Skip to content
This repository was archived by the owner on Apr 2, 2022. It is now read-only.

[WIP] Support Network object #16

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

[WIP] Support Network object #16

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
2f762a4
move admission under pod-admission
phoracek Jul 20, 2018
04bdd6d
keep vendor included in repo
phoracek Jul 20, 2018
c95bbfa
move provider.go under separate module
phoracek Jul 20, 2018
1365db1
initial network admission hook implementation
phoracek Jul 20, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
The diff you're trying to view is too large. We only load the first 3000 changed files.
10 changes: 5 additions & 5 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,15 +102,15 @@ dep ensure
# don't refresh, just download dependencies
dep ensure --vendor-only

# build admission binary locally
CGO_ENABLED=0 GOOS=linux go build cmd/admission/main.go
# build pod admission binary locally
CGO_ENABLED=0 GOOS=linux go build cmd/pod-admission/main.go

# build deviceplugin binary locally
CGO_ENABLED=0 GOOS=linux go build cmd/deviceplugin/main.go

# build and push admission image
docker build -f cmd/admission/Dockerfile -t phoracek/kubetron-admission:latest .
docker push phoracek/kubetron-admission:latest
# build and push pod admission image
docker build -f cmd/pod-admission/Dockerfile -t phoracek/kubetron-pod-admission:latest .
docker push phoracek/kubetron-pod-admission:latest

# build and push deviceplugin image
docker build -f cmd/deviceplugin/Dockerfile -t phoracek/kubetron-deviceplugin:latest .
Expand Down
10 changes: 0 additions & 10 deletions cmd/admission/Dockerfile
View file
Open in desktop

This file was deleted.

2 changes: 0 additions & 2 deletions cmd/deviceplugin/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,6 @@
FROM golang:1.9 AS builder
WORKDIR /go/src/github.com/phoracek/kubetron/
RUN curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh
COPY . .
RUN dep ensure --vendor-only
RUN CGO_ENABLED=0 GOOS=linux go build -o /bin/kubetron-deviceplugin github.com/phoracek/kubetron/cmd/deviceplugin

FROM fedora:27
Expand Down
8 changes: 8 additions & 0 deletions cmd/network-admission/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
FROM golang:1.9 AS builder
WORKDIR /go/src/github.com/phoracek/kubetron/
COPY . .
RUN CGO_ENABLED=0 GOOS=linux go build -o /bin/kubetron-network-admission github.com/phoracek/kubetron/cmd/network-admission

FROM alpine
COPY --from=builder /bin/kubetron-network-admission /bin/kubetron-network-admission
ENTRYPOINT ["/bin/kubetron-network-admission"]
41 changes: 41 additions & 0 deletions cmd/network-admission/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
package main

import (
"flag"
"os"

"github.com/golang/glog"
"github.com/openshift/generic-admission-server/pkg/cmd/server"
"github.com/spf13/pflag"
genericapiserver "k8s.io/apiserver/pkg/server"
"k8s.io/apiserver/pkg/util/logs"

admission "github.com/phoracek/kubetron/pkg/network-admission"
)

func main() {
flagset := pflag.NewFlagSet("kubetron-network-admission", pflag.ExitOnError)

ah := &admission.AdmissionHook{}

logs.InitLogs()
defer logs.FlushLogs()

stopCh := genericapiserver.SetupSignalHandler()

cmd := server.NewCommandStartAdmissionServer(os.Stdout, os.Stderr, stopCh, ah)
cmd.Short = "Launch Kubetron Network Admission Server"
cmd.Long = "Launch Kubetron Network Admission Server"

// Add admission hook flags
cmd.PersistentFlags().AddFlagSet(flagset)

// Flags for glog
cmd.PersistentFlags().AddGoFlagSet(flag.CommandLine)
// Fix glog printing "Error: logging before flag.Parse"
flag.CommandLine.Parse([]string{})

if err := cmd.Execute(); err != nil {
glog.Fatal(err)
}
}
8 changes: 8 additions & 0 deletions cmd/pod-admission/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
FROM golang:1.9 AS builder
WORKDIR /go/src/github.com/phoracek/kubetron/
COPY . .
RUN CGO_ENABLED=0 GOOS=linux go build -o /bin/kubetron-pod-admission github.com/phoracek/kubetron/cmd/pod-admission

FROM alpine
COPY --from=builder /bin/kubetron-pod-admission /bin/kubetron-pod-admission
ENTRYPOINT ["/bin/kubetron-pod-admission"]
8 changes: 4 additions & 4 deletions cmd/admission/main.go → cmd/pod-admission/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,11 @@ import (
genericapiserver "k8s.io/apiserver/pkg/server"
"k8s.io/apiserver/pkg/util/logs"

"github.com/phoracek/kubetron/pkg/admission"
admission "github.com/phoracek/kubetron/pkg/pod-admission"
)

func main() {
flagset := pflag.NewFlagSet("kubetron-admission", pflag.ExitOnError)
flagset := pflag.NewFlagSet("kubetron-network-admission", pflag.ExitOnError)

ah := &admission.AdmissionHook{}

Expand All @@ -29,8 +29,8 @@ func main() {
stopCh := genericapiserver.SetupSignalHandler()

cmd := server.NewCommandStartAdmissionServer(os.Stdout, os.Stderr, stopCh, ah)
cmd.Short = "Launch Kubetron Admission Server"
cmd.Long = "Launch Kubetron Admission Server"
cmd.Short = "Launch Kubetron Pod Admission Server"
cmd.Long = "Launch Kubetron Pod Admission Server"

// Add admission hook flags
cmd.PersistentFlags().AddFlagSet(flagset)
Expand Down
123 changes: 110 additions & 13 deletions deploy/addon.yaml.in
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -161,40 +161,40 @@ items:
- apiVersion: v1
kind: Service
metadata:
name: admission
name: pod-admission
namespace: kubetron
labels:
app: admission
app: pod-admission
spec:
ports:
- name: https-webhook
port: 443
selector:
app: admission
app: pod-admission

- apiVersion: apps/v1
kind: DaemonSet
metadata:
name: admission
name: pod-admission
namespace: kubetron
labels:
app: admission
app: pod-admission
spec:
selector:
matchLabels:
app: admission
app: pod-admission
updateStrategy:
type: RollingUpdate
template:
metadata:
name: admission
name: pod-admission
labels:
app: admission
app: pod-admission
spec:
serviceAccountName: kubetron
containers:
- name: admission
image: $ADMISSION_IMAGE
- name: pod-admission
image: $POD_ADMISSION_IMAGE
imagePullPolicy: Always
args:
- --tls-cert-file=/etc/certs/cert.pem
Expand Down Expand Up @@ -263,14 +263,14 @@ items:
- apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
metadata:
name: kubetron
name: kubetron-pod
webhooks:
- name: kubetron.network.kubevirt.io
clientConfig:
service:
name: admission
name: pod-admission
namespace: kubetron
path: /apis/kubetron.network.kubevirt.io/v1alpha1/admission
path: /apis/kubetron.network.kubevirt.io/v1alpha1/pod-admission
caBundle: $KUBERNETES_CA
rules:
- operations: ["CREATE", "DELETE"]
Expand All @@ -284,6 +284,103 @@ items:
- key: kubetron.network.kubevirt.io/ignoreAdmission
operator: DoesNotExist

- apiVersion: v1
kind: Service
metadata:
name: network-admission
namespace: kubetron
labels:
app: network-admission
spec:
ports:
- name: https-webhook
port: 443
selector:
app: network-admission

- apiVersion: apps/v1
kind: DaemonSet
metadata:
name: network-admission
namespace: kubetron
labels:
app: network-admission
spec:
selector:
matchLabels:
app: network-admission
updateStrategy:
type: RollingUpdate
template:
metadata:
name: network-admission
labels:
app: network-admission
spec:
serviceAccountName: kubetron
containers:
- name: network-admission
image: $NETWORK_ADMISSION_IMAGE
imagePullPolicy: Always
args:
- --tls-cert-file=/etc/certs/cert.pem
- --tls-private-key-file=/etc/certs/key.pem
- --audit-log-path=-
- --audit-policy-file=/etc/config/audit.yaml
- --v=6
livenessProbe:
httpGet:
scheme: HTTPS
path: /healthz
port: 443
initialDelaySeconds: 10
readinessProbe:
httpGet:
scheme: HTTPS
path: /healthz
port: 443
initialDelaySeconds: 10
volumeMounts:
- name: certs
mountPath: /etc/certs
readOnly: true
- name: audit-config
mountPath: /etc/config
readOnly: true
volumes:
- name: certs
secret:
secretName: admission-certs
- name: audit-config
configMap:
name: admission-audit-config
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
nodeSelector:
"kubernetes.io/hostname": "k8s-01"

- apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
metadata:
name: kubetron-network
webhooks:
- name: kubetron.network.kubevirt.io
clientConfig:
service:
name: network-admission
namespace: kubetron
path: /apis/kubetron.network.kubevirt.io/v1alpha1/network-admission
caBundle: $KUBERNETES_CA
rules:
- operations: ["CREATE", "DELETE"]
apiGroups: ["*"]
apiVersions: ["*"]
resources:
- networks
failurePolicy: Fail

- apiVersion: apps/v1
kind: DaemonSet
metadata:
Expand Down
6 changes: 4 additions & 2 deletions hack/install-addon
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
#!/bin/bash -xe

KUBECTL=./hack/kubectl
ADMISSION_IMAGE=${ADMISSION_IMAGE:-phoracek/kubetron-admission:latest}
POD_ADMISSION_IMAGE=${POD_ADMISSION_IMAGE:-phoracek/kubetron-pod-admission:latest}
NETWORK_ADMISSION_IMAGE=${NETWORK_ADMISSION_IMAGE:-phoracek/kubetron-network-admission:latest}
DEVICEPLUGIN_IMAGE=${DEVICEPLUGIN_IMAGE:-phoracek/kubetron-deviceplugin:latest}

cat <<EOF | $KUBECTL create -f -
Expand Down Expand Up @@ -38,7 +39,8 @@ $KUBECTL create --save-config namespace kubetron
sleep 2

cat deploy/addon.yaml.in | \
sed "s#\$ADMISSION_IMAGE#$ADMISSION_IMAGE#g" | \
sed "s#\$POD_ADMISSION_IMAGE#$POD_ADMISSION_IMAGE#g" | \
sed "s#\$NETWORK_ADMISSION_IMAGE#$NETWORK_ADMISSION_IMAGE#g" | \
sed "s#\$DEVICEPLUGIN_IMAGE#$DEVICEPLUGIN_IMAGE#g" | \
sed "s/\$ADMISSION_CERT/$ADMISSION_CERT/g" | \
sed "s/\$ADMISSION_KEY/$ADMISSION_KEY/g" | \
Expand Down
43 changes: 0 additions & 43 deletions hack/networks/roles/create-local-networks/tasks/main.yml~
View file
Open in desktop

This file was deleted.

4 changes: 2 additions & 2 deletions hack/reinstall-addon
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
#!/bin/bash -x

KUBECTL=./hack/kubectl
ADMISSION_IMAGE=${ADMISSION_IMAGE:-phoracek/kubetron-admission:latest}
POD_ADMISSION_IMAGE=${POD_ADMISSION_IMAGE:-phoracek/kubetron-pod-admission:latest}
DEVICEPLUGIN_IMAGE=${DEVICEPLUGIN_IMAGE:-phoracek/kubetron-deviceplugin:latest}

ADMISSION_CERT=$(cat server.crt | base64 -w 0)
Expand All @@ -15,7 +15,7 @@ $KUBECTL create --save-config namespace kubetron
sleep 2

cat deploy/addon.yaml.in | \
sed "s#\$ADMISSION_IMAGE#$ADMISSION_IMAGE#g" | \
sed "s#\$POD_ADMISSION_IMAGE#$POD_ADMISSION_IMAGE#g" | \
sed "s#\$DEVICEPLUGIN_IMAGE#$DEVICEPLUGIN_IMAGE#g" | \
sed "s/\$ADMISSION_CERT/$ADMISSION_CERT/g" | \
sed "s/\$ADMISSION_KEY/$ADMISSION_KEY/g" | \
Expand Down
Loading