Merge pull request #2596 from spidernet-io/main

merge main to release-v0.8.0

.github/ISSUE_TEMPLATE/doc.yaml

@@ -1,6 +1,6 @@
 name: Documentation issue
 description: help us improve doc
-labels: kind/doc
+labels: ["kind/doc"]
 body:
   - type: dropdown
     id: opt-doc

.github/workflows/auto-cherrypick.yaml

@@ -30,18 +30,17 @@ jobs:
         with:
           fetch-depth: 0
 
-      # ${{ secrets.GITHUB_TOKEN }} is forbidden to create or approve pull requests
       - name: cherry pick
         env:
-          GITHUB_TOKEN: ${{ secrets.WELAN_PAT}}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           JSON: ${{ toJSON(github) }}
         run: |
           set -x
           echo "============ print var ======== "
           if ${{ github.event_name == 'workflow_dispatch' }}; then
                 PR_NUMBER=${{ github.event.inputs.prNumber }}
           else
-                    grep -Eio "Merge pull request #[0-9]+ " <<< "${JSON}" || true
+                grep -Eio "Merge pull request #[0-9]+ " <<< "${JSON}" || true
                 echo "try to get PR from commit"
                 COMMIT=` echo "${JSON}" | jq '.event.commits[0].id' | tr -d '"' ` || true
                 if [ -n "${COMMIT}" ]; then

.github/workflows/auto-diff-k8s-ci.yaml

@@ -140,7 +140,7 @@ jobs:
       - name: create an issue
         uses: dacbd/[email protected]
         with:
-          token: ${{ secrets.WELAN_PAT }}
+          token: ${{ secrets.GITHUB_TOKEN }}
           title: "Nightly K8s Matrix CI ${{ ENV.TIMESTAMP }}: Failed"
           body: |
             action url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}

.github/workflows/call-release-doc.yaml

@@ -51,8 +51,25 @@ jobs:
           fetch-depth: 0
           ref: ${{ env.REF }}
 
+      - name: Set main branch docs to dev (latest)
+        id: main_docs
+        if: ${{ env.REF == 'main' }}
+        run: |
+          pip install mkdocs==1.5.2 mike==1.1.2 mkdocs-material==8.5.11
+          git config user.email "[email protected]"
+          git config user.name "robot"
+          cp ./docs/mkdocs.yml ./
+          mike deploy --rebase -b ${{ env.MERGE_BRANCH }} dev -t "dev (${{ env.REF }})"
+          rm -rf ./site && rm -rf ./mkdocs.yml
+          git checkout -f ${{ env.MERGE_BRANCH }}
+          rm -rf ./charts && rm -rf ./index.yaml && rm -rf ./changelogs
+          tar -czvf ./site.tar.gz *
+          ls
+          echo "push document version `dev` from branch ${{ env.REF }}."
+
       - name: Extract Version
         id: extract
+        if: ${{ env.REF != 'main' }}
         run: |
           if ! grep -E "^[[:space:]]*v[0-9]+.[0-9]+.[0-9]+[[:space:]]*$" VERSION &>/dev/null ; then
             echo "not a release version, skip generating doc."
@@ -82,7 +99,7 @@ jobs:
 
       - name: build doc
         id: build_doc
-        if: ${{ env.SKIP_ALL_JOB != 'true' }}
+        if: ${{ env.SKIP_ALL_JOB != 'true' && env.REF != 'main' }}
         run: |
           git checkout ${{ env.REF }}
           ls

.github/workflows/e2e-init.yaml

@@ -199,15 +199,18 @@ jobs:
       - name: Get the E2E Performance Result For Dual-stack
         id: get_performance
         if: ${{ inputs.run_e2e == 'true' && inputs.ip_family == 'dual' && matrix.e2e_test_mode == 'e2e_test_underlay' }}
+        continue-on-error: true
         shell: bash
         run: |
           # sudo apt-get install -y jq
           TOOL_PATH=${{ env.PERFORMANCESCRIPT }}
           TODO_STATUS=$( ${TOOL_PATH}  "e2ereport.json"  )
           echo "PERFORMANCE_RESULT=${TODO_STATUS}" >> $GITHUB_ENV
+          [ -z ${{ env.PERFORMANCE_RESULT }} ] || { echo "error, miss spiderpool performance result " ; exit 1 ; }
 
       - name: Update Badge For Dual-stack
         if: ${{ inputs.run_e2e == 'true' && env.PERFORMANCE_RESULT != '' && inputs.ip_family == 'dual' }}
+        continue-on-error: true
         uses: schneegans/[email protected]
         with:
           auth: ${{ secrets.WELAN_PAT }}

VERSION

@@ -1 +1 @@
-v0.8.0-rc1
+v0.8.0

charts/spiderpool/Chart.yaml

@@ -5,17 +5,18 @@ icon: https://raw.githubusercontent.com/spidernet-io/spiderpool/main/docs/images
 # application or library
 type: application
 # no need to modify this version , CI will auto update it with /VERSION
-version: 0.8.0-rc1
+version: 0.8.0
 # This field is informational, and has no impact on chart version calculations .
 # Leaving it unquoted can lead to parsing issues in some cases
 # no need to modify this version , CI will auto update it with /VERSION
-appVersion: "0.8.0-rc1"
+appVersion: "0.8.0"
 kubeVersion: ">= 1.16.0-0"
-description: ipam for kubernetes cni
+description: underlay CNI solution for kubernetes
 sources:
   - "https://github.com/spidernet-io/spiderpool"
 keywords:
   - spiderpool
+  - underlay
   - networking
   - ipam
 maintainers:

charts/spiderpool/crds/spiderpool.spidernet.io_spiderippools.yaml

@@ -272,7 +272,6 @@ spec:
               subnet:
                 type: string
               vlan:
-                default: 0
                 description: 'DEPRECATED: Vlan is deprecated.'
                 format: int64
                 maximum: 4094

charts/spiderpool/crds/spiderpool.spidernet.io_spidersubnets.yaml

@@ -86,7 +86,6 @@ spec:
               subnet:
                 type: string
               vlan:
-                default: 0
                 description: 'DEPRECATED: Vlan is deprecated.'
                 format: int64
                 maximum: 4094

charts/spiderpool/templates/daemonset.yaml

@@ -210,6 +210,14 @@ spec:
                 rm -f /host/etc/cni/net.d/00-multus.conf || true
                 {{ .Values.spiderpoolAgent.binName }} shutdown
         env:
+        - name: SPIDERPOOL_POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: SPIDERPOOL_POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
         - name: SPIDERPOOL_LOG_LEVEL
           value: {{ .Values.spiderpoolAgent.debug.logLevel | quote }}
         - name: SPIDERPOOL_ENABLED_METRIC

cmd/coordinator/cmd/command_add.go

@@ -123,7 +123,7 @@ func CmdAdd(args *skel.CmdArgs) (err error) {
 		c.podVethName = defaultUnderlayVethName
 		c.hostVethName = getHostVethName(args.ContainerID)
 		if c.firstInvoke {
-			err = c.setupVeth(args.ContainerID)
+			err = c.setupVeth(logger, args.ContainerID)
 			if err != nil {
 				logger.Error("failed to create veth-pair device", zap.Error(err))
 				return err

cmd/coordinator/cmd/utils.go

@@ -8,6 +8,7 @@ import (
 	"net"
 	"os"
 
+	"github.com/cilium/cilium/pkg/mac"
 	"github.com/containernetworking/plugins/pkg/ip"
 	"github.com/containernetworking/plugins/pkg/ns"
 	"github.com/vishvananda/netlink"
@@ -133,11 +134,29 @@ func (c *coordinator) mustGetRuleNumber(spiderNics []string) int {
 
 // setupVeth sets up a pair of virtual ethernet devices. move one to the host and other
 // one to container.
-func (c *coordinator) setupVeth(containerID string) error {
+func (c *coordinator) setupVeth(logger *zap.Logger, containerID string) error {
+	// systemd 242+ tries to set a "persistent" MAC addr for any virtual device
+	// by default (controlled by MACAddressPolicy). As setting happens
+	// asynchronously after a device has been created, ep.Mac and ep.HostMac
+	// can become stale which has a serious consequence - the kernel will drop
+	// any packet sent to/from the endpoint. However, we can trick systemd by
+	// explicitly setting MAC addrs for both veth ends. This sets
+	// addr_assign_type for NET_ADDR_SET which prevents systemd from changing
+	// the addrs.
+	podVethMAC, err := mac.GenerateRandMAC()
+	if err != nil {
+		return fmt.Errorf("unable to generate podVeth mac addr: %s", err)
+	}
+
+	hostVethMac, err := mac.GenerateRandMAC()
+	if err != nil {
+		return fmt.Errorf("unable to generate hostVeth mac addr: %s", err)
+	}
+
 	var containerInterface net.Interface
-	err := c.netns.Do(func(hostNS ns.NetNS) error {
-		var err error
-		_, containerInterface, err = ip.SetupVethWithName(c.podVethName, getHostVethName(containerID), 1500, "", hostNS)
+	hostVethName := getHostVethName(containerID)
+	err = c.netns.Do(func(hostNS ns.NetNS) error {
+		_, containerInterface, err = ip.SetupVethWithName(c.podVethName, hostVethName, 1500, podVethMAC.String(), hostNS)
 		if err != nil {
 			return err
 		}
@@ -153,6 +172,16 @@ func (c *coordinator) setupVeth(containerID string) error {
 		return nil
 	})
 
+	hostVethLink, err := netlink.LinkByName(hostVethName)
+	if err != nil {
+		return err
+	}
+
+	if err = netlink.LinkSetHardwareAddr(hostVethLink, net.HardwareAddr(hostVethMac)); err != nil {
+		return fmt.Errorf("failed to set host veth mac: %v", err)
+	}
+
+	logger.Debug("Successfully to set veth mac", zap.String("podVethMac", podVethMAC.String()), zap.String("hostVethMac", hostVethMac.String()))
 	return err
 }
 

cmd/spiderpool-agent/cmd/config.go

@@ -53,6 +53,8 @@ var envInfo = []envConf{
 	{"SPIDERPOOL_LOG_LEVEL", logutils.LogInfoLevelStr, true, &agentContext.Cfg.LogLevel, nil, nil},
 	{"SPIDERPOOL_ENABLED_METRIC", "false", false, nil, &agentContext.Cfg.EnableMetric, nil},
 	{"SPIDERPOOL_ENABLED_DEBUG_METRIC", "false", false, nil, &agentContext.Cfg.EnableDebugLevelMetric, nil},
+	{"SPIDERPOOL_POD_NAMESPACE", "", true, &agentContext.Cfg.AgentPodNamespace, nil, nil},
+	{"SPIDERPOOL_POD_NAME", "", true, &agentContext.Cfg.AgentPodName, nil, nil},
 	{"SPIDERPOOL_HEALTH_PORT", "5710", true, &agentContext.Cfg.HttpPort, nil, nil},
 	{"SPIDERPOOL_METRIC_HTTP_PORT", "5711", true, &agentContext.Cfg.MetricHttpPort, nil, nil},
 	{"SPIDERPOOL_GOPS_LISTEN_PORT", "5712", false, &agentContext.Cfg.GopsListenPort, nil, nil},
@@ -78,6 +80,8 @@ type Config struct {
 	LogLevel               string
 	EnableMetric           bool
 	EnableDebugLevelMetric bool
+	AgentPodNamespace      string
+	AgentPodName           string
 
 	HttpPort         string
 	MetricHttpPort   string
@@ -91,17 +95,13 @@ type Config struct {
 	MultusClusterNetwork string
 
 	// configmap
-	IpamUnixSocketPath                string   `yaml:"ipamUnixSocketPath"`
-	EnableIPv4                        bool     `yaml:"enableIPv4"`
-	EnableIPv6                        bool     `yaml:"enableIPv6"`
-	EnableStatefulSet                 bool     `yaml:"enableStatefulSet"`
-	EnableKubevirtStaticIP            bool     `yaml:"enableKubevirtStaticIP"`
-	EnableSpiderSubnet                bool     `yaml:"enableSpiderSubnet"`
-	ClusterDefaultIPv4IPPool          []string `yaml:"clusterDefaultIPv4IPPool"`
-	ClusterDefaultIPv6IPPool          []string `yaml:"clusterDefaultIPv6IPPool"`
-	ClusterDefaultIPv4Subnet          []string `yaml:"clusterDefaultIPv4Subnet"`
-	ClusterDefaultIPv6Subnet          []string `yaml:"clusterDefaultIPv6Subnet"`
-	ClusterSubnetDefaultFlexibleIPNum int      `yaml:"clusterSubnetDefaultFlexibleIPNumber"`
+	IpamUnixSocketPath                string `yaml:"ipamUnixSocketPath"`
+	EnableIPv4                        bool   `yaml:"enableIPv4"`
+	EnableIPv6                        bool   `yaml:"enableIPv6"`
+	EnableStatefulSet                 bool   `yaml:"enableStatefulSet"`
+	EnableKubevirtStaticIP            bool   `yaml:"enableKubevirtStaticIP"`
+	EnableSpiderSubnet                bool   `yaml:"enableSpiderSubnet"`
+	ClusterSubnetDefaultFlexibleIPNum int    `yaml:"clusterSubnetDefaultFlexibleIPNumber"`
 }
 
 type AgentContext struct {

cmd/spiderpool-agent/cmd/daemon.go

@@ -132,15 +132,14 @@ func DaemonMain() {
 
 	logger.Info("Begin to initialize IPAM")
 	ipamConfig := ipam.IPAMConfig{
-		EnableIPv4:               agentContext.Cfg.EnableIPv4,
-		EnableIPv6:               agentContext.Cfg.EnableIPv6,
-		ClusterDefaultIPv4IPPool: agentContext.Cfg.ClusterDefaultIPv4IPPool,
-		ClusterDefaultIPv6IPPool: agentContext.Cfg.ClusterDefaultIPv6IPPool,
-		EnableSpiderSubnet:       agentContext.Cfg.EnableSpiderSubnet,
-		EnableStatefulSet:        agentContext.Cfg.EnableStatefulSet,
-		EnableKubevirtStaticIP:   agentContext.Cfg.EnableKubevirtStaticIP,
-		OperationRetries:         agentContext.Cfg.WaitSubnetPoolMaxRetries,
-		OperationGapDuration:     time.Duration(agentContext.Cfg.WaitSubnetPoolTime) * time.Second,
+		EnableIPv4:             agentContext.Cfg.EnableIPv4,
+		EnableIPv6:             agentContext.Cfg.EnableIPv6,
+		EnableSpiderSubnet:     agentContext.Cfg.EnableSpiderSubnet,
+		EnableStatefulSet:      agentContext.Cfg.EnableStatefulSet,
+		EnableKubevirtStaticIP: agentContext.Cfg.EnableKubevirtStaticIP,
+		OperationRetries:       agentContext.Cfg.WaitSubnetPoolMaxRetries,
+		OperationGapDuration:   time.Duration(agentContext.Cfg.WaitSubnetPoolTime) * time.Second,
+		AgentNamespace:         agentContext.Cfg.AgentPodNamespace,
 	}
 	if len(agentContext.Cfg.MultusClusterNetwork) != 0 {
 		ipamConfig.MultusClusterNetwork = pointer.String(agentContext.Cfg.MultusClusterNetwork)

cmd/spiderpool-controller/cmd/runtime_status.go

@@ -46,7 +46,7 @@ func (g *_httpGetControllerReadiness) Handle(params runtime.GetRuntimeReadinessP
 	}
 
 	if g.Leader.IsElected() {
-		if !g.GCManager.Health() {
+		if gcIPConfig.EnableGCIP && !g.GCManager.Health() {
 			logger.Warn("failed to check spiderpool-controller readiness probe: the IP GC is still not ready, please wait for a while")
 			return runtime.NewGetRuntimeReadinessInternalServerError()
 		}