Merge pull request #444 from luis5tb/double-listeners

Bug 1791277: Stop deploying kuryr-admission-controller if double listeners supported
openshift · Jan 16, 2020 · cee4cf9 · cee4cf9
2 parents 632a7f7 + c0a01d0
commit cee4cf9
Show file tree

Hide file tree

Showing 8 changed files with 55 additions and 37 deletions.
diff --git a/bindata/network/kuryr/006-service.yaml b/bindata/network/kuryr/006-service.yaml
@@ -1,4 +1,4 @@
----
+{{if .AdmissionController}}
 apiVersion: v1
 kind: Service
 metadata:
@@ -12,3 +12,4 @@ spec:
     targetPort: 6443
   selector:
     app: kuryr-dns-admission-controller
+{{- end}}
diff --git a/bindata/network/kuryr/007-admission.secret.yaml b/bindata/network/kuryr/007-admission.secret.yaml
@@ -1,4 +1,4 @@
----
+{{if .AdmissionController}}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -7,3 +7,4 @@ metadata:
 data:
   ca.crt: {{ .WebhookCA }}
   ca.key: {{ .WebhookCAKey }}
+{{- end}}
diff --git a/bindata/network/kuryr/008-webhook.secret.yaml b/bindata/network/kuryr/008-webhook.secret.yaml
@@ -1,4 +1,4 @@
----
+{{if .AdmissionController}}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -7,3 +7,4 @@ metadata:
 data:
   tls.crt: {{ .WebhookCert }}
   tls.key: {{ .WebhookKey }}
+{{- end}}
diff --git a/bindata/network/kuryr/009-admission-controller.yaml b/bindata/network/kuryr/009-admission-controller.yaml
@@ -1,4 +1,4 @@
----
+{{if .AdmissionController}}
 kind: DaemonSet
 apiVersion: apps/v1
 metadata:
@@ -60,3 +60,4 @@ spec:
       - key: "node.kubernetes.io/not-ready"
         operator: Exists
         effect: NoSchedule
+{{- end}}
diff --git a/bindata/network/kuryr/010-webhook.yaml b/bindata/network/kuryr/010-webhook.yaml
@@ -1,4 +1,4 @@
----
+{{if .AdmissionController}}
 apiVersion: admissionregistration.k8s.io/v1beta1
 kind: MutatingWebhookConfiguration
 metadata:
@@ -18,3 +18,4 @@ webhooks:
         apiGroups: [""]
         apiVersions: ["*"]
         resources: ["pods"]
+{{- end}}
diff --git a/pkg/bootstrap/types.go b/pkg/bootstrap/types.go
@@ -5,19 +5,20 @@ import (
 )
 
 type KuryrBootstrapResult struct {
-	ServiceSubnet     string
-	PodSubnetpool     string
-	WorkerNodesRouter string
-	WorkerNodesSubnet string
-	PodSecurityGroups []string
-	ExternalNetwork   string
-	ClusterID         string
-	OctaviaProvider   string
-	OpenStackCloud    clientconfig.Cloud
-	WebhookCA         string
-	WebhookCAKey      string
-	WebhookCert       string
-	WebhookKey        string
+	ServiceSubnet            string
+	PodSubnetpool            string
+	WorkerNodesRouter        string
+	WorkerNodesSubnet        string
+	PodSecurityGroups        []string
+	ExternalNetwork          string
+	ClusterID                string
+	OctaviaProvider          string
+	OctaviaMultipleListeners bool
+	OpenStackCloud           clientconfig.Cloud
+	WebhookCA                string
+	WebhookCAKey             string
+	WebhookCert              string
+	WebhookKey               string
 }
 
 type OVNBootstrapResult struct {

diff --git a/pkg/network/kuryr.go b/pkg/network/kuryr.go
@@ -59,6 +59,9 @@ func renderKuryr(conf *operv1.NetworkSpec, bootstrapResult *bootstrap.BootstrapR
 	data.Data["PoolMinPorts"] = c.PoolMinPorts
 	data.Data["PoolBatchPorts"] = c.PoolBatchPorts
 
+	// deploy or not kuryr-admission-controller depending on double listeners support
+	data.Data["AdmissionController"] = !b.OctaviaMultipleListeners
+
 	// Octavia config data
 	data.Data["OctaviaProvider"] = b.OctaviaProvider
 	if b.OctaviaProvider == OVNProvider {

diff --git a/pkg/platform/openstack/kuryr_bootstrap.go b/pkg/platform/openstack/kuryr_bootstrap.go
@@ -48,12 +48,13 @@ const (
 	CloudName       = "openstack"
 	CloudsSecretKey = "clouds.yaml"
 	// NOTE(dulek): This one is hardcoded in openshift/installer.
-	InfrastructureCRDName              = "cluster"
-	MinOctaviaVersionWithHTTPSMonitors = "v2.10"
-	MinOctaviaVersionWithProviders     = "v2.6"
-	MinOctaviaVersionWithTagSupport    = "v2.5"
-	MinOctaviaVersionWithTimeouts      = "v2.1"
-	KuryrNamespace                     = "openshift-kuryr"
+	InfrastructureCRDName                  = "cluster"
+	MinOctaviaVersionWithMultipleListeners = "v2.11"
+	MinOctaviaVersionWithHTTPSMonitors     = "v2.10"
+	MinOctaviaVersionWithProviders         = "v2.6"
+	MinOctaviaVersionWithTagSupport        = "v2.5"
+	MinOctaviaVersionWithTimeouts          = "v2.1"
+	KuryrNamespace                         = "openshift-kuryr"
 	// NOTE(ltomasbo): Only OVN octavia driver supported on kuryr
 	OVNProvider = "ovn"
 )
@@ -1087,6 +1088,12 @@ func BootstrapKuryr(conf *operv1.NetworkSpec, kubeClient client.Client) (*bootst
 		return nil, errors.Wrap(err, "failed to determine if Octavia supports providers")
 	}
 
+	log.Print("Checking Double Listeners Octavia support")
+	octaviaMultipleListenersSupport, err := IsOctaviaVersionSupported(client, MinOctaviaVersionWithMultipleListeners)
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to determine if Octavia supports double listeners")
+	}
+
 	octaviaProvider := "default"
 	if octaviaProviderSupport {
 		page, err := providers.List(lbClient, providers.ListOpts{}).AllPages()
@@ -1101,6 +1108,7 @@ func BootstrapKuryr(conf *operv1.NetworkSpec, kubeClient client.Client) (*bootst
 				if provider.Name == OVNProvider {
 					log.Print("OVN Provider is enabled and Kuryr will use it")
 					octaviaProvider = OVNProvider
+					octaviaMultipleListenersSupport = false
 				}
 			}
 		}
@@ -1110,19 +1118,20 @@ func BootstrapKuryr(conf *operv1.NetworkSpec, kubeClient client.Client) (*bootst
 
 	res := bootstrap.BootstrapResult{
 		Kuryr: bootstrap.KuryrBootstrapResult{
-			ServiceSubnet:     svcSubnetId,
-			PodSubnetpool:     podSubnetpoolId,
-			WorkerNodesRouter: routerId,
-			WorkerNodesSubnet: workerSubnet.ID,
-			PodSecurityGroups: []string{podSgId},
-			ExternalNetwork:   externalNetwork,
-			ClusterID:         clusterID,
-			OctaviaProvider:   octaviaProvider,
-			OpenStackCloud:    cloud,
-			WebhookCA:         b64.StdEncoding.EncodeToString(ca),
-			WebhookCAKey:      b64.StdEncoding.EncodeToString(key),
-			WebhookKey:        b64.StdEncoding.EncodeToString(webhookKey),
-			WebhookCert:       b64.StdEncoding.EncodeToString(webhookCert),
+			ServiceSubnet:            svcSubnetId,
+			PodSubnetpool:            podSubnetpoolId,
+			WorkerNodesRouter:        routerId,
+			WorkerNodesSubnet:        workerSubnet.ID,
+			PodSecurityGroups:        []string{podSgId},
+			ExternalNetwork:          externalNetwork,
+			ClusterID:                clusterID,
+			OctaviaProvider:          octaviaProvider,
+			OctaviaMultipleListeners: octaviaMultipleListenersSupport,
+			OpenStackCloud:           cloud,
+			WebhookCA:                b64.StdEncoding.EncodeToString(ca),
+			WebhookCAKey:             b64.StdEncoding.EncodeToString(key),
+			WebhookKey:               b64.StdEncoding.EncodeToString(webhookKey),
+			WebhookCert:              b64.StdEncoding.EncodeToString(webhookCert),
 		}}
 	return &res, nil
 }