Implement the CLI for antrea

[weiqiangt]

Describe what you are trying to solve

There is no CLI for antrea, but there are needs of a CLI to inspect antrea.

Describe the solution you have in mind

There should be a cross-platform CLI client, called antctl maybe, provides well-organized commands with verbosity helps and examples. It should work like other CLIs in the community, e.g. kubectl and docker.
Before implementing the antctl, we should first implement a general framework for it, because the implementation of each command is generally the same: defining command, implementing input and flags, implementing retrievement and implementing the output formatter, a framework could help us to reduce these trivial works.

Describe how your solution impacts user flows

Users could use antctl to access status of different antrea components.

To access the status of an agent, user could run antctl in the antrea-agent container of the antrea-agent pod.

To access the status of the controller, users could either run antctl in the controller pod or anywhere that can access to the kubernetes cluster.

In conclusion, the agent is only able to be accessed in its container, the controller is able to be accessed both in its container and somewhere out of the cluster.

antctl should be packed into the antrea/antrea-ubuntu image, then users could use it directly.

For remote accessing to antrea controller, we should provide antctl binaries for both macOS, Linux and Windows. antctl binaries should also be published in each release.

Describe the main design/architecture of your solution

According to the desired user flows, the antctl server should be accessed in two mode: local mode and remote mode.

Because both client and server reside in the same pod, in local mode we don't need to do any AA work. It's a pure C/S workflow.

workflow of the local mode:

In remote mode, the client is in somewhere out of the cluster, thus we need to have access control. In Kubernetes, developers could add extension API server to extend APIs of the clusters. The Kubernetes API server can also delegate the authentication and authorization of the requests to extension API servers. The antrea controller contains a extension API server, we can leverage it to implement the antctl server. By using RBAC provides by Kubernetes, we can set access controls of antctl requests and exist requests seperatly on the same extension API server.

workflow of the remote mode:

To reduce redandunt definitons of commands, we should have an universal antctl definition which could be applied to both the client side and the server side.

    
                |-------------------|   apply     |-------------------|
                | antctl definition |-----------> |   antctl client   |
                |-------------------|  |          |-------------------|
                                       |
                                       |          |-------------------|
                                        \-------> |   antctl server   |
                                                  |-------------------|
                                                  

There are many CLI libs provides in Go community, Cobra is the most popular one. Both kubectl and docker are built upon it. In antctl, we can implement our command definition based on Cobra's.

Alternative solutions that you considered

None.

Test plan

In this proposal, a CLI framework and a minimum antctl are expected. thus we also need add new e2e test to cover this new component.

In e2e test, we should ensure the access controls and command flag configurations works properly.

Additional context

None.

[antoninbas]

As discussed at the 12/18/2019 community meeting, we are moving this out of the 0.2.0 release.