openstack/kuryr-kubernetes
Code Issues Proposed changes

Remove way of running without kuryr-daemon

Browse Source 
Deploying without kuryr-daemon is deprecated since Rocky and we
announced that it will be removed in the Rocky release notes. This
commit removes all the code that allows that, updates the documentation,
DevStack plugin and gates definitions.

Implements: blueprint remove-non-daemon

Change-Id: I65598d4a6ecb5c3dfde04dc5fefd7b02fc72a0cb
This commit is contained in:
Michał Dulko 2019-01-16 17:49:52 +01:00
parent 375e61a566
commit 3e3ed9dbb3
19 changed files with 83 additions and 405 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.zuul.d/base.yaml
View File

@ -76,6 +76,7 @@
kubernetes-scheduler: true
kubelet: true
kuryr-kubernetes: true
kuryr-daemon: true
zuul_copy_output:
'{{ devstack_log_dir }}/kubernetes': 'logs'
irrelevant-files:

6
.zuul.d/multi-vif.yaml
View File

@ -13,10 +13,10 @@
# limitations under the License.
- job:
name: kuryr-kubernetes-tempest-daemon-openshift-octavia-multi-vif
parent: kuryr-kubernetes-tempest-daemon-openshift-octavia
name: kuryr-kubernetes-tempest-openshift-octavia-multi-vif
parent: kuryr-kubernetes-tempest-openshift-octavia
description: |
Kuryr-Kubernetes tempest job using octavia, CNI daemon, Openshift and NPWG multi-vif driver
Kuryr-Kubernetes tempest job using octavia, Openshift and NPWG multi-vif driver
vars:
devstack_localrc:
KURYR_MULTI_VIF_DRIVER: npwg_multiple_interfaces

6
.zuul.d/multinode.yaml
View File

@ -13,7 +13,7 @@
# limitations under the License.
- job:
name: kuryr-kubernetes-tempest-multinode-daemon-octavia-containerized
name: kuryr-kubernetes-tempest-multinode-octavia-containerized
parent: kuryr-kubernetes-tempest-octavia
description: |
Kuryr-Kubernetes tempest multinode job using octavia
@ -55,8 +55,8 @@
voting: false
- job:
name: kuryr-kubernetes-tempest-multinode-daemon-octavia-ha
parent: kuryr-kubernetes-tempest-multinode-daemon-octavia-containerized
name: kuryr-kubernetes-tempest-multinode-octavia-ha
parent: kuryr-kubernetes-tempest-multinode-octavia-containerized
description: |
Kuryr-Kubernetes tempest multinode job using octavia and running
containerized in HA

77
.zuul.d/octavia.yaml
View File

@ -44,7 +44,6 @@
o-cw: true
o-hk: true
o-hm: true
kuryr-daemon: false
- job:
name: kuryr-kubernetes-tempest-octavia-centos-7
@ -53,38 +52,29 @@
voting: false
- job:
name: kuryr-kubernetes-tempest-daemon-octavia
name: kuryr-kubernetes-tempest-octavia-py36
parent: kuryr-kubernetes-tempest-octavia
description: |
Kuryr-Kubernetes tempest job using octavia and CNI daemon
vars:
devstack_services:
kuryr-daemon: true
- job:
name: kuryr-kubernetes-tempest-daemon-octavia-py36
parent: kuryr-kubernetes-tempest-daemon-octavia
description: |
Tempest with Octavia, CNI daemon with DevStack running on Python 3.6
Tempest with Octavia with DevStack running on Python 3.6
vars:
devstack_localrc:
USE_PYTHON3: true
- job:
name: kuryr-kubernetes-tempest-daemon-containerized-octavia
parent: kuryr-kubernetes-tempest-daemon-octavia
name: kuryr-kubernetes-tempest-containerized-octavia
parent: kuryr-kubernetes-tempest-octavia
description: |
Kuryr-Kubernetes tempest job using octavia, kuryr containerized and CNI daemon
Kuryr-Kubernetes tempest job using octavia, kuryr containerized
vars:
devstack_localrc:
KURYR_K8S_CONTAINERIZED_DEPLOYMENT: true
voting: false
- job:
name: kuryr-kubernetes-tempest-daemon-containerized-octavia-l2
parent: kuryr-kubernetes-tempest-daemon-containerized-octavia
name: kuryr-kubernetes-tempest-containerized-octavia-l2
parent: kuryr-kubernetes-tempest-containerized-octavia
description: |
Kuryr-Kubernetes tempest job using octavia in l2 mode, kuryr containerized and CNI daemon
Kuryr-Kubernetes tempest job using octavia in l2 mode, kuryr containerized
vars:
devstack_localrc:
KURYR_K8S_OCTAVIA_MEMBER_MODE: L2
@ -97,6 +87,9 @@
vars:
devstack_localrc:
DOCKER_CGROUP_DRIVER: "systemd"
KURYR_SUBNET_DRIVER: namespace
KURYR_SG_DRIVER: namespace
KURYR_ENABLED_HANDLERS: vif,lb,lbaasspec,namespace
devstack_services:
kubernetes-api: false
kubernetes-controller-manager: false
@ -106,26 +99,13 @@
openshift-node: true
openshift-dnsmasq: true
openshift-dns: true
- job:
name: kuryr-kubernetes-tempest-daemon-openshift-octavia
parent: kuryr-kubernetes-tempest-openshift-octavia
description: |
Kuryr-Kubernetes tempest job using octavia, CNI daemon and OpenShift
vars:
devstack_services:
kuryr-daemon: true
devstack_localrc:
KURYR_SUBNET_DRIVER: namespace
KURYR_SG_DRIVER: namespace
KURYR_ENABLED_HANDLERS: vif,lb,lbaasspec,namespace
voting: false
- job:
name: kuryr-kubernetes-tempest-daemon-containerized-octavia-pools-namespace
name: kuryr-kubernetes-tempest-containerized-octavia-pools-namespace
description: |
Tempest with Octavia, CNI daemon, containers, port pools and namespace subnet driver
parent: kuryr-kubernetes-tempest-daemon-containerized-octavia
parent: kuryr-kubernetes-tempest-containerized-octavia
vars:
devstack_localrc:
KURYR_SUBNET_DRIVER: namespace
@ -136,10 +116,10 @@
KURYR_VIF_POOL_DRIVER: neutron
- job:
name: kuryr-kubernetes-tempest-daemon-containerized-octavia-network-policy
name: kuryr-kubernetes-tempest-containerized-octavia-network-policy
description: |
Tempest with Octavia, CNI daemon, containers and network policy driver
parent: kuryr-kubernetes-tempest-daemon-containerized-octavia
parent: kuryr-kubernetes-tempest-containerized-octavia
vars:
tempest_test_regex: '^(kuryr_tempest_plugin.tests.scenario.test_network_policy.TestNetworkPolicyScenario)'
devstack_localrc:
@ -149,11 +129,10 @@
voting: false
- job:
name: kuryr-kubernetes-tempest-daemon-containerized-octavia-py36
name: kuryr-kubernetes-tempest-containerized-octavia-py36
description: |
Tempest with Octavia, CNI daemon, containers with Kuryr running on
Python3.6 containers
parent: kuryr-kubernetes-tempest-daemon-containerized-octavia
Tempest with Octavia and Kuryr running on Python3.6 containers
parent: kuryr-kubernetes-tempest-containerized-octavia
vars:
devstack_localrc:
KURYR_CONTAINERS_USE_PY3: True
@ -161,17 +140,17 @@
voting: true
- job:
name: kuryr-kubernetes-tempest-daemon-containerized-openshift-octavia
description: Tempest with Octavia, CNI daemon enabled, containers and OpenShift
parent: kuryr-kubernetes-tempest-daemon-openshift-octavia
name: kuryr-kubernetes-tempest-containerized-openshift-octavia
description: Tempest with Octavia, containers and OpenShift
parent: kuryr-kubernetes-tempest-openshift-octavia
vars:
devstack_localrc:
KURYR_K8S_CONTAINERIZED_DEPLOYMENT: true
- job:
name: kuryr-kubernetes-tempest-daemon-containerized-openshift-octavia-serial
description: Tempest with Octavia running in serial, CNI daemon enabled, containers and OpenShift
parent: kuryr-kubernetes-tempest-daemon-containerized-openshift-octavia
name: kuryr-kubernetes-tempest-containerized-openshift-octavia-serial
description: Tempest with Octavia running in serial, containers and OpenShift
parent: kuryr-kubernetes-tempest-containerized-openshift-octavia
vars:
devstack_localrc:
KURYR_K8S_SERIAL_TESTS: True
@ -179,8 +158,8 @@
- job:
name: kuryr-kubernetes-tempest-daemon-openshift-octavia-ingress
parent: kuryr-kubernetes-tempest-daemon-openshift-octavia
name: kuryr-kubernetes-tempest-openshift-octavia-ingress
parent: kuryr-kubernetes-tempest-openshift-octavia
description: |
Kuryr-Kubernetes tempest job using octavia, ingress controller and OpenShift
vars:
@ -190,8 +169,8 @@
voting: false
- job:
name: kuryr-kubernetes-tempest-daemon-containerized-octavia-crio
parent: kuryr-kubernetes-tempest-daemon-containerized-octavia
name: kuryr-kubernetes-tempest-containerized-octavia-crio
parent: kuryr-kubernetes-tempest-containerized-octavia
nodeset: openstack-single-node-bionic
vars:
devstack_localrc:

38
.zuul.d/project.yaml
View File

@ -17,33 +17,31 @@
check:
jobs:
- kuryr-kubernetes-tempest-octavia
- kuryr-kubernetes-tempest-daemon-octavia
- kuryr-kubernetes-tempest-daemon-openshift-octavia
- kuryr-kubernetes-tempest-daemon-containerized-octavia
- kuryr-kubernetes-tempest-daemon-containerized-ovn
- kuryr-kubernetes-tempest-daemon-octavia-py36
- kuryr-kubernetes-tempest-daemon-containerized-octavia-py36
- kuryr-kubernetes-tempest-multinode-daemon-octavia-containerized
- kuryr-kubernetes-tempest-openshift-octavia
- kuryr-kubernetes-tempest-containerized-octavia
- kuryr-kubernetes-tempest-containerized-ovn
- kuryr-kubernetes-tempest-octavia-py36
- kuryr-kubernetes-tempest-containerized-octavia-py36
- kuryr-kubernetes-tempest-multinode-octavia-containerized
- kuryr-kubernetes-tempest-octavia-centos-7
gate:
jobs:
- kuryr-kubernetes-tempest-octavia
- kuryr-kubernetes-tempest-daemon-octavia
- kuryr-kubernetes-tempest-daemon-octavia-py36
- kuryr-kubernetes-tempest-daemon-containerized-octavia-py36
- kuryr-kubernetes-tempest-octavia-py36
- kuryr-kubernetes-tempest-containerized-octavia-py36
experimental:
jobs:
- kuryr-kubernetes-tempest-dragonflow
- kuryr-kubernetes-tempest-daemon-containerized-openshift-octavia
- kuryr-kubernetes-tempest-daemon-containerized-octavia-l2
- kuryr-kubernetes-tempest-daemon-containerized-octavia-pools-namespace
- kuryr-kubernetes-tempest-daemon-containerized-octavia-network-policy
- kuryr-kubernetes-tempest-daemon-containerized-openshift-octavia-serial
- kuryr-kubernetes-tempest-daemon-ovn
- kuryr-kubernetes-tempest-daemon-openshift-octavia-ingress
- kuryr-kubernetes-tempest-daemon-openshift-octavia-multi-vif
- kuryr-kubernetes-tempest-multinode-daemon-octavia-ha
- kuryr-kubernetes-tempest-daemon-containerized-octavia-crio
- kuryr-kubernetes-tempest-containerized-openshift-octavia
- kuryr-kubernetes-tempest-containerized-octavia-l2
- kuryr-kubernetes-tempest-containerized-octavia-pools-namespace
- kuryr-kubernetes-tempest-containerized-octavia-network-policy
- kuryr-kubernetes-tempest-containerized-openshift-octavia-serial
- kuryr-kubernetes-tempest-ovn
- kuryr-kubernetes-tempest-openshift-octavia-ingress
- kuryr-kubernetes-tempest-openshift-octavia-multi-vif
- kuryr-kubernetes-tempest-multinode-octavia-ha
- kuryr-kubernetes-tempest-containerized-octavia-crio
- project:
templates:

14
.zuul.d/sdn.yaml
View File

@ -41,23 +41,13 @@
q-dhcp: false
q-meta: false
q-trunk: true
kuryr-daemon: true
voting: false
- job:
name: kuryr-kubernetes-tempest-daemon-ovn
name: kuryr-kubernetes-tempest-containerized-ovn
parent: kuryr-kubernetes-tempest-ovn
description: |
Kuryr-Kubernetes tempest job using OVN, CNI daemon
vars:
devstack_services:
kuryr-daemon: true
- job:
name: kuryr-kubernetes-tempest-daemon-containerized-ovn
parent: kuryr-kubernetes-tempest-daemon-ovn
description: |
Kuryr-Kubernetes tempest job using OVN, CNI daemon and Containerized
Kuryr-Kubernetes tempest job using OVN and Containerized
vars:
devstack_localrc:
KURYR_K8S_CONTAINERIZED_DEPLOYMENT: true

7
cni_ds_init
View File

@ -61,9 +61,4 @@ EOF
cleanup
deploy
# Start CNI daemon if required
if [ "$CNI_DAEMON" == "True" ]; then
exec kuryr-daemon --config-file /etc/kuryr/kuryr.conf
else
exec sleep infinity
fi
exec kuryr-daemon --config-file /etc/kuryr/kuryr.conf

13
devstack/lib/kuryr_kubernetes
View File

@ -583,9 +583,8 @@ EOF
function generate_cni_daemon_set() {
output_dir=$1
cni_health_server_port=$2
cni_daemon=${3:-False}
cni_bin_dir=${4:-/opt/cni/bin}
cni_conf_dir=${5:-/etc/cni/net.d}
cni_bin_dir=${3:-/opt/cni/bin}
cni_conf_dir=${4:-/etc/cni/net.d}
mkdir -p "$output_dir"
rm -f ${output_dir}/cni_ds.yml
cat >> "${output_dir}/cni_ds.yml" << EOF
@ -624,8 +623,6 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: CNI_DAEMON
value: "${cni_daemon}"
securityContext:
privileged: true
volumeMounts:
@ -645,8 +642,7 @@ EOF
mountPath: /var/run
EOF
fi
if [ "$cni_daemon" == "True" ]; then
cat >> "${output_dir}/cni_ds.yml" << EOF
cat >> "${output_dir}/cni_ds.yml" << EOF
readinessProbe:
httpGet:
path: /ready
@ -659,9 +655,6 @@ EOF
path: /alive
port: ${cni_health_server_port}
initialDelaySeconds: 60
EOF
fi
cat >> "${output_dir}/cni_ds.yml" << EOF
volumes:
- name: bin
hostPath:

19
devstack/plugin.sh
View File

@ -99,8 +99,6 @@ function configure_kuryr {
iniset "$KURYR_CONFIG" cni_health_server cg_path \
"/system.slice/system-devstack.slice/devstack@kuryr-daemon.service"
fi
else
iniset "$KURYR_CONFIG" cni_daemon daemon_enabled False
fi
create_kuryr_cache_dir
@ -131,8 +129,6 @@ function configure_kuryr {
}
function generate_containerized_kuryr_resources {
local cni_daemon
cni_daemon=$1
if [[ $KURYR_CONTROLLER_REPLICAS -eq 1 ]]; then
KURYR_CONTROLLER_HA="False"
else
@ -892,9 +888,6 @@ function update_tempest_conf_file {
if [[ "$KURYR_ENABLED_HANDLERS" =~ .*policy.* ]]; then
iniset $TEMPEST_CONFIG kuryr_kubernetes network_policy_enabled True
fi
if ! is_service_enabled kuryr-daemon; then
iniset $TEMPEST_CONFIG kuryr_kubernetes kuryr_daemon_enabled False
fi
# NOTE(yboaron): Services with protocol UDP are supported in Kuryr
# starting from Stein release
iniset $TEMPEST_CONFIG kuryr_kubernetes test_udp_services True
@ -1038,11 +1031,7 @@ if [[ "$1" == "stack" && "$2" == "extra" ]]; then
KURYR_FORCE_IMAGE_BUILD=$(trueorfalse False KURYR_FORCE_IMAGE_BUILD)
if is_service_enabled kuryr-kubernetes || [[ ${KURYR_FORCE_IMAGE_BUILD} == "True" ]]; then
if [ "$KURYR_K8S_CONTAINERIZED_DEPLOYMENT" == "True" ]; then
if is_service_enabled kuryr-daemon; then
build_kuryr_containers True
else
build_kuryr_containers False
fi
build_kuryr_containers
fi
fi
@ -1050,11 +1039,7 @@ if [[ "$1" == "stack" && "$2" == "extra" ]]; then
/usr/local/bin/kubectl apply -f ${KURYR_HOME}/kubernetes_crds/kuryrnet.yaml
/usr/local/bin/kubectl apply -f ${KURYR_HOME}/kubernetes_crds/kuryrnetpolicy.yaml
if [ "$KURYR_K8S_CONTAINERIZED_DEPLOYMENT" == "True" ]; then
if is_service_enabled kuryr-daemon; then
generate_containerized_kuryr_resources True
else
generate_containerized_kuryr_resources False
fi
generate_containerized_kuryr_resources
fi
if [ "$KURYR_MULTI_VIF_DRIVER" == "npwg_multiple_interfaces" ]; then
/usr/local/bin/kubectl apply -f ${KURYR_HOME}/kubernetes_crds/network_attachment_definition_crd.yaml

61
doc/source/devref/kuryr_kubernetes_design.rst
View File

@ -194,19 +194,27 @@ CNI driver to complete pod handling.
The NeutronPodVifDriver is the default driver that creates neutron port upon
Pod addition and deletes port upon Pod removal.
CNI Driver
----------
CNI driver is just a thin client that passes CNI ADD and DEL requests to
kuryr-daemon instance via its HTTP API. It's simple Python executable that is
supposed to be called by kublet's CNI.
.. _cni-daemon:
CNI Daemon
----------
CNI Daemon is a service that should run on every Kubernetes node. Starting from
Rocky release it should be seen as a default supported deployment option.
It is responsible for watching pod events on the node it's running on,
answering calls from CNI Driver and attaching VIFs when they are ready. In the
future it will also keep information about pooled ports in memory. This helps
to limit the number of processes spawned when creating multiple Pods, as a
single Watcher is enough for each node and CNI Driver will only wait on local
network socket for response from the Daemon.
Rocky release it should be seen as a default supported deployment option. And
running without it is impossible starting from Stein release. It is responsible
for watching pod events on the node it's running on, answering calls from CNI
Driver and attaching VIFs when they are ready. In the future it will also keep
information about pooled ports in memory. This helps to limit the number of
processes spawned when creating multiple Pods, as a single Watcher is enough
for each node and CNI Driver will only wait on local network socket for
response from the Daemon.
Currently CNI Daemon consists of two processes i.e. Watcher and Server.
Processes communicate between each other using Python's
@ -229,7 +237,7 @@ expected to be JSON).
For reference see updated pod creation flow diagram:
.. image:: ../../images/pod_creation_flow_daemon.png
.. image:: ../../images/pod_creation_flow.png
:alt: Controller-CNI-daemon interaction
:align: center
:width: 100%
@ -255,43 +263,6 @@ deserialized using o.vo's ``obj_from_primitive()`` method.
When running in daemonized mode, CNI Driver will call CNI Daemon over those APIs
to perform its tasks and wait on socket for result.
CNI Driver (deprecated)
-----------------------
.. warning::
Running with CNI Driver in this mode is deprecated since Rocky release.
Currently the preferred way of deploying kuryr-kubernetes is with
kuryr-daemon that takes over most of the CNI Driver tasks. In that case CNI
driver becomes a thin client that passes CNI ADD and DEL requests to
kuryr-daemon instance via its HTTP API.
Kuryr kubernetes integration takes advantage of the kubernetes `CNI plugin
<http://kubernetes.io/docs/admin/network-plugins/#cni>`_ and introduces
Kuryr-K8s CNI Driver. Based on design decision, kuryr-kubernetes
CNI Driver should get all information required to plug and bind Pod via
kubernetes control plane and should not depend on Neutron. CNI plugin/driver
is invoked in a blocking manner by kubelet (Kubernetes node agent), therefore
it is expected to return when either success or error state determined.
Kuryr-K8s CNI Driver has 2 sources for Pod binding information: kubelet/node
environment and Kubernetes API. The Kuryr-K8s Controller Service and CNI share the
contract that defines Pod annotation that Controller Server adds and CNI
driver reads. The contract is `os_vif VIF
<https://github.com/openstack/os-vif/blob/master/os_vif/objects/vif.py>`_
With VIF object loaded from the Pod object annotation, the CNI driver performs
Pod plugging. Kuryr-K8s CNI driver uses ov_vif library to perform Pod plug and
unplug operations. The CNI driver should complete its job and return control to
Kubelet when all the network plugging is completed.
In the cases when Neutron initially creates port in 'Down' state, CNI driver
will plug the Pod, but will have to watch the Pod annotations for vif state
change to 'Active' before returning the control to the caller.
.. image:: ../../images/pod_creation_flow.png
:alt: Controller-CNI interaction
:align: center
:width: 100%
Kubernetes Documentation
------------------------

3
doc/source/installation/devstack/basic.rst
View File

@ -48,9 +48,6 @@ Now edit ``devstack/local.conf`` to set up some initial options:
omitted.
* If you already have Docker installed on the machine, you can comment out line
starting with ``enable_plugin devstack-plugin-container``.
* If you want to disable kuryr-daemon add ``disable_service kuryr-daemon``
line. Please note that running without kuryr-daemon was deprecated in Rocky
release.
Once ``local.conf`` is configured, you can start the installation: ::

20
kuryr_kubernetes/cni/api.py
View File

@ -26,7 +26,6 @@ from os_vif.objects import base
from oslo_log import log as logging
from oslo_serialization import jsonutils
from kuryr_kubernetes.cni import utils
from kuryr_kubernetes import config
from kuryr_kubernetes import constants as k_const
from kuryr_kubernetes import exceptions as k_exc
@ -129,25 +128,6 @@ class CNIRunner(object):
return result
class CNIStandaloneRunner(CNIRunner):
def __init__(self, plugin):
self._plugin = plugin
def _add(self, params):
vif = self._plugin.add(params)
return self._vif_data(vif, params)
def _delete(self, params):
self._plugin.delete(params)
def prepare_env(self, env, stdin):
return utils.CNIParameters(env, stdin)
def get_container_id(self, params):
return params.CNI_CONTAINERID
class CNIDaemonizedRunner(CNIRunner):
def _add(self, params):

10
kuryr_kubernetes/cni/main.py
View File

@ -21,11 +21,9 @@ import sys
import os_vif
from oslo_config import cfg
from oslo_log import log as logging
from oslo_log import versionutils
from oslo_serialization import jsonutils
from kuryr_kubernetes.cni import api as cni_api
from kuryr_kubernetes.cni.plugins import k8s_cni
from kuryr_kubernetes.cni import utils
from kuryr_kubernetes import config
from kuryr_kubernetes import constants as k_const
@ -56,13 +54,7 @@ def run():
k_objects.register_locally_defined_vifs()
os_vif.initialize()
if CONF.cni_daemon.daemon_enabled:
runner = cni_api.CNIDaemonizedRunner()
else:
versionutils.deprecation_warning(
'Deploying kuryr-kubernetes without kuryr-daemon service', 'R')
runner = cni_api.CNIStandaloneRunner(k8s_cni.K8sCNIPlugin())
LOG.info("Using '%s' ", runner.__class__.__name__)
runner = cni_api.CNIDaemonizedRunner()
def _timeout(signum, frame):
runner._write_dict(sys.stdout, {

49
kuryr_kubernetes/cni/plugins/k8s_cni.py
View File

@ -1,49 +0,0 @@
# Copyright (c) 2016 Mirantis, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from kuryr_kubernetes import clients
from kuryr_kubernetes.cni import handlers as h_cni
from kuryr_kubernetes.cni.plugins import base as base_cni
from kuryr_kubernetes import constants as k_const
from kuryr_kubernetes import watcher as k_watcher
class K8sCNIPlugin(base_cni.CNIPlugin):
def add(self, params):
self._setup(params)
self._pipeline.register(h_cni.AddHandler(params, self._done))
self._watcher.start()
return self._vif
def delete(self, params):
self._setup(params)
self._pipeline.register(h_cni.DelHandler(params, self._done))
self._watcher.start()
def _done(self, vif):
self._vif = vif
self._watcher.stop()
def _setup(self, params):
clients.setup_kubernetes_client()
self._pipeline = h_cni.CNIPipeline()
self._watcher = k_watcher.Watcher(self._pipeline)
self._watcher.add(
"%(base)s/namespaces/%(namespace)s/pods"
"?fieldSelector=metadata.name=%(pod)s" % {
'base': k_const.K8S_API_BASE,
'namespace': params.args.K8S_POD_NAMESPACE,
'pod': params.args.K8S_POD_NAME})

7
kuryr_kubernetes/config.py
View File

@ -31,13 +31,6 @@ kuryr_k8s_opts = [
]
daemon_opts = [
cfg.BoolOpt('daemon_enabled',
help=_('Enable CNI Daemon configuration.'),
default=True,
deprecated_for_removal=True,
deprecated_reason="Deployment without kuryr-daemon is now "
"deprecated.",
deprecated_since="Rocky"),
cfg.StrOpt('bind_address',
help=_('Bind address for CNI daemon HTTP server. It is '
'recommened to allow only local connections.'),

67
kuryr_kubernetes/tests/unit/cni/plugins/test_k8s_cni.py
View File

@ -1,67 +0,0 @@
# Copyright (c) 2017 NEC Corporation.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import mock
from kuryr_kubernetes.cni.plugins import k8s_cni
from kuryr_kubernetes import constants
from kuryr_kubernetes.tests import base as test_base
class TestK8sCNIPlugin(test_base.TestCase):
@mock.patch('kuryr_kubernetes.watcher.Watcher')
@mock.patch('kuryr_kubernetes.cni.handlers.CNIPipeline')
@mock.patch('kuryr_kubernetes.cni.handlers.DelHandler')
@mock.patch('kuryr_kubernetes.cni.handlers.AddHandler')
def _test_method(self, method, m_add_handler, m_del_handler, m_cni_pipe,
m_watcher_class):
self.passed_handler = None
def _save_handler(params, handler):
self.passed_handler = handler
def _call_handler(*args):
self.passed_handler(mock.sentinel.vif)
m_add_handler.side_effect = _save_handler
m_del_handler.side_effect = _save_handler
m_watcher = mock.MagicMock(
add=mock.MagicMock(),
start=mock.MagicMock(side_effect=_call_handler))
m_watcher_class.return_value = m_watcher
m_params = mock.MagicMock()
m_params.args.K8S_POD_NAMESPACE = 'k8s_pod_namespace'
m_params.args.K8S_POD_NAME = 'k8s_pod'
cni_plugin = k8s_cni.K8sCNIPlugin()
result = getattr(cni_plugin, method)(m_params)
self.assertEqual(mock.sentinel.vif, cni_plugin._vif)
m_watcher.add.assert_called_with(
"%(base)s/namespaces/%(namespace)s/pods"
"?fieldSelector=metadata.name=%(pod)s" % {
'base': constants.K8S_API_BASE,
'namespace': m_params.args.K8S_POD_NAMESPACE,
'pod': m_params.args.K8S_POD_NAME})
return result
def test_add(self):
result = self._test_method('add')
self.assertEqual(result, mock.sentinel.vif)
def test_delete(self):
self._test_method('delete')

57
kuryr_kubernetes/tests/unit/cni/test_api.py
View File

@ -22,7 +22,6 @@ from oslo_config import cfg
from oslo_serialization import jsonutils
from kuryr_kubernetes.cni import api
from kuryr_kubernetes.cni.plugins import k8s_cni
from kuryr_kubernetes.tests import base as test_base
from kuryr_kubernetes.tests import fake
@ -51,62 +50,6 @@ class TestCNIRunnerMixin(object):
self.assertEqual(api.CNIRunner.VERSION, result['cniVersion'])
class TestCNIStandaloneRunner(test_base.TestCase, TestCNIRunnerMixin):
def setUp(self):
super(TestCNIStandaloneRunner, self).setUp()
self.runner = api.CNIStandaloneRunner(k8s_cni.K8sCNIPlugin())
@mock.patch('kuryr_kubernetes.cni.plugins.k8s_cni.K8sCNIPlugin.add')
def test_run_add(self, m_k8s_add):
vif = fake._fake_vif()
m_k8s_add.return_value = vif
m_fin = StringIO()
m_fout = StringIO()
container_id = 'a4181c680a39'
env = {
'CNI_COMMAND': 'ADD',
'CNI_CONTAINERID': container_id,
'CNI_ARGS': 'foo=bar',
}
self.runner.run(env, m_fin, m_fout)
self.assertTrue(m_k8s_add.called)
self.assertEqual('foo=bar', m_k8s_add.call_args[0][0].CNI_ARGS)
result = jsonutils.loads(m_fout.getvalue())
self.assertDictEqual(
{"cniVersion": '0.3.1',
"dns": {"nameservers": ["192.168.0.1"]},
"ips": [
{
"version": "4",
"gateway": "192.168.0.1",
"address": "192.168.0.2/24",
"interface": 0,
}],
"interfaces": [
{
"name": vif.vif_name,
"mac": vif.address,
"sandbox": container_id,
}],
"routes": []},
result)
@mock.patch('kuryr_kubernetes.cni.plugins.k8s_cni.K8sCNIPlugin.delete')
def test_run_del(self, m_k8s_delete):
vif = fake._fake_vif()
m_k8s_delete.return_value = vif
m_fin = StringIO()
m_fout = StringIO()
env = {
'CNI_COMMAND': 'DEL',
'CNI_CONTAINERID': 'a4181c680a39',
'CNI_ARGS': 'foo=bar',
}
self.runner.run(env, m_fin, m_fout)
self.assertTrue(m_k8s_delete.called)
self.assertEqual('foo=bar', m_k8s_delete.call_args[0][0].CNI_ARGS)
@mock.patch('requests.post')
class TestCNIDaemonizedRunner(test_base.TestCase, TestCNIRunnerMixin):
def setUp(self):

28
kuryr_kubernetes/tests/unit/cni/test_main.py
View File

@ -15,8 +15,6 @@
import mock
from oslo_config import cfg
from kuryr_kubernetes.cni import main
from kuryr_kubernetes.tests import base as test_base
@ -37,32 +35,6 @@ class TestCNIMain(test_base.TestCase):
m_cni_dr.return_value = mock.MagicMock()
m_cni_daemon = m_cni_dr.return_value
cfg.CONF.set_override('daemon_enabled', True, group='cni_daemon')
main.run()
m_config_init.assert_called()
m_setup_logging.assert_called()
m_cni_daemon.run.assert_called()
m_sysexit.assert_called()
@mock.patch('kuryr_kubernetes.cni.main.jsonutils.load')
@mock.patch('sys.exit')
@mock.patch('sys.stdin')
@mock.patch('kuryr_kubernetes.cni.utils.CNIConfig')
@mock.patch('kuryr_kubernetes.cni.api')
@mock.patch('kuryr_kubernetes.config.init')
@mock.patch('kuryr_kubernetes.config.setup_logging')
@mock.patch('kuryr_kubernetes.cni.api.CNIStandaloneRunner')
def test_standalone_run(self, m_cni_sr, m_setup_logging, m_config_init,
m_api, m_conf, m_sys, m_sysexit, m_json):
m_conf.debug = mock.Mock()
m_conf.debug.return_value = True
m_cni_sr.return_value = mock.MagicMock()
m_cni_daemon = m_cni_sr.return_value
cfg.CONF.set_override('daemon_enabled', False, group='cni_daemon')
main.run()
m_config_init.assert_called()

5
releasenotes/notes/remove-non-daemon-836e4825384b1b88.yaml Normal file
View File

@ -0,0 +1,5 @@
---
upgrade:
- |
As announced, possiblity of running Kuryr-Kubernetes without kuryr-daemon
service is now removed from the project and considered not supported.