Implement agent simulator as an independent bin (#1493)

This patch implements agent simulator as add an independent bin, it runs with kubemark which simulates kubelet, and mainly watches NetworkPolicies, AddressGroups and AppliedToGroups from antrea controller and prints the events of these resources to log. With agent simulator, we do not need to lauch large cluster for scale test. The agent simulator uses labels and nodeaffinity to disable antrea-agent/antrea-controller running on the simulated nodes, and we can add some taints to not allow other pods to run on simulated nodes. To use agent simulator, please refer to docs/antrea-agent-simulator.md.
antrea-io · Jan 13, 2021 · e6c87aa · e6c87aa
1 parent 11a38dd
commit e6c87aa
Show file tree

Hide file tree

Showing 12 changed files with 582 additions and 0 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -42,6 +42,23 @@ jobs:
         echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
         docker push antrea/antrea-ubuntu:latest
 
+  build-scale:
+    needs: check-changes
+    if: ${{ needs.check-changes.outputs.has_changes == 'yes' || github.event_name == 'push' }}
+    runs-on: [ubuntu-18.04]
+    steps:
+    - uses: actions/checkout@v2
+    - name: Build Antrea Agent Simulator Docker image
+      run: make build-scale-simulator
+    - name: Push Antrea Agent Simulator Docker image to registry
+      if: ${{ github.repository == 'vmware-tanzu/antrea' && github.event_name == 'push' && github.ref == 'refs/heads/master' }}
+      env:
+        DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+        DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+      run: |
+        echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
+        docker push antrea/antrea-ubuntu-simulator:latest
+
   build-windows:
     needs: check-changes
     if: ${{ needs.check-changes.outputs.has_changes == 'yes' || github.event_name == 'push' }}

diff --git a/Makefile b/Makefile
@@ -30,6 +30,11 @@ antrea-agent:
 	@mkdir -p $(BINDIR)
 	GOOS=linux $(GO) build -o $(BINDIR) $(GOFLAGS) -ldflags '$(LDFLAGS)' github.com/vmware-tanzu/antrea/cmd/antrea-agent
 
+.PHONY: antrea-agent-simulator
+antrea-agent-simulator:
+	@mkdir -p $(BINDIR)
+	GOOS=linux $(GO) build -o $(BINDIR) $(GOFLAGS) -ldflags '$(LDFLAGS)' github.com/vmware-tanzu/antrea/cmd/antrea-agent-simulator
+
 .PHONY: antrea-agent-instr-binary
 antrea-agent-instr-binary:
 	@mkdir -p $(BINDIR)
@@ -295,6 +300,12 @@ else
 endif
 	docker tag antrea/antrea-ubuntu-coverage:$(DOCKER_IMG_VERSION) antrea/antrea-ubuntu-coverage
 
+.PHONY: build-scale-simulator
+build-scale-simulator:
+	@echo "===> Building simulator bin and antrea-ubuntu-simulator image"
+	docker build -t antrea/antrea-ubuntu-simulator:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.simulator.build.ubuntu .
+	docker tag antrea/antrea-ubuntu-simulator:$(DOCKER_IMG_VERSION) antrea/antrea-ubuntu-simulator
+
 .PHONY: manifest
 manifest:
 	@echo "===> Generating dev manifest for Antrea <==="
@@ -307,6 +318,11 @@ manifest:
 	$(CURDIR)/hack/generate-manifest-windows.sh --mode dev > build/yamls/antrea-windows.yml
 	$(CURDIR)/hack/generate-manifest-flow-aggregator.sh --mode dev > build/yamls/flow-aggregator.yml
 
+.PHONY: manifest-scale
+manifest-scale:
+	@echo "===> Generating simulator manifest for Antrea <==="
+	$(CURDIR)/hack/generate-manifest.sh --mode dev --simulator > build/yamls/antrea-scale.yml
+
 .PHONY: manifest-coverage
 manifest-coverage:
 	$(CURDIR)/hack/generate-manifest.sh --mode dev --coverage > build/yamls/antrea-coverage.yml

diff --git a/build/images/Dockerfile.simulator.build.ubuntu b/build/images/Dockerfile.simulator.build.ubuntu
@@ -0,0 +1,22 @@
+FROM golang:1.15 as antrea-build
+
+WORKDIR /antrea
+
+COPY go.mod /antrea/go.mod
+
+RUN go mod download
+
+COPY . /antrea
+
+RUN make antrea-agent-simulator
+
+
+FROM ubuntu:20.04
+
+LABEL maintainer="Antrea <[email protected]>"
+LABEL description="The Docker image to deploy the Antrea simulator. "
+
+USER root
+
+COPY --from=antrea-build /antrea/bin/* /usr/local/bin/
+
diff --git a/build/yamls/patches/simulator/agentNodeAffinity.yml b/build/yamls/patches/simulator/agentNodeAffinity.yml
@@ -0,0 +1,16 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: antrea-agent
+spec:
+  template:
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: antrea/instance
+                    operator: NotIn
+                    values:
+                      - simulator
diff --git a/build/yamls/patches/simulator/antrea-agent-simulator.yml b/build/yamls/patches/simulator/antrea-agent-simulator.yml
@@ -0,0 +1,153 @@
+---
+apiVersion: v1
+data:
+  content.type: test-cluster
+kind: ConfigMap
+metadata:
+  name: node-configmap
+  namespace: kube-system
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: antrea-agent-simulator
+  namespace: kube-system
+spec:
+  podManagementPolicy: Parallel
+  replicas: 1
+  selector:
+    matchLabels:
+      app: antrea
+      component: antrea-agent-simulator
+  serviceName: antrea-agent-simulator
+  template:
+    metadata:
+      labels:
+        app: antrea
+        component: antrea-agent-simulator
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: antrea/instance
+                    operator: NotIn
+                    values:
+                      - simulator
+      serviceAccountName: antrea-agent
+      initContainers:
+      - name: init-inotify-limit
+        image: projects.registry.vmware.com/library/busybox:latest
+        command: ['sysctl', '-w', 'fs.inotify.max_user_instances=200']
+        securityContext:
+          privileged: true
+      volumes:
+      - name: kubeconfig-volume
+        secret:
+          secretName: kubeconfig
+      - name: logs-volume
+        hostPath:
+          path: /var/log
+      containers:
+      - name: simulator
+        image: projects.registry.vmware.com/antrea/antrea-ubuntu-simulator:latest
+        imagePullPolicy: IfNotPresent
+        command: ['/usr/local/bin/antrea-agent-simulator', '-v', '5']
+        env:
+          - name: POD_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.name
+          - name: POD_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+          - name: NODE_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.name
+        volumeMounts:
+        - name: kubeconfig-volume
+          mountPath: /kubeconfig
+          readOnly: true
+        - name: logs-volume
+          mountPath: /var/log
+      - name: hollow-kubelet
+        image: projects.registry.vmware.com/antrea/kubemark:v1.18.4
+        ports:
+        - containerPort: 4194
+        - containerPort: 10250
+        - containerPort: 10255
+        env:
+        - name: CONTENT_TYPE
+          valueFrom:
+            configMapKeyRef:
+              name: node-configmap
+              key: content.type
+        - name: NODE_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        command: [
+          "/kubemark",
+          "--morph=kubelet",
+          "--name=$(NODE_NAME)",
+          "--kubeconfig=/kubeconfig/admin.conf",
+          "$(CONTENT_TYPE)",
+          "--v=2",
+          "--log-file=/var/log/kubelet-$(NODE_NAME).log",
+          "--node-labels=antrea/instance=simulator",
+        ]
+        volumeMounts:
+        - name: kubeconfig-volume
+          mountPath: /kubeconfig
+          readOnly: true
+        - name: logs-volume
+          mountPath: /var/log
+        resources:
+          requests:
+            cpu: 20m
+            memory: 50M
+        securityContext:
+          privileged: true
+      - name: hollow-proxy
+        image: projects.registry.vmware.com/antrea/kubemark:v1.18.4
+        env:
+        - name: CONTENT_TYPE
+          valueFrom:
+            configMapKeyRef:
+              name: node-configmap
+              key: content.type
+        - name: NODE_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        command: [
+          "/kubemark",
+          "--morph=proxy",
+          "--name=$(NODE_NAME)",
+          "--use-real-proxier=false",
+          "--kubeconfig=/kubeconfig/admin.conf",
+          "$(CONTENT_TYPE)",
+          "--alsologtostderr",
+          "--v=2",
+          "--log-file=/var/log/kubelet-$(NODE_NAME).log"
+        ]
+        volumeMounts:
+        - name: kubeconfig-volume
+          mountPath: /kubeconfig
+          readOnly: true
+        - name: logs-volume
+          mountPath: /var/log
+        resources:
+          requests:
+            cpu: 20m
+            memory: 50M
+      tolerations:
+      - effect: NoExecute
+        key: node.kubernetes.io/unreachable
+        operator: Exists
+      - effect: NoExecute
+        key: node.kubernetes.io/not-ready
+        operator: Exists
diff --git a/build/yamls/patches/simulator/controllerNodeAffinity.yml b/build/yamls/patches/simulator/controllerNodeAffinity.yml
@@ -0,0 +1,16 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: antrea-controller
+spec:
+  template:
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: antrea/instance
+                    operator: NotIn
+                    values:
+                      - simulator
diff --git a/cmd/antrea-agent-simulator/main.go b/cmd/antrea-agent-simulator/main.go
@@ -0,0 +1,63 @@
+// Copyright 2021 Antrea Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// The simulator binary is responsible to run simulated nodes for antrea agent.
+// It watches NetworkPolicies, AddressGroups and AppliedToGroups from antrea
+// controller and prints the events of these resources to log.
+package main
+
+import (
+	"flag"
+	"os"
+
+	"github.com/spf13/cobra"
+	"k8s.io/component-base/logs"
+	"k8s.io/klog"
+
+	"github.com/vmware-tanzu/antrea/pkg/log"
+	"github.com/vmware-tanzu/antrea/pkg/version"
+)
+
+func main() {
+	logs.InitLogs()
+	defer logs.FlushLogs()
+
+	command := newSimulatorCommand()
+	if err := command.Execute(); err != nil {
+		logs.FlushLogs()
+		os.Exit(1)
+	}
+}
+
+func newSimulatorCommand() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:  "antrea-agent-simulator",
+		Long: "The Antrea agent simulator.",
+		Run: func(cmd *cobra.Command, args []string) {
+			log.InitLogFileLimits(cmd.Flags())
+
+			if err := run(); err != nil {
+				klog.Fatalf("Error running agent: %v", err)
+			}
+		},
+		Version: version.GetFullVersionWithRuntimeInfo(),
+	}
+
+	flags := cmd.Flags()
+	log.AddFlags(flags)
+
+	// Install log flags
+	flags.AddGoFlagSet(flag.CommandLine)
+	return cmd
+}