Skip to content

Commit

Permalink
Add TrafficControl API
Browse files Browse the repository at this point in the history 
TrafficControl is a feature which allows mirroring or redirecting the
traffic Pods send or receive. It enables users to monitor and analyze
Pod traffic, and to enforce custom network protections for Pods with
fine-grained control over network traffic.

This patch adds types and CRD for TrafficControl API.

Examples:

1. Mirror Pods (web=app) ingress traffic to a VXLAN tunnel
```
apiVersion: crd.antrea.io/v1alpha2
kind: TrafficControl
metadata:
  name: mirror-web-app
spec:
  appliedTo:
    podSelector:
      matchLabels:
        app: web
  direction: Ingress
  action: Mirror
  targetPort:
    name: vxlan0
    type: VXLAN
    tunnelConfig:
      remoteIP: 1.1.1.1
```

2. Redirect Pods (web=app) traffic in both direction to OVS internal
port firewall0 and expect the traffic to re-enter OVS via another OVS
internal port firewall1 if they are not dropped.
```
apiVersion: crd.antrea.io/v1alpha2
kind: TrafficControl
metadata:
  name: redirect
spec:
  appliedTo:
    podSelector:
      matchLabels:
        role: web
  direction: Ingress
  action: Redirect
  targetPort:
    name: firewall0
    type: Internal
  returnPort:
    name: firewall1
    type: Internal
```

For #3324

Signed-off-by: Quan Tian <[email protected]>
  • Loading branch information
@tnqn
tnqn committed Apr 18, 2022
1 parent ba8210c commit f77f879
Show file tree
Hide file tree
Showing 19 changed files with 1,958 additions and 6 deletions.
204 changes: 204 additions & 0 deletions build/yamls/antrea-aks.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2055,6 +2055,210 @@ spec:
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
app: antrea
name: trafficcontrols.crd.antrea.io
spec:
group: crd.antrea.io
names:
kind: TrafficControl
plural: trafficcontrols
shortNames:
- tc
singular: trafficcontrol
scope: Cluster
versions:
- additionalPrinterColumns:
- description: Specifies the direction of traffic that should be matched.
jsonPath: .spec.direction
name: Direction
type: string
- description: Specifies the action that should be taken for the traffic.
jsonPath: .spec.action
name: Action
type: string
- description: Specifies the port to which the traffic should be redirected or
mirrored.
jsonPath: .spec.targetPort.name
name: TargetPort
type: string
- description: Specifies the port from which the the traffic will be sent back
to OVS.
jsonPath: .spec.returnPort.name
name: ReturnPort
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha2
schema:
openAPIV3Schema:
properties:
spec:
properties:
action:
enum:
- Mirror
- Redirect
type: string
appliedTo:
properties:
namespaceSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
enum:
- In
- NotIn
- Exists
- DoesNotExist
type: string
values:
items:
pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$
type: string
type: array
type: object
type: array
matchLabels:
x-kubernetes-preserve-unknown-fields: true
type: object
podSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
enum:
- In
- NotIn
- Exists
- DoesNotExist
type: string
values:
items:
pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$
type: string
type: array
type: object
type: array
matchLabels:
x-kubernetes-preserve-unknown-fields: true
type: object
type: object
direction:
enum:
- Ingress
- Egress
- Both
type: string
returnPort:
properties:
name:
type: string
tunnelConfig:
properties:
remoteIP:
oneOf:
- format: ipv4
- format: ipv6
type: string
tunnelID:
type: integer
required:
- remoteIP
type: object
type:
enum:
- Internal
- Device
- VXLAN
- GENEVE
- GRE
type: string
required:
- name
- type
type: object
targetPort:
properties:
erspanConfig:
properties:
dir:
enum:
- 0
- 1
type: integer
hardwareID:
type: integer
index:
type: integer
remoteIP:
oneOf:
- format: ipv4
- format: ipv6
type: string
tunnelID:
type: integer
version:
enum:
- 1
- 2
type: integer
required:
- remoteIP
- version
type: object
name:
type: string
tunnelConfig:
properties:
remoteIP:
oneOf:
- format: ipv4
- format: ipv6
type: string
tunnelID:
type: integer
required:
- remoteIP
type: object
type:
enum:
- Internal
- Device
- VXLAN
- GENEVE
- GRE
- ERSPAN
type: string
required:
- name
- type
type: object
required:
- appliedTo
- direction
- action
- targetPort
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: v1
kind: ServiceAccount
metadata:
Expand Down
Loading

0 comments on commit f77f879

Please sign in to comment.