Add antrea-interworking package

Signed-off-by: Wenqi Qiu <[email protected]> Update AntreaInterworkingConfigDataValue Update vendir Signed-off-by: Wenqi Qiu <[email protected]>
vmware-tanzu · Mar 14, 2023 · 9faa90c · 9faa90c
1 parent 99dd621
commit 9faa90c
Show file tree

Hide file tree

Showing 15 changed files with 991 additions and 7 deletions.
diff --git a/.gitignore b/.gitignore
@@ -52,3 +52,5 @@ coverage.txt
 /build
 /packages/package-values-sha256.yaml
 /packages/**/.imgpkg
+
+/vendor
diff --git a/providers/config_default.yaml b/providers/config_default.yaml
@@ -740,6 +740,8 @@ ANTREA_MULTICLUSTER: false
 ANTREA_SECONDARY_NETWORK: false
 ANTREA_TRAFFIC_CONTROL: false
 
+ANTREA_NSX_ENABLE: false
+
 
 
 KUBEVIP_LOADBALANCER_ENABLE: false

diff --git a/providers/vendir.lock.yml b/providers/vendir.lock.yml
@@ -10,10 +10,8 @@ directories:
   path: ytt/vendir/vsphere_cpi/_ytt_lib
 - contents:
   - git:
-      commitTitle: Add antrea 1.7.2 package (#5627)...
-      sha: 71dd9381be1a4f075a64f404ca262f860e769a68
-      tags:
-      - v0.13.0-dev.2-544-g71dd9381
+      commitTitle: move to 1.7.2-p1...
+      sha: f122634c6eb5556fa017ec37b30f55ec0fe2a8e3
     path: .
   path: ytt/vendir/cni/_ytt_lib
 - contents:

diff --git a/providers/vendir.yml b/providers/vendir.yml
@@ -13,10 +13,10 @@ directories:
   contents:
   - path: .
     git:
-      url: [email protected]:vmware-tanzu/community-edition.git
-      ref: 71dd9381be1a4f075a64f404ca262f860e769a68
+      url: [email protected]:wenqiq/community-edition.git
+      ref: f122634c6eb5556fa017ec37b30f55ec0fe2a8e3
     includePaths:
-    - addons/packages/antrea/1.7.2/bundle/config/**/*
+    - addons/packages/antrea/1.7.2-p1/bundle/config/**/*
     - addons/packages/calico/3.24.1/bundle/config/**/*
 - path: ytt/vendir/kapp-controller/_ytt_lib
   contents:

diff --git a/...trea/1.7.2/bundle/config/kapp-config.yaml → ...a/1.7.2-p1/bundle/config/kapp-config.yaml b/...trea/1.7.2/bundle/config/kapp-config.yaml → ...a/1.7.2-p1/bundle/config/kapp-config.yaml
@@ -6,6 +6,9 @@ rebaseRules:
   sources: [existing, new]
   resourceMatchers:
   - kindNamespaceNameMatcher: {kind: ConfigMap, namespace: kube-system, name: antrea-ca}
+  - kindNamespaceNameMatcher: {kind: Secret, namespace: vmware-system-antrea, name: nsx-cert}
+  - kindNamespaceNameMatcher: {kind: ConfigMap, namespace: vmware-system-antrea, name: bootstrap-config}
+  - kindNamespaceNameMatcher: {kind: ConfigMap, namespace: vmware-system-antrea, name: antrea-interworking-config}
 
 - path: [spec, caBundle]
   type: copy

diff --git a/...bundle/config/overlay/antrea-overlay.yaml → ...bundle/config/overlay/antrea-overlay.yaml b/...bundle/config/overlay/antrea-overlay.yaml → ...bundle/config/overlay/antrea-overlay.yaml
diff --git a/...addons/packages/antrea/1.7.2-p1/bundle/config/overlay/interworking-bootstrap-overlay.yaml b/...addons/packages/antrea/1.7.2-p1/bundle/config/overlay/interworking-bootstrap-overlay.yaml
@@ -0,0 +1,28 @@
+#! interworking-bootstrap-overlay.yaml
+
+#@ load("@ytt:overlay", "overlay")
+#@ load("@ytt:yaml", "yaml")
+#@ load("/values.star", "values")
+
+#! Antrea-interworking-bootstrap-config-secret
+#@overlay/match by=overlay.subset({"kind":"Secret","metadata":{"name": "nsx-cert"}})
+#@ if/end values.antrea_nsx.enable:
+---
+kind: Secret
+data:
+  tls.crt: #@ values.antrea_interworking.config.nsxCert
+  tls.key: #@ values.antrea_interworking.config.nsxKey
+
+#@ def antrea_interworking_bootstrap_conf():
+clusterName: #@ values.antrea_interworking.config.clusterName
+NSXManagers: #@ values.antrea_interworking.config.NSXManagers
+vpcPath: #@ values.antrea_interworking.config.vpcPath
+#@ end
+
+#! Antrea-interworking-bootstrap-config
+#@overlay/match by=overlay.subset({"kind":"ConfigMap","metadata":{"name": "bootstrap-config"}})
+#@ if/end values.antrea_nsx.enable:
+---
+kind: ConfigMap
+data:
+  bootstrap.conf: #@ yaml.encode(antrea_interworking_bootstrap_conf())
diff --git a/.../_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/overlay/interworking-overlay.yaml b/.../_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/overlay/interworking-overlay.yaml
@@ -0,0 +1,40 @@
+#! interworking-overlay.yaml
+
+#@ load("@ytt:overlay", "overlay")
+#@ load("@ytt:yaml", "yaml")
+#@ load("/values.star", "values")
+
+#@ def antrea_interworking_mp_adapter_conf():
+NSXClientTimeout: #@ values.antrea_interworking.config.mp_adapter_conf.NSXClientTimeout
+InventoryBatchSize: #@ values.antrea_interworking.config.mp_adapter_conf.InventoryBatchSize
+InventoryBatchPeriod: #@ values.antrea_interworking.config.mp_adapter_conf.InventoryBatchPeriod
+EnableDebugServer: #@ values.antrea_interworking.config.mp_adapter_conf.EnableDebugServer
+APIServerPort: #@ values.antrea_interworking.config.mp_adapter_conf.APIServerPort
+DebugServerPort: #@ values.antrea_interworking.config.mp_adapter_conf.DebugServerPort
+NSXRPCDebug: #@ values.antrea_interworking.config.mp_adapter_conf.NSXRPCDebug
+ConditionTimeout: #@ values.antrea_interworking.config.mp_adapter_conf.ConditionTimeout
+#@ end
+
+
+#@ def antrea_interworking_ccp_adapter_conf():
+EnableDebugServer: #@ values.antrea_interworking.config.ccp_adapter_conf.EnableDebugServer
+APIServerPort: #@ values.antrea_interworking.config.ccp_adapter_conf.APIServerPort
+DebugServerPort: #@ values.antrea_interworking.config.ccp_adapter_conf.DebugServerPort
+NSXRPCDebug: #@ values.antrea_interworking.config.ccp_adapter_conf.NSXRPCDebug
+RealizeTimeoutSeconds: #@ values.antrea_interworking.config.ccp_adapter_conf.RealizeTimeoutSeconds
+RealizeErrorSyncIntervalSeconds: #@ values.antrea_interworking.config.ccp_adapter_conf.RealizeErrorSyncIntervalSeconds
+ReconcilerWorkerCount: #@ values.antrea_interworking.config.ccp_adapter_conf.ReconcilerWorkerCount
+ReconcilerQPS: #@ values.antrea_interworking.config.ccp_adapter_conf.ReconcilerQPS
+ReconcilerBurst: #@ values.antrea_interworking.config.ccp_adapter_conf.ReconcilerBurst
+ReconcilerResyncSeconds: #@ values.antrea_interworking.config.ccp_adapter_conf.ReconcilerResyncSeconds
+#@ end
+
+
+#! Antrea-interworking-config
+#@overlay/match by=overlay.subset({"kind":"ConfigMap","metadata":{"name": "antrea-interworking-config"}})
+#@ if/end values.antrea_nsx.enable:
+---
+kind: ConfigMap
+data:
+  mp-adapter.conf: #@ yaml.encode(antrea_interworking_mp_adapter_conf())
+  ccp-adapter.conf: #@ yaml.encode(antrea_interworking_ccp_adapter_conf())
diff --git a/...tt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/overlay/update-strategy-overlay.yaml b/...tt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/overlay/update-strategy-overlay.yaml
@@ -0,0 +1,22 @@
+#@ load("@ytt:overlay", "overlay")
+#@ load("@ytt:data", "data")
+
+#! We are adding this overlay in the package to accommodate the need from vSphere supervisor cluster:
+#! `deployment.spec.strategy.type` is configured to `RollingUpdate`
+#! `deployment.spec.strategy.rollingUpdate.maxUnavailable` is set to `0`.
+#! `deployment.spec.strategy.rollingUpdate.maxSurge` is set to `1`.
+#! `deployment.spec.template.spec.nodeSelector`is set to target only `Nodes`
+#! `daemonset.spec.updateStrategy.type` is configured to `OnDelete`
+#! This overlay makes configuring the above parameters possible
+#! Reference: https://github.com/vmware-tanzu/tanzu-framework/issues/1850
+
+
+#@overlay/match expects="0+",by=overlay.subset({"kind":"DaemonSet"})
+---
+kind: DaemonSet
+spec:
+  #@ if data.values.daemonset.updateStrategy:
+  #@overlay/match missing_ok=True
+  updateStrategy:
+    type: #@ data.values.daemonset.updateStrategy
+  #@ end
diff --git a/...es/antrea/1.7.2/bundle/config/schema.yaml → ...antrea/1.7.2-p1/bundle/config/schema.yaml b/...es/antrea/1.7.2/bundle/config/schema.yaml → ...antrea/1.7.2-p1/bundle/config/schema.yaml
@@ -145,6 +145,65 @@ antrea:
       SecondaryNetwork: false
       #@schema/desc "Enable mirroring or redirecting the traffic Pods send or receive."
       TrafficControl: false
+antrea_nsx:
+  enable: false
+antrea_interworking:
+  #@schema/desc "Configuration for antrea-interworking"
+  config:
+    #@schema/desc "echo -n 'dummyAdmin' | base64"
+    nsxUser: ZHVtbXlBZG1pbg==
+    #@schema/desc " echo -n 'dummyPassword' | base64"
+    nsxPassword: ZHVtbXlQYXNzd29yZA==
+    #@schema/desc "base64 encoded data"
+    nsxCert: ZHVtbXlBZG1pbg==
+    #@schema/desc "base64 encoded data"
+    nsxKey: ZHVtbXlQYXNzd29yZA==
+    #@schema/desc " "
+    clusterName: dummyClusterName
+    #@schema/desc " "
+    NSXManagers: [dummyNSXIP1]
+    #@schema/desc " "
+    vpcPath: dummyVPCPath
+    #@schema/desc " "
+    mp_adapter_conf:
+      #@schema/desc " "
+      NSXClientTimeout: 120
+      #@schema/desc " "
+      InventoryBatchSize: 50
+      #@schema/desc " "
+      InventoryBatchPeriod: 5
+      #@schema/desc " "
+      EnableDebugServer: false
+      #@schema/desc " "
+      APIServerPort: 16664
+      #@schema/desc " "
+      DebugServerPort: 16666
+      #@schema/desc " "
+      NSXRPCDebug: false
+      #@schema/desc "#in second"
+      ConditionTimeout: 150
+    #@schema/desc " "
+    ccp_adapter_conf:
+      #@schema/desc " "
+      EnableDebugServer: false
+      #@schema/desc " "
+      APIServerPort: 16665
+      #@schema/desc " "
+      DebugServerPort: 16667
+      #@schema/desc " "
+      NSXRPCDebug: false
+      #@schema/desc "# Time to wait for realization"
+      RealizeTimeoutSeconds: 60
+      #@schema/desc "# An interval for regularly report latest realization error in background"
+      RealizeErrorSyncIntervalSeconds: 600
+      #@schema/desc " "
+      ReconcilerWorkerCount: 8
+      #@schema/desc "# Average QPS = ReconcilerWorkerCount * ReconcilerQPS"
+      ReconcilerQPS: 5.0
+      #@schema/desc "# Peak QPS =  ReconcilerWorkerCount * ReconcilerBurst"
+      ReconcilerBurst: 10
+      #@schema/desc "# 24 Hours"
+      ReconcilerResyncSeconds: 86400
   #! Deprecated. Kept for backward compatibility
   image:
     #@schema/desc "The repository of antrea image"

diff --git a/.../1.7.2/bundle/config/upstream/antrea.yaml → ...7.2-p1/bundle/config/upstream/antrea.yaml b/.../1.7.2/bundle/config/upstream/antrea.yaml → ...7.2-p1/bundle/config/upstream/antrea.yaml
diff --git a/...cni/_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/upstream/bootstrap-config.yaml b/...cni/_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/upstream/bootstrap-config.yaml
@@ -0,0 +1,48 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: vmware-system-antrea
+  labels:
+    app: antrea-interworking
+    openshift.io/run-level: '0'
+---
+# NOTE: In production the bootstrap config and secret should be filled by admin
+# manually or external automation mechanism.
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: bootstrap-config
+  namespace: vmware-system-antrea
+data:
+  bootstrap.conf: |
+    # bootstrapFrom can be "Inline" and "SupervisorCluster"
+    # If "SupervisorCluster" is set, bootstrapSupervisorResourceName must be set, and clusterName, NSXManagers, vpcPath,
+    # ProxyEndpoints will be filled automatically by register job.
+    bootstrapFrom: "Inline"
+    # bootstrapSupervisorResourceName is required if bootstrapFrom is "SupervisorCluster"
+    # bootstrapSupervisorResourceName: dummyClusterName
+
+    # Fill in the cluster name. It should be unique among the clusters managed by the NSX-T.
+    clusterName: dummyClusterName
+    # Fill in the NSX manager IPs. If there is only one IP, the value should be like [dummyNSXIP1]
+    NSXManagers: [dummyNSXIP1, dummyNSXIP2, dummyNSXIP3]
+    # vhcPath is deprecated by vpcPath
+    # vhcPath: ""
+    # vpcPath is optional. It's for multi-tenancy isolation in NSX.
+    vpcPath: ""
+    # proxyEndpoints is optional. If proxyEndpoints.rest-api is set, NSXManagers will be ignored.
+    proxyEndpoints:
+      rest-api: []
+      nsx-rpc-fwd-proxy: []
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: nsx-cert
+  namespace: vmware-system-antrea
+type: kubernetes.io/tls
+data:
+  # One line base64 encoded data. Can be generated by command: cat tls.crt | base64 -w 0
+  tls.crt:
+  # One line base64 encoded data. Can be generated by command: cat tls.key | base64 -w 0
+  tls.key: