Add antrea 1.9.0 version (#4481)

Signed-off-by: Hang Yan <[email protected]>

addons/controllers/antrea/antreaconfig_util.go

@@ -121,6 +121,8 @@ type antreaConfigDataValue struct {
 	TransportInterfaceCIDRs  []string            `yaml:"transportInterfaceCIDRs,omitempty"`
 	MulticastInterfaces      []string            `yaml:"multicastInterfaces,omitempty"`
 	TunnelType               string              `yaml:"tunnelType,omitempty"`
+	TunnelPort               int                 `yaml:"tunnelPort,omitempty"`
+	TunnelCsum               bool                `yaml:"tunnelCsum,omitempty"`
 	TrafficEncryptionMode    string              `yaml:"trafficEncryptionMode,omitempty"`
 	EnableUsageReporting     bool                `yaml:"enableUsageReporting,omitempty"`
 	WireGuard                antreaWireGuard     `yaml:"wireGuard,omitempty"`
@@ -152,6 +154,7 @@ type antreaFeatureGates struct {
 	MultiCluster       *bool `yaml:"Multicluster,omitempty"`
 	SecondaryNetwork   *bool `yaml:"SecondaryNetwork,omitempty"`
 	TrafficControl     *bool `yaml:"TrafficControl,omitempty"`
+	TopologyAwareHints *bool `yaml:"TopologyAwareHints,omitempty"`
 }
 
 // ClusterToAntreaConfig returns a list of Requests with AntreaConfig ObjectKey
@@ -265,6 +268,11 @@ func mapAntreaConfigSpec(cluster *clusterv1beta1.Cluster, config *cniv1alpha2.An
 		configSpec.Antrea.AntreaConfigDataValue.Multicast.IGMPQueryInterval = config.Spec.Antrea.AntreaConfigDataValue.Multicast.IGMPQueryInterval
 	}
 
+	if semver.Compare(version, "v1.9.0") >= 0 {
+		configSpec.Antrea.AntreaConfigDataValue.TunnelPort = config.Spec.Antrea.AntreaConfigDataValue.TunnelPort
+		configSpec.Antrea.AntreaConfigDataValue.TunnelCsum = config.Spec.Antrea.AntreaConfigDataValue.TunnelCsum
+	}
+
 	// FeatureGates
 	configSpec.Antrea.AntreaConfigDataValue.FeatureGates.AntreaProxy = config.Spec.Antrea.AntreaConfigDataValue.FeatureGates.AntreaProxy
 	configSpec.Antrea.AntreaConfigDataValue.FeatureGates.EndpointSlice = config.Spec.Antrea.AntreaConfigDataValue.FeatureGates.EndpointSlice
@@ -284,5 +292,9 @@ func mapAntreaConfigSpec(cluster *clusterv1beta1.Cluster, config *cniv1alpha2.An
 		configSpec.Antrea.AntreaConfigDataValue.FeatureGates.MultiCluster = &config.Spec.Antrea.AntreaConfigDataValue.FeatureGates.MultiCluster
 	}
 
+	if semver.Compare(version, "v1.9.0") >= 0 {
+		configSpec.Antrea.AntreaConfigDataValue.FeatureGates.TopologyAwareHints = &config.Spec.Antrea.AntreaConfigDataValue.FeatureGates.TopologyAwareHints
+	}
+
 	return configSpec, nil
 }

addons/controllers/testdata/antrea-test-1.yaml

@@ -62,6 +62,8 @@ spec:
       transportInterfaceCIDRs: []
       multicastInterfaces: []
       tunnelType: geneve
+      tunnelPort: 0
+      tunnelCsum: false
       trafficEncryptionMode: none
       wireGuard:
         port: 51820
@@ -91,3 +93,4 @@ spec:
         Multicluster: false
         SecondaryNetwork: false
         TrafficControl: false
+        TopologyAwareHints: false

apis/addonconfigs/cni/v1alpha2/antreaconfig_types.go

@@ -123,6 +123,16 @@ type AntreaConfigDataValue struct {
 	// +kubebuilder:validation:Optional
 	TunnelType string `json:"tunnelType,omitempty"`
 
+	// TunnelPort is the destination port for UDP and TCP based tunnel protocols (Geneve, VXLAN, and STT).If zero, it will use the assigned IANA port for the protocol.
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:default:=0
+	TunnelPort int `json:"tunnelPort,omitempty"`
+
+	// TunnelCsum determines whether to compute UDP encapsulation header (Geneve or VXLAN) checksums on outgoing packets
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:default:=false
+	TunnelCsum bool `json:"tunnelCsum,omitempty"`
+
 	// Determines how tunnel traffic is encrypted. One of the following options =:> none, ipsec, wireguard
 	// +kubebuilder:validation:Optional
 	TrafficEncryptionMode string `json:"trafficEncryptionMode,omitempty"`
@@ -256,6 +266,11 @@ type AntreaFeatureGates struct {
 	// +kubebuilder:validation:Optional
 	// +kubebuilder:default:=false
 	TrafficControl bool `json:"TrafficControl,omitempty"`
+
+	// Enable TopologyAwareHints in AntreaProxy. This requires AntreaProxy and EndpointSlice to be enabled, otherwise this flag will not take effect.
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:default:=false
+	TopologyAwareHints bool `json:"TopologyAwareHints,omitempty"`
 }
 
 // AntreaConfigStatus defines the observed state of AntreaConfig

providers/config_default.yaml

@@ -734,6 +734,8 @@ ANTREA_TRANSPORT_INTERFACE_CIDRS: ""
 ANTREA_MULTICAST_INTERFACES: ""
 ANTREA_MULTICAST_IGMPQUERY_INTERVAL: "125s"
 ANTREA_TUNNEL_TYPE: geneve
+ANTREA_TUNNEL_PORT: 0
+ANTREA_TUNNEL_CSUM: false
 ANTREA_TRAFFIC_ENCRYPTION_MODE: none
 ANTREA_WIREGUARD_PORT: 51820
 ANTREA_ENABLE_USAGE_REPORTING: false
@@ -758,6 +760,7 @@ ANTREA_MULTICAST: false
 ANTREA_MULTICLUSTER: false
 ANTREA_SECONDARY_NETWORK: false
 ANTREA_TRAFFIC_CONTROL: false
+ANTREA_TOPOLOGY_AWARE_HINTS: false
 
 
 

providers/tests/clustergen/param_models/cluster_optional.model

@@ -144,6 +144,7 @@ ANTREA_MULTICAST: "false", "true"
 ANTREA_MULTICLUSTER: "false", "true"
 ANTREA_SECONDARY_NETWORK: "false", "true"
 ANTREA_TRAFFIC_CONTROL: "false", "true"
+ANTREA_TOPOLOGY_AWARE_HINTS: "false", "true"
 
 
 ANTREA_EGRESS_EXCEPT_CIDRS: "10.0.0.0/6,10.0.0.0/12", ""
@@ -165,6 +166,8 @@ ANTREA_MULTICAST_IGMPQUERY_INTERVAL: "125s"
 ANTREA_MULTICLUSTER_NAMESPACE: ""
 ANTREA_MULTICLUSTER_ENABLE: "false", "true"
 ANTREA_TUNNEL_TYPE: "geneve"
+ANTREA_TUNNEL_PORT: 0
+ANTREA_TUNNEL_CSUM: "false", "true"
 ANTREA_TRAFFIC_ENCRYPTION_MODE: "none", "wireGuard"
 ANTREA_WIREGUARD_PORT: 51820
 ANTREA_ENABLE_USAGE_REPORTING: "true", "false"

providers/vendir.yml

@@ -16,7 +16,6 @@ directories:
       url: [email protected]:vmware-tanzu/community-edition.git
       ref: 71dd9381be1a4f075a64f404ca262f860e769a68
     includePaths:
-    - addons/packages/antrea/1.7.2/bundle/config/**/*
     - addons/packages/calico/3.24.1/bundle/config/**/*
 - path: ytt/vendir/kapp-controller/_ytt_lib
   contents:

providers/ytt/02_addons/cni/antrea/antrea_addon_data.lib.yaml

@@ -62,6 +62,8 @@ antrea:
     transportInterfaceCIDRs: #@ split_comma_values(data.values.ANTREA_TRANSPORT_INTERFACE_CIDRS)
     multicastInterfaces: #@ split_comma_values(data.values.ANTREA_MULTICAST_INTERFACES)
     tunnelType: #@ data.values.ANTREA_TUNNEL_TYPE
+    tunnelPort: #@ data.values.ANTREA_TUNNEL_PORT
+    tunnelCsum: #@ data.values.ANTREA_TUNNEL_CSUM
     trafficEncryptionMode: #@ data.values.ANTREA_TRAFFIC_ENCRYPTION_MODE
     enableUsageReporting: #@ data.values.ANTREA_ENABLE_USAGE_REPORTING
     wireGuard:
@@ -109,6 +111,7 @@ antrea:
       Multicluster: #@ data.values.ANTREA_MULTICLUSTER
       SecondaryNetwork: #@ data.values.ANTREA_SECONDARY_NETWORK
       TrafficControl: #@ data.values.ANTREA_TRAFFIC_CONTROL
+      TopologyAwareHints: #@ data.values.ANTREA_TOPOLOGY_AWARE_HINTS
 
 
 

providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2/bundle/config/overlay/antrea-overlay.yaml → providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/overlay/antrea-overlay.yaml

@@ -18,6 +18,10 @@ featureGates:
   #! this flag will not take effect.
   EndpointSlice: #@ values.antrea.config.featureGates.EndpointSlice
 
+  #! Enable TopologyAwareHints in AntreaProxy. This requires AntreaProxy and EndpointSlice to be
+  #! enabled, otherwise this flag will not take effect.
+  TopologyAwareHints: #@ values.antrea.config.featureGates.TopologyAwareHints
+
   #! Enable traceflow which provides packet tracing feature to diagnose network issue.
   Traceflow: #@ values.antrea.config.featureGates.AntreaTraceflow
 
@@ -103,6 +107,19 @@ noSNAT: #@ values.antrea.config.noSNAT
 #! - stt
 tunnelType: #@ values.antrea.config.tunnelType
 
+#! TunnelPort is the destination port for UDP and TCP based tunnel protocols (Geneve, VXLAN, and STT).
+#! If zero, it will use the assigned IANA port for the protocol, i.e. 6081 for Geneve, 4789 for VXLAN,
+#! and 7471 for STT.
+tunnelPort: #@ values.antrea.config.tunnelPort
+
+#! TunnelCsum determines whether to compute UDP encapsulation header (Geneve or VXLAN) checksums on outgoing
+#! packets. For Linux kernel before Mar 2021, UDP checksum must be present to trigger GRO on the receiver for better
+#! performance of Geneve and VXLAN tunnels. The issue has been fixed by
+#! https://github.com/torvalds/linux/commit/89e5c58fc1e2857ccdaae506fb8bc5fed57ee063, thus computing UDP checksum is
+#! no longer necessary.
+#! It should only be set to true when you are using an unpatched Linux kernel and observing poor transfer performance.
+tunnelCsum: #@ values.antrea.config.tunnelCsum
+
 #! Determines how tunnel traffic is encrypted. Currently encryption only works with encap mode.
 #! It has the following options:
 #! - none (default):  Inter-node Pod traffic will not be encrypted.

providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.7.2/bundle/config/schema.yaml → providers/ytt/vendir/cni/_ytt_lib/addons/packages/antrea/1.9.0/bundle/config/schema.yaml

@@ -69,6 +69,10 @@ antrea:
       - ""
     #@schema/desc "Tunnel protocols used for encapsulating traffic across Nodes. One of the following options => geneve, vxlan, gre, stt"
     tunnelType: none
+    #@schema/desc "TunnelPort is the destination port for UDP and TCP based tunnel protocols (Geneve, VXLAN, and STT)."
+    tunnelPort: 0
+    #@schema/desc "TunnelCsum determines whether to compute UDP encapsulation header (Geneve or VXLAN) checksums on outgoing packets."
+    tunnelCsum: false
     #@schema/desc "Determines how tunnel traffic is encrypted. One of the following options => none, ipsec, wireGuard"
     trafficEncryptionMode: none
     #@schema/desc "WireGuard related configurations."
@@ -145,6 +149,8 @@ antrea:
       SecondaryNetwork: false
       #@schema/desc "Enable mirroring or redirecting the traffic Pods send or receive."
       TrafficControl: false
+      #@schema/desc "Enable TopologyAwareHints in AntreaProxy. This requires AntreaProxy and EndpointSlice to be enabled."
+      TopologyAwareHints: false
   #! Deprecated. Kept for backward compatibility
   image:
     #@schema/desc "The repository of antrea image"