k8s, cluster-up: Copy istio CNI net conf to where Multus expects #932
Conversation
kubevirt-bot
added
the
dco-signoff: yes
fetch kubevirt/kubevirtci#932 changes Signed-off-by: Or Mergi <[email protected]>
| @@ -155,4 +163,5 @@ function up() { | |||
| sleep 5 | |||
| done | |||
|
|
|||
| copy_istio_cni_conf_files | |||
There was a problem hiding this comment.
Please add a FIXME comment linking to a tracker on Multus and also open an Issue under this repository, so we don't forget to clean up.
| function copy_istio_cni_conf_files() { | ||
| if [ "$KUBEVIRT_DEPLOY_ISTIO" == "true" ] && [ "$KUBEVIRT_WITH_CNAO" == "true" ]; then | ||
| for nodeNum in $(seq -f "%02g" 1 $KUBEVIRT_NUM_NODES); do | ||
| $ssh node${nodeNum} -- sudo cp -uv /etc/cni/multus/net.d/*istio*.conf /etc/cni/net.d/ |
There was a problem hiding this comment.
Would creating a symlink be an option too? It would allow us to keep it generic and we would not need to wait for Istio to finish deployment
There was a problem hiding this comment.
@phoracek it requires knowing the name of isito conf file that will be generated in order to create the link (though it won't likely to change), then it would be possible to create the link as part of deploy_istio() (before Isitio deployment ready), for example:
ISTIO_CONF_FILE_NAME="YYY-istio-cni.conf"
...
function deploy_istio() {
if [ "$KUBEVIRT_DEPLOY_ISTIO" == "true" ]; then
if [ "$KUBEVIRT_WITH_CNAO" == "true" ]; then
...
$ssh node${nodeNum} -- sudo ln -sr /etc/cni/multus/net.d/${ISTIO_CONF_FILE_NAME} /etc/cni/net.d/
...
WDYT?
There was a problem hiding this comment.
What I meant is linking the whole directory. So no matter from which one you read/write-to, we will always have the same set of configs
There was a problem hiding this comment.
It wont work because Multus dosent look for net conf files recursively nor look into links, the conf file must be copied.
There was a problem hiding this comment.
i see, interesting, thanks for checking that
| @@ -88,6 +88,14 @@ function wait_for_istio_ready() { | |||
| fi | |||
| } | |||
|
|
|||
| function copy_istio_cni_conf_files() { | |||
| if [ "$KUBEVIRT_DEPLOY_ISTIO" == "true" ] && [ "$KUBEVIRT_WITH_CNAO" == "true" ]; then | |||
There was a problem hiding this comment.
nit: please adjust indentation to the remainder of the script
There was a problem hiding this comment.
Thanks for the heads up, done
ormergi
force-pushed
the
multus-istio-intergation
branch
from
317ffef to
ee2e69f
Compare
Since Multus v4 it expects CNI net conf file to exist at '/etc/cni/net.d' but isitio generates then at '/etc/cni/multus/net.d'. Copy istio CNI net conf to where multus expects on cluster-up in order to enable deploying both Isitio and Multus v4 until proper solution is available, tracking issue [1] [2]. [1] kubevirt#906 [2] k8snetworkplumbingwg/multus-cni#982 Signed-off-by: Or Mergi <[email protected]>
ormergi
force-pushed
the
multus-istio-intergation
branch
from
ee2e69f to
af74d52
Compare
|
Changes: fixed missing |
|
Weird, the 1.26 provisioning lane is failing w/ But I see the pkg available online: ... let's blindly retest once. |
|
Can we be missing some packages on the 1.26 lanes ? |
|
aaaand, it ofcourse has the same issue 😕 |
|
Please note that this PR change has nothing to do with |
Yes but it will break the publishing, since the 1.26 will fail to build |
Signed-off-by: Or Mergi <[email protected]>
Oh, I didn't realize that, I though that it wont be included in the publish process since the lane is not mandatory :/ |
Yes that is how it should: |
Signed-off-by: Or Mergi <[email protected]>
|
/test check-provision-k8s-1.26 |
|
I am suspecting that the change originates from a change in vmlinuz and/or initrd.img which are both pulled during image creation. I am seeing a change on the initrd.img from the 12th of Dec and for vmlinuz on the 9th of Dec here: http://mirror.stream.centos.org/9-stream/BaseOS/x86_64/os/images/pxeboot/ |
Note that it is the same for centos8, |
|
/test check-provision-k8s-1.26 |
|
/test check-provision-k8s-1.26 |
|
/approve |
|
@dhiller: Overrode contexts on behalf of dhiller: check-up-kind-1.23-vgpu In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/test check-provision-k8s-1.26 |
| # copy_istio_cni_conf_files copy the generated Istio CNI net conf file | ||
| # (at '/etc/cni/multus/net.d/') to where Multus expect CNI net conf files ('/etc/cni/net.d/') | ||
| function copy_istio_cni_conf_files() { | ||
| if [ "$KUBEVIRT_DEPLOY_ISTIO" == "true" ] && [ "$KUBEVIRT_WITH_CNAO" == "true" ]; then |
There was a problem hiding this comment.
what about KUBVIRT_WITH_CNAO_SKIP_CONFIG ?
The CR might be installed bit later and include the multus (but not sure if those folders do exists in this case at this stage ?)
can be ignored, if there is code that returns error upon this configuration
There was a problem hiding this comment.
what about KUBVIRT_WITH_CNAO_SKIP_CONFIG ?
The CR might be installed bit later and include the multus (but not sure if those folders do exists in this case at this stage ?)
If by CR you mean CNAO CR, in the scenrtio where Multus deployment hangs no harm will do to the cluster if Istio confs will be copied to /etc/cni/net.d(it is already created by kubeadm IIRC)
Note that copy_istio_cni_conf_files is called only after both CNAO and Istio deployments are ready, so it is not likely to happen.
This function is called only after both CNAO and Istio deployments are ready, so it is not likely to happen.
I am not sure what you mean, the error flag is set for script.
There was a problem hiding this comment.
I mean that the condition checks KUBEVIRT_WITH_CNAO but doesnt check the possible
KUBVIRT_WITH_CNAO_SKIP_CONFIG
That allows you to install CNAO but wihtout the CNAO CR (where you say which components to install)
So if CNAO will be installed without CR (i.e using KUBVIRT_WITH_CNAO_SKIP_CONFIG)
and Istio will be installed
and later the CNAO CR will install multus, this WA code wont run and we will have the bug
There was a problem hiding this comment.
Thanks for explaining.
I think it's better to have it the way it is (w/o handling KUBVIRT_WITH_CNAO_SKIP_CONFIG) because it's we want it run when both Istio and Multus (through CNAO) are deployed.
BTW, I couldn't find usage of KUBVIRT_WITH_CNAO_SKIP_CONFIG on kubevirt CI jobs, perhaps it should be removed.
There was a problem hiding this comment.
I am fine to not handle it (we just need to know we don't support this config)
but please don't remove it .
We are using KUBVIRT_WITH_CNAO_SKIP_CONFIG on KubeSecondaryDNS.
It is helpful once you want to deploy the cached CNAO, but with your CR.
This way you don't need to care about CNAO bumps, as it is part of the kubevirtci TAG that you need to bump anyhow
|
OK seems it managed to install the kernel modules. @dhiller your |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: brianmcarey, dhiller The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
kubevirt-bot
added
the
approved
|
/test check-provision-k8s-1.25 |
|
/retest-required |
[6b053d7 k8s, cluster-up: Copy istio CNI net conf to where Multus expects](kubevirt/kubevirtci#932) [f930087 cluster-up: add environment variable to enable FIPS](kubevirt/kubevirtci#931) [c1a7fde Upgrade cri-o to version 1.25 for 1.25/6 providers](kubevirt/kubevirtci#930) [16f44a7 Delete k8s-1.24-ipv6](kubevirt/kubevirtci#929) ```release-note NONE ``` Signed-off-by: kubevirt-bot <[email protected]>
[5660e89 Enable PSA on any provider](kubevirt/kubevirtci#915) [6304ac8 bump, cnao: k8s-1.2[4,5] to cnao v0.82.0](https://github.com/kubevirt/kubevirtci/pull/910)](https://github.com/kubevirt/kubevirtci/pull/933) [6b053d7 k8s, cluster-up: Copy istio CNI net conf to where Multus expects](kubevirt/kubevirtci#932) [f930087 cluster-up: add environment variable to enable FIPS](kubevirt/kubevirtci#931) [c1a7fde Upgrade cri-o to version 1.25 for 1.25/6 providers](kubevirt/kubevirtci#930) [16f44a7 Delete k8s-1.24-ipv6](kubevirt/kubevirtci#929) ```release-note NONE ``` Signed-off-by: kubevirt-bot <[email protected]>
Signed-off-by: Or Mergi <[email protected]>
Since Multus v4 it expects CNI net conf file to exist at
/etc/cni/net.dbut Isitio generates its net conf file at/etc/cni/multus/net.d.Copy istio CNI net conf to where multus expects on cluster-up in order to enable deploying both Isitio and Multus until proper solution is available, tracking issue [1] [2].
[1] #906 [2] k8snetworkplumbingwg/multus-cni#982
Signed-off-by: Or Mergi [email protected]