vmware / antrea-operator-for-kubernetes Goto Github PK

Descripe
Build and push operator image in github action when:

• Merge a PR to master.
• Periodically update the operator image.

Is your feature request related to a problem? Please describe.

When trying to upgrade the operator it currently fails since updated and new crd's and roles does not get applied.

Describe the solution you'd like

Upgrade support and migration of existing resources to newer apis when possible. In OLM this would translate to the Seamless Upgrades / full lifecycle capability level.

Describe alternatives you've considered

No response

Additional context

No response

Is your feature request related to a problem? Please describe.

antrea oeprator is still using go 1.16

Describe the solution you'd like

bump antrea to 1.19 to keep align with antrea

Describe alternatives you've considered

No response

Additional context

No response

Is your feature request related to a problem? Please describe.

Currently installing antrea as primary CNI on the latest 2 openshift versions is unsupported. According to redhat , antrea is only certified for openshift 4.11.x and 4.12.x. That excludes antrea as CNI for any user wanting to install the recommended openshift version ( 4.14.x now )

Describe the solution you'd like

Taking a look at other certified CNIs I can see that both Calico and Cillium already support 4.13 and 4.14. They also fullfil the capability level of seamless upgrades.

Calico:

Cilium:

It would be nice if antrea could keep up to date with the new openshift versions, at least for their LTS version.

Describe alternatives you've considered

For 4.14 the only alternative is calico or cilium

Additional context

No response

Describe the bug

Since I could not find any documentation about how to install antrea on openshift using their new install method (openshift assisted installer) I used Calico's documentation (making the required adjustments) to install antrea as the primary CNI.
That basically means configure everything on redhat console panel, including all manifests from the deploy folder and before effectively click "install" issue the following POST.

curl \
  --header "Content-Type: application/json" \
  --request PATCH \
  --data '"{\"networking\":{\"networkType\":\"antrea\"}}"' \
  -H "Authorization: Bearer $TOKEN" \
  "https://$ASSISTED_SERVICE_API/api/assisted-install/v2/clusters/$CLUSTER_ID/install-config"

The installation finishes successful and I can see all pods in running state.

Antrea also appears to be the primary CNI:

oc describe network.config/cluster
Name:         cluster
Namespace:
Labels:       <none>
Annotations:  <none>
API Version:  config.openshift.io/v1
Kind:         Network
Metadata:
  Creation Timestamp:  2023-12-27T17:28:50Z
  Generation:          2
  Resource Version:    3345
  UID:                 93a2f6fc-7845-4c40-ba9f-aec70329c729
Spec:
  Cluster Network:
    Cidr:         10.128.0.0/14
    Host Prefix:  23
  External IP:
    Policy:
  Network Type:  antrea
  Service Network:
    172.30.0.0/16
Status:
  Cluster Network:
    Cidr:         10.128.0.0/14
    Host Prefix:  23
  Network Type:   antrea
  Service Network:
    172.30.0.0/16
Events:  <none>

The problem is that all pods (not on hostNetwork) have no connectivity to outside the cluster.
Pods can connect to themselves, nothing else.

bash-5.1# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0@if153: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default
    link/ether b6:6c:d6:f8:62:18 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.128.0.148/23 brd 10.128.1.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::b46c:d6ff:fef8:6218/64 scope link
       valid_lft forever preferred_lft forever

bash-5.1# ip route
default via 10.128.0.1 dev eth0
10.128.0.0/23 dev eth0 proto kernel scope link src 10.128.0.148
bash-5.1# ping -c1  10.128.0.1
PING 10.128.0.1 (10.128.0.1) 56(84) bytes of data.
64 bytes from 10.128.0.1: icmp_seq=1 ttl=64 time=1.20 ms

--- 10.128.0.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.200/1.200/1.200/0.000 ms
bash-5.1# ping -w3 -c5 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2057ms

bash-5.1# curl -Lv www.google.com
*   Trying 142.250.79.164:80...
*   Trying 2800:3f0:4004:808::2004:80...
* Immediate connect fail for 2800:3f0:4004:808::2004: Network unreachable

Reproduction steps

1. Used openshift assisted installer to install antrea as primary cni
2. no network

Expected behavior

Network should be fine

Additional context

Trace packets fail:

antctl trace-packet -S kube-system/pqp -D 8.8.8.8  -f udp,udp_dst=53
syntax error at br-int (or the bridge name was omitted)
ovs-appctl: /var/run/openvswitch/ovs-vswitchd.92.ctl: server returned an error

Description

Set the AntreaInstall CR as the owner of the created Antrea resources:

• Change the scope of AntreaInstall CRD from Namespaced to Cluster

Antrea operator is using ApplyObject from github.com/openshift/cluster-network-operator/blob/master/pkg/apply.go which does not merge all kinds of resources that antrea operator creates, like apiservice.

Reproduce steps:

1. Create Antrea Operator, it will also create Antrea objects, including Antrea controller.
2. Antrea controller will update 'caBundle' in apiservice resources.
3. Change some options in operator.antrea.vmware.com_v1_antreainstall_cr.yaml, Antrea Operator will apply objects from antrea.yaml again. This will overwrite existing apiservice resources.

The Operator SDK introductes many new features and change the project layout from Version v1.0 to improve integration with the Operator Lifecycle Manager and to unify project structures with Kubebuilder.

This PR propose to refactor the current project using Operator SDK v1.2.0. Many operations will be more easier benefit from the new SDK and new layout, such as:

• Generate matedata bundle.
• Generate packagemanifests.
• Generate scorecard test config.

See more details about Operator SDK v1.0+ updates in:
operator-framework/operator-sdk#3327