Deploying Antrea on a GKE cluster

We support running Antrea inside of GKE clusters on Ubuntu Node. Antrea would operate in NetworkPolicy only mode, in which no encapsulation is required for any kind of traffic (Intra Node, Inter Node, etc) and NetworkPolicies are enforced using OVS. Antrea is supported on both VPC-native Enable/Disable modes.

GKE Prerequisites

  1. Install the Google Cloud SDK (gcloud). Refer to Google Cloud SDK installation guide

    1. curl https://sdk.cloud.google.com | bash

  2. Make sure you are authenticated to use the Google Cloud API

    1. export ADMIN_USER=user@email.com
    2. gcloud auth login

  3. Create a project or use an existing one

    1. export GKE_PROJECT=gke-clusters
    2. gcloud projects create $GKE_PROJECT

Creating the cluster

You can use any method to create a GKE cluster (gcloud SDK, gcloud Console, etc). The example given here is using the Google Cloud SDK.

Note: Antrea is supported on Ubuntu Nodes only for GKE cluster. Also, it is a must to select service CIDR at the time of cluster deployment.

  1. Create a GKE cluster

    1. export GKE_ZONE="us-west1"
    2. export GKE_HOST="UBUNTU"
    3. export GKE_SERVICE_CIDR="10.94.0.0/16"
    4. gcloud container --project $GKE_PROJECT clusters create cluster1 --image-type $GKE_HOST \
    5.    --zone $GKE_ZONE --enable-ip-alias --services-ipv4-cidr $GKE_SERVICE_CIDR

  2. Access your cluster

    1. kubectl get nodes
    2. NAME                                      STATUS   ROLES    AGE     VERSION
    3. gke-cluster1-default-pool-93d7da1c-61z4   Ready    <none>   3m11s   v1.14.10-gke.17
    4. gke-cluster1-default-pool-93d7da1c-rkbm   Ready    <none>   3m9s    v1.14.10-gke.17

  3. Create a cluster-admin ClusterRoleBinding

    1. kubectl create clusterrolebinding cluster-admin-binding --clusterrole cluster-admin --user user@email.com

    Note: To create clusterRoleBinding, the user must have container.clusterRoleBindings.create permission. Use this command to enable it, if the previous command fails due to permission error. Only cluster Admin can assign this permission.

    1. gcloud projects add-iam-policy-binding $GKE_PROJECT --member user:user@email.com --role roles/container.admin

Deploying Antrea

  1. Prepare the Cluster Nodes

    Deploy antrea-node-init DaemonSet to enable kubelet to operate in CNI mode.

    1. kubectl apply -f https://raw.githubusercontent.com/vmware-tanzu/antrea/master/build/yamls/antrea-gke-node-init.yml

  2. Download and Update Antrea YAML

    Deploy a released version of Antrea from the list of releases. Note that GKE support was added in release 0.5.0, which means you cannot pick a release older than 0.5.0. For any given release <TAG> (e.g. v0.8.2), get the Antrea GKE deployment yaml at:

    1. https://github.com/vmware-tanzu/antrea/releases/download/<TAG>/antrea-gke.yml

    To deploy the latest version of Antrea (built from the master branch) to GKE, get the Antrea GKE deployment yaml at:

    1. https://raw.githubusercontent.com/vmware-tanzu/antrea/master/build/yamls/antrea-gke.yml

    Update serviceCIDR value of antrea-agent.conf in antrea-gke.yml with GKE_SERVICE_CIDR selected at the time of deploying GKE cluster.

  3. Deploy Antrea

    Deploy Antrea using kubectl apply -f antrea-gke.yml. It will deploy a single replica of Antrea controller to the GKE cluster and deploy Antrea agent to every Node. After a successful deployment you should be able to see these Pods running in your cluster:

    1. $ kubectl get pods --namespace kube-system  -l app=antrea -o wide
    2. NAME                                READY   STATUS    RESTARTS   AGE   IP              NODE                                      NOMINATED NODE   READINESS GATES
    3. antrea-agent-24vwr                  2/2     Running   0          46s   10.138.15.209   gke-cluster1-default-pool-93d7da1c-rkbm   <none>           <none>
    4. antrea-agent-7dlcp                  2/2     Running   0          46s   10.138.15.206   gke-cluster1-default-pool-9ba12cea-wjzn   <none>           <none>
    5. antrea-controller-5f9985c59-5crt6   1/1     Running   0          46s   10.138.15.209   gke-cluster1-default-pool-93d7da1c-rkbm   <none>           <none>

  4. Restart remaining Pods

    Once Antrea is up and running, restart all Pods in all Namespaces (kube-system, etc) so they can be managed by Antrea.

    1. $ kubectl delete pods -n kube-system $(kubectl get pods -n kube-system -o custom-columns=NAME:.metadata.name,HOSTNETWORK:.spec.hostNetwork --no-headers=true | grep '<none>' | awk '{ print $1 }')
    2. pod "event-exporter-v0.2.5-7df89f4b8f-cm5r5" deleted
    3. pod "fluentd-gcp-scaler-54ccb89d5-2glmv" deleted
    4. pod "heapster-gke-6dd876579c-fc7xd" deleted
    5. pod "kube-dns-5877696fb4-7cfbc" deleted
    6. pod "kube-dns-5877696fb4-9zdpb" deleted
    7. pod "kube-dns-autoscaler-8687c64fc-h4dtg" deleted
    8. pod "l7-default-backend-8f479dd9-z42mx" deleted
    9. pod "metrics-server-v0.3.1-cf56c77fc-7xgvc" deleted
    10. pod "stackdriver-metadata-agent-cluster-level-6d96ccfd4-5rmwh" deleted