Support Antrea installation using antctl CLI #5896
Description
Describe what you are trying to solve
While we were updating the ROADMAP, @tnqn suggested that we could add support for a new installation method for Antrea.
We currently support 2 methods:
- using the K8s manifest directly (e.g, https://github.com/antrea-io/antrea/releases/download/v1.14.1/antrea.yml)
- using the
antrea/antreaHelm chart (https://github.com/antrea-io/antrea/blob/main/docs/helm.md)
The 1st method is very straightforward and the only prerequisite is kubectl. However, any customization has to be done manually (by editing the YAML) and is error-prone. It is fairly common for users to make a typo when editing the antrea config in the YAML for example (invalid indentation, etc.). Some features also require editing both antrea-agent.conf and antrea-controller.conf, and it is easy for users to miss that.
The 2nd method requires Helm to be installed, but allows for easy customization. Of course, we are constrained by what Helm can do:
- cannot upgrade components in a specific order (Controller first, then Agents)
- CRD management is not always straightforward: [Helm chart] Should CRDs be placed in the special
crds/directory? #3665 - cannot run custom validations / sanity-checks pre-installation
- cannot run custom validations or logic post-installation
Describe the solution you have in mind
Several other projects in the cloud-native ecosystem support CLI-based installation (Cilium and Calico come to mind).
Users can easily customize the installation, and developers have the opportunity to execute custom logic before and after the installation, with direct access to the K8s API.
This proposal is to add the antctl install command, which would take care of installing an "arbitrary" Antrea version (we should support some version skew between antctl and the Antrea version being installed). Similarly, we would add the "antctl upgrade" command for upgrades.
Describe how your solution impacts user flows
Users have access to a new installation method, which should be as convenient as installing the Helm chart, while at the same time providing additional value / features.
Describe the main design/architecture of your solution
This is a possible workflow / implementation for antctl install [--version x.y.z]:
- Download the Helm chart for Antrea (latest release or version provided by user)
- Run some sanity checks (is the K8s version supported, is there another CNI already installed, ...)
- Render the Helm template based on customization values provided by user
- Extract individual resources from the generated manifest, and apply them in the correct order using the K8s API (like kubectl would)
- Run post-installation logic (e.g., restart existing Pods) and custom validations (basic connectivity checks)
The CLI command could take care of CNI migration under the hood (https://github.com/antrea-io/antrea/blob/main/docs/migrate-to-antrea.md), if another CNI was detected in step 2.
Note that we use Helm to render the chart template into a K8s manifest, but we create resources through the K8s API. This is the only way to meet our goal of installing / updating components in a specific order.
antctl install could also take care of (optionally) installing other Antrea components (FlowAggregator, antrea-ui).
Implementation for antctl upgrade would be similar.
Ideally, antctl would also support Windows installation, but that may come later.
Alternative solutions that you considered
An alternative solution could be to make the Antrea operator a "first-class citizen". The operator would take care of the actual lifecycle management of Antrea components & resources. In that case antctl install would simply take care of installing the operator by installing its Helm chart. This is a higher-impact change however, compared to the solution described above.