Skip to content

Commit

Permalink
Antrea agent watches Egress and EgressGroup API updates, and apply ov…
Browse files Browse the repository at this point in the history 
…s and iptables changes
  • Loading branch information
@ceclinux
ceclinux committed Mar 31, 2021
1 parent d5d48a0 commit 47d3c96
Show file tree
Hide file tree
Showing 6 changed files with 712 additions and 25 deletions.
8 changes: 8 additions & 0 deletions build/yamls/base/agent-rbac.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,14 @@ rules:
- get
- watch
- list
- apiGroups:
- egress.antrea.tanzu.vmware.com
resources:
- egresses
verbs:
- get
- watch
- list
- apiGroups:
- controlplane.antrea.tanzu.vmware.com
resources:
Expand Down
12 changes: 11 additions & 1 deletion cmd/antrea-agent/agent.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ import (
"github.com/vmware-tanzu/antrea/pkg/agent/cniserver"
_ "github.com/vmware-tanzu/antrea/pkg/agent/cniserver/ipam"
"github.com/vmware-tanzu/antrea/pkg/agent/config"
"github.com/vmware-tanzu/antrea/pkg/agent/controller/egress"
"github.com/vmware-tanzu/antrea/pkg/agent/controller/networkpolicy"
"github.com/vmware-tanzu/antrea/pkg/agent/controller/noderoute"
"github.com/vmware-tanzu/antrea/pkg/agent/controller/traceflow"
Expand Down Expand Up @@ -94,7 +95,7 @@ func run(o *Options) error {
ofClient := openflow.NewClient(o.config.OVSBridge, ovsBridgeMgmtAddr, ovsDatapathType,
features.DefaultFeatureGate.Enabled(features.AntreaProxy),
features.DefaultFeatureGate.Enabled(features.AntreaPolicy),
false)
features.DefaultFeatureGate.Enabled(features.Egress))

_, serviceCIDRNet, _ := net.ParseCIDR(o.config.ServiceCIDR)
var serviceCIDRNetv6 *net.IPNet
Expand Down Expand Up @@ -235,6 +236,11 @@ func run(o *Options) error {
serviceCIDRNet)
}

var egressController *egress.Controller
if features.DefaultFeatureGate.Enabled(features.Egress) {
egressController = egress.NewEgressController(ofClient, routeClient, crdInformerFactory, antreaClientProvider, ifaceStore)
}

// TODO: we should call this after installing flows for initial node routes
// and initial NetworkPolicies so that no packets will be mishandled.
if err := agentInitializer.FlowRestoreComplete(); err != nil {
Expand Down Expand Up @@ -277,6 +283,10 @@ func run(o *Options) error {

go networkPolicyController.Run(stopCh)

if features.DefaultFeatureGate.Enabled(features.Egress) {
go egressController.Run(stopCh)
}

if features.DefaultFeatureGate.Enabled(features.NetworkPolicyStats) {
go statsCollector.Run(stopCh)
}
Expand Down
Loading

0 comments on commit 47d3c96

Please sign in to comment.