Support EndpointSlice in Antrea proxy, ServiceTopology is not support…

…ed in this commit.

Fix CentOS/MacOS docker-test-integration error as IPv6 is disabled by default.

Signed-off-by: Weiqiang Tang <weiqiangt@vmware.com>

.github/workflows/kind.yml

@@ -189,6 +189,60 @@ jobs:
         path: log.tar.gz
         retention-days: 30
 
+  test-e2e-encap-endpointslice:
+    name: E2e tests on a Kind cluster on Linux with endpointslice enabled
+    needs: build-antrea-coverage-image
+    runs-on: [ubuntu-18.04]
+    steps:
+    - name: Free disk space
+      # https://github.com/actions/virtual-environments/issues/709
+      run: |
+        sudo apt-get clean
+        df -h
+    - uses: actions/checkout@v2
+    - uses: actions/setup-go@v1
+      with:
+        go-version: 1.13
+    - name: Download Antrea image from previous job
+      uses: actions/download-artifact@v1
+      with:
+        name: antrea-ubuntu
+    - name: Load Antrea image
+      run:  docker load -i antrea-ubuntu/antrea-ubuntu.tar
+    - name: Install Kind
+      run: |
+        curl -Lo ./kind https://github.com/kubernetes-sigs/kind/releases/download/${KIND_VERSION}/kind-$(uname)-amd64
+        chmod +x ./kind
+        sudo mv kind /usr/local/bin
+    - name: Run e2e tests
+      run: |
+        mkdir log
+        mkdir test-e2e-encap-endpointslice-coverage
+        ANTREA_LOG_DIR=$PWD/log ANTREA_COV_DIR=$PWD/test-e2e-encap-endpointslice-coverage ./ci/kind/test-e2e-kind.sh --encap-mode encap --endpointslice --coverage
+    - name: Tar coverage files
+      run: tar -czf test-e2e-encap-endpointslice-coverage.tar.gz test-e2e-encap-endpointslice-coverage
+    - name: Upload coverage for test-e2e-encap-endpointslice-coverage
+      uses: actions/upload-artifact@v2
+      with:
+        name: test-e2e-encap-endpointslice-coverage
+        path: test-e2e-encap-endpointslice-coverage.tar.gz
+    - name: Codecov
+      uses: codecov/codecov-action@v1
+      with:
+        file: '*antrea*'
+        flags: kind-e2e-tests
+        name: codecov-test-e2e-encap-endpointslice
+        directory: test-e2e-encap-endpointslice-coverage
+    - name: Tar log files
+      if: ${{ failure() }}
+      run: tar -czf log.tar.gz log
+    - name: Upload test log
+      uses: actions/upload-artifact@v2
+      if: ${{ failure() }}
+      with:
+        name: e2e-kind-encap-endpointslice.tar.gz
+        path: log.tar.gz
+
   test-e2e-noencap:
     name: E2e tests on a Kind cluster on Linux (noEncap)
     needs: [build-antrea-coverage-image, build-flow-aggregator-image]

Makefile

@@ -152,6 +152,7 @@ endif
 		-v $(CURDIR)/.coverage:/usr/src/github.com/vmware-tanzu/antrea/.coverage \
 		-v $(CURDIR):/usr/src/github.com/vmware-tanzu/antrea:ro \
 		-v /lib/modules:/lib/modules \
+		--sysctl net.ipv6.conf.all.disable_ipv6=0 \
 		antrea/test test-integration $(USERID) $(GRPID)
 
 .PHONY: docker-tidy

build/yamls/antrea-aks.yml

@@ -883,6 +883,14 @@ rules:
   - get
   - watch
   - list
+- apiGroups:
+  - discovery.k8s.io
+  resources:
+  - endpointslices
+  verbs:
+  - get
+  - watch
+  - list
 - apiGroups:
   - clusterinformation.antrea.tanzu.vmware.com
   resources:
@@ -1170,6 +1178,10 @@ data:
     # Service traffic.
     #  AntreaProxy: true
 
+    # Enable EndpointSlice support in AntreaProxy. If AntreaProxy is not enabled, this
+    # flag will not take effect.
+    #  EndpointSlice: false
+
     # Enable traceflow which provides packet tracing feature to diagnose network issue.
     #  Traceflow: true
 
@@ -1332,7 +1344,7 @@ metadata:
   annotations: {}
   labels:
     app: antrea
-  name: antrea-config-b8hh7hm486
+  name: antrea-config-8hc98g2f9b
   namespace: kube-system
 ---
 apiVersion: v1
@@ -1443,7 +1455,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-b8hh7hm486
+          name: antrea-config-8hc98g2f9b
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -1708,7 +1720,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-b8hh7hm486
+          name: antrea-config-8hc98g2f9b
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

build/yamls/antrea-eks.yml

@@ -883,6 +883,14 @@ rules:
   - get
   - watch
   - list
+- apiGroups:
+  - discovery.k8s.io
+  resources:
+  - endpointslices
+  verbs:
+  - get
+  - watch
+  - list
 - apiGroups:
   - clusterinformation.antrea.tanzu.vmware.com
   resources:
@@ -1170,6 +1178,10 @@ data:
     # Service traffic.
     #  AntreaProxy: true
 
+    # Enable EndpointSlice support in AntreaProxy. If AntreaProxy is not enabled, this
+    # flag will not take effect.
+    #  EndpointSlice: false
+
     # Enable traceflow which provides packet tracing feature to diagnose network issue.
     #  Traceflow: true
 
@@ -1332,7 +1344,7 @@ metadata:
   annotations: {}
   labels:
     app: antrea
-  name: antrea-config-b8hh7hm486
+  name: antrea-config-8hc98g2f9b
   namespace: kube-system
 ---
 apiVersion: v1
@@ -1443,7 +1455,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-b8hh7hm486
+          name: antrea-config-8hc98g2f9b
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -1710,7 +1722,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-b8hh7hm486
+          name: antrea-config-8hc98g2f9b
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

build/yamls/antrea-gke.yml

@@ -883,6 +883,14 @@ rules:
   - get
   - watch
   - list
+- apiGroups:
+  - discovery.k8s.io
+  resources:
+  - endpointslices
+  verbs:
+  - get
+  - watch
+  - list
 - apiGroups:
   - clusterinformation.antrea.tanzu.vmware.com
   resources:
@@ -1170,6 +1178,10 @@ data:
     # Service traffic.
     #  AntreaProxy: true
 
+    # Enable EndpointSlice support in AntreaProxy. If AntreaProxy is not enabled, this
+    # flag will not take effect.
+    #  EndpointSlice: false
+
     # Enable traceflow which provides packet tracing feature to diagnose network issue.
     #  Traceflow: true
 
@@ -1332,7 +1344,7 @@ metadata:
   annotations: {}
   labels:
     app: antrea
-  name: antrea-config-hhfkgg2fg5
+  name: antrea-config-tkhmdbc7hc
   namespace: kube-system
 ---
 apiVersion: v1
@@ -1443,7 +1455,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-hhfkgg2fg5
+          name: antrea-config-tkhmdbc7hc
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -1711,7 +1723,7 @@ spec:
           path: /home/kubernetes/bin
         name: host-cni-bin
       - configMap:
-          name: antrea-config-hhfkgg2fg5
+          name: antrea-config-tkhmdbc7hc
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

build/yamls/antrea-ipsec.yml

@@ -883,6 +883,14 @@ rules:
   - get
   - watch
   - list
+- apiGroups:
+  - discovery.k8s.io
+  resources:
+  - endpointslices
+  verbs:
+  - get
+  - watch
+  - list
 - apiGroups:
   - clusterinformation.antrea.tanzu.vmware.com
   resources:
@@ -1170,6 +1178,10 @@ data:
     # Service traffic.
     #  AntreaProxy: true
 
+    # Enable EndpointSlice support in AntreaProxy. If AntreaProxy is not enabled, this
+    # flag will not take effect.
+    #  EndpointSlice: false
+
     # Enable traceflow which provides packet tracing feature to diagnose network issue.
     #  Traceflow: true
 
@@ -1337,7 +1349,7 @@ metadata:
   annotations: {}
   labels:
     app: antrea
-  name: antrea-config-bdc66g4872
+  name: antrea-config-75d52g7h69
   namespace: kube-system
 ---
 apiVersion: v1
@@ -1457,7 +1469,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-bdc66g4872
+          name: antrea-config-75d52g7h69
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -1757,7 +1769,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-bdc66g4872
+          name: antrea-config-75d52g7h69
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

build/yamls/antrea.yml

@@ -883,6 +883,14 @@ rules:
   - get
   - watch
   - list
+- apiGroups:
+  - discovery.k8s.io
+  resources:
+  - endpointslices
+  verbs:
+  - get
+  - watch
+  - list
 - apiGroups:
   - clusterinformation.antrea.tanzu.vmware.com
   resources:
@@ -1170,6 +1178,10 @@ data:
     # Service traffic.
     #  AntreaProxy: true
 
+    # Enable EndpointSlice support in AntreaProxy. If AntreaProxy is not enabled, this
+    # flag will not take effect.
+    #  EndpointSlice: false
+
     # Enable traceflow which provides packet tracing feature to diagnose network issue.
     #  Traceflow: true
 
@@ -1337,7 +1349,7 @@ metadata:
   annotations: {}
   labels:
     app: antrea
-  name: antrea-config-9964gfgbb4
+  name: antrea-config-c62t4mcf7k
   namespace: kube-system
 ---
 apiVersion: v1
@@ -1448,7 +1460,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-9964gfgbb4
+          name: antrea-config-c62t4mcf7k
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -1713,7 +1725,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-9964gfgbb4
+          name: antrea-config-c62t4mcf7k
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

build/yamls/base/agent-rbac.yml

@@ -36,6 +36,14 @@ rules:
       - get
       - watch
       - list
+  - apiGroups:
+      - discovery.k8s.io
+    resources:
+      - endpointslices
+    verbs:
+      - get
+      - watch
+      - list
   - apiGroups:
       - clusterinformation.antrea.tanzu.vmware.com
     resources:

build/yamls/base/conf/antrea-agent.conf

@@ -5,6 +5,10 @@ featureGates:
 # Service traffic.
 #  AntreaProxy: true
 
+# Enable EndpointSlice support in AntreaProxy. If AntreaProxy is not enabled, this
+# flag will not take effect.
+#  EndpointSlice: false
+
 # Enable traceflow which provides packet tracing feature to diagnose network issue.
 #  Traceflow: true
 

ci/kind/test-e2e-kind.sh

@@ -25,6 +25,7 @@ function echoerr {
 _usage="Usage: $0 [--encap-mode <mode>] [--no-proxy] [--np] [--coverage] [--help|-h]
         --encap-mode                  Traffic encapsulation mode. (default is 'encap')
         --no-proxy                    Disables Antrea proxy.
+        --endpointslice               Enables Antrea proxy and EndpointSlice support
         --np                          Enables Namespaced Antrea NetworkPolicy CRDs and ClusterNetworkPolicy related CRDs.
         --coverage                    Enables measure Antrea code coverage when run e2e tests on kind.
         --help, -h                    Print this message and exit
@@ -49,6 +50,7 @@ trap "quit" INT EXIT
 
 mode=""
 proxy=true
+endpointslice=false
 np=false
 coverage=false
 while [[ $# -gt 0 ]]
@@ -60,6 +62,10 @@ case $key in
     proxy=false
     shift
     ;;
+    --endpointslice)
+    endpointslice=true
+    shift
+    ;;
     --np)
     np=true
     shift
@@ -87,6 +93,9 @@ manifest_args=""
 if ! $proxy; then
     manifest_args="$manifest_args --no-proxy"
 fi
+if $endpointslice; then
+    manifest_args="$manifest_args --endpointslice"
+fi
 if $np; then
     # See https://github.com/vmware-tanzu/antrea/issues/897
     manifest_args="$manifest_args --np --tun vxlan"