Skip to content

Commit

Permalink
implement network policy for multicast
Browse files Browse the repository at this point in the history 
Signed-off-by: Bin Liu <[email protected]>
  • Loading branch information
@liu4480
liu4480 committed May 5, 2022
1 parent bd8ccd6 commit 3ab626e
Show file tree
Hide file tree
Showing 42 changed files with 2,066 additions and 429 deletions.
18 changes: 18 additions & 0 deletions build/charts/antrea/templates/crds/clusternetworkpolicy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -212,6 +212,7 @@ spec:
type: object
oneOf:
- required: [icmp]
- required: [igmp]
properties:
icmp:
type: object
Expand All @@ -224,6 +225,14 @@ spec:
type: integer
minimum: 0
maximum: 255
igmp:
type: object
properties:
igmpType:
type: string
groupAddress:
type: string
format: cidr
from:
type: array
items:
Expand Down Expand Up @@ -425,6 +434,7 @@ spec:
type: object
oneOf:
- required: [icmp]
- required: [igmp]
properties:
icmp:
type: object
Expand All @@ -437,6 +447,14 @@ spec:
type: integer
minimum: 0
maximum: 255
igmp:
type: object
properties:
igmpType:
type: string
groupAddress:
type: string
format: cidr
to:
type: array
items:
Expand Down
18 changes: 18 additions & 0 deletions build/yamls/antrea-aks.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -963,6 +963,7 @@ spec:
type: object
oneOf:
- required: [icmp]
- required: [igmp]
properties:
icmp:
type: object
Expand All @@ -975,6 +976,14 @@ spec:
type: integer
minimum: 0
maximum: 255
igmp:
type: object
properties:
igmpType:
type: string
groupAddress:
type: string
format: cidr
from:
type: array
items:
Expand Down Expand Up @@ -1176,6 +1185,7 @@ spec:
type: object
oneOf:
- required: [icmp]
- required: [igmp]
properties:
icmp:
type: object
Expand All @@ -1188,6 +1198,14 @@ spec:
type: integer
minimum: 0
maximum: 255
igmp:
type: object
properties:
igmpType:
type: string
groupAddress:
type: string
format: cidr
to:
type: array
items:
Expand Down
18 changes: 18 additions & 0 deletions build/yamls/antrea-eks.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -963,6 +963,7 @@ spec:
type: object
oneOf:
- required: [icmp]
- required: [igmp]
properties:
icmp:
type: object
Expand All @@ -975,6 +976,14 @@ spec:
type: integer
minimum: 0
maximum: 255
igmp:
type: object
properties:
igmpType:
type: string
groupAddress:
type: string
format: cidr
from:
type: array
items:
Expand Down Expand Up @@ -1176,6 +1185,7 @@ spec:
type: object
oneOf:
- required: [icmp]
- required: [igmp]
properties:
icmp:
type: object
Expand All @@ -1188,6 +1198,14 @@ spec:
type: integer
minimum: 0
maximum: 255
igmp:
type: object
properties:
igmpType:
type: string
groupAddress:
type: string
format: cidr
to:
type: array
items:
Expand Down
18 changes: 18 additions & 0 deletions build/yamls/antrea-gke.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -963,6 +963,7 @@ spec:
type: object
oneOf:
- required: [icmp]
- required: [igmp]
properties:
icmp:
type: object
Expand All @@ -975,6 +976,14 @@ spec:
type: integer
minimum: 0
maximum: 255
igmp:
type: object
properties:
igmpType:
type: string
groupAddress:
type: string
format: cidr
from:
type: array
items:
Expand Down Expand Up @@ -1176,6 +1185,7 @@ spec:
type: object
oneOf:
- required: [icmp]
- required: [igmp]
properties:
icmp:
type: object
Expand All @@ -1188,6 +1198,14 @@ spec:
type: integer
minimum: 0
maximum: 255
igmp:
type: object
properties:
igmpType:
type: string
groupAddress:
type: string
format: cidr
to:
type: array
items:
Expand Down
18 changes: 18 additions & 0 deletions build/yamls/antrea-ipsec.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -976,6 +976,7 @@ spec:
type: object
oneOf:
- required: [icmp]
- required: [igmp]
properties:
icmp:
type: object
Expand All @@ -988,6 +989,14 @@ spec:
type: integer
minimum: 0
maximum: 255
igmp:
type: object
properties:
igmpType:
type: string
groupAddress:
type: string
format: cidr
from:
type: array
items:
Expand Down Expand Up @@ -1189,6 +1198,7 @@ spec:
type: object
oneOf:
- required: [icmp]
- required: [igmp]
properties:
icmp:
type: object
Expand All @@ -1201,6 +1211,14 @@ spec:
type: integer
minimum: 0
maximum: 255
igmp:
type: object
properties:
igmpType:
type: string
groupAddress:
type: string
format: cidr
to:
type: array
items:
Expand Down
18 changes: 18 additions & 0 deletions build/yamls/antrea.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -963,6 +963,7 @@ spec:
type: object
oneOf:
- required: [icmp]
- required: [igmp]
properties:
icmp:
type: object
Expand All @@ -975,6 +976,14 @@ spec:
type: integer
minimum: 0
maximum: 255
igmp:
type: object
properties:
igmpType:
type: string
groupAddress:
type: string
format: cidr
from:
type: array
items:
Expand Down Expand Up @@ -1176,6 +1185,7 @@ spec:
type: object
oneOf:
- required: [icmp]
- required: [igmp]
properties:
icmp:
type: object
Expand All @@ -1188,6 +1198,14 @@ spec:
type: integer
minimum: 0
maximum: 255
igmp:
type: object
properties:
igmpType:
type: string
groupAddress:
type: string
format: cidr
to:
type: array
items:
Expand Down
21 changes: 15 additions & 6 deletions cmd/antrea-agent/agent.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -124,14 +124,15 @@ func run(o *Options) error {
ovsDatapathType := ovsconfig.OVSDatapathType(o.config.OVSDatapathType)
ovsBridgeClient := ovsconfig.NewOVSBridge(o.config.OVSBridge, ovsDatapathType, ovsdbConnection)
ovsBridgeMgmtAddr := ofconfig.GetMgmtAddress(o.config.OVSRunDir, o.config.OVSBridge)
multicastEnabled := features.DefaultFeatureGate.Enabled(features.Multicast)
ofClient := openflow.NewClient(o.config.OVSBridge, ovsBridgeMgmtAddr,
features.DefaultFeatureGate.Enabled(features.AntreaProxy),
features.DefaultFeatureGate.Enabled(features.AntreaPolicy),
egressEnabled,
features.DefaultFeatureGate.Enabled(features.FlowExporter),
o.config.AntreaProxy.ProxyAll,
connectUplinkToBridge,
features.DefaultFeatureGate.Enabled(features.Multicast))
multicastEnabled)

_, serviceCIDRNet, _ := net.ParseCIDR(o.config.ServiceCIDR)
var serviceCIDRNetv6 *net.IPNet
Expand Down Expand Up @@ -165,7 +166,7 @@ func run(o *Options) error {
egressConfig := &config.EgressConfig{
ExceptCIDRs: exceptCIDRs,
}
routeClient, err := route.NewClient(networkConfig, o.config.NoSNAT, o.config.AntreaProxy.ProxyAll, connectUplinkToBridge, features.DefaultFeatureGate.Enabled(features.Multicast))
routeClient, err := route.NewClient(networkConfig, o.config.NoSNAT, o.config.AntreaProxy.ProxyAll, connectUplinkToBridge, multicastEnabled)
if err != nil {
return fmt.Errorf("error creating route client: %v", err)
}
Expand Down Expand Up @@ -290,11 +291,13 @@ func run(o *Options) error {
antreaPolicyEnabled,
antreaProxyEnabled,
statusManagerEnabled,
multicastEnabled,
loggingEnabled,
asyncRuleDeleteInterval,
o.config.DNSServerOverride,
v4Enabled,
v6Enabled)
v6Enabled,
)
if err != nil {
return fmt.Errorf("error creating new NetworkPolicy controller: %v", err)
}
Expand Down Expand Up @@ -479,7 +482,6 @@ func run(o *Options) error {
go nodeRouteController.Run(stopCh)

go networkPolicyController.Run(stopCh)

// Initialize the NPL agent.
if enableNodePortLocal {
nplController, err := npl.InitializeNPLAgent(
Expand All @@ -505,6 +507,10 @@ func run(o *Options) error {
}
go ipamController.Run(stopCh)
}
// Start the localPodInformer
if localPodInformer != nil {
go localPodInformer.Run(stopCh)
}

if features.DefaultFeatureGate.Enabled(features.SecondaryNetwork) {
// Create the NetworkAttachmentDefinition client, which handles access to secondary network object definition from the API Server.
Expand Down Expand Up @@ -570,11 +576,12 @@ func run(o *Options) error {
}
}

if features.DefaultFeatureGate.Enabled(features.Multicast) {
if multicastEnabled {
multicastSocket, err := multicast.CreateMulticastSocket()
if err != nil {
return fmt.Errorf("failed to create multicast socket")
}
mcastValidator := networkPolicyController.GetMcastValidator()
mcastController := multicast.NewMulticastController(
ofClient,
v4GroupIDAllocator,
Expand All @@ -583,7 +590,9 @@ func run(o *Options) error {
multicastSocket,
sets.NewString(append(o.config.MulticastInterfaces, nodeConfig.NodeTransportInterfaceName)...),
ovsBridgeClient,
podUpdateChannel)
podUpdateChannel,
mcastValidator,
features.DefaultFeatureGate.Enabled(features.AntreaPolicy))
if err := mcastController.Initialize(); err != nil {
return err
}
Expand Down
Loading

0 comments on commit 3ab626e

Please sign in to comment.