From 4add7b4a033f55381933ee2845675e59ff154d65 Mon Sep 17 00:00:00 2001
From: Yoshiro Watanabe <fj3838ct@fujitsu.com>
Date: Mon, 16 Dec 2024 08:36:09 +0000
Subject: [PATCH] Remove kuryr-kubernetes from devstack install

This patch changes to be able to build the k8s cluster on local
environment with devstack-plugin-container by setting
KUBERNETES_VIM=True in local.conf.

This patch also includes the following fixes:
* Remove settings related to kuryr-kubernetes.
* Added processing to configure required settings in
  devstack-plugin-container.
* Modify related documents.
* Dropping octavia.

Change-Id: I6a898c3d82bd82b6b687d1941565e0efa963cdbb
---
 devstack/lib/tacker                           | 45 +++++++++++++++++++
 devstack/local.conf.kubernetes                |  9 +---
 devstack/plugin.sh                            |  4 ++
 devstack/settings                             | 15 ++-----
 doc/source/install/devstack.rst               | 19 +-------
 .../install/kubernetes_vim_installation.rst   | 27 +----------
 roles/restart-kubelet-service/tasks/main.yaml | 14 +++++-
 7 files changed, 68 insertions(+), 65 deletions(-)

diff --git a/devstack/lib/tacker b/devstack/lib/tacker
index 4ceaa1611..abe04a108 100644
--- a/devstack/lib/tacker
+++ b/devstack/lib/tacker
@@ -481,3 +481,48 @@ function tacker_setup_default_vim_resources {
           --ingress --protocol tcp --dst-port 22 test_secgrp
 
 }
+
+function setup_k8s_service {
+    # These kernel modules and configurations are required to build
+    # a kubernetes cluster and communicate between pods.
+    cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
+overlay
+br_netfilter
+EOF
+
+    sudo modprobe overlay
+    sudo modprobe br_netfilter
+
+    cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
+net.bridge.bridge-nf-call-iptables  = 1
+net.bridge.bridge-nf-call-ip6tables = 1
+net.ipv4.ip_forward                 = 1
+EOF
+
+    sudo sysctl --system
+
+
+    # NOTE: When create a k8s environment with devstack-plugin-container and
+    # deploy a Pod, the following error occurred - `network: failed to set bridge
+    # addr: "cni0" already has an IP address different from 10.x.x.x` and
+    # the Pod fails to be deployed. As a fix, delete the related interface and
+    # restart service.
+    local flannel_path="https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml"
+
+    if ip link show cni0 > /dev/null 2>&1; then
+        sudo ip link set cni0 down
+        sudo ip link delete cni0
+    fi
+
+    if ip link show flannel.1 > /dev/null 2>&1; then
+        sudo ip link set flannel.1 down
+        sudo ip link delete flannel.1
+    fi
+
+    sudo systemctl restart kubelet
+    kubectl delete pod -n kube-system \
+        $(kubectl get pod -n kube-system --no-headers -o custom-columns=":metadata.name" |
+          grep coredns | tr -s '\n' ' ')
+    kubectl delete -f $flannel_path
+    kubectl apply -f $flannel_path
+}
\ No newline at end of file
diff --git a/devstack/local.conf.kubernetes b/devstack/local.conf.kubernetes
index 57768bdc7..f3302b4cf 100644
--- a/devstack/local.conf.kubernetes
+++ b/devstack/local.conf.kubernetes
@@ -52,11 +52,7 @@ enable_service n-cauth
 disable_service tempest
 
 # Enable devstack-plugin-container, crio
-
-# "KUBERNETES_VIM=True" is not available now. As kuryr-kubernetes project will
-# retire, the procedure when "KUBERNETES_VIM=True" will be changed to deploy
-# with not kuryr-kubernetes but devstack-plugin-container in future updates.
-# KUBERNETES_VIM=True
+KUBERNETES_VIM=True
 
 # It is necessary to specify the patch version
 # because it is the version used when executing "apt-get install" command.
@@ -67,9 +63,6 @@ CRIO_VERSION="1.30.5"
 
 enable_plugin devstack-plugin-container https://opendev.org/openstack/devstack-plugin-container master
 
-enable_service k8s-master
-enable_service container
-
 [[post-config|/etc/neutron/dhcp_agent.ini]]
 [DEFAULT]
 enable_isolated_metadata = True
diff --git a/devstack/plugin.sh b/devstack/plugin.sh
index 170919b07..89f7bbf95 100644
--- a/devstack/plugin.sh
+++ b/devstack/plugin.sh
@@ -50,6 +50,10 @@ if is_service_enabled tacker; then
             echo_summary "Setup default VIM resources"
             tacker_setup_default_vim_resources
         fi
+
+        if [ "${KUBERNETES_VIM}" == "True" ]; then
+            setup_k8s_service
+        fi
     fi
 
     if [[ "$1" == "unstack" ]]; then
diff --git a/devstack/settings b/devstack/settings
index 1317597de..4a189075d 100644
--- a/devstack/settings
+++ b/devstack/settings
@@ -50,18 +50,9 @@ if [ "${TACKER_MODE}" == "all" ]; then
     enable_service tacker-conductor
 
     if [ "${KUBERNETES_VIM}" == "True" ]; then
-        KURYR_NEUTRON_DEFAULT_PROJECT="default"
-        # Octavia LBaaSv2
-        LIBS_FROM_GIT+=python-octaviaclient
-        TACKER_OCTAVIA_AGENTS=${TACKER_OCTAVIA_AGENTS:-octavia,o-api,o-cw,o-hm,o-hk}
-        for i in $(echo $TACKER_OCTAVIA_AGENTS | sed 's/,/ /g')
-        do
-            enable_service $i
-        done
-
-        # enable kuryr-kubernetes services
-        KURYR_KUBERNETES_AGENTS=${KURYR_KUBERNETES_AGENTS:-kubernetes-master,kuryr-kubernetes,kuryr-daemon}
-        for i in $(echo $KURYR_KUBERNETES_AGENTS | sed 's/,/ /g')
+        # enable devstack-plugin-container services
+        DEVSTACK_PLUGIN_CONTAINER_AGENTS=${DEVSTACK_PLUGIN_CONTAINER_AGENTS:-k8s-master,container}
+        for i in $(echo $DEVSTACK_PLUGIN_CONTAINER_AGENTS | sed 's/,/ /g')
         do
             enable_service $i
         done
diff --git a/doc/source/install/devstack.rst b/doc/source/install/devstack.rst
index f10849651..a5c9a9d11 100644
--- a/doc/source/install/devstack.rst
+++ b/doc/source/install/devstack.rst
@@ -128,24 +128,7 @@ So the first step of installing tacker is to clone Devstack and prepare your
 
          .. literalinclude:: ../../../devstack/local.conf.kubernetes
              :language: ini
-             :emphasize-lines: 56-71
-
-
-         Run the following commands to reconfigure the CNI network for
-         devstack-plugin-container after running stack.sh.
-
-         .. code-block:: console
-
-             $ ip link set cni0 down && ip link set flannel.1 down
-             $ ip link delete cni0 && ip link delete flannel.1
-             $ systemctl restart kubelet
-             $ kubectl delete pod -n kube-system $(kubectl get pod -n kube-system --no-headers \
-             -o custom-columns=":metadata.name" | grep coredns | tr -s '\n' ' ')
-
-         .. note::
-
-             This operation is required to build a Kubernetes cluster with
-             devstack-plugin-container.
+             :emphasize-lines: 54-64
 
          .. note::
 
diff --git a/doc/source/install/kubernetes_vim_installation.rst b/doc/source/install/kubernetes_vim_installation.rst
index 18bd60353..55618f979 100644
--- a/doc/source/install/kubernetes_vim_installation.rst
+++ b/doc/source/install/kubernetes_vim_installation.rst
@@ -28,11 +28,7 @@ Tacker uses devstack-plugin-container to deploy a Kubernetes cluster.
    .. code-block:: console
 
      # Enable devstack-plugin-container, crio
-
-     # "KUBERNETES_VIM=True" is not available now. As kuryr-kubernetes project will
-     # retire, the procedure when "KUBERNETES_VIM=True" will be changed to deploy
-     # with not kuryr-kubernetes but devstack-plugin-container in future updates.
-     # KUBERNETES_VIM=True
+     KUBERNETES_VIM=True
 
      # It is necessary to specify the patch version
      # because it is the version used when executing "apt-get install" command.
@@ -43,9 +39,6 @@ Tacker uses devstack-plugin-container to deploy a Kubernetes cluster.
 
      enable_plugin devstack-plugin-container https://opendev.org/openstack/devstack-plugin-container master
 
-     enable_service k8s-master
-     enable_service container
-
    Public network is used to launch LoadBalancer for Services in Kubernetes.
    Setting public subnet is described in [#first]_.
 
@@ -87,24 +80,6 @@ Tacker uses devstack-plugin-container to deploy a Kubernetes cluster.
 
          $ ./stack.sh
 
-#. Reconfiguring the CNI network for devstack-plugin-container
-
-   **Command:**
-
-   .. code-block:: console
-
-         $ ip link set cni0 down && ip link set flannel.1 down
-         $ ip link delete cni0 && ip link delete flannel.1
-         $ systemctl restart kubelet
-         $ kubectl delete pod -n kube-system $(kubectl get pod -n kube-system --no-headers \
-         -o custom-columns=":metadata.name" | grep coredns | tr -s '\n' ' ')
-
-   .. note::
-
-         This operation is required to build a Kubernetes cluster with
-         devstack-plugin-container, but will no longer be required for
-         user operations in a future update.
-
 #. Setup Kubernetes VIM configuration
 
    Now you are ready to register Kubernetes VIM if you complete devstack
diff --git a/roles/restart-kubelet-service/tasks/main.yaml b/roles/restart-kubelet-service/tasks/main.yaml
index 2d120def7..5b79cfa37 100644
--- a/roles/restart-kubelet-service/tasks/main.yaml
+++ b/roles/restart-kubelet-service/tasks/main.yaml
@@ -1,6 +1,6 @@
 - block:
   # NOTE: When create a k8s environment with devstack-plugin-container and
-  # deploy a Pod, the following error occured - `network: failed to set bridge
+  # deploy a Pod, the following error occurred - `network: failed to set bridge
   # addr: "cni0" already has an IP address different from 10.x.x.x` and
   # the Pod fails to be deployed. As a fix, delete the related interface and
   # restart service.
@@ -32,6 +32,18 @@
     become: yes
     become_user: stack
 
+  - name: Delete existing flannel
+    shell: >
+      kubectl delete -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
+    become: yes
+    become_user: stack
+
+  - name: Restart flannel
+    shell: >
+      kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
+    become: yes
+    become_user: stack
+
   when:
     - inventory_hostname == 'controller-k8s'
     - k8s_api_url is defined