Add trafficControlController to handle TrafficControl requests

1.Use label selectors to filter Pods running on this Node. 2.Translate the selected Pods to OVS ports, which will be used to filter traffic that should be mirrored or redirected. 3.Translate the target device to the OVS port, which will be used as the target port the traffic should be mirrored or redirected. 4.Install OpenFlow rules calculated using the above arguments. Signed-off-by: Wenqi Qiu <wenqiq@vmware.com>
antrea-io · Apr 16, 2022 · a5543b2 · a5543b2
1 parent 6052264
commit a5543b2
Show file tree

Hide file tree

Showing 15 changed files with 785 additions and 23 deletions.
diff --git a/build/yamls/antrea-aks.yml b/build/yamls/antrea-aks.yml
@@ -2985,6 +2985,9 @@ data:
     # Enable managing external IPs of Services of LoadBalancer type.
     #  ServiceExternalIP: false
 
+    # // TODO: remove this after TrafficControl API is implemented.
+    # TrafficControl: false
+
     # Name of the OpenVSwitch bridge antrea-agent will create and use.
     # Make sure it doesn't conflict with your existing OpenVSwitch bridges.
     #ovsBridge: br-int
@@ -3275,7 +3278,7 @@ kind: ConfigMap
 metadata:
   labels:
     app: antrea
-  name: antrea-config-mkbgmf6ct6
+  name: antrea-config-8ccdk9mcfg
   namespace: kube-system
 ---
 apiVersion: v1
@@ -3346,7 +3349,7 @@ spec:
             fieldRef:
               fieldPath: spec.serviceAccountName
         - name: ANTREA_CONFIG_MAP_NAME
-          value: antrea-config-mkbgmf6ct6
+          value: antrea-config-8ccdk9mcfg
         image: projects.registry.vmware.com/antrea/antrea-ubuntu:latest
         imagePullPolicy: IfNotPresent
         livenessProbe:
@@ -3397,7 +3400,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-mkbgmf6ct6
+          name: antrea-config-8ccdk9mcfg
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -3636,7 +3639,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-mkbgmf6ct6
+          name: antrea-config-8ccdk9mcfg
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

diff --git a/build/yamls/antrea-eks.yml b/build/yamls/antrea-eks.yml
@@ -2985,6 +2985,9 @@ data:
     # Enable managing external IPs of Services of LoadBalancer type.
     #  ServiceExternalIP: false
 
+    # // TODO: remove this after TrafficControl API is implemented.
+    # TrafficControl: false
+
     # Name of the OpenVSwitch bridge antrea-agent will create and use.
     # Make sure it doesn't conflict with your existing OpenVSwitch bridges.
     #ovsBridge: br-int
@@ -3275,7 +3278,7 @@ kind: ConfigMap
 metadata:
   labels:
     app: antrea
-  name: antrea-config-mkbgmf6ct6
+  name: antrea-config-8ccdk9mcfg
   namespace: kube-system
 ---
 apiVersion: v1
@@ -3346,7 +3349,7 @@ spec:
             fieldRef:
               fieldPath: spec.serviceAccountName
         - name: ANTREA_CONFIG_MAP_NAME
-          value: antrea-config-mkbgmf6ct6
+          value: antrea-config-8ccdk9mcfg
         image: projects.registry.vmware.com/antrea/antrea-ubuntu:latest
         imagePullPolicy: IfNotPresent
         livenessProbe:
@@ -3397,7 +3400,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-mkbgmf6ct6
+          name: antrea-config-8ccdk9mcfg
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -3638,7 +3641,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-mkbgmf6ct6
+          name: antrea-config-8ccdk9mcfg
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

diff --git a/build/yamls/antrea-gke.yml b/build/yamls/antrea-gke.yml
@@ -2985,6 +2985,9 @@ data:
     # Enable managing external IPs of Services of LoadBalancer type.
     #  ServiceExternalIP: false
 
+    # // TODO: remove this after TrafficControl API is implemented.
+    # TrafficControl: false
+
     # Name of the OpenVSwitch bridge antrea-agent will create and use.
     # Make sure it doesn't conflict with your existing OpenVSwitch bridges.
     #ovsBridge: br-int
@@ -3275,7 +3278,7 @@ kind: ConfigMap
 metadata:
   labels:
     app: antrea
-  name: antrea-config-2c8t9465tc
+  name: antrea-config-m52tcgc572
   namespace: kube-system
 ---
 apiVersion: v1
@@ -3346,7 +3349,7 @@ spec:
             fieldRef:
               fieldPath: spec.serviceAccountName
         - name: ANTREA_CONFIG_MAP_NAME
-          value: antrea-config-2c8t9465tc
+          value: antrea-config-m52tcgc572
         image: projects.registry.vmware.com/antrea/antrea-ubuntu:latest
         imagePullPolicy: IfNotPresent
         livenessProbe:
@@ -3397,7 +3400,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-2c8t9465tc
+          name: antrea-config-m52tcgc572
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -3639,7 +3642,7 @@ spec:
           path: /home/kubernetes/bin
         name: host-cni-bin
       - configMap:
-          name: antrea-config-2c8t9465tc
+          name: antrea-config-m52tcgc572
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

diff --git a/build/yamls/antrea-ipsec.yml b/build/yamls/antrea-ipsec.yml
@@ -2985,6 +2985,9 @@ data:
     # Enable managing external IPs of Services of LoadBalancer type.
     #  ServiceExternalIP: false
 
+    # // TODO: remove this after TrafficControl API is implemented.
+    # TrafficControl: false
+
     # Name of the OpenVSwitch bridge antrea-agent will create and use.
     # Make sure it doesn't conflict with your existing OpenVSwitch bridges.
     #ovsBridge: br-int
@@ -3280,7 +3283,7 @@ kind: ConfigMap
 metadata:
   labels:
     app: antrea
-  name: antrea-config-29g6gtcctg
+  name: antrea-config-c95mfk2md4
   namespace: kube-system
 ---
 apiVersion: v1
@@ -3360,7 +3363,7 @@ spec:
             fieldRef:
               fieldPath: spec.serviceAccountName
         - name: ANTREA_CONFIG_MAP_NAME
-          value: antrea-config-29g6gtcctg
+          value: antrea-config-c95mfk2md4
         image: projects.registry.vmware.com/antrea/antrea-ubuntu:latest
         imagePullPolicy: IfNotPresent
         livenessProbe:
@@ -3411,7 +3414,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-29g6gtcctg
+          name: antrea-config-c95mfk2md4
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -3685,7 +3688,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-29g6gtcctg
+          name: antrea-config-c95mfk2md4
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

diff --git a/build/yamls/antrea.yml b/build/yamls/antrea.yml
@@ -2985,6 +2985,9 @@ data:
     # Enable managing external IPs of Services of LoadBalancer type.
     #  ServiceExternalIP: false
 
+    # // TODO: remove this after TrafficControl API is implemented.
+    # TrafficControl: false
+
     # Name of the OpenVSwitch bridge antrea-agent will create and use.
     # Make sure it doesn't conflict with your existing OpenVSwitch bridges.
     #ovsBridge: br-int
@@ -3280,7 +3283,7 @@ kind: ConfigMap
 metadata:
   labels:
     app: antrea
-  name: antrea-config-bb75mkktfg
+  name: antrea-config-88f7958d56
   namespace: kube-system
 ---
 apiVersion: v1
@@ -3351,7 +3354,7 @@ spec:
             fieldRef:
               fieldPath: spec.serviceAccountName
         - name: ANTREA_CONFIG_MAP_NAME
-          value: antrea-config-bb75mkktfg
+          value: antrea-config-88f7958d56
         image: projects.registry.vmware.com/antrea/antrea-ubuntu:latest
         imagePullPolicy: IfNotPresent
         livenessProbe:
@@ -3402,7 +3405,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-bb75mkktfg
+          name: antrea-config-88f7958d56
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -3641,7 +3644,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-bb75mkktfg
+          name: antrea-config-88f7958d56
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

diff --git a/build/yamls/base/conf/antrea-agent.conf b/build/yamls/base/conf/antrea-agent.conf
@@ -47,6 +47,9 @@ featureGates:
 # Enable managing external IPs of Services of LoadBalancer type.
 #  ServiceExternalIP: false
 
+# // TODO: remove this after TrafficControl API is implemented.
+# TrafficControl: false
+
 # Name of the OpenVSwitch bridge antrea-agent will create and use.
 # Make sure it doesn't conflict with your existing OpenVSwitch bridges.
 #ovsBridge: br-int

diff --git a/cmd/antrea-agent/agent.go b/cmd/antrea-agent/agent.go
@@ -38,6 +38,7 @@ import (
 	"antrea.io/antrea/pkg/agent/controller/noderoute"
 	"antrea.io/antrea/pkg/agent/controller/serviceexternalip"
 	"antrea.io/antrea/pkg/agent/controller/traceflow"
+	"antrea.io/antrea/pkg/agent/controller/trafficcontrol"
 	"antrea.io/antrea/pkg/agent/flowexporter"
 	"antrea.io/antrea/pkg/agent/flowexporter/exporter"
 	"antrea.io/antrea/pkg/agent/interfacestore"
@@ -93,10 +94,12 @@ func run(o *Options) error {
 	crdInformerFactory := crdinformers.NewSharedInformerFactory(crdClient, informerDefaultResync)
 	traceflowInformer := crdInformerFactory.Crd().V1alpha1().Traceflows()
 	egressInformer := crdInformerFactory.Crd().V1alpha2().Egresses()
+	externalIPPoolInformer := crdInformerFactory.Crd().V1alpha2().ExternalIPPools()
+	trafficControlInformer := crdInformerFactory.Crd().V1alpha2().TrafficControls()
 	nodeInformer := informerFactory.Core().V1().Nodes()
 	serviceInformer := informerFactory.Core().V1().Services()
 	endpointsInformer := informerFactory.Core().V1().Endpoints()
-	externalIPPoolInformer := crdInformerFactory.Crd().V1alpha2().ExternalIPPools()
+	namespaceInformer := informerFactory.Core().V1().Namespaces()
 
 	// Create Antrea Clientset for the given config.
 	antreaClientProvider := agent.NewAntreaClientProvider(o.config.AntreaClientConnection, k8sClient)
@@ -453,7 +456,8 @@ func run(o *Options) error {
 	// Initialize localPodInformer for NPLAgent, AntreaIPAMController, and secondary network controller.
 	var localPodInformer cache.SharedIndexInformer
 	if enableNodePortLocal || enableBridgingMode ||
-		features.DefaultFeatureGate.Enabled(features.SecondaryNetwork) {
+		features.DefaultFeatureGate.Enabled(features.SecondaryNetwork) ||
+		features.DefaultFeatureGate.Enabled(features.TrafficControl) {
 		listOptions := func(options *metav1.ListOptions) {
 			options.FieldSelector = fields.OneTermEqualSelector("spec.nodeName", nodeConfig.Name).String()
 		}
@@ -523,6 +527,11 @@ func run(o *Options) error {
 		go podWatchController.Run(stopCh)
 	}
 
+	if features.DefaultFeatureGate.Enabled(features.TrafficControl) {
+		tcController := trafficcontrol.NewTrafficControlController(nodeConfig.Name, ofClient, ifaceStore, trafficControlInformer, localPodInformer, namespaceInformer)
+		go tcController.Run(stopCh)
+	}
+
 	//  Start the localPodInformer
 	if localPodInformer != nil {
 		go localPodInformer.Run(stopCh)