Add ADR about failed multus integration#9434
Conversation
brandond
left a comment
brandond
left a comment
There was a problem hiding this comment.
LGTM. I usually just write it up in the final format the ADR will be accepted in, so marked as Approved, and with the Design suggestion section as if it was the Decision... so that people can approve and you don't need to update it again and get another round of approvals just to do minor rewording.
docs/adrs/multus.md
Outdated
|
|
||
| The suggestion is to include a new `--multus` boolean flag. When that flag gets activated, we deploy a Kubernetes job that will run in that node and will: | ||
| * Run the [cni-plugins image](https://github.com/rancher/image-build-cni-plugins) which will deploy in the node all the widely used CNI binaries (e.g. macvlan), the multus binary and the whereabouts binary | ||
| * Install the required multus CRD `network-attachment-definitions.k8s.cni.cncf.io` and the whereabouts CRDs `ippools.whereabouts.cni.cncf.io` & `overlappingrangeipreservations.whereabouts.cni.cncf.io` |
There was a problem hiding this comment.
I would probably do like we do with disabled components in RKE2, and ship these as a packaged manifest, and then just add them to the --disable list if --multus isn't set.
docs/adrs/multus.md
Outdated
| * Create the appropriate Multus CNI config file and place it in the right path | ||
| * Start the whereabouts controller | ||
|
|
||
| These tasks are more or less what the upstream Multus and whereabouts daemonset do but, at least for Multus, it seems too overkill to have a daemonset running forever just for deploying the binaries and creating the correct multus cni config. A job that runs the `cni-plugins image` once the nodes comes up seems like a better solution. |
There was a problem hiding this comment.
I'm not sure a Job is the best way to do this, given that that the process for assigning job pods to specific nodes is a bit clumsy. We would need to reinvent much of the logic around creating and managing job-node assignment, and this logic already exists in the daemonset controller. I think we should either drop the required files directly from the k3s supervisor process, or use a daemonset to ensure that the install pod gets run on every node.
There was a problem hiding this comment.
if it is too clumsy, then perhaps it is best for k3s to do that job but then, I don't want to increase the size of k3s by adding too many binaries that most people won't use... I'm starting to wonder if perhaps the idea of that user that suggested to add "macvlan" to the cni multi-exec might be the best one :D
There was a problem hiding this comment.
macvlan + multus + whereabouts +.... I'll have fun in the next days
There was a problem hiding this comment.
Adding multus+whereabouts to the multi-exec is not worth it.:
- Multus binary increases the size of k3s significantly. Given that only a handful of users will benefit from this, I don't think it makes sense
- whereabouts binary has very very old dependencies. That project actually looks sort of unmaintained. Anyway, it would creep in a lot of CVEs and we don't want that
There was a problem hiding this comment.
Open question: do we want to add the multus images to the core k3s airgap image list, or should we have an optional image tarball, like we do for rke2?
There was a problem hiding this comment.
Good point, probably the latter makes more sense. What would be the disadvantages of it?
There was a problem hiding this comment.
Disadvantage to adding an optional tarball is that we have to update build scripts, QA processes, and documentation to handle the optional tarballs. We have never had more than 1 for k3s. How big are the additional images?
There was a problem hiding this comment.
yeah. To minimize that pain, I'd leave the same name for the current tarball k3s-airgap-images-${ARCH}.tar and the images file k3s-images.txt
manuelbuil
force-pushed
the
multusADR
branch
5 times, most recently
from
8455315 to
5a04cb4
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #9434 +/- ##
==========================================
- Coverage 48.66% 43.77% -4.89%
==========================================
Files 158 151 -7
Lines 14017 13580 -437
==========================================
- Hits 6821 5945 -876
- Misses 5906 6416 +510
+ Partials 1290 1219 -71
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
manuelbuil
force-pushed
the
multusADR
branch
4 times, most recently
from
5073222 to
a2f3a96
Compare
manuelbuil
force-pushed
the
multusADR
branch
5 times, most recently
from
47541a7 to
1efc154
Compare
|
This PR is postponed for the April release |
manuelbuil
force-pushed
the
multusADR
branch
2 times, most recently
from
db299d8 to
59ef7c7
Compare
Signed-off-by: Manuel Buil <mbuil@suse.com>
manuelbuil
changed the title
4 participants
Proposed Changes
I worked for a while in the integration of k3s and Multus but it was pretty complicated. This ADR tries to explain what was tried and why I finally gave up
Types of Changes
New feature
Verification
Testing
Linked Issues
User-Facing Change
Further Comments