Add egress policy CRD types

Add types for egress policy CRDs, including Egress for the egress
policy definition, and a common AppliedTo struct for defining the scope
to which a policy is applied.

hack/update-codegen-dockerized.sh

@@ -33,10 +33,11 @@ $GOPATH/bin/client-gen \
   --input "controlplane/v1beta1" \
   --input "controlplane/v1beta2" \
   --input "system/v1beta1" \
-  --input "security/v1alpha1" \
   --input "core/v1alpha2" \
+  --input "security/v1alpha1" \
   --input "ops/v1alpha1" \
   --input "stats/v1alpha1" \
+  --input "egress/v1alpha1" \
   --output-package "${ANTREA_PKG}/pkg/client/clientset" \
   --plural-exceptions "NetworkPolicyStats:NetworkPolicyStats" \
   --plural-exceptions "AntreaNetworkPolicyStats:AntreaNetworkPolicyStats" \
@@ -45,17 +46,21 @@ $GOPATH/bin/client-gen \
 
 # Generate listers with K8s codegen tools.
 $GOPATH/bin/lister-gen \
-  --input-dirs "${ANTREA_PKG}/pkg/apis/security/v1alpha1,${ANTREA_PKG}/pkg/apis/core/v1alpha2" \
+  --input-dirs "${ANTREA_PKG}/pkg/apis/core/v1alpha2" \
+  --input-dirs "${ANTREA_PKG}/pkg/apis/security/v1alpha1" \
   --input-dirs "${ANTREA_PKG}/pkg/apis/ops/v1alpha1" \
   --input-dirs "${ANTREA_PKG}/pkg/apis/clusterinformation/v1beta1" \
+  --input-dirs "${ANTREA_PKG}/pkg/apis/egress/v1alpha1" \
   --output-package "${ANTREA_PKG}/pkg/client/listers" \
   --go-header-file hack/boilerplate/license_header.go.txt
 
 # Generate informers with K8s codegen tools.
 $GOPATH/bin/informer-gen \
-  --input-dirs "${ANTREA_PKG}/pkg/apis/security/v1alpha1,${ANTREA_PKG}/pkg/apis/core/v1alpha2" \
+  --input-dirs "${ANTREA_PKG}/pkg/apis/core/v1alpha2" \
+  --input-dirs "${ANTREA_PKG}/pkg/apis/security/v1alpha1" \
   --input-dirs "${ANTREA_PKG}/pkg/apis/ops/v1alpha1" \
   --input-dirs "${ANTREA_PKG}/pkg/apis/clusterinformation/v1beta1" \
+  --input-dirs "${ANTREA_PKG}/pkg/apis/egress/v1alpha1" \
   --versioned-clientset-package "${ANTREA_PKG}/pkg/client/clientset/versioned" \
   --listers-package "${ANTREA_PKG}/pkg/client/listers" \
   --output-package "${ANTREA_PKG}/pkg/client/informers" \
@@ -67,11 +72,12 @@ $GOPATH/bin/deepcopy-gen \
   --input-dirs "${ANTREA_PKG}/pkg/apis/controlplane/v1beta1" \
   --input-dirs "${ANTREA_PKG}/pkg/apis/controlplane/v1beta2" \
   --input-dirs "${ANTREA_PKG}/pkg/apis/system/v1beta1" \
-  --input-dirs "${ANTREA_PKG}/pkg/apis/security/v1alpha1" \
   --input-dirs "${ANTREA_PKG}/pkg/apis/core/v1alpha2" \
+  --input-dirs "${ANTREA_PKG}/pkg/apis/security/v1alpha1" \
   --input-dirs "${ANTREA_PKG}/pkg/apis/ops/v1alpha1" \
   --input-dirs "${ANTREA_PKG}/pkg/apis/stats" \
   --input-dirs "${ANTREA_PKG}/pkg/apis/stats/v1alpha1" \
+  --input-dirs "${ANTREA_PKG}/pkg/apis/egress/v1alpha1" \
   -O zz_generated.deepcopy \
   --go-header-file hack/boilerplate/license_header.go.txt
 

pkg/apis/core/v1alpha2/types.go

@@ -155,3 +155,20 @@ type ClusterGroupList struct {
 
 	Items []ClusterGroup `json:"items,omitempty"`
 }
+
+// AppliedTo selects the entities to which a policy is applied.
+type AppliedTo struct {
+	// Select Pods matched by this selector. If set with NamespaceSelector,
+	// Pods are matched from Namespaces matched by the NamespaceSelector;
+	// otherwise, Pods are matched from all Namespaces.
+	// +optional
+	PodSelector *metav1.LabelSelector `json:"podSelector,omitempty"`
+	// Select all Pods from Namespaces matched by this selector. If set with
+	// PodSelector, Pods are matched from Namespaces matched by the
+	// NamespaceSelector.
+	// +optional
+	NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"`
+	// Groups is the set of ClusterGroup names.
+	// +optional
+	Groups []string `json:"groups,omitempty"`
+}

pkg/apis/egress/doc.go

@@ -0,0 +1,18 @@
+// Copyright 2021 Antrea Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// +k8s:deepcopy-gen=package
+// +groupName=egress.antrea.tanzu.vmware.com
+
+package egress

pkg/apis/egress/register.go

@@ -0,0 +1,20 @@
+// Copyright 2021 Antrea Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package egress
+
+// GroupName is the group name used in this package
+const (
+	GroupName = "egress.antrea.tanzu.vmware.com"
+)

pkg/apis/egress/v1alpha1/doc.go

@@ -0,0 +1,19 @@
+// Copyright 2021 Antrea Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// +k8s:openapi-gen=true
+// +k8s:deepcopy-gen=package
+// +groupName=egress.antrea.tanzu.vmware.com
+
+package v1alpha1 // import "github.com/vmware-tanzu/antrea/pkg/apis/egress/v1alpha1"

pkg/apis/egress/v1alpha1/register.go

@@ -0,0 +1,53 @@
+// Copyright 2021 Antrea Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+// GroupName is the group name used in this package.
+const GroupName = "egress.antrea.tanzu.vmware.com"
+
+// SchemeGroupVersion is group version used to register these objects.
+var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
+
+// Kind takes an unqualified kind and returns back a Group qualified GroupKind
+func Kind(kind string) schema.GroupKind {
+	return SchemeGroupVersion.WithKind(kind).GroupKind()
+}
+
+// Resource takes an unqualified resource and returns a Group qualified GroupResource.
+func Resource(resource string) schema.GroupResource {
+	return SchemeGroupVersion.WithResource(resource).GroupResource()
+}
+
+var (
+	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
+	AddToScheme   = SchemeBuilder.AddToScheme
+)
+
+// Adds the list of known types to the given scheme.
+func addKnownTypes(scheme *runtime.Scheme) error {
+	scheme.AddKnownTypes(SchemeGroupVersion,
+		&Egress{},
+		&EgressList{},
+	)
+
+	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
+	return nil
+}

pkg/apis/egress/v1alpha1/types.go

@@ -0,0 +1,55 @@
+// Copyright 2021 Antrea Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	antreacore "github.com/vmware-tanzu/antrea/pkg/apis/core/v1alpha2"
+)
+
+// +genclient
+// +genclient:noStatus
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// Egress defines which egress (SNAT) IP the traffic from the selected Pods to
+// the external network should use.
+type Egress struct {
+	metav1.TypeMeta `json:",inline"`
+	// Standard metadata of the object.
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// Specification of the desired behavior of Egress.
+	Spec EgressSpec `json:"spec"`
+}
+
+// EgressSpec defines the desired state for Egress.
+type EgressSpec struct {
+	// AppliedTo selects Pods to which the Egress will be applied.
+	// +optional
+	AppliedTo *antreacore.AppliedTo `json:"appliedTo,omitempty"`
+	// EgressIP specifies the SNAT IP address for the selected workloads.
+	EgressIP string `json:"egressIP"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+type EgressList struct {
+	metav1.TypeMeta `json:",inline"`
+	// +optional
+	metav1.ListMeta `json:"metadata,omitempty"`
+
+	Items []Egress `json:"items"`
+}