Graduate some features from Alpha to Beta (#1531)

* Graduate some features from Alpha to Beta

 * AntreaProxy
 * Traceflow
 * Prometheus metrics (not controlled by a feature gate but by a boolean
   config parameter, which now defaults to 'true')

This change required a few modifications to some of our test scripts.

* Skip inter-Node Traceflow test on Kind in encap mode

* Use correct CT zone for IPv6 in endpointDNATFlow

.github/workflows/kind.yml

@@ -103,8 +103,8 @@ jobs:
         path: log.tar.gz
         retention-days: 30
 
-  test-e2e-encap-proxy:
-    name: E2e tests on a Kind cluster on Linux with proxy enabled
+  test-e2e-encap-no-proxy:
+    name: E2e tests on a Kind cluster on Linux with AntreaProxy disabled
     needs: build-antrea-coverage-image
     runs-on: [ubuntu-18.04]
     steps:
@@ -131,32 +131,32 @@ jobs:
     - name: Run e2e tests
       run: |
         mkdir log
-        mkdir test-e2e-encap-proxy-coverage
-        ANTREA_LOG_DIR=$PWD/log ANTREA_COV_DIR=$PWD/test-e2e-encap-proxy-coverage ./ci/kind/test-e2e-kind.sh --encap-mode encap --proxy --coverage
+        mkdir test-e2e-encap-no-proxy-coverage
+        ANTREA_LOG_DIR=$PWD/log ANTREA_COV_DIR=$PWD/test-e2e-encap-no-proxy-coverage ./ci/kind/test-e2e-kind.sh --encap-mode encap --no-proxy --coverage
     - name: Tar coverage files
-      run: tar -czf test-e2e-encap-proxy-coverage.tar.gz test-e2e-encap-proxy-coverage
-    - name: Upload coverage for test-e2e-encap-proxy-coverage
+      run: tar -czf test-e2e-encap-no-proxy-coverage.tar.gz test-e2e-encap-no-proxy-coverage
+    - name: Upload coverage for test-e2e-encap-no-proxy-coverage
       uses: actions/upload-artifact@v2
       with:
-        name: test-e2e-encap-proxy-coverage
-        path: test-e2e-encap-proxy-coverage.tar.gz
+        name: test-e2e-encap-no-proxy-coverage
+        path: test-e2e-encap-no-proxy-coverage.tar.gz
         retention-days: 30
     - name: Codecov
       uses: codecov/codecov-action@v1
       with:
         token: ${{ secrets.CODECOV_TOKEN }}
         file: '*antrea*'
         flags: kind-e2e-tests
-        name: codecov-test-e2e-encap-proxy
-        directory: test-e2e-encap-proxy-coverage
+        name: codecov-test-e2e-encap-no-proxy
+        directory: test-e2e-encap-no-proxy-coverage
     - name: Tar log files
       if: ${{ failure() }}
       run: tar -czf log.tar.gz log
     - name: Upload test log
       uses: actions/upload-artifact@v2
       if: ${{ failure() }}
       with:
-        name: e2e-kind-encap-proxy.tar.gz
+        name: e2e-kind-encap-no-proxy.tar.gz
         path: log.tar.gz
         retention-days: 30
 
@@ -415,7 +415,7 @@ jobs:
   # yet.
   artifact-cleanup:
     name: Delete uploaded images
-    needs: [build-antrea-coverage-image, build-antrea-image, test-e2e-encap, test-e2e-encap-proxy, test-e2e-noencap, test-e2e-hybrid, test-e2e-encap-np, test-netpol-tmp, validate-prometheus-metrics-doc]
+    needs: [build-antrea-coverage-image, build-antrea-image, test-e2e-encap, test-e2e-encap-no-proxy, test-e2e-noencap, test-e2e-hybrid, test-e2e-encap-np, test-netpol-tmp, validate-prometheus-metrics-doc]
     if: ${{ always() }}
     runs-on: [ubuntu-18.04]
     steps:

build/yamls/antrea-aks.yml

@@ -1118,12 +1118,11 @@ data:
     featureGates:
     # Enable AntreaProxy which provides ServiceLB for in-cluster Services in antrea-agent.
     # It should be enabled on Windows, otherwise NetworkPolicy will not take effect on
-    # Service traffic. Antrea proxy doesn't support an IPv6 only cluster or a Dual-Stack cluster
-    # before PR #1102[https://github.com/vmware-tanzu/antrea/pull/1102] is merged.
-      AntreaProxy: true
+    # Service traffic.
+    #  AntreaProxy: true
 
     # Enable traceflow which provides packet tracing feature to diagnose network issue.
-    #  Traceflow: false
+    #  Traceflow: true
 
     # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins
     # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy
@@ -1199,7 +1198,7 @@ data:
     #apiPort: 10350
 
     # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener.
-    #enablePrometheusMetrics: false
+    #enablePrometheusMetrics: true
 
     # Provide flow collector address as string with format <IP>:<port>[:<proto>], where proto is tcp or udp. This also enables
     # the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge. If no L4 transport proto is given,
@@ -1240,7 +1239,7 @@ data:
     # FeatureGates is a map of feature names to bools that enable or disable experimental features.
     featureGates:
     # Enable traceflow which provides packet tracing feature to diagnose network issue.
-    #  Traceflow: false
+    #  Traceflow: true
 
     # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins
     # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy
@@ -1256,7 +1255,7 @@ data:
     #apiPort: 10349
 
     # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener.
-    #enablePrometheusMetrics: false
+    #enablePrometheusMetrics: true
 
     # Indicates whether to use auto-generated self-signed TLS certificate.
     # If false, A Secret named "antrea-controller-tls" must be provided with the following keys:
@@ -1271,7 +1270,7 @@ metadata:
   annotations: {}
   labels:
     app: antrea
-  name: antrea-config-hmttgfbf78
+  name: antrea-config-t4t2mdfhkc
   namespace: kube-system
 ---
 apiVersion: v1
@@ -1378,7 +1377,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-hmttgfbf78
+          name: antrea-config-t4t2mdfhkc
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -1642,7 +1641,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-hmttgfbf78
+          name: antrea-config-t4t2mdfhkc
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

build/yamls/antrea-eks.yml

@@ -1118,12 +1118,11 @@ data:
     featureGates:
     # Enable AntreaProxy which provides ServiceLB for in-cluster Services in antrea-agent.
     # It should be enabled on Windows, otherwise NetworkPolicy will not take effect on
-    # Service traffic. Antrea proxy doesn't support an IPv6 only cluster or a Dual-Stack cluster
-    # before PR #1102[https://github.com/vmware-tanzu/antrea/pull/1102] is merged.
-      AntreaProxy: true
+    # Service traffic.
+    #  AntreaProxy: true
 
     # Enable traceflow which provides packet tracing feature to diagnose network issue.
-    #  Traceflow: false
+    #  Traceflow: true
 
     # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins
     # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy
@@ -1199,7 +1198,7 @@ data:
     #apiPort: 10350
 
     # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener.
-    #enablePrometheusMetrics: false
+    #enablePrometheusMetrics: true
 
     # Provide flow collector address as string with format <IP>:<port>[:<proto>], where proto is tcp or udp. This also enables
     # the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge. If no L4 transport proto is given,
@@ -1240,7 +1239,7 @@ data:
     # FeatureGates is a map of feature names to bools that enable or disable experimental features.
     featureGates:
     # Enable traceflow which provides packet tracing feature to diagnose network issue.
-    #  Traceflow: false
+    #  Traceflow: true
 
     # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins
     # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy
@@ -1256,7 +1255,7 @@ data:
     #apiPort: 10349
 
     # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener.
-    #enablePrometheusMetrics: false
+    #enablePrometheusMetrics: true
 
     # Indicates whether to use auto-generated self-signed TLS certificate.
     # If false, A Secret named "antrea-controller-tls" must be provided with the following keys:
@@ -1271,7 +1270,7 @@ metadata:
   annotations: {}
   labels:
     app: antrea
-  name: antrea-config-hmttgfbf78
+  name: antrea-config-t4t2mdfhkc
   namespace: kube-system
 ---
 apiVersion: v1
@@ -1378,7 +1377,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-hmttgfbf78
+          name: antrea-config-t4t2mdfhkc
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -1644,7 +1643,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-hmttgfbf78
+          name: antrea-config-t4t2mdfhkc
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

build/yamls/antrea-gke.yml

@@ -1118,12 +1118,11 @@ data:
     featureGates:
     # Enable AntreaProxy which provides ServiceLB for in-cluster Services in antrea-agent.
     # It should be enabled on Windows, otherwise NetworkPolicy will not take effect on
-    # Service traffic. Antrea proxy doesn't support an IPv6 only cluster or a Dual-Stack cluster
-    # before PR #1102[https://github.com/vmware-tanzu/antrea/pull/1102] is merged.
-      AntreaProxy: true
+    # Service traffic.
+    #  AntreaProxy: true
 
     # Enable traceflow which provides packet tracing feature to diagnose network issue.
-    #  Traceflow: false
+    #  Traceflow: true
 
     # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins
     # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy
@@ -1199,7 +1198,7 @@ data:
     #apiPort: 10350
 
     # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener.
-    #enablePrometheusMetrics: false
+    #enablePrometheusMetrics: true
 
     # Provide flow collector address as string with format <IP>:<port>[:<proto>], where proto is tcp or udp. This also enables
     # the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge. If no L4 transport proto is given,
@@ -1240,7 +1239,7 @@ data:
     # FeatureGates is a map of feature names to bools that enable or disable experimental features.
     featureGates:
     # Enable traceflow which provides packet tracing feature to diagnose network issue.
-    #  Traceflow: false
+    #  Traceflow: true
 
     # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins
     # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy
@@ -1256,7 +1255,7 @@ data:
     #apiPort: 10349
 
     # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener.
-    #enablePrometheusMetrics: false
+    #enablePrometheusMetrics: true
 
     # Indicates whether to use auto-generated self-signed TLS certificate.
     # If false, A Secret named "antrea-controller-tls" must be provided with the following keys:
@@ -1271,7 +1270,7 @@ metadata:
   annotations: {}
   labels:
     app: antrea
-  name: antrea-config-8bc4m9g22g
+  name: antrea-config-gmt86d9t68
   namespace: kube-system
 ---
 apiVersion: v1
@@ -1378,7 +1377,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-8bc4m9g22g
+          name: antrea-config-gmt86d9t68
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -1642,7 +1641,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-8bc4m9g22g
+          name: antrea-config-gmt86d9t68
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

build/yamls/antrea-ipsec.yml

@@ -1118,12 +1118,11 @@ data:
     featureGates:
     # Enable AntreaProxy which provides ServiceLB for in-cluster Services in antrea-agent.
     # It should be enabled on Windows, otherwise NetworkPolicy will not take effect on
-    # Service traffic. Antrea proxy doesn't support an IPv6 only cluster or a Dual-Stack cluster
-    # before PR #1102[https://github.com/vmware-tanzu/antrea/pull/1102] is merged.
-    #  AntreaProxy: false
+    # Service traffic.
+    #  AntreaProxy: true
 
     # Enable traceflow which provides packet tracing feature to diagnose network issue.
-    #  Traceflow: false
+    #  Traceflow: true
 
     # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins
     # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy
@@ -1204,7 +1203,7 @@ data:
     #apiPort: 10350
 
     # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener.
-    #enablePrometheusMetrics: false
+    #enablePrometheusMetrics: true
 
     # Provide flow collector address as string with format <IP>:<port>[:<proto>], where proto is tcp or udp. This also enables
     # the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge. If no L4 transport proto is given,
@@ -1245,7 +1244,7 @@ data:
     # FeatureGates is a map of feature names to bools that enable or disable experimental features.
     featureGates:
     # Enable traceflow which provides packet tracing feature to diagnose network issue.
-    #  Traceflow: false
+    #  Traceflow: true
 
     # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins
     # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy
@@ -1261,7 +1260,7 @@ data:
     #apiPort: 10349
 
     # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener.
-    #enablePrometheusMetrics: false
+    #enablePrometheusMetrics: true
 
     # Indicates whether to use auto-generated self-signed TLS certificate.
     # If false, A Secret named "antrea-controller-tls" must be provided with the following keys:
@@ -1276,7 +1275,7 @@ metadata:
   annotations: {}
   labels:
     app: antrea
-  name: antrea-config-kgd27dftgd
+  name: antrea-config-2k6g59bdkg
   namespace: kube-system
 ---
 apiVersion: v1
@@ -1392,7 +1391,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-kgd27dftgd
+          name: antrea-config-2k6g59bdkg
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -1691,7 +1690,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-kgd27dftgd
+          name: antrea-config-2k6g59bdkg
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

build/yamls/antrea-windows.yml

@@ -21,7 +21,7 @@ data:
     # Enable antrea proxy which provides ServiceLB for in-cluster services in antrea agent.
     # It should be enabled on Windows, otherwise NetworkPolicy will not take effect on
     # Service traffic.
-      AntreaProxy: true
+    #  AntreaProxy: true
 
     # Enable flowexporter which exports polled conntrack connections as IPFIX flow records from each agent to a configured collector.
     #  FlowExporter: false
@@ -54,7 +54,7 @@ data:
     #apiPort: 10350
 
     # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener.
-    #enablePrometheusMetrics: false
+    #enablePrometheusMetrics: true
 
     # Provide flow collector address as string with format <IP>:<port>[:<proto>], where proto is tcp or udp. This also enables
     # the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge. If no L4 transport proto is given,
@@ -88,7 +88,7 @@ kind: ConfigMap
 metadata:
   labels:
     app: antrea
-  name: antrea-windows-config-5ht8dmf8tk
+  name: antrea-windows-config-6d4gc5kdc8
   namespace: kube-system
 ---
 apiVersion: apps/v1
@@ -176,7 +176,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-windows-config-5ht8dmf8tk
+          name: antrea-windows-config-6d4gc5kdc8
         name: antrea-windows-config
       - configMap:
           defaultMode: 420