e90a0c6cb31fa
2019-04-24 12:08:20 +02:00
default=[]),
Controller driver base and pod project driver This patch adds stevedore-based driver support to the controller and implements a driver to determine OpenStack project ID used to create pod ports. Change-Id: I0002ce1c1f7985955b7f66902dcf5386db212a1a Partially-Implements: blueprint kuryr-k8s-integration
2016-11-15 20:21:27 +03:00
]
Introduce `kuryr-k8s` service This commit introduces the `kuryr-k8s` service by adding the service binary and focusing on loading configuration options. The configuration options are inherited from kuryr-lib project (http://github.com/openstack/kuryr) and loaded at runtime, together with the project ones. These configuration options can be also generated using the `oslo-config-generator` utility by using: tox -e genconfig The service runs as any other OpenStack-based service: kuryr-k8s [--debug] [--config-file foo] ... Partial-Implements: blueprint kuryr-k8s-integration Change-Id: I7e52aef8fb2767dcc46317f2212f4285a17b11da Signed-off-by: Jaume Devesa <devvesa@gmail.com> Co-Authored-By: Taku Fukushima <f.tac.mac@gmail.com>
2016-08-24 13:27:04 +02:00
Add Octavia L2 member mode support This patch introduces the modifications needed to support L2 member mode communication between the loadbalancer and the pool members (i.e., the pods belonging to the service). It also includes the needed changes to set up the environment with devstack. Implements: blueprint octavia-layer2-member-connectivity Change-Id: I345a71fbdf6f30f314b12aed1fc6f59177c03d00
2017-08-30 10:07:11 +00:00
octavia_defaults = [
cfg.StrOpt('member_mode',
help=_("Define the communication mode between load balanacer "
"and its members"),
default='L3'),
Make SG modifications for LoadBalancers optional When ovn-octavia driver is being used there is no need to enforce security groups rules at the loadbalancer SG level, as ovn-octavia is maintaing the source IP, instead of replacing it by amphora VM IP. Change-Id: I39cfc96080594df7515aada92acd8e861cb050e9
2019-06-13 19:39:16 +00:00
cfg.BoolOpt('enforce_sg_rules',
help=_("Enable the enforcement of SG rules at the LB SG "
"in case the LB does not maintain the source IP "
"of the caller resource"),
default=True),
Add support for different loadbalancer algorithms Change-Id: Ide0c7d2480469bca711039ee5b7d12f92078a8b6
2019-11-26 15:15:01 +01:00
cfg.StrOpt('lb_algorithm',
help=_("The load-balancer algoritm that distributed traffic "
"to the pool members. The options are: ROUND_ROBIN, "
"LEAST_CONNECTIONS, SOURCE_IP and SOURCE_IP_PORT."),
default='ROUND_ROBIN'),
Add option to set listener timeouts for lb created by Kuryr The timeout-client-data and timeout-member-data configurations for Octavia listeners default to 50 seconds for load balancers created by Kuryr. This patch allows the creation and modification of load balancers handled by Kuryr with different timeouts values. Implements: blueprint configure-lb-listeners-timeout Change-Id: I99016001c2263023d1fa2637d7b5aeb23b3b2d9d
2021-02-24 14:31:07 +00:00
cfg.IntOpt('timeout_client_data',
help=_("Frontend client inactivity timeout in milliseconds. "
"When set to 0, the default timeout value set by "
"Octavia is used."),
default=0),
cfg.IntOpt('timeout_member_data',
help=_("Backend member inactivity timeout in milliseconds. "
"When set to 0, the default timeout value set by "
"Octavia is used."),
default=0),
Add Octavia L2 member mode support This patch introduces the modifications needed to support L2 member mode communication between the loadbalancer and the pool members (i.e., the pods belonging to the service). It also includes the needed changes to set up the environment with devstack. Implements: blueprint octavia-layer2-member-connectivity Change-Id: I345a71fbdf6f30f314b12aed1fc6f59177c03d00
2017-08-30 10:07:11 +00:00
]
Add oslo_cache to default_subnet driver This patch adds oslo_cache to the default subnet driver to avoid unneed calls to neutron when creating pods (or when getting subnet information) Change-Id: I93b6bed424757e4138ba656251ae5da46b857da1
2017-11-14 17:02:23 +00:00
cache_defaults = [
cfg.BoolOpt('enabled',
help=_("Enable caching."),
default=True),
cfg.StrOpt('backend',
help=_("Select backend cache option."),
default="dogpile.cache.memory"),
]
Add namespace isolation for services This patch ensures pods from namespace X cannot access services pointing to pods on namespace Y, and vice versa. The exceptions are: - Pods on default namespace can access all the services - Services on default namespace can be accessed by all the pods Depends-On: I37025bf65b67fe04f2a6d9b14bbe1b7bc387e370 Implements: blueprint openshift-project-isolation-support Change-Id: I7b78e12cdf2bce5d0780e582814ef51ef0c459a7
2018-07-10 18:29:07 +02:00
nested_vif_driver_opts = [
Multiple nodes subnets support This commit deprecates `[pod_vif_nested]worker_nodes_subnet` in favor of `[pod_vif_nested]worker_nodes_subnets` that will accept a list instead. All the code using the deprecated options is updated to expect a list and iterate over possible nodes subnets. Change-Id: I7671fb06863d58b58905bec43555d8f21626f640
2020-12-14 10:01:51 +01:00
cfg.ListOpt('worker_nodes_subnets',
help=_("Neutron subnet IDs for k8s worker node VMs."),
default=[],
deprecated_name='worker_nodes_subnet',
deprecated_group='pod_vif_nested'),
Fixes race cond. during updates of neutron resources When macvlan driver updates neutron resources during pods creation in short period of time, only last address pair remains in Neutron. We need to utilize revision_number feature of neutron api, to detect such race condition and attempt to resend updated api request in such case. Co-Authored-By: Michał Dulko <mdulko@redhat.com> Closes-Bug: 1845307 Change-Id: I01c544cc284f4e7bc339ac4f422e90a0c6cb31fa
2019-04-24 12:08:20 +02:00
cfg.IntOpt('rev_update_attempts',
help=_("How many time to try to re-update the neutron resource "
"when revision has been changed by other thread"),
default=3),
Add namespace isolation for services This patch ensures pods from namespace X cannot access services pointing to pods on namespace Y, and vice versa. The exceptions are: - Pods on default namespace can access all the services - Services on default namespace can be accessed by all the pods Depends-On: I37025bf65b67fe04f2a6d9b14bbe1b7bc387e370 Implements: blueprint openshift-project-isolation-support Change-Id: I7b78e12cdf2bce5d0780e582814ef51ef0c459a7
2018-07-10 18:29:07 +02:00
]
Add SR-IOV pod vif driver This commit adds SR-IOV driver and new type of VIF to handle SR-IOV requests. This driver can work as a primary driver and only one driver, but only when kubernetes will fully support CNI specification. Now this driver can work in couple with multi vif driver, e.g. NPWGMultiVIFDriver. (see doc/source/installation/multi_vif_with_npwg_spec.rst) Also this driver relies on kubernetes SRIOV device plugin. This commit also adds 'default_physnet_subnets' setting, that should include a mapping of physnets to neutron subnet IDs, it's necessary to specify VIF's physnet (subnet id comes from annotation). To get details how to create pods with sriov interfaces see doc/source/installation/sriov.rst Target bp: kuryr-kubernetes-sriov-support Change-Id: I45c5f1a7fb423ee68731d0ae85f7171e33d0aeeb Signed-off-by: Danil Golov <d.golov@partner.samsung.com> Signed-off-by: Vladimir Kuramshin <v.kuramshin@samsung.com> Signed-off-by: Alexey Perevalov <a.perevalov@samsung.com>
2017-10-10 14:30:59 +03:00
DEFAULT_PHYSNET_SUBNET_MAPPINGS = {}
Add SR-IOV binding driver to CNI This commit includes a binding driver for SR-IOV interfaces. The driver scans VFs of a PF for each SR-IOV interface requested and assignes them to the Pod. This commit adds new config parameter `physical_device_mappings`. It is similar to neutron-sriov-nic-agent and helps manage PFs and physnets. Implements: blueprint kuryr-kubernetes-sriov-support Change-Id: Icda852cef35efdb75daeae78f7a093fe516f4c02 Signed-off-by: Danil Golov <d.golov@partner.samsung.com> Signed-off-by: Alexey Perevalov <a.perevalov@samsung.com> Signed-off-by: Vladimir Kuramshin <v.kuramshin@samsung.com>
2017-10-10 15:06:12 +03:00
DEFAULT_DEVICE_MAPPINGS = []
Add SR-IOV pod vif driver This commit adds SR-IOV driver and new type of VIF to handle SR-IOV requests. This driver can work as a primary driver and only one driver, but only when kubernetes will fully support CNI specification. Now this driver can work in couple with multi vif driver, e.g. NPWGMultiVIFDriver. (see doc/source/installation/multi_vif_with_npwg_spec.rst) Also this driver relies on kubernetes SRIOV device plugin. This commit also adds 'default_physnet_subnets' setting, that should include a mapping of physnets to neutron subnet IDs, it's necessary to specify VIF's physnet (subnet id comes from annotation). To get details how to create pods with sriov interfaces see doc/source/installation/sriov.rst Target bp: kuryr-kubernetes-sriov-support Change-Id: I45c5f1a7fb423ee68731d0ae85f7171e33d0aeeb Signed-off-by: Danil Golov <d.golov@partner.samsung.com> Signed-off-by: Vladimir Kuramshin <v.kuramshin@samsung.com> Signed-off-by: Alexey Perevalov <a.perevalov@samsung.com>
2017-10-10 14:30:59 +03:00
sriov_opts = [
Add PodResources service client PodResources client could be used by sriov cni to obtain devices allocated for container by sriov device-plugin. KubeletPodResources service is still in alpha, so it should be explicitly enabled in kubelet feature-gates: kubelet --feature-gates KubeletPodResources=true New config option 'kubelet_root_dir' added to 'sriov' section that defaults to kubelet default root-dir '/var/lib/kulelet'. In case kubelet started with non-default root directory passed via '--root-dir' option, the same value should be configured in 'kubelet_root_dir'. Note that if sriov binding driver will be used inside container 'kubelet_root_dir'/pod-resources directory should be mounted to this container in order to allow communication with kubelet via gRPC protocol over the unix domain socket. Partial-Bug: 1826865 Depends-On: https://review.openstack.org/#/c/652629 Change-Id: Icf088b839db079efe9c7647c31be4ead867ed32b Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
2019-03-27 20:05:32 +03:00
cfg.StrOpt('kubelet_root_dir',
help=_("The root directory of the Kubelet daemon"),
default='/var/lib/kubelet'),
Provide a proper way to choose VF in CNI This commit fixes incorrect way for choosing VF in SR-IOV binding driver. Previously sriov-device-plugin has choosen device by it's own way while CNI choosed first available VF. This entities did not know anything about each other's choice. Now SR-IOV binding driver gets a list of used by kubelet devices with help of Pod Resources Client, then chooses device from this list which is not used by pod yet and passes an appropriate VF into container's network namespace. Also this commit contains tools for cluster upgrade. Change-Id: I5b24981f715966369b05b8ab157f8bfe02afc2d4 Closes-Bug: 1826865 Signed-off-by: Danil Golov <d.golov@samsung.com>
2019-04-29 17:29:25 +03:00
cfg.BoolOpt('enable_pod_resource_service',
help=_("Enable PodResources service"),
default=False),
Add SR-IOV pod vif driver This commit adds SR-IOV driver and new type of VIF to handle SR-IOV requests. This driver can work as a primary driver and only one driver, but only when kubernetes will fully support CNI specification. Now this driver can work in couple with multi vif driver, e.g. NPWGMultiVIFDriver. (see doc/source/installation/multi_vif_with_npwg_spec.rst) Also this driver relies on kubernetes SRIOV device plugin. This commit also adds 'default_physnet_subnets' setting, that should include a mapping of physnets to neutron subnet IDs, it's necessary to specify VIF's physnet (subnet id comes from annotation). To get details how to create pods with sriov interfaces see doc/source/installation/sriov.rst Target bp: kuryr-kubernetes-sriov-support Change-Id: I45c5f1a7fb423ee68731d0ae85f7171e33d0aeeb Signed-off-by: Danil Golov <d.golov@partner.samsung.com> Signed-off-by: Vladimir Kuramshin <v.kuramshin@samsung.com> Signed-off-by: Alexey Perevalov <a.perevalov@samsung.com>
2017-10-10 14:30:59 +03:00
cfg.DictOpt('default_physnet_subnets',
help=_("A mapping of default subnets for certain physnets "
"in a form of physnet-name:<SUBNET-ID>"),
default=DEFAULT_PHYSNET_SUBNET_MAPPINGS),
Support sriovdp arbitrary resource names This patch adds ability to work with new sriov device plugin's feature. This feature implies arbitrary names for resource. So kuryr-kubernetes should also know about such resources. Resources are listed in /etc/pcidp/config.json If physnet_resource_mappings is not specified it's assumed resource name is physnet. Implements: blueprint move-to-new-sriovdp Change-Id: I07c5338b6d5b431435c467b0c52b50fe3385a86a Signed-off-by: Alexey Perevalov <a.perevalov@samsung.com>
2019-01-30 12:52:57 +03:00
cfg.DictOpt('physnet_resource_mappings',
help=_("A mapping of physnets for certain sriov dp "
"resource name in a form of "
"physnet-name:resource name. "
"Resource name is listed in sriov device plugin "
"configuation file."),
default=DEFAULT_PHYSNET_SUBNET_MAPPINGS),
cfg.StrOpt('device_plugin_resource_prefix',
help=_("This prefix is used by sriov-network-device-plugin "
"It concatenates with resource suffix defined in "
"sriov device plugin configuration file."),
default=constants.K8S_SRIOV_PREFIX),
DPDK in baremetal containers using SR-IOV This commit allows to use DPDK applications in k8s pods. To use DPDK applications inside the container SR-IOV binding driver binds used device on apropriate driver that is specified in config. Partially implements: bp dpdk-applications-in-containers Change-Id: I30ba1f30ae69562a91314fc2f14eba98b1692450 Signed-off-by: Danil Golov <d.golov@samsung.com>
2019-04-04 16:58:40 +03:00
cfg.DictOpt('resource_driver_mappings',
help=_("A mappping driver names for certain resource "
"names. Expected that device of VIF related to "
"exact physnet should be binded on specified driver."),
default=DEFAULT_PHYSNET_SUBNET_MAPPINGS),
Make node annotations with pci addresses optional This patch adds new option to CM that enables annotations to nodes. Node annotations are useless before sriov-nic-agent is installed on nodes. By default this option is set to False, so annotations will not be set and direct ports will not be active in neutron. Change-Id: Ie6f141df59c601b74fb949a86e92d68115ffa5fb Signed-off-by: Danil Golov <d.golov@samsung.com>
2020-03-12 14:05:12 +03:00
cfg.BoolOpt('enable_node_annotations',
help=_("Enable node annotations. This option allows to "
"set annotations required by neutron to set active "
"state of ports. This option is useless when "
"sriov-nic-agent is not running on node."),
default=False),
Add SR-IOV pod vif driver This commit adds SR-IOV driver and new type of VIF to handle SR-IOV requests. This driver can work as a primary driver and only one driver, but only when kubernetes will fully support CNI specification. Now this driver can work in couple with multi vif driver, e.g. NPWGMultiVIFDriver. (see doc/source/installation/multi_vif_with_npwg_spec.rst) Also this driver relies on kubernetes SRIOV device plugin. This commit also adds 'default_physnet_subnets' setting, that should include a mapping of physnets to neutron subnet IDs, it's necessary to specify VIF's physnet (subnet id comes from annotation). To get details how to create pods with sriov interfaces see doc/source/installation/sriov.rst Target bp: kuryr-kubernetes-sriov-support Change-Id: I45c5f1a7fb423ee68731d0ae85f7171e33d0aeeb Signed-off-by: Danil Golov <d.golov@partner.samsung.com> Signed-off-by: Vladimir Kuramshin <v.kuramshin@samsung.com> Signed-off-by: Alexey Perevalov <a.perevalov@samsung.com>
2017-10-10 14:30:59 +03:00
]
Support DPDK application on bare-metal host This patch contains binding driver, which intend to copy vhostuser port to containers's directory. Here container's directory it's mounted directory. Also this patch contains code to create proper VIF in case when neutron ovs agent configured to work with vhostuser ports. There is no code here for port creation, due to it performs in base.connect by os_vif.plug. This function creates/or recreates OVS bridge with netdev type, then it creates port in this bridge. It uses vif.network.bridge as the name for integration bridge, IOW it doesn't use ovs_bridge from kuryr.conf, vif.network.bridge is configured by neutron ovs agent. VhostUser mode is defined by neutron ovs agent, it obtains from Open vSwitch configuration: Command to check Open vSwitch configuration ovs-vsctl list Open_vSwitch |grep iface_types If neutron ovs agent finds dpdkvhostuserclient there, it sets vhostuser_mode to VIFVHostUserMode.SERVER, it means DPDK application in container will be a server, and OVS will be a client, so DPDK application will create/bind/listen vhostuser socket by predefined path. This path is set in kuryr.conf/vhostuser/mount_point. When dpdkvhostuserclient is not in OVS's capability list, e.g. it's old OVS or it was built w/o dpdkvhostuserclient support, the mode will be VIFVHostUserMode.CLIENT. In this case OVS will create/bind/listen socket, so socket file will exist, and it shoud be copied to container's mount volume. At the moment of copying OVS server already has to listen it, otherwise approach is not working. Partially Implements: blueprint support-vhost-user-port-type-on-bm-installation Change-Id: Ib9c22368e518815064282f4c3b9f9ddaf58dc622 Signed-off-by: Alexey Perevalov <a.perevalov@samsung.com> Signed-off-by: Andrey Zaikin <a.zaikin@partner.samsung.com> Signed-off-by: Vladimir Kuramshin <v.kuramshin@samsung.com>
2020-01-31 11:31:34 +03:00
vhostuser = [
cfg.StrOpt('mount_point',
help=_("Path where vhost-user port will be created "
"also it should be mount point for pod"),
default='/var/cni/vhostuser'),
cfg.StrOpt('ovs_vhu_path',
help=_("Path where OVS keeps socket files for vhost-user "
"ports"),
default='/var/run/openvswitch/')
]
Export Prometheus metrics This commit export kuryr_cni_requests_duration, kuryr_quota_free_count, kuryr_port_quota_per_subnet, kuryr_pod_creation_latency metrics to Prometheus. Depends-On: https://review.opendev.org/c/openstack/kuryr-kubernetes/+/811557 Change-Id: I8c8c98153eaf6dd2418efe124c875c1ff9c66205
2020-05-06 21:50:30 +00:00
prometheus_exporter_opts = [
cfg.IntOpt('controller_exporter_port',
help=_('port for the Controller Prometheus exporter.'),
default=9654),
cfg.IntOpt('cni_exporter_port',
help=_('port for the CNI Prometheus exporter.'),
default=9655)
]
Introduce `kuryr-k8s` service This commit introduces the `kuryr-k8s` service by adding the service binary and focusing on loading configuration options. The configuration options are inherited from kuryr-lib project (http://github.com/openstack/kuryr) and loaded at runtime, together with the project ones. These configuration options can be also generated using the `oslo-config-generator` utility by using: tox -e genconfig The service runs as any other OpenStack-based service: kuryr-k8s [--debug] [--config-file foo] ... Partial-Implements: blueprint kuryr-k8s-integration Change-Id: I7e52aef8fb2767dcc46317f2212f4285a17b11da Signed-off-by: Jaume Devesa <devvesa@gmail.com> Co-Authored-By: Taku Fukushima <f.tac.mac@gmail.com>
2016-08-24 13:27:04 +02:00
CONF = cfg.CONF
move config and opt generation to new kuryr-lib The config generation was from back when we did not have keystone v3 support, which moved around how it all is generated. This patch puts kuryr-kubernetes in line with the rest of Kuryr. Change-Id: I877fa57308aa4c2128bb5d12e801e7e566aef108 Closes-bug: #1626014 Signed-off-by: Antoni Segura Puimedon <antonisp@celebdor.com>
2016-09-21 15:19:53 +02:00
CONF.register_opts(kuryr_k8s_opts)
CNI split - introducing CNI daemon This commit implements basic CNI daemon service. The aim of this new entity is to increase scalability of CNI operations by moving watching for VIF to a separate process. This commit: * Introduces kuryr-daemon service * Implements communication between CNI driver and CNI daemon using HTTP * Consolidates watching for VIF on CNI side to a single Watcher that looks for all the pods on the node it is running on. * Solves bug 1731485 when running with CNI daemon. * Enables new service in DevStack plugin * Provides unit tests for new code. Follow up patches will include: - Documentation. - Support for running in containerized mode. To test the patch add `enable_service kuryr-daemon` to your DevStack's local.conf file. Partial-Bug: 1731485 Co-Authored-By: Janonymous <janonymous.codevulture@gmail.com> Implements: blueprint cni-split-exec-daemon Change-Id: I1bd6406dacab0735a94474e146645c63d933be16
2017-10-25 21:29:22 +02:00
CONF.register_opts(daemon_opts, group='cni_daemon')
move config and opt generation to new kuryr-lib The config generation was from back when we did not have keystone v3 support, which moved around how it all is generated. This patch puts kuryr-kubernetes in line with the rest of Kuryr. Change-Id: I877fa57308aa4c2128bb5d12e801e7e566aef108 Closes-bug: #1626014 Signed-off-by: Antoni Segura Puimedon <antonisp@celebdor.com>
2016-09-21 15:19:53 +02:00
CONF.register_opts(k8s_opts, group='kubernetes')
Controller driver base and pod project driver This patch adds stevedore-based driver support to the controller and implements a driver to determine OpenStack project ID used to create pod ports. Change-Id: I0002ce1c1f7985955b7f66902dcf5386db212a1a Partially-Implements: blueprint kuryr-k8s-integration
2016-11-15 20:21:27 +03:00
CONF.register_opts(neutron_defaults, group='neutron_defaults')
Add Octavia L2 member mode support This patch introduces the modifications needed to support L2 member mode communication between the loadbalancer and the pool members (i.e., the pods belonging to the service). It also includes the needed changes to set up the environment with devstack. Implements: blueprint octavia-layer2-member-connectivity Change-Id: I345a71fbdf6f30f314b12aed1fc6f59177c03d00
2017-08-30 10:07:11 +00:00
CONF.register_opts(octavia_defaults, group='octavia_defaults')
Add oslo_cache to default_subnet driver This patch adds oslo_cache to the default subnet driver to avoid unneed calls to neutron when creating pods (or when getting subnet information) Change-Id: I93b6bed424757e4138ba656251ae5da46b857da1
2017-11-14 17:02:23 +00:00
CONF.register_opts(cache_defaults, group='cache_defaults')
Add namespace isolation for services This patch ensures pods from namespace X cannot access services pointing to pods on namespace Y, and vice versa. The exceptions are: - Pods on default namespace can access all the services - Services on default namespace can be accessed by all the pods Depends-On: I37025bf65b67fe04f2a6d9b14bbe1b7bc387e370 Implements: blueprint openshift-project-isolation-support Change-Id: I7b78e12cdf2bce5d0780e582814ef51ef0c459a7
2018-07-10 18:29:07 +02:00
CONF.register_opts(nested_vif_driver_opts, group='pod_vif_nested')
Add SR-IOV pod vif driver This commit adds SR-IOV driver and new type of VIF to handle SR-IOV requests. This driver can work as a primary driver and only one driver, but only when kubernetes will fully support CNI specification. Now this driver can work in couple with multi vif driver, e.g. NPWGMultiVIFDriver. (see doc/source/installation/multi_vif_with_npwg_spec.rst) Also this driver relies on kubernetes SRIOV device plugin. This commit also adds 'default_physnet_subnets' setting, that should include a mapping of physnets to neutron subnet IDs, it's necessary to specify VIF's physnet (subnet id comes from annotation). To get details how to create pods with sriov interfaces see doc/source/installation/sriov.rst Target bp: kuryr-kubernetes-sriov-support Change-Id: I45c5f1a7fb423ee68731d0ae85f7171e33d0aeeb Signed-off-by: Danil Golov <d.golov@partner.samsung.com> Signed-off-by: Vladimir Kuramshin <v.kuramshin@samsung.com> Signed-off-by: Alexey Perevalov <a.perevalov@samsung.com>
2017-10-10 14:30:59 +03:00
CONF.register_opts(sriov_opts, group='sriov')
Support DPDK application on bare-metal host This patch contains binding driver, which intend to copy vhostuser port to containers's directory. Here container's directory it's mounted directory. Also this patch contains code to create proper VIF in case when neutron ovs agent configured to work with vhostuser ports. There is no code here for port creation, due to it performs in base.connect by os_vif.plug. This function creates/or recreates OVS bridge with netdev type, then it creates port in this bridge. It uses vif.network.bridge as the name for integration bridge, IOW it doesn't use ovs_bridge from kuryr.conf, vif.network.bridge is configured by neutron ovs agent. VhostUser mode is defined by neutron ovs agent, it obtains from Open vSwitch configuration: Command to check Open vSwitch configuration ovs-vsctl list Open_vSwitch |grep iface_types If neutron ovs agent finds dpdkvhostuserclient there, it sets vhostuser_mode to VIFVHostUserMode.SERVER, it means DPDK application in container will be a server, and OVS will be a client, so DPDK application will create/bind/listen vhostuser socket by predefined path. This path is set in kuryr.conf/vhostuser/mount_point. When dpdkvhostuserclient is not in OVS's capability list, e.g. it's old OVS or it was built w/o dpdkvhostuserclient support, the mode will be VIFVHostUserMode.CLIENT. In this case OVS will create/bind/listen socket, so socket file will exist, and it shoud be copied to container's mount volume. At the moment of copying OVS server already has to listen it, otherwise approach is not working. Partially Implements: blueprint support-vhost-user-port-type-on-bm-installation Change-Id: Ib9c22368e518815064282f4c3b9f9ddaf58dc622 Signed-off-by: Alexey Perevalov <a.perevalov@samsung.com> Signed-off-by: Andrey Zaikin <a.zaikin@partner.samsung.com> Signed-off-by: Vladimir Kuramshin <v.kuramshin@samsung.com>
2020-01-31 11:31:34 +03:00
CONF.register_opts(vhostuser, group='vhostuser')
Export Prometheus metrics This commit export kuryr_cni_requests_duration, kuryr_quota_free_count, kuryr_port_quota_per_subnet, kuryr_pod_creation_latency metrics to Prometheus. Depends-On: https://review.opendev.org/c/openstack/kuryr-kubernetes/+/811557 Change-Id: I8c8c98153eaf6dd2418efe124c875c1ff9c66205
2020-05-06 21:50:30 +00:00
CONF.register_opts(prometheus_exporter_opts, "prometheus_exporter")
Introduce `kuryr-k8s` service This commit introduces the `kuryr-k8s` service by adding the service binary and focusing on loading configuration options. The configuration options are inherited from kuryr-lib project (http://github.com/openstack/kuryr) and loaded at runtime, together with the project ones. These configuration options can be also generated using the `oslo-config-generator` utility by using: tox -e genconfig The service runs as any other OpenStack-based service: kuryr-k8s [--debug] [--config-file foo] ... Partial-Implements: blueprint kuryr-k8s-integration Change-Id: I7e52aef8fb2767dcc46317f2212f4285a17b11da Signed-off-by: Jaume Devesa <devvesa@gmail.com> Co-Authored-By: Taku Fukushima <f.tac.mac@gmail.com>
2016-08-24 13:27:04 +02:00
CONF.register_opts(lib_config.core_opts)
CONF.register_opts(lib_config.binding_opts, 'binding')
move config and opt generation to new kuryr-lib The config generation was from back when we did not have keystone v3 support, which moved around how it all is generated. This patch puts kuryr-kubernetes in line with the rest of Kuryr. Change-Id: I877fa57308aa4c2128bb5d12e801e7e566aef108 Closes-bug: #1626014 Signed-off-by: Antoni Segura Puimedon <antonisp@celebdor.com>
2016-09-21 15:19:53 +02:00
lib_config.register_neutron_opts(CONF)
Introduce `kuryr-k8s` service This commit introduces the `kuryr-k8s` service by adding the service binary and focusing on loading configuration options. The configuration options are inherited from kuryr-lib project (http://github.com/openstack/kuryr) and loaded at runtime, together with the project ones. These configuration options can be also generated using the `oslo-config-generator` utility by using: tox -e genconfig The service runs as any other OpenStack-based service: kuryr-k8s [--debug] [--config-file foo] ... Partial-Implements: blueprint kuryr-k8s-integration Change-Id: I7e52aef8fb2767dcc46317f2212f4285a17b11da Signed-off-by: Jaume Devesa <devvesa@gmail.com> Co-Authored-By: Taku Fukushima <f.tac.mac@gmail.com>
2016-08-24 13:27:04 +02:00
logging.register_options(CONF)
def init(args, **kwargs):
Implement Guru meditation reports Guru Meditation report can log runtime configuration of a given process, along with thread status and greenthread status. It greatly helps to check the process runtime status. The usage is simple: kill -SIGUSR2 {process-id} With this we can show report of kuryr-kubernetes Change-Id: I4cb2314bd25d3200781582b1e188139751666fd3 Implements: blueprint oslo-gmr
2017-03-21 08:11:41 +00:00
version_k8s = version.version_info.version_string()
Introduce `kuryr-k8s` service This commit introduces the `kuryr-k8s` service by adding the service binary and focusing on loading configuration options. The configuration options are inherited from kuryr-lib project (http://github.com/openstack/kuryr) and loaded at runtime, together with the project ones. These configuration options can be also generated using the `oslo-config-generator` utility by using: tox -e genconfig The service runs as any other OpenStack-based service: kuryr-k8s [--debug] [--config-file foo] ... Partial-Implements: blueprint kuryr-k8s-integration Change-Id: I7e52aef8fb2767dcc46317f2212f4285a17b11da Signed-off-by: Jaume Devesa <devvesa@gmail.com> Co-Authored-By: Taku Fukushima <f.tac.mac@gmail.com>
2016-08-24 13:27:04 +02:00
CONF(args=args, project='kuryr-k8s', version=version_k8s, **kwargs)
Fix CNI_COMMAND=VERSION case In case of VERSION command k8s v1.16 and higher sends only {"cniVersion": "0.4.0"} to the stdio, but kuryr-cni expected cni-conf with kuryr_conf field. Also k8s expects json in the stdio, but logs was also there. So need to strictly redirect it into stderr in this case. It's a work around, because maintanable way here is to use golang's version based on containernetworking library. Change-Id: I9095ced11f78eb1ae2890883fa6da4df74213480 Signed-off-by: Alexey Perevalov <a.perevalov@samsung.com>
2019-10-11 14:00:57 +03:00
if os.environ.get('CNI_COMMAND') == 'VERSION':
CONF.set_default('use_stderr', True)
Introduce `kuryr-k8s` service This commit introduces the `kuryr-k8s` service by adding the service binary and focusing on loading configuration options. The configuration options are inherited from kuryr-lib project (http://github.com/openstack/kuryr) and loaded at runtime, together with the project ones. These configuration options can be also generated using the `oslo-config-generator` utility by using: tox -e genconfig The service runs as any other OpenStack-based service: kuryr-k8s [--debug] [--config-file foo] ... Partial-Implements: blueprint kuryr-k8s-integration Change-Id: I7e52aef8fb2767dcc46317f2212f4285a17b11da Signed-off-by: Jaume Devesa <devvesa@gmail.com> Co-Authored-By: Taku Fukushima <f.tac.mac@gmail.com>
2016-08-24 13:27:04 +02:00
def setup_logging():
logging.setup(CONF, 'kuryr-kubernetes')
logging.set_defaults(default_log_levels=logging.get_default_log_levels())
Implement Guru meditation reports Guru Meditation report can log runtime configuration of a given process, along with thread status and greenthread status. It greatly helps to check the process runtime status. The usage is simple: kill -SIGUSR2 {process-id} With this we can show report of kuryr-kubernetes Change-Id: I4cb2314bd25d3200781582b1e188139751666fd3 Implements: blueprint oslo-gmr
2017-03-21 08:11:41 +00:00
version_k8s = version.version_info.version_string()
Remove log translations Log messages are no longer being translated. This removes all use of the _LE, _LI, and _LW translation markers to simplify logging and to avoid confusion with new contributions. See: http://lists.openstack.org/pipermail/openstack-i18n/2016-November/002574.html http://lists.openstack.org/pipermail/openstack-dev/2017-March/113365.html Change-Id: If4735fc3ac1803585efd90657539e540d157a59a
2017-03-28 09:47:09 +08:00
LOG.info("Logging enabled!")
LOG.info("%(prog)s version %(version)s",
{'prog': sys.argv[0], 'version': version_k8s})
Copy Permalink