05cdb9cd4f
This patch ensures the controller healthchecks do not set the controller as not Ready due to missing CRDs when deploying without namespace and/or policy handlers. In that case the CRDs are not needed Closes-Bug: 1808966 Change-Id: I685f9a47605da86504619983848b8ef73d71b332
194 lines
7.6 KiB
Python
194 lines
7.6 KiB
Python
# Copyright 2018 Red Hat, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
from oslo_cache import core as cache
|
|
from oslo_config import cfg as oslo_cfg
|
|
from oslo_log import log as logging
|
|
|
|
from kuryr_kubernetes import clients
|
|
from kuryr_kubernetes import constants
|
|
from kuryr_kubernetes.controller.drivers import base as drivers
|
|
from kuryr_kubernetes import exceptions
|
|
from kuryr_kubernetes.handlers import k8s_base
|
|
from kuryr_kubernetes import utils
|
|
|
|
from neutronclient.common import exceptions as n_exc
|
|
|
|
LOG = logging.getLogger(__name__)
|
|
|
|
namespace_handler_caching_opts = [
|
|
oslo_cfg.BoolOpt('caching', default=True),
|
|
oslo_cfg.IntOpt('cache_time', default=120),
|
|
]
|
|
|
|
oslo_cfg.CONF.register_opts(namespace_handler_caching_opts,
|
|
"namespace_handler_caching")
|
|
|
|
cache.configure(oslo_cfg.CONF)
|
|
namespace_handler_cache_region = cache.create_region()
|
|
MEMOIZE = cache.get_memoization_decorator(
|
|
oslo_cfg.CONF, namespace_handler_cache_region, "namespace_handler_caching")
|
|
|
|
cache.configure_cache_region(oslo_cfg.CONF, namespace_handler_cache_region)
|
|
|
|
|
|
class NamespaceHandler(k8s_base.ResourceEventHandler):
|
|
OBJECT_KIND = constants.K8S_OBJ_NAMESPACE
|
|
OBJECT_WATCH_PATH = "%s/%s" % (constants.K8S_API_BASE, "namespaces")
|
|
|
|
def __init__(self):
|
|
super(NamespaceHandler, self).__init__()
|
|
self._drv_project = drivers.NamespaceProjectDriver.get_instance()
|
|
self._drv_subnets = drivers.PodSubnetsDriver.get_instance()
|
|
self._drv_sg = drivers.PodSecurityGroupsDriver.get_instance()
|
|
self._drv_vif_pool = drivers.VIFPoolDriver.get_instance(
|
|
specific_driver='multi_pool')
|
|
self._drv_vif_pool.set_vif_driver()
|
|
|
|
def on_present(self, namespace):
|
|
ns_name = namespace['metadata']['name']
|
|
project_id = self._drv_project.get_project(namespace)
|
|
net_crd_id = self._get_net_crd_id(namespace)
|
|
if net_crd_id:
|
|
LOG.debug("CRD existing at the new namespace")
|
|
return
|
|
|
|
LOG.debug("Creating network resources for namespace: %s", ns_name)
|
|
net_crd_spec = self._drv_subnets.create_namespace_network(ns_name,
|
|
project_id)
|
|
try:
|
|
net_crd_sg = self._drv_sg.create_namespace_sg(ns_name, project_id,
|
|
net_crd_spec)
|
|
except n_exc.NeutronClientException:
|
|
LOG.exception("Error creating security group for the namespace. "
|
|
"Rolling back created network resources.")
|
|
self._drv_subnets.rollback_network_resources(net_crd_spec, ns_name)
|
|
raise
|
|
if net_crd_sg:
|
|
net_crd_spec.update(net_crd_sg)
|
|
else:
|
|
LOG.debug("No SG created for the namespace. Namespace isolation "
|
|
"will not be enforced.")
|
|
|
|
# create CRD resource for the network
|
|
try:
|
|
net_crd = self._add_kuryrnet_crd(ns_name, net_crd_spec)
|
|
self._set_net_crd(namespace, net_crd)
|
|
except exceptions.K8sClientException:
|
|
LOG.exception("Kuryrnet CRD could not be added. Rolling back "
|
|
"network resources created for the namespace.")
|
|
self._drv_subnets.rollback_network_resources(net_crd_spec, ns_name)
|
|
self._drv_sg.delete_sg(net_crd_sg['sgId'])
|
|
|
|
def on_deleted(self, namespace):
|
|
LOG.debug("Deleting namespace: %s", namespace)
|
|
net_crd_id = self._get_net_crd_id(namespace)
|
|
if not net_crd_id:
|
|
LOG.warning("There is no CRD annotated at the namespace %s",
|
|
namespace)
|
|
return
|
|
net_crd = self._get_net_crd(net_crd_id)
|
|
|
|
self._drv_vif_pool.delete_network_pools(net_crd['spec']['netId'])
|
|
self._drv_subnets.delete_namespace_subnet(net_crd)
|
|
sg_id = net_crd['spec'].get('sgId')
|
|
if sg_id:
|
|
self._drv_sg.delete_sg(sg_id)
|
|
else:
|
|
LOG.debug("There is no security group associated with the "
|
|
"namespace to be deleted")
|
|
|
|
self._del_kuryrnet_crd(net_crd_id)
|
|
|
|
def is_ready(self, quota):
|
|
if not utils.has_kuryr_crd(constants.K8S_API_CRD_KURYRNETS):
|
|
return False
|
|
return self._check_quota(quota)
|
|
|
|
@MEMOIZE
|
|
def _check_quota(self, quota):
|
|
neutron = clients.get_neutron_client()
|
|
resources = {'subnet': neutron.list_subnets,
|
|
'network': neutron.list_networks,
|
|
'security_group': neutron.list_security_groups}
|
|
|
|
for resource, neutron_func in resources.items():
|
|
resource_quota = quota[resource]
|
|
resource_name = resource + 's'
|
|
if utils.has_limit(resource_quota):
|
|
if not utils.is_available(resource_name, resource_quota,
|
|
neutron_func):
|
|
return False
|
|
return True
|
|
|
|
def _get_net_crd_id(self, namespace):
|
|
try:
|
|
annotations = namespace['metadata']['annotations']
|
|
net_crd_id = annotations[constants.K8S_ANNOTATION_NET_CRD]
|
|
except KeyError:
|
|
return None
|
|
return net_crd_id
|
|
|
|
def _get_net_crd(self, net_crd_id):
|
|
k8s = clients.get_kubernetes_client()
|
|
try:
|
|
kuryrnet_crd = k8s.get('%s/kuryrnets/%s' % (constants.K8S_API_CRD,
|
|
net_crd_id))
|
|
except exceptions.K8sClientException:
|
|
LOG.exception("Kubernetes Client Exception.")
|
|
raise
|
|
return kuryrnet_crd
|
|
|
|
def _set_net_crd(self, namespace, net_crd):
|
|
LOG.debug("Setting CRD annotations: %s", net_crd)
|
|
|
|
k8s = clients.get_kubernetes_client()
|
|
k8s.annotate(namespace['metadata']['selfLink'],
|
|
{constants.K8S_ANNOTATION_NET_CRD:
|
|
net_crd['metadata']['name']},
|
|
resource_version=namespace['metadata']['resourceVersion'])
|
|
|
|
def _add_kuryrnet_crd(self, namespace, net_crd_spec):
|
|
kubernetes = clients.get_kubernetes_client()
|
|
net_crd_name = "ns-" + namespace
|
|
spec = {k: v for k, v in net_crd_spec.items()}
|
|
net_crd = {
|
|
'apiVersion': 'openstack.org/v1',
|
|
'kind': 'KuryrNet',
|
|
'metadata': {
|
|
'name': net_crd_name,
|
|
'annotations': {
|
|
'namespaceName': namespace,
|
|
}
|
|
},
|
|
'spec': spec,
|
|
}
|
|
try:
|
|
kubernetes.post('%s/kuryrnets' % constants.K8S_API_CRD, net_crd)
|
|
except exceptions.K8sClientException:
|
|
LOG.exception("Kubernetes Client Exception creating kuryrnet "
|
|
"CRD.")
|
|
raise
|
|
return net_crd
|
|
|
|
def _del_kuryrnet_crd(self, net_crd_name):
|
|
kubernetes = clients.get_kubernetes_client()
|
|
try:
|
|
kubernetes.delete('%s/kuryrnets/%s' % (constants.K8S_API_CRD,
|
|
net_crd_name))
|
|
except exceptions.K8sClientException:
|
|
LOG.exception("Kubernetes Client Exception deleting kuryrnet "
|
|
"CRD.")
|
|
raise
|