Skip to content

Commit

Permalink
Support NodeLocal DNSCache with AntreaProxy
Browse files Browse the repository at this point in the history
Resolves #2137

Signed-off-by: Lan Luo <[email protected]>
  • Loading branch information
luolanzone committed Oct 19, 2021
1 parent 95e836d commit 4cae243
Show file tree
Hide file tree
Showing 14 changed files with 175 additions and 62 deletions.
12 changes: 8 additions & 4 deletions build/yamls/antrea-aks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3948,6 +3948,10 @@ data:
# (e.g. 1.2.3.0/24, 1.2.3.4/32). An empty string slice is meant to select all host IPv4/IPv6 addresses.
# Note that the option is only valid when proxyAll is true.
#nodePortAddresses: []
# An array of string values to specify a list of Services which should be ignored by AntreaProxy (traffic to these
# Services will not be load-balanced). Values can be a valid ClusterIP (e.g. 10.11.1.2) or a Service name
# with Namespace (e.g. kube-system/kube-dns)
#skipServices: []
antrea-cni.conflist: |
{
"cniVersion":"0.3.0",
Expand Down Expand Up @@ -4054,7 +4058,7 @@ metadata:
annotations: {}
labels:
app: antrea
name: antrea-config-b72h88gb7b
name: antrea-config-4d7ch86gch
namespace: kube-system
---
apiVersion: v1
Expand Down Expand Up @@ -4125,7 +4129,7 @@ spec:
fieldRef:
fieldPath: spec.serviceAccountName
- name: ANTREA_CONFIG_MAP_NAME
value: antrea-config-b72h88gb7b
value: antrea-config-4d7ch86gch
image: projects.registry.vmware.com/antrea/antrea-ubuntu:latest
imagePullPolicy: IfNotPresent
livenessProbe:
Expand Down Expand Up @@ -4176,7 +4180,7 @@ spec:
key: node-role.kubernetes.io/master
volumes:
- configMap:
name: antrea-config-b72h88gb7b
name: antrea-config-4d7ch86gch
name: antrea-config
- name: antrea-controller-tls
secret:
Expand Down Expand Up @@ -4457,7 +4461,7 @@ spec:
operator: Exists
volumes:
- configMap:
name: antrea-config-b72h88gb7b
name: antrea-config-4d7ch86gch
name: antrea-config
- hostPath:
path: /etc/cni/net.d
Expand Down
12 changes: 8 additions & 4 deletions build/yamls/antrea-eks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3948,6 +3948,10 @@ data:
# (e.g. 1.2.3.0/24, 1.2.3.4/32). An empty string slice is meant to select all host IPv4/IPv6 addresses.
# Note that the option is only valid when proxyAll is true.
#nodePortAddresses: []
# An array of string values to specify a list of Services which should be ignored by AntreaProxy (traffic to these
# Services will not be load-balanced). Values can be a valid ClusterIP (e.g. 10.11.1.2) or a Service name
# with Namespace (e.g. kube-system/kube-dns)
#skipServices: []
antrea-cni.conflist: |
{
"cniVersion":"0.3.0",
Expand Down Expand Up @@ -4054,7 +4058,7 @@ metadata:
annotations: {}
labels:
app: antrea
name: antrea-config-b72h88gb7b
name: antrea-config-4d7ch86gch
namespace: kube-system
---
apiVersion: v1
Expand Down Expand Up @@ -4125,7 +4129,7 @@ spec:
fieldRef:
fieldPath: spec.serviceAccountName
- name: ANTREA_CONFIG_MAP_NAME
value: antrea-config-b72h88gb7b
value: antrea-config-4d7ch86gch
image: projects.registry.vmware.com/antrea/antrea-ubuntu:latest
imagePullPolicy: IfNotPresent
livenessProbe:
Expand Down Expand Up @@ -4176,7 +4180,7 @@ spec:
key: node-role.kubernetes.io/master
volumes:
- configMap:
name: antrea-config-b72h88gb7b
name: antrea-config-4d7ch86gch
name: antrea-config
- name: antrea-controller-tls
secret:
Expand Down Expand Up @@ -4459,7 +4463,7 @@ spec:
operator: Exists
volumes:
- configMap:
name: antrea-config-b72h88gb7b
name: antrea-config-4d7ch86gch
name: antrea-config
- hostPath:
path: /etc/cni/net.d
Expand Down
12 changes: 8 additions & 4 deletions build/yamls/antrea-gke.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3948,6 +3948,10 @@ data:
# (e.g. 1.2.3.0/24, 1.2.3.4/32). An empty string slice is meant to select all host IPv4/IPv6 addresses.
# Note that the option is only valid when proxyAll is true.
#nodePortAddresses: []
# An array of string values to specify a list of Services which should be ignored by AntreaProxy (traffic to these
# Services will not be load-balanced). Values can be a valid ClusterIP (e.g. 10.11.1.2) or a Service name
# with Namespace (e.g. kube-system/kube-dns)
#skipServices: []
antrea-cni.conflist: |
{
"cniVersion":"0.3.0",
Expand Down Expand Up @@ -4054,7 +4058,7 @@ metadata:
annotations: {}
labels:
app: antrea
name: antrea-config-hfkckg6t57
name: antrea-config-ct7fm8k579
namespace: kube-system
---
apiVersion: v1
Expand Down Expand Up @@ -4125,7 +4129,7 @@ spec:
fieldRef:
fieldPath: spec.serviceAccountName
- name: ANTREA_CONFIG_MAP_NAME
value: antrea-config-hfkckg6t57
value: antrea-config-ct7fm8k579
image: projects.registry.vmware.com/antrea/antrea-ubuntu:latest
imagePullPolicy: IfNotPresent
livenessProbe:
Expand Down Expand Up @@ -4176,7 +4180,7 @@ spec:
key: node-role.kubernetes.io/master
volumes:
- configMap:
name: antrea-config-hfkckg6t57
name: antrea-config-ct7fm8k579
name: antrea-config
- name: antrea-controller-tls
secret:
Expand Down Expand Up @@ -4460,7 +4464,7 @@ spec:
path: /home/kubernetes/bin
name: host-cni-bin
- configMap:
name: antrea-config-hfkckg6t57
name: antrea-config-ct7fm8k579
name: antrea-config
- hostPath:
path: /etc/cni/net.d
Expand Down
12 changes: 8 additions & 4 deletions build/yamls/antrea-ipsec.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3953,6 +3953,10 @@ data:
# (e.g. 1.2.3.0/24, 1.2.3.4/32). An empty string slice is meant to select all host IPv4/IPv6 addresses.
# Note that the option is only valid when proxyAll is true.
#nodePortAddresses: []
# An array of string values to specify a list of Services which should be ignored by AntreaProxy (traffic to these
# Services will not be load-balanced). Values can be a valid ClusterIP (e.g. 10.11.1.2) or a Service name
# with Namespace (e.g. kube-system/kube-dns)
#skipServices: []
antrea-cni.conflist: |
{
"cniVersion":"0.3.0",
Expand Down Expand Up @@ -4059,7 +4063,7 @@ metadata:
annotations: {}
labels:
app: antrea
name: antrea-config-4f28b82tdt
name: antrea-config-7tm5f22tt7
namespace: kube-system
---
apiVersion: v1
Expand Down Expand Up @@ -4139,7 +4143,7 @@ spec:
fieldRef:
fieldPath: spec.serviceAccountName
- name: ANTREA_CONFIG_MAP_NAME
value: antrea-config-4f28b82tdt
value: antrea-config-7tm5f22tt7
image: projects.registry.vmware.com/antrea/antrea-ubuntu:latest
imagePullPolicy: IfNotPresent
livenessProbe:
Expand Down Expand Up @@ -4190,7 +4194,7 @@ spec:
key: node-role.kubernetes.io/master
volumes:
- configMap:
name: antrea-config-4f28b82tdt
name: antrea-config-7tm5f22tt7
name: antrea-config
- name: antrea-controller-tls
secret:
Expand Down Expand Up @@ -4506,7 +4510,7 @@ spec:
operator: Exists
volumes:
- configMap:
name: antrea-config-4f28b82tdt
name: antrea-config-7tm5f22tt7
name: antrea-config
- hostPath:
path: /etc/cni/net.d
Expand Down
12 changes: 8 additions & 4 deletions build/yamls/antrea.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3953,6 +3953,10 @@ data:
# (e.g. 1.2.3.0/24, 1.2.3.4/32). An empty string slice is meant to select all host IPv4/IPv6 addresses.
# Note that the option is only valid when proxyAll is true.
#nodePortAddresses: []
# An array of string values to specify a list of Services which should be ignored by AntreaProxy (traffic to these
# Services will not be load-balanced). Values can be a valid ClusterIP (e.g. 10.11.1.2) or a Service name
# with Namespace (e.g. kube-system/kube-dns)
#skipServices: []
antrea-cni.conflist: |
{
"cniVersion":"0.3.0",
Expand Down Expand Up @@ -4059,7 +4063,7 @@ metadata:
annotations: {}
labels:
app: antrea
name: antrea-config-bmthb2m52d
name: antrea-config-4g55dbc872
namespace: kube-system
---
apiVersion: v1
Expand Down Expand Up @@ -4130,7 +4134,7 @@ spec:
fieldRef:
fieldPath: spec.serviceAccountName
- name: ANTREA_CONFIG_MAP_NAME
value: antrea-config-bmthb2m52d
value: antrea-config-4g55dbc872
image: projects.registry.vmware.com/antrea/antrea-ubuntu:latest
imagePullPolicy: IfNotPresent
livenessProbe:
Expand Down Expand Up @@ -4181,7 +4185,7 @@ spec:
key: node-role.kubernetes.io/master
volumes:
- configMap:
name: antrea-config-bmthb2m52d
name: antrea-config-4g55dbc872
name: antrea-config
- name: antrea-controller-tls
secret:
Expand Down Expand Up @@ -4462,7 +4466,7 @@ spec:
operator: Exists
volumes:
- configMap:
name: antrea-config-bmthb2m52d
name: antrea-config-4g55dbc872
name: antrea-config
- hostPath:
path: /etc/cni/net.d
Expand Down
4 changes: 4 additions & 0 deletions build/yamls/base/conf/antrea-agent.conf
Original file line number Diff line number Diff line change
Expand Up @@ -190,3 +190,7 @@ antreaProxy:
# (e.g. 1.2.3.0/24, 1.2.3.4/32). An empty string slice is meant to select all host IPv4/IPv6 addresses.
# Note that the option is only valid when proxyAll is true.
#nodePortAddresses: []
# An array of string values to specify a list of Services which should be ignored by AntreaProxy (traffic to these
# Services will not be load-balanced). Values can be a valid ClusterIP (e.g. 10.11.1.2) or a Service name
# with Namespace (e.g. kube-system/kube-dns)
#skipServices: []
7 changes: 4 additions & 3 deletions cmd/antrea-agent/agent.go
Original file line number Diff line number Diff line change
Expand Up @@ -203,14 +203,15 @@ func run(o *Options) error {
v4Enabled := config.IsIPv4Enabled(nodeConfig, networkConfig.TrafficEncapMode)
v6Enabled := config.IsIPv6Enabled(nodeConfig, networkConfig.TrafficEncapMode)
proxyAll := o.config.AntreaProxy.ProxyAll
skipServices := o.config.AntreaProxy.SkipServices

switch {
case v4Enabled && v6Enabled:
proxier = proxy.NewDualStackProxier(nodeConfig.Name, informerFactory, ofClient, routeClient, nodePortAddressesIPv4, nodePortAddressesIPv6, proxyAll)
proxier = proxy.NewDualStackProxier(nodeConfig.Name, informerFactory, ofClient, routeClient, nodePortAddressesIPv4, nodePortAddressesIPv6, proxyAll, skipServices)
case v4Enabled:
proxier = proxy.NewProxier(nodeConfig.Name, informerFactory, ofClient, false, routeClient, nodePortAddressesIPv4, proxyAll)
proxier = proxy.NewProxier(nodeConfig.Name, informerFactory, ofClient, false, routeClient, nodePortAddressesIPv4, proxyAll, skipServices)
case v6Enabled:
proxier = proxy.NewProxier(nodeConfig.Name, informerFactory, ofClient, true, routeClient, nodePortAddressesIPv6, proxyAll)
proxier = proxy.NewProxier(nodeConfig.Name, informerFactory, ofClient, true, routeClient, nodePortAddressesIPv6, proxyAll, skipServices)
default:
return fmt.Errorf("at least one of IPv4 or IPv6 should be enabled")
}
Expand Down
4 changes: 4 additions & 0 deletions cmd/antrea-agent/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -186,6 +186,10 @@ type AntreaProxyConfig struct {
// A string array of values which specifies the host IPv4/IPv6 addresses for NodePorts. Values may be valid IP blocks.
// (e.g. 1.2.3.0/24, 1.2.3.4/32). An empty string slice is meant to select all host IPv4/IPv6 addresses.
NodePortAddresses []string `yaml:"nodePortAddresses,omitempty"`
// An array of string values to specify a list of Services which should be ignored by AntreaProxy (traffic to these
// Services will not be load-balanced). Values can be a valid ClusterIP (e.g. 10.11.1.2) or a Service name
// with Namespace (e.g. kube-system/kube-dns)
SkipServices []string `yaml:"skipServices,omitempty"`
}

type WireGuardConfig struct {
Expand Down
4 changes: 4 additions & 0 deletions cmd/antrea-agent/options.go
Original file line number Diff line number Diff line change
Expand Up @@ -232,6 +232,10 @@ func (o *Options) setDefaults() {
}

func (o *Options) validateAntreaProxyConfig() error {
if !features.DefaultFeatureGate.Enabled(features.AntreaProxy) && len(o.config.AntreaProxy.SkipServices) > 0 {
klog.InfoS("skipServices will be ignored because AntreaProxy is disabled", "skipServices", o.config.AntreaProxy.SkipServices)
}

if o.config.AntreaProxy.ProxyAll {
for _, nodePortAddress := range o.config.AntreaProxy.NodePortAddresses {
if _, _, err := net.ParseCIDR(nodePortAddress); err != nil {
Expand Down
12 changes: 7 additions & 5 deletions pkg/agent/proxy/proxier.go
Original file line number Diff line number Diff line change
Expand Up @@ -782,7 +782,8 @@ func NewProxier(
isIPv6 bool,
routeClient route.Interface,
nodePortAddresses []net.IP,
proxyAllEnabled bool) *proxier {
proxyAllEnabled bool,
skipServices []string) *proxier {
recorder := record.NewBroadcaster().NewRecorder(
runtime.NewScheme(),
corev1.EventSource{Component: componentName, Host: hostname},
Expand All @@ -800,7 +801,7 @@ func NewProxier(
endpointsConfig: config.NewEndpointsConfig(informerFactory.Core().V1().Endpoints(), resyncPeriod),
serviceConfig: config.NewServiceConfig(informerFactory.Core().V1().Services(), resyncPeriod),
endpointsChanges: newEndpointsChangesTracker(hostname, endpointSliceEnabled, isIPv6),
serviceChanges: newServiceChangesTracker(recorder, ipFamily),
serviceChanges: newServiceChangesTracker(recorder, ipFamily, skipServices),
serviceMap: k8sproxy.ServiceMap{},
serviceInstalledMap: k8sproxy.ServiceMap{},
endpointsInstalledMap: types.EndpointsMap{},
Expand Down Expand Up @@ -866,13 +867,14 @@ func NewDualStackProxier(
routeClient route.Interface,
nodePortAddressesIPv4 []net.IP,
nodePortAddressesIPv6 []net.IP,
proxyAllEnabled bool) *metaProxierWrapper {
proxyAllEnabled bool,
skipServices []string) *metaProxierWrapper {

// Create an IPv4 instance of the single-stack proxier.
ipv4Proxier := NewProxier(hostname, informerFactory, ofClient, false, routeClient, nodePortAddressesIPv4, proxyAllEnabled)
ipv4Proxier := NewProxier(hostname, informerFactory, ofClient, false, routeClient, nodePortAddressesIPv4, proxyAllEnabled, skipServices)

// Create an IPv6 instance of the single-stack proxier.
ipv6Proxier := NewProxier(hostname, informerFactory, ofClient, true, routeClient, nodePortAddressesIPv6, proxyAllEnabled)
ipv6Proxier := NewProxier(hostname, informerFactory, ofClient, true, routeClient, nodePortAddressesIPv6, proxyAllEnabled, skipServices)

// Create a meta-proxier that dispatch calls between the two
// single-stack proxier instances.
Expand Down
Loading

0 comments on commit 4cae243

Please sign in to comment.