From 24c0cb0cc5321957a38478078cffa3527bcaf56a Mon Sep 17 00:00:00 2001 From: Antonin Bas Date: Fri, 13 Nov 2020 00:22:58 -0800 Subject: [PATCH] Graduate some features from Alpha to Beta (#1531) * Graduate some features from Alpha to Beta * AntreaProxy * Traceflow * Prometheus metrics (not controlled by a feature gate but by a boolean config parameter, which now defaults to 'true') This change required a few modifications to some of our test scripts. * Skip inter-Node Traceflow test on Kind in encap mode * Use correct CT zone for IPv6 in endpointDNATFlow --- .github/workflows/kind.yml | 24 +++++----- build/yamls/antrea-aks.yml | 19 ++++---- build/yamls/antrea-eks.yml | 19 ++++---- build/yamls/antrea-gke.yml | 19 ++++---- build/yamls/antrea-ipsec.yml | 19 ++++---- build/yamls/antrea-windows.yml | 8 ++-- build/yamls/antrea.yml | 19 ++++---- build/yamls/base/conf/antrea-agent.conf | 9 ++-- build/yamls/base/conf/antrea-controller.conf | 4 +- .../yamls/windows/base/conf/antrea-agent.conf | 4 +- ci/jenkins/test-vmc.sh | 3 +- ci/kind/kind-setup.sh | 19 ++++---- ci/kind/test-e2e-kind.sh | 14 +++--- cmd/antrea-agent/config.go | 2 +- cmd/antrea-agent/options.go | 21 ++++----- cmd/antrea-controller/config.go | 2 +- cmd/antrea-controller/options.go | 24 ++++------ docs/feature-gates.md | 23 +++++----- hack/generate-manifest.sh | 33 +++++--------- pkg/agent/openflow/pipeline.go | 4 +- pkg/features/antrea_features.go | 6 ++- test/e2e/infra/vagrant/push_antrea.sh | 1 - test/e2e/proxy_test.go | 2 +- test/e2e/traceflow_test.go | 44 ++++++++++--------- 24 files changed, 159 insertions(+), 183 deletions(-) diff --git a/.github/workflows/kind.yml b/.github/workflows/kind.yml index 512ed95e912..89fa508046e 100755 --- a/.github/workflows/kind.yml +++ b/.github/workflows/kind.yml @@ -103,8 +103,8 @@ jobs: path: log.tar.gz retention-days: 30 - test-e2e-encap-proxy: - name: E2e tests on a Kind cluster on Linux with proxy enabled + test-e2e-encap-no-proxy: + name: E2e tests on a Kind cluster on Linux with AntreaProxy disabled needs: build-antrea-coverage-image runs-on: [ubuntu-18.04] steps: @@ -131,15 +131,15 @@ jobs: - name: Run e2e tests run: | mkdir log - mkdir test-e2e-encap-proxy-coverage - ANTREA_LOG_DIR=$PWD/log ANTREA_COV_DIR=$PWD/test-e2e-encap-proxy-coverage ./ci/kind/test-e2e-kind.sh --encap-mode encap --proxy --coverage + mkdir test-e2e-encap-no-proxy-coverage + ANTREA_LOG_DIR=$PWD/log ANTREA_COV_DIR=$PWD/test-e2e-encap-no-proxy-coverage ./ci/kind/test-e2e-kind.sh --encap-mode encap --no-proxy --coverage - name: Tar coverage files - run: tar -czf test-e2e-encap-proxy-coverage.tar.gz test-e2e-encap-proxy-coverage - - name: Upload coverage for test-e2e-encap-proxy-coverage + run: tar -czf test-e2e-encap-no-proxy-coverage.tar.gz test-e2e-encap-no-proxy-coverage + - name: Upload coverage for test-e2e-encap-no-proxy-coverage uses: actions/upload-artifact@v2 with: - name: test-e2e-encap-proxy-coverage - path: test-e2e-encap-proxy-coverage.tar.gz + name: test-e2e-encap-no-proxy-coverage + path: test-e2e-encap-no-proxy-coverage.tar.gz retention-days: 30 - name: Codecov uses: codecov/codecov-action@v1 @@ -147,8 +147,8 @@ jobs: token: ${{ secrets.CODECOV_TOKEN }} file: '*antrea*' flags: kind-e2e-tests - name: codecov-test-e2e-encap-proxy - directory: test-e2e-encap-proxy-coverage + name: codecov-test-e2e-encap-no-proxy + directory: test-e2e-encap-no-proxy-coverage - name: Tar log files if: ${{ failure() }} run: tar -czf log.tar.gz log @@ -156,7 +156,7 @@ jobs: uses: actions/upload-artifact@v2 if: ${{ failure() }} with: - name: e2e-kind-encap-proxy.tar.gz + name: e2e-kind-encap-no-proxy.tar.gz path: log.tar.gz retention-days: 30 @@ -415,7 +415,7 @@ jobs: # yet. artifact-cleanup: name: Delete uploaded images - needs: [build-antrea-coverage-image, build-antrea-image, test-e2e-encap, test-e2e-encap-proxy, test-e2e-noencap, test-e2e-hybrid, test-e2e-encap-np, test-netpol-tmp, validate-prometheus-metrics-doc] + needs: [build-antrea-coverage-image, build-antrea-image, test-e2e-encap, test-e2e-encap-no-proxy, test-e2e-noencap, test-e2e-hybrid, test-e2e-encap-np, test-netpol-tmp, validate-prometheus-metrics-doc] if: ${{ always() }} runs-on: [ubuntu-18.04] steps: diff --git a/build/yamls/antrea-aks.yml b/build/yamls/antrea-aks.yml index e2401260cd0..e65ac84bc8d 100644 --- a/build/yamls/antrea-aks.yml +++ b/build/yamls/antrea-aks.yml @@ -1118,12 +1118,11 @@ data: featureGates: # Enable AntreaProxy which provides ServiceLB for in-cluster Services in antrea-agent. # It should be enabled on Windows, otherwise NetworkPolicy will not take effect on - # Service traffic. Antrea proxy doesn't support an IPv6 only cluster or a Dual-Stack cluster - # before PR #1102[https://github.com/vmware-tanzu/antrea/pull/1102] is merged. - AntreaProxy: true + # Service traffic. + # AntreaProxy: true # Enable traceflow which provides packet tracing feature to diagnose network issue. - # Traceflow: false + # Traceflow: true # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy @@ -1199,7 +1198,7 @@ data: #apiPort: 10350 # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener. - #enablePrometheusMetrics: false + #enablePrometheusMetrics: true # Provide flow collector address as string with format :[:], where proto is tcp or udp. This also enables # the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge. If no L4 transport proto is given, @@ -1240,7 +1239,7 @@ data: # FeatureGates is a map of feature names to bools that enable or disable experimental features. featureGates: # Enable traceflow which provides packet tracing feature to diagnose network issue. - # Traceflow: false + # Traceflow: true # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy @@ -1256,7 +1255,7 @@ data: #apiPort: 10349 # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener. - #enablePrometheusMetrics: false + #enablePrometheusMetrics: true # Indicates whether to use auto-generated self-signed TLS certificate. # If false, A Secret named "antrea-controller-tls" must be provided with the following keys: @@ -1271,7 +1270,7 @@ metadata: annotations: {} labels: app: antrea - name: antrea-config-hmttgfbf78 + name: antrea-config-t4t2mdfhkc namespace: kube-system --- apiVersion: v1 @@ -1378,7 +1377,7 @@ spec: key: node-role.kubernetes.io/master volumes: - configMap: - name: antrea-config-hmttgfbf78 + name: antrea-config-t4t2mdfhkc name: antrea-config - name: antrea-controller-tls secret: @@ -1642,7 +1641,7 @@ spec: operator: Exists volumes: - configMap: - name: antrea-config-hmttgfbf78 + name: antrea-config-t4t2mdfhkc name: antrea-config - hostPath: path: /etc/cni/net.d diff --git a/build/yamls/antrea-eks.yml b/build/yamls/antrea-eks.yml index 10c7b46a282..9559970640c 100644 --- a/build/yamls/antrea-eks.yml +++ b/build/yamls/antrea-eks.yml @@ -1118,12 +1118,11 @@ data: featureGates: # Enable AntreaProxy which provides ServiceLB for in-cluster Services in antrea-agent. # It should be enabled on Windows, otherwise NetworkPolicy will not take effect on - # Service traffic. Antrea proxy doesn't support an IPv6 only cluster or a Dual-Stack cluster - # before PR #1102[https://github.com/vmware-tanzu/antrea/pull/1102] is merged. - AntreaProxy: true + # Service traffic. + # AntreaProxy: true # Enable traceflow which provides packet tracing feature to diagnose network issue. - # Traceflow: false + # Traceflow: true # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy @@ -1199,7 +1198,7 @@ data: #apiPort: 10350 # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener. - #enablePrometheusMetrics: false + #enablePrometheusMetrics: true # Provide flow collector address as string with format :[:], where proto is tcp or udp. This also enables # the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge. If no L4 transport proto is given, @@ -1240,7 +1239,7 @@ data: # FeatureGates is a map of feature names to bools that enable or disable experimental features. featureGates: # Enable traceflow which provides packet tracing feature to diagnose network issue. - # Traceflow: false + # Traceflow: true # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy @@ -1256,7 +1255,7 @@ data: #apiPort: 10349 # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener. - #enablePrometheusMetrics: false + #enablePrometheusMetrics: true # Indicates whether to use auto-generated self-signed TLS certificate. # If false, A Secret named "antrea-controller-tls" must be provided with the following keys: @@ -1271,7 +1270,7 @@ metadata: annotations: {} labels: app: antrea - name: antrea-config-hmttgfbf78 + name: antrea-config-t4t2mdfhkc namespace: kube-system --- apiVersion: v1 @@ -1378,7 +1377,7 @@ spec: key: node-role.kubernetes.io/master volumes: - configMap: - name: antrea-config-hmttgfbf78 + name: antrea-config-t4t2mdfhkc name: antrea-config - name: antrea-controller-tls secret: @@ -1644,7 +1643,7 @@ spec: operator: Exists volumes: - configMap: - name: antrea-config-hmttgfbf78 + name: antrea-config-t4t2mdfhkc name: antrea-config - hostPath: path: /etc/cni/net.d diff --git a/build/yamls/antrea-gke.yml b/build/yamls/antrea-gke.yml index ddceee84d18..dd2fff2b487 100644 --- a/build/yamls/antrea-gke.yml +++ b/build/yamls/antrea-gke.yml @@ -1118,12 +1118,11 @@ data: featureGates: # Enable AntreaProxy which provides ServiceLB for in-cluster Services in antrea-agent. # It should be enabled on Windows, otherwise NetworkPolicy will not take effect on - # Service traffic. Antrea proxy doesn't support an IPv6 only cluster or a Dual-Stack cluster - # before PR #1102[https://github.com/vmware-tanzu/antrea/pull/1102] is merged. - AntreaProxy: true + # Service traffic. + # AntreaProxy: true # Enable traceflow which provides packet tracing feature to diagnose network issue. - # Traceflow: false + # Traceflow: true # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy @@ -1199,7 +1198,7 @@ data: #apiPort: 10350 # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener. - #enablePrometheusMetrics: false + #enablePrometheusMetrics: true # Provide flow collector address as string with format :[:], where proto is tcp or udp. This also enables # the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge. If no L4 transport proto is given, @@ -1240,7 +1239,7 @@ data: # FeatureGates is a map of feature names to bools that enable or disable experimental features. featureGates: # Enable traceflow which provides packet tracing feature to diagnose network issue. - # Traceflow: false + # Traceflow: true # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy @@ -1256,7 +1255,7 @@ data: #apiPort: 10349 # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener. - #enablePrometheusMetrics: false + #enablePrometheusMetrics: true # Indicates whether to use auto-generated self-signed TLS certificate. # If false, A Secret named "antrea-controller-tls" must be provided with the following keys: @@ -1271,7 +1270,7 @@ metadata: annotations: {} labels: app: antrea - name: antrea-config-8bc4m9g22g + name: antrea-config-gmt86d9t68 namespace: kube-system --- apiVersion: v1 @@ -1378,7 +1377,7 @@ spec: key: node-role.kubernetes.io/master volumes: - configMap: - name: antrea-config-8bc4m9g22g + name: antrea-config-gmt86d9t68 name: antrea-config - name: antrea-controller-tls secret: @@ -1642,7 +1641,7 @@ spec: operator: Exists volumes: - configMap: - name: antrea-config-8bc4m9g22g + name: antrea-config-gmt86d9t68 name: antrea-config - hostPath: path: /etc/cni/net.d diff --git a/build/yamls/antrea-ipsec.yml b/build/yamls/antrea-ipsec.yml index 4233e044952..5e84502b745 100644 --- a/build/yamls/antrea-ipsec.yml +++ b/build/yamls/antrea-ipsec.yml @@ -1118,12 +1118,11 @@ data: featureGates: # Enable AntreaProxy which provides ServiceLB for in-cluster Services in antrea-agent. # It should be enabled on Windows, otherwise NetworkPolicy will not take effect on - # Service traffic. Antrea proxy doesn't support an IPv6 only cluster or a Dual-Stack cluster - # before PR #1102[https://github.com/vmware-tanzu/antrea/pull/1102] is merged. - # AntreaProxy: false + # Service traffic. + # AntreaProxy: true # Enable traceflow which provides packet tracing feature to diagnose network issue. - # Traceflow: false + # Traceflow: true # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy @@ -1204,7 +1203,7 @@ data: #apiPort: 10350 # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener. - #enablePrometheusMetrics: false + #enablePrometheusMetrics: true # Provide flow collector address as string with format :[:], where proto is tcp or udp. This also enables # the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge. If no L4 transport proto is given, @@ -1245,7 +1244,7 @@ data: # FeatureGates is a map of feature names to bools that enable or disable experimental features. featureGates: # Enable traceflow which provides packet tracing feature to diagnose network issue. - # Traceflow: false + # Traceflow: true # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy @@ -1261,7 +1260,7 @@ data: #apiPort: 10349 # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener. - #enablePrometheusMetrics: false + #enablePrometheusMetrics: true # Indicates whether to use auto-generated self-signed TLS certificate. # If false, A Secret named "antrea-controller-tls" must be provided with the following keys: @@ -1276,7 +1275,7 @@ metadata: annotations: {} labels: app: antrea - name: antrea-config-kgd27dftgd + name: antrea-config-2k6g59bdkg namespace: kube-system --- apiVersion: v1 @@ -1392,7 +1391,7 @@ spec: key: node-role.kubernetes.io/master volumes: - configMap: - name: antrea-config-kgd27dftgd + name: antrea-config-2k6g59bdkg name: antrea-config - name: antrea-controller-tls secret: @@ -1691,7 +1690,7 @@ spec: operator: Exists volumes: - configMap: - name: antrea-config-kgd27dftgd + name: antrea-config-2k6g59bdkg name: antrea-config - hostPath: path: /etc/cni/net.d diff --git a/build/yamls/antrea-windows.yml b/build/yamls/antrea-windows.yml index a90ad9851b1..1d1ca6ab6ae 100644 --- a/build/yamls/antrea-windows.yml +++ b/build/yamls/antrea-windows.yml @@ -21,7 +21,7 @@ data: # Enable antrea proxy which provides ServiceLB for in-cluster services in antrea agent. # It should be enabled on Windows, otherwise NetworkPolicy will not take effect on # Service traffic. - AntreaProxy: true + # AntreaProxy: true # Enable flowexporter which exports polled conntrack connections as IPFIX flow records from each agent to a configured collector. # FlowExporter: false @@ -54,7 +54,7 @@ data: #apiPort: 10350 # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener. - #enablePrometheusMetrics: false + #enablePrometheusMetrics: true # Provide flow collector address as string with format :[:], where proto is tcp or udp. This also enables # the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge. If no L4 transport proto is given, @@ -88,7 +88,7 @@ kind: ConfigMap metadata: labels: app: antrea - name: antrea-windows-config-5ht8dmf8tk + name: antrea-windows-config-6d4gc5kdc8 namespace: kube-system --- apiVersion: apps/v1 @@ -176,7 +176,7 @@ spec: operator: Exists volumes: - configMap: - name: antrea-windows-config-5ht8dmf8tk + name: antrea-windows-config-6d4gc5kdc8 name: antrea-windows-config - configMap: defaultMode: 420 diff --git a/build/yamls/antrea.yml b/build/yamls/antrea.yml index 8e852565959..c9cb7c4a851 100644 --- a/build/yamls/antrea.yml +++ b/build/yamls/antrea.yml @@ -1118,12 +1118,11 @@ data: featureGates: # Enable AntreaProxy which provides ServiceLB for in-cluster Services in antrea-agent. # It should be enabled on Windows, otherwise NetworkPolicy will not take effect on - # Service traffic. Antrea proxy doesn't support an IPv6 only cluster or a Dual-Stack cluster - # before PR #1102[https://github.com/vmware-tanzu/antrea/pull/1102] is merged. - # AntreaProxy: false + # Service traffic. + # AntreaProxy: true # Enable traceflow which provides packet tracing feature to diagnose network issue. - # Traceflow: false + # Traceflow: true # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy @@ -1204,7 +1203,7 @@ data: #apiPort: 10350 # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener. - #enablePrometheusMetrics: false + #enablePrometheusMetrics: true # Provide flow collector address as string with format :[:], where proto is tcp or udp. This also enables # the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge. If no L4 transport proto is given, @@ -1245,7 +1244,7 @@ data: # FeatureGates is a map of feature names to bools that enable or disable experimental features. featureGates: # Enable traceflow which provides packet tracing feature to diagnose network issue. - # Traceflow: false + # Traceflow: true # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy @@ -1261,7 +1260,7 @@ data: #apiPort: 10349 # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener. - #enablePrometheusMetrics: false + #enablePrometheusMetrics: true # Indicates whether to use auto-generated self-signed TLS certificate. # If false, A Secret named "antrea-controller-tls" must be provided with the following keys: @@ -1276,7 +1275,7 @@ metadata: annotations: {} labels: app: antrea - name: antrea-config-2hk276fdf4 + name: antrea-config-9c7h568bgf namespace: kube-system --- apiVersion: v1 @@ -1383,7 +1382,7 @@ spec: key: node-role.kubernetes.io/master volumes: - configMap: - name: antrea-config-2hk276fdf4 + name: antrea-config-9c7h568bgf name: antrea-config - name: antrea-controller-tls secret: @@ -1647,7 +1646,7 @@ spec: operator: Exists volumes: - configMap: - name: antrea-config-2hk276fdf4 + name: antrea-config-9c7h568bgf name: antrea-config - hostPath: path: /etc/cni/net.d diff --git a/build/yamls/base/conf/antrea-agent.conf b/build/yamls/base/conf/antrea-agent.conf index 887dd866233..a72f353f448 100644 --- a/build/yamls/base/conf/antrea-agent.conf +++ b/build/yamls/base/conf/antrea-agent.conf @@ -2,12 +2,11 @@ featureGates: # Enable AntreaProxy which provides ServiceLB for in-cluster Services in antrea-agent. # It should be enabled on Windows, otherwise NetworkPolicy will not take effect on -# Service traffic. Antrea proxy doesn't support an IPv6 only cluster or a Dual-Stack cluster -# before PR #1102[https://github.com/vmware-tanzu/antrea/pull/1102] is merged. -# AntreaProxy: false +# Service traffic. +# AntreaProxy: true # Enable traceflow which provides packet tracing feature to diagnose network issue. -# Traceflow: false +# Traceflow: true # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy @@ -88,7 +87,7 @@ featureGates: #apiPort: 10350 # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener. -#enablePrometheusMetrics: false +#enablePrometheusMetrics: true # Provide flow collector address as string with format :[:], where proto is tcp or udp. This also enables # the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge. If no L4 transport proto is given, diff --git a/build/yamls/base/conf/antrea-controller.conf b/build/yamls/base/conf/antrea-controller.conf index 264aacf4478..e856cda0be0 100644 --- a/build/yamls/base/conf/antrea-controller.conf +++ b/build/yamls/base/conf/antrea-controller.conf @@ -1,7 +1,7 @@ # FeatureGates is a map of feature names to bools that enable or disable experimental features. featureGates: # Enable traceflow which provides packet tracing feature to diagnose network issue. -# Traceflow: false +# Traceflow: true # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy @@ -17,7 +17,7 @@ featureGates: #apiPort: 10349 # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener. -#enablePrometheusMetrics: false +#enablePrometheusMetrics: true # Indicates whether to use auto-generated self-signed TLS certificate. # If false, A Secret named "antrea-controller-tls" must be provided with the following keys: diff --git a/build/yamls/windows/base/conf/antrea-agent.conf b/build/yamls/windows/base/conf/antrea-agent.conf index b44c7916683..a272a5a407b 100644 --- a/build/yamls/windows/base/conf/antrea-agent.conf +++ b/build/yamls/windows/base/conf/antrea-agent.conf @@ -3,7 +3,7 @@ featureGates: # Enable antrea proxy which provides ServiceLB for in-cluster services in antrea agent. # It should be enabled on Windows, otherwise NetworkPolicy will not take effect on # Service traffic. - AntreaProxy: true +# AntreaProxy: true # Enable flowexporter which exports polled conntrack connections as IPFIX flow records from each agent to a configured collector. # FlowExporter: false @@ -36,7 +36,7 @@ featureGates: #apiPort: 10350 # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener. -#enablePrometheusMetrics: false +#enablePrometheusMetrics: true # Provide flow collector address as string with format :[:], where proto is tcp or udp. This also enables # the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge. If no L4 transport proto is given, diff --git a/ci/jenkins/test-vmc.sh b/ci/jenkins/test-vmc.sh index 98cee64f4b2..ddcf10a07fb 100755 --- a/ci/jenkins/test-vmc.sh +++ b/ci/jenkins/test-vmc.sh @@ -276,8 +276,7 @@ function deliver_antrea { sed -i "s|#serviceCIDR: 10.96.0.0/12|serviceCIDR: 100.64.0.0/13|g" $GIT_CHECKOUT_DIR/build/yamls/$antrea_yml - # Configure and append antrea-prometheus.yml to antrea.yml - sed -i "s|#enablePrometheusMetrics: false|enablePrometheusMetrics: true|g" $GIT_CHECKOUT_DIR/build/yamls/$antrea_yml + # Append antrea-prometheus.yml to antrea.yml echo "---" >> $GIT_CHECKOUT_DIR/build/yamls/$antrea_yml cat $GIT_CHECKOUT_DIR/build/yamls/antrea-prometheus.yml >> $GIT_CHECKOUT_DIR/build/yamls/$antrea_yml diff --git a/ci/kind/kind-setup.sh b/ci/kind/kind-setup.sh index c90692abe71..8ee65e225d6 100755 --- a/ci/kind/kind-setup.sh +++ b/ci/kind/kind-setup.sh @@ -26,7 +26,7 @@ POD_CIDR="10.10.0.0/16" NUM_WORKERS=2 SUBNETS="" ENCAP_MODE="" -PROXY=false +PROXY=true PROMETHEUS=false THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" @@ -47,9 +47,9 @@ where: modify-node: modify kind node with name NODE_NAME --pod-cidr: specifies pod cidr used in kind cluster, default is $POD_CIDR --encap-mode: inter-node pod traffic encap mode, default is encap - --proxy: enable Antrea proxy, default is false - --antrea-cni: specifies install Antrea CNI in kind cluster, default is true. - --prometheus: enable Prometheus metrics listener for Antrea Controller and Agents, default is false + --no-proxy: disable Antrea proxy + --antrea-cni: specifies install Antrea CNI in kind cluster, default is true + --prometheus: create RBAC resources for Prometheus, default is false --num-workers: specifies number of worker nodes in kind cluster, default is $NUM_WORKERS --images: specifies images loaded to kind cluster, default is $IMAGES --subnets: a subnet creates a separate docker bridge network (named 'antrea-') with assigned subnet that worker nodes may connect to. Default is empty: all worker @@ -271,11 +271,8 @@ EOF if [[ $ANTREA_CNI == true ]]; then cmd=$(dirname $0) cmd+="/../../hack/generate-manifest.sh" - if [[ $PROXY == true ]]; then - cmd+=" --proxy" - fi - if [[ $PROMETHEUS == true ]]; then - cmd+=" --prometheus" + if [[ $PROXY == false ]]; then + cmd+=" --no-proxy" fi echo "$cmd --kind $(get_encap_mode) | kubectl apply --context kind-$CLUSTER_NAME -f -" eval "$cmd --kind $(get_encap_mode) | kubectl apply --context kind-$CLUSTER_NAME -f -" @@ -327,8 +324,8 @@ while [[ $# -gt 0 ]] ENCAP_MODE="$2" shift 2 ;; - --proxy) - PROXY=true + --no-proxy) + PROXY=false shift ;; --prometheus) diff --git a/ci/kind/test-e2e-kind.sh b/ci/kind/test-e2e-kind.sh index 18b8b278c60..1664683b25d 100755 --- a/ci/kind/test-e2e-kind.sh +++ b/ci/kind/test-e2e-kind.sh @@ -22,9 +22,9 @@ function echoerr { >&2 echo "$@" } -_usage="Usage: $0 [--encap-mode ] [--proxy] [--np] [--coverage] [--help|-h] +_usage="Usage: $0 [--encap-mode ] [--no-proxy] [--np] [--coverage] [--help|-h] --encap-mode Traffic encapsulation mode. (default is 'encap') - --proxy Enables Antrea proxy. + --no-proxy Disables Antrea proxy. --np Enables Namespaced Antrea NetworkPolicy CRDs and ClusterNetworkPolicy related CRDs. --coverage Enables measure Antrea code coverage when run e2e tests on kind. --help, -h Print this message and exit @@ -48,7 +48,7 @@ function quit { trap "quit" INT EXIT mode="" -proxy=false +proxy=true np=false coverage=false while [[ $# -gt 0 ]] @@ -56,8 +56,8 @@ do key="$1" case $key in - --proxy) - proxy=true + --no-proxy) + proxy=false shift ;; --np) @@ -84,8 +84,8 @@ esac done manifest_args="" -if $proxy; then - manifest_args="$manifest_args --proxy" +if ! $proxy; then + manifest_args="$manifest_args --no-proxy" fi if $np; then # See https://github.com/vmware-tanzu/antrea/issues/897 diff --git a/cmd/antrea-agent/config.go b/cmd/antrea-agent/config.go index 27f88467199..67d7497d1c6 100644 --- a/cmd/antrea-agent/config.go +++ b/cmd/antrea-agent/config.go @@ -99,7 +99,7 @@ type AgentConfig struct { // Defaults to 10350. APIPort int `yaml:"apiPort,omitempty"` // Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener - // Defaults to false. + // Defaults to true. EnablePrometheusMetrics bool `yaml:"enablePrometheusMetrics,omitempty"` // Provide the flow collector address as string with format :[:], where proto is tcp or udp. This also // enables the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge. If no L4 transport proto diff --git a/cmd/antrea-agent/options.go b/cmd/antrea-agent/options.go index bcd9fe149b7..79ff70ab856 100644 --- a/cmd/antrea-agent/options.go +++ b/cmd/antrea-agent/options.go @@ -54,7 +54,9 @@ type Options struct { func newOptions() *Options { return &Options{ - config: new(AgentConfig), + config: &AgentConfig{ + EnablePrometheusMetrics: true, + }, } } @@ -66,11 +68,9 @@ func (o *Options) addFlags(fs *pflag.FlagSet) { // complete completes all the required options. func (o *Options) complete(args []string) error { if len(o.configFile) > 0 { - c, err := o.loadConfigFromFile(o.configFile) - if err != nil { + if err := o.loadConfigFromFile(); err != nil { return err } - o.config = c } o.setDefaults() return features.DefaultMutableFeatureGate.SetFromMap(o.config.FeatureGates) @@ -136,18 +136,13 @@ func (o *Options) validate(args []string) error { return nil } -func (o *Options) loadConfigFromFile(file string) (*AgentConfig, error) { - data, err := ioutil.ReadFile(file) +func (o *Options) loadConfigFromFile() error { + data, err := ioutil.ReadFile(o.configFile) if err != nil { - return nil, err + return err } - var c AgentConfig - err = yaml.UnmarshalStrict(data, &c) - if err != nil { - return nil, err - } - return &c, nil + return yaml.UnmarshalStrict(data, &o.config) } func (o *Options) setDefaults() { diff --git a/cmd/antrea-controller/config.go b/cmd/antrea-controller/config.go index 92b30683108..a7bcee36d65 100644 --- a/cmd/antrea-controller/config.go +++ b/cmd/antrea-controller/config.go @@ -28,7 +28,7 @@ type ControllerConfig struct { // Defaults to 10349. APIPort int `yaml:"apiPort,omitempty"` // Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener - // Defaults to false. + // Defaults to true. EnablePrometheusMetrics bool `yaml:"enablePrometheusMetrics,omitempty"` // Indicates whether to use auto-generated self-signed TLS certificate. // If false, A Secret named "antrea-controller-tls" must be provided with the following keys: diff --git a/cmd/antrea-controller/options.go b/cmd/antrea-controller/options.go index cac18b3dfce..483f25cad4c 100644 --- a/cmd/antrea-controller/options.go +++ b/cmd/antrea-controller/options.go @@ -34,7 +34,10 @@ type Options struct { func newOptions() *Options { return &Options{ - config: new(ControllerConfig), + config: &ControllerConfig{ + EnablePrometheusMetrics: true, + SelfSignedCert: true, + }, } } @@ -46,11 +49,9 @@ func (o *Options) addFlags(fs *pflag.FlagSet) { // complete completes all the required options. func (o *Options) complete(args []string) error { if len(o.configFile) > 0 { - c, err := o.loadConfigFromFile(o.configFile) - if err != nil { + if err := o.loadConfigFromFile(); err != nil { return err } - o.config = c } o.setDefaults() return features.DefaultMutableFeatureGate.SetFromMap(o.config.FeatureGates) @@ -64,20 +65,13 @@ func (o *Options) validate(args []string) error { return nil } -func (o *Options) loadConfigFromFile(file string) (*ControllerConfig, error) { - data, err := ioutil.ReadFile(file) +func (o *Options) loadConfigFromFile() error { + data, err := ioutil.ReadFile(o.configFile) if err != nil { - return nil, err + return err } - c := ControllerConfig{ - SelfSignedCert: true, - } - err = yaml.UnmarshalStrict(data, &c) - if err != nil { - return nil, err - } - return &c, nil + return yaml.UnmarshalStrict(data, &o.config) } func (o *Options) setDefaults() { diff --git a/docs/feature-gates.md b/docs/feature-gates.md index 5daab15fb34..f9e2edef68b 100644 --- a/docs/feature-gates.md +++ b/docs/feature-gates.md @@ -33,11 +33,11 @@ example, to enable `AntreaProxy` on Linux, edit the Agent configuration in the | Feature Name | Component | Default | Stage | Alpha Release | Beta Release | GA Release | Extra Requirements | Notes | | ----------------------- | ------------------ | ------- | ----- | ------------- | ------------ | ---------- | ------------------ | ----- | -| `AntreaProxy` | Agent | `false` | Alpha | v0.8.0 | N/A | N/A | Yes | Must be enabled for Windows. | -| `AntreaPolicy` | Agent + Controller | `false` | Alpha | v0.8.0 | N/A | N/A | No | Agent side config required from v0.9.0+. | -| `Traceflow` | Agent + Controller | `false` | Alpha | v0.8.0 | N/A | N/A | Yes | | -| `FlowExporter` | Agent | `false` | Alpha | v0.9.0 | N/A | N/A | Yes | | -| `NetworkPolicyStats` | Agent + Controller | `false` | Alpha | v0.10.0 | N/A | N/A | No | | +| `AntreaProxy` | Agent | `false` | Alpha | v0.8 | v0.11 | N/A | Yes | Must be enabled for Windows. | +| `AntreaPolicy` | Agent + Controller | `false` | Alpha | v0.8 | N/A | N/A | No | Agent side config required from v0.9.0+. | +| `Traceflow` | Agent + Controller | `false` | Alpha | v0.8 | v0.11 | N/A | Yes | | +| `FlowExporter` | Agent | `false` | Alpha | v0.9 | N/A | N/A | Yes | | +| `NetworkPolicyStats` | Agent + Controller | `false` | Alpha | v0.10 | N/A | N/A | No | | ## Description and Requirements of Features @@ -81,11 +81,14 @@ this [document](traceflow-guide.md) for more information. #### Requirements for this Feature -This feature can only be used in "encap" mode when the Geneve tunnel type is -being used. Note that this is the default configuration for both Linux and -Windows. In order to support cluster Services as the destination for tracing -requests, `AntreaProxy` should be enabled (it is not enabled by default for -Linux Nodes in "encap" mode).. +Until Antrea v0.11, this feature could only be used in "encap" mode, with the +Geneve tunnel type (default configuration for both Linux and Windows). In v0.11, +this feature was graduated to Beta (enabled by default) and this requirement was +lifted. + +In order to support cluster Services as the destination for tracing requests, +`AntreaProxy` should be enabled, which is the default starting with Antrea +v0.11. ### Flow Exporter diff --git a/hack/generate-manifest.sh b/hack/generate-manifest.sh index 812d27b6b2e..14b9c713df6 100755 --- a/hack/generate-manifest.sh +++ b/hack/generate-manifest.sh @@ -20,7 +20,7 @@ function echoerr { >&2 echo "$@" } -_usage="Usage: $0 [--mode (dev|release)] [--encap-mode] [--kind] [--ipsec] [--proxy] [--np] [--keep] [--tun (geneve|vxlan|gre|stt)] [--verbose-log] [--help|-h] +_usage="Usage: $0 [--mode (dev|release)] [--encap-mode] [--kind] [--ipsec] [--no-proxy] [--np] [--keep] [--tun (geneve|vxlan|gre|stt)] [--verbose-log] [--help|-h] Generate a YAML manifest for Antrea using Kustomize and print it to stdout. --mode (dev|release) Choose the configuration variant that you need (default is 'dev') --encap-mode Traffic encapsulation mode. (default is 'encap') @@ -28,9 +28,8 @@ Generate a YAML manifest for Antrea using Kustomize and print it to stdout. --cloud Generate a manifest appropriate for running Antrea in Public Cloud --ipsec Generate a manifest with IPSec encryption of tunnel traffic enabled --all-features Generate a manifest with all alpha features enabled - --proxy Generate a manifest with Antrea proxy enabled + --no-proxy Generate a manifest with Antrea proxy disabled --np Generate a manifest with ClusterNetworkPolicy and Antrea NetworkPolicy features enabled - --prometheus Generate a manifest with Antrea Controller and Agent Prometheus metrics listener enabled --keep Debug flag which will preserve the generated kustomization.yml --tun (geneve|vxlan|gre|stt) Choose encap tunnel type from geneve, gre, stt and vxlan (default is geneve) --verbose-log Generate a manifest with increased log-level (level 4) for Antrea agent and controller. @@ -60,7 +59,7 @@ MODE="dev" KIND=false IPSEC=false ALLFEATURES=false -PROXY=false +PROXY=true NP=false KEEP=false ENCAP_MODE="" @@ -69,7 +68,6 @@ TUN_TYPE="geneve" VERBOSE_LOG=false ON_DELETE=false COVERAGE=false -PROMETHEUS=false while [[ $# -gt 0 ]] do @@ -100,18 +98,14 @@ case $key in ALLFEATURES=true shift ;; - --proxy) - PROXY=true + --no-proxy) + PROXY=false shift ;; --np) NP=true shift ;; - --prometheus) - PROMETHEUS=true - shift - ;; --keep) KEEP=true shift @@ -179,9 +173,9 @@ if ! $KIND && $ON_DELETE; then exit 1 fi -# noEncap/policy-only mode works with antrea-proxy. -if [[ "$ENCAP_MODE" != "" ]] && [[ "$ENCAP_MODE" != "encap" ]]; then - PROXY=true +if [[ "$ENCAP_MODE" != "" ]] && [[ "$ENCAP_MODE" != "encap" ]] && ! $PROXY; then + echoerr "Cannot use '--no-proxy' when '--encap-mode' is not 'encap'" + exit 1 fi THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" @@ -221,15 +215,13 @@ if $IPSEC; then fi if $ALLFEATURES; then - sed -i.bak -E "s/^[[:space:]]*#[[:space:]]*AntreaProxy[[:space:]]*:[[:space:]]*[a-z]+[[:space:]]*$/ AntreaProxy: true/" antrea-agent.conf - sed -i.bak -E "s/^[[:space:]]*#[[:space:]]*Traceflow[[:space:]]*:[[:space:]]*[a-z]+[[:space:]]*$/ Traceflow: true/" antrea-agent.conf sed -i.bak -E "s/^[[:space:]]*#[[:space:]]*AntreaPolicy[[:space:]]*:[[:space:]]*[a-z]+[[:space:]]*$/ AntreaPolicy: true/" antrea-agent.conf sed -i.bak -E "s/^[[:space:]]*#[[:space:]]*FlowExporter[[:space:]]*:[[:space:]]*[a-z]+[[:space:]]*$/ FlowExporter: true/" antrea-agent.conf sed -i.bak -E "s/^[[:space:]]*#[[:space:]]*NetworkPolicyStats[[:space:]]*:[[:space:]]*[a-z]+[[:space:]]*$/ NetworkPolicyStats: true/" antrea-agent.conf fi -if $PROXY; then - sed -i.bak -E "s/^[[:space:]]*#[[:space:]]*AntreaProxy[[:space:]]*:[[:space:]]*[a-z]+[[:space:]]*$/ AntreaProxy: true/" antrea-agent.conf +if ! $PROXY; then + sed -i.bak -E "s/^[[:space:]]*#[[:space:]]*AntreaProxy[[:space:]]*:[[:space:]]*[a-z]+[[:space:]]*$/ AntreaProxy: false/" antrea-agent.conf fi if $NP; then @@ -237,11 +229,6 @@ if $NP; then sed -i.bak -E "s/^[[:space:]]*#[[:space:]]*AntreaPolicy[[:space:]]*:[[:space:]]*[a-z]+[[:space:]]*$/ AntreaPolicy: true/" antrea-agent.conf fi -if $PROMETHEUS; then - sed -i.bak -E "s/^[[:space:]]*#[[:space:]]*enablePrometheusMetrics[[:space:]]*:[[:space:]]*[a-z]+[[:space:]]*$/enablePrometheusMetrics: true/" antrea-controller.conf - sed -i.bak -E "s/^[[:space:]]*#[[:space:]]*enablePrometheusMetrics[[:space:]]*:[[:space:]]*[a-z]+[[:space:]]*$/enablePrometheusMetrics: true/" antrea-agent.conf -fi - if [[ $ENCAP_MODE != "" ]]; then sed -i.bak -E "s/^[[:space:]]*#[[:space:]]*trafficEncapMode[[:space:]]*:[[:space:]]*[a-z]+[[:space:]]*$/trafficEncapMode: $ENCAP_MODE/" antrea-agent.conf fi diff --git a/pkg/agent/openflow/pipeline.go b/pkg/agent/openflow/pipeline.go index 8ec1d7803d0..22de3b2f0c1 100644 --- a/pkg/agent/openflow/pipeline.go +++ b/pkg/agent/openflow/pipeline.go @@ -1653,16 +1653,18 @@ func (c *client) endpointDNATFlow(endpointIP net.IP, endpointPort uint16, protoc Cookie(c.cookieAllocator.Request(cookie.Service).Raw()). MatchRegRange(int(endpointPortReg), unionVal, binding.Range{0, 18}). MatchProtocol(protocol) + ctZone := CtZone if ipProtocol == binding.ProtocolIP { ipVal := binary.BigEndian.Uint32(endpointIP.To4()) flowBuilder = flowBuilder.MatchReg(int(endpointIPReg), ipVal). MatchRegRange(int(endpointPortReg), unionVal, binding.Range{0, 18}) } else { + ctZone = CtZoneV6 ipVal := []byte(endpointIP) flowBuilder = flowBuilder.MatchXXReg(int(endpointIPv6XXReg), ipVal). MatchRegRange(int(endpointPortReg), unionVal, binding.Range{0, 18}) } - return flowBuilder.Action().CT(true, table.GetNext(), CtZone). + return flowBuilder.Action().CT(true, table.GetNext(), ctZone). DNAT( &binding.IPRange{StartIP: endpointIP, EndIP: endpointIP}, &binding.PortRange{StartPort: endpointPort, EndPort: endpointPort}, diff --git a/pkg/features/antrea_features.go b/pkg/features/antrea_features.go index fe07c98a03a..eb9c6572faf 100644 --- a/pkg/features/antrea_features.go +++ b/pkg/features/antrea_features.go @@ -34,12 +34,14 @@ const ( AntreaPolicy featuregate.Feature = "AntreaPolicy" // alpha: v0.8 + // beta: v0.11 // Enable antrea proxy which provides ServiceLB for in-cluster services in antrea agent. // It should be enabled on Windows, otherwise NetworkPolicy will not take effect on // Service traffic. AntreaProxy featuregate.Feature = "AntreaProxy" // alpha: v0.8 + // beta: v0.11 // Allows to trace path from a generated packet. Traceflow featuregate.Feature = "Traceflow" @@ -65,8 +67,8 @@ var ( // available throughout Antrea binaries. defaultAntreaFeatureGates = map[featuregate.Feature]featuregate.FeatureSpec{ AntreaPolicy: {Default: false, PreRelease: featuregate.Alpha}, - AntreaProxy: {Default: false, PreRelease: featuregate.Alpha}, - Traceflow: {Default: false, PreRelease: featuregate.Alpha}, + AntreaProxy: {Default: true, PreRelease: featuregate.Beta}, + Traceflow: {Default: true, PreRelease: featuregate.Beta}, FlowExporter: {Default: false, PreRelease: featuregate.Alpha}, NetworkPolicyStats: {Default: false, PreRelease: featuregate.Alpha}, } diff --git a/test/e2e/infra/vagrant/push_antrea.sh b/test/e2e/infra/vagrant/push_antrea.sh index 9309bfbcec1..0a7f9c827e8 100755 --- a/test/e2e/infra/vagrant/push_antrea.sh +++ b/test/e2e/infra/vagrant/push_antrea.sh @@ -39,7 +39,6 @@ cp "${ANTREA_BASE_YML}" "${ANTREA_YML}" if [ "$RUN_PROMETHEUS" == "true" ]; then # Prepare Antrea yamls - sed -i.bak -E 's|#enablePrometheusMetrics: false|enablePrometheusMetrics: true|g' "${ANTREA_YML}" echo "---" >> "${ANTREA_YML}" cat "${ANTREA_PROMETHEUS_YML}" >> "${ANTREA_YML}" fi diff --git a/test/e2e/proxy_test.go b/test/e2e/proxy_test.go index 00a966fd8ee..3de034da1e8 100644 --- a/test/e2e/proxy_test.go +++ b/test/e2e/proxy_test.go @@ -37,7 +37,7 @@ func skipIfProxyDisabled(t *testing.T, data *TestData) { if featureGate, err := data.GetAgentFeatures(antreaNamespace); err != nil { t.Fatalf("Error when detecting proxy: %v", err) } else if !featureGate.Enabled(features.AntreaProxy) { - t.Skip() + t.Skip("Skipping test because AntreaProxy is not enabled") } } diff --git a/test/e2e/traceflow_test.go b/test/e2e/traceflow_test.go index effdf444e97..129f217106b 100644 --- a/test/e2e/traceflow_test.go +++ b/test/e2e/traceflow_test.go @@ -26,8 +26,10 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" + "github.com/vmware-tanzu/antrea/pkg/agent/config" "github.com/vmware-tanzu/antrea/pkg/apis/controlplane/v1beta2" "github.com/vmware-tanzu/antrea/pkg/apis/ops/v1alpha1" + "github.com/vmware-tanzu/antrea/pkg/features" ) type testcase struct { @@ -37,6 +39,19 @@ type testcase struct { expectedResults []v1alpha1.NodeResult } +func skipIfTraceflowDisabled(t *testing.T, data *TestData) { + if featureGate, err := data.GetAgentFeatures(antreaNamespace); err != nil { + t.Fatalf("Error when detecting traceflow: %v", err) + } else if !featureGate.Enabled(features.AntreaProxy) { + t.Skip("Skipping test because Traceflow is not enabled in the Agent") + } + if featureGate, err := data.GetControllerFeatures(antreaNamespace); err != nil { + t.Fatalf("Error when detecting traceflow: %v", err) + } else if !featureGate.Enabled(features.AntreaProxy) { + t.Skip("Skipping test because Traceflow is not enabled in the Controller") + } +} + // TestTraceflowIntraNode verifies if traceflow can trace intra node traffic with some NetworkPolicies set. func TestTraceflowIntraNode(t *testing.T) { skipIfNotIPv4Cluster(t) @@ -46,8 +61,14 @@ func TestTraceflowIntraNode(t *testing.T) { } defer teardownTest(t, data) - if err = data.enableTraceflow(t); err != nil { - t.Fatal("Error when enabling Traceflow") + skipIfTraceflowDisabled(t, data) + encapMode, err := data.GetEncapMode() + if err != nil { + t.Fatalf("Failed to retrieve encap mode: %v", err) + } + if encapMode != config.TrafficEncapModeNoEncap { + // https://github.com/vmware-tanzu/antrea/issues/897 + skipIfProviderIs(t, "kind", "Skipping inter-Node Traceflow test for Kind because of #897") } node1 := nodeName(0) @@ -333,9 +354,7 @@ func TestTraceflowInterNode(t *testing.T) { } defer teardownTest(t, data) - if err = data.enableTraceflow(t); err != nil { - t.Fatal("Error when enabling Traceflow") - } + skipIfTraceflowDisabled(t, data) node1 := nodeName(0) node2 := nodeName(1) @@ -687,21 +706,6 @@ func (data *TestData) waitForTraceflow(t *testing.T, name string, phase v1alpha1 return tf, nil } -func (data *TestData) enableTraceflow(t *testing.T) error { - // Enable Traceflow in antrea-controller and antrea-agent ConfigMap. - // Use Geneve tunnel. - return data.mutateAntreaConfigMap(func(data map[string]string) { - antreaControllerConf, _ := data["antrea-controller.conf"] - antreaControllerConf = strings.Replace(antreaControllerConf, "# Traceflow: false", " Traceflow: true", 1) - data["antrea-controller.conf"] = antreaControllerConf - antreaAgentConf, _ := data["antrea-agent.conf"] - antreaAgentConf = strings.Replace(antreaAgentConf, "# Traceflow: false", " Traceflow: true", 1) - antreaAgentConf = strings.Replace(antreaAgentConf, "# AntreaProxy: false", " AntreaProxy: true", 1) - antreaAgentConf = strings.Replace(antreaAgentConf, "#tunnelType: geneve", "tunnelType: geneve", 1) - data["antrea-agent.conf"] = antreaAgentConf - }, true, true) -} - // compareObservations compares expected results and actual results. func compareObservations(expected v1alpha1.NodeResult, actual v1alpha1.NodeResult) error { if expected.Node != actual.Node {