kvstore: Remove Consul support

Consul support has been deprecated in v1.12 with commit fb65f8c ("docs: Deprecate Consul support"). It's time to fully remove it. This commit deletes all Consul logic, replaces Consul with Etcd in tests where it still was the default, removes Consul-specific tests, and removes the dependency to hashicorp/consul. Signed-off-by: Paul Chaignon <[email protected]>
ryebridge · Aug 21, 2024 · f323ffc · f323ffc
1 parent 6a4e817
commit f323ffc
Show file tree

Hide file tree

Showing 149 changed files with 113 additions and 22,287 deletions.
diff --git a/.github/workflows/conformance-runtime.yaml b/.github/workflows/conformance-runtime.yaml
@@ -186,8 +186,6 @@ jobs:
           ###
           # RuntimeAgentChaos Cilium agent Checking for file-descriptor leak
           # RuntimeAgentChaos Cilium agent removing leftover Cilium interfaces
-          # RuntimeAgentChaos KVStore Delete event on KVStore with CIDR identities
-          # RuntimeAgentChaos KVStore Validate that delete events on KVStore do not release in use identities
           # RuntimeAgentFQDNPolicies Can update L7 DNS policy rules
           # RuntimeAgentFQDNPolicies CNAME follow
           # RuntimeAgentFQDNPolicies DNS proxy policy works if Cilium stops
@@ -200,7 +198,6 @@ jobs:
           # RuntimeAgentFQDNPolicies toFQDNs populates toCIDRSet (data from proxy) Policy addition after DNS lookup
           # RuntimeAgentFQDNPolicies Validate dns-proxy monitor information
           # RuntimeAgentFQDNPolicies With verbose policy logs Validates DNSSEC responses
-          # RuntimeAgentKVStoreTest KVStore tests Consul KVStore
           # RuntimeAgentKVStoreTest KVStore tests Etcd KVStore
           # RuntimeAgentPolicies Init Policy Default Drop Test tests egress
           # RuntimeAgentPolicies Init Policy Default Drop Test tests ingress

diff --git a/Documentation/cheatsheet.rst b/Documentation/cheatsheet.rst
@@ -106,7 +106,7 @@ Check the status of the agent
 .. code-block:: shell-session
 
     $ cilium-dbg status
-    KVStore:                Ok         Consul: 172.17.0.3:8300
+    KVStore:                Ok         Etcd: 172.17.0.3:4001
     ContainerRuntime:       Ok
     Kubernetes:             Disabled
     Cilium:                 Ok         OK
@@ -122,7 +122,7 @@ Get a detailed status of the agent:
 .. code-block:: shell-session
 
     $ cilium-dbg status --all-controllers --all-health --all-redirects
-    KVStore:                Ok         Consul: 172.17.0.3:8300
+    KVStore:                Ok         Etcd: 172.17.0.3:4001
     ContainerRuntime:       Ok
     Kubernetes:             Disabled
     Cilium:                 Ok         OK

diff --git a/Documentation/cmdref/kvstore.rst b/Documentation/cmdref/kvstore.rst
diff --git a/Documentation/contributing/development/dev_setup.rst b/Documentation/contributing/development/dev_setup.rst
@@ -378,13 +378,10 @@ directly and manually install Cilium:
         $ sudo mkdir -p /etc/sysconfig/
         $ sudo cp contrib/systemd/cilium.service /etc/systemd/system/
         $ sudo cp contrib/systemd/cilium-docker.service /etc/systemd/system/
-        $ sudo cp contrib/systemd/cilium-consul.service /etc/systemd/system/
         $ sudo cp contrib/systemd/cilium  /etc/sysconfig/cilium
         $ sudo usermod -a -G cilium vagrant
         $ sudo systemctl enable cilium-docker
         $ sudo systemctl restart cilium-docker
-        $ sudo systemctl enable cilium-consul
-        $ sudo systemctl restart cilium-consul
         $ sudo systemctl enable cilium
         $ sudo systemctl restart cilium
 

diff --git a/Documentation/contributing/testing/e2e_legacy.rst b/Documentation/contributing/testing/e2e_legacy.rst
@@ -680,7 +680,7 @@ test an exhaustive data will be added.
 	level=info msg=Starting testName=RuntimeKafka
 	level=info msg="Vagrant: running command \"vagrant ssh-config runtime\""
 	cmd: "sudo cilium-dbg status" exitCode: 0
-	 KVStore:            Ok         Consul: 172.17.0.3:8300
+	 KVStore:            Ok         Etcd: 172.17.0.3:4001
 	ContainerRuntime:   Ok
 	Kubernetes:         Disabled
 	Kubernetes APIs:    [""]

diff --git a/Documentation/operations/upgrade.rst b/Documentation/operations/upgrade.rst
@@ -301,6 +301,7 @@ communicating via the proxy must reconnect to re-establish connections.
   100 QPS/200 Burst. To configure the rate limit for Cilium Operator, use the
   ``--operator-k8s-client-qps`` and ``--operator-k8s-client-burst`` flags or the corresponding
   Helm values.
+* Support for Consul, deprecated since v1.12, has been removed.
 
 Removed Options
 ~~~~~~~~~~~~~~~

diff --git a/Documentation/security/network/proxy/envoy.rst b/Documentation/security/network/proxy/envoy.rst
@@ -585,7 +585,7 @@ and adding the ``--debug-verbose=flow`` flag.
 
   $ sudo service cilium stop 
   
-  $ sudo /usr/bin/cilium-agent --debug --ipv4-range 10.11.0.0/16 --kvstore-opt consul.address=192.168.60.11:8500 --kvstore consul -t vxlan --fixed-identity-mapping=128=kv-store --fixed-identity-mapping=129=kube-dns --debug-verbose=flow
+  $ sudo /usr/bin/cilium-agent --debug --ipv4-range 10.11.0.0/16 --kvstore-opt etcd.address=192.168.60.11:4001 --kvstore etcd -t vxlan --fixed-identity-mapping=128=kv-store --fixed-identity-mapping=129=kube-dns --debug-verbose=flow
 
 
 Step 13: Add Runtime Tests

diff --git a/Makefile b/Makefile
@@ -49,8 +49,7 @@ SKIP_CUSTOMVET_CHECK ?= "false"
 
 JOB_BASE_NAME ?= cilium_test
 
-TEST_LDFLAGS=-ldflags "-X github.com/cilium/cilium/pkg/kvstore.consulDummyAddress=https://consul:8443 \
-	-X github.com/cilium/cilium/pkg/kvstore.etcdDummyAddress=http://etcd:4002"
+TEST_LDFLAGS=-ldflags "-X github.com/cilium/cilium/pkg/kvstore.etcdDummyAddress=http://etcd:4002"
 
 TEST_UNITTEST_LDFLAGS=
 
@@ -86,9 +85,9 @@ tests-privileged: ## Run Go tests including ones that require elevated privilege
 		$(TESTPKGS) $(GOTEST_BASE) $(GOTEST_COVER_OPTS) | $(GOTEST_FORMATTER)
 	$(MAKE) generate-cov
 
-start-kvstores: ## Start running kvstores (etcd and consul containers) for integration tests.
+start-kvstores: ## Start running kvstores (etcd container) for integration tests.
 ifeq ($(SKIP_KVSTORES),"false")
-	@echo Starting key-value store containers...
+	@echo Starting key-value store container...
 	-$(QUIET)$(CONTAINER_ENGINE) rm -f "cilium-etcd-test-container" 2> /dev/null
 	$(QUIET)$(CONTAINER_ENGINE) run -d \
 		-e ETCD_UNSUPPORTED_ARCH=$(GOARCH) \
@@ -101,25 +100,11 @@ ifeq ($(SKIP_KVSTORES),"false")
 		-listen-peer-urls http://0.0.0.0:2380 \
 		-initial-cluster-token etcd-cluster-1 \
 		-initial-cluster-state new
-	-$(QUIET)$(CONTAINER_ENGINE) rm -f "cilium-consul-test-container" 2> /dev/null
-	$(QUIET)rm -rf /tmp/cilium-consul-certs
-	$(QUIET)mkdir /tmp/cilium-consul-certs
-	$(QUIET)cp $(CURDIR)/test/consul/* /tmp/cilium-consul-certs
-	$(QUIET)chmod -R a+rX /tmp/cilium-consul-certs
-	$(QUIET)$(CONTAINER_ENGINE) run -d \
-		--name "cilium-consul-test-container" \
-		-p 8501:8443 \
-		-e 'CONSUL_LOCAL_CONFIG={"skip_leave_on_interrupt": true, "disable_update_check": true}' \
-		-v /tmp/cilium-consul-certs:/cilium-consul/ \
-		$(CONSUL_IMAGE) \
-		agent -client=0.0.0.0 -server -bootstrap-expect 1 -config-file=/cilium-consul/consul-config.json
 endif
 
-stop-kvstores: ## Forcefully removes running kvstore components (etcd and consul containers) for integration tests.
+stop-kvstores: ## Forcefully removes running kvstore components (etcd container) for integration tests.
 ifeq ($(SKIP_KVSTORES),"false")
 	$(QUIET)$(CONTAINER_ENGINE) rm -f "cilium-etcd-test-container"
-	$(QUIET)$(CONTAINER_ENGINE) rm -f "cilium-consul-test-container"
-	$(QUIET)rm -rf /tmp/cilium-consul-certs
 endif
 
 generate-cov: ## Generate HTML coverage report at coverage-all.html.

diff --git a/Makefile.defs b/Makefile.defs
@@ -62,8 +62,6 @@ ETCD_IMAGE_VERSION = v3.5.15
 ETCD_IMAGE_SHA = sha256:9a01b7da0a3cde485c03fcf58fef9b2a09c81b4926b2b7d7ae6d1e9b20a2a192
 ETCD_IMAGE=gcr.io/etcd-development/etcd:$(ETCD_IMAGE_VERSION)@$(ETCD_IMAGE_SHA)
 
-CONSUL_IMAGE=consul:1.7.2
-
 CILIUM_BUILDER_IMAGE=$(shell cat $(ROOT_DIR)/images/cilium/Dockerfile | grep "ARG CILIUM_BUILDER_IMAGE=" | cut -d"=" -f2)
 
 export CILIUM_CLI ?= cilium

diff --git a/Vagrantfile b/Vagrantfile
@@ -116,7 +116,6 @@ git config --global --add safe.directory /home/vagrant/go/src/github.com/cilium/
 sudo -E make -C /home/vagrant/go/src/github.com/cilium/cilium/ install
 
 sudo mkdir -p /etc/sysconfig
-sudo cp /home/vagrant/go/src/github.com/cilium/cilium/contrib/systemd/cilium-consul.service /lib/systemd/system
 sudo cp /home/vagrant/go/src/github.com/cilium/cilium/contrib/systemd/cilium-docker.service /lib/systemd/system
 sudo cp /home/vagrant/go/src/github.com/cilium/cilium/contrib/systemd/cilium-etcd.service /lib/systemd/system
 sudo cp /home/vagrant/go/src/github.com/cilium/cilium/contrib/systemd/cilium.service /lib/systemd/system

diff --git a/contrib/systemd/cilium b/contrib/systemd/cilium
@@ -14,16 +14,16 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin
 ## Default:             ""
 ## ServiceRestart:      cilium
 
-# Set Key-value store(etcd/consul):
-# --kvstore consul
+# Set Key-value store (etcd):
+# --kvstore etcd
 # Set Key-value store options:
-# --kvstore-opt consul.address=127.0.0.1:8500
+# --kvstore-opt etcd.address=127.0.0.1:4001
 #
 # Note: A key-value store is require for cilium to function.
 # Check more cli options using cilium-agent -h
 CILIUM_IMAGE=cilium/cilium:latest
-CILIUM_OPTS=--kvstore consul --kvstore-opt consul.address=127.0.0.1:8500
-CILIUM_OPERATOR_OPTS=--kvstore consul --kvstore-opt consul.address=127.0.0.1:8500 --k8s-kubeconfig-path=/home/vagrant/.kube/config
+CILIUM_OPTS=--kvstore etcd --kvstore-opt etcd.address=127.0.0.1:4001
+CILIUM_OPERATOR_OPTS=--kvstore etcd --kvstore-opt etcd.address=127.0.0.1:4001 --k8s-kubeconfig-path=/home/vagrant/.kube/config
 
 HOME=/home/vagrant
 

diff --git a/contrib/systemd/cilium-consul.service b/contrib/systemd/cilium-consul.service
diff --git a/contrib/systemd/cilium.service b/contrib/systemd/cilium.service
@@ -1,7 +1,7 @@
 [Unit]
 Description=cilium
 Documentation=http://docs.cilium.io
-Requires=docker.service cilium-consul.service cilium-docker.service
+Requires=docker.service cilium-docker.service
 
 [Service]
 Type=simple

diff --git a/contrib/systemd/cilium.service-with-docker b/contrib/systemd/cilium.service-with-docker
@@ -1,7 +1,7 @@
 [Unit]
 Description=cilium
 Documentation=http://docs.cilium.io
-Requires=docker.service cilium-consul.service cilium-docker.service
+Requires=docker.service cilium-docker.service
 
 [Service]
 Type=oneshot

diff --git a/contrib/vagrant/start.sh b/contrib/vagrant/start.sh
@@ -334,14 +334,14 @@ function write_cilium_cfg() {
         cilium_operator_options+=" --identity-allocation-mode=crd"
     else
         if [[ "${IPV4}" -eq "1" ]]; then
-            cilium_options+=" --kvstore-opt consul.address=${MASTER_IPV4}:8500"
-            cilium_operator_options+=" --kvstore-opt consul.address=${MASTER_IPV4}:8500"
+            cilium_options+=" --kvstore-opt etcd.address=${MASTER_IPV4}:4001"
+            cilium_operator_options+=" --kvstore-opt etcd.address=${MASTER_IPV4}:4001"
         else
-            cilium_options+=" --kvstore-opt consul.address=[${ipv6_addr}]:8500"
-            cilium_operator_options+=" --kvstore-opt consul.address=[${ipv6_addr}]:8500"
+            cilium_options+=" --kvstore-opt etcd.address=[${ipv6_addr}]:4001"
+            cilium_operator_options+=" --kvstore-opt etcd.address=[${ipv6_addr}]:4001"
         fi
-        cilium_options+=" --kvstore consul"
-        cilium_operator_options+=" --kvstore consul"
+        cilium_options+=" --kvstore etcd"
+        cilium_operator_options+=" --kvstore etcd"
     fi
 
 cat <<EOF >> "$filename"

diff --git a/daemon/cmd/daemon_test.go b/daemon/cmd/daemon_test.go
@@ -237,20 +237,6 @@ func setupDaemonEtcdSuite(tb testing.TB) *DaemonEtcdSuite {
 	}
 }
 
-type DaemonConsulSuite struct {
-	DaemonSuite
-}
-
-func setupDaemonConsulSuite(tb testing.TB) *DaemonConsulSuite {
-	testutils.IntegrationTest(tb)
-	kvstore.SetupDummy(tb, "consul")
-
-	ds := setupDaemonSuite(tb)
-	return &DaemonConsulSuite{
-		DaemonSuite: *ds,
-	}
-}
-
 func TestMinimumWorkerThreadsIsSet(t *testing.T) {
 	require.Equal(t, true, numWorkerThreads() >= 2)
 	require.Equal(t, true, numWorkerThreads() >= runtime.NumCPU())

diff --git a/daemon/cmd/endpoint_test.go b/daemon/cmd/endpoint_test.go
@@ -43,11 +43,6 @@ func getEPTemplate(t *testing.T, d *Daemon) *models.EndpointChangeRequest {
 	}
 }
 
-func TestEndpointAddReservedLabelConsul(t *testing.T) {
-	ds := setupDaemonConsulSuite(t)
-	ds.testEndpointAddReservedLabel(t)
-}
-
 func TestEndpointAddReservedLabelEtcd(t *testing.T) {
 	ds := setupDaemonEtcdSuite(t)
 	ds.testEndpointAddReservedLabel(t)
@@ -80,11 +75,6 @@ func (ds *DaemonSuite) testEndpointAddReservedLabel(t *testing.T) {
 	assertOnMetric(t, string(models.EndpointStateInvalid), 0)
 }
 
-func TestEndpointAddInvalidLabelConsul(t *testing.T) {
-	ds := setupDaemonConsulSuite(t)
-	ds.testEndpointAddInvalidLabel(t)
-}
-
 func TestEndpointAddInvalidLabelEtcd(t *testing.T) {
 	ds := setupDaemonEtcdSuite(t)
 	ds.testEndpointAddInvalidLabel(t)
@@ -105,11 +95,6 @@ func (ds *DaemonSuite) testEndpointAddInvalidLabel(t *testing.T) {
 	assertOnMetric(t, string(models.EndpointStateInvalid), 0)
 }
 
-func TestEndpointAddNoLabelsConsul(t *testing.T) {
-	ds := setupDaemonConsulSuite(t)
-	ds.testEndpointAddNoLabels(t)
-}
-
 func TestEndpointAddNoLabelsEtcd(t *testing.T) {
 	ds := setupDaemonEtcdSuite(t)
 	ds.testEndpointAddNoLabels(t)
@@ -155,11 +140,6 @@ func (ds *DaemonSuite) testUpdateSecLabels(t *testing.T) {
 	require.Equal(t, apiEndpoint.PatchEndpointIDLabelsUpdateFailedCode, code)
 }
 
-func TestUpdateSecLabelsConsul(t *testing.T) {
-	ds := setupDaemonConsulSuite(t)
-	ds.testUpdateSecLabels(t)
-}
-
 func TestUpdateSecLabelsEtcd(t *testing.T) {
 	ds := setupDaemonEtcdSuite(t)
 	ds.testUpdateSecLabels(t)
@@ -177,11 +157,6 @@ func (ds *DaemonSuite) testUpdateLabelsFailed(t *testing.T) {
 	assertOnMetric(t, string(models.EndpointStateReady), 0)
 }
 
-func TestUpdateLabelsFailedConsul(t *testing.T) {
-	ds := setupDaemonConsulSuite(t)
-	ds.testUpdateLabelsFailed(t)
-}
-
 func TestUpdateLabelsFailedEtcd(t *testing.T) {
 	ds := setupDaemonEtcdSuite(t)
 	ds.testUpdateLabelsFailed(t)