Skip to content

Commit

Permalink
Use label-prefix-file (#326)
Browse files Browse the repository at this point in the history 
* use label prefix file

* address comments

* add checksum to label-prefix-configmap and use it in cilium agent
  • Loading branch information
@DockToFuture
DockToFuture authored May 22, 2024
1 parent 1292378 commit 6c53409
Show file tree
Hide file tree
Showing 8 changed files with 119 additions and 15 deletions.
8 changes: 8 additions & 0 deletions charts/internal/cilium/charts/agent/templates/daemonset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ spec:
metadata:
annotations:
checksum/configmap-cilium: "{{ .Values.global.configMapHash }}"
checksum/configmap-label-prefix: "{{ .Values.global.configMapLabelPrefixHash }}"
{{- if and .Values.global.prometheus.enabled (not .Values.global.prometheus.serviceMonitor.enabled) }}
prometheus.io/port: "{{ .Values.global.prometheus.port }}"
prometheus.io/scrape: "true"
Expand Down Expand Up @@ -196,6 +197,9 @@ spec:
- name: cilium-config-path
mountPath: /tmp/cilium/config-map
readOnly: true
- name: label-prefix
mountPath: /tmp/cilium/label-prefix
readOnly: true
{{- if and .Values.global.ipMasqAgent .Values.global.ipMasqAgent.enabled }}
- name: ip-masq-agent
mountPath: /etc/config
Expand Down Expand Up @@ -658,6 +662,10 @@ spec:
- name: cilium-config-path
configMap:
name: cilium-config
- name: label-prefix
configMap:
defaultMode: 420
name: label-prefix-conf
- name: host-proc-sys-net
hostPath:
path: /proc/sys/net
Expand Down
2 changes: 2 additions & 0 deletions charts/internal/cilium/charts/config/templates/configmap.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -661,6 +661,8 @@ data:
tofqdns-proxy-response-max-delay: "100ms"
agent-not-ready-taint-key: "node.cilium.io/agent-not-ready"

label-prefix-file: "/tmp/cilium/label-prefix/label-prefix"

mesh-auth-enabled: "true"
mesh-auth-queue-size: "1024"
mesh-auth-rotated-identities-queue-size: "1024"
Expand Down
79 changes: 79 additions & 0 deletions charts/internal/cilium/charts/config/templates/label-prefix-configmap.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
# Source: https://docs.cilium.io/en/stable/operations/performance/scalability/identity-relevant-labels/#identity-relevant-labels
apiVersion: v1
kind: ConfigMap
metadata:
name: label-prefix-conf
namespace: {{ .Release.Namespace }}
immutable: true
data:
label-prefix: |
{
"version": 1,
"valid-prefixes": [
{
"prefix": "io.kubernetes",
"source": "any",
"invert": true
},
{
"prefix": "kubernetes.io",
"source": "any",
"invert": true
},
{
"prefix": "apps.kubernetes.io/pod-index",
"source": "any",
"invert": true
},
{
"prefix": "batch.kubernetes.io/job-completion-index",
"source": "any",
"invert": true
},
{
"prefix": "batch.kubernetes.io/controller-uid",
"source": "any",
"invert": true
},
{
"prefix": "beta.kubernetes.io",
"source": "any",
"invert": true
},
{
"prefix": "k8s.io",
"source": "any",
"invert": true
},
{
"prefix": "pod-template-generation",
"source": "any",
"invert": true
},
{
"prefix": "pod-template-hash",
"source": "any",
"invert": true
},
{
"prefix": "controller-revision-hash",
"source": "any",
"invert": true
},
{
"prefix": "annotation.*",
"source": "any",
"invert": true
},
{
"prefix": "controller-uid",
"source": "any",
"invert": true
},
{
"prefix": "etcd_node",
"source": "any",
"invert": true
}
]
}
1 change: 1 addition & 0 deletions charts/internal/cilium/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ requirements:
# global groups all configuration options that have effect on all sub-charts
global:
configMapHash: ""
configMapLabelPrefixHash: ""

egressGateway:
enabled: false
Expand Down
1 change: 1 addition & 0 deletions pkg/charts/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ type globalConfig struct {
AutoDirectNodeRoutes bool `json:"autoDirectNodeRoutes"`
BGPControlPlane bgpControlPlane `json:"bgpControlPlane"`
ConfigMapHash string `json:"configMapHash"`
ConfigMapLabelPrefixHash string `json:"configMapLabelPrefixHash"`
}

// etcd related configuration for cilium
Expand Down
10 changes: 6 additions & 4 deletions pkg/charts/utils.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,8 @@ var defaultGlobalConfig = globalConfig{
BGPControlPlane: bgpControlPlane{
Enabled: false,
},
ConfigMapHash: "",
ConfigMapHash: "",
ConfigMapLabelPrefixHash: "",
}

func newGlobalConfig() globalConfig {
Expand All @@ -122,8 +123,8 @@ func newRequirementsConfig() requirementsConfig {
}

// ComputeCiliumChartValues computes the values for the cilium chart.
func ComputeCiliumChartValues(config *ciliumv1alpha1.NetworkConfig, network *extensionsv1alpha1.Network, cluster *extensionscontroller.Cluster, ipamMode, configMapHash string) (*ciliumConfig, error) {
requirementsConfig, globalConfig, err := generateChartValues(config, network, cluster, ipamMode, configMapHash)
func ComputeCiliumChartValues(config *ciliumv1alpha1.NetworkConfig, network *extensionsv1alpha1.Network, cluster *extensionscontroller.Cluster, ipamMode, configMapHash, configMapLabelPrefixHash string) (*ciliumConfig, error) {
requirementsConfig, globalConfig, err := generateChartValues(config, network, cluster, ipamMode, configMapHash, configMapLabelPrefixHash)
if err != nil {
return nil, fmt.Errorf("error when generating config values %w", err)
}
Expand All @@ -134,13 +135,14 @@ func ComputeCiliumChartValues(config *ciliumv1alpha1.NetworkConfig, network *ext
}, nil
}

func generateChartValues(config *ciliumv1alpha1.NetworkConfig, network *extensionsv1alpha1.Network, cluster *extensionscontroller.Cluster, ipamMode, configMapHash string) (requirementsConfig, globalConfig, error) {
func generateChartValues(config *ciliumv1alpha1.NetworkConfig, network *extensionsv1alpha1.Network, cluster *extensionscontroller.Cluster, ipamMode, configMapHash, configMapLabelPrefixHash string) (requirementsConfig, globalConfig, error) {
var (
requirementsConfig = newRequirementsConfig()
globalConfig = newGlobalConfig()
)

globalConfig.ConfigMapHash = configMapHash
globalConfig.ConfigMapLabelPrefixHash = configMapLabelPrefixHash

if network.Spec.PodCIDR != "" {
globalConfig.PodCIDR = network.Spec.PodCIDR
Expand Down
20 changes: 13 additions & 7 deletions pkg/charts/values.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,10 +22,10 @@ import (
const CiliumConfigKey = "config.yaml"

// RenderCiliumChart renders the cilium chart with the given values.
func RenderCiliumChart(renderer chartrenderer.Interface, config *ciliumv1alpha1.NetworkConfig, network *extensionsv1alpha1.Network, cluster *extensionscontroller.Cluster, ipamMode, configMapHash string) ([]byte, error) {
func RenderCiliumChart(renderer chartrenderer.Interface, config *ciliumv1alpha1.NetworkConfig, network *extensionsv1alpha1.Network, cluster *extensionscontroller.Cluster, ipamMode, configMapHash, configMapLabelPrefixHash string) ([]byte, error) {
var release *chartrenderer.RenderedChart

values, err := ComputeCiliumChartValues(config, network, cluster, ipamMode, configMapHash)
values, err := ComputeCiliumChartValues(config, network, cluster, ipamMode, configMapHash, configMapLabelPrefixHash)
if err != nil {
return nil, err
}
Expand All @@ -35,14 +35,21 @@ func RenderCiliumChart(renderer chartrenderer.Interface, config *ciliumv1alpha1.
return nil, err
}

newConfigMapHash, err := getConfigMapHash(release)
configMapPath := "cilium/charts/config/templates/configmap.yaml"
newConfigMapHash, err := getConfigMapHash(release, configMapPath)
if err != nil {
return nil, err
}

configMapPath = "cilium/charts/config/templates/label-prefix-configmap.yaml"
newConfigMapLabelPrefixHash, err := getConfigMapHash(release, configMapPath)
if err != nil {
return nil, err
}

if newConfigMapHash != configMapHash {
if newConfigMapHash != configMapHash || newConfigMapLabelPrefixHash != configMapLabelPrefixHash {
// Render the charts with the new configMap hash.
values, err := ComputeCiliumChartValues(config, network, cluster, ipamMode, newConfigMapHash)
values, err := ComputeCiliumChartValues(config, network, cluster, ipamMode, newConfigMapHash, configMapLabelPrefixHash)
if err != nil {
return nil, err
}
Expand All @@ -56,8 +63,7 @@ func RenderCiliumChart(renderer chartrenderer.Interface, config *ciliumv1alpha1.
return release.Manifest(), nil
}

func getConfigMapHash(release *chartrenderer.RenderedChart) (string, error) {
configMapPath := "cilium/charts/config/templates/configmap.yaml"
func getConfigMapHash(release *chartrenderer.RenderedChart, configMapPath string) (string, error) {
configMapData, ok := release.Files()[configMapPath]
if !ok {
return "", fmt.Errorf("configmap not found in the given path: %s", configMapPath)
Expand Down
13 changes: 9 additions & 4 deletions pkg/controller/actuator_reconcile.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,12 +120,17 @@ func (a *actuator) Reconcile(ctx context.Context, _ logr.Logger, network *extens
return fmt.Errorf("could not create chart renderer for shoot '%s': %w", network.Namespace, err)
}

configMap, err := getCiliumConfigMap(ctx, a.client, cluster)
configMap, err := getConfigMap(ctx, a.client, cluster, "cilium-config")
if err != nil {
return fmt.Errorf("error getting cilium configMap: %w", err)
}

ciliumChart, err := chartspkg.RenderCiliumChart(chartRenderer, networkConfig, network, cluster, getIPAMMode(configMap), getConfigMapHash(configMap))
configMapLabelPrefix, err := getConfigMap(ctx, a.client, cluster, "label-prefix-conf")
if err != nil {
return fmt.Errorf("error getting cilium configMap: %w", err)
}

ciliumChart, err := chartspkg.RenderCiliumChart(chartRenderer, networkConfig, network, cluster, getIPAMMode(configMap), getConfigMapHash(configMap), getConfigMapHash(configMapLabelPrefix))
if err != nil {
return err
}
Expand All @@ -142,7 +147,7 @@ func (a *actuator) Reconcile(ctx context.Context, _ logr.Logger, network *extens
return a.updateProviderStatus(ctx, network, networkConfig)
}

func getCiliumConfigMap(ctx context.Context, cl client.Client, cluster *extensionscontroller.Cluster) (*corev1.ConfigMap, error) {
func getConfigMap(ctx context.Context, cl client.Client, cluster *extensionscontroller.Cluster, name string) (*corev1.ConfigMap, error) {
// Cannot retrieve config map of hibernated clusters => use empty config map instead
if extensionscontroller.IsHibernated(cluster) {
return &corev1.ConfigMap{}, nil
Expand All @@ -152,7 +157,7 @@ func getCiliumConfigMap(ctx context.Context, cl client.Client, cluster *extensio
return nil, fmt.Errorf("could not create shoot client: %w", err)
}
configmap := &corev1.ConfigMap{}
_ = shootClient.Get(ctx, client.ObjectKey{Namespace: "kube-system", Name: "cilium-config"}, configmap)
_ = shootClient.Get(ctx, client.ObjectKey{Namespace: "kube-system", Name: name}, configmap)
return configmap, nil
}

Expand Down

0 comments on commit 6c53409

Please sign in to comment.