From a30ad1e5a540746d5320e2cf555313c629cb4be9 Mon Sep 17 00:00:00 2001
From: Neven Miculinic <neven.miculinic@gmail.com>
Date: Wed, 10 Apr 2019 13:16:15 +0200
Subject: [PATCH] Added generic CNI network plugin (#4322)

* Added generic CNI network plugin

* Added CNI network plugin documentation

* added necessary fix
---
 docs/cni.md                                         | 10 ++++++++++
 .../sample/group_vars/k8s-cluster/k8s-cluster.yml   |  2 +-
 .../network_plugin/cni/tasks/main.yml               | 13 +++++++++++++
 roles/kubernetes-apps/network_plugin/meta/main.yml  |  5 +++++
 .../node/templates/kubelet.kubeadm.env.j2           |  2 +-
 .../preinstall/tasks/0020-verify-settings.yml       |  2 +-
 roles/network_plugin/cni/tasks/main.yml             | 13 +++++++++++++
 7 files changed, 44 insertions(+), 3 deletions(-)
 create mode 100644 docs/cni.md
 create mode 100644 roles/kubernetes-apps/network_plugin/cni/tasks/main.yml
 create mode 100644 roles/network_plugin/cni/tasks/main.yml

diff --git a/docs/cni.md b/docs/cni.md
new file mode 100644
index 000000000..e58c9e570
--- /dev/null
+++ b/docs/cni.md
@@ -0,0 +1,10 @@
+CNI
+==============
+
+This network plugin only unpacks CNI plugins version `cni_version` into `/opt/cni/bin` and instructs kubelet to use cni, that is adds following cli params:
+
+`KUBELET_NETWORK_PLUGIN="--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"`
+
+It's intended usage is for custom CNI configuration, e.g. manual routing tables + bridge + loopback CNI plugin outside kubespray scope. Furthermore, it's used for non-kubespray supported CNI plugins which you can install afterward.
+
+You are required to fill `/etc/cni/net.d` with valid CNI configuration after using kubespray.
\ No newline at end of file
diff --git a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
index 3d74b98f9..e24caef35 100644
--- a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
+++ b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
@@ -70,7 +70,7 @@ kube_users:
 # kube_oidc_groups_prefix: oidc:
 
 
-# Choose network plugin (cilium, calico, contiv, weave or flannel)
+# Choose network plugin (cilium, calico, contiv, weave or flannel. Use cni for generic cni plugin)
 # Can also be set to 'cloud', which lets the cloud provider setup appropriate routing
 kube_network_plugin: calico
 
diff --git a/roles/kubernetes-apps/network_plugin/cni/tasks/main.yml b/roles/kubernetes-apps/network_plugin/cni/tasks/main.yml
new file mode 100644
index 000000000..80c08dddf
--- /dev/null
+++ b/roles/kubernetes-apps/network_plugin/cni/tasks/main.yml
@@ -0,0 +1,13 @@
+- name: CNI | make sure /opt/cni/bin exists
+  file:
+    path: /opt/cni/bin
+    state: directory
+    mode: 0755
+    owner: root
+    group: root
+- name: CNI | Copy cni plugins
+  unarchive:
+    src: "{{ local_release_dir }}/cni-plugins-{{ image_arch }}-{{ cni_version }}.tgz"
+    dest: "/opt/cni/bin"
+    mode: 0755
+    remote_src: yes
diff --git a/roles/kubernetes-apps/network_plugin/meta/main.yml b/roles/kubernetes-apps/network_plugin/meta/main.yml
index 8d2a5be1b..3d4ac3cc9 100644
--- a/roles/kubernetes-apps/network_plugin/meta/main.yml
+++ b/roles/kubernetes-apps/network_plugin/meta/main.yml
@@ -25,6 +25,11 @@ dependencies:
     tags:
       - contiv
 
+  - role: kubernetes-apps/network_plugin/cni
+    when: kube_network_plugin == 'cni'
+    tags:
+      - cni
+
   - role: kubernetes-apps/network_plugin/weave
     when: kube_network_plugin == 'weave'
     tags:
diff --git a/roles/kubernetes/node/templates/kubelet.kubeadm.env.j2 b/roles/kubernetes/node/templates/kubelet.kubeadm.env.j2
index 2d40ac98b..b1b510d76 100644
--- a/roles/kubernetes/node/templates/kubelet.kubeadm.env.j2
+++ b/roles/kubernetes/node/templates/kubelet.kubeadm.env.j2
@@ -117,7 +117,7 @@ KUBELET_HOSTNAME="--hostname-override={{ kube_override_hostname }}"
 {% endif %}
 
 KUBELET_ARGS="{{ kubelet_args_base }} {{ kubelet_args_dns }} {{ kube_reserved }} {% if node_taints|default([]) %}--register-with-taints={{ node_taints | join(',') }} {% endif %}--node-labels={{ all_node_labels | join(',') }} {% if kube_feature_gates %} --feature-gates={{ kube_feature_gates|join(',') }} {% endif %} {% if kubelet_custom_flags is string %} {{kubelet_custom_flags}} {% else %}{% for flag in kubelet_custom_flags %} {{flag}} {% endfor %}{% endif %}{% if inventory_hostname in groups['kube-node'] %}{% if kubelet_node_custom_flags is string %} {{kubelet_node_custom_flags}} {% else %}{% for flag in kubelet_node_custom_flags %} {{flag}} {% endfor %}{% endif %}{% endif %}"
-{% if kube_network_plugin is defined and kube_network_plugin in ["calico", "canal", "flannel", "weave", "contiv", "cilium", "kube-router"] %}
+{% if kube_network_plugin is defined and kube_network_plugin in ["calico", "canal", "cni", "flannel", "weave", "contiv", "cilium", "kube-router"] %}
 KUBELET_NETWORK_PLUGIN="--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"
 {% elif kube_network_plugin is defined and kube_network_plugin == "cloud" %}
 KUBELET_NETWORK_PLUGIN="--hairpin-mode=promiscuous-bridge --network-plugin=kubenet"
diff --git a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
index 4317f86f1..599484878 100644
--- a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
+++ b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
@@ -20,7 +20,7 @@
 
 - name: Stop if unknown network plugin
   assert:
-    that: kube_network_plugin in ['calico', 'canal', 'flannel', 'weave', 'cloud', 'cilium', 'contiv', 'kube-router']
+    that: kube_network_plugin in ['calico', 'canal', 'flannel', 'weave', 'cloud', 'cilium', 'cni', 'contiv', 'kube-router']
   when: kube_network_plugin is defined
   ignore_errors: "{{ ignore_assert_errors }}"
 
diff --git a/roles/network_plugin/cni/tasks/main.yml b/roles/network_plugin/cni/tasks/main.yml
new file mode 100644
index 000000000..80c08dddf
--- /dev/null
+++ b/roles/network_plugin/cni/tasks/main.yml
@@ -0,0 +1,13 @@
+- name: CNI | make sure /opt/cni/bin exists
+  file:
+    path: /opt/cni/bin
+    state: directory
+    mode: 0755
+    owner: root
+    group: root
+- name: CNI | Copy cni plugins
+  unarchive:
+    src: "{{ local_release_dir }}/cni-plugins-{{ image_arch }}-{{ cni_version }}.tgz"
+    dest: "/opt/cni/bin"
+    mode: 0755
+    remote_src: yes
-- 
GitLab