From 762ab2ce81ab99a5b84475632d35e8d6fdc70afe Mon Sep 17 00:00:00 2001 From: Quan Tian Date: Thu, 14 Apr 2022 17:38:09 +0000 Subject: [PATCH] Add TrafficControl API TrafficControl is a feature which allows mirroring or redirecting the traffic Pods send or receive. It enables users to monitor and analyze Pod traffic, and to enforce custom network protections for Pods with fine-grained control over network traffic. This patch adds types and CRD for TrafficControl API. Examples: 1. Mirror Pods (web=app) ingress traffic to a VXLAN tunnel ``` apiVersion: crd.antrea.io/v1alpha2 kind: TrafficControl metadata: name: mirror-web-app spec: appliedTo: podSelector: matchLabels: app: web direction: Ingress action: Mirror targetPort: name: vxlan0 tunnel: type: VXLAN remoteIP: 1.1.1.1 ``` 2. Redirect Pods (web=app) traffic in both direction to OVS internal port firewall0 and expect the traffic to re-enter OVS via another OVS internal port firewall1 if they are not dropped. ``` apiVersion: crd.antrea.io/v1alpha2 kind: TrafficControl metadata: name: redirect spec: appliedTo: podSelector: matchLabels: role: web direction: Ingress action: Redirect targetPort: name: firewall0 local: internal: true returnPort: name: firewall1 local: internal: true ``` For #3324 Signed-off-by: Quan Tian --- build/yamls/antrea-aks.yml | 224 ++++++++++++++++++ build/yamls/antrea-eks.yml | 224 ++++++++++++++++++ build/yamls/antrea-gke.yml | 224 ++++++++++++++++++ build/yamls/antrea-ipsec.yml | 224 ++++++++++++++++++ build/yamls/antrea.yml | 224 ++++++++++++++++++ build/yamls/base/crds.yml | 220 +++++++++++++++++ pkg/apis/crd/v1alpha2/types.go | 120 ++++++++++ .../crd/v1alpha2/zz_generated.deepcopy.go | 177 ++++++++++++++ .../typed/crd/v1alpha2/crd_client.go | 7 +- .../crd/v1alpha2/fake/fake_crd_client.go | 6 +- .../crd/v1alpha2/fake/fake_trafficcontrol.go | 120 ++++++++++ .../typed/crd/v1alpha2/generated_expansion.go | 4 +- .../typed/crd/v1alpha2/trafficcontrol.go | 166 +++++++++++++ .../crd/v1alpha2/interface.go | 9 +- .../crd/v1alpha2/trafficcontrol.go | 87 +++++++ .../informers/externalversions/generic.go | 4 +- .../crd/v1alpha2/expansion_generated.go | 6 +- .../listers/crd/v1alpha2/trafficcontrol.go | 66 ++++++ pkg/features/antrea_features.go | 5 + 19 files changed, 2111 insertions(+), 6 deletions(-) create mode 100644 pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_trafficcontrol.go create mode 100644 pkg/client/clientset/versioned/typed/crd/v1alpha2/trafficcontrol.go create mode 100644 pkg/client/informers/externalversions/crd/v1alpha2/trafficcontrol.go create mode 100644 pkg/client/listers/crd/v1alpha2/trafficcontrol.go diff --git a/build/yamls/antrea-aks.yml b/build/yamls/antrea-aks.yml index 1314f24cc87..52b9515ce35 100644 --- a/build/yamls/antrea-aks.yml +++ b/build/yamls/antrea-aks.yml @@ -2055,6 +2055,230 @@ spec: subresources: status: {} --- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app: antrea + name: trafficcontrols.crd.antrea.io +spec: + group: crd.antrea.io + names: + kind: TrafficControl + plural: trafficcontrols + shortNames: + - tc + singular: trafficcontrol + scope: Cluster + versions: + - additionalPrinterColumns: + - description: Specifies the direction of traffic that should be matched. + jsonPath: .spec.direction + name: Direction + type: string + - description: Specifies the action that should be taken for the traffic. + jsonPath: .spec.action + name: Action + type: string + - description: Specifies the port to which the traffic should be redirected or + mirrored. + jsonPath: .spec.targetPort.name + name: TargetPort + type: string + - description: Specifies the port from which the the traffic will be sent back + to OVS. + jsonPath: .spec.returnPort.name + name: ReturnPort + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha2 + schema: + openAPIV3Schema: + properties: + spec: + properties: + action: + enum: + - Mirror + - Redirect + type: string + appliedTo: + properties: + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + direction: + enum: + - Ingress + - Egress + - Both + type: string + returnPort: + oneOf: + - required: + - local + - required: + - tunnel + - required: + - erspan + properties: + local: + properties: + internal: + type: boolean + required: + - internal + type: object + name: + type: string + tunnel: + properties: + remoteIP: + oneOf: + - format: ipv4 + - format: ipv6 + type: string + tunnelID: + type: integer + type: + enum: + - VXLAN + - GENEVE + - GRE + type: string + required: + - type + - remoteIP + type: object + required: + - name + type: object + targetPort: + oneOf: + - required: + - local + - required: + - tunnel + - required: + - erspan + properties: + erspan: + properties: + dir: + type: integer + hardwareID: + type: integer + index: + type: integer + remoteIP: + oneOf: + - format: ipv4 + - format: ipv6 + type: string + tunnelID: + type: integer + version: + enum: + - 1 + - 2 + type: integer + required: + - remoteIP + - version + type: object + local: + properties: + internal: + type: boolean + required: + - internal + type: object + name: + type: string + tunnel: + properties: + remoteIP: + oneOf: + - format: ipv4 + - format: ipv6 + type: string + tunnelID: + type: integer + type: + enum: + - VXLAN + - GENEVE + - GRE + type: string + required: + - type + - remoteIP + type: object + required: + - name + type: object + required: + - appliedTo + - direction + - action + - targetPort + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- apiVersion: v1 kind: ServiceAccount metadata: diff --git a/build/yamls/antrea-eks.yml b/build/yamls/antrea-eks.yml index 88a7d90af96..0948ae7775f 100644 --- a/build/yamls/antrea-eks.yml +++ b/build/yamls/antrea-eks.yml @@ -2055,6 +2055,230 @@ spec: subresources: status: {} --- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app: antrea + name: trafficcontrols.crd.antrea.io +spec: + group: crd.antrea.io + names: + kind: TrafficControl + plural: trafficcontrols + shortNames: + - tc + singular: trafficcontrol + scope: Cluster + versions: + - additionalPrinterColumns: + - description: Specifies the direction of traffic that should be matched. + jsonPath: .spec.direction + name: Direction + type: string + - description: Specifies the action that should be taken for the traffic. + jsonPath: .spec.action + name: Action + type: string + - description: Specifies the port to which the traffic should be redirected or + mirrored. + jsonPath: .spec.targetPort.name + name: TargetPort + type: string + - description: Specifies the port from which the the traffic will be sent back + to OVS. + jsonPath: .spec.returnPort.name + name: ReturnPort + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha2 + schema: + openAPIV3Schema: + properties: + spec: + properties: + action: + enum: + - Mirror + - Redirect + type: string + appliedTo: + properties: + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + direction: + enum: + - Ingress + - Egress + - Both + type: string + returnPort: + oneOf: + - required: + - local + - required: + - tunnel + - required: + - erspan + properties: + local: + properties: + internal: + type: boolean + required: + - internal + type: object + name: + type: string + tunnel: + properties: + remoteIP: + oneOf: + - format: ipv4 + - format: ipv6 + type: string + tunnelID: + type: integer + type: + enum: + - VXLAN + - GENEVE + - GRE + type: string + required: + - type + - remoteIP + type: object + required: + - name + type: object + targetPort: + oneOf: + - required: + - local + - required: + - tunnel + - required: + - erspan + properties: + erspan: + properties: + dir: + type: integer + hardwareID: + type: integer + index: + type: integer + remoteIP: + oneOf: + - format: ipv4 + - format: ipv6 + type: string + tunnelID: + type: integer + version: + enum: + - 1 + - 2 + type: integer + required: + - remoteIP + - version + type: object + local: + properties: + internal: + type: boolean + required: + - internal + type: object + name: + type: string + tunnel: + properties: + remoteIP: + oneOf: + - format: ipv4 + - format: ipv6 + type: string + tunnelID: + type: integer + type: + enum: + - VXLAN + - GENEVE + - GRE + type: string + required: + - type + - remoteIP + type: object + required: + - name + type: object + required: + - appliedTo + - direction + - action + - targetPort + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- apiVersion: v1 kind: ServiceAccount metadata: diff --git a/build/yamls/antrea-gke.yml b/build/yamls/antrea-gke.yml index c44947bcb19..dbade9b8269 100644 --- a/build/yamls/antrea-gke.yml +++ b/build/yamls/antrea-gke.yml @@ -2055,6 +2055,230 @@ spec: subresources: status: {} --- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app: antrea + name: trafficcontrols.crd.antrea.io +spec: + group: crd.antrea.io + names: + kind: TrafficControl + plural: trafficcontrols + shortNames: + - tc + singular: trafficcontrol + scope: Cluster + versions: + - additionalPrinterColumns: + - description: Specifies the direction of traffic that should be matched. + jsonPath: .spec.direction + name: Direction + type: string + - description: Specifies the action that should be taken for the traffic. + jsonPath: .spec.action + name: Action + type: string + - description: Specifies the port to which the traffic should be redirected or + mirrored. + jsonPath: .spec.targetPort.name + name: TargetPort + type: string + - description: Specifies the port from which the the traffic will be sent back + to OVS. + jsonPath: .spec.returnPort.name + name: ReturnPort + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha2 + schema: + openAPIV3Schema: + properties: + spec: + properties: + action: + enum: + - Mirror + - Redirect + type: string + appliedTo: + properties: + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + direction: + enum: + - Ingress + - Egress + - Both + type: string + returnPort: + oneOf: + - required: + - local + - required: + - tunnel + - required: + - erspan + properties: + local: + properties: + internal: + type: boolean + required: + - internal + type: object + name: + type: string + tunnel: + properties: + remoteIP: + oneOf: + - format: ipv4 + - format: ipv6 + type: string + tunnelID: + type: integer + type: + enum: + - VXLAN + - GENEVE + - GRE + type: string + required: + - type + - remoteIP + type: object + required: + - name + type: object + targetPort: + oneOf: + - required: + - local + - required: + - tunnel + - required: + - erspan + properties: + erspan: + properties: + dir: + type: integer + hardwareID: + type: integer + index: + type: integer + remoteIP: + oneOf: + - format: ipv4 + - format: ipv6 + type: string + tunnelID: + type: integer + version: + enum: + - 1 + - 2 + type: integer + required: + - remoteIP + - version + type: object + local: + properties: + internal: + type: boolean + required: + - internal + type: object + name: + type: string + tunnel: + properties: + remoteIP: + oneOf: + - format: ipv4 + - format: ipv6 + type: string + tunnelID: + type: integer + type: + enum: + - VXLAN + - GENEVE + - GRE + type: string + required: + - type + - remoteIP + type: object + required: + - name + type: object + required: + - appliedTo + - direction + - action + - targetPort + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- apiVersion: v1 kind: ServiceAccount metadata: diff --git a/build/yamls/antrea-ipsec.yml b/build/yamls/antrea-ipsec.yml index b7448c94cf1..029fd8dad88 100644 --- a/build/yamls/antrea-ipsec.yml +++ b/build/yamls/antrea-ipsec.yml @@ -2055,6 +2055,230 @@ spec: subresources: status: {} --- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app: antrea + name: trafficcontrols.crd.antrea.io +spec: + group: crd.antrea.io + names: + kind: TrafficControl + plural: trafficcontrols + shortNames: + - tc + singular: trafficcontrol + scope: Cluster + versions: + - additionalPrinterColumns: + - description: Specifies the direction of traffic that should be matched. + jsonPath: .spec.direction + name: Direction + type: string + - description: Specifies the action that should be taken for the traffic. + jsonPath: .spec.action + name: Action + type: string + - description: Specifies the port to which the traffic should be redirected or + mirrored. + jsonPath: .spec.targetPort.name + name: TargetPort + type: string + - description: Specifies the port from which the the traffic will be sent back + to OVS. + jsonPath: .spec.returnPort.name + name: ReturnPort + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha2 + schema: + openAPIV3Schema: + properties: + spec: + properties: + action: + enum: + - Mirror + - Redirect + type: string + appliedTo: + properties: + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + direction: + enum: + - Ingress + - Egress + - Both + type: string + returnPort: + oneOf: + - required: + - local + - required: + - tunnel + - required: + - erspan + properties: + local: + properties: + internal: + type: boolean + required: + - internal + type: object + name: + type: string + tunnel: + properties: + remoteIP: + oneOf: + - format: ipv4 + - format: ipv6 + type: string + tunnelID: + type: integer + type: + enum: + - VXLAN + - GENEVE + - GRE + type: string + required: + - type + - remoteIP + type: object + required: + - name + type: object + targetPort: + oneOf: + - required: + - local + - required: + - tunnel + - required: + - erspan + properties: + erspan: + properties: + dir: + type: integer + hardwareID: + type: integer + index: + type: integer + remoteIP: + oneOf: + - format: ipv4 + - format: ipv6 + type: string + tunnelID: + type: integer + version: + enum: + - 1 + - 2 + type: integer + required: + - remoteIP + - version + type: object + local: + properties: + internal: + type: boolean + required: + - internal + type: object + name: + type: string + tunnel: + properties: + remoteIP: + oneOf: + - format: ipv4 + - format: ipv6 + type: string + tunnelID: + type: integer + type: + enum: + - VXLAN + - GENEVE + - GRE + type: string + required: + - type + - remoteIP + type: object + required: + - name + type: object + required: + - appliedTo + - direction + - action + - targetPort + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- apiVersion: v1 kind: ServiceAccount metadata: diff --git a/build/yamls/antrea.yml b/build/yamls/antrea.yml index 59b545513bf..a26391e9c82 100644 --- a/build/yamls/antrea.yml +++ b/build/yamls/antrea.yml @@ -2055,6 +2055,230 @@ spec: subresources: status: {} --- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app: antrea + name: trafficcontrols.crd.antrea.io +spec: + group: crd.antrea.io + names: + kind: TrafficControl + plural: trafficcontrols + shortNames: + - tc + singular: trafficcontrol + scope: Cluster + versions: + - additionalPrinterColumns: + - description: Specifies the direction of traffic that should be matched. + jsonPath: .spec.direction + name: Direction + type: string + - description: Specifies the action that should be taken for the traffic. + jsonPath: .spec.action + name: Action + type: string + - description: Specifies the port to which the traffic should be redirected or + mirrored. + jsonPath: .spec.targetPort.name + name: TargetPort + type: string + - description: Specifies the port from which the the traffic will be sent back + to OVS. + jsonPath: .spec.returnPort.name + name: ReturnPort + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha2 + schema: + openAPIV3Schema: + properties: + spec: + properties: + action: + enum: + - Mirror + - Redirect + type: string + appliedTo: + properties: + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + direction: + enum: + - Ingress + - Egress + - Both + type: string + returnPort: + oneOf: + - required: + - local + - required: + - tunnel + - required: + - erspan + properties: + local: + properties: + internal: + type: boolean + required: + - internal + type: object + name: + type: string + tunnel: + properties: + remoteIP: + oneOf: + - format: ipv4 + - format: ipv6 + type: string + tunnelID: + type: integer + type: + enum: + - VXLAN + - GENEVE + - GRE + type: string + required: + - type + - remoteIP + type: object + required: + - name + type: object + targetPort: + oneOf: + - required: + - local + - required: + - tunnel + - required: + - erspan + properties: + erspan: + properties: + dir: + type: integer + hardwareID: + type: integer + index: + type: integer + remoteIP: + oneOf: + - format: ipv4 + - format: ipv6 + type: string + tunnelID: + type: integer + version: + enum: + - 1 + - 2 + type: integer + required: + - remoteIP + - version + type: object + local: + properties: + internal: + type: boolean + required: + - internal + type: object + name: + type: string + tunnel: + properties: + remoteIP: + oneOf: + - format: ipv4 + - format: ipv6 + type: string + tunnelID: + type: integer + type: + enum: + - VXLAN + - GENEVE + - GRE + type: string + required: + - type + - remoteIP + type: object + required: + - name + type: object + required: + - appliedTo + - direction + - action + - targetPort + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- apiVersion: v1 kind: ServiceAccount metadata: diff --git a/build/yamls/base/crds.yml b/build/yamls/base/crds.yml index da3a2e916c4..5f633024bdf 100644 --- a/build/yamls/base/crds.yml +++ b/build/yamls/base/crds.yml @@ -1,6 +1,226 @@ --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + name: trafficcontrols.crd.antrea.io +spec: + group: crd.antrea.io + versions: + - name: v1alpha2 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + required: + - spec + properties: + spec: + type: object + required: + - appliedTo + - direction + - action + - targetPort + properties: + appliedTo: + type: object + properties: + podSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + x-kubernetes-preserve-unknown-fields: true + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + x-kubernetes-preserve-unknown-fields: true + direction: + type: string + enum: + - Ingress + - Egress + - Both + action: + type: string + enum: + - Mirror + - Redirect + targetPort: + type: object + required: + - name + oneOf: + - required: + - local + - required: + - tunnel + - required: + - erspan + properties: + name: + type: string + local: + type: object + required: + - internal + properties: + internal: + type: boolean + tunnel: + type: object + required: + - type + - remoteIP + properties: + type: + type: string + enum: + - VXLAN + - GENEVE + - GRE + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + tunnelID: + type: integer + erspan: + type: object + required: + - remoteIP + - version + properties: + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + tunnelID: + type: integer + version: + type: integer + enum: + - 1 + - 2 + index: + type: integer + dir: + type: integer + hardwareID: + type: integer + returnPort: + type: object + required: + - name + oneOf: + - required: + - local + - required: + - tunnel + - required: + - erspan + properties: + name: + type: string + local: + type: object + required: + - internal + properties: + internal: + type: boolean + tunnel: + type: object + required: + - type + - remoteIP + properties: + type: + type: string + enum: + - VXLAN + - GENEVE + - GRE + remoteIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + tunnelID: + type: integer + additionalPrinterColumns: + - description: Specifies the direction of traffic that should be matched. + jsonPath: .spec.direction + name: Direction + type: string + - description: Specifies the action that should be taken for the traffic. + jsonPath: .spec.action + name: Action + type: string + - description: Specifies the port to which the traffic should be redirected or mirrored. + jsonPath: .spec.targetPort.name + name: TargetPort + type: string + - description: Specifies the port from which the the traffic will be sent back to OVS. + jsonPath: .spec.returnPort.name + name: ReturnPort + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + subresources: + status: {} + scope: Cluster + names: + plural: trafficcontrols + singular: trafficcontrol + kind: TrafficControl + shortNames: + - tc +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: name: egresses.crd.antrea.io spec: diff --git a/pkg/apis/crd/v1alpha2/types.go b/pkg/apis/crd/v1alpha2/types.go index 3ee90effe31..2981e6baec6 100644 --- a/pkg/apis/crd/v1alpha2/types.go +++ b/pkg/apis/crd/v1alpha2/types.go @@ -389,3 +389,123 @@ type IPPoolList struct { Items []IPPool `json:"items"` } + +// +genclient +// +genclient:nonNamespaced +// +genclient:noStatus +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// TrafficControl allows mirroring or redirecting the traffic Pods send or receive. It enables users to monitor and +// analyze Pod traffic, and to enforce custom network protections for Pods with fine-grained control over network +// traffic. +type TrafficControl struct { + metav1.TypeMeta `json:",inline"` + // Standard metadata of the object. + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Specification of the desired behavior of TrafficControl. + Spec TrafficControlSpec `json:"spec"` +} + +type TrafficControlSpec struct { + // AppliedTo selects Pods to which the traffic control configuration will be applied. + AppliedTo AppliedTo `json:"appliedTo"` + + // The direction of traffic that should be matched. It can be Ingress, Egress, or Both. + Direction Direction `json:"direction"` + + // The action that should be taken for the traffic. It can be Redirect or Mirror. + Action TrafficControlAction `json:"action"` + + // The device to which the traffic should be redirected or mirrored. + TargetPort TrafficControlPort `json:"targetPort"` + + // The device from which the the traffic will be sent back to OVS. It should only be set for Redirect action. + ReturnPort *TrafficControlPort `json:"returnPort,omitempty"` +} + +type Direction string + +const ( + DirectionIngress Direction = "Ingress" + DirectionEgress Direction = "Egress" + DirectionBoth Direction = "Both" +) + +type TrafficControlAction string + +const ( + ActionRedirect TrafficControlAction = "Redirect" + ActionMirror TrafficControlAction = "Mirror" +) + +type TunnelType string + +const ( + TunnelTypeVXLAN TunnelType = "VXLAN" + TunnelTypeGENEVE TunnelType = "GENEVE" + TunnelTypeGRE TunnelType = "GRE" +) + +// TrafficControlPort represents an OVS port that can be used as the target of traffic mirroring or redirecting, and the +// return port of traffic redirecting. +// Multiple TrafficControl objects can use same port, however, the ports with same name must have consistent +// configuration. +type TrafficControlPort struct { + // The name of the port. + Name string `json:"name"` + // Local represents a local port that is attached to the OVS bridge. It can be an OVS internal port, a physical NIC, + // or a veth device. + // +optional + Local *LocalPort `json:"local,omitempty"` + // Tunnel represents a tunnel that is created on the Node. The tunnel can be VXLAN, GENEVE, or GRE. + // +optional + Tunnel *TunnelPort `json:"tunnel,omitempty"` + // ERSPAN represents an ERSPAN tunnel that is created on the Node. + // +optional + ERSPAN *ERSPANPort `json:"erspan,omitempty"` +} + +// LocalPort represents a local port that is attached to the OVS bridge. It can be an OVS internal port, a physical NIC, +// or a veth device. +type LocalPort struct { + // Internal represents whether this is an OVS internal port. Antrea will create the port on all Nodes if it's + // internal. Otherwise the port must already exist on all Nodes. + Internal bool `json:"internal"` +} + +// TunnelPort represents a tunnel that is created on the Node. +type TunnelPort struct { + // The type of the tunnel. It can be VXLAN, GENEVE, or GRE. + Type TunnelType `json:"type"` + // The remote IP of the tunnel. + RemoteIP string `json:"remoteIP"` + // The ID of the tunnel. + TunnelID int64 `json:"tunnelID,omitempty"` +} + +// ERSPANPort represents an ERSPAN tunnel that is created on the Node. +type ERSPANPort struct { + // The remote IP of the tunnel. + RemoteIP string `json:"remoteIP"` + // The ID of the tunnel. + TunnelID int64 `json:"tunnelID,omitempty"` + // ERSPAN version. + Version int32 `json:"version"` + // ERSPAN Index. + Index *int32 `json:"index,omitempty"` + // ERSPAN v2 mirrored traffic’s direction. + Dir *int32 `json:"dir,omitempty"` + // ERSPAN hardware ID. + HardwareID *int32 `json:"hardwareID,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +type TrafficControlList struct { + metav1.TypeMeta `json:",inline"` + // +optional + metav1.ListMeta `json:"metadata,omitempty"` + + Items []TrafficControl `json:"items"` +} diff --git a/pkg/apis/crd/v1alpha2/zz_generated.deepcopy.go b/pkg/apis/crd/v1alpha2/zz_generated.deepcopy.go index 4334cb9f36e..4952f43ef84 100644 --- a/pkg/apis/crd/v1alpha2/zz_generated.deepcopy.go +++ b/pkg/apis/crd/v1alpha2/zz_generated.deepcopy.go @@ -117,6 +117,37 @@ func (in *ClusterGroupList) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ERSPANPort) DeepCopyInto(out *ERSPANPort) { + *out = *in + if in.Index != nil { + in, out := &in.Index, &out.Index + *out = new(int32) + **out = **in + } + if in.Dir != nil { + in, out := &in.Dir, &out.Dir + *out = new(int32) + **out = **in + } + if in.HardwareID != nil { + in, out := &in.HardwareID, &out.HardwareID + *out = new(int32) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ERSPANPort. +func (in *ERSPANPort) DeepCopy() *ERSPANPort { + if in == nil { + return nil + } + out := new(ERSPANPort) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Egress) DeepCopyInto(out *Egress) { *out = *in @@ -684,6 +715,22 @@ func (in *IPRange) DeepCopy() *IPRange { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LocalPort) DeepCopyInto(out *LocalPort) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalPort. +func (in *LocalPort) DeepCopy() *LocalPort { + if in == nil { + return nil + } + out := new(LocalPort) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NamedPort) DeepCopyInto(out *NamedPort) { *out = *in @@ -765,3 +812,133 @@ func (in *SubnetInfo) DeepCopy() *SubnetInfo { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrafficControl) DeepCopyInto(out *TrafficControl) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficControl. +func (in *TrafficControl) DeepCopy() *TrafficControl { + if in == nil { + return nil + } + out := new(TrafficControl) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TrafficControl) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrafficControlList) DeepCopyInto(out *TrafficControlList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]TrafficControl, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficControlList. +func (in *TrafficControlList) DeepCopy() *TrafficControlList { + if in == nil { + return nil + } + out := new(TrafficControlList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *TrafficControlList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrafficControlPort) DeepCopyInto(out *TrafficControlPort) { + *out = *in + if in.Local != nil { + in, out := &in.Local, &out.Local + *out = new(LocalPort) + **out = **in + } + if in.Tunnel != nil { + in, out := &in.Tunnel, &out.Tunnel + *out = new(TunnelPort) + **out = **in + } + if in.ERSPAN != nil { + in, out := &in.ERSPAN, &out.ERSPAN + *out = new(ERSPANPort) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficControlPort. +func (in *TrafficControlPort) DeepCopy() *TrafficControlPort { + if in == nil { + return nil + } + out := new(TrafficControlPort) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrafficControlSpec) DeepCopyInto(out *TrafficControlSpec) { + *out = *in + in.AppliedTo.DeepCopyInto(&out.AppliedTo) + in.TargetPort.DeepCopyInto(&out.TargetPort) + if in.ReturnPort != nil { + in, out := &in.ReturnPort, &out.ReturnPort + *out = new(TrafficControlPort) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficControlSpec. +func (in *TrafficControlSpec) DeepCopy() *TrafficControlSpec { + if in == nil { + return nil + } + out := new(TrafficControlSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TunnelPort) DeepCopyInto(out *TunnelPort) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TunnelPort. +func (in *TunnelPort) DeepCopy() *TunnelPort { + if in == nil { + return nil + } + out := new(TunnelPort) + in.DeepCopyInto(out) + return out +} diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha2/crd_client.go b/pkg/client/clientset/versioned/typed/crd/v1alpha2/crd_client.go index 38c83aebaf1..b8c36227701 100644 --- a/pkg/client/clientset/versioned/typed/crd/v1alpha2/crd_client.go +++ b/pkg/client/clientset/versioned/typed/crd/v1alpha2/crd_client.go @@ -1,4 +1,4 @@ -// Copyright 2021 Antrea Authors +// Copyright 2022 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -29,6 +29,7 @@ type CrdV1alpha2Interface interface { ExternalEntitiesGetter ExternalIPPoolsGetter IPPoolsGetter + TrafficControlsGetter } // CrdV1alpha2Client is used to interact with features provided by the crd.antrea.io group. @@ -56,6 +57,10 @@ func (c *CrdV1alpha2Client) IPPools() IPPoolInterface { return newIPPools(c) } +func (c *CrdV1alpha2Client) TrafficControls() TrafficControlInterface { + return newTrafficControls(c) +} + // NewForConfig creates a new CrdV1alpha2Client for the given config. func NewForConfig(c *rest.Config) (*CrdV1alpha2Client, error) { config := *c diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_crd_client.go b/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_crd_client.go index b814a2d96c5..9e616b87e44 100644 --- a/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_crd_client.go +++ b/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_crd_client.go @@ -1,4 +1,4 @@ -// Copyright 2021 Antrea Authors +// Copyright 2022 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -46,6 +46,10 @@ func (c *FakeCrdV1alpha2) IPPools() v1alpha2.IPPoolInterface { return &FakeIPPools{c} } +func (c *FakeCrdV1alpha2) TrafficControls() v1alpha2.TrafficControlInterface { + return &FakeTrafficControls{c} +} + // RESTClient returns a RESTClient that is used to communicate // with API server by this client implementation. func (c *FakeCrdV1alpha2) RESTClient() rest.Interface { diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_trafficcontrol.go b/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_trafficcontrol.go new file mode 100644 index 00000000000..770bb706ffd --- /dev/null +++ b/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake/fake_trafficcontrol.go @@ -0,0 +1,120 @@ +// Copyright 2022 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1alpha2 "antrea.io/antrea/pkg/apis/crd/v1alpha2" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeTrafficControls implements TrafficControlInterface +type FakeTrafficControls struct { + Fake *FakeCrdV1alpha2 +} + +var trafficcontrolsResource = schema.GroupVersionResource{Group: "crd.antrea.io", Version: "v1alpha2", Resource: "trafficcontrols"} + +var trafficcontrolsKind = schema.GroupVersionKind{Group: "crd.antrea.io", Version: "v1alpha2", Kind: "TrafficControl"} + +// Get takes name of the trafficControl, and returns the corresponding trafficControl object, and an error if there is any. +func (c *FakeTrafficControls) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha2.TrafficControl, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootGetAction(trafficcontrolsResource, name), &v1alpha2.TrafficControl{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha2.TrafficControl), err +} + +// List takes label and field selectors, and returns the list of TrafficControls that match those selectors. +func (c *FakeTrafficControls) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha2.TrafficControlList, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootListAction(trafficcontrolsResource, trafficcontrolsKind, opts), &v1alpha2.TrafficControlList{}) + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha2.TrafficControlList{ListMeta: obj.(*v1alpha2.TrafficControlList).ListMeta} + for _, item := range obj.(*v1alpha2.TrafficControlList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested trafficControls. +func (c *FakeTrafficControls) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewRootWatchAction(trafficcontrolsResource, opts)) +} + +// Create takes the representation of a trafficControl and creates it. Returns the server's representation of the trafficControl, and an error, if there is any. +func (c *FakeTrafficControls) Create(ctx context.Context, trafficControl *v1alpha2.TrafficControl, opts v1.CreateOptions) (result *v1alpha2.TrafficControl, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootCreateAction(trafficcontrolsResource, trafficControl), &v1alpha2.TrafficControl{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha2.TrafficControl), err +} + +// Update takes the representation of a trafficControl and updates it. Returns the server's representation of the trafficControl, and an error, if there is any. +func (c *FakeTrafficControls) Update(ctx context.Context, trafficControl *v1alpha2.TrafficControl, opts v1.UpdateOptions) (result *v1alpha2.TrafficControl, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateAction(trafficcontrolsResource, trafficControl), &v1alpha2.TrafficControl{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha2.TrafficControl), err +} + +// Delete takes name of the trafficControl and deletes it. Returns an error if one occurs. +func (c *FakeTrafficControls) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewRootDeleteAction(trafficcontrolsResource, name), &v1alpha2.TrafficControl{}) + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeTrafficControls) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewRootDeleteCollectionAction(trafficcontrolsResource, listOpts) + + _, err := c.Fake.Invokes(action, &v1alpha2.TrafficControlList{}) + return err +} + +// Patch applies the patch and returns the patched trafficControl. +func (c *FakeTrafficControls) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.TrafficControl, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootPatchSubresourceAction(trafficcontrolsResource, name, pt, data, subresources...), &v1alpha2.TrafficControl{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha2.TrafficControl), err +} diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha2/generated_expansion.go b/pkg/client/clientset/versioned/typed/crd/v1alpha2/generated_expansion.go index 2103fbb17bc..83ac45a1e33 100644 --- a/pkg/client/clientset/versioned/typed/crd/v1alpha2/generated_expansion.go +++ b/pkg/client/clientset/versioned/typed/crd/v1alpha2/generated_expansion.go @@ -1,4 +1,4 @@ -// Copyright 2021 Antrea Authors +// Copyright 2022 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -25,3 +25,5 @@ type ExternalEntityExpansion interface{} type ExternalIPPoolExpansion interface{} type IPPoolExpansion interface{} + +type TrafficControlExpansion interface{} diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha2/trafficcontrol.go b/pkg/client/clientset/versioned/typed/crd/v1alpha2/trafficcontrol.go new file mode 100644 index 00000000000..22145d61ce6 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/crd/v1alpha2/trafficcontrol.go @@ -0,0 +1,166 @@ +// Copyright 2022 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha2 + +import ( + "context" + "time" + + v1alpha2 "antrea.io/antrea/pkg/apis/crd/v1alpha2" + scheme "antrea.io/antrea/pkg/client/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// TrafficControlsGetter has a method to return a TrafficControlInterface. +// A group's client should implement this interface. +type TrafficControlsGetter interface { + TrafficControls() TrafficControlInterface +} + +// TrafficControlInterface has methods to work with TrafficControl resources. +type TrafficControlInterface interface { + Create(ctx context.Context, trafficControl *v1alpha2.TrafficControl, opts v1.CreateOptions) (*v1alpha2.TrafficControl, error) + Update(ctx context.Context, trafficControl *v1alpha2.TrafficControl, opts v1.UpdateOptions) (*v1alpha2.TrafficControl, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha2.TrafficControl, error) + List(ctx context.Context, opts v1.ListOptions) (*v1alpha2.TrafficControlList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.TrafficControl, err error) + TrafficControlExpansion +} + +// trafficControls implements TrafficControlInterface +type trafficControls struct { + client rest.Interface +} + +// newTrafficControls returns a TrafficControls +func newTrafficControls(c *CrdV1alpha2Client) *trafficControls { + return &trafficControls{ + client: c.RESTClient(), + } +} + +// Get takes name of the trafficControl, and returns the corresponding trafficControl object, and an error if there is any. +func (c *trafficControls) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha2.TrafficControl, err error) { + result = &v1alpha2.TrafficControl{} + err = c.client.Get(). + Resource("trafficcontrols"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of TrafficControls that match those selectors. +func (c *trafficControls) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha2.TrafficControlList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1alpha2.TrafficControlList{} + err = c.client.Get(). + Resource("trafficcontrols"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested trafficControls. +func (c *trafficControls) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Resource("trafficcontrols"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a trafficControl and creates it. Returns the server's representation of the trafficControl, and an error, if there is any. +func (c *trafficControls) Create(ctx context.Context, trafficControl *v1alpha2.TrafficControl, opts v1.CreateOptions) (result *v1alpha2.TrafficControl, err error) { + result = &v1alpha2.TrafficControl{} + err = c.client.Post(). + Resource("trafficcontrols"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(trafficControl). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a trafficControl and updates it. Returns the server's representation of the trafficControl, and an error, if there is any. +func (c *trafficControls) Update(ctx context.Context, trafficControl *v1alpha2.TrafficControl, opts v1.UpdateOptions) (result *v1alpha2.TrafficControl, err error) { + result = &v1alpha2.TrafficControl{} + err = c.client.Put(). + Resource("trafficcontrols"). + Name(trafficControl.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(trafficControl). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the trafficControl and deletes it. Returns an error if one occurs. +func (c *trafficControls) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + return c.client.Delete(). + Resource("trafficcontrols"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *trafficControls) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Resource("trafficcontrols"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched trafficControl. +func (c *trafficControls) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha2.TrafficControl, err error) { + result = &v1alpha2.TrafficControl{} + err = c.client.Patch(pt). + Resource("trafficcontrols"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/informers/externalversions/crd/v1alpha2/interface.go b/pkg/client/informers/externalversions/crd/v1alpha2/interface.go index 648f8a62313..cf2fef7feb2 100644 --- a/pkg/client/informers/externalversions/crd/v1alpha2/interface.go +++ b/pkg/client/informers/externalversions/crd/v1alpha2/interface.go @@ -1,4 +1,4 @@ -// Copyright 2021 Antrea Authors +// Copyright 2022 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -32,6 +32,8 @@ type Interface interface { ExternalIPPools() ExternalIPPoolInformer // IPPools returns a IPPoolInformer. IPPools() IPPoolInformer + // TrafficControls returns a TrafficControlInformer. + TrafficControls() TrafficControlInformer } type version struct { @@ -69,3 +71,8 @@ func (v *version) ExternalIPPools() ExternalIPPoolInformer { func (v *version) IPPools() IPPoolInformer { return &iPPoolInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} } + +// TrafficControls returns a TrafficControlInformer. +func (v *version) TrafficControls() TrafficControlInformer { + return &trafficControlInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} +} diff --git a/pkg/client/informers/externalversions/crd/v1alpha2/trafficcontrol.go b/pkg/client/informers/externalversions/crd/v1alpha2/trafficcontrol.go new file mode 100644 index 00000000000..9b504ddda33 --- /dev/null +++ b/pkg/client/informers/externalversions/crd/v1alpha2/trafficcontrol.go @@ -0,0 +1,87 @@ +// Copyright 2022 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha2 + +import ( + "context" + time "time" + + crdv1alpha2 "antrea.io/antrea/pkg/apis/crd/v1alpha2" + versioned "antrea.io/antrea/pkg/client/clientset/versioned" + internalinterfaces "antrea.io/antrea/pkg/client/informers/externalversions/internalinterfaces" + v1alpha2 "antrea.io/antrea/pkg/client/listers/crd/v1alpha2" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// TrafficControlInformer provides access to a shared informer and lister for +// TrafficControls. +type TrafficControlInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1alpha2.TrafficControlLister +} + +type trafficControlInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// NewTrafficControlInformer constructs a new informer for TrafficControl type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewTrafficControlInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredTrafficControlInformer(client, resyncPeriod, indexers, nil) +} + +// NewFilteredTrafficControlInformer constructs a new informer for TrafficControl type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredTrafficControlInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CrdV1alpha2().TrafficControls().List(context.TODO(), options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CrdV1alpha2().TrafficControls().Watch(context.TODO(), options) + }, + }, + &crdv1alpha2.TrafficControl{}, + resyncPeriod, + indexers, + ) +} + +func (f *trafficControlInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredTrafficControlInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *trafficControlInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&crdv1alpha2.TrafficControl{}, f.defaultInformer) +} + +func (f *trafficControlInformer) Lister() v1alpha2.TrafficControlLister { + return v1alpha2.NewTrafficControlLister(f.Informer().GetIndexer()) +} diff --git a/pkg/client/informers/externalversions/generic.go b/pkg/client/informers/externalversions/generic.go index 8c8ee1ab463..0378c370c15 100644 --- a/pkg/client/informers/externalversions/generic.go +++ b/pkg/client/informers/externalversions/generic.go @@ -1,4 +1,4 @@ -// Copyright 2021 Antrea Authors +// Copyright 2022 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -74,6 +74,8 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource return &genericInformer{resource: resource.GroupResource(), informer: f.Crd().V1alpha2().ExternalIPPools().Informer()}, nil case v1alpha2.SchemeGroupVersion.WithResource("ippools"): return &genericInformer{resource: resource.GroupResource(), informer: f.Crd().V1alpha2().IPPools().Informer()}, nil + case v1alpha2.SchemeGroupVersion.WithResource("trafficcontrols"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Crd().V1alpha2().TrafficControls().Informer()}, nil // Group=crd.antrea.io, Version=v1alpha3 case v1alpha3.SchemeGroupVersion.WithResource("clustergroups"): diff --git a/pkg/client/listers/crd/v1alpha2/expansion_generated.go b/pkg/client/listers/crd/v1alpha2/expansion_generated.go index e7120eb239a..6cc05d345cb 100644 --- a/pkg/client/listers/crd/v1alpha2/expansion_generated.go +++ b/pkg/client/listers/crd/v1alpha2/expansion_generated.go @@ -1,4 +1,4 @@ -// Copyright 2021 Antrea Authors +// Copyright 2022 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -39,3 +39,7 @@ type ExternalIPPoolListerExpansion interface{} // IPPoolListerExpansion allows custom methods to be added to // IPPoolLister. type IPPoolListerExpansion interface{} + +// TrafficControlListerExpansion allows custom methods to be added to +// TrafficControlLister. +type TrafficControlListerExpansion interface{} diff --git a/pkg/client/listers/crd/v1alpha2/trafficcontrol.go b/pkg/client/listers/crd/v1alpha2/trafficcontrol.go new file mode 100644 index 00000000000..c8d15b0757a --- /dev/null +++ b/pkg/client/listers/crd/v1alpha2/trafficcontrol.go @@ -0,0 +1,66 @@ +// Copyright 2022 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha2 + +import ( + v1alpha2 "antrea.io/antrea/pkg/apis/crd/v1alpha2" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// TrafficControlLister helps list TrafficControls. +// All objects returned here must be treated as read-only. +type TrafficControlLister interface { + // List lists all TrafficControls in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha2.TrafficControl, err error) + // Get retrieves the TrafficControl from the index for a given name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1alpha2.TrafficControl, error) + TrafficControlListerExpansion +} + +// trafficControlLister implements the TrafficControlLister interface. +type trafficControlLister struct { + indexer cache.Indexer +} + +// NewTrafficControlLister returns a new TrafficControlLister. +func NewTrafficControlLister(indexer cache.Indexer) TrafficControlLister { + return &trafficControlLister{indexer: indexer} +} + +// List lists all TrafficControls in the indexer. +func (s *trafficControlLister) List(selector labels.Selector) (ret []*v1alpha2.TrafficControl, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha2.TrafficControl)) + }) + return ret, err +} + +// Get retrieves the TrafficControl from the index for a given name. +func (s *trafficControlLister) Get(name string) (*v1alpha2.TrafficControl, error) { + obj, exists, err := s.indexer.GetByKey(name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1alpha2.Resource("trafficcontrol"), name) + } + return obj.(*v1alpha2.TrafficControl), nil +} diff --git a/pkg/features/antrea_features.go b/pkg/features/antrea_features.go index 6eb6f0adb64..f099e4cb443 100644 --- a/pkg/features/antrea_features.go +++ b/pkg/features/antrea_features.go @@ -91,6 +91,10 @@ const ( // alpha: v1.5 // Enable controlling Services with ExternalIP. ServiceExternalIP featuregate.Feature = "ServiceExternalIP" + + // alpha: v1.7 + // Enable mirroring or redirecting the traffic Pods send or receive. + TrafficControl featuregate.Feature = "TrafficControl" ) var ( @@ -118,6 +122,7 @@ var ( Multicast: {Default: false, PreRelease: featuregate.Alpha}, SecondaryNetwork: {Default: false, PreRelease: featuregate.Alpha}, ServiceExternalIP: {Default: false, PreRelease: featuregate.Alpha}, + TrafficControl: {Default: false, PreRelease: featuregate.Alpha}, } // UnsupportedFeaturesOnWindows records the features not supported on