Merge pull request #692 from magicsong/nsnp

✨support calico with k8s storage

Merge pull request #692 from magicsong/nsnp
✨support calico with k8s storage
746248ab · KubeSphere CI Bot · GitHub · 4e4664ef · d3e694c6 · 746248ab
18 changed file
--- a/Makefile
+++ b/Makefile
@@ -124,3 +124,7 @@ CONTROLLER_GEN=$(GOBIN)/controller-gen
 else
 CONTROLLER_GEN=$(shell which controller-gen)
 endif
+
+network-rbac:
+	$(CONTROLLER_GEN) paths=./pkg/controller/network/provider/ paths=./pkg/controller/network/ rbac:roleName=network-manager output:rbac:artifacts:config=kustomize/network/calico-k8s
+	$(CONTROLLER_GEN) paths=./pkg/controller/network/ rbac:roleName=network-manager output:rbac:artifacts:config=kustomize/network/calico-etcd
--- a/cmd/ks-network/main.go
+++ b/cmd/ks-network/main.go
@@ -12,6 +12,7 @@ var opt runoption.RunOption
 func init() {
 	flag.StringVar(&opt.ProviderName, "np-provider", "calico", "specify the network policy provider, k8s or calico")
 	flag.BoolVar(&opt.AllowInsecureEtcd, "allow-insecure-etcd", false, "specify allow connect to etcd using insecure http")
+	flag.StringVar(&opt.DataStoreType, "datastore-type", "k8s", "specify the datastore type of calico")
 	//TODO add more flags
 }


--- a/kustomize/network/kustomization.yaml
+++ b/kustomize/network/kustomization.yaml
+bases:
+- ../crds
+
 resources:
  - network.yaml
-  - crds/wsnp.yaml
-  - crds/nsnp.yaml
  - rbac/role.yaml
  - rbac/role_binding.yaml

@@ -19,4 +20,4 @@ secretGenerator:
 patchesStrategicMerge:
  - patch_image_name.yaml

-namespace: network-test-90fa3885
+namespace: network-test-f22e8ea9
--- a/kustomize/network/network.yaml
+++ b/kustomize/network/network.yaml
--- a/kustomize/network/patch_image_name.yaml
+++ b/kustomize/network/patch_image_name.yaml
@@ -8,5 +8,5 @@ spec:
    spec:
      containers:
      # Change the value of image field below to your controller image URL
-      - image: magicsong/ks-network:90fa3885
+      - image: magicsong/ks-network:f22e8ea9
        name: manager
--- a/kustomize/network/patch_role_binding.yaml
+++ b/kustomize/network/patch_role_binding.yaml
@@ -5,4 +5,4 @@ metadata:
 subjects:
 - kind: ServiceAccount
  name: default
-  namespace: network-test-90fa3885
+  namespace: network-test-f22e8ea9
--- a/kustomize/network/calico-etcd/role.yaml
+++ b/kustomize/network/calico-etcd/role.yaml
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  name: network-manager
+rules:
+- apiGroups:
+  - network.kubesphere.io
+  resources:
+  - namespacenetworkpolicies
+  - workspacenetworkpolicies
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - tenant.kubesphere.io
+  resources:
+  - workspaces
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
--- a/kustomize/network/rbac/role_binding.yaml
+++ b/kustomize/network/rbac/role_binding.yaml
--- a/kustomize/network/calico-k8s/kustomization.yaml
+++ b/kustomize/network/calico-k8s/kustomization.yaml
+bases:
+- ../crds
+
+resources:
+- network.yaml
+- role.yaml
+
+patchesStrategicMerge:
+  - patch_image_name.yaml
+
+namespace: network-test-f22e8ea9
--- a/kustomize/network/calico-k8s/network.yaml
+++ b/kustomize/network/calico-k8s/network.yaml
+apiVersion: v1
+kind: Namespace
+metadata:
+  name:  network-system
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: network-manager
+  namespace: network-system
+  labels:
+    control-plane: network-manager
+spec:
+  selector:
+    matchLabels:
+      control-plane: network-manager
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        control-plane: network-manager
+    spec:
+      nodeSelector:
+        node-role.kubernetes.io/master: ""
+      tolerations:
+        - key: "CriticalAddonsOnly"
+          operator: "Exists"
+        - key: "node-role.kubernetes.io/master"
+          effect: NoSchedule
+      serviceAccountName: network-manager
+      containers:
+      - command:
+        - /ks-network
+        args:
+          - -v=4
+          - np-provider=calico
+          - datastore-type=k8s
+        image: network:latest
+        imagePullPolicy: Always
+        name: manager
+        resources:
+          limits:
+            cpu: 100m
+            memory: 30Mi
+          requests:
+            cpu: 100m
+            memory: 20Mi
+      terminationGracePeriodSeconds: 10
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: net-role-binding
+  namespace: network-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: network-manager
+subjects:
+- kind: ServiceAccount
+  name: network-manager
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: network-manager
\ No newline at end of file
--- a/kustomize/network/calico-k8s/patch_image_name.yaml
+++ b/kustomize/network/calico-k8s/patch_image_name.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: network-manager
+  namespace: network-system
+spec:
+  template:
+    spec:
+      containers:
+      # Change the value of image field below to your controller image URL
+      - image: magicsong/ks-network:f22e8ea9
+        name: manager
--- a/kustomize/network/calico-k8s/patch_role_binding.yaml
+++ b/kustomize/network/calico-k8s/patch_role_binding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: net-role-binding
+subjects:
+- kind: ServiceAccount
+  name: network-manager
+  namespace: network-test-f22e8ea9
--- a/kustomize/network/calico-k8s/role.yaml
+++ b/kustomize/network/calico-k8s/role.yaml
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  name: network-manager
+rules:
+- apiGroups:
+  - crd.projectcalico.org
+  resources:
+  - clusterinformations
+  - felixconfigurations
+  - globalfelixconfigs
+  - globalnetworkpolicies
+  - globalnetworksets
+  - hostendpoints
+  - ipamblocks
+  - ippools
+  - networkpolicies
+  - networksets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - network.kubesphere.io
+  resources:
+  - namespacenetworkpolicies
+  - workspacenetworkpolicies
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - tenant.kubesphere.io
+  resources:
+  - workspaces
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
--- a/kustomize/network/crds/kustomization.yaml
+++ b/kustomize/network/crds/kustomization.yaml
+resources:
+  - wsnp.yaml
+  - nsnp.yaml
\ No newline at end of file
--- a/pkg/controller/network/provider/calico_k8s.go
+++ b/pkg/controller/network/provider/calico_k8s.go
+package provider
+
+// +kubebuilder:rbac:groups="crd.projectcalico.org",resources=globalfelixconfigs;felixconfigurations;ippools;ipamblocks;globalnetworkpolicies;globalnetworksets;networkpolicies;networksets;clusterinformations;hostendpoints,verbs=get;list;watch;create;patch;update;delete
--- a/pkg/controller/network/runoption/option.go
+++ b/pkg/controller/network/runoption/option.go
@@ -14,18 +14,16 @@ import (
 	"kubesphere.io/kubesphere/pkg/controller/network/provider"
 )

-type CalicoDataStoreType string
-
 const (
 	certPath = "/calicocerts"

-	KubernetesDataStore CalicoDataStoreType = "k8s"
-	EtcdDataStore       CalicoDataStoreType = "etcd"
+	KubernetesDataStore = "k8s"
+	EtcdDataStore       = "etcd"
 )

 type RunOption struct {
 	ProviderName      string
-	DataStoreType     CalicoDataStoreType
+	DataStoreType     string
 	EtcdEndpoints     string
 	AllowInsecureEtcd bool
 }

--- a/pkg/test/testing.go
+++ b/pkg/test/testing.go
@@ -89,7 +89,11 @@ func (t *TestCtx) Setup(yamlPath string, crdPath string, schemes ...AddToSchemeF
 		return err
 	}
 	for _, f := range schemes {
-		f(scheme.Scheme)
+		err = f(scheme.Scheme)
+		if err != nil {
+			klog.Errorln("Failed to add scheme")
+			return err
+		}
 	}
 	extscheme.AddToScheme(scheme.Scheme)
 	dynClient, err := client.New(cfg, client.Options{})

--- a/test/network/test.sh
+++ b/test/network/test.sh
@@ -4,10 +4,12 @@ set -e

 workspace=`pwd`
 tag=`git rev-parse --short HEAD`
-IMG=magicsong/ks-network:$tag
+IMG=kubespheredev/ks-network:$tag
 DEST=/tmp/manager.yaml
 TEST_NS=network-test-$tag
 SKIP_BUILD=no
+STORE_MODE=etcd
+MODE=test

 export TEST_NAMESPACE=$TEST_NS
 export YAML_PATH=$DEST
@@ -33,6 +35,16 @@ case $key in
    shift # past argument
    shift # past value
    ;;
+    -S|--store-mode)
+    STORE_MODE="$2"
+    shift # past argument
+    shift # past value
+    ;;
+    -m|--mode)
+    MODE="$2"
+    shift # past argument
+    shift # past value
+    ;;
    --default)
    DEFAULT=YES
    shift # past argument
@@ -51,7 +63,7 @@ if [ $SKIP_BUILD == "no" ]; then
    docker push $IMG
 fi

-kustomize_dir="./kustomize/network"
+kustomize_dir="./kustomize/network/calico-${STORE_MODE}"
 if [ "$(uname)" == "Darwin" ]; then
    sed -i '' -e  's/namespace: .*/namespace: '"${TEST_NS}"'/' $kustomize_dir/kustomization.yaml
    sed -i '' -e  's/namespace: .*/namespace: '"${TEST_NS}"'/' $kustomize_dir/patch_role_binding.yaml
@@ -62,6 +74,11 @@ else
    sed -i -e 's@image: .*@image: '"${IMG}"'@' $kustomize_dir/patch_image_name.yaml
 fi

-kustomize build $kustomize_dir -o $DEST 
-ginkgo -v ./test/e2e/...
+kustomize build $kustomize_dir -o $DEST
+if [ $MODE == "test" ]; then
+    ginkgo -v ./test/e2e/...
+elif  [ $MODE == "debug" ]; then
+    kubectl create ns $TEST_NS --dry-run -o yaml | kubectl apply -f -
+    kubectl apply -f $DEST
+fi