Backport changes from V0.5.7 into master

.github/workflows/hostplumber-multiarch-build-and-push.yml

@@ -0,0 +1,41 @@
+---
+name: docker
+on:
+  push:
+    branches:
+      - 'master'
+      - 'v*'
+      - 'private/**'
+    paths:
+      - hostplumber/**
+
+jobs:
+  buildx:
+    env:
+      USERNAME: ${{ secrets.QUAY_USERNAME }}
+      PASSWORD: ${{ secrets.QUAY_PASSWORD }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Setup Docker BuildX
+        uses: docker/setup-buildx-action@v1
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      # setup Docker buld action
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to the Quay Registry
+        uses: docker/login-action@v1
+        with:
+          registry: quay.io
+          username: ${{ env.USERNAME }}
+          password: ${{ env.PASSWORD }}
+
+      - name: Build/Push image to Quay Container Registry
+        run:
+          TEAMCITY_BUILD_ID=${{ github.run_number }}
+          make -C hostplumber img-build-push

.github/workflows/luigi-build-and-push.yml

@@ -0,0 +1,39 @@
+---
+name: docker
+on:
+  push:
+    branches:
+      - 'master'
+      - 'v*'
+      - 'private/**'
+
+jobs:
+  buildx:
+    env:
+      USERNAME: ${{ secrets.QUAY_USERNAME }}
+      PASSWORD: ${{ secrets.QUAY_PASSWORD }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Setup Docker BuildX
+        uses: docker/setup-buildx-action@v1
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      # setup Docker buld action
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to the Quay Registry
+        uses: docker/login-action@v1
+        with:
+          registry: quay.io
+          username: ${{ env.USERNAME }}
+          password: ${{ env.PASSWORD }}
+
+      - name: Build/Push image to Quay Container Registry
+        run:
+          TEAMCITY_BUILD_ID=${{ github.run_number }}
+          make img-build-push        

.github/workflows/ovs-build-and-push.yml

@@ -0,0 +1,53 @@
+---
+name: docker
+on:
+  push:
+    branches:
+      - 'master'
+      - 'v*'
+      - 'private/**'
+    paths:
+      - hostplumber/**
+
+jobs:
+  buildx:
+    env:
+      USERNAME: ${{ secrets.QUAY_USERNAME }}
+      PASSWORD: ${{ secrets.QUAY_PASSWORD }}
+      BUILD_ARGS: ""
+      PLATFORMS: linux/amd64
+      BRANCH: ${{ github.head_ref || github.ref_name }}
+      PUSH: true
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set env
+        run: 
+          echo "TAG=$(echo "${{ env.BRANCH }}" | tr -d /)" >> $GITHUB_ENV
+
+      - uses: actions/checkout@v3
+
+      - name: Setup Docker BuildX
+        uses: docker/setup-buildx-action@v1
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      # setup Docker buld action
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to the Quay Registry
+        uses: docker/login-action@v1
+        with:
+          registry: quay.io
+          username: ${{ env.USERNAME }}
+          password: ${{ env.PASSWORD }}
+
+      - name: Build/Push image to Quay Container Registry
+        uses: docker/build-push-action@v3
+        with:
+          context: hostplumber/pkg/ovs-docker
+          tags: quay.io/platform9/openvswitch:${{ env.TAG }}-${{ github.run_number }}
+          push: ${{ env.PUSH }}
+          build-args: ${{ env.BUILD_ARGS}}
+          platforms: ${{ env.PLATFORMS }}

Makefile

@@ -1,10 +1,16 @@
 SHELL=/bin/bash
 # Image URL to use all building/pushing image targets
 #IMG ?= controller:latest
-VER_LABEL=$(shell ./get-label.bash)
-IMG ?= platform9/luigi-plugins:$(VER_LABEL)
+
+ifndef OVERRIDE_LUIGI_VERSION
+IMG_TAG = $(shell ./get-label.bash)
+else
+IMG_TAG ?= $(OVERRIDE_LUIGI_VERSION)
+endif
+
+IMG = quay.io/platform9/luigi-plugins:$(IMG_TAG)
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
-ENVTEST_K8S_VERSION = 1.23
+ENVTEST_K8S_VERSION = 1.27
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
@@ -144,20 +150,19 @@ $(CONTROLLER_GEN): $(LOCALBIN)
 .PHONY: envtest
 envtest: $(ENVTEST) ## Download envtest-setup locally if necessary.
 $(ENVTEST): $(LOCALBIN)
-	GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
+	GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@v0.0.0-20230216140739-c98506dc3b8e
 
 img-test:
-	docker run --rm  -v $(SRCROOT):/luigi -w /luigi golang:1.21-alpine3.18  bash -c "GOFLAGS=-buildvcs=false make test"
+	docker run --rm  -v $(SRCROOT):/luigi -w /luigi golang:1.21  bash -c "GOFLAGS=-buildvcs=false make test"
 
-img-build: $(BUILD_DIR) img-test 
+img-build: $(BUILD_DIR) img-test
 	docker build --network host . -t ${IMG}
 	echo ${IMG} > $(BUILD_DIR)/container-tag
 
 img-build-push: img-build
-	docker login
 	docker push ${IMG}
 	echo ${IMG} > $(BUILD_DIR)/container-tag
 
 scan: $(BUILD_ROOT)
-	docker run -v $(BUILD_ROOT)/luigi:/out -v /var/run/docker.sock:/var/run/docker.sock -v $(HOME)/.trivy:/root/.cache  aquasec/trivy image -s CRITICAL,HIGH -f json  --vuln-type library -o /out/library_vulnerabilities.json --exit-code 22 ${IMG}
-	docker run -v $(BUILD_ROOT)/luigi:/out -v /var/run/docker.sock:/var/run/docker.sock -v $(HOME)/.trivy:/root/.cache  aquasec/trivy image -s CRITICAL,HIGH -f json  --vuln-type os -o /out/os_vulnerabilities.json --exit-code 22 ${IMG}
+	docker run -v $(BUILD_ROOT)/luigi:/out -v /var/run/docker.sock:/var/run/docker.sock -v $(HOME)/.trivy:/root/.cache  aquasec/trivy image -s CRITICAL,HIGH -f json --scanners vuln --vuln-type library -o /out/library_vulnerabilities.json --exit-code 22 ${IMG}
+	docker run -v $(BUILD_ROOT)/luigi:/out -v /var/run/docker.sock:/var/run/docker.sock -v $(HOME)/.trivy:/root/.cache  aquasec/trivy image -s CRITICAL,HIGH -f json --scanners vuln --vuln-type os -o /out/os_vulnerabilities.json --exit-code 22 ${IMG}

README.md

@@ -1,37 +1,61 @@
 # Luigi
+
 Luigi is a Kubernetes Operator to deploy, manage, and upgrade advanced networking plugins. The default Kubernetes networking model with one CNI and cluster-wide network can be too restrictive for many advanced networking use cases like NFV or virtualization
 
 There are many discrete plugins and solutions, but knowing which ones to use, deploying and managing them can be tedious. Secondary CNIs? Multus? SRIOV? Device plugins? OVS? Which IPAM? What's the current Linux networking state of my nodes? How do I configure my nodes in order to support all of these?
 
-# How to deploy
-This will require an already working K8s cluster with DNS and a primary CNI up and running. 
+## How to deploy
+
+This will require an already working K8s cluster with DNS and a primary CNI up and running.
 Deploy the manifest found in samples in this repo:
-```
+
+```shell
 kubectl apply -f https://raw.githubusercontent.com/platform9/luigi/master/samples/luigi-plugins-operator.yaml
 ```
+
 A deployment of 1 replica will be created in the luigi-system namespace.
 
 Or, To get started sign up for Platform9 Managed Kubernetes(PMK) for free at platform9.com/signup, see more about our Telco 5G offerings at platform9.com/solutions/telco-5g or contact us at platform9.com/contact. With PMK, Luigi will already be deployed and managed itself
 
-# Plugins supported
+## How to build
+
+Platform9 publishes the images to Docker Hub under platform9 organisation.
+
+- Luigi image is published as
+  `platform9/luigi-plugins:<version tag>`
+- Hostplumber image is published as
+  `platform9/hostplumber:<version tag>`
+
+The version tag is set to the git tag in git repository.
+In the absence of a tag, it is set to [git branch]-pmk-[git revision id]
+
+Override the version tag using env variable
+
+- For Luigi:
+  `OVERRIDE_LUIGI_VERSION`
+- For Hostplumber:
+  `OVERRIDE_HOSTPLUMBER_VERSION`
+
+## Plugins supported
+
 The scope of each plugin is beyond this documentation. But if you know you need it, luigi will deploy the following:
 
- - HostPlumber: A subset of Luigi, an operator to configure/prep networking on the node and retrieve node details
-	 - See: https://github.com/platform9/luigi/blob/master/hostplumber/README.md
-	 - Use to create SRIOV VFs, configure OVS, create VLAN interfaces, etc...
-	 - Recommended unless you have your own tooling to configure nodes
- - Multus
-	 - Almost always required - the only way K8S can support multiple CNIs and networks
- - SRIOV CNI
- - SRIOV Device Plugin
- - OpenVSwitch daemon & CLI tools
- - OVS CNI plugin
- - Macvlan, IPvlan
- - Whereabouts IPAM driver
-	 - Required for dynamic IP assignment without an external DHCP service.
- - Node Feature Discovery
-
-# Configuration:
+- HostPlumber: A subset of Luigi, an operator to configure/prep networking on the node and retrieve node details
+  - See: [README.md](https://github.com/platform9/luigi/blob/master/hostplumber/README.md)
+  - Use to create SRIOV VFs, configure OVS, create VLAN interfaces, etc...
+  - Recommended unless you have your own tooling to configure nodes
+- Multus
+  - Almost always required - the only way K8S can support multiple CNIs and networks
+- SRIOV CNI
+  - SRIOV Device Plugin
+- OpenVSwitch daemon & CLI tools
+  - OVS CNI plugin
+  - Macvlan, IPvlan
+- Whereabouts IPAM driver
+  - Required for dynamic IP assignment without an external DHCP service.
+- Node Feature Discovery
+
+## Configuration
 
 **namespace**: Each plugin will take in a namespace override to deploy, default namespace otherwise
 
@@ -42,21 +66,23 @@ The scope of each plugin is beyond this documentation. But if you know you need
 **privateRegistryBase**: Some airgapped env's may have a custom container registry. If this is specified, it will replace the public container registry URL (docker.io, gcr.io, quay, etc..) with this path
 
 Each plugin may or may not have some further specific configuration. Here are the current options as of release v0.3:
- - HostPlumber - none
- - Multus - none
- - SRIOV - none
- - Node-feature-discovery - none
- - OVS - none
- - Whereabouts
-	 - ipReconcilerSchedule - specify the CronJob schedule of the whereabouts IP cleanup Job
-	 - ipReconcilerNodeSelector - specify the nodeSelector Labels on which to schedule the ip-reconciler
-
-# NetworkPlugins CRD:
+
+- HostPlumber - none
+- Multus - none
+- SRIOV - none
+- Node-feature-discovery - none
+- OVS - none
+- Whereabouts
+  - ipReconcilerSchedule - specify the CronJob schedule of the whereabouts IP cleanup Job
+  - ipReconcilerNodeSelector - specify the nodeSelector Labels on which to schedule the ip-reconciler
+
+## NetworkPlugins CRD
+
 In it's current phase, only one instance of the CRD is supported. It will reflect the final, desired state of all plugins to be deployed.
 
 If it is present, Luigi will ensure that the plugin is deployed and upgraded. If missing and re-applied, Luigi will remove the plugin if it was previously managing it.
 
-```
+```YAML
 apiVersion: plumber.k8s.pf9.io/v1
 kind: NetworkPlugins
 metadata:
@@ -78,7 +104,7 @@ spec:
 
 The above will deploy all the plugins specified in the default namespace. To override the namespace, and deploy in kube-system:
 
-```
+```YAML
 apiVersion: plumber.k8s.pf9.io/v1
 kind: NetworkPlugins
 metadata:
@@ -98,9 +124,9 @@ spec:
       namespace: "kube-system"
 ```
 
-That is it! Now that you have the secondary CNIs and other related plugins deployed, you may need to prep the nodes before you can actually create Multus Networks and assign them to Pods. In order to do so, use Luigi's own HostPlumber plugin: https://github.com/platform9/luigi/blob/master/hostplumber/README.md
+That is it! Now that you have the secondary CNIs and other related plugins deployed, you may need to prep the nodes before you can actually create Multus Networks and assign them to Pods. In order to do so, use Luigi's own HostPlumber plugin. See [README for HostPlumber](https://github.com/platform9/luigi/blob/master/hostplumber/README.md)
 
+## Dev note
 
-##### Dev note
 This project needs to migrate to Kubebuilder/v4.
-webhooks where added manually `make generate && make manifestes` will not add required feild for webhook in crds and luigi deployment. refer `samples/luigi-plugins-operator-v2.yaml`
+webhooks where added manually `make generate && make manifestes` will not add required field for webhook in crds and luigi deployment. refer `samples/luigi-plugins-operator-v2.yaml`

api/v1/networkplugins_types.go

@@ -68,6 +68,7 @@ type HostPlumber struct {
 	Namespace        string `json:"namespace,omitempty"`
 	ImagePullPolicy  string `json:"imagePullPolicy,omitempty"`
 	HostPlumberImage string `json:"hostPlumberImage,omitempty"`
+	MetricsPort      string `json:"metricsPort,omitempty"`
 }
 
 type Whereabouts struct {

config/crd/bases/plumber.k8s.pf9.io_networkplugins.yaml

@@ -58,6 +58,8 @@ spec:
                         type: string
                       namespace:
                         type: string
+                      metricsPort:
+                        type: string
                     type: object
                   multus:
                     properties:

config/default/manager_auth_proxy_patch.yaml

@@ -10,12 +10,14 @@ spec:
     spec:
       containers:
       - name: kube-rbac-proxy
-        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.11.0
+        image: quay.io/brancz/kube-rbac-proxy:v0.18.0
         args:
         - "--secure-listen-address=0.0.0.0:8443"
         - "--upstream=http://127.0.0.1:8080/"
         - "--logtostderr=true"
         - "--v=0"
+        - --tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+        - --tls-min-version=VersionTLS12
         ports:
         - containerPort: 8443
           protocol: TCP

controllers/networkplugins_controller.go

@@ -54,19 +54,20 @@ import (
 const (
 	DefaultNamespace        = "luigi-system"
 	KubemacpoolNamespace    = "dhcp-controller-system"
+	DefaultMetricsPort      = "8080"
 	MultusImage             = "docker.io/platform9/multus:v3.7.2-pmk-2644970"
-	WhereaboutsImage        = "docker.io/platform9/whereabouts:v0.6.3"
+	WhereaboutsImage        = "docker.io/platform9/whereabouts:v0.6.3-pmk-3299438"
 	SriovCniImage           = "docker.io/platform9/sriov-cni:v2.6.2-pmk-2877848"
 	SriovDpImage            = "docker.io/platform9/sriov-network-device-plugin:v3.3.2-pmk-2877839"
-	OvsImage                = "docker.io/platform9/openvswitch:v2.17.5-2"
+	OvsImage                = "quay.io/platform9/openvswitch:v2.17.5-3"
 	OvsCniImage             = "quay.io/kubevirt/ovs-cni-plugin:v0.28.0"
 	OvsMarkerImage          = "quay.io/kubevirt/ovs-cni-marker:v0.28.0"
-	HostPlumberImage        = "docker.io/platform9/hostplumber:v0.5.2"
+	HostPlumberImage        = "quay.io/platform9/hostplumber:v0.5.7"
 	DhcpControllerImage     = "docker.io/platform9/pf9-dhcp-controller:v1.1"
 	KubemacpoolImage        = "quay.io/kubevirt/kubemacpool:v0.41.0"
 	KubemacpoolRangeStart   = "02:55:43:00:00:00"
 	KubemacpoolRangeEnd     = "02:55:43:FF:FF:FF"
-	KubeRbacProxyImage      = "gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0"
+	KubeRbacProxyImage      = "quay.io/brancz/kube-rbac-proxy:v0.18.0"
 	NfdImage                = "docker.io/platform9/node-feature-discovery:v0.11.3-pmk-2877967"
 	TemplateDir             = "/etc/plugin_templates/"
 	CreateDir               = TemplateDir + "create/"
@@ -221,6 +222,12 @@ func (hostPlumberConfig *HostPlumberT) WriteConfigToTemplate(outputDir, registry
 		config["HostPlumberImage"] = ReplaceContainerRegistry(HostPlumberImage, registry)
 	}
 
+	if hostPlumberConfig.MetricsPort != "" {
+		config["MetricsPort"] = hostPlumberConfig.MetricsPort
+	} else {
+		config["MetricsPort"] = DefaultMetricsPort
+	}
+
 	config["KubeRbacProxyImage"] = ReplaceContainerRegistry(KubeRbacProxyImage, registry)
 
 	t, err := template.ParseFiles(filepath.Join(TemplateDir, "pf9-hostplumber", "hostplumber.yaml"))
@@ -952,3 +959,4 @@ func GetHugepageSize() string {
 	fmt.Printf("Hugepages: %+v", r)
 	return r
 }
+