Support EndpointSlice API for ServiceExport controller

1. When the EndpointSlice is enabled, we should watch EndpointSlice API instead of Endpoint API to keep MC controller consistent with Antrea Agent implementation. So adding a new config item `enableEndpointSlice` to watch EndpointSlice API instead of Endpoint API. 2. Validate `endpointIPType` to allow 'PodIP' or 'ClusterIP' only. 3. Fix a typo Signed-off-by: Lan Luo <luola@vmware.com>
antrea-io · May 23, 2023 · 74a63f6 · 74a63f6
1 parent e8ad818
commit 74a63f6
Show file tree

Hide file tree

Showing 18 changed files with 450 additions and 103 deletions.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -188,7 +188,7 @@ Here are the trigger phrases for individual checks:
 Here are the trigger phrases for groups of checks:
 
 * `/test-all`: Linux IPv4 tests
-* `/test-windows-all`: Windows IPv4 tests, including e2e tests with proxyAll enabled. It also includes all Containderd runtime based Windows tests since 1.10.0.
+* `/test-windows-all`: Windows IPv4 tests, including e2e tests with proxyAll enabled. It also includes all Containerd runtime based Windows tests since 1.10.0.
 * `/test-ipv6-all`: Linux dual stack tests
 * `/test-ipv6-only-all`: Linux IPv6 only tests
 

diff --git a/docs/antrea-proxy.md b/docs/antrea-proxy.md
@@ -121,7 +121,7 @@ Assuming you are following the steps we [documented](windows.md) to add Windows
 Nodes to your K8s cluster with Antrea, you will simply need to skip running
 kube-proxy:
 
-* Do not install or start the `kube-proxy` service [when using containderd as
+* Do not install or start the `kube-proxy` service [when using containerd as
   the container runtime](windows.md#installation-as-a-service-containerd-based-runtimes)
 * Do not create the `kube-proxy-windows` DaemonSet [when using Docker as the
   container runtime](windows.md#installation-via-wins-docker-based-runtimes)

diff --git a/multicluster/apis/multicluster/v1alpha1/multiclusterconfig_types.go b/multicluster/apis/multicluster/v1alpha1/multiclusterconfig_types.go
@@ -57,6 +57,9 @@ type MultiClusterConfig struct {
 	// ClusterSet and allow Antrea-native policies to select peers from other clusters
 	// in a ClusterSet.
 	EnableStretchedNetworkPolicy bool `json:"enableStretchedNetworkPolicy,omitempty"`
+	// Enable EndpointSlice to watch EndpointSlice changes only for exported Service, this is required
+	// when EndpointIPType is PodIP and CNI's EndpointSlice feature is enabled.
+	EnableEndpointSlice bool `json:"enableEndpointSlice,omitempty"`
 }
 
 func init() {

diff --git a/multicluster/build/yamls/antrea-multicluster-leader-namespaced.yml b/multicluster/build/yamls/antrea-multicluster-leader-namespaced.yml
@@ -324,6 +324,7 @@ data:
     gatewayIPPrecedence: "private"
     endpointIPType: "ClusterIP"
     enableStretchedNetworkPolicy: false
+    enableEndpointSlice: false
 kind: ConfigMap
 metadata:
   labels:
@@ -363,7 +364,7 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/config: 7eb0f1e65f7eb3e35b0739d6064b92b7621af0f4e41813c35bfdee71ceaefbe2
+        checksum/config: bcadbc5c432be6653173ef54e7512b86aa52b5a4f911de3f9793843f3e0e26e7
       labels:
         app: antrea
         component: antrea-mc-controller

diff --git a/multicluster/build/yamls/antrea-multicluster-member.yml b/multicluster/build/yamls/antrea-multicluster-member.yml
@@ -826,6 +826,14 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - discovery.k8s.io
+  resources:
+  - endpointslices
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - ""
   resources:
@@ -1065,6 +1073,7 @@ data:
     gatewayIPPrecedence: "private"
     endpointIPType: "ClusterIP"
     enableStretchedNetworkPolicy: false
+    enableEndpointSlice: false
 kind: ConfigMap
 metadata:
   labels:
@@ -1104,7 +1113,7 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/config: 7eb0f1e65f7eb3e35b0739d6064b92b7621af0f4e41813c35bfdee71ceaefbe2
+        checksum/config: bcadbc5c432be6653173ef54e7512b86aa52b5a4f911de3f9793843f3e0e26e7
       labels:
         app: antrea
         component: antrea-mc-controller

diff --git a/multicluster/cmd/multicluster-controller/member.go b/multicluster/cmd/multicluster-controller/member.go
@@ -77,7 +77,9 @@ func runMember(o *Options) error {
 		mgr.GetClient(),
 		mgr.GetScheme(),
 		commonAreaGetter,
-		o.EndpointIPType)
+		o.EndpointIPType,
+		o.EnableEndpointSlice,
+	)
 	if err = svcExportReconciler.SetupWithManager(mgr); err != nil {
 		return fmt.Errorf("error creating ServiceExport controller: %v", err)
 	}

diff --git a/multicluster/cmd/multicluster-controller/options.go b/multicluster/cmd/multicluster-controller/options.go
@@ -23,6 +23,7 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 
 	mcsv1alpha1 "antrea.io/antrea/multicluster/apis/multicluster/v1alpha1"
+	"antrea.io/antrea/multicluster/controllers/multicluster/common"
 )
 
 type Options struct {
@@ -43,6 +44,9 @@ type Options struct {
 	// Enable StretchedNetworkPolicy to exchange labelIdentities info among the whole
 	// ClusterSet.
 	EnableStretchedNetworkPolicy bool
+	// Enable EndpointSlice to watch EndpointSlice changes only for exported Service, this is required
+	// when EndpointIPType is PodIP and CNI's EndpointSlice feature is enabled.
+	EnableEndpointSlice bool
 }
 
 func newOptions() *Options {
@@ -82,11 +86,15 @@ func (o *Options) complete(args []string) error {
 		o.PodCIDRs = cidrs
 		o.GatewayIPPrecedence = ctrlConfig.GatewayIPPrecedence
 		if ctrlConfig.EndpointIPType == "" {
-			o.EndpointIPType = "ClusterIP"
+			o.EndpointIPType = common.EndpointIPTypeClusterIP
 		} else {
+			if ctrlConfig.EndpointIPType != common.EndpointIPTypeClusterIP && ctrlConfig.EndpointIPType != common.EndpointIPTypePodIP {
+				return fmt.Errorf("invalid endpointIPType: %s, only 'PodIP' or 'ClusterIP' is allowed", ctrlConfig.EndpointIPType)
+			}
 			o.EndpointIPType = ctrlConfig.EndpointIPType
 		}
 		o.EnableStretchedNetworkPolicy = ctrlConfig.EnableStretchedNetworkPolicy
+		o.EnableEndpointSlice = ctrlConfig.EnableEndpointSlice
 		klog.InfoS("Using config from file", "config", o.options)
 	} else {
 		klog.InfoS("Using default config", "config", o.options)

diff --git a/multicluster/cmd/multicluster-controller/options_test.go b/multicluster/cmd/multicluster-controller/options_test.go
@@ -68,6 +68,19 @@ func TestComplete(t *testing.T) {
 			},
 			exceptdErr: fmt.Errorf("failed to parse podCIDRs, invalid CIDR string 10.10a.0.0/16"),
 		},
+		{
+			name: "options with invalid endpointIPType",
+			o: Options{
+				configFile:          "./testdata/antrea-mc-config-with-invalid-endpointiptype.yml",
+				SelfSignedCert:      false,
+				options:             ctrl.Options{},
+				ServiceCIDR:         "10.100.0.0/16",
+				PodCIDRs:            nil,
+				GatewayIPPrecedence: "",
+				EndpointIPType:      "",
+			},
+			exceptdErr: fmt.Errorf("invalid endpointIPType: None, only 'PodIP' or 'ClusterIP' is allowed"),
+		},
 	}
 
 	for _, tt := range testCases {

diff --git a/...ter/cmd/multicluster-controller/testdata/antrea-mc-config-with-invalid-endpointiptype.yml b/...ter/cmd/multicluster-controller/testdata/antrea-mc-config-with-invalid-endpointiptype.yml
@@ -0,0 +1,16 @@
+apiVersion: multicluster.crd.antrea.io/v1alpha1
+kind: MultiClusterConfig
+health:
+  healthProbeBindAddress: :8080
+metrics:
+  bindAddress: "0"
+webhook:
+  port: 9443
+leaderElection:
+  leaderElect: false
+serviceCIDR: ""
+podCIDRs:
+  - "10.10.0.0/16"
+  - ""
+gatewayIPPrecedence: "private"
+endpointIPType: "None"
diff --git a/multicluster/config/default/configmap/controller_manager_config.yaml b/multicluster/config/default/configmap/controller_manager_config.yaml
@@ -14,3 +14,4 @@ podCIDRs:
 gatewayIPPrecedence: "private"
 endpointIPType: "ClusterIP"
 enableStretchedNetworkPolicy: false
+enableEndpointSlice: false
diff --git a/multicluster/config/overlays/member/role.yaml b/multicluster/config/overlays/member/role.yaml
@@ -38,6 +38,14 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - discovery.k8s.io
+  resources:
+  - endpointslices
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - ""
   resources:

diff --git a/multicluster/config/rbac/role.yaml b/multicluster/config/rbac/role.yaml
@@ -63,6 +63,14 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - discovery.k8s.io
+  resources:
+  - endpointslices
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - multicluster.crd.antrea.io
   resources:

diff --git a/multicluster/controllers/multicluster/common/test_data.go b/multicluster/controllers/multicluster/common/test_data.go
@@ -67,7 +67,7 @@ var (
 		IP:       "192.168.17.12",
 		Hostname: "pod1",
 	}
-	epPorts80 = []corev1.EndpointPort{
+	EPPorts80 = []corev1.EndpointPort{
 		{
 			Name:     "http",
 			Port:     80,
@@ -79,15 +79,15 @@ var (
 			Addresses: []corev1.EndpointAddress{
 				addr1,
 			},
-			Ports: epPorts80,
+			Ports: EPPorts80,
 		},
 	}
 	EPNginxSubset2 = []corev1.EndpointSubset{
 		{
 			Addresses: []corev1.EndpointAddress{
 				addr2,
 			},
-			Ports: epPorts80,
+			Ports: EPPorts80,
 		},
 	}
 	EPNginx = &corev1.Endpoints{

diff --git a/multicluster/controllers/multicluster/common/types.go b/multicluster/controllers/multicluster/common/types.go
@@ -31,4 +31,7 @@ const (
 	InvalidClusterSetID = ClusterSetID("invalid")
 
 	DefaultWorkerCount = 5
+
+	EndpointIPTypeClusterIP = "ClusterIP"
+	EndpointIPTypePodIP     = "PodIP"
 )