ci: conflist generation and steps for cilium swiftv2#4376
Open
ci: conflist generation and steps for cilium swiftv2#4376
Conversation
copy cilium watcher and set healthz port to 50257 per documentation
Contributor
Author
|
/azp run Azure Container Networking PR |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Contributor
There was a problem hiding this comment.
Pull request overview
Adds support files and plumbing for an Azure CNI chained-with-Cilium conflist scenario (and related Swiftv2 unmanaged-node setup), including CNS conflist generation + fixtures/tests, and bundling the sample conflist into the CNI payload.
Changes:
- Add a new CNS conflist generation scenario (
azurecni-chained-cilium) with Linux generator + fixtures + unit test. - Add Swiftv2 Cilium “watcher” deployment manifests (including an alternate healthz-port variant) and BYON conflist installer manifest.
- Bundle
azure-chained-cilium.conflistinto the CNI dropgz payload and pipeline build outputs, plus add a setup guide.
Reviewed changes
Copilot reviewed 15 out of 15 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| test/integration/manifests/cnsconfig/azcnichainedciliumconfigmap.yaml | Adds CNS config for chained Cilium conflist generation scenario. |
| test/integration/manifests/cni/conflist-installer-byon.yaml | Adds DaemonSet manifest to install chained conflist onto BYON nodes. |
| test/integration/manifests/cilium/watcher/deployment.yaml | Adds watcher deployment to clone/modify managed Cilium DaemonSet for unmanaged nodes. |
| test/integration/manifests/cilium/watcher/deployment-alt-healthz-port.yaml | Variant watcher manifest that sets alternate healthz bind port for kube-proxy coexistence. |
| docs/feature/swift-v2/setup-guide-cil.md | Adds Swiftv2 managed Cilium setup instructions for BYON/unmanaged nodes. |
| cns/service/main.go | Wires new conflist scenario string to a new generator. |
| cns/cniconflist/testdata/fixtures/azure-chained-cilium.conflist | Adds fixture used to validate generated chained conflist output. |
| cns/cniconflist/generator_windows.go | Adds Windows stub for the new generator (not implemented). |
| cns/cniconflist/generator_linux_test.go | Switches to require and adds a test for the new generator. |
| cns/cniconflist/generator_linux.go | Implements the chained AzureCNI→Cilium conflist generator. |
| cns/cniconflist/generator.go | Adds generator type + Close() implementation. |
| cni/azure-chained-cilium.conflist | Adds sample chained conflist intended for packaging/installation. |
| cni/Dockerfile.tmpl | Includes chained conflist in payload build. |
| cni/Dockerfile | Includes chained conflist in payload build. |
| .pipelines/build/scripts/cni.sh | Copies chained conflist into pipeline output files. |
| ``` | ||
| export CONFLIST=azure-chained-cilium.conflist | ||
| export CONFLIST_PRIORITY=05 | ||
| export CNI_IMAGE=acnpublic.azurecr.io/public/containernetworking/azure-cni:v1.7.5-3 |
Member
There was a problem hiding this comment.
can you include mcr image instead of acnpublic.. why are we asking them to replace?
Contributor
Author
There was a problem hiding this comment.
Currently there isn't any mcr image available that has the chained cni conflist. This is the PR where it is introduced and added to dropgz/azure-cni.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Reason for Change:
Adds John's conflist generation changes to CNS (currently unused).
Adds swiftv2 cilium instructions and related files for watcher.
Adds sample chained cni conflist which should now be bundled into dropgz.
test/integration/manifests/cilium/watcher/deployment-alt-healthz-port.yaml and test/integration/manifests/cni/conflist-installer-byon.yaml are identical except one specifies a healthz port.
Conflist installer uses acnpublic image but for correctness this particular image has the chained conflist we want.
acnpublic.azurecr.io/public/containernetworking/azure-cni:v1.7.5-3Watcher relies on an image that has kubectl and yq.
Issue Fixed:
Requirements:
Notes: