From 648fd64e292e5d1d15a61f326dc0d8218931197a Mon Sep 17 00:00:00 2001 From: Andy Chan Date: Fri, 7 Jun 2024 11:58:20 -0700 Subject: [PATCH 1/2] feat: New yaml file for updated CNI and CNS version --- .pipelines/mdnc/azure-cns-cni-1.5.28.yaml | 207 ++++++++++++++++++++++ 1 file changed, 207 insertions(+) create mode 100644 .pipelines/mdnc/azure-cns-cni-1.5.28.yaml diff --git a/.pipelines/mdnc/azure-cns-cni-1.5.28.yaml b/.pipelines/mdnc/azure-cns-cni-1.5.28.yaml new file mode 100644 index 0000000000..50edbb743d --- /dev/null +++ b/.pipelines/mdnc/azure-cns-cni-1.5.28.yaml @@ -0,0 +1,207 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: azure-cns + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: kube-system + name: nodeNetConfigEditor +rules: +- apiGroups: ["acn.azure.com"] + resources: ["nodenetworkconfigs"] + verbs: ["get", "list", "watch", "patch", "update"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: pod-reader-all-namespaces +rules: +- apiGroups: [""] + resources: ["pods"] + verbs: ["get", "watch", "list"] +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: nodeNetConfigEditorRoleBinding + namespace: kube-system +subjects: +- kind: ServiceAccount + name: azure-cns + namespace: kube-system +roleRef: + kind: Role + name: nodeNetConfigEditor + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: pod-reader-all-namespaces-binding +subjects: +- kind: ServiceAccount + name: azure-cns + namespace: kube-system +roleRef: + kind: ClusterRole + name: pod-reader-all-namespaces + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: azure-cns + namespace: kube-system + labels: + app: azure-cns +spec: + selector: + matchLabels: + k8s-app: azure-cns + template: + metadata: + labels: + k8s-app: azure-cns + annotations: + cluster-autoscaler.kubernetes.io/daemonset-pod: "true" + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.azure.com/cluster + operator: Exists + - key: type + operator: NotIn + values: + - virtual-kubelet + - key: beta.kubernetes.io/os + operator: In + values: + - linux + priorityClassName: system-node-critical + tolerations: + - key: CriticalAddonsOnly + operator: Exists + - operator: "Exists" + effect: NoExecute + - operator: "Exists" + effect: NoSchedule + initContainers: + - name: init-cni-dropgz + image: "mcr.microsoft.com/containernetworking/cni-dropgz:v0.1.4" # CNI 1.5.28 + imagePullPolicy: IfNotPresent + command: ["/dropgz"] + args: ["deploy" , "azure-vnet", "-o", "/opt/cni/bin/azure-vnet", "azure-vnet-telemetry", "-o", "/opt/cni/bin/azure-vnet-telemetry", "azure-swift.conflist", "-o", "/etc/cni/net.d/10-azure.conflist"] + volumeMounts: + - name: cni-bin + mountPath: /opt/cni/bin + - name: cni-conflist + mountPath: /etc/cni/net.d + containers: + - name: cns-container + image: mcr.microsoft.com/containernetworking/azure-cns:v1.5.26 + imagePullPolicy: IfNotPresent + args: [ "-c", "tcp://$(CNSIpAddress):$(CNSPort)", "-t", "$(CNSLogTarget)"] + volumeMounts: + - name: log + mountPath: /var/log + - name: cns-state + mountPath: /var/lib/azure-network + - name: azure-endpoints + mountPath: /var/run/azure-cns/ + - name: cns-config + mountPath: /etc/azure-cns + - name: cni-bin + mountPath: /opt/cni/bin + - name: azure-vnet + mountPath: /var/run/azure-vnet + - name: legacy-cni-state + mountPath: /var/run/azure-vnet.json + ports: + - containerPort: 10090 + env: + - name: CNSIpAddress + value: "127.0.0.1" + - name: CNSPort + value: "10090" + - name: CNSLogTarget + value: "stdoutfile" + - name: CNS_CONFIGURATION_PATH + value: /etc/azure-cns/cns_config.json + - name: NODENAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + hostNetwork: true + volumes: + - name: azure-endpoints + hostPath: + path: /var/run/azure-cns/ + type: DirectoryOrCreate + - name: log + hostPath: + path: /var/log + type: Directory + - name: cns-state + hostPath: + path: /var/lib/azure-network + type: DirectoryOrCreate + - name: cni-bin + hostPath: + path: /opt/cni/bin + type: Directory + - name: azure-vnet + hostPath: + path: /var/run/azure-vnet + type: DirectoryOrCreate + - name: legacy-cni-state + hostPath: + path: /var/run/azure-vnet.json + type: FileOrCreate + - name: cni-conflist + hostPath: + path: /etc/cni/net.d + type: Directory + - name: cns-config + configMap: + name: cns-config + serviceAccountName: azure-cns +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: cns-config + namespace: kube-system +data: + cns_config.json: | + { + "TelemetrySettings": { + "TelemetryBatchSizeBytes": 16384, + "TelemetryBatchIntervalInSecs": 15, + "RefreshIntervalInSecs": 15, + "DisableAll": false, + "HeartBeatIntervalInMins": 30, + "DebugMode": false, + "SnapshotIntervalInMins": 60 + }, + "ManagedSettings": { + "PrivateEndpoint": "", + "InfrastructureNetworkID": "", + "NodeID": "", + "NodeSyncIntervalInSeconds": 30 + }, + "ChannelMode": "CRD", + "InitializeFromCNI": true, + "ManageEndpointState": false, + "ProgramSNATIPTables" : false + } +# Toggle ManageEndpointState and ProgramSNATIPTables to true for delegated IPAM use case. From 04cb4959e732f3d92f3f71d9d56814f89a05c30d Mon Sep 17 00:00:00 2001 From: Andy Chan Date: Mon, 10 Jun 2024 16:59:43 -0700 Subject: [PATCH 2/2] Use CNS 1.5.28 --- .pipelines/mdnc/azure-cns-cni-1.5.28.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.pipelines/mdnc/azure-cns-cni-1.5.28.yaml b/.pipelines/mdnc/azure-cns-cni-1.5.28.yaml index 50edbb743d..3db8a46a3c 100644 --- a/.pipelines/mdnc/azure-cns-cni-1.5.28.yaml +++ b/.pipelines/mdnc/azure-cns-cni-1.5.28.yaml @@ -96,7 +96,7 @@ spec: effect: NoSchedule initContainers: - name: init-cni-dropgz - image: "mcr.microsoft.com/containernetworking/cni-dropgz:v0.1.4" # CNI 1.5.28 + image: "mcr.microsoft.com/containernetworking/azure-cni:v1.5.28" imagePullPolicy: IfNotPresent command: ["/dropgz"] args: ["deploy" , "azure-vnet", "-o", "/opt/cni/bin/azure-vnet", "azure-vnet-telemetry", "-o", "/opt/cni/bin/azure-vnet-telemetry", "azure-swift.conflist", "-o", "/etc/cni/net.d/10-azure.conflist"] @@ -107,7 +107,7 @@ spec: mountPath: /etc/cni/net.d containers: - name: cns-container - image: mcr.microsoft.com/containernetworking/azure-cns:v1.5.26 + image: mcr.microsoft.com/containernetworking/azure-cns:v1.5.28 imagePullPolicy: IfNotPresent args: [ "-c", "tcp://$(CNSIpAddress):$(CNSPort)", "-t", "$(CNSLogTarget)"] volumeMounts: