Feature/externalnode #4110
Merged
Feature/externalnode #4110
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This change adds API definition for ExternalNode CRD and generates the corresponding client and yaml files. Signed-off-by: Mengdie Song <[email protected]>
1. Add feature gate for ExternalNode which enables running Agent on a VM or BM. 2. Support Agent running APIServer only on localhost if it is not running on cluster worker Node. 3. CNIServer is loaded only when Agent is running on cluster worker Node. 4. Use a seperate build directory to generate agent configrations for ExternalNode. Signed-off-by: wenyingd <[email protected]>
Add externalEntitySelector in ANP appliedTo field. ACNP is not supported for ExternalEntity yet. Signed-off-by: wenyingd <[email protected]>
As an ExternalEntity is generate according to one Interface defined in an ExternalNode, one InterfaceConfig is created for the ExternalEnity accordingly. For ExternalNode scenario, Antrea Agent should connect the host network interface to OVS as the uplink, and create a new host internal port to take the uplink's network configurations. An IntefaceConfig for ExteranlEntity uses the name of the host internal port, and maintains the OpenFlow ports of the OVS port pair. Signed-off-by: wenyingd <[email protected]>
…changes (#3687) 1. Antrea Controller watches ExternalNode CRUD and converts it to the corresponding ExternalEntity. 2. The conversion includes the following changes: a.These ExternalEntity name is generated by this format: If NetworkInterface name is empty, uses ExternalNode name If NetworkInterface name is not empty, uses [ExternalNode name]-[Interface name]. b.The ExternalNode's labels are added on the ExternalEntity(ies). c.The ExternalNode name is used to set "ExternalNode" field in the ExternalEntity. d.ExternalNode NetworkInterface is used to set "Endpoint" field in the ExternalEntity. 3. Handle ExternalNode reconciliation and cleanup stale ExternalEntities. Signed-off-by: Mengdie Song <[email protected]>
) Antrea controller watches ExternalNode create and delete event. It creates AntreaAgentInfo whose name is the same as ExternalNode name after ExternalNode is created and delete AntreaAgentInfo when ExternalNode is deleted. The change also refactors monitoring part for Node case and lets controller create AntreaAgentInfo for Node too. With this change, for both Node and ExternalNode cases, it is always Antrea controller to create/delete AntreaAgentInfo and it is always Antrea agent to update AntreaAgentInfo. Signed-off-by: Mengdie Song <[email protected]>
Command "antctl proxy --agent-node" requires the information from AntreaAgentInfo. As a result, we need to make sure the content of AntreaAgentInfo is populated before we run the command. Since we recently move AntreaAgentInfo creation from agent to controller, agent may not set the content for AntreaAgentInfo when it starts if controller has not created the AntreaAgentInfo. In this case, it will take a minute for agent to update the content in its next try. This change adds retry logics in the antctl proxy e2e test and it will only invoke the command after AntreaAgentInfo is ready. Fixes:#3856 Signed-off-by: Mengdie Song <[email protected]>
* [ExternalNode] Agent datapath implementation 1. Set up OF pipeline for ExternalNode 2. Install Openflow entries for ExternalNode connectivity 3. Install Openflow entries for ANP on ExternalNode case 4. Supporing installing Openflow entries to bypass traffic to/from special peer address on a protocol 5. Unify the flows to process the packets with ct_state match in networkpolicy feature between K8s cluster and external node cases * Fix e2e test issue The original e2e test cases only check IngressRuleTable/EgressTable flow count, and use the result to decide the if the NP rule is realized. But these two tables are used to realize K8s NP rules. For a normal ANP rule, AntreaPolicyIngressRuleTable/AntreaPolicyEgressRuleTable are used, but never checked in the case. Besides, the original case always uses number 2 to check the rule flow existence, but the fact is there always no less than 2 flows in IngressRule/EgressRule table, which are used to bypass the established and related packets in a valid connection. So the case actually doesn't check if the rule is realized or not. Signed-off-by: wenyingd <[email protected]>
When ExternalNode interface name is not empty, we used to use [ExternalNode name]-[Interface name] to be the generated ExternalEntity name. However, interface name may be not satisfied with the regex check of Kubernetes object name. With this fix, when interface name is empty, we now use [ExternalNode name]-[First five characters of hashed interface name] to ensure that the generated ExternalEntity name is legal. Signed-off-by: Mengdie Song <[email protected]>
Update ExternalNode openAPIV3Schema to only allow create/update ExternalNode when its interfaces exist and the ips of the interface exist. Signed-off-by: Mengdie Song <[email protected]>
Signed-off-by: Anand Kumar <[email protected]>
1. Provide an example RBAC yaml file for Antrea agent running on VM with definitions of ClusterRole, ServiceAccount and ClusterRoleBinding. 2. Add ExternalNodeController to monitor ExternalNode CRUD, invoke interfaces to operate OVS and update interface store with ExternalEntityInterface. 3. Implement OVS interactions related to ExternalNode CRUD. 4. Add a channel for receiving ExternalEntity updates from ExternalNodeController and notifying NetworkPolicyController to reconcile rules related to the updated ExternalEntities. This is to handle the case when NetworkPolicyController reconciles rules before ExternalEntityInterface is realized in the interface store. 5. Support configuring policy bypass rules to skip ANP check. Signed-off-by: Mengdie Song <[email protected]> Co-authored-by: wenyingd <[email protected]>
- Create VM switch with an interface from externalnode - Enable OVS extension on VM switch - Move uplink and host interface into OVS - Populate the interface store so that when externalnode is added, external_node_controller updates ovs ports and interface store cache - Handle agent restart case - When externalnode is deleted, stop the process Signed-off-by: Anand Kumar <[email protected]>
Signed-off-by: wenyingd <[email protected]> Co-authored-by: Anand Kumar <[email protected]>
Adding a new test for VM/BM agent. - Test configures namespace, serviceaccount - Add vm-agent-rbac.yaml for VM agent - Starts antrea controller service as nodeport - Verify create/delete externalnode externalentity, - Verify interface add/delete in OVS Signed-off-by: Anand Kumar <[email protected]>
Signed-off-by: Jianjun Shen <[email protected]>
Signed-off-by: wenyingd <[email protected]>
|
/test-all |
Codecov Report
@@ Coverage Diff @@
## main #4110 +/- ##
==========================================
- Coverage 67.17% 66.81% -0.36%
==========================================
Files 298 315 +17
Lines 45465 47066 +1601
==========================================
+ Hits 30539 31448 +909
- Misses 12532 13187 +655
- Partials 2394 2431 +37
|
|
/test-vm-e2e |
|
Integration test is passed by manually run |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Merge ExternalNode feature branch to main