зеркало из https://github.com/Azure/aks-engine.git
feat: Antrea plugin support in AKS Engine (#2407)
* Antrea plugin support in AKS Engine * chore: clean up * chore: use ContainerImage * chore: generated code * refactor: Updating antrea yaml to 0.2.0 Co-authored-by: Jack Francis <jackfrancis@gmail.com>
This commit is contained in:
Родитель
362756c4b8
Коммит
02e3076a68
|
@ -645,6 +645,11 @@ func TestExampleAPIModels(t *testing.T) {
|
|||
apiModelPath: "../examples/networkpolicy/kubernetes-cilium.json",
|
||||
setArgs: defaultSet,
|
||||
},
|
||||
{
|
||||
name: "antrea network policy",
|
||||
apiModelPath: "../examples/networkpolicy/kubernetes-antrea.json",
|
||||
setArgs: defaultSet,
|
||||
},
|
||||
{
|
||||
name: "istio",
|
||||
apiModelPath: "../examples/service-mesh/istio.json",
|
||||
|
|
|
@ -61,8 +61,8 @@ $ aks-engine get-versions
|
|||
| kubeletConfig | no | Configure various runtime configuration for kubelet. See `kubeletConfig` [below](#feat-kubelet-config) |
|
||||
| kubernetesImageBase | no | Specifies the default image base URL (everything preceding the actual image filename) to be used for all kubernetes-related containers such as hyperkube, cloud-controller-manager, pause, addon-manager, heapster, exechealthz etc. e.g., `k8s.gcr.io/` |
|
||||
| loadBalancerSku | no | Sku of Load Balancer and Public IP. Candidate values are: `basic` and `standard`. If not set, it will be default to basic. Requires Kubernetes 1.11 or newer. NOTE: VMs behind standard SKU load balancer will not be able to access the internet without an outbound rule configured with at least one frontend IP. We have created a loadbalancer with an outbound rule and with agent nodes added to the backend pool, as described in the [Outbound NAT for internal Standard Load Balancer scenarios doc](https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-outbound-rules-overview#outbound-nat-for-internal-standard-load-balancer-scenarios) |
|
||||
| networkPlugin | no | Specifies the network plugin implementation for the cluster. Valid values are:<br>`"azure"` (default), which provides an Azure native networking experience <br>`"kubenet"` for k8s software networking implementation. <br> `"flannel"` for using CoreOS Flannel <br> `"cilium"` for using the default Cilium CNI IPAM (requires the `"cilium"` networkPolicy as well) |
|
||||
| networkPolicy | no | Specifies the network policy enforcement tool for the cluster (currently Linux-only). Valid values are:<br>`"calico"` for Calico network policy.<br>`"cilium"` for cilium network policy (uses the `"cilium"` networkPlugin exclusively), and `"azure"` (experimental) for Azure CNI-compliant network policy (note: Azure CNI-compliant network policy requires explicit `"networkPlugin": "azure"` configuration as well).<br>See [network policy examples](../../examples/networkpolicy) for more information. |
|
||||
| networkPlugin | no | Specifies the network plugin implementation for the cluster. Valid values are:<br>`"azure"` (default), which provides an Azure native networking experience <br>`"kubenet"` for k8s software networking implementation. <br> `"flannel"` for using CoreOS Flannel <br> `"cilium"` for using the default Cilium CNI IPAM (requires the `"cilium"` networkPolicy as well)<br> `"antrea"` for using the Antrea network plugin (requires the `"antrea"` networkPolicy as well) |
|
||||
| networkPolicy | no | Specifies the network policy enforcement tool for the cluster (currently Linux-only). Valid values are:<br>`"calico"` for Calico network policy.<br>`"cilium"` for cilium network policy (uses the `"cilium"` networkPlugin exclusively).<br> `"antrea"` for Antrea network policy (uses the `"antrea"` networkPlugin exclusively).<br> `"azure"` (experimental) for Azure CNI-compliant network policy (note: Azure CNI-compliant network policy requires explicit `"networkPlugin": "azure"` configuration as well).<br>See [network policy examples](../../examples/networkpolicy) for more information. |
|
||||
| privateCluster | no | Build a cluster without public addresses assigned. See `privateClusters` [below](#feat-private-cluster). |
|
||||
| schedulerConfig | no | Configure various runtime configuration for scheduler. See `schedulerConfig` [below](#feat-scheduler-config) |
|
||||
| serviceCidr | no | IP range for Service IPs, Default is "10.0.0.0/16". This range is never routed outside of a node so does not need to lie within clusterSubnet or the VNET |
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
|Managed Disks|Beta|`vlabs`|[kubernetes-vmas.json](../../examples/disks-managed/kubernetes-vmas.json)|[Description](#feat-managed-disks)|
|
||||
|Calico Network Policy|Alpha|`vlabs`|[kubernetes-calico.json](../../examples/networkpolicy/kubernetes-calico-azure.json)|[Description](#feat-calico)|
|
||||
|Cilium Network Policy|Alpha|`vlabs`|[kubernetes-cilium.json](../../examples/networkpolicy/kubernetes-cilium.json)|[Description](#feat-cilium)|
|
||||
|Antrea Network Policy|Alpha|`vlabs`|[kubernetes-antrea.json](../../examples/networkpolicy/kubernetes-antrea.json)|[Description](#feat-antrea)|
|
||||
|Custom VNET|Beta|`vlabs`|[kubernetesvnet-azure-cni.json](../../examples/vnet/kubernetesvnet-azure-cni.json)|[Description](#feat-custom-vnet)|
|
||||
|Kata Containers Runtime|Alpha|`vlabs`|[kubernetes-kata-containers.json](../../examples/kubernetes-kata-containers.json)|[Description](#feat-kata-containers)|
|
||||
|Private Cluster|Alpha|`vlabs`|[kubernetes-private-cluster.json](../../examples/kubernetes-config/kubernetes-private-cluster.json)|[Description](#feat-private-cluster)|
|
||||
|
@ -224,6 +225,39 @@ you can define stricter policies. Good resources to get information about that a
|
|||
- [NetworkPolicy Example Walkthrough](https://kubernetes.io/docs/getting-started-guides/network-policy/walkthrough/)
|
||||
- [Cilium Kubernetes](https://github.com/Azure/aks-engine/blob/master/examples/networkpolicy)
|
||||
|
||||
<a name="feat-antrea"></a>
|
||||
|
||||
## Network Policy Enforcement with Antrea
|
||||
|
||||
Using the default configuration, Kubernetes allows communication between all
|
||||
Pods within a cluster. To ensure that Pods can only be accessed by authorized
|
||||
Pods, a policy enforcement is needed. To enable policy enforcement using Antrea refer to the
|
||||
[cluster definitions](clusterdefinitions.md#kubernetesconfig)
|
||||
document under networkPolicy. There is also a reference cluster definition available
|
||||
[here](https://github.com/Azure/aks-engine/blob/master/examples/networkpolicy/kubernetes-antrea.json).
|
||||
|
||||
This will deploy single replica of Antrea controller and Antrea agent to every
|
||||
instance of the cluster using a Kubernetes DaemonSet. After a successful deployment
|
||||
you should be able to see these Pods running in your cluster:
|
||||
|
||||
```console
|
||||
kubectl get pods --namespace kube-system -l app=antrea -o wide
|
||||
NAME READY STATUS RESTARTS AGE IP NODE
|
||||
antrea-agent-67t9z 2/2 Running 1 7m38s 10.240.0.5 k8s-agentpool1-14956401-vmss000001
|
||||
antrea-agent-87nm2 2/2 Running 0 11m 10.240.0.4 k8s-agentpool1-14956401-vmss000000
|
||||
antrea-agent-fhbsg 2/2 Running 0 11m 10.240.0.6 k8s-agentpool1-14956401-vmss000002
|
||||
antrea-agent-jjhxt 2/2 Running 0 11m 10.240.255.5 k8s-master-14956401-0
|
||||
antrea-controller-685c8c6f64-zk4jh 1/1 Running 0 11m 10.240.0.4 k8s-agentpool1-14956401-vmss000000
|
||||
```
|
||||
|
||||
Per default Antrea still allows all communication within the cluster. Using Kubernetes' NetworkPolicy API,
|
||||
you can define stricter policies. Good resources to get information about that are:
|
||||
|
||||
- [Antrea Architecture Docs](https://github.com/vmware-tanzu/antrea/blob/master/docs/architecture.md)
|
||||
- [NetworkPolicy User Guide](https://kubernetes.io/docs/user-guide/networkpolicies/)
|
||||
- [NetworkPolicy Example Walkthrough](https://kubernetes.io/docs/getting-started-guides/network-policy/walkthrough/)
|
||||
- [Antrea Kubernetes](https://github.com/Azure/aks-engine/blob/master/examples/networkpolicy)
|
||||
|
||||
<a name="feat-custom-vnet"></a>
|
||||
|
||||
## Custom VNET
|
||||
|
|
|
@ -141,6 +141,7 @@ aks-engine generate --set agentPoolProfiles[0].count=5,agentPoolProfiles[1].name
|
|||
|
||||
* To enable the optional network policy enforcement using calico, you have to set the parameter during this step according to this [guide](../topics/features.md#optional-enable-network-policy-enforcement-using-calico)
|
||||
* To enable the optional network policy enforcement using cilium, you have to set the parameter during this step according to this [guide](../topics/features.md#optional-enable-network-policy-enforcement-using-cilium)
|
||||
* To enable the optional network policy enforcement using antrea, you have to set the parameter during this step according to this [guide](../topics/features.md#optional-enable-network-policy-enforcement-using-antrea)
|
||||
|
||||
**Note**: If the cluster is using an existing VNET please see the [Custom VNET](custom-vnet.md) feature documentation for additional steps that must be completed after cluster provisioning.
|
||||
|
||||
|
|
|
@ -228,6 +228,7 @@ aks-engine generate --set agentPoolProfiles[0].count=5,agentPoolProfiles[1].name
|
|||
|
||||
* To enable the optional network policy enforcement using calico, you have to set the parameter during this step according to this [guide](../topics/features.md#optional-enable-network-policy-enforcement-using-calico)
|
||||
* To enable the optional network policy enforcement using cilium, you have to set the parameter during this step according to this [guide](../topics/features.md#optional-enable-network-policy-enforcement-using-cilium)
|
||||
* To enable the optional network policy enforcement using antrea, you have to set the parameter during this step according to this [guide](../topics/features.md#optional-enable-network-policy-enforcement-using-antrea)
|
||||
|
||||
Now we can deploy the files `azuredeploy.json` and `azuredeploy.parameters.json` using either the Azure CLI or PowerShell.
|
||||
|
||||
|
|
|
@ -2,7 +2,10 @@
|
|||
"apiVersion": "vlabs",
|
||||
"properties": {
|
||||
"orchestratorProfile": {
|
||||
"orchestratorType": "Kubernetes"
|
||||
"orchestratorType": "Kubernetes",
|
||||
"kubernetesConfig": {
|
||||
"networkPolicy": "antrea"
|
||||
}
|
||||
},
|
||||
"masterProfile": {
|
||||
"count": 1,
|
||||
|
|
|
@ -1,11 +1,12 @@
|
|||
# AKS Engine - Network Plugin
|
||||
|
||||
There are 2 different Network Plugin options :
|
||||
There are 5 different Network Plugin options :
|
||||
|
||||
- Azure Container Networking (default)
|
||||
- Kubenet
|
||||
- Flannel (docs are //TODO)
|
||||
- Cilium (docs are //TODO)
|
||||
- Cilium (CNI IPAM implementation that pairs w/ cilium NetworkPolicy addon; only works w/ `"networkPolicy": "cilium"`)
|
||||
- Antrea (CNI IPAM implementation that pairs w/ antrea NetworkPolicy addon; only works w/ `"networkPolicy": "antrea"`)
|
||||
|
||||
## Azure Container Networking (default)
|
||||
|
||||
|
|
|
@ -1,9 +1,10 @@
|
|||
# AKS Engine - Network Policy
|
||||
|
||||
There are 2 different Network Policy options :
|
||||
There are 3 different Network Policy options :
|
||||
|
||||
- Calico
|
||||
- Cilium
|
||||
- Antrea
|
||||
|
||||
## Calico
|
||||
|
||||
|
@ -97,3 +98,20 @@ The kubernetes-cilium deployment template enables Cilium networking and policies
|
|||
Once the template has been successfully deployed, following the [deploy the demo application](http://cilium.readthedocs.io/en/latest/gettingstarted/minikube/#step-2-deploy-the-demo-application) tutorial will provide a good foundation for how to do L3/4 policy as well as more advanced Layer 7 inspection and routing. If you have [Istio](https://istio.io) you can try this [tutorial](http://cilium.readthedocs.io/en/latest/gettingstarted/istio/) where cilium is used to side by side with Istio to enforce security policies in a Kubernetes deployment.
|
||||
|
||||
For the latest documentation on Cilium (including BPF and XDP reference guides), please refer to [this](http://cilium.readthedocs.io/en/latest/)
|
||||
|
||||
## Antrea
|
||||
|
||||
The kubernetes-antrea deployment template enables Antrea networking and policies for the AKS Engine cluster via `"networkPolicy": "antrea"` or `"networkPlugin": "antrea"` being present inside the `kubernetesConfig`.
|
||||
|
||||
```json
|
||||
"properties": {
|
||||
"orchestratorProfile": {
|
||||
"orchestratorType": "Kubernetes",
|
||||
"kubernetesConfig": {
|
||||
"networkPolicy": "antrea"
|
||||
}
|
||||
```
|
||||
|
||||
### Post installation
|
||||
|
||||
For the latest documentation on Antrea, please refer to [this](https://github.com/vmware-tanzu/antrea).
|
||||
|
|
|
@ -0,0 +1,39 @@
|
|||
{
|
||||
"apiVersion": "vlabs",
|
||||
"properties": {
|
||||
"orchestratorProfile": {
|
||||
"orchestratorType": "Kubernetes",
|
||||
"orchestratorRelease": "1.13",
|
||||
"kubernetesConfig": {
|
||||
"networkPolicy": "antrea"
|
||||
}
|
||||
},
|
||||
"masterProfile": {
|
||||
"count": 1,
|
||||
"dnsPrefix": "",
|
||||
"vmSize": "Standard_D2_v3"
|
||||
},
|
||||
"agentPoolProfiles": [
|
||||
{
|
||||
"name": "agentpool1",
|
||||
"count": 3,
|
||||
"vmSize": "Standard_D2_v3",
|
||||
"availabilityProfile": "AvailabilitySet"
|
||||
}
|
||||
],
|
||||
"linuxProfile": {
|
||||
"adminUsername": "azureuser",
|
||||
"ssh": {
|
||||
"publicKeys": [
|
||||
{
|
||||
"keyData": ""
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"servicePrincipalProfile": {
|
||||
"clientId": "",
|
||||
"secret": ""
|
||||
}
|
||||
}
|
||||
}
|
|
@ -312,6 +312,11 @@ ensureKubelet() {
|
|||
sleep 3
|
||||
done
|
||||
{{end}}
|
||||
{{if HasAntreaNetworkPolicy}}
|
||||
while [ ! -f /etc/cni/net.d/10-antrea.conf ]; do
|
||||
sleep 3
|
||||
done
|
||||
{{end}}
|
||||
}
|
||||
|
||||
ensureLabelNodes() {
|
||||
|
|
|
@ -0,0 +1,502 @@
|
|||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
labels:
|
||||
app: antrea
|
||||
addonmanager.kubernetes.io/mode: "Reconcile"
|
||||
name: antreaagentinfos.clusterinformation.crd.antrea.io
|
||||
spec:
|
||||
group: clusterinformation.crd.antrea.io
|
||||
names:
|
||||
kind: AntreaAgentInfo
|
||||
plural: antreaagentinfos
|
||||
shortNames:
|
||||
- aai
|
||||
singular: antreaagentinfo
|
||||
scope: Cluster
|
||||
versions:
|
||||
- name: v1beta1
|
||||
served: true
|
||||
storage: true
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
labels:
|
||||
app: antrea
|
||||
addonmanager.kubernetes.io/mode: "Reconcile"
|
||||
name: antreacontrollerinfos.clusterinformation.crd.antrea.io
|
||||
spec:
|
||||
group: clusterinformation.crd.antrea.io
|
||||
names:
|
||||
kind: AntreaControllerInfo
|
||||
plural: antreacontrollerinfos
|
||||
shortNames:
|
||||
- aci
|
||||
singular: antreacontrollerinfo
|
||||
scope: Cluster
|
||||
versions:
|
||||
- name: v1beta1
|
||||
served: true
|
||||
storage: true
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
app: antrea
|
||||
addonmanager.kubernetes.io/mode: "Reconcile"
|
||||
name: antrea-agent
|
||||
namespace: kube-system
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
app: antrea
|
||||
addonmanager.kubernetes.io/mode: "Reconcile"
|
||||
name: antrea-controller
|
||||
namespace: kube-system
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
app: antrea
|
||||
addonmanager.kubernetes.io/mode: "Reconcile"
|
||||
name: antrea-agent
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- nodes
|
||||
- pods
|
||||
verbs:
|
||||
- get
|
||||
- watch
|
||||
- list
|
||||
- apiGroups:
|
||||
- clusterinformation.crd.antrea.io
|
||||
resources:
|
||||
- antreaagentinfos
|
||||
verbs:
|
||||
- get
|
||||
- create
|
||||
- update
|
||||
- delete
|
||||
- apiGroups:
|
||||
- networkpolicy.antrea.io
|
||||
resources:
|
||||
- networkpolicies
|
||||
- appliedtogroups
|
||||
- addressgroups
|
||||
verbs:
|
||||
- get
|
||||
- watch
|
||||
- list
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
app: antrea
|
||||
addonmanager.kubernetes.io/mode: "Reconcile"
|
||||
name: antrea-controller
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- nodes
|
||||
- pods
|
||||
- namespaces
|
||||
verbs:
|
||||
- get
|
||||
- watch
|
||||
- list
|
||||
- apiGroups:
|
||||
- networking.k8s.io
|
||||
resources:
|
||||
- networkpolicies
|
||||
verbs:
|
||||
- get
|
||||
- watch
|
||||
- list
|
||||
- apiGroups:
|
||||
- clusterinformation.crd.antrea.io
|
||||
resources:
|
||||
- antreacontrollerinfos
|
||||
verbs:
|
||||
- get
|
||||
- create
|
||||
- update
|
||||
- delete
|
||||
- apiGroups:
|
||||
- clusterinformation.crd.antrea.io
|
||||
resources:
|
||||
- antreaagentinfos
|
||||
verbs:
|
||||
- list
|
||||
- delete
|
||||
- apiGroups:
|
||||
- authentication.k8s.io
|
||||
resources:
|
||||
- tokenreviews
|
||||
verbs:
|
||||
- create
|
||||
- apiGroups:
|
||||
- authorization.k8s.io
|
||||
resources:
|
||||
- subjectaccessreviews
|
||||
verbs:
|
||||
- create
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
app: antrea
|
||||
addonmanager.kubernetes.io/mode: "Reconcile"
|
||||
name: antrea-controller-authentication-reader
|
||||
namespace: kube-system
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: extension-apiserver-authentication-reader
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: antrea-controller
|
||||
namespace: kube-system
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
app: antrea
|
||||
addonmanager.kubernetes.io/mode: "Reconcile"
|
||||
name: antrea-agent
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: antrea-agent
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: antrea-agent
|
||||
namespace: kube-system
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
app: antrea
|
||||
addonmanager.kubernetes.io/mode: "Reconcile"
|
||||
name: antrea-controller
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: antrea-controller
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: antrea-controller
|
||||
namespace: kube-system
|
||||
---
|
||||
apiVersion: v1
|
||||
data:
|
||||
antrea-agent.conf: |
|
||||
# Name of the OpenVSwitch bridge antrea-agent will create and use.
|
||||
# Make sure it doesn't conflict with your existing OpenVSwitch bridges.
|
||||
#ovsBridge: br-int
|
||||
|
||||
# Datapath type to use for the OpenVSwitch bridge created by Antrea. Supported values are:
|
||||
# - system
|
||||
# - netdev
|
||||
# 'system' is the default value and corresponds to the kernel datapath. Use 'netdev' to run
|
||||
# OVS in userspace mode. Userspace mode requires the tun device driver to be available.
|
||||
#ovsDatapathType: system
|
||||
|
||||
# Name of the interface antrea-agent will create and use for host <--> pod communication.
|
||||
# Make sure it doesn't conflict with your existing interfaces.
|
||||
#hostGateway: gw0
|
||||
|
||||
# Encapsulation mode for communication between Pods across Nodes, supported values:
|
||||
# - vxlan (default)
|
||||
# - geneve
|
||||
# - gre
|
||||
# - stt
|
||||
#tunnelType: vxlan
|
||||
|
||||
# Default MTU to use for the host gateway interface and the network interface of each Pod. If
|
||||
# omitted, antrea-agent will default this value to 1450 to accomodate for tunnel encapsulate
|
||||
# overhead.
|
||||
#defaultMTU: 1450
|
||||
|
||||
# CIDR Range for services in cluster. It's required to support egress network policy, should
|
||||
# be set to the same value as the one specified by --service-cluster-ip-range for kube-apiserver.
|
||||
serviceCIDR: {{ContainerConfig "serviceCidr"}}
|
||||
antrea-cni.conf: |
|
||||
{
|
||||
"cniVersion":"0.3.0",
|
||||
"name": "antrea",
|
||||
"type": "antrea",
|
||||
"ipam": {
|
||||
"type": "host-local"
|
||||
}
|
||||
}
|
||||
antrea-controller.conf: ""
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
app: antrea
|
||||
addonmanager.kubernetes.io/mode: "EnsureExists"
|
||||
name: antrea-config-48gttf992h
|
||||
namespace: kube-system
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
app: antrea
|
||||
addonmanager.kubernetes.io/mode: "Reconcile"
|
||||
name: antrea
|
||||
namespace: kube-system
|
||||
spec:
|
||||
ports:
|
||||
- port: 443
|
||||
protocol: TCP
|
||||
targetPort: 443
|
||||
selector:
|
||||
app: antrea
|
||||
component: antrea-controller
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
app: antrea
|
||||
component: antrea-controller
|
||||
addonmanager.kubernetes.io/mode: "Reconcile"
|
||||
name: antrea-controller
|
||||
namespace: kube-system
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: antrea
|
||||
component: antrea-controller
|
||||
strategy:
|
||||
type: Recreate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: antrea
|
||||
component: antrea-controller
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- --config
|
||||
- /etc/antrea/antrea-controller.conf
|
||||
command:
|
||||
- antrea-controller
|
||||
env:
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
image: {{ContainerImage "antrea-controller"}}
|
||||
name: antrea-controller
|
||||
ports:
|
||||
- containerPort: 443
|
||||
protocol: TCP
|
||||
volumeMounts:
|
||||
- mountPath: /etc/antrea/antrea-controller.conf
|
||||
name: antrea-config
|
||||
readOnly: true
|
||||
subPath: antrea-controller.conf
|
||||
hostNetwork: true
|
||||
nodeSelector:
|
||||
beta.kubernetes.io/os: linux
|
||||
priorityClassName: system-cluster-critical
|
||||
serviceAccountName: antrea-controller
|
||||
tolerations:
|
||||
- key: CriticalAddonsOnly
|
||||
operator: Exists
|
||||
- effect: NoSchedule
|
||||
key: node-role.kubernetes.io/master
|
||||
volumes:
|
||||
- configMap:
|
||||
name: antrea-config-48gttf992h
|
||||
name: antrea-config
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
labels:
|
||||
app: antrea
|
||||
component: antrea-agent
|
||||
addonmanager.kubernetes.io/mode: "Reconcile"
|
||||
name: antrea-agent
|
||||
namespace: kube-system
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: antrea
|
||||
component: antrea-agent
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: antrea
|
||||
component: antrea-agent
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- --config
|
||||
- /etc/antrea/antrea-agent.conf
|
||||
command:
|
||||
- antrea-agent
|
||||
env:
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
image: {{ContainerImage "antrea-agent"}}
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
- container_liveness_probe agent
|
||||
failureThreshold: 5
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
name: antrea-agent
|
||||
securityContext:
|
||||
privileged: true
|
||||
volumeMounts:
|
||||
- mountPath: /etc/antrea/antrea-agent.conf
|
||||
name: antrea-config
|
||||
readOnly: true
|
||||
subPath: antrea-agent.conf
|
||||
- mountPath: /var/run/antrea
|
||||
name: host-var-run-antrea
|
||||
- mountPath: /var/run/openvswitch
|
||||
name: host-var-run-antrea
|
||||
subPath: openvswitch
|
||||
- mountPath: /var/lib/cni
|
||||
name: host-var-run-antrea
|
||||
subPath: cni
|
||||
- mountPath: /host/proc
|
||||
name: host-proc
|
||||
readOnly: true
|
||||
- mountPath: /host/var/run/netns
|
||||
mountPropagation: HostToContainer
|
||||
name: host-var-run-netns
|
||||
readOnly: true
|
||||
- command:
|
||||
- start_ovs
|
||||
image: {{ContainerImage "antrea-ovs"}}
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
- timeout 5 container_liveness_probe ovs
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
name: antrea-ovs
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- SYS_NICE
|
||||
- NET_ADMIN
|
||||
- SYS_ADMIN
|
||||
- IPC_LOCK
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/openvswitch
|
||||
name: host-var-run-antrea
|
||||
subPath: openvswitch
|
||||
- mountPath: /var/log/openvswitch
|
||||
name: host-var-log-antrea
|
||||
subPath: openvswitch
|
||||
hostNetwork: true
|
||||
initContainers:
|
||||
- command:
|
||||
- install_cni
|
||||
image: {{ContainerImage "install-cni"}}
|
||||
name: install-cni
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- SYS_MODULE
|
||||
volumeMounts:
|
||||
- mountPath: /etc/antrea/antrea-cni.conf
|
||||
name: antrea-config
|
||||
readOnly: true
|
||||
subPath: antrea-cni.conf
|
||||
- mountPath: /host/etc/cni/net.d
|
||||
name: host-cni-conf
|
||||
- mountPath: /host/opt/cni/bin
|
||||
name: host-cni-bin
|
||||
- mountPath: /lib/modules
|
||||
name: host-lib-modules
|
||||
readOnly: true
|
||||
- mountPath: /sbin/depmod
|
||||
name: host-depmod
|
||||
readOnly: true
|
||||
nodeSelector:
|
||||
beta.kubernetes.io/os: linux
|
||||
priorityClassName: system-node-critical
|
||||
serviceAccountName: antrea-agent
|
||||
tolerations:
|
||||
- key: CriticalAddonsOnly
|
||||
operator: Exists
|
||||
- effect: NoSchedule
|
||||
operator: Exists
|
||||
volumes:
|
||||
- configMap:
|
||||
name: antrea-config-48gttf992h
|
||||
name: antrea-config
|
||||
- hostPath:
|
||||
path: /etc/cni/net.d
|
||||
name: host-cni-conf
|
||||
- hostPath:
|
||||
path: /opt/cni/bin
|
||||
name: host-cni-bin
|
||||
- hostPath:
|
||||
path: /proc
|
||||
name: host-proc
|
||||
- hostPath:
|
||||
path: /var/run/netns
|
||||
name: host-var-run-netns
|
||||
- hostPath:
|
||||
path: /var/run/antrea
|
||||
type: DirectoryOrCreate
|
||||
name: host-var-run-antrea
|
||||
- hostPath:
|
||||
path: /var/log/antrea
|
||||
type: DirectoryOrCreate
|
||||
name: host-var-log-antrea
|
||||
- hostPath:
|
||||
path: /lib/modules
|
||||
name: host-lib-modules
|
||||
- hostPath:
|
||||
path: /sbin/depmod
|
||||
name: host-depmod
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
|
@ -271,27 +271,29 @@
|
|||
"networkPolicy": {
|
||||
"defaultValue": "{{.OrchestratorProfile.KubernetesConfig.NetworkPolicy}}",
|
||||
"metadata": {
|
||||
"description": "The network policy enforcement to use (calico|cilium); 'none' and 'azure' here for backwards compatibility"
|
||||
"description": "The network policy enforcement to use (calico|cilium|antrea); 'none' and 'azure' here for backwards compatibility"
|
||||
},
|
||||
"allowedValues": [
|
||||
"",
|
||||
"none",
|
||||
"azure",
|
||||
"calico",
|
||||
"cilium"
|
||||
"cilium",
|
||||
"antrea"
|
||||
],
|
||||
"type": "string"
|
||||
},
|
||||
"networkPlugin": {
|
||||
"defaultValue": "{{.OrchestratorProfile.KubernetesConfig.NetworkPlugin}}",
|
||||
"metadata": {
|
||||
"description": "The network plugin to use for Kubernetes (kubenet|azure|flannel|cilium)"
|
||||
"description": "The network plugin to use for Kubernetes (kubenet|azure|flannel|cilium|antrea)"
|
||||
},
|
||||
"allowedValues": [
|
||||
"kubenet",
|
||||
"azure",
|
||||
"flannel",
|
||||
"cilium"
|
||||
"cilium",
|
||||
"antrea"
|
||||
],
|
||||
"type": "string"
|
||||
},
|
||||
|
|
|
@ -279,8 +279,10 @@ func (cs *ContainerService) setAddonsConfig(isUpgrade bool) {
|
|||
}
|
||||
|
||||
defaultIPMasqAgentAddonsConfig := KubernetesAddon{
|
||||
Name: common.IPMASQAgentAddonName,
|
||||
Enabled: to.BoolPtr(DefaultIPMasqAgentAddonEnabled && o.KubernetesConfig.NetworkPlugin != NetworkPluginCilium),
|
||||
Name: common.IPMASQAgentAddonName,
|
||||
Enabled: to.BoolPtr(DefaultIPMasqAgentAddonEnabled &&
|
||||
(o.KubernetesConfig.NetworkPlugin != NetworkPluginCilium &&
|
||||
o.KubernetesConfig.NetworkPlugin != NetworkPluginAntrea)),
|
||||
Containers: []KubernetesContainerSpec{
|
||||
{
|
||||
Name: common.IPMASQAgentAddonName,
|
||||
|
@ -398,6 +400,32 @@ func (cs *ContainerService) setAddonsConfig(isUpgrade bool) {
|
|||
},
|
||||
}
|
||||
|
||||
defaultsAntreaDaemonSetAddonsConfig := KubernetesAddon{
|
||||
Name: common.AntreaAddonName,
|
||||
Enabled: to.BoolPtr(o.KubernetesConfig.NetworkPlugin == NetworkPluginAntrea),
|
||||
Config: map[string]string{
|
||||
"serviceCidr": o.KubernetesConfig.ServiceCIDR,
|
||||
},
|
||||
Containers: []KubernetesContainerSpec{
|
||||
{
|
||||
Name: common.AntreaControllerContainerName,
|
||||
Image: k8sComponents[common.AntreaControllerContainerName],
|
||||
},
|
||||
{
|
||||
Name: common.AntreaAgentContainerName,
|
||||
Image: k8sComponents[common.AntreaAgentContainerName],
|
||||
},
|
||||
{
|
||||
Name: common.AntreaOVSContainerName,
|
||||
Image: k8sComponents[common.AntreaOVSContainerName],
|
||||
},
|
||||
{
|
||||
Name: common.AntreaInstallCNIContainerName,
|
||||
Image: k8sComponents[common.AntreaInstallCNIContainerName],
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
defaultsAADPodIdentityAddonsConfig := KubernetesAddon{
|
||||
Name: common.AADPodIdentityAddonName,
|
||||
Enabled: to.BoolPtr(DefaultAADPodIdentityAddonEnabled && !cs.Properties.IsAzureStackCloud()),
|
||||
|
@ -652,6 +680,7 @@ func (cs *ContainerService) setAddonsConfig(isUpgrade bool) {
|
|||
defaultKubeProxyAddonsConfig,
|
||||
defaultPodSecurityPolicyAddonsConfig,
|
||||
defaultAADDefaultAdminGroupAddonsConfig,
|
||||
defaultsAntreaDaemonSetAddonsConfig,
|
||||
}
|
||||
// Add default addons specification, if no user-provided spec exists
|
||||
if o.KubernetesConfig.Addons == nil {
|
||||
|
|
|
@ -2930,6 +2930,35 @@ func TestSetAddonsConfig(t *testing.T) {
|
|||
},
|
||||
}, "1.15.4"),
|
||||
},
|
||||
{
|
||||
name: "antrea addon enabled",
|
||||
cs: &ContainerService{
|
||||
Properties: &Properties{
|
||||
OrchestratorProfile: &OrchestratorProfile{
|
||||
OrchestratorVersion: "1.15.4",
|
||||
KubernetesConfig: &KubernetesConfig{
|
||||
DNSServiceIP: DefaultKubernetesDNSServiceIP,
|
||||
KubeletConfig: map[string]string{
|
||||
"--cluster-domain": "cluster.local",
|
||||
},
|
||||
ClusterSubnet: DefaultKubernetesSubnet,
|
||||
ProxyMode: KubeProxyModeIPTables,
|
||||
NetworkPlugin: NetworkPluginAzure,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
isUpgrade: false,
|
||||
expectedAddons: concatenateDefaultAddons([]KubernetesAddon{
|
||||
{
|
||||
Name: common.AntreaAddonName,
|
||||
Enabled: to.BoolPtr(true),
|
||||
Config: map[string]string{
|
||||
"serviceCidr": DefaultKubernetesServiceCIDR,
|
||||
},
|
||||
},
|
||||
}, "1.15.4"),
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range tests {
|
||||
|
|
|
@ -164,6 +164,14 @@ const (
|
|||
CiliumOperatorContainerName = "cilium-operator"
|
||||
// CiliumEtcdOperatorContainerName is the name of the cilium-etcd-operator container in the cilium addon
|
||||
CiliumEtcdOperatorContainerName = "cilium-etcd-operator"
|
||||
// AntreaControllerContainerName is the name of the antrea-controller container in the antrea addon
|
||||
AntreaControllerContainerName = "antrea-controller"
|
||||
// AntreaAgentContainerName is the name of the antrea-agent container in the antrea addon
|
||||
AntreaAgentContainerName = "antrea-agent"
|
||||
// AntreaOVSContainerName is the name of the antrea-ovs container in the antrea addon
|
||||
AntreaOVSContainerName = "antrea-ovs"
|
||||
// AntreaInstallCNIContainerName is the name of the install-cni container in the antrea addon
|
||||
AntreaInstallCNIContainerName = "install-cni"
|
||||
// GatekeeperContainerName is the name of the gatekeeper container in the azure-policy addon
|
||||
GatekeeperContainerName = "gatekeeper"
|
||||
// CloudNodeManagerAddonName is the name of the cloud node manager addon
|
||||
|
@ -206,6 +214,8 @@ const (
|
|||
KubeProxyAddonName = "kube-proxy"
|
||||
// CiliumAddonName is the name of cilium daemonset addon
|
||||
CiliumAddonName = "cilium"
|
||||
// AntreaAddonName is the name of antrea daemonset addon
|
||||
AntreaAddonName = "antrea"
|
||||
// FlannelAddonName is the name of flannel plugin daemonset addon
|
||||
FlannelAddonName = "flannel-daemonset"
|
||||
// AADAdminGroupAddonName is the name of the default admin group RBAC addon
|
||||
|
|
|
@ -355,6 +355,10 @@ const (
|
|||
NetworkPluginCilium = NetworkPolicyCilium
|
||||
// NetworkPluginFlannel is the string expression for flannel network policy config option
|
||||
NetworkPluginFlannel = "flannel"
|
||||
// NetworkPluginAntrea is the string expression for antrea network plugin config option
|
||||
NetworkPluginAntrea = "antrea"
|
||||
// NetworkPolicyAntrea is the string expression for antrea network policy config option
|
||||
NetworkPolicyAntrea = NetworkPluginAntrea
|
||||
// DefaultNetworkPlugin defines the network plugin to use by default
|
||||
DefaultNetworkPlugin = NetworkPluginKubenet
|
||||
// DefaultNetworkPolicy defines the network policy implementation to use by default
|
||||
|
|
|
@ -1047,6 +1047,19 @@ func TestSetVlabsKubernetesDefaults(t *testing.T) {
|
|||
expectedNetworkPlugin: "",
|
||||
expectedNetworkPolicy: "cilium",
|
||||
},
|
||||
{
|
||||
name: "antrea networkPlugin",
|
||||
p: &vlabs.Properties{
|
||||
OrchestratorProfile: &vlabs.OrchestratorProfile{
|
||||
KubernetesConfig: &vlabs.KubernetesConfig{
|
||||
NetworkPlugin: "",
|
||||
NetworkPolicy: "antrea",
|
||||
},
|
||||
},
|
||||
},
|
||||
expectedNetworkPlugin: "",
|
||||
expectedNetworkPolicy: "antrea",
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range tests {
|
||||
|
|
|
@ -118,6 +118,8 @@ func (cs *ContainerService) setOrchestratorDefaults(isUpgrade, isScale bool) {
|
|||
}
|
||||
case NetworkPolicyCilium:
|
||||
o.KubernetesConfig.NetworkPlugin = NetworkPluginCilium
|
||||
case NetworkPolicyAntrea:
|
||||
o.KubernetesConfig.NetworkPlugin = NetworkPluginAntrea
|
||||
}
|
||||
|
||||
if o.KubernetesConfig.KubernetesImageBase == "" {
|
||||
|
|
|
@ -222,6 +222,7 @@ func TestAssignDefaultAddonImages(t *testing.T) {
|
|||
common.KubeDNSAddonName: specConfig.KubernetesImageBase + k8sComponents[common.KubeDNSAddonName],
|
||||
common.CoreDNSAddonName: specConfig.KubernetesImageBase + k8sComponents[common.CoreDNSAddonName],
|
||||
common.KubeProxyAddonName: specConfig.KubernetesImageBase + k8sComponents[common.KubeProxyAddonName],
|
||||
common.AntreaAddonName: k8sComponents[common.AntreaControllerContainerName],
|
||||
}
|
||||
|
||||
customAddonImages := make(map[string]string)
|
||||
|
@ -290,6 +291,9 @@ func getFakeAddons(defaultAddonMap map[string]string, customImage string) []Kube
|
|||
if addonName == common.KubeDNSAddonName {
|
||||
containerName = "kubedns"
|
||||
}
|
||||
if addonName == common.AntreaAddonName {
|
||||
containerName = common.AntreaControllerContainerName
|
||||
}
|
||||
customAddon := KubernetesAddon{
|
||||
Name: addonName,
|
||||
Enabled: to.BoolPtr(true),
|
||||
|
@ -835,6 +839,16 @@ func TestNetworkPolicyDefaults(t *testing.T) {
|
|||
properties.OrchestratorProfile.KubernetesConfig.NetworkPlugin, NetworkPluginCilium)
|
||||
}
|
||||
|
||||
mockCS = getMockBaseContainerService("1.15.7")
|
||||
properties = mockCS.Properties
|
||||
properties.OrchestratorProfile.OrchestratorType = Kubernetes
|
||||
properties.OrchestratorProfile.KubernetesConfig.NetworkPolicy = NetworkPolicyAntrea
|
||||
mockCS.setOrchestratorDefaults(true, true)
|
||||
if properties.OrchestratorProfile.KubernetesConfig.NetworkPlugin != NetworkPluginAntrea {
|
||||
t.Fatalf("NetworkPlugin did not have the expected value, got %s, expected %s",
|
||||
properties.OrchestratorProfile.KubernetesConfig.NetworkPlugin, NetworkPluginAntrea)
|
||||
}
|
||||
|
||||
mockCS = getMockBaseContainerService("1.8.10")
|
||||
properties = mockCS.Properties
|
||||
properties.OrchestratorProfile.OrchestratorType = Kubernetes
|
||||
|
|
|
@ -39,6 +39,10 @@ const (
|
|||
ciliumCleanStateImageReference string = "docker.io/cilium/cilium-init:2018-10-16"
|
||||
ciliumOperatorImageReference string = "docker.io/cilium/operator:v1.4"
|
||||
ciliumEtcdOperatorImageReference string = "docker.io/cilium/cilium-etcd-operator:v2.0.5"
|
||||
antreaControllerImageReference string = "antrea/antrea-ubuntu:v0.2.0"
|
||||
antreaAgentImageReference = antreaControllerImageReference
|
||||
antreaOVSImageReference = antreaControllerImageReference
|
||||
antreaInstallCNIImageReference = antreaControllerImageReference
|
||||
azureNPMContainerImageReference string = "mcr.microsoft.com/containernetworking/azure-npm:v1.0.30"
|
||||
aadPodIdentityNMIImageReference string = "mcr.microsoft.com/k8s/aad-pod-identity/nmi:1.2"
|
||||
aadPodIdentityMICImageReference string = "mcr.microsoft.com/k8s/aad-pod-identity/mic:1.2"
|
||||
|
@ -250,6 +254,10 @@ func getK8sVersionComponents(version string, overrides map[string]string) map[st
|
|||
common.CiliumCleanStateContainerName: ciliumCleanStateImageReference,
|
||||
common.CiliumOperatorContainerName: ciliumOperatorImageReference,
|
||||
common.CiliumEtcdOperatorContainerName: ciliumEtcdOperatorImageReference,
|
||||
common.AntreaControllerContainerName: antreaControllerImageReference,
|
||||
common.AntreaAgentContainerName: antreaAgentImageReference,
|
||||
common.AntreaOVSContainerName: antreaOVSImageReference,
|
||||
common.AntreaInstallCNIContainerName: antreaInstallCNIImageReference,
|
||||
common.NMIContainerName: aadPodIdentityNMIImageReference,
|
||||
common.MICContainerName: aadPodIdentityMICImageReference,
|
||||
common.AzurePolicyAddonName: azurePolicyImageReference,
|
||||
|
@ -317,6 +325,10 @@ func getK8sVersionComponents(version string, overrides map[string]string) map[st
|
|||
common.CiliumCleanStateContainerName: ciliumCleanStateImageReference,
|
||||
common.CiliumOperatorContainerName: ciliumOperatorImageReference,
|
||||
common.CiliumEtcdOperatorContainerName: ciliumEtcdOperatorImageReference,
|
||||
common.AntreaControllerContainerName: antreaControllerImageReference,
|
||||
common.AntreaAgentContainerName: antreaAgentImageReference,
|
||||
common.AntreaOVSContainerName: antreaOVSImageReference,
|
||||
common.AntreaInstallCNIContainerName: antreaInstallCNIImageReference,
|
||||
common.NMIContainerName: aadPodIdentityNMIImageReference,
|
||||
common.MICContainerName: aadPodIdentityMICImageReference,
|
||||
common.AzurePolicyAddonName: azurePolicyImageReference,
|
||||
|
@ -383,6 +395,10 @@ func getK8sVersionComponents(version string, overrides map[string]string) map[st
|
|||
common.CiliumCleanStateContainerName: ciliumCleanStateImageReference,
|
||||
common.CiliumOperatorContainerName: ciliumOperatorImageReference,
|
||||
common.CiliumEtcdOperatorContainerName: ciliumEtcdOperatorImageReference,
|
||||
common.AntreaControllerContainerName: antreaControllerImageReference,
|
||||
common.AntreaAgentContainerName: antreaAgentImageReference,
|
||||
common.AntreaOVSContainerName: antreaOVSImageReference,
|
||||
common.AntreaInstallCNIContainerName: antreaInstallCNIImageReference,
|
||||
common.NMIContainerName: aadPodIdentityNMIImageReference,
|
||||
common.MICContainerName: aadPodIdentityMICImageReference,
|
||||
common.AzurePolicyAddonName: azurePolicyImageReference,
|
||||
|
@ -449,6 +465,10 @@ func getK8sVersionComponents(version string, overrides map[string]string) map[st
|
|||
common.CiliumCleanStateContainerName: ciliumCleanStateImageReference,
|
||||
common.CiliumOperatorContainerName: ciliumOperatorImageReference,
|
||||
common.CiliumEtcdOperatorContainerName: ciliumEtcdOperatorImageReference,
|
||||
common.AntreaControllerContainerName: antreaControllerImageReference,
|
||||
common.AntreaAgentContainerName: antreaAgentImageReference,
|
||||
common.AntreaOVSContainerName: antreaOVSImageReference,
|
||||
common.AntreaInstallCNIContainerName: antreaInstallCNIImageReference,
|
||||
common.NMIContainerName: aadPodIdentityNMIImageReference,
|
||||
common.MICContainerName: aadPodIdentityMICImageReference,
|
||||
common.AzurePolicyAddonName: azurePolicyImageReference,
|
||||
|
@ -515,6 +535,10 @@ func getK8sVersionComponents(version string, overrides map[string]string) map[st
|
|||
common.CiliumCleanStateContainerName: ciliumCleanStateImageReference,
|
||||
common.CiliumOperatorContainerName: ciliumOperatorImageReference,
|
||||
common.CiliumEtcdOperatorContainerName: ciliumEtcdOperatorImageReference,
|
||||
common.AntreaControllerContainerName: antreaControllerImageReference,
|
||||
common.AntreaAgentContainerName: antreaAgentImageReference,
|
||||
common.AntreaOVSContainerName: antreaOVSImageReference,
|
||||
common.AntreaInstallCNIContainerName: antreaInstallCNIImageReference,
|
||||
common.NMIContainerName: aadPodIdentityNMIImageReference,
|
||||
common.MICContainerName: aadPodIdentityMICImageReference,
|
||||
common.AzurePolicyAddonName: azurePolicyImageReference,
|
||||
|
@ -581,6 +605,10 @@ func getK8sVersionComponents(version string, overrides map[string]string) map[st
|
|||
common.CiliumCleanStateContainerName: ciliumCleanStateImageReference,
|
||||
common.CiliumOperatorContainerName: ciliumOperatorImageReference,
|
||||
common.CiliumEtcdOperatorContainerName: ciliumEtcdOperatorImageReference,
|
||||
common.AntreaControllerContainerName: antreaControllerImageReference,
|
||||
common.AntreaAgentContainerName: antreaAgentImageReference,
|
||||
common.AntreaOVSContainerName: antreaOVSImageReference,
|
||||
common.AntreaInstallCNIContainerName: antreaInstallCNIImageReference,
|
||||
common.NMIContainerName: aadPodIdentityNMIImageReference,
|
||||
common.MICContainerName: aadPodIdentityMICImageReference,
|
||||
common.AzurePolicyAddonName: azurePolicyImageReference,
|
||||
|
@ -646,6 +674,10 @@ func getK8sVersionComponents(version string, overrides map[string]string) map[st
|
|||
common.CiliumCleanStateContainerName: ciliumCleanStateImageReference,
|
||||
common.CiliumOperatorContainerName: ciliumOperatorImageReference,
|
||||
common.CiliumEtcdOperatorContainerName: ciliumEtcdOperatorImageReference,
|
||||
common.AntreaControllerContainerName: antreaControllerImageReference,
|
||||
common.AntreaAgentContainerName: antreaAgentImageReference,
|
||||
common.AntreaOVSContainerName: antreaOVSImageReference,
|
||||
common.AntreaInstallCNIContainerName: antreaInstallCNIImageReference,
|
||||
common.NMIContainerName: aadPodIdentityNMIImageReference,
|
||||
common.MICContainerName: aadPodIdentityMICImageReference,
|
||||
common.AzurePolicyAddonName: azurePolicyImageReference,
|
||||
|
@ -711,6 +743,10 @@ func getK8sVersionComponents(version string, overrides map[string]string) map[st
|
|||
common.CiliumCleanStateContainerName: ciliumCleanStateImageReference,
|
||||
common.CiliumOperatorContainerName: ciliumOperatorImageReference,
|
||||
common.CiliumEtcdOperatorContainerName: ciliumEtcdOperatorImageReference,
|
||||
common.AntreaControllerContainerName: antreaControllerImageReference,
|
||||
common.AntreaAgentContainerName: antreaAgentImageReference,
|
||||
common.AntreaOVSContainerName: antreaOVSImageReference,
|
||||
common.AntreaInstallCNIContainerName: antreaInstallCNIImageReference,
|
||||
common.NMIContainerName: aadPodIdentityNMIImageReference,
|
||||
common.MICContainerName: aadPodIdentityMICImageReference,
|
||||
common.AzurePolicyAddonName: azurePolicyImageReference,
|
||||
|
@ -776,6 +812,10 @@ func getK8sVersionComponents(version string, overrides map[string]string) map[st
|
|||
common.CiliumCleanStateContainerName: ciliumCleanStateImageReference,
|
||||
common.CiliumOperatorContainerName: ciliumOperatorImageReference,
|
||||
common.CiliumEtcdOperatorContainerName: ciliumEtcdOperatorImageReference,
|
||||
common.AntreaControllerContainerName: antreaControllerImageReference,
|
||||
common.AntreaAgentContainerName: antreaAgentImageReference,
|
||||
common.AntreaOVSContainerName: antreaOVSImageReference,
|
||||
common.AntreaInstallCNIContainerName: antreaInstallCNIImageReference,
|
||||
common.NMIContainerName: aadPodIdentityNMIImageReference,
|
||||
common.MICContainerName: aadPodIdentityMICImageReference,
|
||||
common.AzurePolicyAddonName: azurePolicyImageReference,
|
||||
|
@ -838,6 +878,10 @@ func getK8sVersionComponents(version string, overrides map[string]string) map[st
|
|||
common.CiliumCleanStateContainerName: ciliumCleanStateImageReference,
|
||||
common.CiliumOperatorContainerName: ciliumOperatorImageReference,
|
||||
common.CiliumEtcdOperatorContainerName: ciliumEtcdOperatorImageReference,
|
||||
common.AntreaControllerContainerName: antreaControllerImageReference,
|
||||
common.AntreaAgentContainerName: antreaAgentImageReference,
|
||||
common.AntreaOVSContainerName: antreaOVSImageReference,
|
||||
common.AntreaInstallCNIContainerName: antreaInstallCNIImageReference,
|
||||
common.NMIContainerName: aadPodIdentityNMIImageReference,
|
||||
common.MICContainerName: aadPodIdentityMICImageReference,
|
||||
common.AzurePolicyAddonName: azurePolicyImageReference,
|
||||
|
|
|
@ -59,6 +59,10 @@ func TestGetK8sVersionComponents(t *testing.T) {
|
|||
common.CiliumCleanStateContainerName: ciliumCleanStateImageReference,
|
||||
common.CiliumOperatorContainerName: ciliumOperatorImageReference,
|
||||
common.CiliumEtcdOperatorContainerName: ciliumEtcdOperatorImageReference,
|
||||
common.AntreaControllerContainerName: antreaControllerImageReference,
|
||||
common.AntreaAgentContainerName: antreaAgentImageReference,
|
||||
common.AntreaOVSContainerName: antreaOVSImageReference,
|
||||
common.AntreaInstallCNIContainerName: antreaInstallCNIImageReference,
|
||||
common.NMIContainerName: aadPodIdentityNMIImageReference,
|
||||
common.MICContainerName: aadPodIdentityMICImageReference,
|
||||
common.AzurePolicyAddonName: azurePolicyImageReference,
|
||||
|
@ -139,6 +143,10 @@ func TestGetK8sVersionComponents(t *testing.T) {
|
|||
common.CiliumCleanStateContainerName: ciliumCleanStateImageReference,
|
||||
common.CiliumOperatorContainerName: ciliumOperatorImageReference,
|
||||
common.CiliumEtcdOperatorContainerName: ciliumEtcdOperatorImageReference,
|
||||
common.AntreaControllerContainerName: antreaControllerImageReference,
|
||||
common.AntreaAgentContainerName: antreaAgentImageReference,
|
||||
common.AntreaOVSContainerName: antreaOVSImageReference,
|
||||
common.AntreaInstallCNIContainerName: antreaInstallCNIImageReference,
|
||||
common.NMIContainerName: aadPodIdentityNMIImageReference,
|
||||
common.MICContainerName: aadPodIdentityMICImageReference,
|
||||
common.AzurePolicyAddonName: azurePolicyImageReference,
|
||||
|
@ -212,6 +220,10 @@ func TestGetK8sVersionComponents(t *testing.T) {
|
|||
common.CiliumCleanStateContainerName: ciliumCleanStateImageReference,
|
||||
common.CiliumOperatorContainerName: ciliumOperatorImageReference,
|
||||
common.CiliumEtcdOperatorContainerName: ciliumEtcdOperatorImageReference,
|
||||
common.AntreaControllerContainerName: antreaControllerImageReference,
|
||||
common.AntreaAgentContainerName: antreaAgentImageReference,
|
||||
common.AntreaOVSContainerName: antreaOVSImageReference,
|
||||
common.AntreaInstallCNIContainerName: antreaInstallCNIImageReference,
|
||||
common.NMIContainerName: aadPodIdentityNMIImageReference,
|
||||
common.MICContainerName: aadPodIdentityMICImageReference,
|
||||
common.AzurePolicyAddonName: azurePolicyImageReference,
|
||||
|
@ -284,6 +296,10 @@ func TestGetK8sVersionComponents(t *testing.T) {
|
|||
common.CiliumCleanStateContainerName: ciliumCleanStateImageReference,
|
||||
common.CiliumOperatorContainerName: ciliumOperatorImageReference,
|
||||
common.CiliumEtcdOperatorContainerName: ciliumEtcdOperatorImageReference,
|
||||
common.AntreaControllerContainerName: antreaControllerImageReference,
|
||||
common.AntreaAgentContainerName: antreaAgentImageReference,
|
||||
common.AntreaOVSContainerName: antreaOVSImageReference,
|
||||
common.AntreaInstallCNIContainerName: antreaInstallCNIImageReference,
|
||||
common.NMIContainerName: aadPodIdentityNMIImageReference,
|
||||
common.MICContainerName: aadPodIdentityMICImageReference,
|
||||
common.AzurePolicyAddonName: azurePolicyImageReference,
|
||||
|
@ -356,6 +372,10 @@ func TestGetK8sVersionComponents(t *testing.T) {
|
|||
common.CiliumCleanStateContainerName: ciliumCleanStateImageReference,
|
||||
common.CiliumOperatorContainerName: ciliumOperatorImageReference,
|
||||
common.CiliumEtcdOperatorContainerName: ciliumEtcdOperatorImageReference,
|
||||
common.AntreaControllerContainerName: antreaControllerImageReference,
|
||||
common.AntreaAgentContainerName: antreaAgentImageReference,
|
||||
common.AntreaOVSContainerName: antreaOVSImageReference,
|
||||
common.AntreaInstallCNIContainerName: antreaInstallCNIImageReference,
|
||||
common.NMIContainerName: aadPodIdentityNMIImageReference,
|
||||
common.MICContainerName: aadPodIdentityMICImageReference,
|
||||
common.AzurePolicyAddonName: azurePolicyImageReference,
|
||||
|
@ -421,6 +441,10 @@ func TestGetK8sVersionComponents(t *testing.T) {
|
|||
common.CiliumCleanStateContainerName: ciliumCleanStateImageReference,
|
||||
common.CiliumOperatorContainerName: ciliumOperatorImageReference,
|
||||
common.CiliumEtcdOperatorContainerName: ciliumEtcdOperatorImageReference,
|
||||
common.AntreaControllerContainerName: antreaControllerImageReference,
|
||||
common.AntreaAgentContainerName: antreaAgentImageReference,
|
||||
common.AntreaOVSContainerName: antreaOVSImageReference,
|
||||
common.AntreaInstallCNIContainerName: antreaInstallCNIImageReference,
|
||||
common.NMIContainerName: aadPodIdentityNMIImageReference,
|
||||
common.MICContainerName: aadPodIdentityMICImageReference,
|
||||
common.AzurePolicyAddonName: azurePolicyImageReference,
|
||||
|
@ -492,6 +516,10 @@ func TestGetK8sVersionComponents(t *testing.T) {
|
|||
common.CiliumCleanStateContainerName: ciliumCleanStateImageReference,
|
||||
common.CiliumOperatorContainerName: ciliumOperatorImageReference,
|
||||
common.CiliumEtcdOperatorContainerName: ciliumEtcdOperatorImageReference,
|
||||
common.AntreaControllerContainerName: antreaControllerImageReference,
|
||||
common.AntreaAgentContainerName: antreaAgentImageReference,
|
||||
common.AntreaOVSContainerName: antreaOVSImageReference,
|
||||
common.AntreaInstallCNIContainerName: antreaInstallCNIImageReference,
|
||||
common.NMIContainerName: aadPodIdentityNMIImageReference,
|
||||
common.MICContainerName: aadPodIdentityMICImageReference,
|
||||
common.AzurePolicyAddonName: azurePolicyImageReference,
|
||||
|
@ -563,6 +591,10 @@ func TestGetK8sVersionComponents(t *testing.T) {
|
|||
common.CiliumCleanStateContainerName: ciliumCleanStateImageReference,
|
||||
common.CiliumOperatorContainerName: ciliumOperatorImageReference,
|
||||
common.CiliumEtcdOperatorContainerName: ciliumEtcdOperatorImageReference,
|
||||
common.AntreaControllerContainerName: antreaControllerImageReference,
|
||||
common.AntreaAgentContainerName: antreaAgentImageReference,
|
||||
common.AntreaOVSContainerName: antreaOVSImageReference,
|
||||
common.AntreaInstallCNIContainerName: antreaInstallCNIImageReference,
|
||||
common.NMIContainerName: aadPodIdentityNMIImageReference,
|
||||
common.MICContainerName: aadPodIdentityMICImageReference,
|
||||
common.AzurePolicyAddonName: azurePolicyImageReference,
|
||||
|
@ -633,6 +665,10 @@ func TestGetK8sVersionComponents(t *testing.T) {
|
|||
common.CiliumCleanStateContainerName: ciliumCleanStateImageReference,
|
||||
common.CiliumOperatorContainerName: ciliumOperatorImageReference,
|
||||
common.CiliumEtcdOperatorContainerName: ciliumEtcdOperatorImageReference,
|
||||
common.AntreaControllerContainerName: antreaControllerImageReference,
|
||||
common.AntreaAgentContainerName: antreaAgentImageReference,
|
||||
common.AntreaOVSContainerName: antreaOVSImageReference,
|
||||
common.AntreaInstallCNIContainerName: antreaInstallCNIImageReference,
|
||||
common.NMIContainerName: aadPodIdentityNMIImageReference,
|
||||
common.MICContainerName: aadPodIdentityMICImageReference,
|
||||
common.AzurePolicyAddonName: azurePolicyImageReference,
|
||||
|
@ -701,6 +737,10 @@ func TestGetK8sVersionComponents(t *testing.T) {
|
|||
common.CiliumCleanStateContainerName: ciliumCleanStateImageReference,
|
||||
common.CiliumOperatorContainerName: ciliumOperatorImageReference,
|
||||
common.CiliumEtcdOperatorContainerName: ciliumEtcdOperatorImageReference,
|
||||
common.AntreaControllerContainerName: antreaControllerImageReference,
|
||||
common.AntreaAgentContainerName: antreaAgentImageReference,
|
||||
common.AntreaOVSContainerName: antreaOVSImageReference,
|
||||
common.AntreaInstallCNIContainerName: antreaInstallCNIImageReference,
|
||||
common.NMIContainerName: aadPodIdentityNMIImageReference,
|
||||
common.MICContainerName: aadPodIdentityMICImageReference,
|
||||
common.AzurePolicyAddonName: azurePolicyImageReference,
|
||||
|
@ -809,6 +849,10 @@ func TestGetK8sVersionComponents(t *testing.T) {
|
|||
common.CiliumCleanStateContainerName: ciliumCleanStateImageReference,
|
||||
common.CiliumOperatorContainerName: ciliumOperatorImageReference,
|
||||
common.CiliumEtcdOperatorContainerName: ciliumEtcdOperatorImageReference,
|
||||
common.AntreaControllerContainerName: antreaControllerImageReference,
|
||||
common.AntreaAgentContainerName: antreaAgentImageReference,
|
||||
common.AntreaOVSContainerName: antreaOVSImageReference,
|
||||
common.AntreaInstallCNIContainerName: antreaInstallCNIImageReference,
|
||||
common.NMIContainerName: aadPodIdentityNMIImageReference,
|
||||
common.MICContainerName: aadPodIdentityMICImageReference,
|
||||
common.AzurePolicyAddonName: azurePolicyImageReference,
|
||||
|
|
|
@ -1698,7 +1698,10 @@ func (o *OrchestratorProfile) IsAzureCNI() bool {
|
|||
func (o *OrchestratorProfile) RequireRouteTable() bool {
|
||||
switch o.OrchestratorType {
|
||||
case Kubernetes:
|
||||
if o.IsAzureCNI() || NetworkPolicyCilium == o.KubernetesConfig.NetworkPolicy || "flannel" == o.KubernetesConfig.NetworkPlugin {
|
||||
if o.IsAzureCNI() ||
|
||||
NetworkPolicyCilium == o.KubernetesConfig.NetworkPolicy ||
|
||||
"flannel" == o.KubernetesConfig.NetworkPlugin ||
|
||||
NetworkPluginAntrea == o.KubernetesConfig.NetworkPlugin {
|
||||
return false
|
||||
}
|
||||
return true
|
||||
|
|
|
@ -2845,6 +2845,17 @@ func TestRequireRouteTable(t *testing.T) {
|
|||
},
|
||||
expected: false,
|
||||
},
|
||||
{
|
||||
p: Properties{
|
||||
OrchestratorProfile: &OrchestratorProfile{
|
||||
OrchestratorType: Kubernetes,
|
||||
KubernetesConfig: &KubernetesConfig{
|
||||
NetworkPlugin: NetworkPolicyAntrea,
|
||||
},
|
||||
},
|
||||
},
|
||||
expected: false,
|
||||
},
|
||||
}
|
||||
|
||||
for _, c := range cases {
|
||||
|
|
|
@ -89,11 +89,11 @@ const (
|
|||
|
||||
var (
|
||||
// NetworkPluginValues holds the valid values for network plugin implementation
|
||||
NetworkPluginValues = [...]string{"", "kubenet", "azure", NetworkPluginCilium, "flannel"}
|
||||
NetworkPluginValues = [...]string{"", "kubenet", "azure", NetworkPluginCilium, NetworkPluginAntrea, "flannel"}
|
||||
|
||||
// NetworkPolicyValues holds the valid values for a network policy
|
||||
// "azure" and "none" are there for backwards-compatibility
|
||||
NetworkPolicyValues = [...]string{"", "calico", NetworkPolicyCilium, "azure", "none"}
|
||||
NetworkPolicyValues = [...]string{"", "calico", NetworkPolicyCilium, NetworkPolicyAntrea, "azure", "none"}
|
||||
|
||||
// ContainerRuntimeValues holds the valid values for container runtimes
|
||||
ContainerRuntimeValues = [...]string{"", Docker, KataContainers, Containerd}
|
||||
|
@ -126,6 +126,10 @@ const (
|
|||
NetworkPolicyCilium = "cilium"
|
||||
// NetworkPluginCilium is the string expression for cilium network policy config option
|
||||
NetworkPluginCilium = NetworkPolicyCilium
|
||||
// NetworkPolicyAntrea is the string expression for antrea network policy config option
|
||||
NetworkPolicyAntrea = "antrea"
|
||||
// NetworkPluginAntrea is the string expression for antrea network plugin config option
|
||||
NetworkPluginAntrea = NetworkPolicyAntrea
|
||||
// NetworkModeBridge is the string expression for bridge network mode config option
|
||||
NetworkModeBridge = "bridge"
|
||||
// NetworkModeTransparent is the string expression for transparent network mode config option
|
||||
|
|
|
@ -77,6 +77,14 @@ var (
|
|||
networkPlugin: "",
|
||||
networkPolicy: NetworkPolicyCilium,
|
||||
},
|
||||
{
|
||||
networkPlugin: NetworkPluginAntrea,
|
||||
networkPolicy: NetworkPolicyAntrea,
|
||||
},
|
||||
{
|
||||
networkPlugin: "",
|
||||
networkPolicy: NetworkPolicyAntrea,
|
||||
},
|
||||
{
|
||||
networkPlugin: "",
|
||||
networkPolicy: "azure", // for backwards-compatibility w/ prior networkPolicy usage
|
||||
|
@ -720,6 +728,10 @@ func (a *Properties) validateAddons() error {
|
|||
} else {
|
||||
return errors.Errorf("%s addon is not supported on Kubernetes v1.16.0 or greater", common.CiliumAddonName)
|
||||
}
|
||||
case common.AntreaAddonName:
|
||||
if a.OrchestratorProfile.KubernetesConfig.NetworkPolicy != NetworkPolicyAntrea {
|
||||
return errors.Errorf("%s addon may only be enabled if the networkPolicy=%s", common.AntreaAddonName, NetworkPolicyAntrea)
|
||||
}
|
||||
case "azure-policy":
|
||||
isValidVersion, err := common.IsValidMinVersion(a.OrchestratorProfile.OrchestratorType, a.OrchestratorProfile.OrchestratorRelease, a.OrchestratorProfile.OrchestratorVersion, "1.10.0")
|
||||
if err != nil {
|
||||
|
@ -1408,7 +1420,7 @@ func (k *KubernetesConfig) Validate(k8sVersion string, hasWindows, ipv6DualStack
|
|||
}
|
||||
}
|
||||
|
||||
if e := k.validateNetworkPlugin(); e != nil {
|
||||
if e := k.validateNetworkPlugin(hasWindows); e != nil {
|
||||
return e
|
||||
}
|
||||
if e := k.validateNetworkPolicy(k8sVersion, hasWindows); e != nil {
|
||||
|
@ -1423,7 +1435,7 @@ func (k *KubernetesConfig) Validate(k8sVersion string, hasWindows, ipv6DualStack
|
|||
return nil
|
||||
}
|
||||
|
||||
func (k *KubernetesConfig) validateNetworkPlugin() error {
|
||||
func (k *KubernetesConfig) validateNetworkPlugin(hasWindows bool) error {
|
||||
|
||||
networkPlugin := k.NetworkPlugin
|
||||
|
||||
|
@ -1439,6 +1451,11 @@ func (k *KubernetesConfig) validateNetworkPlugin() error {
|
|||
return errors.Errorf("unknown networkPlugin '%s' specified", networkPlugin)
|
||||
}
|
||||
|
||||
// Temporary safety check, to be removed when Windows support is added.
|
||||
if (networkPlugin == NetworkPluginAntrea) && hasWindows {
|
||||
return errors.Errorf("networkPlugin '%s' is not supporting windows agents", networkPlugin)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
|
@ -1464,7 +1481,8 @@ func (k *KubernetesConfig) validateNetworkPolicy(k8sVersion string, hasWindows b
|
|||
}
|
||||
|
||||
// Temporary safety check, to be removed when Windows support is added.
|
||||
if (networkPolicy == "calico" || networkPolicy == NetworkPolicyCilium || networkPolicy == "flannel") && hasWindows {
|
||||
if (networkPolicy == "calico" || networkPolicy == NetworkPolicyCilium ||
|
||||
networkPolicy == "flannel" || networkPolicy == NetworkPolicyAntrea) && hasWindows {
|
||||
return errors.Errorf("networkPolicy '%s' is not supporting windows agents", networkPolicy)
|
||||
}
|
||||
|
||||
|
|
|
@ -887,6 +887,13 @@ func Test_Properties_ValidateNetworkPolicy(t *testing.T) {
|
|||
)
|
||||
}
|
||||
|
||||
p.OrchestratorProfile.KubernetesConfig.NetworkPolicy = NetworkPolicyAntrea
|
||||
if err := p.OrchestratorProfile.KubernetesConfig.validateNetworkPolicy(k8sVersion, true); err == nil {
|
||||
t.Errorf(
|
||||
"should error on antrea for windows clusters",
|
||||
)
|
||||
}
|
||||
|
||||
p.OrchestratorProfile.KubernetesConfig.NetworkPolicy = "flannel"
|
||||
if err := p.OrchestratorProfile.KubernetesConfig.validateNetworkPolicy(k8sVersion, true); err == nil {
|
||||
t.Errorf(
|
||||
|
@ -903,7 +910,7 @@ func Test_Properties_ValidateNetworkPlugin(t *testing.T) {
|
|||
for _, policy := range NetworkPluginValues {
|
||||
p.OrchestratorProfile.KubernetesConfig = &KubernetesConfig{}
|
||||
p.OrchestratorProfile.KubernetesConfig.NetworkPlugin = policy
|
||||
if err := p.OrchestratorProfile.KubernetesConfig.validateNetworkPlugin(); err != nil {
|
||||
if err := p.OrchestratorProfile.KubernetesConfig.validateNetworkPlugin(false); err != nil {
|
||||
t.Errorf(
|
||||
"should not error on networkPolicy=\"%s\"",
|
||||
policy,
|
||||
|
@ -912,11 +919,18 @@ func Test_Properties_ValidateNetworkPlugin(t *testing.T) {
|
|||
}
|
||||
|
||||
p.OrchestratorProfile.KubernetesConfig.NetworkPlugin = "not-existing"
|
||||
if err := p.OrchestratorProfile.KubernetesConfig.validateNetworkPlugin(); err == nil {
|
||||
if err := p.OrchestratorProfile.KubernetesConfig.validateNetworkPlugin(false); err == nil {
|
||||
t.Errorf(
|
||||
"should error on invalid networkPlugin",
|
||||
)
|
||||
}
|
||||
|
||||
p.OrchestratorProfile.KubernetesConfig.NetworkPlugin = NetworkPluginAntrea
|
||||
if err := p.OrchestratorProfile.KubernetesConfig.validateNetworkPlugin(true); err == nil {
|
||||
t.Errorf(
|
||||
"should error on antrea for windows clusters",
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
func Test_Properties_ValidateNetworkPluginPlusPolicy(t *testing.T) {
|
||||
|
@ -1546,7 +1560,7 @@ func TestValidateAddons(t *testing.T) {
|
|||
expectedErr: errors.Errorf("%s addon may only be enabled if the networkPolicy=%s", common.CiliumAddonName, NetworkPolicyCilium),
|
||||
},
|
||||
{
|
||||
name: "cilium addon enabled w/ azure networkPolicy",
|
||||
name: "cilium addon enabled w/ calico networkPolicy",
|
||||
p: &Properties{
|
||||
OrchestratorProfile: &OrchestratorProfile{
|
||||
KubernetesConfig: &KubernetesConfig{
|
||||
|
@ -1615,6 +1629,91 @@ func TestValidateAddons(t *testing.T) {
|
|||
},
|
||||
expectedErr: errors.Errorf("%s addon is not supported on Kubernetes v1.16.0 or greater", common.CiliumAddonName),
|
||||
},
|
||||
{
|
||||
name: "antrea addon enabled w/ no networkPolicy",
|
||||
p: &Properties{
|
||||
OrchestratorProfile: &OrchestratorProfile{
|
||||
KubernetesConfig: &KubernetesConfig{
|
||||
Addons: []KubernetesAddon{
|
||||
{
|
||||
Name: common.AntreaAddonName,
|
||||
Enabled: to.BoolPtr(true),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expectedErr: errors.Errorf("%s addon may only be enabled if the networkPolicy=%s", common.AntreaAddonName, NetworkPolicyAntrea),
|
||||
},
|
||||
{
|
||||
name: "antrea addon enabled w/ azure networkPolicy",
|
||||
p: &Properties{
|
||||
OrchestratorProfile: &OrchestratorProfile{
|
||||
KubernetesConfig: &KubernetesConfig{
|
||||
NetworkPolicy: "azure",
|
||||
Addons: []KubernetesAddon{
|
||||
{
|
||||
Name: common.AntreaAddonName,
|
||||
Enabled: to.BoolPtr(true),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expectedErr: errors.Errorf("%s addon may only be enabled if the networkPolicy=%s", common.AntreaAddonName, NetworkPolicyAntrea),
|
||||
},
|
||||
{
|
||||
name: "antrea addon enabled w/ calico networkPolicy",
|
||||
p: &Properties{
|
||||
OrchestratorProfile: &OrchestratorProfile{
|
||||
KubernetesConfig: &KubernetesConfig{
|
||||
NetworkPolicy: "calico",
|
||||
Addons: []KubernetesAddon{
|
||||
{
|
||||
Name: common.AntreaAddonName,
|
||||
Enabled: to.BoolPtr(true),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expectedErr: errors.Errorf("%s addon may only be enabled if the networkPolicy=%s", common.AntreaAddonName, NetworkPolicyAntrea),
|
||||
},
|
||||
{
|
||||
name: "antrea addon enabled w/ antrea networkPolicy",
|
||||
p: &Properties{
|
||||
OrchestratorProfile: &OrchestratorProfile{
|
||||
KubernetesConfig: &KubernetesConfig{
|
||||
NetworkPolicy: NetworkPolicyAntrea,
|
||||
Addons: []KubernetesAddon{
|
||||
{
|
||||
Name: common.AntreaAddonName,
|
||||
Enabled: to.BoolPtr(true),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expectedErr: nil,
|
||||
},
|
||||
{
|
||||
name: "antrea addon enabled w/ antrea networkPolicy + networkPlugin",
|
||||
p: &Properties{
|
||||
OrchestratorProfile: &OrchestratorProfile{
|
||||
KubernetesConfig: &KubernetesConfig{
|
||||
NetworkPolicy: NetworkPolicyAntrea,
|
||||
NetworkPlugin: NetworkPluginAntrea,
|
||||
Addons: []KubernetesAddon{
|
||||
{
|
||||
Name: common.AntreaAddonName,
|
||||
Enabled: to.BoolPtr(true),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expectedErr: nil,
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range tests {
|
||||
|
|
|
@ -927,11 +927,12 @@
|
|||
"kubenet",
|
||||
"azure",
|
||||
"flannel",
|
||||
"cilium"
|
||||
"cilium",
|
||||
"antrea"
|
||||
],
|
||||
"defaultValue": "flannel",
|
||||
"metadata": {
|
||||
"description": "The network plugin to use for Kubernetes (kubenet|azure|flannel|cilium)"
|
||||
"description": "The network plugin to use for Kubernetes (kubenet|azure|flannel|cilium|antrea)"
|
||||
},
|
||||
"type": "string"
|
||||
},
|
||||
|
@ -941,11 +942,12 @@
|
|||
"none",
|
||||
"azure",
|
||||
"calico",
|
||||
"cilium"
|
||||
"cilium",
|
||||
"antrea"
|
||||
],
|
||||
"defaultValue": "",
|
||||
"metadata": {
|
||||
"description": "The network policy enforcement to use (calico|cilium); 'none' and 'azure' here for backwards compatibility"
|
||||
"description": "The network policy enforcement to use (calico|cilium|antrea); 'none' and 'azure' here for backwards compatibility"
|
||||
},
|
||||
"type": "string"
|
||||
},
|
||||
|
|
|
@ -893,11 +893,12 @@
|
|||
"kubenet",
|
||||
"azure",
|
||||
"flannel",
|
||||
"cilium"
|
||||
"cilium",
|
||||
"antrea"
|
||||
],
|
||||
"defaultValue": "flannel",
|
||||
"metadata": {
|
||||
"description": "The network plugin to use for Kubernetes (kubenet|azure|flannel|cilium)"
|
||||
"description": "The network plugin to use for Kubernetes (kubenet|azure|flannel|cilium|antrea)"
|
||||
},
|
||||
"type": "string"
|
||||
},
|
||||
|
@ -907,11 +908,12 @@
|
|||
"none",
|
||||
"azure",
|
||||
"calico",
|
||||
"cilium"
|
||||
"cilium",
|
||||
"antrea"
|
||||
],
|
||||
"defaultValue": "",
|
||||
"metadata": {
|
||||
"description": "The network policy enforcement to use (calico|cilium); 'none' and 'azure' here for backwards compatibility"
|
||||
"description": "The network policy enforcement to use (calico|cilium|antrea); 'none' and 'azure' here for backwards compatibility"
|
||||
},
|
||||
"type": "string"
|
||||
},
|
||||
|
|
|
@ -177,6 +177,11 @@ func kubernetesContainerAddonSettingsInit(p *api.Properties) map[string]kubernet
|
|||
base64Data: k.GetAddonScript(common.CiliumAddonName),
|
||||
destinationFile: ciliumAddonDestinationFilename,
|
||||
},
|
||||
common.AntreaAddonName: {
|
||||
sourceFile: antreaAddonSourceFilename,
|
||||
base64Data: k.GetAddonScript(common.AntreaAddonName),
|
||||
destinationFile: antreaAddonDestinationFilename,
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -365,6 +365,7 @@ func TestKubernetesContainerAddonSettingsInit(t *testing.T) {
|
|||
expectedKubeProxy kubernetesComponentFileSpec
|
||||
expectedPodSecurityPolicy kubernetesComponentFileSpec
|
||||
expectedAADDefaultAdminGroup kubernetesComponentFileSpec
|
||||
expectedAntrea kubernetesComponentFileSpec
|
||||
}{
|
||||
{
|
||||
name: "addons with data",
|
||||
|
@ -490,6 +491,10 @@ func TestKubernetesContainerAddonSettingsInit(t *testing.T) {
|
|||
Name: common.AADAdminGroupAddonName,
|
||||
Data: base64Data,
|
||||
},
|
||||
{
|
||||
Name: common.AntreaAddonName,
|
||||
Data: base64Data,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
|
@ -639,6 +644,11 @@ func TestKubernetesContainerAddonSettingsInit(t *testing.T) {
|
|||
base64Data: base64Data,
|
||||
destinationFile: aadDefaultAdminGroupDestinationFilename,
|
||||
},
|
||||
expectedAntrea: kubernetesComponentFileSpec{
|
||||
sourceFile: antreaAddonSourceFilename,
|
||||
base64Data: base64Data,
|
||||
destinationFile: antreaAddonDestinationFilename,
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "addons with no data",
|
||||
|
@ -735,6 +745,9 @@ func TestKubernetesContainerAddonSettingsInit(t *testing.T) {
|
|||
{
|
||||
Name: common.AADAdminGroupAddonName,
|
||||
},
|
||||
{
|
||||
Name: common.AntreaAddonName,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
|
@ -884,6 +897,11 @@ func TestKubernetesContainerAddonSettingsInit(t *testing.T) {
|
|||
base64Data: "",
|
||||
destinationFile: aadDefaultAdminGroupDestinationFilename,
|
||||
},
|
||||
expectedAntrea: kubernetesComponentFileSpec{
|
||||
sourceFile: antreaAddonSourceFilename,
|
||||
base64Data: "",
|
||||
destinationFile: antreaAddonDestinationFilename,
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "no addons in ContainerService object",
|
||||
|
@ -1033,6 +1051,11 @@ func TestKubernetesContainerAddonSettingsInit(t *testing.T) {
|
|||
base64Data: "",
|
||||
destinationFile: aadDefaultAdminGroupDestinationFilename,
|
||||
},
|
||||
expectedAntrea: kubernetesComponentFileSpec{
|
||||
sourceFile: antreaAddonSourceFilename,
|
||||
base64Data: "",
|
||||
destinationFile: antreaAddonDestinationFilename,
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
|
@ -1333,6 +1356,16 @@ func TestKubernetesContainerAddonSettingsInit(t *testing.T) {
|
|||
if c.expectedAADDefaultAdminGroup.destinationFile != componentFileSpec[addon].destinationFile {
|
||||
t.Fatalf("Expected %s to be %s", componentFileSpec[addon].destinationFile, c.expectedAADDefaultAdminGroup.destinationFile)
|
||||
}
|
||||
case common.AntreaAddonName:
|
||||
if c.expectedAntrea.sourceFile != componentFileSpec[addon].sourceFile {
|
||||
t.Fatalf("Expected %s to be %s", componentFileSpec[addon].sourceFile, c.expectedAntrea.sourceFile)
|
||||
}
|
||||
if c.expectedAntrea.base64Data != componentFileSpec[addon].base64Data {
|
||||
t.Fatalf("Expected %s to be %s", componentFileSpec[addon].base64Data, c.expectedAntrea.base64Data)
|
||||
}
|
||||
if c.expectedAntrea.destinationFile != componentFileSpec[addon].destinationFile {
|
||||
t.Fatalf("Expected %s to be %s", componentFileSpec[addon].destinationFile, c.expectedAntrea.destinationFile)
|
||||
}
|
||||
}
|
||||
}
|
||||
})
|
||||
|
|
|
@ -32,6 +32,10 @@ const (
|
|||
NetworkPolicyCilium = "cilium"
|
||||
// NetworkPluginCilium is the string expression for cilium network plugin config option
|
||||
NetworkPluginCilium = NetworkPolicyCilium
|
||||
// NetworkPolicyAntrea is the string expression for antrea network policy config option
|
||||
NetworkPolicyAntrea = "antrea"
|
||||
// NetworkPluginAntrea is the string expression for antrea network plugin config option
|
||||
NetworkPluginAntrea = NetworkPolicyAntrea
|
||||
// NetworkPolicyAzure is the string expression for Azure CNI network policy manager
|
||||
NetworkPolicyAzure = "azure"
|
||||
// NetworkPluginAzure is the string expression for Azure CNI plugin
|
||||
|
@ -262,4 +266,6 @@ const (
|
|||
aadDefaultAdminGroupDestinationFilename string = "aad-default-admin-group-rbac.yaml"
|
||||
ciliumAddonSourceFilename string = "kubernetesmasteraddons-cilium-daemonset.yaml"
|
||||
ciliumAddonDestinationFilename string = "cilium-daemonset.yaml"
|
||||
antreaAddonSourceFilename string = "antrea.yaml"
|
||||
antreaAddonDestinationFilename string = "antrea.yaml"
|
||||
)
|
||||
|
|
|
@ -577,6 +577,9 @@ func getContainerServiceFuncMap(cs *api.ContainerService) template.FuncMap {
|
|||
"HasCiliumNetworkPolicy": func() bool {
|
||||
return cs.Properties.OrchestratorProfile.KubernetesConfig.NetworkPolicy == NetworkPolicyCilium
|
||||
},
|
||||
"HasAntreaNetworkPolicy": func() bool {
|
||||
return cs.Properties.OrchestratorProfile.KubernetesConfig.NetworkPolicy == NetworkPolicyAntrea
|
||||
},
|
||||
"HasCustomNodesDNS": func() bool {
|
||||
return cs.Properties.LinuxProfile != nil && cs.Properties.LinuxProfile.HasCustomNodesDNS()
|
||||
},
|
||||
|
|
|
@ -872,6 +872,24 @@ func TestTemplateGenerator_FunctionMap(t *testing.T) {
|
|||
},
|
||||
ExpectedResult: false,
|
||||
},
|
||||
{
|
||||
Name: "HasAntreaNetworkPolicy - antrea",
|
||||
FuncName: "HasAntreaNetworkPolicy",
|
||||
MutateFunc: func(cs api.ContainerService) api.ContainerService {
|
||||
cs.Properties.OrchestratorProfile.KubernetesConfig.NetworkPolicy = NetworkPluginAntrea
|
||||
return cs
|
||||
},
|
||||
ExpectedResult: true,
|
||||
},
|
||||
{
|
||||
Name: "HasAntreaNetworkPolicy - azure",
|
||||
FuncName: "HasAntreaNetworkPolicy",
|
||||
MutateFunc: func(cs api.ContainerService) api.ContainerService {
|
||||
cs.Properties.OrchestratorProfile.KubernetesConfig.NetworkPolicy = NetworkPolicyAzure
|
||||
return cs
|
||||
},
|
||||
ExpectedResult: false,
|
||||
},
|
||||
}
|
||||
|
||||
originalCS := &api.ContainerService{}
|
||||
|
|
|
@ -150,6 +150,7 @@
|
|||
// ../../parts/k8s/containeraddons/1.7/kubernetesmasteraddons-heapster-deployment.yaml
|
||||
// ../../parts/k8s/containeraddons/1.8/kubernetesmasteraddons-heapster-deployment.yaml
|
||||
// ../../parts/k8s/containeraddons/1.9/kubernetesmasteraddons-metrics-server-deployment.yaml
|
||||
// ../../parts/k8s/containeraddons/antrea.yaml
|
||||
// ../../parts/k8s/containeraddons/azure-cni-networkmonitor.yaml
|
||||
// ../../parts/k8s/containeraddons/azure-policy-deployment.yaml
|
||||
// ../../parts/k8s/containeraddons/coredns.yaml
|
||||
|
@ -8719,6 +8720,11 @@ ensureKubelet() {
|
|||
sleep 3
|
||||
done
|
||||
{{end}}
|
||||
{{if HasAntreaNetworkPolicy}}
|
||||
while [ ! -f /etc/cni/net.d/10-antrea.conf ]; do
|
||||
sleep 3
|
||||
done
|
||||
{{end}}
|
||||
}
|
||||
|
||||
ensureLabelNodes() {
|
||||
|
@ -25005,6 +25011,525 @@ func k8sContaineraddons19KubernetesmasteraddonsMetricsServerDeploymentYaml() (*a
|
|||
return a, nil
|
||||
}
|
||||
|
||||
var _k8sContaineraddonsAntreaYaml = []byte(`apiVersion: apiextensions.k8s.io/v1beta1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
labels:
|
||||
app: antrea
|
||||
addonmanager.kubernetes.io/mode: "Reconcile"
|
||||
name: antreaagentinfos.clusterinformation.crd.antrea.io
|
||||
spec:
|
||||
group: clusterinformation.crd.antrea.io
|
||||
names:
|
||||
kind: AntreaAgentInfo
|
||||
plural: antreaagentinfos
|
||||
shortNames:
|
||||
- aai
|
||||
singular: antreaagentinfo
|
||||
scope: Cluster
|
||||
versions:
|
||||
- name: v1beta1
|
||||
served: true
|
||||
storage: true
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
labels:
|
||||
app: antrea
|
||||
addonmanager.kubernetes.io/mode: "Reconcile"
|
||||
name: antreacontrollerinfos.clusterinformation.crd.antrea.io
|
||||
spec:
|
||||
group: clusterinformation.crd.antrea.io
|
||||
names:
|
||||
kind: AntreaControllerInfo
|
||||
plural: antreacontrollerinfos
|
||||
shortNames:
|
||||
- aci
|
||||
singular: antreacontrollerinfo
|
||||
scope: Cluster
|
||||
versions:
|
||||
- name: v1beta1
|
||||
served: true
|
||||
storage: true
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
app: antrea
|
||||
addonmanager.kubernetes.io/mode: "Reconcile"
|
||||
name: antrea-agent
|
||||
namespace: kube-system
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
app: antrea
|
||||
addonmanager.kubernetes.io/mode: "Reconcile"
|
||||
name: antrea-controller
|
||||
namespace: kube-system
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
app: antrea
|
||||
addonmanager.kubernetes.io/mode: "Reconcile"
|
||||
name: antrea-agent
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- nodes
|
||||
- pods
|
||||
verbs:
|
||||
- get
|
||||
- watch
|
||||
- list
|
||||
- apiGroups:
|
||||
- clusterinformation.crd.antrea.io
|
||||
resources:
|
||||
- antreaagentinfos
|
||||
verbs:
|
||||
- get
|
||||
- create
|
||||
- update
|
||||
- delete
|
||||
- apiGroups:
|
||||
- networkpolicy.antrea.io
|
||||
resources:
|
||||
- networkpolicies
|
||||
- appliedtogroups
|
||||
- addressgroups
|
||||
verbs:
|
||||
- get
|
||||
- watch
|
||||
- list
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
app: antrea
|
||||
addonmanager.kubernetes.io/mode: "Reconcile"
|
||||
name: antrea-controller
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- nodes
|
||||
- pods
|
||||
- namespaces
|
||||
verbs:
|
||||
- get
|
||||
- watch
|
||||
- list
|
||||
- apiGroups:
|
||||
- networking.k8s.io
|
||||
resources:
|
||||
- networkpolicies
|
||||
verbs:
|
||||
- get
|
||||
- watch
|
||||
- list
|
||||
- apiGroups:
|
||||
- clusterinformation.crd.antrea.io
|
||||
resources:
|
||||
- antreacontrollerinfos
|
||||
verbs:
|
||||
- get
|
||||
- create
|
||||
- update
|
||||
- delete
|
||||
- apiGroups:
|
||||
- clusterinformation.crd.antrea.io
|
||||
resources:
|
||||
- antreaagentinfos
|
||||
verbs:
|
||||
- list
|
||||
- delete
|
||||
- apiGroups:
|
||||
- authentication.k8s.io
|
||||
resources:
|
||||
- tokenreviews
|
||||
verbs:
|
||||
- create
|
||||
- apiGroups:
|
||||
- authorization.k8s.io
|
||||
resources:
|
||||
- subjectaccessreviews
|
||||
verbs:
|
||||
- create
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
app: antrea
|
||||
addonmanager.kubernetes.io/mode: "Reconcile"
|
||||
name: antrea-controller-authentication-reader
|
||||
namespace: kube-system
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: extension-apiserver-authentication-reader
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: antrea-controller
|
||||
namespace: kube-system
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
app: antrea
|
||||
addonmanager.kubernetes.io/mode: "Reconcile"
|
||||
name: antrea-agent
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: antrea-agent
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: antrea-agent
|
||||
namespace: kube-system
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
app: antrea
|
||||
addonmanager.kubernetes.io/mode: "Reconcile"
|
||||
name: antrea-controller
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: antrea-controller
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: antrea-controller
|
||||
namespace: kube-system
|
||||
---
|
||||
apiVersion: v1
|
||||
data:
|
||||
antrea-agent.conf: |
|
||||
# Name of the OpenVSwitch bridge antrea-agent will create and use.
|
||||
# Make sure it doesn't conflict with your existing OpenVSwitch bridges.
|
||||
#ovsBridge: br-int
|
||||
|
||||
# Datapath type to use for the OpenVSwitch bridge created by Antrea. Supported values are:
|
||||
# - system
|
||||
# - netdev
|
||||
# 'system' is the default value and corresponds to the kernel datapath. Use 'netdev' to run
|
||||
# OVS in userspace mode. Userspace mode requires the tun device driver to be available.
|
||||
#ovsDatapathType: system
|
||||
|
||||
# Name of the interface antrea-agent will create and use for host <--> pod communication.
|
||||
# Make sure it doesn't conflict with your existing interfaces.
|
||||
#hostGateway: gw0
|
||||
|
||||
# Encapsulation mode for communication between Pods across Nodes, supported values:
|
||||
# - vxlan (default)
|
||||
# - geneve
|
||||
# - gre
|
||||
# - stt
|
||||
#tunnelType: vxlan
|
||||
|
||||
# Default MTU to use for the host gateway interface and the network interface of each Pod. If
|
||||
# omitted, antrea-agent will default this value to 1450 to accomodate for tunnel encapsulate
|
||||
# overhead.
|
||||
#defaultMTU: 1450
|
||||
|
||||
# CIDR Range for services in cluster. It's required to support egress network policy, should
|
||||
# be set to the same value as the one specified by --service-cluster-ip-range for kube-apiserver.
|
||||
serviceCIDR: {{ContainerConfig "serviceCidr"}}
|
||||
antrea-cni.conf: |
|
||||
{
|
||||
"cniVersion":"0.3.0",
|
||||
"name": "antrea",
|
||||
"type": "antrea",
|
||||
"ipam": {
|
||||
"type": "host-local"
|
||||
}
|
||||
}
|
||||
antrea-controller.conf: ""
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
annotations: {}
|
||||
labels:
|
||||
app: antrea
|
||||
addonmanager.kubernetes.io/mode: "EnsureExists"
|
||||
name: antrea-config-48gttf992h
|
||||
namespace: kube-system
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
app: antrea
|
||||
addonmanager.kubernetes.io/mode: "Reconcile"
|
||||
name: antrea
|
||||
namespace: kube-system
|
||||
spec:
|
||||
ports:
|
||||
- port: 443
|
||||
protocol: TCP
|
||||
targetPort: 443
|
||||
selector:
|
||||
app: antrea
|
||||
component: antrea-controller
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
app: antrea
|
||||
component: antrea-controller
|
||||
addonmanager.kubernetes.io/mode: "Reconcile"
|
||||
name: antrea-controller
|
||||
namespace: kube-system
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: antrea
|
||||
component: antrea-controller
|
||||
strategy:
|
||||
type: Recreate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: antrea
|
||||
component: antrea-controller
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- --config
|
||||
- /etc/antrea/antrea-controller.conf
|
||||
command:
|
||||
- antrea-controller
|
||||
env:
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
image: {{ContainerImage "antrea-controller"}}
|
||||
name: antrea-controller
|
||||
ports:
|
||||
- containerPort: 443
|
||||
protocol: TCP
|
||||
volumeMounts:
|
||||
- mountPath: /etc/antrea/antrea-controller.conf
|
||||
name: antrea-config
|
||||
readOnly: true
|
||||
subPath: antrea-controller.conf
|
||||
hostNetwork: true
|
||||
nodeSelector:
|
||||
beta.kubernetes.io/os: linux
|
||||
priorityClassName: system-cluster-critical
|
||||
serviceAccountName: antrea-controller
|
||||
tolerations:
|
||||
- key: CriticalAddonsOnly
|
||||
operator: Exists
|
||||
- effect: NoSchedule
|
||||
key: node-role.kubernetes.io/master
|
||||
volumes:
|
||||
- configMap:
|
||||
name: antrea-config-48gttf992h
|
||||
name: antrea-config
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
labels:
|
||||
app: antrea
|
||||
component: antrea-agent
|
||||
addonmanager.kubernetes.io/mode: "Reconcile"
|
||||
name: antrea-agent
|
||||
namespace: kube-system
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: antrea
|
||||
component: antrea-agent
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: antrea
|
||||
component: antrea-agent
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- --config
|
||||
- /etc/antrea/antrea-agent.conf
|
||||
command:
|
||||
- antrea-agent
|
||||
env:
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
image: {{ContainerImage "antrea-agent"}}
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
- container_liveness_probe agent
|
||||
failureThreshold: 5
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
name: antrea-agent
|
||||
securityContext:
|
||||
privileged: true
|
||||
volumeMounts:
|
||||
- mountPath: /etc/antrea/antrea-agent.conf
|
||||
name: antrea-config
|
||||
readOnly: true
|
||||
subPath: antrea-agent.conf
|
||||
- mountPath: /var/run/antrea
|
||||
name: host-var-run-antrea
|
||||
- mountPath: /var/run/openvswitch
|
||||
name: host-var-run-antrea
|
||||
subPath: openvswitch
|
||||
- mountPath: /var/lib/cni
|
||||
name: host-var-run-antrea
|
||||
subPath: cni
|
||||
- mountPath: /host/proc
|
||||
name: host-proc
|
||||
readOnly: true
|
||||
- mountPath: /host/var/run/netns
|
||||
mountPropagation: HostToContainer
|
||||
name: host-var-run-netns
|
||||
readOnly: true
|
||||
- command:
|
||||
- start_ovs
|
||||
image: {{ContainerImage "antrea-ovs"}}
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
- timeout 5 container_liveness_probe ovs
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
name: antrea-ovs
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- SYS_NICE
|
||||
- NET_ADMIN
|
||||
- SYS_ADMIN
|
||||
- IPC_LOCK
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/openvswitch
|
||||
name: host-var-run-antrea
|
||||
subPath: openvswitch
|
||||
- mountPath: /var/log/openvswitch
|
||||
name: host-var-log-antrea
|
||||
subPath: openvswitch
|
||||
hostNetwork: true
|
||||
initContainers:
|
||||
- command:
|
||||
- install_cni
|
||||
image: {{ContainerImage "install-cni"}}
|
||||
name: install-cni
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- SYS_MODULE
|
||||
volumeMounts:
|
||||
- mountPath: /etc/antrea/antrea-cni.conf
|
||||
name: antrea-config
|
||||
readOnly: true
|
||||
subPath: antrea-cni.conf
|
||||
- mountPath: /host/etc/cni/net.d
|
||||
name: host-cni-conf
|
||||
- mountPath: /host/opt/cni/bin
|
||||
name: host-cni-bin
|
||||
- mountPath: /lib/modules
|
||||
name: host-lib-modules
|
||||
readOnly: true
|
||||
- mountPath: /sbin/depmod
|
||||
name: host-depmod
|
||||
readOnly: true
|
||||
nodeSelector:
|
||||
beta.kubernetes.io/os: linux
|
||||
priorityClassName: system-node-critical
|
||||
serviceAccountName: antrea-agent
|
||||
tolerations:
|
||||
- key: CriticalAddonsOnly
|
||||
operator: Exists
|
||||
- effect: NoSchedule
|
||||
operator: Exists
|
||||
volumes:
|
||||
- configMap:
|
||||
name: antrea-config-48gttf992h
|
||||
name: antrea-config
|
||||
- hostPath:
|
||||
path: /etc/cni/net.d
|
||||
name: host-cni-conf
|
||||
- hostPath:
|
||||
path: /opt/cni/bin
|
||||
name: host-cni-bin
|
||||
- hostPath:
|
||||
path: /proc
|
||||
name: host-proc
|
||||
- hostPath:
|
||||
path: /var/run/netns
|
||||
name: host-var-run-netns
|
||||
- hostPath:
|
||||
path: /var/run/antrea
|
||||
type: DirectoryOrCreate
|
||||
name: host-var-run-antrea
|
||||
- hostPath:
|
||||
path: /var/log/antrea
|
||||
type: DirectoryOrCreate
|
||||
name: host-var-log-antrea
|
||||
- hostPath:
|
||||
path: /lib/modules
|
||||
name: host-lib-modules
|
||||
- hostPath:
|
||||
path: /sbin/depmod
|
||||
name: host-depmod
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
`)
|
||||
|
||||
func k8sContaineraddonsAntreaYamlBytes() ([]byte, error) {
|
||||
return _k8sContaineraddonsAntreaYaml, nil
|
||||
}
|
||||
|
||||
func k8sContaineraddonsAntreaYaml() (*asset, error) {
|
||||
bytes, err := k8sContaineraddonsAntreaYamlBytes()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
info := bindataFileInfo{name: "k8s/containeraddons/antrea.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)}
|
||||
a := &asset{bytes: bytes, info: info}
|
||||
return a, nil
|
||||
}
|
||||
|
||||
var _k8sContaineraddonsAzureCniNetworkmonitorYaml = []byte(`apiVersion: extensions/v1beta1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
|
@ -32041,27 +32566,29 @@ var _k8sKubernetesparamsT = []byte(`{{if IsHostedMaster}}
|
|||
"networkPolicy": {
|
||||
"defaultValue": "{{.OrchestratorProfile.KubernetesConfig.NetworkPolicy}}",
|
||||
"metadata": {
|
||||
"description": "The network policy enforcement to use (calico|cilium); 'none' and 'azure' here for backwards compatibility"
|
||||
"description": "The network policy enforcement to use (calico|cilium|antrea); 'none' and 'azure' here for backwards compatibility"
|
||||
},
|
||||
"allowedValues": [
|
||||
"",
|
||||
"none",
|
||||
"azure",
|
||||
"calico",
|
||||
"cilium"
|
||||
"cilium",
|
||||
"antrea"
|
||||
],
|
||||
"type": "string"
|
||||
},
|
||||
"networkPlugin": {
|
||||
"defaultValue": "{{.OrchestratorProfile.KubernetesConfig.NetworkPlugin}}",
|
||||
"metadata": {
|
||||
"description": "The network plugin to use for Kubernetes (kubenet|azure|flannel|cilium)"
|
||||
"description": "The network plugin to use for Kubernetes (kubenet|azure|flannel|cilium|antrea)"
|
||||
},
|
||||
"allowedValues": [
|
||||
"kubenet",
|
||||
"azure",
|
||||
"flannel",
|
||||
"cilium"
|
||||
"cilium",
|
||||
"antrea"
|
||||
],
|
||||
"type": "string"
|
||||
},
|
||||
|
@ -38169,6 +38696,7 @@ var _bindata = map[string]func() (*asset, error){
|
|||
"k8s/containeraddons/1.7/kubernetesmasteraddons-heapster-deployment.yaml": k8sContaineraddons17KubernetesmasteraddonsHeapsterDeploymentYaml,
|
||||
"k8s/containeraddons/1.8/kubernetesmasteraddons-heapster-deployment.yaml": k8sContaineraddons18KubernetesmasteraddonsHeapsterDeploymentYaml,
|
||||
"k8s/containeraddons/1.9/kubernetesmasteraddons-metrics-server-deployment.yaml": k8sContaineraddons19KubernetesmasteraddonsMetricsServerDeploymentYaml,
|
||||
"k8s/containeraddons/antrea.yaml": k8sContaineraddonsAntreaYaml,
|
||||
"k8s/containeraddons/azure-cni-networkmonitor.yaml": k8sContaineraddonsAzureCniNetworkmonitorYaml,
|
||||
"k8s/containeraddons/azure-policy-deployment.yaml": k8sContaineraddonsAzurePolicyDeploymentYaml,
|
||||
"k8s/containeraddons/coredns.yaml": k8sContaineraddonsCorednsYaml,
|
||||
|
@ -38467,6 +38995,7 @@ var _bintree = &bintree{nil, map[string]*bintree{
|
|||
"1.9": {nil, map[string]*bintree{
|
||||
"kubernetesmasteraddons-metrics-server-deployment.yaml": {k8sContaineraddons19KubernetesmasteraddonsMetricsServerDeploymentYaml, map[string]*bintree{}},
|
||||
}},
|
||||
"antrea.yaml": {k8sContaineraddonsAntreaYaml, map[string]*bintree{}},
|
||||
"azure-cni-networkmonitor.yaml": {k8sContaineraddonsAzureCniNetworkmonitorYaml, map[string]*bintree{}},
|
||||
"azure-policy-deployment.yaml": {k8sContaineraddonsAzurePolicyDeploymentYaml, map[string]*bintree{}},
|
||||
"coredns.yaml": {k8sContaineraddonsCorednsYaml, map[string]*bintree{}},
|
||||
|
|
Разница между файлами не показана из-за своего большого размера
Загрузить разницу
Различия файлов скрыты, потому что одна или несколько строк слишком длинны
|
@ -1065,11 +1065,12 @@
|
|||
"azure",
|
||||
"calico",
|
||||
"cilium",
|
||||
"flannel"
|
||||
"flannel",
|
||||
"antrea"
|
||||
],
|
||||
"defaultValue": "none",
|
||||
"metadata": {
|
||||
"description": "The network policy enforcement to use (none|azure|calico|cilium|flannel)"
|
||||
"description": "The network policy enforcement to use (none|azure|calico|cilium|flannel|antrea)"
|
||||
},
|
||||
"type": "string"
|
||||
},
|
||||
|
@ -2010,4 +2011,4 @@
|
|||
"value": "[reference(concat('Microsoft.Network/publicIPAddresses/', variables('masterPublicIPAddressName'))).dnsSettings.fqdn]"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1074,11 +1074,12 @@
|
|||
"azure",
|
||||
"calico",
|
||||
"cilium",
|
||||
"flannel"
|
||||
"flannel",
|
||||
"antrea"
|
||||
],
|
||||
"defaultValue": "none",
|
||||
"metadata": {
|
||||
"description": "The network policy enforcement to use (none|azure|calico|cilium|flannel)"
|
||||
"description": "The network policy enforcement to use (none|azure|calico|cilium|flannel|antrea)"
|
||||
},
|
||||
"type": "string"
|
||||
},
|
||||
|
@ -2185,4 +2186,4 @@
|
|||
"value": "[reference(concat('Microsoft.Network/publicIPAddresses/', variables('masterPublicIPAddressName'))).dnsSettings.fqdn]"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1065,11 +1065,12 @@
|
|||
"azure",
|
||||
"calico",
|
||||
"cilium",
|
||||
"flannel"
|
||||
"flannel",
|
||||
"antrea"
|
||||
],
|
||||
"defaultValue": "none",
|
||||
"metadata": {
|
||||
"description": "The network policy enforcement to use (none|azure|calico|cilium|flannel)"
|
||||
"description": "The network policy enforcement to use (none|azure|calico|cilium|flannel|antrea)"
|
||||
},
|
||||
"type": "string"
|
||||
},
|
||||
|
@ -2189,4 +2190,4 @@
|
|||
"value": "[reference(concat('Microsoft.Network/publicIPAddresses/', variables('masterPublicIPAddressName'))).dnsSettings.fqdn]"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -883,11 +883,12 @@
|
|||
"kubenet",
|
||||
"azure",
|
||||
"flannel",
|
||||
"cilium"
|
||||
"cilium",
|
||||
"antrea"
|
||||
],
|
||||
"defaultValue": "azure",
|
||||
"metadata": {
|
||||
"description": "The network plugin to use for Kubernetes (kubenet|azure|flannel|cilium)"
|
||||
"description": "The network plugin to use for Kubernetes (kubenet|azure|flannel|cilium|antrea)"
|
||||
},
|
||||
"type": "string"
|
||||
},
|
||||
|
@ -897,11 +898,12 @@
|
|||
"none",
|
||||
"azure",
|
||||
"calico",
|
||||
"cilium"
|
||||
"cilium",
|
||||
"antrea"
|
||||
],
|
||||
"defaultValue": "",
|
||||
"metadata": {
|
||||
"description": "The network policy enforcement to use (calico|cilium); 'none' and 'azure' here for backwards compatibility"
|
||||
"description": "The network policy enforcement to use (calico|cilium|antrea); 'none' and 'azure' here for backwards compatibility"
|
||||
},
|
||||
"type": "string"
|
||||
},
|
||||
|
|
|
@ -883,11 +883,12 @@
|
|||
"kubenet",
|
||||
"azure",
|
||||
"flannel",
|
||||
"cilium"
|
||||
"cilium",
|
||||
"antrea"
|
||||
],
|
||||
"defaultValue": "azure",
|
||||
"metadata": {
|
||||
"description": "The network plugin to use for Kubernetes (kubenet|azure|flannel|cilium)"
|
||||
"description": "The network plugin to use for Kubernetes (kubenet|azure|flannel|cilium|antrea)"
|
||||
},
|
||||
"type": "string"
|
||||
},
|
||||
|
@ -897,11 +898,12 @@
|
|||
"none",
|
||||
"azure",
|
||||
"calico",
|
||||
"cilium"
|
||||
"cilium",
|
||||
"antrea"
|
||||
],
|
||||
"defaultValue": "",
|
||||
"metadata": {
|
||||
"description": "The network policy enforcement to use (calico|cilium); 'none' and 'azure' here for backwards compatibility"
|
||||
"description": "The network policy enforcement to use (calico|cilium|antrea); 'none' and 'azure' here for backwards compatibility"
|
||||
},
|
||||
"type": "string"
|
||||
},
|
||||
|
|
|
@ -883,11 +883,12 @@
|
|||
"kubenet",
|
||||
"azure",
|
||||
"flannel",
|
||||
"cilium"
|
||||
"cilium",
|
||||
"antrea"
|
||||
],
|
||||
"defaultValue": "azure",
|
||||
"metadata": {
|
||||
"description": "The network plugin to use for Kubernetes (kubenet|azure|flannel|cilium)"
|
||||
"description": "The network plugin to use for Kubernetes (kubenet|azure|flannel|cilium|antrea)"
|
||||
},
|
||||
"type": "string"
|
||||
},
|
||||
|
@ -897,11 +898,12 @@
|
|||
"none",
|
||||
"azure",
|
||||
"calico",
|
||||
"cilium"
|
||||
"cilium",
|
||||
"antrea"
|
||||
],
|
||||
"defaultValue": "",
|
||||
"metadata": {
|
||||
"description": "The network policy enforcement to use (calico|cilium); 'none' and 'azure' here for backwards compatibility"
|
||||
"description": "The network policy enforcement to use (calico|cilium|antrea); 'none' and 'azure' here for backwards compatibility"
|
||||
},
|
||||
"type": "string"
|
||||
},
|
||||
|
|
|
@ -883,11 +883,12 @@
|
|||
"kubenet",
|
||||
"azure",
|
||||
"flannel",
|
||||
"cilium"
|
||||
"cilium",
|
||||
"antrea"
|
||||
],
|
||||
"defaultValue": "azure",
|
||||
"metadata": {
|
||||
"description": "The network plugin to use for Kubernetes (kubenet|azure|flannel|cilium)"
|
||||
"description": "The network plugin to use for Kubernetes (kubenet|azure|flannel|cilium|antrea)"
|
||||
},
|
||||
"type": "string"
|
||||
},
|
||||
|
@ -897,11 +898,12 @@
|
|||
"none",
|
||||
"azure",
|
||||
"calico",
|
||||
"cilium"
|
||||
"cilium",
|
||||
"antrea"
|
||||
],
|
||||
"defaultValue": "",
|
||||
"metadata": {
|
||||
"description": "The network policy enforcement to use (calico|cilium); 'none' and 'azure' here for backwards compatibility"
|
||||
"description": "The network policy enforcement to use (calico|cilium|antrea); 'none' and 'azure' here for backwards compatibility"
|
||||
},
|
||||
"type": "string"
|
||||
},
|
||||
|
|
|
@ -1074,11 +1074,12 @@
|
|||
"azure",
|
||||
"calico",
|
||||
"cilium",
|
||||
"flannel"
|
||||
"flannel",
|
||||
"antrea"
|
||||
],
|
||||
"defaultValue": "none",
|
||||
"metadata": {
|
||||
"description": "The network policy enforcement to use (none|azure|calico|cilium|flannel)"
|
||||
"description": "The network policy enforcement to use (none|azure|calico|cilium|flannel|antrea)"
|
||||
},
|
||||
"type": "string"
|
||||
},
|
||||
|
@ -2342,4 +2343,4 @@
|
|||
"value": "[reference(concat('Microsoft.Network/publicIPAddresses/', variables('masterPublicIPAddressName'))).dnsSettings.fqdn]"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1062,11 +1062,12 @@
|
|||
"azure",
|
||||
"calico",
|
||||
"cilium",
|
||||
"flannel"
|
||||
"flannel",
|
||||
"antrea"
|
||||
],
|
||||
"defaultValue": "none",
|
||||
"metadata": {
|
||||
"description": "The network policy enforcement to use (none|azure|calico|cilium|flannel)"
|
||||
"description": "The network policy enforcement to use (none|azure|calico|cilium|flannel|antrea)"
|
||||
},
|
||||
"type": "string"
|
||||
},
|
||||
|
@ -2133,4 +2134,4 @@
|
|||
"value": "[reference(concat('Microsoft.Network/publicIPAddresses/', variables('masterPublicIPAddressName'))).dnsSettings.fqdn]"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1071,11 +1071,12 @@
|
|||
"azure",
|
||||
"calico",
|
||||
"cilium",
|
||||
"flannel"
|
||||
"flannel",
|
||||
"antrea"
|
||||
],
|
||||
"defaultValue": "none",
|
||||
"metadata": {
|
||||
"description": "The network policy enforcement to use (none|azure|calico|cilium|flannel)"
|
||||
"description": "The network policy enforcement to use (none|azure|calico|cilium|flannel|antrea)"
|
||||
},
|
||||
"type": "string"
|
||||
},
|
||||
|
@ -2252,4 +2253,4 @@
|
|||
"value": "[reference(concat('Microsoft.Network/publicIPAddresses/', variables('masterPublicIPAddressName'))).dnsSettings.fqdn]"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1065,11 +1065,12 @@
|
|||
"azure",
|
||||
"calico",
|
||||
"cilium",
|
||||
"flannel"
|
||||
"flannel",
|
||||
"antrea"
|
||||
],
|
||||
"defaultValue": "none",
|
||||
"metadata": {
|
||||
"description": "The network policy enforcement to use (none|azure|calico|cilium|flannel)"
|
||||
"description": "The network policy enforcement to use (none|azure|calico|cilium|flannel|antrea)"
|
||||
},
|
||||
"type": "string"
|
||||
},
|
||||
|
|
|
@ -1361,7 +1361,8 @@ var _ = Describe("Azure Container Cluster using the Kubernetes Orchestrator", fu
|
|||
|
||||
Describe("with NetworkPolicy enabled", func() {
|
||||
It("should apply various network policies and enforce access to nginx pod", func() {
|
||||
if eng.HasNetworkPolicy("calico") || eng.HasNetworkPolicy("azure") || eng.HasNetworkPolicy("cilium") {
|
||||
if (eng.HasNetworkPolicy("calico") || eng.HasNetworkPolicy("azure") ||
|
||||
eng.HasNetworkPolicy("cilium") || eng.HasNetworkPolicy("antrea")) {
|
||||
nsDev, nsProd := "development", "production"
|
||||
By("Creating development namespace")
|
||||
namespaceDev, err := namespace.CreateIfNotExist(nsDev)
|
||||
|
@ -1583,7 +1584,7 @@ var _ = Describe("Azure Container Cluster using the Kubernetes Orchestrator", fu
|
|||
err = namespaceProd.Delete()
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
} else {
|
||||
Skip("Calico or Azure network policy was not provisioned for this Cluster Definition")
|
||||
Skip("Calico or Azure or Cilium or Antrea network policy was not provisioned for this Cluster Definition")
|
||||
}
|
||||
})
|
||||
})
|
||||
|
|
|
@ -0,0 +1,46 @@
|
|||
{
|
||||
"env": {
|
||||
},
|
||||
"options": {
|
||||
"allowedOrchestratorVersions": ["1.13", "1.14", "1.15", "1.16"]
|
||||
},
|
||||
"apiModel": {
|
||||
"apiVersion": "vlabs",
|
||||
"properties": {
|
||||
"orchestratorProfile": {
|
||||
"orchestratorType": "Kubernetes",
|
||||
"kubernetesConfig": {
|
||||
"networkPolicy": "antrea"
|
||||
}
|
||||
},
|
||||
"masterProfile": {
|
||||
"count": 1,
|
||||
"dnsPrefix": "",
|
||||
"vmSize": "Standard_D2_v3"
|
||||
},
|
||||
"agentPoolProfiles": [
|
||||
{
|
||||
"name": "agent1",
|
||||
"count": 1,
|
||||
"vmSize": "Standard_D2_v3",
|
||||
"availabilityProfile": "VirtualMachineScaleSets",
|
||||
"scalesetPriority": "Low"
|
||||
}
|
||||
],
|
||||
"linuxProfile": {
|
||||
"adminUsername": "azureuser",
|
||||
"ssh": {
|
||||
"publicKeys": [
|
||||
{
|
||||
"keyData": ""
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"servicePrincipalProfile": {
|
||||
"clientId": "",
|
||||
"secret": ""
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
Загрузка…
Ссылка в новой задаче