Refine Node controller to support Gateway HA

[luolanzone]

In order to support Gateway active-standby mode HA, the Node
controller has been refined to handle Node readiness changes.
There will be at most one Gateway in a given Namespace, and the
Gateway controller is updated correspondingly.

1. Check Node readiness and create a Gateway CR if Node is ready
   and there is no existing Gateway.
2. Initialize active Gateway and Gateway candidate Nodes with annotation
   'multicluster.antrea.io/gateway'.
3. Add Gateway webhook to allow at most one Gateway in a given
   Namespace.

For #3754
Signed-off-by: Lan Luo [email protected]

[luolanzone]

/test-multicluster-e2e

[codecov]

Codecov Report

Merging #4069 (49ceb32) into main (3714619) will increase coverage by 4.66%.
The diff coverage is 72.82%.

@@            Coverage Diff             @@
##             main    #4069      +/-   ##
==========================================
+ Coverage   56.09%   60.75%   +4.66%     
==========================================
  Files         371      392      +21     
  Lines       53327    53927     +600     
==========================================
+ Hits        29913    32766    +2853     
+ Misses      21071    18716    -2355     
- Partials     2343     2445     +102     

Flag	Coverage Δ
e2e-tests	58.75% <44.02%> (?)
integration-tests	34.81% <0.00%> (-0.17%)	⬇️
kind-e2e-tests	48.66% <ø> (+5.61%)	⬆️
unit-tests	41.39% <67.93%> (+1.11%)	⬆️

Impacted Files	Coverage Δ
...ter/controllers/multicluster/gateway_controller.go	71.42% <20.00%> (+70.20%)	⬆️
...luster/controllers/multicluster/node_controller.go	76.09% <72.36%> (+76.09%)	⬆️
...ter/cmd/multicluster-controller/gateway_webhook.go	80.95% <80.95%> (ø)
multicluster/cmd/multicluster-controller/member.go	68.00% <100.00%> (ø)
pkg/ipfix/ipfix_process.go	81.25% <0.00%> (-18.75%)	⬇️
pkg/agent/flowexporter/exporter/exporter.go	67.82% <0.00%> (-10.15%)	⬇️
pkg/controller/networkpolicy/store/addressgroup.go	88.37% <0.00%> (-3.49%)	⬇️
pkg/controller/networkpolicy/mutate.go	63.47% <0.00%> (-3.48%)	⬇️
...ntroller/networkpolicy/networkpolicy_controller.go	82.75% <0.00%> (-0.37%)	⬇️
...luster-controller/memberclusterannounce_webhook.go	73.33% <0.00%> (ø)
... and 104 more

[jianjuns]

@luolanzone : could you explain any real issue can happen without the changes? If there were indeed issues, please describe them in the commit description too.

[luolanzone]

Hi @jianjuns this is actually a part of #3754 for Gateway HA, I feel it's relatively independent, so I create a separate PR for this change first.

[luolanzone]

/test-multicluster-e2e

[luolanzone]

Hi @jianjuns I updated the latest design for this PR on #3754, could you take a look and review? thanks.

[jianjuns]

failure -> failure

[jianjuns]

I do not see you added code to do the cleanup? Maybe simpler to move the code to the end of func before returning without no error.

[luolanzone]

Done, add the candidates initialization before return nil.

[jianjuns]

We should skip the previous log if not found, so I would return in line 103.

[luolanzone]

yeah, fixed

[jianjuns]

We should delete the node from gatewayCandidates if no annotation.

[luolanzone]

Done

[jianjuns]

LGTM. Several more nits for you to consider.

[jianjuns]

Could we add a comment about if the Gateway version in the client cache is stale, the update operation will fail?

[luolanzone]

Done

[jianjuns]

@luolanzone : please check if you can improve coverage to meet the target.

[luolanzone]

/test-multicluster-e2e

[luolanzone]

/test-multicluster-e2e

[luolanzone]

@jianjuns Could you help to check again? I added a few more tests, looks like the result of codecov/patch is green but I didn't see any test coverage data change. I have checked the test data result locally, these uncovered lines are about handling error like get/list failure which is not provided by fake k8s client.

[jianjuns]

/skip-all