From 57fd343e1dca437410a2762a73fdd378e8477c46 Mon Sep 17 00:00:00 2001 From: Ole Markus With Date: Thu, 9 Dec 2021 21:12:49 +0100 Subject: [PATCH] Make service topology for cilium configurable --- k8s/crds/kops.k8s.io_clusters.yaml | 4 ++++ pkg/apis/kops/networking.go | 3 +++ pkg/apis/kops/v1alpha2/networking.go | 3 +++ pkg/apis/kops/v1alpha2/zz_generated.conversion.go | 2 ++ pkg/apis/kops/v1alpha3/networking.go | 4 ++++ pkg/apis/kops/v1alpha3/zz_generated.conversion.go | 2 ++ pkg/apis/kops/validation/validation.go | 6 ++++++ ...object_minimal-ipv6.example.com-addons-bootstrap_content | 2 +- ...example.com-addons-networking.cilium.io-k8s-1.16_content | 1 + ...ct_minimal-warmpool.example.com-addons-bootstrap_content | 2 +- ...example.com-addons-networking.cilium.io-k8s-1.16_content | 1 + ...bject_privatecilium.example.com-addons-bootstrap_content | 2 +- ...example.com-addons-networking.cilium.io-k8s-1.16_content | 1 + ...ivateciliumadvanced.example.com-addons-bootstrap_content | 2 +- ...example.com-addons-networking.cilium.io-k8s-1.16_content | 1 + .../networking.cilium.io/k8s-1.16-v1.10.yaml.template | 2 ++ .../tests/bootstrapchannelbuilder/cilium/manifest.yaml | 2 +- .../metrics-server/insecure-1.19/manifest.yaml | 2 +- .../metrics-server/secure-1.19/manifest.yaml | 2 +- 19 files changed, 37 insertions(+), 7 deletions(-) diff --git a/k8s/crds/kops.k8s.io_clusters.yaml b/k8s/crds/kops.k8s.io_clusters.yaml index dc10b02c09..eff5ec6c5b 100644 --- a/k8s/crds/kops.k8s.io_clusters.yaml +++ b/k8s/crds/kops.k8s.io_clusters.yaml @@ -4698,6 +4698,10 @@ spec: description: 'EnableRemoteNodeIdentity enables the remote-node-identity. Default: true' type: boolean + enableServiceTopology: + description: EnableServiceTopology determine if cilium should + use topology aware hints. + type: boolean enableTracing: description: EnableTracing is unused. type: boolean diff --git a/pkg/apis/kops/networking.go b/pkg/apis/kops/networking.go index f50c07d167..63b152bd1a 100644 --- a/pkg/apis/kops/networking.go +++ b/pkg/apis/kops/networking.go @@ -411,6 +411,9 @@ type CiliumNetworkingSpec struct { // DisableCNPStatusUpdates determines if CNP NodeStatus updates will be sent to the Kubernetes api-server. DisableCNPStatusUpdates *bool `json:"disableCNPStatusUpdates,omitempty"` + + // EnableServiceTopology determine if cilium should use topology aware hints. + EnableServiceTopology bool `json:"enableServiceTopology,omitempty"` } // HubbleSpec configures the Hubble service on the Cilium agent. diff --git a/pkg/apis/kops/v1alpha2/networking.go b/pkg/apis/kops/v1alpha2/networking.go index 341e60ac19..9f974092c0 100644 --- a/pkg/apis/kops/v1alpha2/networking.go +++ b/pkg/apis/kops/v1alpha2/networking.go @@ -575,6 +575,9 @@ type CiliumNetworkingSpec struct { CniBinPath string `json:"cniBinPath,omitempty"` // DisableCNPStatusUpdates determines if CNP NodeStatus updates will be sent to the Kubernetes api-server. DisableCNPStatusUpdates *bool `json:"disableCNPStatusUpdates,omitempty"` + + // EnableServiceTopology determine if cilium should use topology aware hints. + EnableServiceTopology bool `json:"enableServiceTopology,omitempty"` } // HubbleSpec configures the Hubble service on the Cilium agent. diff --git a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go index a6cc8caf86..38622f303f 100644 --- a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go +++ b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go @@ -1955,6 +1955,7 @@ func autoConvert_v1alpha2_CiliumNetworkingSpec_To_kops_CiliumNetworkingSpec(in * // INFO: in.NodeInitBootstrapFile opted out of conversion generation // INFO: in.CniBinPath opted out of conversion generation out.DisableCNPStatusUpdates = in.DisableCNPStatusUpdates + out.EnableServiceTopology = in.EnableServiceTopology return nil } @@ -2010,6 +2011,7 @@ func autoConvert_kops_CiliumNetworkingSpec_To_v1alpha2_CiliumNetworkingSpec(in * out.Hubble = nil } out.DisableCNPStatusUpdates = in.DisableCNPStatusUpdates + out.EnableServiceTopology = in.EnableServiceTopology return nil } diff --git a/pkg/apis/kops/v1alpha3/networking.go b/pkg/apis/kops/v1alpha3/networking.go index 37dbc8642a..1611b5d64c 100644 --- a/pkg/apis/kops/v1alpha3/networking.go +++ b/pkg/apis/kops/v1alpha3/networking.go @@ -18,6 +18,7 @@ package v1alpha3 import ( "k8s.io/apimachinery/pkg/api/resource" + "k8s.io/kops/pkg/apis/kops" ) @@ -394,6 +395,9 @@ type CiliumNetworkingSpec struct { // DisableCNPStatusUpdates determines if CNP NodeStatus updates will be sent to the Kubernetes api-server. DisableCNPStatusUpdates *bool `json:"disableCNPStatusUpdates,omitempty"` + + // EnableServiceTopology determine if cilium should use topology aware hints. + EnableServiceTopology bool `json:"enableServiceTopology,omitempty"` } // HubbleSpec configures the Hubble service on the Cilium agent. diff --git a/pkg/apis/kops/v1alpha3/zz_generated.conversion.go b/pkg/apis/kops/v1alpha3/zz_generated.conversion.go index 60b8103b1c..6022edfadb 100644 --- a/pkg/apis/kops/v1alpha3/zz_generated.conversion.go +++ b/pkg/apis/kops/v1alpha3/zz_generated.conversion.go @@ -1861,6 +1861,7 @@ func autoConvert_v1alpha3_CiliumNetworkingSpec_To_kops_CiliumNetworkingSpec(in * out.Hubble = nil } out.DisableCNPStatusUpdates = in.DisableCNPStatusUpdates + out.EnableServiceTopology = in.EnableServiceTopology return nil } @@ -1921,6 +1922,7 @@ func autoConvert_kops_CiliumNetworkingSpec_To_v1alpha3_CiliumNetworkingSpec(in * out.Hubble = nil } out.DisableCNPStatusUpdates = in.DisableCNPStatusUpdates + out.EnableServiceTopology = in.EnableServiceTopology return nil } diff --git a/pkg/apis/kops/validation/validation.go b/pkg/apis/kops/validation/validation.go index 51ce026399..2369cad05f 100644 --- a/pkg/apis/kops/validation/validation.go +++ b/pkg/apis/kops/validation/validation.go @@ -889,6 +889,12 @@ func validateNetworkingCilium(cluster *kops.Cluster, v *kops.CiliumNetworkingSpe if version.Minor < 10 && v.EncryptionType == kops.CiliumEncryptionTypeWireguard { allErrs = append(allErrs, field.Forbidden(fldPath.Child("encryptionType"), "Cilium EncryptionType=WireGuard is not available for Cilium version < 1.10.0.")) } + + if version.Minor < 11 { + if v.EnableServiceTopology { + allErrs = append(allErrs, field.Forbidden(fldPath.Child("enableServiceTopology"), "Service topology requires Cilium 1.11")) + } + } } if v.EnableNodePort && c.KubeProxy != nil && (c.KubeProxy.Enabled == nil || *c.KubeProxy.Enabled) { diff --git a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_bucket_object_minimal-ipv6.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_bucket_object_minimal-ipv6.example.com-addons-bootstrap_content index 78cc8b6112..7499b24385 100644 --- a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_bucket_object_minimal-ipv6.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_bucket_object_minimal-ipv6.example.com-addons-bootstrap_content @@ -54,7 +54,7 @@ spec: version: 9.99.0 - id: k8s-1.16 manifest: networking.cilium.io/k8s-1.16-v1.10.yaml - manifestHash: c98c74504ff171fcfa552b53a87f67137a1487d31171c176a6880c0d41ebf623 + manifestHash: 1206170b5352579dabf78db9f85cf7e4170454e18158315fe9aa7bf0d15c1b7a name: networking.cilium.io needsRollingUpdate: all selector: diff --git a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_bucket_object_minimal-ipv6.example.com-addons-networking.cilium.io-k8s-1.16_content b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_bucket_object_minimal-ipv6.example.com-addons-networking.cilium.io-k8s-1.16_content index bddfd1af9c..7dad60aacd 100644 --- a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_bucket_object_minimal-ipv6.example.com-addons-networking.cilium.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_s3_bucket_object_minimal-ipv6.example.com-addons-networking.cilium.io-k8s-1.16_content @@ -49,6 +49,7 @@ data: enable-l7-proxy: "true" enable-node-port: "false" enable-remote-node-identity: "true" + enable-service-topology: "false" identity-allocation-mode: crd identity-change-grace-period: 5s install-iptables-rules: "true" diff --git a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_bucket_object_minimal-warmpool.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_bucket_object_minimal-warmpool.example.com-addons-bootstrap_content index 9d0d9b2d29..e6c80f02dc 100644 --- a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_bucket_object_minimal-warmpool.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_bucket_object_minimal-warmpool.example.com-addons-bootstrap_content @@ -54,7 +54,7 @@ spec: version: 9.99.0 - id: k8s-1.16 manifest: networking.cilium.io/k8s-1.16-v1.10.yaml - manifestHash: c449432de8df143eb56fb384e16e2631d029d614172043ef42ca329fde2933b3 + manifestHash: b6f375005c2450576148cc428680bd32b9abfe404fa43399b6f0cd60b5cd3d61 name: networking.cilium.io needsRollingUpdate: all selector: diff --git a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_bucket_object_minimal-warmpool.example.com-addons-networking.cilium.io-k8s-1.16_content b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_bucket_object_minimal-warmpool.example.com-addons-networking.cilium.io-k8s-1.16_content index 4131cd8a9d..f0c8fce18e 100644 --- a/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_bucket_object_minimal-warmpool.example.com-addons-networking.cilium.io-k8s-1.16_content +++ b/tests/integration/update_cluster/minimal-warmpool/data/aws_s3_bucket_object_minimal-warmpool.example.com-addons-networking.cilium.io-k8s-1.16_content @@ -49,6 +49,7 @@ data: enable-l7-proxy: "true" enable-node-port: "false" enable-remote-node-identity: "true" + enable-service-topology: "false" identity-allocation-mode: crd identity-change-grace-period: 5s install-iptables-rules: "true" diff --git a/tests/integration/update_cluster/privatecilium/data/aws_s3_bucket_object_privatecilium.example.com-addons-bootstrap_content b/tests/integration/update_cluster/privatecilium/data/aws_s3_bucket_object_privatecilium.example.com-addons-bootstrap_content index 5288786610..badce63e73 100644 --- a/tests/integration/update_cluster/privatecilium/data/aws_s3_bucket_object_privatecilium.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/privatecilium/data/aws_s3_bucket_object_privatecilium.example.com-addons-bootstrap_content @@ -54,7 +54,7 @@ spec: version: 9.99.0 - id: k8s-1.16 manifest: networking.cilium.io/k8s-1.16-v1.10.yaml - manifestHash: abde120455236502ea9a96bfc4e884b0b73fec606df9b10ac2c61b5bcd19eb78 + manifestHash: 316f256062e3e4560695793d66963f1efc812e38b2f746a28aa67c48007f07fc name: networking.cilium.io needsRollingUpdate: all selector: diff --git a/tests/integration/update_cluster/privatecilium/data/aws_s3_bucket_object_privatecilium.example.com-addons-networking.cilium.io-k8s-1.16_content b/tests/integration/update_cluster/privatecilium/data/aws_s3_bucket_object_privatecilium.example.com-addons-networking.cilium.io-k8s-1.16_content index e1602ff7da..ad5980a017 100644 --- a/tests/integration/update_cluster/privatecilium/data/aws_s3_bucket_object_privatecilium.example.com-addons-networking.cilium.io-k8s-1.16_content +++ b/tests/integration/update_cluster/privatecilium/data/aws_s3_bucket_object_privatecilium.example.com-addons-networking.cilium.io-k8s-1.16_content @@ -49,6 +49,7 @@ data: enable-l7-proxy: "true" enable-node-port: "false" enable-remote-node-identity: "true" + enable-service-topology: "false" identity-allocation-mode: crd identity-change-grace-period: 5s install-iptables-rules: "true" diff --git a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_bucket_object_privateciliumadvanced.example.com-addons-bootstrap_content b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_bucket_object_privateciliumadvanced.example.com-addons-bootstrap_content index c829c85294..0ad009ab3c 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_bucket_object_privateciliumadvanced.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_bucket_object_privateciliumadvanced.example.com-addons-bootstrap_content @@ -54,7 +54,7 @@ spec: version: 9.99.0 - id: k8s-1.16 manifest: networking.cilium.io/k8s-1.16-v1.10.yaml - manifestHash: 91c06f487cb2bb86db1c7dfff7dcdeb139795e0c2bc3da2b702005661a6870bd + manifestHash: aed3c488129f6bc6fc64a7f36e42377f38f9cc26f94bd360da82ae28f1d73906 name: networking.cilium.io needsRollingUpdate: all selector: diff --git a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_bucket_object_privateciliumadvanced.example.com-addons-networking.cilium.io-k8s-1.16_content b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_bucket_object_privateciliumadvanced.example.com-addons-networking.cilium.io-k8s-1.16_content index a704566e4c..b70917de0c 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_bucket_object_privateciliumadvanced.example.com-addons-networking.cilium.io-k8s-1.16_content +++ b/tests/integration/update_cluster/privateciliumadvanced/data/aws_s3_bucket_object_privateciliumadvanced.example.com-addons-networking.cilium.io-k8s-1.16_content @@ -53,6 +53,7 @@ data: enable-l7-proxy: "true" enable-node-port: "true" enable-remote-node-identity: "true" + enable-service-topology: "false" etcd-config: |- --- endpoints: diff --git a/upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.16-v1.10.yaml.template b/upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.16-v1.10.yaml.template index 92f36cd1f3..ed40d4ecf9 100644 --- a/upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.16-v1.10.yaml.template +++ b/upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.16-v1.10.yaml.template @@ -256,6 +256,8 @@ data: disable-cnp-status-updates: "{{ .DisableCNPStatusUpdates }}" + enable-service-topology: "{{ .EnableServiceTopology }}" + {{ if WithDefaultBool .Hubble.Enabled false }} # Enable Hubble gRPC service. enable-hubble: "true" diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml index 2ddb2b0a41..ca6401d112 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml @@ -54,7 +54,7 @@ spec: version: 9.99.0 - id: k8s-1.16 manifest: networking.cilium.io/k8s-1.16-v1.10.yaml - manifestHash: 472d1ede7b67d9a5dae1dd8b49312a238091233d56a184319e16df0027653d6f + manifestHash: 84627dabca6e6fe741520d1770365676b0c5b22c34d3040459e9a3ca21c4a50a name: networking.cilium.io needsRollingUpdate: all selector: diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.19/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.19/manifest.yaml index 1a550eeeda..4cd280d57f 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.19/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.19/manifest.yaml @@ -61,7 +61,7 @@ spec: version: 9.99.0 - id: k8s-1.16 manifest: networking.cilium.io/k8s-1.16-v1.10.yaml - manifestHash: 472d1ede7b67d9a5dae1dd8b49312a238091233d56a184319e16df0027653d6f + manifestHash: 84627dabca6e6fe741520d1770365676b0c5b22c34d3040459e9a3ca21c4a50a name: networking.cilium.io needsRollingUpdate: all selector: diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/manifest.yaml index a64eb984a7..68990089d1 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.19/manifest.yaml @@ -68,7 +68,7 @@ spec: version: 9.99.0 - id: k8s-1.16 manifest: networking.cilium.io/k8s-1.16-v1.10.yaml - manifestHash: 472d1ede7b67d9a5dae1dd8b49312a238091233d56a184319e16df0027653d6f + manifestHash: 84627dabca6e6fe741520d1770365676b0c5b22c34d3040459e9a3ca21c4a50a name: networking.cilium.io needsRollingUpdate: all selector: