Use K8s upstream NodeManager

Signed-off-by: Hongliang Liu <[email protected]>

Author: hongliangl

build/charts/antrea/conf/antrea-agent.conf

@@ -6,8 +6,8 @@ featureGates:
 # AllBeta is a global toggle for beta features. Per-feature key values override the default set by AllBeta.
 {{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "AllBeta" "default" false) }}
 
-# Enable PreferSameTrafficDistribution in AntreaProxy, allowing usage of the values PreferSameZone and PreferSameNode in
-# the Service trafficDistribution field.
+# Enable PreferSameTrafficDistribution so that AntreaProxy can honor the Service's trafficDistribution settings
+# (PreferSameZone / PreferSameNode) when selecting backend Pods.
 {{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "PreferSameTrafficDistribution" "default" false) }}
 
 # Enable support for cleaning up stale UDP Service conntrack connections in AntreaProxy. This requires AntreaProxy to

build/yamls/antrea-aks.yml

@@ -4219,8 +4219,8 @@ data:
     # AllBeta is a global toggle for beta features. Per-feature key values override the default set by AllBeta.
     #  AllBeta: false
 
-    # Enable PreferSameTrafficDistribution in AntreaProxy, allowing usage of the values PreferSameZone and PreferSameNode in
-    # the Service trafficDistribution field.
+    # Enable PreferSameTrafficDistribution so that AntreaProxy can honor the Service's trafficDistribution settings
+    # (PreferSameZone / PreferSameNode) when selecting backend Pods.
     #  PreferSameTrafficDistribution: false
 
     # Enable support for cleaning up stale UDP Service conntrack connections in AntreaProxy. This requires AntreaProxy to
@@ -5721,7 +5721,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 7bcd8deb7017b8f37297525634f5cf700d2e5832342e4fa80c05ab627dedfa83
+        checksum/config: 7164c2236357aab9edb1267ae3a6d8abdf7a4be1f60c444101f4012376d98172
       labels:
         app: antrea
         component: antrea-agent
@@ -5969,7 +5969,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 7bcd8deb7017b8f37297525634f5cf700d2e5832342e4fa80c05ab627dedfa83
+        checksum/config: 7164c2236357aab9edb1267ae3a6d8abdf7a4be1f60c444101f4012376d98172
       labels:
         app: antrea
         component: antrea-controller

build/yamls/antrea-eks.yml

@@ -4215,8 +4215,8 @@ data:
     # AllBeta is a global toggle for beta features. Per-feature key values override the default set by AllBeta.
     #  AllBeta: false
 
-    # Enable PreferSameTrafficDistribution in AntreaProxy, allowing usage of the values PreferSameZone and PreferSameNode in
-    # the Service trafficDistribution field.
+    # Enable PreferSameTrafficDistribution so that AntreaProxy can honor the Service's trafficDistribution settings
+    # (PreferSameZone / PreferSameNode) when selecting backend Pods.
     #  PreferSameTrafficDistribution: false
 
     # Enable support for cleaning up stale UDP Service conntrack connections in AntreaProxy. This requires AntreaProxy to
@@ -5717,7 +5717,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 7bcd8deb7017b8f37297525634f5cf700d2e5832342e4fa80c05ab627dedfa83
+        checksum/config: 7164c2236357aab9edb1267ae3a6d8abdf7a4be1f60c444101f4012376d98172
       labels:
         app: antrea
         component: antrea-agent
@@ -5966,7 +5966,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 7bcd8deb7017b8f37297525634f5cf700d2e5832342e4fa80c05ab627dedfa83
+        checksum/config: 7164c2236357aab9edb1267ae3a6d8abdf7a4be1f60c444101f4012376d98172
       labels:
         app: antrea
         component: antrea-controller

build/yamls/antrea-gke.yml

@@ -4215,8 +4215,8 @@ data:
     # AllBeta is a global toggle for beta features. Per-feature key values override the default set by AllBeta.
     #  AllBeta: false
 
-    # Enable PreferSameTrafficDistribution in AntreaProxy, allowing usage of the values PreferSameZone and PreferSameNode in
-    # the Service trafficDistribution field.
+    # Enable PreferSameTrafficDistribution so that AntreaProxy can honor the Service's trafficDistribution settings
+    # (PreferSameZone / PreferSameNode) when selecting backend Pods.
     #  PreferSameTrafficDistribution: false
 
     # Enable support for cleaning up stale UDP Service conntrack connections in AntreaProxy. This requires AntreaProxy to
@@ -5708,7 +5708,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: f0a7ae5dcf068ffe8fae6e260174a2778e4def5f77b3d4f11af3a59843b17842
+        checksum/config: bf5a6fee5b84edc0803d6bf0965a411f3d88f64776ebfe30a8924baa9dc8c5da
       labels:
         app: antrea
         component: antrea-agent
@@ -5954,7 +5954,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: f0a7ae5dcf068ffe8fae6e260174a2778e4def5f77b3d4f11af3a59843b17842
+        checksum/config: bf5a6fee5b84edc0803d6bf0965a411f3d88f64776ebfe30a8924baa9dc8c5da
       labels:
         app: antrea
         component: antrea-controller

build/yamls/antrea-ipsec.yml

@@ -4228,8 +4228,8 @@ data:
     # AllBeta is a global toggle for beta features. Per-feature key values override the default set by AllBeta.
     #  AllBeta: false
 
-    # Enable PreferSameTrafficDistribution in AntreaProxy, allowing usage of the values PreferSameZone and PreferSameNode in
-    # the Service trafficDistribution field.
+    # Enable PreferSameTrafficDistribution so that AntreaProxy can honor the Service's trafficDistribution settings
+    # (PreferSameZone / PreferSameNode) when selecting backend Pods.
     #  PreferSameTrafficDistribution: false
 
     # Enable support for cleaning up stale UDP Service conntrack connections in AntreaProxy. This requires AntreaProxy to
@@ -5721,7 +5721,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: a97393291137add4c34e6b6f840bdab5584837131bcac0e8fcd15be684e6d85d
+        checksum/config: df497006c72465290efa91e3abc8ce6169b087a6a7ddc2bacda4aecab200a774
         checksum/ipsec-secret: d0eb9c52d0cd4311b6d252a951126bf9bea27ec05590bed8a394f0f792dcb2a4
       labels:
         app: antrea
@@ -6013,7 +6013,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: a97393291137add4c34e6b6f840bdab5584837131bcac0e8fcd15be684e6d85d
+        checksum/config: df497006c72465290efa91e3abc8ce6169b087a6a7ddc2bacda4aecab200a774
       labels:
         app: antrea
         component: antrea-controller

build/yamls/antrea.yml

@@ -4215,8 +4215,8 @@ data:
     # AllBeta is a global toggle for beta features. Per-feature key values override the default set by AllBeta.
     #  AllBeta: false
 
-    # Enable PreferSameTrafficDistribution in AntreaProxy, allowing usage of the values PreferSameZone and PreferSameNode in
-    # the Service trafficDistribution field.
+    # Enable PreferSameTrafficDistribution so that AntreaProxy can honor the Service's trafficDistribution settings
+    # (PreferSameZone / PreferSameNode) when selecting backend Pods.
     #  PreferSameTrafficDistribution: false
 
     # Enable support for cleaning up stale UDP Service conntrack connections in AntreaProxy. This requires AntreaProxy to
@@ -5708,7 +5708,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: cea980c8e36a19ce1e4c4f4977786aced6a90cc193a2eed8d0a996612fd84ff7
+        checksum/config: d30e0a917e8224438e4772d6a2b79a9e993b01c077bc1f75eeb7df9a5d8eeb8f
       labels:
         app: antrea
         component: antrea-agent
@@ -5954,7 +5954,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: cea980c8e36a19ce1e4c4f4977786aced6a90cc193a2eed8d0a996612fd84ff7
+        checksum/config: d30e0a917e8224438e4772d6a2b79a9e993b01c077bc1f75eeb7df9a5d8eeb8f
       labels:
         app: antrea
         component: antrea-controller

cmd/antrea-agent/agent.go

@@ -89,6 +89,7 @@ import (
 	"antrea.io/antrea/pkg/util/objectstore"
 	utilwait "antrea.io/antrea/pkg/util/wait"
 	"antrea.io/antrea/pkg/version"
+	k8sproxy "antrea.io/antrea/third_party/proxy"
 )
 
 // informerDefaultResync is the default resync period if a handler doesn't specify one.
@@ -451,9 +452,14 @@ func run(o *Options) error {
 		groupCounters = append(groupCounters, v6GroupCounter)
 	}
 
+	nodeManager, err := k8sproxy.NewNodeManager(ctx, k8sClient, resyncPeriodDisabled, nodeConfig.Name, false)
+	if err != nil {
+		return fmt.Errorf("failed to create node manager: %w", err)
+	}
 	var proxyServer *proxy.ProxyServer
 	if o.enableAntreaProxy {
 		proxyServer, err = proxy.NewProxyServer(nodeConfig.Name,
+			nodeManager,
 			ofClient,
 			routeClient,
 			nodeIPTracker,
@@ -467,9 +473,9 @@ func run(o *Options) error {
 			v6GroupCounter,
 			enableMulticlusterGW)
 		if err != nil {
-			return fmt.Errorf("error when creating proxyServer: %v", err)
+			return fmt.Errorf("error when creating proxyServer: %w", err)
 		}
-		proxyServer.Initialize(ctx, serviceInformer, endpointSliceInformer, nodeInformer)
+		proxyServer.Initialize(ctx, serviceInformer, endpointSliceInformer)
 	}
 
 	// We pick a time interval for rule deletion in the async rule cache (part of the

cmd/antrea-agent/options.go

@@ -264,13 +264,13 @@ func (o *Options) validateAntreaProxyConfig(encapMode config.TrafficEncapModeTyp
 		if addr := o.config.AntreaProxy.ServiceHealthCheckServerBindAddress; addr != "" {
 			hostStr, portStr, err := net.SplitHostPort(addr)
 			if err != nil {
-				return fmt.Errorf("invalid health server bind address %q: %v", addr, err)
+				return fmt.Errorf("invalid health server bind address %q: %w", addr, err)
 			}
 			if net.ParseIP(hostStr) == nil {
 				return fmt.Errorf("invalid IP address in health server bind address: %q", hostStr)
 			}
 			if err := validation.ValidatePortString(portStr); err != nil {
-				return fmt.Errorf("invalid port in health server bind address: %q: %v", portStr, err)
+				return fmt.Errorf("invalid port in health server bind address: %q: %w", portStr, err)
 			}
 		}
 	}
@@ -449,6 +449,9 @@ func (o *Options) setK8sNodeDefaultOptions() {
 	if o.config.AntreaProxy.ProxyLoadBalancerIPs == nil {
 		o.config.AntreaProxy.ProxyLoadBalancerIPs = ptr.To(true)
 	}
+	if o.config.AntreaProxy.ServiceHealthCheckServerBindAddress == "" {
+		o.config.AntreaProxy.ServiceHealthCheckServerBindAddress = net.JoinHostPort(net.IPv4zero.String(), fmt.Sprint(apis.AntreaProxyHealthServerPort))
+	}
 	if o.config.ServiceCIDR == "" {
 		//It's okay to set the default value of this field even when AntreaProxy is enabled and the field is not used.
 		o.config.ServiceCIDR = defaultServiceCIDR

docs/feature-gates.md

@@ -33,7 +33,7 @@ edit the Agent configuration in the
 | Feature Name                    | Component          | Default | Stage      | Alpha Release | Beta Release | GA Release | Extra Requirements | Notes                                                  |
 |---------------------------------|--------------------|---------|------------|---------------|--------------|------------|--------------------|--------------------------------------------------------|
 | `AntreaProxy`                   | Agent              | `true`  | GA         | v0.8          | v0.11        | v1.14      | Yes                | Must be enabled for Windows.                           |
-| `EndpointSlice`                 | Agent              | `true`  | GA         | v0.13.0       | v1.11        | v1.14      | Yes                |                                                        |
+| `EndpointSlice`                 | Agent              | `true`  | GA         | v0.13.0       | v1.11        | v1.14      | Yes                | Locked to `true` (cannot be disabled).                 |
 | `TopologyAwareHints`            | Agent              | `true`  | GA         | v1.8          | v1.12        | v2.5       | Yes                |                                                        |
 | `ServiceTrafficDistribution`    | Agent              | `true`  | GA         | N/A           | v2.2         | v2.5       | Yes                |                                                        |
 | `PreferSameTrafficDistribution` | Agent              | `false` | Alpha      | v2.5          | N/A          | N/A        | Yes                |                                                        |
@@ -89,6 +89,8 @@ opposed to >= 4.4 without this feature).
 `EndpointSlice` enables Service EndpointSlice support in Antrea Proxy. The EndpointSlice API was introduced in Kubernetes
 1.16 (alpha) and it is enabled by default in Kubernetes 1.17 (beta), promoted to GA in Kubernetes 1.21.
 
+Starting from Antrea v2.5.0, the feature is locked to `true` and cannot be disabled.
+
 #### Requirements for this Feature
 
 - Option `antreaProxy.enable` is set to true.
@@ -117,9 +119,11 @@ refer to this [link](https://github.com/kubernetes/enhancements/tree/master/keps
 
 ### PreferSameTrafficDistribution
 
-`PreferSameTrafficDistribution` allows usage of the values `PreferSameZone` and `PreferSameNode` in the Service
-trafficDistribution field in Antrea Proxy. For more details, refer to this
-[link](https://github.com/kubernetes/enhancements/tree/master/keps/sig-network/3015-prefer-same-node).
+`PreferSameTrafficDistribution` enables AntreaProxy to honor the Service's trafficDistribution settings
+(PreferSameZone / PreferSameNode) when selecting backend Pods. 
+
+For additional background, see the upstream enhancement proposal:
+[KEP 3015 – Prefer Same Node](https://github.com/kubernetes/enhancements/tree/master/keps/sig-network/3015-prefer-same-node).
 
 #### Requirements for this Feature
 

docs/network-requirements.md

@@ -28,4 +28,5 @@ number from the output of `kubectl get svc kubernetes -o yaml`._
 
 [4] _The default value is 10256, but it can be overridden in the antrea-agent
 configuration `antreaProxy.serviceHealthCheckServerBindAddress`. It is used only
-for external load balancer health checks._
+for external load balancer health checks. If `antreaProxy.disableServiceHealthCheckServer`
+is set `true`, the health check server listening on the port will be disabled._