GCI: add support for network plugin #27027
Conversation
andyzheng0831
added
release-note
| @@ -146,6 +146,17 @@ function install-kube-binary-config { | |||
| else | |||
| rm -f "${kube_bin}/kubelet" | |||
| fi | |||
| if [[ "${NETWORK_PROVIDER:-}" == "kubenet" ]] || \ | |||
| [[ "${NETWORK_PROVIDER:-}" == "cni" ]]; then | |||
| #TODO(andyzheng0831): We should make the cni version number as a k8s env variable. | |||
There was a problem hiding this comment.
@freehan I think we should find a way to simplify the code maintenance when bumping the cni version. One option is put the version number in a kube env variable, which will be passed to the network plugin manifest and here. So you will need to just update one place whenever you need to bump the version. What do you think?
There was a problem hiding this comment.
If cni is specified then the cni version should be another kube-env field.
There was a problem hiding this comment.
I am not familiar with the cni manifest change, so I leave a TODO here, and will coordinate with the cni owner freehan@ to make the change, which will be in a separate PR.
There was a problem hiding this comment.
Ideally, we always want to use the latest stable cni version in kubenet. If customer want to specify their own, they can use cni network plugin and bring their own config/binary.
k8s-github-robot
added
the
size/M
| @@ -261,6 +268,12 @@ function assemble-docker-flags { | |||
| fi | |||
|
|
|||
| echo "DOCKER_OPTS=\"${docker_opts} ${EXTRA_DOCKER_OPTS:-}\"" > /etc/default/docker | |||
| # If using a network plugin, we need to explicitly restart docker daemon, because | |||
| # kubelet will not do it. | |||
| if [[ "${use_net_plugin=}" == "true" ]]; then | |||
There was a problem hiding this comment.
should this be "${use_net_plugin:-}"?
There was a problem hiding this comment.
Nice catch, thanks! Will correct it.
|
@roberthbailey @fabioy the network plugin was added since 1.2 branch but I notice currently GKE does not use the network plugin. I am not sure what is GKE's plan about this network plugin feature. If not necessary, we may avoid making a trusty change for it and cherrypick in 1.2-release branch. |
| @@ -329,6 +343,7 @@ function start-kubelet { | |||
| flags+=" --register-schedulable=false" | |||
| flags+=" --reconcile-cidr=false" | |||
| flags+=" --pod-cidr=10.123.45.0/30" | |||
| reconcile_cidr=false | |||
There was a problem hiding this comment.
flags += " --reconcile-cidr=false"
There was a problem hiding this comment.
Ah I made a mistake that I thought the default value is false. Just check it, this flag is true by default. I will update the code
|
@freehan the PR is updated, please review it. Thanks! |
| @@ -329,6 +343,7 @@ function start-kubelet { | |||
| flags+=" --register-schedulable=false" | |||
| flags+=" --reconcile-cidr=false" | |||
There was a problem hiding this comment.
you may end up with duplicate flag here
There was a problem hiding this comment.
This should be deleted. Will update it shortly
|
LGTM pending on tests |
|
@k8s-bot test this issue #IGNORE |
|
GCE e2e build/test passed for commit 66d6b43. |
freehan
added
lgtm
|
bump priority. This PR is required to integrate GCI with kubenet |
freehan
removed
the
lgtm
|
just to be safe. Can we NOT run kubenet on master? Since we are very close to release cut. |
|
Nevermind. just check the code once again. It should be ok. |
freehan
added
the
lgtm
|
@freehan FYI, if you think network plugin is not ready to deploy, please set the NETWORK_PROVIDER to false. For GCI, our target is to provide feature parity as ContainerVM, and this is the reason why I made this PR to add the network plugin in GCI config. As for GKE rollout, this pr should be OK because currently GKE does not use kubenet. |
|
@k8s-bot test this [submit-queue is verifying that this PR is safe to merge] |
|
GCE e2e build/test passed for commit 66d6b43. |
|
Automatic merge from submit-queue |
|
@matchstick -- what is the plan with network plugins for 1.3? |
|
@roberthbailey kubenet is on by default now. |
Automatic merge from submit-queue Revert "Revert "GCI: add support for network plugin"" PR #27027 added the network plugin support in GCI config, but later a bug in the network plugin broke e2e tests (see issue #27118). The bug was fixed by #27141 and we have been repeatedly run the serial e2e tests more than 10 times to verify the fix. Now it should be safe to put the GCI network plugin support back. We will first merge in the master branch and monitor the Jenkins serial tests for a while and then cherry-pick it into release-1.3 branch.
| @@ -341,6 +355,15 @@ function start-kubelet { | |||
| flags+=" --hairpin-mode=${HAIRPIN_MODE}" | |||
| fi | |||
| fi | |||
| # Network plugin | |||
| if [[ -n "${NETWORK_PROVIDER:-}" ]]; then | |||
| flags+=" --network-plugin-dir=/home/kubernetes/bin" | |||
There was a problem hiding this comment.
Note that for CNI this parameter sets the directory where config is searched, not binaries. As far as I can tell CNI just doesn't work on GCI now.
There was a problem hiding this comment.
True. Will fix it along with: #28563
There was a problem hiding this comment.
Oh; I actually started on a PR as this is a total blocker for me.
There was a problem hiding this comment.
Go ahead then. I have not started. Please also refer to the discussions in #28563.
I had run e2e against a cluster with both master and nodes on GCI a couple of times. The PR auto tests will cover the hybrid cluster with just master on GCI.
cc/ @roberthbailey @fabioy @kubernetes/goog-image