-
Notifications
You must be signed in to change notification settings - Fork 363
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix policyOnlyMode and cloud support for AKS & EKS #1585
Fix policyOnlyMode and cloud support for AKS & EKS #1585
Conversation
Thanks for your PR. The following commands are available:
|
build/yamls/antrea-eks-node-init.yml
Outdated
@@ -64,13 +74,11 @@ spec: | |||
echo "Waiting for aws-k8s-agent" | |||
done | |||
|
|||
# copied from https://github.com/cilium/cilium/blob/master/install/kubernetes/cilium/charts/nodeinit/templates/daemonset.yaml#L199 | |||
# Fetch running containers from aws-k8s-agent and kill it | |||
# copied from https://github.com/cilium/cilium/blob/v1.8.0/install/kubernetes/cilium/charts/nodeinit/templates/daemonset.yaml |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do not mean your PR, but should we rewrite the script?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The script seems to be working ok with the patch. Actually I need to remove the comment about cilium. The code is different from the cilium script now, since they haven't updated it to account for the API change :P
Codecov Report
@@ Coverage Diff @@
## master #1585 +/- ##
==========================================
+ Coverage 63.31% 64.38% +1.07%
==========================================
Files 170 181 +11
Lines 14250 15299 +1049
==========================================
+ Hits 9023 9851 +828
- Misses 4292 4421 +129
- Partials 935 1027 +92
Flags with carried forward coverage won't be shown. Click here to find out more.
|
policyOnlyMode was broken since adding support for IPv6 clusters in the code base. This is because the code used the Node's PodCIDR(s) to determine which address family was supported, which doesn't work in policyOnlyMode, for which IPAM is not the responsibility of Antrea. Instead we now use the following rules: * if there is an IPv4 PodCIDR for the Node, then v4 is supported * otherwise, if policyOnlyMode is used and the Node's IP address (primary, as reported by K8s) is an IPv4 address then v4 is supported Same rules for v6. This may not work for dual-stack, but IIRC none of the cloud services support IPv6 / dual-stack. There are also other issues for dual-stack support in Antrea, which themselves depend on upstream issues. Additionally, we include the following changes: * the build/yamls/antrea-eks-node-init.yml manifest is updated to account for a breaking change in the AWS CNI introspection API. * we pin the K8s conformance test image for all clouds to v1.18.5 to avoid issues with recently-added conformance tests. Fixes antrea-io#1572
63cae34
to
e735e7e
Compare
I have confirmed that all the tests pass on AKS & EKS! |
/test-all |
/test-ipv6-only-all |
/test-ipv6-e2e |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
policyOnlyMode was broken since adding support for IPv6 clusters in the code base. This is because the code used the Node's PodCIDR(s) to determine which address family was supported, which doesn't work in policyOnlyMode, for which IPAM is not the responsibility of Antrea. Instead we now use the following rules: * if there is an IPv4 PodCIDR for the Node, then v4 is supported * otherwise, if policyOnlyMode is used and the Node's IP address (primary, as reported by K8s) is an IPv4 address then v4 is supported Same rules for v6. This may not work for dual-stack, but IIRC none of the cloud services support IPv6 / dual-stack. There are also other issues for dual-stack support in Antrea, which themselves depend on upstream issues. Additionally, we include the following changes: * the build/yamls/antrea-eks-node-init.yml manifest is updated to account for a breaking change in the AWS CNI introspection API. * we pin the K8s conformance test image for all clouds to v1.18.5 to avoid issues with recently-added conformance tests. Fixes antrea-io#1572
policyOnlyMode was broken since adding support for IPv6 clusters in the code base. This is because the code used the Node's PodCIDR(s) to determine which address family was supported, which doesn't work in policyOnlyMode, for which IPAM is not the responsibility of Antrea. Instead we now use the following rules: * if there is an IPv4 PodCIDR for the Node, then v4 is supported * otherwise, if policyOnlyMode is used and the Node's IP address (primary, as reported by K8s) is an IPv4 address then v4 is supported Same rules for v6. This may not work for dual-stack, but IIRC none of the cloud services support IPv6 / dual-stack. There are also other issues for dual-stack support in Antrea, which themselves depend on upstream issues. Additionally, we include the following changes: * the build/yamls/antrea-eks-node-init.yml manifest is updated to account for a breaking change in the AWS CNI introspection API. * we pin the K8s conformance test image for all clouds to v1.18.5 to avoid issues with recently-added conformance tests. Fixes #1572
policyOnlyMode was broken since adding support for IPv6 clusters in the code base. This is because the code used the Node's PodCIDR(s) to determine which address family was supported, which doesn't work in policyOnlyMode, for which IPAM is not the responsibility of Antrea. Instead we now use the following rules: * if there is an IPv4 PodCIDR for the Node, then v4 is supported * otherwise, if policyOnlyMode is used and the Node's IP address (primary, as reported by K8s) is an IPv4 address then v4 is supported Same rules for v6. This may not work for dual-stack, but IIRC none of the cloud services support IPv6 / dual-stack. There are also other issues for dual-stack support in Antrea, which themselves depend on upstream issues. Additionally, we include the following changes: * the build/yamls/antrea-eks-node-init.yml manifest is updated to account for a breaking change in the AWS CNI introspection API. * we pin the K8s conformance test image for all clouds to v1.18.5 to avoid issues with recently-added conformance tests. Fixes #1572
policyOnlyMode was broken since adding support for IPv6 clusters in the
code base. This is because the code used the Node's PodCIDR(s) to
determine which address family was supported, which doesn't work in
policyOnlyMode, for which IPAM is not the responsibility of Antrea.
Instead we now use the following rules:
(primary, as reported by K8s) is an IPv4 address then v4 is supported
Same rules for v6.
This may not work for dual-stack, but IIRC none of the cloud services
support IPv6 / dual-stack. There are also other issues for dual-stack
support in Antrea, which themselves depend on upstream issues.
Additionally, we include the following changes:
account for a breaking change in the AWS CNI introspection API.
avoid issues with recently-added conformance tests.
Fixes #1572