From e6009b1edf41f886b9cad9bdd13482f79f1088da Mon Sep 17 00:00:00 2001 From: Darren Shepherd Date: Thu, 9 Jun 2022 09:29:51 -0700 Subject: [PATCH] Introduce servicelb-namespace parameter This parameter controls which namespace the klipper-lb pods will be create. It defaults to kube-system so that k3s does not by default create a new namespace. It can be changed if users wish to isolate the pods and apply some policy to them. Signed-off-by: Darren Shepherd --- pkg/cli/cmds/server.go | 7 ++++ pkg/cli/server/server.go | 1 + pkg/server/server.go | 1 + pkg/server/types.go | 17 ++++---- pkg/servicelb/controller.go | 83 ++++++++++++++++++------------------- 5 files changed, 59 insertions(+), 50 deletions(-) diff --git a/pkg/cli/cmds/server.go b/pkg/cli/cmds/server.go index cc03ddd46a..855710cce7 100644 --- a/pkg/cli/cmds/server.go +++ b/pkg/cli/cmds/server.go @@ -101,6 +101,7 @@ type Server struct { EtcdS3Folder string EtcdS3Timeout time.Duration EtcdS3Insecure bool + ServiceLBNamespace string } var ( @@ -221,6 +222,12 @@ var ServerFlags = []cli.Flag{ Destination: &ServerConfig.EgressSelectorMode, Value: "agent", }, + cli.StringFlag{ + Name: "servicelb-namespace", + Usage: "(networking) Namespace of the pods for the servicelb component", + Destination: &ServerConfig.ServiceLBNamespace, + Value: "kube-system", + }, ServerToken, cli.StringFlag{ Name: "token-file", diff --git a/pkg/cli/server/server.go b/pkg/cli/server/server.go index ec444630d7..fde31569c4 100644 --- a/pkg/cli/server/server.go +++ b/pkg/cli/server/server.go @@ -115,6 +115,7 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont serverConfig.ControlConfig.KubeConfigOutput = cfg.KubeConfigOutput serverConfig.ControlConfig.KubeConfigMode = cfg.KubeConfigMode serverConfig.Rootless = cfg.Rootless + serverConfig.ServiceLBNamespace = cfg.ServiceLBNamespace serverConfig.ControlConfig.SANs = cfg.TLSSan serverConfig.ControlConfig.BindAddress = cfg.BindAddress serverConfig.ControlConfig.SupervisorPort = cfg.SupervisorPort diff --git a/pkg/server/server.go b/pkg/server/server.go index 7504450cc3..ffdcb13a15 100644 --- a/pkg/server/server.go +++ b/pkg/server/server.go @@ -212,6 +212,7 @@ func coreControllers(ctx context.Context, sc *Context, config *Config) error { sc.Core.Core().V1().Pod(), sc.Core.Core().V1().Service(), sc.Core.Core().V1().Endpoints(), + config.ServiceLBNamespace, !config.DisableServiceLB, config.Rootless); err != nil { return err diff --git a/pkg/server/types.go b/pkg/server/types.go index 417e478441..2407484957 100644 --- a/pkg/server/types.go +++ b/pkg/server/types.go @@ -8,14 +8,15 @@ import ( ) type Config struct { - DisableAgent bool - DisableServiceLB bool - ControlConfig config.Control - Rootless bool - SupervisorPort int - StartupHooks []cmds.StartupHook - LeaderControllers CustomControllers - Controllers CustomControllers + DisableAgent bool + DisableServiceLB bool + ControlConfig config.Control + Rootless bool + ServiceLBNamespace string + SupervisorPort int + StartupHooks []cmds.StartupHook + LeaderControllers CustomControllers + Controllers CustomControllers } type CustomControllers []func(ctx context.Context, sc *Context) error diff --git a/pkg/servicelb/controller.go b/pkg/servicelb/controller.go index c2ec13f31c..0d2de85f35 100644 --- a/pkg/servicelb/controller.go +++ b/pkg/servicelb/controller.go @@ -42,13 +42,8 @@ var ( ) const ( - Ready = condition.Cond("Ready") - ControllerName = "svccontroller" - KlipperNamespace = "klipper-lb-system" -) - -var ( - trueVal = true + Ready = condition.Cond("Ready") + ControllerName = "svccontroller" ) func Register(ctx context.Context, @@ -60,19 +55,21 @@ func Register(ctx context.Context, pods coreclient.PodController, services coreclient.ServiceController, endpoints coreclient.EndpointsController, + klipperLBNamespace string, enabled, rootless bool) error { h := &handler{ - rootless: rootless, - enabled: enabled, - nodeCache: nodes.Cache(), - podCache: pods.Cache(), - deploymentCache: deployments.Cache(), - processor: apply.WithSetID(ControllerName).WithCacheTypes(daemonSetController), - serviceCache: services.Cache(), - services: kubernetes.CoreV1(), - daemonsets: kubernetes.AppsV1(), - deployments: kubernetes.AppsV1(), - recorder: util.BuildControllerEventRecorder(kubernetes, ControllerName, meta.NamespaceAll), + rootless: rootless, + enabled: enabled, + klipperLBNamespace: klipperLBNamespace, + nodeCache: nodes.Cache(), + podCache: pods.Cache(), + deploymentCache: deployments.Cache(), + processor: apply.WithSetID(ControllerName).WithCacheTypes(daemonSetController), + serviceCache: services.Cache(), + services: kubernetes.CoreV1(), + daemonsets: kubernetes.AppsV1(), + deployments: kubernetes.AppsV1(), + recorder: util.BuildControllerEventRecorder(kubernetes, ControllerName, meta.NamespaceAll), } services.OnChange(ctx, ControllerName, h.onChangeService) @@ -83,39 +80,41 @@ func Register(ctx context.Context, pods, endpoints) - return createOrDeleteKlipperNamespace(ctx, enabled, kubernetes) + if enabled { + if err := createServiceLBNamespace(ctx, h.klipperLBNamespace, kubernetes); err != nil { + return err + } + } + + return nil } type handler struct { - rootless bool - enabled bool - nodeCache coreclient.NodeCache - podCache coreclient.PodCache - deploymentCache appclient.DeploymentCache - processor apply.Apply - serviceCache coreclient.ServiceCache - services coregetter.ServicesGetter - daemonsets v1getter.DaemonSetsGetter - deployments v1getter.DeploymentsGetter - recorder record.EventRecorder + rootless bool + klipperLBNamespace string + enabled bool + nodeCache coreclient.NodeCache + podCache coreclient.PodCache + deploymentCache appclient.DeploymentCache + processor apply.Apply + serviceCache coreclient.ServiceCache + services coregetter.ServicesGetter + daemonsets v1getter.DaemonSetsGetter + deployments v1getter.DeploymentsGetter + recorder record.EventRecorder } -func createOrDeleteKlipperNamespace(ctx context.Context, enabled bool, k8s kubernetes.Interface) error { - _, err := k8s.CoreV1().Namespaces().Get(ctx, KlipperNamespace, meta.GetOptions{}) - if !apierrors.IsNotFound(err) { - return err - } - - if enabled { +func createServiceLBNamespace(ctx context.Context, ns string, k8s kubernetes.Interface) error { + _, err := k8s.CoreV1().Namespaces().Get(ctx, ns, meta.GetOptions{}) + if apierrors.IsNotFound(err) { _, err := k8s.CoreV1().Namespaces().Create(ctx, &core.Namespace{ ObjectMeta: meta.ObjectMeta{ - Name: KlipperNamespace, + Name: ns, }, }, meta.CreateOptions{}) return err } - - return k8s.CoreV1().Namespaces().Delete(ctx, KlipperNamespace, meta.DeleteOptions{}) + return err } func (h *handler) onResourceChange(name, namespace string, obj runtime.Object) ([]relatedresource.Key, error) { @@ -194,7 +193,7 @@ func (h *handler) updateService(svc *core.Service) (runtime.Object, error) { return svc, nil } - pods, err := h.podCache.List(KlipperNamespace, labels.SelectorFromSet(map[string]string{ + pods, err := h.podCache.List(h.klipperLBNamespace, labels.SelectorFromSet(map[string]string{ svcNameLabel: svc.Name, svcNamespaceLabel: svc.Namespace, })) @@ -388,7 +387,7 @@ func (h *handler) newDaemonSet(svc *core.Service) (*apps.DaemonSet, error) { ds := &apps.DaemonSet{ ObjectMeta: meta.ObjectMeta{ Name: name, - Namespace: KlipperNamespace, + Namespace: h.klipperLBNamespace, Labels: map[string]string{ nodeSelectorLabel: "false", },