From 1f6d34d70a102b2012d9cdd1bb96bf6f9ad43e7b Mon Sep 17 00:00:00 2001 From: Shikhar Soni Date: Thu, 23 May 2024 03:47:40 +0530 Subject: [PATCH] Use helm to generate Antrea Windows manifests Fixes #5564 Signed-off-by: Shikhar Soni --- Makefile | 1 - build/charts/antrea-windows/.helmignore | 23 ++++++ build/charts/antrea-windows/Chart.yaml | 24 +++++++ .../conf/Install-WindowsCNI-Containerd.ps1 | 0 .../conf/Run-AntreaAgent-Containerd.ps1 | 0 .../antrea-windows}/conf/antrea-agent.conf | 0 .../antrea-windows}/conf/antrea-cni.conflist | 0 .../conf/ovs}/Run-AntreaOVS-Containerd.ps1 | 0 ...SwitchExtension-AntreaAgent-Containerd.ps1 | 0 .../antrea-windows/templates/agent.yaml | 12 ++++ .../antrea-windows/templates/configmap.yaml | 9 +++ .../antrea-windows/templates/daemonset.yaml} | 71 +++++++++++++++--- build/yamls/antrea-windows-with-ovs.yml | 72 ++++++++++--------- build/yamls/antrea-windows.yml | 62 ++++++++-------- build/yamls/windows/base/kustomization.yml | 9 --- .../containerd-with-ovs.yml | 30 -------- .../containerd-with-ovs/kustomization.yml | 17 ----- .../windows/containerd/kustomization.yml | 15 ---- .../windows/patches/dev/imagePullPolicy.yml | 13 ---- .../yamls/windows/patches/release/.gitignore | 1 - hack/generate-manifest-windows.sh | 62 +++++++--------- hack/update-checksum-windows.sh | 40 ----------- 22 files changed, 226 insertions(+), 235 deletions(-) create mode 100644 build/charts/antrea-windows/.helmignore create mode 100644 build/charts/antrea-windows/Chart.yaml rename build/{yamls/windows/containerd => charts/antrea-windows}/conf/Install-WindowsCNI-Containerd.ps1 (100%) rename build/{yamls/windows/containerd => charts/antrea-windows}/conf/Run-AntreaAgent-Containerd.ps1 (100%) rename build/{yamls/windows/base => charts/antrea-windows}/conf/antrea-agent.conf (100%) rename build/{yamls/windows/base => charts/antrea-windows}/conf/antrea-cni.conflist (100%) rename build/{yamls/windows/containerd-with-ovs/conf => charts/antrea-windows/conf/ovs}/Run-AntreaOVS-Containerd.ps1 (100%) rename build/{yamls/windows/containerd-with-ovs/conf => charts/antrea-windows/conf/ovs}/VMSwitchExtension-AntreaAgent-Containerd.ps1 (100%) create mode 100644 build/charts/antrea-windows/templates/agent.yaml create mode 100644 build/charts/antrea-windows/templates/configmap.yaml rename build/{yamls/windows/containerd/agent-containerd.yml => charts/antrea-windows/templates/daemonset.yaml} (54%) delete mode 100644 build/yamls/windows/base/kustomization.yml delete mode 100644 build/yamls/windows/containerd-with-ovs/containerd-with-ovs.yml delete mode 100644 build/yamls/windows/containerd-with-ovs/kustomization.yml delete mode 100644 build/yamls/windows/containerd/kustomization.yml delete mode 100644 build/yamls/windows/patches/dev/imagePullPolicy.yml delete mode 100644 build/yamls/windows/patches/release/.gitignore delete mode 100755 hack/update-checksum-windows.sh diff --git a/Makefile b/Makefile index 4c420f5c961..a9a23dffc5e 100644 --- a/Makefile +++ b/Makefile @@ -419,7 +419,6 @@ manifest: $(CURDIR)/hack/generate-standard-manifests.sh --mode dev --out build/yamls $(CURDIR)/hack/generate-manifest-windows.sh --mode dev > build/yamls/antrea-windows.yml $(CURDIR)/hack/generate-manifest-windows.sh --mode dev --include-ovs > build/yamls/antrea-windows-with-ovs.yml - $(CURDIR)/hack/update-checksum-windows.sh $(CURDIR)/hack/generate-manifest-flow-aggregator.sh --mode dev > build/yamls/flow-aggregator.yml .PHONY: manifest-scale diff --git a/build/charts/antrea-windows/.helmignore b/build/charts/antrea-windows/.helmignore new file mode 100644 index 00000000000..0e8a0eb36f4 --- /dev/null +++ b/build/charts/antrea-windows/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/build/charts/antrea-windows/Chart.yaml b/build/charts/antrea-windows/Chart.yaml new file mode 100644 index 00000000000..56fa047a87d --- /dev/null +++ b/build/charts/antrea-windows/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: antrea-windows +type: application +displayName: Antrea +home: https://antrea.io/ +version: 0.0.0 +appVersion: latest +kubeVersion: ">= 1.16.0-0" +icon: https://raw.githubusercontent.com/antrea-io/antrea/main/docs/assets/logo/antrea_logo.svg +description: Kubernetes networking based on Open vSwitch +keywords: + - Kubernetes + - CNCF + - Networking + - CNI + - Security + - Open vSwitch + - OVS +sources: + - https://github.com/antrea-io/antrea +annotations: + artifacthub.io/license: Apache-2.0 + artifacthub.io/operator: "false" + artifacthub.io/prerelease: "false" diff --git a/build/yamls/windows/containerd/conf/Install-WindowsCNI-Containerd.ps1 b/build/charts/antrea-windows/conf/Install-WindowsCNI-Containerd.ps1 similarity index 100% rename from build/yamls/windows/containerd/conf/Install-WindowsCNI-Containerd.ps1 rename to build/charts/antrea-windows/conf/Install-WindowsCNI-Containerd.ps1 diff --git a/build/yamls/windows/containerd/conf/Run-AntreaAgent-Containerd.ps1 b/build/charts/antrea-windows/conf/Run-AntreaAgent-Containerd.ps1 similarity index 100% rename from build/yamls/windows/containerd/conf/Run-AntreaAgent-Containerd.ps1 rename to build/charts/antrea-windows/conf/Run-AntreaAgent-Containerd.ps1 diff --git a/build/yamls/windows/base/conf/antrea-agent.conf b/build/charts/antrea-windows/conf/antrea-agent.conf similarity index 100% rename from build/yamls/windows/base/conf/antrea-agent.conf rename to build/charts/antrea-windows/conf/antrea-agent.conf diff --git a/build/yamls/windows/base/conf/antrea-cni.conflist b/build/charts/antrea-windows/conf/antrea-cni.conflist similarity index 100% rename from build/yamls/windows/base/conf/antrea-cni.conflist rename to build/charts/antrea-windows/conf/antrea-cni.conflist diff --git a/build/yamls/windows/containerd-with-ovs/conf/Run-AntreaOVS-Containerd.ps1 b/build/charts/antrea-windows/conf/ovs/Run-AntreaOVS-Containerd.ps1 similarity index 100% rename from build/yamls/windows/containerd-with-ovs/conf/Run-AntreaOVS-Containerd.ps1 rename to build/charts/antrea-windows/conf/ovs/Run-AntreaOVS-Containerd.ps1 diff --git a/build/yamls/windows/containerd-with-ovs/conf/VMSwitchExtension-AntreaAgent-Containerd.ps1 b/build/charts/antrea-windows/conf/ovs/VMSwitchExtension-AntreaAgent-Containerd.ps1 similarity index 100% rename from build/yamls/windows/containerd-with-ovs/conf/VMSwitchExtension-AntreaAgent-Containerd.ps1 rename to build/charts/antrea-windows/conf/ovs/VMSwitchExtension-AntreaAgent-Containerd.ps1 diff --git a/build/charts/antrea-windows/templates/agent.yaml b/build/charts/antrea-windows/templates/agent.yaml new file mode 100644 index 00000000000..efc845f701b --- /dev/null +++ b/build/charts/antrea-windows/templates/agent.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +data: + {{- tpl ((.Files.Glob "conf/*.ps1").AsConfig) . | nindent 2 }} + {{- if .Values.includeOVS }} + {{- tpl ((.Files.Glob "conf/ovs/*.ps1").AsConfig) . | nindent 2 }} + {{- end }} +kind: ConfigMap +metadata: + labels: + app: antrea + name: antrea-agent-windows + namespace: kube-system \ No newline at end of file diff --git a/build/charts/antrea-windows/templates/configmap.yaml b/build/charts/antrea-windows/templates/configmap.yaml new file mode 100644 index 00000000000..384740ac618 --- /dev/null +++ b/build/charts/antrea-windows/templates/configmap.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + {{- tpl ((.Files.Glob "conf/*.conf*").AsConfig) . | nindent 2 }} +kind: ConfigMap +metadata: + labels: + app: antrea + name: antrea-windows-config + namespace: kube-system \ No newline at end of file diff --git a/build/yamls/windows/containerd/agent-containerd.yml b/build/charts/antrea-windows/templates/daemonset.yaml similarity index 54% rename from build/yamls/windows/containerd/agent-containerd.yml rename to build/charts/antrea-windows/templates/daemonset.yaml index 059613768d2..024646aa6f7 100644 --- a/build/yamls/windows/containerd/agent-containerd.yml +++ b/build/charts/antrea-windows/templates/daemonset.yaml @@ -2,25 +2,25 @@ apiVersion: apps/v1 kind: DaemonSet metadata: labels: + app: antrea component: antrea-agent name: antrea-agent-windows + namespace: kube-system spec: selector: matchLabels: + app: antrea component: antrea-agent template: metadata: annotations: - "microsoft.com/hostprocess-inherit-user": "true" - checksum/windows-config: windows-config-checksum-placeholder checksum/agent-windows: agent-windows-checksum-placeholder + checksum/windows-config: windows-config-checksum-placeholder + microsoft.com/hostprocess-inherit-user: "true" labels: + app: antrea component: antrea-agent spec: - securityContext: - windowsOptions: - runAsUserName: "NT AUTHORITY\\SYSTEM" - hostProcess: true containers: - args: - -file @@ -40,7 +40,31 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - image: antrea-windows + {{- if .Values.release }} + image: {{ .Values.Image.repository }}:{{ .Values.Image.tag }} + {{- else }} + image: antrea/antrea-windows:latest + imagePullPolicy: IfNotPresent + {{- end}} + {{- if .Values.includeOVS }} + lifecycle: + postStart: + exec: + command: + - powershell + - -file + - $env:CONTAINER_SANDBOX_MOUNT_POINT/var/lib/antrea-windows/VMSwitchExtension-AntreaAgent-Containerd.ps1 + - -VMSwitchExtension + - enable + preStop: + exec: + command: + - powershell + - -file + - $env:CONTAINER_SANDBOX_MOUNT_POINT/var/lib/antrea-windows/VMSwitchExtension-AntreaAgent-Containerd.ps1 + - -VMSwitchExtension + - disable + {{- end}} name: antrea-agent volumeMounts: - mountPath: /etc/antrea @@ -49,6 +73,26 @@ spec: name: antrea-agent-windows - mountPath: /var/log/antrea/ name: var-log-antrea + {{- if .Values.includeOVS }} + - args: + - -file + - $env:CONTAINER_SANDBOX_MOUNT_POINT/var/lib/antrea-windows/Run-AntreaOVS-Containerd.ps1 + command: + - powershell + {{- if .Values.release }} + image: {{ .Values.Image.repository }}:{{ .Values.Image.tag }} + {{- else }} + image: antrea/antrea-windows:latest + {{- end}} + imagePullPolicy: IfNotPresent + name: antrea-ovs + volumeMounts: + - mountPath: /var/lib/antrea-windows + name: antrea-agent-windows + - mountPath: /var/log/openvswitch + name: var-log-antrea + subPath: openvswitch + {{- end}} hostNetwork: true initContainers: - args: @@ -56,7 +100,12 @@ spec: - $env:CONTAINER_SANDBOX_MOUNT_POINT/var/lib/antrea-windows/Install-WindowsCNI-Containerd.ps1 command: - powershell - image: antrea-windows + {{- if .Values.release }} + image: {{ .Values.Image.repository }}:{{ .Values.Image.tag }} + {{- else }} + image: antrea/antrea-windows:latest + imagePullPolicy: IfNotPresent + {{- end}} name: install-cni volumeMounts: - mountPath: /etc/antrea @@ -67,6 +116,10 @@ spec: nodeSelector: kubernetes.io/os: windows priorityClassName: system-node-critical + securityContext: + windowsOptions: + hostProcess: true + runAsUserName: NT AUTHORITY\SYSTEM serviceAccountName: antrea-agent tolerations: - key: CriticalAddonsOnly @@ -86,4 +139,4 @@ spec: type: DirectoryOrCreate name: var-log-antrea updateStrategy: - type: RollingUpdate + type: RollingUpdate \ No newline at end of file diff --git a/build/yamls/antrea-windows-with-ovs.yml b/build/yamls/antrea-windows-with-ovs.yml index ffc1e1bb0dd..1b6934595dc 100644 --- a/build/yamls/antrea-windows-with-ovs.yml +++ b/build/yamls/antrea-windows-with-ovs.yml @@ -1,3 +1,5 @@ +--- +# Source: antrea-windows/templates/agent.yaml apiVersion: v1 data: Install-WindowsCNI-Containerd.ps1: | @@ -5,29 +7,29 @@ data: mkdir -force c:/var/log/antrea $mountPath = $env:CONTAINER_SANDBOX_MOUNT_POINT $mountPath = ($mountPath.Replace('\', '/')).TrimEnd('/') - + # From containerd version 1.7 onwards, the servcieaccount directory, the ca.cert and token files will automatically be created. $serviceAccountPath = "C:\var\run\secrets\kubernetes.io\serviceaccount" if (-Not $(Test-Path $serviceAccountPath)) { mkdir -force $serviceAccountPath } - + $localTokenFile = "$serviceAccountPath/token" $localCAFile="$serviceAccountPath/ca.crt" - + $tokenPath = "$mountPath/var/run/secrets/kubernetes.io/serviceaccount/token" $caPath = "$mountPath/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" - + # Check if the local token file is not present or its content is different if (-Not (Test-Path $localTokenFile) -or (Get-Content -Raw $localTokenFile) -ne (Get-Content -Raw $tokenPath)) { Copy-Item -Path $tokenPath -Destination $localTokenFile -Force } - + # Check if the local ca.crt file is not present or its content is different if (-Not (Test-Path $localCAFile) -or (Get-Content -Raw $localCAFile) -ne (Get-Content -Raw $caPath)) { Copy-Item -Path $caPath -Destination $localCAFile -Force } - + mkdir -force c:/opt/cni/bin/ mkdir -force c:/etc/cni/net.d/ cp $mountPath/k/antrea/cni/* c:/opt/cni/bin/ @@ -46,14 +48,14 @@ data: $mountPath = ($mountPath.Replace('\', '/')).TrimEnd('/') $env:PATH = $env:PATH + ";$mountPath/Windows/System32;$mountPath/openvswitch/usr/bin;$mountPath/openvswitch/usr/sbin" $OVSDriverDir="$mountPath\openvswitch\driver" - + # Check if OVSExt driver is already installed $driverStatus = netcfg -q ovsext if ($driverStatus -like '*not installed*') { # Install OVS Driver netcfg -l $OVSDriverDir/ovsext.inf -c s -i OVSExt } - + # Configure OVS processes $OVS_DB_SCHEMA_PATH = "$mountPath/openvswitch/usr/share/openvswitch/vswitch.ovsschema" $OVS_DB_PATH = "C:\openvswitch\etc\openvswitch\conf.db" @@ -67,13 +69,13 @@ data: } ovsdb-server $OVS_DB_PATH -vfile:info --remote=punix:db.sock --log-file=/var/log/antrea/openvswitch/ovsdb-server.log --pidfile --detach ovs-vsctl --no-wait init - + # Set OVS version. $OVS_VERSION=$(Get-Item $OVSDriverDir\OVSExt.sys).VersionInfo.ProductVersion ovs-vsctl --no-wait set Open_vSwitch . ovs_version=$OVS_VERSION - + ovs-vswitchd --log-file=/var/log/antrea/openvswitch/ovs-vswitchd.log --pidfile -vfile:info --detach - + $SleepInterval = 30 Write-Host "Started the loop that checks OVS status every $SleepInterval seconds" while ($true) { @@ -111,6 +113,7 @@ metadata: name: antrea-agent-windows namespace: kube-system --- +# Source: antrea-windows/templates/configmap.yaml apiVersion: v1 data: antrea-agent.conf: | @@ -121,48 +124,48 @@ data: # Service traffic. Note that this feature gate is deprecated since this feature was # promoted to GA in v1.14. # AntreaProxy: true - + # Enable NodePortLocal feature to make the Pods reachable externally through NodePort # NodePortLocal: true - + # Enable flowexporter which exports polled conntrack connections as IPFIX flow records from each agent to a configured collector. # FlowExporter: false - + # Name of the OpenVSwitch bridge antrea-agent will create and use. # Make sure it doesn't conflict with your existing OpenVSwitch bridges. #ovsBridge: br-int - + # Name of the interface antrea-agent will create and use for host <--> pod communication. # Make sure it doesn't conflict with your existing interfaces. #hostGateway: antrea-gw0 - + # Encapsulation mode for communication between Pods across Nodes, supported values: # - geneve (default) # - vxlan # - stt #tunnelType: geneve - + # TunnelPort is the destination port for UDP and TCP based tunnel protocols # (Geneve, VXLAN, and STT). If zero, it will use the assigned IANA port for the # protocol, i.e. 6081 for Geneve, 4789 for VXLAN, and 7471 for STT. #tunnelPort: 0 - + # Default MTU to use for the host gateway interface and the network interface of each Pod. # If omitted, antrea-agent will discover the MTU of the Node's primary interface and # also adjust MTU to accommodate for tunnel encapsulation overhead. #defaultMTU: 1450 - + # ClusterIP CIDR range for Services. It's required when AntreaProxy is not enabled, and should be # set to the same value as the one specified by --service-cluster-ip-range for kube-apiserver. When # AntreaProxy is enabled, this parameter is not needed and will be ignored if provided. #serviceCIDR: 10.96.0.0/12 - + # The port for the antrea-agent APIServer to serve on. #apiPort: 10350 - + # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener. #enablePrometheusMetrics: true - + # Provide the IPFIX collector address as a string with format :[][:]. # HOST can either be the DNS name, IP, or Service name of the Flow Collector. If # using an IP, it can be either IPv4 or IPv6. However, IPv6 address should be @@ -175,29 +178,29 @@ data: # "udp" protocols. "tls" is used for securing communication between flow exporter and # flow aggregator. #flowCollectorAddr: "flow-aggregator/flow-aggregator:4739:tls" - + # Provide flow poll interval as a duration string. This determines how often the # flow exporter dumps connections from the conntrack module. Flow poll interval # should be greater than or equal to 1s (one second). # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". #flowPollInterval: "5s" - + # Provide the active flow export timeout, which is the timeout after which a flow # record is sent to the collector for active flows. Thus, for flows with a continuous # stream of packets, a flow record will be exported to the collector once the elapsed # time since the last export event is equal to the value of this timeout. # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". #activeFlowExportTimeout: "30s" - + # Provide the idle flow export timeout, which is the timeout after which a flow # record is sent to the collector for idle flows. A flow is considered idle if no # packet matching this flow has been observed since the last export event. # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". #idleFlowExportTimeout: "15s" - + # Enable TLS communication from flow exporter to flow aggregator. #enableTLSToFlowAggregator: true - + # Determines how traffic is encapsulated. It has the following options: # encap(default): Inter-node Pod traffic is always encapsulated and Pod to external network # traffic is SNAT'd. @@ -207,7 +210,7 @@ data: # hybrid: noEncap if source and destination Nodes are on the same subnet, otherwise encap. # #trafficEncapMode: encap - + # The name of the interface on Node which is used for tunneling or routing the traffic across Nodes. # If there are multiple IP addresses configured on the interface, the first one is used. The IP # address used for tunneling or routing traffic to remote Nodes is decided in the following order of @@ -216,7 +219,7 @@ data: # 2. transportInterfaceCIDRs # 3. The Node IP #transportInterface: - + # The network CIDRs of the interface on Node which is used for tunneling or routing the traffic across # Nodes. If there are multiple interfaces configured the same network CIDR, the first one is used. The # IP address used for tunneling or routing traffic to remote Nodes is decided in the following order of @@ -225,11 +228,11 @@ data: # 2. transportInterfaceCIDRs # 3. The Node IP #transportInterfaceCIDRs: [,] - + # Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig. # Defaults to "". It must be a host string, a host:port pair, or a URL to the base of the apiserver. #kubeAPIServerOverride: "" - + # Option antreaProxy contains AntreaProxy related configuration options. antreaProxy: # To disable AntreaProxy, set this to false. It should be enabled on Windows, otherwise NetworkPolicy will @@ -245,7 +248,7 @@ data: # then AntreaProxy will only handle Services without the "service.kubernetes.io/service-proxy-name" label, # but ignore Services with the label no matter what is the value. serviceProxyName: "" - + nodePortLocal: # Enable NodePortLocal, a feature used to make Pods reachable using port forwarding on the host. To # enable this feature, you need to set "enable" to true, and ensure that the NodePortLocal feature @@ -277,6 +280,7 @@ metadata: name: antrea-windows-config namespace: kube-system --- +# Source: antrea-windows/templates/daemonset.yaml apiVersion: apps/v1 kind: DaemonSet metadata: @@ -293,8 +297,8 @@ spec: template: metadata: annotations: - checksum/agent-windows: bb43d8d5840ffd71ff946d44052fefc5bd88ca5ad58ac5048d85a5cf26a7ef13 - checksum/windows-config: 6ff4f8bd0b310ebe4d4612bdd9697ffb3d79e0e0eab3936420417dd5a8fc128d + checksum/agent-windows: agent-windows-checksum-placeholder + checksum/windows-config: windows-config-checksum-placeholder microsoft.com/hostprocess-inherit-user: "true" labels: app: antrea diff --git a/build/yamls/antrea-windows.yml b/build/yamls/antrea-windows.yml index d39bf7cb17c..7e6bfa6735e 100644 --- a/build/yamls/antrea-windows.yml +++ b/build/yamls/antrea-windows.yml @@ -1,3 +1,5 @@ +--- +# Source: antrea-windows/templates/agent.yaml apiVersion: v1 data: Install-WindowsCNI-Containerd.ps1: | @@ -5,29 +7,29 @@ data: mkdir -force c:/var/log/antrea $mountPath = $env:CONTAINER_SANDBOX_MOUNT_POINT $mountPath = ($mountPath.Replace('\', '/')).TrimEnd('/') - + # From containerd version 1.7 onwards, the servcieaccount directory, the ca.cert and token files will automatically be created. $serviceAccountPath = "C:\var\run\secrets\kubernetes.io\serviceaccount" if (-Not $(Test-Path $serviceAccountPath)) { mkdir -force $serviceAccountPath } - + $localTokenFile = "$serviceAccountPath/token" $localCAFile="$serviceAccountPath/ca.crt" - + $tokenPath = "$mountPath/var/run/secrets/kubernetes.io/serviceaccount/token" $caPath = "$mountPath/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" - + # Check if the local token file is not present or its content is different if (-Not (Test-Path $localTokenFile) -or (Get-Content -Raw $localTokenFile) -ne (Get-Content -Raw $tokenPath)) { Copy-Item -Path $tokenPath -Destination $localTokenFile -Force } - + # Check if the local ca.crt file is not present or its content is different if (-Not (Test-Path $localCAFile) -or (Get-Content -Raw $localCAFile) -ne (Get-Content -Raw $caPath)) { Copy-Item -Path $caPath -Destination $localCAFile -Force } - + mkdir -force c:/opt/cni/bin/ mkdir -force c:/etc/cni/net.d/ cp $mountPath/k/antrea/cni/* c:/opt/cni/bin/ @@ -47,6 +49,7 @@ metadata: name: antrea-agent-windows namespace: kube-system --- +# Source: antrea-windows/templates/configmap.yaml apiVersion: v1 data: antrea-agent.conf: | @@ -57,48 +60,48 @@ data: # Service traffic. Note that this feature gate is deprecated since this feature was # promoted to GA in v1.14. # AntreaProxy: true - + # Enable NodePortLocal feature to make the Pods reachable externally through NodePort # NodePortLocal: true - + # Enable flowexporter which exports polled conntrack connections as IPFIX flow records from each agent to a configured collector. # FlowExporter: false - + # Name of the OpenVSwitch bridge antrea-agent will create and use. # Make sure it doesn't conflict with your existing OpenVSwitch bridges. #ovsBridge: br-int - + # Name of the interface antrea-agent will create and use for host <--> pod communication. # Make sure it doesn't conflict with your existing interfaces. #hostGateway: antrea-gw0 - + # Encapsulation mode for communication between Pods across Nodes, supported values: # - geneve (default) # - vxlan # - stt #tunnelType: geneve - + # TunnelPort is the destination port for UDP and TCP based tunnel protocols # (Geneve, VXLAN, and STT). If zero, it will use the assigned IANA port for the # protocol, i.e. 6081 for Geneve, 4789 for VXLAN, and 7471 for STT. #tunnelPort: 0 - + # Default MTU to use for the host gateway interface and the network interface of each Pod. # If omitted, antrea-agent will discover the MTU of the Node's primary interface and # also adjust MTU to accommodate for tunnel encapsulation overhead. #defaultMTU: 1450 - + # ClusterIP CIDR range for Services. It's required when AntreaProxy is not enabled, and should be # set to the same value as the one specified by --service-cluster-ip-range for kube-apiserver. When # AntreaProxy is enabled, this parameter is not needed and will be ignored if provided. #serviceCIDR: 10.96.0.0/12 - + # The port for the antrea-agent APIServer to serve on. #apiPort: 10350 - + # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener. #enablePrometheusMetrics: true - + # Provide the IPFIX collector address as a string with format :[][:]. # HOST can either be the DNS name, IP, or Service name of the Flow Collector. If # using an IP, it can be either IPv4 or IPv6. However, IPv6 address should be @@ -111,29 +114,29 @@ data: # "udp" protocols. "tls" is used for securing communication between flow exporter and # flow aggregator. #flowCollectorAddr: "flow-aggregator/flow-aggregator:4739:tls" - + # Provide flow poll interval as a duration string. This determines how often the # flow exporter dumps connections from the conntrack module. Flow poll interval # should be greater than or equal to 1s (one second). # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". #flowPollInterval: "5s" - + # Provide the active flow export timeout, which is the timeout after which a flow # record is sent to the collector for active flows. Thus, for flows with a continuous # stream of packets, a flow record will be exported to the collector once the elapsed # time since the last export event is equal to the value of this timeout. # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". #activeFlowExportTimeout: "30s" - + # Provide the idle flow export timeout, which is the timeout after which a flow # record is sent to the collector for idle flows. A flow is considered idle if no # packet matching this flow has been observed since the last export event. # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". #idleFlowExportTimeout: "15s" - + # Enable TLS communication from flow exporter to flow aggregator. #enableTLSToFlowAggregator: true - + # Determines how traffic is encapsulated. It has the following options: # encap(default): Inter-node Pod traffic is always encapsulated and Pod to external network # traffic is SNAT'd. @@ -143,7 +146,7 @@ data: # hybrid: noEncap if source and destination Nodes are on the same subnet, otherwise encap. # #trafficEncapMode: encap - + # The name of the interface on Node which is used for tunneling or routing the traffic across Nodes. # If there are multiple IP addresses configured on the interface, the first one is used. The IP # address used for tunneling or routing traffic to remote Nodes is decided in the following order of @@ -152,7 +155,7 @@ data: # 2. transportInterfaceCIDRs # 3. The Node IP #transportInterface: - + # The network CIDRs of the interface on Node which is used for tunneling or routing the traffic across # Nodes. If there are multiple interfaces configured the same network CIDR, the first one is used. The # IP address used for tunneling or routing traffic to remote Nodes is decided in the following order of @@ -161,11 +164,11 @@ data: # 2. transportInterfaceCIDRs # 3. The Node IP #transportInterfaceCIDRs: [,] - + # Provide the address of Kubernetes apiserver, to override any value provided in kubeconfig or InClusterConfig. # Defaults to "". It must be a host string, a host:port pair, or a URL to the base of the apiserver. #kubeAPIServerOverride: "" - + # Option antreaProxy contains AntreaProxy related configuration options. antreaProxy: # To disable AntreaProxy, set this to false. It should be enabled on Windows, otherwise NetworkPolicy will @@ -181,7 +184,7 @@ data: # then AntreaProxy will only handle Services without the "service.kubernetes.io/service-proxy-name" label, # but ignore Services with the label no matter what is the value. serviceProxyName: "" - + nodePortLocal: # Enable NodePortLocal, a feature used to make Pods reachable using port forwarding on the host. To # enable this feature, you need to set "enable" to true, and ensure that the NodePortLocal feature @@ -213,6 +216,7 @@ metadata: name: antrea-windows-config namespace: kube-system --- +# Source: antrea-windows/templates/daemonset.yaml apiVersion: apps/v1 kind: DaemonSet metadata: @@ -229,8 +233,8 @@ spec: template: metadata: annotations: - checksum/agent-windows: 542068477bbe94774e38a839710706f2d0705ecc7f1ab9aa1a1cf3e46eb73afb - checksum/windows-config: 6ff4f8bd0b310ebe4d4612bdd9697ffb3d79e0e0eab3936420417dd5a8fc128d + checksum/agent-windows: agent-windows-checksum-placeholder + checksum/windows-config: windows-config-checksum-placeholder microsoft.com/hostprocess-inherit-user: "true" labels: app: antrea diff --git a/build/yamls/windows/base/kustomization.yml b/build/yamls/windows/base/kustomization.yml deleted file mode 100644 index dafaaa672d7..00000000000 --- a/build/yamls/windows/base/kustomization.yml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -configMapGenerator: -- files: - - conf/antrea-agent.conf - - conf/antrea-cni.conflist - name: antrea-windows-config -generatorOptions: - disableNameSuffixHash: true diff --git a/build/yamls/windows/containerd-with-ovs/containerd-with-ovs.yml b/build/yamls/windows/containerd-with-ovs/containerd-with-ovs.yml deleted file mode 100644 index d4df7b9a5fa..00000000000 --- a/build/yamls/windows/containerd-with-ovs/containerd-with-ovs.yml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: antrea-agent-windows -spec: - template: - spec: - containers: - - name: antrea-agent - lifecycle: - preStop: - exec: - command: ["powershell", "-file", "$env:CONTAINER_SANDBOX_MOUNT_POINT/var/lib/antrea-windows/VMSwitchExtension-AntreaAgent-Containerd.ps1", "-VMSwitchExtension", "disable"] - postStart: - exec: - command: ["powershell", "-file", "$env:CONTAINER_SANDBOX_MOUNT_POINT/var/lib/antrea-windows/VMSwitchExtension-AntreaAgent-Containerd.ps1", "-VMSwitchExtension", "enable"] - - name: antrea-ovs - image: antrea-windows - imagePullPolicy: IfNotPresent - args: - - -file - - $env:CONTAINER_SANDBOX_MOUNT_POINT/var/lib/antrea-windows/Run-AntreaOVS-Containerd.ps1 - command: - - powershell - volumeMounts: - - mountPath: /var/lib/antrea-windows - name: antrea-agent-windows - - mountPath: /var/log/openvswitch - name: var-log-antrea - subPath: openvswitch diff --git a/build/yamls/windows/containerd-with-ovs/kustomization.yml b/build/yamls/windows/containerd-with-ovs/kustomization.yml deleted file mode 100644 index 6326ee0dd0d..00000000000 --- a/build/yamls/windows/containerd-with-ovs/kustomization.yml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- ../containerd -patchesStrategicMerge: -- containerd-with-ovs.yml -commonLabels: - app: antrea -configMapGenerator: -- files: - - conf/Run-AntreaOVS-Containerd.ps1 - - conf/VMSwitchExtension-AntreaAgent-Containerd.ps1 - name: antrea-agent-windows - namespace: kube-system - behavior: merge -generatorOptions: - disableNameSuffixHash: true diff --git a/build/yamls/windows/containerd/kustomization.yml b/build/yamls/windows/containerd/kustomization.yml deleted file mode 100644 index fb652de2f60..00000000000 --- a/build/yamls/windows/containerd/kustomization.yml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- agent-containerd.yml -- ../base -namespace: kube-system -commonLabels: - app: antrea -configMapGenerator: -- files: - - conf/Run-AntreaAgent-Containerd.ps1 - - conf/Install-WindowsCNI-Containerd.ps1 - name: antrea-agent-windows -generatorOptions: - disableNameSuffixHash: true diff --git a/build/yamls/windows/patches/dev/imagePullPolicy.yml b/build/yamls/windows/patches/dev/imagePullPolicy.yml deleted file mode 100644 index 85705b69317..00000000000 --- a/build/yamls/windows/patches/dev/imagePullPolicy.yml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: antrea-agent-windows -spec: - template: - spec: - containers: - - name: antrea-agent - imagePullPolicy: IfNotPresent - initContainers: - - name: install-cni - imagePullPolicy: IfNotPresent diff --git a/build/yamls/windows/patches/release/.gitignore b/build/yamls/windows/patches/release/.gitignore deleted file mode 100644 index fdffa2a0fd7..00000000000 --- a/build/yamls/windows/patches/release/.gitignore +++ /dev/null @@ -1 +0,0 @@ -# placeholder diff --git a/hack/generate-manifest-windows.sh b/hack/generate-manifest-windows.sh index e6e13d600a3..2b54e7e774e 100755 --- a/hack/generate-manifest-windows.sh +++ b/hack/generate-manifest-windows.sh @@ -23,17 +23,16 @@ function echoerr { _usage="Usage: $0 [--mode (dev|release)] [--keep] [--help|-h] Generate a YAML manifest to run Antrea on Windows Nodes, using Kustomize, and print it to stdout. --mode (dev|release) Choose the configuration variant that you need (default is 'dev') - --keep Debug flag which will preserve the generated kustomization.yml --help, -h Print this message and exit --include-ovs Run Windows OVS processes inside antrea-ovs container in antrea-agent pod on Windows host with containerd runtime. In 'release' mode, environment variables IMG_NAME and IMG_TAG must be set. -This tool uses kustomize (https://github.com/kubernetes-sigs/kustomize) to generate manifests for -running Antrea on Windows Nodes. You can set the KUSTOMIZE environment variable to the path of the -kustomize binary you want us to use. Otherwise we will look for kustomize in your PATH and your -GOPATH. If we cannot find kustomize there, we will try to install it." +This tool uses Helm 3 (https://helm.sh/) to generate manifests for Antrea. You can set the HELM +environment variable to the path of the helm binary you want us to use. Otherwise we will download +the appropriate version of the helm binary and use it (this is the recommended approach since +different versions of helm may create different output YAMLs)." function print_usage { echoerr "$_usage" @@ -44,8 +43,8 @@ function print_help { } MODE="dev" -KEEP=false INCLUDE_OVS=false +HELM_VALUES=() while [[ $# -gt 0 ]] do @@ -95,49 +94,38 @@ fi THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" -source $THIS_DIR/verify-kustomize.sh +source $THIS_DIR/verify-helm.sh -if [ -z "$KUSTOMIZE" ]; then - KUSTOMIZE="$(verify_kustomize)" -elif ! $KUSTOMIZE version > /dev/null 2>&1; then - echoerr "$KUSTOMIZE does not appear to be a valid kustomize binary" +if [ -z "$HELM" ]; then + HELM="$(verify_helm)" +elif ! $HELM version > /dev/null 2>&1; then + echoerr "$HELM does not appear to be a valid helm binary" print_help exit 1 fi -KUSTOMIZATION_DIR=$THIS_DIR/../build/yamls/windows +TMP_DIR=$(mktemp -d $THIS_DIR/../build/yamls/chart-values.XXXXXXXX) -TMP_DIR=$(mktemp -d $KUSTOMIZATION_DIR/overlays.XXXXXXXX) - -pushd $TMP_DIR > /dev/null - -BASE=../../containerd if $INCLUDE_OVS; then - BASE=../../containerd-with-ovs + HELM_VALUES+=("includeOVS=true") fi -mkdir $MODE && cd $MODE -touch kustomization.yml -# ../../patches/$MODE may be empty so we use find and not simply cp -find ../../patches/$MODE -name \*.yml -exec cp {} . \; - -$KUSTOMIZE edit add base $BASE - -if [ "$MODE" == "dev" ]; then - $KUSTOMIZE edit set image antrea-windows=antrea/antrea-windows:latest - $KUSTOMIZE edit add patch --path imagePullPolicy.yml +if [ "$MODE" == "release" ]; then +HELM_VALUES+=("release=true" "Image.repository=$IMG_NAME" "Image.tag=$IMG_TAG") fi -if [ "$MODE" == "release" ]; then - $KUSTOMIZE edit set image antrea-windows=$IMG_NAME:$IMG_TAG +delim="" +HELM_VALUES_OPTION="" +for v in "${HELM_VALUES[@]}"; do + HELM_VALUES_OPTION="$HELM_VALUES_OPTION$delim$v" + delim="," +done +if [ "$HELM_VALUES_OPTION" != "" ]; then + HELM_VALUES_OPTION="--set $HELM_VALUES_OPTION" fi -$KUSTOMIZE build +ANTREA_CHART="$THIS_DIR/../build/charts/antrea-windows" -popd > /dev/null +$HELM template $HELM_VALUES_OPTION "$ANTREA_CHART" -if $KEEP; then - echoerr "Kustomization file is at $TMP_DIR/$MODE/kustomization.yml" -else - rm -rf $TMP_DIR -fi +rm -rf $TMP_DIR diff --git a/hack/update-checksum-windows.sh b/hack/update-checksum-windows.sh deleted file mode 100755 index 66f52b2d4d4..00000000000 --- a/hack/update-checksum-windows.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/usr/bin/env bash - -# Copyright 2023 Antrea Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -eo pipefail - -WORK_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" -YAMLS_DIR="${WORK_DIR}"/../build/yamls -MANIFESTS=$(ls $YAMLS_DIR/antrea-windows*.yml) -WINDOWS_DIR="${YAMLS_DIR}"/windows -BASE_CONF_FILES="${WINDOWS_DIR}/base/conf/antrea-agent.conf ${WINDOWS_DIR}/base/conf/antrea-cni.conflist" -CONTAINERD_CONF_FILES="${WINDOWS_DIR}/containerd/conf/Install-WindowsCNI-Containerd.ps1 \ - ${WINDOWS_DIR}/containerd/conf/Run-AntreaAgent-Containerd.ps1" -CONTAINERD_WITH_OVS_CONF_FILES="${WINDOWS_DIR}/containerd-with-ovs/conf/Run-AntreaOVS-Containerd.ps1 \ - ${WINDOWS_DIR}/containerd-with-ovs/conf/VMSwitchExtension-AntreaAgent-Containerd.ps1" - -checksum_windows_config=$(cat ${BASE_CONF_FILES} | sha256sum | cut -d " " -f 1) - -checksum_containerd=$( cat ${CONTAINERD_CONF_FILES} | sha256sum | cut -d " " -f 1) - -checksum_containerd_with_ovs=$(cat ${CONTAINERD_CONF_FILES} ${CONTAINERD_WITH_OVS_CONF_FILES} | sha256sum | cut -d " " -f 1) - -for file in ${MANIFESTS[@]}; do - sed -i.bak "s/windows-config-checksum-placeholder/${checksum_windows_config}/g" ${file} -done - -sed -i.bak "s/agent-windows-checksum-placeholder/${checksum_containerd}/g" ${YAMLS_DIR}/antrea-windows.yml -sed -i.bak "s/agent-windows-checksum-placeholder/${checksum_containerd_with_ovs}/g" ${YAMLS_DIR}/antrea-windows-with-ovs.yml