Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Out-of-the-box "Agent mode" support for antctl on Windows #3645

Merged
merged 2 commits into from Apr 18, 2022
Merged

Out-of-the-box "Agent mode" support for antctl on Windows #3645

merged 2 commits into from Apr 18, 2022

Conversation

antoninbas
Copy link
Contributor

At the moment is is possible to run antctl in Agent mode from a Windows
Node on which Antrea is runing, but it requires setting the following
environment variables manually:

> $Env:POD_NAME="antrea-agent"
> $Env:KUBERNETES_SERVICE_HOST="<ClusterIP>"
> $Env:KUBERNETES_SERVICE_PORT="443"

This is not very convenient and it is not documented
either. Additionally, there is no reason to require
KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT in Agent mode. This
requirement is caused by a bug in the antctl code: when antctl is
running inside a Pod, there is no need to resolve the "in-cluster"
Kubeconfig, as we generate this config manually to connect to the Antrea
API server.

In order to make antctl work out-of-the-box for that case, we change the
logic which decides what the antctl "runtime mode" is: if the antctl
binary is running on Windows and if a loopback client token exists, we
assume that this is a Windows Node which is running the Antrea Agent.

Fixes #2104

Signed-off-by: Antonin Bas abas@vmware.com

@antoninbas
Out-of-the-box "Agent mode" support for antctl
a82c88e 
At the moment is is possible to run antctl in Agent mode from a Windows
Node on which Antrea is runing, but it requires setting the following
environment variables manually:
```
> $Env:POD_NAME="antrea-agent"
> $Env:KUBERNETES_SERVICE_HOST="<ClusterIP>"
> $Env:KUBERNETES_SERVICE_PORT="443"
```

This is not very convenient and it is not documented
either. Additionally, there is no reason to require
KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT in Agent mode. This
requirement is caused by a bug in the antctl code: when antctl is
running inside a Pod, there is no need to resolve the "in-cluster"
Kubeconfig, as we generate this config manually to connect to the Antrea
API server.

In order to make antctl work out-of-the-box for that case, we change the
logic which decides what the antctl "runtime mode" is: if the antctl
binary is running on Windows and if a loopback client token exists, we
assume that this is a Windows Node which is running the Antrea Agent.

Fixes antrea-io#2104

Signed-off-by: Antonin Bas <abas@vmware.com>
@antoninbas antoninbas added area/OS/windows Issues or PRs related to the Windows operating system. area/component/antctl Issues or PRs releated to the command line interface component action/release-note Indicates a PR that should be included in release notes. labels Apr 14, 2022
@antoninbas
Copy link
Contributor Author

I tested this manually on a Windows K8s Node. I will also try to enable the antctl tests for Windows.

@antoninbas
Run antctl e2e tests for clusters with Windows Nodes
918984a 
Signed-off-by: Antonin Bas <abas@vmware.com>
@antoninbas
Copy link
Contributor Author

/test-all
/test-windows-e2e

@antoninbas antoninbas changed the title Out-of-the-box "Agent mode" support for antctl Out-of-the-box "Agent mode" support for antctl on Windows Apr 14, 2022
@codecov-commenter
Copy link

codecov-commenter commented Apr 14, 2022
edited

Codecov Report

Merging #3645 (918984a) into main (ba8210c) will increase coverage by 0.90%.
The diff coverage is 0.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #3645      +/-   ##
==========================================
+ Coverage   63.56%   64.47%   +0.90%     
==========================================
  Files         278      278              
  Lines       39360    39363       +3     
==========================================
+ Hits        25020    25380     +360     
+ Misses      12420    11999     -421     
- Partials     1920     1984      +64
Flag Coverage Δ
kind-e2e-tests 52.15% <ø> (+1.35%) ⬆️
unit-tests 43.79% <0.00%> (-0.04%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
pkg/antctl/client.go 1.88% <0.00%> (-0.06%) ⬇️
pkg/agent/openflow/service.go 72.09% <0.00%> (-11.63%) ⬇️
pkg/agent/controller/networkpolicy/reject.go 77.05% <0.00%> (-8.83%) ⬇️
pkg/agent/nodeportlocal/k8s/annotations.go 93.33% <0.00%> (-6.67%) ⬇️
pkg/controller/ipam/antrea_ipam_controller.go 77.55% <0.00%> (-1.54%) ⬇️
pkg/util/k8s/node.go 87.62% <0.00%> (-1.04%) ⬇️
pkg/ipam/poolallocator/allocator.go 53.49% <0.00%> (-0.97%) ⬇️
pkg/agent/openflow/pipeline.go 74.70% <0.00%> (-0.67%) ⬇️
pkg/agent/controller/traceflow/packetin.go 62.85% <0.00%> (-0.64%) ⬇️
pkg/agent/route/route_linux.go 48.22% <0.00%> (-0.40%) ⬇️
... and 28 more

wenyingd
wenyingd reviewed Apr 15, 2022
View reviewed changes
pkg/antctl/runtime/runtime.go
@@ -53,6 +56,15 @@ func init() {
podName, found := os.LookupEnv("POD_NAME")
InPod = found && (strings.HasPrefix(podName, "antrea-agent") || strings.HasPrefix(podName, "antrea-controller") ||
strings.HasPrefix(podName, "flow-aggregator"))

if runtime.IsWindowsPlatform() && !InPod {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I remember the default mode is ControllerMode if no environment variable settings, this design supports antctl on a remote client other than K8s Node. I doubt change may cause antctl fails to run on a remote Windows client?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There should be no token on a remote client.
The only issue is if you want antctl controller mode on a Windows K8s Node, which doesn't seem like something someone would typically do.

wenyingd
wenyingd approved these changes Apr 15, 2022
View reviewed changes
Copy link
Contributor

@wenyingd wenyingd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@antoninbas
Copy link
Contributor Author

/test-windows-e2e

@antoninbas antoninbas merged commit bd82ef6 into antrea-io:main Apr 18, 2022
@antoninbas antoninbas deleted the antctl-agent-mode-for-windows branch April 18, 2022 17:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wenyingd wenyingd wenyingd approved these changes

@tnqn tnqn Awaiting requested review from tnqn

@jianjuns jianjuns Awaiting requested review from jianjuns

Assignees
No one assigned
Labels
action/release-note Indicates a PR that should be included in release notes. area/component/antctl Issues or PRs releated to the command line interface component area/OS/windows Issues or PRs related to the Windows operating system.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Antctl "agent mode" support on Windows
3 participants
@antoninbas @codecov-commenter @wenyingd