multus: allow using NADs without inspectable CIDRs

[BlaineEXE]

Description of your changes:

Change how Rook detects network CIDRs for Multus networks. The IPAM
configuration is only defined as an arbitrary string JSON blob with a
"type" field and nothing more. Rook's detection of CIDRs for whereabouts
had already grown out of date since the initial implementation.
Additionally, Rook did not support DHCP IPAM, which is a reasonable
choice for users. And more, Rook did not support CNI plugin chaining,
which further complicates NADs. Based on the CNI spec, network chaning
can result in any changes to network CIDRs from the first-given plugin.

All these problems make it more and more difficult for Rook to support
Multus by inspecting the NAD itself to predict network CIDRs. Instead,
it is better for Rook to treat the CNI process as a black box. To
preserve legacy functionality of auto-detecting networks and to make
that as robust as possible, change to a canary-style architecture like
that used for Ceph mons, from which Rook will detect the network CIDRs
if possible.

Also allow users to specify overrides for CIDR ranges. This allows Rook
to still support esoteric and unexpected NAD or network configurations
where a CIDR range is not detectable or where the range detected would
be incomplete. Because it may be impossible for Rook to understand the
network CIDRs wholistically while residing only on a portion of the
network, this feature should have been present from Multus's inception.

Improving CIDR auto-detection and allowing users to specify overrides
for auto-detected CIDRs rounds out Rook's Multus support for CephCluster
(core/RADOS) installations. No further architectural changes should be
needed for CephClusters as regards application of public/cluster network
CIDRs for Multus networks.

Signed-off-by: Blaine Gardner blaine.gardner@ibm.com

Which issue is resolved by this Pull Request:
Resolves #12459

Checklist:

• Commit Message Formatting: Commit titles and messages follow guidelines in the developer guide.
• Skip Tests for Docs: If this is only a documentation change, add the label skip-ci on the PR.
• Reviewed the developer guide on Submitting a Pull Request
• Pending release notes updated with breaking and/or notable changes for the next minor release.
• Documentation has been updated, if necessary.
• Unit tests have been added, if necessary.
• Integration tests have been added, if necessary.

[BlaineEXE]

Note to self: TODO: remove this

[BlaineEXE]

This is ready for review, but I am adding do not merge label while I test this for DHCP networks. Results of this testing may inform some doc or minor code changes.

[BlaineEXE]

These changes may not be technically necessary, but I wasted at least 5 hours adding the operator config to this struct and all of the code places where it is called by parents before I realized that rookVersion was being used to hold the rook image string. I'd rather this not happen to anyone else.

[travisn]

Agreed, I have been confused by this as well

[BlaineEXE]

I suggest reading this before reviewing.

[BlaineEXE]

@travisn thoughts?

[travisn]

Some environments are strict about requiring resource requests/limits on all pods, so we at least need an option. The requirements are going to be very low. I'd suggest we define a new category of resources for this in the cluster CR, though by default I'd say we don't need to set them.

[BlaineEXE]

I removed this todo without resolving it in this PR. It looks like the cmd reporter doesn't set any resource requests/requirements at all, and it looks like DetectCephVersion() also doesn't set any resources. Can we instead take an item to handle resources for the cmd-reporter as a general work item? I think it'll bloat this more, and it seems like we don't have anyone with any big problems around this today.

[travisn]

Oh interesting, if the cmd reporter already doesn't set requests/requirements, then we can skip it for now.

[subhamkrai]

Some issue with crds, maybe try make crds again?

[travisn]

The multus cluster test is failing:

+ sed -i 's|#deviceFilter:|deviceFilter: sdb|g' cluster-multus-test.yaml
sed: can't read cluster-multus-test.yaml: No such file or directory
Error: Process completed with exit code 2.

[travisn]

Looks great overall, just some minor comments and questions.

[travisn]

Some environments are strict about requiring resource requests/limits on all pods, so we at least need an option. The requirements are going to be very low. I'd suggest we define a new category of resources for this in the cluster CR, though by default I'd say we don't need to set them.

[travisn]

nit: What about a path like this? Maybe I just think of /tmp as a scratch folder for someone connecting to the pod.

Suggested change

	MountPath: "/tmp",
	MountPath: "/var/lib/rook/multus",

[travisn]

The only multus examples are in the docs now? What about updating this example to match the doc example?

[BlaineEXE]

This was an accidental deletion. The file should be back now, but let me know if you see it disappear again. I have been having trouble getting it to stay put for some reason

[travisn]

Can the note be placed next to the pattern above? It seems disconnected to be several lines below.

[travisn]

Agreed, I have been confused by this as well

[BlaineEXE]

Working to address feedback now, but I was able to confirm that the new auto-detection method is successfully able to get a valid CIDR when the DHCP IPAM is used. 🎉
I am not sure how to set this up in CI. I borrowed someone's home kube lab for the day to validate that.

[subhamkrai]

@BlaineEXE multus ci is failing because

pod/rook-ceph-network-cluster-canary-mgsqm          0/1     Init:1/2   0          6m18s   10.244.246.151   fv-az1031-835   <none>           <none>
pod/rook-ceph-network-public-canary-vk4nr           0/1     Init:1/2   0          6m18s   10.244.246.150   fv-az1031-835   <none>           <none>

 status:
    conditions:
    - lastProbeTime: null
      lastTransitionTime: "2023-09-06T00:15:59Z"
      message: 'containers with incomplete status: [wait-for-network-status-annotation]'
      reason: ContainersNotInitialized
      status: "False"
      type: Initialized

[travisn]

The CI is looking good, just reran a few tests to confirm they're intermittent. Good to see the multus test passing. I'm ready to approve assuming manual testing is completed.

[travisn]

outdated is one of the rendered keywords? I'm not even sure where the list is defined.

[BlaineEXE]

Good point. It looks like these are the ones we can use: https://squidfunk.github.io/mkdocs-material/reference/admonitions/

I think info, tip (more catching icon than info), or warning could be good choices.

[subhamkrai]

I'm putting LGTM, I had a few questions that have been addressed. Thanks