Remove all legacy (*.antrea.tanzu.vmware.com) APIs

These APIs were scheduled for deletion in December 2021. So it seems reasonable to remove them in Antrea v1.6, without causing significant disruption to users. As part of this, the CRD mirroring controller code can be removed entirely and the legacyCRDMirroring config option for the controller is deprecated (it's a no-op and users trying to set this option to anything will see a warning in the logs). The API dcoumentation is updated. We add a note to inform users who may still be using Antrea pre-v1.0 that they will need to make an intermediate upgrade first and migrate their CRDs, if they want to upgrade to Antrea >= v1.6. Fixes #3298 Signed-off-by: Antonin Bas <[email protected]>
antrea-io · Feb 9, 2022 · fc585fe · fc585fe
1 parent f7f353a
commit fc585fe
Show file tree

Hide file tree

Showing 167 changed files with 2,127 additions and 27,990 deletions.
diff --git a/build/yamls/antrea-aks.yml b/build/yamls/antrea-aks.yml
diff --git a/build/yamls/antrea-eks.yml b/build/yamls/antrea-eks.yml
diff --git a/build/yamls/antrea-gke.yml b/build/yamls/antrea-gke.yml
diff --git a/build/yamls/antrea-ipsec.yml b/build/yamls/antrea-ipsec.yml
diff --git a/build/yamls/antrea-kind.yml b/build/yamls/antrea-kind.yml
diff --git a/build/yamls/antrea.yml b/build/yamls/antrea.yml
diff --git a/build/yamls/base/agent-rbac.yml b/build/yamls/base/agent-rbac.yml
@@ -54,7 +54,6 @@ rules:
       - watch
       - list
   - apiGroups:
-      - clusterinformation.antrea.tanzu.vmware.com
       - crd.antrea.io
     resources:
       - antreaagentinfos
@@ -64,7 +63,6 @@ rules:
       - update
       - delete
   - apiGroups:
-      - controlplane.antrea.tanzu.vmware.com
       - controlplane.antrea.io
     resources:
       - networkpolicies
@@ -83,14 +81,12 @@ rules:
       - watch
       - list
   - apiGroups:
-      - controlplane.antrea.tanzu.vmware.com
       - controlplane.antrea.io
     resources:
       - nodestatssummaries
     verbs:
       - create
   - apiGroups:
-      - controlplane.antrea.tanzu.vmware.com
       - controlplane.antrea.io
     resources:
       - networkpolicies/status
@@ -136,7 +132,6 @@ rules:
       - watch
       - list
   - apiGroups:
-      - ops.antrea.tanzu.vmware.com
       - crd.antrea.io
     resources:
       - traceflows

diff --git a/build/yamls/base/antctl.yml b/build/yamls/base/antctl.yml
@@ -11,7 +11,6 @@ metadata:
   name: antctl
 rules:
   - apiGroups:
-      - controlplane.antrea.tanzu.vmware.com
       - controlplane.antrea.io
     resources:
       - networkpolicies
@@ -21,7 +20,6 @@ rules:
       - get
       - list
   - apiGroups:
-      - stats.antrea.tanzu.vmware.com
       - stats.antrea.io
     resources:
       - networkpolicystats
@@ -31,23 +29,20 @@ rules:
       - get
       - list
   - apiGroups:
-      - system.antrea.tanzu.vmware.com
       - system.antrea.io
     resources:
       - controllerinfos
       - agentinfos
     verbs:
       - get
   - apiGroups:
-      - system.antrea.tanzu.vmware.com
       - system.antrea.io
     resources:
       - supportbundles
     verbs:
       - get
       - post
   - apiGroups:
-      - system.antrea.tanzu.vmware.com
       - system.antrea.io
     resources:
       - supportbundles/download

diff --git a/build/yamls/base/conf/antrea-controller.conf b/build/yamls/base/conf/antrea-controller.conf
@@ -50,20 +50,6 @@ featureGates:
 # TLS min version from: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
 #tlsMinVersion:
 
-# If Antrea is upgraded from version <= v0.13 and legacy CRDs are used, this option should be
-# enabled, otherwise the CRDs created with the legacy API groups will not take any effect and
-# work as expected. When the mirroring is enabled, if a legacy CRD is created with legacy API
-# groups, mirroring-controller will create a new CRD with the Spec and Labels from the legacy
-# CRD. Afterwards, the modification of Spec and Label in legacy CRD will be synchronized to new
-# CRD automatically. In addition, the modification of Status in new CRD will also be synchronized
-# to legacy CRD automatically. If a legacy CRD is deleted, the corresponding new CRD will be deleted.
-# Note that: to decouple a new CRD from the corresponding legacy CRD, the legacy CRD should be
-# annotated with "crd.antrea.io/stop-mirror". Afterwards, updates to the legacy CRDs will no
-# longer be reflected in the new CRD, and all CRUD operations should be done through the new
-# API groups. After adding the annotation, legacy CRDs can be deleted safely without impacting
-# new CRDs.
-#legacyCRDMirroring: true
-
 nodeIPAM:
 # Enable the integrated Node IPAM controller within the Antrea controller.
 #  enableNodeIPAM: false

diff --git a/build/yamls/base/controller-rbac.yml b/build/yamls/base/controller-rbac.yml
@@ -104,9 +104,6 @@ rules:
     resources:
       - apiservices
     resourceNames:
-      - v1alpha1.stats.antrea.tanzu.vmware.com
-      - v1beta1.system.antrea.tanzu.vmware.com
-      - v1beta2.controlplane.antrea.tanzu.vmware.com
       - v1alpha1.stats.antrea.io
       - v1beta1.system.antrea.io
       - v1beta2.controlplane.antrea.io
@@ -120,6 +117,9 @@ rules:
     resourceNames:
       - v1beta1.networking.antrea.tanzu.vmware.com
       - v1beta1.controlplane.antrea.tanzu.vmware.com
+      - v1alpha1.stats.antrea.tanzu.vmware.com
+      - v1beta1.system.antrea.tanzu.vmware.com
+      - v1beta2.controlplane.antrea.tanzu.vmware.com
     verbs:
       - delete
   - apiGroups:
@@ -128,8 +128,6 @@ rules:
       - mutatingwebhookconfigurations
       - validatingwebhookconfigurations
     resourceNames:
-      - crdmutator.antrea.tanzu.vmware.com
-      - crdvalidator.antrea.tanzu.vmware.com
       - labelsmutator.antrea.io
       - crdmutator.antrea.io
       - crdvalidator.antrea.io
@@ -250,94 +248,6 @@ rules:
       - get
       - list
       - watch
-  # Deprecated in v1.0.0.
-  - apiGroups:
-    - clusterinformation.antrea.tanzu.vmware.com
-    resources:
-      - antreacontrollerinfos
-    verbs:
-      - get
-      - create
-      - update
-      - delete
-  # Deprecated in v1.0.0.
-  - apiGroups:
-      - clusterinformation.antrea.tanzu.vmware.com
-    resources:
-      - antreaagentinfos
-    verbs:
-      - list
-      - delete
-  # Deprecated in v1.0.0.
-  - apiGroups:
-      - security.antrea.tanzu.vmware.com
-    resources:
-      - clusternetworkpolicies
-      - networkpolicies
-    verbs:
-      - get
-      - watch
-      - list
-      - update
-      - patch
-      - create
-      - delete
-  # Deprecated in v1.0.0.
-  - apiGroups:
-      - security.antrea.tanzu.vmware.com
-    resources:
-      - clusternetworkpolicies/status
-      - networkpolicies/status
-    verbs:
-      - update
-  # Deprecated in v1.0.0.
-  - apiGroups:
-      - security.antrea.tanzu.vmware.com
-    resources:
-      - tiers
-    verbs:
-      - get
-      - watch
-      - list
-      - update
-      - patch
-      - create
-      - delete
-  # Deprecated in v1.0.0.
-  - apiGroups:
-      - ops.antrea.tanzu.vmware.com
-    resources:
-      - traceflows
-      - traceflows/status
-    verbs:
-      - get
-      - watch
-      - list
-      - update
-      - patch
-      - create
-      - delete
-  # Deprecated in v1.0.0.
-  - apiGroups:
-      - core.antrea.tanzu.vmware.com
-    resources:
-      - externalentities
-      - clustergroups
-    verbs:
-      - get
-      - watch
-      - list
-      - update
-      - patch
-      - create
-      - delete
-  # Deprecated in v1.0.0.
-  - apiGroups:
-      - core.antrea.tanzu.vmware.com
-    resources:
-      - clustergroups/status
-    verbs:
-      - update
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1

diff --git a/build/yamls/base/controller.yml b/build/yamls/base/controller.yml
@@ -304,149 +304,3 @@ spec:
             path: /var/log/antrea
             type: DirectoryOrCreate
 ---
-# Deprecated in v1.0.0.
-apiVersion: apiregistration.k8s.io/v1
-kind: APIService
-metadata:
-  name: v1beta2.controlplane.antrea.tanzu.vmware.com
-spec:
-  group: controlplane.antrea.tanzu.vmware.com
-  groupPriorityMinimum: 100
-  version: v1beta2
-  versionPriority: 100
-  service:
-    name: antrea
-    namespace: kube-system
----
-# Deprecated in v1.0.0.
-apiVersion: apiregistration.k8s.io/v1
-kind: APIService
-metadata:
-  name: v1beta1.system.antrea.tanzu.vmware.com
-spec:
-  group: system.antrea.tanzu.vmware.com
-  groupPriorityMinimum: 100
-  version: v1beta1
-  versionPriority: 100
-  service:
-    name: antrea
-    namespace: kube-system
----
-# Deprecated in v1.0.0.
-apiVersion: admissionregistration.k8s.io/v1
-kind: MutatingWebhookConfiguration
-metadata:
-  name: "crdmutator.antrea.tanzu.vmware.com"
-webhooks:
-  - name: "acnpmutator.antrea.tanzu.vmware.com"
-    clientConfig:
-      service:
-        name: "antrea"
-        namespace: "kube-system"
-        path: "/mutate/acnp"
-    rules:
-      - operations: ["CREATE", "UPDATE"]
-        apiGroups: ["security.antrea.tanzu.vmware.com"]
-        apiVersions: ["v1alpha1"]
-        resources: ["clusternetworkpolicies"]
-        scope: "Cluster"
-    admissionReviewVersions: ["v1", "v1beta1"]
-    sideEffects: None
-    timeoutSeconds: 5
-  - name: "anpmutator.antrea.tanzu.vmware.com"
-    clientConfig:
-      service:
-        name: "antrea"
-        namespace: "kube-system"
-        path: "/mutate/anp"
-    rules:
-      - operations: ["CREATE", "UPDATE"]
-        apiGroups: ["security.antrea.tanzu.vmware.com"]
-        apiVersions: ["v1alpha1"]
-        resources: ["networkpolicies"]
-        scope: "Namespaced"
-    admissionReviewVersions: ["v1", "v1beta1"]
-    sideEffects: None
-    timeoutSeconds: 5
----
-# Deprecated in v1.0.0.
-apiVersion: admissionregistration.k8s.io/v1
-kind: ValidatingWebhookConfiguration
-metadata:
-  name: "crdvalidator.antrea.tanzu.vmware.com"
-webhooks:
-  - name: "tiervalidator.antrea.tanzu.vmware.com"
-    clientConfig:
-      service:
-        name: "antrea"
-        namespace: "kube-system"
-        path: "/validate/tier"
-    rules:
-      - operations: ["CREATE", "UPDATE", "DELETE"]
-        apiGroups: ["security.antrea.tanzu.vmware.com"]
-        apiVersions: ["v1alpha1"]
-        resources: ["tiers"]
-        scope: "Cluster"
-    admissionReviewVersions: ["v1", "v1beta1"]
-    sideEffects: None
-    timeoutSeconds: 5
-  - name: "acnpvalidator.antrea.tanzu.vmware.com"
-    clientConfig:
-      service:
-        name: "antrea"
-        namespace: "kube-system"
-        path: "/validate/acnp"
-    rules:
-      - operations: ["CREATE", "UPDATE"]
-        apiGroups: ["security.antrea.tanzu.vmware.com"]
-        apiVersions: ["v1alpha1"]
-        resources: ["clusternetworkpolicies"]
-        scope: "Cluster"
-    admissionReviewVersions: ["v1", "v1beta1"]
-    sideEffects: None
-    timeoutSeconds: 5
-  - name: "anpvalidator.antrea.tanzu.vmware.com"
-    clientConfig:
-      service:
-        name: "antrea"
-        namespace: "kube-system"
-        path: "/validate/anp"
-    rules:
-      - operations: ["CREATE", "UPDATE"]
-        apiGroups: ["security.antrea.tanzu.vmware.com"]
-        apiVersions: ["v1alpha1"]
-        resources: ["networkpolicies"]
-        scope: "Namespaced"
-    admissionReviewVersions: ["v1", "v1beta1"]
-    sideEffects: None
-    timeoutSeconds: 5
-  - name: "clustergroupvalidator.antrea.tanzu.vmware.com"
-    clientConfig:
-      service:
-        name: "antrea"
-        namespace: "kube-system"
-        path: "/validate/clustergroup"
-    rules:
-      - operations: ["CREATE", "UPDATE", "DELETE"]
-        apiGroups: ["core.antrea.tanzu.vmware.com"]
-        apiVersions: ["v1alpha2"]
-        resources: ["clustergroups"]
-        scope: "Cluster"
-    admissionReviewVersions: ["v1", "v1beta1"]
-    sideEffects: None
-    timeoutSeconds: 5
----
-# Deprecated in v1.0.0.
-apiVersion: apiregistration.k8s.io/v1
-kind: APIService
-metadata:
-  name: v1alpha1.stats.antrea.tanzu.vmware.com
-spec:
-  group: stats.antrea.tanzu.vmware.com
-  groupPriorityMinimum: 100
-  version: v1alpha1
-  versionPriority: 100
-  service:
-    name: antrea
-    namespace: kube-system
----