diff --git a/addons/controllers/antrea/antreaconfig_controller.go b/addons/controllers/antrea/antreaconfig_controller.go index 0818505dc5..791c45ddaf 100644 --- a/addons/controllers/antrea/antreaconfig_controller.go +++ b/addons/controllers/antrea/antreaconfig_controller.go @@ -202,13 +202,6 @@ func (r *AntreaConfigReconciler) ReconcileAntreaConfigNormal( return err } - if antreaConfig.Spec.AntreaNsx.BootstrapFrom.ProviderRef != nil && antreaConfig.Spec.AntreaNsx.BootstrapFrom.Inline != nil { - err := fmt.Errorf("providerRef and inline should not be both set in AntreaConfig.spec.antreaNsx.bootstrapFrom") - antreaConfig.Status.Message = err.Error() - } else { - // clear the message here. - antreaConfig.Status.Message = "" - } // update status.secretRef dataValueSecretName := util.GenerateDataValueSecretName(cluster.Name, constants.AntreaAddonName) antreaConfig.Status.SecretRef = dataValueSecretName @@ -329,21 +322,11 @@ func (r *AntreaConfigReconciler) ensureProviderServiceAccount(ctx context.Contex } func (r *AntreaConfigReconciler) registerAntreaNSX(ctx context.Context, antreaConfig *cniv1alpha2.AntreaConfig, cluster *clusterapiv1beta1.Cluster) error { - if !antreaConfig.Spec.AntreaNsx.Enable || antreaConfig.Spec.AntreaNsx.BootstrapFrom.Inline != nil { + if !antreaConfig.Spec.AntreaNsx.Enable || antreaConfig.Spec.AntreaNsx.AntreaNsxConfig.BootstrapFrom == bootstrapFromInline { r.Log.Info("antreaNsx is not enabled or inline is set, there is no ProviderServiceAccount or NsxServiceAccount to be created") r.deregisterAntreaNSX(ctx, antreaConfig, cluster) return nil } - if antreaConfig.Spec.AntreaNsx.BootstrapFrom.ProviderRef != nil { - if strings.ToLower(antreaConfig.Spec.AntreaNsx.BootstrapFrom.ProviderRef.Kind) != nsxServiceAccountKind || - strings.ToLower(antreaConfig.Spec.AntreaNsx.BootstrapFrom.ProviderRef.ApiGroup) != nsxServiceAccountAPIGroup { - err := fmt.Errorf("either ProviderRef.Kind(%s) or ProviderRef.ApiGroup(%s) is invalid, expcted:ProviderRef.Kind(%s) ProviderRef.ApiGroup(%s)", - antreaConfig.Spec.AntreaNsx.BootstrapFrom.ProviderRef.Kind, antreaConfig.Spec.AntreaNsx.BootstrapFrom.ProviderRef.ApiGroup, - nsxServiceAccountKind, nsxServiceAccountAPIGroup) - antreaConfig.Status.Message = err.Error() - return err - } - } antreaConfig.Status.Message = "" err := r.ensureProviderServiceAccount(ctx, antreaConfig, cluster) if err != nil { diff --git a/addons/controllers/antrea/antreaconfig_util.go b/addons/controllers/antrea/antreaconfig_util.go index 9fb55f6a5a..c160dfee7e 100644 --- a/addons/controllers/antrea/antreaconfig_util.go +++ b/addons/controllers/antrea/antreaconfig_util.go @@ -6,6 +6,7 @@ package controllers import ( "context" "fmt" + "reflect" "strings" "github.com/pkg/errors" @@ -24,6 +25,11 @@ import ( cniv1alpha2 "github.com/vmware-tanzu/tanzu-framework/apis/addonconfigs/cni/v1alpha2" ) +const ( + bootstrapFromInline = "Inline" + bootstrapFromSupervisorCluster = "SupervisorCluster" +) + // AntreaConfigSpec defines the desired state of AntreaConfig type AntreaConfigSpec struct { InfraProvider string `yaml:"infraProvider"` @@ -36,42 +42,65 @@ type antrea struct { } type antreaNsx struct { - Enable bool `yaml:"enable,omitempty"` - BootstrapFrom antreaNsxBootstrapFrom `yaml:"bootstrapFrom,omitempty"` - AntreaNsxConfig antreaNsxConfig `yaml:"config,omitempty"` -} - -type antreaNsxBootstrapFrom struct { - // ProviderRef is used with uTKG, which will be filled by NCP operator - ProviderRef *antreaNsxProvider `yaml:"providerRef,omitempty"` - // Inline is used with TKGm, user need to fill in manually - Inline *antreaNsxInline `yaml:"inline,omitempty"` + Enable bool `yaml:"enable,omitempty"` + AntreaNsxConfig antreaNsxConfig `yaml:"config,omitempty"` } -type antreaNsxProvider struct { - // Api version for nsxServiceAccount, its value is "nsx.vmware.com/v1alpha1" now - ApiVersion string `yaml:"apiVersion,omitempty"` - // Its value is NsxServiceAccount - Kind string `yaml:"kind,omitempty"` - // Name is the name for NsxServiceAccount - Name string `yaml:"name,omitempty"` +type antreaNsxConfig struct { + InfraType string `yaml:"infraType,omitempty"` + BootstrapFrom string `yaml:"bootstrapFrom,omitempty"` + BootstrapSupervisorResourceName string `yaml:"bootstrapSupervisorResourceName,omitempty"` + NSXCert string `yaml:"nsxCert,omitempty"` + NSXKey string `yaml:"nsxKey,omitempty"` + NSXUser string `yaml:"nsxUser,omitempty"` + NSXPassword string `yaml:"nsxPassword,omitempty"` + ClusterName string `yaml:"clusterName,omitempty"` + NSXManagers []string `yaml:"NSXManagers,omitempty"` + VPCPath []string `yaml:"vpcPath,omitempty"` + ProxyEndpoints proxyEndpoints `yaml:"proxyEndpoints,omitempty"` + MpAdapterConf mpAdapterConf `yaml:"mp_adapter_conf,omitempty"` + CcpAdapterConf ccpAdapterConf `yaml:"ccp_adapter_conf,omitempty"` } -type nsxCertRef struct { - // TLSCert is cert file to access nsx manager - TLSCert string `yaml:"tls.crt,omitempty"` - // TLSKey is key file to access nsx manager - TLSKey string `yaml:"tls.key,omitempty"` +type proxyEndpoints struct { + RestApi []string `yaml:"rest_api,omitempty"` + NSXRpcFwdProxy []string `yaml:"nsx_rpc_fwd_proxy,omitempty"` } -type antreaNsxInline struct { - NsxManagers []string `yaml:"nsxManagers,omitempty"` - ClusterName string `yaml:"clusterName,omitempty"` - NsxCertRef nsxCertRef `yaml:"NsxCert,omitempty"` +type mpAdapterConf struct { + NSXClientAuthCertFile string `yaml:"NSXClientAuthCertFile,omitempty"` + NSXClientAuthKeyFile string `yaml:"NSXClientAuthKeyFile,omitempty"` + NSXRemoteAuth bool `yaml:"NSXRemoteAuth,omitempty"` + NSXCAFile string `yaml:"NSXCAFile,omitempty"` + NSXInsecure bool `yaml:"NSXInsecure,omitempty"` + NSXRPCConnType string `yaml:"NSXRPCConnType,omitempty"` + ClusterType string `yaml:"clusterType,omitempty"` + NSXClientTimeout int `yaml:"NSXClientTimeout,omitempty"` + InventoryBatchSize int `yaml:"InventoryBatchSize,omitempty"` + InventoryBatchPeriod int `yaml:"InventoryBatchPeriod,omitempty"` + EnableDebugServer bool `yaml:"EnableDebugServer,omitempty"` + APIServerPort int `yaml:"APIServerPort,omitempty"` + DebugServerPort int `yaml:"DebugServerPort,omitempty"` + NSXRPCDebug bool `yaml:"NSXRPCDebug,omitempty"` + ConditionTimeout int `yaml:"ConditionTimeout,omitempty"` } -type antreaNsxConfig struct { - InfraType string `yaml:"infraType,omitempty"` +type ccpAdapterConf struct { + EnableDebugServer bool `yaml:"EnableDebugServer,omitempty"` + APIServerPort int `yaml:"APIServerPort,omitempty"` + DebugServerPort int `yaml:"DebugServerPort,omitempty"` + NSXRPCDebug bool `yaml:"NSXRPCDebug,omitempty"` + // Time to wait for realization + RealizeTimeoutSeconds int `yaml:"RealizeTimeoutSeconds,omitempty"` + // An interval for regularly report latest realization error in background + RealizeErrorSyncIntervalSeconds int `yaml:"RealizeErrorSyncIntervalSeconds,omitempty"` + ReconcilerWorkerCount int `yaml:"ReconcilerWorkerCount,omitempty"` + // Average QPS = ReconcilerWorkerCount * ReconcilerQPS + ReconcilerQPS int `yaml:"ReconcilerQPS,omitempty"` + // Peak QPS = ReconcilerWorkerCount * ReconcilerBurst + ReconcilerBurst int `yaml:"ReconcilerBurst,omitempty"` + // #! 24 Hours + ReconcilerResyncSeconds int `yaml:"ReconcilerResyncSeconds,omitempty"` } type antreaEgress struct { @@ -299,27 +328,50 @@ func mapAntreaConfigSpec(cluster *clusterv1beta1.Cluster, config *cniv1alpha2.An // NSX related if semver.Compare(version, "1.9.0") >= 0 && config.Spec.AntreaNsx.Enable { configSpec.AntreaNsx.Enable = config.Spec.AntreaNsx.Enable - if config.Spec.AntreaNsx.BootstrapFrom.Inline != nil { - configSpec.AntreaNsx.BootstrapFrom.Inline.NsxManagers = config.Spec.AntreaNsx.BootstrapFrom.Inline.NsxManagers - configSpec.AntreaNsx.BootstrapFrom.Inline.ClusterName = config.Spec.AntreaNsx.BootstrapFrom.Inline.ClusterName + switch config.Spec.AntreaNsx.AntreaNsxConfig.BootstrapFrom { + case bootstrapFromInline: + configSpec.AntreaNsx.AntreaNsxConfig.NSXManagers = config.Spec.AntreaNsx.AntreaNsxConfig.NSXManagers + configSpec.AntreaNsx.AntreaNsxConfig.ClusterName = config.Spec.AntreaNsx.AntreaNsxConfig.ClusterName // NSX cert secret, err := getNSXCert(client, config.Name, config.Namespace) if err != nil { return configSpec, err } - configSpec.AntreaNsx.BootstrapFrom.Inline.NsxCertRef.TLSCert = string(secret.Data["tls.crt"]) - configSpec.AntreaNsx.BootstrapFrom.Inline.NsxCertRef.TLSKey = string(secret.Data["tls.key"]) - } else if config.Spec.AntreaNsx.BootstrapFrom.ProviderRef != nil { - configSpec.AntreaNsx.BootstrapFrom.ProviderRef.ApiVersion = config.Spec.AntreaNsx.BootstrapFrom.ProviderRef.ApiGroup - configSpec.AntreaNsx.BootstrapFrom.ProviderRef.Kind = config.Spec.AntreaNsx.BootstrapFrom.ProviderRef.Kind - configSpec.AntreaNsx.BootstrapFrom.ProviderRef.Name = config.Spec.AntreaNsx.BootstrapFrom.ProviderRef.Name + configSpec.AntreaNsx.AntreaNsxConfig.NSXCert = string(secret.Data["tls.crt"]) + configSpec.AntreaNsx.AntreaNsxConfig.NSXKey = string(secret.Data["tls.key"]) + configSpec.AntreaNsx.AntreaNsxConfig.VPCPath = config.Spec.AntreaNsx.AntreaNsxConfig.VPCPath + case bootstrapFromSupervisorCluster: + configSpec.AntreaNsx.AntreaNsxConfig.BootstrapSupervisorResourceName = config.Spec.AntreaNsx.AntreaNsxConfig.BootstrapSupervisorResourceName } + configSpec.AntreaNsx.AntreaNsxConfig.ProxyEndpoints.NSXRpcFwdProxy = config.Spec.AntreaNsx.AntreaNsxConfig.ProxyEndpoints.NSXRpcFwdProxy + configSpec.AntreaNsx.AntreaNsxConfig.ProxyEndpoints.RestApi = config.Spec.AntreaNsx.AntreaNsxConfig.ProxyEndpoints.RestApi + ccpConf := config.Spec.AntreaNsx.AntreaNsxConfig.CcpAdapterConf + if err := copyStructAtoB(ccpConf, &configSpec.AntreaNsx.AntreaNsxConfig.CcpAdapterConf); err != nil { + return configSpec, err + } + mpConf := config.Spec.AntreaNsx.AntreaNsxConfig.MpAdapterConf + if err := copyStructAtoB(mpConf, &configSpec.AntreaNsx.AntreaNsxConfig.MpAdapterConf); err != nil { + return configSpec, err + } } return configSpec, nil } +func copyStructAtoB(a interface{}, b interface{}) error { + va := reflect.ValueOf(a) + vb := reflect.ValueOf(b).Elem() + for i := 0; i < va.NumField(); i++ { + fieldA := va.Field(i) + fieldB := vb.FieldByName(va.Type().Field(i).Name) + if fieldB.IsValid() && fieldA.Type() == fieldB.Type() { + fieldB.Set(fieldA) + } + } + return nil +} + func getNSXCert(client client.Client, secretName, secretNamespace string) (secret *corev1.Secret, err error) { secret = &corev1.Secret{} if err := client.Get(context.TODO(), types.NamespacedName{ diff --git a/addons/controllers/antrea/antreaconfig_util_test.go b/addons/controllers/antrea/antreaconfig_util_test.go index c5902e5a97..c3592b410f 100644 --- a/addons/controllers/antrea/antreaconfig_util_test.go +++ b/addons/controllers/antrea/antreaconfig_util_test.go @@ -4,6 +4,8 @@ import ( "context" "testing" + "github.com/vmware-tanzu/tanzu-framework/apis/addonconfigs/cni/v1alpha2" + "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" corev1 "k8s.io/api/core/v1" @@ -46,3 +48,31 @@ func TestGetNSXCert(t *testing.T) { t.Error("returned secret missing tls.key field") } } + +func TestCopyStruct(t *testing.T) { + ccpConf := v1alpha2.CcpAdapterConf{ + EnableDebugServer: true, + APIServerPort: 1234, + } + descCcpAdapterConf := ccpAdapterConf{ + EnableDebugServer: false, + APIServerPort: 0, + } + err := copyStructAtoB(ccpConf, &descCcpAdapterConf) + require.NoError(t, err, "copy CcpAdapterConf values error") + assert.Equal(t, 1234, descCcpAdapterConf.APIServerPort) + assert.Equal(t, true, descCcpAdapterConf.EnableDebugServer) + + mpConf := v1alpha2.MpAdapterConf{ + NSXClientAuthCertFile: "fake-cert-file", + ConditionTimeout: 150, + } + descMpAdapterConf := mpAdapterConf{ + NSXClientAuthCertFile: "", + ConditionTimeout: 0, + } + err = copyStructAtoB(mpConf, &descMpAdapterConf) + require.NoError(t, err, "copy MpAdapterConf values error") + assert.Equal(t, "fake-cert-file", descMpAdapterConf.NSXClientAuthCertFile) + assert.Equal(t, 150, descMpAdapterConf.ConditionTimeout) +} diff --git a/apis/addonconfigs/cni/v1alpha2/antreaconfig_types.go b/apis/addonconfigs/cni/v1alpha2/antreaconfig_types.go index 67dd09bcb0..590cdd0c50 100644 --- a/apis/addonconfigs/cni/v1alpha2/antreaconfig_types.go +++ b/apis/addonconfigs/cni/v1alpha2/antreaconfig_types.go @@ -21,60 +21,60 @@ type Antrea struct { } type AntreaEgress struct { - //+ kubebuilder:validation:Optional + // + kubebuilder:validation:Optional EgressExceptCIDRs []string `json:"exceptCIDRs,omitempty"` } type AntreaNodePortLocal struct { - //+ kubebuilder:validation:Optional + // + kubebuilder:validation:Optional Enabled bool `json:"enabled,omitempty"` - //+ kubebuilder:validation:Optional + // + kubebuilder:validation:Optional PortRange string `json:"portRange,omitempty"` } type AntreaProxy struct { - //+ kubebuilder:validation:Optional + // + kubebuilder:validation:Optional ProxyAll bool `json:"proxyAll,omitempty"` - //+ kubebuilder:validation:Optional + // + kubebuilder:validation:Optional NodePortAddresses []string `json:"nodePortAddresses,omitempty"` - //+ kubebuilder:validation:Optional + // + kubebuilder:validation:Optional SkipServices []string `json:"skipServices,omitempty"` - //+ kubebuilder:validation:Optional + // + kubebuilder:validation:Optional ProxyLoadBalancerIPs bool `json:"proxyLoadBalancerIPs,omitempty"` } type AntreaFlowExporter struct { - //+ kubebuilder:validation:Optional + // + kubebuilder:validation:Optional CollectorAddress string `json:"collectorAddress,omitempty"` - //+ kubebuilder:validation:Optional + // + kubebuilder:validation:Optional PollInterval string `json:"pollInterval,omitempty"` - //+ kubebuilder:validation:Optional + // + kubebuilder:validation:Optional ActiveFlowTimeout string `json:"activeFlowTimeout,omitempty"` - //+ kubebuilder:validation:Optional + // + kubebuilder:validation:Optional IdleFlowTimeout string `json:"idleFlowTimeout,omitempty"` } type AntreaWireGuard struct { - //+ kubebuilder:validation:Optional + // + kubebuilder:validation:Optional Port int `json:"port,omitempty"` } type AntreaMultiCluster struct { - //+ kubebuilder:validation:Optional + // + kubebuilder:validation:Optional Enable bool `json:"enable,omitempty"` - //+ kubebuilder:validation:Optional + // + kubebuilder:validation:Optional Namespace string `json:"namespace,omitempty"` } type AntreaMulticast struct { - //+ kubebuilder:validation:Optional + // + kubebuilder:validation:Optional IGMPQueryInterval string `json:"igmpQueryInterval,omitempty"` } @@ -288,51 +288,169 @@ type AntreaNsx struct { // +kubebuilder:validation:Optional // +kubebuilder:default:=false Enable bool `json:"enable,omitempty"` - // BootstrapFrom either providerRef or inline configs - // +kubebuilder:validation:Optional - BootstrapFrom AntreaNsxBootstrapFrom `json:"bootstrapFrom,omitempty"` // Config is configuration for nsxt adapter // +kubebuilder:validation:Optional AntreaNsxConfig AntreaNsxConfig `json:"config,omitempty"` } -type AntreaNsxBootstrapFrom struct { - // ProviderRef is used with uTKG, which will be filled by uTKG Addon Controller +type AntreaNsxConfig struct { + // BootstrapFrom either providerRef or inline configs // +kubebuilder:validation:Optional - ProviderRef *AntreaNsxProvider `json:"providerRef,omitempty"` - // Inline is used with TKGm, user need to fill in manually + BootstrapFrom string `json:"bootstrapFrom,omitempty"` + // +kubebuilder:validation:Optional - Inline *AntreaNsxInline `json:"inline,omitempty"` -} + BootstrapSupervisorResourceName string `json:"bootstrapSupervisorResourceName,omitempty"` -type AntreaNsxProvider struct { - // Api version for nsxServiceAccount, its value is "nsx.vmware.com/v1alpha1" now + // InfraType is the type for infrastructure, so far it is vSphere, VMC, AWS, Azure // +kubebuilder:validation:Optional - ApiGroup string `json:"apigroup,omitempty"` - // Kind is the kind for crd, here its value is NsxServiceAccount + InfraType string `json:"infraType,omitempty"` + // +kubebuilder:validation:Optional - Kind string `json:"kind,omitempty"` - // Name is the name for NsxServiceAccount + NSXCert string `json:"nsxCert,omitempty"` + // +kubebuilder:validation:Optional - Name string `json:"name,omitempty"` -} + NSXKey string `json:"nsxKey,omitempty"` -type AntreaNsxInline struct { - // NsxManagers is the list for nsx managers, it can be either IP address or domain name // +kubebuilder:validation:Optional - NsxManagers []string `json:"nsxManagers,omitempty"` - // ClusterName is the name for the created cluster + NSXUser string `json:"nsxUser,omitempty"` + + // +kubebuilder:validation:Optional + NSXPassword string `json:"nsxPassword,omitempty"` + // +kubebuilder:validation:Optional ClusterName string `json:"clusterName,omitempty"` - // NsxCertName is cert files to access nsx manager + + // +kubebuilder:validation:Optional + NSXManagers []string `json:"NSXManagers,omitempty"` + + // +kubebuilder:validation:Optional + VPCPath []string `json:"vpcPath,omitempty"` + + // +kubebuilder:validation:Optional + ProxyEndpoints ProxyEndpoints `json:"proxyEndpoints,omitempty"` + + // +kubebuilder:validation:Optional + MpAdapterConf MpAdapterConf `json:"mp_adapter_conf,omitempty"` + // +kubebuilder:validation:Optional - NsxCertName string `json:"nsxCertName,omitempty"` + CcpAdapterConf CcpAdapterConf `json:"ccp_adapter_conf,omitempty"` } -type AntreaNsxConfig struct { - // InfraType is the type for infrastructure, so far it is vSphere, VMC, AWS, Azure +type ProxyEndpoints struct { // +kubebuilder:validation:Optional - InfraType string `json:"infraType,omitempty"` + RestApi []string `json:"rest_api,omitempty"` + + // +kubebuilder:validation:Optional + NSXRpcFwdProxy []string `json:"nsx_rpc_fwd_proxy,omitempty"` +} + +type MpAdapterConf struct { + // +kubebuilder:validation:Optional + // +kubebuilder:default:="/etc/antrea/nsx-cert/tls.crt" + NSXClientAuthCertFile string `json:"NSXClientAuthCertFile,omitempty"` + + // +kubebuilder:validation:Optional + // +kubebuilder:default:="/etc/antrea/nsx-cert/tls.key" + NSXClientAuthKeyFile string `json:"NSXClientAuthKeyFile,omitempty"` + + // +kubebuilder:validation:Optional + // +kubebuilder:default:=false + NSXRemoteAuth bool `json:"NSXRemoteAuth,omitempty"` + + // +kubebuilder:validation:Optional + // +kubebuilder:default:="" + NSXCAFile string `json:"NSXCAFile,omitempty"` + + // +kubebuilder:validation:Optional + // +kubebuilder:default:=true + NSXInsecure bool `json:"NSXInsecure,omitempty"` + + // +kubebuilder:validation:Optional + // +kubebuilder:default:="tnproxy" + NSXRPCConnType string `json:"NSXRPCConnType,omitempty"` + + // +kubebuilder:validation:Optional + // +kubebuilder:default:="kubernetes" + ClusterType string `json:"clusterType,omitempty"` + + // +kubebuilder:validation:Optional + // +kubebuilder:default:=120 + NSXClientTimeout int `json:"NSXClientTimeout,omitempty"` + + // +kubebuilder:validation:Optional + // +kubebuilder:default:=50 + InventoryBatchSize int `json:"InventoryBatchSize,omitempty"` + + // +kubebuilder:validation:Optional + // +kubebuilder:default:=5 + InventoryBatchPeriod int `json:"InventoryBatchPeriod,omitempty"` + + // +kubebuilder:validation:Optional + // +kubebuilder:default:=false + EnableDebugServer bool `json:"EnableDebugServer,omitempty"` + + // +kubebuilder:validation:Optional + // +kubebuilder:default:=16664 + APIServerPort int `json:"APIServerPort,omitempty"` + + // +kubebuilder:validation:Optional + // +kubebuilder:default:=16666 + DebugServerPort int `json:"DebugServerPort,omitempty"` + + // +kubebuilder:validation:Optional + // +kubebuilder:default:=false + NSXRPCDebug bool `json:"NSXRPCDebug,omitempty"` + + // +kubebuilder:validation:Optional + // +kubebuilder:default:=150 + ConditionTimeout int `json:"ConditionTimeout,omitempty"` +} + +type CcpAdapterConf struct { + // +kubebuilder:validation:Optional + // +kubebuilder:default:=false + EnableDebugServer bool `json:"EnableDebugServer,omitempty"` + + // +kubebuilder:validation:Optional + // +kubebuilder:default:=16665 + APIServerPort int `json:"APIServerPort,omitempty"` + + // +kubebuilder:validation:Optional + // +kubebuilder:default:=16667 + DebugServerPort int `json:"DebugServerPort,omitempty"` + + // +kubebuilder:validation:Optional + // +kubebuilder:default:=false + NSXRPCDebug bool `json:"NSXRPCDebug,omitempty"` + + // Time to wait for realization + // +kubebuilder:validation:Optional + // +kubebuilder:default:=60 + RealizeTimeoutSeconds int `json:"RealizeTimeoutSeconds,omitempty"` + + // An interval for regularly report latest realization error in background + // +kubebuilder:validation:Optional + // +kubebuilder:default:=600 + RealizeErrorSyncIntervalSeconds int `json:"RealizeErrorSyncIntervalSeconds,omitempty"` + + // +kubebuilder:validation:Optional + // +kubebuilder:default:=8 + ReconcilerWorkerCount int `json:"ReconcilerWorkerCount,omitempty"` + + // Average QPS = ReconcilerWorkerCount * ReconcilerQPS + // +kubebuilder:validation:Optional + // +kubebuilder:default:=5 + ReconcilerQPS int `json:"ReconcilerQPS,omitempty"` + + // Peak QPS = ReconcilerWorkerCount * ReconcilerBurst + // +kubebuilder:validation:Optional + // +kubebuilder:default:=10 + ReconcilerBurst int `json:"ReconcilerBurst,omitempty"` + + // #! 24 Hours + // +kubebuilder:validation:Optional + // +kubebuilder:default:=86400 + ReconcilerResyncSeconds int `json:"ReconcilerResyncSeconds,omitempty"` } // +kubebuilder:object:root=true diff --git a/apis/addonconfigs/cni/v1alpha2/zz_generated.deepcopy.go b/apis/addonconfigs/cni/v1alpha2/zz_generated.deepcopy.go index 23a63cc095..3f4e8b3d57 100644 --- a/apis/addonconfigs/cni/v1alpha2/zz_generated.deepcopy.go +++ b/apis/addonconfigs/cni/v1alpha2/zz_generated.deepcopy.go @@ -250,8 +250,7 @@ func (in *AntreaNodePortLocal) DeepCopy() *AntreaNodePortLocal { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AntreaNsx) DeepCopyInto(out *AntreaNsx) { *out = *in - in.BootstrapFrom.DeepCopyInto(&out.BootstrapFrom) - out.AntreaNsxConfig = in.AntreaNsxConfig + in.AntreaNsxConfig.DeepCopyInto(&out.AntreaNsxConfig) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AntreaNsx. @@ -265,135 +264,143 @@ func (in *AntreaNsx) DeepCopy() *AntreaNsx { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AntreaNsxBootstrapFrom) DeepCopyInto(out *AntreaNsxBootstrapFrom) { +func (in *AntreaNsxConfig) DeepCopyInto(out *AntreaNsxConfig) { *out = *in - if in.ProviderRef != nil { - in, out := &in.ProviderRef, &out.ProviderRef - *out = new(AntreaNsxProvider) - **out = **in + if in.NSXManagers != nil { + in, out := &in.NSXManagers, &out.NSXManagers + *out = make([]string, len(*in)) + copy(*out, *in) } - if in.Inline != nil { - in, out := &in.Inline, &out.Inline - *out = new(AntreaNsxInline) - (*in).DeepCopyInto(*out) + if in.VPCPath != nil { + in, out := &in.VPCPath, &out.VPCPath + *out = make([]string, len(*in)) + copy(*out, *in) } + in.ProxyEndpoints.DeepCopyInto(&out.ProxyEndpoints) + out.MpAdapterConf = in.MpAdapterConf + out.CcpAdapterConf = in.CcpAdapterConf } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AntreaNsxBootstrapFrom. -func (in *AntreaNsxBootstrapFrom) DeepCopy() *AntreaNsxBootstrapFrom { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AntreaNsxConfig. +func (in *AntreaNsxConfig) DeepCopy() *AntreaNsxConfig { if in == nil { return nil } - out := new(AntreaNsxBootstrapFrom) + out := new(AntreaNsxConfig) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AntreaNsxConfig) DeepCopyInto(out *AntreaNsxConfig) { +func (in *AntreaProxy) DeepCopyInto(out *AntreaProxy) { *out = *in + if in.NodePortAddresses != nil { + in, out := &in.NodePortAddresses, &out.NodePortAddresses + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.SkipServices != nil { + in, out := &in.SkipServices, &out.SkipServices + *out = make([]string, len(*in)) + copy(*out, *in) + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AntreaNsxConfig. -func (in *AntreaNsxConfig) DeepCopy() *AntreaNsxConfig { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AntreaProxy. +func (in *AntreaProxy) DeepCopy() *AntreaProxy { if in == nil { return nil } - out := new(AntreaNsxConfig) + out := new(AntreaProxy) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AntreaNsxInline) DeepCopyInto(out *AntreaNsxInline) { - *out = *in - if in.NsxManagers != nil { - in, out := &in.NsxManagers, &out.NsxManagers - *out = make([]string, len(*in)) +func (in AntreaProxyNodePortAddress) DeepCopyInto(out *AntreaProxyNodePortAddress) { + { + in := &in + *out = make(AntreaProxyNodePortAddress, len(*in)) copy(*out, *in) } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AntreaNsxInline. -func (in *AntreaNsxInline) DeepCopy() *AntreaNsxInline { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AntreaProxyNodePortAddress. +func (in AntreaProxyNodePortAddress) DeepCopy() AntreaProxyNodePortAddress { if in == nil { return nil } - out := new(AntreaNsxInline) + out := new(AntreaProxyNodePortAddress) in.DeepCopyInto(out) - return out + return *out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AntreaNsxProvider) DeepCopyInto(out *AntreaNsxProvider) { +func (in *AntreaWireGuard) DeepCopyInto(out *AntreaWireGuard) { *out = *in } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AntreaNsxProvider. -func (in *AntreaNsxProvider) DeepCopy() *AntreaNsxProvider { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AntreaWireGuard. +func (in *AntreaWireGuard) DeepCopy() *AntreaWireGuard { if in == nil { return nil } - out := new(AntreaNsxProvider) + out := new(AntreaWireGuard) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AntreaProxy) DeepCopyInto(out *AntreaProxy) { +func (in *CcpAdapterConf) DeepCopyInto(out *CcpAdapterConf) { *out = *in - if in.NodePortAddresses != nil { - in, out := &in.NodePortAddresses, &out.NodePortAddresses - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.SkipServices != nil { - in, out := &in.SkipServices, &out.SkipServices - *out = make([]string, len(*in)) - copy(*out, *in) - } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AntreaProxy. -func (in *AntreaProxy) DeepCopy() *AntreaProxy { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CcpAdapterConf. +func (in *CcpAdapterConf) DeepCopy() *CcpAdapterConf { if in == nil { return nil } - out := new(AntreaProxy) + out := new(CcpAdapterConf) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in AntreaProxyNodePortAddress) DeepCopyInto(out *AntreaProxyNodePortAddress) { - { - in := &in - *out = make(AntreaProxyNodePortAddress, len(*in)) - copy(*out, *in) - } +func (in *MpAdapterConf) DeepCopyInto(out *MpAdapterConf) { + *out = *in } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AntreaProxyNodePortAddress. -func (in AntreaProxyNodePortAddress) DeepCopy() AntreaProxyNodePortAddress { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MpAdapterConf. +func (in *MpAdapterConf) DeepCopy() *MpAdapterConf { if in == nil { return nil } - out := new(AntreaProxyNodePortAddress) + out := new(MpAdapterConf) in.DeepCopyInto(out) - return *out + return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AntreaWireGuard) DeepCopyInto(out *AntreaWireGuard) { +func (in *ProxyEndpoints) DeepCopyInto(out *ProxyEndpoints) { *out = *in + if in.RestApi != nil { + in, out := &in.RestApi, &out.RestApi + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.NSXRpcFwdProxy != nil { + in, out := &in.NSXRpcFwdProxy, &out.NSXRpcFwdProxy + *out = make([]string, len(*in)) + copy(*out, *in) + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AntreaWireGuard. -func (in *AntreaWireGuard) DeepCopy() *AntreaWireGuard { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyEndpoints. +func (in *ProxyEndpoints) DeepCopy() *ProxyEndpoints { if in == nil { return nil } - out := new(AntreaWireGuard) + out := new(ProxyEndpoints) in.DeepCopyInto(out) return out } diff --git a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/overlay/interworking-bootstrap-overlay.yaml b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/overlay/interworking-bootstrap-overlay.yaml index f54c2366e1..084dcbde00 100644 --- a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/overlay/interworking-bootstrap-overlay.yaml +++ b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/overlay/interworking-bootstrap-overlay.yaml @@ -4,19 +4,30 @@ #@ load("@ytt:yaml", "yaml") #@ load("/values.star", "values") + #! Antrea-interworking-bootstrap-config-secret #@overlay/match by=overlay.subset({"kind":"Secret","metadata":{"name": "nsx-cert"}}) -#@ if/end values.antrea_nsx.enable: +#@ if values.antrea_nsx.enable and values.antrea_interworking.config.bootstrapFrom == "Inline": --- kind: Secret data: tls.crt: #@ values.antrea_interworking.config.nsxCert tls.key: #@ values.antrea_interworking.config.nsxKey +#@ end + #@ def antrea_interworking_bootstrap_conf(): +#@ if values.antrea_interworking.config.bootstrapFrom == "Inline": clusterName: #@ values.antrea_interworking.config.clusterName NSXManagers: #@ values.antrea_interworking.config.NSXManagers vpcPath: #@ values.antrea_interworking.config.vpcPath +proxyEndpoints: + rest-api: #@ values.antrea_interworking.config.proxyEndpoints.rest_api + nsx-rpc-fwd-proxy: #@ values.antrea_interworking.config.proxyEndpoints.nsx_rpc_fwd_proxy +#@ end +#@ if values.antrea_interworking.config.bootstrapFrom == "SupervisorCluster": +bootstrapSupervisorResourceName: #@ values.antrea_interworking.config.bootstrapSupervisorResourceName +#@ end #@ end #! Antrea-interworking-bootstrap-config diff --git a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/overlay/update-strategy-overlay.yaml b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/overlay/update-strategy-overlay.yaml index 4610bec4ae..ab1be7728c 100644 --- a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/overlay/update-strategy-overlay.yaml +++ b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/overlay/update-strategy-overlay.yaml @@ -10,7 +10,7 @@ #! This overlay makes configuring the above parameters possible #! Reference: https://github.com/vmware-tanzu/tanzu-framework/issues/1850 -#@overlay/match expects="0+",by=overlay.subset({"kind":"Deployment", "metadata": {"name": "antrea-controller"}}) +#@overlay/match expects="0+",by=overlay.subset({"kind":"Deployment","metadata": {"name": "antrea-controller"}}) --- kind: Deployment spec: diff --git a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/schema.yaml b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/schema.yaml index c3feaaf3a6..2071cce7d3 100644 --- a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/schema.yaml +++ b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/schema.yaml @@ -30,7 +30,7 @@ antrea: egress: #@schema/desc "The CIDR ranges to which outbound Pod traffic will not be SNAT'd by Egresses." exceptCIDRs: - - "" + - "" nodePortLocal: #@schema/desc "Enable NodePortLocal feature." enabled: false @@ -42,7 +42,7 @@ antrea: proxyAll: false #@schema/desc "Specifies the host IPv4/IPv6 addresses for NodePort." nodePortAddresses: - - "" + - "" #@schema/desc "List of Services which should be ignored by AntreaProxy." skipServices: - "" @@ -177,9 +177,9 @@ antrea_interworking: #@schema/desc " " proxyEndpoints: #@schema/desc " " - rest-api: [fake-rest-api] + rest_api: [fakeRestApi] #@schema/desc " " - nsx-rpc-fwd-proxy: [fake-nsx-rpc-fwd-proxy] + nsx_rpc_fwd_proxy: [fakeNsxRpcFwdProxy] #@schema/desc " " mp_adapter_conf: #@schema/desc " " diff --git a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/values.yaml b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/values.yaml index 81b6a88fb6..f28070ec61 100644 --- a/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/values.yaml +++ b/providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/values.yaml @@ -87,10 +87,10 @@ antrea_interworking: NSXManagers: [] vpcPath: "" bootstrapFrom: Inline - bootstrapSupervisorResourceName: dummyClusterName + bootstrapSupervisorResourceName: fakeBootstrapSupervisorResourceName proxyEndpoints: - rest-api: [ ] - nsx-rpc-fwd-proxy: [ ] + rest_api: [ ] + nsx_rpc_fwd_proxy: [ ] mp_adapter_conf: NSXClientAuthCertFile: /etc/antrea/nsx-cert/tls.crt NSXClientAuthKeyFile: /etc/antrea/nsx-cert/tls.key