diff --git a/yaml/Makefile b/yaml/Makefile index cba0b975..c64d4b6c 100644 --- a/yaml/Makefile +++ b/yaml/Makefile @@ -18,6 +18,8 @@ build: clean kubectl kustomize overlays/dpdk > generated/calico-vpp-dpdk.yaml kubectl kustomize overlays/eks > generated/calico-vpp-eks.yaml kubectl kustomize overlays/eks-dpdk > generated/calico-vpp-eks-dpdk.yaml + kubectl kustomize overlays/eks-multinet > generated/calico-vpp-eks-multinet.yaml + kubectl kustomize overlays/eks-dpdk-multinet > generated/calico-vpp-eks-dpdk-multinet.yaml kubectl kustomize overlays/kind > generated/calico-vpp-kind.yaml kubectl kustomize overlays/kind-multinet > generated/calico-vpp-kind-multinet.yaml # Do not export the test-* overlays, but still check they compile diff --git a/yaml/generated/calico-vpp-eks-dpdk-multinet.yaml b/yaml/generated/calico-vpp-eks-dpdk-multinet.yaml new file mode 100644 index 00000000..8a136ed2 --- /dev/null +++ b/yaml/generated/calico-vpp-eks-dpdk-multinet.yaml @@ -0,0 +1,408 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: calico-vpp-dataplane +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: calico-vpp-node-sa + namespace: calico-vpp-dataplane +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: calico-vpp-node-role +rules: +- apiGroups: + - "" + resources: + - pods + - nodes + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - endpoints + - services + verbs: + - watch + - list + - get + - create + - update +- apiGroups: + - k8s.cni.cncf.io + resources: + - network-attachment-definitions + verbs: + - watch + - get + - list +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - "" + resources: + - nodes/status + verbs: + - patch + - update +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - watch + - list +- apiGroups: + - "" + resources: + - pods + - namespaces + - serviceaccounts + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - pods/status + verbs: + - patch +- apiGroups: + - projectcalico.org + resources: + - networks + verbs: + - list + - get + - watch +- apiGroups: + - crd.projectcalico.org + resources: + - globalfelixconfigs + - felixconfigurations + - bgppeers + - bgpfilters + - globalbgpconfigs + - bgpconfigurations + - ippools + - ipamblocks + - globalnetworkpolicies + - globalnetworksets + - networkpolicies + - networksets + - clusterinformations + - hostendpoints + - blockaffinities + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - crd.projectcalico.org + resources: + - blockaffinities + - ipamblocks + - ipamhandles + verbs: + - get + - list + - create + - update + - delete +- apiGroups: + - crd.projectcalico.org + resources: + - ipamconfigs + verbs: + - get +- apiGroups: + - crd.projectcalico.org + resources: + - blockaffinities + verbs: + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: calico-vpp-node +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: calico-vpp-node-role +subjects: +- kind: ServiceAccount + name: calico-vpp-node-sa + namespace: calico-vpp-dataplane +--- +apiVersion: v1 +data: + CALICOVPP_CONFIG_TEMPLATE: |- + unix { + nodaemon + full-coredump + cli-listen /var/run/vpp/cli.sock + pidfile /run/vpp/vpp.pid + exec /etc/vpp/startup.exec + } + api-trace { on } + cpu { + workers 0 + } + socksvr { + socket-name /var/run/vpp/vpp-api.sock + } + plugins { + plugin default { enable } + plugin dpdk_plugin.so { disable } + plugin calico_plugin.so { enable } + plugin ping_plugin.so { disable } + plugin dispatch_trace_plugin.so { enable } + } + buffers { + buffers-per-numa 131072 + } + CALICOVPP_FEATURE_GATES: |- + { + "memifEnabled": true, + "vclEnabled": true, + "multinetEnabled": true + } + CALICOVPP_INITIAL_CONFIG: |- + { + "vppStartupSleepSeconds": 1, + "corePattern": "/var/lib/vpp/vppcore.%e.%p" + } + CALICOVPP_INTERFACES: |- + { + "maxPodIfSpec": { + "rx": 10, "tx": 10, "rxqsz": 1024, "txqsz": 1024 + }, + "defaultPodIfSpec": { + "rx": 1, "tx":1, "isl3": true + }, + "vppHostTapSpec": { + "rx": 1, "tx":1, "rxqsz": 1024, "txqsz": 1024, "isl3": false + }, + "uplinkInterfaces": [ + { + "interfaceName": "eth0", + "vppDriver": "dpdk" + } + ] + } + SERVICE_PREFIX: 10.100.0.0/16 +kind: ConfigMap +metadata: + name: calico-vpp-config + namespace: calico-vpp-dataplane +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: calico-vpp-node + name: multinet-monitor-deployment + namespace: calico-vpp-dataplane +spec: + replicas: 1 + selector: + matchLabels: + k8s-app: calico-vpp-node + template: + metadata: + labels: + k8s-app: calico-vpp-node + spec: + containers: + - image: docker.io/calicovpp/multinet-monitor:latest + imagePullPolicy: IfNotPresent + name: multinet-monitor + resources: + requests: + cpu: 250m + serviceAccountName: calico-vpp-node-sa +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + k8s-app: calico-vpp-node + name: calico-vpp-node + namespace: calico-vpp-dataplane +spec: + selector: + matchLabels: + k8s-app: calico-vpp-node + template: + metadata: + labels: + k8s-app: calico-vpp-node + spec: + containers: + - env: + - name: CALICOVPP_HOOK_BEFORE_VPP_RUN + value: echo 'sudo systemctl stop network ; sudo systemctl kill network' + | chroot /host + - name: CALICOVPP_HOOK_VPP_RUNNING + value: echo 'sudo systemctl start network' | chroot /host + - name: CALICOVPP_HOOK_VPP_DONE_OK + value: echo 'sudo systemctl stop network ; sudo systemctl kill network ; + sudo systemctl start network' | chroot /host + - name: CALICOVPP_HOOK_VPP_ERRORED + value: echo 'sudo systemctl stop network ; sudo systemctl kill network ; + sudo systemctl start network' | chroot /host + - name: DATASTORE_TYPE + value: kubernetes + - name: WAIT_FOR_DATASTORE + value: "true" + - name: NODENAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + envFrom: + - configMapRef: + name: calico-vpp-config + image: docker.io/calicovpp/vpp:latest + imagePullPolicy: IfNotPresent + name: vpp + resources: + limits: + hugepages-2Mi: 512Mi + requests: + cpu: 500m + memory: 512Mi + securityContext: + privileged: true + volumeMounts: + - mountPath: /lib/firmware + name: lib-firmware + - mountPath: /var/run/vpp + name: vpp-rundir + - mountPath: /var/lib/vpp + name: vpp-data + - mountPath: /etc/vpp + name: vpp-config + - mountPath: /dev + name: devices + - mountPath: /sys + name: hostsys + - mountPath: /run/netns/ + mountPropagation: Bidirectional + name: netns + - mountPath: /host + name: host-root + - env: + - name: DATASTORE_TYPE + value: kubernetes + - name: WAIT_FOR_DATASTORE + value: "true" + - name: NODENAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + envFrom: + - configMapRef: + name: calico-vpp-config + image: docker.io/calicovpp/agent:latest + imagePullPolicy: IfNotPresent + name: agent + resources: + requests: + cpu: 250m + securityContext: + privileged: true + volumeMounts: + - mountPath: /var/run/calico + name: var-run-calico + readOnly: false + - mountPath: /var/lib/calico/felix-plugins + name: felix-plugins + readOnly: false + - mountPath: /var/run/vpp + name: vpp-rundir + - mountPath: /run/netns/ + mountPropagation: Bidirectional + name: netns + hostNetwork: true + hostPID: true + initContainers: + - command: + - /entrypoint + image: docker.io/calicovpp/install-whereabouts:latest + name: install-whereabouts + volumeMounts: + - mountPath: /host/opt/cni/bin + name: cni-bin-dir + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-node-critical + serviceAccountName: calico-vpp-node-sa + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + operator: Exists + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - hostPath: + path: /opt/cni/bin + name: cni-bin-dir + - hostPath: + path: /lib/firmware + name: lib-firmware + - hostPath: + path: /var/run/vpp + name: vpp-rundir + - hostPath: + path: /var/lib/vpp + type: DirectoryOrCreate + name: vpp-data + - hostPath: + path: /etc/vpp + name: vpp-config + - hostPath: + path: /dev + name: devices + - hostPath: + path: /sys + name: hostsys + - hostPath: + path: /var/run/calico + name: var-run-calico + - hostPath: + path: /run/netns + name: netns + - hostPath: + path: /var/lib/calico/felix-plugins + name: felix-plugins + - hostPath: + path: / + name: host-root + updateStrategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate diff --git a/yaml/generated/calico-vpp-eks-multinet.yaml b/yaml/generated/calico-vpp-eks-multinet.yaml new file mode 100644 index 00000000..fa48a7b3 --- /dev/null +++ b/yaml/generated/calico-vpp-eks-multinet.yaml @@ -0,0 +1,406 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: calico-vpp-dataplane +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: calico-vpp-node-sa + namespace: calico-vpp-dataplane +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: calico-vpp-node-role +rules: +- apiGroups: + - "" + resources: + - pods + - nodes + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - endpoints + - services + verbs: + - watch + - list + - get + - create + - update +- apiGroups: + - k8s.cni.cncf.io + resources: + - network-attachment-definitions + verbs: + - watch + - get + - list +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - "" + resources: + - nodes/status + verbs: + - patch + - update +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - watch + - list +- apiGroups: + - "" + resources: + - pods + - namespaces + - serviceaccounts + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - pods/status + verbs: + - patch +- apiGroups: + - projectcalico.org + resources: + - networks + verbs: + - list + - get + - watch +- apiGroups: + - crd.projectcalico.org + resources: + - globalfelixconfigs + - felixconfigurations + - bgppeers + - bgpfilters + - globalbgpconfigs + - bgpconfigurations + - ippools + - ipamblocks + - globalnetworkpolicies + - globalnetworksets + - networkpolicies + - networksets + - clusterinformations + - hostendpoints + - blockaffinities + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - crd.projectcalico.org + resources: + - blockaffinities + - ipamblocks + - ipamhandles + verbs: + - get + - list + - create + - update + - delete +- apiGroups: + - crd.projectcalico.org + resources: + - ipamconfigs + verbs: + - get +- apiGroups: + - crd.projectcalico.org + resources: + - blockaffinities + verbs: + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: calico-vpp-node +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: calico-vpp-node-role +subjects: +- kind: ServiceAccount + name: calico-vpp-node-sa + namespace: calico-vpp-dataplane +--- +apiVersion: v1 +data: + CALICOVPP_CONFIG_TEMPLATE: |- + unix { + nodaemon + full-coredump + cli-listen /var/run/vpp/cli.sock + pidfile /run/vpp/vpp.pid + exec /etc/vpp/startup.exec + } + api-trace { on } + cpu { + workers 0 + } + socksvr { + socket-name /var/run/vpp/vpp-api.sock + } + plugins { + plugin default { enable } + plugin dpdk_plugin.so { disable } + plugin calico_plugin.so { enable } + plugin ping_plugin.so { disable } + plugin dispatch_trace_plugin.so { enable } + } + buffers { + buffers-per-numa 131072 + } + CALICOVPP_FEATURE_GATES: |- + { + "memifEnabled": true, + "vclEnabled": true, + "multinetEnabled": true + } + CALICOVPP_INITIAL_CONFIG: |- + { + "vppStartupSleepSeconds": 1, + "corePattern": "/var/lib/vpp/vppcore.%e.%p" + } + CALICOVPP_INTERFACES: |- + { + "maxPodIfSpec": { + "rx": 10, "tx": 10, "rxqsz": 1024, "txqsz": 1024 + }, + "defaultPodIfSpec": { + "rx": 1, "tx":1, "isl3": true + }, + "vppHostTapSpec": { + "rx": 1, "tx":1, "rxqsz": 1024, "txqsz": 1024, "isl3": false + }, + "uplinkInterfaces": [ + { + "interfaceName": "eth0", + "vppDriver": "af_packet" + } + ] + } + SERVICE_PREFIX: 10.100.0.0/16 +kind: ConfigMap +metadata: + name: calico-vpp-config + namespace: calico-vpp-dataplane +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: calico-vpp-node + name: multinet-monitor-deployment + namespace: calico-vpp-dataplane +spec: + replicas: 1 + selector: + matchLabels: + k8s-app: calico-vpp-node + template: + metadata: + labels: + k8s-app: calico-vpp-node + spec: + containers: + - image: docker.io/calicovpp/multinet-monitor:latest + imagePullPolicy: IfNotPresent + name: multinet-monitor + resources: + requests: + cpu: 250m + serviceAccountName: calico-vpp-node-sa +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + k8s-app: calico-vpp-node + name: calico-vpp-node + namespace: calico-vpp-dataplane +spec: + selector: + matchLabels: + k8s-app: calico-vpp-node + template: + metadata: + labels: + k8s-app: calico-vpp-node + spec: + containers: + - env: + - name: CALICOVPP_HOOK_BEFORE_VPP_RUN + value: echo 'sudo systemctl stop network ; sudo systemctl kill network' + | chroot /host + - name: CALICOVPP_HOOK_VPP_RUNNING + value: echo 'sudo systemctl start network' | chroot /host + - name: CALICOVPP_HOOK_VPP_DONE_OK + value: echo 'sudo systemctl stop network ; sudo systemctl kill network ; + sudo systemctl start network' | chroot /host + - name: CALICOVPP_HOOK_VPP_ERRORED + value: echo 'sudo systemctl stop network ; sudo systemctl kill network ; + sudo systemctl start network' | chroot /host + - name: DATASTORE_TYPE + value: kubernetes + - name: WAIT_FOR_DATASTORE + value: "true" + - name: NODENAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + envFrom: + - configMapRef: + name: calico-vpp-config + image: docker.io/calicovpp/vpp:latest + imagePullPolicy: IfNotPresent + name: vpp + resources: + requests: + cpu: 500m + memory: 512Mi + securityContext: + privileged: true + volumeMounts: + - mountPath: /lib/firmware + name: lib-firmware + - mountPath: /var/run/vpp + name: vpp-rundir + - mountPath: /var/lib/vpp + name: vpp-data + - mountPath: /etc/vpp + name: vpp-config + - mountPath: /dev + name: devices + - mountPath: /sys + name: hostsys + - mountPath: /run/netns/ + mountPropagation: Bidirectional + name: netns + - mountPath: /host + name: host-root + - env: + - name: DATASTORE_TYPE + value: kubernetes + - name: WAIT_FOR_DATASTORE + value: "true" + - name: NODENAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + envFrom: + - configMapRef: + name: calico-vpp-config + image: docker.io/calicovpp/agent:latest + imagePullPolicy: IfNotPresent + name: agent + resources: + requests: + cpu: 250m + securityContext: + privileged: true + volumeMounts: + - mountPath: /var/run/calico + name: var-run-calico + readOnly: false + - mountPath: /var/lib/calico/felix-plugins + name: felix-plugins + readOnly: false + - mountPath: /var/run/vpp + name: vpp-rundir + - mountPath: /run/netns/ + mountPropagation: Bidirectional + name: netns + hostNetwork: true + hostPID: true + initContainers: + - command: + - /entrypoint + image: docker.io/calicovpp/install-whereabouts:latest + name: install-whereabouts + volumeMounts: + - mountPath: /host/opt/cni/bin + name: cni-bin-dir + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-node-critical + serviceAccountName: calico-vpp-node-sa + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + operator: Exists + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - hostPath: + path: /opt/cni/bin + name: cni-bin-dir + - hostPath: + path: /lib/firmware + name: lib-firmware + - hostPath: + path: /var/run/vpp + name: vpp-rundir + - hostPath: + path: /var/lib/vpp + type: DirectoryOrCreate + name: vpp-data + - hostPath: + path: /etc/vpp + name: vpp-config + - hostPath: + path: /dev + name: devices + - hostPath: + path: /sys + name: hostsys + - hostPath: + path: /var/run/calico + name: var-run-calico + - hostPath: + path: /run/netns + name: netns + - hostPath: + path: /var/lib/calico/felix-plugins + name: felix-plugins + - hostPath: + path: / + name: host-root + updateStrategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate diff --git a/yaml/overlays/eks-dpdk-multinet/kustomization.yaml b/yaml/overlays/eks-dpdk-multinet/kustomization.yaml new file mode 100644 index 00000000..99ce75dc --- /dev/null +++ b/yaml/overlays/eks-dpdk-multinet/kustomization.yaml @@ -0,0 +1,4 @@ +resources: +- ../eks-dpdk +components: +- ../../components/multinet diff --git a/yaml/overlays/eks-multinet/kustomization.yaml b/yaml/overlays/eks-multinet/kustomization.yaml new file mode 100644 index 00000000..bea906eb --- /dev/null +++ b/yaml/overlays/eks-multinet/kustomization.yaml @@ -0,0 +1,4 @@ +resources: +- ../eks +components: +- ../../components/multinet