Make Kuryr CNI and controller installable via kubeadm
Following Kubernetes Kubeadm linux installation guide[0], the step to install pod networking consists on doing:
kubectl apply -f kuryr.yaml
It would be very helpful if Kuryr could be installed this way. The blueprint would be broken down to:
- Kuryr CNI as daemon sets
- Kuryr Controller as a Pod (and maybe service)
- Service accounts[1]
In order to make this work, we would benefit from having the token support blueprint [2] and patch [3] merged so that we can just use the secret that gets mounted by kubelet to the kuryr pods.
Another issue is that for the daemonset CNI to work, we may need the split. If we want to use the serviceaccount token, that is, otherwise we may just use the kubelet credentials. The reason for this is that the way it would work is that the daemonset mounts the kuryr CNI exec into the host, where the kubelet executes it. So the execution does not happen in the namespace of the daemonset, but the host one. This means that the mounted bearer token won't be available. The end integration, when the CNI split is a reality, would be:
Kubelet (host space) -> kuryr-cni exec (host space) -> socket file -> kuryr-cni daemon (container space) -> netlink (container space) + k8s api
While the CNI split is not a thing, the main goal of the kuryr CNI daemon set is to perform kuryr executable and configuration installation like it can be seen in this example from flannel [4]. The main container will just be no-op, since there is nothing to do there before the split.
Additionally, both the configuration of the kuryr controller pod and of the daemonsets (kuryr.conf) should be attained with different Kubernetes ConfigMap objects.
The controller and the post-split CNI should present an API endpoint /health [5] that is able to let kubernetes know the health of the controller or cni. Possibly with multiple endpoints.
[0] https:/
[1] https:/
[2] https:/
[3] https:/
[4] https:/
[5] https:/
Blueprint information
- Status:
- Complete
- Approver:
- Irena Berezovsky
- Priority:
- Medium
- Drafter:
- Antoni Segura Puimedon
- Direction:
- Approved
- Assignee:
- Michal Dulko
- Definition:
- Approved
- Series goal:
- Accepted for pike
- Implementation:
- Implemented
- Milestone target:
- pike-3
- Started by
- Irena Berezovsky
- Completed by
- Antoni Segura Puimedon
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Add support to install Kuryr as a network addon
Addressed by: https:/
Add support to install Kuryr as a network addon
Addressed by: https:/
CNI container: parametrize and clean up
Addressed by: https:/
[WIP] devstack: optionally run kuryr containerized
Gerrit topic: https:/