dind: add support for ovn-kubernetes network plugin#15756
dind: add support for ovn-kubernetes network plugin#15756openshift-merge-robot merged 2 commits intoopenshift:masterfrom
Conversation
openshift-merge-robot
added
the
size/L
dcbw
force-pushed
the
dind-ovn
branch
2 times, most recently
from
99dccf3 to
2b87ad4
Compare
dcbw
force-pushed
the
dind-ovn
branch
2 times, most recently
from
08b0549 to
d19ce7f
Compare
|
@rajatchopra updated; we actually get pod IPs now even |
|
@stevekuznetsov @danwinship review from you guys would be useful too, thanks! |
dcbw
changed the title
stevekuznetsov
left a comment
stevekuznetsov
left a comment
There was a problem hiding this comment.
Most comments apply generally to all of the bash scripts
hack/dind-cluster.sh
Outdated
| done | ||
|
|
||
| # OVN requires CNI network plugin and OVN_ROOT to be set | ||
| if [[ -n "${USE_OVN}" ]]; then |
There was a problem hiding this comment.
With set -o nounset these will fail, use "${USE_OVN:-}" etc for them
hack/dind-cluster.sh
Outdated
| copy-runtime "${origin_root}" "${config_root}/" | ||
|
|
||
| ovn_kubernetes= | ||
| if [ -d "${ovn_root}" ]; then |
hack/dind-cluster.sh
Outdated
| exit 1 | ||
| fi | ||
| elif [[ -n "${OVN_ROOT}" ]]; then | ||
| OVN_ROOT= |
There was a problem hiding this comment.
Do you want this empty or unset?
| function is-api-running() { | ||
| local config=$1 | ||
|
|
||
| /usr/local/bin/oc --config="${kube_config}" get nodes &> /dev/null |
There was a problem hiding this comment.
/usr/local/bin/oc --config="${kube_config}" get --raw /healthz/ready?
| /usr/local/bin/oadm --config="${kube_config}" policy add-scc-to-user anyuid -z ovn | ||
| fi | ||
|
|
||
| ovnsecret=$(/usr/local/bin/oc --config="${kube_config}" get secrets | grep ovn | tail -1 | awk '{ print $1 }') |
There was a problem hiding this comment.
oc sa get-token instead of these two lines
| local config_dir=$1 | ||
| local kube_config="${config_dir}/admin.kubeconfig" | ||
|
|
||
| ovnsecret=$(/usr/local/bin/oc --config="${kube_config}" get secrets | grep ovn | tail -1 | awk '{ print $1 }') |
| token=$(/usr/local/bin/oc --config="${kube_config}" describe secret $ovnsecret | grep "token:" | awk '{ print $2 }') | ||
|
|
||
| local master_config="${config_dir}/master-config.yaml" | ||
| cluster_cidr=$(grep clusterNetworkCIDR ${master_config} | cut -f 4 -d' ') |
There was a problem hiding this comment.
do you have python? might be better to use yaml.load() here -- no guarantee that the value is on the same line
There was a problem hiding this comment.
done, does that look any better?
OVN.md
Outdated
| @@ -0,0 +1,16 @@ | |||
| ovn-kubernetes DIND | |||
| ==================== | |||
There was a problem hiding this comment.
if this is intended to stick around it should probably go in docs/
hack/dind-cluster.sh
Outdated
| -i build container images before starting the cluster | ||
| -r remove an existing cluster | ||
| -s skip waiting for nodes to become ready | ||
| -o enable the OVN network plugin; implies "-n cni" and valid OVN_ROOT |
There was a problem hiding this comment.
Can you just make this be -n ovn? And while you're there, make -n subnet/multitenant/networkpolicy work too? There's no reason we have to make the user write out the full name of the plugin since we restrict it to a limited set of supported plugins anyway.
There was a problem hiding this comment.
done, new commit for the plugin arg renames too
| --ovn-south-db "tcp://${ovn_master_ip}:6642" \ | ||
| --init-master `hostname` \ | ||
| --net-controller | ||
| # --ovn-north-db "ssl://${ovn_nb_ip}:6641" \ |
There was a problem hiding this comment.
what's all the commented-out stuff?
| RUN dnf -y install dnf-plugins-core &&\ | ||
| dnf -y copr enable danw/origin-dind-ovs &&\ | ||
| dnf -y update openvswitch | ||
| dnf -y copr enable leifmadsen/ovs-master &&\ |
There was a problem hiding this comment.
Even though this is developer-only I feel like it would be better to use a COPR we maintain. I can update the packages in my COPR...
There was a problem hiding this comment.
@danwinship if you could update the packages, that would be awesome.
There was a problem hiding this comment.
OK, try danw/origin-dind-ovs-master.
images/dind/node/Dockerfile
Outdated
| @@ -25,8 +25,12 @@ RUN dnf -y update && dnf -y install\ | |||
|
|
|||
| # Upgrade to a newer OVS. (This can go away when the base image is upgraded to F26.) | |||
There was a problem hiding this comment.
"F26" there probably has to be "F27" now?
Actually, the original idea was that the previous RUN installs everything (including an out-of-date version of openvswitch), and then this RUN is just to handle the fact that Fedora's OVS is too old. But the patch below changes things so this RUN would still be necessary even if Fedora had the latest OVN (because we're not even installing OVN in the previous RUN). So either the installs should be rearranged to keep the old behavior, or else the comment should be rewritten to not imply that this section will eventually go away.
Needs a '-o' or OVN will not run. |
dcbw
force-pushed
the
dind-ovn
branch
2 times, most recently
from
8111eba to
fa767e5
Compare
|
@stevekuznetsov @danwinship I believe I've addressed all your comments, PTAL thanks! |
stevekuznetsov
left a comment
stevekuznetsov
left a comment
There was a problem hiding this comment.
Bash bits LGTM, one nit
| fi | ||
|
|
||
| token=$(/usr/local/bin/oc --config="${kube_config}" sa get-token ovn) | ||
| echo "${token}" > ${config_dir}/ovn.token |
There was a problem hiding this comment.
Could collapse this
/usr/local/bin/oc --config="${kube_config}" sa get-token ovn > ${config_dir}/ovn.token| # OVN requires CNI network plugin and OVN_ROOT to be set | ||
| if [[ "${NETWORK_PLUGIN}" = "ovn" ]]; then | ||
| NETWORK_PLUGIN="cni" | ||
| if [[ -z "${OVN_ROOT}" ]]; then |
There was a problem hiding this comment.
If it can be unset use :- defaulting
There was a problem hiding this comment.
@stevekuznetsov I defaulted it above:
ADDITIONAL_ARGS=""
OVN_ROOT="${OVN_ROOT:-}"
case "${1:-""}" in
start)
BUILD=
is that sufficent?
There was a problem hiding this comment.
Yes, sorry -- didn't catch that
danwinship
left a comment
danwinship
left a comment
There was a problem hiding this comment.
Changes look good except for a bit of cruft.
Commit message still refers to OVN.md
hack/dind-cluster.sh
Outdated
| copy-ovn-runtime "${ovn_root}" "${config_root}/" | ||
| ovn_kubernetes=1 | ||
| else | ||
| ovn_kubernetes= |
There was a problem hiding this comment.
redundant, you already set it before the if
hack/dind-cluster.sh
Outdated
| REMOVE_EXISTING_CLUSTER= | ||
| OPTIND=2 | ||
| while getopts ":bin:rsN:" opt; do | ||
| while getopts ":boin:rsN:" opt; do |
hack/dind-cluster.sh
Outdated
| -i build container images before starting the cluster | ||
| -r remove an existing cluster | ||
| -s skip waiting for nodes to become ready | ||
| -o enable the OVN network plugin; implies "-n cni" and valid OVN_ROOT |
See OVN.md for more details.
-n now takes one of [ subnet | multitenant | networkpolicy | ovn | cni ]
|
@danwinship @stevekuznetsov one more PTAL, thanks! |
stevekuznetsov
left a comment
stevekuznetsov
left a comment
There was a problem hiding this comment.
LGTM from a Bash perspective
rajatchopra
left a comment
rajatchopra
left a comment
There was a problem hiding this comment.
I tested it locally and the cluster comes up fine.
/lgtm
|
/test end_to_end |
|
@liggitt could we get an approve on this one? thanks! |
|
@stevekuznetsov can you /approve? |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dcbw, rajatchopra, stevekuznetsov The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
openshift-merge-robot
added
the
approved
|
Automatic merge from submit-queue (batch tested with PRs 14825, 15756, 16178, 16188, 16189) |
8 participants
@rajatchopra here's the Origin part...
Operation:
hack/dind-cluster.sh build-imagesOVN_ROOT=/path/to/ovn-kubernetes hack/dind-cluster.sh start -o