For review comments.

Signed-off-by: Hongliang Liu <[email protected]>
antrea-io · Jul 29, 2021 · b1d3305 · b1d3305
1 parent ffbda93
commit b1d3305
Show file tree

Hide file tree

Showing 15 changed files with 210 additions and 163 deletions.
diff --git a/build/yamls/antrea-aks.yml b/build/yamls/antrea-aks.yml
@@ -3668,8 +3668,8 @@ data:
     # Service traffic.
     #  AntreaProxy: true
 
-    # Enable full Service support in AntreaProxy in antrea-agent. All type of Services can be
-    # accessed from outside the cluster.
+    # Enable full Service support in AntreaProxy in antrea-agent. Without KubeProxy, NodePort/LoadBalancer
+    # can be accessed from outside the cluster, and ClusterIP can be accessed from host.
     #  AntreaProxyFull: false
 
     # Enable EndpointSlice support in AntreaProxy. Don't enable this feature unless that EndpointSlice
@@ -3810,7 +3810,7 @@ data:
     # TLS min version from: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
     #tlsMinVersion:
 
-    # A string slice of values which specifies the host IPv4/IPv6 addresses for NodePort. Values can be valid IP blocks.
+    # A string array of values which specifies the host IPv4/IPv6 addresses for NodePort. Values can be valid IP blocks.
     # (e.g. 1.2.3.0/24, 1.2.3.4/32). An empty string slice is meant to select all host IPv4/IPv6 addresses.
     #nodePortAddresses: []
   antrea-cni.conflist: |
@@ -3895,7 +3895,7 @@ metadata:
   annotations: {}
   labels:
     app: antrea
-  name: antrea-config-tmfbcc69kt
+  name: antrea-config-gdc9t677tf
   namespace: kube-system
 ---
 apiVersion: v1
@@ -3966,7 +3966,7 @@ spec:
             fieldRef:
               fieldPath: spec.serviceAccountName
         - name: ANTREA_CONFIG_MAP_NAME
-          value: antrea-config-tmfbcc69kt
+          value: antrea-config-gdc9t677tf
         image: projects.registry.vmware.com/antrea/antrea-ubuntu:latest
         imagePullPolicy: IfNotPresent
         livenessProbe:
@@ -4017,7 +4017,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-tmfbcc69kt
+          name: antrea-config-gdc9t677tf
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -4313,7 +4313,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-tmfbcc69kt
+          name: antrea-config-gdc9t677tf
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

diff --git a/build/yamls/antrea-eks.yml b/build/yamls/antrea-eks.yml
@@ -3668,8 +3668,8 @@ data:
     # Service traffic.
     #  AntreaProxy: true
 
-    # Enable full Service support in AntreaProxy in antrea-agent. All type of Services can be
-    # accessed from outside the cluster.
+    # Enable full Service support in AntreaProxy in antrea-agent. Without KubeProxy, NodePort/LoadBalancer
+    # can be accessed from outside the cluster, and ClusterIP can be accessed from host.
     #  AntreaProxyFull: false
 
     # Enable EndpointSlice support in AntreaProxy. Don't enable this feature unless that EndpointSlice
@@ -3810,7 +3810,7 @@ data:
     # TLS min version from: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
     #tlsMinVersion:
 
-    # A string slice of values which specifies the host IPv4/IPv6 addresses for NodePort. Values can be valid IP blocks.
+    # A string array of values which specifies the host IPv4/IPv6 addresses for NodePort. Values can be valid IP blocks.
     # (e.g. 1.2.3.0/24, 1.2.3.4/32). An empty string slice is meant to select all host IPv4/IPv6 addresses.
     #nodePortAddresses: []
   antrea-cni.conflist: |
@@ -3895,7 +3895,7 @@ metadata:
   annotations: {}
   labels:
     app: antrea
-  name: antrea-config-tmfbcc69kt
+  name: antrea-config-gdc9t677tf
   namespace: kube-system
 ---
 apiVersion: v1
@@ -3966,7 +3966,7 @@ spec:
             fieldRef:
               fieldPath: spec.serviceAccountName
         - name: ANTREA_CONFIG_MAP_NAME
-          value: antrea-config-tmfbcc69kt
+          value: antrea-config-gdc9t677tf
         image: projects.registry.vmware.com/antrea/antrea-ubuntu:latest
         imagePullPolicy: IfNotPresent
         livenessProbe:
@@ -4017,7 +4017,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-tmfbcc69kt
+          name: antrea-config-gdc9t677tf
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -4315,7 +4315,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-tmfbcc69kt
+          name: antrea-config-gdc9t677tf
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

diff --git a/build/yamls/antrea-gke.yml b/build/yamls/antrea-gke.yml
@@ -3668,8 +3668,8 @@ data:
     # Service traffic.
     #  AntreaProxy: true
 
-    # Enable full Service support in AntreaProxy in antrea-agent. All type of Services can be
-    # accessed from outside the cluster.
+    # Enable full Service support in AntreaProxy in antrea-agent. Without KubeProxy, NodePort/LoadBalancer
+    # can be accessed from outside the cluster, and ClusterIP can be accessed from host.
     #  AntreaProxyFull: false
 
     # Enable EndpointSlice support in AntreaProxy. Don't enable this feature unless that EndpointSlice
@@ -3810,7 +3810,7 @@ data:
     # TLS min version from: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
     #tlsMinVersion:
 
-    # A string slice of values which specifies the host IPv4/IPv6 addresses for NodePort. Values can be valid IP blocks.
+    # A string array of values which specifies the host IPv4/IPv6 addresses for NodePort. Values can be valid IP blocks.
     # (e.g. 1.2.3.0/24, 1.2.3.4/32). An empty string slice is meant to select all host IPv4/IPv6 addresses.
     #nodePortAddresses: []
   antrea-cni.conflist: |
@@ -3895,7 +3895,7 @@ metadata:
   annotations: {}
   labels:
     app: antrea
-  name: antrea-config-m5dk7cktg6
+  name: antrea-config-kckk7k77ct
   namespace: kube-system
 ---
 apiVersion: v1
@@ -3966,7 +3966,7 @@ spec:
             fieldRef:
               fieldPath: spec.serviceAccountName
         - name: ANTREA_CONFIG_MAP_NAME
-          value: antrea-config-m5dk7cktg6
+          value: antrea-config-kckk7k77ct
         image: projects.registry.vmware.com/antrea/antrea-ubuntu:latest
         imagePullPolicy: IfNotPresent
         livenessProbe:
@@ -4017,7 +4017,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-m5dk7cktg6
+          name: antrea-config-kckk7k77ct
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -4316,7 +4316,7 @@ spec:
           path: /home/kubernetes/bin
         name: host-cni-bin
       - configMap:
-          name: antrea-config-m5dk7cktg6
+          name: antrea-config-kckk7k77ct
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

diff --git a/build/yamls/antrea-ipsec.yml b/build/yamls/antrea-ipsec.yml
@@ -3668,8 +3668,8 @@ data:
     # Service traffic.
     #  AntreaProxy: true
 
-    # Enable full Service support in AntreaProxy in antrea-agent. All type of Services can be
-    # accessed from outside the cluster.
+    # Enable full Service support in AntreaProxy in antrea-agent. Without KubeProxy, NodePort/LoadBalancer
+    # can be accessed from outside the cluster, and ClusterIP can be accessed from host.
     #  AntreaProxyFull: false
 
     # Enable EndpointSlice support in AntreaProxy. Don't enable this feature unless that EndpointSlice
@@ -3815,7 +3815,7 @@ data:
     # TLS min version from: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
     #tlsMinVersion:
 
-    # A string slice of values which specifies the host IPv4/IPv6 addresses for NodePort. Values can be valid IP blocks.
+    # A string array of values which specifies the host IPv4/IPv6 addresses for NodePort. Values can be valid IP blocks.
     # (e.g. 1.2.3.0/24, 1.2.3.4/32). An empty string slice is meant to select all host IPv4/IPv6 addresses.
     #nodePortAddresses: []
   antrea-cni.conflist: |
@@ -3900,7 +3900,7 @@ metadata:
   annotations: {}
   labels:
     app: antrea
-  name: antrea-config-f8hhkk6b6t
+  name: antrea-config-mhdc62gffk
   namespace: kube-system
 ---
 apiVersion: v1
@@ -3980,7 +3980,7 @@ spec:
             fieldRef:
               fieldPath: spec.serviceAccountName
         - name: ANTREA_CONFIG_MAP_NAME
-          value: antrea-config-f8hhkk6b6t
+          value: antrea-config-mhdc62gffk
         image: projects.registry.vmware.com/antrea/antrea-ubuntu:latest
         imagePullPolicy: IfNotPresent
         livenessProbe:
@@ -4031,7 +4031,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-f8hhkk6b6t
+          name: antrea-config-mhdc62gffk
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -4362,7 +4362,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-f8hhkk6b6t
+          name: antrea-config-mhdc62gffk
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

diff --git a/build/yamls/antrea.yml b/build/yamls/antrea.yml
@@ -3668,8 +3668,8 @@ data:
     # Service traffic.
     #  AntreaProxy: true
 
-    # Enable full Service support in AntreaProxy in antrea-agent. All type of Services can be
-    # accessed from outside the cluster.
+    # Enable full Service support in AntreaProxy in antrea-agent. Without KubeProxy, NodePort/LoadBalancer
+    # can be accessed from outside the cluster, and ClusterIP can be accessed from host.
     #  AntreaProxyFull: false
 
     # Enable EndpointSlice support in AntreaProxy. Don't enable this feature unless that EndpointSlice
@@ -3815,7 +3815,7 @@ data:
     # TLS min version from: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
     #tlsMinVersion:
 
-    # A string slice of values which specifies the host IPv4/IPv6 addresses for NodePort. Values can be valid IP blocks.
+    # A string array of values which specifies the host IPv4/IPv6 addresses for NodePort. Values can be valid IP blocks.
     # (e.g. 1.2.3.0/24, 1.2.3.4/32). An empty string slice is meant to select all host IPv4/IPv6 addresses.
     #nodePortAddresses: []
   antrea-cni.conflist: |
@@ -3900,7 +3900,7 @@ metadata:
   annotations: {}
   labels:
     app: antrea
-  name: antrea-config-mt725cgccg
+  name: antrea-config-tf724dbh8f
   namespace: kube-system
 ---
 apiVersion: v1
@@ -3971,7 +3971,7 @@ spec:
             fieldRef:
               fieldPath: spec.serviceAccountName
         - name: ANTREA_CONFIG_MAP_NAME
-          value: antrea-config-mt725cgccg
+          value: antrea-config-tf724dbh8f
         image: projects.registry.vmware.com/antrea/antrea-ubuntu:latest
         imagePullPolicy: IfNotPresent
         livenessProbe:
@@ -4022,7 +4022,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-mt725cgccg
+          name: antrea-config-tf724dbh8f
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -4318,7 +4318,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-mt725cgccg
+          name: antrea-config-tf724dbh8f
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

diff --git a/build/yamls/base/conf/antrea-agent.conf b/build/yamls/base/conf/antrea-agent.conf
@@ -5,8 +5,8 @@ featureGates:
 # Service traffic.
 #  AntreaProxy: true
 
-# Enable full Service support in AntreaProxy in antrea-agent. All type of Services can be
-# accessed from outside the cluster.
+# Enable full Service support in AntreaProxy in antrea-agent. Without KubeProxy, NodePort/LoadBalancer
+# can be accessed from outside the cluster, and ClusterIP can be accessed from host.
 #  AntreaProxyFull: false
 
 # Enable EndpointSlice support in AntreaProxy. Don't enable this feature unless that EndpointSlice
@@ -152,6 +152,6 @@ featureGates:
 # TLS min version from: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
 #tlsMinVersion:
 
-# A string slice of values which specifies the host IPv4/IPv6 addresses for NodePort. Values can be valid IP blocks.
+# A string array of values which specifies the host IPv4/IPv6 addresses for NodePort. Values can be valid IP blocks.
 # (e.g. 1.2.3.0/24, 1.2.3.4/32). An empty string slice is meant to select all host IPv4/IPv6 addresses.
 #nodePortAddresses: []
diff --git a/cmd/antrea-agent/agent.go b/cmd/antrea-agent/agent.go
@@ -43,7 +43,6 @@ import (
 	"antrea.io/antrea/pkg/agent/route"
 	"antrea.io/antrea/pkg/agent/stats"
 	"antrea.io/antrea/pkg/agent/types"
-	"antrea.io/antrea/pkg/agent/util"
 	crdinformers "antrea.io/antrea/pkg/client/informers/externalversions"
 	"antrea.io/antrea/pkg/features"
 	"antrea.io/antrea/pkg/log"
@@ -170,21 +169,28 @@ func run(o *Options) error {
 
 	var proxier proxy.Proxier
 	if features.DefaultFeatureGate.Enabled(features.AntreaProxy) {
-		var nodePortIPMap, nodePortIPv6Map map[int][]net.IP
+		v4Enabled := config.IsIPv4Enabled(nodeConfig, networkConfig.TrafficEncapMode)
+		v6Enabled := config.IsIPv6Enabled(nodeConfig, networkConfig.TrafficEncapMode)
+
+		var nodePortIPv4Map, nodePortIPv6Map map[int][]net.IP
 		if features.DefaultFeatureGate.Enabled(features.AntreaProxyFull) {
-			nodePortIPMap, nodePortIPv6Map, err = util.GetAvailableNodePortIPs(o.config.NodePortAddresses, o.config.HostGateway)
+			nodePortIPv4Map, nodePortIPv6Map, err = getAvailableNodePortIPs(o.config.NodePortAddresses, o.config.HostGateway)
 			if err != nil {
-				return fmt.Errorf("get available NodePort IP addresses with error: %v", err)
+				return fmt.Errorf("getting available NodePort IP addresses failed: %v", err)
+			}
+			if v4Enabled && len(nodePortIPv4Map) == 0 {
+				return fmt.Errorf("no qualified NodePort IPv4 addresses was found")
+			}
+			if v6Enabled && len(nodePortIPv6Map) == 0 {
+				return fmt.Errorf("no qualified NodePort IPv6 addresses was found")
 			}
 		}
 
-		v4Enabled := config.IsIPv4Enabled(nodeConfig, networkConfig.TrafficEncapMode)
-		v6Enabled := config.IsIPv6Enabled(nodeConfig, networkConfig.TrafficEncapMode)
 		switch {
 		case v4Enabled && v6Enabled:
-			proxier = proxy.NewDualStackProxier(nodeConfig.Name, informerFactory, ofClient, routeClient, nodePortIPMap, nodePortIPv6Map)
+			proxier = proxy.NewDualStackProxier(nodeConfig.Name, informerFactory, ofClient, routeClient, nodePortIPv4Map, nodePortIPv6Map)
 		case v4Enabled:
-			proxier = proxy.NewProxier(nodeConfig.Name, informerFactory, ofClient, false, routeClient, nodePortIPMap)
+			proxier = proxy.NewProxier(nodeConfig.Name, informerFactory, ofClient, false, routeClient, nodePortIPv4Map)
 		case v6Enabled:
 			proxier = proxy.NewProxier(nodeConfig.Name, informerFactory, ofClient, true, routeClient, nodePortIPv6Map)
 		default:

diff --git a/cmd/antrea-agent/config.go b/cmd/antrea-agent/config.go
@@ -148,7 +148,7 @@ type AgentConfig struct {
 	TLSCipherSuites string `yaml:"tlsCipherSuites,omitempty"`
 	// TLS min version.
 	TLSMinVersion string `yaml:"tlsMinVersion,omitempty"`
-	// A string slice of values which specifies the host IPv4/IPv6 addresses for NodePorts. Values may be valid IP blocks.
+	// A string array of values which specifies the host IPv4/IPv6 addresses for NodePorts. Values may be valid IP blocks.
 	// (e.g. 1.2.3.0/24, 1.2.3.4/32). An empty string slice is meant to select all host IPv4/IPv6 addresses.
 	NodePortAddresses []string `yaml:"nodePortAddresses,omitempty"`
 }