From 7634ece7b94215a9724a7953c1529056ee6d331c Mon Sep 17 00:00:00 2001 From: Jack Francis Date: Thu, 19 Dec 2019 15:32:39 -0800 Subject: [PATCH] chore: clean up --- cmd/generate_test.go | 5 - examples/kubernetes.json | 5 +- examples/networkplugin/README.md | 4 +- examples/networkplugin/kubernetes-antrea.json | 44 - parts/k8s/cloud-init/artifacts/cse_config.sh | 5 + ...dons-antrea-daemonset.yaml => antrea.yaml} | 0 parts/k8s/kubernetesparams.t | 6 - pkg/api/common/const.go | 2 +- pkg/api/defaults.go | 2 +- pkg/api/defaults_test.go | 2 +- pkg/api/vlabs/const.go | 6 +- pkg/api/vlabs/validate.go | 8 +- pkg/api/vlabs/validate_test.go | 87 +- pkg/engine/const.go | 10 +- pkg/engine/params_k8s.go | 2 +- pkg/engine/template_generator.go | 4 +- pkg/engine/template_generator_test.go | 12 +- pkg/engine/templates_generated.go | 1041 ++++++++--------- .../k8s_agent_upgrade_template.json | 9 +- .../k8s_master_upgrade_template.json | 9 +- .../k8s_scale_template.json | 9 +- .../k8s_slb_scale_template.json | 6 - .../transformtestfiles/k8s_slb_template.json | 6 - .../k8s_slb_vmss_scale_template.json | 6 - .../k8s_slb_vmss_template.json | 6 - .../transformtestfiles/k8s_template.json | 9 +- .../k8s_vnet_scale_template.json | 9 +- .../transformtestfiles/k8s_vnet_template.json | 9 +- .../master_resources_scale_temaplate.json | 9 +- .../test_cluster_configs/network/antrea.json | 45 - .../network_policy/antrea.json | 5 +- 31 files changed, 650 insertions(+), 732 deletions(-) delete mode 100644 examples/networkplugin/kubernetes-antrea.json rename parts/k8s/containeraddons/{kubernetesmasteraddons-antrea-daemonset.yaml => antrea.yaml} (100%) delete mode 100644 test/e2e/test_cluster_configs/network/antrea.json diff --git a/cmd/generate_test.go b/cmd/generate_test.go index b324013369..95ba29d902 100644 --- a/cmd/generate_test.go +++ b/cmd/generate_test.go @@ -645,11 +645,6 @@ func TestExampleAPIModels(t *testing.T) { apiModelPath: "../examples/networkpolicy/kubernetes-cilium.json", setArgs: defaultSet, }, - { - name: "antrea network plugin", - apiModelPath: "../examples/networkplugin/kubernetes-antrea.json", - setArgs: defaultSet, - }, { name: "antrea network policy", apiModelPath: "../examples/networkpolicy/kubernetes-antrea.json", diff --git a/examples/kubernetes.json b/examples/kubernetes.json index e841b6eecd..1807e0b244 100644 --- a/examples/kubernetes.json +++ b/examples/kubernetes.json @@ -2,7 +2,10 @@ "apiVersion": "vlabs", "properties": { "orchestratorProfile": { - "orchestratorType": "Kubernetes" + "orchestratorType": "Kubernetes", + "kubernetesConfig": { + "networkPolicy": "antrea" + } }, "masterProfile": { "count": 1, diff --git a/examples/networkplugin/README.md b/examples/networkplugin/README.md index 9b187b1cc0..21e6b79544 100644 --- a/examples/networkplugin/README.md +++ b/examples/networkplugin/README.md @@ -5,8 +5,8 @@ There are 5 different Network Plugin options : - Azure Container Networking (default) - Kubenet - Flannel (docs are //TODO) -- Cilium (docs are //TODO) -- Antrea (docs are //TODO) +- Cilium (CNI IPAM implementation that pairs w/ cilium NetworkPolicy addon; only works w/ `"networkPolicy": "cilium"`) +- Antrea (CNI IPAM implementation that pairs w/ antrea NetworkPolicy addon; only works w/ `"networkPolicy": "antrea"`) ## Azure Container Networking (default) diff --git a/examples/networkplugin/kubernetes-antrea.json b/examples/networkplugin/kubernetes-antrea.json deleted file mode 100644 index bc00df4fe7..0000000000 --- a/examples/networkplugin/kubernetes-antrea.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "apiVersion": "vlabs", - "properties": { - "orchestratorProfile": { - "orchestratorType": "Kubernetes", - "kubernetesConfig": { - "networkPlugin": "antrea" - } - }, - "masterProfile": { - "count": 1, - "dnsPrefix": "", - "vmSize": "Standard_D2_v3" - }, - "agentPoolProfiles": [ - { - "name": "agentpool1", - "count": 3, - "vmSize": "Standard_D2_v3", - "availabilityProfile": "AvailabilitySet" - }, - { - "name": "agentpool2", - "count": 3, - "vmSize": "Standard_D2_v3", - "availabilityProfile": "AvailabilitySet" - } - ], - "linuxProfile": { - "adminUsername": "azureuser", - "ssh": { - "publicKeys": [ - { - "keyData": "" - } - ] - } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" - } - } -} diff --git a/parts/k8s/cloud-init/artifacts/cse_config.sh b/parts/k8s/cloud-init/artifacts/cse_config.sh index 6c7417b599..f87ebb05df 100755 --- a/parts/k8s/cloud-init/artifacts/cse_config.sh +++ b/parts/k8s/cloud-init/artifacts/cse_config.sh @@ -312,6 +312,11 @@ ensureKubelet() { sleep 3 done {{end}} + {{if HasAntreaNetworkPolicy}} + while [ ! -f /etc/cni/net.d/10-antrea.conf ]; do + sleep 3 + done + {{end}} } ensureLabelNodes() { diff --git a/parts/k8s/containeraddons/kubernetesmasteraddons-antrea-daemonset.yaml b/parts/k8s/containeraddons/antrea.yaml similarity index 100% rename from parts/k8s/containeraddons/kubernetesmasteraddons-antrea-daemonset.yaml rename to parts/k8s/containeraddons/antrea.yaml diff --git a/parts/k8s/kubernetesparams.t b/parts/k8s/kubernetesparams.t index 3c87d622af..a771abc378 100644 --- a/parts/k8s/kubernetesparams.t +++ b/parts/k8s/kubernetesparams.t @@ -169,12 +169,6 @@ }, "type": "string" }, - "kubeServiceCidr": { - "metadata": { - "description": "Kubernetes service address space" - }, - "type": "string" - }, "kubeDNSServiceIP": { "metadata": { "description": "Kubernetes DNS IP" diff --git a/pkg/api/common/const.go b/pkg/api/common/const.go index 981790f0bb..895c4958d1 100644 --- a/pkg/api/common/const.go +++ b/pkg/api/common/const.go @@ -215,7 +215,7 @@ const ( // CiliumAddonName is the name of cilium daemonset addon CiliumAddonName = "cilium" // AntreaAddonName is the name of antrea daemonset addon - AntreaAddonName = "antrea-daemonset" + AntreaAddonName = "antrea" // FlannelAddonName is the name of flannel plugin daemonset addon FlannelAddonName = "flannel-daemonset" // AADAdminGroupAddonName is the name of the default admin group RBAC addon diff --git a/pkg/api/defaults.go b/pkg/api/defaults.go index f7b8b4a93e..2444c572ce 100644 --- a/pkg/api/defaults.go +++ b/pkg/api/defaults.go @@ -119,7 +119,7 @@ func (cs *ContainerService) setOrchestratorDefaults(isUpgrade, isScale bool) { case NetworkPolicyCilium: o.KubernetesConfig.NetworkPlugin = NetworkPluginCilium case NetworkPolicyAntrea: - o.KubernetesConfig.NetworkPlugin = NetworkPluginAntrea + o.KubernetesConfig.NetworkPlugin = NetworkPluginAntrea } if o.KubernetesConfig.KubernetesImageBase == "" { diff --git a/pkg/api/defaults_test.go b/pkg/api/defaults_test.go index adad5dce84..ccaac428c6 100644 --- a/pkg/api/defaults_test.go +++ b/pkg/api/defaults_test.go @@ -835,7 +835,7 @@ func TestNetworkPolicyDefaults(t *testing.T) { properties.OrchestratorProfile.KubernetesConfig.NetworkPlugin, NetworkPluginCilium) } - mockCS = getMockBaseContainerService("1.8.10") + mockCS = getMockBaseContainerService("1.15.7") properties = mockCS.Properties properties.OrchestratorProfile.OrchestratorType = Kubernetes properties.OrchestratorProfile.KubernetesConfig.NetworkPolicy = NetworkPolicyAntrea diff --git a/pkg/api/vlabs/const.go b/pkg/api/vlabs/const.go index 139f9132ad..3f1518f993 100644 --- a/pkg/api/vlabs/const.go +++ b/pkg/api/vlabs/const.go @@ -126,10 +126,10 @@ const ( NetworkPolicyCilium = "cilium" // NetworkPluginCilium is the string expression for cilium network policy config option NetworkPluginCilium = NetworkPolicyCilium - // NetworkPluginAntrea is the string expression for antrea network plugin config option - NetworkPluginAntrea = "antrea" // NetworkPolicyAntrea is the string expression for antrea network policy config option - NetworkPolicyAntrea = NetworkPluginAntrea + NetworkPolicyAntrea = "antrea" + // NetworkPluginAntrea is the string expression for antrea network plugin config option + NetworkPluginAntrea = NetworkPolicyAntrea // NetworkModeBridge is the string expression for bridge network mode config option NetworkModeBridge = "bridge" // NetworkModeTransparent is the string expression for transparent network mode config option diff --git a/pkg/api/vlabs/validate.go b/pkg/api/vlabs/validate.go index 47d1a00cac..dda8eb69e4 100644 --- a/pkg/api/vlabs/validate.go +++ b/pkg/api/vlabs/validate.go @@ -85,10 +85,6 @@ var ( networkPlugin: "", networkPolicy: NetworkPolicyAntrea, }, - { - networkPlugin: NetworkPluginAntrea, - networkPolicy: "", - }, { networkPlugin: "", networkPolicy: "azure", // for backwards-compatibility w/ prior networkPolicy usage @@ -732,6 +728,10 @@ func (a *Properties) validateAddons() error { } else { return errors.Errorf("%s addon is not supported on Kubernetes v1.16.0 or greater", common.CiliumAddonName) } + case common.AntreaAddonName: + if a.OrchestratorProfile.KubernetesConfig.NetworkPolicy != NetworkPolicyAntrea { + return errors.Errorf("%s addon may only be enabled if the networkPolicy=%s", common.AntreaAddonName, NetworkPolicyAntrea) + } case "azure-policy": isValidVersion, err := common.IsValidMinVersion(a.OrchestratorProfile.OrchestratorType, a.OrchestratorProfile.OrchestratorRelease, a.OrchestratorProfile.OrchestratorVersion, "1.10.0") if err != nil { diff --git a/pkg/api/vlabs/validate_test.go b/pkg/api/vlabs/validate_test.go index 0a8c619b1d..d4feb2b5c7 100644 --- a/pkg/api/vlabs/validate_test.go +++ b/pkg/api/vlabs/validate_test.go @@ -1560,7 +1560,7 @@ func TestValidateAddons(t *testing.T) { expectedErr: errors.Errorf("%s addon may only be enabled if the networkPolicy=%s", common.CiliumAddonName, NetworkPolicyCilium), }, { - name: "cilium addon enabled w/ azure networkPolicy", + name: "cilium addon enabled w/ calico networkPolicy", p: &Properties{ OrchestratorProfile: &OrchestratorProfile{ KubernetesConfig: &KubernetesConfig{ @@ -1629,6 +1629,91 @@ func TestValidateAddons(t *testing.T) { }, expectedErr: errors.Errorf("%s addon is not supported on Kubernetes v1.16.0 or greater", common.CiliumAddonName), }, + { + name: "antrea addon enabled w/ no networkPolicy", + p: &Properties{ + OrchestratorProfile: &OrchestratorProfile{ + KubernetesConfig: &KubernetesConfig{ + Addons: []KubernetesAddon{ + { + Name: common.AntreaAddonName, + Enabled: to.BoolPtr(true), + }, + }, + }, + }, + }, + expectedErr: errors.Errorf("%s addon may only be enabled if the networkPolicy=%s", common.AntreaAddonName, NetworkPolicyAntrea), + }, + { + name: "antrea addon enabled w/ azure networkPolicy", + p: &Properties{ + OrchestratorProfile: &OrchestratorProfile{ + KubernetesConfig: &KubernetesConfig{ + NetworkPolicy: "azure", + Addons: []KubernetesAddon{ + { + Name: common.AntreaAddonName, + Enabled: to.BoolPtr(true), + }, + }, + }, + }, + }, + expectedErr: errors.Errorf("%s addon may only be enabled if the networkPolicy=%s", common.AntreaAddonName, NetworkPolicyAntrea), + }, + { + name: "antrea addon enabled w/ calico networkPolicy", + p: &Properties{ + OrchestratorProfile: &OrchestratorProfile{ + KubernetesConfig: &KubernetesConfig{ + NetworkPolicy: "calico", + Addons: []KubernetesAddon{ + { + Name: common.AntreaAddonName, + Enabled: to.BoolPtr(true), + }, + }, + }, + }, + }, + expectedErr: errors.Errorf("%s addon may only be enabled if the networkPolicy=%s", common.AntreaAddonName, NetworkPolicyAntrea), + }, + { + name: "antrea addon enabled w/ antrea networkPolicy", + p: &Properties{ + OrchestratorProfile: &OrchestratorProfile{ + KubernetesConfig: &KubernetesConfig{ + NetworkPolicy: NetworkPolicyAntrea, + Addons: []KubernetesAddon{ + { + Name: common.AntreaAddonName, + Enabled: to.BoolPtr(true), + }, + }, + }, + }, + }, + expectedErr: nil, + }, + { + name: "antrea addon enabled w/ antrea networkPolicy + networkPlugin", + p: &Properties{ + OrchestratorProfile: &OrchestratorProfile{ + KubernetesConfig: &KubernetesConfig{ + NetworkPolicy: NetworkPolicyAntrea, + NetworkPlugin: NetworkPluginAntrea, + Addons: []KubernetesAddon{ + { + Name: common.AntreaAddonName, + Enabled: to.BoolPtr(true), + }, + }, + }, + }, + }, + expectedErr: nil, + }, } for _, test := range tests { diff --git a/pkg/engine/const.go b/pkg/engine/const.go index 5ffed23416..ef366f70c9 100644 --- a/pkg/engine/const.go +++ b/pkg/engine/const.go @@ -32,10 +32,10 @@ const ( NetworkPolicyCilium = "cilium" // NetworkPluginCilium is the string expression for cilium network plugin config option NetworkPluginCilium = NetworkPolicyCilium - // NetworkPluginAntrea is the string expression for antrea network plugin config option - NetworkPluginAntrea = "antrea" // NetworkPolicyAntrea is the string expression for antrea network policy config option - NetworkPolicyAntrea = NetworkPluginAntrea + NetworkPolicyAntrea = "antrea" + // NetworkPluginAntrea is the string expression for antrea network plugin config option + NetworkPluginAntrea = NetworkPolicyAntrea // NetworkPolicyAzure is the string expression for Azure CNI network policy manager NetworkPolicyAzure = "azure" // NetworkPluginAzure is the string expression for Azure CNI plugin @@ -266,6 +266,6 @@ const ( aadDefaultAdminGroupDestinationFilename string = "aad-default-admin-group-rbac.yaml" ciliumAddonSourceFilename string = "kubernetesmasteraddons-cilium-daemonset.yaml" ciliumAddonDestinationFilename string = "cilium-daemonset.yaml" - antreaAddonSourceFilename string = "kubernetesmasteraddons-antrea-daemonset.yaml" - antreaAddonDestinationFilename string = "antrea-daemonset.yaml" + antreaAddonSourceFilename string = "antrea.yaml" + antreaAddonDestinationFilename string = "antrea.yaml" ) diff --git a/pkg/engine/params_k8s.go b/pkg/engine/params_k8s.go index 130a076eb2..620e8e7bf9 100644 --- a/pkg/engine/params_k8s.go +++ b/pkg/engine/params_k8s.go @@ -79,7 +79,6 @@ func assignKubernetesParameters(properties *api.Properties, parametersMap params CloudProviderDisableOutboundSNAT: kubernetesConfig.CloudProviderDisableOutboundSNAT, }) addValue(parametersMap, "kubeClusterCidr", kubernetesConfig.ClusterSubnet) - addValue(parametersMap, "kubeServiceCidr", kubernetesConfig.ServiceCIDR) addValue(parametersMap, "dockerBridgeCidr", kubernetesConfig.DockerBridgeSubnet) addValue(parametersMap, "networkPolicy", kubernetesConfig.NetworkPolicy) addValue(parametersMap, "networkPlugin", kubernetesConfig.NetworkPlugin) @@ -122,6 +121,7 @@ func assignKubernetesParameters(properties *api.Properties, parametersMap params // Kubernetes node binaries as packaged by upstream kubernetes // example at https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.11.md#node-binaries-1 addValue(parametersMap, "windowsKubeBinariesURL", kubernetesConfig.WindowsNodeBinariesURL) + addValue(parametersMap, "kubeServiceCidr", kubernetesConfig.ServiceCIDR) addValue(parametersMap, "kubeBinariesVersion", k8sVersion) addValue(parametersMap, "windowsTelemetryGUID", cloudSpecConfig.KubernetesSpecConfig.WindowsTelemetryGUID) } diff --git a/pkg/engine/template_generator.go b/pkg/engine/template_generator.go index 73f142d52c..0356f6f08a 100644 --- a/pkg/engine/template_generator.go +++ b/pkg/engine/template_generator.go @@ -577,8 +577,8 @@ func getContainerServiceFuncMap(cs *api.ContainerService) template.FuncMap { "HasCiliumNetworkPolicy": func() bool { return cs.Properties.OrchestratorProfile.KubernetesConfig.NetworkPolicy == NetworkPolicyCilium }, - "HasAntreaNetworkPlugin": func() bool { - return cs.Properties.OrchestratorProfile.KubernetesConfig.NetworkPlugin == NetworkPluginAntrea + "HasAntreaNetworkPolicy": func() bool { + return cs.Properties.OrchestratorProfile.KubernetesConfig.NetworkPlugin == NetworkPolicyAntrea }, "HasCustomNodesDNS": func() bool { return cs.Properties.LinuxProfile != nil && cs.Properties.LinuxProfile.HasCustomNodesDNS() diff --git a/pkg/engine/template_generator_test.go b/pkg/engine/template_generator_test.go index 44e8b08a01..6437a7be6f 100644 --- a/pkg/engine/template_generator_test.go +++ b/pkg/engine/template_generator_test.go @@ -873,19 +873,19 @@ func TestTemplateGenerator_FunctionMap(t *testing.T) { ExpectedResult: false, }, { - Name: "HasAntreaNetworkPlugin - antrea", - FuncName: "HasAntreaNetworkPlugin", + Name: "HasAntreaNetworkPolicy - antrea", + FuncName: "HasAntreaNetworkPolicy", MutateFunc: func(cs api.ContainerService) api.ContainerService { - cs.Properties.OrchestratorProfile.KubernetesConfig.NetworkPlugin = NetworkPluginAntrea + cs.Properties.OrchestratorProfile.KubernetesConfig.NetworkPolicy = NetworkPluginAntrea return cs }, ExpectedResult: true, }, { - Name: "HasAntreaNetworkPlugin - azure", - FuncName: "HasAntreaNetworkPlugin", + Name: "HasAntreaNetworkPolicy - azure", + FuncName: "HasAntreaNetworkPolicy", MutateFunc: func(cs api.ContainerService) api.ContainerService { - cs.Properties.OrchestratorProfile.KubernetesConfig.NetworkPlugin = NetworkPluginAzure + cs.Properties.OrchestratorProfile.KubernetesConfig.NetworkPolicy = NetworkPolicyAzure return cs }, ExpectedResult: false, diff --git a/pkg/engine/templates_generated.go b/pkg/engine/templates_generated.go index 6dddc14a8c..bc1e31c929 100644 --- a/pkg/engine/templates_generated.go +++ b/pkg/engine/templates_generated.go @@ -150,6 +150,7 @@ // ../../parts/k8s/containeraddons/1.7/kubernetesmasteraddons-heapster-deployment.yaml // ../../parts/k8s/containeraddons/1.8/kubernetesmasteraddons-heapster-deployment.yaml // ../../parts/k8s/containeraddons/1.9/kubernetesmasteraddons-metrics-server-deployment.yaml +// ../../parts/k8s/containeraddons/antrea.yaml // ../../parts/k8s/containeraddons/azure-cni-networkmonitor.yaml // ../../parts/k8s/containeraddons/azure-policy-deployment.yaml // ../../parts/k8s/containeraddons/coredns.yaml @@ -158,7 +159,6 @@ // ../../parts/k8s/containeraddons/kubernetesmasteraddons-aad-default-admin-group-rbac.yaml // ../../parts/k8s/containeraddons/kubernetesmasteraddons-aad-pod-identity-deployment.yaml // ../../parts/k8s/containeraddons/kubernetesmasteraddons-aci-connector-deployment.yaml -// ../../parts/k8s/containeraddons/kubernetesmasteraddons-antrea-daemonset.yaml // ../../parts/k8s/containeraddons/kubernetesmasteraddons-azure-npm-daemonset.yaml // ../../parts/k8s/containeraddons/kubernetesmasteraddons-azuredisk-csi-driver-deployment.yaml // ../../parts/k8s/containeraddons/kubernetesmasteraddons-azurefile-csi-driver-deployment.yaml @@ -8720,6 +8720,11 @@ ensureKubelet() { sleep 3 done {{end}} + {{if HasAntreaNetworkPolicy}} + while [ ! -f /etc/cni/net.d/10-antrea.conf ]; do + sleep 3 + done + {{end}} } ensureLabelNodes() { @@ -25006,6 +25011,518 @@ func k8sContaineraddons19KubernetesmasteraddonsMetricsServerDeploymentYaml() (*a return a, nil } +var _k8sContaineraddonsAntreaYaml = []byte(`apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: antrea + addonmanager.kubernetes.io/mode: "Reconcile" + name: antreaagentinfos.clusterinformation.crd.antrea.io +spec: + group: clusterinformation.crd.antrea.io + names: + kind: AntreaAgentInfo + plural: antreaagentinfos + shortNames: + - aai + singular: antreaagentinfo + scope: Cluster + versions: + - name: v1beta1 + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: antrea + addonmanager.kubernetes.io/mode: "Reconcile" + name: antreacontrollerinfos.clusterinformation.crd.antrea.io +spec: + group: clusterinformation.crd.antrea.io + names: + kind: AntreaControllerInfo + plural: antreacontrollerinfos + shortNames: + - aci + singular: antreacontrollerinfo + scope: Cluster + versions: + - name: v1beta1 + served: true + storage: true +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: antrea + addonmanager.kubernetes.io/mode: "Reconcile" + name: antrea-agent + namespace: kube-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: antrea + addonmanager.kubernetes.io/mode: "Reconcile" + name: antrea-controller + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: antrea + addonmanager.kubernetes.io/mode: "Reconcile" + name: antrea-agent +rules: +- apiGroups: + - "" + resources: + - nodes + - pods + verbs: + - get + - watch + - list +- apiGroups: + - clusterinformation.crd.antrea.io + resources: + - antreaagentinfos + verbs: + - get + - create + - update + - delete +- apiGroups: + - networkpolicy.antrea.io + resources: + - networkpolicies + - appliedtogroups + - addressgroups + verbs: + - get + - watch + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: antrea + addonmanager.kubernetes.io/mode: "Reconcile" + name: antrea-controller +rules: +- apiGroups: + - "" + resources: + - pods + - namespaces + verbs: + - get + - watch + - list +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - get + - watch + - list +- apiGroups: + - clusterinformation.crd.antrea.io + resources: + - antreacontrollerinfos + verbs: + - get + - create + - update + - delete +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: antrea + addonmanager.kubernetes.io/mode: "Reconcile" + name: antrea-controller-authentication-reader + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: +- kind: ServiceAccount + name: antrea-controller + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: antrea + addonmanager.kubernetes.io/mode: "Reconcile" + name: antrea-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: antrea-agent +subjects: +- kind: ServiceAccount + name: antrea-agent + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: antrea + addonmanager.kubernetes.io/mode: "Reconcile" + name: antrea-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: antrea-controller +subjects: +- kind: ServiceAccount + name: antrea-controller + namespace: kube-system +--- +apiVersion: v1 +data: + antrea-agent.conf: | + # Name of the OpenVSwitch bridge antrea-agent will create and use. + # Make sure it doesn't conflict with your existing OpenVSwitch bridges. + #ovsBridge: br-int + + # Datapath type to use for the OpenVSwitch bridge created by Antrea. Supported values are: + # - system + # - netdev + # 'system' is the default value and corresponds to the kernel datapath. Use 'netdev' to run + # OVS in userspace mode. Userspace mode requires the tun device driver to be available. + #ovsDatapathType: system + + # Name of the interface antrea-agent will create and use for host <--> pod communication. + # Make sure it doesn't conflict with your existing interfaces. + #hostGateway: gw0 + + # Encapsulation mode for communication between Pods across Nodes, supported values: + # - vxlan (default) + # - geneve + #tunnelType: vxlan + + # Default MTU to use for the host gateway interface and the network interface of each Pod. If + # omitted, antrea-agent will default this value to 1450 to accomodate for tunnel encapsulate + # overhead. + #defaultMTU: 1450 + + # CIDR Range for services in cluster. It's required to support egress network policy, should + # be set to the same value as the one specified by --service-cluster-ip-range for kube-apiserver. + serviceCIDR: {{ContainerConfig "serviceCidr"}} + antrea-cni.conf: | + { + "cniVersion":"0.3.0", + "name": "antrea", + "type": "antrea", + "ipam": { + "type": "host-local" + } + } + antrea-controller.conf: "" +kind: ConfigMap +metadata: + labels: + app: antrea + addonmanager.kubernetes.io/mode: "EnsureExists" + name: antrea-config-fh9t4g64dc + namespace: kube-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: antrea + addonmanager.kubernetes.io/mode: "Reconcile" + name: antrea + namespace: kube-system +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 443 + selector: + app: antrea + component: antrea-controller +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: antrea + component: antrea-controller + addonmanager.kubernetes.io/mode: "Reconcile" + name: antrea-controller + namespace: kube-system +spec: + replicas: 1 + selector: + matchLabels: + app: antrea + component: antrea-controller + strategy: + type: Recreate + template: + metadata: + labels: + app: antrea + component: antrea-controller + spec: + containers: + - args: + - --config + - /etc/antrea/antrea-controller.conf + command: + - antrea-controller + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + image: antrea/antrea-ubuntu:latest + imagePullPolicy: IfNotPresent + name: antrea-controller + ports: + - containerPort: 443 + protocol: TCP + volumeMounts: + - mountPath: /etc/antrea/antrea-controller.conf + name: antrea-config + readOnly: true + subPath: antrea-controller.conf + hostNetwork: true + nodeSelector: + beta.kubernetes.io/os: linux + priorityClassName: system-cluster-critical + serviceAccountName: antrea-controller + tolerations: + - key: CriticalAddonsOnly + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/master + volumes: + - configMap: + name: antrea-config-fh9t4g64dc + name: antrea-config +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app: antrea + component: antrea-agent + addonmanager.kubernetes.io/mode: "Reconcile" + name: antrea-agent + namespace: kube-system +spec: + selector: + matchLabels: + app: antrea + component: antrea-agent + template: + metadata: + labels: + app: antrea + component: antrea-agent + spec: + containers: + - args: + - --config + - /etc/antrea/antrea-agent.conf + command: + - antrea-agent + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + image: antrea/antrea-ubuntu:latest + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - /bin/sh + - -c + - container_liveness_probe agent + failureThreshold: 5 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + name: antrea-agent + securityContext: + privileged: true + volumeMounts: + - mountPath: /etc/antrea/antrea-agent.conf + name: antrea-config + readOnly: true + subPath: antrea-agent.conf + - mountPath: /var/run/antrea + name: host-var-run-antrea + - mountPath: /var/run/openvswitch + name: host-var-run-antrea + subPath: openvswitch + - mountPath: /var/lib/cni + name: host-var-run-antrea + subPath: cni + - mountPath: /host/proc + name: host-proc + readOnly: true + - mountPath: /host/var/run/netns + mountPropagation: HostToContainer + name: host-var-run-netns + readOnly: true + - command: + - start_ovs + image: antrea/antrea-ubuntu:latest + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - /bin/sh + - -c + - timeout 5 container_liveness_probe ovs + initialDelaySeconds: 5 + periodSeconds: 5 + name: antrea-ovs + securityContext: + capabilities: + add: + - SYS_NICE + - NET_ADMIN + - SYS_ADMIN + - IPC_LOCK + volumeMounts: + - mountPath: /var/run/openvswitch + name: host-var-run-antrea + subPath: openvswitch + - mountPath: /var/log/openvswitch + name: host-var-log-antrea + subPath: openvswitch + hostNetwork: true + initContainers: + - command: + - install_cni + image: antrea/antrea-ubuntu:latest + imagePullPolicy: IfNotPresent + name: install-cni + securityContext: + capabilities: + add: + - SYS_MODULE + volumeMounts: + - mountPath: /etc/antrea/antrea-cni.conf + name: antrea-config + readOnly: true + subPath: antrea-cni.conf + - mountPath: /host/etc/cni/net.d + name: host-cni-conf + - mountPath: /host/opt/cni/bin + name: host-cni-bin + - mountPath: /lib/modules + name: host-lib-modules + readOnly: true + - mountPath: /sbin/depmod + name: host-depmod + readOnly: true + nodeSelector: + beta.kubernetes.io/os: linux + priorityClassName: system-node-critical + serviceAccountName: antrea-agent + tolerations: + - key: CriticalAddonsOnly + operator: Exists + - effect: NoSchedule + operator: Exists + volumes: + - configMap: + name: antrea-config-fh9t4g64dc + name: antrea-config + - hostPath: + path: /etc/cni/net.d + name: host-cni-conf + - hostPath: + path: /opt/cni/bin + name: host-cni-bin + - hostPath: + path: /proc + name: host-proc + - hostPath: + path: /var/run/netns + name: host-var-run-netns + - hostPath: + path: /var/run/antrea + type: DirectoryOrCreate + name: host-var-run-antrea + - hostPath: + path: /var/log/antrea + type: DirectoryOrCreate + name: host-var-log-antrea + - hostPath: + path: /lib/modules + name: host-lib-modules + - hostPath: + path: /sbin/depmod + name: host-depmod + updateStrategy: + type: RollingUpdate +`) + +func k8sContaineraddonsAntreaYamlBytes() ([]byte, error) { + return _k8sContaineraddonsAntreaYaml, nil +} + +func k8sContaineraddonsAntreaYaml() (*asset, error) { + bytes, err := k8sContaineraddonsAntreaYamlBytes() + if err != nil { + return nil, err + } + + info := bindataFileInfo{name: "k8s/containeraddons/antrea.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} + a := &asset{bytes: bytes, info: info} + return a, nil +} + var _k8sContaineraddonsAzureCniNetworkmonitorYaml = []byte(`apiVersion: extensions/v1beta1 kind: DaemonSet metadata: @@ -26520,518 +27037,6 @@ func k8sContaineraddonsKubernetesmasteraddonsAciConnectorDeploymentYaml() (*asse return a, nil } -var _k8sContaineraddonsKubernetesmasteraddonsAntreaDaemonsetYaml = []byte(`apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - labels: - app: antrea - addonmanager.kubernetes.io/mode: "Reconcile" - name: antreaagentinfos.clusterinformation.crd.antrea.io -spec: - group: clusterinformation.crd.antrea.io - names: - kind: AntreaAgentInfo - plural: antreaagentinfos - shortNames: - - aai - singular: antreaagentinfo - scope: Cluster - versions: - - name: v1beta1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - labels: - app: antrea - addonmanager.kubernetes.io/mode: "Reconcile" - name: antreacontrollerinfos.clusterinformation.crd.antrea.io -spec: - group: clusterinformation.crd.antrea.io - names: - kind: AntreaControllerInfo - plural: antreacontrollerinfos - shortNames: - - aci - singular: antreacontrollerinfo - scope: Cluster - versions: - - name: v1beta1 - served: true - storage: true ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: antrea - addonmanager.kubernetes.io/mode: "Reconcile" - name: antrea-agent - namespace: kube-system ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: antrea - addonmanager.kubernetes.io/mode: "Reconcile" - name: antrea-controller - namespace: kube-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: antrea - addonmanager.kubernetes.io/mode: "Reconcile" - name: antrea-agent -rules: -- apiGroups: - - "" - resources: - - nodes - - pods - verbs: - - get - - watch - - list -- apiGroups: - - clusterinformation.crd.antrea.io - resources: - - antreaagentinfos - verbs: - - get - - create - - update - - delete -- apiGroups: - - networkpolicy.antrea.io - resources: - - networkpolicies - - appliedtogroups - - addressgroups - verbs: - - get - - watch - - list ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: antrea - addonmanager.kubernetes.io/mode: "Reconcile" - name: antrea-controller -rules: -- apiGroups: - - "" - resources: - - pods - - namespaces - verbs: - - get - - watch - - list -- apiGroups: - - networking.k8s.io - resources: - - networkpolicies - verbs: - - get - - watch - - list -- apiGroups: - - clusterinformation.crd.antrea.io - resources: - - antreacontrollerinfos - verbs: - - get - - create - - update - - delete -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app: antrea - addonmanager.kubernetes.io/mode: "Reconcile" - name: antrea-controller-authentication-reader - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: extension-apiserver-authentication-reader -subjects: -- kind: ServiceAccount - name: antrea-controller - namespace: kube-system ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - labels: - app: antrea - addonmanager.kubernetes.io/mode: "Reconcile" - name: antrea-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: antrea-agent -subjects: -- kind: ServiceAccount - name: antrea-agent - namespace: kube-system ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - labels: - app: antrea - addonmanager.kubernetes.io/mode: "Reconcile" - name: antrea-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: antrea-controller -subjects: -- kind: ServiceAccount - name: antrea-controller - namespace: kube-system ---- -apiVersion: v1 -data: - antrea-agent.conf: | - # Name of the OpenVSwitch bridge antrea-agent will create and use. - # Make sure it doesn't conflict with your existing OpenVSwitch bridges. - #ovsBridge: br-int - - # Datapath type to use for the OpenVSwitch bridge created by Antrea. Supported values are: - # - system - # - netdev - # 'system' is the default value and corresponds to the kernel datapath. Use 'netdev' to run - # OVS in userspace mode. Userspace mode requires the tun device driver to be available. - #ovsDatapathType: system - - # Name of the interface antrea-agent will create and use for host <--> pod communication. - # Make sure it doesn't conflict with your existing interfaces. - #hostGateway: gw0 - - # Encapsulation mode for communication between Pods across Nodes, supported values: - # - vxlan (default) - # - geneve - #tunnelType: vxlan - - # Default MTU to use for the host gateway interface and the network interface of each Pod. If - # omitted, antrea-agent will default this value to 1450 to accomodate for tunnel encapsulate - # overhead. - #defaultMTU: 1450 - - # CIDR Range for services in cluster. It's required to support egress network policy, should - # be set to the same value as the one specified by --service-cluster-ip-range for kube-apiserver. - serviceCIDR: {{ContainerConfig "serviceCidr"}} - antrea-cni.conf: | - { - "cniVersion":"0.3.0", - "name": "antrea", - "type": "antrea", - "ipam": { - "type": "host-local" - } - } - antrea-controller.conf: "" -kind: ConfigMap -metadata: - labels: - app: antrea - addonmanager.kubernetes.io/mode: "EnsureExists" - name: antrea-config-fh9t4g64dc - namespace: kube-system ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: antrea - addonmanager.kubernetes.io/mode: "Reconcile" - name: antrea - namespace: kube-system -spec: - ports: - - port: 443 - protocol: TCP - targetPort: 443 - selector: - app: antrea - component: antrea-controller ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: antrea - component: antrea-controller - addonmanager.kubernetes.io/mode: "Reconcile" - name: antrea-controller - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - app: antrea - component: antrea-controller - strategy: - type: Recreate - template: - metadata: - labels: - app: antrea - component: antrea-controller - spec: - containers: - - args: - - --config - - /etc/antrea/antrea-controller.conf - command: - - antrea-controller - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - image: antrea/antrea-ubuntu:latest - imagePullPolicy: IfNotPresent - name: antrea-controller - ports: - - containerPort: 443 - protocol: TCP - volumeMounts: - - mountPath: /etc/antrea/antrea-controller.conf - name: antrea-config - readOnly: true - subPath: antrea-controller.conf - hostNetwork: true - nodeSelector: - beta.kubernetes.io/os: linux - priorityClassName: system-cluster-critical - serviceAccountName: antrea-controller - tolerations: - - key: CriticalAddonsOnly - operator: Exists - - effect: NoSchedule - key: node-role.kubernetes.io/master - volumes: - - configMap: - name: antrea-config-fh9t4g64dc - name: antrea-config ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - labels: - app: antrea - component: antrea-agent - addonmanager.kubernetes.io/mode: "Reconcile" - name: antrea-agent - namespace: kube-system -spec: - selector: - matchLabels: - app: antrea - component: antrea-agent - template: - metadata: - labels: - app: antrea - component: antrea-agent - spec: - containers: - - args: - - --config - - /etc/antrea/antrea-agent.conf - command: - - antrea-agent - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - image: antrea/antrea-ubuntu:latest - imagePullPolicy: IfNotPresent - livenessProbe: - exec: - command: - - /bin/sh - - -c - - container_liveness_probe agent - failureThreshold: 5 - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - name: antrea-agent - securityContext: - privileged: true - volumeMounts: - - mountPath: /etc/antrea/antrea-agent.conf - name: antrea-config - readOnly: true - subPath: antrea-agent.conf - - mountPath: /var/run/antrea - name: host-var-run-antrea - - mountPath: /var/run/openvswitch - name: host-var-run-antrea - subPath: openvswitch - - mountPath: /var/lib/cni - name: host-var-run-antrea - subPath: cni - - mountPath: /host/proc - name: host-proc - readOnly: true - - mountPath: /host/var/run/netns - mountPropagation: HostToContainer - name: host-var-run-netns - readOnly: true - - command: - - start_ovs - image: antrea/antrea-ubuntu:latest - imagePullPolicy: IfNotPresent - livenessProbe: - exec: - command: - - /bin/sh - - -c - - timeout 5 container_liveness_probe ovs - initialDelaySeconds: 5 - periodSeconds: 5 - name: antrea-ovs - securityContext: - capabilities: - add: - - SYS_NICE - - NET_ADMIN - - SYS_ADMIN - - IPC_LOCK - volumeMounts: - - mountPath: /var/run/openvswitch - name: host-var-run-antrea - subPath: openvswitch - - mountPath: /var/log/openvswitch - name: host-var-log-antrea - subPath: openvswitch - hostNetwork: true - initContainers: - - command: - - install_cni - image: antrea/antrea-ubuntu:latest - imagePullPolicy: IfNotPresent - name: install-cni - securityContext: - capabilities: - add: - - SYS_MODULE - volumeMounts: - - mountPath: /etc/antrea/antrea-cni.conf - name: antrea-config - readOnly: true - subPath: antrea-cni.conf - - mountPath: /host/etc/cni/net.d - name: host-cni-conf - - mountPath: /host/opt/cni/bin - name: host-cni-bin - - mountPath: /lib/modules - name: host-lib-modules - readOnly: true - - mountPath: /sbin/depmod - name: host-depmod - readOnly: true - nodeSelector: - beta.kubernetes.io/os: linux - priorityClassName: system-node-critical - serviceAccountName: antrea-agent - tolerations: - - key: CriticalAddonsOnly - operator: Exists - - effect: NoSchedule - operator: Exists - volumes: - - configMap: - name: antrea-config-fh9t4g64dc - name: antrea-config - - hostPath: - path: /etc/cni/net.d - name: host-cni-conf - - hostPath: - path: /opt/cni/bin - name: host-cni-bin - - hostPath: - path: /proc - name: host-proc - - hostPath: - path: /var/run/netns - name: host-var-run-netns - - hostPath: - path: /var/run/antrea - type: DirectoryOrCreate - name: host-var-run-antrea - - hostPath: - path: /var/log/antrea - type: DirectoryOrCreate - name: host-var-log-antrea - - hostPath: - path: /lib/modules - name: host-lib-modules - - hostPath: - path: /sbin/depmod - name: host-depmod - updateStrategy: - type: RollingUpdate -`) - -func k8sContaineraddonsKubernetesmasteraddonsAntreaDaemonsetYamlBytes() ([]byte, error) { - return _k8sContaineraddonsKubernetesmasteraddonsAntreaDaemonsetYaml, nil -} - -func k8sContaineraddonsKubernetesmasteraddonsAntreaDaemonsetYaml() (*asset, error) { - bytes, err := k8sContaineraddonsKubernetesmasteraddonsAntreaDaemonsetYamlBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "k8s/containeraddons/kubernetesmasteraddons-antrea-daemonset.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - var _k8sContaineraddonsKubernetesmasteraddonsAzureNpmDaemonsetYaml = []byte(`apiVersion: v1 kind: ServiceAccount metadata: @@ -32452,12 +32457,6 @@ var _k8sKubernetesparamsT = []byte(`{{if IsHostedMaster}} }, "type": "string" }, - "kubeServiceCidr": { - "metadata": { - "description": "Kubernetes service address space" - }, - "type": "string" - }, "kubeDNSServiceIP": { "metadata": { "description": "Kubernetes DNS IP" @@ -38664,6 +38663,7 @@ var _bindata = map[string]func() (*asset, error){ "k8s/containeraddons/1.7/kubernetesmasteraddons-heapster-deployment.yaml": k8sContaineraddons17KubernetesmasteraddonsHeapsterDeploymentYaml, "k8s/containeraddons/1.8/kubernetesmasteraddons-heapster-deployment.yaml": k8sContaineraddons18KubernetesmasteraddonsHeapsterDeploymentYaml, "k8s/containeraddons/1.9/kubernetesmasteraddons-metrics-server-deployment.yaml": k8sContaineraddons19KubernetesmasteraddonsMetricsServerDeploymentYaml, + "k8s/containeraddons/antrea.yaml": k8sContaineraddonsAntreaYaml, "k8s/containeraddons/azure-cni-networkmonitor.yaml": k8sContaineraddonsAzureCniNetworkmonitorYaml, "k8s/containeraddons/azure-policy-deployment.yaml": k8sContaineraddonsAzurePolicyDeploymentYaml, "k8s/containeraddons/coredns.yaml": k8sContaineraddonsCorednsYaml, @@ -38672,7 +38672,6 @@ var _bindata = map[string]func() (*asset, error){ "k8s/containeraddons/kubernetesmasteraddons-aad-default-admin-group-rbac.yaml": k8sContaineraddonsKubernetesmasteraddonsAadDefaultAdminGroupRbacYaml, "k8s/containeraddons/kubernetesmasteraddons-aad-pod-identity-deployment.yaml": k8sContaineraddonsKubernetesmasteraddonsAadPodIdentityDeploymentYaml, "k8s/containeraddons/kubernetesmasteraddons-aci-connector-deployment.yaml": k8sContaineraddonsKubernetesmasteraddonsAciConnectorDeploymentYaml, - "k8s/containeraddons/kubernetesmasteraddons-antrea-daemonset.yaml": k8sContaineraddonsKubernetesmasteraddonsAntreaDaemonsetYaml, "k8s/containeraddons/kubernetesmasteraddons-azure-npm-daemonset.yaml": k8sContaineraddonsKubernetesmasteraddonsAzureNpmDaemonsetYaml, "k8s/containeraddons/kubernetesmasteraddons-azuredisk-csi-driver-deployment.yaml": k8sContaineraddonsKubernetesmasteraddonsAzurediskCsiDriverDeploymentYaml, "k8s/containeraddons/kubernetesmasteraddons-azurefile-csi-driver-deployment.yaml": k8sContaineraddonsKubernetesmasteraddonsAzurefileCsiDriverDeploymentYaml, @@ -38963,6 +38962,7 @@ var _bintree = &bintree{nil, map[string]*bintree{ "1.9": {nil, map[string]*bintree{ "kubernetesmasteraddons-metrics-server-deployment.yaml": {k8sContaineraddons19KubernetesmasteraddonsMetricsServerDeploymentYaml, map[string]*bintree{}}, }}, + "antrea.yaml": {k8sContaineraddonsAntreaYaml, map[string]*bintree{}}, "azure-cni-networkmonitor.yaml": {k8sContaineraddonsAzureCniNetworkmonitorYaml, map[string]*bintree{}}, "azure-policy-deployment.yaml": {k8sContaineraddonsAzurePolicyDeploymentYaml, map[string]*bintree{}}, "coredns.yaml": {k8sContaineraddonsCorednsYaml, map[string]*bintree{}}, @@ -38971,7 +38971,6 @@ var _bintree = &bintree{nil, map[string]*bintree{ "kubernetesmasteraddons-aad-default-admin-group-rbac.yaml": {k8sContaineraddonsKubernetesmasteraddonsAadDefaultAdminGroupRbacYaml, map[string]*bintree{}}, "kubernetesmasteraddons-aad-pod-identity-deployment.yaml": {k8sContaineraddonsKubernetesmasteraddonsAadPodIdentityDeploymentYaml, map[string]*bintree{}}, "kubernetesmasteraddons-aci-connector-deployment.yaml": {k8sContaineraddonsKubernetesmasteraddonsAciConnectorDeploymentYaml, map[string]*bintree{}}, - "kubernetesmasteraddons-antrea-daemonset.yaml": {k8sContaineraddonsKubernetesmasteraddonsAntreaDaemonsetYaml, map[string]*bintree{}}, "kubernetesmasteraddons-azure-npm-daemonset.yaml": {k8sContaineraddonsKubernetesmasteraddonsAzureNpmDaemonsetYaml, map[string]*bintree{}}, "kubernetesmasteraddons-azuredisk-csi-driver-deployment.yaml": {k8sContaineraddonsKubernetesmasteraddonsAzurediskCsiDriverDeploymentYaml, map[string]*bintree{}}, "kubernetesmasteraddons-azurefile-csi-driver-deployment.yaml": {k8sContaineraddonsKubernetesmasteraddonsAzurefileCsiDriverDeploymentYaml, map[string]*bintree{}}, diff --git a/pkg/engine/transform/transformtestfiles/k8s_agent_upgrade_template.json b/pkg/engine/transform/transformtestfiles/k8s_agent_upgrade_template.json index 898f0a3999..b2df71452d 100644 --- a/pkg/engine/transform/transformtestfiles/k8s_agent_upgrade_template.json +++ b/pkg/engine/transform/transformtestfiles/k8s_agent_upgrade_template.json @@ -820,13 +820,6 @@ }, "type": "string" }, - "kubeServiceCidr": { - "defaultValue": "", - "metadata": { - "description": "Kubernetes service address space" - }, - "type": "string" - }, "kubeConfigCertificate": { "metadata": { "description": "The base 64 certificate used by cli to communicate with the master" @@ -1166,7 +1159,7 @@ "kubeConfigCertificate": "[parameters('kubeConfigCertificate')]", "kubeConfigPrivateKey": "[parameters('kubeConfigPrivateKey')]", "kubeDnsServiceIp": "10.0.0.10", - "kubeServiceCidr": "[parameters('kubeServiceCidr')]", + "kubeServiceCidr": "10.0.0.0/16", "kubernetesAPIServerIP": "[concat(variables('masterFirstAddrPrefix'), add(variables('masterInternalLbIPOffset'), int(variables('masterFirstAddrOctet4'))))]", "kubernetesAddonManagerSpec": "[parameters('kubernetesAddonManagerSpec')]", "kubernetesAddonResizerSpec": "[parameters('kubernetesAddonResizerSpec')]", diff --git a/pkg/engine/transform/transformtestfiles/k8s_master_upgrade_template.json b/pkg/engine/transform/transformtestfiles/k8s_master_upgrade_template.json index 75688bbcd3..38d9e9c469 100644 --- a/pkg/engine/transform/transformtestfiles/k8s_master_upgrade_template.json +++ b/pkg/engine/transform/transformtestfiles/k8s_master_upgrade_template.json @@ -829,13 +829,6 @@ }, "type": "string" }, - "kubeServiceCidr": { - "defaultValue": "", - "metadata": { - "description": "Kubernetes service address space" - }, - "type": "string" - }, "kubeConfigCertificate": { "metadata": { "description": "The base 64 certificate used by cli to communicate with the master" @@ -1166,7 +1159,7 @@ "kubeConfigCertificate": "[parameters('kubeConfigCertificate')]", "kubeConfigPrivateKey": "[parameters('kubeConfigPrivateKey')]", "kubeDnsServiceIp": "10.0.0.10", - "kubeServiceCidr": "[parameters('kubeServiceCidr')]", + "kubeServiceCidr": "10.0.0.0/16", "kubernetesAPIServerIP": "[concat(variables('masterFirstAddrPrefix'), add(variables('masterInternalLbIPOffset'), int(variables('masterFirstAddrOctet4'))))]", "kubernetesAddonManagerSpec": "[parameters('kubernetesAddonManagerSpec')]", "kubernetesAddonResizerSpec": "[parameters('kubernetesAddonResizerSpec')]", diff --git a/pkg/engine/transform/transformtestfiles/k8s_scale_template.json b/pkg/engine/transform/transformtestfiles/k8s_scale_template.json index 1159faacfd..cffafc42e3 100644 --- a/pkg/engine/transform/transformtestfiles/k8s_scale_template.json +++ b/pkg/engine/transform/transformtestfiles/k8s_scale_template.json @@ -820,13 +820,6 @@ }, "type": "string" }, - "kubeServiceCidr": { - "defaultValue": "", - "metadata": { - "description": "Kubernetes service address space" - }, - "type": "string" - }, "kubeConfigCertificate": { "metadata": { "description": "The base 64 certificate used by cli to communicate with the master" @@ -1166,7 +1159,7 @@ "kubeConfigCertificate": "[parameters('kubeConfigCertificate')]", "kubeConfigPrivateKey": "[parameters('kubeConfigPrivateKey')]", "kubeDnsServiceIp": "10.0.0.10", - "kubeServiceCidr": "[parameters('kubeServiceCidr')]", + "kubeServiceCidr": "10.0.0.0/16", "kubernetesAPIServerIP": "[concat(variables('masterFirstAddrPrefix'), add(variables('masterInternalLbIPOffset'), int(variables('masterFirstAddrOctet4'))))]", "kubernetesAddonManagerSpec": "[parameters('kubernetesAddonManagerSpec')]", "kubernetesAddonResizerSpec": "[parameters('kubernetesAddonResizerSpec')]", diff --git a/pkg/engine/transform/transformtestfiles/k8s_slb_scale_template.json b/pkg/engine/transform/transformtestfiles/k8s_slb_scale_template.json index 0318012619..ba5676bf86 100644 --- a/pkg/engine/transform/transformtestfiles/k8s_slb_scale_template.json +++ b/pkg/engine/transform/transformtestfiles/k8s_slb_scale_template.json @@ -508,12 +508,6 @@ }, "type": "string" }, - "kubeServiceCidr": { - "metadata": { - "description": "Kubernetes service address space" - }, - "type": "string" - }, "kubeConfigCertificate": { "metadata": { "description": "The base 64 certificate used by cli to communicate with the master" diff --git a/pkg/engine/transform/transformtestfiles/k8s_slb_template.json b/pkg/engine/transform/transformtestfiles/k8s_slb_template.json index 3df0092ed7..c3a0122921 100644 --- a/pkg/engine/transform/transformtestfiles/k8s_slb_template.json +++ b/pkg/engine/transform/transformtestfiles/k8s_slb_template.json @@ -508,12 +508,6 @@ }, "type": "string" }, - "kubeServiceCidr": { - "metadata": { - "description": "Kubernetes service address space" - }, - "type": "string" - }, "kubeConfigCertificate": { "metadata": { "description": "The base 64 certificate used by cli to communicate with the master" diff --git a/pkg/engine/transform/transformtestfiles/k8s_slb_vmss_scale_template.json b/pkg/engine/transform/transformtestfiles/k8s_slb_vmss_scale_template.json index 6f411eeecd..331734f3c7 100644 --- a/pkg/engine/transform/transformtestfiles/k8s_slb_vmss_scale_template.json +++ b/pkg/engine/transform/transformtestfiles/k8s_slb_vmss_scale_template.json @@ -501,12 +501,6 @@ }, "type": "string" }, - "kubeServiceCidr": { - "metadata": { - "description": "Kubernetes service address space" - }, - "type": "string" - }, "kubeConfigCertificate": { "metadata": { "description": "The base 64 certificate used by cli to communicate with the master" diff --git a/pkg/engine/transform/transformtestfiles/k8s_slb_vmss_template.json b/pkg/engine/transform/transformtestfiles/k8s_slb_vmss_template.json index eabd009ef1..c73483368b 100644 --- a/pkg/engine/transform/transformtestfiles/k8s_slb_vmss_template.json +++ b/pkg/engine/transform/transformtestfiles/k8s_slb_vmss_template.json @@ -501,12 +501,6 @@ }, "type": "string" }, - "kubeServiceCidr": { - "metadata": { - "description": "Kubernetes service address space" - }, - "type": "string" - }, "kubeConfigCertificate": { "metadata": { "description": "The base 64 certificate used by cli to communicate with the master" diff --git a/pkg/engine/transform/transformtestfiles/k8s_template.json b/pkg/engine/transform/transformtestfiles/k8s_template.json index 2ecc423de4..f80dfd8087 100644 --- a/pkg/engine/transform/transformtestfiles/k8s_template.json +++ b/pkg/engine/transform/transformtestfiles/k8s_template.json @@ -829,13 +829,6 @@ }, "type": "string" }, - "kubeServiceCidr": { - "defaultValue": "", - "metadata": { - "description": "Kubernetes service address space" - }, - "type": "string" - }, "kubeConfigCertificate": { "metadata": { "description": "The base 64 certificate used by cli to communicate with the master" @@ -1166,7 +1159,7 @@ "kubeConfigCertificate": "[parameters('kubeConfigCertificate')]", "kubeConfigPrivateKey": "[parameters('kubeConfigPrivateKey')]", "kubeDnsServiceIp": "10.0.0.10", - "kubeServiceCidr": "[parameters('kubeServiceCidr')]", + "kubeServiceCidr": "10.0.0.0/16", "kubernetesAPIServerIP": "[concat(variables('masterFirstAddrPrefix'), add(variables('masterInternalLbIPOffset'), int(variables('masterFirstAddrOctet4'))))]", "kubernetesAddonManagerSpec": "[parameters('kubernetesAddonManagerSpec')]", "kubernetesAddonResizerSpec": "[parameters('kubernetesAddonResizerSpec')]", diff --git a/pkg/engine/transform/transformtestfiles/k8s_vnet_scale_template.json b/pkg/engine/transform/transformtestfiles/k8s_vnet_scale_template.json index 702041c96c..80ddf524ff 100644 --- a/pkg/engine/transform/transformtestfiles/k8s_vnet_scale_template.json +++ b/pkg/engine/transform/transformtestfiles/k8s_vnet_scale_template.json @@ -818,13 +818,6 @@ }, "type": "string" }, - "kubeServiceCidr": { - "defaultValue": "", - "metadata": { - "description": "Kubernetes service address space" - }, - "type": "string" - }, "kubeConfigCertificate": { "metadata": { "description": "The base 64 certificate used by cli to communicate with the master" @@ -1165,7 +1158,7 @@ "kubeConfigCertificate": "[parameters('kubeConfigCertificate')]", "kubeConfigPrivateKey": "[parameters('kubeConfigPrivateKey')]", "kubeDnsServiceIp": "10.0.0.10", - "kubeServiceCidr": "[parameters('kubeServiceCidr')]", + "kubeServiceCidr": "10.0.0.0/16", "kubernetesAPIServerIP": "[parameters('firstConsecutiveStaticIP')]", "kubernetesAddonManagerSpec": "[parameters('kubernetesAddonManagerSpec')]", "kubernetesAddonResizerSpec": "[parameters('kubernetesAddonResizerSpec')]", diff --git a/pkg/engine/transform/transformtestfiles/k8s_vnet_template.json b/pkg/engine/transform/transformtestfiles/k8s_vnet_template.json index 7f0dc16b70..a13ea80564 100644 --- a/pkg/engine/transform/transformtestfiles/k8s_vnet_template.json +++ b/pkg/engine/transform/transformtestfiles/k8s_vnet_template.json @@ -827,13 +827,6 @@ }, "type": "string" }, - "kubeServiceCidr": { - "defaultValue": "", - "metadata": { - "description": "Kubernetes service address space" - }, - "type": "string" - }, "kubeConfigCertificate": { "metadata": { "description": "The base 64 certificate used by cli to communicate with the master" @@ -1165,7 +1158,7 @@ "kubeConfigCertificate": "[parameters('kubeConfigCertificate')]", "kubeConfigPrivateKey": "[parameters('kubeConfigPrivateKey')]", "kubeDnsServiceIp": "10.0.0.10", - "kubeServiceCidr": "[parameters('kubeServiceCidr')]", + "kubeServiceCidr": "10.0.0.0/16", "kubernetesAPIServerIP": "[parameters('firstConsecutiveStaticIP')]", "kubernetesAddonManagerSpec": "[parameters('kubernetesAddonManagerSpec')]", "kubernetesAddonResizerSpec": "[parameters('kubernetesAddonResizerSpec')]", diff --git a/pkg/engine/transform/transformtestfiles/master_resources_scale_temaplate.json b/pkg/engine/transform/transformtestfiles/master_resources_scale_temaplate.json index 6c0af588c8..e340549138 100644 --- a/pkg/engine/transform/transformtestfiles/master_resources_scale_temaplate.json +++ b/pkg/engine/transform/transformtestfiles/master_resources_scale_temaplate.json @@ -820,13 +820,6 @@ }, "type": "string" }, - "kubeServiceCidr": { - "defaultValue": "", - "metadata": { - "description": "Kubernetes service address space" - }, - "type": "string" - }, "kubeConfigCertificate": { "metadata": { "description": "The base 64 certificate used by cli to communicate with the master" @@ -1166,7 +1159,7 @@ "kubeConfigCertificate": "[parameters('kubeConfigCertificate')]", "kubeConfigPrivateKey": "[parameters('kubeConfigPrivateKey')]", "kubeDnsServiceIp": "10.0.0.10", - "kubeServiceCidr": "[parameters('kubeServiceCidr')]", + "kubeServiceCidr": "10.0.0.0/16", "kubernetesAPIServerIP": "[concat(variables('masterFirstAddrPrefix'), add(variables('masterInternalLbIPOffset'), int(variables('masterFirstAddrOctet4'))))]", "kubernetesAddonManagerSpec": "[parameters('kubernetesAddonManagerSpec')]", "kubernetesAddonResizerSpec": "[parameters('kubernetesAddonResizerSpec')]", diff --git a/test/e2e/test_cluster_configs/network/antrea.json b/test/e2e/test_cluster_configs/network/antrea.json deleted file mode 100644 index 209e65fcc9..0000000000 --- a/test/e2e/test_cluster_configs/network/antrea.json +++ /dev/null @@ -1,45 +0,0 @@ -{ - "env": {}, - "options": { - "allowedOrchestratorVersions": ["1.13", "1.14", "1.15", "1.16"] - }, - "apiModel": { - "apiVersion": "vlabs", - "properties": { - "orchestratorProfile": { - "orchestratorType": "Kubernetes", - "kubernetesConfig": { - "networkPlugin": "antrea" - } - }, - "masterProfile": { - "count": 1, - "dnsPrefix": "", - "vmSize": "Standard_D2_v3" - }, - "agentPoolProfiles": [ - { - "name": "agent1", - "count": 3, - "vmSize": "Standard_D2_v3", - "availabilityProfile": "VirtualMachineScaleSets", - "scalesetPriority": "Low" - } - ], - "linuxProfile": { - "adminUsername": "azureuser", - "ssh": { - "publicKeys": [ - { - "keyData": "" - } - ] - } - }, - "servicePrincipalProfile": { - "clientId": "", - "secret": "" - } - } - } -} diff --git a/test/e2e/test_cluster_configs/network_policy/antrea.json b/test/e2e/test_cluster_configs/network_policy/antrea.json index ec508462c1..c3f820d9d9 100644 --- a/test/e2e/test_cluster_configs/network_policy/antrea.json +++ b/test/e2e/test_cluster_configs/network_policy/antrea.json @@ -10,8 +10,7 @@ "orchestratorProfile": { "orchestratorType": "Kubernetes", "kubernetesConfig": { - "networkPolicy": "antrea", - "networkPlugin": "antrea" + "networkPolicy": "antrea" } }, "masterProfile": { @@ -22,7 +21,7 @@ "agentPoolProfiles": [ { "name": "agent1", - "count": 3, + "count": 1, "vmSize": "Standard_D2_v3", "availabilityProfile": "VirtualMachineScaleSets", "scalesetPriority": "Low"