Stop deploying kuryr-admission-controller if double listeners supported

If octavia amphora provider supports double listeners, i.e., exposing the same port but on different protocol (e.g., udp and tcp) then there is no need for deploying the kuryr-admission-controller to enforce dns resolution over TCP, as we can create both udp and tcp listeners on port 53 for the DNS service
openshift · Jan 14, 2020 · 78fa4c3 · 78fa4c3
1 parent 68aec43
commit 78fa4c3
Show file tree

Hide file tree

Showing 8 changed files with 42 additions and 24 deletions.
diff --git a/bindata/network/kuryr/006-service.yaml b/bindata/network/kuryr/006-service.yaml
@@ -1,4 +1,4 @@
----
+{{if .AdmissionController}}
 apiVersion: v1
 kind: Service
 metadata:
@@ -12,3 +12,4 @@ spec:
     targetPort: 6443
   selector:
     app: kuryr-dns-admission-controller
+{{- end}}
diff --git a/bindata/network/kuryr/007-admission.secret.yaml b/bindata/network/kuryr/007-admission.secret.yaml
@@ -1,4 +1,4 @@
----
+{{if .AdmissionController}}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -7,3 +7,4 @@ metadata:
 data:
   ca.crt: {{ .WebhookCA }}
   ca.key: {{ .WebhookCAKey }}
+{{- end}}
diff --git a/bindata/network/kuryr/008-webhook.secret.yaml b/bindata/network/kuryr/008-webhook.secret.yaml
@@ -1,4 +1,4 @@
----
+{{if .AdmissionController}}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -7,3 +7,4 @@ metadata:
 data:
   tls.crt: {{ .WebhookCert }}
   tls.key: {{ .WebhookKey }}
+{{- end}}
diff --git a/bindata/network/kuryr/009-admission-controller.yaml b/bindata/network/kuryr/009-admission-controller.yaml
@@ -1,4 +1,4 @@
----
+{{if .AdmissionController}}
 kind: DaemonSet
 apiVersion: apps/v1
 metadata:
@@ -60,3 +60,4 @@ spec:
       - key: "node.kubernetes.io/not-ready"
         operator: Exists
         effect: NoSchedule
+{{- end}}
diff --git a/bindata/network/kuryr/010-webhook.yaml b/bindata/network/kuryr/010-webhook.yaml
@@ -1,4 +1,4 @@
----
+{{if .AdmissionController}}
 apiVersion: admissionregistration.k8s.io/v1beta1
 kind: MutatingWebhookConfiguration
 metadata:
@@ -18,3 +18,4 @@ webhooks:
         apiGroups: [""]
         apiVersions: ["*"]
         resources: ["pods"]
+{{- end}}
diff --git a/pkg/bootstrap/types.go b/pkg/bootstrap/types.go
@@ -13,6 +13,7 @@ type KuryrBootstrapResult struct {
 	ExternalNetwork   string
 	ClusterID         string
 	OctaviaProvider   string
+	OctaviaDL         bool
 	OpenStackCloud    clientconfig.Cloud
 	WebhookCA         string
 	WebhookCAKey      string

diff --git a/pkg/network/kuryr.go b/pkg/network/kuryr.go
@@ -58,6 +58,9 @@ func renderKuryr(conf *operv1.NetworkSpec, bootstrapResult *bootstrap.BootstrapR
 	data.Data["PoolMinPorts"] = c.PoolMinPorts
 	data.Data["PoolBatchPorts"] = c.PoolBatchPorts
 
+	// deploy or not kuryr-admission-controller depending on double listeners support
+	data.Data["AdmissionController"] = !b.OctaviaMultipleListeners
+
 	// Octavia config data
 	data.Data["OctaviaProvider"] = b.OctaviaProvider
 	if b.OctaviaProvider == OVNProvider {

diff --git a/pkg/platform/openstack/kuryr_bootstrap.go b/pkg/platform/openstack/kuryr_bootstrap.go
@@ -48,12 +48,13 @@ const (
 	CloudName       = "openstack"
 	CloudsSecretKey = "clouds.yaml"
 	// NOTE(dulek): This one is hardcoded in openshift/installer.
-	InfrastructureCRDName              = "cluster"
-	MinOctaviaVersionWithHTTPSMonitors = "v2.10"
-	MinOctaviaVersionWithProviders     = "v2.6"
-	MinOctaviaVersionWithTagSupport    = "v2.5"
-	MinOctaviaVersionWithTimeouts      = "v2.1"
-	KuryrNamespace                     = "openshift-kuryr"
+	InfrastructureCRDName                  = "cluster"
+	MinOctaviaVersionWithMultipleListeners = "v2.11"
+	MinOctaviaVersionWithHTTPSMonitors     = "v2.10"
+	MinOctaviaVersionWithProviders         = "v2.6"
+	MinOctaviaVersionWithTagSupport        = "v2.5"
+	MinOctaviaVersionWithTimeouts          = "v2.1"
+	KuryrNamespace                         = "openshift-kuryr"
 	// NOTE(ltomasbo): Only OVN octavia driver supported on kuryr
 	OVNProvider = "ovn"
 )
@@ -1087,6 +1088,12 @@ func BootstrapKuryr(conf *operv1.NetworkSpec, kubeClient client.Client) (*bootst
 		return nil, errors.Wrap(err, "failed to determine if Octavia supports providers")
 	}
 
+	log.Print("Checking Double Listeners Octavia support")
+	octaviaMultipleListenersSupport, err := IsOctaviaVersionSupported(client, MinOctaviaVersionWithMultipleListeners)
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to determine if Octavia supports double listeners")
+	}
+
 	octaviaProvider := "default"
 	if octaviaProviderSupport {
 		page, err := providers.List(lbClient, providers.ListOpts{}).AllPages()
@@ -1101,6 +1108,7 @@ func BootstrapKuryr(conf *operv1.NetworkSpec, kubeClient client.Client) (*bootst
 				if provider.Name == OVNProvider {
 					log.Print("OVN Provider is enabled and Kuryr will use it")
 					octaviaProvider = OVNProvider
+					octaviaMultipleListenersSupport = false
 				}
 			}
 		}
@@ -1110,19 +1118,20 @@ func BootstrapKuryr(conf *operv1.NetworkSpec, kubeClient client.Client) (*bootst
 
 	res := bootstrap.BootstrapResult{
 		Kuryr: bootstrap.KuryrBootstrapResult{
-			ServiceSubnet:     svcSubnetId,
-			PodSubnetpool:     podSubnetpoolId,
-			WorkerNodesRouter: routerId,
-			WorkerNodesSubnet: workerSubnet.ID,
-			PodSecurityGroups: []string{podSgId},
-			ExternalNetwork:   externalNetwork,
-			ClusterID:         clusterID,
-			OctaviaProvider:   octaviaProvider,
-			OpenStackCloud:    cloud,
-			WebhookCA:         b64.StdEncoding.EncodeToString(ca),
-			WebhookCAKey:      b64.StdEncoding.EncodeToString(key),
-			WebhookKey:        b64.StdEncoding.EncodeToString(webhookKey),
-			WebhookCert:       b64.StdEncoding.EncodeToString(webhookCert),
+			ServiceSubnet:            svcSubnetId,
+			PodSubnetpool:            podSubnetpoolId,
+			WorkerNodesRouter:        routerId,
+			WorkerNodesSubnet:        workerSubnet.ID,
+			PodSecurityGroups:        []string{podSgId},
+			ExternalNetwork:          externalNetwork,
+			ClusterID:                clusterID,
+			OctaviaProvider:          octaviaProvider,
+			OctaviaMultipleListeners: octaviaMultipleListenersSupport,
+			OpenStackCloud:           cloud,
+			WebhookCA:                b64.StdEncoding.EncodeToString(ca),
+			WebhookCAKey:             b64.StdEncoding.EncodeToString(key),
+			WebhookKey:               b64.StdEncoding.EncodeToString(webhookKey),
+			WebhookCert:              b64.StdEncoding.EncodeToString(webhookCert),
 		}}
 	return &res, nil
 }