This repository has been archived by the owner on Jun 28, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 307
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Wenqi Qiu <[email protected]>
- Loading branch information
Showing
25 changed files
with
7,929 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,69 @@ | ||
| # antrea Package | ||
|
|
||
| This package provides networking and network security solution for containers using [antrea](https://antrea.io/). | ||
|
|
||
| ## Components | ||
|
|
||
| ## Configuration | ||
|
|
||
| The following configuration values can be set to customize the antrea installation. | ||
|
|
||
| ### Global | ||
|
|
||
| | Value | Required/Optional | Description | | ||
| |-----------------|-------------------|-------------------------------------------------------------------------| | ||
| | `infraProvider` | Required | The cloud provider in use. One of: `aws`, `azure`, `vsphere`, `docker`. | | ||
|
|
||
| ### antrea Configuration | ||
|
|
||
| | Value | Required/Optional | Description | | ||
| |--------------------------------------------------|-------------------|-------------------------------------------------------------------------------------------------------------------------| | ||
| | `antrea.config.egress.exceptCIDRs` | Optional | The CIDR ranges to which outbound Pod traffic will not be SNAT'd by Egresses | | ||
| | `antrea.config.nodePortLocal.enabled` | Optional | Enable NodePortLocal feature. Default: true | | ||
| | `antrea.config.nodePortLocal.portRange` | Optional | Provide the port range used by NodePortLocal | | ||
| | `antrea.config.antreaProxy.proxyAll` | Optional | ProxyAll tells antrea-agent to proxy all Service traffic. Default: false | | ||
| | `antrea.config.antreaProxy.nodePortAddresses` | Optional | Specifies the host IPv4/IPv6 addresses for NodePort | | ||
| | `antrea.config.antreaProxy.skipServices` | Optional | List of Services which should be ignored by AntreaProxy | | ||
| | `antrea.config.antreaProxy.proxyLoadBalancerIPs` | Optional | Load-balance traffic destined to the External IPs of LoadBalancer services. Default: false | | ||
| | `antrea.config.flowExporter.collectorAddress` | Optional | Provide the IPFIX collector address as a string. Default: `flow-aggregator.flow-aggregator.svc:4739:tls` | | ||
| | `antrea.config.flowExporter.pollInterval` | Optional | Provide flow poll interval as a duration string. Default: `5s` | | ||
| | `antrea.config.flowExporter.activeFlowTimeout` | Optional | Provide the active flow export timeout. Default: `30s` | | ||
| | `antrea.config.flowExporter.idleFlowTimeout` | Optional | Provide the idle flow export timeout. Default: `15s` | | ||
| | `antrea.config.multicast.igmpQueryInterval` | Optional | The interval at which the antrea-agent sends IGMP queries to Pods. Default: `125s` | | ||
| | `antrea.config.multicluster.enable` | Optional | Enable Antrea Multi-cluster Gateway to support cross-cluster traffic. Default: false | | ||
| | `antrea.config.multicluster.namespace` | Optional | The Namespace where Antrea Multi-cluster Controller is running. The default is antrea-agent's Namespace. Default: empty | | ||
| | `antrea.config.kubeAPIServerOverride` | Optional | Provide the address of Kubernetes apiserver. Default: nil | | ||
| | `antrea.config.transportInterface` | Optional | The name of the interface on Node which is used for tunneling or routing the traffic. Default: empty | | ||
| | `antrea.config.transportInterfaceCIDRs` | Optional | The network CIDRs of the interface on Node which is used for tunneling or routing the traffic. Default: empty | | ||
| | `antrea.config.multicastInterfaces` | Optional | The names of the interfaces on Nodes that are used to forward multicast traffic. Default: nil | | ||
| | `antrea.config.trafficEncryptionMode` | Optional | Determines how tunnel traffic is encrypted. Default: none | | ||
| | `antrea.config.wireGuard.port` | Optional | The port for WireGuard to receive traffic. Default: 51820 | | ||
| | `antrea.config.enableUsageReporting` | Optional | Enable usage reporting (telemetry) to VMware. Default: false | | ||
| | `antrea.config.serviceCIDR` | Optional | The service IPv4 CIDR to use. Default: `10.96.0.0/12` | | ||
| | `antrea.config.serviceCIDRv6` | Optional | The service IPv6 CIDR to use. Default: nil | | ||
| | `antrea.config.trafficEncapMode` | Optional | The traffic encapsulation mode. Default: `encap` | | ||
| | `antrea.config.noSNAT` | Optional | Boolean flag to enable/disable SNAT. Default: `false` | | ||
| | `antrea.config.disableUdpTunnelOffload` | Optional | Disable UDP tunnel offload feature on default NIC. Default: `false` | | ||
| | `antrea.config.defaultMTU` | Optional | MTU to use. Default: `null` (Antrea will autodetect) | | ||
| | `antrea.config.tlsCipherSuites` | Optional | List of allowed cipher suites | | ||
| | `antrea.config.enableBridgingMode` | Optional | Enable bridging mode of Pod network on Nodes. Default: `false` | | ||
| | `antrea.config.disableTXChecksumOffload` | Optional | Disable TX checksum offloading for container network interfaces. Default: `false` | | ||
| | `antrea.config.dnsServerOverride` | Optional | Provide the address of DNS server, to override the kube-dns service. Default: empty | | ||
| | `antrea.config.featureGates.AntreaProxy` | Optional | Boolean flag to enable/disable antrea proxy. Default: `true` | | ||
| | `antrea.config.featureGates.EndpointSlice` | Optional | Boolean flag to enable/disable EndpointSlice support in AntreaProxy. Default: `false` | | ||
| | `antrea.config.featureGates.AntreaTraceFlow` | Optional | Boolean flag to enable/disable antrea traceflow. Default: `false` | | ||
| | `antrea.config.featureGates.NodePortLocal` | Optional | Boolean flag to enable/disable antrea proxy. Default: `false` | | ||
| | `antrea.config.featureGates.AntreaPolicy` | Optional | Boolean flag to enable/disable antrea policy. Default: `true` | | ||
| | `antrea.config.featureGates.FlowExporter` | Optional | Boolean flag to enable/disable flow exporter. Default: `false` | | ||
| | `antrea.config.featureGates.NetworkPolicyStats` | Optional | Boolean flag to enable/disable network policy stats. Default: `false` | | ||
| | `antrea.config.featureGates.Egress` | Optional | Boolean flag to enable/disable SNAT IPs of Pod egress traffic. Default: `false` | | ||
| | `antrea.config.featureGates.AntreaIPAM` | Optional | Boolean flag to enable/disable NodePortLocal feature to make the pods reachable externally through NodePort | | ||
| | `antrea.config.featureGates.ServiceExternalIP` | Optional | Boolean flag to enable/disable NodePortLocal feature to make the pods reachable externally through NodePort | | ||
| | `antrea.config.featureGates.Multicast` | Optional | Boolean flag to enable/disable NodePortLocal feature to make the pods reachable externally through NodePort | | ||
| | `antrea.config.featureGates.Multicluster` | Optional | Boolean flag to enable/disable Antrea Multi-cluster Gateway to support cross-cluster traffic | | ||
| | `antrea.config.featureGates.SecondaryNetwork` | Optional | Boolean flag to enable/disable support for provisioning secondary network interfaces for Pods | | ||
| | `antrea.config.featureGates.TrafficControl` | Optional | Boolean flag to enable/disable support mirroring or redirecting the traffic Pods send or receive | | ||
|
|
||
| ## Usage Example | ||
|
|
||
| The follow is a basic guide for getting started with antrea. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| apiVersion: imgpkg.carvel.dev/v1alpha1 | ||
| kind: Bundle | ||
| metadata: | ||
| name: antrea | ||
| authors: | ||
| - name: Hang Yan | ||
| email: [email protected] | ||
| websites: | ||
| - url: antrea.io |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| --- | ||
| apiVersion: imgpkg.carvel.dev/v1alpha1 | ||
| images: | ||
| - annotations: | ||
| kbld.carvel.dev/id: antrea/antrea-ubuntu:v1.7.1 | ||
| kbld.carvel.dev/origins: | | ||
| - resolved: | ||
| tag: v1.7.1 | ||
| url: antrea/antrea-ubuntu:v1.7.1 | ||
| image: index.docker.io/antrea/antrea-ubuntu@sha256:90deeed74e5631ce3c514c4bf12e284bd5040dac5480f0eec0436fdbcaabe85d | ||
| - annotations: | ||
| kbld.carvel.dev/id: antrea-interworking/interworking-photon:0.7.1 | ||
| kbld.carvel.dev/origins: | | ||
| - resolved: | ||
| tag: latest | ||
| url: antrea-interworking/interworking-photon:0.7.1 | ||
| image: nsx-ujo-docker-local.artifactory.eng.vmware.com/antrea-interworking/interworking-photon@sha256:fc76bca72254735cb0758a2b1f8f7e9850062db583c8070699496e80bdfea8eb | ||
| - annotations: | ||
| kbld.carvel.dev/id: antrea-interworking/bootstrap:0.7.1 | ||
| kbld.carvel.dev/origins: | | ||
| - resolved: | ||
| tag: 0.7.1 | ||
| url: antrea-interworking/bootstrap:0.7.1 | ||
| image: nsx-ujo-docker-local.artifactory.eng.vmware.com/antrea-interworking/bootstrap@sha256:cd5d2df1124658b460cdb1942c90266603a17f5c3fdde96a244c9272d21e627c | ||
| kind: ImagesLock |
24 changes: 24 additions & 0 deletions
24
addons/packages/antrea/1.7.1-p1/bundle/config/kapp-config.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| apiVersion: kapp.k14s.io/v1alpha1 | ||
| kind: Config | ||
| rebaseRules: | ||
| - path: [data] | ||
| type: copy | ||
| sources: [existing, new] | ||
| resourceMatchers: | ||
| - kindNamespaceNameMatcher: {kind: ConfigMap, namespace: kube-system, name: antrea-ca} | ||
| - kindNamespaceNameMatcher: {kind: Secret, namespace: vmware-system-antrea, name: nsx-cert} | ||
| - kindNamespaceNameMatcher: {kind: ConfigMap, namespace: vmware-system-antrea, name: bootstrap-config} | ||
| - kindNamespaceNameMatcher: {kind: ConfigMap, namespace: vmware-system-antrea, name: antrea-interworking-config} | ||
|
|
||
| - path: [spec, caBundle] | ||
| type: copy | ||
| sources: [existing, new] | ||
| resourceMatchers: | ||
| - anyMatcher: | ||
| matchers: | ||
| - kindNamespaceNameMatcher: {kind: APIService, namespace: kube-system, name: v1alpha1.stats.antrea.io} | ||
| - kindNamespaceNameMatcher: {kind: APIService, namespace: kube-system, name: v1alpha1.stats.antrea.tanzu.vmware.com} | ||
| - kindNamespaceNameMatcher: {kind: APIService, namespace: kube-system, name: v1beta1.system.antrea.io} | ||
| - kindNamespaceNameMatcher: {kind: APIService, namespace: kube-system, name: v1beta1.system.antrea.tanzu.vmware.com} | ||
| - kindNamespaceNameMatcher: {kind: APIService, namespace: kube-system, name: v1beta2.controlplane.antrea.io} | ||
| - kindNamespaceNameMatcher: {kind: APIService, namespace: kube-system, name: v1beta2.controlplane.antrea.tanzu.vmware.com} |
Oops, something went wrong.