Make svclb as simple as possible

Signed-off-by: manuelbuil <mbuil@suse.com>
2024-09-27 15:42:09 +02:00 · 2024-09-27 15:42:09 +02:00 · e9bb624c92
parent 5391ad736a
commit e9bb624c92
5 changed files with 17 additions and 154 deletions
--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@ -38,7 +38,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        etest: [startup, s3, btrfs, externalip, privateregistry, embeddedmirror, wasm]
+        etest: [startup, s3, btrfs, externalip, privateregistry, embeddedmirror, wasm, svcpoliciesandfirewall]
      max-parallel: 3
    steps:
      - name: "Checkout"
--- a/pkg/cloudprovider/servicelb.go
+++ b/pkg/cloudprovider/servicelb.go
@ -2,12 +2,12 @@ package cloudprovider
 import (
 	"context"
 	"encoding/json"
 	"fmt"
 	"sort"
 	"strconv"
 	"strings"
 	"time"
-	"encoding/json"
+
 	"sigs.k8s.io/yaml"
 	"github.com/k3s-io/k3s/pkg/util"
@ -43,6 +43,7 @@ var (
 	daemonsetNodeLabel     = "svccontroller." + version.Program + ".cattle.io/enablelb"
 	daemonsetNodePoolLabel = "svccontroller." + version.Program + ".cattle.io/lbpool"
 	nodeSelectorLabel      = "svccontroller." + version.Program + ".cattle.io/nodeselector"
 	extTrafficPolicyLabel  = "svccontroller." + version.Program + ".cattle.io/exttrafficpolicy"
 	priorityAnnotation     = "svccontroller." + version.Program + ".cattle.io/priorityclassname"
 	tolerationsAnnotation  = "svccontroller." + version.Program + ".cattle.io/tolerations"
 	controllerName         = names.ServiceLBController
@ -55,7 +56,7 @@ const (
 )
 var (
-	DefaultLBImage = "rancher/klipper-lb:v0.4.9"
+	DefaultLBImage = "rancher/mirrored-library-busybox:1.36.1"
 )
 func (k *k3s) Register(ctx context.Context,
@ -435,27 +436,8 @@ func (k *k3s) newDaemonSet(svc *core.Service) (*apps.DaemonSet, error) {
 	oneInt := intstr.FromInt(1)
 	priorityClassName := k.getPriorityClassName(svc)
 	localTraffic := servicehelper.RequestsOnlyLocalTraffic(svc)
 	sourceRangesSet, err := servicehelper.GetLoadBalancerSourceRanges(svc)
 	if err != nil {
 		return nil, err
 	}
 	sourceRanges := strings.Join(sourceRangesSet.StringSlice(), ",")
 	securityContext := &core.PodSecurityContext{}
 	for _, ipFamily := range svc.Spec.IPFamilies {
 		switch ipFamily {
 		case core.IPv4Protocol:
 			securityContext.Sysctls = append(securityContext.Sysctls, core.Sysctl{Name: "net.ipv4.ip_forward", Value: "1"})
 		case core.IPv6Protocol:
 			securityContext.Sysctls = append(securityContext.Sysctls, core.Sysctl{Name: "net.ipv6.conf.all.forwarding", Value: "1"})
 			if sourceRanges == "0.0.0.0/0" {
 				// The upstream default load-balancer source range only includes IPv4, even if the service is IPv6-only or dual-stack.
 				// If using the default range, and IPv6 is enabled, also allow IPv6.
 				sourceRanges += ",::/0"
 			}
 		}
 	}
 	ds := &apps.DaemonSet{
 		ObjectMeta: meta.ObjectMeta{
 			Name:      name,
@ -464,6 +446,7 @@ func (k *k3s) newDaemonSet(svc *core.Service) (*apps.DaemonSet, error) {
 				nodeSelectorLabel:     "false",
 				svcNameLabel:          svc.Name,
 				svcNamespaceLabel:     svc.Namespace,
 				extTrafficPolicyLabel: "Cluster",
 			},
 		},
 		TypeMeta: meta.TypeMeta{
@ -522,6 +505,7 @@ func (k *k3s) newDaemonSet(svc *core.Service) (*apps.DaemonSet, error) {
 			Name:            portName,
 			Image:           k.LBImage,
 			ImagePullPolicy: core.PullIfNotPresent,
 			Command:         []string{"sleep", "inf"},
 			Ports: []core.ContainerPort{
 				{
 					Name:          portName,
@ -530,57 +514,7 @@ func (k *k3s) newDaemonSet(svc *core.Service) (*apps.DaemonSet, error) {
 					Protocol:      port.Protocol,
 				},
 			},
 			Env: []core.EnvVar{
 				{
 					Name:  "SRC_PORT",
 					Value: strconv.Itoa(int(port.Port)),
 				},
 				{
 					Name:  "SRC_RANGES",
 					Value: sourceRanges,
 				},
 				{
 					Name:  "DEST_PROTO",
 					Value: string(port.Protocol),
 				},
 			},
 			SecurityContext: &core.SecurityContext{
 				Capabilities: &core.Capabilities{
 					Add: []core.Capability{
 						"NET_ADMIN",
 					},
 				},
 			},
 		}
 		if localTraffic {
 			container.Env = append(container.Env,
 				core.EnvVar{
 					Name:  "DEST_PORT",
 					Value: strconv.Itoa(int(port.NodePort)),
 				},
 				core.EnvVar{
 					Name: "DEST_IPS",
 					ValueFrom: &core.EnvVarSource{
 						FieldRef: &core.ObjectFieldSelector{
 							FieldPath: getHostIPsFieldPath(),
 						},
 					},
 				},
 			)
 		} else {
 			container.Env = append(container.Env,
 				core.EnvVar{
 					Name:  "DEST_PORT",
 					Value: strconv.Itoa(int(port.Port)),
 				},
 				core.EnvVar{
 					Name:  "DEST_IPS",
 					Value: strings.Join(svc.Spec.ClusterIPs, ","),
 				},
 			)
 		}
 		ds.Spec.Template.Spec.Containers = append(ds.Spec.Template.Spec.Containers, container)
 	}
@ -608,6 +542,11 @@ func (k *k3s) newDaemonSet(svc *core.Service) (*apps.DaemonSet, error) {
 	}
 	ds.Spec.Template.Spec.Tolerations = append(ds.Spec.Template.Spec.Tolerations, tolerations...)
 	// Change the label to force the DaemonSet to update and call onPodChange if the ExternalTrafficPolicy changes
 	if localTraffic {
 		ds.Spec.Template.Labels[extTrafficPolicyLabel] = "Local"
 	}
 	return ds, nil
 }
--- a/scripts/airgap/image-list.txt
+++ b/scripts/airgap/image-list.txt
@ -1,5 +1,4 @@
 docker.io/rancher/klipper-helm:v0.9.3-build20241008
 docker.io/rancher/klipper-lb:v0.4.9
 docker.io/rancher/local-path-provisioner:v0.0.30
 docker.io/rancher/mirrored-coredns-coredns:1.11.3
 docker.io/rancher/mirrored-library-busybox:1.36.1
--- a/updatecli/updatecli.d/klipper-lb.yaml
+++ b/updatecli/updatecli.d/klipper-lb.yaml
@ -1,71 +0,0 @@
 ---
 name: "Bump Klipper LB version"
 scms:
  k3s:
    kind: "github"
    spec:
      user: "{{ .github.user }}"
      email: "{{ .github.email }}"
      username: "{{ .github.username }}"
      token: "{{ requiredEnv .github.token }}"
      owner: "{{ .k3s.org }}"
      repository: "{{ .k3s.repo }}"
      branch: "{{ .k3s.branch }}"
      commitmessage:
        title: "Bump Klipper LB version"
  klipper-lb:
    kind: "github"
    spec:
      user: "{{ .github.user }}"
      email: "{{ .github.email }}"
      username: "{{ .github.username }}"
      token: "{{ requiredEnv .github.token }}"
      owner: "{{ .k3s.org }}"
      repository: "{{ .klipper_lb.repo }}"
      branch: "{{ .klipper_lb.branch }}"
 actions:
  github:
    title: "Bump Klipper LB version"
    kind: "github/pullrequest"
    scmid: "k3s"
    spec:
      automerge: false
      mergemethod: "squash"
      usetitleforautomerge: true
      parent: false
      labels: 
        - "dependencies"
 sources:
  klipper-lb:
    name: "Get Klipper LB latest release version"
    kind: "githubrelease"
    spec:
      owner: "{{ .klipper_lb.org }}"
      repository: "{{ .klipper_lb.repo }}"
      branch: "{{ .klipper_lb.branch }}"
      token: "{{ requiredEnv .github.token }}"
      versionfilter:
        kind: "latest"
 conditions:
  klipper-lb:
    name: "Check rancher/klipper-lb image version in DockerHub"
    kind: "dockerimage"
    sourceid: "klipper-lb"
    spec:
      image: "rancher/klipper-lb"
 targets:
  klipper-lb:
    name: "Update rancher/klipper-lb image versions"
    kind: "file"
    scmid: "k3s"
    sourceid: "klipper-lb"
    spec:
      files:
        - "pkg/cloudprovider/servicelb.go"
        - "scripts/airgap/image-list.txt"
      matchpattern: 'rancher/klipper-lb:v\d+\.\d+\.\d+(-\w+)?'
      replacepattern: 'rancher/klipper-lb:{{ source "klipper-lb" }}'
--- a/updatecli/values.yaml
+++ b/updatecli/values.yaml
@ -11,10 +11,6 @@ klipper_helm:
  org: "k3s-io"
  repo: "klipper-helm"
  branch: "master"
 klipper_lb:
  org: "k3s-io"
  repo: "klipper-lb"
  branch: "master"
 local_path_provisioner:
  org: "rancher"
  repo: "local-path-provisioner"