Documentation for version v0.9.2 is no longer actively maintained. The version you are currently viewing is a static snapshot. For up-to-date documentation, see the latest version.
There are four components which need to be deployed in order to run Antrea:
The OpenVSwitch daemons ovs-vswitchd
and ovsdb-server
The controller antrea-controller
The agent antrea-agent
The CNI plugin antrea-cni
Prior to bringing up the individual components, follow the common steps:
Ensure Go v1.13 is installed
Git clone your forked Antrea repository and cd
into the antrea
directory
git clone https://github.com/$user/antrea
cd antrea
Build the binaries for all components under bin
directory
make bin
Open vSwitch >= 2.8.0 userspace daemon ovs-vswitchd
and ovsdb-server
should run on all worker nodes. See
Installing Open vSwitch for details.
antrea-controller
is required to implement Kubernetes Network Policies. At any time, there should be only a single
active replica of antrea-controller
.
antrea-controller
ServiceAccount necessary permissions to Kubernetes APIs. You can apply
controller-rbac.yaml to do it.
shell script
kubectl apply -f build/yamls/base/controller-rbac.yml
shell script
APISERVER=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}')
TOKEN=$(kubectl get secrets -n kube-system -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='antrea-controller')].data.token}"|base64 --decode)
kubectl config --kubeconfig=antrea-controller.kubeconfig set-cluster kubernetes --server=$APISERVER --insecure-skip-tls-verify
kubectl config --kubeconfig=antrea-controller.kubeconfig set-credentials antrea-controller --token=$TOKEN
kubectl config --kubeconfig=antrea-controller.kubeconfig set-context antrea-controller@kubernetes --cluster=kubernetes --user=antrea-controller
kubectl config --kubeconfig=antrea-controller.kubeconfig use-context antrea-controller@kubernetes
antrea-controller
config file, see Configuration for details.
shell script
cat >antrea-controller.conf <<EOF
clientConnection:
kubeconfig: antrea-controller.kubeconfig
EOF
antrea-controller
.
shell script
bin/antrea-controller --config antrea-controller.conf
antrea-agent
must run all worker nodes.
antrea-agent
ServiceAccount necessary permissions to Kubernetes APIs. You can apply agent-rbac.yaml to do it.
shell script
kubectl apply -f build/yamls/base/agent-rbac.yml
shell script
APISERVER=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}')
TOKEN=$(kubectl get secrets -n kube-system -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='antrea-agent')].data.token}"|base64 --decode)
kubectl config --kubeconfig=antrea-agent.kubeconfig set-cluster kubernetes --server=$APISERVER --insecure-skip-tls-verify
kubectl config --kubeconfig=antrea-agent.kubeconfig set-credentials antrea-agent --token=$TOKEN
kubectl config --kubeconfig=antrea-agent.kubeconfig set-context antrea-agent@kubernetes --cluster=kubernetes --user=antrea-agent
kubectl config --kubeconfig=antrea-agent.kubeconfig use-context antrea-agent@kubernetes
antrea-controller
APIServer endpoint and the token of ServiceAccount
created in the above step.
shell script
# Change it to the correct endpoint if you are running antrea-controller somewhere else.
ANTREA_APISERVER=https://localhost
TOKEN=$(kubectl get secrets -n kube-system -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='antrea-agent')].data.token}"|base64 --decode)
kubectl config --kubeconfig=antrea-agent.antrea.kubeconfig set-cluster antrea --server=$ANTREA_APISERVER --insecure-skip-tls-verify
kubectl config --kubeconfig=antrea-agent.antrea.kubeconfig set-credentials antrea-agent --token=$TOKEN
kubectl config --kubeconfig=antrea-agent.antrea.kubeconfig set-context antrea-agent@antrea --cluster=antrea --user=antrea-agent
kubectl config --kubeconfig=antrea-agent.antrea.kubeconfig use-context antrea-agent@antrea
antrea-agent
config file, see Configuration for details.
shell script
cat >antrea-agent.conf <<EOF
clientConnection:
kubeconfig: antrea-agent.kubeconfig
antreaClientConnection:
kubeconfig: antrea-agent.antrea.kubeconfig
hostProcPathPrefix: "/"
EOF
antrea-agent
.
shell script
bin/antrea-agent --config antrea-agent.conf
antrea-cni
should be installed on all worker nodes.
cat >/etc/cni/net.d/10-antrea.conflist <<EOF { "cniVersion":"0.3.0", "name": "antrea", "plugins": [ { "type": "antrea", "ipam": { "type": "host-local" } }, { "type": "portmap", "capabilities": {"portMappings": true} } ] } EOF ```
antrea-cni
to /opt/cni/bin/antrea
.
shell script
cp bin/antrea-cni /opt/cni/bin/antrea
To help you get started, see the documentation.