diff --git a/.github/workflows/kind.yml b/.github/workflows/kind.yml index 72a2d595314..4dbbf9eefc8 100644 --- a/.github/workflows/kind.yml +++ b/.github/workflows/kind.yml @@ -215,7 +215,13 @@ jobs: mkdir log mkdir test-e2e-encap-all-features-enabled-coverage # FlowExporter requires the FlowAggregator, so we keep it disabled. - ANTREA_LOG_DIR=$PWD/log ANTREA_COV_DIR=$PWD/test-e2e-encap-all-features-enabled-coverage ./ci/kind/test-e2e-kind.sh --encap-mode encap --coverage --feature-gates AllAlpha=true,AllBeta=true,FlowExporter=false --proxy-all --multicast + ANTREA_LOG_DIR=$PWD/log ANTREA_COV_DIR=$PWD/test-e2e-encap-all-features-enabled-coverage ./ci/kind/test-e2e-kind.sh \ + --encap-mode encap \ + --coverage \ + --feature-gates AllAlpha=true,AllBeta=true,FlowExporter=false \ + --proxy-all \ + --node-ipam \ + --multicast - name: Tar coverage files run: tar -czf test-e2e-encap-all-features-enabled-coverage.tar.gz test-e2e-encap-all-features-enabled-coverage - name: Upload coverage for test-e2e-encap-all-features-enabled-coverage diff --git a/build/charts/antrea/conf/antrea-agent.conf b/build/charts/antrea/conf/antrea-agent.conf index 7335a097946..81d7104da1e 100644 --- a/build/charts/antrea/conf/antrea-agent.conf +++ b/build/charts/antrea/conf/antrea-agent.conf @@ -239,6 +239,7 @@ nodePortLocal: {{- end }} # Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig. +# It is typically used when kube-proxy is not deployed (substituted by AntreaProxy). # Defaults to "". It must be a host string, a host:port pair, or a URL to the base of the apiserver. kubeAPIServerOverride: {{ .Values.kubeAPIServerOverride | quote }} diff --git a/build/charts/antrea/conf/antrea-controller.conf b/build/charts/antrea/conf/antrea-controller.conf index 1020bc187a8..a6d66daa2ff 100644 --- a/build/charts/antrea/conf/antrea-controller.conf +++ b/build/charts/antrea/conf/antrea-controller.conf @@ -78,6 +78,12 @@ tlsMinVersion: {{ .Values.tlsMinVersion | quote }} # certificates. clientCAFile: {{ .Values.clientCAFile | quote }} +# Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig. +# It is typically used when kube-proxy is not deployed (substituted by AntreaProxy) and kube-controller-manager +# does not run NodeIPAMController (substituted by Antrea NodeIPAM). +# Defaults to "". It must be a host string, a host:port pair, or a URL to the base of the apiserver. +kubeAPIServerOverride: {{ .Values.kubeAPIServerOverride | quote }} + nodeIPAM: {{- with .Values.nodeIPAM }} # Enable the integrated Node IPAM controller within the Antrea controller. diff --git a/build/yamls/antrea-aks.yml b/build/yamls/antrea-aks.yml index 295b1b695a6..c391a839d3d 100644 --- a/build/yamls/antrea-aks.yml +++ b/build/yamls/antrea-aks.yml @@ -3203,6 +3203,7 @@ data: portRange: "61000-62000" # Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig. + # It is typically used when kube-proxy is not deployed (substituted by AntreaProxy). # Defaults to "". It must be a host string, a host:port pair, or a URL to the base of the apiserver. kubeAPIServerOverride: "" @@ -3416,6 +3417,12 @@ data: # certificates. clientCAFile: "" + # Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig. + # It is typically used when kube-proxy is not deployed (substituted by AntreaProxy) and kube-controller-manager + # does not run NodeIPAMController (substituted by Antrea NodeIPAM). + # Defaults to "". It must be a host string, a host:port pair, or a URL to the base of the apiserver. + kubeAPIServerOverride: "" + nodeIPAM: # Enable the integrated Node IPAM controller within the Antrea controller. enableNodeIPAM: false @@ -4364,7 +4371,7 @@ spec: kubectl.kubernetes.io/default-container: antrea-agent # Automatically restart Pods with a RollingUpdate if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: 7b3f20e4be884c2def359ef222cf07498761ff76b66e893d9afa325761354c9f + checksum/config: d63eed74f086329f0ac9a44b73db0a396f22ab6f1ae142c7de3710400f8d2dd5 labels: app: antrea component: antrea-agent @@ -4605,7 +4612,7 @@ spec: annotations: # Automatically restart Pod if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: 7b3f20e4be884c2def359ef222cf07498761ff76b66e893d9afa325761354c9f + checksum/config: d63eed74f086329f0ac9a44b73db0a396f22ab6f1ae142c7de3710400f8d2dd5 labels: app: antrea component: antrea-controller diff --git a/build/yamls/antrea-eks.yml b/build/yamls/antrea-eks.yml index bafb9450370..01007fdd4ba 100644 --- a/build/yamls/antrea-eks.yml +++ b/build/yamls/antrea-eks.yml @@ -3203,6 +3203,7 @@ data: portRange: "61000-62000" # Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig. + # It is typically used when kube-proxy is not deployed (substituted by AntreaProxy). # Defaults to "". It must be a host string, a host:port pair, or a URL to the base of the apiserver. kubeAPIServerOverride: "" @@ -3416,6 +3417,12 @@ data: # certificates. clientCAFile: "" + # Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig. + # It is typically used when kube-proxy is not deployed (substituted by AntreaProxy) and kube-controller-manager + # does not run NodeIPAMController (substituted by Antrea NodeIPAM). + # Defaults to "". It must be a host string, a host:port pair, or a URL to the base of the apiserver. + kubeAPIServerOverride: "" + nodeIPAM: # Enable the integrated Node IPAM controller within the Antrea controller. enableNodeIPAM: false @@ -4364,7 +4371,7 @@ spec: kubectl.kubernetes.io/default-container: antrea-agent # Automatically restart Pods with a RollingUpdate if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: 7b3f20e4be884c2def359ef222cf07498761ff76b66e893d9afa325761354c9f + checksum/config: d63eed74f086329f0ac9a44b73db0a396f22ab6f1ae142c7de3710400f8d2dd5 labels: app: antrea component: antrea-agent @@ -4606,7 +4613,7 @@ spec: annotations: # Automatically restart Pod if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: 7b3f20e4be884c2def359ef222cf07498761ff76b66e893d9afa325761354c9f + checksum/config: d63eed74f086329f0ac9a44b73db0a396f22ab6f1ae142c7de3710400f8d2dd5 labels: app: antrea component: antrea-controller diff --git a/build/yamls/antrea-gke.yml b/build/yamls/antrea-gke.yml index a6c0e508494..c83e7eca8f5 100644 --- a/build/yamls/antrea-gke.yml +++ b/build/yamls/antrea-gke.yml @@ -3203,6 +3203,7 @@ data: portRange: "61000-62000" # Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig. + # It is typically used when kube-proxy is not deployed (substituted by AntreaProxy). # Defaults to "". It must be a host string, a host:port pair, or a URL to the base of the apiserver. kubeAPIServerOverride: "" @@ -3416,6 +3417,12 @@ data: # certificates. clientCAFile: "" + # Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig. + # It is typically used when kube-proxy is not deployed (substituted by AntreaProxy) and kube-controller-manager + # does not run NodeIPAMController (substituted by Antrea NodeIPAM). + # Defaults to "". It must be a host string, a host:port pair, or a URL to the base of the apiserver. + kubeAPIServerOverride: "" + nodeIPAM: # Enable the integrated Node IPAM controller within the Antrea controller. enableNodeIPAM: false @@ -4364,7 +4371,7 @@ spec: kubectl.kubernetes.io/default-container: antrea-agent # Automatically restart Pods with a RollingUpdate if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: b7f4a912f5e4d42314ea1667b8e2f3d97a7666e7379ed4f65f9299a3f37399c2 + checksum/config: f8a3177fc8722b9cdaade9fcdfb96cc5c907514320d435eae5f7fa4049b1fa32 labels: app: antrea component: antrea-agent @@ -4603,7 +4610,7 @@ spec: annotations: # Automatically restart Pod if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: b7f4a912f5e4d42314ea1667b8e2f3d97a7666e7379ed4f65f9299a3f37399c2 + checksum/config: f8a3177fc8722b9cdaade9fcdfb96cc5c907514320d435eae5f7fa4049b1fa32 labels: app: antrea component: antrea-controller diff --git a/build/yamls/antrea-ipsec.yml b/build/yamls/antrea-ipsec.yml index 0db8c87cf57..c6d64ff7059 100644 --- a/build/yamls/antrea-ipsec.yml +++ b/build/yamls/antrea-ipsec.yml @@ -3216,6 +3216,7 @@ data: portRange: "61000-62000" # Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig. + # It is typically used when kube-proxy is not deployed (substituted by AntreaProxy). # Defaults to "". It must be a host string, a host:port pair, or a URL to the base of the apiserver. kubeAPIServerOverride: "" @@ -3429,6 +3430,12 @@ data: # certificates. clientCAFile: "" + # Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig. + # It is typically used when kube-proxy is not deployed (substituted by AntreaProxy) and kube-controller-manager + # does not run NodeIPAMController (substituted by Antrea NodeIPAM). + # Defaults to "". It must be a host string, a host:port pair, or a URL to the base of the apiserver. + kubeAPIServerOverride: "" + nodeIPAM: # Enable the integrated Node IPAM controller within the Antrea controller. enableNodeIPAM: false @@ -4377,7 +4384,7 @@ spec: kubectl.kubernetes.io/default-container: antrea-agent # Automatically restart Pods with a RollingUpdate if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: d5789c48750f03a8652da56fc0e7f6cd4b12911fff41a84c8426245270fd5ec2 + checksum/config: 1fe02636168501e0a689729a3ebfa5a8b6c68eadb09de2ad7312b3886049ced3 checksum/ipsec-secret: d0eb9c52d0cd4311b6d252a951126bf9bea27ec05590bed8a394f0f792dcb2a4 labels: app: antrea @@ -4662,7 +4669,7 @@ spec: annotations: # Automatically restart Pod if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: d5789c48750f03a8652da56fc0e7f6cd4b12911fff41a84c8426245270fd5ec2 + checksum/config: 1fe02636168501e0a689729a3ebfa5a8b6c68eadb09de2ad7312b3886049ced3 labels: app: antrea component: antrea-controller diff --git a/build/yamls/antrea.yml b/build/yamls/antrea.yml index 9c6cc68528a..d04e3dda9c6 100644 --- a/build/yamls/antrea.yml +++ b/build/yamls/antrea.yml @@ -3203,6 +3203,7 @@ data: portRange: "61000-62000" # Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig. + # It is typically used when kube-proxy is not deployed (substituted by AntreaProxy). # Defaults to "". It must be a host string, a host:port pair, or a URL to the base of the apiserver. kubeAPIServerOverride: "" @@ -3416,6 +3417,12 @@ data: # certificates. clientCAFile: "" + # Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig. + # It is typically used when kube-proxy is not deployed (substituted by AntreaProxy) and kube-controller-manager + # does not run NodeIPAMController (substituted by Antrea NodeIPAM). + # Defaults to "". It must be a host string, a host:port pair, or a URL to the base of the apiserver. + kubeAPIServerOverride: "" + nodeIPAM: # Enable the integrated Node IPAM controller within the Antrea controller. enableNodeIPAM: false @@ -4364,7 +4371,7 @@ spec: kubectl.kubernetes.io/default-container: antrea-agent # Automatically restart Pods with a RollingUpdate if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: 1f7ec3f7c131b06c35ae624655ebbf81ca332c08abcfcddd434dd3c0a5387dab + checksum/config: ffa13a9f8a1a624c7e622a79418366c40acdda15502a3d3d8d57af858e855060 labels: app: antrea component: antrea-agent @@ -4603,7 +4610,7 @@ spec: annotations: # Automatically restart Pod if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: 1f7ec3f7c131b06c35ae624655ebbf81ca332c08abcfcddd434dd3c0a5387dab + checksum/config: ffa13a9f8a1a624c7e622a79418366c40acdda15502a3d3d8d57af858e855060 labels: app: antrea component: antrea-controller diff --git a/cmd/antrea-controller/controller.go b/cmd/antrea-controller/controller.go index 37ba5fae7d2..839fea6a253 100644 --- a/cmd/antrea-controller/controller.go +++ b/cmd/antrea-controller/controller.go @@ -120,7 +120,7 @@ func run(o *Options) error { // Create K8s Clientset, Aggregator Clientset, CRD Clientset and SharedInformerFactory for the given config. // Aggregator Clientset is used to update the CABundle of the APIServices backed by antrea-controller so that // the aggregator can verify its serving certificate. - client, aggregatorClient, crdClient, apiExtensionClient, mcClient, err := k8s.CreateClients(o.config.ClientConnection, "") + client, aggregatorClient, crdClient, apiExtensionClient, mcClient, err := k8s.CreateClients(o.config.ClientConnection, o.config.KubeAPIServerOverride) if err != nil { return fmt.Errorf("error creating K8s clients: %v", err) } diff --git a/pkg/config/agent/config.go b/pkg/config/agent/config.go index 8885919f8b2..48fecb0c9f5 100644 --- a/pkg/config/agent/config.go +++ b/pkg/config/agent/config.go @@ -171,6 +171,7 @@ type AgentConfig struct { // NodePortLocal (NPL) configuration options. NodePortLocal NodePortLocalConfig `yaml:"nodePortLocal,omitempty"` // Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig. + // It is typically used when kube-proxy is not deployed (substituted by AntreaProxy). // Defaults to "". It must be a host string, a host:port pair, or a URL to the base of the apiserver. KubeAPIServerOverride string `yaml:"kubeAPIServerOverride,omitempty"` // Provide the address of DNS server, to override the kube-dns service. It's used to resolve hostname in FQDN policy. diff --git a/pkg/config/controller/config.go b/pkg/config/controller/config.go index f6f090eb27c..0daa59d9041 100644 --- a/pkg/config/controller/config.go +++ b/pkg/config/controller/config.go @@ -66,6 +66,11 @@ type ControllerConfig struct { ClientCAFile string `yaml:"clientCAFile,omitempty"` // Legacy CRD mirroring (deprecated). LegacyCRDMirroring *bool `yaml:"legacyCRDMirroring,omitempty"` + // Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig. + // It is typically used when kube-proxy is not deployed (substituted by AntreaProxy) and kube-controller-manager + // does not run NodeIPAMController (substituted by Antrea NodeIPAM). + // Defaults to "". It must be a host string, a host:port pair, or a URL to the base of the apiserver. + KubeAPIServerOverride string `yaml:"kubeAPIServerOverride,omitempty"` // NodeIPAM Configuration NodeIPAM NodeIPAMConfig `yaml:"nodeIPAM"` // IPsec CSR signer configuration