From 916c8d3ba2f9f26e77a5c8090a2194145783d297 Mon Sep 17 00:00:00 2001 From: Francesco Cheinasso Date: Thu, 17 Oct 2024 16:22:35 +0200 Subject: [PATCH] CI: arm32 build --- .github/workflows/integration.yml | 21 +++++++++++++++---- cmd/liqo-controller-manager/main.go | 11 +++++++--- deployments/liqo/README.md | 2 ++ .../liqo-controller-manager-deployment.yaml | 1 + .../liqo/templates/liqo-proxy-configmap.yaml | 4 ++++ .../liqo/templates/liqo-proxy-deployment.yaml | 6 +++++- .../liqo/templates/liqo-proxy-service.yaml | 6 +++++- deployments/liqo/values.yaml | 6 ++++++ 8 files changed, 48 insertions(+), 9 deletions(-) diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index b329e12ced..bffb9f38e5 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -37,11 +37,11 @@ jobs: echo "pr-number=${{ github.event.client_payload.github.payload.issue.number }}" >> $GITHUB_OUTPUT elif [ "${{ steps.get_version.outputs.VERSION }}" != "" ]; then echo "master=false" >> $GITHUB_OUTPUT - echo "architectures=linux/amd64,linux/arm64" >> $GITHUB_OUTPUT + echo "architectures=linux/amd64,linux/arm64,linux/arm/v7" >> $GITHUB_OUTPUT echo "commit-ref=${{ steps.get_version.outputs.VERSION }}" >> $GITHUB_OUTPUT elif [ "${{ github.ref_name }}" == "master" ]; then echo "master=true" >> $GITHUB_OUTPUT - echo "architectures=linux/amd64,linux/arm64" >> $GITHUB_OUTPUT + echo "architectures=linux/amd64,linux/arm64,linux/arm/v7" >> $GITHUB_OUTPUT echo "commit-ref=${{ github.sha }}" >> $GITHUB_OUTPUT else echo "master=false" >> $GITHUB_OUTPUT @@ -95,6 +95,14 @@ jobs: - gateway/geneve - fabric steps: + - name: Set architectures + id: set-architectures + run: | + ARCHITECTURES=${{ needs.configure.outputs.architectures }} + if [ "${{ matrix.component }}" == "proxy" ]; then + ARCHITECTURES=$(echo ${ARCHITECTURES} | sed 's/,linux\/arm\/v7//') + fi + echo "ARCHITECTURES=${ARCHITECTURES}" >> $GITHUB_ENV - name: Set up QEMU uses: docker/setup-qemu-action@v3.2.0 with: @@ -138,7 +146,7 @@ jobs: DOCKER_BUILD_RECORD_UPLOAD: false with: context: . - platforms: ${{ needs.configure.outputs.architectures }} + platforms: ${{ env.ARCHITECTURES }} tags: | ghcr.io/${{ github.repository_owner }}/${{ matrix.component }}${{ needs.configure.outputs.repo-suffix }}:latest ghcr.io/${{ github.repository_owner }}/${{ matrix.component }}${{ needs.configure.outputs.repo-suffix }}:${{ needs.configure.outputs.commit-ref }} @@ -205,10 +213,15 @@ jobs: strategy: matrix: goos: [ linux, windows, darwin ] - goarch: [ arm64, amd64 ] + goarch: [ arm64, amd64, arm ] exclude: - goarch: arm64 goos: windows + - goarch: arm + goos: windows + - goarch: arm + goos: darwin + steps: diff --git a/cmd/liqo-controller-manager/main.go b/cmd/liqo-controller-manager/main.go index 1b7758824b..f62adac900 100644 --- a/cmd/liqo-controller-manager/main.go +++ b/cmd/liqo-controller-manager/main.go @@ -163,6 +163,9 @@ func main() { shadowEndpointSliceWorkers := pflag.Int("shadow-endpointslice-ctrl-workers", 10, "The number of workers used to reconcile ShadowEndpointSlice resources.") + // CROSS MODULE + enableAPIServerIPRemapping := pflag.Bool("enable-api-server-ip-remapping", true, "Enable the API server IP remapping") + liqoerrors.InitFlags(nil) restcfg.InitFlags(nil) flagsutils.InitKlogFlags(nil) @@ -382,9 +385,11 @@ func main() { os.Exit(1) } - if err := ipamips.EnforceAPIServerIPRemapping(ctx, uncachedClient, *liqoNamespace); err != nil { - klog.Errorf("Unable to enforce the API server IP remapping: %v", err) - os.Exit(1) + if *enableAPIServerIPRemapping { + if err := ipamips.EnforceAPIServerIPRemapping(ctx, uncachedClient, *liqoNamespace); err != nil { + klog.Errorf("Unable to enforce the API server IP remapping: %v", err) + os.Exit(1) + } } if err := ipamips.EnforceAPIServerProxyIPRemapping(ctx, uncachedClient, *liqoNamespace); err != nil { diff --git a/deployments/liqo/README.md b/deployments/liqo/README.md index a8b74a4fd6..aaee2c71ba 100644 --- a/deployments/liqo/README.md +++ b/deployments/liqo/README.md @@ -146,6 +146,7 @@ | openshiftConfig.enable | bool | `false` | Enable/Disable the OpenShift support, enabling Openshift-specific resources, and setting the pod security contexts in a way that is compatible with Openshift. | | openshiftConfig.virtualKubeletSCCs | list | `["anyuid"]` | Security context configurations granted to the virtual kubelet in the local cluster. The configuration of one or more SCCs for the virtual kubelet is not strictly required, and privileges can be reduced in production environments. Still, the default configuration (i.e., anyuid) is suggested to prevent problems (i.e., the virtual kubelet fails to add the appropriate labels) when attempting to offload pods not managed by higher-level abstractions (e.g., Deployments), and not associated with a properly privileged service account. Indeed, "anyuid" is the SCC automatically associated with pods created by cluster administrators. Any pod granted a more privileged SCC and not linked to an adequately privileged service account will fail to be offloaded. | | proxy.config.listeningPort | int | `8118` | Port used by the proxy pod. | +| proxy.enabled | bool | `true` | Enable/Disable the proxy pod. This pod is mandatory to allow in-band peering and to connect to the consumer k8s api server from a remotly offloaded pod. | | proxy.image.name | string | `"ghcr.io/liqotech/proxy"` | Image repository for the proxy pod. | | proxy.image.version | string | `""` | Custom version for the proxy image. If not specified, the global tag is used. | | proxy.pod.annotations | object | `{}` | Annotations for the proxy pod. | @@ -153,6 +154,7 @@ | proxy.pod.labels | object | `{}` | Labels for the proxy pod. | | proxy.pod.priorityClassName | string | `""` | PriorityClassName (https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority) for the proxy pod. | | proxy.pod.resources | object | `{"limits":{},"requests":{}}` | Resource requests and limits (https://kubernetes.io/docs/user-guide/compute-resources/) for the proxy pod. | +| proxy.replicas | int | `1` | Set the number of replicas for the proxy deployments | | proxy.service.annotations | object | `{}` | | | proxy.service.type | string | `"ClusterIP"` | | | pullPolicy | string | `"IfNotPresent"` | The pullPolicy for liqo pods. | diff --git a/deployments/liqo/templates/liqo-controller-manager-deployment.yaml b/deployments/liqo/templates/liqo-controller-manager-deployment.yaml index 5517dd6034..02393b6c36 100644 --- a/deployments/liqo/templates/liqo-controller-manager-deployment.yaml +++ b/deployments/liqo/templates/liqo-controller-manager-deployment.yaml @@ -118,6 +118,7 @@ spec: {{- if gt .Values.controllerManager.replicas 1.0 }} - --enable-leader-election=true {{- end }} + - --enable-api-server-ip-remapping={{ .Values.proxy.enabled }} env: - name: CLUSTER_ID valueFrom: diff --git a/deployments/liqo/templates/liqo-proxy-configmap.yaml b/deployments/liqo/templates/liqo-proxy-configmap.yaml index d9f8f3514e..2f3632cb8a 100644 --- a/deployments/liqo/templates/liqo-proxy-configmap.yaml +++ b/deployments/liqo/templates/liqo-proxy-configmap.yaml @@ -1,5 +1,7 @@ {{- $proxyConfig := (merge (dict "name" "proxy" "module" "networking") .) -}} +{{- if .Values.proxy.enabled }} + apiVersion: v1 kind: ConfigMap metadata: @@ -74,3 +76,5 @@ data: socket_address: address: kubernetes.default port_value: 443 + +{{- end }} diff --git a/deployments/liqo/templates/liqo-proxy-deployment.yaml b/deployments/liqo/templates/liqo-proxy-deployment.yaml index 11e7511c57..d32a55a9c8 100644 --- a/deployments/liqo/templates/liqo-proxy-deployment.yaml +++ b/deployments/liqo/templates/liqo-proxy-deployment.yaml @@ -1,5 +1,7 @@ {{- $proxyConfig := (merge (dict "name" "proxy" "module" "networking" "version" .Values.proxy.image.version) .) -}} +{{- if .Values.proxy.enabled }} + apiVersion: apps/v1 kind: Deployment metadata: @@ -7,7 +9,7 @@ metadata: {{- include "liqo.labels" $proxyConfig | nindent 4 }} name: {{ include "liqo.prefixedName" $proxyConfig }} spec: - replicas: 1 + replicas: {{ .Values.proxy.replicas }} selector: matchLabels: {{- include "liqo.selectorLabels" $proxyConfig | nindent 6 }} @@ -66,3 +68,5 @@ spec: {{- if .Values.proxy.pod.priorityClassName }} priorityClassName: {{ .Values.proxy.pod.priorityClassName }} {{- end }} + +{{- end }} diff --git a/deployments/liqo/templates/liqo-proxy-service.yaml b/deployments/liqo/templates/liqo-proxy-service.yaml index 6bcba420af..e66858bcd6 100644 --- a/deployments/liqo/templates/liqo-proxy-service.yaml +++ b/deployments/liqo/templates/liqo-proxy-service.yaml @@ -1,5 +1,7 @@ {{- $proxyConfig := (merge (dict "name" "proxy" "module" "networking") .) -}} +{{- if .Values.proxy.enabled }} + apiVersion: v1 kind: Service metadata: @@ -18,4 +20,6 @@ spec: targetPort: {{ .Values.proxy.config.listeningPort }} protocol: TCP selector: - {{- include "liqo.selectorLabels" $proxyConfig | nindent 4 }} \ No newline at end of file + {{- include "liqo.selectorLabels" $proxyConfig | nindent 4 }} + +{{- end }} diff --git a/deployments/liqo/values.yaml b/deployments/liqo/values.yaml index 2f412173de..7058fc0bb0 100644 --- a/deployments/liqo/values.yaml +++ b/deployments/liqo/values.yaml @@ -616,6 +616,12 @@ uninstaller: version: "" proxy: + # -- Enable/Disable the proxy pod. + # This pod is mandatory to allow in-band peering + # and to connect to the consumer k8s api server from a remotly offloaded pod. + enabled: true + # -- Set the number of replicas for the proxy deployments + replicas: 1 pod: # -- Annotations for the proxy pod. annotations: {}