antctl support traceflow

Fixed #923 antctl traceflow is on remote mode, inside controller mode and inside agent mode. It supports yaml and json output. It can return without retrieving results. e.g. ``` $ antctl traceflow -S busybox0 -D busybox1 name: default-busybox0-to-default-busybox1-fpllngzi phase: Succeeded source: default/busybox0 destination: default/busybox1 results: - node: antrea-linux-testbed7-1 timestamp: 1596435607 observations: - component: SpoofGuard action: Forwarded - component: Forwarding componentInfo: Output action: Delivered ```
antrea-io · Aug 11, 2020 · 453ea6c · 453ea6c
1 parent b0426e1
commit 453ea6c
Show file tree

Hide file tree

Showing 14 changed files with 633 additions and 30 deletions.
diff --git a/build/yamls/antrea-eks.yml b/build/yamls/antrea-eks.yml
@@ -505,6 +505,8 @@ rules:
   - list
   - update
   - patch
+  - create
+  - delete
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -607,6 +609,8 @@ rules:
   - list
   - update
   - patch
+  - create
+  - delete
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding

diff --git a/build/yamls/antrea-gke.yml b/build/yamls/antrea-gke.yml
@@ -505,6 +505,8 @@ rules:
   - list
   - update
   - patch
+  - create
+  - delete
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -607,6 +609,8 @@ rules:
   - list
   - update
   - patch
+  - create
+  - delete
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding

diff --git a/build/yamls/antrea-ipsec.yml b/build/yamls/antrea-ipsec.yml
@@ -505,6 +505,8 @@ rules:
   - list
   - update
   - patch
+  - create
+  - delete
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -607,6 +609,8 @@ rules:
   - list
   - update
   - patch
+  - create
+  - delete
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding

diff --git a/build/yamls/antrea.yml b/build/yamls/antrea.yml
@@ -505,6 +505,8 @@ rules:
   - list
   - update
   - patch
+  - create
+  - delete
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -607,6 +609,8 @@ rules:
   - list
   - update
   - patch
+  - create
+  - delete
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding

diff --git a/build/yamls/base/agent-rbac.yml b/build/yamls/base/agent-rbac.yml
@@ -96,6 +96,8 @@ rules:
       - list
       - update
       - patch
+      - create
+      - delete
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1beta1

diff --git a/build/yamls/base/controller-rbac.yml b/build/yamls/base/controller-rbac.yml
@@ -110,6 +110,8 @@ rules:
       - list
       - update
       - patch
+      - create
+      - delete
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1beta1

diff --git a/build/yamls/base/controller.yml b/build/yamls/base/controller.yml
@@ -132,3 +132,4 @@ spec:
           hostPath:
             path: /var/log/antrea
             type: DirectoryOrCreate
+
diff --git a/docs/antctl.md b/docs/antctl.md
@@ -20,6 +20,7 @@ running in two different modes:
   - [Dumping Pod network interface information](#dumping-pod-network-interface-information)
   - [Dumping OVS flows](#dumping-ovs-flows)
   - [OVS packet tracing](#ovs-packet-tracing)
+  - [Traceflow](#traceflow)
 
 ## Installation
 
@@ -313,3 +314,34 @@ result: |
   Megaflow: recirc_id=0x54,eth,ip,in_port=1,nw_frag=no
   Datapath actions: 3
 ```
+
+### Traceflow
+
+`antctl traceflow` command is used to start a traceflow and retrieve its result. After the
+result is collected, the traceflow will be deleted. Users can also create a traceflow with
+`kubectl`, but `antctl traceflow` offers a simpler approach.
+
+The required options for this command
+are `source` and `destination`, which consist of namespace and pod, service or IP. The command supports
+yaml and json output. If users want a non blocking operation, an option: `--wait=false` can
+be added to start the traceflow without waiting for result. Then, the deletion operation
+will not be conducted. Besides, users can specify header protocol (ICMP, TCP and UDP) and
+source/destination ports.
+
+e.g.
+```bash
+$ antctl traceflow -S busybox0 -D busybox1
+name: default-busybox0-to-default-busybox1-fpllngzi
+phase: Succeeded
+source: default/busybox0
+destination: default/busybox1
+results:
+- node: antrea-linux-testbed7-1
+  timestamp: 1596435607
+  observations:
+  - component: SpoofGuard
+    action: Forwarded
+  - component: Forwarding
+    componentInfo: Output
+    action: Delivered
+```
diff --git a/pkg/antctl/antctl.go b/pkg/antctl/antctl.go
@@ -24,6 +24,7 @@ import (
 	"github.com/vmware-tanzu/antrea/pkg/agent/apiserver/handlers/podinterface"
 	"github.com/vmware-tanzu/antrea/pkg/agent/openflow"
 	"github.com/vmware-tanzu/antrea/pkg/antctl/raw/supportbundle"
+	"github.com/vmware-tanzu/antrea/pkg/antctl/raw/traceflow"
 	"github.com/vmware-tanzu/antrea/pkg/antctl/transform/addressgroup"
 	"github.com/vmware-tanzu/antrea/pkg/antctl/transform/appliedtogroup"
 	"github.com/vmware-tanzu/antrea/pkg/antctl/transform/controllerinfo"
@@ -324,6 +325,11 @@ var CommandList = &commandList{
 			supportAgent:      true,
 			supportController: true,
 		},
+		{
+			cobraCommand:      traceflow.Command,
+			supportAgent:      true,
+			supportController: true,
+		},
 	},
 	codec: scheme.Codecs,
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -505,6 +505,8 @@ rules: @@
       - list
       - update
       - patch
+      - create
+      - delete
     ---
     apiVersion: rbac.authorization.k8s.io/v1
     kind: ClusterRole
@@ Expand Down Expand Up / @@ -607,6 +609,8 @@ rules: @@
       - list
       - update
       - patch
+      - create
+      - delete
     ---
     apiVersion: rbac.authorization.k8s.io/v1
     kind: ClusterRoleBinding
@@ Expand Down @@
Original file line number	Diff line number	Diff line change
Expand Up		@@ -132,3 +132,4 @@ spec:
		hostPath:
		path: /var/log/antrea
		type: DirectoryOrCreate