Documentation for version v0.13.1 is no longer actively maintained. The version you are currently viewing is a static snapshot. For up-to-date documentation, see the latest version.

Manual Installation

Overview

There are four components which need to be deployed in order to run Antrea:

The OpenVSwitch daemons ovs-vswitchd and ovsdb-server
The controller antrea-controller
The agent antrea-agent
The CNI plugin antrea-cni

Instructions

Prior to bringing up the individual components, follow the common steps:

Ensure Go v1.15 is installed
Git clone your forked Antrea repository and cd into the antrea directory
```
git clone https://github.com/$user/antrea
cd antrea
```
Build the binaries for all components under bin directory
```
make bin
```

OpenVSwitch

Open vSwitch >= 2.8.0 userspace daemon ovs-vswitchd and ovsdb-server should run on all worker nodes. See Installing Open vSwitch for details.

antrea-controller

antrea-controller is required to implement Kubernetes Network Policies. At any time, there should be only a single active replica of antrea-controller.

Grant the antrea-controller ServiceAccount necessary permissions to Kubernetes APIs. You can apply controller-rbac.yaml (/build/yamls/base/controller-rbac.yml) to do it.
```
kubectl apply -f build/yamls/base/controller-rbac.yml
```

Create the kubeconfig file that contains the K8s APIServer endpoint and the token of ServiceAccount created in the above step. See Configure Access to Multiple Clusters for more information.

APISERVER=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}')
TOKEN=$(kubectl get secrets -n kube-system -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='antrea-controller')].data.token}"|base64 --decode)
kubectl config --kubeconfig=antrea-controller.kubeconfig set-cluster kubernetes --server=$APISERVER --insecure-skip-tls-verify
kubectl config --kubeconfig=antrea-controller.kubeconfig set-credentials antrea-controller --token=$TOKEN
kubectl config --kubeconfig=antrea-controller.kubeconfig set-context antrea-controller@kubernetes --cluster=kubernetes --user=antrea-controller
kubectl config --kubeconfig=antrea-controller.kubeconfig use-context antrea-controller@kubernetes

Create the antrea-controller config file, see Configuration for details.

cat >antrea-controller.conf <<EOF
clientConnection:
  kubeconfig: antrea-controller.kubeconfig
EOF

Start antrea-controller.

bin/antrea-controller --config antrea-controller.conf

antrea-agent

antrea-agent must run all worker nodes.

Grant the antrea-agent ServiceAccount necessary permissions to Kubernetes APIs. You can apply agent-rbac.yaml to do it.
```
kubectl apply -f build/yamls/base/agent-rbac.yml
```

Create the kubeconfig file that contains the K8s APIServer endpoint and the token of ServiceAccount created in the above step. See Configure Access to Multiple Clusters for more information.

APISERVER=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}')
TOKEN=$(kubectl get secrets -n kube-system -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='antrea-agent')].data.token}"|base64 --decode)
kubectl config --kubeconfig=antrea-agent.kubeconfig set-cluster kubernetes --server=$APISERVER --insecure-skip-tls-verify
kubectl config --kubeconfig=antrea-agent.kubeconfig set-credentials antrea-agent --token=$TOKEN
kubectl config --kubeconfig=antrea-agent.kubeconfig set-context antrea-agent@kubernetes --cluster=kubernetes --user=antrea-agent
kubectl config --kubeconfig=antrea-agent.kubeconfig use-context antrea-agent@kubernetes

Create the kubeconfig file that contains the antrea-controller APIServer endpoint and the token of ServiceAccount created in the above step.

# Change it to the correct endpoint if you are running antrea-controller somewhere else.
ANTREA_APISERVER=https://localhost
TOKEN=$(kubectl get secrets -n kube-system -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='antrea-agent')].data.token}"|base64 --decode)
kubectl config --kubeconfig=antrea-agent.antrea.kubeconfig set-cluster antrea --server=$ANTREA_APISERVER --insecure-skip-tls-verify
kubectl config --kubeconfig=antrea-agent.antrea.kubeconfig set-credentials antrea-agent --token=$TOKEN
kubectl config --kubeconfig=antrea-agent.antrea.kubeconfig set-context antrea-agent@antrea --cluster=antrea --user=antrea-agent
kubectl config --kubeconfig=antrea-agent.antrea.kubeconfig use-context antrea-agent@antrea

Create the antrea-agent config file, see Configuration for details.

cat >antrea-agent.conf <<EOF
clientConnection:
  kubeconfig: antrea-agent.kubeconfig
antreaClientConnection:
  kubeconfig: antrea-agent.antrea.kubeconfig
hostProcPathPrefix: "/"
EOF

Start antrea-agent.

bin/antrea-agent --config antrea-agent.conf

antrea-cni

antrea-cni should be installed on all worker nodes.

Create the cni config file on all worker nodes.

mkdir -p /etc/cni/net.d

cat >/etc/cni/net.d/10-antrea.conflist <<EOF
{
  "cniVersion":"0.3.0",
  "name": "antrea",
  "plugins": [
    {
      "type": "antrea",
      "ipam": {
        "type": "host-local"
      }
    },
    {
      "type": "portmap",
      "capabilities": {"portMappings": true}
    },
    {
      "type": "bandwidth",
      "capabilities": {"bandwidth": true}
    }
  ]
}
EOF

Install antrea-cni to /opt/cni/bin/antrea.
```
cp bin/antrea-cni /opt/cni/bin/antrea
```

Documentation