Merge pull request #3441 from brb/2907-no-cni-conf-by-default

Do not include the default CNI config by default

Merge pull request #3441 from brb/2907-no-cni-conf-by-default
Do not include the default CNI config by default
3aa83674 · Thomas Strömberg · GitHub · 303e26cd · 1252ad9a · 3aa83674
12 changed file
--- a/cmd/minikube/cmd/start.go
+++ b/cmd/minikube/cmd/start.go
@@ -60,6 +60,7 @@ const (
 	containerRuntime      = "container-runtime"
 	criSocket             = "cri-socket"
 	networkPlugin         = "network-plugin"
+	enableDefaultCNI      = "enable-default-cni"
 	hypervVirtualSwitch   = "hyperv-virtual-switch"
 	kvmNetwork            = "kvm-network"
 	keepContext           = "keep-context"
@@ -240,6 +241,7 @@ func runStart(cmd *cobra.Command, args []string) {
 		ServiceCIDR:            viper.GetString(serviceCIDR),
 		ExtraOptions:           extraOptions,
 		ShouldLoadCachedImages: shouldCacheImages,
+		EnableDefaultCNI:       viper.GetBool(enableDefaultCNI),
 	}

 	k8sBootstrapper, err := GetClusterBootstrapper(api, clusterBootstrapper)
@@ -486,6 +488,7 @@ func init() {
 	startCmd.Flags().String(criSocket, "", "The cri socket path to be used")
 	startCmd.Flags().String(kubernetesVersion, constants.DefaultKubernetesVersion, "The kubernetes version that the minikube VM will use (ex: v1.2.3)")
 	startCmd.Flags().String(networkPlugin, "", "The name of the network plugin")
+	startCmd.Flags().Bool(enableDefaultCNI, false, "Enable the default CNI plugin (/etc/cni/net.d/k8s.conf). Used in conjunction with \"--network-plugin=cni\"")
 	startCmd.Flags().String(featureGates, "", "A set of key=value pairs that describe feature gates for alpha/experimental features.")
 	startCmd.Flags().Bool(cacheImages, false, "If true, cache docker images for the current bootstrapper and load them into the machine.")
 	startCmd.Flags().Var(&extraOptions, "extra-config",

--- a/deploy/addons/gvisor/README.md
+++ b/deploy/addons/gvisor/README.md
@@ -8,7 +8,7 @@ When starting minikube, specify the following flags, along with any additional d
 ```shell
 $ minikube start --container-runtime=containerd  \
    --docker-opt containerd=/var/run/containerd/containerd.sock \
-    --network-plugin=cni
+    --network-plugin=cni --enable-default-cni
 ```

 ### Enabling gVisor

--- a/deploy/iso/minikube-iso/board/coreos/minikube/rootfs-overlay/etc/cni/net.d/k8s.conf
+++ b/deploy/iso/minikube-iso/board/coreos/minikube/rootfs-overlay/etc/cni/net.d/k8s.conf
-../../../usr/libexec/kubernetes/kubelet-plugins/net/exec/k8s.conf
\ No newline at end of file
--- a/deploy/iso/minikube-iso/board/coreos/minikube/rootfs-overlay/etc/rkt/net.d/k8s.conf
+++ b/deploy/iso/minikube-iso/board/coreos/minikube/rootfs-overlay/etc/rkt/net.d/k8s.conf
-{
-  "name": "rkt.kubernetes.io",
-  "type": "bridge",
-  "bridge": "mybridge",
-  "mtu": 1460,
-  "addIf": "true",
-  "isGateway": true,
-  "ipMasq": true,
-  "ipam": {
-    "type": "host-local",
-    "subnet": "10.1.0.0/16",
-    "gateway": "10.1.0.1",
-    "routes": [
-      {
-        "dst": "0.0.0.0/0"
-      }
-    ]
-  }
-}
--- a/deploy/iso/minikube-iso/board/coreos/minikube/rootfs-overlay/usr/libexec/kubernetes/kubelet-plugins/net/exec/k8s.conf
+++ b/deploy/iso/minikube-iso/board/coreos/minikube/rootfs-overlay/usr/libexec/kubernetes/kubelet-plugins/net/exec/k8s.conf
-{
-  "name": "rkt.kubernetes.io",
-  "type": "bridge",
-  "bridge": "mybridge",
-  "mtu": 1460,
-  "addIf": "true",
-  "isGateway": true,
-  "ipMasq": true,
-  "ipam": {
-    "type": "host-local",
-    "subnet": "10.1.0.0/16",
-    "gateway": "10.1.0.1",
-    "routes": [
-      {
-        "dst": "0.0.0.0/0"
-      }
-    ]
-  }
-}
--- a/docs/alternative_runtimes.md
+++ b/docs/alternative_runtimes.md
@@ -5,6 +5,7 @@ To use [rkt](https://github.com/coreos/rkt) as the container runtime run:
 ```shell
 $ minikube start \
    --network-plugin=cni \
+    --enable-default-cni \
    --container-runtime=rkt
 ```

@@ -16,6 +17,7 @@ To use [CRI-O](https://github.com/kubernetes-incubator/cri-o) as the container r
 ```shell
 $ minikube start \
    --network-plugin=cni \
+    --enable-default-cni \
    --container-runtime=cri-o
 ```

@@ -24,6 +26,7 @@ Or you can use the extended version:
 ```shell
 $ minikube start \
    --network-plugin=cni \
+    --enable-default-cni \
    --cri-socket=/var/run/crio/crio.sock \
    --extra-config=kubelet.container-runtime=remote \
    --extra-config=kubelet.container-runtime-endpoint=unix:///var/run/crio/crio.sock \
@@ -37,6 +40,7 @@ To use [containerd](https://github.com/containerd/containerd) as the container r
 ```shell
 $ minikube start \
    --network-plugin=cni \
+    --enable-default-cni \
    --container-runtime=containerd
 ```

@@ -45,6 +49,7 @@ Or you can use the extended version:
 ```shell
 $ minikube start \
    --network-plugin=cni \
+    --enable-default-cni \
    --cri-socket=/run/containerd/containerd.sock \
    --extra-config=kubelet.container-runtime=remote \
    --extra-config=kubelet.container-runtime-endpoint=unix:///run/containerd/containerd.sock \

--- a/docs/contributors/minikube_iso.md
+++ b/docs/contributors/minikube_iso.md
@@ -40,6 +40,7 @@ The bootable ISO image will be available in `out/minikube.iso`.
 $ ./out/minikube start \
    --container-runtime=rkt \
    --network-plugin=cni \
+    --enable-default-cni \
    --iso-url=file://$GOPATH/src/k8s.io/minikube/out/minikube.iso
 ```


--- a/pkg/minikube/bootstrapper/kubeadm/default_cni.go
+++ b/pkg/minikube/bootstrapper/kubeadm/default_cni.go
+/*
+Copyright 2018 The Kubernetes Authors All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package kubeadm
+
+// defaultCNIConfig is the CNI config which is provisioned when --enable-default-cni
+// has been passed to `minikube start`.
+//
+// The config is being written to /etc/cni/net.d/k8s.conf and /etc/rkt/net.d/k8s.conf.
+const defaultCNIConfig = `
+{
+  "name": "rkt.kubernetes.io",
+  "type": "bridge",
+  "bridge": "mybridge",
+  "mtu": 1460,
+  "addIf": "true",
+  "isGateway": true,
+  "ipMasq": true,
+  "ipam": {
+    "type": "host-local",
+    "subnet": "10.1.0.0/16",
+    "gateway": "10.1.0.1",
+    "routes": [
+      {
+        "dst": "0.0.0.0/0"
+      }
+    ]
+  }
+}
+`
--- a/pkg/minikube/bootstrapper/kubeadm/kubeadm.go
+++ b/pkg/minikube/bootstrapper/kubeadm/kubeadm.go
@@ -363,6 +363,15 @@ func (k *KubeadmBootstrapper) UpdateCluster(cfg config.KubernetesConfig) error {
 		assets.NewMemoryAssetTarget([]byte(kubeadmCfg), constants.KubeadmConfigFile, "0640"),
 	}

+	// Copy the default CNI config (k8s.conf), so that kubelet can successfully
+	// start a Pod in the case a user hasn't manually installed any CNI plugin
+	// and minikube was started with "--extra-config=kubelet.network-plugin=cni".
+	if cfg.EnableDefaultCNI {
+		files = append(files,
+			assets.NewMemoryAssetTarget([]byte(defaultCNIConfig), constants.DefaultCNIConfigPath, "0644"),
+			assets.NewMemoryAssetTarget([]byte(defaultCNIConfig), constants.DefaultRktNetConfigPath, "0644"))
+	}
+
 	var g errgroup.Group
 	for _, bin := range []string{"kubelet", "kubeadm"} {
 		bin := bin

--- a/pkg/minikube/config/types.go
+++ b/pkg/minikube/config/types.go
@@ -72,4 +72,5 @@ type KubernetesConfig struct {
 	ExtraOptions      util.ExtraOptionSlice

 	ShouldLoadCachedImages bool
+	EnableDefaultCNI       bool
 }
--- a/pkg/minikube/constants/constants.go
+++ b/pkg/minikube/constants/constants.go
@@ -147,9 +147,11 @@ const AddonsPath = "/etc/kubernetes/addons"
 const FilesPath = "/files"

 const (
-	KubeletServiceFile     = "/lib/systemd/system/kubelet.service"
-	KubeletSystemdConfFile = "/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"
-	KubeadmConfigFile      = "/var/lib/kubeadm.yaml"
+	KubeletServiceFile      = "/lib/systemd/system/kubelet.service"
+	KubeletSystemdConfFile  = "/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"
+	KubeadmConfigFile       = "/var/lib/kubeadm.yaml"
+	DefaultCNIConfigPath    = "/etc/cni/net.d/k8s.conf"
+	DefaultRktNetConfigPath = "/etc/rkt/net.d/k8s.conf"
 )

 var Preflights = []string{

--- a/test/integration/util/util.go
+++ b/test/integration/util/util.go
@@ -185,7 +185,7 @@ func (m *MinikubeRunner) SSH(command string) (string, error) {
 func (m *MinikubeRunner) Start() {
 	switch r := m.Runtime; r {
 	case constants.ContainerdRuntime:
-		containerdFlags := "--container-runtime=containerd --network-plugin=cni --docker-opt containerd=/var/run/containerd/containerd.sock"
+		containerdFlags := "--container-runtime=containerd --network-plugin=cni --enable-default-cni --docker-opt containerd=/var/run/containerd/containerd.sock"
 		m.RunCommand(fmt.Sprintf("start %s %s %s --alsologtostderr --v=5", m.StartArgs, m.Args, containerdFlags), true)
 	default:
 		m.RunCommand(fmt.Sprintf("start %s %s --alsologtostderr --v=5", m.StartArgs, m.Args), true)