From dce572eda25bcb48c99fb78c285d7e105b573766 Mon Sep 17 00:00:00 2001 From: Gerrit Date: Wed, 16 Oct 2024 10:44:04 +0200 Subject: [PATCH 1/2] Update. --- cmd/cluster.go | 38 +++++++++++++++++++++++++++++++++++--- cmd/output/shootprinter.go | 13 +++++++++++-- go.mod | 4 ++-- go.sum | 8 ++++---- 4 files changed, 52 insertions(+), 11 deletions(-) diff --git a/cmd/cluster.go b/cmd/cluster.go index 23f2e3e..9541cd4 100644 --- a/cmd/cluster.go +++ b/cmd/cluster.go @@ -241,6 +241,7 @@ func newClusterCmd(c *config) *cobra.Command { clusterCreateCmd.Flags().String("default-storage-class", "", "set default storage class to given name, must be one of the managed storage classes") clusterCreateCmd.Flags().String("max-pods-per-node", "", "set number of maximum pods per node (default: 510). Lower numbers allow for more node per cluster. [optional]") clusterCreateCmd.Flags().String("cni", "", "the network plugin used in this cluster, defaults to calico. please note that cilium support is still Alpha and we are happy to receive feedback. [optional]") + clusterCreateCmd.Flags().Bool("enable-calico-ebpf", false, "enables calico cni to use eBPF data plane and DSR configuration, for increased performance and preserving source IP addresses. [optional]") clusterCreateCmd.Flags().BoolP("enable-node-local-dns", "", false, "enables node local dns cache on the cluster nodes. [optional].") clusterCreateCmd.Flags().BoolP("disable-forwarding-to-upstream-dns", "", false, "disables direct forwarding of queries to external dns servers when node-local-dns is enabled. All dns queries will go through coredns. [optional].") clusterCreateCmd.Flags().StringSlice("kube-apiserver-acl-allowed-cidrs", []string{}, "comma-separated list of external CIDRs allowed to connect to the kube-apiserver (e.g. \"212.34.68.0/24,212.34.89.0/27\")") @@ -340,6 +341,7 @@ func newClusterCmd(c *config) *cobra.Command { clusterUpdateCmd.Flags().Bool("enable-kube-apiserver-acl", false, "restricts access from outside to the kube-apiserver to the source ip addresses set by --kube-apiserver-acl-* [optional].") clusterUpdateCmd.Flags().Bool("high-availability-control-plane", false, "enables a high availability control plane for the cluster, cannot be disabled again") clusterUpdateCmd.Flags().Int64("kubelet-pod-pid-limit", 0, "controls the maximum number of process IDs per pod allowed by the kubelet") + clusterUpdateCmd.Flags().Bool("enable-calico-ebpf", false, "enables calico cni to use eBPF data plane and DSR configuration, for increased performance and preserving source IP addresses. [optional]") genericcli.Must(clusterUpdateCmd.RegisterFlagCompletionFunc("version", c.comp.VersionListCompletion)) genericcli.Must(clusterUpdateCmd.RegisterFlagCompletionFunc("workerversion", c.comp.VersionListCompletion)) @@ -453,6 +455,7 @@ func (c *config) clusterCreate() error { disableForwardToUpstreamDNS := viper.GetBool("disable-forwarding-to-upstream-dns") highAvailability := strconv.FormatBool(viper.GetBool("high-availability-control-plane")) podpidLimit := viper.GetInt64("kubelet-pod-pid-limit") + calicoEbpf := strconv.FormatBool(viper.GetBool("enable-calico-ebpf")) var cni string if viper.IsSet("cni") { @@ -660,7 +663,6 @@ WARNING: You are going to create a cluster that has no default internet access w } if viper.IsSet("kube-apiserver-acl-allowed-cidrs") || viper.IsSet("enable-kube-apiserver-acl") { - if !viper.GetBool("yes-i-really-mean-it") && viper.IsSet("enable-kube-apiserver-acl") { return fmt.Errorf("--enable-kube-apiserver-acl is set but you forgot to add --yes-i-really-mean-it") } @@ -679,8 +681,21 @@ WARNING: You are going to create a cluster that has no default internet access w } } + if viper.IsSet("enable-calico-ebpf") { + if activate, _ := strconv.ParseBool(calicoEbpf); activate { + if err := genericcli.PromptCustom(&genericcli.PromptConfig{ + Message: "Enabling the Calico eBPF feature gate is still a beta feature. Be aware that this may impact the network policies in your cluster as source IP addresses are preserved with this configuration.", + ShowAnswers: true, + Out: c.out, + }); err != nil { + return err + } + } + + scr.ClusterFeatures.CalicoEbpfDataplane = &calicoEbpf + } + if viper.IsSet("high-availability-control-plane") { - scr.ClusterFeatures.HighAvailability = &highAvailability if ha, _ := strconv.ParseBool(highAvailability); ha { if err := genericcli.PromptCustom(&genericcli.PromptConfig{ Message: "Enabling the HA control plane feature gate is still a beta feature. You cannot use it in combination with the cluster forwarding backend of the audit extension. Please be aware that you cannot revert this feature gate after it was enabled.", @@ -690,6 +705,8 @@ WARNING: You are going to create a cluster that has no default internet access w return err } } + + scr.ClusterFeatures.HighAvailability = &highAvailability } if viper.IsSet("kubelet-pod-pid-limit") { @@ -935,6 +952,7 @@ func (c *config) updateCluster(args []string) error { encryptedStorageClasses := strconv.FormatBool(viper.GetBool("encrypted-storage-classes")) highAvailability := strconv.FormatBool(viper.GetBool("high-availability-control-plane")) + calicoEbpf := strconv.FormatBool(viper.GetBool("enable-calico-ebpf")) podpidLimit := viper.GetInt64("kubelet-pod-pid-limit") @@ -994,8 +1012,20 @@ func (c *config) updateCluster(args []string) error { if viper.IsSet("logacceptedconns") { clusterFeatures.LogAcceptedConnections = &logAcceptedConnections } + if viper.IsSet("enable-calico-ebpf") { + if activate, _ := strconv.ParseBool(calicoEbpf); activate { + if err := genericcli.PromptCustom(&genericcli.PromptConfig{ + Message: "Enabling the Calico eBPF feature gate is still a beta feature. Be aware that this may impact the network policies in your cluster as source IP addresses are preserved with this configuration.", + ShowAnswers: true, + Out: c.out, + }); err != nil { + return err + } + } + + clusterFeatures.CalicoEbpfDataplane = &calicoEbpf + } if viper.IsSet("high-availability-control-plane") { - clusterFeatures.HighAvailability = &highAvailability if v, _ := strconv.ParseBool(highAvailability); v { if err := genericcli.PromptCustom(&genericcli.PromptConfig{ Message: "Enabling the HA control plane feature gate is still a beta feature. You cannot use it in combination with the cluster forwarding backend of the audit extension. Please be aware that you cannot revert this feature gate after it was enabled.", @@ -1005,6 +1035,8 @@ func (c *config) updateCluster(args []string) error { return err } } + + clusterFeatures.HighAvailability = &highAvailability } workergroupKubernetesVersion := viper.GetString("workerversion") diff --git a/cmd/output/shootprinter.go b/cmd/output/shootprinter.go index b5fc76d..7eb60d9 100644 --- a/cmd/output/shootprinter.go +++ b/cmd/output/shootprinter.go @@ -2,6 +2,7 @@ package output import ( "fmt" + "strconv" "strings" "time" @@ -148,12 +149,20 @@ func (s ShootIssuesTablePrinter) Print(data []*models.V1ClusterResponse) { func shootData(shoot *models.V1ClusterResponse, withIssues bool) ([]string, []string, []string) { shootStats := newShootStats(shoot.Status) + if shoot.KubeAPIServerACL != nil && !*shoot.KubeAPIServerACL.Disabled { shootStats.apiServer += "๐Ÿ”’" } - if shoot.ClusterFeatures != nil && shoot.ClusterFeatures.HighAvailability != nil && *shoot.ClusterFeatures.HighAvailability == "true" { - shootStats.apiServer += "๐Ÿคน" + + if shoot.ClusterFeatures != nil { + if ok, err := strconv.ParseBool(pointer.SafeDeref(shoot.ClusterFeatures.HighAvailability)); err == nil && ok { + shootStats.apiServer += "๐Ÿคน" + } + if ok, err := strconv.ParseBool(pointer.SafeDeref(shoot.ClusterFeatures.CalicoEbpfDataplane)); err == nil && ok { + shootStats.system += "๐Ÿ" + } } + name := *shoot.Name if shoot.NetworkAccessType != nil { if *shoot.NetworkAccessType == models.V1ClusterCreateRequestNetworkAccessTypeForbidden { diff --git a/go.mod b/go.mod index 176e0c4..4ee1e84 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/dustin/go-humanize v1.0.1 github.com/fatih/color v1.17.0 github.com/fi-ts/accounting-go v0.11.0 - github.com/fi-ts/cloud-go v0.29.0 + github.com/fi-ts/cloud-go v0.29.1-0.20241009083205-6ba3c726b6b3 github.com/gardener/gardener v1.91.0 github.com/gardener/machine-controller-manager v0.53.1 github.com/go-openapi/runtime v0.28.0 @@ -20,7 +20,7 @@ require ( github.com/jinzhu/now v1.1.5 github.com/metal-stack/duros-go v0.5.1 github.com/metal-stack/metal-go v0.37.2 - github.com/metal-stack/metal-lib v0.18.3 + github.com/metal-stack/metal-lib v0.18.4 github.com/metal-stack/updater v1.2.2 github.com/metal-stack/v v1.0.3 github.com/olekukonko/tablewriter v0.0.5 diff --git a/go.sum b/go.sum index f983578..7f185d7 100644 --- a/go.sum +++ b/go.sum @@ -96,8 +96,8 @@ github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI= github.com/fi-ts/accounting-go v0.11.0 h1:UHIc+y99J6zi8FeWHvvx2aztXyIPkGCXW9SdaAsrZwo= github.com/fi-ts/accounting-go v0.11.0/go.mod h1:2HICRUx3E38kEF49ri5ed2dWymwo05LawcFQDhsw1g4= -github.com/fi-ts/cloud-go v0.29.0 h1:0MSgs4BiBBcCDWEXTwg3h15r0yRf1mGV/17XQ/LGSec= -github.com/fi-ts/cloud-go v0.29.0/go.mod h1:pcGGl+M2OmtvwyuTEOimqSHrZngDotG69lmBzEbx6cc= +github.com/fi-ts/cloud-go v0.29.1-0.20241009083205-6ba3c726b6b3 h1:qMRfgXZOZa1d4MewIdfWRiiE2ZHP8A7R0fXbcyEJyWI= +github.com/fi-ts/cloud-go v0.29.1-0.20241009083205-6ba3c726b6b3/go.mod h1:pcGGl+M2OmtvwyuTEOimqSHrZngDotG69lmBzEbx6cc= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= @@ -288,8 +288,8 @@ github.com/metal-stack/duros-go v0.5.1 h1:baE/c0AKy9sTOztPhILJLaoMmT17Ajsb+xRMfH github.com/metal-stack/duros-go v0.5.1/go.mod h1:Z9mzI9ds2gI8zHC03PUCQvmlWa7WAPukDCUhowtVeOk= github.com/metal-stack/metal-go v0.37.2 h1:SDIuV43y09kmwtHfsReOZoZ7c2F+lNP4iIhazfJL5tQ= github.com/metal-stack/metal-go v0.37.2/go.mod h1:3MJTYCS4YJz8D8oteTKhjpaAKNMMjMKYDrIy9awHGtQ= -github.com/metal-stack/metal-lib v0.18.3 h1:bovFiJPB9SMvuGLqcXVWz6jFB8HrdzwnCX7TFlen4r0= -github.com/metal-stack/metal-lib v0.18.3/go.mod h1:Ctyi6zaXFr2NVrQZLFsDLnFCzupKnYErTtgRFKAsnbw= +github.com/metal-stack/metal-lib v0.18.4 h1:7HnfSwSbrKNHU+i6i79YFk/eeuhBhwIEHWpGqS7pYCc= +github.com/metal-stack/metal-lib v0.18.4/go.mod h1:Ctyi6zaXFr2NVrQZLFsDLnFCzupKnYErTtgRFKAsnbw= github.com/metal-stack/security v0.8.1 h1:4zmVUxZvDWShVvVIxM3XhIv7pTmPe9DvACRIHW6YTsk= github.com/metal-stack/security v0.8.1/go.mod h1:OO8ZilZO6fUV5QEmwc7HP/RAjqYrGQxXoYIddJ9TvqE= github.com/metal-stack/updater v1.2.2 h1:gnUrnQgfT20QFMDtFBY89opKoBAkdeI/8T2iwMHNdxs= From 211bdd58595aa87ca944cd6f1667295c652436e9 Mon Sep 17 00:00:00 2001 From: Gerrit Date: Mon, 21 Oct 2024 14:44:01 +0200 Subject: [PATCH 2/2] Pin. --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 4ee1e84..1454f0e 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/dustin/go-humanize v1.0.1 github.com/fatih/color v1.17.0 github.com/fi-ts/accounting-go v0.11.0 - github.com/fi-ts/cloud-go v0.29.1-0.20241009083205-6ba3c726b6b3 + github.com/fi-ts/cloud-go v0.29.4 github.com/gardener/gardener v1.91.0 github.com/gardener/machine-controller-manager v0.53.1 github.com/go-openapi/runtime v0.28.0 diff --git a/go.sum b/go.sum index 7f185d7..0de8d3d 100644 --- a/go.sum +++ b/go.sum @@ -96,8 +96,8 @@ github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI= github.com/fi-ts/accounting-go v0.11.0 h1:UHIc+y99J6zi8FeWHvvx2aztXyIPkGCXW9SdaAsrZwo= github.com/fi-ts/accounting-go v0.11.0/go.mod h1:2HICRUx3E38kEF49ri5ed2dWymwo05LawcFQDhsw1g4= -github.com/fi-ts/cloud-go v0.29.1-0.20241009083205-6ba3c726b6b3 h1:qMRfgXZOZa1d4MewIdfWRiiE2ZHP8A7R0fXbcyEJyWI= -github.com/fi-ts/cloud-go v0.29.1-0.20241009083205-6ba3c726b6b3/go.mod h1:pcGGl+M2OmtvwyuTEOimqSHrZngDotG69lmBzEbx6cc= +github.com/fi-ts/cloud-go v0.29.4 h1:mZ9woPt3cSk9oApZG1y6lm4G6OQ60YWkS3FlefBzWGw= +github.com/fi-ts/cloud-go v0.29.4/go.mod h1:pcGGl+M2OmtvwyuTEOimqSHrZngDotG69lmBzEbx6cc= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=