Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add sort-by effectivePriority for antctl get networkpolicy #1530

Merged
merged 3 commits into from
Dec 4, 2020

Conversation

Dyanngg
Copy link
Contributor

@Dyanngg Dyanngg commented Nov 11, 2020

This PR aims to solve #1388

  • Adds an option --sort-by=effectivePriority for antctl get networkpolicy, which sorts the Antrea internal controlplane NetworkPolicy objects by the order in which they are evaluated.
  • antctl get networkpolicy displays tier priority and policy priority by default

@antrea-bot
Copy link
Collaborator

Thanks for your PR.
Unit tests and code linters are run automatically every time the PR is updated.
E2e, conformance and network policy tests can only be triggered by a member of the vmware-tanzu organization. Regular contributors to the project should join the org.

The following commands are available:

  • /test-e2e: to trigger e2e tests.
  • /skip-e2e: to skip e2e tests.
  • /test-conformance: to trigger conformance tests.
  • /skip-conformance: to skip conformance tests.
  • /test-all-features-conformance: to trigger conformance tests with all alpha features enabled.
  • /skip-all-features-conformance: to skip conformance tests with all alpha features enabled.
  • /test-whole-conformance: to trigger all conformance tests on linux.
  • /skip-whole-conformance: to skip all conformance tests on linux.
  • /test-networkpolicy: to trigger networkpolicy tests.
  • /skip-networkpolicy: to skip networkpolicy tests.
  • /test-windows-conformance: to trigger windows conformance tests.
  • /skip-windows-conformance: to skip windows conformance tests.
  • /test-windows-networkpolicy: to trigger windows networkpolicy tests.
  • /skip-windows-networkpolicy: to skip windows networkpolicy tests.
  • /test-hw-offload: to trigger ovs hardware offload test.
  • /skip-hw-offload: to skip ovs hardware offload test.
  • /test-all: to trigger all tests (except whole conformance).
  • /skip-all: to skip all tests (except whole conformance).

@codecov-io
Copy link

codecov-io commented Nov 11, 2020

Codecov Report

Merging #1530 (f585845) into master (9d3d10b) will decrease coverage by 1.20%.
The diff coverage is 53.68%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #1530      +/-   ##
==========================================
- Coverage   63.31%   62.11%   -1.21%     
==========================================
  Files         170      182      +12     
  Lines       14250    15420    +1170     
==========================================
+ Hits         9023     9578     +555     
- Misses       4292     4826     +534     
- Partials      935     1016      +81     
Flag Coverage Δ
e2e-tests 26.18% <27.56%> (?)
kind-e2e-tests 52.23% <47.94%> (-3.16%) ⬇️
unit-tests 40.41% <14.24%> (-0.87%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
cmd/antrea-agent/agent.go 0.00% <0.00%> (ø)
cmd/antrea-agent/options.go 21.69% <0.00%> (+0.97%) ⬆️
.../agent/apiserver/handlers/networkpolicy/handler.go 58.33% <ø> (ø)
...gent/controller/noderoute/node_route_controller.go 46.06% <ø> (-0.41%) ⬇️
.../agent/flowexporter/connections/conntrack_linux.go 28.37% <0.00%> (-0.79%) ⬇️
pkg/agent/stats/collector.go 97.72% <ø> (ø)
pkg/antctl/antctl.go 100.00% <ø> (ø)
pkg/antctl/transform/addressgroup/transform.go 0.00% <0.00%> (ø)
pkg/antctl/transform/controllerinfo/transform.go 0.00% <ø> (ø)
pkg/antctl/transform/networkpolicy/transform.go 0.00% <0.00%> (ø)
... and 71 more

@antoninbas antoninbas added this to the Antrea v0.12.0 release milestone Nov 11, 2020
@Dyanngg Dyanngg force-pushed the antctl-np-priority branch 3 times, most recently from d63205a to 1a02873 Compare November 11, 2020 07:25
Copy link
Contributor

@antoninbas antoninbas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe you can mention this command in the documentation as part of this PR, since it is a pretty small change in terms of LOCs? In antctl.md (and maybe in antrea-network-policy.md as well?).

pkg/agent/apiserver/handlers/networkpolicy/handler.go Outdated Show resolved Hide resolved
pkg/agent/apiserver/handlers/networkpolicy/handler.go Outdated Show resolved Hide resolved
pkg/antctl/command_definition_test.go Show resolved Hide resolved
pkg/antctl/antctl.go Outdated Show resolved Hide resolved
@antoninbas
Copy link
Contributor

I think sorting functionality is typically done on the client-side instead of making the server do this work. This is the case for kubectl for example: kubernetes/kubernetes#80602 (comment)

One advantage of sorting client-side would be that we could support "sort by effective priority" when using antctl in controller-mode without having to introduce a new API. @tnqn what do you think?

@tnqn
Copy link
Member

tnqn commented Nov 18, 2020

I think sorting functionality is typically done on the client-side instead of making the server do this work. This is the case for kubectl for example: kubernetes/kubernetes#80602 (comment)

One advantage of sorting client-side would be that we could support "sort by effective priority" when using antctl in controller-mode without having to introduce a new API. @tnqn what do you think?

I agree with @antoninbas, and the apiserver lib doesn't support --sort-by option so we don't have a way to specify the intention for antrea-controller.

@Dyanngg
Copy link
Contributor Author

Dyanngg commented Nov 18, 2020

I think sorting functionality is typically done on the client-side instead of making the server do this work. This is the case for kubectl for example: kubernetes/kubernetes#80602 (comment)
One advantage of sorting client-side would be that we could support "sort by effective priority" when using antctl in controller-mode without having to introduce a new API. @tnqn what do you think?

I agree with @antoninbas, and the apiserver lib doesn't support --sort-by option so we don't have a way to specify the intention for antrea-controller.

So if we move this to the client side, does it mean we sort the NetworkPolicies by effective priority by default? since it does not take --sort-by option

@antoninbas
Copy link
Contributor

antoninbas commented Nov 18, 2020

I think sorting functionality is typically done on the client-side instead of making the server do this work. This is the case for kubectl for example: kubernetes/kubernetes#80602 (comment)
One advantage of sorting client-side would be that we could support "sort by effective priority" when using antctl in controller-mode without having to introduce a new API. @tnqn what do you think?

I agree with @antoninbas, and the apiserver lib doesn't support --sort-by option so we don't have a way to specify the intention for antrea-controller.

So if we move this to the client side, does it mean we sort the NetworkPolicies by effective priority by default? since it does not take --sort-by option

I believe the fact that we do not support flags for controller commands (resourceEndpoint) is more a current limitation of the framework. There is no technical reason not to support flags. Currently these commands all support --name and --namespace:
https://github.com/vmware-tanzu/antrea/blob/b1745fc8852578dae6e124cc48d3c3f607cdbce4/pkg/antctl/command_definition.go#L112

In theory all commands could support --sort-by (like kubectl does), but that would require implementing that functionality (using JSON paths). I believe it would be fine for now to extend the resourceEndpoint struct to support custom command-specific flags, and only add --sort-by for get netpol (with effectivePriority being the only supported value).

@Dyanngg Dyanngg force-pushed the antctl-np-priority branch 2 times, most recently from 543f1d5 to b809d06 Compare November 18, 2020 22:38
docs/antrea-network-policy.md Outdated Show resolved Hide resolved
pkg/antctl/command_definition.go Outdated Show resolved Hide resolved
pkg/antctl/transform/networkpolicy/transform.go Outdated Show resolved Hide resolved
Copy link
Contributor

@antoninbas antoninbas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

some minor comments, otherwise LGTM

thanks for making the change and implementing this client-side, we get "controller-mode" support for free :)

@@ -127,6 +127,13 @@ func (e *resourceEndpoint) flags() []flagInfo {
usage: "Filter the resource by namespace",
})
}
if e.groupVersionResource == &v1beta2.NetworkPolicyVersionResource {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in a future PR, we can consider extending this flag to other resources & other fields. Would you mind opening a Github issue for that, I think it would make a "good first issue" as well

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Opened #1605

pkg/antctl/transform/networkpolicy/transform.go Outdated Show resolved Hide resolved
Comment on lines 89 to 92
sortBy := query.Get("sort-by")
if sortBy != "" && sortBy != sortByEffectivePriority {
return nil, fmt.Errorf("unsupported value for sort-by option. Current supported value is %s", sortByEffectivePriority)
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Dyanngg I am confused as to why the check is done on the server-side, and only for the agent?

Copy link
Contributor Author

@Dyanngg Dyanngg Dec 2, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are totally right. Reverted that and added the check on the client-side

Copy link
Contributor

@antoninbas antoninbas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Dyanngg
Copy link
Contributor Author

Dyanngg commented Dec 3, 2020

/test-all

@Dyanngg Dyanngg merged commit 7d146ca into antrea-io:master Dec 4, 2020
@Dyanngg Dyanngg deleted the antctl-np-priority branch December 4, 2020 01:22
antoninbas pushed a commit that referenced this pull request Dec 23, 2020
* Add sort-by effectivePriority for antctl get networkpolicy

* Address comments and move sort logic to the client side

* Add value check for sort-by flag
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants