Add antrea-interworking package #4510
Conversation
|
Cluster Generation A/B Results: |
Codecov Report
@@ Coverage Diff @@
## main #4510 +/- ##
==========================================
- Coverage 49.77% 48.46% -1.32%
==========================================
Files 453 485 +32
Lines 45424 47981 +2557
==========================================
+ Hits 22612 23252 +640
- Misses 20652 22518 +1866
- Partials 2160 2211 +51
... and 36 files with indirect coverage changes Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
|
Cluster Generation A/B Results: |
wenqiq
force-pushed
the
topic/wenqi/antrea-interworking
branch
from
c4cabd5
to
9966d51
Compare
|
Cluster Generation A/B Results: |
|
Cluster Generation A/B Results: |
|
seems the build CI faild. |
| configSpec.AntreaNsx.BootstrapFrom.ProviderRef.ApiVersion = config.Spec.AntreaNsx.BootstrapFrom.ProviderRef.ApiGroup | ||
| configSpec.AntreaNsx.BootstrapFrom.ProviderRef.Kind = config.Spec.AntreaNsx.BootstrapFrom.ProviderRef.Kind | ||
| configSpec.AntreaNsx.BootstrapFrom.ProviderRef.Name = config.Spec.AntreaNsx.BootstrapFrom.ProviderRef.Name | ||
| } |
There was a problem hiding this comment.
Is there any else branch required here?
There was a problem hiding this comment.
if this pr #4219 can be merged into v0.28, this should also be included in v0.28
...vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/upstream/interworking.yaml
Outdated
Show resolved
Hide resolved
...cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/overlay/interworking-overlay.yaml
Outdated
Show resolved
Hide resolved
providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/schema.yaml
Outdated
Show resolved
Hide resolved
providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/schema.yaml
Outdated
Show resolved
Hide resolved
providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/schema.yaml
Outdated
Show resolved
Hide resolved
providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/schema.yaml
Outdated
Show resolved
Hide resolved
providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0-p1/bundle/config/values.yaml
Outdated
Show resolved
Hide resolved
...ib/addons/packages/antrea/1.9.0-p1/bundle/config/overlay/interworking-bootstrap-overlay.yaml
Outdated
Show resolved
Hide resolved
|
Cluster Generation A/B Results: |
wenqiq
force-pushed
the
topic/wenqi/antrea-interworking
branch
from
3be91aa
to
06e90be
Compare
|
Cluster Generation A/B Results: |
There was a problem hiding this comment.
Hi @wenqiq I'm not actually sure why this PR requires an approval from @vmware-tanzu/tkg-iam-owners , but I'll drop an approve here as this does not appear to impact any TKG IAM code.
Thanks for reviewing. Not quite sure how it works, it seems to be triggered automatically. |
wenqiq
force-pushed
the
topic/wenqi/antrea-interworking
branch
from
2bfaeeb
to
5c348fd
Compare
wenqiq
force-pushed
the
topic/wenqi/antrea-interworking
branch
from
5c348fd
to
f163330
Compare
|
Cluster Generation A/B Results: |
|
Cluster Generation A/B Results: |
wenqiq
force-pushed
the
topic/wenqi/antrea-interworking
branch
from
f163330
to
c990216
Compare
|
You have successfully added a new Trivy configuration |
|
CVE Scan results for this PR can be viewed from |
|
Cluster Generation A/B Results: |
wenqiq
force-pushed
the
topic/wenqi/antrea-interworking
branch
from
c990216
to
27c0d76
Compare
|
Cluster Generation A/B Results: |
wenqiq
force-pushed
the
topic/wenqi/antrea-interworking
branch
from
27c0d76
to
fd444fd
Compare
|
Cluster Generation A/B Results: |
|
Cluster Generation A/B Results: |
wenqiq
force-pushed
the
topic/wenqi/antrea-interworking
branch
from
31d8665
to
1b6ac9b
Compare
|
Cluster Generation A/B Results: |
| // +kubebuilder:validation:Optional | ||
| Inline *AntreaNsxInline `json:"inline,omitempty"` | ||
| } | ||
| BootstrapSupervisorResourceName string `json:"bootstrapSupervisorResourceName,omitempty"` |
There was a problem hiding this comment.
I think we don't need to expose BootstrapSupervisorResourceName to CRD. BootstrapSupervisorResourceName is created by the antrea addon controller itself.
| configSpec.AntreaNsx.AntreaNsxConfig.NSXCert = string(secret.Data["tls.crt"]) | ||
| configSpec.AntreaNsx.AntreaNsxConfig.NSXKey = string(secret.Data["tls.key"]) | ||
| configSpec.AntreaNsx.AntreaNsxConfig.VPCPath = config.Spec.AntreaNsx.AntreaNsxConfig.VPCPath | ||
| case bootstrapFromSupervisorCluster: |
There was a problem hiding this comment.
If config.Spec.AntreaNsx.AntreaNsxConfig.BootstrapFrom is empty or == bootstrapFromSupervisorCluster
| configSpec.AntreaNsx.AntreaNsxConfig.NSXKey = string(secret.Data["tls.key"]) | ||
| configSpec.AntreaNsx.AntreaNsxConfig.VPCPath = config.Spec.AntreaNsx.AntreaNsxConfig.VPCPath | ||
| case bootstrapFromSupervisorCluster: | ||
| configSpec.AntreaNsx.AntreaNsxConfig.BootstrapSupervisorResourceName = config.Spec.AntreaNsx.AntreaNsxConfig.BootstrapSupervisorResourceName |
There was a problem hiding this comment.
configSpec.AntreaNsx.AntreaNsxConfig.BootstrapSupervisorResourceName = NSXServiceAccount CR name. The NSXServiceAccount is created by Antrea addon controller, too. It's better find a way to derive the name automatically, rather than having user fill in the name manually.
| @@ -288,51 +288,169 @@ type AntreaNsx struct { | |||
| // +kubebuilder:validation:Optional | |||
| // +kubebuilder:default:=false | |||
| Enable bool `json:"enable,omitempty"` | |||
| // BootstrapFrom either providerRef or inline configs | |||
| // +kubebuilder:validation:Optional | |||
| BootstrapFrom AntreaNsxBootstrapFrom `json:"bootstrapFrom,omitempty"` | |||
There was a problem hiding this comment.
We changed the CRD, so need to generate manifest and commit the manifest changes.
wenqiq
force-pushed
the
topic/wenqi/antrea-interworking
branch
from
1b6ac9b
to
e1aa0ba
Compare
|
Cluster Generation A/B Results: |
| configSpec.AntreaNsx.AntreaNsxConfig.BootstrapFrom = bootstrapFromSupervisorCluster | ||
| configSpec.AntreaNsx.AntreaNsxConfig.BootstrapSupervisorResourceName = getNSXServiceAccountName(cluster.Name) | ||
| } | ||
| configSpec.AntreaNsx.AntreaNsxConfig.ProxyEndpoints.NSXRpcFwdProxy = config.Spec.AntreaNsx.AntreaNsxConfig.ProxyEndpoints.NSXRpcFwdProxy |
There was a problem hiding this comment.
Line 346 and 347 should be moved to inside if config.Spec.AntreaNsx.AntreaNsxConfig.BootstrapFrom == bootstrapFromInline {. This is when bootstrap from SupervisorCluster, the Antrea-NSX adapters load proxy endpoints from NSXServiceAccount from Supervisor, it will ignore the proxy endpoints set initially in the config file.
| @@ -232,14 +225,14 @@ func (r *AntreaConfigReconciler) getProviderServiceAccountName(clusterName strin | |||
| return fmt.Sprintf("%s-antrea", clusterName) | |||
There was a problem hiding this comment.
There is also a method func (r *AntreaConfigReconciler) getProviderServiceAccountName(clusterName string) in this file. I think we can also remove (r *AntreaConfigReconciler) from that method to make it a pure function, and then we move both getProviderServiceAccountName and getNSXServiceAccountName functions to antreaconfig_util.go.
| // +kubebuilder:validation:Optional | ||
| Name string `json:"name,omitempty"` | ||
| } | ||
| NSXUser string `json:"nsxUser,omitempty"` |
There was a problem hiding this comment.
I think we don't need NSXUser and NSXPassword, maybe you forgot to remove them? They are useful for bootstrap Job, but we remove the bootstrap Job from the Package. Bootstrap Job is only used in interworking CI.
| // +kubebuilder:validation:Optional | ||
| ApiGroup string `json:"apigroup,omitempty"` | ||
| // Kind is the kind for crd, here its value is NsxServiceAccount | ||
| NSXCert string `json:"nsxCert,omitempty"` |
There was a problem hiding this comment.
I see that antreaconfig_util.go uses a getNSXCert function to get tls.crt and tls.key content from a Secret. I think that we can remove the NSXCert and NSXKey from the AntreaConfig CRD. Instead, we can introduce a NSXSecretName string field. It points to a Secret resource by name in the same Namespace. Then antreaconfig_util.go can refers to the NSXSecretName and pass it to getNSXCert function.
| bootstrapFromInline = "Inline" | ||
| bootstrapFromSupervisorCluster = "SupervisorCluster" | ||
| ) | ||
|
|
||
| // AntreaConfigSpec defines the desired state of AntreaConfig | ||
| type AntreaConfigSpec struct { |
There was a problem hiding this comment.
AntreaConfigSpec should be aligned with Antrea package schema.yaml.
The AntreaNSX member in this struct needs to be renamed as antrea_nsx, and yaml:"antreaNsx,omitempty" needs to be changed to yaml:"antrea_nsx,omitempty".
| BootstrapFrom antreaNsxBootstrapFrom `yaml:"bootstrapFrom,omitempty"` | ||
| AntreaNsxConfig antreaNsxConfig `yaml:"config,omitempty"` | ||
| Enable bool `yaml:"enable,omitempty"` | ||
| AntreaNsxConfig antreaNsxConfig `yaml:"config,omitempty"` |
There was a problem hiding this comment.
Looks like AntreaNsxConfig should be moved to AntreaConfigSpec, and yaml:"config,omitempty" should be changed to yaml:"antrea_interworking,omitempty". This is to be aligned with Antrea package schema.yaml.
|
|
||
| return configSpec, nil | ||
| } | ||
|
|
||
| func copyStructAtoB(a interface{}, b interface{}) error { | ||
| va := reflect.ValueOf(a) |
There was a problem hiding this comment.
reflect can make it more feasible, but at same time it can introduce performance cost, maybe consider if the implementation is OK.
wenqiq
force-pushed
the
topic/wenqi/antrea-interworking
branch
from
e1aa0ba
to
a8d0063
Compare
|
Cluster Generation A/B Results: |
|
Cluster Generation A/B Results: |
wenqiq
force-pushed
the
topic/wenqi/antrea-interworking
branch
from
2317ac9
to
dcfc598
Compare
|
Cluster Generation A/B Results: |
Signed-off-by: Wenqi Qiu <[email protected]> Fix unit-test Signed-off-by: Wenqi Qiu <[email protected]>
Signed-off-by: Wenqi Qiu <[email protected]>
wenqiq
force-pushed
the
topic/wenqi/antrea-interworking
branch
from
dcfc598
to
1e97f4f
Compare
|
Cluster Generation A/B Results: |
Signed-off-by: Wenqi Qiu [email protected]
What this PR does / why we need it
This pr extends antrea package with interworking, when antreaNsx is enabled in antreaConfig, interworking will also be reconciled by kapp-controller
Which issue(s) this PR fixes
Fixes #
Describe testing done for PR
Release note
Additional information
Special notes for your reviewer