Use Helm to generate Antrea Windows manifests (#6360)

Instead of Kustomize. This matches what we do for the Linux manifests.
This change is only for manifest generation. We are not currently exposing
the Helm chart to users. This could be done at a later time.

Fixes #5564

Signed-off-by: Shikhar Soni <[email protected]>

Makefile

@@ -421,7 +421,6 @@ manifest:
 	$(CURDIR)/hack/generate-standard-manifests.sh --mode dev --out build/yamls
 	$(CURDIR)/hack/generate-manifest-windows.sh --mode dev > build/yamls/antrea-windows.yml
 	$(CURDIR)/hack/generate-manifest-windows.sh --mode dev --include-ovs > build/yamls/antrea-windows-with-ovs.yml
-	$(CURDIR)/hack/update-checksum-windows.sh
 	$(CURDIR)/hack/generate-manifest-flow-aggregator.sh --mode dev > build/yamls/flow-aggregator.yml
 
 .PHONY: manifest-scale

build/charts/antrea-windows/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

build/charts/antrea-windows/Chart.yaml

@@ -0,0 +1,25 @@
+apiVersion: v2
+name: antrea-windows
+type: application
+displayName: Antrea
+home: https://antrea.io/
+version: 0.0.0
+appVersion: latest
+kubeVersion: ">= 1.22.0-0"
+icon: https://raw.githubusercontent.com/antrea-io/antrea/main/docs/assets/logo/antrea_logo.svg
+description: Kubernetes networking based on Open vSwitch for Windows Nodes
+keywords:
+  - Kubernetes
+  - CNCF
+  - Networking
+  - CNI
+  - Security
+  - Open vSwitch
+  - OVS
+  - Windows
+sources:
+  - https://github.com/antrea-io/antrea
+annotations:
+  artifacthub.io/license: Apache-2.0
+  artifacthub.io/operator: "false"
+  artifacthub.io/prerelease: "false"

build/charts/antrea-windows/README.md

@@ -0,0 +1,25 @@
+# antrea-windows
+
+![Version: 0.0.0](https://img.shields.io/badge/Version-0.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square)
+
+Kubernetes networking based on Open vSwitch for Windows Nodes
+
+**Homepage:** <https://antrea.io/>
+
+## Source Code
+
+* <https://github.com/antrea-io/antrea>
+
+## Requirements
+
+Kubernetes: `>= 1.22.0-0`
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| image | object | `{"repository":"antrea/antrea-windows","tag":"latest"}` | Container image used for Antrea Windows Nodes |
+| includeOVS | bool | `true` | Enable running Windows OVS processes inside antrea-ovs container in antrea-agent Pod |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.7.0](https://github.com/norwoodj/helm-docs/releases/v1.7.0)

build/charts/antrea-windows/templates/configmaps/antrea-agent-windows.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+data:
+    {{- tpl ((.Files.Glob "conf/Install-WindowsCNI.ps1").AsConfig) . | nindent 2 | replace "  \n" "\n" }}
+    {{- tpl ((.Files.Glob "conf/Run-AntreaAgent.ps1").AsConfig) . | nindent 2 | replace "  \n" "\n" }}
+    {{- if .Values.includeOVS }}
+    {{- tpl ((.Files.Glob "conf/ovs/Install-OVSDriver.ps1").AsConfig) . | nindent 2 | replace "  \n" "\n" }}
+    {{- tpl ((.Files.Glob "conf/ovs/Run-AntreaOVS.ps1").AsConfig) . | nindent 2 | replace "  \n" "\n" }}
+    {{- tpl ((.Files.Glob "conf/ovs/VMSwitchExtension-AntreaAgent.ps1").AsConfig) . | nindent 2 | replace "  \n" "\n" }}
+    {{- end }}
+kind: ConfigMap
+metadata:
+  labels:
+    app: antrea
+  name: antrea-agent-windows
+  namespace: kube-system

build/charts/antrea-windows/templates/configmaps/antrea-windows-config.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+data:
+    {{- tpl ((.Files.Glob "conf/antrea-agent.conf").AsConfig) . | nindent 2 | replace "  \n" "\n" }}
+    {{- tpl ((.Files.Glob "conf/antrea-cni.conflist").AsConfig) . | nindent 2 | replace "  \n" "\n" }}
+kind: ConfigMap
+metadata:
+  labels:
+    app: antrea
+  name: antrea-windows-config
+  namespace: kube-system

build/charts/antrea-windows/templates/daemonset.yaml

@@ -0,0 +1,143 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  labels:
+    app: antrea
+    component: antrea-agent
+  name: antrea-agent-windows
+  namespace: kube-system
+spec:
+  selector:
+    matchLabels:
+      app: antrea
+      component: antrea-agent
+  template:
+    metadata:
+      annotations:
+        checksum/agent-windows: {{ include (print $.Template.BasePath "/configmaps/antrea-agent-windows.yaml") . | sha256sum }}
+        checksum/windows-config: {{ include (print $.Template.BasePath "/configmaps/antrea-windows-config.yaml") . | sha256sum }}
+        microsoft.com/hostprocess-inherit-user: "true"
+      labels:
+        app: antrea
+        component: antrea-agent
+    spec:
+      containers:
+      - args:
+        - -file
+        - $env:CONTAINER_SANDBOX_MOUNT_POINT/var/lib/antrea-windows/Run-AntreaAgent.ps1
+        command:
+        - powershell
+        env:
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: NODE_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+        imagePullPolicy: IfNotPresent
+        {{- if .Values.includeOVS }}
+        lifecycle:
+          postStart:
+            exec:
+              command:
+              - powershell
+              - -file
+              - $env:CONTAINER_SANDBOX_MOUNT_POINT/var/lib/antrea-windows/VMSwitchExtension-AntreaAgent.ps1
+              - -VMSwitchExtension
+              - enable
+          preStop:
+            exec:
+              command:
+              - powershell
+              - -file
+              - $env:CONTAINER_SANDBOX_MOUNT_POINT/var/lib/antrea-windows/VMSwitchExtension-AntreaAgent.ps1
+              - -VMSwitchExtension
+              - disable
+        {{- end}}
+        name: antrea-agent
+        volumeMounts:
+        - mountPath: /etc/antrea
+          name: antrea-windows-config
+        - mountPath: /var/lib/antrea-windows
+          name: antrea-agent-windows
+        - mountPath: /var/log/antrea/
+          name: var-log-antrea
+      {{- if .Values.includeOVS }}
+      - args:
+        - -file
+        - $env:CONTAINER_SANDBOX_MOUNT_POINT/var/lib/antrea-windows/Run-AntreaOVS.ps1
+        command:
+        - powershell
+        image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+        imagePullPolicy: IfNotPresent
+        name: antrea-ovs
+        volumeMounts:
+        - mountPath: /var/lib/antrea-windows
+          name: antrea-agent-windows
+        - mountPath: /var/log/openvswitch
+          name: var-log-antrea
+          subPath: openvswitch
+      {{- end}}
+      hostNetwork: true
+      initContainers:
+      - args:
+        - -file
+        - $env:CONTAINER_SANDBOX_MOUNT_POINT/var/lib/antrea-windows/Install-WindowsCNI.ps1
+        command:
+        - powershell
+        image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+        imagePullPolicy: IfNotPresent
+        name: install-cni
+        volumeMounts:
+        - mountPath: /etc/antrea
+          name: antrea-windows-config
+          readOnly: true
+        - mountPath: /var/lib/antrea-windows
+          name: antrea-agent-windows
+      {{- if .Values.includeOVS }}
+      - args:
+        - -file
+        - $env:CONTAINER_SANDBOX_MOUNT_POINT/var/lib/antrea-windows/Install-OVSDriver.ps1
+        command:
+        - powershell
+        image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+        imagePullPolicy: IfNotPresent
+        name: install-ovs-driver
+        volumeMounts:
+        - mountPath: /var/lib/antrea-windows
+          name: antrea-agent-windows
+      {{- end }}
+      nodeSelector:
+        kubernetes.io/os: windows
+      priorityClassName: system-node-critical
+      securityContext:
+        windowsOptions:
+          hostProcess: true
+          runAsUserName: NT AUTHORITY\SYSTEM
+      serviceAccountName: antrea-agent
+      tolerations:
+      - key: CriticalAddonsOnly
+        operator: Exists
+      - effect: NoSchedule
+        operator: Exists
+      volumes:
+      - configMap:
+          name: antrea-windows-config
+        name: antrea-windows-config
+      - configMap:
+          defaultMode: 420
+          name: antrea-agent-windows
+        name: antrea-agent-windows
+      - hostPath:
+          path: /var/log/antrea/
+          type: DirectoryOrCreate
+        name: var-log-antrea
+  updateStrategy:
+    type: RollingUpdate

build/charts/antrea-windows/values.yaml

@@ -0,0 +1,7 @@
+# -- Container image used for Antrea Windows Nodes
+image:
+  repository: "antrea/antrea-windows"
+  tag: "latest"
+
+# -- Enable running Windows OVS processes inside antrea-ovs container in antrea-agent Pod
+includeOVS: true

build/yamls/antrea-windows-with-ovs.yml

@@ -1,43 +1,7 @@
+---
+# Source: antrea-windows/templates/configmaps/antrea-agent-windows.yaml
 apiVersion: v1
 data:
-  Install-OVSDriver.ps1: |
-    $ErrorActionPreference = "Stop"
-    $mountPath = $env:CONTAINER_SANDBOX_MOUNT_POINT
-    $mountPath = ($mountPath.Replace('\', '/')).TrimEnd('/')
-    $OVSDriverDir = "$mountPath\openvswitch\driver"
-
-    # Check if OVSExt driver is already installed
-    $driverStatus = netcfg -q ovsext
-    if ($driverStatus -like '*not installed*') {
-      # Install OVS Driver
-      $result = netcfg -l $OVSDriverDir/ovsext.inf -c s -i OVSExt
-      if ($result -like '*failed*') {
-        Write-Host "Failed to install OVSExt driver: $result"
-        exit 1
-      }
-      Write-Host "OVSExt driver has been installed"
-    }
-
-    # Check if the VC redistributable is already installed.
-    $OVSRedistDir="$mountPath\openvswitch\redist"
-    if (Test-Path $OVSRedistDir) {
-      $dllFound = $false
-      $paths = $env:PATH -split ';'
-      foreach ($path in $paths) {
-        $dllFiles = Get-ChildItem -Path $path -Filter "vcruntime*.dll" -File -ErrorAction SilentlyContinue
-        if ($dllFiles.Count -gt 0) {
-          $dllFound = $true
-          break
-        }
-      }
-
-      # vcruntime dlls are not installed on the host, then install the binaries.
-      if (-not $dllFound) {
-        Get-ChildItem $OVSRedistDir -Filter *.exe | ForEach-Object {
-          Start-Process -FilePath $_.FullName -Args '/install /passive /norestart' -Verb RunAs -Wait
-        }
-      }
-    }
   Install-WindowsCNI.ps1: |
     $ErrorActionPreference = "Stop";
     mkdir -force c:/var/log/antrea
@@ -78,6 +42,44 @@ data:
     $mountPath =  ($mountPath.Replace('\', '/')).TrimEnd('/')
     $env:PATH = $env:PATH + ";$mountPath/Windows/System32;$mountPath/k/antrea/bin;$mountPath/openvswitch/usr/bin;$mountPath/openvswitch/usr/sbin"
     & antrea-agent --config=$mountPath/etc/antrea/antrea-agent.conf --logtostderr=false --log_dir=c:/var/log/antrea --alsologtostderr --log_file_max_size=100 --log_file_max_num=4 --v=0
+  Install-OVSDriver.ps1: |
+    $ErrorActionPreference = "Stop"
+    $mountPath = $env:CONTAINER_SANDBOX_MOUNT_POINT
+    $mountPath = ($mountPath.Replace('\', '/')).TrimEnd('/')
+    $OVSDriverDir = "$mountPath\openvswitch\driver"
+
+    # Check if OVSExt driver is already installed
+    $driverStatus = netcfg -q ovsext
+    if ($driverStatus -like '*not installed*') {
+      # Install OVS Driver
+      $result = netcfg -l $OVSDriverDir/ovsext.inf -c s -i OVSExt
+      if ($result -like '*failed*') {
+        Write-Host "Failed to install OVSExt driver: $result"
+        exit 1
+      }
+      Write-Host "OVSExt driver has been installed"
+    }
+
+    # Check if the VC redistributable is already installed.
+    $OVSRedistDir="$mountPath\openvswitch\redist"
+    if (Test-Path $OVSRedistDir) {
+      $dllFound = $false
+      $paths = $env:PATH -split ';'
+      foreach ($path in $paths) {
+        $dllFiles = Get-ChildItem -Path $path -Filter "vcruntime*.dll" -File -ErrorAction SilentlyContinue
+        if ($dllFiles.Count -gt 0) {
+          $dllFound = $true
+          break
+        }
+      }
+
+      # vcruntime dlls are not installed on the host, then install the binaries.
+      if (-not $dllFound) {
+        Get-ChildItem $OVSRedistDir -Filter *.exe | ForEach-Object {
+          Start-Process -FilePath $_.FullName -Args '/install /passive /norestart' -Verb RunAs -Wait
+        }
+      }
+    }
   Run-AntreaOVS.ps1: |
     $ErrorActionPreference = "Stop"
     $mountPath = $env:CONTAINER_SANDBOX_MOUNT_POINT
@@ -142,6 +144,7 @@ metadata:
   name: antrea-agent-windows
   namespace: kube-system
 ---
+# Source: antrea-windows/templates/configmaps/antrea-windows-config.yaml
 apiVersion: v1
 data:
   antrea-agent.conf: |
@@ -308,6 +311,7 @@ metadata:
   name: antrea-windows-config
   namespace: kube-system
 ---
+# Source: antrea-windows/templates/daemonset.yaml
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
@@ -324,8 +328,8 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/agent-windows: da4b49898e3181dfcb6359f2b2acba452c2ff9a17af8342b6cccb73e8857aad6
-        checksum/windows-config: 6ff4f8bd0b310ebe4d4612bdd9697ffb3d79e0e0eab3936420417dd5a8fc128d
+        checksum/agent-windows: 5efe6525007ef87c58914b37d190f84bc93b8cf081d204979dffce0859ee2da3
+        checksum/windows-config: 10ad2be0a04b1752abc224fed0124f7b1da36efc5e7323e193eb38e11b25e798
         microsoft.com/hostprocess-inherit-user: "true"
       labels:
         app: antrea