Calico tuning plugin configuration added to Installation CRD

tigera · Jun 28, 2023 · a42e080 · a42e080
1 parent 41c5ea8
commit a42e080
Show file tree

Hide file tree

Showing 5 changed files with 113 additions and 0 deletions.
diff --git a/api/v1/installation_types.go b/api/v1/installation_types.go
@@ -432,6 +432,10 @@ type CalicoNetworkSpec struct {
 	// +optional
 	// +kubebuilder:validation:Enum=Enabled;Disabled
 	ContainerIPForwarding *ContainerIPForwardingType `json:"containerIPForwarding,omitempty"`
+
+	// SysctlTuning configures sysctl parameters for tuning plugin
+	// +optional
+	SysctlTuning *map[string]string `json:"sysctlTuning,omitempty"`
 }
 
 // NodeAddressAutodetection provides configuration options for auto-detecting node addresses. At most one option

diff --git a/api/v1/zz_generated.deepcopy.go b/api/v1/zz_generated.deepcopy.go
diff --git a/pkg/crds/operator/operator.tigera.io_installations.yaml b/pkg/crds/operator/operator.tigera.io_installations.yaml
@@ -1483,6 +1483,12 @@ spec:
                           on interfaces that do not match the given regex.
                         type: string
                     type: object
+                  sysctlTuning:
+                    additionalProperties:
+                      type: string
+                    description: SysctlTuning configures sysctl parameters for tuning
+                      plugin
+                    type: object
                 type: object
               calicoNodeDaemonSet:
                 description: CalicoNodeDaemonSet configures the calico-node DaemonSet.
@@ -9182,6 +9188,12 @@ spec:
                               on interfaces that do not match the given regex.
                             type: string
                         type: object
+                      sysctlTuning:
+                        additionalProperties:
+                          type: string
+                        description: SysctlTuning configures sysctl parameters for
+                          tuning plugin
+                        type: object
                     type: object
                   calicoNodeDaemonSet:
                     description: CalicoNodeDaemonSet configures the calico-node DaemonSet.

diff --git a/pkg/render/node.go b/pkg/render/node.go
@@ -704,6 +704,17 @@ func (c *nodeComponent) createPortmapPlugin() map[string]interface{} {
 	return portmapPlugin
 }
 
+func (c *nodeComponent) createTuningPlugin() map[string]interface{} {
+	// tuning plugin (sysctl)
+	tuningPlugin := map[string]interface{}{
+		"type":   "tuning",
+		"sysctl": map[string]string{},
+	}
+	tuningPlugin["sysctl"] = *c.cfg.Installation.CalicoNetwork.SysctlTuning
+
+	return tuningPlugin
+}
+
 // nodeCNIConfigMap returns a config map containing the CNI network config to be installed on each node.
 // Returns nil if no configmap is needed.
 func (c *nodeComponent) nodeCNIConfigMap() *corev1.ConfigMap {
@@ -722,6 +733,11 @@ func (c *nodeComponent) nodeCNIConfigMap() *corev1.ConfigMap {
 		plugins = append(plugins, c.createPortmapPlugin())
 	}
 
+	// optional tuning plugin
+	if c.cfg.Installation.CalicoNetwork.SysctlTuning != nil {
+		plugins = append(plugins, c.createTuningPlugin())
+	}
+
 	pluginsArray, _ := json.Marshal(plugins)
 
 	config := fmt.Sprintf(`{

diff --git a/pkg/render/node_test.go b/pkg/render/node_test.go
@@ -2668,6 +2668,76 @@ var _ = Describe("Node rendering tests", func() {
 				Expect(rtest.GetContainer(ds.Spec.Template.Spec.InitContainers, "install-cni").VolumeMounts).To(ConsistOf(expectedCNIVolumeMounts))
 			})
 
+			It("should render cni config with sysctl parameters", func() {
+				sysctl := map[string]string{
+					"net.ipv4.tcp_keepalive_intvl":  "15",
+					"net.ipv4.tcp_keepalive_probes": "6",
+					"net.ipv4.tcp_keepalive_time":   "40",
+				}
+				defaultInstance.CalicoNetwork.SysctlTuning = &sysctl
+				component := render.Node(&cfg)
+				Expect(component.ResolveImages(nil)).To(BeNil())
+				resources, _ := component.Objects()
+				Expect(len(resources)).To(Equal(defaultNumExpectedResources))
+
+				// Should render the correct resources.
+				cniCmResource := rtest.GetResource(resources, "cni-config", "calico-system", "", "v1", "ConfigMap")
+				Expect(cniCmResource).ToNot(BeNil())
+				cniCm := cniCmResource.(*corev1.ConfigMap)
+				Expect(cniCm.Data["config"]).To(MatchJSON(fmt.Sprintf(`{
+  "name": "k8s-pod-network",
+  "cniVersion": "0.3.1",
+  "plugins": [
+    {
+      "container_settings": {
+        "allow_ip_forwarding": false
+      },
+      "datastore_type": "kubernetes",
+        "ipam": {
+          "assign_ipv4":  "%t",
+          "assign_ipv6":  "%t",
+          "type": "calico-ipam"
+      },
+      "kubernetes": {
+        "kubeconfig": "__KUBECONFIG_FILEPATH__"
+      },
+      "log_file_max_age": 5,
+      "log_file_max_count": 5,
+      "log_file_max_size": 1,
+      "log_file_path": "/var/log/calico/cni/cni.log",
+      "log_level": "Debug",
+      "mtu": 0,
+      "nodename_file_optional": false,
+      "policy": {
+        "type": "k8s"
+      },
+      "type": "calico"
+    },
+    {
+      "capabilities": {
+        "bandwidth": true
+      },
+      "type": "bandwidth"
+    },
+    {
+      "capabilities": {
+        "portMappings": true
+      },
+      "snat": true,
+      "type": "portmap"
+    },
+    {
+      "sysctl": {
+        "net.ipv4.tcp_keepalive_intvl": "15",
+        "net.ipv4.tcp_keepalive_probes": "6",
+        "net.ipv4.tcp_keepalive_time": "40"
+      },
+      "type": "tuning"
+	}
+  ]
+  }`, enableIPv4, enableIPv6)))
+			})
+
 			It("should render a proper 'allow_ip_forwarding' container setting in the cni config", func() {
 				cif := operatorv1.ContainerIPForwardingEnabled
 				defaultInstance.CalicoNetwork.ContainerIPForwarding = &cif