Skip to content

Commit

Permalink
Implement antrea proxy
Browse files Browse the repository at this point in the history
Co-authored-by: Quan Tian <[email protected]>
Signed-off-by: Weiqiang TANG <[email protected]>
  • Loading branch information
weiqiangt and tnqn committed Jun 30, 2020
1 parent a2e9594 commit c7ab11b
Show file tree
Hide file tree
Showing 50 changed files with 3,834 additions and 145 deletions.
93 changes: 93 additions & 0 deletions .github/workflows/kind.yml
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,37 @@ jobs:
run: |
./ci/kind/test-e2e-kind.sh encap
test-e2e-encap-proxy:
name: E2e tests on a Kind cluster on Linux with proxy enabled
needs: build-antrea-image
runs-on: [ubuntu-18.04]
steps:
- name: Free disk space
# https://github.com/actions/virtual-environments/issues/709
run: |
sudo apt-get clean
df -h
- uses: actions/checkout@v2
- uses: actions/setup-go@v1
with:
go-version: 1.13
- name: Download Antrea image from previous job
uses: actions/download-artifact@v1
with:
name: antrea-ubuntu
- name: Load Antrea image
run: docker load -i antrea-ubuntu/antrea-ubuntu.tar
- name: Install Kind
env:
KIND_VERSION: v0.7.0
run: |
curl -Lo ./kind https://github.com/kubernetes-sigs/kind/releases/download/${KIND_VERSION}/kind-$(uname)-amd64
chmod +x ./kind
sudo mv kind /usr/local/bin
- name: Run e2e tests
run: |
./ci/kind/test-e2e-kind.sh encap --proxy
test-e2e-noencap:
name: E2e tests on a Kind cluster on Linux (noEncap)
needs: build-antrea-image
Expand Down Expand Up @@ -85,6 +116,37 @@ jobs:
run: |
./ci/kind/test-e2e-kind.sh noEncap
test-e2e-noencap-proxy:
name: E2e tests on a Kind cluster on Linux (noEncap) with proxy enabled
needs: build-antrea-image
runs-on: [ubuntu-18.04]
steps:
- name: Free disk space
# https://github.com/actions/virtual-environments/issues/709
run: |
sudo apt-get clean
df -h
- uses: actions/checkout@v2
- uses: actions/setup-go@v1
with:
go-version: 1.13
- name: Download Antrea image from previous job
uses: actions/download-artifact@v1
with:
name: antrea-ubuntu
- name: Load Antrea image
run: docker load -i antrea-ubuntu/antrea-ubuntu.tar
- name: Install Kind
env:
KIND_VERSION: v0.7.0
run: |
curl -Lo ./kind https://github.com/kubernetes-sigs/kind/releases/download/${KIND_VERSION}/kind-$(uname)-amd64
chmod +x ./kind
sudo mv kind /usr/local/bin
- name: Run e2e tests
run: |
./ci/kind/test-e2e-kind.sh noEncap --proxy
test-e2e-hybrid:
name: E2e tests on a Kind cluster on Linux (hybrid)
needs: build-antrea-image
Expand Down Expand Up @@ -116,6 +178,37 @@ jobs:
run: |
./ci/kind/test-e2e-kind.sh hybrid
test-e2e-hybrid-proxy:
name: E2e tests on a Kind cluster on Linux (hybrid) with proxy enabled
needs: build-antrea-image
runs-on: [ubuntu-18.04]
steps:
- name: Free disk space
# https://github.com/actions/virtual-environments/issues/709
run: |
sudo apt-get clean
df -h
- uses: actions/checkout@v2
- uses: actions/setup-go@v1
with:
go-version: 1.13
- name: Download Antrea image from previous job
uses: actions/download-artifact@v1
with:
name: antrea-ubuntu
- name: Load Antrea image
run: docker load -i antrea-ubuntu/antrea-ubuntu.tar
- name: Install Kind
env:
KIND_VERSION: v0.7.0
run: |
curl -Lo ./kind https://github.com/kubernetes-sigs/kind/releases/download/${KIND_VERSION}/kind-$(uname)-amd64
chmod +x ./kind
sudo mv kind /usr/local/bin
- name: Run e2e tests
run: |
./ci/kind/test-e2e-kind.sh hybrid --proxy
test-netpol-tmp:
name: Run experimental network policy tests (netpol) on Kind cluster
needs: build-antrea-image
Expand Down
14 changes: 10 additions & 4 deletions build/yamls/antrea-eks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -148,9 +148,11 @@ rules:
- ""
resources:
- pods
- endpoints
- services
verbs:
- get
- watch
- list
- apiGroups:
- clusterinformation.antrea.tanzu.vmware.com
Expand Down Expand Up @@ -345,7 +347,11 @@ apiVersion: v1
data:
antrea-agent.conf: |
# FeatureGates is a map of feature names to bools that enable or disable experimental features.
#featureGates:
featureGates:
# Enable antrea proxy which provides ServiceLB for in-cluster services in antrea agent.
# It should be enabled on Windows, otherwise NetworkPolicy will not take effect on
# Service traffic.
# AntreaProxy: false
# Name of the OpenVSwitch bridge antrea-agent will create and use.
# Make sure it doesn't conflict with your existing OpenVSwitch bridges.
Expand Down Expand Up @@ -440,7 +446,7 @@ metadata:
annotations: {}
labels:
app: antrea
name: antrea-config-6kd8dg2mdc
name: antrea-config-9bcct72f2b
namespace: kube-system
---
apiVersion: v1
Expand Down Expand Up @@ -545,7 +551,7 @@ spec:
key: node-role.kubernetes.io/master
volumes:
- configMap:
name: antrea-config-6kd8dg2mdc
name: antrea-config-9bcct72f2b
name: antrea-config
- name: antrea-controller-tls
secret:
Expand Down Expand Up @@ -761,7 +767,7 @@ spec:
operator: Exists
volumes:
- configMap:
name: antrea-config-6kd8dg2mdc
name: antrea-config-9bcct72f2b
name: antrea-config
- hostPath:
path: /etc/cni/net.d
Expand Down
14 changes: 10 additions & 4 deletions build/yamls/antrea-gke.yml
Original file line number Diff line number Diff line change
Expand Up @@ -148,9 +148,11 @@ rules:
- ""
resources:
- pods
- endpoints
- services
verbs:
- get
- watch
- list
- apiGroups:
- clusterinformation.antrea.tanzu.vmware.com
Expand Down Expand Up @@ -345,7 +347,11 @@ apiVersion: v1
data:
antrea-agent.conf: |
# FeatureGates is a map of feature names to bools that enable or disable experimental features.
#featureGates:
featureGates:
# Enable antrea proxy which provides ServiceLB for in-cluster services in antrea agent.
# It should be enabled on Windows, otherwise NetworkPolicy will not take effect on
# Service traffic.
# AntreaProxy: false
# Name of the OpenVSwitch bridge antrea-agent will create and use.
# Make sure it doesn't conflict with your existing OpenVSwitch bridges.
Expand Down Expand Up @@ -440,7 +446,7 @@ metadata:
annotations: {}
labels:
app: antrea
name: antrea-config-df75dft74m
name: antrea-config-66g79mckkh
namespace: kube-system
---
apiVersion: v1
Expand Down Expand Up @@ -545,7 +551,7 @@ spec:
key: node-role.kubernetes.io/master
volumes:
- configMap:
name: antrea-config-df75dft74m
name: antrea-config-66g79mckkh
name: antrea-config
- name: antrea-controller-tls
secret:
Expand Down Expand Up @@ -759,7 +765,7 @@ spec:
operator: Exists
volumes:
- configMap:
name: antrea-config-df75dft74m
name: antrea-config-66g79mckkh
name: antrea-config
- hostPath:
path: /etc/cni/net.d
Expand Down
14 changes: 10 additions & 4 deletions build/yamls/antrea-ipsec.yml
Original file line number Diff line number Diff line change
Expand Up @@ -148,9 +148,11 @@ rules:
- ""
resources:
- pods
- endpoints
- services
verbs:
- get
- watch
- list
- apiGroups:
- clusterinformation.antrea.tanzu.vmware.com
Expand Down Expand Up @@ -345,7 +347,11 @@ apiVersion: v1
data:
antrea-agent.conf: |
# FeatureGates is a map of feature names to bools that enable or disable experimental features.
#featureGates:
featureGates:
# Enable antrea proxy which provides ServiceLB for in-cluster services in antrea agent.
# It should be enabled on Windows, otherwise NetworkPolicy will not take effect on
# Service traffic.
# AntreaProxy: false
# Name of the OpenVSwitch bridge antrea-agent will create and use.
# Make sure it doesn't conflict with your existing OpenVSwitch bridges.
Expand Down Expand Up @@ -440,7 +446,7 @@ metadata:
annotations: {}
labels:
app: antrea
name: antrea-config-6fg7ftb7c2
name: antrea-config-6dfb5t2tkk
namespace: kube-system
---
apiVersion: v1
Expand Down Expand Up @@ -554,7 +560,7 @@ spec:
key: node-role.kubernetes.io/master
volumes:
- configMap:
name: antrea-config-6fg7ftb7c2
name: antrea-config-6dfb5t2tkk
name: antrea-config
- name: antrea-controller-tls
secret:
Expand Down Expand Up @@ -803,7 +809,7 @@ spec:
operator: Exists
volumes:
- configMap:
name: antrea-config-6fg7ftb7c2
name: antrea-config-6dfb5t2tkk
name: antrea-config
- hostPath:
path: /etc/cni/net.d
Expand Down
11 changes: 9 additions & 2 deletions build/yamls/antrea-windows.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,13 @@ metadata:
apiVersion: v1
data:
antrea-agent.conf: |
# FeatureGates is a map of feature names to bools that enable or disable experimental features.
featureGates:
# Enable antrea proxy which provides ServiceLB for in-cluster services in antrea agent.
# It should be enabled on Windows, otherwise NetworkPolicy will not take effect on
# Service traffic.
AntreaProxy: true
# Name of the OpenVSwitch bridge antrea-agent will create and use.
# Make sure it doesn't conflict with your existing OpenVSwitch bridges.
#ovsBridge: br-int
Expand Down Expand Up @@ -62,7 +69,7 @@ kind: ConfigMap
metadata:
labels:
app: antrea
name: antrea-windows-config-kc69htmck4
name: antrea-windows-config-8ktf86t8d5
namespace: kube-system
---
apiVersion: apps/v1
Expand Down Expand Up @@ -150,7 +157,7 @@ spec:
operator: Exists
volumes:
- configMap:
name: antrea-windows-config-kc69htmck4
name: antrea-windows-config-8ktf86t8d5
name: antrea-windows-config
- configMap:
defaultMode: 420
Expand Down
14 changes: 10 additions & 4 deletions build/yamls/antrea.yml
Original file line number Diff line number Diff line change
Expand Up @@ -148,9 +148,11 @@ rules:
- ""
resources:
- pods
- endpoints
- services
verbs:
- get
- watch
- list
- apiGroups:
- clusterinformation.antrea.tanzu.vmware.com
Expand Down Expand Up @@ -345,7 +347,11 @@ apiVersion: v1
data:
antrea-agent.conf: |
# FeatureGates is a map of feature names to bools that enable or disable experimental features.
#featureGates:
featureGates:
# Enable antrea proxy which provides ServiceLB for in-cluster services in antrea agent.
# It should be enabled on Windows, otherwise NetworkPolicy will not take effect on
# Service traffic.
# AntreaProxy: false
# Name of the OpenVSwitch bridge antrea-agent will create and use.
# Make sure it doesn't conflict with your existing OpenVSwitch bridges.
Expand Down Expand Up @@ -440,7 +446,7 @@ metadata:
annotations: {}
labels:
app: antrea
name: antrea-config-g9c588t985
name: antrea-config-689fgt2cdb
namespace: kube-system
---
apiVersion: v1
Expand Down Expand Up @@ -545,7 +551,7 @@ spec:
key: node-role.kubernetes.io/master
volumes:
- configMap:
name: antrea-config-g9c588t985
name: antrea-config-689fgt2cdb
name: antrea-config
- name: antrea-controller-tls
secret:
Expand Down Expand Up @@ -759,7 +765,7 @@ spec:
operator: Exists
volumes:
- configMap:
name: antrea-config-g9c588t985
name: antrea-config-689fgt2cdb
name: antrea-config
- hostPath:
path: /etc/cni/net.d
Expand Down
2 changes: 2 additions & 0 deletions build/yamls/base/agent-rbac.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,11 @@ rules:
- ""
resources:
- pods
- endpoints
- services
verbs:
- get
- watch
- list
- apiGroups:
- clusterinformation.antrea.tanzu.vmware.com
Expand Down
6 changes: 5 additions & 1 deletion build/yamls/base/conf/antrea-agent.conf
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
# FeatureGates is a map of feature names to bools that enable or disable experimental features.
#featureGates:
featureGates:
# Enable antrea proxy which provides ServiceLB for in-cluster services in antrea agent.
# It should be enabled on Windows, otherwise NetworkPolicy will not take effect on
# Service traffic.
# AntreaProxy: false

# Name of the OpenVSwitch bridge antrea-agent will create and use.
# Make sure it doesn't conflict with your existing OpenVSwitch bridges.
Expand Down
7 changes: 7 additions & 0 deletions build/yamls/windows/base/conf/antrea-agent.conf
Original file line number Diff line number Diff line change
@@ -1,3 +1,10 @@
# FeatureGates is a map of feature names to bools that enable or disable experimental features.
featureGates:
# Enable antrea proxy which provides ServiceLB for in-cluster services in antrea agent.
# It should be enabled on Windows, otherwise NetworkPolicy will not take effect on
# Service traffic.
AntreaProxy: true

# Name of the OpenVSwitch bridge antrea-agent will create and use.
# Make sure it doesn't conflict with your existing OpenVSwitch bridges.
#ovsBridge: br-int
Expand Down
Loading

0 comments on commit c7ab11b

Please sign in to comment.