crio, deploy: provide manifests to deploy controller for this runtime

This PR changes the manifest templating to also provide a manifest for CRIO based installations. This manifest features a different runtime configuration, which will cause the controller to use a different container runtime to access the pod's sandbox ID, and namespace. The golang code is also updated to use this new runtime, when configured. Signed-off-by: Miguel Duarte Barroso <[email protected]>
k8snetworkplumbingwg · Oct 6, 2022 · 9c0d9f0 · 9c0d9f0
1 parent e3cec11
commit 9c0d9f0
Show file tree

Hide file tree

Showing 6 changed files with 163 additions and 10 deletions.
diff --git a/Makefile b/Makefile
@@ -5,7 +5,8 @@ IMAGE_REGISTRY ?= ghcr.io/maiqueb
 IMAGE_NAME ?= multus-dynamic-networks-controller
 IMAGE_TAG ?= latest-amd64
 
-CRI_SOCKET_PATH ?= "/host/run/containerd/containerd.sock"
+CRI_SOCKET_PATH ?= "/run/containerd/containerd.sock"
+CRIO_SOCKET_PATH ?= "/run/crio/crio.sock"
 
 .PHONY: manifests
 
@@ -22,6 +23,7 @@ img-build: build test
 
 manifests:
 	IMAGE_REGISTRY=${IMAGE_REGISTRY} IMAGE_TAG=${IMAGE_TAG} CRI_SOCKET_PATH=${CRI_SOCKET_PATH} hack/generate_manifests.sh
+	CRIO_RUNTIME="yes" IMAGE_REGISTRY=${IMAGE_REGISTRY} IMAGE_TAG=${IMAGE_TAG} CRI_SOCKET_PATH=${CRIO_SOCKET_PATH} hack/generate_manifests.sh
 
 test:
 	$(GO) test -v ./pkg/...

diff --git a/cmd/dynamic-networks-controller/networks-controller.go b/cmd/dynamic-networks-controller/networks-controller.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"os"
 	"os/signal"
+	"time"
 
 	corev1 "k8s.io/api/core/v1"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -24,6 +25,7 @@ import (
 	"github.com/maiqueb/multus-dynamic-networks-controller/pkg/controller"
 	"github.com/maiqueb/multus-dynamic-networks-controller/pkg/cri"
 	"github.com/maiqueb/multus-dynamic-networks-controller/pkg/cri/containerd"
+	"github.com/maiqueb/multus-dynamic-networks-controller/pkg/cri/crio"
 	"github.com/maiqueb/multus-dynamic-networks-controller/pkg/logging"
 	"github.com/maiqueb/multus-dynamic-networks-controller/pkg/multuscni"
 )
@@ -89,7 +91,7 @@ func newController(stopChannel chan struct{}, configuration *config.Multus) (*co
 
 	containerRuntime, err := newContainerRuntime(configuration)
 	if err != nil {
-		return nil, fmt.Errorf("failed to create the CRI: %v", err)
+		return nil, fmt.Errorf("failed to create CRI type %s: %v", configuration.CriType, err)
 	}
 
 	podNetworksController, err := controller.NewPodNetworksController(
@@ -146,5 +148,9 @@ func handleSignals(stopChannel chan struct{}, signals ...os.Signal) {
 
 func newContainerRuntime(configuration *config.Multus) (cri.ContainerRuntime, error) {
 	const withoutTimeout = 0
+	if configuration.CriType == cri.Crio {
+		crioTimeout := 5 * time.Second
+		return crio.NewRuntime(configuration.CriSocketPath, crioTimeout)
+	}
 	return containerd.NewContainerdRuntime(configuration.CriSocketPath, withoutTimeout)
 }
diff --git a/hack/generate_manifests.sh b/hack/generate_manifests.sh
@@ -7,7 +7,11 @@ templates_dir="$ROOT/templates"
 
 for file in `ls $templates_dir/`; do
 	echo $file
-	j2 -e IMAGE_REGISTRY -e IMAGE_TAG -e CRI_SOCKET_PATH ${templates_dir}/$file -o manifests/${file%.j2}
+	if [ -z CRIO_RUNTIME ]; then
+	  j2 -e IMAGE_REGISTRY -e IMAGE_TAG -e CRI_SOCKET_PATH ${templates_dir}/$file -o "manifests/${file%.j2}"
+	else
+	  j2 -e CRIO_RUNTIME -e IMAGE_REGISTRY -e IMAGE_TAG -e CRI_SOCKET_PATH ${templates_dir}/$file -o "manifests/crio-${file%.j2}"
+	fi
 done
 unset IMAGE_REGISTRY
 unset IMAGE_TAG

diff --git a/manifests/crio-dynamic-networks-controller.yaml b/manifests/crio-dynamic-networks-controller.yaml
@@ -0,0 +1,138 @@
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: dynamic-networks-controller
+rules:
+  - apiGroups: ["k8s.cni.cncf.io"]
+    resources:
+      - network-attachment-definitions
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+      - pods/status
+    verbs:
+      - get
+      - list
+      - update
+      - watch
+  - apiGroups:
+      - ""
+      - events.k8s.io
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+      - update
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: dynamic-networks-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: dynamic-networks-controller
+subjects:
+  - kind: ServiceAccount
+    name: dynamic-networks-controller
+    namespace: kube-system
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: dynamic-networks-controller
+  namespace: kube-system
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: dynamic-networks-controller-config
+  namespace: kube-system
+  labels:
+    tier: node
+    app: multus-dynamic-networks-controller
+data:
+  dynamic-networks-config.json: |
+    {
+        "criType": "crio",
+        "criSocketPath": "/host/run/crio/crio.sock",
+        "multusSocketPath": "/host/run/multus/multus.sock"
+    }
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: dynamic-networks-controller-ds
+  namespace: kube-system
+  labels:
+    tier: node
+    app: dynamic-networks-controller
+    name: dynamic-networks-controller
+spec:
+  selector:
+    matchLabels:
+      name: dynamic-networks-controller
+  updateStrategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        tier: node
+        app: dynamic-networks-controller
+        name: dynamic-networks-controller
+    spec:
+      tolerations:
+        - operator: Exists
+          effect: NoSchedule
+        - operator: Exists
+          effect: NoExecute
+      serviceAccountName: dynamic-networks-controller
+      containers:
+        - name: dynamic-networks-controller
+          env:
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                    fieldPath: spec.nodeName
+          image: ghcr.io/maiqueb/multus-dynamic-networks-controller:latest-amd64
+          command: [ "/dynamic-networks-controller" ]
+          args:
+            - "-config=/etc/dynamic-networks-controller/dynamic-networks-config.json"
+            - "-v=5"
+          resources:
+            requests:
+              cpu: "100m"
+              memory: "50Mi"
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - name: dynamic-networks-controller-config-dir
+              mountPath: /etc/dynamic-networks-controller/
+              readOnly: true
+            - name: multus-server-socket
+              mountPath: /host/run/multus/multus.sock
+            - name: cri-socket
+              mountPath: /host/run/crio/crio.sock
+      terminationGracePeriodSeconds: 10
+      volumes:
+        - name: dynamic-networks-controller-config-dir
+          configMap:
+            name: dynamic-networks-controller-config
+            items:
+              - key: dynamic-networks-config.json
+                path: dynamic-networks-config.json
+        -  name: multus-server-socket
+           hostPath:
+             path: /run/multus/multus.sock
+             type: Socket
+        -  name: cri-socket
+           hostPath:
+             path: /run/crio/crio.sock
+             type: Socket
diff --git a/manifests/dynamic-networks-controller.yaml b/manifests/dynamic-networks-controller.yaml
@@ -117,7 +117,7 @@ spec:
               readOnly: true
             - name: multus-server-socket
               mountPath: /host/run/multus/multus.sock
-            - name: containerd-socket
+            - name: cri-socket
               mountPath: /host/run/containerd/containerd.sock
       terminationGracePeriodSeconds: 10
       volumes:
@@ -131,7 +131,7 @@ spec:
            hostPath:
              path: /run/multus/multus.sock
              type: Socket
-        -  name: containerd-socket
+        -  name: cri-socket
            hostPath:
              path: /run/containerd/containerd.sock
              type: Socket
diff --git a/templates/dynamic-networks-controller.yaml.j2 b/templates/dynamic-networks-controller.yaml.j2
@@ -61,7 +61,10 @@ metadata:
 data:
   dynamic-networks-config.json: |
     {
-        "criSocketPath": "{{ CRI_SOCKET_PATH }}",
+        {%- if CRIO_RUNTIME is defined %}
+        "criType": "crio",
+        {%- endif %}
+        "criSocketPath": "/host{{ CRI_SOCKET_PATH }}",
         "multusSocketPath": "/host/run/multus/multus.sock"
     }
 ---
@@ -117,8 +120,8 @@ spec:
               readOnly: true
             - name: multus-server-socket
               mountPath: /host/run/multus/multus.sock
-            - name: containerd-socket
-              mountPath: {{ CRI_SOCKET_PATH }}
+            - name: cri-socket
+              mountPath: /host{{ CRI_SOCKET_PATH }}
       terminationGracePeriodSeconds: 10
       volumes:
         - name: dynamic-networks-controller-config-dir
@@ -131,7 +134,7 @@ spec:
            hostPath:
              path: /run/multus/multus.sock
              type: Socket
-        -  name: containerd-socket
+        -  name: cri-socket
            hostPath:
-             path: /run/containerd/containerd.sock
+             path: {{ CRI_SOCKET_PATH }}
              type: Socket