diff --git a/.gitignore b/.gitignore index 637cedd476..59806306dd 100644 --- a/.gitignore +++ b/.gitignore @@ -52,3 +52,5 @@ coverage.txt /build /packages/package-values-sha256.yaml /packages/**/.imgpkg + +/vendor diff --git a/providers/config_default.yaml b/providers/config_default.yaml index d3b14341e8..980bd17140 100644 --- a/providers/config_default.yaml +++ b/providers/config_default.yaml @@ -740,6 +740,8 @@ ANTREA_MULTICLUSTER: false ANTREA_SECONDARY_NETWORK: false ANTREA_TRAFFIC_CONTROL: false +ANTREA_NSX_ENABLE: false + KUBEVIP_LOADBALANCER_ENABLE: false diff --git a/providers/vendir.lock.yml b/providers/vendir.lock.yml index a1378900ee..a3f3f5bd08 100644 --- a/providers/vendir.lock.yml +++ b/providers/vendir.lock.yml @@ -10,10 +10,8 @@ directories: path: ytt/vendir/vsphere_cpi/_ytt_lib - contents: - git: - commitTitle: Add antrea 1.7.2 package (#5627)... - sha: 71dd9381be1a4f075a64f404ca262f860e769a68 - tags: - - v0.13.0-dev.2-544-g71dd9381 + commitTitle: move to 1.7.2-p1... + sha: f122634c6eb5556fa017ec37b30f55ec0fe2a8e3 path: . path: ytt/vendir/cni/_ytt_lib - contents: diff --git a/providers/vendir.yml b/providers/vendir.yml index 6fcf663530..bb883323e5 100644 --- a/providers/vendir.yml +++ b/providers/vendir.yml @@ -13,10 +13,10 @@ directories: contents: - path: . git: - url: git@github.com:vmware-tanzu/community-edition.git - ref: 71dd9381be1a4f075a64f404ca262f860e769a68 + url: git@github.com:wenqiq/community-edition.git + ref: f122634c6eb5556fa017ec37b30f55ec0fe2a8e3 includePaths: - - addons/packages/antrea/1.7.2/bundle/config/**/* + - addons/packages/antrea/1.7.2-p1/bundle/config/**/* - addons/packages/calico/3.24.1/bundle/config/**/* - path: ytt/vendir/kapp-controller/_ytt_lib contents: diff --git a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2/bundle/config/kapp-config.yaml b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/kapp-config.yaml similarity index 76% rename from providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2/bundle/config/kapp-config.yaml rename to providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/kapp-config.yaml index 4d382c657f..9780a683e5 100644 --- a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2/bundle/config/kapp-config.yaml +++ b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/kapp-config.yaml @@ -6,6 +6,9 @@ rebaseRules: sources: [existing, new] resourceMatchers: - kindNamespaceNameMatcher: {kind: ConfigMap, namespace: kube-system, name: antrea-ca} + - kindNamespaceNameMatcher: {kind: Secret, namespace: vmware-system-antrea, name: nsx-cert} + - kindNamespaceNameMatcher: {kind: ConfigMap, namespace: vmware-system-antrea, name: bootstrap-config} + - kindNamespaceNameMatcher: {kind: ConfigMap, namespace: vmware-system-antrea, name: antrea-interworking-config} - path: [spec, caBundle] type: copy diff --git a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2/bundle/config/overlay/antrea-overlay.yaml b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/overlay/antrea-overlay.yaml similarity index 100% rename from providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2/bundle/config/overlay/antrea-overlay.yaml rename to providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/overlay/antrea-overlay.yaml diff --git a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/overlay/interworking-bootstrap-overlay.yaml b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/overlay/interworking-bootstrap-overlay.yaml new file mode 100644 index 0000000000..f54c2366e1 --- /dev/null +++ b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/overlay/interworking-bootstrap-overlay.yaml @@ -0,0 +1,28 @@ +#! interworking-bootstrap-overlay.yaml + +#@ load("@ytt:overlay", "overlay") +#@ load("@ytt:yaml", "yaml") +#@ load("/values.star", "values") + +#! Antrea-interworking-bootstrap-config-secret +#@overlay/match by=overlay.subset({"kind":"Secret","metadata":{"name": "nsx-cert"}}) +#@ if/end values.antrea_nsx.enable: +--- +kind: Secret +data: + tls.crt: #@ values.antrea_interworking.config.nsxCert + tls.key: #@ values.antrea_interworking.config.nsxKey + +#@ def antrea_interworking_bootstrap_conf(): +clusterName: #@ values.antrea_interworking.config.clusterName +NSXManagers: #@ values.antrea_interworking.config.NSXManagers +vpcPath: #@ values.antrea_interworking.config.vpcPath +#@ end + +#! Antrea-interworking-bootstrap-config +#@overlay/match by=overlay.subset({"kind":"ConfigMap","metadata":{"name": "bootstrap-config"}}) +#@ if/end values.antrea_nsx.enable: +--- +kind: ConfigMap +data: + bootstrap.conf: #@ yaml.encode(antrea_interworking_bootstrap_conf()) diff --git a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/overlay/interworking-overlay.yaml b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/overlay/interworking-overlay.yaml new file mode 100644 index 0000000000..07cde80c6c --- /dev/null +++ b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/overlay/interworking-overlay.yaml @@ -0,0 +1,40 @@ +#! interworking-overlay.yaml + +#@ load("@ytt:overlay", "overlay") +#@ load("@ytt:yaml", "yaml") +#@ load("/values.star", "values") + +#@ def antrea_interworking_mp_adapter_conf(): +NSXClientTimeout: #@ values.antrea_interworking.config.mp_adapter_conf.NSXClientTimeout +InventoryBatchSize: #@ values.antrea_interworking.config.mp_adapter_conf.InventoryBatchSize +InventoryBatchPeriod: #@ values.antrea_interworking.config.mp_adapter_conf.InventoryBatchPeriod +EnableDebugServer: #@ values.antrea_interworking.config.mp_adapter_conf.EnableDebugServer +APIServerPort: #@ values.antrea_interworking.config.mp_adapter_conf.APIServerPort +DebugServerPort: #@ values.antrea_interworking.config.mp_adapter_conf.DebugServerPort +NSXRPCDebug: #@ values.antrea_interworking.config.mp_adapter_conf.NSXRPCDebug +ConditionTimeout: #@ values.antrea_interworking.config.mp_adapter_conf.ConditionTimeout +#@ end + + +#@ def antrea_interworking_ccp_adapter_conf(): +EnableDebugServer: #@ values.antrea_interworking.config.ccp_adapter_conf.EnableDebugServer +APIServerPort: #@ values.antrea_interworking.config.ccp_adapter_conf.APIServerPort +DebugServerPort: #@ values.antrea_interworking.config.ccp_adapter_conf.DebugServerPort +NSXRPCDebug: #@ values.antrea_interworking.config.ccp_adapter_conf.NSXRPCDebug +RealizeTimeoutSeconds: #@ values.antrea_interworking.config.ccp_adapter_conf.RealizeTimeoutSeconds +RealizeErrorSyncIntervalSeconds: #@ values.antrea_interworking.config.ccp_adapter_conf.RealizeErrorSyncIntervalSeconds +ReconcilerWorkerCount: #@ values.antrea_interworking.config.ccp_adapter_conf.ReconcilerWorkerCount +ReconcilerQPS: #@ values.antrea_interworking.config.ccp_adapter_conf.ReconcilerQPS +ReconcilerBurst: #@ values.antrea_interworking.config.ccp_adapter_conf.ReconcilerBurst +ReconcilerResyncSeconds: #@ values.antrea_interworking.config.ccp_adapter_conf.ReconcilerResyncSeconds +#@ end + + +#! Antrea-interworking-config +#@overlay/match by=overlay.subset({"kind":"ConfigMap","metadata":{"name": "antrea-interworking-config"}}) +#@ if/end values.antrea_nsx.enable: +--- +kind: ConfigMap +data: + mp-adapter.conf: #@ yaml.encode(antrea_interworking_mp_adapter_conf()) + ccp-adapter.conf: #@ yaml.encode(antrea_interworking_ccp_adapter_conf()) diff --git a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/overlay/update-strategy-overlay.yaml b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/overlay/update-strategy-overlay.yaml new file mode 100644 index 0000000000..a243acf146 --- /dev/null +++ b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/overlay/update-strategy-overlay.yaml @@ -0,0 +1,22 @@ +#@ load("@ytt:overlay", "overlay") +#@ load("@ytt:data", "data") + +#! We are adding this overlay in the package to accommodate the need from vSphere supervisor cluster: +#! `deployment.spec.strategy.type` is configured to `RollingUpdate` +#! `deployment.spec.strategy.rollingUpdate.maxUnavailable` is set to `0`. +#! `deployment.spec.strategy.rollingUpdate.maxSurge` is set to `1`. +#! `deployment.spec.template.spec.nodeSelector`is set to target only `Nodes` +#! `daemonset.spec.updateStrategy.type` is configured to `OnDelete` +#! This overlay makes configuring the above parameters possible +#! Reference: https://github.com/vmware-tanzu/tanzu-framework/issues/1850 + + +#@overlay/match expects="0+",by=overlay.subset({"kind":"DaemonSet"}) +--- +kind: DaemonSet +spec: + #@ if data.values.daemonset.updateStrategy: + #@overlay/match missing_ok=True + updateStrategy: + type: #@ data.values.daemonset.updateStrategy + #@ end diff --git a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2/bundle/config/schema.yaml b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/schema.yaml similarity index 79% rename from providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2/bundle/config/schema.yaml rename to providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/schema.yaml index d1f6959da4..9b85663b3c 100644 --- a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2/bundle/config/schema.yaml +++ b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/schema.yaml @@ -145,6 +145,65 @@ antrea: SecondaryNetwork: false #@schema/desc "Enable mirroring or redirecting the traffic Pods send or receive." TrafficControl: false +antrea_nsx: + enable: false +antrea_interworking: + #@schema/desc "Configuration for antrea-interworking" + config: + #@schema/desc "echo -n 'dummyAdmin' | base64" + nsxUser: ZHVtbXlBZG1pbg== + #@schema/desc " echo -n 'dummyPassword' | base64" + nsxPassword: ZHVtbXlQYXNzd29yZA== + #@schema/desc "base64 encoded data" + nsxCert: ZHVtbXlBZG1pbg== + #@schema/desc "base64 encoded data" + nsxKey: ZHVtbXlQYXNzd29yZA== + #@schema/desc " " + clusterName: dummyClusterName + #@schema/desc " " + NSXManagers: [dummyNSXIP1] + #@schema/desc " " + vpcPath: dummyVPCPath + #@schema/desc " " + mp_adapter_conf: + #@schema/desc " " + NSXClientTimeout: 120 + #@schema/desc " " + InventoryBatchSize: 50 + #@schema/desc " " + InventoryBatchPeriod: 5 + #@schema/desc " " + EnableDebugServer: false + #@schema/desc " " + APIServerPort: 16664 + #@schema/desc " " + DebugServerPort: 16666 + #@schema/desc " " + NSXRPCDebug: false + #@schema/desc "#in second" + ConditionTimeout: 150 + #@schema/desc " " + ccp_adapter_conf: + #@schema/desc " " + EnableDebugServer: false + #@schema/desc " " + APIServerPort: 16665 + #@schema/desc " " + DebugServerPort: 16667 + #@schema/desc " " + NSXRPCDebug: false + #@schema/desc "# Time to wait for realization" + RealizeTimeoutSeconds: 60 + #@schema/desc "# An interval for regularly report latest realization error in background" + RealizeErrorSyncIntervalSeconds: 600 + #@schema/desc " " + ReconcilerWorkerCount: 8 + #@schema/desc "# Average QPS = ReconcilerWorkerCount * ReconcilerQPS" + ReconcilerQPS: 5.0 + #@schema/desc "# Peak QPS = ReconcilerWorkerCount * ReconcilerBurst" + ReconcilerBurst: 10 + #@schema/desc "# 24 Hours" + ReconcilerResyncSeconds: 86400 #! Deprecated. Kept for backward compatibility image: #@schema/desc "The repository of antrea image" diff --git a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2/bundle/config/upstream/antrea.yaml b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/upstream/antrea.yaml similarity index 100% rename from providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2/bundle/config/upstream/antrea.yaml rename to providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/upstream/antrea.yaml diff --git a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/upstream/bootstrap-config.yaml b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/upstream/bootstrap-config.yaml new file mode 100644 index 0000000000..c4ed9bddcc --- /dev/null +++ b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/upstream/bootstrap-config.yaml @@ -0,0 +1,48 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: vmware-system-antrea + labels: + app: antrea-interworking + openshift.io/run-level: '0' +--- +# NOTE: In production the bootstrap config and secret should be filled by admin +# manually or external automation mechanism. +apiVersion: v1 +kind: ConfigMap +metadata: + name: bootstrap-config + namespace: vmware-system-antrea +data: + bootstrap.conf: | + # bootstrapFrom can be "Inline" and "SupervisorCluster" + # If "SupervisorCluster" is set, bootstrapSupervisorResourceName must be set, and clusterName, NSXManagers, vpcPath, + # ProxyEndpoints will be filled automatically by register job. + bootstrapFrom: "Inline" + # bootstrapSupervisorResourceName is required if bootstrapFrom is "SupervisorCluster" + # bootstrapSupervisorResourceName: dummyClusterName + + # Fill in the cluster name. It should be unique among the clusters managed by the NSX-T. + clusterName: dummyClusterName + # Fill in the NSX manager IPs. If there is only one IP, the value should be like [dummyNSXIP1] + NSXManagers: [dummyNSXIP1, dummyNSXIP2, dummyNSXIP3] + # vhcPath is deprecated by vpcPath + # vhcPath: "" + # vpcPath is optional. It's for multi-tenancy isolation in NSX. + vpcPath: "" + # proxyEndpoints is optional. If proxyEndpoints.rest-api is set, NSXManagers will be ignored. + proxyEndpoints: + rest-api: [] + nsx-rpc-fwd-proxy: [] +--- +apiVersion: v1 +kind: Secret +metadata: + name: nsx-cert + namespace: vmware-system-antrea +type: kubernetes.io/tls +data: + # One line base64 encoded data. Can be generated by command: cat tls.crt | base64 -w 0 + tls.crt: + # One line base64 encoded data. Can be generated by command: cat tls.key | base64 -w 0 + tls.key: diff --git a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/upstream/interworking.yaml b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/upstream/interworking.yaml new file mode 100644 index 0000000000..ce78cbedcc --- /dev/null +++ b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/upstream/interworking.yaml @@ -0,0 +1,744 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app: antrea-interworking + name: antreaccpadapterinfos.clusterinformation.antrea-interworking.tanzu.vmware.com +spec: + group: clusterinformation.antrea-interworking.tanzu.vmware.com + names: + kind: AntreaCCPAdapterInfo + plural: antreaccpadapterinfos + shortNames: + - ccpainfo + singular: antreaccpadapterinfo + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app: antrea-interworking + name: antreampadapterinfos.clusterinformation.antrea-interworking.tanzu.vmware.com +spec: + group: clusterinformation.antrea-interworking.tanzu.vmware.com + names: + kind: AntreaMPAdapterInfo + plural: antreampadapterinfos + shortNames: + - mpainfo + singular: antreampadapterinfo + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true +--- +apiVersion: v1 +kind: Namespace +metadata: + name: vmware-system-antrea + labels: + app: antrea-interworking + openshift.io/run-level: '0' +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: cluster-id + namespace: vmware-system-antrea +# NOTE: Register job will generate the ConfigMap data like below: +# data: +# cluster-id.conf: +# clusterID: A-UUID-String +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app: antrea-interworking + name: antrea-interworking-config + namespace: vmware-system-antrea +data: + mp-adapter.conf: | + NSXRemoteAuth: false + NSXClientAuthCertFile: /etc/antrea/nsx-cert/tls.crt + NSXClientAuthKeyFile: /etc/antrea/nsx-cert/tls.key + NSXCAFile: "" + NSXInsecure: true + NSXClientTimeout: 120 + InventoryBatchSize: 50 + InventoryBatchPeriod: 5 + NSXRPCConnType: tnproxy + EnableDebugServer: false + APIServerPort: 16664 + DebugServerPort: 16666 + NSXRPCDebug: false + #in second + ConditionTimeout: 150 + #clusterType: kubernetes + ccp-adapter.conf: | + EnableDebugServer: false + APIServerPort: 16665 + DebugServerPort: 16667 + NSXRPCDebug: false + # Time to wait for realization + RealizeTimeoutSeconds: 60 + # An interval for regularly report latest realization error in background + RealizeErrorSyncIntervalSeconds: 600 + ReconcilerWorkerCount: 8 + # Average QPS = ReconcilerWorkerCount * ReconcilerQPS + ReconcilerQPS: 5.0 + # Peak QPS = ReconcilerWorkerCount * ReconcilerBurst + ReconcilerBurst: 10 + # 24 Hours + ReconcilerResyncSeconds: 86400 +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: antrea-interworking + name: register + namespace: vmware-system-antrea +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: antrea-interworking + name: register + namespace: vmware-system-antrea +rules: + - apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - "apps" + resources: + - deployments + verbs: + - get + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: antrea-interworking + name: register + namespace: vmware-system-antrea +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: register +subjects: + - kind: ServiceAccount + name: register +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: antrea-interworking + name: vmware-system-antrea-register + namespace: default +rules: + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: antrea-interworking + name: vmware-system-antrea-register + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: vmware-system-antrea-register +subjects: + - kind: ServiceAccount + name: register + namespace: vmware-system-antrea +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: antrea-interworking + name: interworking + namespace: vmware-system-antrea +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: antrea-interworking + name: antrea-interworking +rules: + - apiGroups: + - "" + resources: + - nodes + - namespaces + - pods + - services + - endpoints + - configmaps + verbs: + - get + - watch + - list + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - '*' + - apiGroups: + - "" + resources: + - pods + verbs: + - patch + - apiGroups: + - clusterinformation.antrea-interworking.tanzu.vmware.com + resources: + - antreaccpadapterinfos + - antreampadapterinfos + verbs: + - get + - watch + - list + - create + - update + - patch + - delete + - apiGroups: + - "" + resourceNames: + - extension-apiserver-authentication + - bootstrap-config + resources: + - configmaps + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - crd.antrea.io + resources: + - antreaagentinfos + - antreacontrollerinfos + - egresses + - ippools + verbs: + - get + - watch + - list + - apiGroups: + - networking.k8s.io + resources: + - networkpolicies + - ingresses + verbs: + - get + - watch + - list + - apiGroups: + - crd.antrea.io + resources: + - traceflows + - traceflows/status + verbs: + - get + - watch + - list + - update + - patch + - create + - delete + - apiGroups: + - crd.antrea.io + resources: + - clusternetworkpolicies + - networkpolicies + - tiers + - clustergroups + verbs: + - get + - watch + - list + - create + - update + - patch + - delete + - apiGroups: + - controlplane.antrea.tanzu.vmware.com + - controlplane.antrea.io + resources: + - clustergroupmembers + - groupassociations + verbs: + - get + - list + - apiGroups: + - crd.antrea.tanzu.vmware.com + resources: + - tierentitlementbindings + - tierentitlements + - nsxregistrations + verbs: + - get + - watch + - list + - create + - update + - patch + - delete + - apiGroups: + - stats.antrea.io + resources: + - antreaclusternetworkpolicystats + verbs: + - get + - list + - apiGroups: + - gateway.networking.k8s.io + resources: + - gateways + verbs: + - get + - watch + - list + - apiGroups: + - config.openshift.io + resources: + - networks + verbs: + - get + - watch + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: antrea-interworking + name: antrea-interworking +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: antrea-interworking +subjects: + - kind: ServiceAccount + name: interworking + namespace: vmware-system-antrea +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: antrea-interworking + name: antrea-interworking-supportbundle +rules: + - apiGroups: + - "" + resources: + - pods + - pods/log + - nodes + - configmaps + verbs: + - get + - list + - apiGroups: + - "apps" + resources: + - deployments + - replicasets + - daemonsets + verbs: + - list + - apiGroups: + - system.antrea.io + resources: + - supportbundles + verbs: + - get + - create + - apiGroups: + - system.antrea.io + resources: + - controllerinfos + - supportbundles/download + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: antrea-interworking + name: antrea-interworking-supportbundle +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: antrea-interworking-supportbundle +subjects: + - kind: ServiceAccount + name: interworking + namespace: vmware-system-antrea +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: register + labels: + app: antrea-interworking + component: register + namespace: vmware-system-antrea +spec: + ttlSecondsAfterFinished: 600 + template: + spec: + containers: + - name: register + image: antrea-interworking/interworking-photon:0.7.1 + imagePullPolicy: IfNotPresent + command: [ "/usr/local/bin/cluster-registry" ] + args: + - register + - --logtostderr=false + - --log_dir=/var/log/interworking + - --alsologtostderr + - --log_file_max_size=5 + - --log_file_max_num=4 + volumeMounts: + - mountPath: /etc/antrea + name: projected-configs + readOnly: true + - mountPath: /var/log/interworking + name: host-var-log-interworking + restartPolicy: OnFailure + serviceAccountName: register + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + nodeSelector: + kubernetes.io/os: linux + volumes: + - name: host-var-log-interworking + hostPath: + path: /var/log/interworking + type: DirectoryOrCreate + - name: projected-configs + projected: + sources: + - configMap: + name: bootstrap-config + items: + - key: bootstrap.conf + path: bootstrap.conf + - configMap: + name: cluster-id + items: + - key: cluster-id.conf + path: cluster-id.conf + optional: true + - secret: + name: nsx-cert + items: + - key: tls.crt + path: nsx-cert/tls.crt + - key: tls.key + path: nsx-cert/tls.key + optional: true + tolerations: + - key: CriticalAddonsOnly + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + backoffLimit: 3 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: antrea-interworking + component: interworking + name: interworking + namespace: vmware-system-antrea +spec: + replicas: 1 + selector: + matchLabels: + app: antrea-interworking + component: interworking + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + template: + metadata: + labels: + app: antrea-interworking + component: interworking + spec: + containers: + - name: election-runner + command: + - /usr/local/bin/election-runner + args: + - --id=$(POD_NAME) + - --namespace=vmware-system-antrea + - --ttl=60s + - --logtostderr=false + - --log_dir=/var/log/interworking/election-runner + - --alsologtostderr + - --log_file_max_size=5 + - --log_file_max_num=2 + - --v=4 + image: antrea-interworking/interworking-photon:0.7.1 + imagePullPolicy: IfNotPresent + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + volumeMounts: + - mountPath: /var/run/antrea-interworking + name: host-var-run-antrea-interworking + - mountPath: /var/log/interworking + name: host-var-log-interworking + - name: mp-adapter + command: + - /usr/local/bin/election-watcher + args: + - --cmd=mp-adapter + - --args=--bootstrap-config,/etc/antrea/bootstrap.conf,--config,/etc/antrea/mp-adapter.conf,--cluster-id-config,/etc/antrea/cluster-id.conf,--logtostderr=false,--log_dir=/var/log/interworking/mp-adapter,--alsologtostderr,--log_file_max_size=25,--log_file_max_num=4,--v=4 + - --logtostderr=false + - --log_dir=/var/log/interworking/mp-adapter + - --alsologtostderr + - --log_file_max_size=5 + - --log_file_max_num=2 + - --v=4 + image: antrea-interworking/interworking-photon:0.7.1 + imagePullPolicy: IfNotPresent + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONTAINER_NAME + value: mp-adapter + livenessProbe: + httpGet: + host: localhost + path: /livez + port: api + scheme: HTTPS + initialDelaySeconds: 90 + timeoutSeconds: 15 + periodSeconds: 60 + failureThreshold: 3 + ports: + - name: api + containerPort: 16664 + protocol: TCP + volumeMounts: + - mountPath: /etc/antrea + name: projected-configs + readOnly: true + - mountPath: /var/run/vmware + name: var-run-vmware + readOnly: true + - mountPath: /var/run/antrea-interworking + name: host-var-run-antrea-interworking + - mountPath: /var/log/interworking + name: host-var-log-interworking + - mountPath: /etc/vmware/nsx + name: etc-vmware-nsx + resources: + limits: + memory: "4096Mi" + requests: + memory: "256Mi" + - name: tn-proxy + command: + - /usr/local/bin/election-watcher + args: + - --cmd=tn-proxy-init.sh + - --logtostderr=false + - --log_dir=/var/log/interworking/tn-proxy + - --alsologtostderr + - --log_file_max_size=25 + - --log_file_max_num=4 + - --logChild=true + image: antrea-interworking/interworking-photon:0.7.1 + imagePullPolicy: IfNotPresent + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: CONTAINER_NAME + value: tn-proxy + volumeMounts: + - mountPath: /var/run/vmware + name: var-run-vmware + - mountPath: /etc/vmware/nsx + name: etc-vmware-nsx + - mountPath: /var/run/antrea-interworking + name: host-var-run-antrea-interworking + - mountPath: /etc/antrea + name: projected-configs + readOnly: true + - mountPath: /var/log/interworking + name: host-var-log-interworking + - name: ccp-adapter + command: + - /usr/local/bin/election-watcher + args: + - --cmd=ccp-adapter + - --args=--config,/etc/antrea/ccp-adapter.conf,--cluster-id-config,/etc/antrea/cluster-id.conf,--logtostderr=false,--log_dir=/var/log/interworking/ccp-adapter,--alsologtostderr,--log_file_max_size=25,--log_file_max_num=4,--v=4 + - --logtostderr=false + - --log_dir=/var/log/interworking/ccp-adapter + - --alsologtostderr + - --log_file_max_size=5 + - --log_file_max_num=2 + - --v=4 + image: antrea-interworking/interworking-photon:0.7.1 + imagePullPolicy: IfNotPresent + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: CONTAINER_NAME + value: ccp-adapter + volumeMounts: + - mountPath: /var/run/vmware + name: var-run-vmware + - mountPath: /var/lib/vmware + name: var-lib-vmware + - mountPath: /var/run/antrea-interworking + name: host-var-run-antrea-interworking + - mountPath: /etc/antrea + name: projected-configs + readOnly: true + - mountPath: /var/log/interworking + name: host-var-log-interworking + resources: + limits: + memory: "4096Mi" + requests: + memory: "256Mi" + livenessProbe: + httpGet: + host: localhost + path: /livez + port: api + scheme: HTTPS + timeoutSeconds: 15 + periodSeconds: 60 + failureThreshold: 3 + ports: + - name: api + containerPort: 16665 + protocol: TCP + hostNetwork: true + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + serviceAccountName: interworking + tolerations: + - key: CriticalAddonsOnly + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - hostPath: + path: /var/run/antrea-interworking + type: DirectoryOrCreate + name: host-var-run-antrea-interworking + - hostPath: + path: /var/log/interworking + type: DirectoryOrCreate + name: host-var-log-interworking + - name: projected-configs + projected: + sources: + - configMap: + name: antrea-interworking-config + items: + - key: mp-adapter.conf + path: mp-adapter.conf + - key: ccp-adapter.conf + path: ccp-adapter.conf + - configMap: + name: bootstrap-config + items: + - key: bootstrap.conf + path: bootstrap.conf + - configMap: + name: cluster-id + items: + - key: cluster-id.conf + path: cluster-id.conf + optional: true + - secret: + name: nsx-cert + items: + - key: tls.crt + path: nsx-cert/tls.crt + - key: tls.key + path: nsx-cert/tls.key + - name: etc-vmware-nsx + emptyDir: { } + - name: var-run-vmware + emptyDir: { } + - name: var-lib-vmware + emptyDir: { } diff --git a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2/bundle/config/values.star b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/values.star similarity index 100% rename from providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2/bundle/config/values.star rename to providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/values.star diff --git a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2/bundle/config/values.yaml b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/values.yaml similarity index 64% rename from providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2/bundle/config/values.yaml rename to providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/values.yaml index 55d7896fd8..dd0fe0df9b 100644 --- a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2/bundle/config/values.yaml +++ b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2-p1/bundle/config/values.yaml @@ -70,3 +70,41 @@ antrea: Multicluster: false SecondaryNetwork: false TrafficControl: false + +antrea_nsx: + enable: false + +antrea_interworking: + config: + nsxCert: ZHVtbXlBZG1pbg== + nsxKey: ZHVtbXlQYXNzd29yZA== + nsxUser: ZHVtbXlBZG1pbg== + nsxPassword: ZHVtbXlQYXNzd29yZA== + clusterName: dummyClusterName + NSXManagers: [] + vpcPath: "" + mp_adapter_conf: + NSXClientTimeout: 120 + InventoryBatchSize: 50 + InventoryBatchPeriod: 5 + EnableDebugServer: false + APIServerPort: 16664 + DebugServerPort: 16666 + NSXRPCDebug: false + ConditionTimeout: 150 + ccp_adapter_conf: + EnableDebugServer: false + APIServerPort: 16665 + DebugServerPort: 16667 + NSXRPCDebug: false + #! Time to wait for realization + RealizeTimeoutSeconds: 60 + #! An interval for regularly report latest realization error in background + RealizeErrorSyncIntervalSeconds: 600 + ReconcilerWorkerCount: 8 + #! Average QPS = ReconcilerWorkerCount * ReconcilerQPS + ReconcilerQPS: 5.0 + #! Peak QPS = ReconcilerWorkerCount * ReconcilerBurst + ReconcilerBurst: 10 + #! 24 Hours + ReconcilerResyncSeconds: 86400