Add ClusterSet scope to Antrea policy CRD and LabelIdentityIndex (ant…

…rea-io#3913)

Signed-off-by: Yang Ding <[email protected]>

build/charts/antrea/conf/antrea-controller.conf

@@ -43,6 +43,9 @@ featureGates:
 # Enable collecting support bundle files with SupportBundleCollection CRD.
 {{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "SupportBundleCollection" "default" false) }}
 
+# Enable multi-cluster features.
+{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "Multicluster" "default" false) }}
+
 # The port for the antrea-controller APIServer to serve on.
 # Note that if it's set to another value, the `containerPort` of the `api` port of the
 # `antrea-controller` container must be set to the same value.
@@ -105,3 +108,10 @@ ipsecCSRSigner:
   #   tls.key: <CA private key>
   selfSignedCA: {{ .csrSigner.selfSignedCA }}
 {{- end }}
+
+multicluster:
+{{- with .Values.multicluster }}
+  # Enable Multicluster which allow Antrea-native policies to select peers
+  # from other clusters in a ClusterSet.
+  enable: {{ .enable }}
+{{- end }}

build/charts/antrea/crds/clusternetworkpolicy.yaml

@@ -359,6 +359,9 @@ spec:
                                   type: array
                                 matchLabels:
                                   x-kubernetes-preserve-unknown-fields: true
+                            scope:
+                              type: string
+                              enum: ['Cluster', 'ClusterSet']
                       name:
                         type: string
                       enableLogging:

build/charts/antrea/crds/externalnode.yaml

@@ -42,8 +42,8 @@ spec:
       storage: true
   scope: Namespaced
   names:
-    kind: ExternalNode
     plural: externalnodes
+    singular: externalnode
+    kind: ExternalNode
     shortNames:
       - en
-    singular: externalnode

build/charts/antrea/crds/networkpolicy.yaml

@@ -302,6 +302,9 @@ spec:
                                   x-kubernetes-preserve-unknown-fields: true
                             group:
                               type: string
+                            scope:
+                              type: string
+                              enum: ['Cluster', 'ClusterSet']
                       name:
                         type: string
                       enableLogging:

build/charts/antrea/templates/controller/clusterrole.yaml

@@ -304,3 +304,11 @@ rules:
       - supportbundlecollections/status
     verbs:
       - update
+  - apiGroups:
+      - multicluster.crd.antrea.io
+    resources:
+      - labelidentities
+    verbs:
+      - get
+      - list
+      - watch

build/charts/antrea/values.yaml

@@ -299,7 +299,7 @@ logVerbosity: 0
 whereabouts:
   enable: false
 
-## -- Configure Multicluster, for use by the antrea-agent.
+## -- Configure Multicluster defaults for both Antrea controller and agent.
 multicluster:
   # -- Enable Antrea Multi-cluster Gateway to support cross-cluster traffic.
   # This feature is supported only with encap mode.

build/yamls/antrea-aks.yml

@@ -737,6 +737,9 @@ spec:
                                   type: array
                                 matchLabels:
                                   x-kubernetes-preserve-unknown-fields: true
+                            scope:
+                              type: string
+                              enum: ['Cluster', 'ClusterSet']
                       name:
                         type: string
                       enableLogging:
@@ -1347,11 +1350,12 @@ spec:
       storage: true
   scope: Namespaced
   names:
-    kind: ExternalNode
     plural: externalnodes
+    singular: externalnode
+    kind: ExternalNode
     shortNames:
       - en
-    singular: externalnode
+
 ---
 # Source: crds/ippool.yaml
 apiVersion: apiextensions.k8s.io/v1
@@ -1792,6 +1796,9 @@ spec:
                                   x-kubernetes-preserve-unknown-fields: true
                             group:
                               type: string
+                            scope:
+                              type: string
+                              enum: ['Cluster', 'ClusterSet']
                       name:
                         type: string
                       enableLogging:
@@ -3211,6 +3218,9 @@ data:
     # Enable collecting support bundle files with SupportBundleCollection CRD.
     #  SupportBundleCollection: false
 
+    # Enable multi-cluster features.
+    #  Multicluster: false
+
     # The port for the antrea-controller APIServer to serve on.
     # Note that if it's set to another value, the `containerPort` of the `api` port of the
     # `antrea-controller` container must be set to the same value.
@@ -3266,6 +3276,11 @@ data:
       #   tls.crt: <CA certificate>
       #   tls.key: <CA private key>
       selfSignedCA: true
+
+    multicluster:
+      # Enable Multicluster which allow Antrea-native policies to select peers
+      # from other clusters in a ClusterSet.
+      enable: false
 ---
 # Source: antrea/templates/crds/group.yaml
 apiVersion: apiextensions.k8s.io/v1
@@ -3988,6 +4003,14 @@ rules:
       - supportbundlecollections/status
     verbs:
       - update
+  - apiGroups:
+      - multicluster.crd.antrea.io
+    resources:
+      - labelidentities
+    verbs:
+      - get
+      - list
+      - watch
 ---
 # Source: antrea/templates/crds-rbac/clusterroles.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -4165,7 +4188,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 0e08440d83a645b8e7df882d1225808a78acfa9320db5c174620ffdbe6434caa
+        checksum/config: 4e2311619bbb44c5903fc863c0df9616409367bdc5316eb4c8f677cbab5bad04
       labels:
         app: antrea
         component: antrea-agent
@@ -4406,7 +4429,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 0e08440d83a645b8e7df882d1225808a78acfa9320db5c174620ffdbe6434caa
+        checksum/config: 4e2311619bbb44c5903fc863c0df9616409367bdc5316eb4c8f677cbab5bad04
       labels:
         app: antrea
         component: antrea-controller

build/yamls/antrea-crds.yml

@@ -730,6 +730,9 @@ spec:
                                   type: array
                                 matchLabels:
                                   x-kubernetes-preserve-unknown-fields: true
+                            scope:
+                              type: string
+                              enum: ['Cluster', 'ClusterSet']
                       name:
                         type: string
                       enableLogging:
@@ -1332,11 +1335,12 @@ spec:
       storage: true
   scope: Namespaced
   names:
-    kind: ExternalNode
     plural: externalnodes
+    singular: externalnode
+    kind: ExternalNode
     shortNames:
       - en
-    singular: externalnode---
+---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
@@ -1773,6 +1777,9 @@ spec:
                                   x-kubernetes-preserve-unknown-fields: true
                             group:
                               type: string
+                            scope:
+                              type: string
+                              enum: ['Cluster', 'ClusterSet']
                       name:
                         type: string
                       enableLogging:

build/yamls/antrea-eks.yml

@@ -737,6 +737,9 @@ spec:
                                   type: array
                                 matchLabels:
                                   x-kubernetes-preserve-unknown-fields: true
+                            scope:
+                              type: string
+                              enum: ['Cluster', 'ClusterSet']
                       name:
                         type: string
                       enableLogging:
@@ -1347,11 +1350,12 @@ spec:
       storage: true
   scope: Namespaced
   names:
-    kind: ExternalNode
     plural: externalnodes
+    singular: externalnode
+    kind: ExternalNode
     shortNames:
       - en
-    singular: externalnode
+
 ---
 # Source: crds/ippool.yaml
 apiVersion: apiextensions.k8s.io/v1
@@ -1792,6 +1796,9 @@ spec:
                                   x-kubernetes-preserve-unknown-fields: true
                             group:
                               type: string
+                            scope:
+                              type: string
+                              enum: ['Cluster', 'ClusterSet']
                       name:
                         type: string
                       enableLogging:
@@ -3211,6 +3218,9 @@ data:
     # Enable collecting support bundle files with SupportBundleCollection CRD.
     #  SupportBundleCollection: false
 
+    # Enable multi-cluster features.
+    #  Multicluster: false
+
     # The port for the antrea-controller APIServer to serve on.
     # Note that if it's set to another value, the `containerPort` of the `api` port of the
     # `antrea-controller` container must be set to the same value.
@@ -3266,6 +3276,11 @@ data:
       #   tls.crt: <CA certificate>
       #   tls.key: <CA private key>
       selfSignedCA: true
+
+    multicluster:
+      # Enable Multicluster which allow Antrea-native policies to select peers
+      # from other clusters in a ClusterSet.
+      enable: false
 ---
 # Source: antrea/templates/crds/group.yaml
 apiVersion: apiextensions.k8s.io/v1
@@ -3988,6 +4003,14 @@ rules:
       - supportbundlecollections/status
     verbs:
       - update
+  - apiGroups:
+      - multicluster.crd.antrea.io
+    resources:
+      - labelidentities
+    verbs:
+      - get
+      - list
+      - watch
 ---
 # Source: antrea/templates/crds-rbac/clusterroles.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -4165,7 +4188,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 0e08440d83a645b8e7df882d1225808a78acfa9320db5c174620ffdbe6434caa
+        checksum/config: 4e2311619bbb44c5903fc863c0df9616409367bdc5316eb4c8f677cbab5bad04
       labels:
         app: antrea
         component: antrea-agent
@@ -4408,7 +4431,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 0e08440d83a645b8e7df882d1225808a78acfa9320db5c174620ffdbe6434caa
+        checksum/config: 4e2311619bbb44c5903fc863c0df9616409367bdc5316eb4c8f677cbab5bad04
       labels:
         app: antrea
         component: antrea-controller

build/yamls/antrea-gke.yml

@@ -737,6 +737,9 @@ spec:
                                   type: array
                                 matchLabels:
                                   x-kubernetes-preserve-unknown-fields: true
+                            scope:
+                              type: string
+                              enum: ['Cluster', 'ClusterSet']
                       name:
                         type: string
                       enableLogging:
@@ -1347,11 +1350,12 @@ spec:
       storage: true
   scope: Namespaced
   names:
-    kind: ExternalNode
     plural: externalnodes
+    singular: externalnode
+    kind: ExternalNode
     shortNames:
       - en
-    singular: externalnode
+
 ---
 # Source: crds/ippool.yaml
 apiVersion: apiextensions.k8s.io/v1
@@ -1792,6 +1796,9 @@ spec:
                                   x-kubernetes-preserve-unknown-fields: true
                             group:
                               type: string
+                            scope:
+                              type: string
+                              enum: ['Cluster', 'ClusterSet']
                       name:
                         type: string
                       enableLogging:
@@ -3211,6 +3218,9 @@ data:
     # Enable collecting support bundle files with SupportBundleCollection CRD.
     #  SupportBundleCollection: false
 
+    # Enable multi-cluster features.
+    #  Multicluster: false
+
     # The port for the antrea-controller APIServer to serve on.
     # Note that if it's set to another value, the `containerPort` of the `api` port of the
     # `antrea-controller` container must be set to the same value.
@@ -3266,6 +3276,11 @@ data:
       #   tls.crt: <CA certificate>
       #   tls.key: <CA private key>
       selfSignedCA: true
+
+    multicluster:
+      # Enable Multicluster which allow Antrea-native policies to select peers
+      # from other clusters in a ClusterSet.
+      enable: false
 ---
 # Source: antrea/templates/crds/group.yaml
 apiVersion: apiextensions.k8s.io/v1
@@ -3988,6 +4003,14 @@ rules:
       - supportbundlecollections/status
     verbs:
       - update
+  - apiGroups:
+      - multicluster.crd.antrea.io
+    resources:
+      - labelidentities
+    verbs:
+      - get
+      - list
+      - watch
 ---
 # Source: antrea/templates/crds-rbac/clusterroles.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -4165,7 +4188,7 @@ spec:
         kubectl.kubernetes.io/default-container: antrea-agent
         # Automatically restart Pods with a RollingUpdate if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 4aaa9260916de6b712215a4deb2b7694dceb17dba615f691f61aaecdd6a61abb
+        checksum/config: 6244d1a441fcf006e951fdced30f7a591bfeb6fcb2eb1277bc1c91304f3cf1c3
       labels:
         app: antrea
         component: antrea-agent
@@ -4405,7 +4428,7 @@ spec:
       annotations:
         # Automatically restart Pod if the ConfigMap changes
         # See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
-        checksum/config: 4aaa9260916de6b712215a4deb2b7694dceb17dba615f691f61aaecdd6a61abb
+        checksum/config: 6244d1a441fcf006e951fdced30f7a591bfeb6fcb2eb1277bc1c91304f3cf1c3
       labels:
         app: antrea
         component: antrea-controller