From 442ae8368513f3adfef61c82fee83ce4e38decc7 Mon Sep 17 00:00:00 2001 From: Quan Tian Date: Thu, 14 Apr 2022 17:38:09 +0000 Subject: [PATCH] Add TrafficControl API TrafficControl is a feature which allows mirroring or redirecting the traffic Pods send or receive. It enables users to monitor and analyze Pod traffic, and to enforce custom network protections for Pods with fine-grained control over network traffic. This patch adds types and CRD for TrafficControl API. Examples: 1. Mirror Pods (web=app) ingress traffic to a VXLAN tunnel ``` apiVersion: crd.antrea.io/v1alpha2 kind: TrafficControl metadata: name: mirror-web-app spec: appliedTo: podSelector: matchLabels: app: web direction: Ingress action: Mirror targetPort: vxlan: remoteIP: 1.1.1.1 ``` 2. Redirect Pods (web=app) traffic in both direction to OVS internal port firewall0 and expect the traffic to re-enter OVS via another OVS internal port firewall1 if they are not dropped. ``` apiVersion: crd.antrea.io/v1alpha2 kind: TrafficControl metadata: name: redirect spec: appliedTo: podSelector: matchLabels: role: web direction: Ingress action: Redirect targetPort: ovsInternal: name: firewall0 returnPort: ovsInternal: name: firewall1 ``` For #3324 Signed-off-by: Quan Tian --- build/charts/antrea/conf/antrea-agent.conf | 3 + .../antrea/templates/agent/clusterrole.yaml | 1 + .../antrea/templates/crds/trafficcontrol.yaml | 283 +++++++++++++++++ build/yamls/antrea-aks.yml | 293 +++++++++++++++++- build/yamls/antrea-eks.yml | 293 +++++++++++++++++- build/yamls/antrea-gke.yml | 293 +++++++++++++++++- build/yamls/antrea-ipsec.yml | 293 +++++++++++++++++- build/yamls/antrea.yml | 293 +++++++++++++++++- pkg/apis/crd/v1alpha2/types.go | 124 ++++++++ .../crd/v1alpha2/zz_generated.deepcopy.go | 244 +++++++++++++++ .../typed/crd/v1alpha2/crd_client.go | 5 + .../crd/v1alpha2/fake/fake_crd_client.go | 4 + .../crd/v1alpha2/fake/fake_trafficcontrol.go | 120 +++++++ .../typed/crd/v1alpha2/generated_expansion.go | 2 + .../typed/crd/v1alpha2/trafficcontrol.go | 166 ++++++++++ .../crd/v1alpha2/interface.go | 7 + .../crd/v1alpha2/trafficcontrol.go | 87 ++++++ .../informers/externalversions/generic.go | 2 + .../crd/v1alpha2/expansion_generated.go | 4 + .../listers/crd/v1alpha2/trafficcontrol.go | 66 ++++ pkg/features/antrea_features.go | 5 + 21 files changed, 2578 insertions(+), 10 deletions(-) create mode 100644 build/charts/antrea/templates/crds/trafficcontrol.yaml create mode 100644 pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_trafficcontrol.go create mode 100644 pkg/client/clientset/versioned/typed/crd/v1alpha2/trafficcontrol.go create mode 100644 pkg/client/informers/externalversions/crd/v1alpha2/trafficcontrol.go create mode 100644 pkg/client/listers/crd/v1alpha2/trafficcontrol.go diff --git a/build/charts/antrea/conf/antrea-agent.conf b/build/charts/antrea/conf/antrea-agent.conf index 174ea80888c..a2395e848b2 100644 --- a/build/charts/antrea/conf/antrea-agent.conf +++ b/build/charts/antrea/conf/antrea-agent.conf @@ -47,6 +47,9 @@ featureGates: # Enable managing external IPs of Services of LoadBalancer type. {{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "ServiceExternalIP" "default" false) }} +# Enable mirroring or redirecting the traffic Pods send or receive. +{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "TrafficControl" "default" false) }} + # Name of the OpenVSwitch bridge antrea-agent will create and use. # Make sure it doesn't conflict with your existing OpenVSwitch bridges. ovsBridge: {{ .Values.ovs.bridgeName | quote }} diff --git a/build/charts/antrea/templates/agent/clusterrole.yaml b/build/charts/antrea/templates/agent/clusterrole.yaml index ef7e7ea8da5..046110d1fc3 100644 --- a/build/charts/antrea/templates/agent/clusterrole.yaml +++ b/build/charts/antrea/templates/agent/clusterrole.yaml @@ -167,6 +167,7 @@ rules: resources: - externalippools - ippools + - trafficcontrols verbs: - get - watch diff --git a/build/charts/antrea/templates/crds/trafficcontrol.yaml b/build/charts/antrea/templates/crds/trafficcontrol.yaml new file mode 100644 index 00000000000..0f2ffdb457c --- /dev/null +++ b/build/charts/antrea/templates/crds/trafficcontrol.yaml @@ -0,0 +1,283 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: trafficcontrols.crd.antrea.io +spec: + group: crd.antrea.io + versions: + - name: v1alpha2 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + required: + - spec + properties: + spec: + type: object + required: + - appliedTo + - direction + - action + - targetPort + properties: + appliedTo: + type: object + properties: + podSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + x-kubernetes-preserve-unknown-fields: true + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + x-kubernetes-preserve-unknown-fields: true + direction: + type: string + enum: + - Ingress + - Egress + - Both + action: + type: string + enum: + - Mirror + - Redirect + targetPort: + type: object + oneOf: + - required: [ovsInternal] + - required: [device] + - required: [geneve] + - required: [vxlan] + - required: [gre] + - required: [erspan] + properties: + ovsInternal: + type: object + required: + - name + properties: + name: + type: string + device: + type: object + required: + - name + properties: + name: + type: string + geneve: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + vni: + type: integer + minimum: 0 + maximum: 16777215 + destinationPort: + type: integer + minimum: 1 + maximum: 65535 + vxlan: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + vni: + type: integer + minimum: 0 + maximum: 16777215 + destinationPort: + type: integer + minimum: 1 + maximum: 65535 + gre: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + key: + type: integer + minimum: 0 + maximum: 4294967295 + erspan: + type: object + required: + - remoteIP + - version + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + sessionID: + type: integer + minimum: 0 + maximum: 1023 + version: + type: integer + enum: + - 1 + - 2 + index: + type: integer + dir: + type: integer + enum: + - 0 + - 1 + hardwareID: + type: integer + returnPort: + type: object + oneOf: + - required: [ovsInternal] + - required: [device] + - required: [geneve] + - required: [vxlan] + - required: [gre] + properties: + ovsInternal: + type: object + required: + - name + properties: + name: + type: string + device: + type: object + required: + - name + properties: + name: + type: string + geneve: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + vni: + type: integer + minimum: 0 + maximum: 16777215 + destinationPort: + type: integer + minimum: 1 + maximum: 65535 + vxlan: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + vni: + type: integer + minimum: 0 + maximum: 16777215 + destinationPort: + type: integer + minimum: 1 + maximum: 65535 + gre: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + key: + type: integer + minimum: 0 + maximum: 4294967295 + additionalPrinterColumns: + - description: Specifies the direction of traffic that should be matched. + jsonPath: .spec.direction + name: Direction + type: string + - description: Specifies the action that should be taken for the traffic. + jsonPath: .spec.action + name: Action + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + subresources: + status: {} + scope: Cluster + names: + plural: trafficcontrols + singular: trafficcontrol + kind: TrafficControl + shortNames: + - tc diff --git a/build/yamls/antrea-aks.yml b/build/yamls/antrea-aks.yml index e084345b48b..e4a1b3c394f 100644 --- a/build/yamls/antrea-aks.yml +++ b/build/yamls/antrea-aks.yml @@ -85,6 +85,9 @@ data: # Enable managing external IPs of Services of LoadBalancer type. # ServiceExternalIP: false + # Enable mirroring or redirecting the traffic Pods send or receive. + # TrafficControl: false + # Name of the OpenVSwitch bridge antrea-agent will create and use. # Make sure it doesn't conflict with your existing OpenVSwitch bridges. ovsBridge: "br-int" @@ -2493,6 +2496,291 @@ spec: shortNames: - tf --- +# Source: antrea/templates/crds/trafficcontrol.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: trafficcontrols.crd.antrea.io +spec: + group: crd.antrea.io + versions: + - name: v1alpha2 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + required: + - spec + properties: + spec: + type: object + required: + - appliedTo + - direction + - action + - targetPort + properties: + appliedTo: + type: object + properties: + podSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + x-kubernetes-preserve-unknown-fields: true + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + x-kubernetes-preserve-unknown-fields: true + direction: + type: string + enum: + - Ingress + - Egress + - Both + action: + type: string + enum: + - Mirror + - Redirect + targetPort: + type: object + oneOf: + - required: [ovsInternal] + - required: [device] + - required: [geneve] + - required: [vxlan] + - required: [gre] + - required: [erspan] + properties: + ovsInternal: + type: object + required: + - name + properties: + name: + type: string + device: + type: object + required: + - name + properties: + name: + type: string + geneve: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + vni: + type: integer + minimum: 0 + maximum: 16777215 + destinationPort: + type: integer + minimum: 1 + maximum: 65535 + vxlan: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + vni: + type: integer + minimum: 0 + maximum: 16777215 + destinationPort: + type: integer + minimum: 1 + maximum: 65535 + gre: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + key: + type: integer + minimum: 0 + maximum: 4294967295 + erspan: + type: object + required: + - remoteIP + - version + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + sessionID: + type: integer + minimum: 0 + maximum: 1023 + version: + type: integer + enum: + - 1 + - 2 + index: + type: integer + dir: + type: integer + enum: + - 0 + - 1 + hardwareID: + type: integer + returnPort: + type: object + oneOf: + - required: [ovsInternal] + - required: [device] + - required: [geneve] + - required: [vxlan] + - required: [gre] + properties: + ovsInternal: + type: object + required: + - name + properties: + name: + type: string + device: + type: object + required: + - name + properties: + name: + type: string + geneve: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + vni: + type: integer + minimum: 0 + maximum: 16777215 + destinationPort: + type: integer + minimum: 1 + maximum: 65535 + vxlan: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + vni: + type: integer + minimum: 0 + maximum: 16777215 + destinationPort: + type: integer + minimum: 1 + maximum: 65535 + gre: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + key: + type: integer + minimum: 0 + maximum: 4294967295 + additionalPrinterColumns: + - description: Specifies the direction of traffic that should be matched. + jsonPath: .spec.direction + name: Direction + type: string + - description: Specifies the action that should be taken for the traffic. + jsonPath: .spec.action + name: Action + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + subresources: + status: {} + scope: Cluster + names: + plural: trafficcontrols + singular: trafficcontrol + kind: TrafficControl + shortNames: + - tc +--- # Source: antrea/templates/agent/clusterrole.yaml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -2663,6 +2951,7 @@ rules: resources: - externalippools - ippools + - trafficcontrols verbs: - get - watch @@ -3180,7 +3469,7 @@ spec: kubectl.kubernetes.io/default-container: antrea-agent # Automatically restart Pods with a RollingUpdate if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: cb46b22ec258614e4df2cc06aaaba03d2a3ecd008de23288dbdce9cd3cc68647 + checksum/config: 4554a36b927c6e64fdbc53b4d4c64673d48c9c829ec444e3be6e699ade8481b6 labels: app: antrea component: antrea-agent @@ -3420,7 +3709,7 @@ spec: annotations: # Automatically restart Pod if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: cb46b22ec258614e4df2cc06aaaba03d2a3ecd008de23288dbdce9cd3cc68647 + checksum/config: 4554a36b927c6e64fdbc53b4d4c64673d48c9c829ec444e3be6e699ade8481b6 labels: app: antrea component: antrea-controller diff --git a/build/yamls/antrea-eks.yml b/build/yamls/antrea-eks.yml index eecf6726355..80487df0538 100644 --- a/build/yamls/antrea-eks.yml +++ b/build/yamls/antrea-eks.yml @@ -85,6 +85,9 @@ data: # Enable managing external IPs of Services of LoadBalancer type. # ServiceExternalIP: false + # Enable mirroring or redirecting the traffic Pods send or receive. + # TrafficControl: false + # Name of the OpenVSwitch bridge antrea-agent will create and use. # Make sure it doesn't conflict with your existing OpenVSwitch bridges. ovsBridge: "br-int" @@ -2493,6 +2496,291 @@ spec: shortNames: - tf --- +# Source: antrea/templates/crds/trafficcontrol.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: trafficcontrols.crd.antrea.io +spec: + group: crd.antrea.io + versions: + - name: v1alpha2 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + required: + - spec + properties: + spec: + type: object + required: + - appliedTo + - direction + - action + - targetPort + properties: + appliedTo: + type: object + properties: + podSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + x-kubernetes-preserve-unknown-fields: true + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + x-kubernetes-preserve-unknown-fields: true + direction: + type: string + enum: + - Ingress + - Egress + - Both + action: + type: string + enum: + - Mirror + - Redirect + targetPort: + type: object + oneOf: + - required: [ovsInternal] + - required: [device] + - required: [geneve] + - required: [vxlan] + - required: [gre] + - required: [erspan] + properties: + ovsInternal: + type: object + required: + - name + properties: + name: + type: string + device: + type: object + required: + - name + properties: + name: + type: string + geneve: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + vni: + type: integer + minimum: 0 + maximum: 16777215 + destinationPort: + type: integer + minimum: 1 + maximum: 65535 + vxlan: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + vni: + type: integer + minimum: 0 + maximum: 16777215 + destinationPort: + type: integer + minimum: 1 + maximum: 65535 + gre: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + key: + type: integer + minimum: 0 + maximum: 4294967295 + erspan: + type: object + required: + - remoteIP + - version + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + sessionID: + type: integer + minimum: 0 + maximum: 1023 + version: + type: integer + enum: + - 1 + - 2 + index: + type: integer + dir: + type: integer + enum: + - 0 + - 1 + hardwareID: + type: integer + returnPort: + type: object + oneOf: + - required: [ovsInternal] + - required: [device] + - required: [geneve] + - required: [vxlan] + - required: [gre] + properties: + ovsInternal: + type: object + required: + - name + properties: + name: + type: string + device: + type: object + required: + - name + properties: + name: + type: string + geneve: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + vni: + type: integer + minimum: 0 + maximum: 16777215 + destinationPort: + type: integer + minimum: 1 + maximum: 65535 + vxlan: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + vni: + type: integer + minimum: 0 + maximum: 16777215 + destinationPort: + type: integer + minimum: 1 + maximum: 65535 + gre: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + key: + type: integer + minimum: 0 + maximum: 4294967295 + additionalPrinterColumns: + - description: Specifies the direction of traffic that should be matched. + jsonPath: .spec.direction + name: Direction + type: string + - description: Specifies the action that should be taken for the traffic. + jsonPath: .spec.action + name: Action + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + subresources: + status: {} + scope: Cluster + names: + plural: trafficcontrols + singular: trafficcontrol + kind: TrafficControl + shortNames: + - tc +--- # Source: antrea/templates/agent/clusterrole.yaml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -2663,6 +2951,7 @@ rules: resources: - externalippools - ippools + - trafficcontrols verbs: - get - watch @@ -3180,7 +3469,7 @@ spec: kubectl.kubernetes.io/default-container: antrea-agent # Automatically restart Pods with a RollingUpdate if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: cb46b22ec258614e4df2cc06aaaba03d2a3ecd008de23288dbdce9cd3cc68647 + checksum/config: 4554a36b927c6e64fdbc53b4d4c64673d48c9c829ec444e3be6e699ade8481b6 labels: app: antrea component: antrea-agent @@ -3422,7 +3711,7 @@ spec: annotations: # Automatically restart Pod if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: cb46b22ec258614e4df2cc06aaaba03d2a3ecd008de23288dbdce9cd3cc68647 + checksum/config: 4554a36b927c6e64fdbc53b4d4c64673d48c9c829ec444e3be6e699ade8481b6 labels: app: antrea component: antrea-controller diff --git a/build/yamls/antrea-gke.yml b/build/yamls/antrea-gke.yml index f2a7182d03d..a0ed8f18816 100644 --- a/build/yamls/antrea-gke.yml +++ b/build/yamls/antrea-gke.yml @@ -85,6 +85,9 @@ data: # Enable managing external IPs of Services of LoadBalancer type. # ServiceExternalIP: false + # Enable mirroring or redirecting the traffic Pods send or receive. + # TrafficControl: false + # Name of the OpenVSwitch bridge antrea-agent will create and use. # Make sure it doesn't conflict with your existing OpenVSwitch bridges. ovsBridge: "br-int" @@ -2493,6 +2496,291 @@ spec: shortNames: - tf --- +# Source: antrea/templates/crds/trafficcontrol.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: trafficcontrols.crd.antrea.io +spec: + group: crd.antrea.io + versions: + - name: v1alpha2 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + required: + - spec + properties: + spec: + type: object + required: + - appliedTo + - direction + - action + - targetPort + properties: + appliedTo: + type: object + properties: + podSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + x-kubernetes-preserve-unknown-fields: true + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + x-kubernetes-preserve-unknown-fields: true + direction: + type: string + enum: + - Ingress + - Egress + - Both + action: + type: string + enum: + - Mirror + - Redirect + targetPort: + type: object + oneOf: + - required: [ovsInternal] + - required: [device] + - required: [geneve] + - required: [vxlan] + - required: [gre] + - required: [erspan] + properties: + ovsInternal: + type: object + required: + - name + properties: + name: + type: string + device: + type: object + required: + - name + properties: + name: + type: string + geneve: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + vni: + type: integer + minimum: 0 + maximum: 16777215 + destinationPort: + type: integer + minimum: 1 + maximum: 65535 + vxlan: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + vni: + type: integer + minimum: 0 + maximum: 16777215 + destinationPort: + type: integer + minimum: 1 + maximum: 65535 + gre: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + key: + type: integer + minimum: 0 + maximum: 4294967295 + erspan: + type: object + required: + - remoteIP + - version + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + sessionID: + type: integer + minimum: 0 + maximum: 1023 + version: + type: integer + enum: + - 1 + - 2 + index: + type: integer + dir: + type: integer + enum: + - 0 + - 1 + hardwareID: + type: integer + returnPort: + type: object + oneOf: + - required: [ovsInternal] + - required: [device] + - required: [geneve] + - required: [vxlan] + - required: [gre] + properties: + ovsInternal: + type: object + required: + - name + properties: + name: + type: string + device: + type: object + required: + - name + properties: + name: + type: string + geneve: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + vni: + type: integer + minimum: 0 + maximum: 16777215 + destinationPort: + type: integer + minimum: 1 + maximum: 65535 + vxlan: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + vni: + type: integer + minimum: 0 + maximum: 16777215 + destinationPort: + type: integer + minimum: 1 + maximum: 65535 + gre: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + key: + type: integer + minimum: 0 + maximum: 4294967295 + additionalPrinterColumns: + - description: Specifies the direction of traffic that should be matched. + jsonPath: .spec.direction + name: Direction + type: string + - description: Specifies the action that should be taken for the traffic. + jsonPath: .spec.action + name: Action + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + subresources: + status: {} + scope: Cluster + names: + plural: trafficcontrols + singular: trafficcontrol + kind: TrafficControl + shortNames: + - tc +--- # Source: antrea/templates/agent/clusterrole.yaml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -2663,6 +2951,7 @@ rules: resources: - externalippools - ippools + - trafficcontrols verbs: - get - watch @@ -3180,7 +3469,7 @@ spec: kubectl.kubernetes.io/default-container: antrea-agent # Automatically restart Pods with a RollingUpdate if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: 5cde7917b9224b515967d437777f2243699069b38d5c4811766993426fd138bd + checksum/config: edef4c00e4f28a10dc1e077086ef68641a9a3b53d0fe7d47ff3dafc2ce5d5c9b labels: app: antrea component: antrea-agent @@ -3420,7 +3709,7 @@ spec: annotations: # Automatically restart Pod if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: 5cde7917b9224b515967d437777f2243699069b38d5c4811766993426fd138bd + checksum/config: edef4c00e4f28a10dc1e077086ef68641a9a3b53d0fe7d47ff3dafc2ce5d5c9b labels: app: antrea component: antrea-controller diff --git a/build/yamls/antrea-ipsec.yml b/build/yamls/antrea-ipsec.yml index 3202ea4b687..d029f1a8e2f 100644 --- a/build/yamls/antrea-ipsec.yml +++ b/build/yamls/antrea-ipsec.yml @@ -98,6 +98,9 @@ data: # Enable managing external IPs of Services of LoadBalancer type. # ServiceExternalIP: false + # Enable mirroring or redirecting the traffic Pods send or receive. + # TrafficControl: false + # Name of the OpenVSwitch bridge antrea-agent will create and use. # Make sure it doesn't conflict with your existing OpenVSwitch bridges. ovsBridge: "br-int" @@ -2506,6 +2509,291 @@ spec: shortNames: - tf --- +# Source: antrea/templates/crds/trafficcontrol.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: trafficcontrols.crd.antrea.io +spec: + group: crd.antrea.io + versions: + - name: v1alpha2 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + required: + - spec + properties: + spec: + type: object + required: + - appliedTo + - direction + - action + - targetPort + properties: + appliedTo: + type: object + properties: + podSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + x-kubernetes-preserve-unknown-fields: true + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + x-kubernetes-preserve-unknown-fields: true + direction: + type: string + enum: + - Ingress + - Egress + - Both + action: + type: string + enum: + - Mirror + - Redirect + targetPort: + type: object + oneOf: + - required: [ovsInternal] + - required: [device] + - required: [geneve] + - required: [vxlan] + - required: [gre] + - required: [erspan] + properties: + ovsInternal: + type: object + required: + - name + properties: + name: + type: string + device: + type: object + required: + - name + properties: + name: + type: string + geneve: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + vni: + type: integer + minimum: 0 + maximum: 16777215 + destinationPort: + type: integer + minimum: 1 + maximum: 65535 + vxlan: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + vni: + type: integer + minimum: 0 + maximum: 16777215 + destinationPort: + type: integer + minimum: 1 + maximum: 65535 + gre: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + key: + type: integer + minimum: 0 + maximum: 4294967295 + erspan: + type: object + required: + - remoteIP + - version + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + sessionID: + type: integer + minimum: 0 + maximum: 1023 + version: + type: integer + enum: + - 1 + - 2 + index: + type: integer + dir: + type: integer + enum: + - 0 + - 1 + hardwareID: + type: integer + returnPort: + type: object + oneOf: + - required: [ovsInternal] + - required: [device] + - required: [geneve] + - required: [vxlan] + - required: [gre] + properties: + ovsInternal: + type: object + required: + - name + properties: + name: + type: string + device: + type: object + required: + - name + properties: + name: + type: string + geneve: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + vni: + type: integer + minimum: 0 + maximum: 16777215 + destinationPort: + type: integer + minimum: 1 + maximum: 65535 + vxlan: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + vni: + type: integer + minimum: 0 + maximum: 16777215 + destinationPort: + type: integer + minimum: 1 + maximum: 65535 + gre: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + key: + type: integer + minimum: 0 + maximum: 4294967295 + additionalPrinterColumns: + - description: Specifies the direction of traffic that should be matched. + jsonPath: .spec.direction + name: Direction + type: string + - description: Specifies the action that should be taken for the traffic. + jsonPath: .spec.action + name: Action + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + subresources: + status: {} + scope: Cluster + names: + plural: trafficcontrols + singular: trafficcontrol + kind: TrafficControl + shortNames: + - tc +--- # Source: antrea/templates/agent/clusterrole.yaml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -2676,6 +2964,7 @@ rules: resources: - externalippools - ippools + - trafficcontrols verbs: - get - watch @@ -3193,7 +3482,7 @@ spec: kubectl.kubernetes.io/default-container: antrea-agent # Automatically restart Pods with a RollingUpdate if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: cd2d943645be405d6af5e8fa14fa9949ec82ac09efde547e6536fcd5b3013b5d + checksum/config: 50cc962db93c0354f5eaa088e51d690e779692979cbafac0c3e27a88fc2c0c7c checksum/ipsec-secret: d0eb9c52d0cd4311b6d252a951126bf9bea27ec05590bed8a394f0f792dcb2a4 labels: app: antrea @@ -3469,7 +3758,7 @@ spec: annotations: # Automatically restart Pod if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: cd2d943645be405d6af5e8fa14fa9949ec82ac09efde547e6536fcd5b3013b5d + checksum/config: 50cc962db93c0354f5eaa088e51d690e779692979cbafac0c3e27a88fc2c0c7c labels: app: antrea component: antrea-controller diff --git a/build/yamls/antrea.yml b/build/yamls/antrea.yml index 85f0de4bae3..1ceb4e17493 100644 --- a/build/yamls/antrea.yml +++ b/build/yamls/antrea.yml @@ -85,6 +85,9 @@ data: # Enable managing external IPs of Services of LoadBalancer type. # ServiceExternalIP: false + # Enable mirroring or redirecting the traffic Pods send or receive. + # TrafficControl: false + # Name of the OpenVSwitch bridge antrea-agent will create and use. # Make sure it doesn't conflict with your existing OpenVSwitch bridges. ovsBridge: "br-int" @@ -2493,6 +2496,291 @@ spec: shortNames: - tf --- +# Source: antrea/templates/crds/trafficcontrol.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: trafficcontrols.crd.antrea.io +spec: + group: crd.antrea.io + versions: + - name: v1alpha2 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + required: + - spec + properties: + spec: + type: object + required: + - appliedTo + - direction + - action + - targetPort + properties: + appliedTo: + type: object + properties: + podSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + x-kubernetes-preserve-unknown-fields: true + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + x-kubernetes-preserve-unknown-fields: true + direction: + type: string + enum: + - Ingress + - Egress + - Both + action: + type: string + enum: + - Mirror + - Redirect + targetPort: + type: object + oneOf: + - required: [ovsInternal] + - required: [device] + - required: [geneve] + - required: [vxlan] + - required: [gre] + - required: [erspan] + properties: + ovsInternal: + type: object + required: + - name + properties: + name: + type: string + device: + type: object + required: + - name + properties: + name: + type: string + geneve: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + vni: + type: integer + minimum: 0 + maximum: 16777215 + destinationPort: + type: integer + minimum: 1 + maximum: 65535 + vxlan: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + vni: + type: integer + minimum: 0 + maximum: 16777215 + destinationPort: + type: integer + minimum: 1 + maximum: 65535 + gre: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + key: + type: integer + minimum: 0 + maximum: 4294967295 + erspan: + type: object + required: + - remoteIP + - version + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + sessionID: + type: integer + minimum: 0 + maximum: 1023 + version: + type: integer + enum: + - 1 + - 2 + index: + type: integer + dir: + type: integer + enum: + - 0 + - 1 + hardwareID: + type: integer + returnPort: + type: object + oneOf: + - required: [ovsInternal] + - required: [device] + - required: [geneve] + - required: [vxlan] + - required: [gre] + properties: + ovsInternal: + type: object + required: + - name + properties: + name: + type: string + device: + type: object + required: + - name + properties: + name: + type: string + geneve: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + vni: + type: integer + minimum: 0 + maximum: 16777215 + destinationPort: + type: integer + minimum: 1 + maximum: 65535 + vxlan: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + vni: + type: integer + minimum: 0 + maximum: 16777215 + destinationPort: + type: integer + minimum: 1 + maximum: 65535 + gre: + type: object + required: + - remoteIP + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + key: + type: integer + minimum: 0 + maximum: 4294967295 + additionalPrinterColumns: + - description: Specifies the direction of traffic that should be matched. + jsonPath: .spec.direction + name: Direction + type: string + - description: Specifies the action that should be taken for the traffic. + jsonPath: .spec.action + name: Action + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + subresources: + status: {} + scope: Cluster + names: + plural: trafficcontrols + singular: trafficcontrol + kind: TrafficControl + shortNames: + - tc +--- # Source: antrea/templates/agent/clusterrole.yaml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -2663,6 +2951,7 @@ rules: resources: - externalippools - ippools + - trafficcontrols verbs: - get - watch @@ -3180,7 +3469,7 @@ spec: kubectl.kubernetes.io/default-container: antrea-agent # Automatically restart Pods with a RollingUpdate if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: 4605b6a5554073a43eacb44136f408bc84bd5fb4e91c95db3ddbf47add0e36d0 + checksum/config: f7414e9171ab246b09dc380bc7934ebac81af7a5ef7bd3f73d661b6301040768 labels: app: antrea component: antrea-agent @@ -3420,7 +3709,7 @@ spec: annotations: # Automatically restart Pod if the ConfigMap changes # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments - checksum/config: 4605b6a5554073a43eacb44136f408bc84bd5fb4e91c95db3ddbf47add0e36d0 + checksum/config: f7414e9171ab246b09dc380bc7934ebac81af7a5ef7bd3f73d661b6301040768 labels: app: antrea component: antrea-controller diff --git a/pkg/apis/crd/v1alpha2/types.go b/pkg/apis/crd/v1alpha2/types.go index 3ee90effe31..15d18e2b926 100644 --- a/pkg/apis/crd/v1alpha2/types.go +++ b/pkg/apis/crd/v1alpha2/types.go @@ -389,3 +389,127 @@ type IPPoolList struct { Items []IPPool `json:"items"` } + +// +genclient +// +genclient:nonNamespaced +// +genclient:noStatus +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// TrafficControl allows mirroring or redirecting the traffic Pods send or receive. It enables users to monitor and +// analyze Pod traffic, and to enforce custom network protections for Pods with fine-grained control over network +// traffic. +type TrafficControl struct { + metav1.TypeMeta `json:",inline"` + // Standard metadata of the object. + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Specification of the desired behavior of TrafficControl. + Spec TrafficControlSpec `json:"spec"` +} + +type TrafficControlSpec struct { + // AppliedTo selects Pods to which the traffic control configuration will be applied. + AppliedTo AppliedTo `json:"appliedTo"` + + // The direction of traffic that should be matched. It can be Ingress, Egress, or Both. + Direction Direction `json:"direction"` + + // The action that should be taken for the traffic. It can be Redirect or Mirror. + Action TrafficControlAction `json:"action"` + + // The port to which the traffic should be redirected or mirrored. + TargetPort TrafficControlPort `json:"targetPort"` + + // The port from which the traffic will be sent back to OVS. It should only be set for Redirect action. + ReturnPort *TrafficControlPort `json:"returnPort,omitempty"` +} + +type Direction string + +const ( + DirectionIngress Direction = "Ingress" + DirectionEgress Direction = "Egress" + DirectionBoth Direction = "Both" +) + +type TrafficControlAction string + +const ( + ActionRedirect TrafficControlAction = "Redirect" + ActionMirror TrafficControlAction = "Mirror" +) + +// TrafficControlPort represents a port that can be used as the target of traffic mirroring or redirecting, and the +// return port of traffic redirecting. +type TrafficControlPort struct { + // OVSInternal represents an OVS internal port. + OVSInternal *OVSInternalPort `json:"ovsInternal,omitempty"` + // Device represents a network device. + Device *NetworkDevice `json:"device,omitempty"` + // GENEVE represents a GENEVE tunnel. + GENEVE *UDPTunnel `json:"geneve,omitempty"` + // VXLAN represents a VXLAN tunnel. + VXLAN *UDPTunnel `json:"vxlan,omitempty"` + // GRE represents a GRE tunnel. + GRE *GRETunnel `json:"gre,omitempty"` + // ERSPAN represents a ERSPAN tunnel. + ERSPAN *ERSPANTunnel `json:"erspan,omitempty"` +} + +// OVSInternalPort represents an OVS internal port. Antrea will create the port if it doesn't exist. +type OVSInternalPort struct { + // The name of the OVS internal port. + Name string `json:"name"` +} + +// NetworkDevice represents a network device. It must exist on all Nodes. Antrea will attach it to the OVS bridge if it +// is not attached. +type NetworkDevice struct { + // The name of the network device. + Name string `json:"name"` +} + +// UDPTunnel represents a UDP based tunnel. Antrea will create a port on the OVS bridge for the tunnel. +type UDPTunnel struct { + // The remote IP of the tunnel. + RemoteIP string `json:"remoteIP"` + // The ID of the tunnel. + VNI *int32 `json:"vni,omitempty"` + // The transport layer destination port of the tunnel. If not specified, the assigned IANA port will be used, i.e., + // 4789 for VXLAN, 6081 for GENEVE. + DestinationPort *int32 `json:"destinationPort,omitempty"` +} + +// GRETunnel represents a GRE tunnel. Antrea will create a port on the OVS bridge for the tunnel. +type GRETunnel struct { + // The remote IP of the tunnel. + RemoteIP string `json:"remoteIP"` + // GRE key. + Key *int32 `json:"key,omitempty"` +} + +// ERSPANTunnel represents an ERSPAN tunnel. Antrea will create a port on the OVS bridge for the tunnel. +type ERSPANTunnel struct { + // The remote IP of the tunnel. + RemoteIP string `json:"remoteIP"` + // ERSPAN session ID. + SessionID *int32 `json:"sessionID,omitempty"` + // ERSPAN version. + Version int32 `json:"version"` + // ERSPAN Index. + Index *int32 `json:"index,omitempty"` + // ERSPAN v2 mirrored traffic’s direction. + Dir *int32 `json:"dir,omitempty"` + // ERSPAN hardware ID. + HardwareID *int32 `json:"hardwareID,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +type TrafficControlList struct { + metav1.TypeMeta `json:",inline"` + // +optional + metav1.ListMeta `json:"metadata,omitempty"` + + Items []TrafficControl `json:"items"` +} diff --git a/pkg/apis/crd/v1alpha2/zz_generated.deepcopy.go b/pkg/apis/crd/v1alpha2/zz_generated.deepcopy.go index 4334cb9f36e..ab1449891e8 100644 --- a/pkg/apis/crd/v1alpha2/zz_generated.deepcopy.go +++ b/pkg/apis/crd/v1alpha2/zz_generated.deepcopy.go @@ -117,6 +117,42 @@ func (in *ClusterGroupList) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ERSPANTunnel) DeepCopyInto(out *ERSPANTunnel) { + *out = *in + if in.SessionID != nil { + in, out := &in.SessionID, &out.SessionID + *out = new(int32) + **out = **in + } + if in.Index != nil { + in, out := &in.Index, &out.Index + *out = new(int32) + **out = **in + } + if in.Dir != nil { + in, out := &in.Dir, &out.Dir + *out = new(int32) + **out = **in + } + if in.HardwareID != nil { + in, out := &in.HardwareID, &out.HardwareID + *out = new(int32) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ERSPANTunnel. +func (in *ERSPANTunnel) DeepCopy() *ERSPANTunnel { + if in == nil { + return nil + } + out := new(ERSPANTunnel) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Egress) DeepCopyInto(out *Egress) { *out = *in @@ -429,6 +465,27 @@ func (in *ExternalIPPoolUsage) DeepCopy() *ExternalIPPoolUsage { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GRETunnel) DeepCopyInto(out *GRETunnel) { + *out = *in + if in.Key != nil { + in, out := &in.Key, &out.Key + *out = new(int32) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRETunnel. +func (in *GRETunnel) DeepCopy() *GRETunnel { + if in == nil { + return nil + } + out := new(GRETunnel) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GroupCondition) DeepCopyInto(out *GroupCondition) { *out = *in @@ -700,6 +757,38 @@ func (in *NamedPort) DeepCopy() *NamedPort { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkDevice) DeepCopyInto(out *NetworkDevice) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkDevice. +func (in *NetworkDevice) DeepCopy() *NetworkDevice { + if in == nil { + return nil + } + out := new(NetworkDevice) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OVSInternalPort) DeepCopyInto(out *OVSInternalPort) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OVSInternalPort. +func (in *OVSInternalPort) DeepCopy() *OVSInternalPort { + if in == nil { + return nil + } + out := new(OVSInternalPort) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PodOwner) DeepCopyInto(out *PodOwner) { *out = *in @@ -765,3 +854,158 @@ func (in *SubnetInfo) DeepCopy() *SubnetInfo { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrafficControl) DeepCopyInto(out *TrafficControl) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficControl. +func (in *TrafficControl) DeepCopy() *TrafficControl { + if in == nil { + return nil + } + out := new(TrafficControl) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TrafficControl) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrafficControlList) DeepCopyInto(out *TrafficControlList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]TrafficControl, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficControlList. +func (in *TrafficControlList) DeepCopy() *TrafficControlList { + if in == nil { + return nil + } + out := new(TrafficControlList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TrafficControlList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrafficControlPort) DeepCopyInto(out *TrafficControlPort) { + *out = *in + if in.OVSInternal != nil { + in, out := &in.OVSInternal, &out.OVSInternal + *out = new(OVSInternalPort) + **out = **in + } + if in.Device != nil { + in, out := &in.Device, &out.Device + *out = new(NetworkDevice) + **out = **in + } + if in.GENEVE != nil { + in, out := &in.GENEVE, &out.GENEVE + *out = new(UDPTunnel) + (*in).DeepCopyInto(*out) + } + if in.VXLAN != nil { + in, out := &in.VXLAN, &out.VXLAN + *out = new(UDPTunnel) + (*in).DeepCopyInto(*out) + } + if in.GRE != nil { + in, out := &in.GRE, &out.GRE + *out = new(GRETunnel) + (*in).DeepCopyInto(*out) + } + if in.ERSPAN != nil { + in, out := &in.ERSPAN, &out.ERSPAN + *out = new(ERSPANTunnel) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficControlPort. +func (in *TrafficControlPort) DeepCopy() *TrafficControlPort { + if in == nil { + return nil + } + out := new(TrafficControlPort) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrafficControlSpec) DeepCopyInto(out *TrafficControlSpec) { + *out = *in + in.AppliedTo.DeepCopyInto(&out.AppliedTo) + in.TargetPort.DeepCopyInto(&out.TargetPort) + if in.ReturnPort != nil { + in, out := &in.ReturnPort, &out.ReturnPort + *out = new(TrafficControlPort) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficControlSpec. +func (in *TrafficControlSpec) DeepCopy() *TrafficControlSpec { + if in == nil { + return nil + } + out := new(TrafficControlSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UDPTunnel) DeepCopyInto(out *UDPTunnel) { + *out = *in + if in.VNI != nil { + in, out := &in.VNI, &out.VNI + *out = new(int32) + **out = **in + } + if in.DestinationPort != nil { + in, out := &in.DestinationPort, &out.DestinationPort + *out = new(int32) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UDPTunnel. +func (in *UDPTunnel) DeepCopy() *UDPTunnel { + if in == nil { + return nil + } + out := new(UDPTunnel) + in.DeepCopyInto(out) + return out +} diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha2/crd_client.go b/pkg/client/clientset/versioned/typed/crd/v1alpha2/crd_client.go index fee16296e87..b8c36227701 100644 --- a/pkg/client/clientset/versioned/typed/crd/v1alpha2/crd_client.go +++ b/pkg/client/clientset/versioned/typed/crd/v1alpha2/crd_client.go @@ -29,6 +29,7 @@ type CrdV1alpha2Interface interface { ExternalEntitiesGetter ExternalIPPoolsGetter IPPoolsGetter + TrafficControlsGetter } // CrdV1alpha2Client is used to interact with features provided by the crd.antrea.io group. @@ -56,6 +57,10 @@ func (c *CrdV1alpha2Client) IPPools() IPPoolInterface { return newIPPools(c) } +func (c *CrdV1alpha2Client) TrafficControls() TrafficControlInterface { + return newTrafficControls(c) +} + // NewForConfig creates a new CrdV1alpha2Client for the given config. func NewForConfig(c *rest.Config) (*CrdV1alpha2Client, error) { config := *c diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_crd_client.go b/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_crd_client.go index f0e5036b47a..9e616b87e44 100644 --- a/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_crd_client.go +++ b/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_crd_client.go @@ -46,6 +46,10 @@ func (c *FakeCrdV1alpha2) IPPools() v1alpha2.IPPoolInterface { return &FakeIPPools{c} } +func (c *FakeCrdV1alpha2) TrafficControls() v1alpha2.TrafficControlInterface { + return &FakeTrafficControls{c} +} + // RESTClient returns a RESTClient that is used to communicate // with API server by this client implementation. func (c *FakeCrdV1alpha2) RESTClient() rest.Interface { diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_trafficcontrol.go b/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_trafficcontrol.go new file mode 100644 index 00000000000..770bb706ffd --- /dev/null +++ b/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_trafficcontrol.go @@ -0,0 +1,120 @@ +// Copyright 2022 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1alpha2 "antrea.io/antrea/pkg/apis/crd/v1alpha2" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeTrafficControls implements TrafficControlInterface +type FakeTrafficControls struct { + Fake *FakeCrdV1alpha2 +} + +var trafficcontrolsResource = schema.GroupVersionResource{Group: "crd.antrea.io", Version: "v1alpha2", Resource: "trafficcontrols"} + +var trafficcontrolsKind = schema.GroupVersionKind{Group: "crd.antrea.io", Version: "v1alpha2", Kind: "TrafficControl"} + +// Get takes name of the trafficControl, and returns the corresponding trafficControl object, and an error if there is any. +func (c *FakeTrafficControls) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha2.TrafficControl, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootGetAction(trafficcontrolsResource, name), &v1alpha2.TrafficControl{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha2.TrafficControl), err +} + +// List takes label and field selectors, and returns the list of TrafficControls that match those selectors. +func (c *FakeTrafficControls) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha2.TrafficControlList, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootListAction(trafficcontrolsResource, trafficcontrolsKind, opts), &v1alpha2.TrafficControlList{}) + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha2.TrafficControlList{ListMeta: obj.(*v1alpha2.TrafficControlList).ListMeta} + for _, item := range obj.(*v1alpha2.TrafficControlList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested trafficControls. +func (c *FakeTrafficControls) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewRootWatchAction(trafficcontrolsResource, opts)) +} + +// Create takes the representation of a trafficControl and creates it. Returns the server's representation of the trafficControl, and an error, if there is any. +func (c *FakeTrafficControls) Create(ctx context.Context, trafficControl *v1alpha2.TrafficControl, opts v1.CreateOptions) (result *v1alpha2.TrafficControl, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootCreateAction(trafficcontrolsResource, trafficControl), &v1alpha2.TrafficControl{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha2.TrafficControl), err +} + +// Update takes the representation of a trafficControl and updates it. Returns the server's representation of the trafficControl, and an error, if there is any. +func (c *FakeTrafficControls) Update(ctx context.Context, trafficControl *v1alpha2.TrafficControl, opts v1.UpdateOptions) (result *v1alpha2.TrafficControl, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateAction(trafficcontrolsResource, trafficControl), &v1alpha2.TrafficControl{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha2.TrafficControl), err +} + +// Delete takes name of the trafficControl and deletes it. Returns an error if one occurs. +func (c *FakeTrafficControls) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewRootDeleteAction(trafficcontrolsResource, name), &v1alpha2.TrafficControl{}) + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeTrafficControls) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewRootDeleteCollectionAction(trafficcontrolsResource, listOpts) + + _, err := c.Fake.Invokes(action, &v1alpha2.TrafficControlList{}) + return err +} + +// Patch applies the patch and returns the patched trafficControl. +func (c *FakeTrafficControls) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.TrafficControl, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootPatchSubresourceAction(trafficcontrolsResource, name, pt, data, subresources...), &v1alpha2.TrafficControl{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha2.TrafficControl), err +} diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha2/generated_expansion.go b/pkg/client/clientset/versioned/typed/crd/v1alpha2/generated_expansion.go index 96ff9a45571..83ac45a1e33 100644 --- a/pkg/client/clientset/versioned/typed/crd/v1alpha2/generated_expansion.go +++ b/pkg/client/clientset/versioned/typed/crd/v1alpha2/generated_expansion.go @@ -25,3 +25,5 @@ type ExternalEntityExpansion interface{} type ExternalIPPoolExpansion interface{} type IPPoolExpansion interface{} + +type TrafficControlExpansion interface{} diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha2/trafficcontrol.go b/pkg/client/clientset/versioned/typed/crd/v1alpha2/trafficcontrol.go new file mode 100644 index 00000000000..22145d61ce6 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/crd/v1alpha2/trafficcontrol.go @@ -0,0 +1,166 @@ +// Copyright 2022 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha2 + +import ( + "context" + "time" + + v1alpha2 "antrea.io/antrea/pkg/apis/crd/v1alpha2" + scheme "antrea.io/antrea/pkg/client/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// TrafficControlsGetter has a method to return a TrafficControlInterface. +// A group's client should implement this interface. +type TrafficControlsGetter interface { + TrafficControls() TrafficControlInterface +} + +// TrafficControlInterface has methods to work with TrafficControl resources. +type TrafficControlInterface interface { + Create(ctx context.Context, trafficControl *v1alpha2.TrafficControl, opts v1.CreateOptions) (*v1alpha2.TrafficControl, error) + Update(ctx context.Context, trafficControl *v1alpha2.TrafficControl, opts v1.UpdateOptions) (*v1alpha2.TrafficControl, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha2.TrafficControl, error) + List(ctx context.Context, opts v1.ListOptions) (*v1alpha2.TrafficControlList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.TrafficControl, err error) + TrafficControlExpansion +} + +// trafficControls implements TrafficControlInterface +type trafficControls struct { + client rest.Interface +} + +// newTrafficControls returns a TrafficControls +func newTrafficControls(c *CrdV1alpha2Client) *trafficControls { + return &trafficControls{ + client: c.RESTClient(), + } +} + +// Get takes name of the trafficControl, and returns the corresponding trafficControl object, and an error if there is any. +func (c *trafficControls) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha2.TrafficControl, err error) { + result = &v1alpha2.TrafficControl{} + err = c.client.Get(). + Resource("trafficcontrols"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of TrafficControls that match those selectors. +func (c *trafficControls) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha2.TrafficControlList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1alpha2.TrafficControlList{} + err = c.client.Get(). + Resource("trafficcontrols"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested trafficControls. +func (c *trafficControls) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Resource("trafficcontrols"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a trafficControl and creates it. Returns the server's representation of the trafficControl, and an error, if there is any. +func (c *trafficControls) Create(ctx context.Context, trafficControl *v1alpha2.TrafficControl, opts v1.CreateOptions) (result *v1alpha2.TrafficControl, err error) { + result = &v1alpha2.TrafficControl{} + err = c.client.Post(). + Resource("trafficcontrols"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(trafficControl). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a trafficControl and updates it. Returns the server's representation of the trafficControl, and an error, if there is any. +func (c *trafficControls) Update(ctx context.Context, trafficControl *v1alpha2.TrafficControl, opts v1.UpdateOptions) (result *v1alpha2.TrafficControl, err error) { + result = &v1alpha2.TrafficControl{} + err = c.client.Put(). + Resource("trafficcontrols"). + Name(trafficControl.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(trafficControl). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the trafficControl and deletes it. Returns an error if one occurs. +func (c *trafficControls) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + return c.client.Delete(). + Resource("trafficcontrols"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *trafficControls) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Resource("trafficcontrols"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched trafficControl. +func (c *trafficControls) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.TrafficControl, err error) { + result = &v1alpha2.TrafficControl{} + err = c.client.Patch(pt). + Resource("trafficcontrols"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/informers/externalversions/crd/v1alpha2/interface.go b/pkg/client/informers/externalversions/crd/v1alpha2/interface.go index 301fa61773f..cf2fef7feb2 100644 --- a/pkg/client/informers/externalversions/crd/v1alpha2/interface.go +++ b/pkg/client/informers/externalversions/crd/v1alpha2/interface.go @@ -32,6 +32,8 @@ type Interface interface { ExternalIPPools() ExternalIPPoolInformer // IPPools returns a IPPoolInformer. IPPools() IPPoolInformer + // TrafficControls returns a TrafficControlInformer. + TrafficControls() TrafficControlInformer } type version struct { @@ -69,3 +71,8 @@ func (v *version) ExternalIPPools() ExternalIPPoolInformer { func (v *version) IPPools() IPPoolInformer { return &iPPoolInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} } + +// TrafficControls returns a TrafficControlInformer. +func (v *version) TrafficControls() TrafficControlInformer { + return &trafficControlInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} +} diff --git a/pkg/client/informers/externalversions/crd/v1alpha2/trafficcontrol.go b/pkg/client/informers/externalversions/crd/v1alpha2/trafficcontrol.go new file mode 100644 index 00000000000..9b504ddda33 --- /dev/null +++ b/pkg/client/informers/externalversions/crd/v1alpha2/trafficcontrol.go @@ -0,0 +1,87 @@ +// Copyright 2022 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha2 + +import ( + "context" + time "time" + + crdv1alpha2 "antrea.io/antrea/pkg/apis/crd/v1alpha2" + versioned "antrea.io/antrea/pkg/client/clientset/versioned" + internalinterfaces "antrea.io/antrea/pkg/client/informers/externalversions/internalinterfaces" + v1alpha2 "antrea.io/antrea/pkg/client/listers/crd/v1alpha2" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// TrafficControlInformer provides access to a shared informer and lister for +// TrafficControls. +type TrafficControlInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1alpha2.TrafficControlLister +} + +type trafficControlInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// NewTrafficControlInformer constructs a new informer for TrafficControl type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewTrafficControlInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredTrafficControlInformer(client, resyncPeriod, indexers, nil) +} + +// NewFilteredTrafficControlInformer constructs a new informer for TrafficControl type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredTrafficControlInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CrdV1alpha2().TrafficControls().List(context.TODO(), options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CrdV1alpha2().TrafficControls().Watch(context.TODO(), options) + }, + }, + &crdv1alpha2.TrafficControl{}, + resyncPeriod, + indexers, + ) +} + +func (f *trafficControlInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredTrafficControlInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *trafficControlInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&crdv1alpha2.TrafficControl{}, f.defaultInformer) +} + +func (f *trafficControlInformer) Lister() v1alpha2.TrafficControlLister { + return v1alpha2.NewTrafficControlLister(f.Informer().GetIndexer()) +} diff --git a/pkg/client/informers/externalversions/generic.go b/pkg/client/informers/externalversions/generic.go index b818c99b188..0378c370c15 100644 --- a/pkg/client/informers/externalversions/generic.go +++ b/pkg/client/informers/externalversions/generic.go @@ -74,6 +74,8 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource return &genericInformer{resource: resource.GroupResource(), informer: f.Crd().V1alpha2().ExternalIPPools().Informer()}, nil case v1alpha2.SchemeGroupVersion.WithResource("ippools"): return &genericInformer{resource: resource.GroupResource(), informer: f.Crd().V1alpha2().IPPools().Informer()}, nil + case v1alpha2.SchemeGroupVersion.WithResource("trafficcontrols"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Crd().V1alpha2().TrafficControls().Informer()}, nil // Group=crd.antrea.io, Version=v1alpha3 case v1alpha3.SchemeGroupVersion.WithResource("clustergroups"): diff --git a/pkg/client/listers/crd/v1alpha2/expansion_generated.go b/pkg/client/listers/crd/v1alpha2/expansion_generated.go index a3d1a120566..6cc05d345cb 100644 --- a/pkg/client/listers/crd/v1alpha2/expansion_generated.go +++ b/pkg/client/listers/crd/v1alpha2/expansion_generated.go @@ -39,3 +39,7 @@ type ExternalIPPoolListerExpansion interface{} // IPPoolListerExpansion allows custom methods to be added to // IPPoolLister. type IPPoolListerExpansion interface{} + +// TrafficControlListerExpansion allows custom methods to be added to +// TrafficControlLister. +type TrafficControlListerExpansion interface{} diff --git a/pkg/client/listers/crd/v1alpha2/trafficcontrol.go b/pkg/client/listers/crd/v1alpha2/trafficcontrol.go new file mode 100644 index 00000000000..c8d15b0757a --- /dev/null +++ b/pkg/client/listers/crd/v1alpha2/trafficcontrol.go @@ -0,0 +1,66 @@ +// Copyright 2022 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha2 + +import ( + v1alpha2 "antrea.io/antrea/pkg/apis/crd/v1alpha2" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// TrafficControlLister helps list TrafficControls. +// All objects returned here must be treated as read-only. +type TrafficControlLister interface { + // List lists all TrafficControls in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha2.TrafficControl, err error) + // Get retrieves the TrafficControl from the index for a given name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1alpha2.TrafficControl, error) + TrafficControlListerExpansion +} + +// trafficControlLister implements the TrafficControlLister interface. +type trafficControlLister struct { + indexer cache.Indexer +} + +// NewTrafficControlLister returns a new TrafficControlLister. +func NewTrafficControlLister(indexer cache.Indexer) TrafficControlLister { + return &trafficControlLister{indexer: indexer} +} + +// List lists all TrafficControls in the indexer. +func (s *trafficControlLister) List(selector labels.Selector) (ret []*v1alpha2.TrafficControl, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha2.TrafficControl)) + }) + return ret, err +} + +// Get retrieves the TrafficControl from the index for a given name. +func (s *trafficControlLister) Get(name string) (*v1alpha2.TrafficControl, error) { + obj, exists, err := s.indexer.GetByKey(name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1alpha2.Resource("trafficcontrol"), name) + } + return obj.(*v1alpha2.TrafficControl), nil +} diff --git a/pkg/features/antrea_features.go b/pkg/features/antrea_features.go index 9b638f9132c..73a7d15f461 100644 --- a/pkg/features/antrea_features.go +++ b/pkg/features/antrea_features.go @@ -91,6 +91,10 @@ const ( // alpha: v1.5 // Enable controlling Services with ExternalIP. ServiceExternalIP featuregate.Feature = "ServiceExternalIP" + + // alpha: v1.7 + // Enable mirroring or redirecting the traffic Pods send or receive. + TrafficControl featuregate.Feature = "TrafficControl" ) var ( @@ -118,6 +122,7 @@ var ( Multicast: {Default: false, PreRelease: featuregate.Alpha}, SecondaryNetwork: {Default: false, PreRelease: featuregate.Alpha}, ServiceExternalIP: {Default: false, PreRelease: featuregate.Alpha}, + TrafficControl: {Default: false, PreRelease: featuregate.Alpha}, } // UnsupportedFeaturesOnWindows records the features not supported on