feat: replace networkd with new network implementation

This removes networkd, updates network ready condition, enables all the
controllers which were previously disabled.

Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>

Dockerfile

@@ -180,6 +180,7 @@ COPY --from=generate-build /api/cluster/*.pb.go /pkg/machinery/api/cluster/
 COPY --from=generate-build /api/storage/*.pb.go /pkg/machinery/api/storage/
 COPY --from=generate-build /api/resource/*.pb.go /pkg/machinery/api/resource/
 COPY --from=generate-build /api/inspect/*.pb.go /pkg/machinery/api/inspect/
+COPY --from=go-generate /src/pkg/resources/network/ /pkg/resources/network/
 COPY --from=go-generate /src/pkg/machinery/config/types/v1alpha1/ /pkg/machinery/config/types/v1alpha1/
 COPY --from=go-generate /src/pkg/machinery/nethelpers/ /pkg/machinery/nethelpers/
 

go.mod

@@ -44,27 +44,39 @@ require (
 	github.com/gizak/termui/v3 v3.1.0
 	github.com/golang/protobuf v1.5.2
 	github.com/google/go-cmp v0.5.6
+	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/uuid v1.2.0
+	github.com/googleapis/gnostic v0.5.5 // indirect
 	github.com/grpc-ecosystem/go-grpc-middleware v1.3.0
 	github.com/hashicorp/go-getter v1.5.3
 	github.com/hashicorp/go-multierror v1.1.1
+	github.com/imdario/mergo v0.3.12 // indirect
 	github.com/insomniacslk/dhcp v0.0.0-20210528123148-fb4eaaa00ad2
 	github.com/jsimonetti/rtnetlink v0.0.0-20210531051304-b34cb89a106b
+	github.com/magiconair/properties v1.8.5 // indirect
 	github.com/mattn/go-isatty v0.0.13
 	github.com/mdlayher/arp v0.0.0-20191213142603-f72070a231fc
 	github.com/mdlayher/ethtool v0.0.0-20210210192532-2b88debcdd43
 	github.com/mdlayher/genetlink v1.0.0
 	github.com/mdlayher/netlink v1.4.1
+	github.com/mdlayher/raw v0.0.0-20210412142147-51b895745faf // indirect
+	github.com/mitchellh/mapstructure v1.4.1 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d
+	github.com/pelletier/go-toml v1.9.0 // indirect
 	github.com/pin/tftp v2.1.0+incompatible
-	github.com/plunder-app/kube-vip v0.3.5
+	github.com/prometheus/client_golang v1.10.0 // indirect
+	github.com/prometheus/common v0.23.0 // indirect
 	github.com/prometheus/procfs v0.6.0
 	github.com/rivo/tview v0.0.0-20210531104647-807e706f86d1
 	github.com/rs/xid v1.3.0
 	github.com/ryanuber/columnize v2.1.2+incompatible
+	github.com/sirupsen/logrus v1.8.1 // indirect
 	github.com/smira/go-xz v0.0.0-20201019130106-9921ed7a9935
+	github.com/spf13/afero v1.6.0 // indirect
+	github.com/spf13/cast v1.3.1 // indirect
 	github.com/spf13/cobra v1.1.3
+	github.com/spf13/viper v1.7.1 // indirect
 	github.com/stretchr/testify v1.7.0
 	github.com/talos-systems/crypto v0.2.1-0.20210601174604-cd18ef62eb9f
 	github.com/talos-systems/go-blockdevice v0.2.1-0.20210526155905-30c2bc3cb62a
@@ -79,6 +91,7 @@ require (
 	github.com/talos-systems/net v0.2.1-0.20210212213224-05190541b0fa
 	github.com/talos-systems/talos/pkg/machinery v0.0.0-00010101000000-000000000000
 	github.com/u-root/u-root v7.0.0+incompatible
+	github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f // indirect
 	github.com/vmware-tanzu/sonobuoy v0.50.0
 	github.com/vmware/govmomi v0.26.0
 	github.com/vmware/vmw-guestinfo v0.0.0-20200218095840-687661b8bd8e
@@ -88,14 +101,17 @@ require (
 	go.etcd.io/etcd/etcdutl/v3 v3.5.0-rc.0
 	go.uber.org/zap v1.17.0
 	golang.org/x/net v0.0.0-20210525063256-abc453219eb5
+	golang.org/x/oauth2 v0.0.0-20210427180440-81ed05c6b58c // indirect
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
 	golang.org/x/sys v0.0.0-20210531080801-fdfd190a6549
 	golang.org/x/term v0.0.0-20210503060354-a79de5458b56
 	golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba
 	golang.zx2c4.com/wireguard/wgctrl v0.0.0-20210506160403-92e472f520a5
+	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/grpc v1.38.0
 	google.golang.org/protobuf v1.26.0
 	gopkg.in/freddierice/go-losetup.v1 v1.0.0-20170407175016-fc9adea44124
+	gopkg.in/ini.v1 v1.62.0 // indirect
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
 	inet.af/netaddr v0.0.0-20210430201628-1d252cf8125e
 	k8s.io/api v0.21.1
@@ -105,4 +121,6 @@ require (
 	k8s.io/cri-api v0.21.1
 	k8s.io/kubectl v0.21.1
 	k8s.io/kubelet v0.21.1
+	k8s.io/utils v0.0.0-20210305010621-2afb4311ab10 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.1.1 // indirect
 )

hack/release.toml

@@ -46,7 +46,7 @@ Added the flag `cluster.coreDNS.disabled` to coreDNS deployment during the clust
         title = "Default to Bootstrap workflow"
         description = """\
 The `init.yaml` is no longer an output of `talosctl gen config`.
-We now encourage using the bootstrap API, instead it `init` node types, as we
+We now encourage using the bootstrap API, instead of `init` node types, as we
 intend on deprecating this machine type in the future.
 The `init.yaml` and `controlplane.yaml` machine configs are identical with the
 exception of the machine type.

internal/app/machined/pkg/controllers/files/etcfile_test.go

@@ -137,6 +137,17 @@ func (suite *EtcFileSuite) TestFiles() {
 	}
 }
 
+func (suite *EtcFileSuite) TearDownTest() {
+	suite.T().Log("tear down")
+
+	suite.ctxCancel()
+
+	suite.wg.Wait()
+
+	// trigger updates in resources to stop watch loops
+	suite.Assert().NoError(suite.state.Create(context.Background(), files.NewEtcFileSpec(files.NamespaceName, "bar")))
+}
+
 func TestEtcFileSuite(t *testing.T) {
 	suite.Run(t, new(EtcFileSuite))
 }

internal/app/machined/pkg/controllers/k8s/extra_manifest.go

@@ -22,7 +22,7 @@ import (
 
 	"github.com/talos-systems/talos/pkg/resources/config"
 	"github.com/talos-systems/talos/pkg/resources/k8s"
-	"github.com/talos-systems/talos/pkg/resources/v1alpha1"
+	"github.com/talos-systems/talos/pkg/resources/network"
 )
 
 // ExtraManifestController renders manifests based on templates and config/secrets.
@@ -43,9 +43,9 @@ func (ctrl *ExtraManifestController) Inputs() []controller.Input {
 			Kind:      controller.InputWeak,
 		},
 		{
-			Namespace: v1alpha1.NamespaceName,
-			Type:      v1alpha1.ServiceType,
-			ID:        pointer.ToString("networkd"),
+			Namespace: network.NamespaceName,
+			Type:      network.StatusType,
+			ID:        pointer.ToString(network.StatusID),
 			Kind:      controller.InputWeak,
 		},
 	}
@@ -72,8 +72,8 @@ func (ctrl *ExtraManifestController) Run(ctx context.Context, r controller.Runti
 		case <-r.EventCh():
 		}
 
-		// wait for networkd to be healthy as networking is required to download extra manifests
-		networkdResource, err := r.Get(ctx, resource.NewMetadata(v1alpha1.NamespaceName, v1alpha1.ServiceType, "networkd", resource.VersionUndefined))
+		// wait for network to be ready as networking is required to download extra manifests
+		networkResource, err := r.Get(ctx, resource.NewMetadata(network.NamespaceName, network.StatusType, network.StatusID, resource.VersionUndefined))
 		if err != nil {
 			if state.IsNotFoundError(err) {
 				continue
@@ -82,7 +82,9 @@ func (ctrl *ExtraManifestController) Run(ctx context.Context, r controller.Runti
 			return err
 		}
 
-		if !networkdResource.(*v1alpha1.Service).Healthy() {
+		networkStatus := networkResource.(*network.Status).TypedSpec()
+
+		if !(networkStatus.AddressReady && networkStatus.ConnectivityReady) {
 			continue
 		}
 

internal/app/machined/pkg/controllers/k8s/extra_manifest_test.go

@@ -26,6 +26,7 @@ import (
 	"github.com/talos-systems/talos/pkg/logging"
 	"github.com/talos-systems/talos/pkg/resources/config"
 	"github.com/talos-systems/talos/pkg/resources/k8s"
+	"github.com/talos-systems/talos/pkg/resources/network"
 	"github.com/talos-systems/talos/pkg/resources/v1alpha1"
 )
 
@@ -108,12 +109,12 @@ metadata:
 		},
 	})
 
-	serviceNetworkd := v1alpha1.NewService("networkd")
-	serviceNetworkd.SetRunning(true)
-	serviceNetworkd.SetHealthy(true)
+	statusNetwork := network.NewStatus(network.NamespaceName, network.StatusID)
+	statusNetwork.TypedSpec().AddressReady = true
+	statusNetwork.TypedSpec().ConnectivityReady = true
 
 	suite.Require().NoError(suite.state.Create(suite.ctx, configExtraManifests))
-	suite.Require().NoError(suite.state.Create(suite.ctx, serviceNetworkd))
+	suite.Require().NoError(suite.state.Create(suite.ctx, statusNetwork))
 
 	suite.Assert().NoError(retry.Constant(10*time.Second, retry.WithUnits(100*time.Millisecond)).Retry(
 		func() error {

internal/app/machined/pkg/controllers/network/address_config.go

@@ -16,6 +16,7 @@ import (
 	"go.uber.org/zap"
 	"inet.af/netaddr"
 
+	"github.com/talos-systems/talos/internal/app/machined/pkg/runtime"
 	talosconfig "github.com/talos-systems/talos/pkg/machinery/config"
 	"github.com/talos-systems/talos/pkg/machinery/nethelpers"
 	"github.com/talos-systems/talos/pkg/resources/config"
@@ -24,7 +25,8 @@ import (
 
 // AddressConfigController manages network.AddressSpec based on machine configuration, kernel cmdline and some built-in defaults.
 type AddressConfigController struct {
-	Cmdline *procfs.Cmdline
+	Cmdline      *procfs.Cmdline
+	V1Alpha1Mode runtime.Mode
 }
 
 // Name implements controller.Controller interface.
@@ -179,6 +181,11 @@ func (ctrl *AddressConfigController) apply(ctx context.Context, r controller.Run
 }
 
 func (ctrl *AddressConfigController) loopbackDefaults() []network.AddressSpecSpec {
+	if ctrl.V1Alpha1Mode == runtime.ModeContainer {
+		// skip configuring lo addresses in container mode
+		return nil
+	}
+
 	return []network.AddressSpecSpec{
 		{
 			Address: netaddr.IPPrefix{

internal/app/machined/pkg/controllers/network/address_config_test.go

@@ -235,6 +235,25 @@ func (suite *AddressConfigSuite) TestMachineConfiguration() {
 		}))
 }
 
+func (suite *AddressConfigSuite) TearDownTest() {
+	suite.T().Log("tear down")
+
+	suite.ctxCancel()
+
+	suite.wg.Wait()
+
+	// trigger updates in resources to stop watch loops
+	err := suite.state.Create(context.Background(), config.NewMachineConfig(&v1alpha1.Config{
+		ConfigVersion: "v1alpha1",
+		MachineConfig: &v1alpha1.MachineConfig{},
+	}))
+	if state.IsConflictError(err) {
+		err = suite.state.Destroy(context.Background(), config.NewMachineConfig(nil).Metadata())
+	}
+
+	suite.Require().NoError(err)
+}
+
 func TestAddressConfigSuite(t *testing.T) {
 	suite.Run(t, new(AddressConfigSuite))
 }

internal/app/machined/pkg/controllers/network/address_merge.go

@@ -3,6 +3,8 @@
 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 // Package network provides controllers which manage network resources.
+//
+//nolint:dupl
 package network
 
 import (

internal/app/machined/pkg/controllers/network/address_merge_test.go

@@ -190,6 +190,17 @@ func (suite *AddressMergeSuite) TestMerge() {
 		}))
 }
 
+func (suite *AddressMergeSuite) TearDownTest() {
+	suite.T().Log("tear down")
+
+	suite.ctxCancel()
+
+	suite.wg.Wait()
+
+	// trigger updates in resources to stop watch loops
+	suite.Assert().NoError(suite.state.Create(context.Background(), network.NewAddressSpec(network.ConfigNamespaceName, "bar")))
+}
+
 func TestAddressMergeSuite(t *testing.T) {
 	suite.Run(t, new(AddressMergeSuite))
 }

internal/app/machined/pkg/controllers/network/address_spec.go

@@ -6,8 +6,10 @@ package network
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"net"
+	"os"
 
 	"github.com/cosi-project/runtime/pkg/controller"
 	"github.com/cosi-project/runtime/pkg/resource"
@@ -48,7 +50,7 @@ func (ctrl *AddressSpecController) Outputs() []controller.Output {
 
 // Run implements controller.Controller interface.
 //
-//nolint:gocyclo,dupl
+//nolint:gocyclo
 func (ctrl *AddressSpecController) Run(ctx context.Context, r controller.Runtime, logger *zap.Logger) error {
 	// watch link changes as some address might need to be re-applied if the link appears
 	watcher, err := watch.NewRtNetlink(r, unix.RTMGRP_LINK)
@@ -219,7 +221,10 @@ func (ctrl *AddressSpecController) syncAddress(ctx context.Context, r controller
 				Flags:     uint32(address.TypedSpec().Flags),
 			},
 		}); err != nil {
-			return fmt.Errorf("error adding address %s to %q: %w", address.TypedSpec().Address, address.TypedSpec().LinkName, err)
+			// ignore EEXIST error
+			if !errors.Is(err, os.ErrExist) {
+				return fmt.Errorf("error adding address %s to %q: %w", address.TypedSpec().Address, address.TypedSpec().LinkName, err)
+			}
 		}
 
 		logger.Info("assigned address", zap.Stringer("address", address.TypedSpec().Address), zap.String("link", address.TypedSpec().LinkName))

internal/app/machined/pkg/controllers/network/address_spec_test.go

@@ -9,6 +9,7 @@ import (
 	"context"
 	"fmt"
 	"log"
+	"math/rand"
 	"net"
 	"sync"
 	"testing"
@@ -58,6 +59,10 @@ func (suite *AddressSpecSuite) SetupTest() {
 	suite.startRuntime()
 }
 
+func (suite *AddressSpecSuite) uniqueDummyInterface() string {
+	return fmt.Sprintf("dummy%02x%02x%02x", rand.Int31()&0xff, rand.Int31()&0xff, rand.Int31()&0xff)
+}
+
 func (suite *AddressSpecSuite) startRuntime() {
 	suite.wg.Add(1)
 
@@ -163,7 +168,7 @@ func (suite *AddressSpecSuite) TestLoopback() {
 }
 
 func (suite *AddressSpecSuite) TestDummy() {
-	const dummyInterface = "dummy9"
+	dummyInterface := suite.uniqueDummyInterface()
 
 	conn, err := rtnetlink.Dial(nil)
 	suite.Require().NoError(err)
@@ -223,6 +228,17 @@ func (suite *AddressSpecSuite) TestDummy() {
 	}
 }
 
+func (suite *AddressSpecSuite) TearDownTest() {
+	suite.T().Log("tear down")
+
+	suite.ctxCancel()
+
+	suite.wg.Wait()
+
+	// trigger updates in resources to stop watch loops
+	suite.Assert().NoError(suite.state.Create(context.Background(), network.NewAddressSpec(network.NamespaceName, "bar")))
+}
+
 func TestAddressSpecSuite(t *testing.T) {
 	suite.Run(t, new(AddressSpecSuite))
 }

internal/app/machined/pkg/controllers/network/address_status_test.go

@@ -104,6 +104,14 @@ func (suite *AddressStatusSuite) TestLoopback() {
 		}))
 }
 
+func (suite *AddressStatusSuite) TearDownTest() {
+	suite.T().Log("tear down")
+
+	suite.ctxCancel()
+
+	suite.wg.Wait()
+}
+
 func TestAddressStatusSuite(t *testing.T) {
 	suite.Run(t, new(AddressStatusSuite))
 }

internal/app/machined/pkg/controllers/network/etcfile_test.go

@@ -240,6 +240,29 @@ func (suite *EtcFileConfigSuite) TestOnlyHostname() {
 	)
 }
 
+func (suite *EtcFileConfigSuite) TearDownTest() {
+	suite.T().Log("tear down")
+
+	suite.ctxCancel()
+
+	suite.wg.Wait()
+
+	// trigger updates in resources to stop watch loops
+	err := suite.state.Create(context.Background(), config.NewMachineConfig(&v1alpha1.Config{
+		ConfigVersion: "v1alpha1",
+		MachineConfig: &v1alpha1.MachineConfig{},
+	}))
+	if state.IsConflictError(err) {
+		err = suite.state.Destroy(context.Background(), config.NewMachineConfig(nil).Metadata())
+	}
+
+	suite.Require().NoError(err)
+
+	suite.Assert().NoError(suite.state.Create(context.Background(), network.NewHostnameStatus(network.NamespaceName, "bar")))
+	suite.Assert().NoError(suite.state.Create(context.Background(), network.NewResolverStatus(network.NamespaceName, "bar")))
+	suite.Assert().NoError(suite.state.Create(context.Background(), network.NewNodeAddress(network.NamespaceName, "bar")))
+}
+
 func TestEtcFileConfigSuite(t *testing.T) {
 	suite.Run(t, new(EtcFileConfigSuite))
 }