Remove EnableTLSConfig from antrea agent #2193

zyiou · 2021-05-19T17:14:02Z

As discussed, EnableTLSToFlowAggregator config is unnecessary for Flow Exporter. We can use tls in protocol of FlowCollectorAddr instead to enable encryption for communication between flow exporter to flow aggregator.

codecov-commenter · 2021-05-19T17:19:52Z

Codecov Report

Merging #2193 (39aa316) into main (fa54190) will increase coverage by 0.69%.
The diff coverage is 85.00%.

❗ Current head 39aa316 differs from pull request most recent head 0188cb4. Consider uploading reports for the commit 0188cb4 to get more accurate results

@@            Coverage Diff             @@
##             main    #2193      +/-   ##
==========================================
+ Coverage   60.92%   61.62%   +0.69%     
==========================================
  Files         273      273              
  Lines       20662    20663       +1     
==========================================
+ Hits        12589    12734     +145     
+ Misses       6752     6593     -159     
- Partials     1321     1336      +15

Flag	Coverage Δ
e2e-tests	`∅ <ø> (?)`
kind-e2e-tests	`52.56% <80.00%> (+0.75%)`	⬆️
unit-tests	`41.18% <5.00%> (-0.02%)`	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
pkg/agent/flowexporter/exporter/exporter.go	`76.31% <84.21%> (+1.06%)`	⬆️
pkg/util/flowexport/flowexport.go	`82.92% <100.00%> (ø)`
pkg/controller/networkpolicy/tier.go	`47.50% <0.00%> (-5.00%)`	⬇️
pkg/controller/traceflow/controller.go	`71.68% <0.00%> (ø)`
pkg/controller/networkpolicy/status_controller.go	`87.09% <0.00%> (+0.64%)`	⬆️
...ntroller/networkpolicy/networkpolicy_controller.go	`70.00% <0.00%> (+0.64%)`	⬆️
pkg/agent/openflow/pipeline.go	`71.14% <0.00%> (+1.03%)`	⬆️
...gent/controller/networkpolicy/status_controller.go	`75.34% <0.00%> (+2.73%)`	⬆️
...agent/controller/traceflow/traceflow_controller.go	`73.14% <0.00%> (+3.53%)`	⬆️
... and 6 more

srikartati · 2021-05-19T19:18:35Z

test/e2e/fixtures.go

@@ -189,6 +189,7 @@ func setupTestWithIPFIXCollector(tb testing.TB) (*TestData, bool, bool, error) {
 	}
 	if testOptions.providerName == "kind" {
 		// In Kind cluster, there are issues with DNS name resolution on worker nodes.
+		// We will skip TLS testing for Kind cluster because the server certificate is generated with Flow aggregator's DNS name


As part of Flow Aggregator windows support #2138, we are supporting cluster IP in the certificate. Can we enable the kind test with TLS?

Sure. updated

srikartati · 2021-05-19T19:20:03Z

build/yamls/base/conf/antrea-agent.conf

-# If no PROTO is given, we consider "tcp" as default. We support "tcp" and "udp"
-# L4 transport protocols.
-#flowCollectorAddr: "flow-aggregator.flow-aggregator.svc:4739:tcp"
+# If no PROTO is given, we consider "tls" as default. We support "tls", "tcp" and


We should change for windows yaml too.

srikartati

LGTM

antoninbas

Because this is still an Alpha feature, I am ok with just removing a config parameter like this.

zyiou · 2021-05-21T18:27:13Z

/test-all

zyiou · 2021-05-21T20:31:04Z

/test-e2e
/test-conformance
/test-networkpolicy
/test-windows-e2e

zyiou · 2021-05-21T22:06:58Z

/test-e2e
/test-conformance
/test-networkpolicy
/test-windows-e2e

srikartati

LGTM

zyiou force-pushed the zyiou/configTLS branch from ee1b769 to 13e1d79 Compare May 19, 2021 18:54

srikartati reviewed May 19, 2021

View reviewed changes

antoninbas self-requested a review May 19, 2021 23:21

zyiou force-pushed the zyiou/configTLS branch 2 times, most recently from 15d2585 to 39aa316 Compare May 21, 2021 06:30

srikartati previously approved these changes May 21, 2021

View reviewed changes

antoninbas previously approved these changes May 21, 2021

View reviewed changes

remove EnabelTLSConfig from antrea agent

0188cb4

zyiou dismissed stale reviews from antoninbas and srikartati via 0188cb4 May 21, 2021 21:01

zyiou force-pushed the zyiou/configTLS branch from 39aa316 to 0188cb4 Compare May 21, 2021 21:01

srikartati approved these changes May 22, 2021

View reviewed changes

srikartati merged commit 29f4deb into antrea-io:main May 22, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Remove EnableTLSConfig from antrea agent #2193

Remove EnableTLSConfig from antrea agent #2193

zyiou commented May 19, 2021

codecov-commenter commented May 19, 2021 •

edited

Loading

srikartati May 19, 2021

zyiou May 21, 2021

srikartati May 19, 2021 •

edited

Loading

srikartati left a comment

antoninbas left a comment

zyiou commented May 21, 2021

zyiou commented May 21, 2021

zyiou commented May 21, 2021

srikartati left a comment

Remove EnableTLSConfig from antrea agent #2193

Remove EnableTLSConfig from antrea agent #2193

Conversation

zyiou commented May 19, 2021

codecov-commenter commented May 19, 2021 • edited Loading

Codecov Report

srikartati May 19, 2021

Choose a reason for hiding this comment

zyiou May 21, 2021

Choose a reason for hiding this comment

srikartati May 19, 2021 • edited Loading

Choose a reason for hiding this comment

srikartati left a comment

Choose a reason for hiding this comment

antoninbas left a comment

Choose a reason for hiding this comment

zyiou commented May 21, 2021

zyiou commented May 21, 2021

zyiou commented May 21, 2021

srikartati left a comment

Choose a reason for hiding this comment

codecov-commenter commented May 19, 2021 •

edited

Loading

srikartati May 19, 2021 •

edited

Loading