Add kubeAPIServerOverride option to antrea-controller

To override the address of Kubernetes apiserver for antrea-controller, the option, kubeAPIServerOverride, is added to antrea-controller.conf. It's typically used when kube-proxy is not deployed (substituted by AntreaProxy) and kube-controller-manager does not run NodeIPAMController (substituted by Antrea NodeIPAM). Signed-off-by: Quan Tian <[email protected]>
antrea-io · May 30, 2023 · e02a7a7 · e02a7a7
1 parent 5562b29
commit e02a7a7
Show file tree

Hide file tree

Showing 11 changed files with 66 additions and 12 deletions.
diff --git a/.github/workflows/kind.yml b/.github/workflows/kind.yml
@@ -215,7 +215,13 @@ jobs:
           mkdir log
           mkdir test-e2e-encap-all-features-enabled-coverage
           # FlowExporter requires the FlowAggregator, so we keep it disabled.
-          ANTREA_LOG_DIR=$PWD/log ANTREA_COV_DIR=$PWD/test-e2e-encap-all-features-enabled-coverage ./ci/kind/test-e2e-kind.sh --encap-mode encap --coverage --feature-gates AllAlpha=true,AllBeta=true,FlowExporter=false --proxy-all --multicast
+          ANTREA_LOG_DIR=$PWD/log ANTREA_COV_DIR=$PWD/test-e2e-encap-all-features-enabled-coverage ./ci/kind/test-e2e-kind.sh \
+            --encap-mode encap \
+            --coverage \
+            --feature-gates AllAlpha=true,AllBeta=true,FlowExporter=false \
+            --proxy-all \
+            --node-ipam \
+            --multicast
       - name: Tar coverage files
         run: tar -czf test-e2e-encap-all-features-enabled-coverage.tar.gz test-e2e-encap-all-features-enabled-coverage
       - name: Upload coverage for test-e2e-encap-all-features-enabled-coverage

diff --git a/build/charts/antrea/conf/antrea-agent.conf b/build/charts/antrea/conf/antrea-agent.conf
@@ -239,6 +239,7 @@ nodePortLocal:
 {{- end }}
 
 # Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig.
+# It is typically used when kube-proxy is not deployed (substituted by AntreaProxy).
 # Defaults to "". It must be a host string, a host:port pair, or a URL to the base of the apiserver.
 kubeAPIServerOverride: {{ .Values.kubeAPIServerOverride | quote }}
 

diff --git a/build/charts/antrea/conf/antrea-controller.conf b/build/charts/antrea/conf/antrea-controller.conf
@@ -78,6 +78,12 @@ tlsMinVersion: {{ .Values.tlsMinVersion | quote }}
 # certificates.
 clientCAFile: {{ .Values.clientCAFile | quote }}
 
+# Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig.
+# It is typically used when kube-proxy is not deployed (substituted by AntreaProxy) and kube-controller-manager
+# does not run NodeIPAMController (substituted by Antrea NodeIPAM).
+# Defaults to "". It must be a host string, a host:port pair, or a URL to the base of the apiserver.
+kubeAPIServerOverride: {{ .Values.kubeAPIServerOverride | quote }}
+
 nodeIPAM:
 {{- with .Values.nodeIPAM }}
   # Enable the integrated Node IPAM controller within the Antrea controller.

diff --git a/build/yamls/antrea-aks.yml b/build/yamls/antrea-aks.yml
@@ -3203,6 +3203,7 @@ data:
       portRange: "61000-62000"
 
     # Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig.
+    # It is typically used when kube-proxy is not deployed (substituted by AntreaProxy).
     # Defaults to "". It must be a host string, a host:port pair, or a URL to the base of the apiserver.
     kubeAPIServerOverride: ""
 
@@ -3416,6 +3417,12 @@ data:
     # certificates.
     clientCAFile: ""
 
+    # Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig.
+    # It is typically used when kube-proxy is not deployed (substituted by AntreaProxy) and kube-controller-manager
+    # does not run NodeIPAMController (substituted by Antrea NodeIPAM).
+    # Defaults to "". It must be a host string, a host:port pair, or a URL to the base of the apiserver.
+    kubeAPIServerOverride: ""
+
     nodeIPAM:
       # Enable the integrated Node IPAM controller within the Antrea controller.
       enableNodeIPAM: false
@@ -4364,7 +4371,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 7b3f20e4be884c2def359ef222cf07498761ff76b66e893d9afa325761354c9f
+        checksum/config: d63eed74f086329f0ac9a44b73db0a396f22ab6f1ae142c7de3710400f8d2dd5
       labels:
         app: antrea
         component: antrea-agent
@@ -4605,7 +4612,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 7b3f20e4be884c2def359ef222cf07498761ff76b66e893d9afa325761354c9f
+        checksum/config: d63eed74f086329f0ac9a44b73db0a396f22ab6f1ae142c7de3710400f8d2dd5
       labels:
         app: antrea
         component: antrea-controller

diff --git a/build/yamls/antrea-eks.yml b/build/yamls/antrea-eks.yml
@@ -3203,6 +3203,7 @@ data:
       portRange: "61000-62000"
 
     # Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig.
+    # It is typically used when kube-proxy is not deployed (substituted by AntreaProxy).
     # Defaults to "". It must be a host string, a host:port pair, or a URL to the base of the apiserver.
     kubeAPIServerOverride: ""
 
@@ -3416,6 +3417,12 @@ data:
     # certificates.
     clientCAFile: ""
 
+    # Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig.
+    # It is typically used when kube-proxy is not deployed (substituted by AntreaProxy) and kube-controller-manager
+    # does not run NodeIPAMController (substituted by Antrea NodeIPAM).
+    # Defaults to "". It must be a host string, a host:port pair, or a URL to the base of the apiserver.
+    kubeAPIServerOverride: ""
+
     nodeIPAM:
       # Enable the integrated Node IPAM controller within the Antrea controller.
       enableNodeIPAM: false
@@ -4364,7 +4371,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 7b3f20e4be884c2def359ef222cf07498761ff76b66e893d9afa325761354c9f
+        checksum/config: d63eed74f086329f0ac9a44b73db0a396f22ab6f1ae142c7de3710400f8d2dd5
       labels:
         app: antrea
         component: antrea-agent
@@ -4606,7 +4613,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 7b3f20e4be884c2def359ef222cf07498761ff76b66e893d9afa325761354c9f
+        checksum/config: d63eed74f086329f0ac9a44b73db0a396f22ab6f1ae142c7de3710400f8d2dd5
       labels:
         app: antrea
         component: antrea-controller

diff --git a/build/yamls/antrea-gke.yml b/build/yamls/antrea-gke.yml
@@ -3203,6 +3203,7 @@ data:
       portRange: "61000-62000"
 
     # Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig.
+    # It is typically used when kube-proxy is not deployed (substituted by AntreaProxy).
     # Defaults to "". It must be a host string, a host:port pair, or a URL to the base of the apiserver.
     kubeAPIServerOverride: ""
 
@@ -3416,6 +3417,12 @@ data:
     # certificates.
     clientCAFile: ""
 
+    # Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig.
+    # It is typically used when kube-proxy is not deployed (substituted by AntreaProxy) and kube-controller-manager
+    # does not run NodeIPAMController (substituted by Antrea NodeIPAM).
+    # Defaults to "". It must be a host string, a host:port pair, or a URL to the base of the apiserver.
+    kubeAPIServerOverride: ""
+
     nodeIPAM:
       # Enable the integrated Node IPAM controller within the Antrea controller.
       enableNodeIPAM: false
@@ -4364,7 +4371,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: b7f4a912f5e4d42314ea1667b8e2f3d97a7666e7379ed4f65f9299a3f37399c2
+        checksum/config: f8a3177fc8722b9cdaade9fcdfb96cc5c907514320d435eae5f7fa4049b1fa32
       labels:
         app: antrea
         component: antrea-agent
@@ -4603,7 +4610,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: b7f4a912f5e4d42314ea1667b8e2f3d97a7666e7379ed4f65f9299a3f37399c2
+        checksum/config: f8a3177fc8722b9cdaade9fcdfb96cc5c907514320d435eae5f7fa4049b1fa32
       labels:
         app: antrea
         component: antrea-controller

diff --git a/build/yamls/antrea-ipsec.yml b/build/yamls/antrea-ipsec.yml
@@ -3216,6 +3216,7 @@ data:
       portRange: "61000-62000"
 
     # Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig.
+    # It is typically used when kube-proxy is not deployed (substituted by AntreaProxy).
     # Defaults to "". It must be a host string, a host:port pair, or a URL to the base of the apiserver.
     kubeAPIServerOverride: ""
 
@@ -3429,6 +3430,12 @@ data:
     # certificates.
     clientCAFile: ""
 
+    # Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig.
+    # It is typically used when kube-proxy is not deployed (substituted by AntreaProxy) and kube-controller-manager
+    # does not run NodeIPAMController (substituted by Antrea NodeIPAM).
+    # Defaults to "". It must be a host string, a host:port pair, or a URL to the base of the apiserver.
+    kubeAPIServerOverride: ""
+
     nodeIPAM:
       # Enable the integrated Node IPAM controller within the Antrea controller.
       enableNodeIPAM: false
@@ -4377,7 +4384,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: d5789c48750f03a8652da56fc0e7f6cd4b12911fff41a84c8426245270fd5ec2
+        checksum/config: 1fe02636168501e0a689729a3ebfa5a8b6c68eadb09de2ad7312b3886049ced3
         checksum/ipsec-secret: d0eb9c52d0cd4311b6d252a951126bf9bea27ec05590bed8a394f0f792dcb2a4
       labels:
         app: antrea
@@ -4662,7 +4669,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: d5789c48750f03a8652da56fc0e7f6cd4b12911fff41a84c8426245270fd5ec2
+        checksum/config: 1fe02636168501e0a689729a3ebfa5a8b6c68eadb09de2ad7312b3886049ced3
       labels:
         app: antrea
         component: antrea-controller

diff --git a/build/yamls/antrea.yml b/build/yamls/antrea.yml
@@ -3203,6 +3203,7 @@ data:
       portRange: "61000-62000"
 
     # Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig.
+    # It is typically used when kube-proxy is not deployed (substituted by AntreaProxy).
     # Defaults to "". It must be a host string, a host:port pair, or a URL to the base of the apiserver.
     kubeAPIServerOverride: ""
 
@@ -3416,6 +3417,12 @@ data:
     # certificates.
     clientCAFile: ""
 
+    # Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig.
+    # It is typically used when kube-proxy is not deployed (substituted by AntreaProxy) and kube-controller-manager
+    # does not run NodeIPAMController (substituted by Antrea NodeIPAM).
+    # Defaults to "". It must be a host string, a host:port pair, or a URL to the base of the apiserver.
+    kubeAPIServerOverride: ""
+
     nodeIPAM:
       # Enable the integrated Node IPAM controller within the Antrea controller.
       enableNodeIPAM: false
@@ -4364,7 +4371,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 1f7ec3f7c131b06c35ae624655ebbf81ca332c08abcfcddd434dd3c0a5387dab
+        checksum/config: ffa13a9f8a1a624c7e622a79418366c40acdda15502a3d3d8d57af858e855060
       labels:
         app: antrea
         component: antrea-agent
@@ -4603,7 +4610,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 1f7ec3f7c131b06c35ae624655ebbf81ca332c08abcfcddd434dd3c0a5387dab
+        checksum/config: ffa13a9f8a1a624c7e622a79418366c40acdda15502a3d3d8d57af858e855060
       labels:
         app: antrea
         component: antrea-controller

diff --git a/cmd/antrea-controller/controller.go b/cmd/antrea-controller/controller.go
@@ -120,7 +120,7 @@ func run(o *Options) error {
 	// Create K8s Clientset, Aggregator Clientset, CRD Clientset and SharedInformerFactory for the given config.
 	// Aggregator Clientset is used to update the CABundle of the APIServices backed by antrea-controller so that
 	// the aggregator can verify its serving certificate.
-	client, aggregatorClient, crdClient, apiExtensionClient, mcClient, err := k8s.CreateClients(o.config.ClientConnection, "")
+	client, aggregatorClient, crdClient, apiExtensionClient, mcClient, err := k8s.CreateClients(o.config.ClientConnection, o.config.KubeAPIServerOverride)
 	if err != nil {
 		return fmt.Errorf("error creating K8s clients: %v", err)
 	}

diff --git a/pkg/config/agent/config.go b/pkg/config/agent/config.go
@@ -171,6 +171,7 @@ type AgentConfig struct {
 	// NodePortLocal (NPL) configuration options.
 	NodePortLocal NodePortLocalConfig `yaml:"nodePortLocal,omitempty"`
 	// Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig.
+	// It is typically used when kube-proxy is not deployed (substituted by AntreaProxy).
 	// Defaults to "". It must be a host string, a host:port pair, or a URL to the base of the apiserver.
 	KubeAPIServerOverride string `yaml:"kubeAPIServerOverride,omitempty"`
 	// Provide the address of DNS server, to override the kube-dns service. It's used to resolve hostname in FQDN policy.

diff --git a/pkg/config/controller/config.go b/pkg/config/controller/config.go
@@ -66,6 +66,11 @@ type ControllerConfig struct {
 	ClientCAFile string `yaml:"clientCAFile,omitempty"`
 	// Legacy CRD mirroring (deprecated).
 	LegacyCRDMirroring *bool `yaml:"legacyCRDMirroring,omitempty"`
+	// Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig.
+	// It is typically used when kube-proxy is not deployed (substituted by AntreaProxy) and kube-controller-manager
+	// does not run NodeIPAMController (substituted by Antrea NodeIPAM).
+	// Defaults to "". It must be a host string, a host:port pair, or a URL to the base of the apiserver.
+	KubeAPIServerOverride string `yaml:"kubeAPIServerOverride,omitempty"`
 	// NodeIPAM Configuration
 	NodeIPAM NodeIPAMConfig `yaml:"nodeIPAM"`
 	// IPsec CSR signer configuration