spiderpool-agent: support to configure the sysctl config

Signed-off-by: cyclinder <qifeng.guo@daocloud.io>
spidernet-io · Jul 26, 2024 · f1b44f1 · f1b44f1
1 parent 2522f83
commit f1b44f1
Show file tree

Hide file tree

Showing 7 changed files with 178 additions and 2 deletions.
diff --git a/charts/spiderpool/templates/configmap.yaml b/charts/spiderpool/templates/configmap.yaml
@@ -30,6 +30,12 @@ data:
       enabled: {{ .Values.dra.enabled }}
       cdiRootPath: {{ .Values.dra.cdiRootPath }}
       hostDevicePath: {{ .Values.dra.hostDevicePath }}
+    {{- if .Values.spiderpoolAgent.sysctlConfigs }}
+    sysctlConfigs:
+      {{- with .Values.spiderpoolAgent.sysctlConfigs }}
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
+    {{- end }}
 {{- if .Values.multus.multusCNI.install }}
 ---
 kind: ConfigMap

diff --git a/charts/spiderpool/values.yaml b/charts/spiderpool/values.yaml
@@ -454,6 +454,9 @@ spiderpoolAgent:
   securityContext: {}
   # runAsUser: 0
 
+  ## @param spiderpoolAgent.sysctlConfigs the sysctl configs of spiderpoolAgent pod
+  sysctlConfigs: {}
+
   ## @param spiderpoolAgent.httpPort the http Port for spiderpoolAgent, for health checking
   httpPort: 5710
 

diff --git a/cmd/spiderpool-agent/cmd/daemon.go b/cmd/spiderpool-agent/cmd/daemon.go
@@ -75,6 +75,8 @@ func DaemonMain() {
 	}
 	logger.Sugar().Infof("Spiderpool-agent config: %+v", agentContext.Cfg)
 
+	// Setup sysctl
+
 	// Set up gops.
 	if agentContext.Cfg.GopsListenPort != "" {
 		address := "127.0.0.1:" + agentContext.Cfg.GopsListenPort

diff --git a/cmd/spiderpool-controller/cmd/daemon.go b/cmd/spiderpool-controller/cmd/daemon.go
@@ -35,6 +35,7 @@ import (
 	"github.com/spidernet-io/spiderpool/pkg/manager/spidercliamparameter"
 	"github.com/spidernet-io/spiderpool/pkg/multuscniconfig"
 	"github.com/spidernet-io/spiderpool/pkg/namespacemanager"
+	"github.com/spidernet-io/spiderpool/pkg/networking/sysctl"
 	"github.com/spidernet-io/spiderpool/pkg/nodemanager"
 	"github.com/spidernet-io/spiderpool/pkg/openapi"
 	"github.com/spidernet-io/spiderpool/pkg/podmanager"
@@ -81,6 +82,11 @@ func DaemonMain() {
 	}
 	logger.Sugar().Infof("Spiderpool-controller config: %+v", controllerContext.Cfg)
 
+	// setup sysctls
+	if err := sysctlConfig(controllerContext.Cfg.SysctlConfig); err != nil {
+		logger.Sugar().Fatal(err)
+	}
+
 	// Set up gops.
 	if controllerContext.Cfg.GopsListenPort != "" {
 		address := "127.0.0.1:" + controllerContext.Cfg.GopsListenPort
@@ -605,3 +611,24 @@ func checkWebhookReady() {
 		break
 	}
 }
+
+// sysctlConfig set all sysctl config from given user configs.
+func sysctlConfig(configSysctls map[string]string) error {
+	if configSysctls == nil {
+		configSysctls = make(map[string]string)
+	}
+
+	// append default sysctl config
+	for _, sc := range sysctl.DefaultSysctlConfig {
+		if _, ok := configSysctls[sc.Name]; !ok {
+			configSysctls[sc.Name] = sc.Value
+		}
+	}
+
+	for sc, value := range configSysctls {
+		if err := sysctl.SetSysctl(sc, value); err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/pkg/networking/sysctl/sysctl.go b/pkg/networking/sysctl/sysctl.go
@@ -5,11 +5,38 @@ package sysctl
 
 import (
 	"fmt"
+	"os"
+	"strings"
+
 	"github.com/containernetworking/plugins/pkg/ns"
 	"github.com/containernetworking/plugins/pkg/utils/sysctl"
-	"os"
 )
 
+// DefaultSysctlConfig is the default sysctl config for the node
+var DefaultSysctlConfig = []struct {
+	Name  string
+	Value string
+}{
+	{
+		Name:  "net.ipv4.neigh.default.gc_thresh3",
+		Value: "8192",
+	},
+	{
+		Name:  "net.ipv6.neigh.default.gc_thresh3",
+		Value: "8192",
+	},
+	{
+		Name:  "net.ipv4.conf.all.arp_notify",
+		Value: "1",
+	}, {
+		Name:  "net.ipv4.conf.all.forwarding",
+		Value: "1",
+	}, {
+		Name:  "net.ipv6.conf.all.forwarding",
+		Value: "1",
+	},
+}
+
 // SysctlRPFilter set rp_filter value for host netns and specify netns
 func SysctlRPFilter(netns ns.NetNS, value int32) error {
 	var err error
@@ -77,3 +104,21 @@ func EnableIpv6Sysctl(netns ns.NetNS) error {
 	})
 	return err
 }
+
+func SetSysctl(sysConfig string, value string) error {
+	// sysConfig: net.ipv6.neigh.default.gc_thresh3
+	// to: net/ipv6/neigh/default/gc_thresh3
+	sysConfig = strings.ReplaceAll(sysConfig, ".", "/")
+	sysConfig = fmt.Sprintf("/proc/sys/%s", sysConfig)
+
+	_, err := os.Stat(sysConfig)
+	if err != nil && !os.IsNotExist(err) {
+		return fmt.Errorf("invalid sysctl %s, failed to set: %w", sysConfig, err)
+	}
+
+	if _, err := sysctl.Sysctl(sysConfig, value); err != nil {
+		return fmt.Errorf("error to set sysctl %s to %s: %w", sysConfig, value, err)
+	}
+
+	return nil
+}
diff --git a/pkg/networking/sysctl/sysctl_test.go b/pkg/networking/sysctl/sysctl_test.go
@@ -0,0 +1,92 @@
+// Copyright 2023 Authors of spidernet-io
+// SPDX-License-Identifier: Apache-2.0
+
+package sysctl
+
+import (
+	"testing"
+
+	"github.com/containernetworking/plugins/pkg/ns"
+)
+
+func TestSysctlRPFilter(t *testing.T) {
+	type args struct {
+		netns ns.NetNS
+		value int32
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr bool
+	}{
+		// TODO: Add test cases.
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if err := SysctlRPFilter(tt.args.netns, tt.args.value); (err != nil) != tt.wantErr {
+				t.Errorf("SysctlRPFilter() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}
+
+func Test_setRPFilter(t *testing.T) {
+	type args struct {
+		v int32
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr bool
+	}{
+		// TODO: Add test cases.
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if err := setRPFilter(tt.args.v); (err != nil) != tt.wantErr {
+				t.Errorf("setRPFilter() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}
+
+func TestEnableIpv6Sysctl(t *testing.T) {
+	type args struct {
+		netns ns.NetNS
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr bool
+	}{
+		// TODO: Add test cases.
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if err := EnableIpv6Sysctl(tt.args.netns); (err != nil) != tt.wantErr {
+				t.Errorf("EnableIpv6Sysctl() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}
+
+func TestSetSysctl(t *testing.T) {
+	type args struct {
+		sysConfig string
+		value     string
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr bool
+	}{
+		// TODO: Add test cases.
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if err := SetSysctl(tt.args.sysConfig, tt.args.value); (err != nil) != tt.wantErr {
+				t.Errorf("SetSysctl() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}
diff --git a/pkg/types/k8s.go b/pkg/types/k8s.go
@@ -109,7 +109,6 @@ type AutoPoolProperty struct {
 }
 
 type SpiderpoolConfigmapConfig struct {
-	DraConfig                                     `yaml:"dra"`
 	IpamUnixSocketPath                            string `yaml:"ipamUnixSocketPath"`
 	EnableIPv4                                    bool   `yaml:"enableIPv4"`
 	EnableIPv6                                    bool   `yaml:"enableIPv6"`
@@ -118,6 +117,8 @@ type SpiderpoolConfigmapConfig struct {
 	EnableSpiderSubnet                            bool   `yaml:"enableSpiderSubnet"`
 	EnableAutoPoolForApplication                  bool   `yaml:"enableAutoPoolForApplication"`
 	ClusterSubnetAutoPoolDefaultRedundantIPNumber int    `yaml:"clusterSubnetAutoPoolDefaultRedundantIPNumber"`
+	DraConfig                                     `yaml:"dra"`
+	SysctlConfig                                  map[string]string `yaml:"sysctlConfig"`
 }
 
 type DraConfig struct {