diff --git a/antrea_import/README b/antrea_import/README new file mode 100644 index 000000000..ab71c66b7 --- /dev/null +++ b/antrea_import/README @@ -0,0 +1,2 @@ +Files within the following directory hierarchy are imports from the Antrea repo. +The files are copied into the directory to avoid importing Antrea. \ No newline at end of file diff --git a/antrea_import/config/agent/config.go b/antrea_import/config/agent/config.go new file mode 100644 index 000000000..78775fd23 --- /dev/null +++ b/antrea_import/config/agent/config.go @@ -0,0 +1,235 @@ +// Copyright 2021 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package config + +import ( + componentbaseconfig "k8s.io/component-base/config" +) + +type AgentConfig struct { + // featureGates is a map of feature names to bools that enable or disable experimental features. + FeatureGates map[string]bool `yaml:"featureGates,omitempty"` + + CNISocket string `yaml:"cniSocket,omitempty"` + // clientConnection specifies the kubeconfig file and client connection settings for the agent + // to communicate with the apiserver. + ClientConnection componentbaseconfig.ClientConnectionConfiguration `yaml:"clientConnection"` + // AntreaClientConnection specifies the kubeconfig file and client connection settings for the + // agent to communicate with the Antrea Controller apiserver. + AntreaClientConnection componentbaseconfig.ClientConnectionConfiguration `yaml:"antreaClientConnection"` + // Name of the OpenVSwitch bridge antrea-agent will create and use. + // Make sure it doesn't conflict with your existing OpenVSwitch bridges. + // Defaults to br-int. + OVSBridge string `yaml:"ovsBridge,omitempty"` + // Datapath type to use for the OpenVSwitch bridge created by Antrea. Supported values are: + // - system + // - netdev + // 'system' is the default value and corresponds to the kernel datapath. Use 'netdev' to run + // OVS in userspace mode. Userspace mode requires the tun device driver to be available. + OVSDatapathType string `yaml:"ovsDatapathType,omitempty"` + // Runtime data directory used by Open vSwitch. + // Default value: + // - On Linux platform: /var/run/openvswitch + // - On Windows platform: C:\openvswitch\var\run\openvswitch + OVSRunDir string `yaml:"ovsRunDir,omitempty"` + // Name of the interface antrea-agent will create and use for host <--> pod communication. + // Make sure it doesn't conflict with your existing interfaces. + // Defaults to antrea-gw0. + HostGateway string `yaml:"hostGateway,omitempty"` + // Determines how traffic is encapsulated. It has the following options: + // encap(default): Inter-node Pod traffic is always encapsulated and Pod to external network + // traffic is SNAT'd. + // noEncap: Inter-node Pod traffic is not encapsulated; Pod to external network traffic is + // SNAT'd if noSNAT is not set to true. Underlying network must be capable of + // supporting Pod traffic across IP subnets. + // hybrid: noEncap if source and destination Nodes are on the same subnet, otherwise encap. + // networkPolicyOnly: Antrea enforces NetworkPolicy only, and utilizes CNI chaining and delegates Pod + // IPAM and connectivity to the primary CNI. + TrafficEncapMode string `yaml:"trafficEncapMode,omitempty"` + // Whether or not to SNAT (using the Node IP) the egress traffic from a Pod to the external network. + // This option is for the noEncap traffic mode only, and the default value is false. In the noEncap + // mode, if the cluster's Pod CIDR is reachable from the external network, then the Pod traffic to + // the external network needs not be SNAT'd. In the networkPolicyOnly mode, antrea-agent never + // performs SNAT and this option will be ignored; for other modes it must be set to false. + NoSNAT bool `yaml:"noSNAT,omitempty"` + // Tunnel protocols used for encapsulating traffic across Nodes. Supported values: + // - geneve (default) + // - vxlan + // - gre + // - stt + TunnelType string `yaml:"tunnelType,omitempty"` + // Default MTU to use for the host gateway interface and the network interface of each Pod. + // If omitted, antrea-agent will discover the MTU of the Node's primary interface and + // also adjust MTU to accommodate for tunnel encapsulation overhead (if applicable). + DefaultMTU int `yaml:"defaultMTU,omitempty"` + // Mount location of the /proc directory. The default is "/host", which is appropriate when + // antrea-agent is run as part of the Antrea DaemonSet (and the host's /proc directory is mounted + // as /host/proc in the antrea-agent container). When running antrea-agent as a process, + // hostProcPathPrefix should be set to "/" in the YAML config. + HostProcPathPrefix string `yaml:"hostProcPathPrefix,omitempty"` + // ClusterIP CIDR range for Services. It's required when AntreaProxy is not enabled, and should be + // set to the same value as the one specified by --service-cluster-ip-range for kube-apiserver. When + // AntreaProxy is enabled, this parameter is not needed and will be ignored if provided. + // Default is 10.96.0.0/12 + ServiceCIDR string `yaml:"serviceCIDR,omitempty"` + // ClusterIP CIDR range for IPv6 Services. It's required when using kube-proxy to provide IPv6 Service in a Dual-Stack + // cluster or an IPv6 only cluster. The value should be the same as the configuration for kube-apiserver specified by + // --service-cluster-ip-range. When AntreaProxy is enabled, this parameter is not needed. + // No default value for this field. + ServiceCIDRv6 string `yaml:"serviceCIDRv6,omitempty"` + // Deprecated. Use TrafficEncryptionMode instead. + EnableIPSecTunnel bool `yaml:"enableIPSecTunnel,omitempty"` + // Determines how tunnel traffic is encrypted. + // It has the following options: + // - none (default): Inter-node Pod traffic will not be encrypted. + // - ipsec: Enable IPsec (ESP) encryption for Pod traffic across Nodes. Antrea uses + // Preshared Key (PSK) for IKE authentication. When IPsec tunnel is enabled, + // the PSK value must be passed to Antrea Agent through an environment + // variable: ANTREA_IPSEC_PSK. + // - wireguard: Enable WireGuard for tunnel traffic encryption. + TrafficEncryptionMode string `yaml:"trafficEncryptionMode,omitempty"` + // WireGuard related configurations. + WireGuard WireGuardConfig `yaml:"wireGuard"` + // Enable bridging mode of Pod network on Nodes, in which the Node's transport interface is connected + // to the OVS bridge, and cross-Node/VLAN traffic from AntreaIPAM Pods (Pods whose IP addresses are + // allocated by AntreaIPAM from IPPools) is sent to the underlay network via the uplink, and + // forwarded/routed by the underlay network. + // This option requires the `AntreaIPAM` feature gate to be enabled. At this moment, it supports only + // IPv4 and Linux Nodes, and can be enabled only when `ovsDatapathType` is `system`, + // `trafficEncapMode` is `noEncap`, and `noSNAT` is true. + EnableBridgingMode bool `yaml:"enableBridgingMode,omitempty"` + // APIPort is the port for the antrea-agent APIServer to serve on. + // Defaults to 10350. + APIPort int `yaml:"apiPort,omitempty"` + // ClusterMembershipPort is the server port used by the antrea-agent to run a gossip-based cluster + // membership protocol. Currently it's used only when the Egress feature is enabled. + // Defaults to 10351. + ClusterMembershipPort int `yaml:"clusterPort,omitempty"` + // Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener + // Defaults to true. + EnablePrometheusMetrics *bool `yaml:"enablePrometheusMetrics,omitempty"` + // Provide the IPFIX collector address as a string with format :[][:]. + // HOST can either be the DNS name or the IP of the Flow Collector. For example, + // "flow-aggregator.flow-aggregator.svc" can be provided as DNS name to connect + // to the Antrea Flow Aggregator service. If IP, it can be either IPv4 or IPv6. + // However, IPv6 address should be wrapped with []. + // If PORT is empty, we default to 4739, the standard IPFIX port. + // If no PROTO is given, we consider "tcp" as default. We support "tcp" and + // "udp" L4 transport protocols. + // Defaults to "flow-aggregator.flow-aggregator.svc:4739:tcp". + FlowCollectorAddr string `yaml:"flowCollectorAddr,omitempty"` + // Provide flow poll interval in format "0s". This determines how often flow + // exporter dumps connections in conntrack module. Flow poll interval should + // be greater than or equal to 1s(one second). + // Defaults to "5s". Valid time units are "ns", "us" (or "µs"), "ms", "s", + // "m", "h". + FlowPollInterval string `yaml:"flowPollInterval,omitempty"` + // Provide the active flow export timeout, which is the timeout after which + // a flow record is sent to the collector for active flows. Thus, for flows + // with a continuous stream of packets, a flow record will be exported to the + // collector once the elapsed time since the last export event is equal to the + // value of this timeout. + // Defaults to "30s". Valid time units are "ns", "us" (or "µs"), "ms", "s", + // "m", "h". + ActiveFlowExportTimeout string `yaml:"activeFlowExportTimeout,omitempty"` + // Provide the idle flow export timeout, which is the timeout after which a + // flow record is sent to the collector for idle flows. A flow is considered + // idle if no packet matching this flow has been observed since the last export + // event. + // Defaults to "15s". Valid time units are "ns", "us" (or "µs"), "ms", "s", + // "m", "h". + IdleFlowExportTimeout string `yaml:"idleFlowExportTimeout,omitempty"` + // Deprecated. Use the NodePortLocal config options instead. + NPLPortRange string `yaml:"nplPortRange,omitempty"` + // NodePortLocal (NPL) configuration options. + NodePortLocal NodePortLocalConfig `yaml:"nodePortLocal,omitempty"` + // Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig. + // Defaults to "". It must be a host string, a host:port pair, or a URL to the base of the apiserver. + KubeAPIServerOverride string `yaml:"kubeAPIServerOverride,omitempty"` + // Provide the address of DNS server, to override the kube-dns service. It's used to resolve hostname in FQDN policy. + // Defaults to "". It must be a host string or a host:port pair of the dns server. + DNSServerOverride string `yaml:"dnsServerOverride,omitempty"` + // Cipher suites to use. + TLSCipherSuites string `yaml:"tlsCipherSuites,omitempty"` + // TLS min version. + TLSMinVersion string `yaml:"tlsMinVersion,omitempty"` + // The name of the interface on Node which is used for tunneling or routing the traffic across Nodes. + // If there are multiple IP addresses configured on the interface, the first one is used. The IP + // address used for tunneling or routing traffic to remote Nodes is decided in the following order of + // preference (from highest to lowest): + // 1. TransportInterface + // 2. TransportInterfaceCIDRs + // 3. The Node IP + TransportInterface string `yaml:"transportInterface,omitempty"` + // The network CIDRs of the interface on Node which is used for tunneling or routing the traffic across + // Nodes. If there are multiple interfaces configured the same network CIDR, the first one is used. The + // IP address used for tunneling or routing traffic to remote Nodes is decided in the following order of + // preference (from highest to lowest): + // 1. TransportInterface + // 2. TransportInterfaceCIDRs + // 3. The Node IP + TransportInterfaceCIDRs []string `yaml:"transportInterfaceCIDRs,omitempty"` + // The names of the interfaces on Nodes that are used to forward multicast traffic. + // Defaults to transport interface if not set. + MulticastInterfaces []string `yaml:"multicastInterfaces,omitempty"` + // AntreaProxy contains AntreaProxy related configuration options. + AntreaProxy AntreaProxyConfig `yaml:"antreaProxy,omitempty"` + // Egress related configurations. + Egress EgressConfig `yaml:"egress"` +} + +type AntreaProxyConfig struct { + // ProxyAll tells antrea-agent to proxy all Service traffic, including NodePort, LoadBalancer, and ClusterIP traffic, + // regardless of where they come from. Therefore, running kube-proxy is no longer required. This requires the AntreaProxy + // feature to be enabled. + ProxyAll bool `yaml:"proxyAll,omitempty"` + // A string array of values which specifies the host IPv4/IPv6 addresses for NodePorts. Values may be valid IP blocks. + // (e.g. 1.2.3.0/24, 1.2.3.4/32). An empty string slice is meant to select all host IPv4/IPv6 addresses. + NodePortAddresses []string `yaml:"nodePortAddresses,omitempty"` + // An array of string values to specify a list of Services which should be ignored by AntreaProxy (traffic to these + // Services will not be load-balanced). Values can be a valid ClusterIP (e.g. 10.11.1.2) or a Service name + // with Namespace (e.g. kube-system/kube-dns) + SkipServices []string `yaml:"skipServices,omitempty"` + // When ProxyLoadBalancerIPs is set to false, AntreaProxy no longer load-balances traffic destined to the + // External IPs of LoadBalancer Services. This is useful when the external LoadBalancer provides additional + // capabilities (e.g. TLS termination) and it is desirable for Pod-to-ExternalIP traffic to be sent to the + // external LoadBalancer instead of being load-balanced to an Endpoint directly by AntreaProxy. + // Note that setting ProxyLoadBalancerIPs to false usually only makes sense when ProxyAll is set to true and + // kube-proxy is removed from the cluser, otherwise kube-proxy will still load-balance this traffic. + // Defaults to true. + ProxyLoadBalancerIPs *bool `yaml:"proxyLoadBalancerIPs,omitempty"` +} + +type WireGuardConfig struct { + // The port for the WireGuard to receive traffic. Defaults to 51820. + Port int `yaml:"port,omitempty"` +} + +type NodePortLocalConfig struct { + // Enable NodePortLocal, a feature used to make Pods reachable using port forwarding on the + // host. To enable this feature, you need to set "enable" to true, and ensure that the + // NodePortLocal feature gate is also enabled (which is the default). + Enable bool `yaml:"enable,omitempty"` + // Provide the port range used by NodePortLocal. When the NodePortLocal feature is enabled, + // a port from that range will be assigned whenever a Pod's container defines a specific + // port to be exposed (each container can define a list of ports as + // pod.spec.containers[].ports), and all Node traffic directed to that port will be + // forwarded to the Pod. + PortRange string `yaml:"portRange,omitempty"` +} + +type EgressConfig struct { + ExceptCIDRs []string `yaml:"exceptCIDRs,omitempty"` +} diff --git a/antrea_import/config/controller/config.go b/antrea_import/config/controller/config.go new file mode 100644 index 000000000..d7e08a358 --- /dev/null +++ b/antrea_import/config/controller/config.go @@ -0,0 +1,70 @@ +// Copyright 2021 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package config + +import ( + componentbaseconfig "k8s.io/component-base/config" +) + +type NodeIPAMConfig struct { + // Enable the integrated node IPAM controller within the Antrea controller. + // Defaults to false. + EnableNodeIPAM bool `yaml:"enableNodeIPAM,omitempty"` + // CIDR ranges for Pods in cluster. String array containing single CIDR range, or multiple ranges. The CIDRs could + // be either IPv4 or IPv6. At most one CIDR may be specified for each IP family. Value ignored when EnableNodeIPAM + // is false. + ClusterCIDRs []string `yaml:"clusterCIDRs,omitempty"` + // CIDR ranges for Services in cluster. It is not necessary to specify it when there is no overlap with clusterCIDRs. + // Value ignored when EnableNodeIPAM is false. + ServiceCIDR string `yaml:"serviceCIDR,omitempty"` + ServiceCIDRv6 string `yaml:"serviceCIDRv6,omitempty"` + // Mask size for IPv4 Node CIDR in IPv4 or dual-stack cluster. Value ignored when EnableNodeIPAM is false + // or when IPv4 Pod CIDR is not configured. + NodeCIDRMaskSizeIPv4 int `yaml:"nodeCIDRMaskSizeIPv4,omitempty"` + // Mask size for IPv6 Node CIDR in IPv6 or dual-stack cluster. Value ignored when EnableNodeIPAM is false + // or when IPv6 Pod CIDR is not configured. + NodeCIDRMaskSizeIPv6 int `yaml:"nodeCIDRMaskSizeIPv6,omitempty"` +} + +type ControllerConfig struct { + // FeatureGates is a map of feature names to bools that enable or disable experimental features. + FeatureGates map[string]bool `yaml:"featureGates,omitempty"` + // clientConnection specifies the kubeconfig file and client connection settings for the + // antrea-controller to communicate with the Kubernetes apiserver. + ClientConnection componentbaseconfig.ClientConnectionConfiguration `yaml:"clientConnection"` + // APIPort is the port for the antrea-controller APIServer to serve on. + // Defaults to 10349. + APIPort int `yaml:"apiPort,omitempty"` + // Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener + // Defaults to true. + EnablePrometheusMetrics *bool `yaml:"enablePrometheusMetrics,omitempty"` + // Indicates whether to use auto-generated self-signed TLS certificate. + // If false, A Secret named "antrea-controller-tls" must be provided with the following keys: + // ca.crt: + // tls.crt: + // tls.key: + // And the Secret must be mounted to directory "/var/run/antrea/antrea-controller-tls" of the + // antrea-controller container. + // Defaults to true. + SelfSignedCert *bool `yaml:"selfSignedCert,omitempty"` + // Cipher suites to use. + TLSCipherSuites string `yaml:"tlsCipherSuites,omitempty"` + // TLS min version. + TLSMinVersion string `yaml:"tlsMinVersion,omitempty"` + // Legacy CRD mirroring (deprecated). + LegacyCRDMirroring *bool `yaml:"legacyCRDMirroring,omitempty"` + // NodeIPAM Configuration + NodeIPAM NodeIPAMConfig `yaml:"nodeIPAM"` +} diff --git a/antrea_import/features/antrea_features.go b/antrea_import/features/antrea_features.go new file mode 100644 index 000000000..ab111114e --- /dev/null +++ b/antrea_import/features/antrea_features.go @@ -0,0 +1,152 @@ +// Copyright 2020 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package features + +import ( + "k8s.io/apimachinery/pkg/util/runtime" + "k8s.io/component-base/featuregate" +) + +// When editing this file, make sure you edit the documentation as well to keep +// it consistent: /docs/feature-gates.md + +const ( + // Every feature gate should add constant here following this template: + // + // alpha: vX.Y + // beta: vX.Y + // MyFeature featuregate.Feature = "MyFeature" + + // alpha: v0.8 + // beta: v1.0 + // Enables support for ClusterNetworkPolicy and AntreaNetworkPolicy CRDs. + AntreaPolicy featuregate.Feature = "AntreaPolicy" + + // alpha: v0.13 + // Enable EndpointSlice support in AntreaProxy. If AntreaProxy is not enabled, this + // flag will not take effect. + EndpointSlice featuregate.Feature = "EndpointSlice" + + // alpha: v0.8 + // beta: v0.11 + // Enable antrea proxy which provides ServiceLB for in-cluster services in antrea agent. + // It should be enabled on Windows, otherwise NetworkPolicy will not take effect on + // Service traffic. + AntreaProxy featuregate.Feature = "AntreaProxy" + + // alpha: v0.8 + // beta: v0.11 + // Allows to trace path from a generated packet. + Traceflow featuregate.Feature = "Traceflow" + + // alpha: v0.9 + // Flow exporter exports IPFIX flow records of Antrea flows seen in conntrack module. + FlowExporter featuregate.Feature = "FlowExporter" + + // alpha: v0.10 + // beta: v1.2 + // Enable collecting and exposing NetworkPolicy statistics. + NetworkPolicyStats featuregate.Feature = "NetworkPolicyStats" + + // alpha: v0.13 + // beta: v1.4 + // Expose Pod ports through NodePort + NodePortLocal featuregate.Feature = "NodePortLocal" + + // alpha: v1.0 + // Enable controlling SNAT IPs of Pod egress traffic. + Egress featuregate.Feature = "Egress" + + // alpha: v1.4 + // Run Kubernetes NodeIPAM with Antrea. + NodeIPAM featuregate.Feature = "NodeIPAM" + + // alpha: v1.4 + // Enable flexible IPAM for Pods. + AntreaIPAM featuregate.Feature = "AntreaIPAM" + + // alpha: v1.5 + // Enable Multicast. + Multicast featuregate.Feature = "Multicast" + + // alpha: v1.5 + // Enable Secondary interface feature for Antrea. + SecondaryNetwork featuregate.Feature = "SecondaryNetwork" + + // alpha: v1.5 + // Enable controlling Services with ExternalIP. + ServiceExternalIP featuregate.Feature = "ServiceExternalIP" +) + +var ( + // DefaultMutableFeatureGate is a mutable version of DefaultFeatureGate. + DefaultMutableFeatureGate featuregate.MutableFeatureGate = featuregate.NewFeatureGate() + + // DefaultFeatureGate is a shared global FeatureGate. + // The feature gate should be modified via DefaultMutableFeatureGate. + DefaultFeatureGate featuregate.FeatureGate = DefaultMutableFeatureGate + + // DefaultAntreaFeatureGates consists of all known Antrea-specific feature keys. + // To add a new feature, define a key for it above and add it here. The features will be + // available throughout Antrea binaries. + DefaultAntreaFeatureGates = map[featuregate.Feature]featuregate.FeatureSpec{ + AntreaPolicy: {Default: true, PreRelease: featuregate.Beta}, + AntreaProxy: {Default: true, PreRelease: featuregate.Beta}, + Egress: {Default: false, PreRelease: featuregate.Alpha}, + EndpointSlice: {Default: false, PreRelease: featuregate.Alpha}, + Traceflow: {Default: true, PreRelease: featuregate.Beta}, + AntreaIPAM: {Default: false, PreRelease: featuregate.Alpha}, + FlowExporter: {Default: false, PreRelease: featuregate.Alpha}, + NetworkPolicyStats: {Default: true, PreRelease: featuregate.Beta}, + NodePortLocal: {Default: true, PreRelease: featuregate.Beta}, + NodeIPAM: {Default: false, PreRelease: featuregate.Alpha}, + Multicast: {Default: false, PreRelease: featuregate.Alpha}, + SecondaryNetwork: {Default: false, PreRelease: featuregate.Alpha}, + ServiceExternalIP: {Default: false, PreRelease: featuregate.Alpha}, + } + + // UnsupportedFeaturesOnWindows records the features not supported on + // a Windows Node. Antrea Agent on a Windows Node checks the enabled + // features, and fails the startup if an unsupported feature is enabled. + // We do not define a separate defaultAntreaFeatureGates map for + // Windows, because Agent code assumes all features are registered ( + // FeatureGate.Enabled(feature) will panic if the feature is not added + // to the FeatureGate). + // In future, if a feature is supported on both Linux and Windows, but + // can have different FeatureSpecs between Linux and Windows, we should + // still define a separate defaultAntreaFeatureGates map for Windows. + unsupportedFeaturesOnWindows = map[featuregate.Feature]struct{}{ + NodePortLocal: {}, + Egress: {}, + AntreaIPAM: {}, + Multicast: {}, + SecondaryNetwork: {}, + ServiceExternalIP: {}, + } +) + +func init() { + runtime.Must(DefaultMutableFeatureGate.Add(DefaultAntreaFeatureGates)) +} + +// SupportedOnWindows checks whether a feature is supported on a Windows Node. +func SupportedOnWindows(feature featuregate.Feature) bool { + _, exists := DefaultAntreaFeatureGates[feature] + if !exists { + return false + } + _, exists = unsupportedFeaturesOnWindows[feature] + return !exists +} diff --git a/api/v1/zz_generated.deepcopy.go b/api/v1/zz_generated.deepcopy.go index 688a21a2f..d6a4a95fb 100644 --- a/api/v1/zz_generated.deepcopy.go +++ b/api/v1/zz_generated.deepcopy.go @@ -1,3 +1,4 @@ +//go:build !ignore_autogenerated // +build !ignore_autogenerated /* Copyright © 2020 VMware, Inc. All Rights Reserved. diff --git a/build/Dockerfile b/build/Dockerfile index 7f30f5b3f..01eeb972b 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -10,6 +10,7 @@ RUN go mod download # Copy the go source COPY main.go main.go +COPY antrea_import/ antrea_import/ COPY api/ api/ COPY controllers/ controllers/ COPY version/ version/ diff --git a/controllers/config/config.go b/controllers/config/config.go index 01df05138..7742622c8 100644 --- a/controllers/config/config.go +++ b/controllers/config/config.go @@ -7,6 +7,8 @@ import ( "errors" "fmt" + "k8s.io/utils/net" + gocni "github.com/containerd/go-cni" configv1 "github.com/openshift/api/config/v1" ocoperv1 "github.com/openshift/api/operator/v1" @@ -15,6 +17,8 @@ import ( "gopkg.in/yaml.v2" ctrl "sigs.k8s.io/controller-runtime" + ctlconfig "github.com/vmware/antrea-operator-for-kubernetes/antrea_import/config/controller" + "github.com/vmware/antrea-operator-for-kubernetes/antrea_import/features" operatorv1 "github.com/vmware/antrea-operator-for-kubernetes/api/v1" "github.com/vmware/antrea-operator-for-kubernetes/controllers/types" "github.com/vmware/antrea-operator-for-kubernetes/version" @@ -32,7 +36,7 @@ type ConfigOc struct{} type ConfigK8s struct{} -func fillConfig(clusterConfig *configv1.Network, operConfig *operatorv1.AntreaInstall) error { +func fillAgentConfig(clusterConfig *configv1.Network, operConfig *operatorv1.AntreaInstall) error { antreaAgentConfig := make(map[string]interface{}) err := yaml.Unmarshal([]byte(operConfig.Spec.AntreaAgentConfig), &antreaAgentConfig) if err != nil { @@ -56,10 +60,6 @@ func fillConfig(clusterConfig *configv1.Network, operConfig *operatorv1.AntreaIn if !ok { antreaAgentConfig[types.DefaultMTUOption] = types.DefaultMTU } - // Set Antrea image. - if operConfig.Spec.AntreaImage == "" { - operConfig.Spec.AntreaImage = types.DefaultAntreaImage - } updatedAntreaAgentConfig, err := yaml.Marshal(antreaAgentConfig) if err != nil { return fmt.Errorf("failed to fill configurations in AntreaAgentConfig: %v", err) @@ -68,12 +68,94 @@ func fillConfig(clusterConfig *configv1.Network, operConfig *operatorv1.AntreaIn return nil } +func fillControllerConfig(clusterConfig *configv1.Network, operConfig *operatorv1.AntreaInstall) error { + var controllerConfig ctlconfig.ControllerConfig + err := yaml.Unmarshal([]byte(operConfig.Spec.AntreaControllerConfig), &controllerConfig) + if err != nil { + return fmt.Errorf("failed to parse AntreaControllerConfig: %v", err) + } + + //Turn on NodeIPAM featureGate. + if controllerConfig.FeatureGates == nil { + controllerConfig.FeatureGates = make(map[string]bool) + } + controllerConfig.FeatureGates[string(features.NodeIPAM)] = true + controllerConfig.NodeIPAM.EnableNodeIPAM = true + + if clusterConfig != nil { + ip4found := false + ip6found := false + + for _, cidr := range clusterConfig.Spec.ClusterNetwork { + if net.IsIPv4CIDRString(cidr.CIDR) { + if !ip4found { + ip4found = true + controllerConfig.NodeIPAM.ClusterCIDRs = append(controllerConfig.NodeIPAM.ClusterCIDRs, cidr.CIDR) + controllerConfig.NodeIPAM.NodeCIDRMaskSizeIPv4 = int(cidr.HostPrefix) + } + } else { + if !ip6found { + ip6found = true + controllerConfig.NodeIPAM.ClusterCIDRs = append(controllerConfig.NodeIPAM.ClusterCIDRs, cidr.CIDR) + controllerConfig.NodeIPAM.NodeCIDRMaskSizeIPv6 = int(cidr.HostPrefix) + } + } + } + + // Set service CIDR + ip4found = false + ip6found = false + + for _, svcCIDR := range clusterConfig.Spec.ServiceNetwork { + if net.IsIPv4CIDRString(svcCIDR) { + if !ip4found { + ip4found = true + controllerConfig.NodeIPAM.ServiceCIDR = svcCIDR + } + } else { + if !ip6found { + ip6found = true + controllerConfig.NodeIPAM.ServiceCIDRv6 = svcCIDR + } + } + } + } + + updatedAntreaControllerConfig, err := yaml.Marshal(controllerConfig) + if err != nil { + return fmt.Errorf("failed to fill configurations in AntreaControllerConfig: %v", err) + } + operConfig.Spec.AntreaControllerConfig = string(updatedAntreaControllerConfig) + return nil +} + +func fillConfig(clusterConfig *configv1.Network, operConfig *operatorv1.AntreaInstall, isOpenShift bool) error { + err := fillAgentConfig(clusterConfig, operConfig) + if err != nil { + return err + } + + if isOpenShift { + err = fillControllerConfig(clusterConfig, operConfig) + if err != nil { + return err + } + } + + // Set Antrea image. + if operConfig.Spec.AntreaImage == "" { + operConfig.Spec.AntreaImage = types.DefaultAntreaImage + } + + return nil +} + func (c *ConfigOc) FillConfigs(clusterConfig *configv1.Network, operConfig *operatorv1.AntreaInstall) error { - return fillConfig(clusterConfig, operConfig) + return fillConfig(clusterConfig, operConfig, true) } func (c *ConfigK8s) FillConfigs(clusterConfig *configv1.Network, operConfig *operatorv1.AntreaInstall) error { - return fillConfig(clusterConfig, operConfig) + return fillConfig(clusterConfig, operConfig, false) } func validateConfig(clusterConfig *configv1.Network, operConfig *operatorv1.AntreaInstall) error { diff --git a/controllers/types/defaults.go b/controllers/types/defaults.go index a80a48075..f42b0c487 100644 --- a/controllers/types/defaults.go +++ b/controllers/types/defaults.go @@ -4,7 +4,7 @@ package types const ( - DefaultAntreaImage = "antrea/antrea-ubi:v0.9.1" + DefaultAntreaImage = "antrea/antrea-ubi:latest" DefaultManifestDir = "antrea-manifest" DefaultMTU int = 1450 ) diff --git a/go.mod b/go.mod index 78a6e2f6d..0d99163f2 100644 --- a/go.mod +++ b/go.mod @@ -14,6 +14,8 @@ require ( k8s.io/api v0.22.1 k8s.io/apimachinery v0.22.1 k8s.io/client-go v0.22.1 + k8s.io/component-base v0.22.1 + k8s.io/utils v0.0.0-20210820185131-d34e5cb4466e sigs.k8s.io/controller-runtime v0.9.0-beta.0 )