Set cilium defaults in code

2020-06-02 22:04:15 +02:00 · 2020-06-02 22:04:15 +02:00 · 39751cfe63
parent d6929b6335
commit 39751cfe63
6 changed files with 86 additions and 8 deletions
--- a/pkg/model/components/BUILD.bazel
+++ b/pkg/model/components/BUILD.bazel
@ -4,6 +4,7 @@ go_library(
    name = "go_default_library",
    srcs = [
        "apiserver.go",
+        "cilium.go",
        "containerd.go",
        "context.go",
        "defaults.go",
--- a/pkg/model/components/cilium.go
+++ b/pkg/model/components/cilium.go
@ -0,0 +1,76 @@
+/*
+Copyright 2020 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package components
+
+import (
+	"k8s.io/kops/pkg/apis/kops"
+	"k8s.io/kops/upup/pkg/fi/loader"
+)
+
+// CiliumOptionsBuilder adds options for the cilium to the model
+type CiliumOptionsBuilder struct {
+	Context *OptionsContext
+}
+
+var _ loader.OptionsBuilder = &CiliumOptionsBuilder{}
+
+func (b *CiliumOptionsBuilder) BuildOptions(o interface{}) error {
+	clusterSpec := o.(*kops.ClusterSpec)
+	c := clusterSpec.Networking.Cilium
+	if c == nil {
+		return nil
+	}
+
+	if c.Version == "" {
+		if b.Context.IsKubernetesLT("1.12.0") {
+			c.Version = "v1.6.9"
+		} else if b.Context.IsKubernetesLT("1.18.0") {
+			c.Version = "v1.7.4"
+		}
+	}
+
+	if c.BPFCTGlobalAnyMax == 0 {
+		c.BPFCTGlobalAnyMax = 262144
+
+	}
+	if c.BPFCTGlobalTCPMax == 0 {
+		c.BPFCTGlobalTCPMax = 524288
+	}
+
+	if c.ClusterName == "" {
+		c.ClusterName = "default"
+	}
+
+	if c.MonitorAggregation == "" {
+		c.MonitorAggregation = "medium"
+	}
+
+	if c.SidecarIstioProxyImage == "" {
+		c.SidecarIstioProxyImage = "cilium/istio_proxy"
+	}
+
+	if c.Tunnel == "" {
+		c.Tunnel = "vxlan"
+	}
+
+	if c.ToFqdnsDNSRejectResponseCode == "" {
+		c.ToFqdnsDNSRejectResponseCode = "refused"
+	}
+
+	return nil
+
+}
--- a/upup/models/bindata.go
+++ b/upup/models/bindata.go
@ -4154,14 +4154,14 @@ data:
  #   - disabled
  #   - vxlan (default)
  #   - geneve
-  tunnel: "{{- if eq .Tunnel "" -}}vxlan{{- else -}}{{ .Tunnel }}{{- end -}}"
+  tunnel: "{{ .Tunnel }}"

  # Name of the cluster. Only relevant when building a mesh of clusters.
-  cluster-name: "{{- if eq .ClusterName "" -}}default{{- else -}}{{ .ClusterName}}{{- end -}}"
+  cluster-name: "{{ .ClusterName }}"

  # DNS response code for rejecting DNS requests,
  # available options are "nameError" and "refused"
-  tofqdns-dns-reject-response-code: "{{- if eq .ToFqdnsDNSRejectResponseCode  "" -}}refused{{- else -}}{{ .ToFqdnsDNSRejectResponseCode }}{{- end -}}"
+  tofqdns-dns-reject-response-code: "{{ .ToFqdnsDNSRejectResponseCode }}"
  # This option is disabled by default starting from version 1.4.x in favor
  # of a more powerful DNS proxy-based implementation, see [0] for details.
  # Enable this option if you want to use FQDN policies but do not want to use
--- a/upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.12.yaml.template
+++ b/upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.12.yaml.template
@ -107,14 +107,14 @@ data:
  #   - disabled
  #   - vxlan (default)
  #   - geneve
-  tunnel: "{{- if eq .Tunnel "" -}}vxlan{{- else -}}{{ .Tunnel }}{{- end -}}"
+  tunnel: "{{ .Tunnel }}"

  # Name of the cluster. Only relevant when building a mesh of clusters.
-  cluster-name: "{{- if eq .ClusterName "" -}}default{{- else -}}{{ .ClusterName}}{{- end -}}"
+  cluster-name: "{{ .ClusterName }}"

  # DNS response code for rejecting DNS requests,
  # available options are "nameError" and "refused"
-  tofqdns-dns-reject-response-code: "{{- if eq .ToFqdnsDNSRejectResponseCode  "" -}}refused{{- else -}}{{ .ToFqdnsDNSRejectResponseCode }}{{- end -}}"
+  tofqdns-dns-reject-response-code: "{{ .ToFqdnsDNSRejectResponseCode }}"
  # This option is disabled by default starting from version 1.4.x in favor
  # of a more powerful DNS proxy-based implementation, see [0] for details.
  # Enable this option if you want to use FQDN policies but do not want to use
--- a/upup/pkg/fi/cloudup/populate_cluster_spec.go
+++ b/upup/pkg/fi/cloudup/populate_cluster_spec.go
@ -305,6 +305,7 @@ func (c *populateClusterSpec) run(clientset simple.Clientset) error {
 			codeModels = append(codeModels, &components.KubeControllerManagerOptionsBuilder{Context: optionsContext})
 			codeModels = append(codeModels, &components.KubeSchedulerOptionsBuilder{OptionsContext: optionsContext})
 			codeModels = append(codeModels, &components.KubeProxyOptionsBuilder{Context: optionsContext})
+			codeModels = append(codeModels, &components.CiliumOptionsBuilder{Context: optionsContext})
 		}
 	}

--- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml
+++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml
@ -89,7 +89,7 @@ spec:
  - id: k8s-1.7
    kubernetesVersion: <1.12.0
    manifest: networking.cilium.io/k8s-1.7.yaml
-    manifestHash: e6670d455bcd03c5b85ccb6ff6bbe6e068aa7674
+    manifestHash: 590dd7dc770d721f15d63e8983aa253010757ddd
    name: networking.cilium.io
    selector:
      role.kubernetes.io/networking: "1"
@ -97,7 +97,7 @@ spec:
  - id: k8s-1.12
    kubernetesVersion: '>=1.12.0'
    manifest: networking.cilium.io/k8s-1.12.yaml
-    manifestHash: 2cac1ca4c0db3b48bb066d1477e6cdfe4f3080d5
+    manifestHash: 61f05c6e376a570b3f1e53d6b0b2ed9e63cf4c50
    name: networking.cilium.io
    selector:
      role.kubernetes.io/networking: "1"