Skip to content

Latest commit

 

History

History
130 lines (104 loc) · 5.26 KB

manual-installation.md

File metadata and controls

130 lines (104 loc) · 5.26 KB

Manual Installation

Overview

There are four components which need to be deployed in order to run Antrea:

  • The OpenVSwitch daemons ovs-vswitchd and ovsdb-server

  • The controller antrea-controller

  • The agent antrea-agent

  • The CNI plugin antrea-cni

Instructions

OpenVSwitch

Open vSwitch >= 2.8.0 userspace daemon ovs-vswitchd and ovsdb-server should run on all worker nodes. See Installing Open vSwitch for details.

antrea-controller

antrea-controller is required to implement Kubernetes Network Policies. At any time, there should be only a single active replica of antrea-controller.

  1. Grant the antrea-controller ServiceAccount necessary permissions to Kubernetes APIs. You can apply controller-rbac.yaml to do it.
kubectl apply -f build/yamls/base/controller-rbac.yml
  1. Create the kubeconfig file that contains the K8s APIServer endpoint and the token of ServiceAccount created in the above step. See Configure Access to Multiple Clusters for more information.
APISERVER=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}')
TOKEN=$(kubectl get secrets -n kube-system -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='antrea-controller')].data.token}"|base64 --decode)
kubectl config --kubeconfig=antrea-controller.kubeconfig set-cluster kubernetes --server=$APISERVER --insecure-skip-tls-verify
kubectl config --kubeconfig=antrea-controller.kubeconfig set-credentials antrea-controller --token=$TOKEN
kubectl config --kubeconfig=antrea-controller.kubeconfig set-context antrea-controller@kubernetes --cluster=kubernetes --user=antrea-controller
kubectl config --kubeconfig=antrea-controller.kubeconfig use-context antrea-controller@kubernetes
  1. Create the antrea-controller config file, see Configuration for details.
cat >antrea-controller.conf <<EOF
clientConnection:
  kubeconfig: antrea-controller.kubeconfig
EOF
  1. Start antrea-controller.
bin/antrea-controller --config antrea-controller.conf

antrea-agent

antrea-agent must run all worker nodes.

  1. Grant the antrea-agent ServiceAccount necessary permissions to Kubernetes APIs. You can apply agent-rbac.yaml to do it.
kubectl apply -f build/yamls/base/agent-rbac.yml
  1. Create the kubeconfig file that contains the K8s APIServer endpoint and the token of ServiceAccount created in the above step. See Configure Access to Multiple Clusters for more information.
APISERVER=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}')
TOKEN=$(kubectl get secrets -n kube-system -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='antrea-agent')].data.token}"|base64 --decode)
kubectl config --kubeconfig=antrea-agent.kubeconfig set-cluster kubernetes --server=$APISERVER --insecure-skip-tls-verify
kubectl config --kubeconfig=antrea-agent.kubeconfig set-credentials antrea-agent --token=$TOKEN
kubectl config --kubeconfig=antrea-agent.kubeconfig set-context antrea-agent@kubernetes --cluster=kubernetes --user=antrea-agent
kubectl config --kubeconfig=antrea-agent.kubeconfig use-context antrea-agent@kubernetes
  1. Create the kubeconfig file that contains the antrea-controller APIServer endpoint and the token of ServiceAccount created in the above step.
# Change it to the correct endpoint if you are running antrea-controller somewhere else.
ANTREA_APISERVER=https://localhost
TOKEN=$(kubectl get secrets -n kube-system -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='antrea-agent')].data.token}"|base64 --decode)
kubectl config --kubeconfig=antrea-agent.antrea.kubeconfig set-cluster antrea --server=$ANTREA_APISERVER --insecure-skip-tls-verify
kubectl config --kubeconfig=antrea-agent.antrea.kubeconfig set-credentials antrea-agent --token=$TOKEN
kubectl config --kubeconfig=antrea-agent.antrea.kubeconfig set-context antrea-agent@antrea --cluster=antrea --user=antrea-agent
kubectl config --kubeconfig=antrea-agent.antrea.kubeconfig use-context antrea-agent@antrea
  1. Create the antrea-agent config file, see Configuration for details.
cat >antrea-agent.conf <<EOF
clientConnection:
  kubeconfig: antrea-agent.kubeconfig
antreaClientConnection:
  kubeconfig: antrea-agent.antrea.kubeconfig
hostProcPathPrefix: "/"
EOF
  1. Start antrea-agent.
bin/antrea-agent --config antrea-agent.conf

antrea-cni

antrea-cni should be installed on all worker nodes.

  1. Create the cni config file on all worker nodes.
mkdir -p /etc/cni/net.d

cat >/etc/cni/net.d/10-antrea.conf <<EOF
{
  "cniVersion":"0.3.0",
  "name": "antrea",
  "type": "antrea",
  "ipam": {
    "type": "host-local"
  }
}
EOF
  1. Install antrea-cni to /opt/cni/bin/antrea.
cp bin/antrea-cni /opt/cni/bin/antrea