Skip to content

Commit

Permalink
Implement mutating webhook for Calico with eBPF configuration. (#427)
Browse files Browse the repository at this point in the history
  • Loading branch information
Gerrit91 authored Oct 21, 2024
1 parent c325eb6 commit 086140c
Show file tree
Hide file tree
Showing 2 changed files with 50 additions and 1 deletion.
1 change: 1 addition & 0 deletions pkg/webhook/shoot/add.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ func AddToManagerWithOptions(mgr manager.Manager, opts AddOptions) (*extensionsw
return shoot.New(mgr, shoot.Args{
Types: []extensionswebhook.Type{
{Obj: &appsv1.Deployment{}},
{Obj: &appsv1.DaemonSet{}},
{Obj: &corev1.ConfigMap{}},
{Obj: &corev1.Secret{}},
},
Expand Down
50 changes: 49 additions & 1 deletion pkg/webhook/shoot/mutator.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@ package shoot
import (
"context"
"fmt"
"slices"
"strconv"

extensionswebhook "github.com/gardener/gardener/extensions/pkg/webhook"

Expand Down Expand Up @@ -48,6 +50,13 @@ func (m *mutator) Mutate(ctx context.Context, new, _ client.Object) error {
case "vpn-shoot":
extensionswebhook.LogMutation(logger, x.Kind, x.Namespace, x.Name)
return m.mutateVPNShootDeployment(ctx, x)

}
case *appsv1.DaemonSet:
switch x.Name {
case "calico-node":
extensionswebhook.LogMutation(logger, x.Kind, x.Namespace, x.Name)
return m.mutateCalicoNode(ctx, x)
}
}
return nil
Expand All @@ -59,7 +68,7 @@ func (m *mutator) mutateVPNShootDeployment(_ context.Context, deployment *appsv1
// raising the timeout to 15 minutes leads to additional 15 minutes of provisioning time because
// the nodes cidr will only be set on next shoot reconcile
// with the following mutation we can immediately provide the proper nodes cidr and save time
logger.Info("ensuring nodes cidr from shoot-node-cidr configmap in vpn-shoot deployment")
m.logger.Info("ensuring nodes cidr from shoot-node-cidr configmap in vpn-shoot deployment")
c.Env = extensionswebhook.EnsureEnvVarWithName(c.Env, corev1.EnvVar{
Name: "NODE_NETWORK",
Value: "",
Expand All @@ -76,3 +85,42 @@ func (m *mutator) mutateVPNShootDeployment(_ context.Context, deployment *appsv1

return nil
}

func (m *mutator) mutateCalicoNode(_ context.Context, ds *appsv1.DaemonSet) error {
if c := extensionswebhook.ContainerWithName(ds.Spec.Template.Spec.Containers, "calico-node"); c != nil {
ebpfEnabled := slices.ContainsFunc(c.Env, func(e corev1.EnvVar) bool {
if e.Name != "FELIX_BPFENABLED" {
return false
}

enabled, _ := strconv.ParseBool(e.Value)

return enabled
})

if !ebpfEnabled {
return nil
}

m.logger.Info("patching calico-node daemon set due to ebpf dataplane being enabled")

c.Env = extensionswebhook.EnsureEnvVarWithName(c.Env, corev1.EnvVar{
Name: "FELIX_BPFDATAIFACEPATTERN",
// including "lan" interface name to default value
// (see https://github.com/projectcalico/calico/blob/3f7fe4d290541bbdd73c97bdc89a29a29855a48a/felix/config/config_params.go#L180)
Value: "^((en|wl|ww|sl|ib)[Popsx].*|(lan|eth|wlan|wwan).*|tunl0$|vxlan.calico$|wireguard.cali$|wg-v6.cali$)",
})

c.Env = extensionswebhook.EnsureEnvVarWithName(c.Env, corev1.EnvVar{
Name: "FELIX_BPFEXTERNALSERVICEMODE",
Value: "DSR",
})

c.Env = extensionswebhook.EnsureEnvVarWithName(c.Env, corev1.EnvVar{
Name: "FELIX_MTUIFACEPATTERN",
Value: "lan",
})
}

return nil
}

0 comments on commit 086140c

Please sign in to comment.