Skip to content

Commit

Permalink
Add EgressGroup API and Controller
Browse files Browse the repository at this point in the history
  • Loading branch information
tnqn committed Mar 25, 2021
1 parent 6a2c522 commit 8d715b1
Show file tree
Hide file tree
Showing 30 changed files with 2,458 additions and 147 deletions.
32 changes: 32 additions & 0 deletions build/yamls/antrea-aks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -306,6 +306,30 @@ spec:
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
app: antrea
name: egresses.egress.antrea.tanzu.vmware.com
spec:
group: egress.antrea.tanzu.vmware.com
names:
kind: Egress
plural: egresses
shortNames:
- eg
singular: egress
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
app: antrea
Expand Down Expand Up @@ -1258,6 +1282,14 @@ rules:
- get
- watch
- list
- apiGroups:
- egress.antrea.tanzu.vmware.com
resources:
- egresses
verbs:
- get
- watch
- list
- apiGroups:
- core.antrea.tanzu.vmware.com
resources:
Expand Down
32 changes: 32 additions & 0 deletions build/yamls/antrea-eks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -306,6 +306,30 @@ spec:
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
app: antrea
name: egresses.egress.antrea.tanzu.vmware.com
spec:
group: egress.antrea.tanzu.vmware.com
names:
kind: Egress
plural: egresses
shortNames:
- eg
singular: egress
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
app: antrea
Expand Down Expand Up @@ -1258,6 +1282,14 @@ rules:
- get
- watch
- list
- apiGroups:
- egress.antrea.tanzu.vmware.com
resources:
- egresses
verbs:
- get
- watch
- list
- apiGroups:
- core.antrea.tanzu.vmware.com
resources:
Expand Down
32 changes: 32 additions & 0 deletions build/yamls/antrea-gke.yml
Original file line number Diff line number Diff line change
Expand Up @@ -306,6 +306,30 @@ spec:
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
app: antrea
name: egresses.egress.antrea.tanzu.vmware.com
spec:
group: egress.antrea.tanzu.vmware.com
names:
kind: Egress
plural: egresses
shortNames:
- eg
singular: egress
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
app: antrea
Expand Down Expand Up @@ -1258,6 +1282,14 @@ rules:
- get
- watch
- list
- apiGroups:
- egress.antrea.tanzu.vmware.com
resources:
- egresses
verbs:
- get
- watch
- list
- apiGroups:
- core.antrea.tanzu.vmware.com
resources:
Expand Down
32 changes: 32 additions & 0 deletions build/yamls/antrea-ipsec.yml
Original file line number Diff line number Diff line change
Expand Up @@ -306,6 +306,30 @@ spec:
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
app: antrea
name: egresses.egress.antrea.tanzu.vmware.com
spec:
group: egress.antrea.tanzu.vmware.com
names:
kind: Egress
plural: egresses
shortNames:
- eg
singular: egress
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
app: antrea
Expand Down Expand Up @@ -1258,6 +1282,14 @@ rules:
- get
- watch
- list
- apiGroups:
- egress.antrea.tanzu.vmware.com
resources:
- egresses
verbs:
- get
- watch
- list
- apiGroups:
- core.antrea.tanzu.vmware.com
resources:
Expand Down
32 changes: 32 additions & 0 deletions build/yamls/antrea.yml
Original file line number Diff line number Diff line change
Expand Up @@ -306,6 +306,30 @@ spec:
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
app: antrea
name: egresses.egress.antrea.tanzu.vmware.com
spec:
group: egress.antrea.tanzu.vmware.com
names:
kind: Egress
plural: egresses
shortNames:
- eg
singular: egress
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
app: antrea
Expand Down Expand Up @@ -1258,6 +1282,14 @@ rules:
- get
- watch
- list
- apiGroups:
- egress.antrea.tanzu.vmware.com
resources:
- egresses
verbs:
- get
- watch
- list
- apiGroups:
- core.antrea.tanzu.vmware.com
resources:
Expand Down
8 changes: 8 additions & 0 deletions build/yamls/base/controller-rbac.yml
Original file line number Diff line number Diff line change
Expand Up @@ -156,6 +156,14 @@ rules:
- get
- watch
- list
- apiGroups:
- egress.antrea.tanzu.vmware.com
resources:
- egresses
verbs:
- get
- watch
- list
- apiGroups:
- core.antrea.tanzu.vmware.com
resources:
Expand Down
22 changes: 22 additions & 0 deletions build/yamls/base/crds.yml
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,28 @@ spec:
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: egresses.egress.antrea.tanzu.vmware.com
spec:
group: egress.antrea.tanzu.vmware.com
versions:
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
scope: Cluster
names:
plural: egresses
singular: egress
kind: Egress
shortNames:
- eg
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: traceflows.ops.antrea.tanzu.vmware.com
spec:
Expand Down
11 changes: 11 additions & 0 deletions cmd/antrea-controller/controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,8 @@ import (
"github.com/vmware-tanzu/antrea/pkg/apiserver/storage"
crdinformers "github.com/vmware-tanzu/antrea/pkg/client/informers/externalversions"
"github.com/vmware-tanzu/antrea/pkg/clusteridentity"
"github.com/vmware-tanzu/antrea/pkg/controller/egress"
egressstore "github.com/vmware-tanzu/antrea/pkg/controller/egress/store"
"github.com/vmware-tanzu/antrea/pkg/controller/grouping"
"github.com/vmware-tanzu/antrea/pkg/controller/metrics"
"github.com/vmware-tanzu/antrea/pkg/controller/networkpolicy"
Expand Down Expand Up @@ -108,6 +110,7 @@ func run(o *Options) error {
tierInformer := crdInformerFactory.Security().V1alpha1().Tiers()
traceflowInformer := crdInformerFactory.Ops().V1alpha1().Traceflows()
cgInformer := crdInformerFactory.Core().V1alpha2().ClusterGroups()
egressInformer := crdInformerFactory.Egress().V1alpha1().Egresses()

clusterIdentityAllocator := clusteridentity.NewClusterIdentityAllocator(
env.GetAntreaNamespace(),
Expand All @@ -119,6 +122,7 @@ func run(o *Options) error {
addressGroupStore := store.NewAddressGroupStore()
appliedToGroupStore := store.NewAppliedToGroupStore()
networkPolicyStore := store.NewNetworkPolicyStore()
egressGroupStore := egressstore.NewEgressGroupStore()
groupStore := store.NewGroupStore()
groupEntityIndex := grouping.NewGroupEntityIndex()
groupEntityController := grouping.NewGroupEntityController(groupEntityIndex, podInformer, namespaceInformer, externalEntityInformer)
Expand Down Expand Up @@ -148,6 +152,8 @@ func run(o *Options) error {

controllerMonitor := monitor.NewControllerMonitor(crdClient, nodeInformer, controllerQuerier)

egressController := egress.NewEgressGroupController(groupEntityIndex, egressInformer, egressGroupStore)

var traceflowController *traceflow.Controller
if features.DefaultFeatureGate.Enabled(features.Traceflow) {
traceflowController = traceflow.NewTraceflowController(crdClient, podInformer, traceflowInformer)
Expand All @@ -174,6 +180,7 @@ func run(o *Options) error {
appliedToGroupStore,
networkPolicyStore,
groupStore,
egressGroupStore,
controllerQuerier,
endpointQuerier,
networkPolicyController,
Expand Down Expand Up @@ -213,6 +220,8 @@ func run(o *Options) error {

go networkPolicyController.Run(stopCh)

go egressController.Run(stopCh)

go apiServer.Run(stopCh)

if features.DefaultFeatureGate.Enabled(features.NetworkPolicyStats) {
Expand Down Expand Up @@ -245,6 +254,7 @@ func createAPIServerConfig(kubeconfig string,
appliedToGroupStore storage.Interface,
networkPolicyStore storage.Interface,
groupStore storage.Interface,
egressGroupStore storage.Interface,
controllerQuerier querier.ControllerQuerier,
endpointQuerier networkpolicy.EndpointQuerier,
npController *networkpolicy.NetworkPolicyController,
Expand Down Expand Up @@ -302,6 +312,7 @@ func createAPIServerConfig(kubeconfig string,
appliedToGroupStore,
networkPolicyStore,
groupStore,
egressGroupStore,
caCertController,
statsAggregator,
controllerQuerier,
Expand Down
3 changes: 3 additions & 0 deletions pkg/apis/controlplane/register.go
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,9 @@ func addKnownTypes(scheme *runtime.Scheme) error {
&NodeStatsSummary{},
&ClusterGroupMembers{},
&GroupAssociation{},
&EgressGroup{},
&EgressGroupPatch{},
&EgressGroupList{},
)
return nil
}
25 changes: 25 additions & 0 deletions pkg/apis/controlplane/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -330,3 +330,28 @@ type GroupAssociation struct {
// Pod/ExternalEntity being queried.
AssociatedGroups []GroupReference
}

// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type EgressGroup struct {
metav1.TypeMeta
metav1.ObjectMeta
// GroupMembers is a list of GroupMember selected by this group.
GroupMembers []GroupMember
}

// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// EgressGroupPatch describes the incremental update of an EgressGroup.
type EgressGroupPatch struct {
metav1.TypeMeta
metav1.ObjectMeta
AddedGroupMembers []GroupMember
RemovedGroupMembers []GroupMember
}

// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// EgressGroupList is a list of EgressGroup objects.
type EgressGroupList struct {
metav1.TypeMeta
metav1.ListMeta
Items []EgressGroup
}
2 changes: 1 addition & 1 deletion pkg/apis/controlplane/v1beta1/conversion.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ func init() {

// addConversionFuncs adds non-generated conversion functions to the given scheme.
func addConversionFuncs(scheme *runtime.Scheme) error {
for _, kind := range []string{"AppliedToGroup", "AddressGroup", "NetworkPolicy"} {
for _, kind := range []string{"AppliedToGroup", "AddressGroup", "NetworkPolicy", "EgressGroup"} {
err := scheme.AddFieldLabelConversionFunc(SchemeGroupVersion.WithKind(kind),
func(label, value string) (string, string, error) {
switch label {
Expand Down
Loading

0 comments on commit 8d715b1

Please sign in to comment.