Skip to content

Commit

Permalink
Add packetcapture feature (antrea-io#5443)
Browse files Browse the repository at this point in the history
Introduced a new CRD called PacketCapture, which allow users
to configure capture options on target traffic. If a file server
is specified, the result pcap file will be uploaded. The pcap
file can be inspected by tools like wireshark or tcpdump.

Signed-off-by: Hang Yan <yhang@vmware.com>
Co-authored-by: Quan Tian <quan.tian@broadcom.com>
Co-authored-by: Lan <luola@vmware.com>
Co-authored-by: Antonin Bas <antonin.bas@gmail.com>
  • Loading branch information
4 people committed Nov 8, 2024
1 parent 615cecb commit 402639b
Show file tree
Hide file tree
Showing 26 changed files with 2,858 additions and 24 deletions.
5 changes: 4 additions & 1 deletion build/charts/antrea/conf/antrea-agent.conf
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,12 @@ featureGates:
# be enabled, otherwise this flag will not take effect.
{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "CleanupStaleUDPSvcConntrack" "default" true) }}

# Enable traceflow which provides packet tracing feature to diagnose network issue.
# Enable Traceflow which provides packet tracing feature to diagnose network issue.
{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "Traceflow" "default" true) }}

# Enable PacketCapture feature which supports capturing packets to diagnose network issues.
{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "PacketCapture" "default" false) }}

# Enable NodePortLocal feature to make the Pods reachable externally through NodePort
{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "NodePortLocal" "default" true) }}

Expand Down
2 changes: 1 addition & 1 deletion build/charts/antrea/crds/packetcapture.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -160,7 +160,7 @@ spec:
properties:
url:
type: string
pattern: 's{0,1}ftps{0,1}:\/\/[\w-_./]+:\d+'
pattern: 'sftps{0,1}:\/\/[\w-_./]+:\d+'
status:
type: object
properties:
Expand Down
15 changes: 15 additions & 0 deletions build/charts/antrea/templates/agent/clusterrole.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,20 @@ rules:
- patch
- create
- delete
- apiGroups:
- crd.antrea.io
resources:
- packetcaptures
verbs:
- get
- watch
- list
- apiGroups:
- crd.antrea.io
resources:
- packetcaptures/status
verbs:
- update
- apiGroups:
- crd.antrea.io
resources:
Expand Down Expand Up @@ -241,6 +255,7 @@ rules:
- secrets
resourceNames:
- antrea-bgp-passwords
- antrea-packetcapture-fileserver-auth
verbs:
- get
- list
Expand Down
26 changes: 22 additions & 4 deletions build/yamls/antrea-aks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3060,7 +3060,7 @@ spec:
properties:
url:
type: string
pattern: 's{0,1}ftps{0,1}:\/\/[\w-_./]+:\d+'
pattern: 'sftps{0,1}:\/\/[\w-_./]+:\d+'
status:
type: object
properties:
Expand Down Expand Up @@ -3967,9 +3967,12 @@ data:
# be enabled, otherwise this flag will not take effect.
# CleanupStaleUDPSvcConntrack: true
# Enable traceflow which provides packet tracing feature to diagnose network issue.
# Enable Traceflow which provides packet tracing feature to diagnose network issue.
# Traceflow: true
# Enable PacketCapture feature which supports capturing packets to diagnose network issues.
# PacketCapture: false
# Enable NodePortLocal feature to make the Pods reachable externally through NodePort
# NodePortLocal: true
Expand Down Expand Up @@ -4672,6 +4675,20 @@ rules:
- patch
- create
- delete
- apiGroups:
- crd.antrea.io
resources:
- packetcaptures
verbs:
- get
- watch
- list
- apiGroups:
- crd.antrea.io
resources:
- packetcaptures/status
verbs:
- update
- apiGroups:
- crd.antrea.io
resources:
Expand Down Expand Up @@ -4753,6 +4770,7 @@ rules:
- secrets
resourceNames:
- antrea-bgp-passwords
- antrea-packetcapture-fileserver-auth
verbs:
- get
- list
Expand Down Expand Up @@ -5365,7 +5383,7 @@ spec:
kubectl.kubernetes.io/default-container: antrea-agent
# Automatically restart Pods with a RollingUpdate if the ConfigMap changes
# See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
checksum/config: 4325a243ab510df539883b6384a30cf8b04ff862796444a6c5c10999159479c5
checksum/config: e2d1d8af083c88667ac4c22c87dea63e595b2f4f770190c32afb00c480440fe3
labels:
app: antrea
component: antrea-agent
Expand Down Expand Up @@ -5603,7 +5621,7 @@ spec:
annotations:
# Automatically restart Pod if the ConfigMap changes
# See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
checksum/config: 4325a243ab510df539883b6384a30cf8b04ff862796444a6c5c10999159479c5
checksum/config: e2d1d8af083c88667ac4c22c87dea63e595b2f4f770190c32afb00c480440fe3
labels:
app: antrea
component: antrea-controller
Expand Down
2 changes: 1 addition & 1 deletion build/yamls/antrea-crds.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3033,7 +3033,7 @@ spec:
properties:
url:
type: string
pattern: 's{0,1}ftps{0,1}:\/\/[\w-_./]+:\d+'
pattern: 'sftps{0,1}:\/\/[\w-_./]+:\d+'
status:
type: object
properties:
Expand Down
26 changes: 22 additions & 4 deletions build/yamls/antrea-eks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3060,7 +3060,7 @@ spec:
properties:
url:
type: string
pattern: 's{0,1}ftps{0,1}:\/\/[\w-_./]+:\d+'
pattern: 'sftps{0,1}:\/\/[\w-_./]+:\d+'
status:
type: object
properties:
Expand Down Expand Up @@ -3967,9 +3967,12 @@ data:
# be enabled, otherwise this flag will not take effect.
# CleanupStaleUDPSvcConntrack: true
# Enable traceflow which provides packet tracing feature to diagnose network issue.
# Enable Traceflow which provides packet tracing feature to diagnose network issue.
# Traceflow: true
# Enable PacketCapture feature which supports capturing packets to diagnose network issues.
# PacketCapture: false
# Enable NodePortLocal feature to make the Pods reachable externally through NodePort
# NodePortLocal: true
Expand Down Expand Up @@ -4672,6 +4675,20 @@ rules:
- patch
- create
- delete
- apiGroups:
- crd.antrea.io
resources:
- packetcaptures
verbs:
- get
- watch
- list
- apiGroups:
- crd.antrea.io
resources:
- packetcaptures/status
verbs:
- update
- apiGroups:
- crd.antrea.io
resources:
Expand Down Expand Up @@ -4753,6 +4770,7 @@ rules:
- secrets
resourceNames:
- antrea-bgp-passwords
- antrea-packetcapture-fileserver-auth
verbs:
- get
- list
Expand Down Expand Up @@ -5365,7 +5383,7 @@ spec:
kubectl.kubernetes.io/default-container: antrea-agent
# Automatically restart Pods with a RollingUpdate if the ConfigMap changes
# See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
checksum/config: 4325a243ab510df539883b6384a30cf8b04ff862796444a6c5c10999159479c5
checksum/config: e2d1d8af083c88667ac4c22c87dea63e595b2f4f770190c32afb00c480440fe3
labels:
app: antrea
component: antrea-agent
Expand Down Expand Up @@ -5604,7 +5622,7 @@ spec:
annotations:
# Automatically restart Pod if the ConfigMap changes
# See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
checksum/config: 4325a243ab510df539883b6384a30cf8b04ff862796444a6c5c10999159479c5
checksum/config: e2d1d8af083c88667ac4c22c87dea63e595b2f4f770190c32afb00c480440fe3
labels:
app: antrea
component: antrea-controller
Expand Down
26 changes: 22 additions & 4 deletions build/yamls/antrea-gke.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3060,7 +3060,7 @@ spec:
properties:
url:
type: string
pattern: 's{0,1}ftps{0,1}:\/\/[\w-_./]+:\d+'
pattern: 'sftps{0,1}:\/\/[\w-_./]+:\d+'
status:
type: object
properties:
Expand Down Expand Up @@ -3967,9 +3967,12 @@ data:
# be enabled, otherwise this flag will not take effect.
# CleanupStaleUDPSvcConntrack: true
# Enable traceflow which provides packet tracing feature to diagnose network issue.
# Enable Traceflow which provides packet tracing feature to diagnose network issue.
# Traceflow: true
# Enable PacketCapture feature which supports capturing packets to diagnose network issues.
# PacketCapture: false
# Enable NodePortLocal feature to make the Pods reachable externally through NodePort
# NodePortLocal: true
Expand Down Expand Up @@ -4672,6 +4675,20 @@ rules:
- patch
- create
- delete
- apiGroups:
- crd.antrea.io
resources:
- packetcaptures
verbs:
- get
- watch
- list
- apiGroups:
- crd.antrea.io
resources:
- packetcaptures/status
verbs:
- update
- apiGroups:
- crd.antrea.io
resources:
Expand Down Expand Up @@ -4753,6 +4770,7 @@ rules:
- secrets
resourceNames:
- antrea-bgp-passwords
- antrea-packetcapture-fileserver-auth
verbs:
- get
- list
Expand Down Expand Up @@ -5365,7 +5383,7 @@ spec:
kubectl.kubernetes.io/default-container: antrea-agent
# Automatically restart Pods with a RollingUpdate if the ConfigMap changes
# See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
checksum/config: f5cf00de39a27790a7e158a3eca79123de415b3b09d389ac984b74027bbfaade
checksum/config: 7e42a403d388e2ed556d9b41f4af83917eadd0863d4e2bef67353f5adb2ef6c3
labels:
app: antrea
component: antrea-agent
Expand Down Expand Up @@ -5601,7 +5619,7 @@ spec:
annotations:
# Automatically restart Pod if the ConfigMap changes
# See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
checksum/config: f5cf00de39a27790a7e158a3eca79123de415b3b09d389ac984b74027bbfaade
checksum/config: 7e42a403d388e2ed556d9b41f4af83917eadd0863d4e2bef67353f5adb2ef6c3
labels:
app: antrea
component: antrea-controller
Expand Down
26 changes: 22 additions & 4 deletions build/yamls/antrea-ipsec.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3060,7 +3060,7 @@ spec:
properties:
url:
type: string
pattern: 's{0,1}ftps{0,1}:\/\/[\w-_./]+:\d+'
pattern: 'sftps{0,1}:\/\/[\w-_./]+:\d+'
status:
type: object
properties:
Expand Down Expand Up @@ -3980,9 +3980,12 @@ data:
# be enabled, otherwise this flag will not take effect.
# CleanupStaleUDPSvcConntrack: true
# Enable traceflow which provides packet tracing feature to diagnose network issue.
# Enable Traceflow which provides packet tracing feature to diagnose network issue.
# Traceflow: true
# Enable PacketCapture feature which supports capturing packets to diagnose network issues.
# PacketCapture: false
# Enable NodePortLocal feature to make the Pods reachable externally through NodePort
# NodePortLocal: true
Expand Down Expand Up @@ -4685,6 +4688,20 @@ rules:
- patch
- create
- delete
- apiGroups:
- crd.antrea.io
resources:
- packetcaptures
verbs:
- get
- watch
- list
- apiGroups:
- crd.antrea.io
resources:
- packetcaptures/status
verbs:
- update
- apiGroups:
- crd.antrea.io
resources:
Expand Down Expand Up @@ -4766,6 +4783,7 @@ rules:
- secrets
resourceNames:
- antrea-bgp-passwords
- antrea-packetcapture-fileserver-auth
verbs:
- get
- list
Expand Down Expand Up @@ -5378,7 +5396,7 @@ spec:
kubectl.kubernetes.io/default-container: antrea-agent
# Automatically restart Pods with a RollingUpdate if the ConfigMap changes
# See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
checksum/config: 9e94f199d125877d889ba73e053c95b342e89323d0423cde074ae074df379494
checksum/config: 7d8b0a065c3db85e34e127fdf38b820b32712657900e3f8fe2703d4310c40632
checksum/ipsec-secret: d0eb9c52d0cd4311b6d252a951126bf9bea27ec05590bed8a394f0f792dcb2a4
labels:
app: antrea
Expand Down Expand Up @@ -5660,7 +5678,7 @@ spec:
annotations:
# Automatically restart Pod if the ConfigMap changes
# See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
checksum/config: 9e94f199d125877d889ba73e053c95b342e89323d0423cde074ae074df379494
checksum/config: 7d8b0a065c3db85e34e127fdf38b820b32712657900e3f8fe2703d4310c40632
labels:
app: antrea
component: antrea-controller
Expand Down
Loading

0 comments on commit 402639b

Please sign in to comment.