From 9d19242c6e9fce48e2bd1a45b48db4a8573a95ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=A5=96=E5=BB=BA?= Date: Sat, 11 May 2024 17:15:36 +0800 Subject: [PATCH 01/57] fix controller-runtime logger not set (#4005) Signed-off-by: zhangzujian --- pkg/controller/init.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkg/controller/init.go b/pkg/controller/init.go index 2414066737bc..26b52b4d4a78 100644 --- a/pkg/controller/init.go +++ b/pkg/controller/init.go @@ -15,6 +15,7 @@ import ( "k8s.io/apimachinery/pkg/types" "k8s.io/client-go/tools/cache" "k8s.io/klog/v2" + ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/config" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" @@ -873,6 +874,7 @@ func migrateFinalizers(c client.Client, list client.ObjectList, getObjectItem fu } func (c *Controller) syncFinalizers() error { + ctrl.SetLogger(klog.NewKlogr()) cl, err := client.New(config.GetConfigOrDie(), client.Options{}) if err != nil { klog.Errorf("failed to create client: %v", err) From aaf5736a8a3de45bc24861da07622a4044d46fb4 Mon Sep 17 00:00:00 2001 From: guangwu Date: Sat, 11 May 2024 17:17:03 +0800 Subject: [PATCH 02/57] fix: close file (#4007) Signed-off-by: guoguangwu --- pkg/ovn_leader_checker/ovn.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/ovn_leader_checker/ovn.go b/pkg/ovn_leader_checker/ovn.go index 197b7e71d847..505e69d78786 100755 --- a/pkg/ovn_leader_checker/ovn.go +++ b/pkg/ovn_leader_checker/ovn.go @@ -189,6 +189,7 @@ func checkNorthdActive() bool { klog.Errorf("failed to open %s err = %v", OvnNorthdPid, err) return false } + defer file.Close() fileByte, err := io.ReadAll(file) if err != nil { klog.Errorf("failed to read %s err = %v", OvnNorthdPid, err) From 41cb044c9c15de6bc3919f03e6a358eda822c085 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=A5=96=E5=BB=BA?= Date: Mon, 13 May 2024 09:37:01 +0800 Subject: [PATCH 03/57] simplify file reading (#4010) Signed-off-by: zhangzujian --- pkg/ovn_leader_checker/ovn.go | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/pkg/ovn_leader_checker/ovn.go b/pkg/ovn_leader_checker/ovn.go index 505e69d78786..ec7e3204cfd4 100755 --- a/pkg/ovn_leader_checker/ovn.go +++ b/pkg/ovn_leader_checker/ovn.go @@ -4,7 +4,6 @@ import ( "context" "flag" "fmt" - "io" "net" "os" "os/exec" @@ -183,22 +182,15 @@ func isDBLeader(dbName string, port int) bool { } func checkNorthdActive() bool { - var command []string - file, err := os.OpenFile(OvnNorthdPid, os.O_RDWR, 0o600) + pid, err := os.ReadFile(OvnNorthdPid) if err != nil { - klog.Errorf("failed to open %s err = %v", OvnNorthdPid, err) - return false - } - defer file.Close() - fileByte, err := io.ReadAll(file) - if err != nil { - klog.Errorf("failed to read %s err = %v", OvnNorthdPid, err) + klog.Errorf("failed to read file %q: %v", OvnNorthdPid, err) return false } - command = []string{ + command := []string{ "-t", - fmt.Sprintf("/var/run/ovn/ovn-northd.%s.ctl", strings.TrimSpace(string(fileByte))), + fmt.Sprintf("/var/run/ovn/ovn-northd.%s.ctl", strings.TrimSpace(string(pid))), "status", } output, err := exec.Command("ovs-appctl", command...).CombinedOutput() From 64452939c9f4e56281c5db3bb31a1ad533b06108 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=A5=96=E5=BB=BA?= Date: Mon, 13 May 2024 09:53:03 +0800 Subject: [PATCH 04/57] fix lsp not updating addresses (#4011) Signed-off-by: zhangzujian --- pkg/ovs/ovn-nb-logical_switch_port.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/ovs/ovn-nb-logical_switch_port.go b/pkg/ovs/ovn-nb-logical_switch_port.go index e3e1b0ea5df9..be082b76a6e7 100644 --- a/pkg/ovs/ovn-nb-logical_switch_port.go +++ b/pkg/ovs/ovn-nb-logical_switch_port.go @@ -98,7 +98,7 @@ func (c *OVNNbClient) CreateLogicalSwitchPort(lsName, lspName, ip, mac, podName, // update if exists if exist { lsp := buildLogicalSwitchPort(lspName, lsName, ip, mac, podName, namespace, portSecurity, securityGroups, vips, enableDHCP, dhcpOptions, vpc) - if err := c.UpdateLogicalSwitchPort(lsp, &lsp.PortSecurity, &lsp.ExternalIDs); err != nil { + if err := c.UpdateLogicalSwitchPort(lsp, &lsp.Addresses, &lsp.Dhcpv4Options, &lsp.Dhcpv6Options, &lsp.PortSecurity, &lsp.ExternalIDs); err != nil { klog.Error(err) return fmt.Errorf("failed to update logical switch port %s: %v", lspName, err) } From 4d8c39199cb1ebe7d59500f2a611bc9db1094593 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 13 May 2024 16:42:27 +0800 Subject: [PATCH 05/57] docs: updated CHANGELOG.md (#4017) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: oilbeater <1189736+oilbeater@users.noreply.github.com> --- CHANGELOG.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 09a67384a7b1..f9fb9f4e3c26 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,24 @@ # Changelog +## v1.12.15 (2024-05-13) + + * [ad084913](https://github.com/kubeovn/kube-ovn/commit/ad08491359768c16d4ec5a790db7a0875d3e86b7) release v1.12.15 + * [505c041d](https://github.com/kubeovn/kube-ovn/commit/505c041d261babc54aeb1206069bdbd42f61bba8) fix lsp not updating addresses (#4011) + * [8d4738c4](https://github.com/kubeovn/kube-ovn/commit/8d4738c45c38df56386caeb4cf6910168c81ea32) bump gosec to 2.19.0 + * [be8def37](https://github.com/kubeovn/kube-ovn/commit/be8def3735c3cab7a3dd048614ffc58f4307d400) fix: close file (#4007) + * [b47f2cef](https://github.com/kubeovn/kube-ovn/commit/b47f2cefa99aebc1890d44e212c6f0f37b1f4706) fix node gc (#3992) + * [2b5be24b](https://github.com/kubeovn/kube-ovn/commit/2b5be24b8c9ed529f78005b4cc3e7dc255d69c52) bump go to 1.22.3 (#3989) + * [6df85a02](https://github.com/kubeovn/kube-ovn/commit/6df85a023dae6dc9a7eea7ed2cca14997050a6f6) build(deps): bump google.golang.org/protobuf from 1.34.0 to 1.34.1 (#3981) + * [ad9ee088](https://github.com/kubeovn/kube-ovn/commit/ad9ee0883ff9627dfb16e7575f9ae26f4a7fa83d) build(deps): bump golang.org/x/sys from 0.19.0 to 0.20.0 (#3980) + * [e77634df](https://github.com/kubeovn/kube-ovn/commit/e77634dfa97b7b2af79b2c7dc6ecda52380587eb) prepare for next release + +### Contributors + + * dependabot[bot] + * guangwu + * zhangzujian + * 张祖建 + ## v1.12.14 (2024-05-07) * [8461d381](https://github.com/kubeovn/kube-ovn/commit/8461d38111e133d78de2b4198b6ac5319738d625) release v1.12.14 From 4d7ec749a6e7878fcd84a1b0dc9340aa6945d281 Mon Sep 17 00:00:00 2001 From: fanriming Date: Mon, 13 May 2024 18:15:06 +0800 Subject: [PATCH 06/57] fix: Resolved the hidden issue with zombie processes (#4004) Signed-off-by: fanriming --- dist/images/start-controller.sh | 2 +- dist/images/start-ic-controller.sh | 2 +- dist/images/start-ovn-monitor.sh | 2 +- dist/images/start-webhook.sh | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/dist/images/start-controller.sh b/dist/images/start-controller.sh index 6457059f55d8..bd4404ddc47d 100755 --- a/dist/images/start-controller.sh +++ b/dist/images/start-controller.sh @@ -32,6 +32,6 @@ function gen_conn_str { nb_addr="$(gen_conn_str 6641)" sb_addr="$(gen_conn_str 6642)" -exec ./kube-ovn-controller --ovn-nb-addr="$nb_addr" \ +./kube-ovn-controller --ovn-nb-addr="$nb_addr" \ --ovn-sb-addr="$sb_addr" \ $@ diff --git a/dist/images/start-ic-controller.sh b/dist/images/start-ic-controller.sh index 764032656a7e..45a305b0454e 100755 --- a/dist/images/start-ic-controller.sh +++ b/dist/images/start-ic-controller.sh @@ -55,6 +55,6 @@ if [ -z "${OVN_NB_DAEMON}" ]; then exit 1 fi -exec ./kube-ovn-ic-controller --ovn-nb-addr="$nb_addr" \ +./kube-ovn-ic-controller --ovn-nb-addr="$nb_addr" \ --ovn-sb-addr="$sb_addr" \ $@ diff --git a/dist/images/start-ovn-monitor.sh b/dist/images/start-ovn-monitor.sh index b54250f62c65..4958c370c29f 100755 --- a/dist/images/start-ovn-monitor.sh +++ b/dist/images/start-ovn-monitor.sh @@ -2,4 +2,4 @@ set -euo pipefail ENABLE_SSL=${ENABLE_SSL:-false} -exec ./kube-ovn-monitor $@ +./kube-ovn-monitor $@ diff --git a/dist/images/start-webhook.sh b/dist/images/start-webhook.sh index 4257e654089f..ced701f13661 100755 --- a/dist/images/start-webhook.sh +++ b/dist/images/start-webhook.sh @@ -1,2 +1,2 @@ #!/usr/bin/env bash -exec ./kube-ovn-webhook +./kube-ovn-webhook From 35e37ad7eef6ef9ef2f2bba4113ef84ab927a98c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=A5=96=E5=BB=BA?= Date: Tue, 14 May 2024 09:51:29 +0800 Subject: [PATCH 07/57] fix policy route not deleted after subnet is deleted (#4016) Signed-off-by: zhangzujian --- pkg/controller/subnet.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/controller/subnet.go b/pkg/controller/subnet.go index 5c02556a198c..e98078a4297e 100644 --- a/pkg/controller/subnet.go +++ b/pkg/controller/subnet.go @@ -3092,6 +3092,7 @@ func (c *Controller) addPolicyRouteForU2ONoLoadBalancer(subnet *kubeovnv1.Subnet externalIDs = map[string]string{ "vendor": util.CniTypeName, "subnet": subnet.Name, + "isU2ORoutePolicy": "true", "isU2ONoLBRoutePolicy": "true", "node": node.Name, } From 67848da173514561221325b95146c0ed26c6f718 Mon Sep 17 00:00:00 2001 From: Zhao Congqi Date: Tue, 14 May 2024 11:23:12 +0800 Subject: [PATCH 08/57] fix: u2o dual stack uses the corresponding svc ip (#4013) * fix: u2o dual stack uses the corresponding svc ip * svcIP -> svcCIDR --------- Signed-off-by: zcq98 --- pkg/controller/subnet.go | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/pkg/controller/subnet.go b/pkg/controller/subnet.go index e98078a4297e..4a0dd2006bf5 100644 --- a/pkg/controller/subnet.go +++ b/pkg/controller/subnet.go @@ -3076,18 +3076,19 @@ func (c *Controller) addPolicyRouteForU2ONoLoadBalancer(subnet *kubeovnv1.Subnet klog.Error(err) return err } + v4Svc, v6Svc := util.SplitStringIP(c.config.ServiceClusterIPRange) for _, cidrBlock := range strings.Split(subnet.Spec.CIDRBlock, ",") { - ipSuffix, nodeIP := "ip4", ip.Spec.V4IPAddress + ipSuffix, nodeIP, svcCIDR := "ip4", ip.Spec.V4IPAddress, v4Svc if util.CheckProtocol(cidrBlock) == kubeovnv1.ProtocolIPv6 { - ipSuffix, nodeIP = "ip6", ip.Spec.V6IPAddress + ipSuffix, nodeIP, svcCIDR = "ip6", ip.Spec.V6IPAddress, v6Svc } - if nodeIP == "" { + if nodeIP == "" || svcCIDR == "" { continue } var ( pgAs = fmt.Sprintf("%s_%s", pgName, ipSuffix) - match = fmt.Sprintf("%s.src == $%s && %s.dst == %s", ipSuffix, pgAs, ipSuffix, c.config.ServiceClusterIPRange) + match = fmt.Sprintf("%s.src == $%s && %s.dst == %s", ipSuffix, pgAs, ipSuffix, svcCIDR) action = kubeovnv1.PolicyRouteActionReroute externalIDs = map[string]string{ "vendor": util.CniTypeName, From a57d0411566c517f2031ebb04c9facd9a353519d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=A5=96=E5=BB=BA?= Date: Tue, 14 May 2024 14:09:42 +0800 Subject: [PATCH 09/57] base: set entrypoint to dumb-init (#4018) Signed-off-by: zhangzujian --- dist/images/Dockerfile.base | 6 ++++++ dist/images/start-cniserver.sh | 2 +- dist/images/start-controller.sh | 2 +- dist/images/start-db.sh | 2 +- dist/images/start-ic-controller.sh | 2 +- dist/images/start-ic-db.sh | 4 ++-- dist/images/start-ovn-monitor.sh | 2 +- dist/images/start-ovs.sh | 2 +- dist/images/start-webhook.sh | 2 +- 9 files changed, 15 insertions(+), 9 deletions(-) diff --git a/dist/images/Dockerfile.base b/dist/images/Dockerfile.base index 13b8ebcd78e9..24135d00a057 100644 --- a/dist/images/Dockerfile.base +++ b/dist/images/Dockerfile.base @@ -95,6 +95,10 @@ RUN mkdir -p /var/run/openvswitch && \ mkdir -p /etc/cni/net.d && \ mkdir -p /opt/cni/bin +ENV DUMB_INIT_VERSION="1.2.5" +RUN curl -sSf -L --retry 5 -o /usr/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v${DUMB_INIT_VERSION}/dumb-init_${DUMB_INIT_VERSION}_$(arch) && \ + chmod +x /usr/bin/dumb-init + ARG ARCH ENV CNI_VERSION=v1.4.1 RUN curl -sSf -L --retry 5 https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-linux-${ARCH}-${CNI_VERSION}.tgz | tar -xz -C . ./loopback ./portmap ./macvlan @@ -126,3 +130,5 @@ RUN --mount=type=bind,target=/packages,from=ovs-builder,source=/packages \ rm -rf /var/lib/apt/lists/* && \ dpkg -i --ignore-depends=openvswitch-switch,openvswitch-common /packages/*.ddeb; \ fi + +ENTRYPOINT ["/usr/bin/dumb-init", "--"] diff --git a/dist/images/start-cniserver.sh b/dist/images/start-cniserver.sh index 1054bf9963b7..47af66a0d629 100755 --- a/dist/images/start-cniserver.sh +++ b/dist/images/start-cniserver.sh @@ -60,4 +60,4 @@ set_sysctl net.ipv4.neigh.default.gc_thresh3 "$gc_thresh3" set_sysctl net.ipv4.ip_no_pmtu_disc "$SYSCTL_IPV4_IP_NO_PMTU_DISC" set_sysctl net.netfilter.nf_conntrack_tcp_be_liberal "$SYSCTL_NF_CONNTRACK_TCP_BE_LIBERAL" -./kube-ovn-daemon --ovs-socket=${OVS_SOCK} --bind-socket=${CNI_SOCK} "$@" +exec ./kube-ovn-daemon --ovs-socket=${OVS_SOCK} --bind-socket=${CNI_SOCK} "$@" diff --git a/dist/images/start-controller.sh b/dist/images/start-controller.sh index bd4404ddc47d..6457059f55d8 100755 --- a/dist/images/start-controller.sh +++ b/dist/images/start-controller.sh @@ -32,6 +32,6 @@ function gen_conn_str { nb_addr="$(gen_conn_str 6641)" sb_addr="$(gen_conn_str 6642)" -./kube-ovn-controller --ovn-nb-addr="$nb_addr" \ +exec ./kube-ovn-controller --ovn-nb-addr="$nb_addr" \ --ovn-sb-addr="$sb_addr" \ $@ diff --git a/dist/images/start-db.sh b/dist/images/start-db.sh index b4b59fa654fa..9fa2fc805db3 100755 --- a/dist/images/start-db.sh +++ b/dist/images/start-db.sh @@ -526,4 +526,4 @@ ovs-appctl -t /var/run/ovn/ovnnb_db.ctl ovsdb-server/memory-trim-on-compaction o ovs-appctl -t /var/run/ovn/ovnsb_db.ctl ovsdb-server/memory-trim-on-compaction on chmod 600 /etc/ovn/* -/kube-ovn/kube-ovn-leader-checker --probeInterval=${OVN_LEADER_PROBE_INTERVAL} --enableCompact=${ENABLE_COMPACT} +exec /kube-ovn/kube-ovn-leader-checker --probeInterval=${OVN_LEADER_PROBE_INTERVAL} --enableCompact=${ENABLE_COMPACT} diff --git a/dist/images/start-ic-controller.sh b/dist/images/start-ic-controller.sh index 45a305b0454e..764032656a7e 100755 --- a/dist/images/start-ic-controller.sh +++ b/dist/images/start-ic-controller.sh @@ -55,6 +55,6 @@ if [ -z "${OVN_NB_DAEMON}" ]; then exit 1 fi -./kube-ovn-ic-controller --ovn-nb-addr="$nb_addr" \ +exec ./kube-ovn-ic-controller --ovn-nb-addr="$nb_addr" \ --ovn-sb-addr="$sb_addr" \ $@ diff --git a/dist/images/start-ic-db.sh b/dist/images/start-ic-db.sh index 2c9b4d937a0a..ca7931c5b7a7 100755 --- a/dist/images/start-ic-db.sh +++ b/dist/images/start-ic-db.sh @@ -213,7 +213,7 @@ fi if [[ $ENABLE_OVN_LEADER_CHECK == "true" ]]; then chmod 600 /etc/ovn/* - /kube-ovn/kube-ovn-leader-checker --probeInterval=${OVN_LEADER_PROBE_INTERVAL} --isICDBServer=true + exec /kube-ovn/kube-ovn-leader-checker --probeInterval=${OVN_LEADER_PROBE_INTERVAL} --isICDBServer=true else # Compatible with controller deployment methods before kube-ovn 1.11.16 TS_NAME=${TS_NAME:-ts} @@ -227,6 +227,6 @@ else fi ovn-ic-nbctl --may-exist ts-add "$TS_NAME" ovn-ic-nbctl set Transit_Switch ts external_ids:subnet="$TS_CIDR" - tail --follow=name --retry /var/log/ovn/ovsdb-server-ic-nb.log + exec tail --follow=name --retry /var/log/ovn/ovsdb-server-ic-nb.log fi diff --git a/dist/images/start-ovn-monitor.sh b/dist/images/start-ovn-monitor.sh index 4958c370c29f..b54250f62c65 100755 --- a/dist/images/start-ovn-monitor.sh +++ b/dist/images/start-ovn-monitor.sh @@ -2,4 +2,4 @@ set -euo pipefail ENABLE_SSL=${ENABLE_SSL:-false} -./kube-ovn-monitor $@ +exec ./kube-ovn-monitor $@ diff --git a/dist/images/start-ovs.sh b/dist/images/start-ovs.sh index 5e4b18643918..4d3c99237c20 100755 --- a/dist/images/start-ovs.sh +++ b/dist/images/start-ovs.sh @@ -158,4 +158,4 @@ else fi chmod 600 /etc/openvswitch/* -tail --follow=name --retry /var/log/ovn/ovn-controller.log +exec tail --follow=name --retry /var/log/ovn/ovn-controller.log diff --git a/dist/images/start-webhook.sh b/dist/images/start-webhook.sh index ced701f13661..4257e654089f 100755 --- a/dist/images/start-webhook.sh +++ b/dist/images/start-webhook.sh @@ -1,2 +1,2 @@ #!/usr/bin/env bash -./kube-ovn-webhook +exec ./kube-ovn-webhook From b8d77e24222630f73af7403bb09bbfd59a6f54c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=A5=96=E5=BB=BA?= Date: Tue, 14 May 2024 16:03:29 +0800 Subject: [PATCH 10/57] fix lsp not updated correctly when logical switch is changed (#4015) Signed-off-by: zhangzujian --- pkg/ovs/ovn-nb-logical_switch_port.go | 25 ++-- .../kube-ovn/pod/{pod.go => pod _routes.go} | 12 +- test/e2e/kube-ovn/pod/pod_recreation.go | 109 ++++++++++++++++++ test/e2e/kube-ovn/underlay/underlay.go | 42 +++---- test/e2e/kubevirt/e2e_test.go | 57 ++++++++- 5 files changed, 199 insertions(+), 46 deletions(-) rename test/e2e/kube-ovn/pod/{pod.go => pod _routes.go} (94%) create mode 100644 test/e2e/kube-ovn/pod/pod_recreation.go diff --git a/pkg/ovs/ovn-nb-logical_switch_port.go b/pkg/ovs/ovn-nb-logical_switch_port.go index be082b76a6e7..56c116ea64b4 100644 --- a/pkg/ovs/ovn-nb-logical_switch_port.go +++ b/pkg/ovs/ovn-nb-logical_switch_port.go @@ -89,30 +89,35 @@ func buildLogicalSwitchPort(lspName, lsName, ip, mac, podName, namespace string, } func (c *OVNNbClient) CreateLogicalSwitchPort(lsName, lspName, ip, mac, podName, namespace string, portSecurity bool, securityGroups, vips string, enableDHCP bool, dhcpOptions *DHCPOptionsUUIDs, vpc string) error { - exist, err := c.LogicalSwitchPortExists(lspName) + existingLsp, err := c.GetLogicalSwitchPort(lspName, true) if err != nil { klog.Error(err) return err } - // update if exists - if exist { - lsp := buildLogicalSwitchPort(lspName, lsName, ip, mac, podName, namespace, portSecurity, securityGroups, vips, enableDHCP, dhcpOptions, vpc) - if err := c.UpdateLogicalSwitchPort(lsp, &lsp.Addresses, &lsp.Dhcpv4Options, &lsp.Dhcpv6Options, &lsp.PortSecurity, &lsp.ExternalIDs); err != nil { + var ops []ovsdb.Operation + lsp := buildLogicalSwitchPort(lspName, lsName, ip, mac, podName, namespace, portSecurity, securityGroups, vips, enableDHCP, dhcpOptions, vpc) + if existingLsp != nil { + if lsp.ExternalIDs[logicalSwitchKey] == lsName { + if err := c.UpdateLogicalSwitchPort(lsp, &lsp.Addresses, &lsp.Dhcpv4Options, &lsp.Dhcpv6Options, &lsp.PortSecurity, &lsp.ExternalIDs); err != nil { + klog.Error(err) + return fmt.Errorf("failed to update logical switch port %s: %v", lspName, err) + } + return nil + } + if ops, err = c.LogicalSwitchUpdatePortOp(lsp.ExternalIDs[logicalSwitchKey], existingLsp.UUID, ovsdb.MutateOperationDelete); err != nil { klog.Error(err) - return fmt.Errorf("failed to update logical switch port %s: %v", lspName, err) + return err } - return nil } - lsp := buildLogicalSwitchPort(lspName, lsName, ip, mac, podName, namespace, portSecurity, securityGroups, vips, enableDHCP, dhcpOptions, vpc) - ops, err := c.CreateLogicalSwitchPortOp(lsp, lsName) + createLspOps, err := c.CreateLogicalSwitchPortOp(lsp, lsName) if err != nil { klog.Error(err) return fmt.Errorf("generate operations for creating logical switch port %s: %v", lspName, err) } - if err = c.Transact("lsp-add", ops); err != nil { + if err = c.Transact("lsp-add", append(ops, createLspOps...)); err != nil { return fmt.Errorf("create logical switch port %s: %v", lspName, err) } diff --git a/test/e2e/kube-ovn/pod/pod.go b/test/e2e/kube-ovn/pod/pod _routes.go similarity index 94% rename from test/e2e/kube-ovn/pod/pod.go rename to test/e2e/kube-ovn/pod/pod _routes.go index 4c6b9d3c6769..6f619f5f7c2a 100644 --- a/test/e2e/kube-ovn/pod/pod.go +++ b/test/e2e/kube-ovn/pod/pod _routes.go @@ -22,7 +22,6 @@ var _ = framework.Describe("[group:pod]", func() { var podClient *framework.PodClient var subnetClient *framework.SubnetClient var namespaceName, subnetName, podName string - var subnet *apiv1.Subnet var cidr, image string ginkgo.BeforeEach(func() { @@ -36,10 +35,6 @@ var _ = framework.Describe("[group:pod]", func() { if image == "" { image = framework.GetKubeOvnImage(cs) } - - ginkgo.By("Creating subnet " + subnetName) - subnet = framework.MakeSubnet(subnetName, "", cidr, "", "", "", nil, nil, []string{namespaceName}) - subnet = subnetClient.CreateSync(subnet) }) ginkgo.AfterEach(func() { ginkgo.By("Deleting pod " + podName) @@ -70,6 +65,10 @@ var _ = framework.Describe("[group:pod]", func() { buff, err := json.Marshal(routes) framework.ExpectNoError(err) + ginkgo.By("Creating subnet " + subnetName) + subnet := framework.MakeSubnet(subnetName, "", cidr, "", "", "", nil, nil, []string{namespaceName}) + subnet = subnetClient.CreateSync(subnet) + ginkgo.By("Creating pod " + podName) annotations := map[string]string{ util.RoutesAnnotation: string(buff), @@ -78,6 +77,7 @@ var _ = framework.Describe("[group:pod]", func() { pod := framework.MakePod(namespaceName, podName, nil, annotations, image, cmd, nil) pod = podClient.CreateSync(pod) + ginkgo.By("Validating pod annoations") framework.ExpectHaveKeyWithValue(pod.Annotations, util.AllocatedAnnotation, "true") framework.ExpectHaveKeyWithValue(pod.Annotations, util.CidrAnnotation, subnet.Spec.CIDRBlock) framework.ExpectHaveKeyWithValue(pod.Annotations, util.GatewayAnnotation, subnet.Spec.Gateway) @@ -85,11 +85,13 @@ var _ = framework.Describe("[group:pod]", func() { framework.ExpectMAC(pod.Annotations[util.MacAddressAnnotation]) framework.ExpectHaveKeyWithValue(pod.Annotations, util.RoutedAnnotation, "true") + ginkgo.By("Getting pod routes") podRoutes, err := iproute.RouteShow("", "eth0", func(cmd ...string) ([]byte, []byte, error) { return framework.KubectlExec(pod.Namespace, pod.Name, cmd...) }) framework.ExpectNoError(err) + ginkgo.By("Validating pod routes") actualRoutes := make([]request.Route, len(podRoutes)) for _, r := range podRoutes { if r.Gateway != "" || r.Dst != "" { diff --git a/test/e2e/kube-ovn/pod/pod_recreation.go b/test/e2e/kube-ovn/pod/pod_recreation.go new file mode 100644 index 000000000000..c8af23259878 --- /dev/null +++ b/test/e2e/kube-ovn/pod/pod_recreation.go @@ -0,0 +1,109 @@ +package pod + +import ( + "cmp" + "context" + "strings" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/onsi/ginkgo/v2" + + "github.com/kubeovn/kube-ovn/pkg/ovs" + "github.com/kubeovn/kube-ovn/pkg/util" + "github.com/kubeovn/kube-ovn/test/e2e/framework" +) + +var _ = framework.SerialDescribe("[group:pod]", func() { + f := framework.NewDefaultFramework("pod") + + var podClient *framework.PodClient + var namespaceName, podName string + + ginkgo.BeforeEach(func() { + podClient = f.PodClient() + namespaceName = f.Namespace.Name + podName = "pod-" + framework.RandomSuffix() + }) + ginkgo.AfterEach(func() { + ginkgo.By("Deleting pod " + podName) + podClient.DeleteSync(podName) + }) + + framework.ConformanceIt("should handle pod creation during kube-ovn-controller is down", func() { + ginkgo.By("Creating pod " + podName) + pod := framework.MakePod(namespaceName, podName, nil, nil, framework.PauseImage, nil, nil) + pod = podClient.CreateSync(pod) + + ginkgo.By("Validating pod annoations") + framework.ExpectHaveKeyWithValue(pod.Annotations, util.AllocatedAnnotation, "true") + framework.ExpectMAC(pod.Annotations[util.MacAddressAnnotation]) + framework.ExpectHaveKeyWithValue(pod.Annotations, util.RoutedAnnotation, "true") + mac := pod.Annotations[util.MacAddressAnnotation] + + portName := ovs.PodNameToPortName(podName, pod.Namespace, util.OvnProvider) + ginkgo.By("Getting ips " + portName) + ipClient := f.IPClient() + ip := ipClient.Get(portName) + + ginkgo.By("Validating ips " + ip.Name) + framework.ExpectEqual(ip.Spec.MacAddress, mac) + framework.ExpectEqual(ip.Spec.IPAddress, pod.Annotations[util.IPAddressAnnotation]) + + ginkgo.By("Getting deployment kube-ovn-controller") + deployClient := f.DeploymentClientNS(framework.KubeOvnNamespace) + deploy := deployClient.Get("kube-ovn-controller") + framework.ExpectNotNil(deploy.Spec.Replicas) + + ginkgo.By("Getting kube-ovn-controller pods") + kubePodClient := f.PodClientNS(framework.KubeOvnNamespace) + framework.ExpectNotNil(deploy.Spec.Replicas) + pods, err := kubePodClient.List(context.Background(), metav1.ListOptions{LabelSelector: metav1.FormatLabelSelector(deploy.Spec.Selector)}) + framework.ExpectNoError(err, "failed to list kube-ovn-controller pods") + framework.ExpectNotNil(pods) + podNames := make([]string, 0, len(pods.Items)) + for _, pod := range pods.Items { + podNames = append(podNames, pod.Name) + } + framework.Logf("Got kube-ovn-controller pods: %s", strings.Join(podNames, ", ")) + + ginkgo.By("Stopping kube-ovn-controller by setting its replicas to zero") + deployClient.SetScale(deploy.Name, 0) + + ginkgo.By("Waiting for kube-ovn-controller pods to disappear") + for _, pod := range podNames { + ginkgo.By("Waiting for pod " + pod + " to disappear") + kubePodClient.WaitForNotFound(pod) + } + + ginkgo.By("Deleting pod " + podName) + podClient.DeleteSync(podName) + + ginkgo.By("Recreating pod " + podName) + pod = framework.MakePod(namespaceName, podName, nil, nil, framework.PauseImage, nil, nil) + _ = podClient.Create(pod) + + ginkgo.By("Starting kube-ovn-controller by restore its replicas") + deployClient.SetScale(deploy.Name, cmp.Or(*deploy.Spec.Replicas, 1)) + + ginkgo.By("Waiting for kube-ovn-controller to be ready") + _ = deployClient.RolloutStatus(deploy.Name) + + ginkgo.By("Waiting for pod " + podName + " to be running") + podClient.WaitForRunning(podName) + + ginkgo.By("Validating pod annoations") + pod = podClient.GetPod(podName) + framework.ExpectHaveKeyWithValue(pod.Annotations, util.AllocatedAnnotation, "true") + framework.ExpectMAC(pod.Annotations[util.MacAddressAnnotation]) + framework.ExpectHaveKeyWithValue(pod.Annotations, util.RoutedAnnotation, "true") + framework.ExpectNotEqual(pod.Annotations[util.MacAddressAnnotation], mac) + + ginkgo.By("Getting ips " + portName) + ip = ipClient.Get(portName) + + ginkgo.By("Validating ips " + ip.Name) + framework.ExpectEqual(ip.Spec.MacAddress, pod.Annotations[util.MacAddressAnnotation]) + framework.ExpectEqual(ip.Spec.IPAddress, pod.Annotations[util.IPAddressAnnotation]) + }) +}) diff --git a/test/e2e/kube-ovn/underlay/underlay.go b/test/e2e/kube-ovn/underlay/underlay.go index a42313fda091..a323091e6f5a 100644 --- a/test/e2e/kube-ovn/underlay/underlay.go +++ b/test/e2e/kube-ovn/underlay/underlay.go @@ -50,11 +50,13 @@ func makeProviderNetwork(providerNetworkName string, exchangeLinkName bool, link } func waitSubnetStatusUpdate(subnetName string, subnetClient *framework.SubnetClient, expectedUsingIPs float64) { - ginkgo.By("Waiting for status of subnet " + subnetName + " to be updated") + ginkgo.By("Waiting for using ips count of subnet " + subnetName + " to be " + fmt.Sprintf("%.0f", expectedUsingIPs)) framework.WaitUntil(2*time.Second, 30*time.Second, func(_ context.Context) (bool, error) { subnet := subnetClient.Get(subnetName) if (subnet.Status.V4AvailableIPs != 0 && subnet.Status.V4UsingIPs != expectedUsingIPs) || (subnet.Status.V6AvailableIPs != 0 && subnet.Status.V6UsingIPs != expectedUsingIPs) { + framework.Logf("current subnet status: v4AvailableIPs = %.0f, v4UsingIPs = %.0f, v6AvailableIPs = %.0f, v6UsingIPs = %.0f", + subnet.Status.V4AvailableIPs, subnet.Status.V4UsingIPs, subnet.Status.V6AvailableIPs, subnet.Status.V6UsingIPs) return false, nil } return true, nil @@ -291,39 +293,27 @@ var _ = framework.SerialDescribe("[group:underlay]", func() { ginkgo.By("Deleting pod " + podName) podClient.DeleteSync(podName) - if u2oPodNameUnderlay != "" { - ginkgo.By("Deleting underlay pod " + u2oPodNameUnderlay) - podClient.DeleteSync(u2oPodNameUnderlay) - } + ginkgo.By("Deleting pod " + u2oPodNameUnderlay) + podClient.DeleteSync(u2oPodNameUnderlay) - if u2oPodNameOverlay != "" { - ginkgo.By("Deleting overlay pod default subnet " + u2oPodNameOverlay) - podClient.DeleteSync(u2oPodNameOverlay) - } + ginkgo.By("Deleting pod " + u2oPodNameOverlay) + podClient.DeleteSync(u2oPodNameOverlay) - if u2oPodOverlayCustomVPC != "" { - ginkgo.By("Deleting overlay pod custom vpc " + u2oPodOverlayCustomVPC) - podClient.DeleteSync(u2oPodOverlayCustomVPC) - } + ginkgo.By("Deleting pod " + u2oPodOverlayCustomVPC) + podClient.DeleteSync(u2oPodOverlayCustomVPC) - if u2oOverlaySubnetNameCustomVPC != "" { - ginkgo.By("Deleting subnet in custom vpc" + u2oOverlaySubnetNameCustomVPC) - subnetClient.DeleteSync(u2oOverlaySubnetNameCustomVPC) - } + ginkgo.By("Deleting subnet " + u2oOverlaySubnetNameCustomVPC) + subnetClient.DeleteSync(u2oOverlaySubnetNameCustomVPC) - if u2oOverlaySubnetName != "" { - ginkgo.By("Deleting subnet " + u2oOverlaySubnetName) - subnetClient.DeleteSync(u2oOverlaySubnetName) - } - - if vpcName != "" { - ginkgo.By("Deleting custom vpc " + vpcName) - vpcClient.DeleteSync(vpcName) - } + ginkgo.By("Deleting subnet " + u2oOverlaySubnetName) + subnetClient.DeleteSync(u2oOverlaySubnetName) ginkgo.By("Deleting subnet " + subnetName) subnetClient.DeleteSync(subnetName) + ginkgo.By("Deleting vpc " + vpcName) + vpcClient.DeleteSync(vpcName) + ginkgo.By("Deleting vlan " + vlanName) vlanClient.Delete(vlanName, metav1.DeleteOptions{}) diff --git a/test/e2e/kubevirt/e2e_test.go b/test/e2e/kubevirt/e2e_test.go index 1881a149027b..abefab2e3eca 100644 --- a/test/e2e/kubevirt/e2e_test.go +++ b/test/e2e/kubevirt/e2e_test.go @@ -39,7 +39,8 @@ func TestE2E(t *testing.T) { var _ = framework.Describe("[group:kubevirt]", func() { f := framework.NewDefaultFramework("kubevirt") - var vmName, namespaceName string + var vmName, subnetName, namespaceName string + var subnetClient *framework.SubnetClient var podClient *framework.PodClient var vmClient *framework.VMClient ginkgo.BeforeEach(func() { @@ -47,6 +48,8 @@ var _ = framework.Describe("[group:kubevirt]", func() { namespaceName = f.Namespace.Name vmName = "vm-" + framework.RandomSuffix() + subnetName = "subnet-" + framework.RandomSuffix() + subnetClient = f.SubnetClient() podClient = f.PodClientNS(namespaceName) vmClient = f.VMClientNS(namespaceName) @@ -57,6 +60,9 @@ var _ = framework.Describe("[group:kubevirt]", func() { ginkgo.AfterEach(func() { ginkgo.By("Deleting vm " + vmName) vmClient.DeleteSync(vmName) + + ginkgo.By("Deleting subnet " + subnetName) + subnetClient.DeleteSync(subnetName) }) framework.ConformanceIt("should be able to keep pod ips after vm pod is deleted", func() { @@ -77,7 +83,6 @@ var _ = framework.Describe("[group:kubevirt]", func() { ginkgo.By("Deleting pod " + pod.Name) podClient.DeleteSync(pod.Name) - framework.ExpectNoError(err) ginkgo.By("Waiting for vm " + vmName + " to be ready") err = vmClient.WaitToBeReady(vmName, 2*time.Minute) @@ -97,7 +102,7 @@ var _ = framework.Describe("[group:kubevirt]", func() { framework.ExpectHaveKeyWithValue(pod.Annotations, util.VMAnnotation, vmName) ginkgo.By("Checking whether pod ips are changed") - framework.ExpectConsistOf(ips, pod.Status.PodIPs) + framework.ExpectEqual(ips, pod.Status.PodIPs) }) framework.ConformanceIt("should be able to keep pod ips after the vm is restarted", func() { @@ -118,11 +123,53 @@ var _ = framework.Describe("[group:kubevirt]", func() { ginkgo.By("Stopping vm " + vmName) vmClient.StopSync(vmName) - framework.ExpectNoError(err) ginkgo.By("Starting vm " + vmName) vmClient.StartSync(vmName) + + ginkgo.By("Getting pod of vm " + vmName) + podList, err = podClient.List(context.TODO(), metav1.ListOptions{ + LabelSelector: labelSelector, + }) + framework.ExpectNoError(err) + framework.ExpectHaveLen(podList.Items, 1) + + ginkgo.By("Validating new pod annotations") + pod = &podList.Items[0] + framework.ExpectHaveKeyWithValue(pod.Annotations, util.AllocatedAnnotation, "true") + framework.ExpectHaveKeyWithValue(pod.Annotations, util.RoutedAnnotation, "true") + framework.ExpectHaveKeyWithValue(pod.Annotations, util.VMAnnotation, vmName) + + ginkgo.By("Checking whether pod ips are changed") + framework.ExpectEqual(ips, pod.Status.PodIPs) + }) + + framework.ConformanceIt("should be able to handle subnet change", func() { + ginkgo.By("Creating subnet " + subnetName) + cidr := framework.RandomCIDR(f.ClusterIPFamily) + subnet := framework.MakeSubnet(subnetName, "", cidr, "", "", "", nil, nil, []string{namespaceName}) + _ = subnetClient.CreateSync(subnet) + + ginkgo.By("Getting pod of vm " + vmName) + labelSelector := fmt.Sprintf("%s=%s", v1.VirtualMachineNameLabel, vmName) + podList, err := podClient.List(context.TODO(), metav1.ListOptions{ + LabelSelector: labelSelector, + }) framework.ExpectNoError(err) + framework.ExpectHaveLen(podList.Items, 1) + + ginkgo.By("Validating pod annotations") + pod := &podList.Items[0] + framework.ExpectHaveKeyWithValue(pod.Annotations, util.AllocatedAnnotation, "true") + framework.ExpectHaveKeyWithValue(pod.Annotations, util.RoutedAnnotation, "true") + framework.ExpectHaveKeyWithValue(pod.Annotations, util.VMAnnotation, vmName) + ips := pod.Status.PodIPs + + ginkgo.By("Stopping vm " + vmName) + vmClient.StopSync(vmName) + + ginkgo.By("Starting vm " + vmName) + vmClient.StartSync(vmName) ginkgo.By("Getting pod of vm " + vmName) podList, err = podClient.List(context.TODO(), metav1.ListOptions{ @@ -138,6 +185,6 @@ var _ = framework.Describe("[group:kubevirt]", func() { framework.ExpectHaveKeyWithValue(pod.Annotations, util.VMAnnotation, vmName) ginkgo.By("Checking whether pod ips are changed") - framework.ExpectConsistOf(ips, pod.Status.PodIPs) + framework.ExpectNotEqual(ips, pod.Status.PodIPs) }) }) From 5994860b61742c53b72e5bfe16e6a0c743df600d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=A5=96=E5=BB=BA?= Date: Tue, 14 May 2024 16:15:07 +0800 Subject: [PATCH 11/57] ci: bump k8s to v1.30.0 (#4019) Signed-off-by: zhangzujian --- .github/workflows/build-x86-image.yaml | 2 +- .github/workflows/scheduled-e2e.yaml | 2 +- yamls/kind.yaml.j2 | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-x86-image.yaml b/.github/workflows/build-x86-image.yaml index 723ee9088aa2..1444a1052892 100644 --- a/.github/workflows/build-x86-image.yaml +++ b/.github/workflows/build-x86-image.yaml @@ -22,7 +22,7 @@ concurrency: env: GO_VERSION: '' - KIND_VERSION: v0.22.0 + KIND_VERSION: v0.23.0 GOSEC_VERSION: '2.19.0' HELM_VERSION: v3.14.4 SUBMARINER_VERSION: '0.17.1' diff --git a/.github/workflows/scheduled-e2e.yaml b/.github/workflows/scheduled-e2e.yaml index abe254ec63ad..bbb26d4a72d5 100644 --- a/.github/workflows/scheduled-e2e.yaml +++ b/.github/workflows/scheduled-e2e.yaml @@ -11,7 +11,7 @@ concurrency: env: GO_VERSION: '' - KIND_VERSION: v0.22.0 + KIND_VERSION: v0.23.0 HELM_VERSION: v3.14.4 SUBMARINER_VERSION: '0.17.1' diff --git a/yamls/kind.yaml.j2 b/yamls/kind.yaml.j2 index d5e5bd875bc7..30700b33943e 100644 --- a/yamls/kind.yaml.j2 +++ b/yamls/kind.yaml.j2 @@ -1,5 +1,5 @@ {%- if k8s_version is not defined -%} - {%- set k8s_version = "v1.29.2" -%} + {%- set k8s_version = "v1.30.0" -%} {%- endif -%} {%- if kube_proxy_mode is not defined -%} {%- set kube_proxy_mode = "ipvs" -%} From 18a477418b7e57548078beb69aeac5cbbf54d8c1 Mon Sep 17 00:00:00 2001 From: Longchuanzheng Date: Wed, 15 May 2024 09:45:00 +0800 Subject: [PATCH 12/57] Make dhcpOptions can accept multiple addresses (#4003) Signed-off-by: zhuanlan --- pkg/ovs/util.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkg/ovs/util.go b/pkg/ovs/util.go index bcb821c64169..00d52e35e539 100644 --- a/pkg/ovs/util.go +++ b/pkg/ovs/util.go @@ -112,6 +112,9 @@ func parseDHCPOptions(raw string) map[string]string { if len(kv) != 2 || len(kv[0]) == 0 || len(kv[1]) == 0 { continue } + if kv[0] == "dns_server" { + kv[1] = strings.ReplaceAll(kv[1], ";", ",") + } dhcpOpt[kv[0]] = kv[1] } From 6b048eb497bdb3b7692874bee3005899d2a3f88f Mon Sep 17 00:00:00 2001 From: Longchuanzheng Date: Wed, 15 May 2024 09:45:44 +0800 Subject: [PATCH 13/57] Append new DHCP options to existing options (#3997) Signed-off-by: zhuanlan --- pkg/ovs/ovn-nb-dhcp_options.go | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/pkg/ovs/ovn-nb-dhcp_options.go b/pkg/ovs/ovn-nb-dhcp_options.go index f0d847edd572..d7b99553f12c 100644 --- a/pkg/ovs/ovn-nb-dhcp_options.go +++ b/pkg/ovs/ovn-nb-dhcp_options.go @@ -92,6 +92,8 @@ func (c *OVNNbClient) UpdateDHCPOptions(subnet *kubeovnv1.Subnet, mtu int) (*DHC } func (c *OVNNbClient) updateDHCPv4Options(lsName, cidr, gateway, options string, mtu int) (uuid string, err error) { + necessaryV4DHCPOptions := []string{"lease_time", "router", "server_id", "server_mac", "mtu"} + protocol := util.CheckProtocol(cidr) if protocol != kubeovnv1.ProtocolIPv4 { return "", fmt.Errorf("cidr %s must be a valid ipv4 address", cidr) @@ -115,7 +117,16 @@ func (c *OVNNbClient) updateDHCPv4Options(lsName, cidr, gateway, options string, /* update */ if dhcpOpt != nil { dhcpOpt.Cidr = cidr - dhcpOpt.Options = parseDHCPOptions(options) + newOptions := parseDHCPOptions(options) + // append necessary options to new options + if dhcpOpt.Options != nil { + for _, option := range necessaryV4DHCPOptions { + if _, ok := newOptions[option]; !ok { + newOptions[option] = dhcpOpt.Options[option] + } + } + } + dhcpOpt.Options = newOptions return dhcpOpt.UUID, c.updateDHCPOptions(dhcpOpt, &dhcpOpt.Cidr, &dhcpOpt.Options) } @@ -134,6 +145,8 @@ func (c *OVNNbClient) updateDHCPv4Options(lsName, cidr, gateway, options string, } func (c *OVNNbClient) updateDHCPv6Options(lsName, cidr, options string) (uuid string, err error) { + necessaryV6DHCPOptions := []string{"server_id"} + protocol := util.CheckProtocol(cidr) if protocol != kubeovnv1.ProtocolIPv6 { return "", fmt.Errorf("cidr %s must be a valid ipv4 address", cidr) @@ -157,7 +170,16 @@ func (c *OVNNbClient) updateDHCPv6Options(lsName, cidr, options string) (uuid st /* update */ if dhcpOpt != nil { dhcpOpt.Cidr = cidr - dhcpOpt.Options = parseDHCPOptions(options) + newOptions := parseDHCPOptions(options) + // append necessary options to new options + if dhcpOpt.Options != nil { + for _, option := range necessaryV6DHCPOptions { + if _, ok := newOptions[option]; !ok { + newOptions[option] = dhcpOpt.Options[option] + } + } + } + dhcpOpt.Options = newOptions return dhcpOpt.UUID, c.updateDHCPOptions(dhcpOpt, &dhcpOpt.Cidr, &dhcpOpt.Options) } From 6924c4e6aac50f3f06f5b01b4d4956a7af82d8b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=A5=96=E5=BB=BA?= Date: Wed, 15 May 2024 10:31:32 +0800 Subject: [PATCH 14/57] fix container args (#4020) Signed-off-by: zhangzujian --- charts/kube-ovn/templates/central-deploy.yaml | 2 +- charts/kube-ovn/templates/ic-controller-deploy.yaml | 2 +- charts/kube-ovn/templates/monitor-deploy.yaml | 2 +- charts/kube-ovn/templates/ovncni-ds.yaml | 4 +--- charts/kube-ovn/templates/ovsovn-ds.yaml | 2 +- charts/kube-ovn/templates/pinger-ds.yaml | 3 +-- dist/images/install.sh | 12 +++++------- 7 files changed, 11 insertions(+), 16 deletions(-) diff --git a/charts/kube-ovn/templates/central-deploy.yaml b/charts/kube-ovn/templates/central-deploy.yaml index 0f4044b49af9..f51f30aee52b 100644 --- a/charts/kube-ovn/templates/central-deploy.yaml +++ b/charts/kube-ovn/templates/central-deploy.yaml @@ -44,7 +44,7 @@ spec: - name: ovn-central image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} - command: + args: - /kube-ovn/start-db.sh securityContext: capabilities: diff --git a/charts/kube-ovn/templates/ic-controller-deploy.yaml b/charts/kube-ovn/templates/ic-controller-deploy.yaml index 0d0f225fb1d9..08e6308a04f9 100644 --- a/charts/kube-ovn/templates/ic-controller-deploy.yaml +++ b/charts/kube-ovn/templates/ic-controller-deploy.yaml @@ -45,8 +45,8 @@ spec: - name: ovn-ic-controller image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} - command: ["/kube-ovn/start-ic-controller.sh"] args: + - /kube-ovn/start-ic-controller.sh - --log_file=/var/log/kube-ovn/kube-ovn-ic-controller.log - --log_file_max_size=0 - --logtostderr=false diff --git a/charts/kube-ovn/templates/monitor-deploy.yaml b/charts/kube-ovn/templates/monitor-deploy.yaml index b938ebfedd52..8a570e5dc5cb 100644 --- a/charts/kube-ovn/templates/monitor-deploy.yaml +++ b/charts/kube-ovn/templates/monitor-deploy.yaml @@ -42,8 +42,8 @@ spec: - name: kube-ovn-monitor image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} - command: ["/kube-ovn/start-ovn-monitor.sh"] args: + - /kube-ovn/start-ovn-monitor.sh - --log_file=/var/log/kube-ovn/kube-ovn-monitor.log - --logtostderr=false - --alsologtostderr=true diff --git a/charts/kube-ovn/templates/ovncni-ds.yaml b/charts/kube-ovn/templates/ovncni-ds.yaml index 1dfedf1a8bbb..d3d14edce197 100644 --- a/charts/kube-ovn/templates/ovncni-ds.yaml +++ b/charts/kube-ovn/templates/ovncni-ds.yaml @@ -47,10 +47,8 @@ spec: - name: cni-server image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - bash - - /kube-ovn/start-cniserver.sh args: + - /kube-ovn/start-cniserver.sh - --enable-mirror={{- .Values.debug.ENABLE_MIRROR }} - --mirror-iface={{- .Values.debug.MIRROR_IFACE }} - --node-switch={{ .Values.networking.NODE_SUBNET }} diff --git a/charts/kube-ovn/templates/ovsovn-ds.yaml b/charts/kube-ovn/templates/ovsovn-ds.yaml index 72a5eb40e22f..92c600d726e5 100644 --- a/charts/kube-ovn/templates/ovsovn-ds.yaml +++ b/charts/kube-ovn/templates/ovsovn-ds.yaml @@ -47,7 +47,7 @@ spec: {{- if .Values.DPDK }} command: ["/kube-ovn/start-ovs-dpdk.sh"] {{- else }} - command: + args: {{- if .Values.DISABLE_MODULES_MANAGEMENT }} - /bin/sh - -ec diff --git a/charts/kube-ovn/templates/pinger-ds.yaml b/charts/kube-ovn/templates/pinger-ds.yaml index f54b276ad115..f59dccc12cb0 100644 --- a/charts/kube-ovn/templates/pinger-ds.yaml +++ b/charts/kube-ovn/templates/pinger-ds.yaml @@ -32,9 +32,8 @@ spec: containers: - name: pinger image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} - command: - - /kube-ovn/kube-ovn-pinger args: + - /kube-ovn/kube-ovn-pinger - --external-address= {{- if eq .Values.networking.NET_STACK "dual_stack" -}} {{ .Values.dual_stack.PINGER_EXTERNAL_ADDRESS }} diff --git a/dist/images/install.sh b/dist/images/install.sh index 09f8f7b5c41e..598e8b2cad0f 100755 --- a/dist/images/install.sh +++ b/dist/images/install.sh @@ -3308,7 +3308,7 @@ spec: - name: ovn-central image: "$REGISTRY/kube-ovn:$VERSION" imagePullPolicy: $IMAGE_PULL_POLICY - command: + args: - /kube-ovn/start-db.sh securityContext: capabilities: @@ -3632,7 +3632,7 @@ spec: - name: openvswitch image: "$REGISTRY/kube-ovn:$VERSION" imagePullPolicy: $IMAGE_PULL_POLICY - command: + args: - /kube-ovn/start-ovs.sh securityContext: runAsUser: 0 @@ -4160,10 +4160,8 @@ spec: - name: cni-server image: "$REGISTRY/kube-ovn:$VERSION" imagePullPolicy: $IMAGE_PULL_POLICY - command: - - bash - - /kube-ovn/start-cniserver.sh args: + - /kube-ovn/start-cniserver.sh - --enable-mirror=$ENABLE_MIRROR - --enable-arp-detect-ip-conflict=$ENABLE_ARP_DETECT_IP_CONFLICT - --encap-checksum=true @@ -4461,8 +4459,8 @@ spec: - name: kube-ovn-monitor image: "$REGISTRY/kube-ovn:$VERSION" imagePullPolicy: $IMAGE_PULL_POLICY - command: ["/kube-ovn/start-ovn-monitor.sh"] args: + - /kube-ovn/start-ovn-monitor.sh - --log_file=/var/log/kube-ovn/kube-ovn-monitor.log - --logtostderr=false - --alsologtostderr=true @@ -4671,8 +4669,8 @@ spec: - name: ovn-ic-controller image: "$REGISTRY/kube-ovn:$VERSION" imagePullPolicy: $IMAGE_PULL_POLICY - command: ["/kube-ovn/start-ic-controller.sh"] args: + - /kube-ovn/start-ic-controller.sh - --log_file=/var/log/kube-ovn/kube-ovn-ic-controller.log - --log_file_max_size=0 - --logtostderr=false From 178299a3248f935c5a7683ab98d6390b8536e874 Mon Sep 17 00:00:00 2001 From: bobz965 Date: Wed, 15 May 2024 10:49:27 +0800 Subject: [PATCH 15/57] reconcile iptable to the first position after iptables -t nat -F (#3995) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * reconcile iptable to the first position after iptables -t nat -F --------- Signed-off-by: bobz965 Signed-off-by: root Co-authored-by: 张祖建 --- pkg/daemon/gateway_linux.go | 44 ++++++++++++++++++++++++++++++++++++- pkg/util/iptables.go | 1 + 2 files changed, 44 insertions(+), 1 deletion(-) diff --git a/pkg/daemon/gateway_linux.go b/pkg/daemon/gateway_linux.go index 7bea2577736f..3803fa34f871 100644 --- a/pkg/daemon/gateway_linux.go +++ b/pkg/daemon/gateway_linux.go @@ -413,7 +413,41 @@ func (c *Controller) createIptablesRule(ipt *iptables.IPTables, rule util.IPTabl s := strings.Join(rule.Rule, " ") if exists { - klog.V(3).Infof(`iptables rule %q already exists`, s) + if rule.Table == NAT && rule.Chain == Prerouting { + // make sure the nat prerouting iptable rule is in the first position + natPreroutingRules, err := ipt.List(rule.Table, rule.Chain) + if err != nil { + klog.Errorf("failed to list iptables rules: %v", err) + return err + } + for i, r := range natPreroutingRules { + ruleSpec := util.DoubleQuotedFields(r) + if i == 0 || len(ruleSpec) < 3 { + continue + } + if i == 1 { + if slices.Equal(ruleSpec[2:], rule.Rule) { + klog.V(3).Infof("the first nat prerouting rule is %q", rule.Rule) + continue + } + // iptables -t nat -F could cause this case, auto fix it + klog.Infof("insert nat prerouting rule: %q", rule.Rule) + if err = ipt.Insert(rule.Table, rule.Chain, 1, rule.Rule...); err != nil { + klog.Errorf(`failed to insert iptables rule %q: %v`, s, err) + return err + } + return nil + } + if slices.Equal(ruleSpec[2:], rule.Rule) { + rule.Pos = strconv.Itoa(i) + klog.Warningf("delete the nat prerouting rule: %v", rule) + if err = deleteIptablesRule(ipt, rule); err != nil { + klog.Errorf("failed to delete rule %v: %v", rule, err) + return err + } + } + } + } return nil } @@ -1059,6 +1093,14 @@ func (c *Controller) generateNatOutgoingPolicyChainRules(protocol string) ([]uti } func deleteIptablesRule(ipt *iptables.IPTables, rule util.IPTableRule) error { + klog.V(3).Infof("delete iptables rule: %v", rule) + if rule.Pos != "" { + if err := ipt.Delete(rule.Table, rule.Chain, rule.Pos); err != nil { + klog.Errorf("failed to delete iptables %s rule %q: %v", rule.Chain, strings.Join(rule.Rule, " "), err) + return err + } + return nil + } if err := ipt.DeleteIfExists(rule.Table, rule.Chain, rule.Rule...); err != nil { klog.Errorf("failed to delete iptables rule %q: %v", strings.Join(rule.Rule, " "), err) return err diff --git a/pkg/util/iptables.go b/pkg/util/iptables.go index 0503b26f2f6f..58d68d70f240 100644 --- a/pkg/util/iptables.go +++ b/pkg/util/iptables.go @@ -7,6 +7,7 @@ package util type IPTableRule struct { Table string Chain string + Pos string Rule []string } From 9236508a8ea145a0f788c71328d468ace080772f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=A5=96=E5=BB=BA?= Date: Wed, 15 May 2024 12:44:28 +0800 Subject: [PATCH 16/57] remove unused yamls (#4022) Signed-off-by: zhangzujian --- dist/images/install-ic-server.sh | 2 +- yamls/crd.yaml | 2622 ------------------------------ yamls/kube-ovn-dual-stack.yaml | 655 -------- yamls/kube-ovn-ipv6.yaml | 651 -------- yamls/kube-ovn.yaml | 661 -------- yamls/ovn-dpdk.yaml | 453 ------ yamls/ovn-ha.yaml | 364 ----- yamls/ovn.yaml | 368 ----- yamls/rh-mod-job.yaml | 113 -- yamls/sa.yaml | 338 ---- 10 files changed, 1 insertion(+), 6226 deletions(-) delete mode 100644 yamls/crd.yaml delete mode 100644 yamls/kube-ovn-dual-stack.yaml delete mode 100644 yamls/kube-ovn-ipv6.yaml delete mode 100644 yamls/kube-ovn.yaml delete mode 100644 yamls/ovn-dpdk.yaml delete mode 100644 yamls/ovn-ha.yaml delete mode 100644 yamls/ovn.yaml delete mode 100644 yamls/rh-mod-job.yaml delete mode 100644 yamls/sa.yaml diff --git a/dist/images/install-ic-server.sh b/dist/images/install-ic-server.sh index 7358efe59bda..46096cad484c 100755 --- a/dist/images/install-ic-server.sh +++ b/dist/images/install-ic-server.sh @@ -57,7 +57,7 @@ spec: - name: ovn-ic-server image: "$REGISTRY/kube-ovn:$VERSION" imagePullPolicy: $IMAGE_PULL_POLICY - command: ["/kube-ovn/start-ic-db.sh"] + args: ["/kube-ovn/start-ic-db.sh"] securityContext: capabilities: add: ["SYS_NICE"] diff --git a/yamls/crd.yaml b/yamls/crd.yaml deleted file mode 100644 index c8c0b48fb85e..000000000000 --- a/yamls/crd.yaml +++ /dev/null @@ -1,2622 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: vpc-dnses.kubeovn.io -spec: - group: kubeovn.io - names: - plural: vpc-dnses - singular: vpc-dns - shortNames: - - vpc-dns - kind: VpcDns - listKind: VpcDnsList - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.active - name: Active - type: boolean - - jsonPath: .spec.vpc - name: Vpc - type: string - - jsonPath: .spec.subnet - name: Subnet - type: string - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - vpc: - type: string - subnet: - type: string - replicas: - type: integer - minimum: 1 - maximum: 3 - status: - type: object - properties: - active: - type: boolean - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: switch-lb-rules.kubeovn.io -spec: - group: kubeovn.io - names: - plural: switch-lb-rules - singular: switch-lb-rule - shortNames: - - slr - kind: SwitchLBRule - listKind: SwitchLBRuleList - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .spec.vip - name: vip - type: string - - jsonPath: .status.ports - name: port(s) - type: string - - jsonPath: .status.service - name: service - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - namespace: - type: string - vip: - type: string - sessionAffinity: - type: string - ports: - items: - properties: - name: - type: string - port: - type: integer - minimum: 1 - maximum: 65535 - protocol: - type: string - targetPort: - type: integer - minimum: 1 - maximum: 65535 - type: object - type: array - selector: - items: - type: string - type: array - endpoints: - items: - type: string - type: array - status: - type: object - properties: - ports: - type: string - service: - type: string ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: vpc-nat-gateways.kubeovn.io -spec: - group: kubeovn.io - names: - plural: vpc-nat-gateways - singular: vpc-nat-gateway - shortNames: - - vpc-nat-gw - kind: VpcNatGateway - listKind: VpcNatGatewayList - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .spec.vpc - name: Vpc - type: string - - jsonPath: .spec.subnet - name: Subnet - type: string - - jsonPath: .spec.lanIp - name: LanIP - type: string - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - externalSubnets: - items: - type: string - type: array - selector: - type: array - items: - type: string - qosPolicy: - type: string - tolerations: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - enum: - - Equal - - Exists - value: - type: string - effect: - type: string - enum: - - NoExecute - - NoSchedule - - PreferNoSchedule - tolerationSeconds: - type: integer - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - x-kubernetes-patch-strategy: merge - x-kubernetes-patch-merge-key: key - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - x-kubernetes-patch-strategy: merge - x-kubernetes-patch-merge-key: key - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - x-kubernetes-patch-strategy: merge - x-kubernetes-patch-merge-key: key - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - x-kubernetes-patch-strategy: merge - x-kubernetes-patch-merge-key: key - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - spec: - type: object - properties: - lanIp: - type: string - subnet: - type: string - externalSubnets: - items: - type: string - type: array - vpc: - type: string - selector: - type: array - items: - type: string - qosPolicy: - type: string - tolerations: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - enum: - - Equal - - Exists - value: - type: string - effect: - type: string - enum: - - NoExecute - - NoSchedule - - PreferNoSchedule - tolerationSeconds: - type: integer - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - x-kubernetes-patch-strategy: merge - x-kubernetes-patch-merge-key: key - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - x-kubernetes-patch-strategy: merge - x-kubernetes-patch-merge-key: key - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - x-kubernetes-patch-strategy: merge - x-kubernetes-patch-merge-key: key - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - x-kubernetes-patch-strategy: merge - x-kubernetes-patch-merge-key: key - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: iptables-eips.kubeovn.io -spec: - group: kubeovn.io - names: - plural: iptables-eips - singular: iptables-eip - shortNames: - - eip - kind: IptablesEIP - listKind: IptablesEIPList - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .status.ip - name: IP - type: string - - jsonPath: .spec.macAddress - name: Mac - type: string - - jsonPath: .status.nat - name: Nat - type: string - - jsonPath: .spec.natGwDp - name: NatGwDp - type: string - - jsonPath: .status.ready - name: Ready - type: boolean - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - ready: - type: boolean - ip: - type: string - nat: - type: string - redo: - type: string - qosPolicy: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - spec: - type: object - properties: - v4ip: - type: string - v6ip: - type: string - macAddress: - type: string - natGwDp: - type: string - qosPolicy: - type: string - externalSubnet: - type: string ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: iptables-fip-rules.kubeovn.io -spec: - group: kubeovn.io - names: - plural: iptables-fip-rules - singular: iptables-fip-rule - shortNames: - - fip - kind: IptablesFIPRule - listKind: IptablesFIPRuleList - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .spec.eip - name: Eip - type: string - - jsonPath: .status.v4ip - name: V4ip - type: string - - jsonPath: .spec.internalIp - name: InternalIp - type: string - - jsonPath: .status.v6ip - name: V6ip - type: string - - jsonPath: .status.ready - name: Ready - type: boolean - - jsonPath: .status.natGwDp - name: NatGwDp - type: string - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - ready: - type: boolean - v4ip: - type: string - v6ip: - type: string - natGwDp: - type: string - redo: - type: string - internalIp: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - spec: - type: object - properties: - eip: - type: string - internalIp: - type: string ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: iptables-dnat-rules.kubeovn.io -spec: - group: kubeovn.io - names: - plural: iptables-dnat-rules - singular: iptables-dnat-rule - shortNames: - - dnat - kind: IptablesDnatRule - listKind: IptablesDnatRuleList - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .spec.eip - name: Eip - type: string - - jsonPath: .spec.protocol - name: Protocol - type: string - - jsonPath: .status.v4ip - name: V4ip - type: string - - jsonPath: .status.v6ip - name: V6ip - type: string - - jsonPath: .spec.internalIp - name: InternalIp - type: string - - jsonPath: .spec.externalPort - name: ExternalPort - type: string - - jsonPath: .spec.internalPort - name: InternalPort - type: string - - jsonPath: .status.natGwDp - name: NatGwDp - type: string - - jsonPath: .status.ready - name: Ready - type: boolean - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - ready: - type: boolean - v4ip: - type: string - v6ip: - type: string - natGwDp: - type: string - redo: - type: string - protocol: - type: string - internalIp: - type: string - internalPort: - type: string - externalPort: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - spec: - type: object - properties: - eip: - type: string - externalPort: - type: string - protocol: - type: string - internalIp: - type: string - internalPort: - type: string ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: iptables-snat-rules.kubeovn.io -spec: - group: kubeovn.io - names: - plural: iptables-snat-rules - singular: iptables-snat-rule - shortNames: - - snat - kind: IptablesSnatRule - listKind: IptablesSnatRuleList - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .spec.eip - name: EIP - type: string - - jsonPath: .status.v4ip - name: V4ip - type: string - - jsonPath: .status.v6ip - name: V6ip - type: string - - jsonPath: .spec.internalCIDR - name: InternalCIDR - type: string - - jsonPath: .status.natGwDp - name: NatGwDp - type: string - - jsonPath: .status.ready - name: Ready - type: boolean - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - ready: - type: boolean - v4ip: - type: string - v6ip: - type: string - natGwDp: - type: string - redo: - type: string - internalCIDR: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - spec: - type: object - properties: - eip: - type: string - internalCIDR: - type: string ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ovn-eips.kubeovn.io -spec: - group: kubeovn.io - names: - plural: ovn-eips - singular: ovn-eip - shortNames: - - oeip - kind: OvnEip - listKind: OvnEipList - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .status.v4Ip - name: V4IP - type: string - - jsonPath: .status.v6Ip - name: V6IP - type: string - - jsonPath: .status.macAddress - name: Mac - type: string - - jsonPath: .status.type - name: Type - type: string - - jsonPath: .status.nat - name: Nat - type: string - - jsonPath: .status.ready - name: Ready - type: boolean - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - type: - type: string - nat: - type: string - ready: - type: boolean - v4Ip: - type: string - v6Ip: - type: string - macAddress: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - spec: - type: object - properties: - externalSubnet: - type: string - type: - type: string - v4Ip: - type: string - v6Ip: - type: string - macAddress: - type: string ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ovn-fips.kubeovn.io -spec: - group: kubeovn.io - names: - plural: ovn-fips - singular: ovn-fip - shortNames: - - ofip - kind: OvnFip - listKind: OvnFipList - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .status.vpc - name: Vpc - type: string - - jsonPath: .status.v4Eip - name: V4Eip - type: string - - jsonPath: .status.v6Eip - name: V6Eip - type: string - - jsonPath: .status.v4Ip - name: V4Ip - type: string - - jsonPath: .status.v6Ip - name: V6Ip - type: string - - jsonPath: .status.ready - name: Ready - type: boolean - - jsonPath: .spec.ipType - name: IpType - type: string - - jsonPath: .spec.ipName - name: IpName - type: string - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - ready: - type: boolean - v4Eip: - type: string - v4Ip: - type: string - vpc: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - spec: - type: object - properties: - ovnEip: - type: string - ipType: - type: string - ipName: - type: string - vpc: - type: string - v4Ip: - type: string - v6Ip: - type: string ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ovn-snat-rules.kubeovn.io -spec: - group: kubeovn.io - names: - plural: ovn-snat-rules - singular: ovn-snat-rule - shortNames: - - osnat - kind: OvnSnatRule - listKind: OvnSnatRuleList - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .status.vpc - name: Vpc - type: string - - jsonPath: .status.v4Eip - name: V4Eip - type: string - - jsonPath: .status.v6Eip - name: V6Eip - type: string - - jsonPath: .status.v4IpCidr - name: V4IpCidr - type: string - - jsonPath: .status.v6IpCidr - name: V6IpCidr - type: string - - jsonPath: .status.ready - name: Ready - type: boolean - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - ready: - type: boolean - v4Eip: - type: string - v6Eip: - type: string - v4IpCidr: - type: string - v6IpCidr: - type: string - vpc: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - spec: - type: object - properties: - ovnEip: - type: string - vpcSubnet: - type: string - ipName: - type: string - vpc: - type: string - v4IpCidr: - type: string - v6IpCidr: - type: string ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ovn-dnat-rules.kubeovn.io -spec: - group: kubeovn.io - names: - plural: ovn-dnat-rules - singular: ovn-dnat-rule - shortNames: - - odnat - kind: OvnDnatRule - listKind: OvnDnatRuleList - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .status.vpc - name: Vpc - type: string - - jsonPath: .spec.ovnEip - name: Eip - type: string - - jsonPath: .status.protocol - name: Protocol - type: string - - jsonPath: .status.v4Eip - name: V4Eip - type: string - - jsonPath: .status.v6Eip - name: V6Eip - type: string - - jsonPath: .status.v4Ip - name: V4Ip - type: string - - jsonPath: .status.v6Ip - name: V6Ip - type: string - - jsonPath: .status.internalPort - name: InternalPort - type: string - - jsonPath: .status.externalPort - name: ExternalPort - type: string - - jsonPath: .spec.ipName - name: IpName - type: string - - jsonPath: .status.ready - name: Ready - type: boolean - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - ready: - type: boolean - v4Eip: - type: string - v4Ip: - type: string - vpc: - type: string - externalPort: - type: string - internalPort: - type: string - protocol: - type: string - ipName: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - spec: - type: object - properties: - ovnEip: - type: string - ipType: - type: string - ipName: - type: string - externalPort: - type: string - internalPort: - type: string - protocol: - type: string - vpc: - type: string - v4Ip: - type: string - v6Ip: - type: string ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: vpcs.kubeovn.io -spec: - group: kubeovn.io - versions: - - additionalPrinterColumns: - - jsonPath: .status.enableExternal - name: EnableExternal - type: boolean - - jsonPath: .status.enableBfd - name: EnableBfd - type: boolean - - jsonPath: .status.standby - name: Standby - type: boolean - - jsonPath: .status.subnets - name: Subnets - type: string - - jsonPath: .status.extraExternalSubnets - name: ExtraExternalSubnets - type: string - - jsonPath: .spec.namespaces - name: Namespaces - type: string - name: v1 - schema: - openAPIV3Schema: - properties: - spec: - properties: - enableExternal: - type: boolean - enableBfd: - type: boolean - namespaces: - items: - type: string - type: array - extraExternalSubnets: - items: - type: string - type: array - staticRoutes: - items: - properties: - policy: - type: string - cidr: - type: string - nextHopIP: - type: string - ecmpMode: - type: string - bfdId: - type: string - routeTable: - type: string - type: object - type: array - policyRoutes: - items: - properties: - priority: - type: integer - action: - type: string - match: - type: string - nextHopIP: - type: string - type: object - type: array - vpcPeerings: - items: - properties: - remoteVpc: - type: string - localConnectIP: - type: string - type: object - type: array - type: object - status: - properties: - conditions: - items: - properties: - lastTransitionTime: - type: string - lastUpdateTime: - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - default: - type: boolean - defaultLogicalSwitch: - type: string - router: - type: string - standby: - type: boolean - enableExternal: - type: boolean - enableBfd: - type: boolean - subnets: - items: - type: string - type: array - extraExternalSubnets: - items: - type: string - type: array - vpcPeerings: - items: - type: string - type: array - tcpLoadBalancer: - type: string - tcpSessionLoadBalancer: - type: string - udpLoadBalancer: - type: string - udpSessionLoadBalancer: - type: string - sctpLoadBalancer: - type: string - sctpSessionLoadBalancer: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - names: - kind: Vpc - listKind: VpcList - plural: vpcs - shortNames: - - vpc - singular: vpc - scope: Cluster ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ips.kubeovn.io -spec: - group: kubeovn.io - versions: - - name: v1 - served: true - storage: true - additionalPrinterColumns: - - name: V4IP - type: string - jsonPath: .spec.v4IpAddress - - name: V6IP - type: string - jsonPath: .spec.v6IpAddress - - name: Mac - type: string - jsonPath: .spec.macAddress - - name: Node - type: string - jsonPath: .spec.nodeName - - name: Subnet - type: string - jsonPath: .spec.subnet - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - podName: - type: string - namespace: - type: string - subnet: - type: string - attachSubnets: - type: array - items: - type: string - nodeName: - type: string - ipAddress: - type: string - v4IpAddress: - type: string - v6IpAddress: - type: string - attachIps: - type: array - items: - type: string - macAddress: - type: string - attachMacs: - type: array - items: - type: string - containerID: - type: string - podType: - type: string - scope: Cluster - names: - plural: ips - singular: ip - kind: IP - shortNames: - - ip ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: vips.kubeovn.io -spec: - group: kubeovn.io - names: - plural: vips - singular: vip - shortNames: - - vip - kind: Vip - listKind: VipList - scope: Cluster - versions: - - name: v1 - served: true - storage: true - additionalPrinterColumns: - - name: V4IP - type: string - jsonPath: .status.v4ip - - name: V6IP - type: string - jsonPath: .status.v6ip - - name: Mac - type: string - jsonPath: .status.mac - - name: PMac - type: string - jsonPath: .spec.parentMac - - name: Subnet - type: string - jsonPath: .spec.subnet - - jsonPath: .status.ready - name: Ready - type: boolean - - jsonPath: .status.type - name: Type - type: string - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - type: - type: string - ready: - type: boolean - v4ip: - type: string - v6ip: - type: string - mac: - type: string - pv4ip: - type: string - pv6ip: - type: string - pmac: - type: string - selector: - type: array - items: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - spec: - type: object - properties: - namespace: - type: string - subnet: - type: string - type: - type: string - attachSubnets: - type: array - items: - type: string - v4ip: - type: string - macAddress: - type: string - v6ip: - type: string - parentV4ip: - type: string - parentMac: - type: string - parentV6ip: - type: string - selector: - type: array - items: - type: string ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: subnets.kubeovn.io -spec: - group: kubeovn.io - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Provider - type: string - jsonPath: .spec.provider - - name: Vpc - type: string - jsonPath: .spec.vpc - - name: Vlan - type: string - jsonPath: .spec.vlan - - name: Protocol - type: string - jsonPath: .spec.protocol - - name: CIDR - type: string - jsonPath: .spec.cidrBlock - - name: Private - type: boolean - jsonPath: .spec.private - - name: NAT - type: boolean - jsonPath: .spec.natOutgoing - - name: Default - type: boolean - jsonPath: .spec.default - - name: GatewayType - type: string - jsonPath: .spec.gatewayType - - name: V4Used - type: number - jsonPath: .status.v4usingIPs - - name: V4Available - type: number - jsonPath: .status.v4availableIPs - - name: V6Used - type: number - jsonPath: .status.v6usingIPs - - name: V6Available - type: number - jsonPath: .status.v6availableIPs - - name: ExcludeIPs - type: string - jsonPath: .spec.excludeIps - - name: U2OInterconnectionIP - type: string - jsonPath: .status.u2oInterconnectionIP - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - v4availableIPs: - type: number - v4usingIPs: - type: number - v6availableIPs: - type: number - v6usingIPs: - type: number - activateGateway: - type: string - dhcpV4OptionsUUID: - type: string - dhcpV6OptionsUUID: - type: string - u2oInterconnectionIP: - type: string - u2oInterconnectionVPC: - type: string - v4usingIPrange: - type: string - v4availableIPrange: - type: string - v6usingIPrange: - type: string - v6availableIPrange: - type: string - natOutgoingPolicyRules: - type: array - items: - type: object - properties: - ruleID: - type: string - action: - type: string - enum: - - nat - - forward - match: - type: object - properties: - srcIPs: - type: string - dstIPs: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - spec: - type: object - properties: - vpc: - type: string - default: - type: boolean - protocol: - type: string - enum: - - IPv4 - - IPv6 - - Dual - cidrBlock: - type: string - namespaces: - type: array - items: - type: string - gateway: - type: string - provider: - type: string - excludeIps: - type: array - items: - type: string - vips: - type: array - items: - type: string - gatewayType: - type: string - allowSubnets: - type: array - items: - type: string - gatewayNode: - type: string - natOutgoing: - type: boolean - externalEgressGateway: - type: string - policyRoutingPriority: - type: integer - minimum: 1 - maximum: 32765 - policyRoutingTableID: - type: integer - minimum: 1 - maximum: 2147483647 - not: - enum: - - 252 # compat - - 253 # default - - 254 # main - - 255 # local - mtu: - type: integer - minimum: 68 - maximum: 65535 - private: - type: boolean - vlan: - type: string - logicalGateway: - type: boolean - disableGatewayCheck: - type: boolean - disableInterConnection: - type: boolean - enableDHCP: - type: boolean - dhcpV4Options: - type: string - dhcpV6Options: - type: string - enableIPv6RA: - type: boolean - ipv6RAConfigs: - type: string - allowEWTraffic: - type: boolean - acls: - type: array - items: - type: object - properties: - direction: - type: string - enum: - - from-lport - - to-lport - priority: - type: integer - minimum: 0 - maximum: 32767 - match: - type: string - action: - type: string - enum: - - allow-related - - allow-stateless - - allow - - drop - - reject - natOutgoingPolicyRules: - type: array - items: - type: object - properties: - action: - type: string - enum: - - nat - - forward - match: - type: object - properties: - srcIPs: - type: string - dstIPs: - type: string - u2oInterconnection: - type: boolean - u2oInterconnectionIP: - type: string - enableLb: - type: boolean - enableEcmp: - type: boolean - enableMulticastSnoop: - type: boolean - routeTable: - type: string - scope: Cluster - names: - plural: subnets - singular: subnet - kind: Subnet - shortNames: - - subnet ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ippools.kubeovn.io -spec: - group: kubeovn.io - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Subnet - type: string - jsonPath: .spec.subnet - - name: IPs - type: string - jsonPath: .spec.ips - - name: V4Used - type: number - jsonPath: .status.v4UsingIPs - - name: V4Available - type: number - jsonPath: .status.v4AvailableIPs - - name: V6Used - type: number - jsonPath: .status.v6UsingIPs - - name: V6Available - type: number - jsonPath: .status.v6AvailableIPs - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - subnet: - type: string - x-kubernetes-validations: - - rule: "self == oldSelf" - message: "This field is immutable." - namespaces: - type: array - x-kubernetes-list-type: set - items: - type: string - ips: - type: array - minItems: 1 - x-kubernetes-list-type: set - items: - type: string - anyOf: - - format: ipv4 - - format: ipv6 - - format: cidr - - pattern: ^(?:(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\.){3}(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\.\.(?:(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\.){3}(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])$ - - pattern: ^((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|:)))\.\.((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|:)))$ - required: - - subnet - - ips - status: - type: object - properties: - v4AvailableIPs: - type: number - v4UsingIPs: - type: number - v6AvailableIPs: - type: number - v6UsingIPs: - type: number - v4AvailableIPRange: - type: string - v4UsingIPRange: - type: string - v6AvailableIPRange: - type: string - v6UsingIPRange: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - scope: Cluster - names: - plural: ippools - singular: ippool - kind: IPPool - shortNames: - - ippool ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: vlans.kubeovn.io -spec: - group: kubeovn.io - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - id: - type: integer - minimum: 0 - maximum: 4095 - provider: - type: string - vlanId: - type: integer - description: Deprecated in favor of id - providerInterfaceName: - type: string - description: Deprecated in favor of provider - required: - - provider - status: - type: object - properties: - subnets: - type: array - items: - type: string - additionalPrinterColumns: - - name: ID - type: string - jsonPath: .spec.id - - name: Provider - type: string - jsonPath: .spec.provider - scope: Cluster - names: - plural: vlans - singular: vlan - kind: Vlan - shortNames: - - vlan ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: provider-networks.kubeovn.io -spec: - group: kubeovn.io - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - properties: - metadata: - type: object - properties: - name: - type: string - maxLength: 12 - not: - enum: - - int - spec: - type: object - properties: - defaultInterface: - type: string - maxLength: 15 - pattern: '^[^/\s]+$' - customInterfaces: - type: array - items: - type: object - properties: - interface: - type: string - maxLength: 15 - pattern: '^[^/\s]+$' - nodes: - type: array - items: - type: string - exchangeLinkName: - type: boolean - excludeNodes: - type: array - items: - type: string - required: - - defaultInterface - status: - type: object - properties: - ready: - type: boolean - readyNodes: - type: array - items: - type: string - notReadyNodes: - type: array - items: - type: string - vlans: - type: array - items: - type: string - conditions: - type: array - items: - type: object - properties: - node: - type: string - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - additionalPrinterColumns: - - name: DefaultInterface - type: string - jsonPath: .spec.defaultInterface - - name: Ready - type: boolean - jsonPath: .status.ready - scope: Cluster - names: - plural: provider-networks - singular: provider-network - kind: ProviderNetwork - listKind: ProviderNetworkList ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: security-groups.kubeovn.io -spec: - group: kubeovn.io - names: - plural: security-groups - singular: security-group - shortNames: - - sg - kind: SecurityGroup - listKind: SecurityGroupList - scope: Cluster - versions: - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - ingressRules: - type: array - items: - type: object - properties: - ipVersion: - type: string - protocol: - type: string - priority: - type: integer - remoteType: - type: string - remoteAddress: - type: string - remoteSecurityGroup: - type: string - portRangeMin: - type: integer - portRangeMax: - type: integer - policy: - type: string - egressRules: - type: array - items: - type: object - properties: - ipVersion: - type: string - protocol: - type: string - priority: - type: integer - remoteType: - type: string - remoteAddress: - type: string - remoteSecurityGroup: - type: string - portRangeMin: - type: integer - portRangeMax: - type: integer - policy: - type: string - allowSameGroupTraffic: - type: boolean - status: - type: object - properties: - portGroup: - type: string - allowSameGroupTraffic: - type: boolean - ingressMd5: - type: string - egressMd5: - type: string - ingressLastSyncSuccess: - type: boolean - egressLastSyncSuccess: - type: boolean - subresources: - status: {} - conversion: - strategy: None ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: qos-policies.kubeovn.io -spec: - group: kubeovn.io - names: - plural: qos-policies - singular: qos-policy - shortNames: - - qos - kind: QoSPolicy - listKind: QoSPolicyList - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .spec.shared - name: Shared - type: string - - jsonPath: .spec.bindingType - name: BindingType - type: string - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - shared: - type: boolean - bindingType: - type: string - bandwidthLimitRules: - type: array - items: - type: object - properties: - name: - type: string - interface: - type: string - rateMax: - type: string - burstMax: - type: string - priority: - type: integer - direction: - type: string - matchType: - type: string - matchValue: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - spec: - type: object - properties: - shared: - type: boolean - bindingType: - type: string - bandwidthLimitRules: - type: array - items: - type: object - properties: - name: - type: string - interface: - type: string - rateMax: - type: string - burstMax: - type: string - priority: - type: integer - direction: - type: string - matchType: - type: string - matchValue: - type: string - required: - - name - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map diff --git a/yamls/kube-ovn-dual-stack.yaml b/yamls/kube-ovn-dual-stack.yaml deleted file mode 100644 index 45fef48dc51c..000000000000 --- a/yamls/kube-ovn-dual-stack.yaml +++ /dev/null @@ -1,655 +0,0 @@ -kind: Deployment -apiVersion: apps/v1 -metadata: - name: kube-ovn-controller - namespace: kube-system - annotations: - kubernetes.io/description: | - kube-ovn controller -spec: - replicas: 1 - selector: - matchLabels: - app: kube-ovn-controller - strategy: - rollingUpdate: - maxSurge: 0% - maxUnavailable: 100% - type: RollingUpdate - template: - metadata: - labels: - app: kube-ovn-controller - component: network - type: infra - spec: - tolerations: - - effect: NoSchedule - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - affinity: - nodeAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: "ovn.kubernetes.io/ic-gw" - operator: NotIn - values: - - "true" - weight: 100 - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app: kube-ovn-controller - topologyKey: kubernetes.io/hostname - priorityClassName: system-cluster-critical - serviceAccountName: ovn - hostNetwork: true - containers: - - name: kube-ovn-controller - image: "kubeovn/kube-ovn:v1.13.0" - imagePullPolicy: IfNotPresent - args: - - /kube-ovn/start-controller.sh - - --default-cidr=10.16.0.0/16,fd00:10:16::/64 - - --default-gateway=10.16.0.1,fd00:10:16::1 - - --default-gateway-check=true - - --default-logical-gateway=false - - --default-u2o-interconnection=false - - --default-exclude-ips= - - --node-switch-cidr=100.64.0.0/16,fd00:100:64::/64 - - --service-cluster-ip-range=10.96.0.0/12,fd00:10:96::/112 - - --network-type=geneve - - --default-interface-name= - - --default-exchange-link-name=false - - --default-vlan-id=100 - - --ls-dnat-mod-dl-dst=true - - --ls-ct-skip-dst-lport-ips=true - - --pod-nic-type=veth-pair - - --enable-lb=true - - --enable-np=true - - --enable-eip-snat=true - - --enable-external-vpc=true - - --logtostderr=false - - --alsologtostderr=true - - --gc-interval=360 - - --inspect-interval=20 - - --log_file=/var/log/kube-ovn/kube-ovn-controller.log - - --log_file_max_size=0 - - --enable-lb-svc=false - - --keep-vm-ip=true - - --node-local-dns-ip= - env: - - name: ENABLE_SSL - value: "false" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBE_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_IPS - valueFrom: - fieldRef: - fieldPath: status.podIPs - - name: ENABLE_BIND_LOCAL_IP - value: "true" - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /var/log/kube-ovn - name: kube-ovn-log - # ovn-ic log directory - - mountPath: /var/log/ovn - name: ovn-log - - mountPath: /var/run/tls - name: kube-ovn-tls - readinessProbe: - exec: - command: - - /kube-ovn/kube-ovn-controller-healthcheck - periodSeconds: 3 - timeoutSeconds: 45 - livenessProbe: - exec: - command: - - /kube-ovn/kube-ovn-controller-healthcheck - initialDelaySeconds: 300 - periodSeconds: 7 - failureThreshold: 5 - timeoutSeconds: 45 - resources: - requests: - cpu: 200m - memory: 200Mi - limits: - cpu: 1000m - memory: 1Gi - nodeSelector: - kubernetes.io/os: "linux" - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: kube-ovn-log - hostPath: - path: /var/log/kube-ovn - - name: ovn-log - hostPath: - path: /var/log/ovn - - name: kube-ovn-tls - secret: - optional: true - secretName: kube-ovn-tls - ---- -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: kube-ovn-cni - namespace: kube-system - annotations: - kubernetes.io/description: | - This daemon set launches the kube-ovn cni daemon. -spec: - selector: - matchLabels: - app: kube-ovn-cni - template: - metadata: - labels: - app: kube-ovn-cni - component: network - type: infra - spec: - tolerations: - - effect: NoSchedule - operator: Exists - - effect: NoExecute - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - priorityClassName: system-node-critical - serviceAccountName: kube-ovn-cni - hostNetwork: true - hostPID: true - initContainers: - - name: install-cni - image: "kubeovn/kube-ovn:v1.13.0" - imagePullPolicy: IfNotPresent - command: ["/kube-ovn/install-cni.sh"] - securityContext: - runAsUser: 0 - privileged: true - volumeMounts: - - mountPath: /opt/cni/bin - name: cni-bin - - mountPath: /usr/local/bin - name: local-bin - containers: - - name: cni-server - image: "kubeovn/kube-ovn:v1.13.0" - imagePullPolicy: IfNotPresent - command: - - bash - - /kube-ovn/start-cniserver.sh - args: - - --enable-mirror=false - - --encap-checksum=true - - --service-cluster-ip-range=10.96.0.0/12,fd00:10:96::/112 - - --iface= - - --dpdk-tunnel-iface=br-phy - - --network-type=geneve - - --default-interface-name= - - --cni-conf-name=01-kube-ovn.conflist - - --logtostderr=false - - --alsologtostderr=true - - --log_file=/var/log/kube-ovn/kube-ovn-cni.log - - --log_file_max_size=0 - - --enable-tproxy=false - - --ovs-vsctl-concurrency=100 - securityContext: - runAsUser: 0 - privileged: true - env: - - name: ENABLE_SSL - value: "false" - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_IPS - valueFrom: - fieldRef: - fieldPath: status.podIPs - - name: ENABLE_BIND_LOCAL_IP - value: "true" - - name: DBUS_SYSTEM_BUS_ADDRESS - value: "unix:path=/host/var/run/dbus/system_bus_socket" - volumeMounts: - - name: host-modules - mountPath: /lib/modules - readOnly: true - - name: shared-dir - mountPath: /var/lib/kubelet/pods - - mountPath: /etc/openvswitch - name: systemid - readOnly: true - - mountPath: /etc/cni/net.d - name: cni-conf - - mountPath: /run/openvswitch - name: host-run-ovs - mountPropagation: HostToContainer - - mountPath: /run/ovn - name: host-run-ovn - - mountPath: /host/var/run/dbus - name: host-dbus - mountPropagation: HostToContainer - - mountPath: /var/run/netns - name: host-ns - mountPropagation: HostToContainer - - mountPath: /var/log/kube-ovn - name: kube-ovn-log - - mountPath: /var/log/openvswitch - name: host-log-ovs - - mountPath: /var/log/ovn - name: host-log-ovn - - mountPath: /etc/localtime - name: localtime - readOnly: true - livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 30 - periodSeconds: 7 - successThreshold: 1 - tcpSocket: - port: 10665 - timeoutSeconds: 3 - readinessProbe: - failureThreshold: 3 - periodSeconds: 7 - successThreshold: 1 - tcpSocket: - port: 10665 - timeoutSeconds: 3 - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 1000m - memory: 1Gi - nodeSelector: - kubernetes.io/os: "linux" - volumes: - - name: host-modules - hostPath: - path: /lib/modules - - name: shared-dir - hostPath: - path: /var/lib/kubelet/pods - - name: systemid - hostPath: - path: /etc/origin/openvswitch - - name: host-run-ovs - hostPath: - path: /run/openvswitch - - name: host-run-ovn - hostPath: - path: /run/ovn - - name: cni-conf - hostPath: - path: /etc/cni/net.d - - name: cni-bin - hostPath: - path: /opt/cni/bin - - name: host-ns - hostPath: - path: /var/run/netns - - name: host-dbus - hostPath: - path: /var/run/dbus - - name: host-log-ovs - hostPath: - path: /var/log/openvswitch - - name: kube-ovn-log - hostPath: - path: /var/log/kube-ovn - - name: host-log-ovn - hostPath: - path: /var/log/ovn - - name: localtime - hostPath: - path: /etc/localtime - - name: local-bin - hostPath: - path: /usr/local/bin - ---- -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: kube-ovn-pinger - namespace: kube-system - annotations: - kubernetes.io/description: | - This daemon set launches the pinger daemon. -spec: - selector: - matchLabels: - app: kube-ovn-pinger - updateStrategy: - type: RollingUpdate - template: - metadata: - labels: - app: kube-ovn-pinger - component: network - type: infra - spec: - priorityClassName: system-node-critical - serviceAccountName: kube-ovn-app - hostPID: true - containers: - - name: pinger - image: "kubeovn/kube-ovn:v1.13.0" - command: - - /kube-ovn/kube-ovn-pinger - args: - - --external-address=1.1.1.1,2606:4700:4700::1111 - - --external-dns=google.com. - - --logtostderr=false - - --alsologtostderr=true - - --log_file=/var/log/kube-ovn/kube-ovn-pinger.log - - --log_file_max_size=0 - imagePullPolicy: IfNotPresent - securityContext: - runAsUser: 0 - privileged: false - env: - - name: ENABLE_SSL - value: "false" - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - volumeMounts: - - mountPath: /var/run/openvswitch - name: host-run-ovs - - mountPath: /var/run/ovn - name: host-run-ovn - - mountPath: /etc/openvswitch - name: host-config-openvswitch - - mountPath: /var/log/openvswitch - name: host-log-ovs - readOnly: true - - mountPath: /var/log/ovn - name: host-log-ovn - readOnly: true - - mountPath: /var/log/kube-ovn - name: kube-ovn-log - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /var/run/tls - name: kube-ovn-tls - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 200m - memory: 400Mi - nodeSelector: - kubernetes.io/os: "linux" - volumes: - - name: host-run-ovs - hostPath: - path: /run/openvswitch - - name: host-run-ovn - hostPath: - path: /run/ovn - - name: host-config-openvswitch - hostPath: - path: /etc/origin/openvswitch - - name: host-log-ovs - hostPath: - path: /var/log/openvswitch - - name: kube-ovn-log - hostPath: - path: /var/log/kube-ovn - - name: host-log-ovn - hostPath: - path: /var/log/ovn - - name: localtime - hostPath: - path: /etc/localtime - - name: kube-ovn-tls - secret: - optional: true - secretName: kube-ovn-tls ---- -kind: Deployment -apiVersion: apps/v1 -metadata: - name: kube-ovn-monitor - namespace: kube-system - annotations: - kubernetes.io/description: | - Metrics for OVN components: northd, nb and sb. -spec: - replicas: 1 - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - type: RollingUpdate - selector: - matchLabels: - app: kube-ovn-monitor - template: - metadata: - labels: - app: kube-ovn-monitor - component: network - type: infra - spec: - tolerations: - - effect: NoSchedule - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app: kube-ovn-monitor - topologyKey: kubernetes.io/hostname - priorityClassName: system-cluster-critical - serviceAccountName: kube-ovn-app - hostNetwork: true - containers: - - name: kube-ovn-monitor - image: "kubeovn/kube-ovn:v1.13.0" - imagePullPolicy: IfNotPresent - command: ["/kube-ovn/start-ovn-monitor.sh"] - args: - - --log_file=/var/log/kube-ovn/kube-ovn-monitor.log - - --logtostderr=false - - --alsologtostderr=true - - --log_file_max_size=0 - securityContext: - runAsUser: 0 - privileged: false - env: - - name: ENABLE_SSL - value: "false" - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_IPS - valueFrom: - fieldRef: - fieldPath: status.podIPs - - name: ENABLE_BIND_LOCAL_IP - value: "true" - resources: - requests: - cpu: 200m - memory: 200Mi - limits: - cpu: 200m - memory: 200Mi - volumeMounts: - - mountPath: /var/run/openvswitch - name: host-run-ovs - - mountPath: /var/run/ovn - name: host-run-ovn - - mountPath: /etc/openvswitch - name: host-config-openvswitch - - mountPath: /etc/ovn - name: host-config-ovn - - mountPath: /var/log/ovn - name: host-log-ovn - readOnly: true - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /var/run/tls - name: kube-ovn-tls - - mountPath: /var/log/kube-ovn - name: kube-ovn-log - readinessProbe: - exec: - command: - - cat - - /var/run/ovn/ovn-controller.pid - periodSeconds: 10 - timeoutSeconds: 45 - livenessProbe: - exec: - command: - - cat - - /var/run/ovn/ovn-controller.pid - initialDelaySeconds: 30 - periodSeconds: 10 - failureThreshold: 5 - timeoutSeconds: 45 - nodeSelector: - kubernetes.io/os: "linux" - kube-ovn/role: "master" - volumes: - - name: host-run-ovs - hostPath: - path: /run/openvswitch - - name: host-run-ovn - hostPath: - path: /run/ovn - - name: host-config-openvswitch - hostPath: - path: /etc/origin/openvswitch - - name: host-config-ovn - hostPath: - path: /etc/origin/ovn - - name: host-log-ovn - hostPath: - path: /var/log/ovn - - name: localtime - hostPath: - path: /etc/localtime - - name: kube-ovn-tls - secret: - optional: true - secretName: kube-ovn-tls - - name: kube-ovn-log - hostPath: - path: /var/log/kube-ovn ---- -kind: Service -apiVersion: v1 -metadata: - name: kube-ovn-monitor - namespace: kube-system - labels: - app: kube-ovn-monitor -spec: - ports: - - name: metrics - port: 10661 - type: ClusterIP - ipFamilyPolicy: PreferDualStack - selector: - app: kube-ovn-monitor - sessionAffinity: None ---- -kind: Service -apiVersion: v1 -metadata: - name: kube-ovn-pinger - namespace: kube-system - labels: - app: kube-ovn-pinger -spec: - ipFamilyPolicy: PreferDualStack - selector: - app: kube-ovn-pinger - ports: - - port: 8080 - name: metrics ---- -kind: Service -apiVersion: v1 -metadata: - name: kube-ovn-controller - namespace: kube-system - labels: - app: kube-ovn-controller -spec: - ipFamilyPolicy: PreferDualStack - selector: - app: kube-ovn-controller - ports: - - port: 10660 - name: metrics ---- -kind: Service -apiVersion: v1 -metadata: - name: kube-ovn-cni - namespace: kube-system - labels: - app: kube-ovn-cni -spec: - ipFamilyPolicy: PreferDualStack - selector: - app: kube-ovn-cni - ports: - - port: 10665 - name: metrics diff --git a/yamls/kube-ovn-ipv6.yaml b/yamls/kube-ovn-ipv6.yaml deleted file mode 100644 index 69799295a939..000000000000 --- a/yamls/kube-ovn-ipv6.yaml +++ /dev/null @@ -1,651 +0,0 @@ -kind: Deployment -apiVersion: apps/v1 -metadata: - name: kube-ovn-controller - namespace: kube-system - annotations: - kubernetes.io/description: | - kube-ovn controller -spec: - replicas: 1 - selector: - matchLabels: - app: kube-ovn-controller - strategy: - rollingUpdate: - maxSurge: 0% - maxUnavailable: 100% - type: RollingUpdate - template: - metadata: - labels: - app: kube-ovn-controller - component: network - type: infra - spec: - tolerations: - - effect: NoSchedule - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - affinity: - nodeAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: "ovn.kubernetes.io/ic-gw" - operator: NotIn - values: - - "true" - weight: 100 - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app: kube-ovn-controller - topologyKey: kubernetes.io/hostname - priorityClassName: system-cluster-critical - serviceAccountName: ovn - hostNetwork: true - containers: - - name: kube-ovn-controller - image: "kubeovn/kube-ovn:v1.13.0" - imagePullPolicy: IfNotPresent - args: - - /kube-ovn/start-controller.sh - - --default-cidr=2001:db8:0000:0000::/64 - - --default-gateway=2001:db8:0000:0000::1 - - --default-gateway-check=true - - --default-logical-gateway=false - - --default-u2o-interconnection=false - - --default-exclude-ips= - - --node-switch-cidr=2001:db8:0000:0001::/64 - - --service-cluster-ip-range=fd00:10:96::/112 - - --network-type=geneve - - --default-interface-name= - - --default-exchange-link-name=false - - --default-vlan-id=100 - - --ls-dnat-mod-dl-dst=true - - --ls-ct-skip-dst-lport-ips=true - - --pod-nic-type=veth-pair - - --enable-lb=true - - --enable-np=true - - --enable-eip-snat=true - - --enable-external-vpc=true - - --logtostderr=false - - --alsologtostderr=true - - --gc-interval=360 - - --inspect-interval=20 - - --log_file=/var/log/kube-ovn/kube-ovn-controller.log - - --log_file_max_size=0 - - --enable-lb-svc=false - - --keep-vm-ip=true - - --node-local-dns-ip= - env: - - name: ENABLE_SSL - value: "false" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBE_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_IPS - valueFrom: - fieldRef: - fieldPath: status.podIPs - - name: ENABLE_BIND_LOCAL_IP - value: "true" - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /var/log/kube-ovn - name: kube-ovn-log - # ovn-ic log directory - - mountPath: /var/log/ovn - name: ovn-log - - mountPath: /var/run/tls - name: kube-ovn-tls - readinessProbe: - exec: - command: - - /kube-ovn/kube-ovn-controller-healthcheck - periodSeconds: 3 - timeoutSeconds: 45 - livenessProbe: - exec: - command: - - /kube-ovn/kube-ovn-controller-healthcheck - initialDelaySeconds: 300 - periodSeconds: 7 - failureThreshold: 5 - timeoutSeconds: 45 - resources: - requests: - cpu: 200m - memory: 200Mi - limits: - cpu: 1000m - memory: 1Gi - nodeSelector: - kubernetes.io/os: "linux" - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: kube-ovn-log - hostPath: - path: /var/log/kube-ovn - - name: ovn-log - hostPath: - path: /var/log/ovn - - name: kube-ovn-tls - secret: - optional: true - secretName: kube-ovn-tls - ---- -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: kube-ovn-cni - namespace: kube-system - annotations: - kubernetes.io/description: | - This daemon set launches the kube-ovn cni daemon. -spec: - selector: - matchLabels: - app: kube-ovn-cni - template: - metadata: - labels: - app: kube-ovn-cni - component: network - type: infra - spec: - tolerations: - - effect: NoSchedule - operator: Exists - - effect: NoExecute - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - priorityClassName: system-node-critical - serviceAccountName: kube-ovn-cni - hostNetwork: true - hostPID: true - initContainers: - - name: install-cni - image: "kubeovn/kube-ovn:v1.13.0" - imagePullPolicy: IfNotPresent - command: ["/kube-ovn/install-cni.sh"] - securityContext: - runAsUser: 0 - privileged: true - volumeMounts: - - mountPath: /opt/cni/bin - name: cni-bin - - mountPath: /usr/local/bin - name: local-bin - containers: - - name: cni-server - image: "kubeovn/kube-ovn:v1.13.0" - imagePullPolicy: IfNotPresent - command: - - bash - - /kube-ovn/start-cniserver.sh - args: - - --enable-mirror=false - - --encap-checksum=true - - --service-cluster-ip-range=fd00:10:96::/112 - - --iface= - - --dpdk-tunnel-iface=br-phy - - --network-type=geneve - - --default-interface-name= - - --cni-conf-name=01-kube-ovn.conflist - - --logtostderr=false - - --alsologtostderr=true - - --log_file=/var/log/kube-ovn/kube-ovn-cni.log - - --log_file_max_size=0 - - --enable-tproxy=false - - --ovs-vsctl-concurrency=100 - securityContext: - runAsUser: 0 - privileged: true - env: - - name: ENABLE_SSL - value: "false" - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_IPS - valueFrom: - fieldRef: - fieldPath: status.podIPs - - name: ENABLE_BIND_LOCAL_IP - value: "true" - - name: DBUS_SYSTEM_BUS_ADDRESS - value: "unix:path=/host/var/run/dbus/system_bus_socket" - volumeMounts: - - name: host-modules - mountPath: /lib/modules - readOnly: true - - name: shared-dir - mountPath: /var/lib/kubelet/pods - - mountPath: /etc/openvswitch - name: systemid - readOnly: true - - mountPath: /etc/cni/net.d - name: cni-conf - - mountPath: /run/openvswitch - name: host-run-ovs - mountPropagation: HostToContainer - - mountPath: /run/ovn - name: host-run-ovn - - mountPath: /host/var/run/dbus - name: host-dbus - mountPropagation: HostToContainer - - mountPath: /var/run/netns - name: host-ns - mountPropagation: HostToContainer - - mountPath: /var/log/kube-ovn - name: kube-ovn-log - - mountPath: /var/log/openvswitch - name: host-log-ovs - - mountPath: /var/log/ovn - name: host-log-ovn - - mountPath: /etc/localtime - name: localtime - readOnly: true - livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 30 - periodSeconds: 7 - successThreshold: 1 - tcpSocket: - port: 10665 - timeoutSeconds: 3 - readinessProbe: - failureThreshold: 3 - periodSeconds: 7 - successThreshold: 1 - tcpSocket: - port: 10665 - timeoutSeconds: 3 - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 1000m - memory: 1Gi - nodeSelector: - kubernetes.io/os: "linux" - volumes: - - name: host-modules - hostPath: - path: /lib/modules - - name: shared-dir - hostPath: - path: /var/lib/kubelet/pods - - name: systemid - hostPath: - path: /etc/origin/openvswitch - - name: host-run-ovs - hostPath: - path: /run/openvswitch - - name: host-run-ovn - hostPath: - path: /run/ovn - - name: cni-conf - hostPath: - path: /etc/cni/net.d - - name: cni-bin - hostPath: - path: /opt/cni/bin - - name: host-ns - hostPath: - path: /var/run/netns - - name: host-dbus - hostPath: - path: /var/run/dbus - - name: host-log-ovs - hostPath: - path: /var/log/openvswitch - - name: kube-ovn-log - hostPath: - path: /var/log/kube-ovn - - name: host-log-ovn - hostPath: - path: /var/log/ovn - - name: localtime - hostPath: - path: /etc/localtime - - name: local-bin - hostPath: - path: /usr/local/bin - ---- -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: kube-ovn-pinger - namespace: kube-system - annotations: - kubernetes.io/description: | - This daemon set launches the pinger daemon. -spec: - selector: - matchLabels: - app: kube-ovn-pinger - updateStrategy: - type: RollingUpdate - template: - metadata: - labels: - app: kube-ovn-pinger - component: network - type: infra - spec: - priorityClassName: system-node-critical - serviceAccountName: kube-ovn-app - hostPID: true - containers: - - name: pinger - image: "kubeovn/kube-ovn:v1.13.0" - command: - - /kube-ovn/kube-ovn-pinger - args: - - --external-address=2400:3200::1 - - --external-dns=google.com. - - --logtostderr=false - - --alsologtostderr=true - - --log_file=/var/log/kube-ovn/kube-ovn-pinger.log - - --log_file_max_size=0 - imagePullPolicy: IfNotPresent - securityContext: - runAsUser: 0 - privileged: false - env: - - name: ENABLE_SSL - value: "false" - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - volumeMounts: - - mountPath: /var/run/openvswitch - name: host-run-ovs - - mountPath: /var/run/ovn - name: host-run-ovn - - mountPath: /etc/openvswitch - name: host-config-openvswitch - - mountPath: /var/log/openvswitch - name: host-log-ovs - readOnly: true - - mountPath: /var/log/ovn - name: host-log-ovn - readOnly: true - - mountPath: /var/log/kube-ovn - name: kube-ovn-log - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /var/run/tls - name: kube-ovn-tls - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 200m - memory: 400Mi - nodeSelector: - kubernetes.io/os: "linux" - volumes: - - name: host-run-ovs - hostPath: - path: /run/openvswitch - - name: host-run-ovn - hostPath: - path: /run/ovn - - name: host-config-openvswitch - hostPath: - path: /etc/origin/openvswitch - - name: host-log-ovs - hostPath: - path: /var/log/openvswitch - - name: kube-ovn-log - hostPath: - path: /var/log/kube-ovn - - name: host-log-ovn - hostPath: - path: /var/log/ovn - - name: localtime - hostPath: - path: /etc/localtime - - name: kube-ovn-tls - secret: - optional: true - secretName: kube-ovn-tls ---- -kind: Deployment -apiVersion: apps/v1 -metadata: - name: kube-ovn-monitor - namespace: kube-system - annotations: - kubernetes.io/description: | - Metrics for OVN components: northd, nb and sb. -spec: - replicas: 1 - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - type: RollingUpdate - selector: - matchLabels: - app: kube-ovn-monitor - template: - metadata: - labels: - app: kube-ovn-monitor - component: network - type: infra - spec: - tolerations: - - effect: NoSchedule - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app: kube-ovn-monitor - topologyKey: kubernetes.io/hostname - priorityClassName: system-cluster-critical - serviceAccountName: kube-ovn-app - hostNetwork: true - containers: - - name: kube-ovn-monitor - image: "kubeovn/kube-ovn:v1.13.0" - imagePullPolicy: IfNotPresent - command: ["/kube-ovn/start-ovn-monitor.sh"] - args: - - --log_file=/var/log/kube-ovn/kube-ovn-monitor.log - - --logtostderr=false - - --alsologtostderr=true - - --log_file_max_size=0 - securityContext: - runAsUser: 0 - privileged: false - env: - - name: ENABLE_SSL - value: "false" - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_IPS - valueFrom: - fieldRef: - fieldPath: status.podIPs - - name: ENABLE_BIND_LOCAL_IP - value: "true" - resources: - requests: - cpu: 200m - memory: 200Mi - limits: - cpu: 200m - memory: 200Mi - volumeMounts: - - mountPath: /var/run/openvswitch - name: host-run-ovs - - mountPath: /var/run/ovn - name: host-run-ovn - - mountPath: /etc/openvswitch - name: host-config-openvswitch - - mountPath: /etc/ovn - name: host-config-ovn - - mountPath: /var/log/ovn - name: host-log-ovn - readOnly: true - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /var/run/tls - name: kube-ovn-tls - - mountPath: /var/log/kube-ovn - name: kube-ovn-log - readinessProbe: - exec: - command: - - cat - - /var/run/ovn/ovn-controller.pid - periodSeconds: 10 - timeoutSeconds: 45 - livenessProbe: - exec: - command: - - cat - - /var/run/ovn/ovn-controller.pid - initialDelaySeconds: 30 - periodSeconds: 10 - failureThreshold: 5 - timeoutSeconds: 45 - nodeSelector: - kubernetes.io/os: "linux" - kube-ovn/role: "master" - volumes: - - name: host-run-ovs - hostPath: - path: /run/openvswitch - - name: host-run-ovn - hostPath: - path: /run/ovn - - name: host-config-openvswitch - hostPath: - path: /etc/origin/openvswitch - - name: host-config-ovn - hostPath: - path: /etc/origin/ovn - - name: host-log-ovn - hostPath: - path: /var/log/ovn - - name: localtime - hostPath: - path: /etc/localtime - - name: kube-ovn-tls - secret: - optional: true - secretName: kube-ovn-tls - - name: kube-ovn-log - hostPath: - path: /var/log/kube-ovn ---- -kind: Service -apiVersion: v1 -metadata: - name: kube-ovn-monitor - namespace: kube-system - labels: - app: kube-ovn-monitor -spec: - ports: - - name: metrics - port: 10661 - type: ClusterIP - selector: - app: kube-ovn-monitor - sessionAffinity: None ---- -kind: Service -apiVersion: v1 -metadata: - name: kube-ovn-pinger - namespace: kube-system - labels: - app: kube-ovn-pinger -spec: - selector: - app: kube-ovn-pinger - ports: - - port: 8080 - name: metrics ---- -kind: Service -apiVersion: v1 -metadata: - name: kube-ovn-controller - namespace: kube-system - labels: - app: kube-ovn-controller -spec: - selector: - app: kube-ovn-controller - ports: - - port: 10660 - name: metrics ---- -kind: Service -apiVersion: v1 -metadata: - name: kube-ovn-cni - namespace: kube-system - labels: - app: kube-ovn-cni -spec: - selector: - app: kube-ovn-cni - ports: - - port: 10665 - name: metrics diff --git a/yamls/kube-ovn.yaml b/yamls/kube-ovn.yaml deleted file mode 100644 index 6b4c3c26f49e..000000000000 --- a/yamls/kube-ovn.yaml +++ /dev/null @@ -1,661 +0,0 @@ -kind: Deployment -apiVersion: apps/v1 -metadata: - name: kube-ovn-controller - namespace: kube-system - annotations: - kubernetes.io/description: | - kube-ovn controller -spec: - replicas: 1 - selector: - matchLabels: - app: kube-ovn-controller - strategy: - rollingUpdate: - maxSurge: 0% - maxUnavailable: 100% - type: RollingUpdate - template: - metadata: - labels: - app: kube-ovn-controller - component: network - type: infra - spec: - tolerations: - - effect: NoSchedule - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - affinity: - nodeAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: "ovn.kubernetes.io/ic-gw" - operator: NotIn - values: - - "true" - weight: 100 - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app: kube-ovn-controller - topologyKey: kubernetes.io/hostname - priorityClassName: system-cluster-critical - serviceAccountName: ovn - hostNetwork: true - containers: - - name: kube-ovn-controller - image: "kubeovn/kube-ovn:v1.12.0" - imagePullPolicy: IfNotPresent - args: - - /kube-ovn/start-controller.sh - - --default-cidr=10.16.0.0/16 - - --default-gateway=10.16.0.1 - - --default-gateway-check=true - - --default-logical-gateway=false - - --default-u2o-interconnection=false - - --default-exclude-ips= - - --node-switch-cidr=100.64.0.0/16 - - --service-cluster-ip-range=10.96.0.0/12 - - --network-type=geneve - - --default-interface-name= - - --default-exchange-link-name=false - - --default-vlan-id=100 - - --ls-dnat-mod-dl-dst=true - - --ls-ct-skip-dst-lport-ips=true - - --pod-nic-type=veth-pair - - --enable-lb=true - - --enable-np=true - - --enable-eip-snat=true - - --enable-external-vpc=true - - --logtostderr=false - - --alsologtostderr=true - - --gc-interval=360 - - --inspect-interval=20 - - --log_file=/var/log/kube-ovn/kube-ovn-controller.log - - --log_file_max_size=0 - - --enable-lb-svc=false - - --keep-vm-ip=true - - --node-local-dns-ip= - env: - - name: ENABLE_SSL - value: "false" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBE_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: OVN_DB_IPS - value: 172.17.0.2 - - name: POD_IPS - valueFrom: - fieldRef: - fieldPath: status.podIPs - - name: ENABLE_BIND_LOCAL_IP - value: "true" - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /var/log/kube-ovn - name: kube-ovn-log - # ovn-ic log directory - - mountPath: /var/log/ovn - name: ovn-log - - mountPath: /var/run/tls - name: kube-ovn-tls - readinessProbe: - exec: - command: - - /kube-ovn/kube-ovn-controller-healthcheck - periodSeconds: 3 - timeoutSeconds: 45 - livenessProbe: - exec: - command: - - /kube-ovn/kube-ovn-controller-healthcheck - initialDelaySeconds: 300 - periodSeconds: 7 - failureThreshold: 5 - timeoutSeconds: 45 - resources: - requests: - cpu: 200m - memory: 200Mi - limits: - cpu: 1000m - memory: 1Gi - nodeSelector: - kubernetes.io/os: "linux" - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: kube-ovn-log - hostPath: - path: /var/log/kube-ovn - - name: ovn-log - hostPath: - path: /var/log/ovn - - name: kube-ovn-tls - secret: - optional: true - secretName: kube-ovn-tls - ---- -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: kube-ovn-cni - namespace: kube-system - annotations: - kubernetes.io/description: | - This daemon set launches the kube-ovn cni daemon. -spec: - selector: - matchLabels: - app: kube-ovn-cni - template: - metadata: - labels: - app: kube-ovn-cni - component: network - type: infra - spec: - tolerations: - - effect: NoSchedule - operator: Exists - - effect: NoExecute - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - priorityClassName: system-node-critical - serviceAccountName: kube-ovn-cni - hostNetwork: true - hostPID: true - initContainers: - - name: install-cni - image: "kubeovn/kube-ovn:v1.12.0" - imagePullPolicy: IfNotPresent - command: ["/kube-ovn/install-cni.sh"] - securityContext: - runAsUser: 0 - privileged: true - volumeMounts: - - mountPath: /opt/cni/bin - name: cni-bin - - mountPath: /usr/local/bin - name: local-bin - containers: - - name: cni-server - image: "kubeovn/kube-ovn:v1.12.0" - imagePullPolicy: IfNotPresent - command: - - bash - - /kube-ovn/start-cniserver.sh - args: - - --enable-mirror=false - - --encap-checksum=true - - --service-cluster-ip-range=10.96.0.0/12 - - --iface= - - --dpdk-tunnel-iface=br-phy - - --network-type=geneve - - --default-interface-name= - - --cni-conf-name=01-kube-ovn.conflist - - --logtostderr=false - - --alsologtostderr=true - - --log_file=/var/log/kube-ovn/kube-ovn-cni.log - - --log_file_max_size=0 - - --enable-tproxy=false - securityContext: - runAsUser: 0 - privileged: true - env: - - name: ENABLE_SSL - value: "false" - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: MODULES - value: kube_ovn_fastpath.ko - - name: RPMS - value: openvswitch-kmod - - name: POD_IPS - valueFrom: - fieldRef: - fieldPath: status.podIPs - - name: ENABLE_BIND_LOCAL_IP - value: "true" - - name: DBUS_SYSTEM_BUS_ADDRESS - value: "unix:path=/host/var/run/dbus/system_bus_socket" - volumeMounts: - - name: host-modules - mountPath: /lib/modules - readOnly: true - - name: shared-dir - mountPath: /var/lib/kubelet/pods - - mountPath: /etc/openvswitch - name: systemid - readOnly: true - - mountPath: /etc/cni/net.d - name: cni-conf - - mountPath: /run/openvswitch - name: host-run-ovs - mountPropagation: HostToContainer - - mountPath: /run/ovn - name: host-run-ovn - - mountPath: /host/var/run/dbus - name: host-dbus - mountPropagation: HostToContainer - - mountPath: /var/run/netns - name: host-ns - mountPropagation: HostToContainer - - mountPath: /var/log/kube-ovn - name: kube-ovn-log - - mountPath: /var/log/openvswitch - name: host-log-ovs - - mountPath: /var/log/ovn - name: host-log-ovn - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /tmp - name: tmp - livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 30 - periodSeconds: 7 - successThreshold: 1 - tcpSocket: - port: 10665 - timeoutSeconds: 3 - readinessProbe: - failureThreshold: 3 - periodSeconds: 7 - successThreshold: 1 - tcpSocket: - port: 10665 - timeoutSeconds: 3 - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 1000m - memory: 1Gi - nodeSelector: - kubernetes.io/os: "linux" - volumes: - - name: host-modules - hostPath: - path: /lib/modules - - name: shared-dir - hostPath: - path: /var/lib/kubelet/pods - - name: systemid - hostPath: - path: /etc/origin/openvswitch - - name: host-run-ovs - hostPath: - path: /run/openvswitch - - name: host-run-ovn - hostPath: - path: /run/ovn - - name: cni-conf - hostPath: - path: /etc/cni/net.d - - name: cni-bin - hostPath: - path: /opt/cni/bin - - name: host-ns - hostPath: - path: /var/run/netns - - name: host-dbus - hostPath: - path: /var/run/dbus - - name: host-log-ovs - hostPath: - path: /var/log/openvswitch - - name: kube-ovn-log - hostPath: - path: /var/log/kube-ovn - - name: host-log-ovn - hostPath: - path: /var/log/ovn - - name: localtime - hostPath: - path: /etc/localtime - - name: tmp - hostPath: - path: /tmp - - name: local-bin - hostPath: - path: /usr/local/bin - ---- -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: kube-ovn-pinger - namespace: kube-system - annotations: - kubernetes.io/description: | - This daemon set launches the pinger daemon. -spec: - selector: - matchLabels: - app: kube-ovn-pinger - updateStrategy: - type: RollingUpdate - template: - metadata: - labels: - app: kube-ovn-pinger - component: network - type: infra - spec: - priorityClassName: system-node-critical - serviceAccountName: kube-ovn-app - hostPID: true - containers: - - name: pinger - image: "kubeovn/kube-ovn:v1.12.0" - command: - - /kube-ovn/kube-ovn-pinger - args: - - --external-address=1.1.1.1 - - --external-dns=alauda.cn. - - --logtostderr=false - - --alsologtostderr=true - - --log_file=/var/log/kube-ovn/kube-ovn-pinger.log - - --log_file_max_size=0 - imagePullPolicy: IfNotPresent - securityContext: - runAsUser: 0 - privileged: false - env: - - name: ENABLE_SSL - value: "false" - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - volumeMounts: - - mountPath: /var/run/openvswitch - name: host-run-ovs - - mountPath: /var/run/ovn - name: host-run-ovn - - mountPath: /etc/openvswitch - name: host-config-openvswitch - - mountPath: /var/log/openvswitch - name: host-log-ovs - readOnly: true - - mountPath: /var/log/ovn - name: host-log-ovn - readOnly: true - - mountPath: /var/log/kube-ovn - name: kube-ovn-log - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /var/run/tls - name: kube-ovn-tls - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 200m - memory: 400Mi - nodeSelector: - kubernetes.io/os: "linux" - volumes: - - name: host-run-ovs - hostPath: - path: /run/openvswitch - - name: host-run-ovn - hostPath: - path: /run/ovn - - name: host-config-openvswitch - hostPath: - path: /etc/origin/openvswitch - - name: host-log-ovs - hostPath: - path: /var/log/openvswitch - - name: kube-ovn-log - hostPath: - path: /var/log/kube-ovn - - name: host-log-ovn - hostPath: - path: /var/log/ovn - - name: localtime - hostPath: - path: /etc/localtime - - name: kube-ovn-tls - secret: - optional: true - secretName: kube-ovn-tls ---- -kind: Deployment -apiVersion: apps/v1 -metadata: - name: kube-ovn-monitor - namespace: kube-system - annotations: - kubernetes.io/description: | - Metrics for OVN components: northd, nb and sb. -spec: - replicas: 1 - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - type: RollingUpdate - selector: - matchLabels: - app: kube-ovn-monitor - template: - metadata: - labels: - app: kube-ovn-monitor - component: network - type: infra - spec: - tolerations: - - effect: NoSchedule - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app: kube-ovn-monitor - topologyKey: kubernetes.io/hostname - priorityClassName: system-cluster-critical - serviceAccountName: kube-ovn-app - hostNetwork: true - containers: - - name: kube-ovn-monitor - image: "kubeovn/kube-ovn:v1.12.0" - imagePullPolicy: IfNotPresent - command: ["/kube-ovn/start-ovn-monitor.sh"] - args: - - --log_file=/var/log/kube-ovn/kube-ovn-monitor.log - - --logtostderr=false - - --alsologtostderr=true - - --log_file_max_size=0 - securityContext: - runAsUser: 0 - privileged: false - env: - - name: ENABLE_SSL - value: "false" - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_IPS - valueFrom: - fieldRef: - fieldPath: status.podIPs - - name: ENABLE_BIND_LOCAL_IP - value: "true" - resources: - requests: - cpu: 200m - memory: 200Mi - limits: - cpu: 200m - memory: 200Mi - volumeMounts: - - mountPath: /var/run/openvswitch - name: host-run-ovs - - mountPath: /var/run/ovn - name: host-run-ovn - - mountPath: /etc/openvswitch - name: host-config-openvswitch - - mountPath: /etc/ovn - name: host-config-ovn - - mountPath: /var/log/ovn - name: host-log-ovn - readOnly: true - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /var/run/tls - name: kube-ovn-tls - - mountPath: /var/log/kube-ovn - name: kube-ovn-log - readinessProbe: - exec: - command: - - cat - - /var/run/ovn/ovn-controller.pid - periodSeconds: 10 - timeoutSeconds: 45 - livenessProbe: - exec: - command: - - cat - - /var/run/ovn/ovn-controller.pid - initialDelaySeconds: 30 - periodSeconds: 10 - failureThreshold: 5 - timeoutSeconds: 45 - nodeSelector: - kubernetes.io/os: "linux" - kube-ovn/role: "master" - volumes: - - name: host-run-ovs - hostPath: - path: /run/openvswitch - - name: host-run-ovn - hostPath: - path: /run/ovn - - name: host-config-openvswitch - hostPath: - path: /etc/origin/openvswitch - - name: host-config-ovn - hostPath: - path: /etc/origin/ovn - - name: host-log-ovn - hostPath: - path: /var/log/ovn - - name: localtime - hostPath: - path: /etc/localtime - - name: kube-ovn-tls - secret: - optional: true - secretName: kube-ovn-tls - - name: kube-ovn-log - hostPath: - path: /var/log/kube-ovn ---- -kind: Service -apiVersion: v1 -metadata: - name: kube-ovn-monitor - namespace: kube-system - labels: - app: kube-ovn-monitor -spec: - ports: - - name: metrics - port: 10661 - type: ClusterIP - selector: - app: kube-ovn-monitor - sessionAffinity: None ---- -kind: Service -apiVersion: v1 -metadata: - name: kube-ovn-pinger - namespace: kube-system - labels: - app: kube-ovn-pinger -spec: - selector: - app: kube-ovn-pinger - ports: - - port: 8080 - name: metrics ---- -kind: Service -apiVersion: v1 -metadata: - name: kube-ovn-controller - namespace: kube-system - labels: - app: kube-ovn-controller -spec: - selector: - app: kube-ovn-controller - ports: - - port: 10660 - name: metrics ---- -kind: Service -apiVersion: v1 -metadata: - name: kube-ovn-cni - namespace: kube-system - labels: - app: kube-ovn-cni -spec: - selector: - app: kube-ovn-cni - ports: - - port: 10665 - name: metrics diff --git a/yamls/ovn-dpdk.yaml b/yamls/ovn-dpdk.yaml deleted file mode 100644 index 4622fd2690c4..000000000000 --- a/yamls/ovn-dpdk.yaml +++ /dev/null @@ -1,453 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: ovn - namespace: kube-system - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - rbac.authorization.k8s.io/system-only: "true" - name: system:ovn -rules: - - apiGroups: - - "kubeovn.io" - resources: - - vpcs - - vpcs/status - - vpc-nat-gateways - - vpc-nat-gateways/status - - subnets - - subnets/status - - ips - - vips - - vips/status - - vlans - - vlans/status - - provider-networks - - provider-networks/status - - security-groups - - security-groups/status - - iptables-eips - - iptables-fip-rules - - iptables-dnat-rules - - iptables-snat-rules - - iptables-eips/status - - iptables-fip-rules/status - - iptables-dnat-rules/status - - iptables-snat-rules/status - - switch-lb-rules - - switch-lb-rules/status - - vpc-dnses - - vpc-dnses/status - - qos-policies - - qos-policies/status - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - pods/exec - - namespaces - - nodes - - configmaps - verbs: - - create - - get - - list - - watch - - patch - - update - - apiGroups: - - "" - - networking.k8s.io - - apps - - extensions - resources: - - networkpolicies - - services - - services/status - - endpoints - - statefulsets - - daemonsets - - deployments - - deployments/scale - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - update - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - "*" - - apiGroups: - - "k8s.cni.cncf.io" - resources: - - network-attachment-definitions - verbs: - - create - - delete - - get - - list - - update - - apiGroups: - - "kubevirt.io" - resources: - - virtualmachines - - virtualmachineinstances - verbs: - - get - - list ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: ovn -roleRef: - name: system:ovn - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: ovn - namespace: kube-system - ---- -kind: Service -apiVersion: v1 -metadata: - name: ovn-nb - namespace: kube-system -spec: - ports: - - name: ovn-nb - protocol: TCP - port: 6641 - targetPort: 6641 - type: ClusterIP - selector: - app: ovn-central - ovn-nb-leader: "true" - sessionAffinity: None ---- -kind: Service -apiVersion: v1 -metadata: - name: ovn-sb - namespace: kube-system -spec: - ports: - - name: ovn-sb - protocol: TCP - port: 6642 - targetPort: 6642 - type: ClusterIP - selector: - app: ovn-central - ovn-sb-leader: "true" - sessionAffinity: None ---- -kind: Deployment -apiVersion: apps/v1 -metadata: - name: ovn-central - namespace: kube-system - annotations: - kubernetes.io/description: | - OVN components: northd, nb and sb. -spec: - replicas: 1 - strategy: - rollingUpdate: - maxSurge: 0 - maxUnavailable: 1 - type: RollingUpdate - selector: - matchLabels: - app: ovn-central - template: - metadata: - labels: - app: ovn-central - component: network - type: infra - spec: - tolerations: - - effect: NoSchedule - operator: Exists - - effect: NoExecute - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app: ovn-central - topologyKey: kubernetes.io/hostname - priorityClassName: system-cluster-critical - serviceAccountName: ovn - hostNetwork: true - containers: - - name: ovn-central - image: "kubeovn/kube-ovn:v1.13.0" - imagePullPolicy: IfNotPresent - command: - - /kube-ovn/start-db.sh - securityContext: - capabilities: - add: ["SYS_NICE"] - env: - - name: ENABLE_SSL - value: "false" - - name: NODE_IPS - value: $addresses - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_IPS - valueFrom: - fieldRef: - fieldPath: status.podIPs - - name: PROBE_INTERVAL - value: "180000" - - name: OVN_LEADER_PROBE_INTERVAL - value: "5" - - name: OVN_NORTHD_N_THREADS - value: "1" - - name: ENABLE_COMPACT - value: "false" - resources: - requests: - cpu: 500m - memory: 300Mi - volumeMounts: - - mountPath: /var/run/openvswitch - name: host-run-ovs - - mountPath: /var/run/ovn - name: host-run-ovn - - mountPath: /sys - name: host-sys - readOnly: true - - mountPath: /etc/openvswitch - name: host-config-openvswitch - - mountPath: /etc/ovn - name: host-config-ovn - - mountPath: /var/log/openvswitch - name: host-log-ovs - - mountPath: /var/log/ovn - name: host-log-ovn - - mountPath: /var/run/tls - name: kube-ovn-tls - readinessProbe: - exec: - command: - - bash - - /kube-ovn/ovn-is-leader.sh - periodSeconds: 3 - timeoutSeconds: 45 - livenessProbe: - exec: - command: - - bash - - /kube-ovn/ovn-healthcheck.sh - initialDelaySeconds: 30 - periodSeconds: 7 - failureThreshold: 5 - timeoutSeconds: 45 - nodeSelector: - kubernetes.io/os: "linux" - kube-ovn/role: "master" - volumes: - - name: host-run-ovs - hostPath: - path: /run/openvswitch - - name: host-run-ovn - hostPath: - path: /run/ovn - - name: host-sys - hostPath: - path: /sys - - name: host-config-openvswitch - hostPath: - path: /etc/origin/openvswitch - - name: host-config-ovn - hostPath: - path: /etc/origin/ovn - - name: host-log-ovs - hostPath: - path: /var/log/openvswitch - - name: host-log-ovn - hostPath: - path: /var/log/ovn - - name: kube-ovn-tls - secret: - optional: true - secretName: kube-ovn-tls ---- -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: ovs-ovn - namespace: kube-system - annotations: - kubernetes.io/description: | - This daemon set launches the openvswitch daemon. -spec: - selector: - matchLabels: - app: ovs-dpdk - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - template: - metadata: - labels: - app: ovs-dpdk - component: network - type: infra - spec: - tolerations: - - effect: NoSchedule - operator: Exists - - effect: NoExecute - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - priorityClassName: system-cluster-critical - serviceAccountName: ovn - hostNetwork: true - hostPID: true - containers: - - name: openvswitch - image: "kubeovn/kube-ovn-dpdk:$DPDK_VERSION" - imagePullPolicy: IfNotPresent - command: ["/kube-ovn/start-ovs-dpdk.sh"] - securityContext: - runAsUser: 0 - privileged: true - env: - - name: NODE_IPS - value: $addresses - - name: ENABLE_SSL - value: "false" - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HW_OFFLOAD - value: "false" - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: OVN_REMOTE_PROBE_INTERVAL - value: "{{ .Values.networking.OVN_REMOTE_PROBE_INTERVAL }}" - - name: OVN_REMOTE_OPENFLOW_INTERVAL - value: "{{ .Values.networking.OVN_REMOTE_OPENFLOW_INTERVAL }}" - volumeMounts: - - mountPath: /lib/modules - name: host-modules - readOnly: true - - mountPath: /var/run/openvswitch - name: host-run-ovs - - mountPath: /var/run/ovn - name: host-run-ovn - - mountPath: /sys - name: host-sys - readOnly: true - - mountPath: /etc/openvswitch - name: host-config-openvswitch - - mountPath: /etc/ovn - name: host-config-ovn - - mountPath: /var/log/openvswitch - name: host-log-ovs - - mountPath: /var/log/ovn - name: host-log-ovn - - mountPath: /opt/ovs-config - name: host-config-ovs - - mountPath: /dev/hugepages - name: hugepage - readinessProbe: - exec: - command: - - bash - - /kube-ovn/ovs-dpdk-healthcheck.sh - periodSeconds: 5 - timeoutSeconds: 45 - livenessProbe: - exec: - command: - - bash - - /kube-ovn/ovs-dpdk-healthcheck.sh - initialDelaySeconds: 60 - periodSeconds: 5 - failureThreshold: 5 - timeoutSeconds: 45 - resources: - requests: - cpu: 500m - memory: 2Gi - limits: - cpu: 1000m - memory: 2Gi - hugepages-1Gi: 1Gi - nodeSelector: - kubernetes.io/os: "linux" - volumes: - - name: host-modules - hostPath: - path: /lib/modules - - name: host-run-ovs - hostPath: - path: /run/openvswitch - - name: host-run-ovn - hostPath: - path: /run/ovn - - name: host-sys - hostPath: - path: /sys - - name: host-config-openvswitch - hostPath: - path: /etc/origin/openvswitch - - name: host-config-ovn - hostPath: - path: /etc/origin/ovn - - name: host-log-ovs - hostPath: - path: /var/log/openvswitch - - name: host-log-ovn - hostPath: - path: /var/log/ovn - - name: host-config-ovs - hostPath: - path: /opt/ovs-config - type: DirectoryOrCreate - - name: hugepage - emptyDir: - medium: HugePages diff --git a/yamls/ovn-ha.yaml b/yamls/ovn-ha.yaml deleted file mode 100644 index 7e15303c8a68..000000000000 --- a/yamls/ovn-ha.yaml +++ /dev/null @@ -1,364 +0,0 @@ -kind: Service -apiVersion: v1 -metadata: - name: ovn-nb - namespace: kube-system -spec: - ports: - - name: ovn-nb - protocol: TCP - port: 6641 - targetPort: 6641 - type: ClusterIP - selector: - app: ovn-central - ovn-nb-leader: "true" - sessionAffinity: None ---- -kind: Service -apiVersion: v1 -metadata: - name: ovn-sb - namespace: kube-system -spec: - ports: - - name: ovn-sb - protocol: TCP - port: 6642 - targetPort: 6642 - type: ClusterIP - selector: - app: ovn-central - ovn-sb-leader: "true" - sessionAffinity: None ---- -kind: Service -apiVersion: v1 -metadata: - name: ovn-northd - namespace: kube-system -spec: - ports: - - name: ovn-northd - protocol: TCP - port: 6643 - targetPort: 6643 - type: ClusterIP - selector: - app: ovn-central - ovn-northd-leader: "true" - sessionAffinity: None ---- -kind: Deployment -apiVersion: apps/v1 -metadata: - name: ovn-central - namespace: kube-system - annotations: - kubernetes.io/description: | - OVN components: northd, nb and sb. -spec: - replicas: 3 - strategy: - rollingUpdate: - maxSurge: 0 - maxUnavailable: 1 - type: RollingUpdate - selector: - matchLabels: - app: ovn-central - template: - metadata: - labels: - app: ovn-central - component: network - type: infra - spec: - tolerations: - - effect: NoSchedule - operator: Exists - - effect: NoExecute - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app: ovn-central - topologyKey: kubernetes.io/hostname - priorityClassName: system-cluster-critical - serviceAccountName: ovn-ovs - hostNetwork: true - containers: - - name: ovn-central - image: "kubeovn/kube-ovn:v1.13.0" - imagePullPolicy: IfNotPresent - command: - - /kube-ovn/start-db.sh - securityContext: - capabilities: - add: ["SYS_NICE"] - env: - - name: NODE_IPS - value: 172.17.0.2,172.17.0.3,172.17.0.4 - - name: ENABLE_SSL - value: "false" - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_IPS - valueFrom: - fieldRef: - fieldPath: status.podIPs - - name: ENABLE_BIND_LOCAL_IP - value: "true" - - name: PROBE_INTERVAL - value: "180000" - - name: OVN_LEADER_PROBE_INTERVAL - value: "5" - - name: OVN_NORTHD_N_THREADS - value: "1" - - name: ENABLE_COMPACT - value: "false" - resources: - requests: - cpu: 300m - memory: 200Mi - limits: - cpu: 3 - memory: 4Gi - volumeMounts: - - mountPath: /var/run/openvswitch - name: host-run-ovs - - mountPath: /var/run/ovn - name: host-run-ovn - - mountPath: /etc/openvswitch - name: host-config-openvswitch - - mountPath: /etc/ovn - name: host-config-ovn - - mountPath: /var/log/openvswitch - name: host-log-ovs - - mountPath: /var/log/ovn - name: host-log-ovn - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /var/run/tls - name: kube-ovn-tls - readinessProbe: - exec: - command: - - bash - - /kube-ovn/ovn-healthcheck.sh - periodSeconds: 15 - timeoutSeconds: 45 - livenessProbe: - exec: - command: - - bash - - /kube-ovn/ovn-healthcheck.sh - initialDelaySeconds: 30 - periodSeconds: 15 - failureThreshold: 5 - timeoutSeconds: 45 - nodeSelector: - kubernetes.io/os: "linux" - kube-ovn/role: "master" - volumes: - - name: host-run-ovs - hostPath: - path: /run/openvswitch - - name: host-run-ovn - hostPath: - path: /run/ovn - - name: host-config-openvswitch - hostPath: - path: /etc/origin/openvswitch - - name: host-config-ovn - hostPath: - path: /etc/origin/ovn - - name: host-log-ovs - hostPath: - path: /var/log/openvswitch - - name: host-log-ovn - hostPath: - path: /var/log/ovn - - name: localtime - hostPath: - path: /etc/localtime - - name: kube-ovn-tls - secret: - optional: true - secretName: kube-ovn-tls ---- -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: ovs-ovn - namespace: kube-system - annotations: - kubernetes.io/description: | - This daemon set launches the openvswitch daemon. -spec: - selector: - matchLabels: - app: ovs - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - template: - metadata: - labels: - app: ovs - component: network - type: infra - spec: - tolerations: - - effect: NoSchedule - operator: Exists - - effect: NoExecute - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - priorityClassName: system-node-critical - serviceAccountName: ovn-ovs - hostNetwork: true - hostPID: true - containers: - - name: openvswitch - image: "kubeovn/kube-ovn:v1.13.0" - imagePullPolicy: IfNotPresent - command: - - /kube-ovn/start-ovs.sh - securityContext: - runAsUser: 0 - privileged: true - env: - - name: ENABLE_SSL - value: "false" - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: HW_OFFLOAD - value: "false" - - name: TUNNEL_TYPE - value: "geneve" - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: OVN_REMOTE_PROBE_INTERVAL - value: "10000" - - name: OVN_REMOTE_OPENFLOW_INTERVAL - value: "180" - volumeMounts: - - mountPath: /var/run/netns - name: host-ns - mountPropagation: HostToContainer - - mountPath: /lib/modules - name: host-modules - readOnly: true - - mountPath: /var/run/openvswitch - name: host-run-ovs - - mountPath: /var/run/ovn - name: host-run-ovn - - mountPath: /etc/openvswitch - name: host-config-openvswitch - - mountPath: /etc/ovn - name: host-config-ovn - - mountPath: /var/log/openvswitch - name: host-log-ovs - - mountPath: /var/log/ovn - name: host-log-ovn - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /var/run/tls - name: kube-ovn-tls - - mountPath: /var/run/containerd - name: cruntime - readOnly: true - readinessProbe: - exec: - command: - - bash - - -c - - LOG_ROTATE=true /kube-ovn/ovs-healthcheck.sh - initialDelaySeconds: 10 - periodSeconds: 5 - timeoutSeconds: 45 - livenessProbe: - exec: - command: - - bash - - /kube-ovn/ovs-healthcheck.sh - initialDelaySeconds: 60 - periodSeconds: 5 - failureThreshold: 5 - timeoutSeconds: 45 - resources: - requests: - cpu: 200m - memory: 200Mi - limits: - cpu: 1000m - memory: 1000Mi - nodeSelector: - kubernetes.io/os: "linux" - volumes: - - name: host-modules - hostPath: - path: /lib/modules - - name: host-run-ovs - hostPath: - path: /run/openvswitch - - name: host-run-ovn - hostPath: - path: /run/ovn - - name: host-ns - hostPath: - path: /var/run/netns - - name: host-config-openvswitch - hostPath: - path: /etc/origin/openvswitch - - name: host-config-ovn - hostPath: - path: /etc/origin/ovn - - name: host-log-ovs - hostPath: - path: /var/log/openvswitch - - name: host-log-ovn - hostPath: - path: /var/log/ovn - - name: localtime - hostPath: - path: /etc/localtime - - hostPath: - path: /var/run/containerd - name: cruntime - - name: kube-ovn-tls - secret: - optional: true - secretName: kube-ovn-tls diff --git a/yamls/ovn.yaml b/yamls/ovn.yaml deleted file mode 100644 index 42fd8954b990..000000000000 --- a/yamls/ovn.yaml +++ /dev/null @@ -1,368 +0,0 @@ -kind: Service -apiVersion: v1 -metadata: - name: ovn-nb - namespace: kube-system -spec: - ports: - - name: ovn-nb - protocol: TCP - port: 6641 - targetPort: 6641 - type: ClusterIP - selector: - app: ovn-central - ovn-nb-leader: "true" - sessionAffinity: None ---- -kind: Service -apiVersion: v1 -metadata: - name: ovn-sb - namespace: kube-system -spec: - ports: - - name: ovn-sb - protocol: TCP - port: 6642 - targetPort: 6642 - type: ClusterIP - selector: - app: ovn-central - ovn-sb-leader: "true" - sessionAffinity: None ---- -kind: Service -apiVersion: v1 -metadata: - name: ovn-northd - namespace: kube-system -spec: - ports: - - name: ovn-northd - protocol: TCP - port: 6643 - targetPort: 6643 - type: ClusterIP - selector: - app: ovn-central - ovn-northd-leader: "true" - sessionAffinity: None ---- -kind: Deployment -apiVersion: apps/v1 -metadata: - name: ovn-central - namespace: kube-system - annotations: - kubernetes.io/description: | - OVN components: northd, nb and sb. -spec: - replicas: 1 - strategy: - rollingUpdate: - maxSurge: 0 - maxUnavailable: 1 - type: RollingUpdate - selector: - matchLabels: - app: ovn-central - template: - metadata: - labels: - app: ovn-central - component: network - type: infra - spec: - tolerations: - - effect: NoSchedule - operator: Exists - - effect: NoExecute - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app: ovn-central - topologyKey: kubernetes.io/hostname - priorityClassName: system-cluster-critical - serviceAccountName: ovn-ovs - hostNetwork: true - containers: - - name: ovn-central - image: "kubeovn/kube-ovn:v1.12.0" - imagePullPolicy: IfNotPresent - command: ["/kube-ovn/start-db.sh"] - securityContext: - capabilities: - add: ["SYS_NICE"] - env: - - name: ENABLE_SSL - value: "false" - - name: NODE_IPS - value: 172.17.0.2 - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_IPS - valueFrom: - fieldRef: - fieldPath: status.podIPs - - name: ENABLE_BIND_LOCAL_IP - value: "true" - resources: - requests: - cpu: 300m - memory: 200Mi - limits: - cpu: 3 - memory: 4Gi - volumeMounts: - - mountPath: /var/run/openvswitch - name: host-run-ovs - - mountPath: /var/run/ovn - name: host-run-ovn - - mountPath: /sys - name: host-sys - readOnly: true - - mountPath: /etc/openvswitch - name: host-config-openvswitch - - mountPath: /etc/ovn - name: host-config-ovn - - mountPath: /var/log/openvswitch - name: host-log-ovs - - mountPath: /var/log/ovn - name: host-log-ovn - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /var/run/tls - name: kube-ovn-tls - readinessProbe: - exec: - command: - - bash - - /kube-ovn/ovn-healthcheck.sh - periodSeconds: 15 - timeoutSeconds: 45 - livenessProbe: - exec: - command: - - bash - - /kube-ovn/ovn-healthcheck.sh - initialDelaySeconds: 30 - periodSeconds: 15 - failureThreshold: 5 - timeoutSeconds: 45 - nodeSelector: - kubernetes.io/os: "linux" - kube-ovn/role: "master" - volumes: - - name: host-run-ovs - hostPath: - path: /run/openvswitch - - name: host-run-ovn - hostPath: - path: /run/ovn - - name: host-sys - hostPath: - path: /sys - - name: host-config-openvswitch - hostPath: - path: /etc/origin/openvswitch - - name: host-config-ovn - hostPath: - path: /etc/origin/ovn - - name: host-log-ovs - hostPath: - path: /var/log/openvswitch - - name: host-log-ovn - hostPath: - path: /var/log/ovn - - name: localtime - hostPath: - path: /etc/localtime - - name: kube-ovn-tls - secret: - optional: true - secretName: kube-ovn-tls ---- -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: ovs-ovn - namespace: kube-system - annotations: - kubernetes.io/description: | - This daemon set launches the openvswitch daemon. -spec: - selector: - matchLabels: - app: ovs - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - template: - metadata: - labels: - app: ovs - component: network - type: infra - spec: - tolerations: - - effect: NoSchedule - operator: Exists - - effect: NoExecute - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - priorityClassName: system-node-critical - serviceAccountName: ovn-ovs - hostNetwork: true - hostPID: true - containers: - - name: openvswitch - image: "kubeovn/kube-ovn:v1.12.0" - imagePullPolicy: IfNotPresent - command: ["/kube-ovn/start-ovs.sh"] - securityContext: - runAsUser: 0 - privileged: false - capabilities: - add: - - NET_ADMIN - - NET_BIND_SERVICE - - SYS_MODULE - - SYS_NICE - env: - - name: ENABLE_SSL - value: "false" - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: HW_OFFLOAD - value: "false" - - name: TUNNEL_TYPE - value: "geneve" - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - volumeMounts: - - mountPath: /var/run/netns - name: host-ns - mountPropagation: HostToContainer - - mountPath: /lib/modules - name: host-modules - readOnly: true - - mountPath: /var/run/openvswitch - name: host-run-ovs - - mountPath: /var/run/ovn - name: host-run-ovn - - mountPath: /sys - name: host-sys - readOnly: true - - mountPath: /etc/openvswitch - name: host-config-openvswitch - - mountPath: /etc/ovn - name: host-config-ovn - - mountPath: /var/log/openvswitch - name: host-log-ovs - - mountPath: /var/log/ovn - name: host-log-ovn - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /var/run/tls - name: kube-ovn-tls - - mountPath: /var/run/containerd - name: cruntime - readOnly: true - readinessProbe: - exec: - command: - - bash - - -c - - LOG_ROTATE=true /kube-ovn/ovs-healthcheck.sh - initialDelaySeconds: 10 - periodSeconds: 5 - timeoutSeconds: 45 - livenessProbe: - exec: - command: - - bash - - /kube-ovn/ovs-healthcheck.sh - initialDelaySeconds: 60 - periodSeconds: 5 - failureThreshold: 5 - timeoutSeconds: 45 - resources: - requests: - cpu: 200m - memory: 200Mi - limits: - cpu: 1000m - memory: 1000Mi - nodeSelector: - kubernetes.io/os: "linux" - volumes: - - name: host-modules - hostPath: - path: /lib/modules - - name: host-run-ovs - hostPath: - path: /run/openvswitch - - name: host-run-ovn - hostPath: - path: /run/ovn - - name: host-sys - hostPath: - path: /sys - - name: host-ns - hostPath: - path: /var/run/netns - - name: host-config-openvswitch - hostPath: - path: /etc/origin/openvswitch - - name: host-config-ovn - hostPath: - path: /etc/origin/ovn - - name: host-log-ovs - hostPath: - path: /var/log/openvswitch - - name: host-log-ovn - hostPath: - path: /var/log/ovn - - name: localtime - hostPath: - path: /etc/localtime - - hostPath: - path: /var/run/containerd - name: cruntime - - name: kube-ovn-tls - secret: - optional: true - secretName: kube-ovn-tls diff --git a/yamls/rh-mod-job.yaml b/yamls/rh-mod-job.yaml deleted file mode 100644 index a5bbaa73b309..000000000000 --- a/yamls/rh-mod-job.yaml +++ /dev/null @@ -1,113 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: centos7-ACTION -spec: - ttlSecondsAfterFinished: 300 - parallelism: NODENUMBER - completions: NODENUMBER - template: - metadata: - name: centos7-ACTION - labels: - app: centos7-ACTION - component: job - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - centos7-ACTION - - key: component - operator: In - values: - - job - containers: - - name: centos7-module - image: kubeovn/centos7-compile:v1.13.0 - imagePullPolicy: IfNotPresent - command: - - /fastpath/entrypoint.sh - volumeMounts: - - name: configmap-volume - mountPath: /fastpath/entrypoint.sh - readOnly: true - subPath: entrypoint.sh - - mountPath: /lib/modules/ - name: modules - - mountPath: /usr/src - name: srcs - - mountPath: /tmp - name: tmp - securityContext: - privileged: true - volumes: - - name: configmap-volume - configMap: - defaultMode: 0700 - name: ACTION - - name: modules - hostPath: - path: /lib/modules/ - - name: srcs - hostPath: - path: /usr/src - - name: tmp - hostPath: - path: /tmp - restartPolicy: Never - backoffLimit: 0 - ---- - -apiVersion: v1 -kind: ConfigMap -metadata: - name: install-module -data: - entrypoint.sh: |- - #!/bin/bash - yum install -y kernel-devel-$(uname -r) - make all - make install - ---- - -apiVersion: v1 -kind: ConfigMap -metadata: - name: install-local-module -data: - entrypoint.sh: |- - #!/bin/bash - yum localinstall -y /tmp/KERNEL_HEADER - make all - make install - ---- - -apiVersion: v1 -kind: ConfigMap -metadata: - name: install-module-without-header -data: - entrypoint.sh: |- - #!/bin/bash - make all - make install - ---- - -apiVersion: v1 -kind: ConfigMap -metadata: - name: remove-module -data: - entrypoint.sh: |- - #!/bin/bash - make uninstall diff --git a/yamls/sa.yaml b/yamls/sa.yaml deleted file mode 100644 index ec95b5009266..000000000000 --- a/yamls/sa.yaml +++ /dev/null @@ -1,338 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: ovn-ovs - namespace: kube-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - rbac.authorization.k8s.io/system-only: "true" - name: system:ovn-ovs -rules: - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - patch - - apiGroups: - - "" - resources: - - services - - endpoints - verbs: - - get - - apiGroups: - - apps - resources: - - controllerrevisions - verbs: - - get - - list ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: ovn-ovs -roleRef: - name: system:ovn-ovs - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: ovn-ovs - namespace: kube-system - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: ovn - namespace: kube-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - rbac.authorization.k8s.io/system-only: "true" - name: system:ovn -rules: - - apiGroups: - - "kubeovn.io" - resources: - - vpcs - - vpcs/status - - vpc-nat-gateways - - vpc-nat-gateways/status - - subnets - - subnets/status - - ippools - - ippools/status - - ips - - vips - - vips/status - - vlans - - vlans/status - - provider-networks - - provider-networks/status - - security-groups - - security-groups/status - - iptables-eips - - iptables-fip-rules - - iptables-dnat-rules - - iptables-snat-rules - - iptables-eips/status - - iptables-fip-rules/status - - iptables-dnat-rules/status - - iptables-snat-rules/status - - ovn-eips - - ovn-fips - - ovn-snat-rules - - ovn-eips/status - - ovn-fips/status - - ovn-snat-rules/status - - ovn-dnat-rules - - ovn-dnat-rules/status - - switch-lb-rules - - switch-lb-rules/status - - vpc-dnses - - vpc-dnses/status - - qos-policies - - qos-policies/status - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - namespaces - verbs: - - get - - list - - patch - - watch - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - pods/exec - verbs: - - create - - apiGroups: - - "k8s.cni.cncf.io" - resources: - - network-attachment-definitions - verbs: - - get - - apiGroups: - - "" - - networking.k8s.io - resources: - - networkpolicies - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - daemonsets - verbs: - - get - - apiGroups: - - "" - resources: - - services - - services/status - verbs: - - get - - list - - update - - create - - delete - - watch - - apiGroups: - - "" - resources: - - endpoints - verbs: - - create - - update - - get - - list - - watch - - apiGroups: - - apps - resources: - - statefulsets - - deployments - - deployments/scale - verbs: - - get - - list - - create - - delete - - update - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - update - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - "*" - - apiGroups: - - "kubevirt.io" - resources: - - virtualmachines - - virtualmachineinstances - verbs: - - get - - list ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: ovn -roleRef: - name: system:ovn - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: ovn - namespace: kube-system - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kube-ovn-cni - namespace: kube-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - rbac.authorization.k8s.io/system-only: "true" - name: system:kube-ovn-cni -rules: - - apiGroups: - - "kubeovn.io" - resources: - - subnets - - provider-networks - verbs: - - get - - list - - watch - - apiGroups: - - "" - - "kubeovn.io" - resources: - - ovn-eips - - ovn-eips/status - - nodes - - pods - verbs: - - get - - list - - patch - - watch - - apiGroups: - - "kubeovn.io" - resources: - - ips - verbs: - - get - - update - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - update - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kube-ovn-cni -roleRef: - name: system:kube-ovn-cni - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: kube-ovn-cni - namespace: kube-system - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kube-ovn-app - namespace: kube-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - rbac.authorization.k8s.io/system-only: "true" - name: system:kube-ovn-app -rules: - - apiGroups: - - "" - resources: - - pods - - nodes - verbs: - - get - - list - - apiGroups: - - apps - resources: - - daemonsets - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kube-ovn-app -roleRef: - name: system:kube-ovn-app - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: kube-ovn-app - namespace: kube-system From 85e28bc1e6e2b40de5b5aff6df951f4111783cc0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=A5=96=E5=BB=BA?= Date: Wed, 15 May 2024 12:44:40 +0800 Subject: [PATCH 17/57] bump gosec to 2.20.0 (#4021) Signed-off-by: zhangzujian --- .github/workflows/build-windows.yaml | 2 +- .github/workflows/build-x86-image.yaml | 2 +- Makefile | 8 ++++---- cmd/cmdmain.go | 2 -- cmd/daemon/cniserver.go | 5 ++--- pkg/controller/vpc_dns.go | 3 ++- pkg/daemon/config.go | 2 ++ pkg/daemon/handler_linux.go | 2 +- pkg/daemon/ovs_linux.go | 7 ++++--- pkg/ovn_ic_controller/ovn_ic_controller.go | 2 ++ pkg/ovn_leader_checker/ovn.go | 16 +++++++++------- pkg/ovnmonitor/util.go | 8 ++++---- pkg/ovsdb/client/client.go | 3 +-- pkg/pinger/ovn.go | 4 ++-- pkg/pinger/util.go | 4 ++-- pkg/util/arp.go | 4 ++-- 16 files changed, 39 insertions(+), 35 deletions(-) diff --git a/.github/workflows/build-windows.yaml b/.github/workflows/build-windows.yaml index de80cf7f7c64..7a78ac508679 100644 --- a/.github/workflows/build-windows.yaml +++ b/.github/workflows/build-windows.yaml @@ -23,7 +23,7 @@ concurrency: env: GO_VERSION: '' - GOSEC_VERSION: '2.19.0' + GOSEC_VERSION: '2.20.0' jobs: filter: diff --git a/.github/workflows/build-x86-image.yaml b/.github/workflows/build-x86-image.yaml index 1444a1052892..e6ecd086a91f 100644 --- a/.github/workflows/build-x86-image.yaml +++ b/.github/workflows/build-x86-image.yaml @@ -23,7 +23,7 @@ concurrency: env: GO_VERSION: '' KIND_VERSION: v0.23.0 - GOSEC_VERSION: '2.19.0' + GOSEC_VERSION: '2.20.0' HELM_VERSION: v3.14.4 SUBMARINER_VERSION: '0.17.1' diff --git a/Makefile b/Makefile index fede3488a77a..345e223429c6 100644 --- a/Makefile +++ b/Makefile @@ -978,7 +978,7 @@ lint: echo "Code differs from gofmt's style" 1>&2 && exit 1; \ fi @GOOS=linux go vet ./... - @GOOS=linux gosec -exclude=G204,G306,G402,G404,G601,G301 -exclude-dir=test -exclude-dir=pkg/client ./... + @GOOS=linux gosec -exclude-dir=test -exclude-dir=pkg/client ./... .PHONY: gofumpt gofumpt: @@ -987,9 +987,9 @@ gofumpt: .PHONY: lint-windows lint-windows: @GOOS=windows go vet ./cmd/windows/... - @GOOS=windows gosec -exclude=G204,G601,G301 ./pkg/util - @GOOS=windows gosec -exclude=G204,G601,G301 ./pkg/request - @GOOS=windows gosec -exclude=G204,G601,G301 ./cmd/cni + @GOOS=windows gosec ./pkg/util + @GOOS=windows gosec ./pkg/request + @GOOS=windows gosec ./cmd/cni .PHONY: scan scan: diff --git a/cmd/cmdmain.go b/cmd/cmdmain.go index 61abeed97d83..a832f9a0f5fc 100644 --- a/cmd/cmdmain.go +++ b/cmd/cmdmain.go @@ -57,7 +57,6 @@ func dumpProfile() { } return } - defer f.Close() // #nosec G307 time.Sleep(30 * time.Second) pprof.StopCPUProfile() if err = f.Close(); err != nil { @@ -87,7 +86,6 @@ func dumpProfile() { klog.Errorf("failed to close file %q: %v", path, err) return } - defer f.Close() // #nosec G307 } }() } diff --git a/cmd/daemon/cniserver.go b/cmd/daemon/cniserver.go index b2b409271d63..22a1425c886d 100644 --- a/cmd/daemon/cniserver.go +++ b/cmd/daemon/cniserver.go @@ -128,15 +128,14 @@ func CmdMain() { } func mvCNIConf(configDir, configFile, confName string) error { - // #nosec - data, err := os.ReadFile(configFile) + data, err := os.ReadFile(configFile) // #nosec G304 if err != nil { klog.Errorf("failed to read cni config file %s, %v", configFile, err) return err } cniConfPath := filepath.Join(configDir, confName) - return os.WriteFile(cniConfPath, data, 0o644) + return os.WriteFile(cniConfPath, data, 0o644) // #nosec G306 } func Retry(attempts, sleep int, f func(configuration *daemon.Configuration) error, ctrl *daemon.Configuration) (err error) { diff --git a/pkg/controller/vpc_dns.go b/pkg/controller/vpc_dns.go index 63efe0ce1c3f..f56385003016 100644 --- a/pkg/controller/vpc_dns.go +++ b/pkg/controller/vpc_dns.go @@ -534,7 +534,8 @@ func (c *Controller) resyncVpcDNSConfig() { klog.V(3).Infof("use the cluster default coredns image version, %s", corednsImage) } - if err := os.WriteFile(CorednsTemplateDep, corednsTemplateContent, 0o644); err != nil { + err = os.WriteFile(CorednsTemplateDep, corednsTemplateContent, 0o644) // #nosec G306 + if err != nil { klog.Errorf("failed to wirite local coredns-template.yaml file, %v", err) return } diff --git a/pkg/daemon/config.go b/pkg/daemon/config.go index 9de9e97d92ee..96daa47cbfde 100644 --- a/pkg/daemon/config.go +++ b/pkg/daemon/config.go @@ -389,6 +389,7 @@ func (config *Configuration) initKubeClient() error { } func setEncapIP(ip string) error { + // #nosec G204 raw, err := exec.Command( "ovs-vsctl", "set", "open", ".", fmt.Sprintf("external-ids:ovn-encap-ip=%s", ip)).CombinedOutput() if err != nil { @@ -398,6 +399,7 @@ func setEncapIP(ip string) error { } func disableChecksum() error { + // #nosec G204 raw, err := exec.Command( "ovs-vsctl", "set", "open", ".", "external-ids:ovn-encap-csum=false").CombinedOutput() if err != nil { diff --git a/pkg/daemon/handler_linux.go b/pkg/daemon/handler_linux.go index f026abc116e1..dc82c1aa41cd 100644 --- a/pkg/daemon/handler_linux.go +++ b/pkg/daemon/handler_linux.go @@ -43,7 +43,7 @@ func createShortSharedDir(pod *v1.Pod, volumeName, socketConsumption, kubeletDir defer syscall.Umask(mask) if _, err = os.Stat(newSharedDir); err != nil { if os.IsNotExist(err) { - err = os.MkdirAll(newSharedDir, 0o777) + err = os.MkdirAll(newSharedDir, 0o777) // #nosec G301 if err != nil { klog.Error(err) return fmt.Errorf("createSharedDir: Failed to create dir (%s): %v", newSharedDir, err) diff --git a/pkg/daemon/ovs_linux.go b/pkg/daemon/ovs_linux.go index 8a56d2042d59..503dd6f9ac57 100644 --- a/pkg/daemon/ovs_linux.go +++ b/pkg/daemon/ovs_linux.go @@ -607,6 +607,7 @@ func (c *Controller) checkNodeGwNicInNs(nodeExtIP, ip, gw string, gwNS ns.NetNS) } for _, eip := range ovnEips { if eip.Status.Ready { + // #nosec G204 cmd := exec.Command("sh", "-c", fmt.Sprintf("bfdd-control status remote %s local %s", eip.Spec.V4Ip, nodeExtIP)) var outb bytes.Buffer cmd.Stdout = &outb @@ -615,7 +616,7 @@ func (c *Controller) checkNodeGwNicInNs(nodeExtIP, ip, gw string, gwNS ns.NetNS) klog.V(3).Info(out) if strings.Contains(out, "No session") { // not exist - cmd = exec.Command("sh", "-c", fmt.Sprintf("bfdd-control allow %s", eip.Spec.V4Ip)) + cmd = exec.Command("sh", "-c", fmt.Sprintf("bfdd-control allow %s", eip.Spec.V4Ip)) // #nosec G204 if err := cmd.Run(); err != nil { err := fmt.Errorf("failed to add lrp %s ip %s into bfd listening list, %v", eip.Name, eip.Status.V4Ip, err) klog.Error(err) @@ -822,7 +823,7 @@ func (c *Controller) loopOvnExt0Check() { gwNS, err := ns.GetNS(util.NodeGwNsPath) if err != nil { // ns not exist, create node external gw ns - cmd := exec.Command("sh", "-c", fmt.Sprintf("/usr/sbin/ip netns add %s", util.NodeGwNs)) + cmd := exec.Command("sh", "-c", fmt.Sprintf("/usr/sbin/ip netns add %s", util.NodeGwNs)) // #nosec G204 if err := cmd.Run(); err != nil { err := fmt.Errorf("failed to get create gw ns %s, %v", util.NodeGwNs, err) klog.Error(err) @@ -1670,7 +1671,7 @@ func setVfMac(deviceID string, vfIndex int, mac string) error { func turnOffNicTxChecksum(nicName string) (err error) { start := time.Now() args := []string{"-K", nicName, "tx", "off"} - output, err := exec.Command("ethtool", args...).CombinedOutput() + output, err := exec.Command("ethtool", args...).CombinedOutput() // #nosec G204 elapsed := float64((time.Since(start)) / time.Millisecond) klog.V(4).Infof("command %s %s in %vms", "ethtool", strings.Join(args, " "), elapsed) if err != nil { diff --git a/pkg/ovn_ic_controller/ovn_ic_controller.go b/pkg/ovn_ic_controller/ovn_ic_controller.go index ceaf14df70ae..4fd9a780c55d 100644 --- a/pkg/ovn_ic_controller/ovn_ic_controller.go +++ b/pkg/ovn_ic_controller/ovn_ic_controller.go @@ -403,6 +403,7 @@ func (c *Controller) acquireLrpAddress(ts string) (string, error) { } func (c *Controller) startOVNIC(icHost, icNbPort, icSbPort string) error { + // #nosec G204 cmd := exec.Command("/usr/share/ovn/scripts/ovn-ctl", fmt.Sprintf("--ovn-ic-nb-db=%s", genHostAddress(icHost, icNbPort)), fmt.Sprintf("--ovn-ic-sb-db=%s", genHostAddress(icHost, icSbPort)), @@ -410,6 +411,7 @@ func (c *Controller) startOVNIC(icHost, icNbPort, icSbPort string) error { fmt.Sprintf("--ovn-northd-sb-db=%s", c.config.OvnSbAddr), "start_ic") if os.Getenv("ENABLE_SSL") == "true" { + // #nosec G204 cmd = exec.Command("/usr/share/ovn/scripts/ovn-ctl", fmt.Sprintf("--ovn-ic-nb-db=%s", genHostAddress(icHost, icNbPort)), fmt.Sprintf("--ovn-ic-sb-db=%s", genHostAddress(icHost, icSbPort)), diff --git a/pkg/ovn_leader_checker/ovn.go b/pkg/ovn_leader_checker/ovn.go index ec7e3204cfd4..06a9aa7ee30a 100755 --- a/pkg/ovn_leader_checker/ovn.go +++ b/pkg/ovn_leader_checker/ovn.go @@ -139,7 +139,7 @@ func getCmdExitCode(cmd *exec.Cmd) int { func checkOvnIsAlive() bool { components := [...]string{"northd", "ovnnb", "ovnsb"} for _, component := range components { - cmd := exec.Command("/usr/share/ovn/scripts/ovn-ctl", fmt.Sprintf("status_%s", component)) + cmd := exec.Command("/usr/share/ovn/scripts/ovn-ctl", fmt.Sprintf("status_%s", component)) // #nosec G204 if err := getCmdExitCode(cmd); err != 0 { klog.Errorf("CheckOvnIsAlive: %s is not alive", component) return false @@ -165,7 +165,7 @@ func isDBLeader(dbName string, port int) bool { } } - output, err := exec.Command("ovsdb-client", cmd...).CombinedOutput() + output, err := exec.Command("ovsdb-client", cmd...).CombinedOutput() // #nosec G204 if err != nil { klog.Errorf("failed to execute cmd %q: err=%v, msg=%v", strings.Join(cmd, " "), err, string(output)) return false @@ -193,7 +193,7 @@ func checkNorthdActive() bool { fmt.Sprintf("/var/run/ovn/ovn-northd.%s.ctl", strings.TrimSpace(string(pid))), "status", } - output, err := exec.Command("ovs-appctl", command...).CombinedOutput() + output, err := exec.Command("ovs-appctl", command...).CombinedOutput() // #nosec G204 if err != nil { klog.Errorf("checkNorthdActive execute err %v error msg %v", err, string(output)) return false @@ -239,7 +239,7 @@ func stealLock() { } } - output, err := exec.Command("ovsdb-client", command...).CombinedOutput() + output, err := exec.Command("ovsdb-client", command...).CombinedOutput() // #nosec G204 if err != nil { klog.Errorf("stealLock err %v", err) return @@ -329,7 +329,7 @@ func compactOvnDatabase(db string) { "ovsdb-server/compact", } - output, err := exec.Command("ovn-appctl", command...).CombinedOutput() + output, err := exec.Command("ovn-appctl", command...).CombinedOutput() // #nosec G204 if err != nil { if !strings.Contains(string(output), "not storing a duplicate snapshot") { klog.Errorf("failed to compact ovn%s database: %s", db, string(output)) @@ -475,10 +475,12 @@ func updateTS() error { if err != nil { return err } + // #nosec G204 cmd := exec.Command("ovn-ic-nbctl", ovs.MayExist, "ts-add", tsName, "--", "set", "Transit_Switch", tsName, fmt.Sprintf(`external_ids:subnet="%s"`, subnet)) if os.Getenv("ENABLE_SSL") == "true" { + // #nosec G204 cmd = exec.Command("ovn-ic-nbctl", "--private-key=/var/run/tls/key", "--certificate=/var/run/tls/cert", @@ -494,9 +496,9 @@ func updateTS() error { } else { for i := existTSCount - 1; i >= expectTSCount; i-- { tsName := getTSName(i) - cmd := exec.Command("ovn-ic-nbctl", - "ts-del", tsName) + cmd := exec.Command("ovn-ic-nbctl", "ts-del", tsName) // #nosec G204 if os.Getenv("ENABLE_SSL") == "true" { + // #nosec G204 cmd = exec.Command("ovn-ic-nbctl", "--private-key=/var/run/tls/key", "--certificate=/var/run/tls/cert", diff --git a/pkg/ovnmonitor/util.go b/pkg/ovnmonitor/util.go index 391d5c6da300..1a803a5da09e 100644 --- a/pkg/ovnmonitor/util.go +++ b/pkg/ovnmonitor/util.go @@ -50,7 +50,7 @@ func (e *Exporter) getOvnStatus() map[string]int { } else { cmdstr := fmt.Sprintf("ovs-appctl -t /var/run/ovn/ovn-northd.%s.ctl status", strings.Trim(string(pid), "\n")) klog.V(3).Infof("cmd is %v", cmdstr) - cmd := exec.Command("sh", "-c", cmdstr) + cmd := exec.Command("sh", "-c", cmdstr) // #nosec G204 output, err := cmd.CombinedOutput() if err != nil { klog.Errorf("get ovn-northd status failed, err %v", err) @@ -103,7 +103,7 @@ func (e *Exporter) getOvnStatusContent() map[string]string { func getClusterEnableState(dbName string) (bool, error) { cmdstr := fmt.Sprintf("ovsdb-tool db-is-clustered %s", dbName) - cmd := exec.Command("sh", "-c", cmdstr) + cmd := exec.Command("sh", "-c", cmdstr) // #nosec G204 _, err := cmd.CombinedOutput() if err != nil { klog.Error(err) @@ -181,7 +181,7 @@ func getClusterInfo(direction, dbName string) (*OVNDBClusterStatus, error) { var err error cmdstr := fmt.Sprintf("ovs-appctl -t /var/run/ovn/ovn%s_db.ctl cluster/status %s", direction, dbName) - cmd := exec.Command("sh", "-c", cmdstr) + cmd := exec.Command("sh", "-c", cmdstr) // #nosec G204 output, err := cmd.CombinedOutput() if err != nil { return nil, fmt.Errorf("failed to retrieve cluster/status info for database %s: %v", dbName, err) @@ -319,7 +319,7 @@ func getDBStatus(dbName string) (bool, error) { cmdstr = fmt.Sprintf("ovn-appctl -t /var/run/ovn/ovnsb_db.ctl ovsdb-server/get-db-storage-status %s", dbName) } - cmd := exec.Command("sh", "-c", cmdstr) + cmd := exec.Command("sh", "-c", cmdstr) // #nosec G204 output, err := cmd.CombinedOutput() if err != nil { klog.Errorf("get ovn-northbound status failed, err %v", err) diff --git a/pkg/ovsdb/client/client.go b/pkg/ovsdb/client/client.go index 38371fa204c1..9ee2c5ef9022 100644 --- a/pkg/ovsdb/client/client.go +++ b/pkg/ovsdb/client/client.go @@ -71,11 +71,10 @@ func NewOvsDbClient(db, addr string, dbModel model.ClientDBModel, monitors []cli } certPool := x509.NewCertPool() certPool.AppendCertsFromPEM(caCert) - // #nosec tlsConfig := &tls.Config{ Certificates: []tls.Certificate{cert}, RootCAs: certPool, - InsecureSkipVerify: true, + InsecureSkipVerify: true, // #nosec G402 } options = append(options, client.WithTLSConfig(tlsConfig)) } diff --git a/pkg/pinger/ovn.go b/pkg/pinger/ovn.go index f832a2efa59a..14311a77726e 100644 --- a/pkg/pinger/ovn.go +++ b/pkg/pinger/ovn.go @@ -128,7 +128,7 @@ func checkSBBindings(config *Configuration) ([]string, error) { fmt.Sprintf("hostname=%s", config.NodeName), } } - output, err := exec.Command("ovn-sbctl", command...).CombinedOutput() + output, err := exec.Command("ovn-sbctl", command...).CombinedOutput() // #nosec G204 if err != nil { klog.Errorf("failed to find chassis: %v, %s", err, string(output)) return nil, err @@ -167,7 +167,7 @@ func checkSBBindings(config *Configuration) ([]string, error) { fmt.Sprintf("chassis=%s", chassis), } } - output, err = exec.Command("ovn-sbctl", command...).CombinedOutput() + output, err = exec.Command("ovn-sbctl", command...).CombinedOutput() // #nosec G204 if err != nil { klog.Errorf("failed to list port_binding in ovn-sb %v", err) return nil, err diff --git a/pkg/pinger/util.go b/pkg/pinger/util.go index cd8d9c99fd21..9d04745fccf9 100644 --- a/pkg/pinger/util.go +++ b/pkg/pinger/util.go @@ -41,7 +41,7 @@ func (e *Exporter) getOvsStatus() map[string]bool { func (e *Exporter) getOvsDatapath() ([]string, error) { var datapathsList []string cmdstr := fmt.Sprintf("ovs-appctl -T %v dpctl/dump-dps", e.Client.Timeout) - cmd := exec.Command("sh", "-c", cmdstr) + cmd := exec.Command("sh", "-c", cmdstr) // #nosec G204 output, err := cmd.CombinedOutput() if err != nil { return nil, fmt.Errorf("failed to get output of dpctl/dump-dps: %v", err) @@ -67,7 +67,7 @@ func (e *Exporter) getOvsDatapath() ([]string, error) { func (e *Exporter) setOvsDpIfMetric(datapathName string) error { cmdstr := fmt.Sprintf("ovs-appctl -T %v dpctl/show %s", e.Client.Timeout, datapathName) - cmd := exec.Command("sh", "-c", cmdstr) + cmd := exec.Command("sh", "-c", cmdstr) // #nosec G204 output, err := cmd.CombinedOutput() if err != nil { return fmt.Errorf("failed to get output of dpctl/show %s: %v", datapathName, err) diff --git a/pkg/util/arp.go b/pkg/util/arp.go index 646c5163ba1f..34338ef6b49a 100644 --- a/pkg/util/arp.go +++ b/pkg/util/arp.go @@ -114,12 +114,12 @@ func ArpDetectIPConflict(nic, ip string, mac net.HardwareAddr) (net.HardwareAddr durations := make([]time.Duration, probeNum) // wait for a random time interval selected uniformly in the range zero to // PROBE_WAIT seconds - durations[0] = time.Duration(rand.Int64N(int64(probeWait))) + durations[0] = time.Duration(rand.Int64N(int64(probeWait))) // #nosec G404 deadline = deadline.Add(durations[0]) for i := 1; i < probeNum; i++ { // send PROBE_NUM probe packets, each of these probe packets spaced // randomly and uniformly, PROBE_MIN to PROBE_MAX seconds apart - durations[i] = probeMinmum + time.Duration(rand.Int64N(int64(probeMaxmum-probeMinmum))) + durations[i] = probeMinmum + time.Duration(rand.Int64N(int64(probeMaxmum-probeMinmum))) // #nosec G404 deadline = deadline.Add(durations[i]) } From a1815db0537482a53e9d430467b8f5a5cd8cba37 Mon Sep 17 00:00:00 2001 From: bobz965 Date: Wed, 15 May 2024 15:04:50 +0800 Subject: [PATCH 18/57] fix add ip eip trigger subnet status count ip (#4023) Signed-off-by: bobz965 --- pkg/controller/ip.go | 14 -------------- pkg/controller/ovn_eip.go | 5 +---- pkg/controller/vip.go | 5 +---- 3 files changed, 2 insertions(+), 22 deletions(-) diff --git a/pkg/controller/ip.go b/pkg/controller/ip.go index ca5ffd6c99ab..2f188a5072d0 100644 --- a/pkg/controller/ip.go +++ b/pkg/controller/ip.go @@ -554,20 +554,6 @@ func (c *Controller) createOrUpdateIPCR(ipCRName, podName, ip, mac, subnetName, return nil } -func (c *Controller) subnetCountIP(subnet *kubeovnv1.Subnet) error { - var err error - if util.CheckProtocol(subnet.Spec.CIDRBlock) == kubeovnv1.ProtocolDual { - _, err = c.calcDualSubnetStatusIP(subnet) - } else { - _, err = c.calcSubnetStatusIP(subnet) - } - if err != nil { - klog.Error(err) - return err - } - return nil -} - func (c *Controller) ipAcquireAddress(ip *kubeovnv1.IP, subnet *kubeovnv1.Subnet) (string, string, string, error) { key := fmt.Sprintf("%s/%s", ip.Spec.Namespace, ip.Spec.PodName) portName := ovs.PodNameToPortName(ip.Spec.PodName, ip.Spec.Namespace, subnet.Spec.Provider) diff --git a/pkg/controller/ovn_eip.go b/pkg/controller/ovn_eip.go index 990eeaeefdf5..7ff89f526fab 100644 --- a/pkg/controller/ovn_eip.go +++ b/pkg/controller/ovn_eip.go @@ -272,10 +272,7 @@ func (c *Controller) handleAddOvnEip(key string) error { klog.Errorf("failed to add finalizer for ovn eip, %v", err) return err } - if err = c.subnetCountIP(subnet); err != nil { - klog.Errorf("failed to count ovn eip '%s' in subnet, %v", cachedEip.Name, err) - return err - } + c.updateSubnetStatusQueue.Add(subnetName) return nil } diff --git a/pkg/controller/vip.go b/pkg/controller/vip.go index 0ebf3fa7456b..cec712f483c6 100644 --- a/pkg/controller/vip.go +++ b/pkg/controller/vip.go @@ -285,15 +285,12 @@ func (c *Controller) handleAddVirtualIP(key string) error { klog.Errorf("failed to create or update vip '%s', %v", vip.Name, err) return err } - if err = c.subnetCountIP(subnet); err != nil { - klog.Errorf("failed to count vip '%s' in subnet, %v", vip.Name, err) - return err - } if err := c.handleUpdateVirtualParents(key); err != nil { err := fmt.Errorf("error syncing virtual parents for vip '%s': %s", key, err.Error()) klog.Error(err) return err } + c.updateSubnetStatusQueue.Add(subnetName) return nil } From 51602bd8cc6695ef3392bd56cca4f287536ac879 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 May 2024 16:10:17 +0000 Subject: [PATCH 19/57] build(deps): bump google.golang.org/grpc from 1.63.2 to 1.64.0 (#4027) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.63.2 to 1.64.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.63.2...v1.64.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index ba0874f20e93..6c46c6ac2116 100644 --- a/go.mod +++ b/go.mod @@ -39,7 +39,7 @@ require ( golang.org/x/mod v0.17.0 golang.org/x/sys v0.20.0 golang.org/x/time v0.5.0 - google.golang.org/grpc v1.63.2 + google.golang.org/grpc v1.64.0 google.golang.org/protobuf v1.34.1 gopkg.in/k8snetworkplumbingwg/multus-cni.v4 v4.0.2 k8s.io/api v0.30.0 diff --git a/go.sum b/go.sum index 17db14e3e56a..a6791a65512c 100644 --- a/go.sum +++ b/go.sum @@ -2170,8 +2170,8 @@ google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5v google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw= google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g= google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8= -google.golang.org/grpc v1.63.2 h1:MUeiw1B2maTVZthpU5xvASfTh3LDbxHd6IJ6QQVU+xM= -google.golang.org/grpc v1.63.2/go.mod h1:WAX/8DgncnokcFUldAxq7GeB5DXHDbMF+lLvDomNkRA= +google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY= +google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= From fa66889b1154076c466933c9f0f2ed313c7fbf62 Mon Sep 17 00:00:00 2001 From: fanriming Date: Thu, 16 May 2024 09:23:23 +0800 Subject: [PATCH 20/57] rollback residual link and port (#4012) Signed-off-by: fanriming --- pkg/daemon/ovs_linux.go | 71 ++++++++++++++++++++++++++++++++++++++--- 1 file changed, 67 insertions(+), 4 deletions(-) diff --git a/pkg/daemon/ovs_linux.go b/pkg/daemon/ovs_linux.go index 503dd6f9ac57..65baadf6e26e 100644 --- a/pkg/daemon/ovs_linux.go +++ b/pkg/daemon/ovs_linux.go @@ -20,6 +20,7 @@ import ( sriovutilfs "github.com/k8snetworkplumbingwg/sriovnet/pkg/utils/filesystem" "github.com/vishvananda/netlink" "golang.org/x/sys/unix" + v1 "k8s.io/api/core/v1" k8serrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" @@ -72,6 +73,14 @@ func (csh cniServerHandler) configureNic(podName, podNamespace, provider, netns, klog.Errorf("failed to create veth pair %v", err) return nil, err } + defer func() { + if err != nil { + if err := rollBackVethPair(hostNicName); err != nil { + return + } + } + }() + } else { hostNicName, containerNicName, err = setupSriovInterface(containerID, deviceID, vfDriver, ifName, mtu, mac) if err != nil { @@ -94,6 +103,13 @@ func (csh cniServerHandler) configureNic(podName, podNamespace, provider, netns, if err != nil { return nil, fmt.Errorf("add nic to ovs failed %v: %q", err, output) } + defer func() { + if err != nil { + if err := csh.rollbackOvsPort(hostNicName, containerNicName, nicType); err != nil { + return + } + } + }() // add hostNicName and containerNicName into pod annotations if deviceID != "" { @@ -103,7 +119,8 @@ func (csh cniServerHandler) configureNic(podName, podNamespace, provider, netns, } else { podNameNew = podName } - pod, err := csh.Controller.podsLister.Pods(podNamespace).Get(podNameNew) + var pod *v1.Pod + pod, err = csh.Controller.podsLister.Pods(podNamespace).Get(podNameNew) if err != nil { klog.Errorf("failed to generate patch for pod %s/%s: %v", podNameNew, podNamespace, err) return nil, err @@ -111,12 +128,13 @@ func (csh cniServerHandler) configureNic(podName, podNamespace, provider, netns, oriPod := pod.DeepCopy() pod.Annotations[fmt.Sprintf(util.VfRepresentorNameTemplate, provider)] = hostNicName pod.Annotations[fmt.Sprintf(util.VfNameTemplate, provider)] = containerNicName - patch, err := util.GenerateMergePatchPayload(oriPod, pod) + var patch []byte + patch, err = util.GenerateMergePatchPayload(oriPod, pod) if err != nil { klog.Errorf("failed to generate patch for pod %s/%s: %v", podNameNew, podNamespace, err) return nil, err } - if _, err := csh.Config.KubeClient.CoreV1().Pods(podNamespace).Patch(context.Background(), podNameNew, + if _, err = csh.Config.KubeClient.CoreV1().Pods(podNamespace).Patch(context.Background(), podNameNew, types.MergePatchType, patch, metav1.PatchOptions{}, ""); err != nil { klog.Errorf("patch pod %s/%s failed: %v", podNameNew, podNamespace, err) return nil, err @@ -162,7 +180,8 @@ func (csh cniServerHandler) configureNic(podName, podNamespace, provider, netns, if err != nil { return nil, fmt.Errorf("failed to open netns %q: %v", netns, err) } - return configureContainerNic(containerNicName, ifName, ip, gateway, isDefaultRoute, detectIPConflict, routes, macAddr, podNS, mtu, nicType, gwCheckMode, u2oInterconnectionIP) + finalRoutes, err := configureContainerNic(containerNicName, ifName, ip, gateway, isDefaultRoute, detectIPConflict, routes, macAddr, podNS, mtu, nicType, gwCheckMode, u2oInterconnectionIP) + return finalRoutes, err } func (csh cniServerHandler) releaseVf(podName, podNamespace, podNetns, ifName, nicType, provider, deviceID string) error { @@ -281,6 +300,21 @@ func (csh cniServerHandler) deleteNic(podName, podNamespace, containerID, netns, return nil } +func (csh cniServerHandler) rollbackOvsPort(hostNicName, containerNicName, nicType string) (err error) { + var nicName string + if nicType == util.InternalType { + nicName = containerNicName + } else { + nicName = hostNicName + } + output, err := ovs.Exec(ovs.IfExists, "--with-iface", "del-port", "br-int", nicName) + if err != nil { + klog.Warningf("failed to delete down ovs port %v, %q", err, output) + } + klog.Infof("rollback ovs port success %s", nicName) + return +} + func generateNicName(containerID, ifname string) (string, string) { if ifname == "eth0" { return fmt.Sprintf("%s_h", containerID[0:12]), fmt.Sprintf("%s_c", containerID[0:12]) @@ -1499,6 +1533,13 @@ func (csh cniServerHandler) configureNicWithInternalPort(podName, podNamespace, klog.Error(err) return containerNicName, nil, err } + defer func() { + if err != nil { + if err := csh.rollbackOvsPort("", containerNicName, nicType); err != nil { + return + } + } + }() // container nic must use same mac address from pod annotation, otherwise ovn will reject these packets by default macAddr, err := net.ParseMAC(mac) @@ -1693,3 +1734,25 @@ func linkExists(name string) (bool, error) { } return true, nil } + +func rollBackVethPair(nicName string) error { + hostLink, err := netlink.LinkByName(nicName) + if err != nil { + // If link already not exists, return quietly + // E.g. Internal port had been deleted by Remove ovs port previously + if _, ok := err.(netlink.LinkNotFoundError); ok { + return nil + } + return fmt.Errorf("find host link %s failed %v", nicName, err) + } + + hostLinkType := hostLink.Type() + // Sometimes no deviceID input for vf nic, avoid delete vf nic. + if hostLinkType == "veth" { + if err = netlink.LinkDel(hostLink); err != nil { + return fmt.Errorf("delete host link %s failed %v", hostLink, err) + } + } + klog.Infof("rollback veth success %s", nicName) + return nil +} From 2245d6404dcf2762d10b4f4489fcc50148eab8a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=A5=96=E5=BB=BA?= Date: Thu, 16 May 2024 09:56:02 +0800 Subject: [PATCH 21/57] set mac in U2OInterconnection ip resources (#4008) Signed-off-by: zhangzujian --- pkg/controller/subnet.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/controller/subnet.go b/pkg/controller/subnet.go index 4a0dd2006bf5..dbfdf208820c 100644 --- a/pkg/controller/subnet.go +++ b/pkg/controller/subnet.go @@ -1907,10 +1907,10 @@ func (c *Controller) reconcileU2OInterconnectionIP(subnet *kubeovnv1.Subnet) err if subnet.Spec.U2OInterconnection { u2oInterconnName := fmt.Sprintf(util.U2OInterconnName, subnet.Spec.Vpc, subnet.Name) u2oInterconnLrpName := fmt.Sprintf("%s-%s", subnet.Spec.Vpc, subnet.Name) - var v4ip, v6ip string + var v4ip, v6ip, mac string var err error if subnet.Spec.U2OInterconnectionIP == "" && subnet.Status.U2OInterconnectionIP == "" { - v4ip, v6ip, _, err = c.acquireIPAddress(subnet.Name, u2oInterconnName, u2oInterconnLrpName) + v4ip, v6ip, mac, err = c.acquireIPAddress(subnet.Name, u2oInterconnName, u2oInterconnLrpName) if err != nil { klog.Errorf("failed to acquire underlay to overlay interconnection ip address for subnet %s, %v", subnet.Name, err) return err @@ -1921,7 +1921,7 @@ func (c *Controller) reconcileU2OInterconnectionIP(subnet *kubeovnv1.Subnet) err c.ipam.ReleaseAddressByPod(u2oInterconnName, subnet.Name) } - v4ip, v6ip, _, err = c.acquireStaticIPAddress(subnet.Name, u2oInterconnName, u2oInterconnLrpName, subnet.Spec.U2OInterconnectionIP) + v4ip, v6ip, mac, err = c.acquireStaticIPAddress(subnet.Name, u2oInterconnName, u2oInterconnLrpName, subnet.Spec.U2OInterconnectionIP) if err != nil { klog.Errorf("failed to acquire static underlay to overlay interconnection ip address for subnet %s, %v", subnet.Name, err) return err @@ -1937,7 +1937,7 @@ func (c *Controller) reconcileU2OInterconnectionIP(subnet *kubeovnv1.Subnet) err case kubeovnv1.ProtocolDual: subnet.Status.U2OInterconnectionIP = fmt.Sprintf("%s,%s", v4ip, v6ip) } - if err := c.createOrUpdateIPCR("", u2oInterconnName, subnet.Status.U2OInterconnectionIP, "", subnet.Name, "default", "", ""); err != nil { + if err := c.createOrUpdateIPCR("", u2oInterconnName, subnet.Status.U2OInterconnectionIP, mac, subnet.Name, "default", "", ""); err != nil { klog.Errorf("failed to create or update IPs of %s : %v", u2oInterconnLrpName, err) return err } From 2f92a6fc6fe4542e31ea904a5c9a966567193e9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=A5=96=E5=BB=BA?= Date: Thu, 16 May 2024 11:59:52 +0800 Subject: [PATCH 22/57] fix node annotations not updated when initializing the default provider-network (#4030) Signed-off-by: zhangzujian --- pkg/controller/init.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/controller/init.go b/pkg/controller/init.go index 26b52b4d4a78..c7f3c629f523 100644 --- a/pkg/controller/init.go +++ b/pkg/controller/init.go @@ -514,7 +514,7 @@ func (c *Controller) initDefaultProviderNetwork() error { } defer func() { - if err == nil { + if err != nil { return } From 3015e5dab42bdf6d4fbabfcec2e5c95ca2c034be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=A5=96=E5=BB=BA?= Date: Thu, 16 May 2024 13:33:02 +0800 Subject: [PATCH 23/57] bump k8s to 1.30.1 (#4028) Signed-off-by: zhangzujian --- .trivyignore | 7 --- dist/images/Dockerfile.base | 2 +- go.mod | 90 +++++++++++++++--------------- go.sum | 106 ++++++++++++++++++------------------ 4 files changed, 99 insertions(+), 106 deletions(-) diff --git a/.trivyignore b/.trivyignore index 52a149f68486..e69de29bb2d1 100644 --- a/.trivyignore +++ b/.trivyignore @@ -1,7 +0,0 @@ -CVE-2023-45288 -CVE-2023-45289 -CVE-2023-45290 -CVE-2024-24783 -CVE-2024-24784 -CVE-2024-24785 -CVE-2024-24788 \ No newline at end of file diff --git a/dist/images/Dockerfile.base b/dist/images/Dockerfile.base index 24135d00a057..51eaf62dc0af 100644 --- a/dist/images/Dockerfile.base +++ b/dist/images/Dockerfile.base @@ -103,7 +103,7 @@ ARG ARCH ENV CNI_VERSION=v1.4.1 RUN curl -sSf -L --retry 5 https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-linux-${ARCH}-${CNI_VERSION}.tgz | tar -xz -C . ./loopback ./portmap ./macvlan -ENV KUBE_VERSION="v1.30.0" +ENV KUBE_VERSION="v1.29.5" RUN curl -L https://dl.k8s.io/${KUBE_VERSION}/kubernetes-client-linux-${ARCH}.tar.gz | tar -xz -C . && cp ./kubernetes/client/bin/kubectl /usr/bin/kubectl \ && chmod +x /usr/bin/kubectl && rm -rf ./kubernetes diff --git a/go.mod b/go.mod index 6c46c6ac2116..988570ace6fb 100644 --- a/go.mod +++ b/go.mod @@ -42,14 +42,14 @@ require ( google.golang.org/grpc v1.64.0 google.golang.org/protobuf v1.34.1 gopkg.in/k8snetworkplumbingwg/multus-cni.v4 v4.0.2 - k8s.io/api v0.30.0 - k8s.io/apimachinery v0.30.0 + k8s.io/api v0.30.1 + k8s.io/apimachinery v0.30.1 k8s.io/client-go v12.0.0+incompatible k8s.io/klog/v2 v2.120.1 - k8s.io/kubectl v0.30.0 - k8s.io/kubernetes v1.30.0 - k8s.io/pod-security-admission v0.30.0 - k8s.io/sample-controller v0.30.0 + k8s.io/kubectl v0.30.1 + k8s.io/kubernetes v1.30.1 + k8s.io/pod-security-admission v0.30.1 + k8s.io/sample-controller v0.30.1 k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 kubevirt.io/api v1.2.0 kubevirt.io/client-go v1.2.0 @@ -240,21 +240,21 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apiextensions-apiserver v0.30.0 // indirect - k8s.io/apiserver v0.30.0 // indirect - k8s.io/cli-runtime v0.30.0 // indirect - k8s.io/cloud-provider v0.30.0 // indirect - k8s.io/cluster-bootstrap v0.30.0 // indirect - k8s.io/component-base v0.30.0 // indirect - k8s.io/component-helpers v0.30.0 // indirect - k8s.io/controller-manager v0.30.0 // indirect - k8s.io/cri-api v0.30.0 // indirect - k8s.io/csi-translation-lib v0.30.0 // indirect + k8s.io/apiextensions-apiserver v0.30.1 // indirect + k8s.io/apiserver v0.30.1 // indirect + k8s.io/cli-runtime v0.30.1 // indirect + k8s.io/cloud-provider v0.30.1 // indirect + k8s.io/cluster-bootstrap v0.30.1 // indirect + k8s.io/component-base v0.30.1 // indirect + k8s.io/component-helpers v0.30.1 // indirect + k8s.io/controller-manager v0.30.1 // indirect + k8s.io/cri-api v0.30.1 // indirect + k8s.io/csi-translation-lib v0.30.1 // indirect k8s.io/dynamic-resource-allocation v0.0.0 // indirect - k8s.io/kms v0.30.0 // indirect + k8s.io/kms v0.30.1 // indirect k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f // indirect k8s.io/kube-scheduler v0.0.0 // indirect - k8s.io/kubelet v0.30.0 // indirect + k8s.io/kubelet v0.30.1 // indirect k8s.io/legacy-cloud-providers v0.0.0 // indirect k8s.io/mount-utils v0.0.0 // indirect kubevirt.io/containerized-data-importer-api v1.58.1 // indirect @@ -272,32 +272,32 @@ replace ( github.com/openshift/client-go => github.com/openshift/client-go v0.0.1 github.com/ovn-org/libovsdb => github.com/kubeovn/libovsdb v0.0.0-20240218023647-f0bc3ce57fcd github.com/vishvananda/netlink => github.com/kubeovn/netlink v0.0.0-20240218024530-d3ada5dae96f - k8s.io/api => k8s.io/api v0.30.0 - k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.30.0 - k8s.io/apimachinery => k8s.io/apimachinery v0.30.0 - k8s.io/apiserver => k8s.io/apiserver v0.30.0 - k8s.io/cli-runtime => k8s.io/cli-runtime v0.30.0 - k8s.io/client-go => k8s.io/client-go v0.30.0 - k8s.io/cloud-provider => k8s.io/cloud-provider v0.30.0 - k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.30.0 - k8s.io/code-generator => k8s.io/code-generator v0.30.0 - k8s.io/component-base => k8s.io/component-base v0.30.0 - k8s.io/component-helpers => k8s.io/component-helpers v0.30.0 - k8s.io/controller-manager => k8s.io/controller-manager v0.30.0 - k8s.io/cri-api => k8s.io/cri-api v0.30.0 - k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.30.0 - k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.30.0 - k8s.io/endpointslice => k8s.io/endpointslice v0.30.0 - k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.30.0 - k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.30.0 - k8s.io/kube-proxy => k8s.io/kube-proxy v0.30.0 - k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.30.0 - k8s.io/kubectl => k8s.io/kubectl v0.30.0 - k8s.io/kubelet => k8s.io/kubelet v0.30.0 - k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.30.0 - k8s.io/metrics => k8s.io/metrics v0.30.0 - k8s.io/mount-utils => k8s.io/mount-utils v0.30.0 - k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.30.0 - k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.30.0 + k8s.io/api => k8s.io/api v0.30.1 + k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.30.1 + k8s.io/apimachinery => k8s.io/apimachinery v0.30.1 + k8s.io/apiserver => k8s.io/apiserver v0.30.1 + k8s.io/cli-runtime => k8s.io/cli-runtime v0.30.1 + k8s.io/client-go => k8s.io/client-go v0.30.1 + k8s.io/cloud-provider => k8s.io/cloud-provider v0.30.1 + k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.30.1 + k8s.io/code-generator => k8s.io/code-generator v0.30.1 + k8s.io/component-base => k8s.io/component-base v0.30.1 + k8s.io/component-helpers => k8s.io/component-helpers v0.30.1 + k8s.io/controller-manager => k8s.io/controller-manager v0.30.1 + k8s.io/cri-api => k8s.io/cri-api v0.30.1 + k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.30.1 + k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.30.1 + k8s.io/endpointslice => k8s.io/endpointslice v0.30.1 + k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.30.1 + k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.30.1 + k8s.io/kube-proxy => k8s.io/kube-proxy v0.30.1 + k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.30.1 + k8s.io/kubectl => k8s.io/kubectl v0.30.1 + k8s.io/kubelet => k8s.io/kubelet v0.30.1 + k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.30.1 + k8s.io/metrics => k8s.io/metrics v0.30.1 + k8s.io/mount-utils => k8s.io/mount-utils v0.30.1 + k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.30.1 + k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.30.1 kubevirt.io/client-go => github.com/kubeovn/kubevirt-client-go v0.0.0-20240430072310-d367a71d7cd7 ) diff --git a/go.sum b/go.sum index a6791a65512c..157e852409e3 100644 --- a/go.sum +++ b/go.sum @@ -2243,35 +2243,35 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.1.3/go.mod h1:NgwopIslSNH47DimFoV78dnkksY2EFtX0ajyb3K/las= -k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA= -k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE= -k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs= -k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y= -k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= -k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= -k8s.io/apiserver v0.30.0 h1:QCec+U72tMQ+9tR6A0sMBB5Vh6ImCEkoKkTDRABWq6M= -k8s.io/apiserver v0.30.0/go.mod h1:smOIBq8t0MbKZi7O7SyIpjPsiKJ8qa+llcFCluKyqiY= -k8s.io/cli-runtime v0.30.0 h1:0vn6/XhOvn1RJ2KJOC6IRR2CGqrpT6QQF4+8pYpWQ48= -k8s.io/cli-runtime v0.30.0/go.mod h1:vATpDMATVTMA79sZ0YUCzlMelf6rUjoBzlp+RnoM+cg= -k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= -k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= -k8s.io/cloud-provider v0.30.0 h1:hz1MXkFjsyO167sRZVchXEi2YYMQ6kolBi79nuICjzw= -k8s.io/cloud-provider v0.30.0/go.mod h1:iyVcGvDfmZ7m5cliI9TTHj0VTjYDNpc/K71Gp6hukjU= -k8s.io/cluster-bootstrap v0.30.0 h1:vaIjA1eMFpcLYz+p6NMj75aqiauDahFx9EkuTxc0GMI= -k8s.io/cluster-bootstrap v0.30.0/go.mod h1:/ceTq+EC/aOrQk27mfmFW/iOeQDqzKg6vYWIBFNHSAE= -k8s.io/code-generator v0.30.0/go.mod h1:mBMZhfRR4IunJUh2+7LVmdcWwpouCH5+LNPkZ3t/v7Q= -k8s.io/component-base v0.30.0 h1:cj6bp38g0ainlfYtaOQuRELh5KSYjhKxM+io7AUIk4o= -k8s.io/component-base v0.30.0/go.mod h1:V9x/0ePFNaKeKYA3bOvIbrNoluTSG+fSJKjLdjOoeXQ= -k8s.io/component-helpers v0.30.0 h1:xbJtNCfSM4SB/Tz5JqCKDZv4eT5LVi/AWQ1VOxhmStU= -k8s.io/component-helpers v0.30.0/go.mod h1:68HlSwXIumMKmCx8cZe1PoafQEYh581/sEpxMrkhmX4= -k8s.io/controller-manager v0.30.0 h1:jqqT8cK0Awdy0IfT0yuqYIRmwskbdzH5AEZqkuhEVMs= -k8s.io/controller-manager v0.30.0/go.mod h1:suM1r/pxUuk2ij5Bbm7W9kBLrFujXuzIboNuWK5AfRA= -k8s.io/cri-api v0.30.0 h1:hZqh3vH5JZdqeAyhD9nPXSbT6GDgrtPJkPiIzhWKVhk= -k8s.io/cri-api v0.30.0/go.mod h1://4/umPJSW1ISNSNng4OwjpkvswJOQwU8rnkvO8P+xg= -k8s.io/csi-translation-lib v0.30.0 h1:pEe6jshNVE4od2AdgYlsAtiKP/MH+NcsBbUPA/dWA6U= -k8s.io/csi-translation-lib v0.30.0/go.mod h1:5TT/awOiKEX+8CcbReVYJyddT7xqlFrp3ChE9e45MyU= -k8s.io/dynamic-resource-allocation v0.30.0 h1:CLMe/tsqOmIsR336A8vP4vGsdccfgMeUM2ksbxG5pyM= -k8s.io/dynamic-resource-allocation v0.30.0/go.mod h1:ltnb2UxylJw3MHeUIcXtIsxX23/4oHAY4Hr44I4RzZU= +k8s.io/api v0.30.1 h1:kCm/6mADMdbAxmIh0LBjS54nQBE+U4KmbCfIkF5CpJY= +k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM= +k8s.io/apiextensions-apiserver v0.30.1 h1:4fAJZ9985BmpJG6PkoxVRpXv9vmPUOVzl614xarePws= +k8s.io/apiextensions-apiserver v0.30.1/go.mod h1:R4GuSrlhgq43oRY9sF2IToFh7PVlF1JjfWdoG3pixk4= +k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U= +k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/apiserver v0.30.1 h1:BEWEe8bzS12nMtDKXzCF5Q5ovp6LjjYkSp8qOPk8LZ8= +k8s.io/apiserver v0.30.1/go.mod h1:i87ZnQ+/PGAmSbD/iEKM68bm1D5reX8fO4Ito4B01mo= +k8s.io/cli-runtime v0.30.1 h1:kSBBpfrJGS6lllc24KeniI9JN7ckOOJKnmFYH1RpTOw= +k8s.io/cli-runtime v0.30.1/go.mod h1:zhHgbqI4J00pxb6gM3gJPVf2ysDjhQmQtnTxnMScab8= +k8s.io/client-go v0.30.1 h1:uC/Ir6A3R46wdkgCV3vbLyNOYyCJ8oZnjtJGKfytl/Q= +k8s.io/client-go v0.30.1/go.mod h1:wrAqLNs2trwiCH/wxxmT/x3hKVH9PuV0GGW0oDoHVqc= +k8s.io/cloud-provider v0.30.1 h1:OslHpog97zG9Kr7/vV1ki8nLKq8xTPUkN/kepCxBqKI= +k8s.io/cloud-provider v0.30.1/go.mod h1:1uZp+FSskXQoeAAIU91/XCO8X/9N1U3z5usYeSLT4MI= +k8s.io/cluster-bootstrap v0.30.1 h1:WHh04Oh0YAWMsJ5TXXEF+LGu3g/2ymQOYsH8IopUHlQ= +k8s.io/cluster-bootstrap v0.30.1/go.mod h1:GcLD4Z4GFY+CsNYcaqlSAmxFIHgSMGZHNT4SjA0A6ao= +k8s.io/code-generator v0.30.1/go.mod h1:hFgxRsvOUg79mbpbVKfjJvRhVz1qLoe40yZDJ/hwRH4= +k8s.io/component-base v0.30.1 h1:bvAtlPh1UrdaZL20D9+sWxsJljMi0QZ3Lmw+kmZAaxQ= +k8s.io/component-base v0.30.1/go.mod h1:e/X9kDiOebwlI41AvBHuWdqFriSRrX50CdwA9TFaHLI= +k8s.io/component-helpers v0.30.1 h1:/UcxSLzZ0owluTE2WMDrFfZl2L+WVXKdYYYm68qnH7U= +k8s.io/component-helpers v0.30.1/go.mod h1:b1Xk27UJ3p/AmPqDx7khrnSxrdwQy9gTP7O1y6MZ6rg= +k8s.io/controller-manager v0.30.1 h1:vrpfinHQWGf40U08Zmrt+QxK/2yTgjJl/9DKtjaB1gI= +k8s.io/controller-manager v0.30.1/go.mod h1:8rTEPbn8LRKC/vS+If+JAKBfsftCfTMaF8/n4SJC+PQ= +k8s.io/cri-api v0.30.1 h1:AUM78wiC56B1WJ2c795AS0IG5T57CkEdkn0IuC+miAE= +k8s.io/cri-api v0.30.1/go.mod h1://4/umPJSW1ISNSNng4OwjpkvswJOQwU8rnkvO8P+xg= +k8s.io/csi-translation-lib v0.30.1 h1:fIBtNMQjyr7HFv3xGSSH9cWOQS1K1kIBmZ1zRsHuVKs= +k8s.io/csi-translation-lib v0.30.1/go.mod h1:l0HrIBIxUKRvqnNWqn6AXTYgUa2mAFLT6bjo1lU+55U= +k8s.io/dynamic-resource-allocation v0.30.1 h1:Orv5t34/PMUxi57Fgzr3UpeWUvp5RmM3HWeQKqzTnyw= +k8s.io/dynamic-resource-allocation v0.30.1/go.mod h1:l1kPvmIhxAysEHqW0lGjSIRvansWSpq27wCuqCccP6E= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/gengo v0.0.0-20211129171323-c02415ce4185/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70/go.mod h1:VH3AT8AaQOqiGjMF9p0/IM1Dj+82ZwjfxUP1IxaHE+8= @@ -2281,34 +2281,34 @@ k8s.io/klog/v2 v2.40.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kms v0.30.0 h1:ZlnD/ei5lpvUlPw6eLfVvH7d8i9qZ6HwUQgydNVks8g= -k8s.io/kms v0.30.0/go.mod h1:GrMurD0qk3G4yNgGcsCEmepqf9KyyIrTXYR2lyUOJC4= -k8s.io/kube-aggregator v0.30.0 h1:+Opc0lmhRmHbNM4m3mLSsUFmK/ikMapO9rvGirX5CEM= -k8s.io/kube-aggregator v0.30.0/go.mod h1:KbZZkSSjYE6vkB2TSuZ9GBjU3ucgL7YxT8yX8wll0iQ= +k8s.io/kms v0.30.1 h1:gEIbEeCbFiaN2tNfp/EUhFdGr5/CSj8Eyq6Mkr7cCiY= +k8s.io/kms v0.30.1/go.mod h1:GrMurD0qk3G4yNgGcsCEmepqf9KyyIrTXYR2lyUOJC4= +k8s.io/kube-aggregator v0.30.1 h1:ymR2BsxDacTKwzKTuNhGZttuk009c+oZbSeD+IPX5q4= +k8s.io/kube-aggregator v0.30.1/go.mod h1:SFbqWsM6ea8dHd3mPLsZFzJHbjBOS5ykIgJh4znZ5iQ= k8s.io/kube-openapi v0.0.0-20220124234850-424119656bbf/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f h1:0LQagt0gDpKqvIkAMPaRGcXawNMouPECM1+F9BVxEaM= k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f/go.mod h1:S9tOR0FxgyusSNR+MboCuiDpVWkAifZvaYI1Q2ubgro= -k8s.io/kube-scheduler v0.30.0 h1:wr2bcKy9MoN0VlfiM66KHYsgUXPJYhtr3b6LiVmKc94= -k8s.io/kube-scheduler v0.30.0/go.mod h1:C/yQb0WrPsxAA3LGwh+HB4sY5RMbH+2UMfdDpEQNR30= -k8s.io/kubectl v0.30.0 h1:xbPvzagbJ6RNYVMVuiHArC1grrV5vSmmIcSZuCdzRyk= -k8s.io/kubectl v0.30.0/go.mod h1:zgolRw2MQXLPwmic2l/+iHs239L49fhSeICuMhQQXTI= -k8s.io/kubelet v0.30.0 h1:/pqHVR2Rn8ExCpn211wL3pMtqRFpcBcJPl4+1INbIMk= -k8s.io/kubelet v0.30.0/go.mod h1:WukdKqbQxnj+csn3K8XOKeX7Sh60J/da25IILjvvB5s= -k8s.io/kubernetes v1.30.0 h1:u3Yw8rNlo2NDSGaDpoxoHXLPQnEu1tfqHATKOJe94HY= -k8s.io/kubernetes v1.30.0/go.mod h1:yPbIk3MhmhGigX62FLJm+CphNtjxqCvAIFQXup6RKS0= -k8s.io/legacy-cloud-providers v0.30.0 h1:TdaWbGlLuAVtoKQx98PZn1D3I1JH1hf3SFR4nAzu6oI= -k8s.io/legacy-cloud-providers v0.30.0/go.mod h1:DOdF7dbVxvdprMF748oKkDcNWq/YhM+PKp7usT0D1MI= -k8s.io/metrics v0.30.0 h1:tqB+T0GJY288KahaO3Eb41HaDVeLR18gBmyPo0R417s= -k8s.io/metrics v0.30.0/go.mod h1:nSDA8V19WHhCTBhRYuyzJT9yPJBxSpqbyrGCCQ4jPj4= -k8s.io/mount-utils v0.30.0 h1:EceYTNYVabfpdtIAHC4KgMzoZkm1B8ovZ1J666mYZQI= -k8s.io/mount-utils v0.30.0/go.mod h1:9sCVmwGLcV1MPvbZ+rToMDnl1QcGozy+jBPd0MsQLIo= -k8s.io/pod-security-admission v0.30.0 h1:C8J/zbrA3hVR7jatN+mN/ymUWxwU6KceS5HsEEt6rTY= -k8s.io/pod-security-admission v0.30.0/go.mod h1:eyzZB+gtMwnNduqr9tVO2vjf2DdepZsUA11SzyfXhfM= -k8s.io/sample-apiserver v0.30.0 h1:WQ12/3D3L5ehhzd2GTIAcmOQofbUegbyiP4uCoRjAOc= -k8s.io/sample-apiserver v0.30.0/go.mod h1:8AEt4tDWn0yE08mc4PyJu2n75FYPUKb06GQvkhO3id8= -k8s.io/sample-controller v0.30.0 h1:XBYx3RxVCqtY8rp4CAmKbJ6o+LZfXdU3UnO8qZccO14= -k8s.io/sample-controller v0.30.0/go.mod h1:IR3rNY6brFmMKwUHuyORymQgEoXFhQCI0ROmkx9dTw8= +k8s.io/kube-scheduler v0.30.1 h1:bH7Ie+gSDHas0BVjtdEY87zGLCPA2WMZ+TV4/7lqXg0= +k8s.io/kube-scheduler v0.30.1/go.mod h1:nAiJHoSyc3/XBUGE24MYcoSiDMuUhabmKVD0KTjQdus= +k8s.io/kubectl v0.30.1 h1:sHFIRI3oP0FFZmBAVEE8ErjnTyXDPkBcvO88mH9RjuY= +k8s.io/kubectl v0.30.1/go.mod h1:7j+L0Cc38RYEcx+WH3y44jRBe1Q1jxdGPKkX0h4iDq0= +k8s.io/kubelet v0.30.1 h1:6gS1gWjrefUGfC/9n0ITOzxnKyt89FfkIhom70Bola4= +k8s.io/kubelet v0.30.1/go.mod h1:5IUeAt3YlIfLNdT/YfRuCCONfEefm7qfcqz81b002Z8= +k8s.io/kubernetes v1.30.1 h1:XlqS6KslLEA5mQzLK2AJrhr4Z1m8oJfkhHiWJ5lue+I= +k8s.io/kubernetes v1.30.1/go.mod h1:yPbIk3MhmhGigX62FLJm+CphNtjxqCvAIFQXup6RKS0= +k8s.io/legacy-cloud-providers v0.30.1 h1:QGoeW4C7TQdsuMagqmzUVYhh7m0r4tyzgtmxU0iubqo= +k8s.io/legacy-cloud-providers v0.30.1/go.mod h1:cYPg6vX/fH4lp6smtN/QKRWPuJPDRWqIp1JOVs674zc= +k8s.io/metrics v0.30.1 h1:PeA9cP0kxVtaC8Wkzp4sTkr7YSkd9R0UYP6cCHOOY1M= +k8s.io/metrics v0.30.1/go.mod h1:gVAhTTgfNKsn9D1kB7Nmb1T31relBuXzzGUE7klyOkM= +k8s.io/mount-utils v0.30.1 h1:4HEFqo2bzRjCHHXRu7yQh6tvpMnplwWaqhuU7oE3710= +k8s.io/mount-utils v0.30.1/go.mod h1:9sCVmwGLcV1MPvbZ+rToMDnl1QcGozy+jBPd0MsQLIo= +k8s.io/pod-security-admission v0.30.1 h1:r2NQSNXfnZDnm6KvLv1sYgai1ZXuO+m0qn11/Xymkf8= +k8s.io/pod-security-admission v0.30.1/go.mod h1:O5iry5U8N0CvtfI5kfe0CZ0Ct/KYj057j6Pa+QIwp24= +k8s.io/sample-apiserver v0.30.1 h1:oUPnEPi/XJ26PfG+sUxULi9t8ik5EIK3sUNzJsBqGXY= +k8s.io/sample-apiserver v0.30.1/go.mod h1:HBtzC3xcoaI65G/TQWyQ6S6Vi3wFpJpg+iOfTuR0x48= +k8s.io/sample-controller v0.30.1 h1:X5MElr3bSf6Fe5k483EyM8RkeEdPEqheMU8rkjS1wYc= +k8s.io/sample-controller v0.30.1/go.mod h1:AagDyBDgEb7nXTFJXyWDDz/XPWmtq+ly02EPMpHicPQ= k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= From e0aa566287fb0353871fce0a85f79edcc51582e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=A5=96=E5=BB=BA?= Date: Thu, 16 May 2024 13:33:11 +0800 Subject: [PATCH 24/57] do not use exec for start scripts with trap quit EXIT (#4025) Signed-off-by: zhangzujian --- charts/kube-ovn/templates/central-deploy.yaml | 2 +- charts/kube-ovn/templates/ic-controller-deploy.yaml | 2 +- charts/kube-ovn/templates/monitor-deploy.yaml | 2 +- charts/kube-ovn/templates/ovncni-ds.yaml | 4 +++- charts/kube-ovn/templates/ovsovn-ds.yaml | 2 +- charts/kube-ovn/templates/pinger-ds.yaml | 3 ++- dist/images/install-ic-server.sh | 2 +- dist/images/install.sh | 12 +++++++----- dist/images/start-cniserver.sh | 2 +- dist/images/start-db.sh | 2 +- dist/images/start-ic-db.sh | 4 ++-- dist/images/start-ovs.sh | 2 +- 12 files changed, 22 insertions(+), 17 deletions(-) diff --git a/charts/kube-ovn/templates/central-deploy.yaml b/charts/kube-ovn/templates/central-deploy.yaml index f51f30aee52b..0f4044b49af9 100644 --- a/charts/kube-ovn/templates/central-deploy.yaml +++ b/charts/kube-ovn/templates/central-deploy.yaml @@ -44,7 +44,7 @@ spec: - name: ovn-central image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} - args: + command: - /kube-ovn/start-db.sh securityContext: capabilities: diff --git a/charts/kube-ovn/templates/ic-controller-deploy.yaml b/charts/kube-ovn/templates/ic-controller-deploy.yaml index 08e6308a04f9..0d0f225fb1d9 100644 --- a/charts/kube-ovn/templates/ic-controller-deploy.yaml +++ b/charts/kube-ovn/templates/ic-controller-deploy.yaml @@ -45,8 +45,8 @@ spec: - name: ovn-ic-controller image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} + command: ["/kube-ovn/start-ic-controller.sh"] args: - - /kube-ovn/start-ic-controller.sh - --log_file=/var/log/kube-ovn/kube-ovn-ic-controller.log - --log_file_max_size=0 - --logtostderr=false diff --git a/charts/kube-ovn/templates/monitor-deploy.yaml b/charts/kube-ovn/templates/monitor-deploy.yaml index 8a570e5dc5cb..b938ebfedd52 100644 --- a/charts/kube-ovn/templates/monitor-deploy.yaml +++ b/charts/kube-ovn/templates/monitor-deploy.yaml @@ -42,8 +42,8 @@ spec: - name: kube-ovn-monitor image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} + command: ["/kube-ovn/start-ovn-monitor.sh"] args: - - /kube-ovn/start-ovn-monitor.sh - --log_file=/var/log/kube-ovn/kube-ovn-monitor.log - --logtostderr=false - --alsologtostderr=true diff --git a/charts/kube-ovn/templates/ovncni-ds.yaml b/charts/kube-ovn/templates/ovncni-ds.yaml index d3d14edce197..1dfedf1a8bbb 100644 --- a/charts/kube-ovn/templates/ovncni-ds.yaml +++ b/charts/kube-ovn/templates/ovncni-ds.yaml @@ -47,8 +47,10 @@ spec: - name: cni-server image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} - args: + command: + - bash - /kube-ovn/start-cniserver.sh + args: - --enable-mirror={{- .Values.debug.ENABLE_MIRROR }} - --mirror-iface={{- .Values.debug.MIRROR_IFACE }} - --node-switch={{ .Values.networking.NODE_SUBNET }} diff --git a/charts/kube-ovn/templates/ovsovn-ds.yaml b/charts/kube-ovn/templates/ovsovn-ds.yaml index 92c600d726e5..72a5eb40e22f 100644 --- a/charts/kube-ovn/templates/ovsovn-ds.yaml +++ b/charts/kube-ovn/templates/ovsovn-ds.yaml @@ -47,7 +47,7 @@ spec: {{- if .Values.DPDK }} command: ["/kube-ovn/start-ovs-dpdk.sh"] {{- else }} - args: + command: {{- if .Values.DISABLE_MODULES_MANAGEMENT }} - /bin/sh - -ec diff --git a/charts/kube-ovn/templates/pinger-ds.yaml b/charts/kube-ovn/templates/pinger-ds.yaml index f59dccc12cb0..f54b276ad115 100644 --- a/charts/kube-ovn/templates/pinger-ds.yaml +++ b/charts/kube-ovn/templates/pinger-ds.yaml @@ -32,8 +32,9 @@ spec: containers: - name: pinger image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} - args: + command: - /kube-ovn/kube-ovn-pinger + args: - --external-address= {{- if eq .Values.networking.NET_STACK "dual_stack" -}} {{ .Values.dual_stack.PINGER_EXTERNAL_ADDRESS }} diff --git a/dist/images/install-ic-server.sh b/dist/images/install-ic-server.sh index 46096cad484c..7358efe59bda 100755 --- a/dist/images/install-ic-server.sh +++ b/dist/images/install-ic-server.sh @@ -57,7 +57,7 @@ spec: - name: ovn-ic-server image: "$REGISTRY/kube-ovn:$VERSION" imagePullPolicy: $IMAGE_PULL_POLICY - args: ["/kube-ovn/start-ic-db.sh"] + command: ["/kube-ovn/start-ic-db.sh"] securityContext: capabilities: add: ["SYS_NICE"] diff --git a/dist/images/install.sh b/dist/images/install.sh index 598e8b2cad0f..09f8f7b5c41e 100755 --- a/dist/images/install.sh +++ b/dist/images/install.sh @@ -3308,7 +3308,7 @@ spec: - name: ovn-central image: "$REGISTRY/kube-ovn:$VERSION" imagePullPolicy: $IMAGE_PULL_POLICY - args: + command: - /kube-ovn/start-db.sh securityContext: capabilities: @@ -3632,7 +3632,7 @@ spec: - name: openvswitch image: "$REGISTRY/kube-ovn:$VERSION" imagePullPolicy: $IMAGE_PULL_POLICY - args: + command: - /kube-ovn/start-ovs.sh securityContext: runAsUser: 0 @@ -4160,8 +4160,10 @@ spec: - name: cni-server image: "$REGISTRY/kube-ovn:$VERSION" imagePullPolicy: $IMAGE_PULL_POLICY - args: + command: + - bash - /kube-ovn/start-cniserver.sh + args: - --enable-mirror=$ENABLE_MIRROR - --enable-arp-detect-ip-conflict=$ENABLE_ARP_DETECT_IP_CONFLICT - --encap-checksum=true @@ -4459,8 +4461,8 @@ spec: - name: kube-ovn-monitor image: "$REGISTRY/kube-ovn:$VERSION" imagePullPolicy: $IMAGE_PULL_POLICY + command: ["/kube-ovn/start-ovn-monitor.sh"] args: - - /kube-ovn/start-ovn-monitor.sh - --log_file=/var/log/kube-ovn/kube-ovn-monitor.log - --logtostderr=false - --alsologtostderr=true @@ -4669,8 +4671,8 @@ spec: - name: ovn-ic-controller image: "$REGISTRY/kube-ovn:$VERSION" imagePullPolicy: $IMAGE_PULL_POLICY + command: ["/kube-ovn/start-ic-controller.sh"] args: - - /kube-ovn/start-ic-controller.sh - --log_file=/var/log/kube-ovn/kube-ovn-ic-controller.log - --log_file_max_size=0 - --logtostderr=false diff --git a/dist/images/start-cniserver.sh b/dist/images/start-cniserver.sh index 47af66a0d629..1054bf9963b7 100755 --- a/dist/images/start-cniserver.sh +++ b/dist/images/start-cniserver.sh @@ -60,4 +60,4 @@ set_sysctl net.ipv4.neigh.default.gc_thresh3 "$gc_thresh3" set_sysctl net.ipv4.ip_no_pmtu_disc "$SYSCTL_IPV4_IP_NO_PMTU_DISC" set_sysctl net.netfilter.nf_conntrack_tcp_be_liberal "$SYSCTL_NF_CONNTRACK_TCP_BE_LIBERAL" -exec ./kube-ovn-daemon --ovs-socket=${OVS_SOCK} --bind-socket=${CNI_SOCK} "$@" +./kube-ovn-daemon --ovs-socket=${OVS_SOCK} --bind-socket=${CNI_SOCK} "$@" diff --git a/dist/images/start-db.sh b/dist/images/start-db.sh index 9fa2fc805db3..b4b59fa654fa 100755 --- a/dist/images/start-db.sh +++ b/dist/images/start-db.sh @@ -526,4 +526,4 @@ ovs-appctl -t /var/run/ovn/ovnnb_db.ctl ovsdb-server/memory-trim-on-compaction o ovs-appctl -t /var/run/ovn/ovnsb_db.ctl ovsdb-server/memory-trim-on-compaction on chmod 600 /etc/ovn/* -exec /kube-ovn/kube-ovn-leader-checker --probeInterval=${OVN_LEADER_PROBE_INTERVAL} --enableCompact=${ENABLE_COMPACT} +/kube-ovn/kube-ovn-leader-checker --probeInterval=${OVN_LEADER_PROBE_INTERVAL} --enableCompact=${ENABLE_COMPACT} diff --git a/dist/images/start-ic-db.sh b/dist/images/start-ic-db.sh index ca7931c5b7a7..2c9b4d937a0a 100755 --- a/dist/images/start-ic-db.sh +++ b/dist/images/start-ic-db.sh @@ -213,7 +213,7 @@ fi if [[ $ENABLE_OVN_LEADER_CHECK == "true" ]]; then chmod 600 /etc/ovn/* - exec /kube-ovn/kube-ovn-leader-checker --probeInterval=${OVN_LEADER_PROBE_INTERVAL} --isICDBServer=true + /kube-ovn/kube-ovn-leader-checker --probeInterval=${OVN_LEADER_PROBE_INTERVAL} --isICDBServer=true else # Compatible with controller deployment methods before kube-ovn 1.11.16 TS_NAME=${TS_NAME:-ts} @@ -227,6 +227,6 @@ else fi ovn-ic-nbctl --may-exist ts-add "$TS_NAME" ovn-ic-nbctl set Transit_Switch ts external_ids:subnet="$TS_CIDR" - exec tail --follow=name --retry /var/log/ovn/ovsdb-server-ic-nb.log + tail --follow=name --retry /var/log/ovn/ovsdb-server-ic-nb.log fi diff --git a/dist/images/start-ovs.sh b/dist/images/start-ovs.sh index 4d3c99237c20..5e4b18643918 100755 --- a/dist/images/start-ovs.sh +++ b/dist/images/start-ovs.sh @@ -158,4 +158,4 @@ else fi chmod 600 /etc/openvswitch/* -exec tail --follow=name --retry /var/log/ovn/ovn-controller.log +tail --follow=name --retry /var/log/ovn/ovn-controller.log From 4995dcc05d9123378f1c7555c6350a8ea819e751 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=A5=96=E5=BB=BA?= Date: Thu, 16 May 2024 13:33:18 +0800 Subject: [PATCH 25/57] cleanup.sh: remove sa/clusterrole/clusterrolebinding (#4024) Signed-off-by: zhangzujian --- dist/images/cleanup.sh | 73 +++++++++++++++++++++--------------------- 1 file changed, 37 insertions(+), 36 deletions(-) diff --git a/dist/images/cleanup.sh b/dist/images/cleanup.sh index 7a50c0638bf2..94102914fa54 100644 --- a/dist/images/cleanup.sh +++ b/dist/images/cleanup.sh @@ -2,10 +2,10 @@ set -eux export PS4='+ $(date "+%Y-%m-%d %H:%M:%S")\011 ' -kubectl delete --ignore-not-found ds kube-ovn-pinger -n kube-system +kubectl delete --ignore-not-found -n kube-system ds kube-ovn-pinger # ensure kube-ovn-pinger has been deleted while :; do - if [ $(kubectl get pod --no-headers -n kube-system -l app=kube-ovn-pinger | wc -l) -eq 0 ]; then + if [ $(kubectl get pod -n kube-system -l app=kube-ovn-pinger -o name | wc -l) -eq 0 ]; then break fi sleep 1 @@ -85,20 +85,20 @@ for pn in $(kubectl get provider-network -o name); do done # Delete Kube-OVN components -kubectl delete --ignore-not-found deploy kube-ovn-monitor -n kube-system -kubectl delete --ignore-not-found cm ovn-config ovn-ic-config ovn-external-gw-config -n kube-system -kubectl delete --ignore-not-found svc kube-ovn-pinger kube-ovn-controller kube-ovn-cni kube-ovn-monitor -n kube-system -kubectl delete --ignore-not-found deploy kube-ovn-controller -n kube-system -kubectl delete --ignore-not-found deploy ovn-ic-controller -n kube-system -kubectl delete --ignore-not-found deploy ovn-ic-server -n kube-system +kubectl delete --ignore-not-found -n kube-system deploy kube-ovn-monitor +kubectl delete --ignore-not-found -n kube-system cm ovn-config ovn-ic-config ovn-external-gw-config +kubectl delete --ignore-not-found -n kube-system svc kube-ovn-pinger kube-ovn-controller kube-ovn-cni kube-ovn-monitor +kubectl delete --ignore-not-found -n kube-system deploy kube-ovn-controller +kubectl delete --ignore-not-found -n kube-system deploy ovn-ic-controller +kubectl delete --ignore-not-found -n kube-system deploy ovn-ic-server # wait for provier-networks to be deleted before deleting kube-ovn-cni sleep 5 -kubectl delete --ignore-not-found ds kube-ovn-cni -n kube-system +kubectl delete --ignore-not-found -n kube-system ds kube-ovn-cni # ensure kube-ovn-cni has been deleted while :; do - if [ $(kubectl get pod --no-headers -n kube-system -l app=kube-ovn-cni | wc -l) -eq 0 ]; then + if [ $(kubectl get pod -n kube-system -l app=kube-ovn-cni -o name | wc -l) -eq 0 ]; then break fi sleep 1 @@ -113,9 +113,9 @@ kubectl delete --ignore-not-found deploy ovn-central -n kube-system kubectl delete --ignore-not-found ds ovs-ovn -n kube-system kubectl delete --ignore-not-found ds ovs-ovn-dpdk -n kube-system kubectl delete --ignore-not-found secret kube-ovn-tls -n kube-system -kubectl delete --ignore-not-found sa ovn -n kube-system -kubectl delete --ignore-not-found clusterrole system:ovn -kubectl delete --ignore-not-found clusterrolebinding ovn +kubectl delete --ignore-not-found sa ovn ovn-ovs kube-ovn-cni kube-ovn-app -n kube-system +kubectl delete --ignore-not-found clusterrole system:ovn system:ovn-ovs system:kube-ovn-cni system:kube-ovn-app +kubectl delete --ignore-not-found clusterrolebinding ovn ovn ovn-ovs kube-ovn-cni kube-ovn-app # delete vpc-dns content kubectl delete --ignore-not-found cm vpc-dns-config -n kube-system @@ -154,17 +154,17 @@ kubectl delete --ignore-not-found crd ips.kubeovn.io set -e # Remove annotations/labels in namespaces and nodes -kubectl annotate no --all ovn.kubernetes.io/cidr- -kubectl annotate no --all ovn.kubernetes.io/gateway- -kubectl annotate no --all ovn.kubernetes.io/ip_address- -kubectl annotate no --all ovn.kubernetes.io/logical_switch- -kubectl annotate no --all ovn.kubernetes.io/mac_address- -kubectl annotate no --all ovn.kubernetes.io/port_name- -kubectl annotate no --all ovn.kubernetes.io/allocated- -kubectl annotate no --all ovn.kubernetes.io/chassis- +kubectl annotate node --all ovn.kubernetes.io/cidr- +kubectl annotate node --all ovn.kubernetes.io/gateway- +kubectl annotate node --all ovn.kubernetes.io/ip_address- +kubectl annotate node --all ovn.kubernetes.io/logical_switch- +kubectl annotate node --all ovn.kubernetes.io/mac_address- +kubectl annotate node --all ovn.kubernetes.io/port_name- +kubectl annotate node --all ovn.kubernetes.io/allocated- +kubectl annotate node --all ovn.kubernetes.io/chassis- kubectl label node --all kube-ovn/role- -kubectl get no -o name | while read node; do +kubectl get node -o name | while read node; do kubectl get "$node" -o 'go-template={{ range $k, $v := .metadata.labels }}{{ $k }}{{"\n"}}{{ end }}' | while read label; do if echo "$label" | grep -qE '^(.+\.provider-network\.kubernetes\.io/(ready|mtu|interface|exclude))$'; then kubectl label "$node" "$label-" @@ -183,23 +183,24 @@ kubectl annotate ns --all ovn.kubernetes.io/allocated- # ensure kube-ovn components have been deleted while :; do sleep 1 - if [ $(kubectl get pod --no-headers -n kube-system -l component=network | wc -l) -eq 0 ]; then + if [ $(kubectl get pod -n kube-system -l component=network -o name | wc -l) -eq 0 ]; then break fi + kubectl -n kube-system get pod -l component=network -o wide done # Remove annotations in all pods of all namespaces -for ns in $(kubectl get ns -o name |cut -c 11-); do - echo "annotating pods in ns:$ns" - kubectl annotate pod --all ovn.kubernetes.io/cidr- -n "$ns" - kubectl annotate pod --all ovn.kubernetes.io/gateway- -n "$ns" - kubectl annotate pod --all ovn.kubernetes.io/ip_address- -n "$ns" - kubectl annotate pod --all ovn.kubernetes.io/logical_switch- -n "$ns" - kubectl annotate pod --all ovn.kubernetes.io/mac_address- -n "$ns" - kubectl annotate pod --all ovn.kubernetes.io/port_name- -n "$ns" - kubectl annotate pod --all ovn.kubernetes.io/allocated- -n "$ns" - kubectl annotate pod --all ovn.kubernetes.io/routed- -n "$ns" - kubectl annotate pod --all ovn.kubernetes.io/vlan_id- -n "$ns" - kubectl annotate pod --all ovn.kubernetes.io/network_type- -n "$ns" - kubectl annotate pod --all ovn.kubernetes.io/provider_network- -n "$ns" +for ns in $(kubectl get ns -o name | awk -F/ '{print $2}'); do + echo "annotating pods in namespace $ns" + kubectl annotate pod --all -n $ns ovn.kubernetes.io/cidr- + kubectl annotate pod --all -n $ns ovn.kubernetes.io/gateway- + kubectl annotate pod --all -n $ns ovn.kubernetes.io/ip_address- + kubectl annotate pod --all -n $ns ovn.kubernetes.io/logical_switch- + kubectl annotate pod --all -n $ns ovn.kubernetes.io/mac_address- + kubectl annotate pod --all -n $ns ovn.kubernetes.io/port_name- + kubectl annotate pod --all -n $ns ovn.kubernetes.io/allocated- + kubectl annotate pod --all -n $ns ovn.kubernetes.io/routed- + kubectl annotate pod --all -n $ns ovn.kubernetes.io/vlan_id- + kubectl annotate pod --all -n $ns ovn.kubernetes.io/network_type- + kubectl annotate pod --all -n $ns ovn.kubernetes.io/provider_network- done From ef3cef03058610caf393a3d4f774ec0e0f04ff66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=A5=96=E5=BB=BA?= Date: Thu, 16 May 2024 16:43:44 +0800 Subject: [PATCH 26/57] uninstall.sh: delete OVN-POSTROUTING rule in mangle table (#4034) Signed-off-by: zhangzujian --- dist/images/uninstall.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dist/images/uninstall.sh b/dist/images/uninstall.sh index 35ef23a7abad..ac04c9c52eff 100644 --- a/dist/images/uninstall.sh +++ b/dist/images/uninstall.sh @@ -24,6 +24,7 @@ iptables -t filter -D FORWARD -m set --match-set ovn40services src -j ACCEPT iptables -t filter -D OUTPUT -p udp -m udp --dport 6081 -j MARK --set-xmark 0x0 iptables -t filter -D OUTPUT -p tcp -m mark ! --mark 0x4000/0x4000 -m set --match-set ovn40services dst -m conntrack --ctstate NEW -j REJECT iptables -t mangle -D PREROUTING -m comment --comment "kube-ovn prerouting rules" -j OVN-PREROUTING +iptables -t mangle -D POSTROUTING -m comment --comment "kube-ovn postrouting rules" -j OVN-POSTROUTING iptables -t mangle -D OUTPUT -m comment --comment "kube-ovn output rules" -j OVN-OUTPUT iptables -t mangle -F OVN-PREROUTING iptables -t mangle -X OVN-PREROUTING @@ -64,6 +65,7 @@ ip6tables -t filter -D FORWARD -m set --match-set ovn60services src -j ACCEPT ip6tables -t filter -D OUTPUT -p udp -m udp --dport 6081 -j MARK --set-xmark 0x0 ip6tables -t filter -D OUTPUT -p tcp -m mark ! --mark 0x4000/0x4000 -m set --match-set ovn60services dst -m conntrack --ctstate NEW -j REJECT ip6tables -t mangle -D PREROUTING -m comment --comment "kube-ovn prerouting rules" -j OVN-PREROUTING +ip6tables -t mangle -D POSTROUTING -m comment --comment "kube-ovn postrouting rules" -j OVN-POSTROUTING ip6tables -t mangle -D OUTPUT -m comment --comment "kube-ovn output rules" -j OVN-OUTPUT ip6tables -t mangle -F OVN-PREROUTING ip6tables -t mangle -X OVN-PREROUTING From 87c007413dc17d6bd7af2568090b9b37d968eaad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 16 May 2024 16:14:00 +0000 Subject: [PATCH 27/57] build(deps): bump github.com/docker/docker (#4037) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 26.1.2+incompatible to 26.1.3+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v26.1.2...v26.1.3) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 988570ace6fb..bfa8d7ab1939 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/cnf/structhash v0.0.0-20201127153200-e1b16c1ebc08 github.com/containernetworking/cni v1.2.0 github.com/containernetworking/plugins v1.4.1 - github.com/docker/docker v26.1.2+incompatible + github.com/docker/docker v26.1.3+incompatible github.com/emicklei/go-restful/v3 v3.12.0 github.com/evanphx/json-patch/v5 v5.9.0 github.com/go-logr/stdr v1.2.2 diff --git a/go.sum b/go.sum index 157e852409e3..8bedb8fab581 100644 --- a/go.sum +++ b/go.sum @@ -727,8 +727,8 @@ github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 h1:fAjc9m62+UWV/WA github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0= github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/docker/docker v26.1.2+incompatible h1:UVX5ZOrrfTGZZYEP+ZDq3Xn9PdHNXaSYMFPDumMqG2k= -github.com/docker/docker v26.1.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v26.1.3+incompatible h1:lLCzRbrVZrljpVNobJu1J2FHk8V0s4BawoZippkc+xo= +github.com/docker/docker v26.1.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= From a0c2a4344b8f211c502dc1e1c161d94bb778a51b Mon Sep 17 00:00:00 2001 From: bobz965 Date: Fri, 17 May 2024 09:58:26 +0800 Subject: [PATCH 28/57] log deleting iptables rule (#4031) Signed-off-by: bobz965 --- pkg/daemon/gateway_linux.go | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/pkg/daemon/gateway_linux.go b/pkg/daemon/gateway_linux.go index 3803fa34f871..2ed8c556f83b 100644 --- a/pkg/daemon/gateway_linux.go +++ b/pkg/daemon/gateway_linux.go @@ -1093,15 +1093,20 @@ func (c *Controller) generateNatOutgoingPolicyChainRules(protocol string) ([]uti } func deleteIptablesRule(ipt *iptables.IPTables, rule util.IPTableRule) error { - klog.V(3).Infof("delete iptables rule: %v", rule) if rule.Pos != "" { + klog.Infof("delete iptables rule by pos %s: %v", rule.Pos, rule) if err := ipt.Delete(rule.Table, rule.Chain, rule.Pos); err != nil { klog.Errorf("failed to delete iptables %s rule %q: %v", rule.Chain, strings.Join(rule.Rule, " "), err) return err } return nil } - if err := ipt.DeleteIfExists(rule.Table, rule.Chain, rule.Rule...); err != nil { + exists, err := ipt.Exists(rule.Table, rule.Chain, rule.Rule...) + if err == nil && exists { + klog.Infof("delete iptables rule: %v", rule) + err = ipt.Delete(rule.Table, rule.Chain, rule.Rule...) + } + if err != nil { klog.Errorf("failed to delete iptables rule %q: %v", strings.Join(rule.Rule, " "), err) return err } From e907ec51e249a799dfe144177019671e1b69cb76 Mon Sep 17 00:00:00 2001 From: bobz965 Date: Mon, 20 May 2024 10:24:33 +0800 Subject: [PATCH 29/57] add pure arm64 build target (#4044) Signed-off-by: bobz965 --- Makefile | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 345e223429c6..92784e0db108 100644 --- a/Makefile +++ b/Makefile @@ -149,6 +149,10 @@ base-arm64: image-kube-ovn: image-kube-ovn-debug build-go docker buildx build --platform linux/amd64 -t $(REGISTRY)/kube-ovn:$(RELEASE_TAG) --build-arg VERSION=$(RELEASE_TAG) -o type=docker -f dist/images/Dockerfile dist/images/ +.PHONY: image-kube-ovn-arm64 +image-kube-ovn-arm64: build-go-arm + docker buildx build --platform linux/arm64 -t $(REGISTRY)/kube-ovn:$(RELEASE_TAG) --build-arg VERSION=$(RELEASE_TAG) -o type=docker -f dist/images/Dockerfile dist/images/ + .PHONY: image-kube-ovn-debug image-kube-ovn-debug: @DEBUG=1 $(MAKE) build-go @@ -170,8 +174,7 @@ image-test: build-go release: lint image-kube-ovn image-vpc-nat-gateway .PHONY: release-arm -release-arm: release-arm-debug build-go-arm - docker buildx build --platform linux/arm64 -t $(REGISTRY)/kube-ovn:$(RELEASE_TAG) --build-arg VERSION=$(RELEASE_TAG) -o type=docker -f dist/images/Dockerfile dist/images/ +release-arm: release-arm-debug image-kube-ovn-arm64 docker buildx build --platform linux/arm64 -t $(REGISTRY)/vpc-nat-gateway:$(RELEASE_TAG) -o type=docker -f dist/images/vpcnatgateway/Dockerfile dist/images/vpcnatgateway .PHONY: release-arm-debug From 96cd668e8d425ee6b54e97c430fcab748a455358 Mon Sep 17 00:00:00 2001 From: Zhao Congqi <1229896069@qq.com> Date: Mon, 20 May 2024 14:48:25 +0800 Subject: [PATCH 30/57] fix: add route for underlay subnet which enables u2o and disables LB (#4039) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * add route for underlay subnet which enables u2o and disables load balancer --------- Signed-off-by: zcq98 Co-authored-by: 张祖建 --- pkg/daemon/controller_linux.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkg/daemon/controller_linux.go b/pkg/daemon/controller_linux.go index a33bbe2a9eb3..07014d1122d7 100644 --- a/pkg/daemon/controller_linux.go +++ b/pkg/daemon/controller_linux.go @@ -199,7 +199,9 @@ func (c *Controller) reconcileRouters(event *subnetEvent) error { joinCIDR := make([]string, 0, 2) cidrs := make([]string, 0, len(subnets)*2) for _, subnet := range subnets { - if (subnet.Spec.Vlan != "" && !subnet.Spec.LogicalGateway) || subnet.Spec.Vpc != c.config.ClusterRouter || !subnet.Status.IsReady() { + if !subnet.Status.IsReady() || + subnet.Spec.Vpc != c.config.ClusterRouter || + (subnet.Spec.Vlan != "" && !subnet.Spec.LogicalGateway && (!subnet.Spec.U2OInterconnection || (subnet.Spec.EnableLb != nil && *subnet.Spec.EnableLb))) { continue } From bb46f5713fbcd66fa16fe772d8d2df775b7ff3b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=A5=96=E5=BB=BA?= Date: Mon, 20 May 2024 16:01:29 +0800 Subject: [PATCH 31/57] wait for all pods to be deleted before deleting serviceaccount/clusterrole/clusterrolebinding (#4035) Signed-off-by: zhangzujian --- dist/images/cleanup.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/dist/images/cleanup.sh b/dist/images/cleanup.sh index 94102914fa54..c10d9bdeabf9 100644 --- a/dist/images/cleanup.sh +++ b/dist/images/cleanup.sh @@ -113,9 +113,6 @@ kubectl delete --ignore-not-found deploy ovn-central -n kube-system kubectl delete --ignore-not-found ds ovs-ovn -n kube-system kubectl delete --ignore-not-found ds ovs-ovn-dpdk -n kube-system kubectl delete --ignore-not-found secret kube-ovn-tls -n kube-system -kubectl delete --ignore-not-found sa ovn ovn-ovs kube-ovn-cni kube-ovn-app -n kube-system -kubectl delete --ignore-not-found clusterrole system:ovn system:ovn-ovs system:kube-ovn-cni system:kube-ovn-app -kubectl delete --ignore-not-found clusterrolebinding ovn ovn ovn-ovs kube-ovn-cni kube-ovn-app # delete vpc-dns content kubectl delete --ignore-not-found cm vpc-dns-config -n kube-system @@ -189,6 +186,11 @@ while :; do kubectl -n kube-system get pod -l component=network -o wide done +# wait for all pods to be deleted before deleting serviceaccount/clusterrole/clusterrolebinding +kubectl delete --ignore-not-found sa ovn ovn-ovs kube-ovn-cni kube-ovn-app -n kube-system +kubectl delete --ignore-not-found clusterrole system:ovn system:ovn-ovs system:kube-ovn-cni system:kube-ovn-app +kubectl delete --ignore-not-found clusterrolebinding ovn ovn ovn-ovs kube-ovn-cni kube-ovn-app + # Remove annotations in all pods of all namespaces for ns in $(kubectl get ns -o name | awk -F/ '{print $2}'); do echo "annotating pods in namespace $ns" From 94ce0acc5f536abe995efd47b8d6d4b6f7064c2c Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 20 May 2024 18:26:22 +0800 Subject: [PATCH 32/57] docs: updated CHANGELOG.md (#4050) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: oilbeater <1189736+oilbeater@users.noreply.github.com> --- CHANGELOG.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f9fb9f4e3c26..b573d60926ca 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,26 @@ # Changelog +## v1.12.16 (2024-05-20) + + * [dff82c4f](https://github.com/kubeovn/kube-ovn/commit/dff82c4f3c1d94cc7fbc874541a98b5bb5cead22) release v1.12.16 + * [3957427d](https://github.com/kubeovn/kube-ovn/commit/3957427d71e12599766b85bc40c604ca55bc95fa) wait for all pods to be deleted before deleting serviceaccount/clusterrole/clusterrolebinding (#4035) + * [b7727988](https://github.com/kubeovn/kube-ovn/commit/b77279882098824528991f9acce04a8032b16be5) uninstall.sh: delete OVN-POSTROUTING rule in mangle table (#4034) + * [3cb62914](https://github.com/kubeovn/kube-ovn/commit/3cb629146b49b2c50e34ea5705fd3e65a55bf095) cleanup.sh: remove sa/clusterrole/clusterrolebinding (#4024) + * [70d33bef](https://github.com/kubeovn/kube-ovn/commit/70d33bef63532ee8ea1d4a6c31e54fcffe9ea3ce) do not use exec for start scripts with trap quit EXIT (#4025) + * [93e31377](https://github.com/kubeovn/kube-ovn/commit/93e313774c7163d95c0a65511c29308fd37b2dd4) bump k8s to 1.27.14 (#4029) + * [85009d5e](https://github.com/kubeovn/kube-ovn/commit/85009d5e3da2e7aa4d3c0d5682253800bdc7298d) fix node annotations not updated when initializing the default provider-network (#4030) + * [4de2e094](https://github.com/kubeovn/kube-ovn/commit/4de2e09447eaaefc1e627eaadd47dfbf32d89029) fix container args (#4020) + * [2e700adc](https://github.com/kubeovn/kube-ovn/commit/2e700adc02d6f1e4d0819e943921df9b6763290e) fix lsp not updated correctly when logical switch is changed (#4015) + * [edee1e54](https://github.com/kubeovn/kube-ovn/commit/edee1e5446a20032d32441a836f14af2951cc838) base: set entrypoint to dumb-init (#4018) + * [03834d80](https://github.com/kubeovn/kube-ovn/commit/03834d807b033d50eceae390dd41352b8e55ad54) fix: Resolved the hidden issue with zombie processes (#4004) + * [fcfc0995](https://github.com/kubeovn/kube-ovn/commit/fcfc0995180c49c19b3b084391200241c008b721) simplify file reading (#4010) + * [d8c8f8ac](https://github.com/kubeovn/kube-ovn/commit/d8c8f8ac5c98066c7dd3f52046085a13dc2c7b4a) prepare for next release + +### Contributors + + * fanriming + * 张祖建 + ## v1.12.15 (2024-05-13) * [ad084913](https://github.com/kubeovn/kube-ovn/commit/ad08491359768c16d4ec5a790db7a0875d3e86b7) release v1.12.15 From f98308791273f8dc2d0a798c8e01ed4f566f68f7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 21 May 2024 09:43:11 +0800 Subject: [PATCH 33/57] build(deps): bump github.com/containernetworking/plugins (#4055) Bumps [github.com/containernetworking/plugins](https://github.com/containernetworking/plugins) from 1.4.1 to 1.5.0. - [Release notes](https://github.com/containernetworking/plugins/releases) - [Commits](https://github.com/containernetworking/plugins/compare/v1.4.1...v1.5.0) --- updated-dependencies: - dependency-name: github.com/containernetworking/plugins dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index bfa8d7ab1939..23395b67102c 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/cenkalti/backoff/v4 v4.3.0 github.com/cnf/structhash v0.0.0-20201127153200-e1b16c1ebc08 github.com/containernetworking/cni v1.2.0 - github.com/containernetworking/plugins v1.4.1 + github.com/containernetworking/plugins v1.5.0 github.com/docker/docker v26.1.3+incompatible github.com/emicklei/go-restful/v3 v3.12.0 github.com/evanphx/json-patch/v5 v5.9.0 diff --git a/go.sum b/go.sum index 8bedb8fab581..efa8936f58da 100644 --- a/go.sum +++ b/go.sum @@ -707,8 +707,8 @@ github.com/containerd/typeurl v1.0.2 h1:Chlt8zIieDbzQFzXzAeBEF92KhExuE4p9p92/QmY github.com/containerd/typeurl v1.0.2/go.mod h1:9trJWW2sRlGub4wZJRTW83VtbOLS6hwcDZXTn6oPz9s= github.com/containernetworking/cni v1.2.0 h1:fEjhlfWwWAXEvlcMQu/i6z8DA0Kbu7EcmR5+zb6cm5I= github.com/containernetworking/cni v1.2.0/go.mod h1:/r+vA/7vrynNfbvSP9g8tIKEoy6win7sALJAw4ZiJks= -github.com/containernetworking/plugins v1.4.1 h1:+sJRRv8PKhLkXIl6tH1D7RMi+CbbHutDGU+ErLBORWA= -github.com/containernetworking/plugins v1.4.1/go.mod h1:n6FFGKcaY4o2o5msgu/UImtoC+fpQXM3076VHfHbj60= +github.com/containernetworking/plugins v1.5.0 h1:P09DMlfvvsLSskDoftnuwXY7lwa7IAhTGznZxA5E8fk= +github.com/containernetworking/plugins v1.5.0/go.mod h1:bcXMvG9gWGc6jVXeodmMzuXmXqpqMguZm6Zu/oIr7AA= github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4= github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= From d30c1e7be5af8b0b0fcba0ed86247d60868b501e Mon Sep 17 00:00:00 2001 From: bobz965 Date: Tue, 21 May 2024 13:36:37 +0800 Subject: [PATCH 34/57] add err log (#4046) Signed-off-by: bobz965 --- pkg/daemon/ovs_linux.go | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/pkg/daemon/ovs_linux.go b/pkg/daemon/ovs_linux.go index 65baadf6e26e..a089d4697fab 100644 --- a/pkg/daemon/ovs_linux.go +++ b/pkg/daemon/ovs_linux.go @@ -76,6 +76,7 @@ func (csh cniServerHandler) configureNic(podName, podNamespace, provider, netns, defer func() { if err != nil { if err := rollBackVethPair(hostNicName); err != nil { + klog.Errorf("failed to rollback veth pair %s, %v", hostNicName, err) return } } @@ -106,6 +107,7 @@ func (csh cniServerHandler) configureNic(podName, podNamespace, provider, netns, defer func() { if err != nil { if err := csh.rollbackOvsPort(hostNicName, containerNicName, nicType); err != nil { + klog.Errorf("failed to rollback ovs port %s, %v", hostNicName, err) return } } @@ -178,10 +180,16 @@ func (csh cniServerHandler) configureNic(podName, podNamespace, provider, netns, podNS, err := ns.GetNS(netns) if err != nil { - return nil, fmt.Errorf("failed to open netns %q: %v", netns, err) + err = fmt.Errorf("failed to open netns %q: %v", netns, err) + klog.Error(err) + return nil, err } finalRoutes, err := configureContainerNic(containerNicName, ifName, ip, gateway, isDefaultRoute, detectIPConflict, routes, macAddr, podNS, mtu, nicType, gwCheckMode, u2oInterconnectionIP) - return finalRoutes, err + if err != nil { + klog.Error(err) + return nil, err + } + return finalRoutes, nil } func (csh cniServerHandler) releaseVf(podName, podNamespace, podNetns, ifName, nicType, provider, deviceID string) error { @@ -1536,6 +1544,7 @@ func (csh cniServerHandler) configureNicWithInternalPort(podName, podNamespace, defer func() { if err != nil { if err := csh.rollbackOvsPort("", containerNicName, nicType); err != nil { + klog.Errorf("failed to rollback ovs port %s, %v", containerNicName, err) return } } @@ -1738,18 +1747,20 @@ func linkExists(name string) (bool, error) { func rollBackVethPair(nicName string) error { hostLink, err := netlink.LinkByName(nicName) if err != nil { - // If link already not exists, return quietly - // E.g. Internal port had been deleted by Remove ovs port previously + // if link already not exists, return quietly + // e.g. Internal port had been deleted by Remove ovs port previously if _, ok := err.(netlink.LinkNotFoundError); ok { return nil } + klog.Error(err) return fmt.Errorf("find host link %s failed %v", nicName, err) } hostLinkType := hostLink.Type() - // Sometimes no deviceID input for vf nic, avoid delete vf nic. + // sometimes no deviceID input for vf nic, avoid delete vf nic. if hostLinkType == "veth" { if err = netlink.LinkDel(hostLink); err != nil { + klog.Error(err) return fmt.Errorf("delete host link %s failed %v", hostLink, err) } } From bf1cb76cd9dc4e592b5513d3c14e1832a8c32c8d Mon Sep 17 00:00:00 2001 From: bobz965 Date: Tue, 21 May 2024 14:12:15 +0800 Subject: [PATCH 35/57] optimize code (#4049) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit until external_gw --------- Signed-off-by: bobz965 Co-authored-by: 张祖建 --- pkg/controller/client_go_adapter.go | 2 +- pkg/controller/config.go | 6 ++-- pkg/controller/controller.go | 24 ++++++------- pkg/controller/controller_test.go | 12 +++---- pkg/controller/endpoint.go | 45 ++++++++++++----------- pkg/controller/external_gw.go | 19 +++++----- pkg/controller/external_vpc.go | 56 ++++++++++++++--------------- pkg/controller/service.go | 4 +-- pkg/controller/subnet_test.go | 4 +-- pkg/ovs/ovn-nb_global.go | 29 ++++++++++----- 10 files changed, 105 insertions(+), 96 deletions(-) diff --git a/pkg/controller/client_go_adapter.go b/pkg/controller/client_go_adapter.go index 98d7066e533b..7211db793a87 100644 --- a/pkg/controller/client_go_adapter.go +++ b/pkg/controller/client_go_adapter.go @@ -30,7 +30,7 @@ import ( ) // this file contains setup logic to initialize the myriad of places -// that client-go registers metrics. We copy the names and formats +// that client-go registers metrics. we copy the names and formats // from Kubernetes so that we match the core controllers. var ( diff --git a/pkg/controller/config.go b/pkg/controller/config.go index 2cb6dd8a7053..7d0335c3fce7 100644 --- a/pkg/controller/config.go +++ b/pkg/controller/config.go @@ -108,7 +108,7 @@ func ParseFlags() (*Configuration, error) { var ( argOvnNbAddr = pflag.String("ovn-nb-addr", "", "ovn-nb address") argOvnSbAddr = pflag.String("ovn-sb-addr", "", "ovn-sb address") - argOvnTimeout = pflag.Int("ovn-timeout", 60, "") + argOvnTimeout = pflag.Int("ovn-timeout", 60, "The seconds to wait ovn command timeout") argCustCrdRetryMinDelay = pflag.Int("cust-crd-retry-min-delay", 1, "The min delay seconds between custom crd two retries") argCustCrdRetryMaxDelay = pflag.Int("cust-crd-retry-max-delay", 20, "The max delay seconds between custom crd two retries") argKubeConfigFile = pflag.String("kubeconfig", "", "Path to kubeconfig file with authorization and master location information. If not set use the inCluster token.") @@ -163,7 +163,7 @@ func ParseFlags() (*Configuration, error) { argExternalGatewaySwitch = pflag.String("external-gateway-switch", "external", "The name of the external gateway switch which is a ovs bridge to provide external network, default: external") argExternalGatewayNet = pflag.String("external-gateway-net", "external", "The name of the external network which mappings with an ovs bridge, default: external") argExternalGatewayVlanID = pflag.Int("external-gateway-vlanid", 0, "The vlanId of port ln-ovn-external, default: 0") - argNodeLocalDNSIP = pflag.String("node-local-dns-ip", "", "The node local dns ip , this feature is using the local dns cache in k8s") + argNodeLocalDNSIP = pflag.String("node-local-dns-ip", "", "The node local dns ip, this feature is using the local dns cache in k8s") argGCInterval = pflag.Int("gc-interval", 360, "The interval between GC processes, default 360 seconds") argInspectInterval = pflag.Int("inspect-interval", 20, "The interval between inspect processes, default 20 seconds") @@ -176,7 +176,7 @@ func ParseFlags() (*Configuration, error) { klogFlags := flag.NewFlagSet("klog", flag.ExitOnError) klog.InitFlags(klogFlags) - // Sync the glog and klog flags. + // sync the glog and klog flags. pflag.CommandLine.VisitAll(func(f1 *pflag.Flag) { f2 := klogFlags.Lookup(f1.Name) if f2 != nil { diff --git a/pkg/controller/controller.go b/pkg/controller/controller.go index d999d0fc7cab..5e66e303f7e5 100644 --- a/pkg/controller/controller.go +++ b/pkg/controller/controller.go @@ -208,10 +208,10 @@ type Controller struct { updateServiceQueue workqueue.RateLimitingInterface svcKeyMutex keymutex.KeyMutex - endpointsLister v1.EndpointsLister - endpointsSynced cache.InformerSynced - updateEndpointQueue workqueue.RateLimitingInterface - epKeyMutex keymutex.KeyMutex + endpointsLister v1.EndpointsLister + endpointsSynced cache.InformerSynced + addOrUpdateEndpointQueue workqueue.RateLimitingInterface + epKeyMutex keymutex.KeyMutex npsLister netv1.NetworkPolicyLister npsSynced cache.InformerSynced @@ -419,10 +419,10 @@ func Run(ctx context.Context, config *Configuration) { updateServiceQueue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "UpdateService"), svcKeyMutex: keymutex.NewHashed(numKeyLocks), - endpointsLister: endpointInformer.Lister(), - endpointsSynced: endpointInformer.Informer().HasSynced, - updateEndpointQueue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "UpdateEndpoint"), - epKeyMutex: keymutex.NewHashed(numKeyLocks), + endpointsLister: endpointInformer.Lister(), + endpointsSynced: endpointInformer.Informer().HasSynced, + addOrUpdateEndpointQueue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "UpdateEndpoint"), + epKeyMutex: keymutex.NewHashed(numKeyLocks), qosPoliciesLister: qosPolicyInformer.Lister(), qosPolicySynced: qosPolicyInformer.Informer().HasSynced, @@ -667,7 +667,7 @@ func Run(ctx context.Context, config *Configuration) { UpdateFunc: controller.enqueueUpdateOvnEip, DeleteFunc: controller.enqueueDelOvnEip, }); err != nil { - util.LogFatalAndExit(err, "failed to add eip event handler") + util.LogFatalAndExit(err, "failed to add ovn eip event handler") } if _, err = ovnFipInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ @@ -822,7 +822,7 @@ func (c *Controller) shutdown() { c.addServiceQueue.ShutDown() c.deleteServiceQueue.ShutDown() c.updateServiceQueue.ShutDown() - c.updateEndpointQueue.ShutDown() + c.addOrUpdateEndpointQueue.ShutDown() c.addVlanQueue.ShutDown() c.delVlanQueue.ShutDown() @@ -920,7 +920,7 @@ func (c *Controller) startWorkers(ctx context.Context) { go wait.Until(c.runUpdateVpcSnatWorker, time.Second, ctx.Done()) go wait.Until(c.runUpdateVpcSubnetWorker, time.Second, ctx.Done()) - // add default/join subnet and wait them ready + // add default and join subnet and wait them ready go wait.Until(c.runAddSubnetWorker, time.Second, ctx.Done()) go wait.Until(c.runAddIPPoolWorker, time.Second, ctx.Done()) go wait.Until(c.runAddVlanWorker, time.Second, ctx.Done()) @@ -932,7 +932,7 @@ func (c *Controller) startWorkers(ctx context.Context) { return c.allSubnetReady(subnets...) }) if err != nil { - klog.Fatalf("wait default/join subnet ready error: %v", err) + klog.Fatalf("wait default and join subnet ready, error: %v", err) } go wait.Until(c.runAddSgWorker, time.Second, ctx.Done()) diff --git a/pkg/controller/controller_test.go b/pkg/controller/controller_test.go index c012e0ffcd9e..22f21566d49e 100644 --- a/pkg/controller/controller_test.go +++ b/pkg/controller/controller_test.go @@ -19,13 +19,13 @@ import ( type fakeControllerInformers struct { vpcInformer kubeovninformer.VpcInformer - sbunetInformer kubeovninformer.SubnetInformer + subnetInformer kubeovninformer.SubnetInformer serviceInformer coreinformers.ServiceInformer } type fakeController struct { fakeController *Controller - fakeinformers *fakeControllerInformers + fakeInformers *fakeControllerInformers mockOvnClient *mockovs.MockNbClient } @@ -41,11 +41,11 @@ func newFakeController(t *testing.T) *fakeController { kubeovnClient := kubeovnfake.NewSimpleClientset() kubeovnInformerFactory := kubeovninformerfactory.NewSharedInformerFactory(kubeovnClient, 0) vpcInformer := kubeovnInformerFactory.Kubeovn().V1().Vpcs() - sbunetInformer := kubeovnInformerFactory.Kubeovn().V1().Subnets() + subnetInformer := kubeovnInformerFactory.Kubeovn().V1().Subnets() fakeInformers := &fakeControllerInformers{ vpcInformer: vpcInformer, - sbunetInformer: sbunetInformer, + subnetInformer: subnetInformer, serviceInformer: serviceInformer, } @@ -56,7 +56,7 @@ func newFakeController(t *testing.T) *fakeController { servicesLister: serviceInformer.Lister(), vpcsLister: vpcInformer.Lister(), vpcSynced: alwaysReady, - subnetsLister: sbunetInformer.Lister(), + subnetsLister: subnetInformer.Lister(), subnetSynced: alwaysReady, OVNNbClient: mockOvnClient, syncVirtualPortsQueue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), ""), @@ -64,7 +64,7 @@ func newFakeController(t *testing.T) *fakeController { return &fakeController{ fakeController: ctrl, - fakeinformers: fakeInformers, + fakeInformers: fakeInformers, mockOvnClient: mockOvnClient, } } diff --git a/pkg/controller/endpoint.go b/pkg/controller/endpoint.go index e1184a09fcb3..b1f354c9696a 100644 --- a/pkg/controller/endpoint.go +++ b/pkg/controller/endpoint.go @@ -28,7 +28,7 @@ func (c *Controller) enqueueAddEndpoint(obj interface{}) { return } klog.V(3).Infof("enqueue add endpoint %s", key) - c.updateEndpointQueue.Add(key) + c.addOrUpdateEndpointQueue.Add(key) } func (c *Controller) enqueueUpdateEndpoint(oldObj, newObj interface{}) { @@ -52,7 +52,7 @@ func (c *Controller) enqueueUpdateEndpoint(oldObj, newObj interface{}) { return } klog.V(3).Infof("enqueue update endpoint %s", key) - c.updateEndpointQueue.Add(key) + c.addOrUpdateEndpointQueue.Add(key) } func (c *Controller) runUpdateEndpointWorker() { @@ -61,14 +61,14 @@ func (c *Controller) runUpdateEndpointWorker() { } func (c *Controller) processNextUpdateEndpointWorkItem() bool { - obj, shutdown := c.updateEndpointQueue.Get() + obj, shutdown := c.addOrUpdateEndpointQueue.Get() if shutdown { return false } if err := func(obj interface{}) error { - defer c.updateEndpointQueue.Done(obj) + defer c.addOrUpdateEndpointQueue.Done(obj) var ( key string @@ -77,16 +77,16 @@ func (c *Controller) processNextUpdateEndpointWorkItem() bool { ) if key, ok = obj.(string); !ok { - c.updateEndpointQueue.Forget(obj) + c.addOrUpdateEndpointQueue.Forget(obj) utilruntime.HandleError(fmt.Errorf("expected string in workqueue but got %#v", obj)) return nil } if err = c.handleUpdateEndpoint(key); err != nil { - c.updateEndpointQueue.AddRateLimited(key) + c.addOrUpdateEndpointQueue.AddRateLimited(key) return fmt.Errorf("error syncing '%s': %s, requeuing", key, err.Error()) } - c.updateEndpointQueue.Forget(obj) + c.addOrUpdateEndpointQueue.Forget(obj) return nil }(obj); err != nil { utilruntime.HandleError(err) @@ -104,7 +104,7 @@ func (c *Controller) handleUpdateEndpoint(key string) error { c.epKeyMutex.LockKey(key) defer func() { _ = c.epKeyMutex.UnlockKey(key) }() - klog.Infof("update add/update endpoint %s/%s", namespace, name) + klog.Infof("handle update endpoint %s", key) ep, err := c.endpointsLister.Endpoints(namespace).Get(name) if err != nil { @@ -162,7 +162,7 @@ func (c *Controller) handleUpdateEndpoint(key string) error { ) if vpc, err = c.vpcsLister.Get(vpcName); err != nil { - klog.Errorf("failed to get vpc %s of lb, %v", vpcName, err) + klog.Errorf("failed to get vpc %s, %v", vpcName, err) return err } @@ -172,7 +172,7 @@ func (c *Controller) handleUpdateEndpoint(key string) error { } svc.Annotations[util.VpcAnnotation] = vpcName if _, err = c.config.KubeClient.CoreV1().Services(namespace).Update(context.Background(), svc, metav1.UpdateOptions{}); err != nil { - klog.Errorf("failed to update service %s/%s: %v", namespace, svc.Name, err) + klog.Errorf("failed to update service %s: %v", key, err) return err } } @@ -200,14 +200,12 @@ func (c *Controller) handleUpdateEndpoint(key string) error { backends []string ipPortMapping, externals map[string]string ) - vip = util.JoinHostPort(lbVip, port.Port) if !ignoreHealthCheck { if checkIP, err = c.getHealthCheckVip(subnetName, lbVip); err != nil { klog.Error(err) return err } - externals = map[string]string{ util.SwitchLBRuleSubnet: subnetName, } @@ -217,6 +215,7 @@ func (c *Controller) handleUpdateEndpoint(key string) error { // for performance reason delete lb with no backends if len(backends) != 0 { + vip = util.JoinHostPort(lbVip, port.Port) klog.Infof("add vip endpoint %s, backends %v to LB %s", vip, backends, lb) if err = c.OVNNbClient.LoadBalancerAddVip(lb, vip, backends...); err != nil { klog.Errorf("failed to add vip %s with backends %s to LB %s: %v", lbVip, backends, lb, err) @@ -257,7 +256,6 @@ func (c *Controller) getVpcSubnetName(pods []*v1.Pod, endpoints *v1.Endpoints, s if len(pod.Annotations) == 0 { continue } - if subnetName == "" { subnetName = pod.Annotations[util.LogicalSwitchAnnotation] } @@ -269,7 +267,6 @@ func (c *Controller) getVpcSubnetName(pods []*v1.Pod, endpoints *v1.Endpoints, s if vpcName == "" { vpcName = pod.Annotations[util.LogicalRouterAnnotation] } - if vpcName != "" { break LOOP } @@ -295,6 +292,8 @@ func (c *Controller) getVpcSubnetName(pods []*v1.Pod, endpoints *v1.Endpoints, s return vpcName, subnetName } +// getHealthCheckVip get health check vip for load balancer, the vip name is the subnet name +// the vip is used to check the health of the backend pod func (c *Controller) getHealthCheckVip(subnetName, lbVip string) (string, error) { var ( needCreateHealthCheckVip bool @@ -302,41 +301,41 @@ func (c *Controller) getHealthCheckVip(subnetName, lbVip string) (string, error) checkIP string err error ) - - checkVip, err = c.virtualIpsLister.Get(subnetName) + vipName := subnetName + checkVip, err = c.virtualIpsLister.Get(vipName) if err != nil { if errors.IsNotFound(err) { needCreateHealthCheckVip = true } else { - klog.Errorf("failed to get health check vip %s, %v", subnetName, err) + klog.Errorf("failed to get health check vip %s, %v", vipName, err) return "", err } } if needCreateHealthCheckVip { vip := &kubeovnv1.Vip{ ObjectMeta: metav1.ObjectMeta{ - Name: subnetName, + Name: vipName, }, Spec: kubeovnv1.VipSpec{ Subnet: subnetName, }, } if _, err = c.config.KubeOvnClient.KubeovnV1().Vips().Create(context.Background(), vip, metav1.CreateOptions{}); err != nil { - klog.Errorf("failed to create health check vip %s, %v", subnetName, err) + klog.Errorf("failed to create health check vip %s, %v", vipName, err) return "", err } // wait for vip created time.Sleep(1 * time.Second) - checkVip, err = c.virtualIpsLister.Get(subnetName) + checkVip, err = c.virtualIpsLister.Get(vipName) if err != nil { - klog.Errorf("failed to get health check vip %s, %v", subnetName, err) + klog.Errorf("failed to get health check vip %s, %v", vipName, err) return "", err } } if checkVip.Status.V4ip == "" && checkVip.Status.V6ip == "" { - err = fmt.Errorf("failed to get health check vip %s address", subnetName) + err = fmt.Errorf("vip %s is not ready", vipName) klog.Error(err) return "", err } @@ -348,7 +347,7 @@ func (c *Controller) getHealthCheckVip(subnetName, lbVip string) (string, error) checkIP = checkVip.Status.V6ip } if checkIP == "" { - err = fmt.Errorf("failed to get health check vip subnet %s", subnetName) + err = fmt.Errorf("failed to get health check vip subnet %s", vipName) klog.Error(err) return "", err } diff --git a/pkg/controller/external_gw.go b/pkg/controller/external_gw.go index 123feeb33b9d..c17f4d9e03ed 100644 --- a/pkg/controller/external_gw.go +++ b/pkg/controller/external_gw.go @@ -98,7 +98,7 @@ func (c *Controller) removeExternalGateway() error { raw, _ := json.Marshal(no.Labels) patchPayload := fmt.Sprintf(patchPayloadTemplate, op, raw) if _, err = c.config.KubeClient.CoreV1().Nodes().Patch(context.Background(), no.Name, types.JSONPatchType, []byte(patchPayload), metav1.PatchOptions{}, ""); err != nil { - klog.Errorf("patch external gw node %s failed %v", no.Name, err) + klog.Errorf("failed to patch external gw node %s, %v", no.Name, err) return err } } @@ -124,7 +124,8 @@ func (c *Controller) removeExternalGateway() error { return err } } else { - klog.Infof("should keep provider network vlan underlay external gateway switch %s", c.config.ExternalGatewaySwitch) + // provider network, underlay vlan control the external gateway switch + klog.Infof("should keep provider network underlay vlan external gateway switch %s", c.config.ExternalGatewaySwitch) lrpName := fmt.Sprintf("%s-%s", c.config.ClusterRouter, c.config.ExternalGatewaySwitch) klog.Infof("delete logical router port %s", lrpName) if err := c.OVNNbClient.DeleteLogicalRouterPort(lrpName); err != nil { @@ -165,7 +166,7 @@ func (c *Controller) establishExternalGateway(config map[string]string) error { } if err := c.OVNNbClient.CreateGatewayLogicalSwitch(c.config.ExternalGatewaySwitch, c.config.ClusterRouter, c.config.ExternalGatewayNet, lrpIP, lrpMac, c.config.ExternalGatewayVlanID, chassises...); err != nil { - klog.Errorf("create external gateway switch %s: %v", c.config.ExternalGatewaySwitch, err) + klog.Errorf("failed to create external gateway switch %s: %v", c.config.ExternalGatewaySwitch, err) return err } @@ -193,7 +194,7 @@ func (c *Controller) createDefaultVpcLrpEip() (string, string, error) { v4ip = cachedEip.Status.V4Ip mac = cachedEip.Status.MacAddress if v4ip == "" || mac == "" { - err = fmt.Errorf("lrp '%s' ip or mac should not be empty", lrpEipName) + err = fmt.Errorf("lrp %q ip or mac should not be empty", lrpEipName) klog.Error(err) return "", "", err } @@ -205,7 +206,7 @@ func (c *Controller) createDefaultVpcLrpEip() (string, string, error) { return "", "", err } if err := c.createOrUpdateOvnEipCR(lrpEipName, c.config.ExternalGatewaySwitch, v4ip, v6ip, mac, util.OvnEipTypeLRP); err != nil { - klog.Errorf("failed to create ovn eip cr for lrp %s, %v", lrpEipName, err) + klog.Errorf("failed to create ovn lrp eip %s, %v", lrpEipName, err) return "", "", err } } @@ -262,7 +263,7 @@ func (c *Controller) getGatewayChassis(config map[string]string) ([]string, erro raw, _ := json.Marshal(node.Labels) patchPayload := fmt.Sprintf(patchPayloadTemplate, op, raw) if _, err = c.config.KubeClient.CoreV1().Nodes().Patch(context.Background(), gw, types.JSONPatchType, []byte(patchPayload), metav1.PatchOptions{}, ""); err != nil { - klog.Errorf("patch external gw node %s failed %v", gw, err) + klog.Errorf("failed to patch external gw node %s, %v", gw, err) return nil, err } } @@ -281,7 +282,7 @@ func (c *Controller) getGatewayChassis(config map[string]string) ([]string, erro chassises = append(chassises, chassis.Name) } if len(chassises) == 0 { - err := fmt.Errorf("no available external gw") + err := fmt.Errorf("no available external gw chassis") klog.Error(err) return nil, err } @@ -298,8 +299,8 @@ func (c *Controller) updateDefaultVpcExternal(enableExternal bool) error { if vpc.Spec.EnableExternal != enableExternal { vpc.Spec.EnableExternal = enableExternal if _, err := c.config.KubeOvnClient.KubeovnV1().Vpcs().Update(context.Background(), vpc, metav1.UpdateOptions{}); err != nil { - errMsg := fmt.Errorf("failed to update vpc enable external %s, %v", vpc.Name, err) - klog.Error(errMsg) + err := fmt.Errorf("failed to update vpc enable external %s, %v", vpc.Name, err) + klog.Error(err) return err } } diff --git a/pkg/controller/external_vpc.go b/pkg/controller/external_vpc.go index ed2b88be7cfe..877d3cf08bb5 100644 --- a/pkg/controller/external_vpc.go +++ b/pkg/controller/external_vpc.go @@ -13,42 +13,40 @@ import ( "github.com/kubeovn/kube-ovn/pkg/util" ) +// syncExternalVpc syncs the non kubeovn created ovn vpc, such as neutron ovn vpc func (c *Controller) syncExternalVpc() { - logicalRouters, err := c.getRouterStatus() - klog.V(4).Infof("sync over with %s", logicalRouters) + logicalRouters, err := c.getNonKubeovnRouterStatus() if err != nil { - klog.Error("list lr failed", err) + klog.Error("failed to list ovn logical routers", err) return } + klog.V(3).Infof("sync external vpcs with ovn non kube-ovn created vpc") vpcs, err := c.vpcsLister.List(labels.SelectorFromSet(labels.Set{util.VpcExternalLabel: "true"})) if err != nil { klog.Errorf("failed to list vpc, %v", err) return } - vpcMaps := make(map[string]*v1.Vpc) - for _, vpc := range vpcs { - vpcMaps[vpc.Name] = vpc.DeepCopy() - } - for vpcName, vpc := range vpcMaps { - if _, ok := logicalRouters[vpcName]; ok { + for _, cachedVpc := range vpcs { + vpc := cachedVpc.DeepCopy() + if _, ok := logicalRouters[vpc.Name]; ok { + // update vpc status subnet list vpc.Status.Subnets = []string{} - for _, asw := range logicalRouters[vpcName].LogicalSwitches { - vpc.Status.Subnets = append(vpc.Status.Subnets, asw.Name) + for _, ls := range logicalRouters[vpc.Name].LogicalSwitches { + vpc.Status.Subnets = append(vpc.Status.Subnets, ls.Name) } _, err = c.config.KubeOvnClient.KubeovnV1().Vpcs().UpdateStatus(context.Background(), vpc, metav1.UpdateOptions{}) if err != nil { - klog.Errorf("update vpc %s status failed: %v", vpcName, err) + klog.Errorf("failed to update vpc %s status: %v", vpc.Name, err) continue } - delete(logicalRouters, vpcName) - klog.V(4).Infof("patch vpc %s", vpcName) + delete(logicalRouters, vpc.Name) } else { - err = c.config.KubeOvnClient.KubeovnV1().Vpcs().Delete(context.Background(), vpcName, metav1.DeleteOptions{}) + klog.Infof("external vpc %s has no ovn logical router, delete it", vpc.Name) + err = c.config.KubeOvnClient.KubeovnV1().Vpcs().Delete(context.Background(), vpc.Name, metav1.DeleteOptions{}) if err != nil { - klog.Errorf("delete vpc %s failed: %v", vpcName, err) + klog.Errorf("failed to delete vpc %s: %v", vpc.Name, err) continue } - klog.Infof("deleted vpc %s", vpcName) } } if len(logicalRouters) != 0 { @@ -59,7 +57,7 @@ func (c *Controller) syncExternalVpc() { vpc.Labels = map[string]string{util.VpcExternalLabel: "true"} vpc, err = c.config.KubeOvnClient.KubeovnV1().Vpcs().Create(context.Background(), vpc, metav1.CreateOptions{}) if err != nil { - klog.Errorf("init vpc %s failed %v", routerName, err) + klog.Errorf("failed init external vpc %s, %v", routerName, err) return } @@ -74,34 +72,34 @@ func (c *Controller) syncExternalVpc() { _, err = c.config.KubeOvnClient.KubeovnV1().Vpcs().UpdateStatus(context.Background(), vpc, metav1.UpdateOptions{}) if err != nil { - klog.Errorf("update vpc status failed %v", err) + klog.Errorf("failed to update vpc %s status, %v", routerName, err) return } - klog.V(4).Infof("add vpc %s", routerName) + klog.V(4).Infof("added external vpc %s", routerName) } } } -func (c *Controller) getRouterStatus() (logicalRouters map[string]util.LogicalRouter, err error) { +func (c *Controller) getNonKubeovnRouterStatus() (logicalRouters map[string]util.LogicalRouter, err error) { logicalRouters = make(map[string]util.LogicalRouter) - externalOvnRouters, err := c.OVNNbClient.ListLogicalRouter(false, func(lr *ovnnb.LogicalRouter) bool { + nonKubeovnRouters, err := c.OVNNbClient.ListLogicalRouter(false, func(lr *ovnnb.LogicalRouter) bool { return len(lr.ExternalIDs) == 0 || lr.ExternalIDs["vendor"] != util.CniTypeName }) if err != nil { - klog.Errorf("failed to list external logical router, %v", err) + klog.Errorf("failed to list non kubeovn logical router, %v", err) return logicalRouters, err } - if len(externalOvnRouters) == 0 { - klog.V(4).Info("sync over, no external vpc") + if len(nonKubeovnRouters) == 0 { + klog.V(4).Info("no non kubeovn logical router") return logicalRouters, nil } - for _, externalLR := range externalOvnRouters { + for _, router := range nonKubeovnRouters { lr := util.LogicalRouter{ - Name: externalLR.Name, - Ports: make([]util.Port, 0, len(externalLR.Ports)), + Name: router.Name, + Ports: make([]util.Port, 0, len(router.Ports)), } - for _, uuid := range externalLR.Ports { + for _, uuid := range router.Ports { lrp, err := c.OVNNbClient.GetLogicalRouterPortByUUID(uuid) if err != nil { klog.Warningf("failed to get LRP by UUID %s: %v", uuid, err) diff --git a/pkg/controller/service.go b/pkg/controller/service.go index 3c48dbc52b63..0d285c555be1 100644 --- a/pkg/controller/service.go +++ b/pkg/controller/service.go @@ -33,7 +33,7 @@ func (c *Controller) enqueueAddService(obj interface{}) { utilruntime.HandleError(err) return } - c.updateEndpointQueue.Add(key) + c.addOrUpdateEndpointQueue.Add(key) svc := obj.(*v1.Service) if c.config.EnableNP { @@ -435,7 +435,7 @@ func (c *Controller) handleUpdateService(key string) error { } if needUpdateEndpointQueue { - c.updateEndpointQueue.Add(key) + c.addOrUpdateEndpointQueue.Add(key) } return nil } diff --git a/pkg/controller/subnet_test.go b/pkg/controller/subnet_test.go index f6e2eefa1de0..d4e24901a5d0 100644 --- a/pkg/controller/subnet_test.go +++ b/pkg/controller/subnet_test.go @@ -90,7 +90,7 @@ func Test_syncVirtualPort(t *testing.T) { fakeController := newFakeController(t) ctrl := fakeController.fakeController - fakeinformers := fakeController.fakeinformers + fakeinformers := fakeController.fakeInformers mockOvnClient := fakeController.mockOvnClient lspNamePrefix := "sync-virt-lsp" @@ -105,7 +105,7 @@ func Test_syncVirtualPort(t *testing.T) { }, } - err := fakeinformers.sbunetInformer.Informer().GetStore().Add(subnet) + err := fakeinformers.subnetInformer.Informer().GetStore().Add(subnet) require.NoError(t, err) mockLsp := func(lsName, lspName, vips string) ovnnb.LogicalSwitchPort { diff --git a/pkg/ovs/ovn-nb_global.go b/pkg/ovs/ovn-nb_global.go index 74b8d1d0bc98..c7aae0beae34 100644 --- a/pkg/ovs/ovn-nb_global.go +++ b/pkg/ovs/ovn-nb_global.go @@ -14,7 +14,8 @@ import ( func (c *OVNNbClient) CreateNbGlobal(nbGlobal *ovnnb.NBGlobal) error { op, err := c.ovsDbClient.Create(nbGlobal) if err != nil { - return fmt.Errorf("generate operations for creating nb global: %v", err) + klog.Error(err) + return fmt.Errorf("failed to generate operations for creating nb global: %v", err) } return c.Transact("nb-global-create", op) @@ -48,7 +49,7 @@ func (c *OVNNbClient) GetNbGlobal() (*ovnnb.NBGlobal, error) { }).List(ctx, &nbGlobalList) if err != nil { klog.Error(err) - return nil, fmt.Errorf("list nbGlobal: %v", err) + return nil, fmt.Errorf("failed to list NB_Global: %v", err) } if len(nbGlobalList) == 0 { @@ -61,11 +62,13 @@ func (c *OVNNbClient) GetNbGlobal() (*ovnnb.NBGlobal, error) { func (c *OVNNbClient) UpdateNbGlobal(nbGlobal *ovnnb.NBGlobal, fields ...interface{}) error { op, err := c.Where(nbGlobal).Update(nbGlobal, fields...) if err != nil { - return fmt.Errorf("generate operations for updating nb global: %v", err) + klog.Error(err) + return fmt.Errorf("failed to generate operations for updating nb global: %v", err) } if err := c.Transact("nb-global-update", op); err != nil { - return fmt.Errorf("update nb global: %v", err) + klog.Error(err) + return fmt.Errorf("failed to update NB_Global: %v", err) } return nil @@ -74,7 +77,8 @@ func (c *OVNNbClient) UpdateNbGlobal(nbGlobal *ovnnb.NBGlobal, fields ...interfa func (c *OVNNbClient) SetAzName(azName string) error { nbGlobal, err := c.GetNbGlobal() if err != nil { - return fmt.Errorf("get nb global: %v", err) + klog.Error(err) + return fmt.Errorf("failed to get nb global: %v", err) } if azName == nbGlobal.Name { return nil // no need to update @@ -82,6 +86,7 @@ func (c *OVNNbClient) SetAzName(azName string) error { nbGlobal.Name = azName if err := c.UpdateNbGlobal(nbGlobal, &nbGlobal.Name); err != nil { + klog.Error(err) return fmt.Errorf("set nb_global az name %s: %v", azName, err) } @@ -91,6 +96,7 @@ func (c *OVNNbClient) SetAzName(azName string) error { func (c *OVNNbClient) SetNbGlobalOptions(key string, value interface{}) error { nbGlobal, err := c.GetNbGlobal() if err != nil { + klog.Error(err) return fmt.Errorf("failed to get nb global: %v", err) } @@ -105,6 +111,7 @@ func (c *OVNNbClient) SetNbGlobalOptions(key string, value interface{}) error { nbGlobal.Options[key] = v if err := c.UpdateNbGlobal(nbGlobal, &nbGlobal.Options); err != nil { + klog.Error(err) return fmt.Errorf("failed to set nb global option %s to %v: %v", key, value, err) } @@ -118,7 +125,8 @@ func (c *OVNNbClient) SetUseCtInvMatch() error { func (c *OVNNbClient) SetICAutoRoute(enable bool, blackList []string) error { nbGlobal, err := c.GetNbGlobal() if err != nil { - return fmt.Errorf("get nb global: %v", err) + klog.Error(err) + return fmt.Errorf("failed to get nb global: %v", err) } options := make(map[string]string, len(nbGlobal.Options)+3) @@ -141,7 +149,8 @@ func (c *OVNNbClient) SetICAutoRoute(enable bool, blackList []string) error { nbGlobal.Options = options if err := c.UpdateNbGlobal(nbGlobal, &nbGlobal.Options); err != nil { - return fmt.Errorf("enable ovn-ic auto route, %v", err) + klog.Error(err) + return fmt.Errorf("failed to enable ovn-ic auto route, %v", err) } return nil } @@ -165,7 +174,8 @@ func (c *OVNNbClient) SetNodeLocalDNSIP(nodeLocalDNSIP string) error { nbGlobal, err := c.GetNbGlobal() if err != nil { - return fmt.Errorf("get nb global: %v", err) + klog.Error(err) + return fmt.Errorf("failed to get nb global: %v", err) } options := make(map[string]string, len(nbGlobal.Options)) @@ -177,7 +187,8 @@ func (c *OVNNbClient) SetNodeLocalDNSIP(nodeLocalDNSIP string) error { nbGlobal.Options = options if err := c.UpdateNbGlobal(nbGlobal, &nbGlobal.Options); err != nil { - return fmt.Errorf("remove option node_local_dns_ip failed , %v", err) + klog.Error(err) + return fmt.Errorf("failed to remove NB_Global option node_local_dns_ip, %v", err) } return nil From f00ff138fab75c466555fc303ba95704de0ace4e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=A5=96=E5=BB=BA?= Date: Tue, 21 May 2024 14:30:19 +0800 Subject: [PATCH 36/57] crd: add subnet name pattern (#4054) Signed-off-by: zhangzujian --- charts/kube-ovn/templates/kube-ovn-crd.yaml | 6 ++++++ dist/images/install.sh | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/charts/kube-ovn/templates/kube-ovn-crd.yaml b/charts/kube-ovn/templates/kube-ovn-crd.yaml index c8c0b48fb85e..dd08755212cc 100644 --- a/charts/kube-ovn/templates/kube-ovn-crd.yaml +++ b/charts/kube-ovn/templates/kube-ovn-crd.yaml @@ -1944,6 +1944,12 @@ spec: openAPIV3Schema: type: object properties: + metadata: + type: object + properties: + name: + type: string + pattern: ^[^0-9] status: type: object properties: diff --git a/dist/images/install.sh b/dist/images/install.sh index 09f8f7b5c41e..fe2a71d658d7 100755 --- a/dist/images/install.sh +++ b/dist/images/install.sh @@ -2172,6 +2172,12 @@ spec: openAPIV3Schema: type: object properties: + metadata: + type: object + properties: + name: + type: string + pattern: ^[^0-9] status: type: object properties: From 72180104df098b90e4778da1bec44bd625f459b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=A5=96=E5=BB=BA?= Date: Tue, 21 May 2024 14:30:40 +0800 Subject: [PATCH 37/57] ci: build e2e binaries and free disk space on necessary (#4059) Signed-off-by: zhangzujian --- .github/workflows/build-x86-image.yaml | 77 ++++++++++++++++---------- 1 file changed, 47 insertions(+), 30 deletions(-) diff --git a/.github/workflows/build-x86-image.yaml b/.github/workflows/build-x86-image.yaml index e6ecd086a91f..35842ffeba4b 100644 --- a/.github/workflows/build-x86-image.yaml +++ b/.github/workflows/build-x86-image.yaml @@ -34,16 +34,6 @@ jobs: outputs: build-base: ${{ steps.check.outputs.build-base }} steps: - - uses: jlumbroso/free-disk-space@v1.3.1 - with: - android: true - dotnet: true - haskell: true - docker-images: false - large-packages: false - tool-cache: false - swap-storage: false - - uses: actions/checkout@v4 with: fetch-depth: 2 @@ -57,6 +47,17 @@ jobs: echo build-base=1 >> "$GITHUB_OUTPUT" fi + - uses: jlumbroso/free-disk-space@v1.3.1 + if: steps.check.outputs.build-base == 1 + with: + android: true + dotnet: true + haskell: true + docker-images: false + large-packages: false + tool-cache: false + swap-storage: false + - uses: docker/setup-buildx-action@v3 if: steps.check.outputs.build-base == 1 @@ -80,16 +81,6 @@ jobs: outputs: build-dpdk-base: ${{ steps.check.outputs.build-dpdk-base }} steps: - - uses: jlumbroso/free-disk-space@v1.3.1 - with: - android: true - dotnet: true - haskell: true - docker-images: false - large-packages: false - tool-cache: false - swap-storage: false - - uses: actions/checkout@v4 with: fetch-depth: 2 @@ -103,6 +94,17 @@ jobs: echo build-dpdk-base=1 >> "$GITHUB_OUTPUT" fi + - uses: jlumbroso/free-disk-space@v1.3.1 + if: steps.check.outputs.build-dpdk-base == 1 + with: + android: true + dotnet: true + haskell: true + docker-images: false + large-packages: false + tool-cache: false + swap-storage: false + - uses: docker/setup-buildx-action@v3 if: steps.check.outputs.build-dpdk-base == 1 @@ -263,16 +265,6 @@ jobs: runs-on: ubuntu-22.04 timeout-minutes: 15 steps: - - uses: jlumbroso/free-disk-space@v1.3.1 - with: - android: true - dotnet: true - haskell: true - docker-images: false - large-packages: false - tool-cache: false - swap-storage: false - - uses: actions/checkout@v4 - name: Create the default branch directory @@ -305,7 +297,30 @@ jobs: - name: Export Go full version run: echo "GO_FULL_VER=$(go env GOVERSION)" >> "$GITHUB_ENV" + - name: Lookup Go cache + id: lookup-go-cache + uses: actions/cache/restore@v4 + with: + path: | + ~/.cache/go-build + ~/go/pkg/mod + key: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86-${{ hashFiles(format('{0}/**/go.sum', env.E2E_DIR)) }} + restore-keys: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86- + lookup-only: true + + - uses: jlumbroso/free-disk-space@v1.3.1 + if: steps.lookup-go-cache.outputs.cache-hit != 'true' + with: + android: true + dotnet: true + haskell: true + docker-images: false + large-packages: false + tool-cache: false + swap-storage: false + - name: Go cache + if: steps.lookup-go-cache.outputs.cache-hit != 'true' uses: actions/cache@v4 with: path: | @@ -315,10 +330,12 @@ jobs: restore-keys: ${{ runner.os }}-e2e-${{ env.GO_FULL_VER }}-x86- - name: Install ginkgo + if: steps.lookup-go-cache.outputs.cache-hit != 'true' working-directory: ${{ env.E2E_DIR }} run: go install -v -mod=mod github.com/onsi/ginkgo/v2/ginkgo - run: make e2e-build + if: steps.lookup-go-cache.outputs.cache-hit != 'true' working-directory: ${{ env.E2E_DIR }} netpol-path-filter: From 1903bd8cef57a7b1cdea395ed43335b5a747fc8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=A5=96=E5=BB=BA?= Date: Wed, 22 May 2024 10:24:58 +0800 Subject: [PATCH 38/57] ci: fix scheduled e2e (#4057) Signed-off-by: zhangzujian --- .github/workflows/scheduled-e2e.yaml | 36 ++++++++++++++-------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/scheduled-e2e.yaml b/.github/workflows/scheduled-e2e.yaml index bbb26d4a72d5..5b61e1d6e52e 100644 --- a/.github/workflows/scheduled-e2e.yaml +++ b/.github/workflows/scheduled-e2e.yaml @@ -84,7 +84,7 @@ jobs: - name: Create kind cluster working-directory: test/e2e/k8s-network/branches/${{ matrix.branch }} run: | - sudo pip3 install jinjanator + sudo pip3 install jinjanator j2cli sudo PATH=~/.local/bin:$PATH make kind-init-${{ matrix.ip-family }} sudo cp -r /root/.kube/ ~/.kube/ sudo chown -R $(id -un). ~/.kube/ @@ -172,7 +172,7 @@ jobs: - name: Create kind cluster working-directory: test/e2e/k8s-network/branches/${{ matrix.branch }} run: | - sudo pip3 install jinjanator + sudo pip3 install jinjanator j2cli sudo PATH=~/.local/bin:$PATH make kind-init-${{ matrix.ip-family }} sudo cp -r /root/.kube/ ~/.kube/ sudo chown -R $(id -un). ~/.kube/ @@ -233,7 +233,7 @@ jobs: - name: Create kind cluster working-directory: test/e2e/k8s-network/branches/${{ matrix.branch }} run: | - sudo pip3 install jinjanator + sudo pip3 install jinjanator j2cli sudo PATH=~/.local/bin:$PATH make kind-init-${{ matrix.ip-family }} sudo cp -r /root/.kube/ ~/.kube/ sudo chown -R $(id -un). ~/.kube/ @@ -315,7 +315,7 @@ jobs: - name: Create kind cluster working-directory: test/e2e/kube-ovn/branches/${{ matrix.branch }} run: | - sudo pip3 install jinjanator + sudo pip3 install jinjanator j2cli sudo PATH=~/.local/bin:$PATH make kind-init-${{ matrix.ip-family }} sudo cp -r /root/.kube/ ~/.kube/ sudo chown -R $(id -un). ~/.kube/ @@ -393,7 +393,7 @@ jobs: - name: Create kind cluster working-directory: test/e2e/kube-ovn/branches/${{ matrix.branch }} run: | - sudo pip3 install jinjanator + sudo pip3 install jinjanator j2cli sudo PATH=~/.local/bin:$PATH make kind-init-ovn-ic sudo cp -r /root/.kube/ ~/.kube/ sudo chown -R $(id -un). ~/.kube/ @@ -447,7 +447,7 @@ jobs: - name: Create kind cluster working-directory: test/e2e/kube-ovn/branches/${{ matrix.branch }} run: | - sudo pip3 install jinjanator + sudo pip3 install jinjanator j2cli sudo PATH=~/.local/bin:$PATH make kind-init-dual sudo cp -r /root/.kube/ ~/.kube/ sudo chown -R $(id -un). ~/.kube/ @@ -500,7 +500,7 @@ jobs: - name: Create kind cluster working-directory: test/e2e/kube-ovn/branches/${{ matrix.branch }} run: | - sudo pip3 install jinjanator + sudo pip3 install jinjanator j2cli sudo PATH=~/.local/bin:$PATH make kind-init sudo cp -r /root/.kube/ ~/.kube/ sudo chown -R $(id -un). ~/.kube/ @@ -555,7 +555,7 @@ jobs: - name: Create kind cluster working-directory: test/e2e/kube-ovn/branches/${{ matrix.branch }} run: | - sudo pip3 install jinjanator + sudo pip3 install jinjanator j2cli sudo PATH=~/.local/bin:$PATH make kind-init sudo cp -r /root/.kube/ ~/.kube/ sudo chown -R $(id -un). ~/.kube/ @@ -634,7 +634,7 @@ jobs: - name: Create kind cluster working-directory: test/e2e/kube-ovn/branches/${{ matrix.branch }} run: | - sudo pip3 install jinjanator + sudo pip3 install jinjanator j2cli sudo PATH=~/.local/bin:$PATH make kind-init sudo cp -r /root/.kube/ ~/.kube/ sudo chown -R $(id -un). ~/.kube/ @@ -711,7 +711,7 @@ jobs: - name: Create kind cluster working-directory: test/e2e/kube-ovn/branches/${{ matrix.branch }} run: | - sudo pip3 install jinjanator + sudo pip3 install jinjanator j2cli sudo PATH=~/.local/bin:$PATH make kind-init sudo cp -r /root/.kube/ ~/.kube/ sudo chown -R $(id -un). ~/.kube/ @@ -786,7 +786,7 @@ jobs: - name: Create kind cluster working-directory: test/e2e/kube-ovn/branches/${{ matrix.branch }} run: | - sudo pip3 install jinjanator + sudo pip3 install jinjanator j2cli sudo PATH=~/.local/bin:$PATH make kind-init sudo cp -r /root/.kube/ ~/.kube/ sudo chown -R $(id -un). ~/.kube/ @@ -837,7 +837,7 @@ jobs: - name: Create kind cluster run: | - sudo pip3 install jinjanator + sudo pip3 install jinjanator j2cli sudo PATH=~/.local/bin:$PATH k8s_version=v1.23.13 make kind-init sudo cp -r /root/.kube/ ~/.kube/ sudo chown -R $(id -un). ~/.kube/ @@ -921,7 +921,7 @@ jobs: - name: Create kind cluster working-directory: test/e2e/kube-ovn/branches/${{ matrix.branch }} run: | - sudo pip3 install jinjanator + sudo pip3 install jinjanator j2cli sudo PATH=~/.local/bin:$PATH make kind-init-cilium-chaining || \ sudo PATH=~/.local/bin:$PATH make kind-init sudo cp -r /root/.kube/ ~/.kube/ @@ -1013,7 +1013,7 @@ jobs: - name: Create kind cluster working-directory: test/e2e/kube-ovn/branches/${{ matrix.branch }} run: | - sudo pip3 install jinjanator + sudo pip3 install jinjanator j2cli sudo PATH=~/.local/bin:$PATH make kind-init-ha-${{ matrix.ip-family }} sudo cp -r /root/.kube/ ~/.kube/ sudo chown -R $(id -un). ~/.kube/ @@ -1112,7 +1112,7 @@ jobs: - name: Create kind cluster run: | - sudo pip3 install jinjanator + sudo pip3 install jinjanator j2cli sudo PATH=~/.local/bin:$PATH make kind-init-ha sudo cp -r /root/.kube/ ~/.kube/ sudo chown -R $(id -un). ~/.kube/ @@ -1182,7 +1182,7 @@ jobs: - name: Create kind cluster working-directory: test/e2e/kube-ovn/branches/${{ matrix.branch }} run: | - sudo pip3 install jinjanator + sudo pip3 install jinjanator j2cli sudo PATH=~/.local/bin:$PATH make kind-init-ovn-submariner sudo cp -r /root/.kube/ ~/.kube/ sudo chown -R $(id -un). ~/.kube/ @@ -1258,7 +1258,7 @@ jobs: - name: Create kind cluster working-directory: test/e2e/kube-ovn/branches/${{ matrix.branch }} run: | - sudo pip3 install jinjanator + sudo pip3 install jinjanator j2cli sudo PATH=~/.local/bin:$PATH make kind-init sudo cp -r /root/.kube/ ~/.kube/ sudo chown -R $(id -un). ~/.kube/ @@ -1332,7 +1332,7 @@ jobs: - name: Create kind cluster working-directory: test/e2e/kube-ovn/branches/${{ matrix.branch }} run: | - sudo pip3 install jinjanator + sudo pip3 install jinjanator j2cli sudo PATH=~/.local/bin:$PATH make kind-init sudo cp -r /root/.kube/ ~/.kube/ sudo chown -R $(id -un). ~/.kube/ From 3a7ee3431627b8945c3067a240da2df39bcf672e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=A5=96=E5=BB=BA?= Date: Wed, 22 May 2024 10:25:12 +0800 Subject: [PATCH 39/57] bump ginkgo to v2.18.0 (#4062) Signed-off-by: zhangzujian --- Makefile.e2e | 2 +- go.mod | 38 ++++++++++++------------ go.sum | 83 ++++++++++++++++++++++++++-------------------------- 3 files changed, 62 insertions(+), 61 deletions(-) diff --git a/Makefile.e2e b/Makefile.e2e index a6acafaa0468..b80af84e1799 100644 --- a/Makefile.e2e +++ b/Makefile.e2e @@ -52,7 +52,7 @@ endif GINKGO_OUTPUT_OPT = GINKGO_PARALLEL_OPT = -p ifeq ($(shell echo $${CI:-false}),true) -GINKGO_OUTPUT_OPT = --github-output +GINKGO_OUTPUT_OPT = --github-output --silence-skips GINKGO_PARALLEL_OPT = --procs $$(($$(nproc) * $(GINKGO_PARALLEL_MULTIPLIER))) endif diff --git a/go.mod b/go.mod index 23395b67102c..33fd8f5c0095 100644 --- a/go.mod +++ b/go.mod @@ -23,7 +23,7 @@ require ( github.com/kubeovn/ovsdb v0.0.0-20240410091831-5dd26006c475 github.com/mdlayher/arp v0.0.0-20220512170110-6706a2966875 github.com/moby/sys/mountinfo v0.7.1 - github.com/onsi/ginkgo/v2 v2.17.3 + github.com/onsi/ginkgo/v2 v2.18.0 github.com/onsi/gomega v1.33.1 github.com/osrg/gobgp/v3 v3.26.0 github.com/ovn-org/libovsdb v0.0.0-20230711201130-6785b52d4020 @@ -82,7 +82,7 @@ require ( github.com/containerd/console v1.0.4 // indirect github.com/containerd/errdefs v0.1.0 // indirect github.com/containerd/log v0.1.0 // indirect - github.com/containerd/ttrpc v1.2.3 // indirect + github.com/containerd/ttrpc v1.2.4 // indirect github.com/coreos/go-semver v0.3.1 // indirect github.com/coreos/go-systemd/v22 v22.5.0 // indirect github.com/cyphar/filepath-securejoin v0.2.4 // indirect @@ -105,7 +105,7 @@ require ( github.com/go-kit/kit v0.13.0 // indirect github.com/go-kit/log v0.2.1 // indirect github.com/go-logfmt/logfmt v0.6.0 // indirect - github.com/go-logr/logr v1.4.1 // indirect + github.com/go-logr/logr v1.4.2 // indirect github.com/go-openapi/jsonpointer v0.21.0 // indirect github.com/go-openapi/jsonreference v0.21.0 // indirect github.com/go-openapi/swag v0.23.0 // indirect @@ -131,7 +131,7 @@ require ( github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect github.com/hashicorp/go-version v1.6.0 // indirect github.com/hashicorp/hcl v1.0.0 // indirect github.com/imdario/mergo v0.3.16 // indirect @@ -201,20 +201,20 @@ require ( github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect github.com/vishvananda/netns v0.0.4 // indirect github.com/xlab/treeprint v1.2.0 // indirect - go.etcd.io/etcd/api/v3 v3.5.12 // indirect - go.etcd.io/etcd/client/pkg/v3 v3.5.12 // indirect - go.etcd.io/etcd/client/v3 v3.5.12 // indirect + go.etcd.io/etcd/api/v3 v3.5.13 // indirect + go.etcd.io/etcd/client/pkg/v3 v3.5.13 // indirect + go.etcd.io/etcd/client/v3 v3.5.13 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful v0.51.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.51.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0 // indirect - go.opentelemetry.io/otel v1.26.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.26.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.26.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.26.0 // indirect - go.opentelemetry.io/otel/metric v1.26.0 // indirect - go.opentelemetry.io/otel/sdk v1.26.0 // indirect - go.opentelemetry.io/otel/trace v1.26.0 // indirect + go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful v0.52.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 // indirect + go.opentelemetry.io/otel v1.27.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.27.0 // indirect + go.opentelemetry.io/otel/metric v1.27.0 // indirect + go.opentelemetry.io/otel/sdk v1.27.0 // indirect + go.opentelemetry.io/otel/trace v1.27.0 // indirect go.opentelemetry.io/proto/otlp v1.2.0 // indirect go.starlark.net v0.0.0-20231121155337-90ade8b19d09 // indirect go.uber.org/multierr v1.11.0 // indirect @@ -230,8 +230,8 @@ require ( gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/api v0.172.0 // indirect google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240506185236-b8a5c65736ae // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240506185236-b8a5c65736ae // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240521202816-d264139d666e // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e // indirect gopkg.in/evanphx/json-patch.v5 v5.9.0 // indirect gopkg.in/gcfg.v1 v1.2.3 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/go.sum b/go.sum index efa8936f58da..4ba36080931e 100644 --- a/go.sum +++ b/go.sum @@ -701,8 +701,8 @@ github.com/containerd/errdefs v0.1.0 h1:m0wCRBiu1WJT/Fr+iOoQHMQS/eP5myQ8lCv4Dz5Z github.com/containerd/errdefs v0.1.0/go.mod h1:YgWiiHtLmSeBrvpw+UfPijzbLaB77mEG1WwJTDETIV0= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= -github.com/containerd/ttrpc v1.2.3 h1:4jlhbXIGvijRtNC8F/5CpuJZ7yKOBFGFOOXg1bkISz0= -github.com/containerd/ttrpc v1.2.3/go.mod h1:ieWsXucbb8Mj9PH0rXCw1i8IunRbbAiDkpXkbfflWBM= +github.com/containerd/ttrpc v1.2.4 h1:eQCQK4h9dxDmpOb9QOOMh2NHTfzroH1IkmHiKZi05Oo= +github.com/containerd/ttrpc v1.2.4/go.mod h1:ojvb8SJBSch0XkqNO0L0YX/5NxR3UnVk2LzFKBK0upc= github.com/containerd/typeurl v1.0.2 h1:Chlt8zIieDbzQFzXzAeBEF92KhExuE4p9p92/QmY7aY= github.com/containerd/typeurl v1.0.2/go.mod h1:9trJWW2sRlGub4wZJRTW83VtbOLS6hwcDZXTn6oPz9s= github.com/containernetworking/cni v1.2.0 h1:fEjhlfWwWAXEvlcMQu/i6z8DA0Kbu7EcmR5+zb6cm5I= @@ -820,8 +820,9 @@ github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbV github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= -github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= @@ -1014,8 +1015,8 @@ github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks= github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3/go.mod h1:o//XUCC/F+yRGJoPO/VU0GSB0f8Nhgmxx0VIRUvaC0w= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1 h1:/c3QmbOGMGTOumP2iT/rCwB7b0QDGLKzqOmktBjT+Is= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1/go.mod h1:5SN9VR2LTsRFsrEC6FHgRbTWrTHu6tqPeKxEQv15giM= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k= github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= @@ -1190,8 +1191,8 @@ github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7 github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o= github.com/onsi/ginkgo/v2 v2.13.2/go.mod h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM= github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM= -github.com/onsi/ginkgo/v2 v2.17.3 h1:oJcvKpIb7/8uLpDDtnQuf18xVnwKp8DTD7DQ6gTd/MU= -github.com/onsi/ginkgo/v2 v2.17.3/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= +github.com/onsi/ginkgo/v2 v2.18.0 h1:W9Y7IWXxPUpAit9ieMOLI7PJZGaW22DTKgiVAuhDTLc= +github.com/onsi/ginkgo/v2 v2.18.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= @@ -1282,8 +1283,8 @@ github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= -github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= -github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58/go.mod h1:6lfFZQK844Gfx8o5WFuvpxWRwnSoipWe/p622j1v06w= @@ -1370,14 +1371,14 @@ github.com/zeebo/assert v1.3.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA= go.etcd.io/bbolt v1.3.9 h1:8x7aARPEXiXbHmtUwAIv7eV2fQFHrLLavdiJ3uzJXoI= go.etcd.io/bbolt v1.3.9/go.mod h1:zaO32+Ti0PK1ivdPtgMESzuzL2VPoIG1PCQNvOdo/dE= -go.etcd.io/etcd/api/v3 v3.5.12 h1:W4sw5ZoU2Juc9gBWuLk5U6fHfNVyY1WC5g9uiXZio/c= -go.etcd.io/etcd/api/v3 v3.5.12/go.mod h1:Ot+o0SWSyT6uHhA56al1oCED0JImsRiU9Dc26+C2a+4= -go.etcd.io/etcd/client/pkg/v3 v3.5.12 h1:EYDL6pWwyOsylrQyLp2w+HkQ46ATiOvoEdMarindU2A= -go.etcd.io/etcd/client/pkg/v3 v3.5.12/go.mod h1:seTzl2d9APP8R5Y2hFL3NVlD6qC/dOT+3kvrqPyTas4= +go.etcd.io/etcd/api/v3 v3.5.13 h1:8WXU2/NBge6AUF1K1gOexB6e07NgsN1hXK0rSTtgSp4= +go.etcd.io/etcd/api/v3 v3.5.13/go.mod h1:gBqlqkcMMZMVTMm4NDZloEVJzxQOQIls8splbqBDa0c= +go.etcd.io/etcd/client/pkg/v3 v3.5.13 h1:RVZSAnWWWiI5IrYAXjQorajncORbS0zI48LQlE2kQWg= +go.etcd.io/etcd/client/pkg/v3 v3.5.13/go.mod h1:XxHT4u1qU12E2+po+UVPrEeL94Um6zL58ppuJWXSAB8= go.etcd.io/etcd/client/v2 v2.305.10 h1:MrmRktzv/XF8CvtQt+P6wLUlURaNpSDJHFZhe//2QE4= go.etcd.io/etcd/client/v2 v2.305.10/go.mod h1:m3CKZi69HzilhVqtPDcjhSGp+kA1OmbNn0qamH80xjA= -go.etcd.io/etcd/client/v3 v3.5.12 h1:v5lCPXn1pf1Uu3M4laUE2hp/geOTc5uPcYYsNe1lDxg= -go.etcd.io/etcd/client/v3 v3.5.12/go.mod h1:tSbBCakoWmmddL+BKVAJHa9km+O/E+bumDe9mSbPiqw= +go.etcd.io/etcd/client/v3 v3.5.13 h1:o0fHTNJLeO0MyVbc7I3fsCf6nrOqn5d+diSarKnB2js= +go.etcd.io/etcd/client/v3 v3.5.13/go.mod h1:cqiAeY8b5DEEcpxvgWKsbLIWNM/8Wy2xJSDMtioMcoI= go.etcd.io/etcd/pkg/v3 v3.5.10 h1:WPR8K0e9kWl1gAhB5A7gEa5ZBTNkT9NdNWrR8Qpo1CM= go.etcd.io/etcd/pkg/v3 v3.5.10/go.mod h1:TKTuCKKcF1zxmfKWDkfz5qqYaE3JncKKZPFf8c1nFUs= go.etcd.io/etcd/raft/v3 v3.5.10 h1:cgNAYe7xrsrn/5kXMSaH8kM/Ky8mAdMqGOxyYwpP0LA= @@ -1393,28 +1394,28 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful v0.51.0 h1:336y4DTtrJVqGe3iIIjj13norzlb9efZM+ziKgFd4dg= -go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful v0.51.0/go.mod h1:oWY3eYawDlFtAFh+c/PqIlzHcrgEEaRv558DBMWqad8= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.51.0 h1:A3SayB3rNyt+1S6qpI9mHPkeHTZbD7XILEqWnYZb2l0= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.51.0/go.mod h1:27iA5uvhuRNmalO+iEUdVn5ZMj2qy10Mm+XRIpRmyuU= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0 h1:Xs2Ncz0gNihqu9iosIZ5SkBbWo5T8JhhLJFMQL1qmLI= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0/go.mod h1:vy+2G/6NvVMpwGX/NyLqcC41fxepnuKHk16E6IZUcJc= -go.opentelemetry.io/contrib/propagators/b3 v1.26.0 h1:wgFbVA+bK2k+fGVfDOCOG4cfDAoppyr5sI2dVlh8MWM= -go.opentelemetry.io/contrib/propagators/b3 v1.26.0/go.mod h1:DDktFXxA+fyItAAM0Sbl5OBH7KOsCTjvbBdPKtoIf/k= -go.opentelemetry.io/otel v1.26.0 h1:LQwgL5s/1W7YiiRwxf03QGnWLb2HW4pLiAhaA5cZXBs= -go.opentelemetry.io/otel v1.26.0/go.mod h1:UmLkJHUAidDval2EICqBMbnAd0/m2vmpf/dAM+fvFs4= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.26.0 h1:1u/AyyOqAWzy+SkPxDpahCNZParHV8Vid1RnI2clyDE= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.26.0/go.mod h1:z46paqbJ9l7c9fIPCXTqTGwhQZ5XoTIsfeFYWboizjs= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.26.0 h1:Waw9Wfpo/IXzOI8bCB7DIk+0JZcqqsyn1JFnAc+iam8= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.26.0/go.mod h1:wnJIG4fOqyynOnnQF/eQb4/16VlX2EJAHhHgqIqWfAo= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.26.0 h1:1wp/gyxsuYtuE/JFxsQRtcCDtMrO2qMvlfXALU5wkzI= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.26.0/go.mod h1:gbTHmghkGgqxMomVQQMur1Nba4M0MQ8AYThXDUjsJ38= -go.opentelemetry.io/otel/metric v1.26.0 h1:7S39CLuY5Jgg9CrnA9HHiEjGMF/X2VHvoXGgSllRz30= -go.opentelemetry.io/otel/metric v1.26.0/go.mod h1:SY+rHOI4cEawI9a7N1A4nIg/nTQXe1ccCNWYOJUrpX4= -go.opentelemetry.io/otel/sdk v1.26.0 h1:Y7bumHf5tAiDlRYFmGqetNcLaVUZmh4iYfmGxtmz7F8= -go.opentelemetry.io/otel/sdk v1.26.0/go.mod h1:0p8MXpqLeJ0pzcszQQN4F0S5FVjBLgypeGSngLsmirs= -go.opentelemetry.io/otel/trace v1.26.0 h1:1ieeAUb4y0TE26jUFrCIXKpTuVK7uJGN9/Z/2LP5sQA= -go.opentelemetry.io/otel/trace v1.26.0/go.mod h1:4iDxvGDQuUkHve82hJJ8UqrwswHYsZuWCBllGV2U2y0= +go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful v0.52.0 h1:Lg4/aNChh+6whhYldqPpYcdng/jeLyQZn8cqWT2Q+Ts= +go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful v0.52.0/go.mod h1:IcSJTrfVeG9nWXqZdQRL1J1SdgS+PM2qf83+CQEvJkM= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 h1:vS1Ao/R55RNV4O7TA2Qopok8yN+X0LIP6RVWLFkprck= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0/go.mod h1:BMsdeOxN04K0L5FNUBfjFdvwWGNe/rkmSwH4Aelu/X0= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 h1:9l89oX4ba9kHbBol3Xin3leYJ+252h0zszDtBwyKe2A= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0/go.mod h1:XLZfZboOJWHNKUv7eH0inh0E9VV6eWDFB/9yJyTLPp0= +go.opentelemetry.io/contrib/propagators/b3 v1.27.0 h1:IjgxbomVrV9za6bRi8fWCNXENs0co37SZedQilP2hm0= +go.opentelemetry.io/contrib/propagators/b3 v1.27.0/go.mod h1:Dv9obQz25lCisDvvs4dy28UPh974CxkahRDUPsY7y9E= +go.opentelemetry.io/otel v1.27.0 h1:9BZoF3yMK/O1AafMiQTVu0YDj5Ea4hPhxCs7sGva+cg= +go.opentelemetry.io/otel v1.27.0/go.mod h1:DMpAK8fzYRzs+bi3rS5REupisuqTheUlSZJ1WnZaPAQ= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0 h1:R9DE4kQ4k+YtfLI2ULwX82VtNQ2J8yZmA7ZIF/D+7Mc= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0/go.mod h1:OQFyQVrDlbe+R7xrEyDr/2Wr67Ol0hRUgsfA+V5A95s= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 h1:qFffATk0X+HD+f1Z8lswGiOQYKHRlzfmdJm0wEaVrFA= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0/go.mod h1:MOiCmryaYtc+V0Ei+Tx9o5S1ZjA7kzLucuVuyzBZloQ= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.27.0 h1:QY7/0NeRPKlzusf40ZE4t1VlMKbqSNT7cJRYzWuja0s= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.27.0/go.mod h1:HVkSiDhTM9BoUJU8qE6j2eSWLLXvi1USXjyd2BXT8PY= +go.opentelemetry.io/otel/metric v1.27.0 h1:hvj3vdEKyeCi4YaYfNjv2NUje8FqKqUY8IlF0FxV/ik= +go.opentelemetry.io/otel/metric v1.27.0/go.mod h1:mVFgmRlhljgBiuk/MP/oKylr4hs85GZAylncepAX/ak= +go.opentelemetry.io/otel/sdk v1.27.0 h1:mlk+/Y1gLPLn84U4tI8d3GNJmGT/eXe3ZuOXN9kTWmI= +go.opentelemetry.io/otel/sdk v1.27.0/go.mod h1:Ha9vbLwJE6W86YstIywK2xFfPjbWlCuwPtMkKdz/Y4A= +go.opentelemetry.io/otel/trace v1.27.0 h1:IqYb813p7cmbHk0a5y6pD5JPakbVfftRXABGt5/Rscw= +go.opentelemetry.io/otel/trace v1.27.0/go.mod h1:6RiD1hkAprV4/q+yd2ln1HG9GoPx39SuvvstaLBl+l4= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.opentelemetry.io/proto/otlp v0.15.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= @@ -2120,15 +2121,15 @@ google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a/go. google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= google.golang.org/genproto/googleapis/api v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= -google.golang.org/genproto/googleapis/api v0.0.0-20240506185236-b8a5c65736ae h1:AH34z6WAGVNkllnKs5raNq3yRq93VnjBG6rpfub/jYk= -google.golang.org/genproto/googleapis/api v0.0.0-20240506185236-b8a5c65736ae/go.mod h1:FfiGhwUm6CJviekPrc0oJ+7h29e+DmWU6UtjX0ZvI7Y= +google.golang.org/genproto/googleapis/api v0.0.0-20240521202816-d264139d666e h1:SkdGTrROJl2jRGT/Fxv5QUf9jtdKCQh4KQJXbXVLAi0= +google.golang.org/genproto/googleapis/api v0.0.0-20240521202816-d264139d666e/go.mod h1:LweJcLbyVij6rCex8YunD8DYR5VDonap/jYl3ZRxcIU= google.golang.org/genproto/googleapis/bytestream v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:ylj+BE99M198VPbBh6A8d9n3w8fChvyLK3wwBOjXBFA= google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234015-3fc162c6f38a/go.mod h1:xURIpW9ES5+/GZhnV6beoEtxQrnkRGIfP5VQG2tCBLc= google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= google.golang.org/genproto/googleapis/rpc v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240506185236-b8a5c65736ae h1:c55+MER4zkBS14uJhSZMGGmya0yJx5iHV4x/fpOSNRk= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240506185236-b8a5c65736ae/go.mod h1:I7Y+G38R2bu5j1aLzfFmQfTcU/WnFuqDwLZAbvKTKpM= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e h1:Elxv5MwEkCI9f5SkoL6afed6NTdxaGoAo39eANBwHL8= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= From d76545b8d26280f8137c441cddec857c146740c7 Mon Sep 17 00:00:00 2001 From: bobz965 Date: Wed, 22 May 2024 10:34:03 +0800 Subject: [PATCH 40/57] fix: should update subnet status after change vm subnet (#4061) Signed-off-by: bobz965 --- pkg/controller/pod.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/controller/pod.go b/pkg/controller/pod.go index 7d0f1b0aa79c..b98dc5a2414f 100644 --- a/pkg/controller/pod.go +++ b/pkg/controller/pod.go @@ -561,6 +561,7 @@ func (c *Controller) changeVMSubnet(vmName, namespace, providerName, subnetName return err } } + c.updateSubnetStatusQueue.Add(ipCR.Spec.Subnet) // handleAddOrUpdatePod will create new lsp and new ip cr } return nil From 66f61445aeb0eb10a8e384d4a9d2f9eb4b2d510d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=A5=96=E5=BB=BA?= Date: Wed, 22 May 2024 14:49:16 +0800 Subject: [PATCH 41/57] e2e: skip SCTP connectivity tests for versions prior to 1.12 (#4065) Signed-off-by: zhangzujian --- Makefile.e2e | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile.e2e b/Makefile.e2e index b80af84e1799..798fd7fed1d8 100644 --- a/Makefile.e2e +++ b/Makefile.e2e @@ -21,6 +21,7 @@ VER_MAJOR = $(shell echo $(VERSION_NUM) | cut -f1 -d.) VER_MINOR = $(shell echo $(VERSION_NUM) | cut -f2 -d.) ifeq ($(shell test $(VER_MAJOR) -lt 1 -o \( $(VER_MAJOR) -eq 1 -a $(VER_MINOR) -lt 12 \) && echo true),true) K8S_CONFORMANCE_E2E_SKIP += "sig-network.*Services.*session affinity" +K8S_CONFORMANCE_E2E_SKIP += "sig-network.*Feature:SCTPConnectivity" else K8S_CONFORMANCE_E2E_FOCUS += "sig-network.*Networking.*Feature:SCTPConnectivity" endif From 08e3c56ead51540c440bf9383be4bb2e7cafba51 Mon Sep 17 00:00:00 2001 From: Oilbeater Date: Wed, 22 May 2024 18:29:42 +0800 Subject: [PATCH 42/57] support ctr to generate ssl certs (#4068) Signed-off-by: oilbeater --- dist/images/install.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/dist/images/install.sh b/dist/images/install.sh index fe2a71d658d7..2bcdef153940 100755 --- a/dist/images/install.sh +++ b/dist/images/install.sh @@ -192,7 +192,15 @@ if [[ $ENABLE_SSL = "true" ]];then echo "[Step 0/6] Generate SSL key and cert" exist=$(kubectl get secret -n kube-system kube-ovn-tls --ignore-not-found) if [[ $exist == "" ]];then - docker run --rm -v "$PWD":/etc/ovn $REGISTRY/kube-ovn:$VERSION bash generate-ssl.sh + if command -v docker &> /dev/null; then + docker run --rm -v "$PWD":/etc/ovn $REGISTRY/kube-ovn:$VERSION bash generate-ssl.sh + elif command -v ctr &> /dev/null; then + ctr image pull $REGISTRY/kube-ovn:$VERSION + ctr run --rm --mount type=bind,src="$PWD",dst=/etc/ovn,options=rbind:rw $REGISTRY/kube-ovn:$VERSION 0 bash generate-ssl.sh + else + echo "ERROR: No docker or ctr found" + exit 1 + fi kubectl create secret generic -n kube-system kube-ovn-tls --from-file=cacert=cacert.pem --from-file=cert=ovn-cert.pem --from-file=key=ovn-privkey.pem rm -rf cacert.pem ovn-cert.pem ovn-privkey.pem ovn-req.pem fi From 2a3cdbd361a1ecf1442d2659f1fd5abdff39c3cd Mon Sep 17 00:00:00 2001 From: Zhao Congqi Date: Thu, 23 May 2024 10:29:53 +0800 Subject: [PATCH 43/57] fix: gateway should not be network address and broadcast address (#4043) * fix: gateway should not be network address and broadcast address --------- Signed-off-by: zcq98 --- pkg/controller/pod.go | 2 +- pkg/util/validator.go | 12 +++++++++--- pkg/util/validator_test.go | 4 ++-- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/pkg/controller/pod.go b/pkg/controller/pod.go index b98dc5a2414f..96b3faa514c3 100644 --- a/pkg/controller/pod.go +++ b/pkg/controller/pod.go @@ -688,7 +688,7 @@ func (c *Controller) reconcileAllocateSubnets(cachedPod, pod *v1.Pod, needAlloca } } - if err := util.ValidatePodCidr(podNet.Subnet.Spec.CIDRBlock, ipStr); err != nil { + if err := util.ValidateNetworkBroadcast(podNet.Subnet.Spec.CIDRBlock, ipStr); err != nil { klog.Errorf("validate pod %s/%s failed: %v", namespace, name, err) c.recorder.Eventf(pod, v1.EventTypeWarning, "ValidatePodNetworkFailed", err.Error()) return nil, err diff --git a/pkg/util/validator.go b/pkg/util/validator.go index b55eef24e3de..438c2225da66 100644 --- a/pkg/util/validator.go +++ b/pkg/util/validator.go @@ -13,9 +13,15 @@ import ( ) func ValidateSubnet(subnet kubeovnv1.Subnet) error { - if subnet.Spec.Gateway != "" && !CIDRContainIP(subnet.Spec.CIDRBlock, subnet.Spec.Gateway) { - return fmt.Errorf(" gateway %s is not in cidr %s", subnet.Spec.Gateway, subnet.Spec.CIDRBlock) + if subnet.Spec.Gateway != "" { + if !CIDRContainIP(subnet.Spec.CIDRBlock, subnet.Spec.Gateway) { + return fmt.Errorf("gateway %s is not in cidr %s", subnet.Spec.Gateway, subnet.Spec.CIDRBlock) + } + if err := ValidateNetworkBroadcast(subnet.Spec.CIDRBlock, subnet.Spec.Gateway); err != nil { + return fmt.Errorf("validate gateway %s for cidr %s failed: %v", subnet.Spec.Gateway, subnet.Spec.CIDRBlock, err) + } } + if err := CIDRGlobalUnicast(subnet.Spec.CIDRBlock); err != nil { return err } @@ -274,7 +280,7 @@ func ValidatePodNetwork(annotations map[string]string) error { return utilerrors.NewAggregate(errors) } -func ValidatePodCidr(cidr, ip string) error { +func ValidateNetworkBroadcast(cidr, ip string) error { for _, cidrBlock := range strings.Split(cidr, ",") { for _, ipAddr := range strings.Split(ip, ",") { if CheckProtocol(cidrBlock) != CheckProtocol(ipAddr) { diff --git a/pkg/util/validator_test.go b/pkg/util/validator_test.go index 600b784c5750..67fd8bd484dd 100644 --- a/pkg/util/validator_test.go +++ b/pkg/util/validator_test.go @@ -622,7 +622,7 @@ func TestValidatePodNetwork(t *testing.T) { } } -func TestValidatePodCidr(t *testing.T) { +func TestValidateNetworkBroadcast(t *testing.T) { tests := []struct { name string cidr string @@ -656,7 +656,7 @@ func TestValidatePodCidr(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - ret := ValidatePodCidr(tt.cidr, tt.ip) + ret := ValidateNetworkBroadcast(tt.cidr, tt.ip) if !ErrorContains(ret, tt.err) { t.Errorf("got %v, want a error %v", ret, tt.err) } From e31784afa1c099aa2d665f1494fcbb0467a0a652 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 23 May 2024 10:47:37 +0800 Subject: [PATCH 44/57] docs: updated CHANGELOG.md (#4072) Signed-off-by: GitHub Co-authored-by: oilbeater --- CHANGELOG.md | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b573d60926ca..4cb20b533224 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1059,6 +1059,37 @@ * 张祖建 * 袁又袁 +## v1.11.17 (2024-05-23) + + * [c8e25835](https://github.com/kubeovn/kube-ovn/commit/c8e258357afa1ba523d7c45f8cc642c28c6bbf34) set release for 1.11.17 + * [ad3ddaf4](https://github.com/kubeovn/kube-ovn/commit/ad3ddaf4175ace47acd5c8e74dca58c2f7f0a796) fix node gc (#4040) + * [7bec212b](https://github.com/kubeovn/kube-ovn/commit/7bec212be89d7a8fe0ba4ed978ca27e6bc51e12b) fix: should update subnet status after change vm subnet (#4061) + * [e252ca7f](https://github.com/kubeovn/kube-ovn/commit/e252ca7f193e46baaf59c80ec8ffd51280f8346e) ci: build e2e binaries and free disk space on necessary (#4059) + * [497bc664](https://github.com/kubeovn/kube-ovn/commit/497bc66487e43fc4d86df1bfe699ec645e5dec3f) crd: add subnet name pattern (#4054) + * [3d0f073f](https://github.com/kubeovn/kube-ovn/commit/3d0f073f78e3c8b43084e3b3054116851f665b54) remove Makefile.e2e + * [5448eb88](https://github.com/kubeovn/kube-ovn/commit/5448eb885b607aeb808bca42ebe939abe3c8666f) bump k8s to 1.27.14 (#4029) + * [e7308654](https://github.com/kubeovn/kube-ovn/commit/e730865495dce2c66c0fed3899c42792cefd5745) fix node annotations not updated when initializing the default provider-network (#4030) + * [64accc67](https://github.com/kubeovn/kube-ovn/commit/64accc673677e2d9c8cc0c7238bddbde8ce3f191) bump gosec to 2.19.0 + * [ba353666](https://github.com/kubeovn/kube-ovn/commit/ba35366696be2bcb2fb2aaf182428e7e85ee72fc) fix: close file (#4007) + * [81870211](https://github.com/kubeovn/kube-ovn/commit/8187021175e1be2f9b180a9070654ebbee9a76b1) build(deps): bump actions/cache from 3 to 4 + * [04968067](https://github.com/kubeovn/kube-ovn/commit/04968067ae7cb514f44d745fa0bcdaa2f799cdcd) bump go to 1.22.3 (#3989) + * [43e664d2](https://github.com/kubeovn/kube-ovn/commit/43e664d283b1b934eef8acf43f578000c3307cd8) bump k8s to v1.27.13 (#3966) + * [621026cb](https://github.com/kubeovn/kube-ovn/commit/621026cbdf65ada02f8612e05741e37fe097edba) fix index out of range (#3958) + * [bfc03b93](https://github.com/kubeovn/kube-ovn/commit/bfc03b936d82c2cde4f57921a9310993983c0202) fix nil pointer dereference (#3951) + * [14553780](https://github.com/kubeovn/kube-ovn/commit/14553780a0b37fc67a71d6ddc7b781429a427230) cni-server: set sysctl variables only when the env variables are passed in (#3929) + * [cdd65b54](https://github.com/kubeovn/kube-ovn/commit/cdd65b54c015d40a3277c4973d1ade840a08002a) ovn: check whether db file is fixed (#3928) + * [da69a41a](https://github.com/kubeovn/kube-ovn/commit/da69a41aa724bd3bbf9087bcbd91f653adf2f3b8) 1.11 distinguish portSecurity with security group (#3863) + * [9c45f462](https://github.com/kubeovn/kube-ovn/commit/9c45f462c436a76dcbecc02ce5433695f57dc9be) add tracepath (#3884) + * [fe2797cd](https://github.com/kubeovn/kube-ovn/commit/fe2797cd064e26be91adf9d643499b175521daad) ovn: update patch for skipping ct (#3879) + * [8885cd23](https://github.com/kubeovn/kube-ovn/commit/8885cd2330d1d0437c2df47b0b9fd75d1042b02b) prepare for next release + +### Contributors + + * bobz965 + * guangwu + * zhangzujian + * 张祖建 + ## v1.11.16 (2024-03-27) * [6b9e393c](https://github.com/kubeovn/kube-ovn/commit/6b9e393cf1f23a2cc9761e1bde781cb20d8d1f2b) set release 1.11.16 @@ -2525,6 +2556,30 @@ * 罗云鹤 * 范日明 +## v1.9.32 (2024-05-23) + + * [1391b41c](https://github.com/kubeovn/kube-ovn/commit/1391b41cf95c0b4e586f4d15d3da429021bccd19) set release 1.9.32 + * [e4920230](https://github.com/kubeovn/kube-ovn/commit/e49202304e6de48070e4c9b198dfbf7aa8e5c76f) fix node gc (#4042) + * [73a4fb2c](https://github.com/kubeovn/kube-ovn/commit/73a4fb2cb34ddea1857b62a6a7b67942316853c4) fix ipv6 service ip not deleted (#4048) + * [2cac431b](https://github.com/kubeovn/kube-ovn/commit/2cac431b567ce0933d661b95a9bc75996430a37f) ci: fix missing env + * [b20a57d9](https://github.com/kubeovn/kube-ovn/commit/b20a57d99d445081ab0f3ad0ac4b2f531a5adadc) fix deleting vip on ovn lb (#4047) + * [75e742db](https://github.com/kubeovn/kube-ovn/commit/75e742dbcbe64c523d570bbb6e22c5af657362de) fix incorrect variable assignment (#3787) + * [dff731e5](https://github.com/kubeovn/kube-ovn/commit/dff731e59effd111f1dcc37959cbe89374f9bd73) kube-ovn-monitor and kube-ovn-pinger export pprof path 1.9 (#3655) + * [5b289f63](https://github.com/kubeovn/kube-ovn/commit/5b289f631be3f7eabe1c1c066a2d7c45bdbe1e83) fix typo (#3623) + * [e26173e8](https://github.com/kubeovn/kube-ovn/commit/e26173e8d28892a5ee433c480c2a583403ea69cc) fix u2o infinity recycle (#3568) + * [b97f0d5a](https://github.com/kubeovn/kube-ovn/commit/b97f0d5a044478c4b36a78a251cbdba912390ac7) clear load-balancer vips when delete last vip (#3555) + * [d0491242](https://github.com/kubeovn/kube-ovn/commit/d04912423ca04e866f76454603fc83ca859427ed) iptables drop invalid rst (#3492) + * [4e557326](https://github.com/kubeovn/kube-ovn/commit/4e557326124843b426bcb54679598b51fc717c77) ovs-healthcheck: ignore error when log file does not exist (#3456) + * [4f34a09a](https://github.com/kubeovn/kube-ovn/commit/4f34a09a984dfb4e1596c6d51a38a86783e4c012) add sort for subnet.spec.excludeIps (#3436) + * [d62da4a2](https://github.com/kubeovn/kube-ovn/commit/d62da4a2a8845acd3106196ffe8215a7d156d24e) prepare for next release + +### Contributors + + * changluyi + * hzma + * zhangzujian + * 张祖建 + ## v1.9.31 (2023-11-13) * [4961476a](https://github.com/kubeovn/kube-ovn/commit/4961476ad43aa2eced287c73b4eb19d7e490cb12) set release 1.9.31 From 23f9632002afac8a4c2abb0819aed49f96691bf8 Mon Sep 17 00:00:00 2001 From: Zhao Congqi Date: Fri, 24 May 2024 13:24:40 +0800 Subject: [PATCH 45/57] fix crypto/rand: argument to Int is <= 0 (#4077) Signed-off-by: zcq98 --- pkg/util/net.go | 2 +- pkg/util/net_test.go | 45 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 1 deletion(-) diff --git a/pkg/util/net.go b/pkg/util/net.go index 24148304b8a7..f75603b4fcd8 100644 --- a/pkg/util/net.go +++ b/pkg/util/net.go @@ -200,7 +200,7 @@ func genRandomIP(cidr string, isIPv6 bool) string { if isIPv6 { hostBits = 128 - netMask } - add, err := rand.Int(rand.Reader, big.NewInt(1<<(uint(hostBits)-1))) + add, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), uint(hostBits)-1)) if err != nil { LogFatalAndExit(err, "failed to generate random ip") } diff --git a/pkg/util/net_test.go b/pkg/util/net_test.go index 421cbd141194..110c0b03bcc9 100644 --- a/pkg/util/net_test.go +++ b/pkg/util/net_test.go @@ -446,6 +446,51 @@ func TestGenerateRandomV4IP(t *testing.T) { } } +func TestGenerateRandomV6IP(t *testing.T) { + tests := []struct { + name string + cidr string + wantErr bool + wantIPv6 bool + }{ + { + name: "valid IPv6 CIDR", + cidr: "2001:db8::/64", + wantErr: false, + wantIPv6: true, + }, + { + name: "invalid CIDR format", + cidr: "2001:db8::1", + wantErr: true, + wantIPv6: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + ip := GenerateRandomV6IP(tt.cidr) + if tt.wantErr { + if ip != "" { + t.Errorf("GenerateRandomV6IP(%s) = %s; want empty string", tt.cidr, ip) + } + return + } + + parsedIP, _, err := net.ParseCIDR(ip) + if err != nil { + t.Errorf("GenerateRandomV6IP(%s) returned invalid IP: %v", tt.cidr, err) + return + } + + isIPv6 := parsedIP.To4() == nil + if isIPv6 != tt.wantIPv6 { + t.Errorf("GenerateRandomV6IP(%s) returned %v; want IPv6: %v", tt.cidr, parsedIP, tt.wantIPv6) + } + }) + } +} + func TestIPToString(t *testing.T) { tests := []struct { name string From 796d5f089347243db21e30243a7ac032c3fbe132 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=A5=96=E5=BB=BA?= Date: Fri, 24 May 2024 14:01:52 +0800 Subject: [PATCH 46/57] ci: downgrade node image to v1.29.2 (#4069) Signed-off-by: zhangzujian --- yamls/kind.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/yamls/kind.yaml.j2 b/yamls/kind.yaml.j2 index 30700b33943e..d5e5bd875bc7 100644 --- a/yamls/kind.yaml.j2 +++ b/yamls/kind.yaml.j2 @@ -1,5 +1,5 @@ {%- if k8s_version is not defined -%} - {%- set k8s_version = "v1.30.0" -%} + {%- set k8s_version = "v1.29.2" -%} {%- endif -%} {%- if kube_proxy_mode is not defined -%} {%- set kube_proxy_mode = "ipvs" -%} From f1daf5c86b7a7214dd8e0267d887d7edb7475b02 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=A5=96=E5=BB=BA?= Date: Fri, 24 May 2024 14:03:37 +0800 Subject: [PATCH 47/57] base: aoivd unnecessary env variables (#4070) Signed-off-by: zhangzujian --- dist/images/Dockerfile.base | 8 ++--- dist/images/Dockerfile.rpm | 66 ------------------------------------- 2 files changed, 4 insertions(+), 70 deletions(-) delete mode 100644 dist/images/Dockerfile.rpm diff --git a/dist/images/Dockerfile.base b/dist/images/Dockerfile.base index 51eaf62dc0af..a4efcea13c2f 100644 --- a/dist/images/Dockerfile.base +++ b/dist/images/Dockerfile.base @@ -95,20 +95,20 @@ RUN mkdir -p /var/run/openvswitch && \ mkdir -p /etc/cni/net.d && \ mkdir -p /opt/cni/bin -ENV DUMB_INIT_VERSION="1.2.5" +ARG DUMB_INIT_VERSION="1.2.5" RUN curl -sSf -L --retry 5 -o /usr/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v${DUMB_INIT_VERSION}/dumb-init_${DUMB_INIT_VERSION}_$(arch) && \ chmod +x /usr/bin/dumb-init ARG ARCH -ENV CNI_VERSION=v1.4.1 +ARG CNI_VERSION=v1.4.1 RUN curl -sSf -L --retry 5 https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-linux-${ARCH}-${CNI_VERSION}.tgz | tar -xz -C . ./loopback ./portmap ./macvlan -ENV KUBE_VERSION="v1.29.5" +ARG KUBE_VERSION="v1.29.5" RUN curl -L https://dl.k8s.io/${KUBE_VERSION}/kubernetes-client-linux-${ARCH}.tar.gz | tar -xz -C . && cp ./kubernetes/client/bin/kubectl /usr/bin/kubectl \ && chmod +x /usr/bin/kubectl && rm -rf ./kubernetes -ENV BFDD_VERSION="v0.5.4" +ARG BFDD_VERSION="v0.5.4" RUN curl -sSf -L --retry 3 -o /usr/local/bin/bfdd-control https://github.com/bobz965/bfd-binary-for-kube-ovn-cni/releases/download/${BFDD_VERSION}/bfdd-control && \ curl -sSf -L --retry 3 -o /usr/local/bin/bfdd-beacon https://github.com/bobz965/bfd-binary-for-kube-ovn-cni/releases/download/${BFDD_VERSION}/bfdd-beacon && \ chmod +x /usr/local/bin/bfdd-control /usr/local/bin/bfdd-beacon diff --git a/dist/images/Dockerfile.rpm b/dist/images/Dockerfile.rpm deleted file mode 100644 index c8581e49b73e..000000000000 --- a/dist/images/Dockerfile.rpm +++ /dev/null @@ -1,66 +0,0 @@ -# syntax = docker/dockerfile:experimental -FROM centos:8 as ovs-rpm -ENV BUILD_DATE 20200930 -ARG RPM_ARCH -ARG ARCH - -RUN yum install dnf-plugins-core -y && \ - yum config-manager --set-enabled powertools && \ - yum install python36 git wget openssl-devel gcc \ - make python3-devel openssl-devel kernel-devel kernel-debug-devel \ - autoconf automake rpm-build redhat-rpm-config libtool libcap-ng-devel \ - checkpolicy selinux-policy-devel unbound unbound-devel gcc-c++ \ - desktop-file-utils graphviz groff python3-sphinx -y -COPY build.sh /root/build.sh -RUN bash /root/build.sh && \ - mkdir /rpms/ && \ - cp /ovs/rpm/rpmbuild/RPMS/${RPM_ARCH}/* /ovn/rpm/rpmbuild/RPMS/${RPM_ARCH}/* /rpms && \ - cd /rpms && rm -f *debug* *docker* *vtep* *ipsec* && \ - rm -rf /ovs /ovn /jemalloc-5.2.1 - - -FROM centos:8 -ENV BUILD_DATE 20200930 -RUN yum remove -y bind-export-libs && yum update -y && \ - yum install -y \ - firewalld-filesystem openssl \ - libatomic \ - libpcap \ - hostname ethtool \ - iproute nc \ - unbound-devel \ - tcpdump ipset logrotate && \ - yum clean all -ARG RPM_ARCH -RUN rpm -ivh --nodeps https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/30/Everything/${RPM_ARCH}/os/Packages/i/iptables-1.8.0-5.fc30.${RPM_ARCH}.rpm - -RUN mkdir -p /var/run/openvswitch && \ - mkdir -p /var/run/ovn && \ - mkdir -p /etc/cni/net.d && \ - mkdir -p /opt/cni/bin - -ARG ARCH -ENV CNI_VERSION=v1.0.1 -RUN curl -sSf -L --retry 5 https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-linux-${ARCH}-${CNI_VERSION}.tgz | tar -xz -C . ./loopback ./portmap - -ENV KUBE_VERSION="v1.13.2" -RUN curl -L https://storage.googleapis.com/kubernetes-release/release/${KUBE_VERSION}/bin/linux/${ARCH}/kubectl -o /usr/bin/kubectl \ - && chmod +x /usr/bin/kubectl - -RUN --mount=type=bind,target=/rpms,from=ovs-rpm,source=/rpms rpm -ivh --nodeps /rpms/*.rpm && \ - sed '/su ovn ovn/d' /etc/logrotate.d/ovn - -COPY *.sh /kube-ovn/ -COPY grace_stop_ovn_controller /usr/share/ovn/scripts/grace_stop_ovn_controller -COPY 01-kube-ovn.conflist /kube-ovn/01-kube-ovn.conflist -RUN rpm -e --nodeps sqlite-libs - -WORKDIR /kube-ovn -COPY kube-ovn /kube-ovn/kube-ovn -COPY kube-ovn-cmd /kube-ovn/kube-ovn-cmd -RUN ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-controller && \ - ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-daemon && \ - ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-monitor && \ - ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-pinger && \ - ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-speaker && \ - ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-webhook From 4bf54e35e38eea37e94b4e84352caf3be92d9ecd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=A5=96=E5=BB=BA?= Date: Fri, 24 May 2024 14:04:25 +0800 Subject: [PATCH 48/57] delete lease on cleanup (#4079) Signed-off-by: zhangzujian --- dist/images/cleanup.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dist/images/cleanup.sh b/dist/images/cleanup.sh index c10d9bdeabf9..e186873d4e92 100644 --- a/dist/images/cleanup.sh +++ b/dist/images/cleanup.sh @@ -191,6 +191,8 @@ kubectl delete --ignore-not-found sa ovn ovn-ovs kube-ovn-cni kube-ovn-app -n ku kubectl delete --ignore-not-found clusterrole system:ovn system:ovn-ovs system:kube-ovn-cni system:kube-ovn-app kubectl delete --ignore-not-found clusterrolebinding ovn ovn ovn-ovs kube-ovn-cni kube-ovn-app +kubectl delete --ignore-not-found -n kube-system lease kube-ovn-controller + # Remove annotations in all pods of all namespaces for ns in $(kubectl get ns -o name | awk -F/ '{print $2}'); do echo "annotating pods in namespace $ns" From 7148bcc36b3d91555d5441813e9979ba73c35f38 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=A5=96=E5=BB=BA?= Date: Fri, 24 May 2024 14:05:12 +0800 Subject: [PATCH 49/57] fix exit on error (#4080) Signed-off-by: zhangzujian --- pkg/util/net.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkg/util/net.go b/pkg/util/net.go index f75603b4fcd8..9c812b41dfd8 100644 --- a/pkg/util/net.go +++ b/pkg/util/net.go @@ -202,7 +202,8 @@ func genRandomIP(cidr string, isIPv6 bool) string { } add, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), uint(hostBits)-1)) if err != nil { - LogFatalAndExit(err, "failed to generate random ip") + klog.Errorf("failed to generate random big int with bits %d: %v", hostBits, err) + return "" } t := big.NewInt(0).Add(IP2BigInt(ip), add) return fmt.Sprintf("%s/%d", BigInt2Ip(t), netMask) From aebe363eea382d351cd37d6dccf16afdc18bc21a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=A5=96=E5=BB=BA?= Date: Fri, 24 May 2024 14:06:01 +0800 Subject: [PATCH 50/57] ovs: get controllerrevision with option --ignore-not-found (#4058) Signed-off-by: zhangzujian --- dist/images/cleanup.sh | 7 +++++-- dist/images/start-ovs.sh | 14 +++++++++----- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/dist/images/cleanup.sh b/dist/images/cleanup.sh index e186873d4e92..92c251294de9 100644 --- a/dist/images/cleanup.sh +++ b/dist/images/cleanup.sh @@ -179,11 +179,14 @@ kubectl annotate ns --all ovn.kubernetes.io/allocated- # ensure kube-ovn components have been deleted while :; do - sleep 1 + sleep 10 if [ $(kubectl get pod -n kube-system -l component=network -o name | wc -l) -eq 0 ]; then break fi - kubectl -n kube-system get pod -l component=network -o wide + for pod in `kubectl -n kube-system get pod -l component=network -o name`; do + echo "$pod logs:" + kubectl -n kube-system logs $pod --timestamps --tail 50 + done done # wait for all pods to be deleted before deleting serviceaccount/clusterrole/clusterrolebinding diff --git a/dist/images/start-ovs.sh b/dist/images/start-ovs.sh index 5e4b18643918..f802eb2431f8 100755 --- a/dist/images/start-ovs.sh +++ b/dist/images/start-ovs.sh @@ -44,28 +44,32 @@ cat /proc/cmdline" fi function cgroup_match { + if [ $1 -le 0 ]; then + return 1 + fi hash1=$(md5sum /proc/"$1"/cgroup | awk '{print $1}') hash2=$(md5sum /proc/"$2"/cgroup | awk '{print $1}') test -n "$hash1" -a "x$hash1" = "x$hash2" } function quit { + set -x gen_name=$(kubectl -n "${POD_NAMESPACE}" get pod "${POD_NAME}" -o jsonpath='{.metadata.generateName}') revision_hash=$(kubectl -n "${POD_NAMESPACE}" get pod "${POD_NAME}" -o jsonpath='{.metadata.labels.controller-revision-hash}') - revision=$(kubectl -n "${POD_NAMESPACE}" get controllerrevision "${gen_name}${revision_hash}" -o jsonpath='{.revision}') + revision=$(kubectl -n "${POD_NAMESPACE}" get controllerrevision "${gen_name}${revision_hash}" --ignore-not-found -o jsonpath='{.revision}') ds_name=${gen_name%-} latest_revision=$(kubectl -n "${POD_NAMESPACE}" get controllerrevision --no-headers | awk '$2 == "daemonset.apps/'$ds_name'" {print $3}' | sort -nr | head -n1) - if [ "x$latest_revision" = "x$revision" ]; then + if [ "x$revision" = "x" -o "x$latest_revision" = "x$revision" ]; then # stop ovn-controller/ovs only when the processes are in the same cgroup - pid=$(/usr/share/ovn/scripts/ovn-ctl status_controller | awk '{print $NF}') + pid=$((/usr/share/ovn/scripts/ovn-ctl status_controller || printf '\n0') | tail -n1 | awk '{print $NF}') if cgroup_match "${pid}" self; then /usr/share/ovn/scripts/grace_stop_ovn_controller fi - pid=$(/usr/share/openvswitch/scripts/ovs-ctl status | grep ovsdb-server | awk '{print $NF}') + pid=$((/usr/share/openvswitch/scripts/ovs-ctl status || printf '\novsdb-server 0') | grep ovsdb-server | tail -n1 | awk '{print $NF}') if cgroup_match "${pid}" self; then /usr/share/openvswitch/scripts/ovs-ctl --no-ovs-vswitchd stop fi - pid=$(/usr/share/openvswitch/scripts/ovs-ctl status | grep ovs-vswitchd | awk '{print $NF}') + pid=$((/usr/share/openvswitch/scripts/ovs-ctl status || printf '\novs-vswitchd 0') | grep ovs-vswitchd | tail -n1 | awk '{print $NF}') if cgroup_match "${pid}" self; then /usr/share/openvswitch/scripts/ovs-ctl --no-ovsdb-server stop fi From 9f67d358caa98a09f4daaf75734870e040e2f86f Mon Sep 17 00:00:00 2001 From: fanriming Date: Fri, 24 May 2024 14:07:54 +0800 Subject: [PATCH 51/57] opt: replace ovn-sbctl with ovsdb-client (#4075) Signed-off-by: fanriming --- pkg/pinger/ovn.go | 128 ++++++++++++++++++++++++++++------------------ 1 file changed, 79 insertions(+), 49 deletions(-) diff --git a/pkg/pinger/ovn.go b/pkg/pinger/ovn.go index 14311a77726e..94eebc2bef5c 100644 --- a/pkg/pinger/ovn.go +++ b/pkg/pinger/ovn.go @@ -1,6 +1,7 @@ package pinger import ( + "encoding/json" "fmt" "os" "os/exec" @@ -10,6 +11,26 @@ import ( "k8s.io/klog/v2" ) +// Chassis represents a row in the Chassis table. +type PortBinging struct { + LogicalPort string `json:"logical_port"` +} + +// PortBindingResponse represents the structure of the OVSDB query response. +type PortBindingResponse struct { + Rows []PortBinging `json:"rows"` +} + +// Chassis represents a row in the Chassis table. +type Chassis struct { + UUID [2]string `json:"_uuid"` +} + +// ChassisResponse represents the structure of the OVSDB query response. +type ChassisResponse struct { + Rows []Chassis `json:"rows"` +} + func checkOvs(config *Configuration, setMetrics bool) error { output, err := exec.Command("/usr/share/openvswitch/scripts/ovs-ctl", "status").CombinedOutput() if err != nil { @@ -98,80 +119,89 @@ func checkOvsBindings() ([]string, error) { return result, nil } -func checkSBBindings(config *Configuration) ([]string, error) { +func getChassis(hostname string) (string, error) { sbHost := os.Getenv("OVN_SB_SERVICE_HOST") sbPort := os.Getenv("OVN_SB_SERVICE_PORT") + + // Create the OVSDB query with the hostname filter + query := fmt.Sprintf(`["OVN_Southbound",{"op":"select","table":"Chassis","where":[["hostname","==","%s"]],"columns":["_uuid"]}]`, hostname) + command := []string{ - fmt.Sprintf("--db=tcp:[%s]:%s", sbHost, sbPort), - "--format=csv", - "--no-heading", - "--data=bare", - "--columns=_uuid", - "--timeout=10", - "find", - "chassis", - fmt.Sprintf("hostname=%s", config.NodeName), + "--timeout=10", "query", fmt.Sprintf("tcp:[%s]:%s", sbHost, sbPort), query, } if os.Getenv("ENABLE_SSL") == "true" { command = []string{ "-p", "/var/run/tls/key", "-c", "/var/run/tls/cert", "-C", "/var/run/tls/cacert", - fmt.Sprintf("--db=ssl:[%s]:%s", sbHost, sbPort), - "--format=csv", - "--no-heading", - "--data=bare", - "--columns=_uuid", - "--timeout=10", - "find", - "chassis", - fmt.Sprintf("hostname=%s", config.NodeName), + "--timeout=10", "query", fmt.Sprintf("ssl:[%s]:%s", sbHost, sbPort), query, } } - output, err := exec.Command("ovn-sbctl", command...).CombinedOutput() // #nosec G204 + + // Execute the ovsdb-client command and get the JSON output. + output, err := exec.Command("ovsdb-client", command...).CombinedOutput() // #nosec G204 if err != nil { - klog.Errorf("failed to find chassis: %v, %s", err, string(output)) - return nil, err + klog.Errorf("failed to find chassis %v", err) + return "", err } - if len(output) == 0 { - klog.Errorf("chassis for node %s not exist", config.NodeName) - return nil, fmt.Errorf("chassis for node %s not exist", config.NodeName) + + // Parse the JSON output. + var responses []ChassisResponse + err = json.Unmarshal(output, &responses) + if err != nil { + return "", err } - chassis := strings.TrimSpace(string(output)) - klog.Infof("chassis id is %s", chassis) - command = []string{ - fmt.Sprintf("--db=tcp:[%s]:%s", sbHost, sbPort), - "--format=csv", - "--no-heading", - "--data=bare", - "--columns=logical_port", - "--timeout=10", - "find", - "port_binding", - fmt.Sprintf("chassis=%s", chassis), + if len(responses) == 0 || len(responses[0].Rows) == 0 || len(responses[0].Rows[0].UUID) < 2 { + return "", fmt.Errorf("No chassis found for hostname: %s", hostname) + } + return responses[0].Rows[0].UUID[1], nil +} + +func getLogicalPort(chassis string) ([]string, error) { + sbHost := os.Getenv("OVN_SB_SERVICE_HOST") + sbPort := os.Getenv("OVN_SB_SERVICE_PORT") + + query := fmt.Sprintf(`["OVN_Southbound",{"op":"select","table":"Port_Binding","where":[["chassis","==",["uuid","%s"]]],"columns":["logical_port"]}]`, chassis) + + command := []string{ + "--timeout=10", "query", fmt.Sprintf("tcp:[%s]:%s", sbHost, sbPort), query, } if os.Getenv("ENABLE_SSL") == "true" { command = []string{ "-p", "/var/run/tls/key", "-c", "/var/run/tls/cert", "-C", "/var/run/tls/cacert", - fmt.Sprintf("--db=ssl:[%s]:%s", sbHost, sbPort), - "--format=csv", - "--no-heading", - "--data=bare", - "--columns=logical_port", - "--timeout=10", - "find", - "port_binding", - fmt.Sprintf("chassis=%s", chassis), + "--timeout=10", "query", fmt.Sprintf("ssl:[%s]:%s", sbHost, sbPort), query, } } - output, err = exec.Command("ovn-sbctl", command...).CombinedOutput() // #nosec G204 + output, err := exec.Command("ovsdb-client", command...).CombinedOutput() // #nosec G204 + if err != nil { + return nil, fmt.Errorf("Failed to query OVSDB: %v, %s", err, output) + } + + // Parse the JSON output. + var responses []PortBindingResponse + err = json.Unmarshal(output, &responses) if err != nil { - klog.Errorf("failed to list port_binding in ovn-sb %v", err) return nil, err } - return strings.Split(strings.TrimSpace(string(output)), "\n"), nil + if len(responses) == 0 || len(responses[0].Rows) == 0 { + return nil, fmt.Errorf("No logical port found for chassis: %s", chassis) + } + + var ports []string + for _, row := range responses[0].Rows { + ports = append(ports, row.LogicalPort) + } + return ports, nil +} + +func checkSBBindings(config *Configuration) ([]string, error) { + chassis, err := getChassis(config.NodeName) + if err != nil { + return nil, err + } + return getLogicalPort(chassis) } From 13564d9bebcb106f09ab41ad4ba8cb9f235bd688 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=A5=96=E5=BB=BA?= Date: Fri, 24 May 2024 16:36:14 +0800 Subject: [PATCH 52/57] ci: print all the previous logs for restarted pods (#4081) Signed-off-by: zhangzujian --- .github/workflows/build-x86-image.yaml | 90 +++++++++++----------- .github/workflows/scheduled-e2e.yaml | 21 +++-- Makefile | 4 +- dist/images/check-kube-ovn-pod-restarts.sh | 22 ------ hack/ci-check-crash.sh | 17 ++++ 5 files changed, 74 insertions(+), 80 deletions(-) delete mode 100644 dist/images/check-kube-ovn-pod-restarts.sh create mode 100644 hack/ci-check-crash.sh diff --git a/.github/workflows/build-x86-image.yaml b/.github/workflows/build-x86-image.yaml index 35842ffeba4b..4bc6da30966b 100644 --- a/.github/workflows/build-x86-image.yaml +++ b/.github/workflows/build-x86-image.yaml @@ -489,10 +489,6 @@ jobs: E2E_NETWORK_MODE: ${{ matrix.mode }} run: make k8s-conformance-e2e - - name: Check kube ovn pod restarts - run: | - make check-kube-ovn-pod-restarts - - name: kubectl ko log if: failure() run: | @@ -506,6 +502,9 @@ jobs: name: k8s-conformance-e2e-${{ matrix.ip-family }}-${{ matrix.mode }}-ko-log path: k8s-conformance-e2e-${{ matrix.ip-family }}-${{ matrix.mode }}-ko-log.tar.gz + - name: Check kube ovn pod restarts + run: make check-kube-ovn-pod-restarts + - name: Check valgrind result run: | kubectl -n kube-system rollout restart ds ovs-ovn @@ -649,10 +648,6 @@ jobs: working-directory: ${{ env.E2E_DIR }} run: make k8s-netpol-e2e - - name: Check kube ovn pod restarts - run: | - make check-kube-ovn-pod-restarts - - name: kubectl ko log if: failure() run: | @@ -666,6 +661,9 @@ jobs: name: k8s-netpol-e2e-${{ matrix.ip-family }}-ko-log path: k8s-netpol-e2e-${{ matrix.ip-family }}-ko-log.tar.gz + - name: Check kube ovn pod restarts + run: make check-kube-ovn-pod-restarts + - name: Check valgrind result run: | kubectl -n kube-system rollout restart ds ovs-ovn @@ -784,10 +782,6 @@ jobs: working-directory: ${{ env.E2E_DIR }} run: make cyclonus-netpol-e2e - - name: Check kube ovn pod restarts - run: | - make check-kube-ovn-pod-restarts - - name: kubectl ko log if: failure() run: | @@ -801,6 +795,9 @@ jobs: name: cyclonus-netpol-e2e-${{ matrix.ip-family }}-ko-log path: cyclonus-netpol-e2e-${{ matrix.ip-family }}-ko-log.tar.gz + - name: Check kube ovn pod restarts + run: make check-kube-ovn-pod-restarts + - name: Check valgrind result run: | kubectl -n kube-system rollout restart ds ovs-ovn @@ -945,10 +942,6 @@ jobs: make kind-install-kubevirt make kube-ovn-kubevirt-e2e - - name: Check kube ovn pod restarts - run: | - make check-kube-ovn-pod-restarts - - name: kubectl ko log if: failure() run: | @@ -962,6 +955,9 @@ jobs: name: kube-ovn-conformance-e2e-${{ matrix.mode }}-${{ matrix.ip-family }}-ko-log path: kube-ovn-conformance-e2e-${{ matrix.mode }}-${{ matrix.ip-family }}-ko-log.tar.gz + - name: Check kube ovn pod restarts + run: make check-kube-ovn-pod-restarts + - name: Check valgrind result run: | kubectl -n kube-system rollout restart ds ovs-ovn @@ -1096,10 +1092,6 @@ jobs: E2E_IP_FAMILY: ${{ matrix.ip-family }} run: make kube-ovn-ic-conformance-e2e - - name: Check kube ovn pod restarts - run: | - make check-kube-ovn-pod-restarts - - name: kubectl ko log if: failure() run: | @@ -1118,6 +1110,9 @@ jobs: name: kube-ovn-ic-conformance-e2e-${{ matrix.ip-family }}-ko-log path: kube-ovn-ic-conformance-e2e-${{ matrix.ip-family }}-ko-log.tar.gz + - name: Check kube ovn pod restarts + run: make check-kube-ovn-pod-restarts + multus-conformance-e2e: name: Multus Conformance E2E needs: @@ -1222,10 +1217,6 @@ jobs: E2E_IP_FAMILY: ${{ matrix.ip-family }} run: make kube-ovn-multus-conformance-e2e - - name: Check kube ovn pod restarts - run: | - make check-kube-ovn-pod-restarts - - name: kubectl ko log if: failure() run: | @@ -1239,6 +1230,9 @@ jobs: name: multus-conformance-e2e-${{ matrix.ip-family }}-ko-log path: multus-conformance-e2e-${{ matrix.ip-family }}-ko-log.tar.gz + - name: Check kube ovn pod restarts + run: make check-kube-ovn-pod-restarts + chart-test: name: Chart Installation/Uninstallation Test needs: build-kube-ovn @@ -1646,10 +1640,6 @@ jobs: E2E_BRANCH: ${{ github.base_ref || github.ref_name }} run: make kube-ovn-webhook-e2e - - name: Check kube ovn pod restarts - run: | - make check-kube-ovn-pod-restarts - - name: kubectl ko log if: failure() run: | @@ -1663,6 +1653,9 @@ jobs: name: webhook-e2e-ko-log path: webhook-e2e-ko-log.tar.gz + - name: Check kube ovn pod restarts + run: make check-kube-ovn-pod-restarts + installation-compatibility-test: name: Installation Compatibility Test needs: build-kube-ovn @@ -1839,10 +1832,6 @@ jobs: E2E_NETWORK_MODE: ${{ matrix.mode }} run: make k8s-conformance-e2e - - name: Check kube ovn pod restarts - run: | - make check-kube-ovn-pod-restarts - - name: kubectl ko log if: failure() run: | @@ -1856,6 +1845,9 @@ jobs: name: cilium-chaining-e2e-ko-log path: cilium-chaining-e2e-ko-log.tar.gz + - name: Check kube ovn pod restarts + run: make check-kube-ovn-pod-restarts + - name: Cleanup run: sh -x dist/images/cleanup.sh @@ -1972,10 +1964,6 @@ jobs: make kube-ovn-security-e2e make kube-ovn-ha-e2e - - name: Check kube ovn pod restarts - run: | - make check-kube-ovn-pod-restarts - - name: kubectl ko log if: failure() run: | @@ -1989,6 +1977,9 @@ jobs: name: kube-ovn-ha-e2e-${{ matrix.ssl }}-${{ matrix.bind-local }}-${{ matrix.ip-family }}-ko-log path: kube-ovn-ha-e2e-${{ matrix.ssl }}-${{ matrix.bind-local }}-${{ matrix.ip-family }}-ko-log.tar.gz + - name: Check kube ovn pod restarts + run: make check-kube-ovn-pod-restarts + - name: Cleanup run: sh -x dist/images/cleanup.sh @@ -2065,10 +2056,6 @@ jobs: working-directory: ${{ env.E2E_DIR }} run: make kube-ovn-submariner-conformance-e2e - - name: Check kube ovn pod restarts - run: | - make check-kube-ovn-pod-restarts - - name: kubectl ko log if: failure() run: | @@ -2082,6 +2069,9 @@ jobs: name: kube-ovn-submariner-conformance-e2e-ko-log path: kube-ovn-submariner-conformance-e2e-ko-log.tar.gz + - name: Check kube ovn pod restarts + run: make check-kube-ovn-pod-restarts + - name: Cleanup run: sh -x dist/images/cleanup.sh @@ -2186,10 +2176,6 @@ jobs: E2E_BRANCH: ${{ github.base_ref || github.ref_name }} run: make iptables-vpc-nat-gw-conformance-e2e - - name: Check kube ovn pod restarts - run: | - make check-kube-ovn-pod-restarts - - name: kubectl ko log if: failure() run: | @@ -2203,6 +2189,9 @@ jobs: name: iptables-vpc-nat-gw-conformance-e2e-ko-log path: iptables-vpc-nat-gw-conformance-e2e-ko-log.tar.gz + - name: Check kube ovn pod restarts + run: make check-kube-ovn-pod-restarts + ovn-vpc-nat-gw-conformance-e2e: name: OVN VPC NAT Gateway E2E needs: @@ -2302,6 +2291,19 @@ jobs: E2E_BRANCH: ${{ github.base_ref || github.ref_name }} run: make ovn-vpc-nat-gw-conformance-e2e + - name: kubectl ko log + if: failure() + run: | + make kubectl-ko-log + mv kubectl-ko-log.tar.gz ovn-vpc-nat-gw-conformance-e2e-ko-log.tar.gz + + - name: upload kubectl ko log + uses: actions/upload-artifact@v4 + if: failure() + with: + name: ovn-vpc-nat-gw-conformance-e2e-ko-log + path: ovn-vpc-nat-gw-conformance-e2e-ko-log.tar.gz + - name: Check kube ovn pod restarts run: | make check-kube-ovn-pod-restarts diff --git a/.github/workflows/scheduled-e2e.yaml b/.github/workflows/scheduled-e2e.yaml index 5b61e1d6e52e..804dc5ef4ded 100644 --- a/.github/workflows/scheduled-e2e.yaml +++ b/.github/workflows/scheduled-e2e.yaml @@ -647,13 +647,12 @@ jobs: docker pull kubeovn/vpc-nat-gateway:$version VERSION=$version make kind-install-lb-svc - - name: Check kube ovn pod restarts - run: | - make check-kube-ovn-pod-restarts - - name: Run E2E run: make kube-ovn-lb-svc-conformance-e2e + - name: Check kube ovn pod restarts + run: make check-kube-ovn-pod-restarts + kubevirt-e2e: name: Kubevirt VM E2E runs-on: ubuntu-22.04 @@ -724,13 +723,12 @@ jobs: VERSION=$version make kind-install VERSION=$version make kind-install-kubevirt - - name: Check kube ovn pod restarts - run: | - make check-kube-ovn-pod-restarts - - name: Run E2E run: make kube-ovn-kubevirt-e2e + - name: Check kube ovn pod restarts + run: make check-kube-ovn-pod-restarts + webhook-e2e: name: Webhook E2E runs-on: ubuntu-22.04 @@ -849,14 +847,13 @@ jobs: docker pull kubeovn/kube-ovn:$version VERSION=$version make kind-install + - name: Check kube ovn pod restarts + run: make check-kube-ovn-pod-restarts + - name: Cleanup working-directory: test/e2e/kube-ovn/branches/${{ matrix.branch }} run: sh dist/images/cleanup.sh - - name: Check kube ovn pod restarts - run: | - make check-kube-ovn-pod-restarts - cilium-chaining-e2e: name: Cilium Chaining E2E runs-on: ubuntu-22.04 diff --git a/Makefile b/Makefile index 92784e0db108..a54663808b8f 100644 --- a/Makefile +++ b/Makefile @@ -968,8 +968,8 @@ kind-clean-bgp-ha: .PHONY: check-kube-ovn-pod-restarts check-kube-ovn-pod-restarts: - bash dist/images/check-kube-ovn-pod-restarts.sh - + bash hack/ci-check-crash.sh + .PHONY: uninstall uninstall: bash dist/images/cleanup.sh diff --git a/dist/images/check-kube-ovn-pod-restarts.sh b/dist/images/check-kube-ovn-pod-restarts.sh deleted file mode 100644 index bc0fa916640f..000000000000 --- a/dist/images/check-kube-ovn-pod-restarts.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash - -namespace="kube-system" - -# check if there are any crashed pods -crashedPodsNum=$(kubectl get po -n "$namespace" -o wide | grep -E "ovn-controller|ovn-pinger|ovn-monitor|ovn-cni|ovn-central|ovs-ovn" | awk '{print $3$4}' | grep -v -c "Running0") -if [ "$crashedPodsNum" -gt 0 ]; then - echo "some ovn pods are not running" - kubectl get po -n "$namespace" -o wide | grep -E "ovn-controller|ovn-pinger|ovn-monitor|ovn-cni|ovn-central|ovs-ovn" - crashedPods=$(kubectl get po -n "$namespace" -o wide | grep -E "ovn-controller|ovn-pinger|ovn-monitor|ovn-cni|ovn-central|ovs-ovn" | awk '{print $1 " " $3$4}' | grep -v "Running0" | awk '{print $1}') - for crashedPod in $crashedPods; do - echo "kubectl logs -p -n $crashedPod | tail -n 100" - kubectl logs -p -n "$namespace" "$crashedPod" | tail -n 100 - echo "PLEASE CHECK THE ERROR LOGS ABOVE /|\ /|\ /|\ " - done - - echo "some ovn pods crashed" - exit 1 -else - echo "all ovn pods are ok" - exit 0 -fi diff --git a/hack/ci-check-crash.sh b/hack/ci-check-crash.sh new file mode 100644 index 000000000000..ffb7aa56ea7c --- /dev/null +++ b/hack/ci-check-crash.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +namespace="kube-system" + +exit_code=0 +# check if there are any crashed pods +for pod in `kubectl get pod -n $namespace -l component=network -o name`; do + restartCount=`kubectl get -n $namespace $pod -o jsonpath='{.status.containerStatuses[0].restartCount}'` + # TODO: get restart count for all containers + if [ $restartCount -gt 0 ]; then + exit_code=1 + echo "$pod restarted $restartCount time(s). Logs of the previous instance:" + kubectl logs -p -n $namespace $pod + fi +done + +exit $exit_code From e1310e1705096d80e7ea78d8d47fae6c728e56d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=A5=96=E5=BB=BA?= Date: Fri, 24 May 2024 16:42:21 +0800 Subject: [PATCH 53/57] install.sh: wait for all kube-ovn-pinger pods to be ready (#4082) Signed-off-by: zhangzujian --- dist/images/install.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dist/images/install.sh b/dist/images/install.sh index 2bcdef153940..7ab3f011c664 100755 --- a/dist/images/install.sh +++ b/dist/images/install.sh @@ -4761,8 +4761,9 @@ for ns in $(kubectl get ns --no-headers -o custom-columns=NAME:.metadata.name); done done +kubectl rollout status deployment/coredns -n kube-system --timeout 300s kubectl rollout status daemonset/kube-ovn-pinger -n kube-system --timeout 300s -kubectl rollout status deployment/coredns -n kube-system --timeout 600s +kubectl wait pod --for=condition=Ready -l app=kube-ovn-pinger -n kube-system --timeout 300s echo "-------------------------------" echo "" From afe5446c42d03cf3da3483bd60e988b3b43b2f40 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 25 May 2024 09:30:01 +0800 Subject: [PATCH 54/57] build(deps): bump sigs.k8s.io/controller-runtime from 0.18.2 to 0.18.3 (#4084) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.18.2 to 0.18.3. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.18.2...v0.18.3) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 33fd8f5c0095..91b6bd0b8cc1 100644 --- a/go.mod +++ b/go.mod @@ -53,7 +53,7 @@ require ( k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 kubevirt.io/api v1.2.0 kubevirt.io/client-go v1.2.0 - sigs.k8s.io/controller-runtime v0.18.2 + sigs.k8s.io/controller-runtime v0.18.3 ) require ( diff --git a/go.sum b/go.sum index 4ba36080931e..f7ea4df21597 100644 --- a/go.sum +++ b/go.sum @@ -2360,8 +2360,8 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 h1:/U5vjBbQn3RChhv7P11uhYvCSm5G2GaIi5AIGBS6r4c= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0/go.mod h1:z7+wmGM2dfIiLRfrC6jb5kV2Mq/sK1ZP303cxzkV5Y4= -sigs.k8s.io/controller-runtime v0.18.2 h1:RqVW6Kpeaji67CY5nPEfRz6ZfFMk0lWQlNrLqlNpx+Q= -sigs.k8s.io/controller-runtime v0.18.2/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= +sigs.k8s.io/controller-runtime v0.18.3 h1:B5Wmmo8WMWK7izei+2LlXLVDGzMwAHBNLX68lwtlSR4= +sigs.k8s.io/controller-runtime v0.18.3/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/kustomize/api v0.16.0 h1:/zAR4FOQDCkgSDmVzV2uiFbuy9bhu3jEzthrHCuvm1g= From 2029231144785b9dfbdde0ace9ba981901d48625 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 25 May 2024 09:31:40 +0800 Subject: [PATCH 55/57] build(deps): bump github.com/onsi/ginkgo/v2 from 2.18.0 to 2.19.0 (#4085) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.18.0 to 2.19.0. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.18.0...v2.19.0) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 91b6bd0b8cc1..4a936c6dc690 100644 --- a/go.mod +++ b/go.mod @@ -23,7 +23,7 @@ require ( github.com/kubeovn/ovsdb v0.0.0-20240410091831-5dd26006c475 github.com/mdlayher/arp v0.0.0-20220512170110-6706a2966875 github.com/moby/sys/mountinfo v0.7.1 - github.com/onsi/ginkgo/v2 v2.18.0 + github.com/onsi/ginkgo/v2 v2.19.0 github.com/onsi/gomega v1.33.1 github.com/osrg/gobgp/v3 v3.26.0 github.com/ovn-org/libovsdb v0.0.0-20230711201130-6785b52d4020 diff --git a/go.sum b/go.sum index f7ea4df21597..bcb062a5b108 100644 --- a/go.sum +++ b/go.sum @@ -1191,8 +1191,8 @@ github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7 github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o= github.com/onsi/ginkgo/v2 v2.13.2/go.mod h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM= github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM= -github.com/onsi/ginkgo/v2 v2.18.0 h1:W9Y7IWXxPUpAit9ieMOLI7PJZGaW22DTKgiVAuhDTLc= -github.com/onsi/ginkgo/v2 v2.18.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= +github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA= +github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= From 9c981274b50fe1221a9ddc5bc7eac094f6807795 Mon Sep 17 00:00:00 2001 From: Zhao Congqi Date: Tue, 28 May 2024 15:02:27 +0800 Subject: [PATCH 56/57] fix: add ip_reserved label for vip (#4093) Signed-off-by: zcq98 --- pkg/controller/vip.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkg/controller/vip.go b/pkg/controller/vip.go index cec712f483c6..73d979bf7d7f 100644 --- a/pkg/controller/vip.go +++ b/pkg/controller/vip.go @@ -520,6 +520,11 @@ func (c *Controller) createOrUpdateVipCR(key, ns, subnet, v4ip, v6ip, mac, pV4ip vip.Labels[util.SubnetNameLabel] = subnet needUpdateLabel = true } + if _, ok := vip.Labels[util.IPReservedLabel]; !ok { + op = "add" + vip.Labels[util.IPReservedLabel] = "" + needUpdateLabel = true + } if needUpdateLabel { patchPayloadTemplate := `[{ "op": "%s", "path": "/metadata/labels", "value": %s }]` raw, _ := json.Marshal(vip.Labels) From 368d190430532a66110e0ae0c9fe130b9fb7a973 Mon Sep 17 00:00:00 2001 From: Mengxin Liu Date: Tue, 28 May 2024 17:26:31 +0800 Subject: [PATCH 57/57] fix mac conflict (#4095) Signed-off-by: oilbeater --- pkg/util/net.go | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/pkg/util/net.go b/pkg/util/net.go index 9c812b41dfd8..268c9edfeffc 100644 --- a/pkg/util/net.go +++ b/pkg/util/net.go @@ -34,16 +34,17 @@ const ( ) // GenerateMac generates mac address. +// Refer from https://github.com/cilium/cilium/blob/8c7e442ccd48b9011a10f34a128ec98751d9a80e/pkg/mac/mac.go#L106 func GenerateMac() string { - prefix := "00:00:00" - b := make([]byte, 3) - _, err := rand.Read(b) - if err != nil { - klog.Errorf("generate mac error: %v", err) + buf := make([]byte, 6) + if _, err := rand.Read(buf); err != nil { + klog.Errorf("Unable to retrieve 6 rnd bytes: %v", err) } - mac := fmt.Sprintf("%s:%02X:%02X:%02X", prefix, b[0], b[1], b[2]) - return mac + // Set locally administered addresses bit and reset multicast bit + buf[0] = (buf[0] | 0x02) & 0xfe + + return net.HardwareAddr(buf).String() } func IP2BigInt(ipStr string) *big.Int {