From f52fe45c469af5db696cee463c91fb04b531c56d Mon Sep 17 00:00:00 2001 From: Mateusz Kwiatkowski Date: Wed, 30 Jul 2025 22:31:38 +0200 Subject: [PATCH] feat: add hostNetwork support for the Konnectivity Agent (#883) This commit extends CRD API: Added hostNetwork field to KonnectivityAgentSpec struct. It's false by default so it's backwards compatible. Signed-off-by: Dario Tranchitella --- api/v1alpha1/tenantcontrolplane_types.go | 6 ++++ ...kamaji.clastix.io_tenantcontrolplanes.yaml | 8 +++++ ...controlplane_konnectivity_hostnetwork.yaml | 36 +++++++++++++++++++ docs/content/reference/api.md | 12 +++++++ internal/resources/konnectivity/agent.go | 1 + 5 files changed, 63 insertions(+) create mode 100644 config/samples/kamaji_v1alpha1_tenantcontrolplane_konnectivity_hostnetwork.yaml diff --git a/api/v1alpha1/tenantcontrolplane_types.go b/api/v1alpha1/tenantcontrolplane_types.go index b101d98..9e651d6 100644 --- a/api/v1alpha1/tenantcontrolplane_types.go +++ b/api/v1alpha1/tenantcontrolplane_types.go @@ -257,6 +257,12 @@ type KonnectivityAgentSpec struct { //+kubebuilder:default={{key: "CriticalAddonsOnly", operator: "Exists"}} Tolerations []corev1.Toleration `json:"tolerations,omitempty"` ExtraArgs ExtraArgs `json:"extraArgs,omitempty"` + // HostNetwork enables the konnectivity agent to use the Host network namespace. + // By enabling this mode, the Agent doesn't need to wait for the CNI initialisation, + // enabling a sort of out-of-band access to nodes for troubleshooting scenarios, + // or when the agent needs direct access to the host network. + //+kubebuilder:default=false + HostNetwork bool `json:"hostNetwork,omitempty"` // Mode allows specifying the Agent deployment mode: Deployment, or DaemonSet (default). //+kubebuilder:default="DaemonSet" //+kubebuilder:validation:Enum=DaemonSet;Deployment diff --git a/charts/kamaji/crds/kamaji.clastix.io_tenantcontrolplanes.yaml b/charts/kamaji/crds/kamaji.clastix.io_tenantcontrolplanes.yaml index 95c2d14..c8d9cbc 100644 --- a/charts/kamaji/crds/kamaji.clastix.io_tenantcontrolplanes.yaml +++ b/charts/kamaji/crds/kamaji.clastix.io_tenantcontrolplanes.yaml @@ -108,6 +108,14 @@ spec: items: type: string type: array + hostNetwork: + default: false + description: |- + HostNetwork enables the konnectivity agent to use the Host network namespace. + By enabling this mode, the Agent doesn't need to wait for the CNI initialisation, + enabling a sort of out-of-band access to nodes for troubleshooting scenarios, + or when the agent needs direct access to the host network. + type: boolean image: default: registry.k8s.io/kas-network-proxy/proxy-agent description: AgentImage defines the container image for Konnectivity's agent. diff --git a/config/samples/kamaji_v1alpha1_tenantcontrolplane_konnectivity_hostnetwork.yaml b/config/samples/kamaji_v1alpha1_tenantcontrolplane_konnectivity_hostnetwork.yaml new file mode 100644 index 0000000..6cadbc1 --- /dev/null +++ b/config/samples/kamaji_v1alpha1_tenantcontrolplane_konnectivity_hostnetwork.yaml @@ -0,0 +1,36 @@ +apiVersion: kamaji.clastix.io/v1alpha1 +kind: TenantControlPlane +metadata: + name: example-hostnetwork-tcp + namespace: tenant-system +spec: + controlPlane: + deployment: + replicas: 2 + service: + serviceType: LoadBalancer + kubernetes: + version: v1.29.0 + kubelet: + cgroupfs: systemd + preferredAddressTypes: ["InternalIP", "ExternalIP"] + networkProfile: + address: "10.0.0.100" + port: 6443 + serviceCidr: "10.96.0.0/16" + podCidr: "10.244.0.0/16" + addons: + coreDNS: {} + konnectivity: + server: + port: 8132 + agent: + hostNetwork: true + tolerations: + - key: "CriticalAddonsOnly" + operator: "Exists" + - key: "node.kubernetes.io/not-ready" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 300 + kubeProxy: {} diff --git a/docs/content/reference/api.md b/docs/content/reference/api.md index de0740d..5d67f68 100644 --- a/docs/content/reference/api.md +++ b/docs/content/reference/api.md @@ -39626,6 +39626,18 @@ parameters and cause konnectivity components to misbehave in unxpected ways. Only modify if you know what you are doing.
false + + hostNetwork + boolean + + HostNetwork enables the konnectivity agent to use the Host network namespace. +By enabling this mode, the Agent doesn't need to wait for the CNI initialisation, +enabling a sort of out-of-band access to nodes for troubleshooting scenarios, +or when the agent needs direct access to the host network.
+
+ Default: false
+ + false image string diff --git a/internal/resources/konnectivity/agent.go b/internal/resources/konnectivity/agent.go index f73bb65..cbbfd95 100644 --- a/internal/resources/konnectivity/agent.go +++ b/internal/resources/konnectivity/agent.go @@ -190,6 +190,7 @@ func (r *Agent) mutate(ctx context.Context, tenantControlPlane *kamajiv1alpha1.T podTemplateSpec.SetLabels(utilities.MergeMaps(podTemplateSpec.GetLabels(), specSelector.MatchLabels)) podTemplateSpec.Spec.PriorityClassName = "system-cluster-critical" podTemplateSpec.Spec.Tolerations = tenantControlPlane.Spec.Addons.Konnectivity.KonnectivityAgentSpec.Tolerations + podTemplateSpec.Spec.HostNetwork = tenantControlPlane.Spec.Addons.Konnectivity.KonnectivityAgentSpec.HostNetwork podTemplateSpec.Spec.NodeSelector = map[string]string{ "kubernetes.io/os": "linux", }