feat(installer): add galaxy agent to gc (#2035)

tkestack · Jul 27, 2022 · 4020b55 · 4020b55
1 parent f153fe0
commit 4020b55
Show file tree

Hide file tree

Showing 3 changed files with 187 additions and 0 deletions.
diff --git a/pkg/platform/provider/baremetal/phases/galaxy/galaxy.go b/pkg/platform/provider/baremetal/phases/galaxy/galaxy.go
@@ -45,6 +45,10 @@ const (
 	cmGalaxy             = "galaxy-etc"
 	svcAccountName       = "galaxy"
 	crbName              = "galaxy"
+	saBridgeAgentName    = "tke-bridge-agent"
+	crBridgeAgentName    = "tke-bridge-agent"
+	crdBridgeAgentName   = "tke-bridge-agent"
+	dsBridgeAgentName    = "tke-bridge-agent"
 )
 
 // Option for coredns
@@ -128,6 +132,27 @@ func Install(ctx context.Context, clientset kubernetes.Interface, option *Option
 		return err
 	}
 
+	// Daemonset serviceAccount clusterRole and clusterRoleBinding tke-bridge-agent for garbage collect unused galaxy networks
+	if _, err := clientset.CoreV1().ServiceAccounts(metav1.NamespaceSystem).Create(ctx, serviceAccountBridgeAgent(), metav1.CreateOptions{}); err != nil {
+		if !errors.IsAlreadyExists(err) {
+			return err
+		}
+	}
+	if _, err := clientset.RbacV1().ClusterRoles().Create(ctx, crBridgeAgent(), metav1.CreateOptions{}); err != nil {
+		return err
+	}
+	if _, err := clientset.RbacV1().ClusterRoleBindings().Create(ctx, crbBridgeAgent(), metav1.CreateOptions{}); err != nil {
+		return err
+	}
+	bridgeObj, err := daemonsetBridgeAgent(option.Version)
+	if err != nil {
+		return err
+	}
+	if _, err := clientset.AppsV1().DaemonSets(metav1.NamespaceSystem).Create(ctx, bridgeObj, metav1.CreateOptions{}); err != nil {
+		log.Errorf("create bridge agent daemonset with err: %v", err)
+		return err
+	}
+
 	return nil
 }
 
@@ -190,6 +215,18 @@ func daemonsetGalaxy(version string) (*appsv1.DaemonSet, error) {
 	return payload, nil
 }
 
+func daemonsetBridgeAgent(version string) (*appsv1.DaemonSet, error) {
+	reader := strings.NewReader(BridgeAgentDaemonsetTemplate)
+	payload := &appsv1.DaemonSet{}
+	err := yaml.NewYAMLOrJSONDecoder(reader, 4096).Decode(payload)
+	if err != nil {
+		return nil, err
+	}
+	payload.Name = dsBridgeAgentName
+	payload.Spec.Template.Spec.Containers[0].Image = images.Get(version).BridgeAgent.FullName()
+	return payload, nil
+}
+
 func serviceAccountFlannel() *corev1.ServiceAccount {
 	return &corev1.ServiceAccount{
 		TypeMeta: metav1.TypeMeta{
@@ -203,6 +240,19 @@ func serviceAccountFlannel() *corev1.ServiceAccount {
 	}
 }
 
+func serviceAccountBridgeAgent() *corev1.ServiceAccount {
+	return &corev1.ServiceAccount{
+		TypeMeta: metav1.TypeMeta{
+			Kind:       "ServiceAccount",
+			APIVersion: "v1",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      saBridgeAgentName,
+			Namespace: metav1.NamespaceSystem,
+		},
+	}
+}
+
 func serviceAccountGalaxy() *corev1.ServiceAccount {
 	return &corev1.ServiceAccount{
 		TypeMeta: metav1.TypeMeta{
@@ -245,6 +295,25 @@ func crFlannel() *rbacv1.ClusterRole {
 	}
 }
 
+func crBridgeAgent() *rbacv1.ClusterRole {
+	return &rbacv1.ClusterRole{
+		TypeMeta: metav1.TypeMeta{
+			Kind:       "ClusterRole",
+			APIVersion: "rbac.authorization.k8s.io/v1",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name: crBridgeAgentName,
+		},
+		Rules: []rbacv1.PolicyRule{
+			{
+				APIGroups: []string{""},
+				Resources: []string{"nodes"},
+				Verbs:     []string{"list", "watch", "get"},
+			},
+		},
+	}
+}
+
 func crbFlannel() *rbacv1.ClusterRoleBinding {
 	return &rbacv1.ClusterRoleBinding{
 		TypeMeta: metav1.TypeMeta{
@@ -269,6 +338,30 @@ func crbFlannel() *rbacv1.ClusterRoleBinding {
 	}
 }
 
+func crbBridgeAgent() *rbacv1.ClusterRoleBinding {
+	return &rbacv1.ClusterRoleBinding{
+		TypeMeta: metav1.TypeMeta{
+			Kind:       "ClusterRoleBinding",
+			APIVersion: "rbac.authorization.k8s.io/v1",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name: crdBridgeAgentName,
+		},
+		RoleRef: rbacv1.RoleRef{
+			APIGroup: "rbac.authorization.k8s.io",
+			Kind:     "ClusterRole",
+			Name:     crBridgeAgentName,
+		},
+		Subjects: []rbacv1.Subject{
+			{
+				Kind:      "ServiceAccount",
+				Name:      saBridgeAgentName,
+				Namespace: metav1.NamespaceSystem,
+			},
+		},
+	}
+}
+
 func crbGalaxy() *rbacv1.ClusterRoleBinding {
 	return &rbacv1.ClusterRoleBinding{
 		TypeMeta: metav1.TypeMeta{

diff --git a/pkg/platform/provider/baremetal/phases/galaxy/images/images.go b/pkg/platform/provider/baremetal/phases/galaxy/images/images.go
@@ -34,6 +34,7 @@ const (
 type Components struct {
 	GalaxyDaemon containerregistry.Image
 	Flannel      containerregistry.Image
+	BridgeAgent  containerregistry.Image
 }
 
 func (c Components) Get(name string) *containerregistry.Image {
@@ -51,6 +52,7 @@ var versionMap = map[string]Components{
 	LatestVersion: {
 		GalaxyDaemon: containerregistry.Image{Name: "galaxy", Tag: "v1.0.6"},
 		Flannel:      containerregistry.Image{Name: "flannel", Tag: "v0.10.0"},
+		BridgeAgent:  containerregistry.Image{Name: "tke-bridge-agent", Tag: "v0.1.5"},
 	},
 }
 

diff --git a/pkg/platform/provider/baremetal/phases/galaxy/template.go b/pkg/platform/provider/baremetal/phases/galaxy/template.go
@@ -120,6 +120,98 @@ spec:
         hostPath:
           path: /run/
 `
+	//BridgeAgentDaemonsetTemplate decoded as tke-bridge-agent daemonset
+	BridgeAgentDaemonsetTemplate = `
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  labels:
+    k8s-app: tke-bridge-agent
+  name: tke-bridge-agent
+  namespace: kube-system
+spec:
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      k8s-app: tke-bridge-agent
+  template:
+    metadata:
+      annotations:
+        scheduler.alpha.kubernetes.io/critical-pod: ""
+      labels:
+        k8s-app: tke-bridge-agent
+    spec:
+      containers:
+      - args:
+        - --cni-conf-dir
+        - /host/etc/cni/net.d/multus
+        - --allocateInfoPath
+        - /var/lib/cni/networks/galaxy-flannel
+        env:
+        - name: MY_NODE_NAME
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: spec.nodeName
+        image: tke-bridge-agent:v0.1.5
+        imagePullPolicy: Always
+        name: tke-bridge-agent
+        resources: {}
+        securityContext:
+          privileged: true
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        volumeMounts:
+        - mountPath: /host/opt/cni/bin
+          name: cni-bin-dir
+        - mountPath: /host/etc/cni/net.d
+          name: cni-net-dir
+        - mountPath: /lib/modules
+          name: modules-dir
+        - mountPath: /host/var/run
+          mountPropagation: HostToContainer
+          name: cri-sock-dir
+          readOnly: true
+        - mountPath: /var/lib/cni/networks/galaxy-flannel
+          name: cni-path
+      dnsPolicy: ClusterFirst
+      hostNetwork: true
+      priorityClassName: system-node-critical
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      serviceAccount: tke-bridge-agent
+      serviceAccountName: tke-bridge-agent
+      terminationGracePeriodSeconds: 0
+      tolerations:
+      - operator: Exists
+      volumes:
+      - hostPath:
+          path: /opt/cni/bin
+          type: ""
+        name: cni-bin-dir
+      - hostPath:
+          path: /etc/cni/net.d
+          type: ""
+        name: cni-net-dir
+      - hostPath:
+          path: /lib/modules
+          type: ""
+        name: modules-dir
+      - hostPath:
+          path: /var/run
+          type: ""
+        name: cri-sock-dir
+      - hostPath:
+          path: /var/lib/cni/networks/galaxy-flannel
+          type: ""
+        name: cni-path
+  updateStrategy:
+    rollingUpdate:
+      maxSurge: 0
+      maxUnavailable: 1
+    type: RollingUpdate
+`
 
 	//GalaxyCM decoded as galaxy & cni configMap
 	GalaxyCM = `