kube proxy

build/Dockerfile

@@ -88,7 +88,6 @@ RUN make build-daemon
 #│   ├── host-local.exe
 #│   ├── win-bridge.exe
 #│   ├── win-overlay.exe
-#│   └── cni-conf-template.json
 #├── containerd
 #│   ├── containerd.exe
 #│   └── containerd-shim-runhcs-v1.exe
@@ -99,6 +98,7 @@ RUN make build-daemon
 #│   └── kube-proxy.exe
 #├── powershell
 #│   └── wget-ignore-cert.ps1
+#│   └── cni-conf-template.ps1
 #│   └── hns.psm1
 #├── windows_exporter.exe
 #├── windows-instance-config-daemon.exe
@@ -139,7 +139,7 @@ WORKDIR /payload/cni/
 COPY --from=build /build/windows-machine-config-operator/containernetworking-plugins/bin/host-local.exe .
 COPY --from=build /build/windows-machine-config-operator/containernetworking-plugins/bin/win-bridge.exe .
 COPY --from=build /build/windows-machine-config-operator/containernetworking-plugins/bin/win-overlay.exe .
-COPY pkg/internal/cni-conf-template.json .
+COPY pkg/internal/cni-conf-template.ps1 .
 
 # Copy required powershell scripts
 WORKDIR /payload/powershell/

build/Dockerfile.ci

@@ -158,9 +158,14 @@ COPY --from=build /build/windows-machine-config-operator/containernetworking-plu
 COPY --from=build /build/windows-machine-config-operator/containernetworking-plugins/bin/win-overlay.exe .
 COPY --from=build /build/windows-machine-config-operator/pkg/internal/cni-conf-template.json .
 
+# Created directory for generated files with open permissions
+RUN mkdir /payload/generated
+RUN chmod 0777 /payload/generated 
+
 # Copy required powershell scripts
 WORKDIR /payload/powershell/
 COPY --from=build /build/windows-machine-config-operator/pkg/internal/wget-ignore-cert.ps1 .
+COPY pkg/internal/cni-conf-template.ps1 .
 COPY --from=build /build/windows-machine-config-operator/pkg/internal/hns.psm1 .
 
 WORKDIR /

build/Dockerfile.wmco

@@ -29,11 +29,18 @@ LABEL stage=operator
 WORKDIR /payload/
 COPY --from=build /build/windows-machine-config-operator/build/_output/bin/windows-instance-config-daemon.exe .
 
+# Created directory for generated files with open permissions
+RUN mkdir generated
+RUN chmod 0777 generated 
+
+
 # Copy required powershell scripts
 WORKDIR /payload/powershell/
 COPY pkg/internal/wget-ignore-cert.ps1 .
+COPY pkg/internal/cni-conf-template.ps1 .
 COPY pkg/internal/hns.psm1 .
 
+
 WORKDIR /
 
 ENV OPERATOR=/usr/local/bin/windows-machine-config-operator \

bundle/manifests/windows-machine-config-operator.clusterserviceversion.yaml

@@ -365,7 +365,7 @@ spec:
                       fieldPath: metadata.name
                 - name: OPERATOR_NAME
                   value: windows-machine-config-operator
-                image: REPLACE_IMAGE
+                image: quay.io/ssoto/test:wmco
                 imagePullPolicy: IfNotPresent
                 name: manager
                 resources: {}

cmd/operator/main.go

@@ -4,6 +4,9 @@ import (
 	"context"
 	"flag"
 	"fmt"
+	"github.com/openshift/windows-machine-config-operator/pkg/windows"
+	"io/fs"
+	"io/ioutil"
 	"os"
 	"strings"
 
@@ -114,13 +117,17 @@ func main() {
 		payload.IgnoreWgetPowerShellPath,
 		payload.WmcbPath,
 		payload.WICDPath,
-		payload.CNIConfigTemplatePath,
+		payload.CNIConfigScriptTemplatePath,
 		payload.HNSPSModule,
 		payload.WindowsExporterPath,
 		payload.AzureCloudNodeManagerPath,
 	}
 	if err := checkIfRequiredFilesExist(requiredFiles); err != nil {
-		setupLog.Error(err, "could not start the operator")
+		setupLog.Error(err, "payload missing files")
+		os.Exit(1)
+	}
+	if err := generateCNIConfScript(clusterConfig.Network().GetServiceCIDR()); err != nil {
+		setupLog.Error(err, "unable to generate CNI config script")
 		os.Exit(1)
 	}
 
@@ -258,6 +265,19 @@ func checkIfRequiredFilesExist(requiredFiles []string) error {
 	return nil
 }
 
+// generateCNIConfScripts generates the .ps1 file responsible for CNI configuration generation
+func generateCNIConfScript(clusterCIDR string) error {
+	out, err := ioutil.ReadFile(payload.CNIConfigScriptTemplatePath)
+	if err != nil {
+		return err
+	}
+	cniConfScript := strings.ReplaceAll(string(out), "HNS_NETWORK", windows.OVNKubeOverlayNetwork)
+	cniConfScript = strings.ReplaceAll(cniConfScript, "SERVICE_NETWORK_CIDR", clusterCIDR)
+	cniConfScript = strings.ReplaceAll(cniConfScript, "HNS_MODULE_PATH", windows.HNSPSModule)
+	cniConfScript = strings.ReplaceAll(cniConfScript, "CNI_CONFIG_PATH", windows.CniConfDir+"\\cni.conf")
+	return ioutil.WriteFile(payload.CNIConfigScriptPath, []byte(cniConfScript), fs.ModePerm)
+}
+
 // getWatchNamespace returns the Namespace the operator should be watching for changes
 // An empty value means the operator is running with cluster scope.
 func getWatchNamespace() (string, error) {

pkg/internal/cni-conf-template.ps1

@@ -0,0 +1,81 @@
+# This script ensures the contents of the CNI config file is correct, and returns the HNS endpoint IP
+
+Import-Module -DisableNameChecking HNS_MODULE_PATH
+
+$cni_template=@'
+{
+    "CniVersion":"0.2.0",
+    "Name":"HNS_NETWORK",
+    "Type":"win-overlay",
+    "apiVersion": 2,
+    "Capabilities":{
+        "portMappings": true,
+        "Dns":true
+    },
+    "Ipam":{
+        "Type":"host-local",
+        "Subnet":"ovn_host_subnet"
+    },
+    "Policies":[
+    {
+        "Name": "EndpointPolicy",
+        "Value": {
+            "Type": "OutBoundNAT",
+            "Settings": {
+                "ExceptionList": [
+                "SERVICE_NETWORK_CIDR"
+                ],
+                "DestinationPrefix": "",
+                "NeedEncap": false
+            }
+        }
+    },
+    {
+        "Name": "EndpointPolicy",
+        "Value": {
+            "Type": "SDNROUTE",
+            "Settings": {
+                "ExceptionList": [],
+                "DestinationPrefix": "SERVICE_NETWORK_CIDR",
+                "NeedEncap": true
+            }
+        }
+    },
+    {
+        "Name": "EndpointPolicy",
+        "Value": {
+            "Type": "ProviderAddress",
+            "Settings": {
+                "ProviderAddress": "provider_address"
+            }
+        }
+    }
+    ]
+}
+'@
+
+# Generate CNI Config
+$hns_network=Get-HnsNetwork  | where { $_.Name -eq 'HNS_NETWORK'}
+$subnet=$hns_network.Subnets.AddressPrefix
+$cni_template -replace "ovn_host_subnet",$subnet | Out-Null
+$provider_address=$hns_network.ManagementIP
+$cni_template -replace "provider_address",$provider_address | Out-Null
+
+# Compare CNI config with existing file, and replace if necessary
+$existing_config=""
+if(Test-Path -Path CNI_CONFIG_PATH) {
+    $existing_config= Get-Content -Path "CNI_CONFIG_PATH"
+}
+if($existing_config -ne $cni_template){
+    Set-Content -Path "CNI_CONFIG_PATH" -Value $cni_template -NoNewline
+}
+
+# Create HNS endpoint if it doesn't exist
+$endpoint = Invoke-HNSRequest GET endpoints | where { $_.Name -eq 'VIPEndpoint'}
+if( $endpoint -eq $null) {
+    $endpoint = New-HnsEndpoint -NetworkId $hns_network.ID -Name "VIPEndpoint"
+    Attach-HNSHostEndpoint -EndpointID $endpoint.ID -CompartmentID 1
+}
+
+# Return HNS endpoint IP
+(Get-NetIPConfiguration -AllCompartments -All -Detailed | where { $_.NetAdapter.LinkLayerAddress -eq $endpoint.MacAddress }).IPV4Address.IPAddress.Trim()

pkg/nodeconfig/nodeconfig.go

@@ -345,9 +345,6 @@ func (nc *nodeConfig) configureNetwork() error {
 	}
 
 	// Configure CNI in the Windows VM
-	if err := nc.configureCNI(); err != nil {
-		return errors.Wrapf(err, "error configuring CNI for %s", nc.node.GetName())
-	}
 	// Start the kube-proxy service
 	if err := nc.Windows.ConfigureKubeProxy(nc.node.GetName(), nc.node.Annotations[HybridOverlaySubnet]); err != nil {
 		return errors.Wrapf(err, "error starting kube-proxy for %s", nc.node.GetName())
@@ -421,7 +418,7 @@ func (nc *nodeConfig) configureCNI() error {
 		return errors.Wrap(err, "error populating host subnet in node network")
 	}
 	// populate the CNI config file with the host subnet, service network CIDR and IP address of the Windows VM
-	configFile, err := nc.network.populateCniConfig(nc.clusterServiceCIDR, nc.GetIPv4Address(), payload.CNIConfigTemplatePath)
+	configFile, err := nc.network.populateCniConfig(nc.clusterServiceCIDR, nc.GetIPv4Address(), payload.CNIConfigScriptTemplatePath)
 	if err != nil {
 		return errors.Wrapf(err, "error populating CNI config file %s", configFile)
 	}

pkg/nodeconfig/payload/payload.go

@@ -3,9 +3,8 @@ package payload
 import (
 	"crypto/sha256"
 	"fmt"
-	"io/ioutil"
-
 	"github.com/pkg/errors"
+	"io/ioutil"
 )
 
 // Payload files
@@ -46,8 +45,10 @@ const (
 	// WinOverlayCNIPlugin is the path of the win-overlay CNI Plugin binary. The container image should already have
 	// this binary mounted
 	WinOverlayCNIPlugin = payloadDirectory + cniDirectory + "win-overlay.exe"
-	// CNIConfigTemplatePath is the path for CNI config template
-	CNIConfigTemplatePath = payloadDirectory + cniDirectory + "cni-conf-template.json"
+	// CNIConfigScriptTemplatePath is the path for CNI config template
+	CNIConfigScriptTemplatePath = payloadDirectory + "/powershell/cni-conf-template.ps1"
+	// CNIConfigScriptPath is the path for generated CNI Config Script
+	CNIConfigScriptPath = payloadDirectory + "/generated/cni-conf.ps1"
 	// HybridOverlayName is the name of the hybrid overlay executable
 	HybridOverlayName = "hybrid-overlay-node.exe"
 	// HybridOverlayPath contains the path of the hybrid overlay binary. The container image should already have this

pkg/services/services.go

@@ -2,6 +2,7 @@ package services
 
 import (
 	"fmt"
+	"github.com/openshift/windows-machine-config-operator/pkg/nodeconfig"
 
 	"github.com/openshift/windows-machine-config-operator/pkg/servicescm"
 	"github.com/openshift/windows-machine-config-operator/pkg/windows"
@@ -20,6 +21,7 @@ func GenerateManifest(vxlanPort string, debug bool) (*servicescm.Data, error) {
 		Priority:                     1,
 	},
 		hybridOverlayConfiguration(vxlanPort, debug),
+		kubeProxyConfiguration(),
 	}
 	// TODO: All payload filenames and checksums must be added here https://issues.redhat.com/browse/WINC-847
 	files := &[]servicescm.FileInfo{}
@@ -56,3 +58,36 @@ func hybridOverlayConfiguration(vxlanPort string, debug bool) servicescm.Service
 		Priority:                     1,
 	}
 }
+
+// kubeProxyConfiguration returns the Service definition for kube-proxy
+func kubeProxyConfiguration() servicescm.Service {
+	kubeProxyServiceCommand := fmt.Sprintf("%s --windows-service --v=4 --proxy-mode=kernelspace "+
+		"--feature-gates=WinOverlay=true --hostname-override=NODE_NAME --kubeconfig=%s --cluster-cidr=NODE_SUBNET "+
+		"--log-dir=%s --logtostderr=false --network-name=%s --source-vip=SUBNET --enable-dsr=false",
+		windows.KubeProxyPath, windows.KubeconfigPath, windows.KubeProxyLogDir,
+		windows.OVNKubeOverlayNetwork)
+
+	return servicescm.Service{
+		Name:    windows.KubeProxyServiceName,
+		Command: kubeProxyServiceCommand,
+		NodeVariablesInCommand: []servicescm.NodeCmdArg{
+			{
+				Name:               "NODE_NAME",
+				NodeObjectJsonPath: "{.metadata.name}",
+			},
+			{
+				Name:               "NODE_SUBNET",
+				NodeObjectJsonPath: fmt.Sprintf("{.metadata.annotations[%s]}", nodeconfig.HybridOverlaySubnet),
+			},
+		},
+		PowershellVariablesInCommand: []servicescm.PowershellCmdArg{
+			{
+				Name: "SOURCE_VIP",
+				Path: "",
+			},
+		},
+		Dependencies: []string{windows.HybridOverlayServiceName},
+		Bootstrap:    false,
+		Priority:     2,
+	}
+}