From c37e39db35fe04811c8e4630212220887353700a Mon Sep 17 00:00:00 2001 From: Bin Liu Date: Tue, 28 Mar 2023 19:28:28 +0800 Subject: [PATCH] add FSS for antreaNsx Signed-off-by: Bin Liu --- .../antrea/antreaconfig_controller.go | 4 +- .../controllers/testdata/antrea-test-2.yaml | 11 +++ addons/main.go | 14 +++- addons/pkg/config/config.go | 2 + addons/pkg/config/options.go | 71 +++++++++++++++++++ .../config/upstream/addons-manager.yaml | 15 ++++ .../telemetry/zz_generated.bindata.go | 24 ++----- 7 files changed, 119 insertions(+), 22 deletions(-) create mode 100644 addons/pkg/config/options.go diff --git a/addons/controllers/antrea/antreaconfig_controller.go b/addons/controllers/antrea/antreaconfig_controller.go index 0818505dc5..c3a7bf13a6 100644 --- a/addons/controllers/antrea/antreaconfig_controller.go +++ b/addons/controllers/antrea/antreaconfig_controller.go @@ -329,7 +329,7 @@ func (r *AntreaConfigReconciler) ensureProviderServiceAccount(ctx context.Contex } func (r *AntreaConfigReconciler) registerAntreaNSX(ctx context.Context, antreaConfig *cniv1alpha2.AntreaConfig, cluster *clusterapiv1beta1.Cluster) error { - if !antreaConfig.Spec.AntreaNsx.Enable || antreaConfig.Spec.AntreaNsx.BootstrapFrom.Inline != nil { + if !r.Config.AntreaNsxEnabledFSS || !antreaConfig.Spec.AntreaNsx.Enable || antreaConfig.Spec.AntreaNsx.BootstrapFrom.Inline != nil { r.Log.Info("antreaNsx is not enabled or inline is set, there is no ProviderServiceAccount or NsxServiceAccount to be created") r.deregisterAntreaNSX(ctx, antreaConfig, cluster) return nil @@ -354,7 +354,7 @@ func (r *AntreaConfigReconciler) registerAntreaNSX(ctx context.Context, antreaCo } func (r *AntreaConfigReconciler) deregisterAntreaNSX(ctx context.Context, antreaConfig *cniv1alpha2.AntreaConfig, cluster *clusterapiv1beta1.Cluster) error { - if !antreaConfig.Spec.AntreaNsx.Enable { + if !r.Config.AntreaNsxEnabledFSS || !antreaConfig.Spec.AntreaNsx.Enable { r.Log.Info("antreaNsx is not enabled, there is no ProviderServiceAccount or NsxServiceAccount to be deleted") return nil } diff --git a/addons/controllers/testdata/antrea-test-2.yaml b/addons/controllers/testdata/antrea-test-2.yaml index 6f9eea0a0e..7552e4a060 100644 --- a/addons/controllers/testdata/antrea-test-2.yaml +++ b/addons/controllers/testdata/antrea-test-2.yaml @@ -34,6 +34,17 @@ kind: DockerCluster metadata: name: test-cluster-5 --- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app: addons-manager + name: vmware-system-tkg-addons-manager-config + namespace: tkg-system +data: + addons-manager.conf: | + antreaNsxEnabled: true +--- apiVersion: cni.tanzu.vmware.com/v1alpha2 kind: AntreaConfig metadata: diff --git a/addons/main.go b/addons/main.go index 3c9b88a686..f837a11a6d 100644 --- a/addons/main.go +++ b/addons/main.go @@ -120,6 +120,7 @@ type addonFlags struct { pprofBindAddress string tlsMinVersion string tlsCipherSuites string + configFile string } func parseAddonFlags(addonFlags *addonFlags) { @@ -164,6 +165,7 @@ func parseAddonFlags(addonFlags *addonFlags) { flag.StringVar(&addonFlags.pprofBindAddress, "pprof-bind-addr", ":18318", "Bind address of pprof web server if enabled") flag.StringVar(&addonFlags.tlsMinVersion, "tls-min-version", "1.2", "minimum TLS version in use by the webhook server. Recommended values are \"1.2\" and \"1.3\".") flag.StringVar(&addonFlags.tlsCipherSuites, "tls-cipher-suites", "", "Comma-separated list of cipher suites for the server. If omitted, the default Go cipher suites will be used.\n"+fmt.Sprintf("Possible values are %s.", strings.Join(cliflag.TLSCipherPossibleValues(), ", "))) + flag.StringVar(&addonFlags.configFile, "config-file", "", "The path to set configuration file for addon manager") flag.Parse() } @@ -237,6 +239,9 @@ func main() { os.Exit(1) } + opt := addonconfig.NewOptions(ctrl.Log.WithName("controllers").WithName("Addon")) + opt.Complete(flags.configFile) + addonReconciler := &controllers.AddonReconciler{ Client: mgr.GetClient(), Log: ctrl.Log.WithName("controllers").WithName("Addon"), @@ -251,6 +256,7 @@ func main() { AddonImagePullPolicy: flags.addonImagePullPolicy, CorePackageRepoName: flags.corePackageRepoName, FeatureGateClusterBootstrap: flags.featureGateClusterBootstrap, + AntreaNsxEnabled: opt.Config.AntreaNsxEnabled, }, } if err = addonReconciler.SetupWithManager(ctx, mgr, controller.Options{MaxConcurrentReconciles: flags.clusterConcurrency}); err != nil { @@ -258,7 +264,7 @@ func main() { os.Exit(1) } if flags.featureGateClusterBootstrap { - enableClusterBootstrapAndConfigControllers(ctx, mgr, flags) + enableClusterBootstrapAndConfigControllers(ctx, mgr, flags, opt.Config.AntreaNsxEnabled) enableWebhooks(ctx, mgr, flags) } @@ -300,7 +306,7 @@ func setupChecks(mgr ctrl.Manager) { } } -func enableClusterBootstrapAndConfigControllers(ctx context.Context, mgr ctrl.Manager, flags *addonFlags) { +func enableClusterBootstrapAndConfigControllers(ctx context.Context, mgr ctrl.Manager, flags *addonFlags, antreaNsxEnabled bool) { if err := (&calicocontroller.CalicoConfigReconciler{ Client: mgr.GetClient(), Log: ctrl.Log.WithName("CalicoConfigController"), @@ -317,7 +323,9 @@ func enableClusterBootstrapAndConfigControllers(ctx context.Context, mgr ctrl.Ma Log: ctrl.Log.WithName("AntreaConfigController"), Scheme: mgr.GetScheme(), Config: addonconfig.AntreaConfigControllerConfig{ - ConfigControllerConfig: addonconfig.ConfigControllerConfig{SystemNamespace: flags.addonNamespace}}, + ConfigControllerConfig: addonconfig.ConfigControllerConfig{SystemNamespace: flags.addonNamespace}, + AntreaNsxEnabledFSS: antreaNsxEnabled, + }, }).SetupWithManager(ctx, mgr, controller.Options{MaxConcurrentReconciles: 1}); err != nil { setupLog.Error(err, "unable to create AntreaConfigController", "controller", "antrea") os.Exit(1) diff --git a/addons/pkg/config/config.go b/addons/pkg/config/config.go index 4f17829dcf..03e862262b 100644 --- a/addons/pkg/config/config.go +++ b/addons/pkg/config/config.go @@ -19,6 +19,7 @@ type AddonControllerConfig struct { AddonImagePullPolicy string CorePackageRepoName string FeatureGateClusterBootstrap bool + AntreaNsxEnabled bool } // ClusterBootstrapControllerConfig contains configuration information related to ClusterBootstrap @@ -53,6 +54,7 @@ type ConfigControllerConfig struct { // AntreaConfigControllerConfig contains configuration information of AntreaConfig controller type AntreaConfigControllerConfig struct { ConfigControllerConfig + AntreaNsxEnabledFSS bool } // CalicoConfigControllerConfig contains configuration information of CalicoConfig controller diff --git a/addons/pkg/config/options.go b/addons/pkg/config/options.go new file mode 100644 index 0000000000..4f67516e33 --- /dev/null +++ b/addons/pkg/config/options.go @@ -0,0 +1,71 @@ +package config + +import ( + "os" + + "github.com/go-logr/logr" + "gopkg.in/yaml.v2" +) + +const ( + defaultConfigurationFile = "/etc/addons-manager/addons-manager.conf" +) + +type Options struct { + // The path of configuration file + ConfigFile string + Config *ControllerConfig + Log logr.Logger +} + +type ControllerConfig struct { + AntreaNsxEnabled bool `yaml:"antreaNsxEnabled,omitempty"` +} + +func NewOptions(Log logr.Logger) *Options { + return &Options{ + Config: new(ControllerConfig), + Log: Log, + } +} + +func (o *Options) Complete(configFile string) error { + o.setDefaults() + if configFile != "" { + _, err := os.Stat(configFile) + if err != nil { + o.Log.Info("configFile does not exist, will use default settings") + return nil + } + o.ConfigFile = configFile + } + if len(o.ConfigFile) > 0 { + o.Log.Info("config file is", o.ConfigFile) + err := o.loadConfigFromFile(o.ConfigFile) + if err != nil { + return err + } + } + return nil +} + +func (o *Options) setDefaults() { + if o.ConfigFile == "" { + o.ConfigFile = defaultConfigurationFile + } +} + +func (o *Options) loadConfigFromFile(file string) error { + data, err := os.ReadFile(file) + if err != nil { + o.Log.Error(err, "failed to read file", file) + return err + } + + o.Log.Info("read config from file", file, string(data)) + err = yaml.UnmarshalStrict(data, o.Config) + if err != nil { + return err + } + return nil +} diff --git a/packages/addons-manager/bundle/config/upstream/addons-manager.yaml b/packages/addons-manager/bundle/config/upstream/addons-manager.yaml index 2e143aadfc..b286814eee 100644 --- a/packages/addons-manager/bundle/config/upstream/addons-manager.yaml +++ b/packages/addons-manager/bundle/config/upstream/addons-manager.yaml @@ -362,6 +362,7 @@ spec: - --feature-gate-cluster-bootstrap=true #@ if/end data.values.tanzuAddonsManager.featureGates.packageInstallStatus: - --feature-gate-package-install-status=true + - --config-file=/etc/addons-manager/addons-manager.conf image: addons-controller:latest imagePullPolicy: IfNotPresent name: tanzu-addons-controller @@ -402,6 +403,20 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + volumeMounts: + - mountPath: /etc/addons-manager + name: addons-manager-config + readOnly: true + volumes: + - name: addons-manager-config + projected: + sources: + - configMap: + name: vmware-system-tkg-addons-manager-config + items: + - key: addons-manager.conf + path: addons-manager.conf + optional: true serviceAccount: tanzu-addons-manager-sa terminationGracePeriodSeconds: 10 #@ if/end data.values.tanzuAddonsManager.deployment.hostNetwork: diff --git a/tkg/manifest/telemetry/zz_generated.bindata.go b/tkg/manifest/telemetry/zz_generated.bindata.go index a29b3163fa..7d27eb6a8d 100644 --- a/tkg/manifest/telemetry/zz_generated.bindata.go +++ b/tkg/manifest/telemetry/zz_generated.bindata.go @@ -220,11 +220,9 @@ func bindataTkgManifestTelemetryZzgeneratedBindataGo() (*asset, error) { return a, nil } -// // Asset loads and returns the asset for the given name. // It returns an error if the asset could not be found or // could not be loaded. -// func Asset(name string) ([]byte, error) { cannonicalName := strings.Replace(name, "\\", "/", -1) if f, ok := _bindata[cannonicalName]; ok { @@ -237,11 +235,9 @@ func Asset(name string) ([]byte, error) { return nil, &os.PathError{Op: "open", Path: name, Err: os.ErrNotExist} } -// // MustAsset is like Asset but panics when Asset would return an error. // It simplifies safe initialization of global variables. // nolint: deadcode -// func MustAsset(name string) []byte { a, err := Asset(name) if err != nil { @@ -251,10 +247,8 @@ func MustAsset(name string) []byte { return a } -// // AssetInfo loads and returns the asset info for the given name. // It returns an error if the asset could not be found or could not be loaded. -// func AssetInfo(name string) (os.FileInfo, error) { cannonicalName := strings.Replace(name, "\\", "/", -1) if f, ok := _bindata[cannonicalName]; ok { @@ -267,10 +261,8 @@ func AssetInfo(name string) (os.FileInfo, error) { return nil, &os.PathError{Op: "open", Path: name, Err: os.ErrNotExist} } -// // AssetNames returns the names of the assets. // nolint: deadcode -// func AssetNames() []string { names := make([]string, 0, len(_bindata)) for name := range _bindata { @@ -279,9 +271,7 @@ func AssetNames() []string { return names } -// // _bindata is a table, holding each asset generator, mapped to its name. -// var _bindata = map[string]func() (*asset, error){ "tkg/manifest/telemetry/config-aws.yaml": bindataTkgManifestTelemetryConfigawsYaml, "tkg/manifest/telemetry/config-azure.yaml": bindataTkgManifestTelemetryConfigazureYaml, @@ -290,21 +280,21 @@ var _bindata = map[string]func() (*asset, error){ "tkg/manifest/telemetry/zz_generated.bindata.go": bindataTkgManifestTelemetryZzgeneratedBindataGo, } -// // AssetDir returns the file names below a certain // directory embedded in the file by go-bindata. // For example if you run go-bindata on data/... and data contains the // following hierarchy: -// data/ -// foo.txt -// img/ -// a.png -// b.png +// +// data/ +// foo.txt +// img/ +// a.png +// b.png +// // then AssetDir("data") would return []string{"foo.txt", "img"} // AssetDir("data/img") would return []string{"a.png", "b.png"} // AssetDir("foo.txt") and AssetDir("notexist") would return an error // AssetDir("") will return []string{"data"}. -// func AssetDir(name string) ([]string, error) { node := _bintree if len(name) != 0 {