diff --git a/docs/antrea-ipam.md b/docs/antrea-ipam.md index 29713851bed..56f6dd2c739 100644 --- a/docs/antrea-ipam.md +++ b/docs/antrea-ipam.md @@ -50,12 +50,16 @@ cluster. Valid range is 64 to 126. Default is 64. Below is a sample of needed changes in the Antrea deployment YAML: ```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: antrea-config + namespace: kube-system +data: antrea-controller.conf: | - ... nodeIPAM: enableNodeIPAM: true clusterCIDRs: [172.100.0.0/16] - ... ``` When running Antrea NodeIPAM in a particular version or scenario, you may need to @@ -100,22 +104,21 @@ When Antrea is installed from YAML, the needed changes in the Antrea ConfigMap `antrea-config` YAML are as below: ```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: antrea-config + namespace: kube-system +data: antrea-controller.conf: | - ... featureGates: AntreaIPAM: true - ... antrea-agent.conf: | - ... featureGates: AntreaIPAM: true - ... enableBridgingMode: true - ... trafficEncapMode: "noEncap" - ... noSNAT: true - ... ``` Alternatively, you can use the following helm install/upgrade command to configure @@ -154,7 +157,6 @@ kind: Namespace metadata: annotations: ipam.antrea.io/ippools: 'pool1' -... ``` #### IPPool Annotations on Pod (available since Antrea 1.5) @@ -176,7 +178,6 @@ spec: annotations: ipam.antrea.io/ippools: 'sts-ip-pool1' # This annotation will be set automatically on all Pods managed by this resource ipam.antrea.io/pod-ips: '' -... ``` ```yaml @@ -188,7 +189,6 @@ spec: annotations: ipam.antrea.io/ippools: 'sts-ip-pool1' # This annotation will be set automatically on all Pods managed by this resource # Do not add pod-ips annotation to PodTemplate if there is more than 1 replica -... ``` ```yaml @@ -196,7 +196,6 @@ kind: Pod metadata: annotations: ipam.antrea.io/ippools: 'pod-ip-pool1' -... ``` ```yaml @@ -205,7 +204,6 @@ metadata: annotations: ipam.antrea.io/ippools: 'pod-ip-pool1' ipam.antrea.io/pod-ips: '' -... ``` ```yaml @@ -213,7 +211,6 @@ kind: Pod metadata: annotations: ipam.antrea.io/pod-ips: '' -... ``` #### Persistent IP for StatefulSet Pod (available since Antrea 1.5) diff --git a/docs/antrea-proxy.md b/docs/antrea-proxy.md index 0b90db8a1e0..3a5545adaad 100644 --- a/docs/antrea-proxy.md +++ b/docs/antrea-proxy.md @@ -103,9 +103,10 @@ Service during initialization. If you are unsure about which values to use, take a look at your Kubeconfig file, and look for a line like this one: ```yaml -... +apiVersion: v1 +clusters: +- cluster: server: https://192.168.77.100:6443 -... ``` Then use this value as is (e.g., `"https://192.168.77.100:6443"`) for diff --git a/docs/egress.md b/docs/egress.md index dd44af45f4b..871ace7bc6b 100644 --- a/docs/egress.md +++ b/docs/egress.md @@ -49,7 +49,7 @@ v1.6, at which time it was enabled by default. Prior to v1.6, a feature gate, apiVersion: v1 kind: ConfigMap metadata: - name: antrea-config-dcfb6k2hkm + name: antrea-config namespace: kube-system data: antrea-agent.conf: | diff --git a/docs/external-node.md b/docs/external-node.md index 76d1e52482e..3eae8f47f30 100644 --- a/docs/external-node.md +++ b/docs/external-node.md @@ -68,7 +68,7 @@ configuration. The configuration for `antrea-controller` is modified in the apiVersion: v1 kind: ConfigMap metadata: - name: antrea-config-dcfb6k2hkm + name: antrea-config namespace: kube-system data: antrea-controller.conf: | diff --git a/docs/multicluster/policy-only-mode.md b/docs/multicluster/policy-only-mode.md index bbb737ce009..2bcb502efda 100644 --- a/docs/multicluster/policy-only-mode.md +++ b/docs/multicluster/policy-only-mode.md @@ -19,15 +19,18 @@ by Antrea Multi-cluster. You should set the following configuration parameters i feature and Antrea Multi-cluster Gateway: ```yaml -antrea-agent.conf: | -... - featureGates: -... - Multicluster: true -... - multicluster: - enableGateway: true - namespace: "" # Change to the Namespace where antrea-mc-controller is deployed. +kind: ConfigMap +apiVersion: v1 +metadata: + name: antrea-config + namespace: kube-system +data: + antrea-agent.conf: | + featureGates: + Multicluster: true + multicluster: + enableGateway: true + namespace: "" # Change to the Namespace where antrea-mc-controller is deployed. ``` Repeat the same steps to deploy Antrea for all member clusters in a ClusterSet. diff --git a/docs/multicluster/quick-start.md b/docs/multicluster/quick-start.md index 8447a05ca33..0c077cf0a52 100644 --- a/docs/multicluster/quick-start.md +++ b/docs/multicluster/quick-start.md @@ -36,15 +36,18 @@ configuration parameters in `antrea-agent.conf` of the Antrea deployment manifest to enable the `Multicluster` feature: ```yaml -antrea-agent.conf: | -... - featureGates: -... - Multicluster: true -... - multicluster: - enableGateway: true - namespace: "" +kind: ConfigMap +apiVersion: v1 +metadata: + name: antrea-config + namespace: kube-system +data: + antrea-agent.conf: | + featureGates: + Multicluster: true + multicluster: + enableGateway: true + namespace: "" ``` At the moment, Multi-cluster Gateway only works with the Antrea `encap` traffic @@ -74,16 +77,16 @@ created by the commands), and Multi-cluster Controller for the member into Namepsace `kube-system`. ```bash -$kubectl create ns antrea-multicluster -$antctl mc deploy leadercluster -n antrea-multicluster --antrea-version $TAG -$antctl mc deploy membercluster -n kube-system --antrea-version $TAG +kubectl create ns antrea-multicluster +antctl mc deploy leadercluster -n antrea-multicluster --antrea-version $TAG +antctl mc deploy membercluster -n kube-system --antrea-version $TAG ``` You can run the following command to verify the the leader and member `antrea-mc-controller` Pods are deployed and running: ```bash -$kubectl get all -A -l="component=antrea-mc-controller" +$ kubectl get all -A -l="component=antrea-mc-controller" NAMESPACE NAME READY STATUS RESTARTS AGE antrea-multicluster pod/antrea-mc-controller-cd7bf8f68-kh4kz 1/1 Running 0 50s kube-system pod/antrea-mc-controller-85dbf58b75-pjj48 1/1 Running 0 48s @@ -132,7 +135,7 @@ the following command to annotate the Node with: Node from the annotation): ```bash -$kubectl annotate node node-a1 multicluster.antrea.io/gateway=true +kubectl annotate node node-a1 multicluster.antrea.io/gateway=true ``` ### Set up Cluster B @@ -146,14 +149,14 @@ Run the following command to deploy the member Multi-cluster Controller into Namespace `kube-system`. ```bash -$antctl mc deploy membercluster -n kube-system --antrea-version $TAG +antctl mc deploy membercluster -n kube-system --antrea-version $TAG ``` You can run the following command to verify the `antrea-mc-controller` Pod is deployed and running: ```bash -$kubectl get all -A -l="component=antrea-mc-controller" +$ kubectl get all -A -l="component=antrea-mc-controller" NAMESPACE NAME READY STATUS RESTARTS AGE kube-system pod/antrea-mc-controller-85dbf58b75-pjj48 1/1 Running 0 40s @@ -180,7 +183,7 @@ Assuming K8s Node `node-b1` is chosen to be the Multi-cluster Gateway for cluste B, run the following command to annotate the Node: ```bash -$kubectl annotate node node-b1 multicluster.antrea.io/gateway=true +kubectl annotate node node-b1 multicluster.antrea.io/gateway=true ``` ## What is Next @@ -212,10 +215,10 @@ created by the commands), and Multi-cluster Controller for the member into Namepsace `kube-system`. ```bash -$kubectl apply -f https://github.com/antrea-io/antrea/releases/download/$TAG/antrea-multicluster-leader-global.yml -$kubectl create ns antrea-multicluster -$kubectl apply -f https://github.com/antrea-io/antrea/releases/download/$TAG/antrea-multicluster-leader-namespaced.yml -$kubectl apply -f https://github.com/antrea-io/antrea/releases/download/$TAG/antrea-multicluster-member.yml +kubectl apply -f https://github.com/antrea-io/antrea/releases/download/$TAG/antrea-multicluster-leader-global.yml +kubectl create ns antrea-multicluster +kubectl apply -f https://github.com/antrea-io/antrea/releases/download/$TAG/antrea-multicluster-leader-namespaced.yml +kubectl apply -f https://github.com/antrea-io/antrea/releases/download/$TAG/antrea-multicluster-member.yml ``` #### Step 2 - initialize ClusterSet @@ -227,9 +230,9 @@ for the member clusters (both cluster A and B in our case) to join the ClusterSet. ```bash -$kubectl apply -f https://raw.githubusercontent.com/antrea-io/antrea/$TAG/multicluster/config/samples/clusterset_init/leader-clusterset-template.yml -$kubectl apply -f https://raw.githubusercontent.com/antrea-io/antrea/$TAG/multicluster/config/samples/clusterset_init/leader-access-token-template.yml -$kubectl get secret default-member-token -n antrea-multicluster -o yaml | grep -w -e '^apiVersion' -e '^data' -e '^metadata' -e '^ *name:' -e '^kind' -e ' ca.crt' -e ' token:' -e '^type' -e ' namespace' | sed -e 's/kubernetes.io\/service-account-token/Opaque/g' -e 's/antrea-multicluster/kube-system/g' > default-member-token.yml +kubectl apply -f https://raw.githubusercontent.com/antrea-io/antrea/$TAG/multicluster/config/samples/clusterset_init/leader-clusterset-template.yml +kubectl apply -f https://raw.githubusercontent.com/antrea-io/antrea/$TAG/multicluster/config/samples/clusterset_init/leader-access-token-template.yml +kubectl get secret default-member-token -n antrea-multicluster -o yaml | grep -w -e '^apiVersion' -e '^data' -e '^metadata' -e '^ *name:' -e '^kind' -e ' ca.crt' -e ' token:' -e '^type' -e ' namespace' | sed -e 's/kubernetes.io\/service-account-token/Opaque/g' -e 's/antrea-multicluster/kube-system/g' > default-member-token.yml ``` The last command saves the token Secret manifest to `default-member-token.yml`, @@ -242,9 +245,9 @@ Next, run the following commands to make cluster A join the ClusterSet also as a member: ```bash -$kubectl apply -f default-member-token.yml -$curl -L https://raw.githubusercontent.com/antrea-io/antrea/$TAG/multicluster/config/samples/clusterset_init/member-clusterset-template.yml > member-clusterset.yml -$sed -e 's/test-cluster-member/test-cluster-leader/g' -e 's//172.10.0.11/g' member-clusterset.yml | kubectl apply -f - +kubectl apply -f default-member-token.yml +curl -L https://raw.githubusercontent.com/antrea-io/antrea/$TAG/multicluster/config/samples/clusterset_init/member-clusterset-template.yml > member-clusterset.yml +sed -e 's/test-cluster-member/test-cluster-leader/g' -e 's//172.10.0.11/g' member-clusterset.yml | kubectl apply -f - ``` Here, `172.10.0.11` is the `kube-apiserver` IP of cluster A. You should replace @@ -256,7 +259,7 @@ Assuming K8s Node `node-a1` is selected for the Multi-cluster Gateway, run the following command to annotate the Node: ```bash -$kubectl annotate node node-a1 multicluster.antrea.io/gateway=true +kubectl annotate node node-a1 multicluster.antrea.io/gateway=true ``` ### Set up Cluster B @@ -270,14 +273,14 @@ Run the following command to deploy the member Multi-cluster Controller into Namespace `kube-system`. ```bash -$kubectl apply -f https://github.com/antrea-io/antrea/releases/download/$TAG/antrea-multicluster-member.yml +kubectl apply -f https://github.com/antrea-io/antrea/releases/download/$TAG/antrea-multicluster-member.yml ``` You can run the following command to verify the `antrea-mc-controller` Pod is deployed and running: ```bash -$kubectl get all -A -l="component=antrea-mc-controller" +$ kubectl get all -A -l="component=antrea-mc-controller" NAMESPACE NAME READY STATUS RESTARTS AGE kube-system pod/antrea-mc-controller-85dbf58b75-pjj48 1/1 Running 0 40s @@ -290,9 +293,9 @@ kube-system deployment.apps/antrea-mc-controller 1/1 1 Run the following commands to make cluster B join the ClusterSet: ```bash -$kubectl apply -f default-member-token.yml -$curl -L https://raw.githubusercontent.com/antrea-io/antrea/$TAG/multicluster/config/samples/clusterset_init/member-clusterset-template.yml > member-clusterset.yml -$sed -e 's//172.10.0.11/g' member-clusterset.yml | kubectl apply -f - +kubectl apply -f default-member-token.yml +curl -L https://raw.githubusercontent.com/antrea-io/antrea/$TAG/multicluster/config/samples/clusterset_init/member-clusterset-template.yml > member-clusterset.yml +sed -e 's//172.10.0.11/g' member-clusterset.yml | kubectl apply -f - ``` `default-member-token.yml` saves the default member token which was generated @@ -304,7 +307,7 @@ Assuming K8s Node `node-b1` is chosen to be the Multi-cluster Gateway for cluste B, run the following command to annotate the Node: ```bash -$kubectl annotate node node-b1 multicluster.antrea.io/gateway=true +kubectl annotate node node-b1 multicluster.antrea.io/gateway=true ``` ### Add new member clusters @@ -316,7 +319,7 @@ joining ClusterSet. For example, you can run the following commands to join the ClusterSet in a member cluster with ID `test-cluster-member2`: ```bash -$kubectl apply -f default-member-token.yml -$curl -L https://raw.githubusercontent.com/antrea-io/antrea/$TAG/multicluster/config/samples/clusterset_init/member-clusterset-template.yml > member-clusterset.yml -$sed -e 's//172.10.0.11/g' -e 's/test-cluster-member/test-cluster-member2/g' member-clusterset.yml | kubectl apply -f - +kubectl apply -f default-member-token.yml +curl -L https://raw.githubusercontent.com/antrea-io/antrea/$TAG/multicluster/config/samples/clusterset_init/member-clusterset-template.yml > member-clusterset.yml +sed -e 's//172.10.0.11/g' -e 's/test-cluster-member/test-cluster-member2/g' member-clusterset.yml | kubectl apply -f - ``` diff --git a/docs/multicluster/user-guide.md b/docs/multicluster/user-guide.md index 20ea7db9c93..325065356d7 100644 --- a/docs/multicluster/user-guide.md +++ b/docs/multicluster/user-guide.md @@ -71,15 +71,18 @@ in `antrea-agent.conf` of the Antrea deployment manifest to enable the `Multiclu feature: ```yaml -antrea-agent.conf: | -... - featureGates: -... - Multicluster: true -... - multicluster: - enableGateway: true - namespace: "" # Change to the Namespace where antrea-mc-controller is deployed. +kind: ConfigMap +apiVersion: v1 +metadata: + name: antrea-config + namespace: kube-system +data: + antrea-agent.conf: | + featureGates: + Multicluster: true + multicluster: + enableGateway: true + namespace: "" # Change to the Namespace where antrea-mc-controller is deployed. ``` In order for Multi-cluster features to work, it is necessary for `enableGateway` to be set to true by @@ -112,27 +115,27 @@ To deploy Multi-cluster Controller in a dual-role cluster, please refer to 1. Run the following command to import Multi-cluster CRDs in the leader cluster: - ```bash - kubectl apply -f https://github.com/antrea-io/antrea/releases/download/$TAG/antrea-multicluster-leader-global.yml - ``` + ```bash + kubectl apply -f https://github.com/antrea-io/antrea/releases/download/$TAG/antrea-multicluster-leader-global.yml + ``` 2. Install Multi-cluster Controller in the leader cluster. Since Multi-cluster Controller runs as a namespaced Deployment, you should create the Namespace first, and then apply the deployment manifest with the Namespace. - ```bash - kubectl create ns antrea-multicluster - kubectl apply -f https://github.com/antrea-io/antrea/releases/download/$TAG/antrea-multicluster-leader-namespaced.yml - ``` + ```bash + kubectl create ns antrea-multicluster + kubectl apply -f https://github.com/antrea-io/antrea/releases/download/$TAG/antrea-multicluster-leader-namespaced.yml + ``` The Multi-cluster Controller in the leader cluster will be deployed in Namespace `antrea-multicluster` by default. If you'd like to use another Namespace, you can change `antrea-multicluster` to the desired Namespace in `antrea-multicluster-leader-namespaced.yml`, for example: ```bash -$kubectl create ns '' -$curl -L https://github.com/antrea-io/antrea/releases/download/$TAG/antrea-multicluster-leader-namespaced.yml > antrea-multicluster-leader-namespaced.yml -$sed 's/antrea-multicluster//g' antrea-multicluster-leader-namespaced.yml | kubectl apply -f - +kubectl create ns '' +curl -L https://github.com/antrea-io/antrea/releases/download/$TAG/antrea-multicluster-leader-namespaced.yml > antrea-multicluster-leader-namespaced.yml +sed 's/antrea-multicluster//g' antrea-multicluster-leader-namespaced.yml | kubectl apply -f - ``` #### Deploy in a Member Cluster @@ -381,7 +384,7 @@ the Multi-cluster Gateway by adding an annotation: the following command to annotate Node `node-1` as the Multi-cluster Gateway: ```bash -$kubectl annotate node node-1 multicluster.antrea.io/gateway=true +kubectl annotate node node-1 multicluster.antrea.io/gateway=true ``` You can annotate multiple Nodes in a member cluster as the candidates for @@ -398,7 +401,7 @@ will create a `Gateway` CR with the same name as the Node. You can check it with command: ```bash -$kubectl get gateway -n kube-system +$ kubectl get gateway -n kube-system NAME GATEWAY IP INTERNAL IP AGE node-1 10.17.27.55 10.17.27.55 10s ``` @@ -438,7 +441,7 @@ you can see a ClusterInfoImport CR with name `test-cluster-east-clusterinfo` is created for cluster `test-cluster-east`: ```bash -$kubectl get clusterinfoimport -n kube-system +$ kubectl get clusterinfoimport -n kube-system NAME CLUSTER ID SERVICE CIDR AGE test-cluster-east-clusterinfo test-cluster-east 110.96.0.0/20 10s ``` @@ -461,11 +464,15 @@ in Multi-cluster configuration should be set to `wireGuard` and the `enableGatew field should be set to `true` as follows: ```yaml -antrea-agent.conf: | - featureGates: -... - Multicluster: true -... +kind: ConfigMap +apiVersion: v1 +metadata: + name: antrea-config + namespace: kube-system +data: + antrea-agent.conf: | + featureGates: + Multicluster: true multicluster: enableGateway: true trafficEncryptionMode: "wireGuard" @@ -497,11 +504,11 @@ routed to the backend `nginx` Pods in `test-cluster-west`. You can check the imported Service and ServiceImport with commands: ```bash -$kubectl get serviceimport antrea-mc-nginx -n default +$ kubectl get serviceimport antrea-mc-nginx -n default NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE antrea-mc-nginx ClusterIP 10.107.57.62 443/TCP 10s -$kubectl get serviceimport nginx -n default +$ kubectl get serviceimport nginx -n default NAME TYPE IP AGE nginx ClusterSetIP ["10.19.57.62"] 10s ``` @@ -512,12 +519,12 @@ for the exported Service and Endpoints respectively, as well as two ResourceImport CRs. You can check them in the leader cluster with commands: ```bash -$kubectl get resourceexport -n antrea-multicluster +$ kubectl get resourceexport -n antrea-multicluster NAME CLUSTER ID KIND NAMESPACE NAME AGE test-cluster-west-default-nginx-endpoints test-cluster-west Endpoints default nginx 30s test-cluster-west-default-nginx-service test-cluster-west Service default nginx 30s -$kubectl get resourceimport -n antrea-multicluster +$ kubectl get resourceimport -n antrea-multicluster NAME KIND NAMESPACE NAME AGE default-nginx-endpoints Endpoints default nginx 99s default-nginx-service ServiceImport default nginx 99s @@ -565,29 +572,32 @@ Pod-to-Pod connectivity**. ```yaml apiVersion: v1 -data: - controller_manager_config.yaml: | - apiVersion: multicluster.crd.antrea.io/v1alpha1 - kind: MultiClusterConfig - ... - podCIDRs: - - "10.10.1.1/16" kind: ConfigMap metadata: labels: app: antrea name: antrea-mc-controller-config namespace: kube-system +data: + controller_manager_config.yaml: | + apiVersion: multicluster.crd.antrea.io/v1alpha1 + kind: MultiClusterConfig + podCIDRs: + - "10.10.1.1/16" ``` ```yaml -antrea-controller.conf: | - featureGates: -... - Multicluster: true -... - multicluster: - enablePodToPodConnectivity: true +kind: ConfigMap +apiVersion: v1 +metadata: + name: antrea-config + namespace: kube-system +data: + antrea-agent.conf: | + featureGates: + Multicluster: true + multicluster: + enablePodToPodConnectivity: true ``` You can edit [antrea-multicluster-member.yml](../../multicluster/build/yamls/antrea-multicluster-member.yml), @@ -610,25 +620,24 @@ Agent ConfigMaps and make sure that `enableStretchedNetworkPolicy` is set to `true` in addition to enabling the `multicluster` feature gate: ```yaml -antrea-controller.conf: | - featureGates: -... - Multicluster: true -... - multicluster: - enableStretchedNetworkPolicy: true # required by both egress and ingres rules -``` - -```yaml -antrea-agent.conf: | - featureGates: -... - Multicluster: true -... - multicluster: - enableGateway: true - enableStretchedNetworkPolicy: true # required by only ingress rules - namespace: "" +kind: ConfigMap +apiVersion: v1 +metadata: + name: antrea-config + namespace: kube-system +data: + antrea-controller.conf: | + featureGates: + Multicluster: true + multicluster: + enableStretchedNetworkPolicy: true # required by both egress and ingres rules + antrea-agent.conf: | + featureGates: + Multicluster: true + multicluster: + enableGateway: true + enableStretchedNetworkPolicy: true # required by only ingress rules + namespace: "" ``` ### Egress Rule to Multi-cluster Service @@ -738,7 +747,6 @@ on how to change the ConfigMap: controller_manager_config.yaml: | apiVersion: multicluster.crd.antrea.io/v1alpha1 kind: MultiClusterConfig - ... enableStretchedNetworkPolicy: true ``` @@ -798,7 +806,7 @@ clusters will be reported back to the leader cluster as K8s Events, and can be c the `ResourceImport` of the original `ResourceExport`: ```bash -$kubectl describe resourceimport -A +$ kubectl describe resourceimport -A Name: strict-namespace-isolation-antreaclusternetworkpolicy Namespace: antrea-multicluster API Version: multicluster.crd.antrea.io/v1alpha1 diff --git a/docs/node-port-local.md b/docs/node-port-local.md index 9d78d1333b5..042b64a5261 100644 --- a/docs/node-port-local.md +++ b/docs/node-port-local.md @@ -45,7 +45,7 @@ your `antrea-agent` ConfigMap should look like this: kind: ConfigMap apiVersion: v1 metadata: - name: antrea-config-dcfb6k2hkm + name: antrea-config namespace: kube-system data: antrea-agent.conf: | @@ -116,7 +116,6 @@ metadata: app: nginx annotations: nodeportlocal.antrea.io: '[{"podPort":8080,"nodeIP":"10.10.10.10","nodePort":61002,"protocol":"tcp","protocols":["tcp"]}]' -... ``` This annotation indicates that port 8080 of the Pod can be reached through port @@ -153,7 +152,6 @@ metadata: app: nginx annotations: nodeportlocal.antrea.io: '[{"podPort":8080,"nodeIP":"10.10.10.10","nodePort":61002}, "protocols":["tcp","udp"]]' -... ``` This annotation indicates that port 8080 of the Pod can be reached through port diff --git a/docs/noencap-hybrid-modes.md b/docs/noencap-hybrid-modes.md index 5e74127ffcc..831e4a1215c 100644 --- a/docs/noencap-hybrid-modes.md +++ b/docs/noencap-hybrid-modes.md @@ -26,11 +26,9 @@ metadata: spec: containers: - name: antrea-agent - ... ... env: - name: ALLOW_NO_ENCAP_WITHOUT_ANTREA_PROXY value: "true" - ... ... ``` ## Hybrid Mode @@ -60,9 +58,7 @@ parameter is defined in `antrea-agent.conf` of the `antrea` ConfigMap in the ```yaml antrea-agent.conf: | - ... ... trafficEncapMode: hybrid - ... ... ``` After changing the config parameter, you can deploy Antrea in `Hybrid` mode with @@ -109,12 +105,15 @@ parameters are defined in `antrea-agent.conf` of the `antrea` ConfigMap in the [Antrea deployment yaml](https://github.com/antrea-io/antrea/blob/main/build/yamls/antrea.yml). ```yaml +kind: ConfigMap +apiVersion: v1 +metadata: + name: antrea-config + namespace: kube-system +data: antrea-agent.conf: | - ... ... trafficEncapMode: noEncap - noSNAT: false # Set to true to disable Antrea SNAT for external traffic - ... ... ``` After changing the parameters, you can deploy Antrea in `noEncap` mode by applying diff --git a/docs/service-loadbalancer.md b/docs/service-loadbalancer.md index b5df3991f2f..7fd1c9e0e0f 100644 --- a/docs/service-loadbalancer.md +++ b/docs/service-loadbalancer.md @@ -73,19 +73,15 @@ the Antrea deployment YAML: apiVersion: v1 kind: ConfigMap metadata: - name: antrea-config-dcfb6k2hkm + name: antrea-config namespace: kube-system data: antrea-agent.conf: | featureGates: -... ServiceExternalIP: true -... antrea-controller.conf: | featureGates: -... ServiceExternalIP: true -... ``` The feature works with both `AntreaProxy` and `kube-proxy`, including the diff --git a/docs/traffic-encryption.md b/docs/traffic-encryption.md index fc679cebada..8e6e20bc257 100644 --- a/docs/traffic-encryption.md +++ b/docs/traffic-encryption.md @@ -112,10 +112,14 @@ defined in `antrea-agent.conf` of `antrea` ConfigMap in the Antrea deployment yaml: ```yaml +kind: ConfigMap +apiVersion: v1 +metadata: + name: antrea-config + namespace: kube-system +data: antrea-agent.conf: | - ... ... trafficEncryptionMode: wireGuard - ... ... ``` After saving the yaml file change, deploy Antrea with: