Enable containerd CI pipeline for antrea windows

Add e2e,conformance and networkpolicy tests for windows containerd testbed. ginkgo:v2.1.6 kubernetes:v1.25 containerd:v1.6.6 Signed-off-by: Shuyang Xin <[email protected]>
antrea-io · Dec 16, 2022 · 7fd3868 · 7fd3868
1 parent 272f916
commit 7fd3868
Show file tree

Hide file tree

Showing 10 changed files with 449 additions and 90 deletions.
diff --git a/build/yamls/antrea-windows-containerd.yml b/build/yamls/antrea-windows-containerd.yml
@@ -1,6 +1,6 @@
 apiVersion: v1
 data:
-  Install-WindowsCNI-priv.ps1: |
+  Install-WindowsCNI-Containerd.ps1: |
     $ErrorActionPreference = "Stop";    
     mkdir -force c:/var/log/antrea
 
@@ -11,13 +11,13 @@ data:
     cp $mountPath/var/run/secrets/kubernetes.io/serviceaccount/token C:/var/run/secrets/kubernetes.io/serviceaccount
     cp $mountPath/k/antrea/cni/* c:/opt/cni/bin/
     cp $mountPath/etc/antrea/antrea-cni.conflist c:/etc/cni/net.d/10-antrea.conflist
+    mkdir -force c:/k/antrea/bin
+    cp $mountPath/k/antrea/bin/antctl.exe c:/k/antrea/bin/antctl.exe
     
-  Run-AntreaAgent.ps1: |
+  Run-AntreaAgent-Containerd.ps1: |
     $ErrorActionPreference = "Stop"
     $mountPath = $env:CONTAINER_SANDBOX_MOUNT_POINT
     $mountPath =  ($mountPath.Replace('\', '/')).TrimEnd('/')
-    mkdir -force c:/k/antrea/bin
-    cp $mountPath/k/antrea/bin/* c:/k/antrea/bin/
     & "$mountPath/k/antrea/bin/antrea-agent.exe" --config=$mountPath/etc/antrea/antrea-agent.conf --logtostderr=false --log_dir=c:/var/log/antrea --alsologtostderr --log_file_max_size=100 --log_file_max_num=4 --v=4
 kind: ConfigMap
 metadata:
@@ -34,7 +34,7 @@ data:
     # Enable antrea proxy which provides ServiceLB for in-cluster services in antrea agent.
     # It should be enabled on Windows, otherwise NetworkPolicy will not take effect on
     # Service traffic.
-      AntreaProxy: true
+    #  AntreaProxy: true
 
     # Enable EndpointSlice support in AntreaProxy. Don't enable this feature unless that EndpointSlice
     # API version v1beta1 is supported and set as enabled in Kubernetes. If AntreaProxy is not enabled,
@@ -61,6 +61,11 @@ data:
     # - stt
     #tunnelType: geneve
 
+    # TunnelPort is the destination port for UDP and TCP based tunnel protocols
+    # (Geneve, VXLAN, and STT). If zero, it will use the assigned IANA port for the
+    # protocol, i.e. 6081 for Geneve, 4789 for VXLAN, and 7471 for STT.
+    #tunnelPort: 0
+
     # Default MTU to use for the host gateway interface and the network interface of each Pod.
     # If omitted, antrea-agent will discover the MTU of the Node's primary interface and
     # also adjust MTU to accommodate for tunnel encapsulation overhead.
@@ -69,7 +74,7 @@ data:
     # ClusterIP CIDR range for Services. It's required when AntreaProxy is not enabled, and should be
     # set to the same value as the one specified by --service-cluster-ip-range for kube-apiserver. When
     # AntreaProxy is enabled, this parameter is not needed and will be ignored if provided.
-    serviceCIDR: 10.96.0.0/12
+    #serviceCIDR: 10.96.0.0/12
 
     # The port for the antrea-agent APIServer to serve on.
     #apiPort: 10350
@@ -138,7 +143,7 @@ data:
 
     # Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig.
     # Defaults to "". It must be a host string, a host:port pair, or a URL to the base of the apiserver.
-    #kubeAPIServerOverride: "10.176.210.86:6443"
+    #kubeAPIServerOverride: ""
 
     # Option antreaProxy contains AntreaProxy related configuration options.
     antreaProxy:
@@ -147,6 +152,7 @@ data:
       # Note that this option is experimental. If kube-proxy is removed, option kubeAPIServerOverride must be used to access
       # apiserver directly.
       #proxyAll: false
+
     nodePortLocal:
     # Enable NodePortLocal, a feature used to make Pods reachable using port forwarding on the host. To
     # enable this feature, you need to set "enable" to true, and ensure that the NodePortLocal feature
@@ -206,7 +212,7 @@ spec:
       containers:
       - args:
         - -file
-        - $env:CONTAINER_SANDBOX_MOUNT_POINT/var/lib/antrea-windows/Run-AntreaAgent.ps1
+        - $env:CONTAINER_SANDBOX_MOUNT_POINT/var/lib/antrea-windows/Run-AntreaAgent-Containerd.ps1
         command:
         - powershell
         env:
@@ -222,40 +228,30 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: spec.nodeName
-        image: projects.registry.vmware.com/antrea/antrea-windows:latest
+        image: antrea/antrea-windows:latest
         imagePullPolicy: IfNotPresent
         name: antrea-agent
         volumeMounts:
         - mountPath: /etc/antrea
           name: antrea-windows-config
         - mountPath: /var/lib/antrea-windows
           name: antrea-agent-windows
-        - mountPath: /host/k/antrea/
-          name: host-antrea-home
         - mountPath: /var/log/antrea/
           name: var-log-antrea
       hostNetwork: true
       initContainers:
       - args:
         - -File
-        - $env:CONTAINER_SANDBOX_MOUNT_POINT/var/lib/antrea-windows/Install-WindowsCNI-priv.ps1
+        - $env:CONTAINER_SANDBOX_MOUNT_POINT/var/lib/antrea-windows/Install-WindowsCNI-Containerd.ps1
         command:
         - powershell
-        image: projects.registry.vmware.com/antrea/antrea-windows:latest
+        image: antrea/antrea-windows:latest
         imagePullPolicy: IfNotPresent
         name: install-cni
         volumeMounts:
         - mountPath: /etc/antrea
           name: antrea-windows-config
           readOnly: true
-        - mountPath: /host/etc/cni/net.d
-          name: host-cni-conf
-        - mountPath: /host/opt/cni/bin
-          name: host-cni-bin
-        - mountPath: /host/k/antrea/
-          name: host-antrea-home
-        - mountPath: /host/var/run/secrets/
-          name: host-secrets-path
         - mountPath: /var/lib/antrea-windows
           name: antrea-agent-windows
       nodeSelector:
@@ -275,25 +271,9 @@ spec:
           defaultMode: 420
           name: antrea-agent-windows-kht6m7hthm
         name: antrea-agent-windows
-      - hostPath:
-          path: /etc/cni/net.d
-          type: DirectoryOrCreate
-        name: host-cni-conf
-      - hostPath:
-          path: /opt/cni/bin
-          type: DirectoryOrCreate
-        name: host-cni-bin
-      - hostPath:
-          path: /k/antrea
-          type: DirectoryOrCreate
-        name: host-antrea-home
       - hostPath:
           path: /var/log/antrea/
           type: DirectoryOrCreate
         name: var-log-antrea
-      - hostPath:
-          path: /var/run/secrets/
-          type: DirectoryOrCreate
-        name: host-secrets-path
   updateStrategy:
-    type: RollingUpdate
+    type: RollingUpdate
diff --git a/build/yamls/windows/base/agent-containerd.yml b/build/yamls/windows/base/agent-containerd.yml
@@ -0,0 +1,88 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  labels:
+    component: antrea-agent
+  name: antrea-agent-windows
+  namespace: kube-system
+spec:
+  selector:
+    matchLabels:
+      component: antrea-agent
+  template:
+    metadata:
+      annotations:
+        "microsoft.com/hostprocess-inherit-user": "true"
+      labels:
+        component: antrea-agent
+    spec:
+      securityContext:
+        windowsOptions:
+          runAsUserName: "NT AUTHORITY\\SYSTEM"
+          hostProcess: true
+      containers:
+      - args:
+        - -file
+        - $env:CONTAINER_SANDBOX_MOUNT_POINT/var/lib/antrea-windows/Run-AntreaAgent-Containerd.ps1
+        command:
+        - powershell
+        env:
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: NODE_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        image: antrea-windows
+        name: antrea-agent
+        volumeMounts:
+        - mountPath: /etc/antrea
+          name: antrea-windows-config
+        - mountPath: /var/lib/antrea-windows
+          name: antrea-agent-windows
+        - mountPath: /var/log/antrea/
+          name: var-log-antrea
+      hostNetwork: true
+      initContainers:
+      - args:
+        - -File
+        - $env:CONTAINER_SANDBOX_MOUNT_POINT/var/lib/antrea-windows/Install-WindowsCNI-Containerd.ps1
+        command:
+        - powershell
+        image: antrea-windows
+        name: install-cni
+        volumeMounts:
+        - mountPath: /etc/antrea
+          name: antrea-windows-config
+          readOnly: true
+        - mountPath: /var/lib/antrea-windows
+          name: antrea-agent-windows
+      nodeSelector:
+        kubernetes.io/os: windows
+      priorityClassName: system-node-critical
+      serviceAccountName: antrea-agent
+      tolerations:
+      - key: CriticalAddonsOnly
+        operator: Exists
+      - effect: NoSchedule
+        operator: Exists
+      volumes:
+      - configMap:
+          name: antrea-windows-config
+        name: antrea-windows-config
+      - configMap:
+          defaultMode: 420
+          name: antrea-agent-windows
+        name: antrea-agent-windows
+      - hostPath:
+          path: /var/log/antrea/
+          type: DirectoryOrCreate
+        name: var-log-antrea
+  updateStrategy:
+    type: RollingUpdate
diff --git a/build/yamls/windows/base/conf/Install-WindowsCNI-Containerd.ps1 b/build/yamls/windows/base/conf/Install-WindowsCNI-Containerd.ps1
@@ -0,0 +1,11 @@
+$ErrorActionPreference = "Stop";
+mkdir -force c:/var/log/antrea
+$mountPath = $env:CONTAINER_SANDBOX_MOUNT_POINT
+$mountPath =  ($mountPath.Replace('\', '/')).TrimEnd('/')
+mkdir -force C:/var/run/secrets/kubernetes.io/serviceaccount
+cp $mountPath/var/run/secrets/kubernetes.io/serviceaccount/ca.crt C:/var/run/secrets/kubernetes.io/serviceaccount
+cp $mountPath/var/run/secrets/kubernetes.io/serviceaccount/token C:/var/run/secrets/kubernetes.io/serviceaccount
+cp $mountPath/k/antrea/cni/* c:/opt/cni/bin/
+cp $mountPath/etc/antrea/antrea-cni.conflist c:/etc/cni/net.d/10-antrea.conflist
+mkdir -force c:/k/antrea/bin
+cp $mountPath/k/antrea/bin/antctl.exe c:/k/antrea/bin/antctl.exe
diff --git a/build/yamls/windows/base/conf/Run-AntreaAgent-Containerd.ps1 b/build/yamls/windows/base/conf/Run-AntreaAgent-Containerd.ps1
@@ -0,0 +1,4 @@
+$ErrorActionPreference = "Stop"
+$mountPath = $env:CONTAINER_SANDBOX_MOUNT_POINT
+$mountPath =  ($mountPath.Replace('\', '/')).TrimEnd('/')
+& "$mountPath/k/antrea/bin/antrea-agent.exe" --config=$mountPath/etc/antrea/antrea-agent.conf --logtostderr=false --log_dir=c:/var/log/antrea --alsologtostderr --log_file_max_size=100 --log_file_max_num=4 --v=4
diff --git a/ci/jenkins/test-mc.sh b/ci/jenkins/test-mc.sh
@@ -264,7 +264,7 @@ function deliver_antrea_multicluster {
     chmod -R g-w build/images/base
 
     DOCKER_REGISTRY="${DOCKER_REGISTRY}" ./hack/build-antrea-linux-all.sh --pull
-    echo "====== Delivering Antrea to all the Nodes ======"
+    echo "====== Delivering Antrea to all Nodes ======"
     docker save -o ${WORKDIR}/antrea-ubuntu.tar antrea/antrea-ubuntu:latest