Merge pull request #8309 from dulek/kuryr-cni-plugins

Kuryr: Copy CNI plugins as DaemonSet initContainer

roles/kuryr/tasks/node.yaml

@@ -1,48 +0,0 @@
----
-- name: Create CNI bin directory
-  file:
-    state: directory
-    path: "{{ cni_bin_dir }}"
-    mode: 0755
-    owner: root
-    group: root
-    recurse: yes
-
-- name: Create CNI extraction tempdir
-  command: mktemp -d
-  register: cni_tmpdir
-
-- name: Download CNI
-  get_url:
-    url: "{{ cni_bin_url }}"
-    checksum: "sha1:{{ cni_bin_checksum }}"
-    mode: 0644
-    dest: "{{ cni_tmpdir.stdout }}"
-  register: downloaded_tarball
-
-- name: Extract CNI
-  become: yes
-  unarchive:
-    remote_src: True
-    src: "{{ downloaded_tarball.dest }}"
-    dest: "{{ cni_bin_dir }}"
-  when: downloaded_tarball.changed
-
-- name: Ensure CNI net.d exists
-  file:
-    path: /etc/cni/net.d
-    recurse: yes
-    state: directory
-
-- name: Configure OpenShift node with disabled service proxy
-  lineinfile:
-    dest: "/etc/sysconfig/{{ openshift_service_type }}-node"
-    regexp: '^OPTIONS="?(.*?)"?$'
-    backrefs: yes
-    backup: yes
-    line: 'OPTIONS="\1 --disable proxy"'
-
-- name: force node restart to disable the proxy
-  service:
-    name: "{{ openshift_service_type }}-node"
-    state: restarted

roles/kuryr/templates/cni-daemonset.yaml.j2

@@ -8,6 +8,11 @@ metadata:
   labels:
     tier: node
     app: kuryr
+  annotations:
+    image.openshift.io/triggers: |
+      [
+        {"from":{"kind":"ImageStreamTag","name":"node:v3.10"},"fieldPath":"spec.template.spec.initContainers[?(@.name==\"install-cni-plugins\")].image"}
+      ]
 spec:
   template:
     metadata:
@@ -21,6 +26,23 @@ spec:
         operator: Exists
         effect: NoSchedule
       serviceAccountName: kuryr-controller
+      initContainers:
+      - name: install-cni-plugins
+        image: " "
+        command:
+        - /bin/bash
+        - -c
+        - |
+          #!/bin/bash
+          set -ex
+          # Take over network functions on the node
+          rm -Rf /host-cni-bin/*
+          cp -Rf /opt/cni/bin/* /host-cni-bin/
+        volumeMounts:
+        - name: bin
+          mountPath: /host-cni-bin
+        securityContext:
+          privileged: true
       containers:
       - name: kuryr-cni
         image: {{ openshift_openstack_kuryr_cni_image }}