Address comments

Signed-off-by: Dyanngg <[email protected]>

build/charts/antrea/conf/antrea-controller.conf

@@ -11,7 +11,7 @@ featureGates:
 
 # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins
 # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy
-# feature that supports priorities, externalEntities, fqdn rules and more.
+# feature that supports priorities, ExternalEntities, FQDN rules and more.
 {{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "AntreaPolicy" "default" true) }}
 
 # Enable collecting and exposing NetworkPolicy statistics.

build/charts/antrea/templates/webhooks/validating/crdvalidator.yaml

@@ -51,6 +51,34 @@ webhooks:
     admissionReviewVersions: ["v1", "v1beta1"]
     sideEffects: None
     timeoutSeconds: 5
+  - name: "anpvalidator.antrea.io"
+    clientConfig:
+      service:
+        name: "antrea"
+        namespace: {{ .Release.Namespace }}
+        path: "/validate/anp"
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: ["policy.networking.k8s.io"]
+        apiVersions: ["v1alpha1"]
+        resources: ["adminnetworkpolicies"]
+    admissionReviewVersions: ["v1", "v1beta1"]
+    sideEffects: None
+    timeoutSeconds: 5
+  - name: "banpvalidator.antrea.io"
+    clientConfig:
+      service:
+        name: "antrea"
+        namespace: {{ .Release.Namespace }}
+        path: "/validate/banp"
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: ["policy.networking.k8s.io"]
+        apiVersions: ["v1alpha1"]
+        resources: ["baselineadminnetworkpolicies"]
+    admissionReviewVersions: ["v1", "v1beta1"]
+    sideEffects: None
+    timeoutSeconds: 5
   - name: "clustergroupvalidator.antrea.io"
     clientConfig:
       service:

build/yamls/antrea-aks.yml

@@ -3364,7 +3364,7 @@ data:
 
     # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins
     # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy
-    # feature that supports priorities, externalEntities, fqdn rules and more.
+    # feature that supports priorities, ExternalEntities, FQDN rules and more.
     #  AntreaPolicy: true
 
     # Enable collecting and exposing NetworkPolicy statistics.
@@ -4440,7 +4440,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: bba3af865a3c6aa67af491cb155c19bde8d652a624428f001128692f16febc16
+        checksum/config: 052ffe2bc0e14894743335fcc9e8012d7e231315ad78be7c9d3e01dc4af26863
       labels:
         app: antrea
         component: antrea-agent
@@ -4681,7 +4681,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: bba3af865a3c6aa67af491cb155c19bde8d652a624428f001128692f16febc16
+        checksum/config: 052ffe2bc0e14894743335fcc9e8012d7e231315ad78be7c9d3e01dc4af26863
       labels:
         app: antrea
         component: antrea-controller
@@ -4927,6 +4927,34 @@ webhooks:
     admissionReviewVersions: ["v1", "v1beta1"]
     sideEffects: None
     timeoutSeconds: 5
+  - name: "anpvalidator.antrea.io"
+    clientConfig:
+      service:
+        name: "antrea"
+        namespace: kube-system
+        path: "/validate/anp"
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: ["policy.networking.k8s.io"]
+        apiVersions: ["v1alpha1"]
+        resources: ["adminnetworkpolicies"]
+    admissionReviewVersions: ["v1", "v1beta1"]
+    sideEffects: None
+    timeoutSeconds: 5
+  - name: "banpvalidator.antrea.io"
+    clientConfig:
+      service:
+        name: "antrea"
+        namespace: kube-system
+        path: "/validate/banp"
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: ["policy.networking.k8s.io"]
+        apiVersions: ["v1alpha1"]
+        resources: ["baselineadminnetworkpolicies"]
+    admissionReviewVersions: ["v1", "v1beta1"]
+    sideEffects: None
+    timeoutSeconds: 5
   - name: "clustergroupvalidator.antrea.io"
     clientConfig:
       service:

build/yamls/antrea-eks.yml

@@ -3364,7 +3364,7 @@ data:
 
     # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins
     # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy
-    # feature that supports priorities, externalEntities, fqdn rules and more.
+    # feature that supports priorities, ExternalEntities, FQDN rules and more.
     #  AntreaPolicy: true
 
     # Enable collecting and exposing NetworkPolicy statistics.
@@ -4440,7 +4440,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: bba3af865a3c6aa67af491cb155c19bde8d652a624428f001128692f16febc16
+        checksum/config: 052ffe2bc0e14894743335fcc9e8012d7e231315ad78be7c9d3e01dc4af26863
       labels:
         app: antrea
         component: antrea-agent
@@ -4682,7 +4682,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: bba3af865a3c6aa67af491cb155c19bde8d652a624428f001128692f16febc16
+        checksum/config: 052ffe2bc0e14894743335fcc9e8012d7e231315ad78be7c9d3e01dc4af26863
       labels:
         app: antrea
         component: antrea-controller
@@ -4928,6 +4928,34 @@ webhooks:
     admissionReviewVersions: ["v1", "v1beta1"]
     sideEffects: None
     timeoutSeconds: 5
+  - name: "anpvalidator.antrea.io"
+    clientConfig:
+      service:
+        name: "antrea"
+        namespace: kube-system
+        path: "/validate/anp"
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: ["policy.networking.k8s.io"]
+        apiVersions: ["v1alpha1"]
+        resources: ["adminnetworkpolicies"]
+    admissionReviewVersions: ["v1", "v1beta1"]
+    sideEffects: None
+    timeoutSeconds: 5
+  - name: "banpvalidator.antrea.io"
+    clientConfig:
+      service:
+        name: "antrea"
+        namespace: kube-system
+        path: "/validate/banp"
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: ["policy.networking.k8s.io"]
+        apiVersions: ["v1alpha1"]
+        resources: ["baselineadminnetworkpolicies"]
+    admissionReviewVersions: ["v1", "v1beta1"]
+    sideEffects: None
+    timeoutSeconds: 5
   - name: "clustergroupvalidator.antrea.io"
     clientConfig:
       service:

build/yamls/antrea-gke.yml

@@ -3364,7 +3364,7 @@ data:
 
     # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins
     # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy
-    # feature that supports priorities, externalEntities, fqdn rules and more.
+    # feature that supports priorities, ExternalEntities, FQDN rules and more.
     #  AntreaPolicy: true
 
     # Enable collecting and exposing NetworkPolicy statistics.
@@ -4440,7 +4440,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: f178f8c181f1077879375d6cbed48cc39d73bbf64d44e42e15a265c305cb1085
+        checksum/config: 1ea9af5adfa788c92cb491ae8fa85f87bd862ca6471891865ba6e0763b45319e
       labels:
         app: antrea
         component: antrea-agent
@@ -4679,7 +4679,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: f178f8c181f1077879375d6cbed48cc39d73bbf64d44e42e15a265c305cb1085
+        checksum/config: 1ea9af5adfa788c92cb491ae8fa85f87bd862ca6471891865ba6e0763b45319e
       labels:
         app: antrea
         component: antrea-controller
@@ -4925,6 +4925,34 @@ webhooks:
     admissionReviewVersions: ["v1", "v1beta1"]
     sideEffects: None
     timeoutSeconds: 5
+  - name: "anpvalidator.antrea.io"
+    clientConfig:
+      service:
+        name: "antrea"
+        namespace: kube-system
+        path: "/validate/anp"
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: ["policy.networking.k8s.io"]
+        apiVersions: ["v1alpha1"]
+        resources: ["adminnetworkpolicies"]
+    admissionReviewVersions: ["v1", "v1beta1"]
+    sideEffects: None
+    timeoutSeconds: 5
+  - name: "banpvalidator.antrea.io"
+    clientConfig:
+      service:
+        name: "antrea"
+        namespace: kube-system
+        path: "/validate/banp"
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: ["policy.networking.k8s.io"]
+        apiVersions: ["v1alpha1"]
+        resources: ["baselineadminnetworkpolicies"]
+    admissionReviewVersions: ["v1", "v1beta1"]
+    sideEffects: None
+    timeoutSeconds: 5
   - name: "clustergroupvalidator.antrea.io"
     clientConfig:
       service:

build/yamls/antrea-ipsec.yml

@@ -3377,7 +3377,7 @@ data:
 
     # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins
     # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy
-    # feature that supports priorities, externalEntities, fqdn rules and more.
+    # feature that supports priorities, ExternalEntities, FQDN rules and more.
     #  AntreaPolicy: true
 
     # Enable collecting and exposing NetworkPolicy statistics.
@@ -4453,7 +4453,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: a1366ea8d3beb6b41bd578cd951e5c0cd8a1cfa67eb609214fd0a8a2beb71418
+        checksum/config: 03d121134e0f3e15a35d0a56b6be7b214ad519a49cac942ede5758af31cabec1
         checksum/ipsec-secret: d0eb9c52d0cd4311b6d252a951126bf9bea27ec05590bed8a394f0f792dcb2a4
       labels:
         app: antrea
@@ -4738,7 +4738,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: a1366ea8d3beb6b41bd578cd951e5c0cd8a1cfa67eb609214fd0a8a2beb71418
+        checksum/config: 03d121134e0f3e15a35d0a56b6be7b214ad519a49cac942ede5758af31cabec1
       labels:
         app: antrea
         component: antrea-controller
@@ -4984,6 +4984,34 @@ webhooks:
     admissionReviewVersions: ["v1", "v1beta1"]
     sideEffects: None
     timeoutSeconds: 5
+  - name: "anpvalidator.antrea.io"
+    clientConfig:
+      service:
+        name: "antrea"
+        namespace: kube-system
+        path: "/validate/anp"
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: ["policy.networking.k8s.io"]
+        apiVersions: ["v1alpha1"]
+        resources: ["adminnetworkpolicies"]
+    admissionReviewVersions: ["v1", "v1beta1"]
+    sideEffects: None
+    timeoutSeconds: 5
+  - name: "banpvalidator.antrea.io"
+    clientConfig:
+      service:
+        name: "antrea"
+        namespace: kube-system
+        path: "/validate/banp"
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: ["policy.networking.k8s.io"]
+        apiVersions: ["v1alpha1"]
+        resources: ["baselineadminnetworkpolicies"]
+    admissionReviewVersions: ["v1", "v1beta1"]
+    sideEffects: None
+    timeoutSeconds: 5
   - name: "clustergroupvalidator.antrea.io"
     clientConfig:
       service:

build/yamls/antrea.yml

@@ -3364,7 +3364,7 @@ data:
 
     # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins
     # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy
-    # feature that supports priorities, externalEntities, fqdn rules and more.
+    # feature that supports priorities, ExternalEntities, FQDN rules and more.
     #  AntreaPolicy: true
 
     # Enable collecting and exposing NetworkPolicy statistics.
@@ -4440,7 +4440,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 2a50b2634e1ee50013eceaa7841858b58b431b475e6aed9075be57cb82deeddb
+        checksum/config: ac3d1e61b79c6fbc422fe542ca673d9b20e0d4124ec27a85de1575d1a023414b
       labels:
         app: antrea
         component: antrea-agent
@@ -4679,7 +4679,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 2a50b2634e1ee50013eceaa7841858b58b431b475e6aed9075be57cb82deeddb
+        checksum/config: ac3d1e61b79c6fbc422fe542ca673d9b20e0d4124ec27a85de1575d1a023414b
       labels:
         app: antrea
         component: antrea-controller
@@ -4925,6 +4925,34 @@ webhooks:
     admissionReviewVersions: ["v1", "v1beta1"]
     sideEffects: None
     timeoutSeconds: 5
+  - name: "anpvalidator.antrea.io"
+    clientConfig:
+      service:
+        name: "antrea"
+        namespace: kube-system
+        path: "/validate/anp"
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: ["policy.networking.k8s.io"]
+        apiVersions: ["v1alpha1"]
+        resources: ["adminnetworkpolicies"]
+    admissionReviewVersions: ["v1", "v1beta1"]
+    sideEffects: None
+    timeoutSeconds: 5
+  - name: "banpvalidator.antrea.io"
+    clientConfig:
+      service:
+        name: "antrea"
+        namespace: kube-system
+        path: "/validate/banp"
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: ["policy.networking.k8s.io"]
+        apiVersions: ["v1alpha1"]
+        resources: ["baselineadminnetworkpolicies"]
+    admissionReviewVersions: ["v1", "v1beta1"]
+    sideEffects: None
+    timeoutSeconds: 5
   - name: "clustergroupvalidator.antrea.io"
     clientConfig:
       service:

cmd/antrea-agent-simulator/simulator.go

@@ -37,7 +37,7 @@ import (
 )
 
 func run() error {
-	klog.Infof("Starting Antrea agent simulator (version %s)", version.GetFullVersion())
+	klog.InfoS("Starting Antrea agent simulator", "version", version.GetFullVersion())
 	k8sClient, _, _, _, _, _, err := k8s.CreateClients(componentbaseconfig.ClientConnectionConfiguration{}, "")
 	if err != nil {
 		return fmt.Errorf("error creating K8s clients: %v", err)

cmd/antrea-agent/agent.go

@@ -95,7 +95,7 @@ var ipv4Localhost = net.ParseIP("127.0.0.1")
 
 // run starts Antrea agent with the given options and waits for termination signal.
 func run(o *Options) error {
-	klog.Infof("Starting Antrea agent (version %s)", version.GetFullVersion())
+	klog.InfoS("Starting Antrea agent", "version", version.GetFullVersion())
 
 	// Create K8s Clientset, CRD Clientset, Multicluster CRD Clientset and SharedInformerFactory for the given config.
 	k8sClient, _, crdClient, _, mcClient, _, err := k8s.CreateClients(o.config.ClientConnection, o.config.KubeAPIServerOverride)

go.mod

@@ -162,6 +162,7 @@ require (
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/compress v1.15.14 // indirect
 	github.com/kr/fs v0.1.0 // indirect
+	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.17 // indirect