-
Notifications
You must be signed in to change notification settings - Fork 431
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
231 changed files
with
34,892 additions
and
222 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,101 @@ | ||
package main | ||
|
||
import ( | ||
"flag" | ||
_ "net/http/pprof" | ||
"os" | ||
"time" | ||
|
||
ovnv1 "github.com/alauda/kube-ovn/pkg/apis/kubeovn/v1" | ||
"github.com/alauda/kube-ovn/pkg/ovs" | ||
ovnwebhook "github.com/alauda/kube-ovn/pkg/webhook" | ||
|
||
appsv1 "k8s.io/api/apps/v1" | ||
corev1 "k8s.io/api/core/v1" | ||
"k8s.io/apimachinery/pkg/runtime" | ||
"k8s.io/klog" | ||
ctrl "sigs.k8s.io/controller-runtime" | ||
ctrlwebhook "sigs.k8s.io/controller-runtime/pkg/webhook" | ||
) | ||
|
||
const ( | ||
hookServerCertDir = "/tmp/k8s-webhook-server/serving-certs" | ||
) | ||
|
||
var ( | ||
scheme = runtime.NewScheme() | ||
) | ||
|
||
func init() { | ||
corev1.AddToScheme(scheme) | ||
appsv1.AddToScheme(scheme) | ||
ovnv1.AddToScheme(scheme) | ||
} | ||
|
||
func main() { | ||
var ( | ||
port int | ||
ovnNbHost string | ||
ovnNbPort int | ||
defaultLS string | ||
) | ||
flag.IntVar(&port, "port", 8443, "The port webhook listen on.") | ||
flag.IntVar(&ovnNbPort, "ovn-nb-port", 6641, "OVN nb port") | ||
flag.StringVar(&ovnNbHost, "ovn-nb-host", "0.0.0.0", "OVN nb host") | ||
flag.StringVar(&defaultLS, "default-ls", "ovn-default", "The default logical switch name, default: ovn-default") | ||
|
||
klog.InitFlags(nil) | ||
flag.Parse() | ||
|
||
// Create a webhook server. | ||
hookServer := &ctrlwebhook.Server{ | ||
Port: port, | ||
CertDir: hookServerCertDir, | ||
} | ||
|
||
mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ | ||
Scheme: scheme, | ||
LeaderElection: true, | ||
LeaderElectionNamespace: os.Getenv("KUBE_NAMESPACE"), | ||
LeaderElectionID: os.Getenv("POD_NAME"), | ||
// disable metrics to avoid port conflict | ||
MetricsBindAddress: "0", | ||
}) | ||
if err != nil { | ||
panic(err) | ||
} | ||
|
||
opt := &ovnwebhook.WebhookOptions{ | ||
OvnNbHost: ovnNbHost, | ||
OvnNbPort: ovnNbPort, | ||
DefaultLS: defaultLS, | ||
} | ||
validatingHook, err := ovnwebhook.NewValidatingHook(mgr.GetCache(), opt) | ||
if err != nil { | ||
panic(err) | ||
} | ||
// Register the webhooks in the server. | ||
hookServer.Register("/validate-ip", &ctrlwebhook.Admission{Handler: validatingHook}) | ||
|
||
if err := mgr.Add(hookServer); err != nil { | ||
panic(err) | ||
} | ||
|
||
go loopOvnNbctlDaemon(ovnNbHost, ovnNbPort) | ||
|
||
// Start the server by starting a previously-set-up manager | ||
if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil { | ||
panic(err) | ||
} | ||
} | ||
|
||
func loopOvnNbctlDaemon(ovnNbHost string, ovnNbPort int) { | ||
for { | ||
daemonSocket := os.Getenv("OVN_NB_DAEMON") | ||
time.Sleep(5 * time.Second) | ||
|
||
if _, err := os.Stat(daemonSocket); os.IsNotExist(err) || daemonSocket == "" { | ||
ovs.StartOvnNbctlDaemon(ovnNbHost, ovnNbPort) | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
FROM centos:7 | ||
|
||
ENV PYTHONDONTWRITEBYTECODE yes | ||
|
||
RUN yum install -y \ | ||
PyYAML bind-utils \ | ||
openssl \ | ||
numactl-libs \ | ||
firewalld-filesystem \ | ||
libpcap \ | ||
hostname \ | ||
iproute strace socat nc \ | ||
unbound unbound-devel python-openvswitch libreswan && \ | ||
yum clean all | ||
|
||
ENV OVS_VERSION=2.11.1 | ||
ENV OVS_SUBVERSION=1 | ||
|
||
RUN rpm -ivh https://github.com/alauda/ovs/releases/download/v${OVS_VERSION}-${OVS_SUBVERSION}/openvswitch-${OVS_VERSION}-${OVS_SUBVERSION}.el7.x86_64.rpm && \ | ||
rpm -ivh https://github.com/alauda/ovs/releases/download/v${OVS_VERSION}-${OVS_SUBVERSION}/openvswitch-ipsec-${OVS_VERSION}-${OVS_SUBVERSION}.el7.x86_64.rpm && \ | ||
rpm -ivh https://github.com/alauda/ovs/releases/download/v${OVS_VERSION}-${OVS_SUBVERSION}/openvswitch-devel-${OVS_VERSION}-${OVS_SUBVERSION}.el7.x86_64.rpm && \ | ||
rpm -ivh https://github.com/alauda/ovs/releases/download/v${OVS_VERSION}-${OVS_SUBVERSION}/ovn-${OVS_VERSION}-${OVS_SUBVERSION}.el7.x86_64.rpm && \ | ||
rpm -ivh https://github.com/alauda/ovs/releases/download/v${OVS_VERSION}-${OVS_SUBVERSION}/ovn-common-${OVS_VERSION}-${OVS_SUBVERSION}.el7.x86_64.rpm && \ | ||
rpm -ivh https://github.com/alauda/ovs/releases/download/v${OVS_VERSION}-${OVS_SUBVERSION}/ovn-vtep-${OVS_VERSION}-${OVS_SUBVERSION}.el7.x86_64.rpm && \ | ||
rpm -ivh https://github.com/alauda/ovs/releases/download/v${OVS_VERSION}-${OVS_SUBVERSION}/ovn-central-${OVS_VERSION}-${OVS_SUBVERSION}.el7.x86_64.rpm && \ | ||
rpm -ivh https://github.com/alauda/ovs/releases/download/v${OVS_VERSION}-${OVS_SUBVERSION}/ovn-host-${OVS_VERSION}-${OVS_SUBVERSION}.el7.x86_64.rpm | ||
|
||
RUN mkdir -p /var/run/openvswitch | ||
WORKDIR /kube-ovn | ||
|
||
CMD ["sh", "start-webhook.sh"] | ||
|
||
COPY start-webhook.sh /kube-ovn/start-webhook.sh | ||
COPY kube-ovn-webhook /kube-ovn/kube-ovn-webhook |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
#!/usr/bin/env bash | ||
set -euo pipefail | ||
export OVN_NB_DAEMON=$(ovn-nbctl --db=tcp:${OVN_NB_SERVICE_HOST}:${OVN_NB_SERVICE_PORT} --pidfile --detach) | ||
exec ./kube-ovn-webhook --ovn-nb-host=${OVN_NB_SERVICE_HOST} --ovn-nb-port=${OVN_NB_SERVICE_PORT} $@ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.