ANTREA PROXY

Signed-off-by: Weiqiang TANG <[email protected]>

build/yamls/antrea-eks.yml

@@ -128,9 +128,11 @@ rules:
   - ""
   resources:
   - pods
+  - endpoints
   - services
   verbs:
   - get
+  - watch
   - list
 - apiGroups:
   - clusterinformation.antrea.tanzu.vmware.com
@@ -461,6 +463,8 @@ spec:
         - --log_dir
         - /var/log/antrea
         - --alsologtostderr
+        - -v
+        - "100000"
         command:
         - antrea-controller
         env:
@@ -586,6 +590,8 @@ spec:
         - --log_dir
         - /var/log/antrea
         - --alsologtostderr
+        - -v
+        - "10000"
         command:
         - antrea-agent
         env:

build/yamls/antrea-gke.yml

@@ -128,9 +128,11 @@ rules:
   - ""
   resources:
   - pods
+  - endpoints
   - services
   verbs:
   - get
+  - watch
   - list
 - apiGroups:
   - clusterinformation.antrea.tanzu.vmware.com
@@ -461,6 +463,8 @@ spec:
         - --log_dir
         - /var/log/antrea
         - --alsologtostderr
+        - -v
+        - "100000"
         command:
         - antrea-controller
         env:
@@ -586,6 +590,8 @@ spec:
         - --log_dir
         - /var/log/antrea
         - --alsologtostderr
+        - -v
+        - "10000"
         command:
         - antrea-agent
         env:

build/yamls/antrea-ipsec.yml

@@ -128,9 +128,11 @@ rules:
   - ""
   resources:
   - pods
+  - endpoints
   - services
   verbs:
   - get
+  - watch
   - list
 - apiGroups:
   - clusterinformation.antrea.tanzu.vmware.com
@@ -470,6 +472,8 @@ spec:
         - --log_dir
         - /var/log/antrea
         - --alsologtostderr
+        - -v
+        - "100000"
         command:
         - antrea-controller
         env:
@@ -625,6 +629,8 @@ spec:
         - --log_dir
         - /var/log/antrea
         - --alsologtostderr
+        - -v
+        - "10000"
         command:
         - antrea-agent
         env:

build/yamls/antrea.yml

@@ -128,9 +128,11 @@ rules:
   - ""
   resources:
   - pods
+  - endpoints
   - services
   verbs:
   - get
+  - watch
   - list
 - apiGroups:
   - clusterinformation.antrea.tanzu.vmware.com
@@ -461,6 +463,8 @@ spec:
         - --log_dir
         - /var/log/antrea
         - --alsologtostderr
+        - -v
+        - "100000"
         command:
         - antrea-controller
         env:
@@ -586,6 +590,8 @@ spec:
         - --log_dir
         - /var/log/antrea
         - --alsologtostderr
+        - -v
+        - "10000"
         command:
         - antrea-agent
         env:

build/yamls/base/agent-rbac.yml

@@ -22,9 +22,11 @@ rules:
       - ""
     resources:
       - pods
+      - endpoints
       - services
     verbs:
       - get
+      - watch
       - list
   - apiGroups:
       - clusterinformation.antrea.tanzu.vmware.com

build/yamls/base/agent.yml

@@ -66,7 +66,7 @@ spec:
               cpu: "200m"
           command: ["antrea-agent"]
           # Log to both "/var/log/antrea/" and stderr (so "kubectl logs" can work).
-          args: ["--config", "/etc/antrea/antrea-agent.conf", "--logtostderr=false", "--log_dir", "/var/log/antrea", "--alsologtostderr"]
+          args: ["--config", "/etc/antrea/antrea-agent.conf", "--logtostderr=false", "--log_dir", "/var/log/antrea", "--alsologtostderr", "-v", "10000"]
           env:
             # Provide pod and node information for clusterinformation CRD.
             - name: POD_NAME

build/yamls/base/controller.yml

@@ -80,7 +80,7 @@ spec:
               cpu: "200m"
           command: ["antrea-controller"]
           # Log to both "/var/log/antrea/" and stderr (so "kubectl logs" can work).
-          args: ["--config", "/etc/antrea/antrea-controller.conf", "--logtostderr=false", "--log_dir", "/var/log/antrea", "--alsologtostderr"]
+          args: ["--config", "/etc/antrea/antrea-controller.conf", "--logtostderr=false", "--log_dir", "/var/log/antrea", "--alsologtostderr", "-v", "100000"]
           env:
             # Provide pod and node information for clusterinformation CRD.
             - name: POD_NAME

cmd/antrea-agent/agent.go

@@ -32,6 +32,7 @@ import (
 	"github.com/vmware-tanzu/antrea/pkg/agent/interfacestore"
 	"github.com/vmware-tanzu/antrea/pkg/agent/metrics"
 	"github.com/vmware-tanzu/antrea/pkg/agent/openflow"
+	"github.com/vmware-tanzu/antrea/pkg/agent/proxy"
 	"github.com/vmware-tanzu/antrea/pkg/agent/querier"
 	"github.com/vmware-tanzu/antrea/pkg/agent/route"
 	"github.com/vmware-tanzu/antrea/pkg/apis/networking/v1beta1"
@@ -131,6 +132,19 @@ func run(o *Options) error {
 	if networkConfig.TrafficEncapMode.IsNetworkPolicyOnly() {
 		isChaining = true
 	}
+	// TODO: ENHANCE HERE
+	agentQuerier := querier.NewAgentQuerier(
+		nodeConfig,
+		ifaceStore,
+		k8sClient,
+		ofClient,
+		ovsBridgeClient,
+		networkPolicyController,
+		o.config.APIPort)
+	proxyInstance, err := proxy.New(nodeConfig.Name, agentQuerier, ofClient, informerFactory)
+	if err != nil {
+		return err
+	}
 	cniServer := cniserver.New(
 		o.config.CNISocket,
 		o.config.HostProcPathPrefix,
@@ -159,6 +173,8 @@ func run(o *Options) error {
 	// exits, we will force exit.
 	stopCh := signals.RegisterSignalHandlers()
 
+	go proxyInstance.Run(stopCh)
+
 	go cniServer.Run(stopCh)
 
 	informerFactory.Start(stopCh)
@@ -169,14 +185,9 @@ func run(o *Options) error {
 
 	go networkPolicyController.Run(stopCh)
 
-	agentQuerier := querier.NewAgentQuerier(
-		nodeConfig,
-		ifaceStore,
-		k8sClient,
-		ofClient,
-		ovsBridgeClient,
-		networkPolicyController,
-		o.config.APIPort)
+	if o.config.EnablePrometheusMetrics {
+		metrics.InitializePrometheusMetrics()
+	}
 
 	agentMonitor := monitor.NewAgentMonitor(crdClient, agentQuerier)
 

go.mod

@@ -55,16 +55,37 @@ require (
 	k8s.io/klog v1.0.0
 	k8s.io/kube-aggregator v0.17.6
 	k8s.io/kube-openapi v0.0.0-20200410145947-bcb3869e6f29
+	k8s.io/kubernetes v1.17.6
 	k8s.io/utils v0.0.0-20191114184206-e782cd3c129f
 )
 
 replace (
 	github.com/contiv/ofnet => github.com/wenyingd/ofnet v0.0.0-20200601065543-2c7a62482f16
+	k8s.io/api => k8s.io/api v0.17.6
+	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.17.6
+	k8s.io/apimachinery => k8s.io/apimachinery v0.17.6
+	k8s.io/apiserver => k8s.io/apiserver v0.17.6
+	k8s.io/cli-runtime => k8s.io/cli-runtime v0.17.6
 	// fake.NewSimpleClientset is quite slow when it's initialized with massive objects due to
 	// https://github.com/kubernetes/kubernetes/issues/89574. It takes more than tens of minutes to
 	// init a fake client with 200k objects, which makes it hard to run the NetworkPolicy scale test.
 	// There is an optimization https://github.com/kubernetes/kubernetes/pull/89575 but will only be
 	// available from 1.19.0 and later releases. Use this commit before Antrea bumps up its K8s
 	// dependency version.
 	k8s.io/client-go => github.com/tnqn/client-go v0.0.0-20200521074542-6c18cd58306a
+	k8s.io/cloud-provider => k8s.io/cloud-provider v0.17.6
+	k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.17.6
+	k8s.io/code-generator => k8s.io/code-generator v0.17.6
+	k8s.io/component-base => k8s.io/component-base v0.17.6
+	k8s.io/cri-api => k8s.io/cri-api v0.17.6
+	k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.17.6
+	k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.17.6
+	k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.17.6
+	k8s.io/kube-proxy => k8s.io/kube-proxy v0.17.6
+	k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.17.6
+	k8s.io/kubectl => k8s.io/kubectl v0.17.6
+	k8s.io/kubelet => k8s.io/kubelet v0.17.6
+	k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.17.6
+	k8s.io/metrics => k8s.io/metrics v0.17.6
+	k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.17.6
 )