Add Calico

Signed-off-by: Pierre Boudvillain <pierre.boudvil1@gmail.com>
rootless-containers · Jul 21, 2023 · b0421a6 · b0421a6
1 parent 7bd1146
commit b0421a6
Show file tree

Hide file tree

Showing 5 changed files with 60 additions and 4 deletions.
diff --git a/.gitignore b/.gitignore
@@ -4,3 +4,4 @@ _artifact/
 *.pem
 *.csr
 *.kubeconfig
+manifests/calico/tigera-operator.yaml
diff --git a/Makefile b/Makefile
@@ -10,6 +10,7 @@ _binaries:
 	$(eval cid := $(shell docker create $(IMAGE)))
 	docker cp $(cid):/home/user/usernetes/bin ./bin
 	docker rm $(cid)
+	curl https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/tigera-operator.yaml --output manifests/calico/tigera-operator.yaml
 
 image:
 ifeq ($(DOCKER_BUILDKIT),1)

diff --git a/boot/rootlesskit.sh b/boot/rootlesskit.sh
@@ -12,6 +12,7 @@ rk_state_dir=$XDG_RUNTIME_DIR/usernetes/rootlesskit
 : ${U7S_ROOTLESSKIT_FLAGS=}
 : ${U7S_ROOTLESSKIT_PORTS=}
 : ${U7S_FLANNEL=}
+: ${U7S_CALICO=0}
 
 : ${_U7S_CHILD=0}
 if [[ $_U7S_CHILD == 0 ]]; then
@@ -64,7 +65,11 @@ else
 
 	# Copy CNI config to /etc/cni/net.d (Likely to be hardcoded in CNI installers)
 	mkdir -p /etc/cni/net.d
-	cp -f $U7S_BASE_DIR/config/cni_net.d/* /etc/cni/net.d
+
+	# Disable bridge cni when using calico
+	if [[ $U7S_CALICO == 0 ]]; then
+		cp -f $U7S_BASE_DIR/config/cni_net.d/* /etc/cni/net.d
+	fi
 	if [[ $U7S_FLANNEL == 1 ]]; then
 		cp -f $U7S_BASE_DIR/config/flannel/cni_net.d/* /etc/cni/net.d
 		mkdir -p /run/flannel

diff --git a/install.sh b/install.sh
@@ -51,7 +51,7 @@ function usage() {
 	echo
 	echo "  --start=UNIT        Enable and start the specified target after the installation, e.g. \"u7s.target\". Set to an empty to disable autostart. (Default: \"$start\")"
 	echo "  --cri=RUNTIME       Specify CRI runtime, \"containerd\" or \"crio\". (Default: \"$cri\")"
-	echo '  --cni=RUNTIME       Specify CNI, an empty string (none) or "flannel". (Default: none)'
+	echo '  --cni=RUNTIME       Specify CNI, an empty string (none), \"calico\" or "flannel". (Default: none)'
 	echo "  -p, --publish=PORT  Publish ports in RootlessKit's network namespace, e.g. \"0.0.0.0:10250:10250/tcp\". Can be specified multiple times. (Default: \"${publish_default}\")"
 	echo "  --cidr=CIDR         Specify CIDR of RootlessKit's network namespace, e.g. \"10.0.100.0/24\". (Default: \"$cidr\")"
 	echo
@@ -107,7 +107,7 @@ while true; do
 	--cni)
 		cni="$2"
 		case "$cni" in
-		"" | "flannel") ;;
+		"" | "flannel" | "calico") ;;
 
 		*)
 			ERROR "Unknown CNI \"$cni\". Supported values: \"\" (default) \"flannel\" ."
@@ -429,6 +429,13 @@ EOF
 	fi
 fi
 
+# Need to enable calico before starting rootlesskit
+if [ "$cni" = "calico" ]; then
+	cat <<EOF >>${config_dir}/usernetes/env
+U7S_CALICO=1
+EOF
+fi
+
 ### Secret encryption
 if [ ! -f ${config_dir}/usernetes/master/secrets-encryption.yaml.template ]; then
 	INFO "Enabling secrets encryption"
@@ -491,6 +498,14 @@ subjects:
     kind: User
     name: kubernetes
 EOF
+	if [ "$cni" = "calico" ]; then
+		INFO "Installing calico"
+		set -x
+		kubectl create -f ${base}/manifests/calico/tigera-operator.yaml
+		${base}/manifests/calico/custom-resources.sh
+		set +x
+		sleep 30
+	fi
 	INFO "Installing CoreDNS"
 	set -x
 	# sleep for waiting the node to be available
@@ -501,7 +516,7 @@ EOF
 	INFO "Waiting for CoreDNS pods to be available"
 	set -x
 	# sleep for waiting the pod object to be created
-	sleep 3
+	sleep 10
 	kubectl -n kube-system wait --for=condition=ready pod -l k8s-app=kube-dns
 	kubectl get pods -A -o wide
 	set +x

diff --git a/manifests/calico/custom-resources.sh b/manifests/calico/custom-resources.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+export U7S_BASE_DIR=$(realpath $(dirname $0)/../..)
+source $U7S_BASE_DIR/common/common.inc.sh
+
+mkdir -p $XDG_RUNTIME_DIR/usernetes/calico
+cat >$XDG_RUNTIME_DIR/usernetes/calico/custom-resources.yaml <<EOF
+apiVersion: operator.tigera.io/v1
+kind: Installation
+metadata:
+  name: default
+spec:
+  # Configures Calico networking.
+  calicoNetwork:
+    # Note: The ipPools section cannot be modified post-install.
+    ipPools:
+    - blockSize: 26
+      cidr: 10.88.0.0/16
+      encapsulation: VXLANCrossSubnet
+      natOutgoing: Enabled
+      nodeSelector: all()
+  kubeletVolumePluginPath: "$XDG_DATA_HOME/usernetes/kubelet"
+  nonPrivileged: Enabled
+  flexVolumePath: "$XDG_DATA_HOME/usernetes/kubelet-plugins-exec"
+
+---
+apiVersion: operator.tigera.io/v1
+kind: APIServer
+metadata:
+  name: default
+spec: {}
+EOF
+
+exec $U7S_BASE_DIR/boot/nsenter.sh kubectl \
+	create -f "$XDG_RUNTIME_DIR/usernetes/calico/custom-resources.yaml"