Skip to content

Commit

Permalink
For review
Browse files Browse the repository at this point in the history
Signed-off-by: Hongliang Liu <lhongliang@vmware.com>
  • Loading branch information
hongliangl committed Aug 25, 2021
1 parent 441cda5 commit 0190692
Show file tree
Hide file tree
Showing 43 changed files with 355 additions and 446 deletions.
10 changes: 6 additions & 4 deletions build/yamls/antrea-aks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3911,6 +3911,8 @@ data:
# (e.g. 1.2.3.0/24, 1.2.3.4/32). An empty string slice is meant to select all host IPv4/IPv6 addresses.
# Note that, the option is only valid when proxyAll is true.
#nodePortAddresses: []
# A string array of values which specifies the devices that should be excluded from NodePort addresses.
excludeDevices: ["antrea-gw0", "antrea-egress0", "kube-ipvs0"]
antrea-cni.conflist: |
{
"cniVersion":"0.3.0",
Expand Down Expand Up @@ -3993,7 +3995,7 @@ metadata:
annotations: {}
labels:
app: antrea
name: antrea-config-7fff2cg2ct
name: antrea-config-68bdtdd5t7
namespace: kube-system
---
apiVersion: v1
Expand Down Expand Up @@ -4064,7 +4066,7 @@ spec:
fieldRef:
fieldPath: spec.serviceAccountName
- name: ANTREA_CONFIG_MAP_NAME
value: antrea-config-7fff2cg2ct
value: antrea-config-68bdtdd5t7
image: projects.registry.vmware.com/antrea/antrea-ubuntu:latest
imagePullPolicy: IfNotPresent
livenessProbe:
Expand Down Expand Up @@ -4115,7 +4117,7 @@ spec:
key: node-role.kubernetes.io/master
volumes:
- configMap:
name: antrea-config-7fff2cg2ct
name: antrea-config-68bdtdd5t7
name: antrea-config
- name: antrea-controller-tls
secret:
Expand Down Expand Up @@ -4396,7 +4398,7 @@ spec:
operator: Exists
volumes:
- configMap:
name: antrea-config-7fff2cg2ct
name: antrea-config-68bdtdd5t7
name: antrea-config
- hostPath:
path: /etc/cni/net.d
Expand Down
10 changes: 6 additions & 4 deletions build/yamls/antrea-eks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3911,6 +3911,8 @@ data:
# (e.g. 1.2.3.0/24, 1.2.3.4/32). An empty string slice is meant to select all host IPv4/IPv6 addresses.
# Note that, the option is only valid when proxyAll is true.
#nodePortAddresses: []
# A string array of values which specifies the devices that should be excluded from NodePort addresses.
excludeDevices: ["antrea-gw0", "antrea-egress0", "kube-ipvs0"]
antrea-cni.conflist: |
{
"cniVersion":"0.3.0",
Expand Down Expand Up @@ -3993,7 +3995,7 @@ metadata:
annotations: {}
labels:
app: antrea
name: antrea-config-7fff2cg2ct
name: antrea-config-68bdtdd5t7
namespace: kube-system
---
apiVersion: v1
Expand Down Expand Up @@ -4064,7 +4066,7 @@ spec:
fieldRef:
fieldPath: spec.serviceAccountName
- name: ANTREA_CONFIG_MAP_NAME
value: antrea-config-7fff2cg2ct
value: antrea-config-68bdtdd5t7
image: projects.registry.vmware.com/antrea/antrea-ubuntu:latest
imagePullPolicy: IfNotPresent
livenessProbe:
Expand Down Expand Up @@ -4115,7 +4117,7 @@ spec:
key: node-role.kubernetes.io/master
volumes:
- configMap:
name: antrea-config-7fff2cg2ct
name: antrea-config-68bdtdd5t7
name: antrea-config
- name: antrea-controller-tls
secret:
Expand Down Expand Up @@ -4398,7 +4400,7 @@ spec:
operator: Exists
volumes:
- configMap:
name: antrea-config-7fff2cg2ct
name: antrea-config-68bdtdd5t7
name: antrea-config
- hostPath:
path: /etc/cni/net.d
Expand Down
10 changes: 6 additions & 4 deletions build/yamls/antrea-gke.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3911,6 +3911,8 @@ data:
# (e.g. 1.2.3.0/24, 1.2.3.4/32). An empty string slice is meant to select all host IPv4/IPv6 addresses.
# Note that, the option is only valid when proxyAll is true.
#nodePortAddresses: []
# A string array of values which specifies the devices that should be excluded from NodePort addresses.
excludeDevices: ["antrea-gw0", "antrea-egress0", "kube-ipvs0"]
antrea-cni.conflist: |
{
"cniVersion":"0.3.0",
Expand Down Expand Up @@ -3993,7 +3995,7 @@ metadata:
annotations: {}
labels:
app: antrea
name: antrea-config-k75c68ffg8
name: antrea-config-htc72954f8
namespace: kube-system
---
apiVersion: v1
Expand Down Expand Up @@ -4064,7 +4066,7 @@ spec:
fieldRef:
fieldPath: spec.serviceAccountName
- name: ANTREA_CONFIG_MAP_NAME
value: antrea-config-k75c68ffg8
value: antrea-config-htc72954f8
image: projects.registry.vmware.com/antrea/antrea-ubuntu:latest
imagePullPolicy: IfNotPresent
livenessProbe:
Expand Down Expand Up @@ -4115,7 +4117,7 @@ spec:
key: node-role.kubernetes.io/master
volumes:
- configMap:
name: antrea-config-k75c68ffg8
name: antrea-config-htc72954f8
name: antrea-config
- name: antrea-controller-tls
secret:
Expand Down Expand Up @@ -4399,7 +4401,7 @@ spec:
path: /home/kubernetes/bin
name: host-cni-bin
- configMap:
name: antrea-config-k75c68ffg8
name: antrea-config-htc72954f8
name: antrea-config
- hostPath:
path: /etc/cni/net.d
Expand Down
10 changes: 6 additions & 4 deletions build/yamls/antrea-ipsec.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3916,6 +3916,8 @@ data:
# (e.g. 1.2.3.0/24, 1.2.3.4/32). An empty string slice is meant to select all host IPv4/IPv6 addresses.
# Note that, the option is only valid when proxyAll is true.
#nodePortAddresses: []
# A string array of values which specifies the devices that should be excluded from NodePort addresses.
excludeDevices: ["antrea-gw0", "antrea-egress0", "kube-ipvs0"]
antrea-cni.conflist: |
{
"cniVersion":"0.3.0",
Expand Down Expand Up @@ -3998,7 +4000,7 @@ metadata:
annotations: {}
labels:
app: antrea
name: antrea-config-c658c8mdmh
name: antrea-config-8cbh24dmb9
namespace: kube-system
---
apiVersion: v1
Expand Down Expand Up @@ -4078,7 +4080,7 @@ spec:
fieldRef:
fieldPath: spec.serviceAccountName
- name: ANTREA_CONFIG_MAP_NAME
value: antrea-config-c658c8mdmh
value: antrea-config-8cbh24dmb9
image: projects.registry.vmware.com/antrea/antrea-ubuntu:latest
imagePullPolicy: IfNotPresent
livenessProbe:
Expand Down Expand Up @@ -4129,7 +4131,7 @@ spec:
key: node-role.kubernetes.io/master
volumes:
- configMap:
name: antrea-config-c658c8mdmh
name: antrea-config-8cbh24dmb9
name: antrea-config
- name: antrea-controller-tls
secret:
Expand Down Expand Up @@ -4445,7 +4447,7 @@ spec:
operator: Exists
volumes:
- configMap:
name: antrea-config-c658c8mdmh
name: antrea-config-8cbh24dmb9
name: antrea-config
- hostPath:
path: /etc/cni/net.d
Expand Down
10 changes: 6 additions & 4 deletions build/yamls/antrea.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3916,6 +3916,8 @@ data:
# (e.g. 1.2.3.0/24, 1.2.3.4/32). An empty string slice is meant to select all host IPv4/IPv6 addresses.
# Note that, the option is only valid when proxyAll is true.
#nodePortAddresses: []
# A string array of values which specifies the devices that should be excluded from NodePort addresses.
excludeDevices: ["antrea-gw0", "antrea-egress0", "kube-ipvs0"]
antrea-cni.conflist: |
{
"cniVersion":"0.3.0",
Expand Down Expand Up @@ -3998,7 +4000,7 @@ metadata:
annotations: {}
labels:
app: antrea
name: antrea-config-66k582hf94
name: antrea-config-9tf98gh7t9
namespace: kube-system
---
apiVersion: v1
Expand Down Expand Up @@ -4069,7 +4071,7 @@ spec:
fieldRef:
fieldPath: spec.serviceAccountName
- name: ANTREA_CONFIG_MAP_NAME
value: antrea-config-66k582hf94
value: antrea-config-9tf98gh7t9
image: projects.registry.vmware.com/antrea/antrea-ubuntu:latest
imagePullPolicy: IfNotPresent
livenessProbe:
Expand Down Expand Up @@ -4120,7 +4122,7 @@ spec:
key: node-role.kubernetes.io/master
volumes:
- configMap:
name: antrea-config-66k582hf94
name: antrea-config-9tf98gh7t9
name: antrea-config
- name: antrea-controller-tls
secret:
Expand Down Expand Up @@ -4401,7 +4403,7 @@ spec:
operator: Exists
volumes:
- configMap:
name: antrea-config-66k582hf94
name: antrea-config-9tf98gh7t9
name: antrea-config
- hostPath:
path: /etc/cni/net.d
Expand Down
2 changes: 2 additions & 0 deletions build/yamls/base/conf/antrea-agent.conf
Original file line number Diff line number Diff line change
Expand Up @@ -161,3 +161,5 @@ antreaProxy:
# (e.g. 1.2.3.0/24, 1.2.3.4/32). An empty string slice is meant to select all host IPv4/IPv6 addresses.
# Note that, the option is only valid when proxyAll is true.
#nodePortAddresses: []
# A string array of values which specifies the devices that should be excluded from NodePort addresses.
excludeDevices: ["antrea-gw0", "antrea-egress0", "kube-ipvs0"]
29 changes: 15 additions & 14 deletions cmd/antrea-agent/agent.go
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,16 @@ func run(o *Options) error {
// cause the stopCh channel to be closed; if another signal is received before the program
// exits, we will force exit.
stopCh := signals.RegisterSignalHandlers()

// Get all available NodePort addresses.
var nodePortAddressesIPv4, nodePortAddressesIPv6 []net.IP
if o.config.AntreaProxy.ProxyAll {
nodePortAddressesIPv4, nodePortAddressesIPv6, err = getAvailableNodePortAddresses(o.config.AntreaProxy.NodePortAddresses, o.config.AntreaProxy.ExcludeDevices)
if err != nil {
return fmt.Errorf("getting available NodePort IP addresses failed: %v", err)
}
}

// Initialize agent and node network.
agentInitializer := agent.NewInitializer(
k8sClient,
Expand All @@ -152,7 +162,11 @@ func run(o *Options) error {
networkConfig,
networkReadyCh,
stopCh,
features.DefaultFeatureGate.Enabled(features.AntreaProxy))
features.DefaultFeatureGate.Enabled(features.AntreaProxy),
o.config.AntreaProxy.ProxyAll,
nodePortAddressesIPv4,
nodePortAddressesIPv6)

err = agentInitializer.Initialize()
if err != nil {
return fmt.Errorf("error initializing agent: %v", err)
Expand All @@ -174,19 +188,6 @@ func run(o *Options) error {
v4Enabled := config.IsIPv4Enabled(nodeConfig, networkConfig.TrafficEncapMode)
v6Enabled := config.IsIPv6Enabled(nodeConfig, networkConfig.TrafficEncapMode)
proxyAll := o.config.AntreaProxy.ProxyAll
var nodePortAddressesIPv4, nodePortAddressesIPv6 []net.IP
if proxyAll {
nodePortAddressesIPv4, nodePortAddressesIPv6, err = getAvailableNodePortAddresses(o.config.AntreaProxy.NodePortAddresses)
if err != nil {
return fmt.Errorf("getting available NodePort IP addresses failed: %v", err)
}
if v4Enabled && len(nodePortAddressesIPv4) == 0 {
return fmt.Errorf("no qualified NodePort IPv4 addresses was found")
}
if v6Enabled && len(nodePortAddressesIPv6) == 0 {
return fmt.Errorf("no qualified NodePort IPv6 addresses was found")
}
}

switch {
case v4Enabled && v6Enabled:
Expand Down
2 changes: 2 additions & 0 deletions cmd/antrea-agent/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -162,5 +162,7 @@ type AgentConfig struct {
// A string array of values which specifies the host IPv4/IPv6 addresses for NodePorts. Values may be valid IP blocks.
// (e.g. 1.2.3.0/24, 1.2.3.4/32). An empty string slice is meant to select all host IPv4/IPv6 addresses.
NodePortAddresses []string `yaml:"nodePortAddresses,omitempty"`
// A string array of values which specifies the devices that should be excluded from NodePort addresses.
ExcludeDevices []string `yaml:"excludeDevices,omitempty"`
} `yaml:"antreaProxy,omitempty"`
}
4 changes: 2 additions & 2 deletions cmd/antrea-agent/util.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,9 @@ import (
"antrea.io/antrea/pkg/agent/util"
)

func getAvailableNodePortAddresses(nodePortAddressesFromConfig []string) ([]net.IP, []net.IP, error) {
func getAvailableNodePortAddresses(nodePortAddressesFromConfig []string, excludeDevices []string) ([]net.IP, []net.IP, error) {
// Get all IP addresses of Node
nodeAddressesIPv4, nodeAddressesIPv6, err := util.GetAllNodeAddresses()
nodeAddressesIPv4, nodeAddressesIPv6, err := util.GetAllNodeAddresses(excludeDevices)
if err != nil {
return nil, nil, err
}
Expand Down
4 changes: 2 additions & 2 deletions hack/generate-manifest.sh
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ Generate a YAML manifest for Antrea using Kustomize and print it to stdout.
--ipsec Generate a manifest with IPSec encryption of tunnel traffic enabled
--all-features Generate a manifest with all alpha features enabled
--no-proxy Generate a manifest with Antrea proxy disabled
--proxy-all Generate a manifest with Antrea proxy which all Service support enabled
--proxy-all Generate a manifest with Antrea proxy with all Service support enabled
--no-legacy-crd Generate a manifest without legacy CRD mirroring support enabled
--endpointslice Generate a manifest with EndpointSlice support enabled
--no-np Generate a manifest with Antrea-native policies disabled
Expand Down Expand Up @@ -196,7 +196,7 @@ if [ "$PROXY" == false ] && [ "$ENDPOINTSLICE" == true ]; then
fi

if [ "$PROXY" == false ] && [ "$PROXY_ALL" == true ]; then
echoerr "--proxy-full requires AntreaProxy, so it cannot be used with --no-proxy"
echoerr "--proxy-all requires AntreaProxy, so it cannot be used with --no-proxy"
print_help
exit 1
fi
Expand Down
Loading

0 comments on commit 0190692

Please sign in to comment.