Implemented possibility to use Multus CNI, fixes #103 (#132)

improved some logging

fixed small issue related to the change in the way CNI field is handled

Fixing comments for validate func in webhook

Cleaning up multus RKE2-on-CAPD manifests

updated godoc comment on API field for rke2controlplane

Removed unnecessary comment in external AWS templates

Signed-off-by: Mohamed Belgaied Hassine <belgaied2@hotmail.com>

Author: belgaied2

bootstrap/internal/controllers/rke2config_controller.go

@@ -507,7 +507,7 @@ func (r *RKE2ConfigReconciler) joinControlplane(ctx context.Context, scope *Scop
 	scope.Logger.Info("RKE2 server token found in Secret!")
 
 	if len(scope.ControlPlane.Status.AvailableServerIPs) == 0 {
-		scope.Logger.V(3).Info("No ControlPlane IP Address found for node registration")
+		scope.Logger.Info("No ControlPlane IP Address found for node registration")
 
 		return ctrl.Result{RequeueAfter: DefaultRequeueAfter}, nil
 	}
@@ -637,7 +637,7 @@ func (r *RKE2ConfigReconciler) joinWorker(ctx context.Context, scope *Scope) (re
 	scope.Logger.Info("RKE2 server token found in Secret!")
 
 	if len(scope.ControlPlane.Status.AvailableServerIPs) == 0 {
-		scope.Logger.V(3).Info("No ControlPlane IP Address found for node registration")
+		scope.Logger.V(1).Info("No ControlPlane IP Address found for node registration")
 
 		return ctrl.Result{RequeueAfter: DefaultRequeueAfter}, nil
 	}

controlplane/api/v1alpha1/rke2controlplane_types.go

@@ -102,6 +102,11 @@ type RKE2ServerConfig struct {
 	//+optional
 	CNI CNI `json:"cni,omitempty"`
 
+	// CNIMultusEnable enables multus as the first CNI plugin (default: false).
+	// This option will automatically make Multus a primary CNI, and the value, if specified in the CNI field, as a secondary CNI plugin.
+	//+optional
+	CNIMultusEnable bool `json:"cniMultusEnable,omitempty"`
+
 	// PauseImage Override image to use for pause.
 	//+optional
 	PauseImage string `json:"pauseImage,omitempty"`

controlplane/api/v1alpha1/rke2controlplane_webhook.go

@@ -17,7 +17,9 @@ limitations under the License.
 package v1alpha1
 
 import (
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/util/validation/field"
 	ctrl "sigs.k8s.io/controller-runtime"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
@@ -50,12 +52,20 @@ var _ webhook.Validator = &RKE2ControlPlane{}
 
 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type.
 func (r *RKE2ControlPlane) ValidateCreate() error {
-	return bootstrapv1.ValidateRKE2ConfigSpec(r.Name, &r.Spec.RKE2ConfigSpec)
+	if bootstrapv1.ValidateRKE2ConfigSpec(r.Name, &r.Spec.RKE2ConfigSpec) != nil {
+		return bootstrapv1.ValidateRKE2ConfigSpec(r.Name, &r.Spec.RKE2ConfigSpec)
+	}
+
+	return ValidateRKE2ControlPlaneSpec(r.Name, &r.Spec)
 }
 
 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.
 func (r *RKE2ControlPlane) ValidateUpdate(old runtime.Object) error {
-	return bootstrapv1.ValidateRKE2ConfigSpec(r.Name, &r.Spec.RKE2ConfigSpec)
+	if bootstrapv1.ValidateRKE2ConfigSpec(r.Name, &r.Spec.RKE2ConfigSpec) != nil {
+		return bootstrapv1.ValidateRKE2ConfigSpec(r.Name, &r.Spec.RKE2ConfigSpec)
+	}
+
+	return ValidateRKE2ControlPlaneSpec(r.Name, &r.Spec)
 }
 
 // ValidateDelete implements webhook.Validator so a webhook will be registered for the type.
@@ -64,3 +74,26 @@ func (r *RKE2ControlPlane) ValidateDelete() error {
 
 	return nil
 }
+
+// ValidateRKE2ControlPlaneSpec validates the RKE2ControlPlaneSpec Object.
+func ValidateRKE2ControlPlaneSpec(name string, spec *RKE2ControlPlaneSpec) error {
+	allErrs := spec.validate()
+	if len(allErrs) == 0 {
+		return nil
+	}
+
+	return apierrors.NewInvalid(GroupVersion.WithKind("RKE2ControlPlane").GroupKind(), name, allErrs)
+}
+
+// validate validates the RKE2ControlPlaneSpec Object.
+func (s *RKE2ControlPlaneSpec) validate() field.ErrorList {
+	var allErrs field.ErrorList
+
+	if s.ServerConfig.CNIMultusEnable && s.ServerConfig.CNI == "" {
+		allErrs = append(allErrs,
+			field.Invalid(field.NewPath("spec", "serverConfig", "cni"),
+				s.ServerConfig.CNI, "must be specified when cniMultusEnable is true"))
+	}
+
+	return allErrs
+}

controlplane/config/crd/bases/controlplane.cluster.x-k8s.io_rke2controlplanes.yaml

@@ -707,6 +707,12 @@ spec:
                     - canal
                     - cilium
                     type: string
+                  cniMultusEnable:
+                    description: 'CNIMultusEnable enables multus as the first CNI
+                      plugin (default: false). This option will automatically make
+                      Multus a primary CNI, and the value, if specified in the CNI
+                      field, as a secondary CNI plugin.'
+                    type: boolean
                   disableComponents:
                     description: DisableComponents lists Kubernetes components and
                       RKE2 plugin components that will be disabled.

controlplane/internal/controllers/rke2controlplane_controller.go

@@ -256,7 +256,7 @@ func (r *RKE2ControlPlaneReconciler) updateStatus(ctx context.Context, rcp *cont
 
 	readyMachines := ownedMachines.Filter(collections.IsReady())
 	for _, readyMachine := range readyMachines {
-		logger.Info("Ready Machine :", "machine-name", readyMachine.Name)
+		logger.V(3).Info("Ready Machine : " + readyMachine.Name)
 	}
 
 	controlPlane, err := rke2.NewControlPlane(ctx, r.Client, cluster, rcp, ownedMachines)
@@ -346,7 +346,8 @@ func (r *RKE2ControlPlaneReconciler) updateStatus(ctx context.Context, rcp *cont
 		return fmt.Errorf("no Control Plane Machines are ready for RKE2ControlPlane %s/%s", rcp.Namespace, rcp.Name)
 	}
 
-	availableCPMachines := readyMachines.Filter(collections.Not(collections.HasUnhealthyCondition))
+	availableCPMachines := readyMachines
+
 	validIPAddresses := []string{}
 
 	for _, machine := range availableCPMachines {
@@ -355,9 +356,7 @@ func (r *RKE2ControlPlaneReconciler) updateStatus(ctx context.Context, rcp *cont
 			break
 		}
 
-		if !conditions.IsFalse(machine, clusterv1.MachineNodeHealthyCondition) {
-			validIPAddresses = append(validIPAddresses, ipAddress)
-		}
+		validIPAddresses = append(validIPAddresses, ipAddress)
 	}
 
 	rcp.Status.AvailableServerIPs = validIPAddresses

pkg/rke2/config.go

@@ -81,7 +81,7 @@ type rke2ServerConfig struct {
 	AdvertiseAddress                  string            `json:"advertise-address,omitempty"`
 	AuditPolicyFile                   string            `json:"audit-policy-file,omitempty"`
 	BindAddress                       string            `json:"bind-address,omitempty"`
-	CNI                               string            `json:"cni,omitempty"`
+	CNI                               []string          `json:"cni,omitempty"`
 	CloudControllerManagerExtraEnv    map[string]string `json:"cloud-controller-manager-extra-env,omitempty"`
 	CloudControllerManagerExtraMounts map[string]string `json:"cloud-controller-manager-extra-mount,omitempty"`
 	CloudProviderConfig               string            `json:"cloud-provider-config,omitempty"`
@@ -153,7 +153,7 @@ type ServerConfigOpts struct {
 	Client               client.Client
 }
 
-func newRKE2ServerConfig(opts ServerConfigOpts) (*rke2ServerConfig, []bootstrapv1.File, error) {
+func newRKE2ServerConfig(opts ServerConfigOpts) (*rke2ServerConfig, []bootstrapv1.File, error) { // nolint:gocyclo
 	rke2ServerConfig := &rke2ServerConfig{}
 	files := []bootstrapv1.File{}
 	rke2ServerConfig.AdvertiseAddress = opts.ServerConfig.AdvertiseAddress
@@ -195,7 +195,12 @@ func newRKE2ServerConfig(opts ServerConfigOpts) (*rke2ServerConfig, []bootstrapv
 	}
 
 	rke2ServerConfig.BindAddress = opts.ServerConfig.BindAddress
-	rke2ServerConfig.CNI = string(opts.ServerConfig.CNI)
+	if opts.ServerConfig.CNIMultusEnable {
+		rke2ServerConfig.CNI = append([]string{"multus"}, string(opts.ServerConfig.CNI))
+	} else if opts.ServerConfig.CNI != "" {
+		rke2ServerConfig.CNI = []string{string(opts.ServerConfig.CNI)}
+	}
+
 	rke2ServerConfig.ClusterDNS = opts.ServerConfig.ClusterDNS
 	rke2ServerConfig.ClusterDomain = opts.ServerConfig.ClusterDomain
 

pkg/rke2/config_test.go

@@ -174,7 +174,7 @@ var _ = Describe("RKE2ServerConfig", func() {
 		Expect(rke2ServerConfig.AdvertiseAddress).To(Equal(serverConfig.AdvertiseAddress))
 		Expect(rke2ServerConfig.AuditPolicyFile).To(Equal("/etc/rancher/rke2/audit-policy.yaml"))
 		Expect(rke2ServerConfig.BindAddress).To(Equal(serverConfig.BindAddress))
-		Expect(rke2ServerConfig.CNI).To(Equal(string(serverConfig.CNI)))
+		Expect(rke2ServerConfig.CNI).To(Equal([]string{string(serverConfig.CNI)}))
 		Expect(rke2ServerConfig.ClusterCIDR).To(Equal("192.168.0.0/16"))
 		Expect(rke2ServerConfig.ServiceCIDR).To(Equal("192.169.0.0/16"))
 		Expect(rke2ServerConfig.ClusterDNS).To(Equal(serverConfig.ClusterDNS))

samples/aws/external/cluster-template-external-cloud-provider.yaml

@@ -120,8 +120,6 @@ metadata:
 spec: 
   template:
     spec:
-      #preRKE2Commands:
-      #- sudo hostnamectl set-hostname $(curl -s http://169.254.169.254/1.0/meta-data/hostname)
       agentConfig:
         version: ${KUBERNETES_VERSION}+rke2r1
 ---

samples/docker/enable-multus/rke2-sample.yaml

@@ -0,0 +1,107 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ${CABPR_NAMESPACE}
+---
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: Cluster 
+metadata:
+  namespace: ${CABPR_NAMESPACE}
+  name: ${CLUSTER_NAME} 
+spec:
+  clusterNetwork:
+    pods:
+      cidrBlocks:
+      - 10.45.0.0/16
+    services:
+      cidrBlocks:
+      - 10.46.0.0/16
+    serviceDomain: cluster.local
+  controlPlaneRef:
+    apiVersion: controlplane.cluster.x-k8s.io/v1alpha1
+    kind: RKE2ControlPlane
+    name: ${CLUSTER_NAME}-control-plane
+  infrastructureRef:
+    apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+    kind: DockerCluster
+    name: ${CLUSTER_NAME}
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+kind: DockerCluster
+metadata:
+  name: ${CLUSTER_NAME}
+  namespace: ${CABPR_NAMESPACE}
+---
+apiVersion: controlplane.cluster.x-k8s.io/v1alpha1
+kind: RKE2ControlPlane
+metadata:
+  name: ${CLUSTER_NAME}-control-plane
+  namespace: ${CABPR_NAMESPACE}
+spec: 
+  replicas: ${CABPR_CP_REPLICAS}
+  agentConfig:
+    version: ${KUBERNETES_VERSION}+rke2r1
+  serverConfig:
+    cniMultusEnable: true
+    cni: calico
+  infrastructureRef:
+    apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+    kind: DockerMachineTemplate
+    name: controlplane
+  nodeDrainTimeout: 2m
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+kind: DockerMachineTemplate
+metadata:
+  name: controlplane
+  namespace: ${CABPR_NAMESPACE}
+spec:
+  template:
+    spec: {} 
+---
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: MachineDeployment
+metadata:
+  name: worker-md-0
+  namespace: ${CABPR_NAMESPACE}
+spec:
+  clusterName: ${CLUSTER_NAME}
+  replicas: ${CABPR_WK_REPLICAS}
+  selector:
+    matchLabels:
+      cluster.x-k8s.io/cluster-name: ${CLUSTER_NAME}
+  template:
+    spec:
+      version: ${KUBERNETES_VERSION}
+      clusterName: ${CLUSTER_NAME}
+      bootstrap:
+        configRef:
+          apiVersion: bootstrap.cluster.x-k8s.io/v1alpha1
+          kind: RKE2ConfigTemplate
+          name: ${CLUSTER_NAME}-agent
+          namespace: ${CABPR_NAMESPACE}
+      infrastructureRef:
+        apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+        kind: DockerMachineTemplate
+        name: worker
+        namespace: ${CABPR_NAMESPACE}
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+kind: DockerMachineTemplate
+metadata:
+  name: worker
+  namespace: ${CABPR_NAMESPACE}
+spec:
+  template:
+    spec: {} 
+---
+apiVersion: bootstrap.cluster.x-k8s.io/v1alpha1
+kind: RKE2ConfigTemplate
+metadata:
+  namespace: ${CABPR_NAMESPACE}
+  name: ${CLUSTER_NAME}-agent
+spec: 
+  template:
+    spec:
+      agentConfig:
+        version: ${KUBERNETES_VERSION}+rke2r1

samples/docker/enable-multus/rke2controlplane-test.yaml

@@ -0,0 +1,16 @@
+apiVersion: controlplane.cluster.x-k8s.io/v1alpha1
+kind: RKE2ControlPlane
+metadata:
+  name: rke2cp-test
+  namespace: webhook-test
+spec: 
+  replicas: 3
+  agentConfig:
+    version: v1.24.11+rke2r1
+  serverConfig:
+    cniMultusEnable: true
+  infrastructureRef:
+    apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+    kind: DockerMachineTemplate
+    name: controlplane
+  nodeDrainTimeout: 2m