/
actuator_reconcile.go
158 lines (137 loc) · 6.27 KB
/
actuator_reconcile.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors
//
// SPDX-License-Identifier: Apache-2.0
package controller
import (
"context"
"fmt"
extensionscontroller "github.com/gardener/gardener/extensions/pkg/controller"
gardencorev1beta1helper "github.com/gardener/gardener/pkg/apis/core/v1beta1/helper"
extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1"
gardenerkubernetes "github.com/gardener/gardener/pkg/client/kubernetes"
"github.com/gardener/gardener/pkg/utils/chart"
"github.com/gardener/gardener/pkg/utils/managedresources"
"github.com/go-logr/logr"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/util/sets"
"k8s.io/apimachinery/pkg/util/validation/field"
"k8s.io/utils/pointer"
"sigs.k8s.io/controller-runtime/pkg/client"
"github.com/gardener/gardener-extension-networking-calico/charts"
calicov1alpha1 "github.com/gardener/gardener-extension-networking-calico/pkg/apis/calico/v1alpha1"
calicov1alpha1helper "github.com/gardener/gardener-extension-networking-calico/pkg/apis/calico/v1alpha1/helper"
"github.com/gardener/gardener-extension-networking-calico/pkg/calico"
chartspkg "github.com/gardener/gardener-extension-networking-calico/pkg/charts"
"github.com/gardener/gardener-extension-networking-calico/pkg/features"
)
const (
// CalicoConfigManagedResourceName is the name of the managed resource of networking calico
CalicoConfigManagedResourceName = "extension-networking-calico-config"
)
func applyMonitoringConfig(ctx context.Context, seedClient client.Client, chartApplier gardenerkubernetes.ChartApplier, network *extensionsv1alpha1.Network, deleteChart bool) error {
calicoControlPlaneMonitoringChart := &chart.Chart{
Name: calico.MonitoringName,
EmbeddedFS: charts.InternalChart,
Path: calico.CalicoMonitoringChartPath,
Objects: []*chart.Object{
{
Type: &corev1.ConfigMap{},
Name: calico.MonitoringName,
},
},
}
if deleteChart {
return client.IgnoreNotFound(calicoControlPlaneMonitoringChart.Delete(ctx, seedClient, network.Namespace))
}
return calicoControlPlaneMonitoringChart.Apply(ctx, chartApplier, network.Namespace, nil, "", "", nil)
}
// Reconcile implements Network.Actuator.
func (a *actuator) Reconcile(ctx context.Context, _ logr.Logger, network *extensionsv1alpha1.Network, cluster *extensionscontroller.Cluster) error {
var (
networkConfig *calicov1alpha1.NetworkConfig
err error
)
ipFamilies := sets.New[extensionsv1alpha1.IPFamily](network.Spec.IPFamilies...)
if network.Spec.ProviderConfig != nil {
networkConfig, err = calicov1alpha1helper.CalicoNetworkConfigFromNetworkResource(network)
if err != nil {
return err
}
}
if cluster.Shoot.Spec.Networking != nil && cluster.Shoot.Spec.Networking.Nodes != nil && len(*cluster.Shoot.Spec.Networking.Nodes) > 0 {
autodetectionMode := fmt.Sprintf("cidr=%s", *cluster.Shoot.Spec.Networking.Nodes)
if networkConfig == nil {
networkConfig = &calicov1alpha1.NetworkConfig{}
}
if ipFamilies.Has(extensionsv1alpha1.IPFamilyIPv4) {
if networkConfig.IPv4 == nil {
networkConfig.IPv4 = &calicov1alpha1.IPv4{}
}
networkConfig.IPv4.AutoDetectionMethod = &autodetectionMode
}
if ipFamilies.Has(extensionsv1alpha1.IPFamilyIPv6) {
if networkConfig.IPv6 == nil {
networkConfig.IPv6 = &calicov1alpha1.IPv6{}
}
networkConfig.IPv6.AutoDetectionMethod = &autodetectionMode
}
}
if networkConfig != nil && networkConfig.Overlay != nil {
if networkConfig.Overlay.Enabled {
if ipFamilies.Has(extensionsv1alpha1.IPFamilyIPv4) {
networkConfig.IPv4.Mode = (*calicov1alpha1.PoolMode)(pointer.String(string(calicov1alpha1.Always)))
}
if ipFamilies.Has(extensionsv1alpha1.IPFamilyIPv6) {
networkConfig.IPv6.Mode = (*calicov1alpha1.PoolMode)(pointer.String(string(calicov1alpha1.Always)))
}
networkConfig.Backend = (*calicov1alpha1.Backend)(pointer.String(string(calicov1alpha1.Bird)))
} else {
if ipFamilies.Has(extensionsv1alpha1.IPFamilyIPv4) {
networkConfig.IPv4.Mode = (*calicov1alpha1.PoolMode)(pointer.String(string(calicov1alpha1.Never)))
}
if ipFamilies.Has(extensionsv1alpha1.IPFamilyIPv6) {
networkConfig.IPv6.Mode = (*calicov1alpha1.PoolMode)(pointer.String(string(calicov1alpha1.Never)))
}
if networkConfig.Overlay.CreatePodRoutes != nil && *networkConfig.Overlay.CreatePodRoutes {
networkConfig.Backend = (*calicov1alpha1.Backend)(pointer.String(string(calicov1alpha1.Bird)))
} else {
networkConfig.Backend = (*calicov1alpha1.Backend)(pointer.String(string(calicov1alpha1.None)))
}
}
}
if cluster.Shoot.Spec.Kubernetes.KubeProxy != nil && cluster.Shoot.Spec.Kubernetes.KubeProxy.Enabled != nil && !*cluster.Shoot.Spec.Kubernetes.KubeProxy.Enabled {
if networkConfig == nil || networkConfig.EbpfDataplane == nil || (networkConfig.EbpfDataplane != nil && !networkConfig.EbpfDataplane.Enabled) {
return field.Forbidden(field.NewPath("spec", "kubernetes", "kubeProxy", "enabled"), "Disabling kube-proxy is forbidden in conjunction with calico without running in ebpf dataplane")
}
}
kubeProxyEnabled := true
if cluster.Shoot.Spec.Kubernetes.KubeProxy != nil && cluster.Shoot.Spec.Kubernetes.KubeProxy.Enabled != nil {
kubeProxyEnabled = *cluster.Shoot.Spec.Kubernetes.KubeProxy.Enabled
}
// Create shoot chart renderer
chartRenderer, err := a.chartRendererFactory.NewChartRendererForShoot(cluster.Shoot.Spec.Kubernetes.Version)
if err != nil {
return fmt.Errorf("could not create chart renderer for shoot '%s': %w", network.Namespace, err)
}
calicoChart, err := chartspkg.RenderCalicoChart(
chartRenderer,
network,
networkConfig,
cluster.Shoot.Spec.Kubernetes.Version,
gardencorev1beta1helper.ShootWantsVerticalPodAutoscaler(cluster.Shoot),
kubeProxyEnabled,
features.FeatureGate.Enabled(features.NonPrivilegedCalicoNode),
cluster.Shoot.Spec.Networking.Nodes,
)
if err != nil {
return err
}
data := map[string][]byte{chartspkg.CalicoConfigKey: calicoChart}
if err := managedresources.CreateForShoot(ctx, a.client, network.Namespace, CalicoConfigManagedResourceName, "extension-networking-calico", false, data); err != nil {
return err
}
if err := applyMonitoringConfig(ctx, a.client, a.chartApplier, network, false); err != nil {
return err
}
return a.updateProviderStatus(ctx, network, networkConfig)
}