rm pkg/workloads

As we have deprecated the usage of any workload in v1.6 it's time to remove the pkg/workloads entirely. The option flags will still be available until v1.8. Only one option was removed entirely which was --docker (or -e) as it has been deprecated since v1.0.4. Also, due this changes, besides the LOC removed the cilium-agent binary also decreased from 99MB -> 71M Signed-off-by: André Martins <andre@cilium.io>
cilium · Nov 13, 2019 · 532ad9d · 532ad9d
1 parent e47ebcf
commit 532ad9d
Show file tree

Hide file tree

Showing 804 changed files with 32 additions and 184,874 deletions.
diff --git a/Documentation/cmdref/cilium-agent.md b/Documentation/cmdref/cilium-agent.md
@@ -43,8 +43,6 @@ cilium-agent [flags]
       --config string                                         Configuration file (default "$HOME/ciliumd.yaml")
       --config-dir string                                     Configuration directory that contains a file for each option
       --conntrack-gc-interval duration                        Overwrite the connection-tracking garbage collection interval
-      --container-runtime strings                             Sets the container runtime(s) used by Cilium { containerd | crio | docker | none | auto } ( "auto" uses the container runtime found in the order: "docker", "containerd", "crio" ) (default [auto])
-      --container-runtime-endpoint map                        Container runtime(s) endpoint(s). (default: --container-runtime-endpoint=containerd=/var/run/containerd/containerd.sock, --container-runtime-endpoint=crio=/var/run/crio/crio.sock, --container-runtime-endpoint=docker=unix:///var/run/docker.sock) (default map[])
       --datapath-mode string                                  Datapath mode name (default "veth")
   -D, --debug                                                 Enable debugging mode
       --debug-verbose strings                                 List of enabled verbose debug groups
@@ -53,7 +51,6 @@ cilium-agent [flags]
       --disable-conntrack                                     Disable connection tracking
       --disable-endpoint-crd                                  Disable use of CiliumEndpoint CRD
       --disable-k8s-services                                  Disable east-west K8s load balancing by cilium
-  -e, --docker string                                         Path to docker runtime socket (DEPRECATED: use container-runtime-endpoint instead) (default "unix:///var/run/docker.sock")
       --egress-masquerade-interfaces string                   Limit egress masquerading to interface selector
       --enable-endpoint-health-checking                       Enable connectivity health checking between virtual endpoints (default true)
       --enable-endpoint-routes                                Use per endpoint routes instead of routing via cilium_host
@@ -75,7 +72,6 @@ cilium-agent [flags]
       --envoy-log string                                      Path to a separate Envoy log file, if any
       --exclude-local-address strings                         Exclude CIDR from being recognized as local address
       --fixed-identity-mapping map                            Key-value for the fixed identity mapping which allows to use reserved label for fixed identities (default map[])
-      --flannel-manage-existing-containers                    Installs a BPF program to allow for policy enforcement in already running containers managed by Flannel. Require Cilium to be running in the hostPID.
       --flannel-master-device string                          Installs a BPF program to allow for policy enforcement in the given network interface. Allows to run Cilium on top of other CNI plugins that provide networking, e.g. flannel, where for flannel, this value should be set with 'cni0'. [EXPERIMENTAL]
       --flannel-uninstall-on-exit                             When used along the flannel-master-device flag, it cleans up all BPF programs installed when Cilium agent is terminated.
       --force-local-policy-eval-at-source                     Force policy evaluation of all local communication at the source endpoint (default true)

diff --git a/Documentation/gettingstarted/flannel-integration.rst b/Documentation/gettingstarted/flannel-integration.rst
@@ -64,12 +64,6 @@ itself when the Cilium pod is stopped.
 If the Flannel bridge has a different name than ``cni0``, you must specify
 the name by setting ``global.flannel.masterDevice=...``.
 
-*Optional step:*
-If your cluster has already pods being managed by Flannel, there is also
-an option available that allows Cilium to start managing those pods without
-requiring to restart them. To enable this functionality you need to set the
-value ``global.flannel.manageExistingContainers=true``
-
 Once you have changed the ConfigMap accordingly, you can deploy Cilium.
 
 .. parsed-literal::

diff --git a/Documentation/install/upgrade.rst b/Documentation/install/upgrade.rst
@@ -277,12 +277,21 @@ IMPORTANT: Changes required before upgrading to 1.7.0
     key-file: '/var/lib/cilium/etcd-client.key'
     cert-file: '/var/lib/cilium/etcd-client.crt'
 
+* Due to the removal of external libraries to connect to container runtimes,
+  Cilium no longer supports the option ``flannel-manage-existing-containers``.
+  Cilium will still support integration with Flannel for new containers
+  provisioned but not for containers already running in Flannel. The options
+  ``container-runtime`` and ``container-runtime-endpoint`` will not have any
+  effect and the flag removal is scheduled for v1.8.0
+
 Removed options
 ~~~~~~~~~~~~~~~~~~
 
 * ``lb``: The ``--lb`` feature has been removed. If you need load-balancing on
   a particular device, consider using :ref:`nodeport`.
 
+* ``docker`` and ``e``: This flags has been removed as Cilium no longer requires
+  container runtime integrations to manage containers' networks.
 
 .. _1.6_upgrade_notes:
 

diff --git a/daemon/daemon.go b/daemon/daemon.go
@@ -34,7 +34,6 @@ import (
 	"github.com/cilium/cilium/pkg/datapath/prefilter"
 	"github.com/cilium/cilium/pkg/debug"
 	"github.com/cilium/cilium/pkg/defaults"
-	"github.com/cilium/cilium/pkg/endpoint/connector"
 	"github.com/cilium/cilium/pkg/endpoint/regeneration"
 	"github.com/cilium/cilium/pkg/endpointmanager"
 	"github.com/cilium/cilium/pkg/fqdn"
@@ -69,7 +68,6 @@ import (
 	"github.com/cilium/cilium/pkg/sockops"
 	"github.com/cilium/cilium/pkg/status"
 	"github.com/cilium/cilium/pkg/trigger"
-	"github.com/cilium/cilium/pkg/workloads"
 	cnitypes "github.com/cilium/cilium/plugins/cilium-cni/types"
 
 	"github.com/sirupsen/logrus"
@@ -91,8 +89,6 @@ type Daemon struct {
 	svc              *service.Service
 	policy           *policy.Repository
 	preFilter        *prefilter.PreFilter
-	// Only used for CRI-O since it does not support events.
-	workloadsEventsCh chan<- *workloads.EventMessage
 
 	statusCollectMutex lock.RWMutex
 	statusResponse     models.StatusResponse
@@ -391,10 +387,6 @@ func NewDaemon(ctx context.Context, dp datapath.Datapath) (*Daemon, *endpointRes
 	d.k8sWatcher.RunK8sServiceHandler()
 	policyApi.InitEntities(option.Config.ClusterName)
 
-	bootstrapStats.workloadsInit.Start()
-	workloads.Init(&d)
-	bootstrapStats.workloadsInit.End(true)
-
 	bootstrapStats.cleanup.Start()
 	err = clearCiliumVeths()
 	bootstrapStats.cleanup.EndError(err)
@@ -426,10 +418,6 @@ func NewDaemon(ctx context.Context, dp datapath.Datapath) (*Daemon, *endpointRes
 
 	d.bootstrapIPAM()
 
-	if err := d.bootstrapWorkloads(); err != nil {
-		return nil, nil, err
-	}
-
 	// Start the proxy before we restore endpoints so that we can inject the
 	// daemon's proxy into each endpoint.
 	bootstrapStats.proxyStart.Start()
@@ -559,40 +547,6 @@ func (d *Daemon) bootstrapClusterMesh(nodeMngr *nodemanager.Manager) {
 	bootstrapStats.clusterMeshInit.End(true)
 }
 
-func (d *Daemon) bootstrapWorkloads() error {
-	if option.Config.WorkloadsEnabled() {
-		bootstrapStats.workloadsInit.Start()
-		// workaround for to use the values of the deprecated dockerEndpoint
-		// variable if it is set with a different value than defaults.
-		defaultDockerEndpoint := workloads.GetRuntimeDefaultOpt(workloads.Docker, "endpoint")
-		if defaultDockerEndpoint != option.Config.DockerEndpoint {
-			option.Config.ContainerRuntimeEndpoint[string(workloads.Docker)] = option.Config.DockerEndpoint
-			log.Warn(`"docker" flag is deprecated.` +
-				`Please use "--container-runtime-endpoint=docker=` + defaultDockerEndpoint + `" instead`)
-		}
-
-		opts := make(map[workloads.WorkloadRuntimeType]map[string]string)
-		for rt, ep := range option.Config.ContainerRuntimeEndpoint {
-			opts[workloads.WorkloadRuntimeType(rt)] = make(map[string]string)
-			opts[workloads.WorkloadRuntimeType(rt)][workloads.EpOpt] = ep
-		}
-		if opts[workloads.Docker] == nil {
-			opts[workloads.Docker] = make(map[string]string)
-		}
-		opts[workloads.Docker][workloads.DatapathModeOpt] = option.Config.DatapathMode
-
-		// Workloads must be initialized after IPAM has started as it requires
-		// to allocate IPs.
-		if err := workloads.Setup(d.ipam, d.endpointManager, option.Config.Workloads, opts); err != nil {
-			return fmt.Errorf("unable to setup workload: %s", err)
-		}
-
-		log.Infof("Container runtime options set: %s", workloads.GetRuntimeOptions())
-		bootstrapStats.workloadsInit.End(true)
-	}
-	return nil
-}
-
 // Close shuts down a daemon
 func (d *Daemon) Close() {
 	if d.policyTrigger != nil {
@@ -601,35 +555,6 @@ func (d *Daemon) Close() {
 	d.nodeDiscovery.Close()
 }
 
-func (d *Daemon) attachExistingInfraContainers() {
-	m, err := workloads.Client().GetAllInfraContainersPID()
-	if err != nil {
-		log.WithError(err).Error("Unable to get all infra containers PIDs")
-		return
-	}
-	log.Debugf("Containers found %+v", m)
-	for containerID, pid := range m {
-		epModel, err := connector.DeriveEndpointFrom(option.Config.FlannelMasterDevice, containerID, pid)
-		if err != nil {
-			log.WithError(err).WithField(logfields.ContainerID, containerID).
-				Warning("Unable to derive endpoint from existing infra container")
-			continue
-		}
-		log.Debugf("Adding endpoint %+v", epModel)
-		ep, _, err := d.createEndpoint(d.ctx, epModel)
-		if err != nil {
-			log.WithError(err).WithField(logfields.ContainerID, containerID).
-				Warning("Unable to attach existing infra container")
-			continue
-		}
-		log.WithFields(logrus.Fields{
-			logfields.ContainerID: epModel.ContainerID,
-			logfields.EndpointID:  ep.ID,
-		}).Info("Attached BPF program to existing container")
-	}
-}
-
-// TriggerReloadWithoutCompile causes all BPF programs and maps to be reloaded,
 // without recompiling the datapath logic for each endpoint. It first attempts
 // to recompile the base programs, and if this fails returns an error. If base
 // program load is successful, it subsequently triggers regeneration of all

diff --git a/daemon/daemon_main.go b/daemon/daemon_main.go
@@ -59,7 +59,6 @@ import (
 	"github.com/cilium/cilium/pkg/policy"
 	"github.com/cilium/cilium/pkg/pprof"
 	"github.com/cilium/cilium/pkg/version"
-	"github.com/cilium/cilium/pkg/workloads"
 
 	"github.com/go-openapi/loads"
 	gops "github.com/google/gops/agent"
@@ -241,10 +240,12 @@ func init() {
 
 	flags.StringSlice(option.ContainerRuntime, option.ContainerRuntimeAuto, `Sets the container runtime(s) used by Cilium { containerd | crio | docker | none | auto } ( "auto" uses the container runtime found in the order: "docker", "containerd", "crio" )`)
 	option.BindEnv(option.ContainerRuntime)
+	flags.MarkDeprecated(option.ContainerRuntime, "This option is no longer supported and will be removed in v1.8")
 
-	flags.Var(option.NewNamedMapOptions(option.ContainerRuntimeEndpoint, &option.Config.ContainerRuntimeEndpoint, nil),
-		option.ContainerRuntimeEndpoint, `Container runtime(s) endpoint(s). (default: `+workloads.GetDefaultEPOptsStringWithPrefix("--container-runtime-endpoint=")+`)`)
+	flags.Var(option.NewNamedMapOptions(option.ContainerRuntimeEndpoint, &map[string]string{}, nil),
+		option.ContainerRuntimeEndpoint, `Container runtime(s) endpoint(s).`)
 	option.BindEnv(option.ContainerRuntimeEndpoint)
+	flags.MarkDeprecated(option.ContainerRuntimeEndpoint, "This option is no longer supported and will be removed in v1.8")
 
 	flags.BoolP(option.DebugArg, "D", false, "Enable debugging mode")
 	option.BindEnv(option.DebugArg)
@@ -323,9 +324,6 @@ func init() {
 	flags.MarkDeprecated(option.DeprecatedEnableLegacyServices, "this option is deprecated as of v1.6")
 	option.BindEnv(option.DeprecatedEnableLegacyServices)
 
-	flags.StringP(option.Docker, "e", workloads.GetRuntimeDefaultOpt(workloads.Docker, "endpoint"), "Path to docker runtime socket (DEPRECATED: use container-runtime-endpoint instead)")
-	option.BindEnv(option.Docker)
-
 	flags.Bool(option.EnableAutoDirectRoutingName, defaults.EnableAutoDirectRouting, "Enable automatic L2 routing between nodes")
 	option.BindEnv(option.EnableAutoDirectRoutingName)
 
@@ -576,6 +574,7 @@ func init() {
 		fmt.Sprintf("Installs a BPF program to allow for policy enforcement in already running containers managed by Flannel."+
 			" Require Cilium to be running in the hostPID."))
 	option.BindEnv(option.FlannelManageExistingContainers)
+	flags.MarkDeprecated(option.FlannelManageExistingContainers, "This option is no longer supported and will be removed in v1.8")
 
 	flags.Bool(option.PProf, false, "Enable serving the pprof debugging API")
 	option.BindEnv(option.PProf)
@@ -973,10 +972,6 @@ func initEnv(cmd *cobra.Command) {
 				log.Warn("Running Cilium in flannel mode requires IPv6 mode be 'false'. Disabling IPv6 mode")
 				option.Config.EnableIPv6 = false
 			}
-			if option.Config.FlannelManageExistingContainers && !option.Config.WorkloadsEnabled() {
-				log.Warnf("Managing existing flannel containers with Cilium requires container workloads. Changing %s to %q", option.ContainerRuntime, "auto")
-				option.Config.Workloads = option.ContainerRuntimeAuto
-			}
 		}
 	case option.DatapathModeIpvlan:
 		if option.Config.Tunnel != "" && option.Config.Tunnel != option.TunnelDisabled {
@@ -1249,10 +1244,6 @@ func runDaemon() {
 		if err != nil {
 			log.WithError(err).WithField("device", option.Config.FlannelMasterDevice).Fatal("Unable to set internal IPv4")
 		}
-		if option.Config.FlannelManageExistingContainers {
-			log.Info("Searching for existing containers...")
-			d.attachExistingInfraContainers()
-		}
 	}
 
 	if !option.Config.DryMode {
@@ -1270,17 +1261,6 @@ func runDaemon() {
 		}()
 	}
 
-	// The workload event listener *must* be enabled *after* restored endpoints
-	// are added into the endpoint manager; otherwise, updates to important
-	// endpoint metadata, such as Kubernetes pod name and namespace, will not
-	// be performed on the endpoint.
-	eventsCh, err := workloads.EnableEventListener()
-	if err != nil {
-		log.WithError(err).Fatal("Error while enabling workload event watcher")
-	} else {
-		d.workloadsEventsCh = eventsCh
-	}
-
 	bootstrapStats.healthCheck.Start()
 	if option.Config.EnableHealthChecking {
 		d.initHealth()

diff --git a/daemon/endpoint.go b/daemon/endpoint.go
@@ -32,7 +32,6 @@ import (
 	"github.com/cilium/cilium/pkg/logging/logfields"
 	monitorAPI "github.com/cilium/cilium/pkg/monitor/api"
 	"github.com/cilium/cilium/pkg/option"
-	"github.com/cilium/cilium/pkg/workloads"
 
 	"github.com/go-openapi/runtime/middleware"
 )
@@ -301,17 +300,7 @@ func (d *Daemon) createEndpoint(ctx context.Context, epTemplate *models.Endpoint
 		return d.errorDuringCreation(ep, fmt.Errorf("unable to pin datapath maps: %s", err))
 	}
 
-	cfunc := func() {
-		// Only used for CRI-O since it does not support events.
-		if d.workloadsEventsCh != nil && ep.GetContainerID() != "" {
-			d.workloadsEventsCh <- &workloads.EventMessage{
-				WorkloadID: ep.GetContainerID(),
-				EventType:  workloads.EventTypeStart,
-			}
-		}
-	}
-
-	if err := ep.RegenerateAfterCreation(ctx, cfunc, epTemplate.SyncBuildEndpoint); err != nil {
+	if err := ep.RegenerateAfterCreation(ctx, epTemplate.SyncBuildEndpoint); err != nil {
 		return d.errorDuringCreation(ep, err)
 	}
 	return ep, 0, nil
@@ -434,15 +423,6 @@ func (d *Daemon) NotifyMonitorDeleted(ep *endpoint.Endpoint) {
 // Specific users such as the cilium-health EP may choose not to release the IP
 // when deleting the endpoint. Most users should pass true for releaseIP.
 func (d *Daemon) deleteEndpointQuiet(ep *endpoint.Endpoint, conf endpoint.DeleteConfig) []error {
-
-	// Only used for CRI-O since it does not support events.
-	if d.workloadsEventsCh != nil && ep.GetContainerID() != "" {
-		d.workloadsEventsCh <- &workloads.EventMessage{
-			WorkloadID: ep.GetContainerID(),
-			EventType:  workloads.EventTypeDelete,
-		}
-	}
-
 	return ep.Delete(d, d.ipam, d.endpointManager, conf)
 }
 

diff --git a/daemon/state.go b/daemon/state.go
@@ -32,7 +32,6 @@ import (
 	"github.com/cilium/cilium/pkg/maps/ctmap"
 	"github.com/cilium/cilium/pkg/maps/lxcmap"
 	"github.com/cilium/cilium/pkg/option"
-	"github.com/cilium/cilium/pkg/workloads"
 
 	"github.com/sirupsen/logrus"
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
@@ -87,10 +86,6 @@ func (d *Daemon) validateEndpoint(ep *endpoint.Endpoint) (valid bool, err error)
 		return false, err
 	}
 
-	if option.Config.WorkloadsEnabled() && !workloads.IsRunning(ep) {
-		return false, fmt.Errorf("no workload could be associated with endpoint")
-	}
-
 	if !ep.DatapathConfiguration.ExternalIpam {
 		if err := d.allocateIPsLocked(ep); err != nil {
 			return false, fmt.Errorf("Failed to re-allocate IP of endpoint: %s", err)
@@ -372,10 +367,6 @@ func (d *Daemon) initRestore(restoredEndpoints *endpointRestoreState) chan struc
 		}()
 	} else {
 		log.Info("State restore is disabled. Existing endpoints on node are ignored")
-		// We need to read all docker containers so we know we won't
-		// going to allocate the same IP addresses and we will ignore
-		// these containers from reading.
-		workloads.IgnoreRunningWorkloads()
 
 		// No restore happened, end parallel map mode immediately
 		endParallelMapMode()

diff --git a/daemon/status.go b/daemon/status.go
@@ -32,7 +32,6 @@ import (
 	"github.com/cilium/cilium/pkg/node"
 	"github.com/cilium/cilium/pkg/option"
 	"github.com/cilium/cilium/pkg/status"
-	"github.com/cilium/cilium/pkg/workloads"
 
 	"github.com/go-openapi/runtime/middleware"
 	"github.com/go-openapi/strfmt"
@@ -418,28 +417,6 @@ func (d *Daemon) startStatusCollector() {
 				}
 			},
 		},
-		{
-			Name: "container-runtime",
-			Probe: func(ctx context.Context) (interface{}, error) {
-				return workloads.Status(), nil
-			},
-			OnStatusUpdate: func(status status.Status) {
-				d.statusCollectMutex.Lock()
-				defer d.statusCollectMutex.Unlock()
-
-				if status.Err != nil {
-					d.statusResponse.ContainerRuntime = &models.Status{
-						State: models.StatusStateFailure,
-						Msg:   status.Err.Error(),
-					}
-					return
-				}
-
-				if s, ok := status.Data.(*models.Status); ok {
-					d.statusResponse.ContainerRuntime = s
-				}
-			},
-		},
 		{
 			Name: "kubernetes",
 			Interval: func(failures int) time.Duration {