Merge pull request #54 from phoracek/ocp4_cni_compatibility

Support OpenShift 4

Author: SchSeba

cluster/sync.sh

@@ -16,6 +16,6 @@ for i in $(seq 1 ${CLUSTER_NUM_NODES}); do
     ./cluster/cli.sh ssh "node$(printf "%02d" ${i})" 'sudo sysctl -w user.max_user_namespaces=1024'
 done
 
+./cluster/kubectl.sh create -f _out/namespace.yaml
 ./cluster/kubectl.sh create -f _out/crds/network-addons-config.crd.yaml
 ./cluster/kubectl.sh create -f _out/operator.yaml
-./cluster/kubectl.sh create -f _out/namespace.yaml

data/linux-bridge/002-linux-bridge.yaml

@@ -54,4 +54,4 @@ spec:
       volumes:
         - name: cnibin
           hostPath:
-            path: /opt/cni/bin
+            path: {{ .CNIBinDir }}

data/multus/002-multus.yaml

@@ -69,7 +69,7 @@ spec:
       volumes:
         - name: cni
           hostPath:
-            path: /etc/cni/net.d
+            path: {{ .CNIConfigDir }}
         - name: cnibin
           hostPath:
-            path: /opt/cni/bin
+            path: {{ .CNIBinDir }}

data/sriov/002-sriov-cni.yaml

@@ -46,4 +46,4 @@ spec:
       volumes:
         - name: cnibin
           hostPath:
-            path: /opt/cni/bin
+            path: {{ .CNIBinDir }}

pkg/controller/networkaddonsconfig/networkaddonsconfig_controller.go

@@ -57,27 +57,39 @@ func Add(mgr manager.Manager) error {
 		return fmt.Errorf("environment variable OPERATOR_NAMESPACE has to be set")
 	}
 
-	sccIsAvailable, err := isSCCAvailable(clientset)
+	clusterInfo := &network.ClusterInfo{}
+
+	openShift4, err := isRunningOnOpenShift4(clientset)
+	if err != nil {
+		return fmt.Errorf("failed to check whether running on OpenShift 4: %v", err)
+	}
+	if openShift4 {
+		log.Printf("Running on OpenShift 4")
+	}
+	clusterInfo.OpenShift4 = openShift4
+
+	sccAvailable, err := isSCCAvailable(clientset)
 	if err != nil {
 		return fmt.Errorf("failed to check for availability of SCC: %v", err)
 	}
+	clusterInfo.SCCAvailable = sccAvailable
 
-	return add(mgr, newReconciler(mgr, namespace, sccIsAvailable))
+	return add(mgr, newReconciler(mgr, namespace, clusterInfo))
 }
 
 // newReconciler returns a new ReconcileNetworkAddonsConfig
-func newReconciler(mgr manager.Manager, namespace string, sccIsAvailable bool) *ReconcileNetworkAddonsConfig {
+func newReconciler(mgr manager.Manager, namespace string, clusterInfo *network.ClusterInfo) *ReconcileNetworkAddonsConfig {
 	// Status manager is shared between both reconcilers and it is used to update conditions of
 	// NetworkAddonsConfig.State. NetworkAddonsConfig reconciler updates it with progress of rendering
 	// and applying of manifests. Pods reconciler updates it with progress of deployed pods.
 	statusManager := statusmanager.New(mgr.GetClient(), names.OPERATOR_CONFIG)
 	return &ReconcileNetworkAddonsConfig{
-		client:         mgr.GetClient(),
-		scheme:         mgr.GetScheme(),
-		namespace:      namespace,
-		podReconciler:  newPodReconciler(statusManager),
-		statusManager:  statusManager,
-		sccIsAvailable: sccIsAvailable,
+		client:        mgr.GetClient(),
+		scheme:        mgr.GetScheme(),
+		namespace:     namespace,
+		podReconciler: newPodReconciler(statusManager),
+		statusManager: statusManager,
+		clusterInfo:   clusterInfo,
 	}
 }
 
@@ -138,12 +150,12 @@ var _ reconcile.Reconciler = &ReconcileNetworkAddonsConfig{}
 type ReconcileNetworkAddonsConfig struct {
 	// This client, initialized using mgr.Client() above, is a split client
 	// that reads objects from the cache and writes to the apiserver
-	client         client.Client
-	scheme         *runtime.Scheme
-	namespace      string
-	podReconciler  *ReconcilePods
-	statusManager  *statusmanager.StatusManager
-	sccIsAvailable bool
+	client        client.Client
+	scheme        *runtime.Scheme
+	namespace     string
+	podReconciler *ReconcilePods
+	statusManager *statusmanager.StatusManager
+	clusterInfo   *network.ClusterInfo
 }
 
 // Reconcile reads that state of the cluster for a NetworkAddonsConfig object and makes changes based on the state read
@@ -245,7 +257,7 @@ func (r *ReconcileNetworkAddonsConfig) renderObjects(networkAddonsConfig *opv1al
 	}
 
 	// Generate the objects
-	objs, err = network.Render(&networkAddonsConfig.Spec, ManifestPath, openshiftNetworkConfig, r.sccIsAvailable)
+	objs, err = network.Render(&networkAddonsConfig.Spec, ManifestPath, openshiftNetworkConfig, r.clusterInfo)
 	if err != nil {
 		log.Printf("failed to render: %v", err)
 		err = errors.Wrapf(err, "failed to render")
@@ -327,6 +339,12 @@ func getOpenShiftNetworkConfig(ctx context.Context, c k8sclient.Client) (*osv1.N
 	return nc, nil
 }
 
+// Check whether running on OpenShift 4 by looking for operator objects that has been introduced
+// only in OpenShift 4
+func isRunningOnOpenShift4(c kubernetes.Interface) (bool, error) {
+	return isResourceAvailable(c, "configs", "imageregistry.operator.openshift.io", "v1")
+}
+
 func isSCCAvailable(c kubernetes.Interface) (bool, error) {
 	return isResourceAvailable(c, "securitycontextconstraints", "security.openshift.io", "v1")
 }

pkg/network/cluster-info.go

@@ -0,0 +1,6 @@
+package network
+
+type ClusterInfo struct {
+	SCCAvailable bool
+	OpenShift4   bool
+}

pkg/network/cni/cni.go

@@ -0,0 +1,8 @@
+package cni
+
+const (
+	ConfigDir           = "/etc/cni/net.d"
+	BinDir              = "/opt/cni/bin"
+	ConfigDirOpenShift4 = "/etc/kubernetes/cni/net.d"
+	BinDirOpenShift4    = "/var/lib/cni/bin"
+)

pkg/network/linux-bridge.go

@@ -10,6 +10,7 @@ import (
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 
 	opv1alpha1 "github.com/kubevirt/cluster-network-addons-operator/pkg/apis/networkaddonsoperator/v1alpha1"
+	"github.com/kubevirt/cluster-network-addons-operator/pkg/network/cni"
 )
 
 func changeSafeLinuxBridge(prev, next *opv1alpha1.NetworkAddonsConfigSpec) []error {
@@ -20,7 +21,7 @@ func changeSafeLinuxBridge(prev, next *opv1alpha1.NetworkAddonsConfigSpec) []err
 }
 
 // renderLinuxBridge generates the manifests of Linux Bridge
-func renderLinuxBridge(conf *opv1alpha1.NetworkAddonsConfigSpec, manifestDir string, enableSCC bool) ([]*unstructured.Unstructured, error) {
+func renderLinuxBridge(conf *opv1alpha1.NetworkAddonsConfigSpec, manifestDir string, clusterInfo *ClusterInfo) ([]*unstructured.Unstructured, error) {
 	if conf.LinuxBridge == nil {
 		return nil, nil
 	}
@@ -29,7 +30,12 @@ func renderLinuxBridge(conf *opv1alpha1.NetworkAddonsConfigSpec, manifestDir str
 	data := render.MakeRenderData()
 	data.Data["LinuxBridgeImage"] = os.Getenv("LINUX_BRIDGE_IMAGE")
 	data.Data["ImagePullPolicy"] = conf.ImagePullPolicy
-	data.Data["EnableSCC"] = enableSCC
+	if clusterInfo.OpenShift4 {
+		data.Data["CNIBinDir"] = cni.BinDirOpenShift4
+	} else {
+		data.Data["CNIBinDir"] = cni.BinDir
+	}
+	data.Data["EnableSCC"] = clusterInfo.SCCAvailable
 
 	objs, err := render.RenderDir(filepath.Join(manifestDir, "linux-bridge"), &data)
 	if err != nil {

pkg/network/multus.go

@@ -10,6 +10,7 @@ import (
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 
 	opv1alpha1 "github.com/kubevirt/cluster-network-addons-operator/pkg/apis/networkaddonsoperator/v1alpha1"
+	"github.com/kubevirt/cluster-network-addons-operator/pkg/network/cni"
 	"github.com/kubevirt/cluster-network-addons-operator/pkg/render"
 )
 
@@ -36,7 +37,7 @@ func changeSafeMultus(prev, next *opv1alpha1.NetworkAddonsConfigSpec) []error {
 }
 
 // RenderMultus generates the manifests of Multus
-func renderMultus(conf *opv1alpha1.NetworkAddonsConfigSpec, manifestDir string, openshiftNetworkConfig *osv1.Network, enableSCC bool) ([]*unstructured.Unstructured, error) {
+func renderMultus(conf *opv1alpha1.NetworkAddonsConfigSpec, manifestDir string, openshiftNetworkConfig *osv1.Network, clusterInfo *ClusterInfo) ([]*unstructured.Unstructured, error) {
 	if conf.Multus == nil || openshiftNetworkConfig != nil {
 		return nil, nil
 	}
@@ -45,7 +46,14 @@ func renderMultus(conf *opv1alpha1.NetworkAddonsConfigSpec, manifestDir string,
 	data := render.MakeRenderData()
 	data.Data["MultusImage"] = os.Getenv("MULTUS_IMAGE")
 	data.Data["ImagePullPolicy"] = conf.ImagePullPolicy
-	data.Data["EnableSCC"] = enableSCC
+	if clusterInfo.OpenShift4 {
+		data.Data["CNIConfigDir"] = cni.ConfigDirOpenShift4
+		data.Data["CNIBinDir"] = cni.BinDirOpenShift4
+	} else {
+		data.Data["CNIConfigDir"] = cni.ConfigDir
+		data.Data["CNIBinDir"] = cni.BinDir
+	}
+	data.Data["EnableSCC"] = clusterInfo.SCCAvailable
 
 	objs, err := render.RenderDir(filepath.Join(manifestDir, "multus"), &data)
 	if err != nil {

pkg/network/network.go

@@ -67,26 +67,26 @@ func IsChangeSafe(prev, next *opv1alpha1.NetworkAddonsConfigSpec) error {
 	return nil
 }
 
-func Render(conf *opv1alpha1.NetworkAddonsConfigSpec, manifestDir string, openshiftNetworkConfig *osv1.Network, enableSCC bool) ([]*unstructured.Unstructured, error) {
+func Render(conf *opv1alpha1.NetworkAddonsConfigSpec, manifestDir string, openshiftNetworkConfig *osv1.Network, clusterInfo *ClusterInfo) ([]*unstructured.Unstructured, error) {
 	log.Print("starting render phase")
 	objs := []*unstructured.Unstructured{}
 
 	// render Multus
-	o, err := renderMultus(conf, manifestDir, openshiftNetworkConfig, enableSCC)
+	o, err := renderMultus(conf, manifestDir, openshiftNetworkConfig, clusterInfo)
 	if err != nil {
 		return nil, err
 	}
 	objs = append(objs, o...)
 
 	// render Linux Bridge
-	o, err = renderLinuxBridge(conf, manifestDir, enableSCC)
+	o, err = renderLinuxBridge(conf, manifestDir, clusterInfo)
 	if err != nil {
 		return nil, err
 	}
 	objs = append(objs, o...)
 
 	// render SR-IOV
-	o, err = renderSriov(conf, manifestDir, enableSCC)
+	o, err = renderSriov(conf, manifestDir, clusterInfo)
 	if err != nil {
 		return nil, err
 	}