Move noEncap/Hybrid/Policy-Only mode to use Antrea-proxy.

Kube-Proxy is not used in these modes for pod-to-service traffic.

build/yamls/antrea-eks.yml

@@ -653,47 +653,39 @@ data:
     # Enable antrea proxy which provides ServiceLB for in-cluster services in antrea agent.
     # It should be enabled on Windows, otherwise NetworkPolicy will not take effect on
     # Service traffic.
-    #  AntreaProxy: false
+      AntreaProxy: true
     # Enable traceflow which provides packet tracing feature to diagnose network issue.
     #  Traceflow: false
     # Enable flowexporter which exports polled conntrack connections as IPFIX flow records from each agent to a configured collector.
     #  FlowExporter: false
-
     # Name of the OpenVSwitch bridge antrea-agent will create and use.
     # Make sure it doesn't conflict with your existing OpenVSwitch bridges.
     #ovsBridge: br-int
-
     # Datapath type to use for the OpenVSwitch bridge created by Antrea. Supported values are:
     # - system
     # - netdev
     # 'system' is the default value and corresponds to the kernel datapath. Use 'netdev' to run
     # OVS in userspace mode. Userspace mode requires the tun device driver to be available.
     #ovsDatapathType: system
-
     # Name of the interface antrea-agent will create and use for host <--> pod communication.
     # Make sure it doesn't conflict with your existing interfaces.
     #hostGateway: antrea-gw0
-
     # Encapsulation mode for communication between Pods across Nodes, supported values:
     # - geneve (default)
     # - vxlan
     # - gre
     # - stt
     #tunnelType: geneve
-
     # Default MTU to use for the host gateway interface and the network interface of each Pod.
     # If omitted, antrea-agent will discover the MTU of the Node's primary interface and
     # also adjust MTU to accommodate for tunnel encapsulation overhead (if applicable).
     #defaultMTU: 1450
-
     # Whether or not to enable IPsec encryption of tunnel traffic. IPsec encryption is only supported
     # for the GRE tunnel type.
     #enableIPSecTunnel: false
-
     # CIDR Range for services in cluster. It's required to support egress network policy, should
     # be set to the same value as the one specified by --service-cluster-ip-range for kube-apiserver.
     #serviceCIDR: 10.96.0.0/12
-
     # Determines how traffic is encapsulated. It has the following options
     # encap(default): Inter-node Pod traffic is always encapsulated and Pod to outbound traffic is masqueraded.
     # noEncap: Inter-node Pod traffic is not encapsulated, but Pod to outbound traffic is masqueraded.
@@ -702,12 +694,10 @@ data:
     # networkPolicyOnly: Antrea enforces NetworkPolicy only, and utilizes CNI chaining and delegates Pod IPAM and connectivity to primary CNI.
     #
     trafficEncapMode: networkPolicyOnly
-
     # The port for the antrea-agent APIServer to serve on.
     # Note that if it's set to another value, the `containerPort` of the `api` port of the
     # `antrea-agent` container must be set to the same value.
     #apiPort: 10350
-
     # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener.
     #enablePrometheusMetrics: false
   antrea-cni.conflist: |
@@ -732,19 +722,15 @@ data:
     featureGates:
     # Enable traceflow which provides packet tracing feature to diagnose network issue.
     #  Traceflow: false
-
     # Enable ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins
     # to define security policies which apply to the entire cluster.
     # ClusterNetworkPolicy: false
-
     # The port for the antrea-controller APIServer to serve on.
     # Note that if it's set to another value, the `containerPort` of the `api` port of the
     # `antrea-controller` container must be set to the same value.
     #apiPort: 10349
-
     # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener.
     #enablePrometheusMetrics: false
-
     # Indicates whether to use auto-generated self-signed TLS certificate.
     # If false, A Secret named "antrea-controller-tls" must be provided with the following keys:
     #   ca.crt: <CA certificate>
@@ -758,7 +744,7 @@ metadata:
   annotations: {}
   labels:
     app: antrea
-  name: antrea-config-hhthk4g2f4
+  name: antrea-config-2kcd4h69mk
   namespace: kube-system
 ---
 apiVersion: v1
@@ -864,7 +850,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-hhthk4g2f4
+          name: antrea-config-2kcd4h69mk
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -1081,7 +1067,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-hhthk4g2f4
+          name: antrea-config-2kcd4h69mk
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

build/yamls/antrea-gke.yml

@@ -653,47 +653,39 @@ data:
     # Enable antrea proxy which provides ServiceLB for in-cluster services in antrea agent.
     # It should be enabled on Windows, otherwise NetworkPolicy will not take effect on
     # Service traffic.
-    #  AntreaProxy: false
+      AntreaProxy: true
     # Enable traceflow which provides packet tracing feature to diagnose network issue.
     #  Traceflow: false
     # Enable flowexporter which exports polled conntrack connections as IPFIX flow records from each agent to a configured collector.
     #  FlowExporter: false
-
     # Name of the OpenVSwitch bridge antrea-agent will create and use.
     # Make sure it doesn't conflict with your existing OpenVSwitch bridges.
     #ovsBridge: br-int
-
     # Datapath type to use for the OpenVSwitch bridge created by Antrea. Supported values are:
     # - system
     # - netdev
     # 'system' is the default value and corresponds to the kernel datapath. Use 'netdev' to run
     # OVS in userspace mode. Userspace mode requires the tun device driver to be available.
     #ovsDatapathType: system
-
     # Name of the interface antrea-agent will create and use for host <--> pod communication.
     # Make sure it doesn't conflict with your existing interfaces.
     #hostGateway: antrea-gw0
-
     # Encapsulation mode for communication between Pods across Nodes, supported values:
     # - geneve (default)
     # - vxlan
     # - gre
     # - stt
     #tunnelType: geneve
-
     # Default MTU to use for the host gateway interface and the network interface of each Pod.
     # If omitted, antrea-agent will discover the MTU of the Node's primary interface and
     # also adjust MTU to accommodate for tunnel encapsulation overhead (if applicable).
     #defaultMTU: 1450
-
     # Whether or not to enable IPsec encryption of tunnel traffic. IPsec encryption is only supported
     # for the GRE tunnel type.
     #enableIPSecTunnel: false
-
     # CIDR Range for services in cluster. It's required to support egress network policy, should
     # be set to the same value as the one specified by --service-cluster-ip-range for kube-apiserver.
     #serviceCIDR: 10.96.0.0/12
-
     # Determines how traffic is encapsulated. It has the following options
     # encap(default): Inter-node Pod traffic is always encapsulated and Pod to outbound traffic is masqueraded.
     # noEncap: Inter-node Pod traffic is not encapsulated, but Pod to outbound traffic is masqueraded.
@@ -702,12 +694,10 @@ data:
     # networkPolicyOnly: Antrea enforces NetworkPolicy only, and utilizes CNI chaining and delegates Pod IPAM and connectivity to primary CNI.
     #
     trafficEncapMode: noEncap
-
     # The port for the antrea-agent APIServer to serve on.
     # Note that if it's set to another value, the `containerPort` of the `api` port of the
     # `antrea-agent` container must be set to the same value.
     #apiPort: 10350
-
     # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener.
     #enablePrometheusMetrics: false
   antrea-cni.conflist: |
@@ -732,19 +722,15 @@ data:
     featureGates:
     # Enable traceflow which provides packet tracing feature to diagnose network issue.
     #  Traceflow: false
-
     # Enable ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins
     # to define security policies which apply to the entire cluster.
     # ClusterNetworkPolicy: false
-
     # The port for the antrea-controller APIServer to serve on.
     # Note that if it's set to another value, the `containerPort` of the `api` port of the
     # `antrea-controller` container must be set to the same value.
     #apiPort: 10349
-
     # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener.
     #enablePrometheusMetrics: false
-
     # Indicates whether to use auto-generated self-signed TLS certificate.
     # If false, A Secret named "antrea-controller-tls" must be provided with the following keys:
     #   ca.crt: <CA certificate>
@@ -758,7 +744,7 @@ metadata:
   annotations: {}
   labels:
     app: antrea
-  name: antrea-config-mbkmc9bb22
+  name: antrea-config-9g7cgg54tg
   namespace: kube-system
 ---
 apiVersion: v1
@@ -864,7 +850,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-mbkmc9bb22
+          name: antrea-config-9g7cgg54tg
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -1079,7 +1065,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-mbkmc9bb22
+          name: antrea-config-9g7cgg54tg
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

build/yamls/antrea-ipsec.yml

@@ -658,42 +658,34 @@ data:
     #  Traceflow: false
     # Enable flowexporter which exports polled conntrack connections as IPFIX flow records from each agent to a configured collector.
     #  FlowExporter: false
-
     # Name of the OpenVSwitch bridge antrea-agent will create and use.
     # Make sure it doesn't conflict with your existing OpenVSwitch bridges.
     #ovsBridge: br-int
-
     # Datapath type to use for the OpenVSwitch bridge created by Antrea. Supported values are:
     # - system
     # - netdev
     # 'system' is the default value and corresponds to the kernel datapath. Use 'netdev' to run
     # OVS in userspace mode. Userspace mode requires the tun device driver to be available.
     #ovsDatapathType: system
-
     # Name of the interface antrea-agent will create and use for host <--> pod communication.
     # Make sure it doesn't conflict with your existing interfaces.
     #hostGateway: antrea-gw0
-
     # Encapsulation mode for communication between Pods across Nodes, supported values:
     # - geneve (default)
     # - vxlan
     # - gre
     # - stt
     tunnelType: gre
-
     # Default MTU to use for the host gateway interface and the network interface of each Pod.
     # If omitted, antrea-agent will discover the MTU of the Node's primary interface and
     # also adjust MTU to accommodate for tunnel encapsulation overhead (if applicable).
     #defaultMTU: 1450
-
     # Whether or not to enable IPsec encryption of tunnel traffic. IPsec encryption is only supported
     # for the GRE tunnel type.
     enableIPSecTunnel: true
-
     # CIDR Range for services in cluster. It's required to support egress network policy, should
     # be set to the same value as the one specified by --service-cluster-ip-range for kube-apiserver.
     #serviceCIDR: 10.96.0.0/12
-
     # Determines how traffic is encapsulated. It has the following options
     # encap(default): Inter-node Pod traffic is always encapsulated and Pod to outbound traffic is masqueraded.
     # noEncap: Inter-node Pod traffic is not encapsulated, but Pod to outbound traffic is masqueraded.
@@ -702,12 +694,10 @@ data:
     # networkPolicyOnly: Antrea enforces NetworkPolicy only, and utilizes CNI chaining and delegates Pod IPAM and connectivity to primary CNI.
     #
     #trafficEncapMode: encap
-
     # The port for the antrea-agent APIServer to serve on.
     # Note that if it's set to another value, the `containerPort` of the `api` port of the
     # `antrea-agent` container must be set to the same value.
     #apiPort: 10350
-
     # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener.
     #enablePrometheusMetrics: false
   antrea-cni.conflist: |
@@ -732,19 +722,15 @@ data:
     featureGates:
     # Enable traceflow which provides packet tracing feature to diagnose network issue.
     #  Traceflow: false
-
     # Enable ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins
     # to define security policies which apply to the entire cluster.
     # ClusterNetworkPolicy: false
-
     # The port for the antrea-controller APIServer to serve on.
     # Note that if it's set to another value, the `containerPort` of the `api` port of the
     # `antrea-controller` container must be set to the same value.
     #apiPort: 10349
-
     # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener.
     #enablePrometheusMetrics: false
-
     # Indicates whether to use auto-generated self-signed TLS certificate.
     # If false, A Secret named "antrea-controller-tls" must be provided with the following keys:
     #   ca.crt: <CA certificate>
@@ -758,7 +744,7 @@ metadata:
   annotations: {}
   labels:
     app: antrea
-  name: antrea-config-5tkdbb96c6
+  name: antrea-config-5dk44c4hcg
   namespace: kube-system
 ---
 apiVersion: v1
@@ -873,7 +859,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-5tkdbb96c6
+          name: antrea-config-5dk44c4hcg
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -1123,7 +1109,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-5tkdbb96c6
+          name: antrea-config-5dk44c4hcg
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

build/yamls/antrea-windows.yml

@@ -22,33 +22,26 @@ data:
     # It should be enabled on Windows, otherwise NetworkPolicy will not take effect on
     # Service traffic.
       AntreaProxy: true
-
     # Name of the OpenVSwitch bridge antrea-agent will create and use.
     # Make sure it doesn't conflict with your existing OpenVSwitch bridges.
     #ovsBridge: br-int
-
     # Name of the interface antrea-agent will create and use for host <--> pod communication.
     # Make sure it doesn't conflict with your existing interfaces.
     #hostGateway: antrea-gw0
-
     # Encapsulation mode for communication between Pods across Nodes, supported values:
     # - geneve (default)
     # - vxlan
     # - stt
     #tunnelType: geneve
-
     # Default MTU to use for the host gateway interface and the network interface of each Pod.
     # If omitted, antrea-agent will discover the MTU of the Node's primary interface and
     # also adjust MTU to accommodate for tunnel encapsulation overhead.
     #defaultMTU: 1450
-
     # CIDR Range for services in cluster. It's required to support egress network policy, should
     # be set to the same value as the one specified by --service-cluster-ip-range for kube-apiserver.
     #serviceCIDR: 10.96.0.0/12
-
     # The port for the antrea-agent APIServer to serve on.
     #apiPort: 10350
-
     # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener.
     #enablePrometheusMetrics: false
   antrea-cni.conflist: |
@@ -69,7 +62,7 @@ kind: ConfigMap
 metadata:
   labels:
     app: antrea
-  name: antrea-windows-config-k24chf74ct
+  name: antrea-windows-config-6b75thb62g
   namespace: kube-system
 ---
 apiVersion: apps/v1
@@ -157,7 +150,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-windows-config-k24chf74ct
+          name: antrea-windows-config-6b75thb62g
         name: antrea-windows-config
       - configMap:
           defaultMode: 420