[ExternalNode] Implement support bundle collection on Controller side (…

…antrea-io#4184)

Add internal objects to sync the suport bundle request from Controller
to Agent, and report status from Agent to Controller. Implement support
bundle collection on Controller side.

Signed-off-by: wenyingd <[email protected]>

build/charts/antrea/conf/antrea-controller.conf

@@ -40,6 +40,9 @@ featureGates:
 # Enable managing ExternalNode for unmanaged VM/BM.
 {{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "ExternalNode" "default" false) }}
 
+# Enable collecting support bundle files with SupportBundleCollection CRD.
+{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "SupportBundleCollection" "default" false) }}
+
 # The port for the antrea-controller APIServer to serve on.
 # Note that if it's set to another value, the `containerPort` of the `api` port of the
 # `antrea-controller` container must be set to the same value.

build/charts/antrea/crds/supportbundlecollection.yaml

@@ -105,7 +105,7 @@ spec:
                   properties:
                     authType:
                       type: string
-                      enum: ["BearerToken", "APIKey"]
+                      enum: ["BearerToken", "APIKey", "BasicAuthentication"]
                     authSecret:
                       type: object
                       properties:

build/charts/antrea/templates/controller/clusterrole.yaml

@@ -290,3 +290,17 @@ rules:
       - get
       - list
       - watch
+  - apiGroups:
+      - crd.antrea.io
+    resources:
+      - supportbundlecollections
+    verbs:
+      - get
+      - watch
+      - list
+  - apiGroups:
+      - crd.antrea.io
+    resources:
+      - supportbundlecollections/status
+    verbs:
+      - update

build/charts/antrea/templates/webhooks/validating/crdvalidator.yaml

@@ -124,4 +124,19 @@ webhooks:
         scope: "Cluster"
     admissionReviewVersions: ["v1", "v1beta1"]
     sideEffects: None
-    timeoutSeconds: 5
+    timeoutSeconds: 5
+  - name: "supportbundlecollectionvalidator.antrea.io"
+    clientConfig:
+      service:
+        name: "antrea"
+        namespace: {{ .Release.Namespace }}
+        path: "/validate/supportbundlecollection"
+    rules:
+      - operations: ["UPDATE", "DELETE"]
+        apiGroups: ["crd.antrea.io"]
+        apiVersions: ["v1alpha1"]
+        resources: ["supportbundlecollections"]
+        scope: "Cluster"
+    admissionReviewVersions: ["v1", "v1beta1"]
+    sideEffects: None
+    timeoutSeconds: 5

build/yamls/antrea-aks.yml

@@ -2155,7 +2155,7 @@ spec:
                   properties:
                     authType:
                       type: string
-                      enum: ["BearerToken", "APIKey"]
+                      enum: ["BearerToken", "APIKey", "BasicAuthentication"]
                     authSecret:
                       type: object
                       properties:
@@ -3208,6 +3208,9 @@ data:
     # Enable managing ExternalNode for unmanaged VM/BM.
     #  ExternalNode: false
 
+    # Enable collecting support bundle files with SupportBundleCollection CRD.
+    #  SupportBundleCollection: false
+
     # The port for the antrea-controller APIServer to serve on.
     # Note that if it's set to another value, the `containerPort` of the `api` port of the
     # `antrea-controller` container must be set to the same value.
@@ -3971,6 +3974,20 @@ rules:
       - get
       - list
       - watch
+  - apiGroups:
+      - crd.antrea.io
+    resources:
+      - supportbundlecollections
+    verbs:
+      - get
+      - watch
+      - list
+  - apiGroups:
+      - crd.antrea.io
+    resources:
+      - supportbundlecollections/status
+    verbs:
+      - update
 ---
 # Source: antrea/templates/crds-rbac/clusterroles.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -4148,7 +4165,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: ec59529f4b774af0f12a30c31eb48e5494ac6371ce624e872d1e6b76b797325e
+        checksum/config: 0e08440d83a645b8e7df882d1225808a78acfa9320db5c174620ffdbe6434caa
       labels:
         app: antrea
         component: antrea-agent
@@ -4389,7 +4406,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: ec59529f4b774af0f12a30c31eb48e5494ac6371ce624e872d1e6b76b797325e
+        checksum/config: 0e08440d83a645b8e7df882d1225808a78acfa9320db5c174620ffdbe6434caa
       labels:
         app: antrea
         component: antrea-controller
@@ -4705,3 +4722,18 @@ webhooks:
     admissionReviewVersions: ["v1", "v1beta1"]
     sideEffects: None
     timeoutSeconds: 5
+  - name: "supportbundlecollectionvalidator.antrea.io"
+    clientConfig:
+      service:
+        name: "antrea"
+        namespace: kube-system
+        path: "/validate/supportbundlecollection"
+    rules:
+      - operations: ["UPDATE", "DELETE"]
+        apiGroups: ["crd.antrea.io"]
+        apiVersions: ["v1alpha1"]
+        resources: ["supportbundlecollections"]
+        scope: "Cluster"
+    admissionReviewVersions: ["v1", "v1beta1"]
+    sideEffects: None
+    timeoutSeconds: 5

build/yamls/antrea-crds.yml

@@ -2134,7 +2134,7 @@ spec:
                   properties:
                     authType:
                       type: string
-                      enum: ["BearerToken", "APIKey"]
+                      enum: ["BearerToken", "APIKey", "BasicAuthentication"]
                     authSecret:
                       type: object
                       properties:

build/yamls/antrea-eks.yml

@@ -2155,7 +2155,7 @@ spec:
                   properties:
                     authType:
                       type: string
-                      enum: ["BearerToken", "APIKey"]
+                      enum: ["BearerToken", "APIKey", "BasicAuthentication"]
                     authSecret:
                       type: object
                       properties:
@@ -3208,6 +3208,9 @@ data:
     # Enable managing ExternalNode for unmanaged VM/BM.
     #  ExternalNode: false
 
+    # Enable collecting support bundle files with SupportBundleCollection CRD.
+    #  SupportBundleCollection: false
+
     # The port for the antrea-controller APIServer to serve on.
     # Note that if it's set to another value, the `containerPort` of the `api` port of the
     # `antrea-controller` container must be set to the same value.
@@ -3971,6 +3974,20 @@ rules:
       - get
       - list
       - watch
+  - apiGroups:
+      - crd.antrea.io
+    resources:
+      - supportbundlecollections
+    verbs:
+      - get
+      - watch
+      - list
+  - apiGroups:
+      - crd.antrea.io
+    resources:
+      - supportbundlecollections/status
+    verbs:
+      - update
 ---
 # Source: antrea/templates/crds-rbac/clusterroles.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -4148,7 +4165,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: ec59529f4b774af0f12a30c31eb48e5494ac6371ce624e872d1e6b76b797325e
+        checksum/config: 0e08440d83a645b8e7df882d1225808a78acfa9320db5c174620ffdbe6434caa
       labels:
         app: antrea
         component: antrea-agent
@@ -4391,7 +4408,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: ec59529f4b774af0f12a30c31eb48e5494ac6371ce624e872d1e6b76b797325e
+        checksum/config: 0e08440d83a645b8e7df882d1225808a78acfa9320db5c174620ffdbe6434caa
       labels:
         app: antrea
         component: antrea-controller
@@ -4707,3 +4724,18 @@ webhooks:
     admissionReviewVersions: ["v1", "v1beta1"]
     sideEffects: None
     timeoutSeconds: 5
+  - name: "supportbundlecollectionvalidator.antrea.io"
+    clientConfig:
+      service:
+        name: "antrea"
+        namespace: kube-system
+        path: "/validate/supportbundlecollection"
+    rules:
+      - operations: ["UPDATE", "DELETE"]
+        apiGroups: ["crd.antrea.io"]
+        apiVersions: ["v1alpha1"]
+        resources: ["supportbundlecollections"]
+        scope: "Cluster"
+    admissionReviewVersions: ["v1", "v1beta1"]
+    sideEffects: None
+    timeoutSeconds: 5

build/yamls/antrea-gke.yml

@@ -2155,7 +2155,7 @@ spec:
                   properties:
                     authType:
                       type: string
-                      enum: ["BearerToken", "APIKey"]
+                      enum: ["BearerToken", "APIKey", "BasicAuthentication"]
                     authSecret:
                       type: object
                       properties:
@@ -3208,6 +3208,9 @@ data:
     # Enable managing ExternalNode for unmanaged VM/BM.
     #  ExternalNode: false
 
+    # Enable collecting support bundle files with SupportBundleCollection CRD.
+    #  SupportBundleCollection: false
+
     # The port for the antrea-controller APIServer to serve on.
     # Note that if it's set to another value, the `containerPort` of the `api` port of the
     # `antrea-controller` container must be set to the same value.
@@ -3971,6 +3974,20 @@ rules:
       - get
       - list
       - watch
+  - apiGroups:
+      - crd.antrea.io
+    resources:
+      - supportbundlecollections
+    verbs:
+      - get
+      - watch
+      - list
+  - apiGroups:
+      - crd.antrea.io
+    resources:
+      - supportbundlecollections/status
+    verbs:
+      - update
 ---
 # Source: antrea/templates/crds-rbac/clusterroles.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -4148,7 +4165,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: ae585cead46246e4d15fa336e081caaa51d432909dfd21a22720a1c37b2e37e9
+        checksum/config: 4aaa9260916de6b712215a4deb2b7694dceb17dba615f691f61aaecdd6a61abb
       labels:
         app: antrea
         component: antrea-agent
@@ -4388,7 +4405,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: ae585cead46246e4d15fa336e081caaa51d432909dfd21a22720a1c37b2e37e9
+        checksum/config: 4aaa9260916de6b712215a4deb2b7694dceb17dba615f691f61aaecdd6a61abb
       labels:
         app: antrea
         component: antrea-controller
@@ -4704,3 +4721,18 @@ webhooks:
     admissionReviewVersions: ["v1", "v1beta1"]
     sideEffects: None
     timeoutSeconds: 5
+  - name: "supportbundlecollectionvalidator.antrea.io"
+    clientConfig:
+      service:
+        name: "antrea"
+        namespace: kube-system
+        path: "/validate/supportbundlecollection"
+    rules:
+      - operations: ["UPDATE", "DELETE"]
+        apiGroups: ["crd.antrea.io"]
+        apiVersions: ["v1alpha1"]
+        resources: ["supportbundlecollections"]
+        scope: "Cluster"
+    admissionReviewVersions: ["v1", "v1beta1"]
+    sideEffects: None
+    timeoutSeconds: 5

build/yamls/antrea-ipsec.yml

@@ -2155,7 +2155,7 @@ spec:
                   properties:
                     authType:
                       type: string
-                      enum: ["BearerToken", "APIKey"]
+                      enum: ["BearerToken", "APIKey", "BasicAuthentication"]
                     authSecret:
                       type: object
                       properties:
@@ -3221,6 +3221,9 @@ data:
     # Enable managing ExternalNode for unmanaged VM/BM.
     #  ExternalNode: false
 
+    # Enable collecting support bundle files with SupportBundleCollection CRD.
+    #  SupportBundleCollection: false
+
     # The port for the antrea-controller APIServer to serve on.
     # Note that if it's set to another value, the `containerPort` of the `api` port of the
     # `antrea-controller` container must be set to the same value.
@@ -3984,6 +3987,20 @@ rules:
       - get
       - list
       - watch
+  - apiGroups:
+      - crd.antrea.io
+    resources:
+      - supportbundlecollections
+    verbs:
+      - get
+      - watch
+      - list
+  - apiGroups:
+      - crd.antrea.io
+    resources:
+      - supportbundlecollections/status
+    verbs:
+      - update
 ---
 # Source: antrea/templates/crds-rbac/clusterroles.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -4161,7 +4178,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 8dc962ec6575509a540500f9cc1bd399118256fc0485c02705b129922b981c4e
+        checksum/config: 19d1abdf4209cb57d22d60c3c4318bc8f822b4ad028faa1f18521a194db726fd
         checksum/ipsec-secret: d0eb9c52d0cd4311b6d252a951126bf9bea27ec05590bed8a394f0f792dcb2a4
       labels:
         app: antrea
@@ -4447,7 +4464,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 8dc962ec6575509a540500f9cc1bd399118256fc0485c02705b129922b981c4e
+        checksum/config: 19d1abdf4209cb57d22d60c3c4318bc8f822b4ad028faa1f18521a194db726fd
       labels:
         app: antrea
         component: antrea-controller
@@ -4763,3 +4780,18 @@ webhooks:
     admissionReviewVersions: ["v1", "v1beta1"]
     sideEffects: None
     timeoutSeconds: 5
+  - name: "supportbundlecollectionvalidator.antrea.io"
+    clientConfig:
+      service:
+        name: "antrea"
+        namespace: kube-system
+        path: "/validate/supportbundlecollection"
+    rules:
+      - operations: ["UPDATE", "DELETE"]
+        apiGroups: ["crd.antrea.io"]
+        apiVersions: ["v1alpha1"]
+        resources: ["supportbundlecollections"]
+        scope: "Cluster"
+    admissionReviewVersions: ["v1", "v1beta1"]
+    sideEffects: None
+    timeoutSeconds: 5