Merge branch 'master' into service_info

antrea-io · Aug 12, 2020 · 98b1429 · 98b1429
2 parents 6233fc7 + ba37897
commit 98b1429
Show file tree

Hide file tree

Showing 34 changed files with 5,295 additions and 232 deletions.
diff --git a/Makefile b/Makefile
@@ -233,7 +233,7 @@ manifest:
 	@echo "===> Generating dev manifest for Antrea <==="
 	$(CURDIR)/hack/generate-manifest.sh --mode dev > build/yamls/antrea.yml
 	$(CURDIR)/hack/generate-manifest.sh --mode dev --ipsec > build/yamls/antrea-ipsec.yml
-	$(CURDIR)/hack/generate-manifest.sh --mode dev --cloud EKS --encap-mode networkPolicyOnly > build/yamls/antrea-eks.yml
+	$(CURDIR)/hack/generate-manifest.sh --mode dev --cloud EKS --encap-mode networkPolicyOnly --proxy > build/yamls/antrea-eks.yml
 	$(CURDIR)/hack/generate-manifest.sh --mode dev --cloud GKE --encap-mode noEncap > build/yamls/antrea-gke.yml
 	$(CURDIR)/hack/generate-manifest.sh --mode dev --cloud AKS --encap-mode networkPolicyOnly --proxy > build/yamls/antrea-aks.yml
 	$(CURDIR)/hack/generate-manifest-octant.sh --mode dev > build/yamls/antrea-octant.yml

diff --git a/build/images/ovs/apply-patches.sh b/build/images/ovs/apply-patches.sh
@@ -73,8 +73,13 @@ curl https://github.com/openvswitch/ovs/commit/3c18bb0fe9f23308061217f72e2245f0e
 curl https://github.com/openvswitch/ovs/commit/fe175ac17352ceb2dbc9958112b4b1bc114d82f0.patch | \
     git apply
 
+# The OVS ovs-monitor-ipsec script has a Python3 shebang but still includes some Python2-specific code.
+# Until the patch which fixes the script is merged upstream, we apply it here, or Antrea IPsec support will be broken.
+curl https://github.com/lzhecheng/ovs/commit/869b06356e389079861962160e864df609d033e5.patch | \
+    git apply
+
 # OVS hardcodes the installation path to /usr/lib/python3.7/dist-packages/ but this location
 # does not seem to be in the Python path in Ubuntu 20.04. There may be a better way to do this,
 # but this seems like an acceptable workaround.
 sed -i 's/python3\.7/python3\.8/' debian/openvswitch-test.install
-sed -i 's/python3\.7/python3\.8/' debian/python3-openvswitch.install
+sed -i 's/python3\.7/python3\.8/' debian/python3-openvswitch.install
diff --git a/build/yamls/antrea-eks-node-init.yml b/build/yamls/antrea-eks-node-init.yml
@@ -0,0 +1,80 @@
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  labels:
+    app: antrea
+    component: antrea-node-init
+  name: antrea-node-init
+  namespace: kube-system
+spec:
+  selector:
+    matchLabels:
+      app: antrea
+      component: antrea-node-init
+  template:
+    metadata:
+      labels:
+        app: antrea
+        component: antrea-node-init
+    spec:
+      hostPID: true
+      hostNetwork: true
+      containers:
+        - name: node-init
+          image: gcr.io/google-containers/startup-script:v1
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            privileged: true
+          env:
+          - name: STARTUP_SCRIPT
+            value: |
+              #! /bin/bash
+
+              set -o errexit
+              set -o pipefail
+              set -o nounset
+
+              if [ -f /opt/cni/antrea-node-init-status ]; then
+                  echo "Antrea node init already done. Exiting"
+                  exit
+              fi
+
+              while true; do
+                  cni_conf=$(ls /etc/cni/net.d | head -n1)
+                  if [[ ! -z $cni_conf ]]; then break; fi
+                  echo "Waiting for cni conf file"
+                  sleep 2s
+              done
+              cni_conf="/etc/cni/net.d/$cni_conf"
+
+              while true; do
+                  if grep -sq "antrea" $cni_conf; then break; fi
+                  echo "Waiting for antrea config to be updated"
+                  sleep 2s
+              done
+
+              # Wait for kubelet to register the file update. Default sync time is 5sec
+              # https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/dockershim/network/cni/cni.go#L50
+              sleep 5s
+
+              while true; do
+                  curl localhost:61679 && retry=false || retry=true
+                  if [ $retry == false ]; then break ; fi
+                  sleep 2s
+                  echo "Waiting for aws-k8s-agent"
+              done
+
+              # copied from https://github.com/cilium/cilium/blob/master/install/kubernetes/cilium/charts/nodeinit/templates/daemonset.yaml#L199
+              # Fetch running containers from aws-k8s-agent and kill it
+              echo "\n"
+              for pod in $(curl "localhost:61679/v1/pods" 2> /dev/null | jq -r '. | keys[]'); do
+                  container_name=$(echo "$pod" | awk -F_ ' { print $1 } ')
+                  container_id=$(echo "$pod" | awk -F_ ' { print $3 } ' | cut -c1-12)
+                  echo "Restarting container. Name: ${container_name}, ID: ${container_id}"
+                  docker kill "${container_id}" || true
+              done
+
+              # Save the node init status, to avoid container restart in case of node-init pod restart or worker node reboot
+              touch /opt/cni/antrea-node-init-status
+
+              echo "Node initialization completed"
diff --git a/build/yamls/elk-flow-collector/elk-flow-collector.yml b/build/yamls/elk-flow-collector/elk-flow-collector.yml
@@ -0,0 +1,232 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: elastic-storage
+provisioner: kubernetes.io/no-provisioner
+volumeBindingMode: Immediate
+reclaimPolicy: Delete
+allowVolumeExpansion: True
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: elasticsearch-pvc
+spec:
+  storageClassName: elastic-storage
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 2Gi
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: elasticsearch-pv
+spec:
+  storageClassName: elastic-storage
+  capacity:
+    storage: 2Gi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: "/data/elasticsearch/"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: elasticsearch
+  labels:
+    app: elasticsearch
+spec:
+  selector:
+    app: elasticsearch
+  ports:
+    - port: 9200
+      targetPort: 9200
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: elasticsearch
+  labels:
+    app: elasticsearch
+spec:
+  selector:
+    matchLabels:
+      app: elasticsearch
+  serviceName: elasticsearch
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: elasticsearch
+    spec:
+      initContainers:
+        - name: init-sysctl
+          image: busybox:1.27.2
+          command:
+            - sysctl
+            - -w
+            - vm.max_map_count=262144
+          securityContext:
+            privileged: true
+      containers:
+        - name: es-data
+          image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.8.0
+          env:
+            - name: ES_JAVA_OPTS
+              value: "-Xms1g -Xmx2g"
+            - name: cluster.name
+              value: "elk-flow-collector"
+            - name: bootstrap.memory_lock
+              value: "false"
+            - name: network.host
+              value: "0.0.0.0"
+            - name: http.port
+              value: "9200"
+            - name: discovery.type
+              value: "single-node"
+            - name: indices.query.bool.max_clause_count
+              value: "8192"
+            - name: search.max_buckets
+              value: "100000"
+            - name: action.destructive_requires_name
+              value: "true"
+          ports:
+            - containerPort: 9200
+              name: http
+            - containerPort: 9300
+              name: transport
+          livenessProbe:
+            tcpSocket:
+              port: transport
+            initialDelaySeconds: 90
+            periodSeconds: 10
+          readinessProbe:
+            httpGet:
+              path: /_cluster/health
+              port: http
+            initialDelaySeconds: 90
+            timeoutSeconds: 20
+          volumeMounts:
+            - name: es-data
+              mountPath: /data
+      volumes:
+        - name: es-data
+          persistentVolumeClaim:
+            claimName: elasticsearch-pvc
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kibana
+  labels:
+    app: kibana
+spec:
+  type: NodePort
+  selector:
+    app: kibana
+  ports:
+    - port: 5601
+      targetPort: 5601
+      nodePort: 30007
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kibana
+  labels:
+    app: kibana
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: kibana
+  template:
+    metadata:
+      labels:
+        app: kibana
+    spec:
+      containers:
+        - name: kibana
+          image: docker.elastic.co/kibana/kibana-oss:7.8.0
+          env:
+            - name: action.destructive_requires_name
+              value: "true"
+            - name: SERVER_HOST
+              value: "0.0.0.0"
+            - name: SERVER_PORT
+              value: "5601"
+            - name: ELASTICSEARCH_URL
+              value: "http://elasticsearch:9200"
+            - name: KIBANA_DEFAULTAPPID
+              value: "dashboard/653cf1e0-2fd2-11e7-99ed-49759aed30f5"
+            - name: LOGGING_QUIET
+              value: "true"
+          ports:
+            - containerPort: 5601
+              name: http
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: logstash
+  labels:
+    app: logstash
+spec:
+  selector:
+    app: logstash
+  ports:
+    - port: 4739
+      targetPort: 4739
+      protocol: UDP
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: logstash
+  labels:
+    app: logstash
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: logstash
+  template:
+    metadata:
+      labels:
+        app: logstash
+    spec:
+      containers:
+        - name: logstash
+          image: docker.elastic.co/logstash/logstash-oss:7.8.0
+          volumeMounts:
+            - name: logstash-definition-volume
+              mountPath: /usr/share/logstash/definitions
+            - name: config-volume
+              mountPath: /usr/share/logstash/config
+            - name: logstash-pipeline-volume
+              mountPath: /usr/share/logstash/pipeline
+          ports:
+            - containerPort: 4739
+              protocol: UDP
+      volumes:
+        - name: logstash-definition-volume
+          configMap:
+            name: logstash-configmap
+            items:
+              - key: ipfix.yml
+                path: ipfix.yml
+        - name: config-volume
+          configMap:
+            name: logstash-configmap
+            items:
+              - key: logstash.yml
+                path: logstash.yml
+        - name: logstash-pipeline-volume
+          configMap:
+            name: logstash-configmap
+            items:
+              - key: logstash.conf
+                path: logstash.conf