diff --git a/build/yamls/antrea-aks.yml b/build/yamls/antrea-aks.yml index 1b0d2d9a693..fa491dceb90 100644 --- a/build/yamls/antrea-aks.yml +++ b/build/yamls/antrea-aks.yml @@ -117,7 +117,9 @@ spec: spec: properties: childGroups: - x-kubernetes-preserve-unknown-fields: true + items: + type: string + type: array externalEntitySelector: properties: matchExpressions: @@ -236,6 +238,17 @@ metadata: app: antrea name: clustergroups.crd.antrea.io spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: antrea + namespace: kube-system + path: /convert/clustergroup + conversionReviewVersions: + - v1 + - v1beta1 group: crd.antrea.io names: kind: ClusterGroup @@ -252,7 +265,9 @@ spec: spec: properties: childGroups: - x-kubernetes-preserve-unknown-fields: true + items: + type: string + type: array externalEntitySelector: properties: matchExpressions: @@ -360,6 +375,118 @@ spec: type: object type: object served: true + storage: false + - name: v1alpha3 + schema: + openAPIV3Schema: + properties: + spec: + properties: + childGroups: + items: + type: string + type: array + externalEntitySelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + ipBlocks: + items: + properties: + cidr: + format: cidr + type: string + type: object + type: array + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + serviceReference: + properties: + name: + type: string + namespace: + type: string + type: object + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + type: string + status: + type: string + type: + type: string + type: object + type: array + type: object + type: object + served: true storage: true subresources: status: {} @@ -3105,6 +3232,13 @@ rules: - subjectaccessreviews verbs: - create +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - update - apiGroups: - "" resourceNames: @@ -4261,6 +4395,7 @@ webhooks: - apiGroups: - crd.antrea.io apiVersions: + - v1alpha3 - v1alpha2 operations: - CREATE diff --git a/build/yamls/antrea-eks.yml b/build/yamls/antrea-eks.yml index 037da35bf59..d1672cdb57c 100644 --- a/build/yamls/antrea-eks.yml +++ b/build/yamls/antrea-eks.yml @@ -117,7 +117,9 @@ spec: spec: properties: childGroups: - x-kubernetes-preserve-unknown-fields: true + items: + type: string + type: array externalEntitySelector: properties: matchExpressions: @@ -236,6 +238,17 @@ metadata: app: antrea name: clustergroups.crd.antrea.io spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: antrea + namespace: kube-system + path: /convert/clustergroup + conversionReviewVersions: + - v1 + - v1beta1 group: crd.antrea.io names: kind: ClusterGroup @@ -252,7 +265,9 @@ spec: spec: properties: childGroups: - x-kubernetes-preserve-unknown-fields: true + items: + type: string + type: array externalEntitySelector: properties: matchExpressions: @@ -360,6 +375,118 @@ spec: type: object type: object served: true + storage: false + - name: v1alpha3 + schema: + openAPIV3Schema: + properties: + spec: + properties: + childGroups: + items: + type: string + type: array + externalEntitySelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + ipBlocks: + items: + properties: + cidr: + format: cidr + type: string + type: object + type: array + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + serviceReference: + properties: + name: + type: string + namespace: + type: string + type: object + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + type: string + status: + type: string + type: + type: string + type: object + type: array + type: object + type: object + served: true storage: true subresources: status: {} @@ -3105,6 +3232,13 @@ rules: - subjectaccessreviews verbs: - create +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - update - apiGroups: - "" resourceNames: @@ -4263,6 +4397,7 @@ webhooks: - apiGroups: - crd.antrea.io apiVersions: + - v1alpha3 - v1alpha2 operations: - CREATE diff --git a/build/yamls/antrea-gke.yml b/build/yamls/antrea-gke.yml index ebc0136bd51..6712e154d6c 100644 --- a/build/yamls/antrea-gke.yml +++ b/build/yamls/antrea-gke.yml @@ -117,7 +117,9 @@ spec: spec: properties: childGroups: - x-kubernetes-preserve-unknown-fields: true + items: + type: string + type: array externalEntitySelector: properties: matchExpressions: @@ -236,6 +238,17 @@ metadata: app: antrea name: clustergroups.crd.antrea.io spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: antrea + namespace: kube-system + path: /convert/clustergroup + conversionReviewVersions: + - v1 + - v1beta1 group: crd.antrea.io names: kind: ClusterGroup @@ -252,7 +265,9 @@ spec: spec: properties: childGroups: - x-kubernetes-preserve-unknown-fields: true + items: + type: string + type: array externalEntitySelector: properties: matchExpressions: @@ -360,6 +375,118 @@ spec: type: object type: object served: true + storage: false + - name: v1alpha3 + schema: + openAPIV3Schema: + properties: + spec: + properties: + childGroups: + items: + type: string + type: array + externalEntitySelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + ipBlocks: + items: + properties: + cidr: + format: cidr + type: string + type: object + type: array + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + serviceReference: + properties: + name: + type: string + namespace: + type: string + type: object + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + type: string + status: + type: string + type: + type: string + type: object + type: array + type: object + type: object + served: true storage: true subresources: status: {} @@ -3105,6 +3232,13 @@ rules: - subjectaccessreviews verbs: - create +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - update - apiGroups: - "" resourceNames: @@ -4261,6 +4395,7 @@ webhooks: - apiGroups: - crd.antrea.io apiVersions: + - v1alpha3 - v1alpha2 operations: - CREATE diff --git a/build/yamls/antrea-ipsec.yml b/build/yamls/antrea-ipsec.yml index eca87b8a1f1..3bcf2d04073 100644 --- a/build/yamls/antrea-ipsec.yml +++ b/build/yamls/antrea-ipsec.yml @@ -117,7 +117,9 @@ spec: spec: properties: childGroups: - x-kubernetes-preserve-unknown-fields: true + items: + type: string + type: array externalEntitySelector: properties: matchExpressions: @@ -236,6 +238,17 @@ metadata: app: antrea name: clustergroups.crd.antrea.io spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: antrea + namespace: kube-system + path: /convert/clustergroup + conversionReviewVersions: + - v1 + - v1beta1 group: crd.antrea.io names: kind: ClusterGroup @@ -252,7 +265,9 @@ spec: spec: properties: childGroups: - x-kubernetes-preserve-unknown-fields: true + items: + type: string + type: array externalEntitySelector: properties: matchExpressions: @@ -360,6 +375,118 @@ spec: type: object type: object served: true + storage: false + - name: v1alpha3 + schema: + openAPIV3Schema: + properties: + spec: + properties: + childGroups: + items: + type: string + type: array + externalEntitySelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + ipBlocks: + items: + properties: + cidr: + format: cidr + type: string + type: object + type: array + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + serviceReference: + properties: + name: + type: string + namespace: + type: string + type: object + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + type: string + status: + type: string + type: + type: string + type: object + type: array + type: object + type: object + served: true storage: true subresources: status: {} @@ -3105,6 +3232,13 @@ rules: - subjectaccessreviews verbs: - create +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - update - apiGroups: - "" resourceNames: @@ -4310,6 +4444,7 @@ webhooks: - apiGroups: - crd.antrea.io apiVersions: + - v1alpha3 - v1alpha2 operations: - CREATE diff --git a/build/yamls/antrea.yml b/build/yamls/antrea.yml index fb9cfde15a3..ef6e58ddcb9 100644 --- a/build/yamls/antrea.yml +++ b/build/yamls/antrea.yml @@ -117,7 +117,9 @@ spec: spec: properties: childGroups: - x-kubernetes-preserve-unknown-fields: true + items: + type: string + type: array externalEntitySelector: properties: matchExpressions: @@ -236,6 +238,17 @@ metadata: app: antrea name: clustergroups.crd.antrea.io spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: antrea + namespace: kube-system + path: /convert/clustergroup + conversionReviewVersions: + - v1 + - v1beta1 group: crd.antrea.io names: kind: ClusterGroup @@ -252,7 +265,9 @@ spec: spec: properties: childGroups: - x-kubernetes-preserve-unknown-fields: true + items: + type: string + type: array externalEntitySelector: properties: matchExpressions: @@ -360,6 +375,118 @@ spec: type: object type: object served: true + storage: false + - name: v1alpha3 + schema: + openAPIV3Schema: + properties: + spec: + properties: + childGroups: + items: + type: string + type: array + externalEntitySelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + ipBlocks: + items: + properties: + cidr: + format: cidr + type: string + type: object + type: array + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object + serviceReference: + properties: + name: + type: string + namespace: + type: string + type: object + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + type: string + status: + type: string + type: + type: string + type: object + type: array + type: object + type: object + served: true storage: true subresources: status: {} @@ -3105,6 +3232,13 @@ rules: - subjectaccessreviews verbs: - create +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - update - apiGroups: - "" resourceNames: @@ -4266,6 +4400,7 @@ webhooks: - apiGroups: - crd.antrea.io apiVersions: + - v1alpha3 - v1alpha2 operations: - CREATE diff --git a/build/yamls/base/controller-rbac.yml b/build/yamls/base/controller-rbac.yml index 91c9e7b3304..efdd54f8e04 100644 --- a/build/yamls/base/controller-rbac.yml +++ b/build/yamls/base/controller-rbac.yml @@ -41,6 +41,13 @@ rules: - subjectaccessreviews verbs: - create + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - update # This is the content of built-in role kube-system/extension-apiserver-authentication-reader. # But it doesn't have list/watch permission before K8s v1.17.0 so the extension apiserver (antrea-controller) will # have permission issue after bumping up apiserver library to a version that supports dynamic authentication. diff --git a/build/yamls/base/controller.yml b/build/yamls/base/controller.yml index 03e81350b9e..8aae4717033 100644 --- a/build/yamls/base/controller.yml +++ b/build/yamls/base/controller.yml @@ -132,7 +132,7 @@ webhooks: rules: - operations: ["CREATE", "UPDATE", "DELETE"] apiGroups: ["crd.antrea.io"] - apiVersions: ["v1alpha2"] + apiVersions: ["v1alpha3", "v1alpha2"] resources: ["clustergroups"] scope: "Cluster" admissionReviewVersions: ["v1", "v1beta1"] diff --git a/build/yamls/base/crds.yml b/build/yamls/base/crds.yml index efa2d5b63cd..d1d80929864 100644 --- a/build/yamls/base/crds.yml +++ b/build/yamls/base/crds.yml @@ -1264,7 +1264,7 @@ spec: versions: - name: v1alpha2 served: true - storage: true + storage: false schema: openAPIV3Schema: type: object @@ -1273,7 +1273,9 @@ spec: type: object properties: childGroups: - x-kubernetes-preserve-unknown-fields: true + type: array + items: + type: string podSelector: type: object properties: @@ -1378,8 +1380,129 @@ spec: type: string lastTransitionTime: type: string + - name: v1alpha3 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + childGroups: + type: array + items: + type: string + podSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + externalEntitySelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + ipBlocks: + type: array + items: + type: object + properties: + cidr: + type: string + format: cidr + serviceReference: + type: object + properties: + name: + type: string + namespace: + type: string + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + lastTransitionTime: + type: string subresources: status: {} + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: "antrea" + namespace: "kube-system" + path: "/convert/clustergroup" scope: Cluster names: plural: clustergroups @@ -2506,7 +2629,9 @@ spec: type: object properties: childGroups: - x-kubernetes-preserve-unknown-fields: true + type: array + items: + type: string podSelector: type: object properties: diff --git a/cmd/antrea-agent-simulator/simulator.go b/cmd/antrea-agent-simulator/simulator.go index daab56a13df..7f6db4da39f 100644 --- a/cmd/antrea-agent-simulator/simulator.go +++ b/cmd/antrea-agent-simulator/simulator.go @@ -38,7 +38,7 @@ import ( func run() error { klog.Infof("Starting Antrea agent simulator (version %s)", version.GetFullVersion()) - k8sClient, _, _, err := k8s.CreateClients(componentbaseconfig.ClientConnectionConfiguration{}, "") + k8sClient, _, _, _, err := k8s.CreateClients(componentbaseconfig.ClientConnectionConfiguration{}, "") if err != nil { return fmt.Errorf("error creating K8s clients: %v", err) } diff --git a/cmd/antrea-agent/agent.go b/cmd/antrea-agent/agent.go index f895dc43463..2f9562519a4 100644 --- a/cmd/antrea-agent/agent.go +++ b/cmd/antrea-agent/agent.go @@ -64,7 +64,7 @@ const informerDefaultResync = 12 * time.Hour func run(o *Options) error { klog.Infof("Starting Antrea agent (version %s)", version.GetFullVersion()) // Create K8s Clientset, CRD Clientset and SharedInformerFactory for the given config. - k8sClient, _, crdClient, err := k8s.CreateClients(o.config.ClientConnection, o.config.KubeAPIServerOverride) + k8sClient, _, crdClient, _, err := k8s.CreateClients(o.config.ClientConnection, o.config.KubeAPIServerOverride) if err != nil { return fmt.Errorf("error creating K8s clients: %v", err) } diff --git a/cmd/antrea-controller/controller.go b/cmd/antrea-controller/controller.go index 8c444edad51..022ac55a8a7 100644 --- a/cmd/antrea-controller/controller.go +++ b/cmd/antrea-controller/controller.go @@ -22,6 +22,7 @@ import ( "path" "time" + apiextensionclientset "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset" genericopenapi "k8s.io/apiserver/pkg/endpoints/openapi" genericapiserver "k8s.io/apiserver/pkg/server" genericoptions "k8s.io/apiserver/pkg/server/options" @@ -88,6 +89,7 @@ var allowedPaths = []string{ "/validate/acnp", "/validate/anp", "/validate/clustergroup", + "/convert/clustergroup", } // run starts Antrea Controller with the given options and waits for termination signal. @@ -96,7 +98,7 @@ func run(o *Options) error { // Create K8s Clientset, Aggregator Clientset, CRD Clientset and SharedInformerFactory for the given config. // Aggregator Clientset is used to update the CABundle of the APIServices backed by antrea-controller so that // the aggregator can verify its serving certificate. - client, aggregatorClient, crdClient, err := k8s.CreateClients(o.config.ClientConnection, "") + client, aggregatorClient, crdClient, apiExtensionClient, err := k8s.CreateClients(o.config.ClientConnection, "") if err != nil { return fmt.Errorf("error creating K8s clients: %v", err) } @@ -112,7 +114,8 @@ func run(o *Options) error { anpInformer := crdInformerFactory.Crd().V1alpha1().NetworkPolicies() tierInformer := crdInformerFactory.Crd().V1alpha1().Tiers() tfInformer := crdInformerFactory.Crd().V1alpha1().Traceflows() - cgInformer := crdInformerFactory.Crd().V1alpha2().ClusterGroups() + cgv1a2Informer := crdInformerFactory.Crd().V1alpha2().ClusterGroups() + cgInformer := crdInformerFactory.Crd().V1alpha3().ClusterGroups() egressInformer := crdInformerFactory.Crd().V1alpha2().Egresses() clusterIdentityAllocator := clusteridentity.NewClusterIdentityAllocator( @@ -195,11 +198,11 @@ func run(o *Options) error { tierMirroringHandler, "Tier") - cgMirroringHandler := crdhandler.NewClusterGroupHandler(cgInformer.Lister(), + cgMirroringHandler := crdhandler.NewClusterGroupHandler(cgv1a2Informer.Lister(), legacyCGInformer.Lister(), crdClient.CrdV1alpha2().ClusterGroups(), legacyCRDClient.CoreV1alpha2().ClusterGroups()) - cgMirroringController = crdmirroring.NewController(cgInformer.Informer(), + cgMirroringController = crdmirroring.NewController(cgv1a2Informer.Informer(), legacyCGInformer.Informer(), cgMirroringHandler, "ClusterGroup") @@ -257,6 +260,7 @@ func run(o *Options) error { apiServerConfig, err := createAPIServerConfig(o.config.ClientConnection.Kubeconfig, client, aggregatorClient, + apiExtensionClient, o.config.SelfSignedCert, o.config.APIPort, addressGroupStore, @@ -346,6 +350,7 @@ func run(o *Options) error { func createAPIServerConfig(kubeconfig string, client clientset.Interface, aggregatorClient aggregatorclientset.Interface, + apiExtensionClient apiextensionclientset.Interface, selfSignedCert bool, bindPort int, addressGroupStore storage.Interface, @@ -365,7 +370,7 @@ func createAPIServerConfig(kubeconfig string, authentication := genericoptions.NewDelegatingAuthenticationOptions() authorization := genericoptions.NewDelegatingAuthorizationOptions().WithAlwaysAllowPaths(allowedPaths...) - caCertController, err := certificate.ApplyServerCert(selfSignedCert, client, aggregatorClient, secureServing) + caCertController, err := certificate.ApplyServerCert(selfSignedCert, client, aggregatorClient, apiExtensionClient, secureServing) if err != nil { return nil, fmt.Errorf("error applying server cert: %v", err) } diff --git a/go.mod b/go.mod index 175f7eeef3d..a5add332b31 100644 --- a/go.mod +++ b/go.mod @@ -27,6 +27,7 @@ require ( github.com/golang/protobuf v1.4.3 github.com/google/uuid v1.1.2 github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd + github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.7.1 github.com/prometheus/common v0.10.0 @@ -53,6 +54,7 @@ require ( gopkg.in/natefinch/lumberjack.v2 v2.0.0 gopkg.in/yaml.v2 v2.4.0 k8s.io/api v0.21.0 + k8s.io/apiextensions-apiserver v0.21.0 k8s.io/apimachinery v0.21.0 k8s.io/apiserver v0.21.0 k8s.io/client-go v0.21.0 diff --git a/go.sum b/go.sum index 71e25f7ac24..4f4af3eb1d5 100644 --- a/go.sum +++ b/go.sum @@ -970,6 +970,8 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9 k8s.io/api v0.18.4/go.mod h1:lOIQAKYgai1+vz9J7YcDZwC26Z0zQewYOGWdyIPUUQ4= k8s.io/api v0.21.0 h1:gu5iGF4V6tfVCQ/R+8Hc0h7H1JuEhzyEi9S4R5LM8+Y= k8s.io/api v0.21.0/go.mod h1:+YbrhBBGgsxbF6o6Kj4KJPJnBmAKuXDeS3E18bgHNVU= +k8s.io/apiextensions-apiserver v0.21.0 h1:Nd4uBuweg6ImzbxkC1W7xUNZcCV/8Vt10iTdTIVF3hw= +k8s.io/apiextensions-apiserver v0.21.0/go.mod h1:gsQGNtGkc/YoDG9loKI0V+oLZM4ljRPjc/sql5tmvzc= k8s.io/apimachinery v0.18.4/go.mod h1:OaXp26zu/5J7p0f92ASynJa1pZo06YlV9fG7BoWbCko= k8s.io/apimachinery v0.21.0 h1:3Fx+41if+IRavNcKOz09FwEXDBG6ORh6iMsTSelhkMA= k8s.io/apimachinery v0.21.0/go.mod h1:jbreFvJo3ov9rj7eWT7+sYiRx+qZuCYXwWT1bcDswPY= diff --git a/hack/update-codegen-dockerized.sh b/hack/update-codegen-dockerized.sh index eab9b83d6c9..85f6bb3b44e 100755 --- a/hack/update-codegen-dockerized.sh +++ b/hack/update-codegen-dockerized.sh @@ -48,6 +48,7 @@ $GOPATH/bin/client-gen \ --input "system/v1beta1" \ --input "crd/v1alpha1" \ --input "crd/v1alpha2" \ + --input "crd/v1alpha3" \ --input "crd/v1beta1" \ --input "stats/v1alpha1" \ --output-package "${ANTREA_PKG}/pkg/client/clientset" \ @@ -61,6 +62,7 @@ $GOPATH/bin/client-gen \ $GOPATH/bin/lister-gen \ --input-dirs "${ANTREA_PKG}/pkg/apis/crd/v1alpha1" \ --input-dirs "${ANTREA_PKG}/pkg/apis/crd/v1alpha2" \ + --input-dirs "${ANTREA_PKG}/pkg/apis/crd/v1alpha3" \ --input-dirs "${ANTREA_PKG}/pkg/apis/crd/v1beta1" \ --output-package "${ANTREA_PKG}/pkg/client/listers" \ --go-header-file hack/boilerplate/license_header.go.txt @@ -69,6 +71,7 @@ $GOPATH/bin/lister-gen \ $GOPATH/bin/informer-gen \ --input-dirs "${ANTREA_PKG}/pkg/apis/crd/v1alpha1" \ --input-dirs "${ANTREA_PKG}/pkg/apis/crd/v1alpha2" \ + --input-dirs "${ANTREA_PKG}/pkg/apis/crd/v1alpha3" \ --input-dirs "${ANTREA_PKG}/pkg/apis/crd/v1beta1" \ --versioned-clientset-package "${ANTREA_PKG}/pkg/client/clientset/versioned" \ --listers-package "${ANTREA_PKG}/pkg/client/listers" \ @@ -82,6 +85,7 @@ $GOPATH/bin/deepcopy-gen \ --input-dirs "${ANTREA_PKG}/pkg/apis/system/v1beta1" \ --input-dirs "${ANTREA_PKG}/pkg/apis/crd/v1alpha1" \ --input-dirs "${ANTREA_PKG}/pkg/apis/crd/v1alpha2" \ + --input-dirs "${ANTREA_PKG}/pkg/apis/crd/v1alpha3" \ --input-dirs "${ANTREA_PKG}/pkg/apis/crd/v1beta1" \ --input-dirs "${ANTREA_PKG}/pkg/apis/stats" \ --input-dirs "${ANTREA_PKG}/pkg/apis/stats/v1alpha1" \ diff --git a/pkg/agent/cniserver/ipam/testing/mock_ipam.go b/pkg/agent/cniserver/ipam/testing/mock_ipam.go index adaa7ea5719..23fcb3dd210 100644 --- a/pkg/agent/cniserver/ipam/testing/mock_ipam.go +++ b/pkg/agent/cniserver/ipam/testing/mock_ipam.go @@ -1,4 +1,4 @@ -// Copyright 2020 Antrea Authors +// Copyright 2021 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/pkg/apis/crd/v1alpha3/doc.go b/pkg/apis/crd/v1alpha3/doc.go new file mode 100644 index 00000000000..5ad2c22cb11 --- /dev/null +++ b/pkg/apis/crd/v1alpha3/doc.go @@ -0,0 +1,19 @@ +// Copyright 2021 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +k8s:openapi-gen=true +// +k8s:deepcopy-gen=package +// +groupName=crd.antrea.io + +package v1alpha3 // import "antrea.io/antrea/pkg/apis/crd/v1alpha3" diff --git a/pkg/apis/crd/v1alpha3/register.go b/pkg/apis/crd/v1alpha3/register.go new file mode 100644 index 00000000000..f5fddd90c4e --- /dev/null +++ b/pkg/apis/crd/v1alpha3/register.go @@ -0,0 +1,53 @@ +// Copyright 2021 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package v1alpha3 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +// GroupName is the group name used in this package. +const GroupName = "crd.antrea.io" + +// SchemeGroupVersion is group version used to register these objects. +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha3"} + +// Kind takes an unqualified kind and returns back a Group qualified GroupKind +func Kind(kind string) schema.GroupKind { + return SchemeGroupVersion.WithKind(kind).GroupKind() +} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource. +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +var ( + SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) + AddToScheme = SchemeBuilder.AddToScheme +) + +// Adds the list of known types to the given scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &ClusterGroup{}, + &ClusterGroupList{}, + ) + + metav1.AddToGroupVersion(scheme, SchemeGroupVersion) + return nil +} diff --git a/pkg/apis/crd/v1alpha3/types.go b/pkg/apis/crd/v1alpha3/types.go new file mode 100644 index 00000000000..0bba85530b1 --- /dev/null +++ b/pkg/apis/crd/v1alpha3/types.go @@ -0,0 +1,109 @@ +// Copyright 2021 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package v1alpha3 + +import ( + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "antrea.io/antrea/pkg/apis/crd/v1alpha1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +type ClusterGroup struct { + metav1.TypeMeta `json:",inline"` + // Standard metadata of the object. + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Desired state of the group. + Spec GroupSpec `json:"spec"` + // Most recently observed status of the group. + Status GroupStatus `json:"status"` +} + +type GroupSpec struct { + // Select Pods matching the labels set in the PodSelector in + // AppliedTo/To/From fields. If set with NamespaceSelector, Pods are + // matched from Namespaces matched by the NamespaceSelector. + // Cannot be set with any other selector except NamespaceSelector. + // +optional + PodSelector *metav1.LabelSelector `json:"podSelector,omitempty"` + // Select all Pods from Namespaces matched by this selector, as + // workloads in AppliedTo/To/From fields. If set with PodSelector, + // Pods are matched from Namespaces matched by the NamespaceSelector. + // Cannot be set with any other selector except PodSelector. + // +optional + NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"` + // IPBlocks describe the IPAddresses/IPBlocks that are matched in to/from. + // IPBlocks cannot be set as part of the AppliedTo field. + // Cannot be set with any other selector or ServiceReference. + // +optional + IPBlocks []v1alpha1.IPBlock `json:"ipBlocks,omitempty"` + // Select backend Pods of the referred Service. + // Cannot be set with any other selector or ipBlock. + // +optional + ServiceReference *ServiceReference `json:"serviceReference,omitempty"` + // Select ExternalEntities from all Namespaces as workloads + // in AppliedTo/To/From fields. If set with NamespaceSelector, + // ExternalEntities are matched from Namespaces matched by the + // NamespaceSelector. + // Cannot be set with any other selector except NamespaceSelector. + // +optional + ExternalEntitySelector *metav1.LabelSelector `json:"externalEntitySelector,omitempty"` + // Select other ClusterGroups by name. The ClusterGroups must already + // exist and must not contain ChildGroups themselves. + // Cannot be set with any selector/IPBlock/ServiceReference. + // +optional + ChildGroups []ClusterGroupReference `json:"childGroups,omitempty"` +} + +type GroupConditionType string + +const GroupMembersComputed GroupConditionType = "GroupMembersComputed" + +type GroupCondition struct { + Type GroupConditionType `json:"type"` + Status v1.ConditionStatus `json:"status"` + LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"` +} + +// GroupStatus represents information about the status of a Group. +type GroupStatus struct { + Conditions []GroupCondition `json:"conditions,omitempty"` +} + +// ServiceReference represent reference to a v1.Service. +type ServiceReference struct { + // Name of the Service + Name string `json:"name,omitempty"` + // Namespace of the Service + Namespace string `json:"namespace,omitempty"` +} + +// ClusterGroupReference represent reference to a ClusterGroup. +type ClusterGroupReference string + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +type ClusterGroupList struct { + metav1.TypeMeta `json:",inline"` + // +optional + metav1.ListMeta `json:"metadata,omitempty"` + + Items []ClusterGroup `json:"items,omitempty"` +} diff --git a/pkg/apis/crd/v1alpha3/zz_generated.deepcopy.go b/pkg/apis/crd/v1alpha3/zz_generated.deepcopy.go new file mode 100644 index 00000000000..f05d6e2537a --- /dev/null +++ b/pkg/apis/crd/v1alpha3/zz_generated.deepcopy.go @@ -0,0 +1,188 @@ +// +build !ignore_autogenerated + +// Copyright 2021 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1alpha3 + +import ( + v1alpha1 "antrea.io/antrea/pkg/apis/crd/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterGroup) DeepCopyInto(out *ClusterGroup) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterGroup. +func (in *ClusterGroup) DeepCopy() *ClusterGroup { + if in == nil { + return nil + } + out := new(ClusterGroup) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterGroup) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterGroupList) DeepCopyInto(out *ClusterGroupList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ClusterGroup, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterGroupList. +func (in *ClusterGroupList) DeepCopy() *ClusterGroupList { + if in == nil { + return nil + } + out := new(ClusterGroupList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterGroupList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupCondition) DeepCopyInto(out *GroupCondition) { + *out = *in + in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupCondition. +func (in *GroupCondition) DeepCopy() *GroupCondition { + if in == nil { + return nil + } + out := new(GroupCondition) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupSpec) DeepCopyInto(out *GroupSpec) { + *out = *in + if in.PodSelector != nil { + in, out := &in.PodSelector, &out.PodSelector + *out = new(v1.LabelSelector) + (*in).DeepCopyInto(*out) + } + if in.NamespaceSelector != nil { + in, out := &in.NamespaceSelector, &out.NamespaceSelector + *out = new(v1.LabelSelector) + (*in).DeepCopyInto(*out) + } + if in.IPBlocks != nil { + in, out := &in.IPBlocks, &out.IPBlocks + *out = make([]v1alpha1.IPBlock, len(*in)) + copy(*out, *in) + } + if in.ServiceReference != nil { + in, out := &in.ServiceReference, &out.ServiceReference + *out = new(ServiceReference) + **out = **in + } + if in.ExternalEntitySelector != nil { + in, out := &in.ExternalEntitySelector, &out.ExternalEntitySelector + *out = new(v1.LabelSelector) + (*in).DeepCopyInto(*out) + } + if in.ChildGroups != nil { + in, out := &in.ChildGroups, &out.ChildGroups + *out = make([]ClusterGroupReference, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupSpec. +func (in *GroupSpec) DeepCopy() *GroupSpec { + if in == nil { + return nil + } + out := new(GroupSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupStatus) DeepCopyInto(out *GroupStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]GroupCondition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupStatus. +func (in *GroupStatus) DeepCopy() *GroupStatus { + if in == nil { + return nil + } + out := new(GroupStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceReference) DeepCopyInto(out *ServiceReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceReference. +func (in *ServiceReference) DeepCopy() *ServiceReference { + if in == nil { + return nil + } + out := new(ServiceReference) + in.DeepCopyInto(out) + return out +} diff --git a/pkg/apiserver/apiserver.go b/pkg/apiserver/apiserver.go index 696bf3bdc55..69d698211b8 100644 --- a/pkg/apiserver/apiserver.go +++ b/pkg/apiserver/apiserver.go @@ -301,6 +301,9 @@ func installHandlers(c *ExtraConfig, s *genericapiserver.GenericAPIServer) { s.Handler.NonGoRestfulMux.HandleFunc("/validate/anp", webhook.HandleValidationNetworkPolicy(v)) s.Handler.NonGoRestfulMux.HandleFunc("/validate/clustergroup", webhook.HandleValidationNetworkPolicy(v)) + // Install handlers for CRD conversion between versions + s.Handler.NonGoRestfulMux.HandleFunc("/convert/clustergroup", webhook.HandleCRDConversion(controllernetworkpolicy.ConvertClusterGroupCRD)) + // Install a post start hook to initialize Tiers on start-up s.AddPostStartHook("initialize-tiers", func(context genericapiserver.PostStartHookContext) error { go c.networkPolicyController.InitializeTiers() diff --git a/pkg/apiserver/certificate/cacert_controller.go b/pkg/apiserver/certificate/cacert_controller.go index c82ffd57056..7c2104faaf0 100644 --- a/pkg/apiserver/certificate/cacert_controller.go +++ b/pkg/apiserver/certificate/cacert_controller.go @@ -23,6 +23,8 @@ import ( v1 "k8s.io/api/admissionregistration/v1" corev1 "k8s.io/api/core/v1" + apiextensionv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + apiextensionclientset "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset" "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" @@ -67,6 +69,9 @@ var ( optionalMutationWebhooks = []string{ "labelsmutator.antrea.io", } + crdsWithConversionWebhooks = []string{ + "clustergroups.crd.antrea.io", + } ) // CACertController is responsible for taking the CA certificate from the @@ -79,8 +84,9 @@ type CACertController struct { // queue only ever has one item, but it has nice error handling backoff/retry semantics queue workqueue.RateLimitingInterface - client kubernetes.Interface - aggregatorClient clientset.Interface + client kubernetes.Interface + aggregatorClient clientset.Interface + apiExtensionClient apiextensionclientset.Interface } var _ dynamiccertificates.Listener = &CACertController{} @@ -92,12 +98,14 @@ func GetCAConfigMapNamespace() string { func newCACertController(caContentProvider dynamiccertificates.CAContentProvider, client kubernetes.Interface, aggregatorClient clientset.Interface, + apiExtensionClient apiextensionclientset.Interface, ) *CACertController { c := &CACertController{ - caContentProvider: caContentProvider, - queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "CACertController"), - client: client, - aggregatorClient: aggregatorClient, + caContentProvider: caContentProvider, + queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "CACertController"), + client: client, + aggregatorClient: aggregatorClient, + apiExtensionClient: apiExtensionClient, } if notifier, ok := caContentProvider.(dynamiccertificates.Notifier); ok { notifier.AddListener(c) @@ -146,6 +154,9 @@ func (c *CACertController) syncCACert() error { if err := c.syncValidatingWebhooks(caCert); err != nil { return err } + if err := c.syncConversionWebhooks(caCert); err != nil { + return err + } } return nil } @@ -180,6 +191,30 @@ func (c *CACertController) syncMutatingWebhooks(caCert []byte) error { return nil } +func (c *CACertController) syncConversionWebhooks(caCert []byte) error { + klog.Info("Syncing CA certificate with CRDs that have conversion webhooks") + for _, name := range crdsWithConversionWebhooks { + crdDef, err := c.apiExtensionClient.ApiextensionsV1().CustomResourceDefinitions().Get(context.TODO(), name, metav1.GetOptions{}) + if err != nil { + return fmt.Errorf("error getting CRD definition for %s: %v", name, err) + } + if crdDef.Spec.Conversion == nil || crdDef.Spec.Conversion.Strategy != apiextensionv1.WebhookConverter { + return fmt.Errorf("CRD %s does not have webhook conversion registered", name) + } + updated := false + if !bytes.Equal(crdDef.Spec.Conversion.Webhook.ClientConfig.CABundle, caCert) { + updated = true + crdDef.Spec.Conversion.Webhook.ClientConfig.CABundle = caCert + } + if updated { + if _, err := c.apiExtensionClient.ApiextensionsV1().CustomResourceDefinitions().Update(context.TODO(), crdDef, metav1.UpdateOptions{}); err != nil { + return err + } + } + } + return nil +} + func (c *CACertController) patchWebhookWithCACert(webhookCfg *v1.MutatingWebhookConfiguration, caCert []byte) error { updated := false for idx, webhook := range webhookCfg.Webhooks { diff --git a/pkg/apiserver/certificate/certificate.go b/pkg/apiserver/certificate/certificate.go index 24c75ed861a..2eed5b5bf52 100644 --- a/pkg/apiserver/certificate/certificate.go +++ b/pkg/apiserver/certificate/certificate.go @@ -21,6 +21,7 @@ import ( "path" "time" + apiextensionclientset "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset" "k8s.io/apimachinery/pkg/util/wait" "k8s.io/apiserver/pkg/server/dynamiccertificates" "k8s.io/apiserver/pkg/server/options" @@ -66,7 +67,10 @@ func GetAntreaServerNames() []string { return []string{antreaServerName} } -func ApplyServerCert(selfSignedCert bool, client kubernetes.Interface, aggregatorClient clientset.Interface, +func ApplyServerCert(selfSignedCert bool, + client kubernetes.Interface, + aggregatorClient clientset.Interface, + apiExtensionClient apiextensionclientset.Interface, secureServing *options.SecureServingOptionsWithLoopback) (*CACertController, error) { var err error var caContentProvider dynamiccertificates.CAContentProvider @@ -105,7 +109,7 @@ func ApplyServerCert(selfSignedCert bool, client kubernetes.Interface, aggregato } } - caCertController := newCACertController(caContentProvider, client, aggregatorClient) + caCertController := newCACertController(caContentProvider, client, aggregatorClient, apiExtensionClient) if selfSignedCert { go rotateSelfSignedCertificates(caCertController, secureServing, maxRotateDuration) diff --git a/pkg/apiserver/certificate/certificate_test.go b/pkg/apiserver/certificate/certificate_test.go index 759e48f901d..ee11a74204d 100644 --- a/pkg/apiserver/certificate/certificate_test.go +++ b/pkg/apiserver/certificate/certificate_test.go @@ -23,6 +23,7 @@ import ( "time" "github.com/stretchr/testify/assert" + fakeapiextensionclientset "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/fake" "k8s.io/apimachinery/pkg/util/wait" genericoptions "k8s.io/apiserver/pkg/server/options" fakeclientset "k8s.io/client-go/kubernetes/fake" @@ -183,7 +184,8 @@ func TestApplyServerCert(t *testing.T) { clientset := fakeclientset.NewSimpleClientset() aggregatorClientset := fakeaggregatorclientset.NewSimpleClientset() - got, err := ApplyServerCert(tt.selfSignedCert, clientset, aggregatorClientset, secureServing) + apiExtensionClient := fakeapiextensionclientset.NewSimpleClientset() + got, err := ApplyServerCert(tt.selfSignedCert, clientset, aggregatorClientset, apiExtensionClient, secureServing) if err != nil || tt.wantErr { if (err != nil) != tt.wantErr { diff --git a/pkg/apiserver/handlers/webhook/convert_crd.go b/pkg/apiserver/handlers/webhook/convert_crd.go new file mode 100644 index 00000000000..bd1d5024151 --- /dev/null +++ b/pkg/apiserver/handlers/webhook/convert_crd.go @@ -0,0 +1,240 @@ +// Copyright 2021 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// Adapted from https://github.com/kubernetes/kubernetes/blob/master/test/images/agnhost/crd-conversion-webhook/converter/framework.go + +package webhook + +import ( + "fmt" + "html" + "io/ioutil" + "net/http" + "strings" + + "github.com/munnerz/goautoneg" + v1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/serializer/json" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" + "k8s.io/klog/v2" +) + +// convertFunc is the user defined function for any conversion. The code in this file is a +// template that can be use for any CR conversion given this function. +type convertFunc func(Object *unstructured.Unstructured, version string) (*unstructured.Unstructured, metav1.Status) + +func statusSucceed() metav1.Status { + return metav1.Status{ + Status: metav1.StatusSuccess, + } +} + +// doConversionV1beta1 converts the requested objects in the v1beta1 ConversionRequest using the given conversion function and +// returns a conversion response. Failures are reported with the Reason in the conversion response. +func doConversionV1beta1(convertRequest *v1beta1.ConversionRequest, convert convertFunc) *v1beta1.ConversionResponse { + var convertedObjects []runtime.RawExtension + for _, obj := range convertRequest.Objects { + cr := unstructured.Unstructured{} + if err := cr.UnmarshalJSON(obj.Raw); err != nil { + klog.Error(err) + return &v1beta1.ConversionResponse{ + Result: metav1.Status{ + Message: fmt.Sprintf("failed to unmarshall object (%v) with error: %v", string(obj.Raw), err), + Status: metav1.StatusFailure, + }, + } + } + convertedCR, status := convert(&cr, convertRequest.DesiredAPIVersion) + if status.Status != metav1.StatusSuccess { + klog.Error(status.String()) + return &v1beta1.ConversionResponse{ + Result: status, + } + } + convertedCR.SetAPIVersion(convertRequest.DesiredAPIVersion) + convertedObjects = append(convertedObjects, runtime.RawExtension{Object: convertedCR}) + } + return &v1beta1.ConversionResponse{ + ConvertedObjects: convertedObjects, + Result: statusSucceed(), + } +} + +// doConversionV1 converts the requested objects in the v1 ConversionRequest using the given conversion function and +// returns a conversion response. Failures are reported with the Reason in the conversion response. +func doConversionV1(convertRequest *v1.ConversionRequest, convert convertFunc) *v1.ConversionResponse { + var convertedObjects []runtime.RawExtension + for _, obj := range convertRequest.Objects { + cr := unstructured.Unstructured{} + if err := cr.UnmarshalJSON(obj.Raw); err != nil { + klog.Error(err) + return &v1.ConversionResponse{ + Result: metav1.Status{ + Message: fmt.Sprintf("failed to unmarshall object (%v) with error: %v", string(obj.Raw), err), + Status: metav1.StatusFailure, + }, + } + } + convertedCR, status := convert(&cr, convertRequest.DesiredAPIVersion) + if status.Status != metav1.StatusSuccess { + klog.Error(status.String()) + return &v1.ConversionResponse{ + Result: status, + } + } + convertedCR.SetAPIVersion(convertRequest.DesiredAPIVersion) + convertedObjects = append(convertedObjects, runtime.RawExtension{Object: convertedCR}) + } + return &v1.ConversionResponse{ + ConvertedObjects: convertedObjects, + Result: statusSucceed(), + } +} + +func HandleCRDConversion(crdConvertFunc convertFunc) http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + klog.V(2).Info("Received request to convert CRD version") + var body []byte + if r.Body != nil { + if data, err := ioutil.ReadAll(r.Body); err == nil { + body = data + } + } + contentType := r.Header.Get("Content-Type") + serializer := getInputSerializer(contentType) + if serializer == nil { + msg := fmt.Sprintf("Invalid Content-Type=%s, expected application/json or application/yaml", contentType) + klog.Error(msg) + http.Error(w, html.EscapeString(msg), http.StatusUnsupportedMediaType) + return + } + klog.V(2).Infof("Handling request: %v", body) + obj, gvk, err := serializer.Decode(body, nil, nil) + if err != nil { + msg := fmt.Sprintf("failed to deserialize body (%v) with error %v", string(body), err) + klog.Error(err) + http.Error(w, html.EscapeString(msg), http.StatusBadRequest) + return + } + + var responseObj runtime.Object + switch *gvk { + case v1beta1.SchemeGroupVersion.WithKind("ConversionReview"): + convertReview, ok := obj.(*v1beta1.ConversionReview) + if !ok { + msg := fmt.Sprintf("Expected v1beta1.ConversionReview but got: %T", obj) + klog.Errorf(msg) + http.Error(w, html.EscapeString(msg), http.StatusBadRequest) + return + } + convertReview.Response = doConversionV1beta1(convertReview.Request, crdConvertFunc) + convertReview.Response.UID = convertReview.Request.UID + klog.V(2).Info(fmt.Sprintf("sending response: %v", convertReview.Response)) + + // reset the request, it is not needed in a response. + convertReview.Request = &v1beta1.ConversionRequest{} + responseObj = convertReview + case v1.SchemeGroupVersion.WithKind("ConversionReview"): + convertReview, ok := obj.(*v1.ConversionReview) + if !ok { + msg := fmt.Sprintf("Expected v1.ConversionReview but got: %T", obj) + klog.Errorf(msg) + http.Error(w, html.EscapeString(msg), http.StatusBadRequest) + return + } + convertReview.Response = doConversionV1(convertReview.Request, crdConvertFunc) + convertReview.Response.UID = convertReview.Request.UID + klog.V(2).Info(fmt.Sprintf("sending response: %v", convertReview.Response)) + + // reset the request, it is not needed in a response. + convertReview.Request = &v1.ConversionRequest{} + responseObj = convertReview + default: + msg := fmt.Sprintf("Unsupported group version kind: %v", gvk) + klog.Error(err) + http.Error(w, msg, http.StatusBadRequest) + return + } + + accept := r.Header.Get("Accept") + outSerializer := getOutputSerializer(accept) + if outSerializer == nil { + msg := fmt.Sprintf("invalid accept header `%s`", accept) + klog.Errorf(msg) + http.Error(w, html.EscapeString(msg), http.StatusBadRequest) + return + } + err = outSerializer.Encode(responseObj, w) // lgtm[go/reflected-xss] + if err != nil { + klog.Error(err) + http.Error(w, err.Error(), http.StatusInternalServerError) // lgtm[go/reflected-xss] + return + } + } +} + +type mediaType struct { + Type, SubType string +} + +var scheme = runtime.NewScheme() + +func init() { + addToScheme(scheme) +} + +func addToScheme(scheme *runtime.Scheme) { + utilruntime.Must(v1.AddToScheme(scheme)) + utilruntime.Must(v1beta1.AddToScheme(scheme)) +} + +var serializers = map[mediaType]runtime.Serializer{ + {"application", "json"}: json.NewSerializerWithOptions( + json.DefaultMetaFactory, scheme, scheme, json.SerializerOptions{ + Yaml: false, Pretty: false, Strict: false, + }), + {"application", "yaml"}: json.NewSerializerWithOptions( + json.DefaultMetaFactory, scheme, scheme, json.SerializerOptions{ + Yaml: true, Pretty: false, Strict: false, + }), +} + +func getInputSerializer(contentType string) runtime.Serializer { + parts := strings.SplitN(contentType, "/", 2) + if len(parts) != 2 { + return nil + } + return serializers[mediaType{parts[0], parts[1]}] +} + +func getOutputSerializer(accept string) runtime.Serializer { + if len(accept) == 0 { + return serializers[mediaType{"application", "json"}] + } + clauses := goautoneg.ParseAccept(accept) + for _, clause := range clauses { + for k, v := range serializers { + switch { + case clause.Type == k.Type && clause.SubType == k.SubType, + clause.Type == k.Type && clause.SubType == "*", + clause.Type == "*" && clause.SubType == "*": + return v + } + } + } + return nil +} diff --git a/pkg/client/clientset/versioned/clientset.go b/pkg/client/clientset/versioned/clientset.go index c6db8c7bc77..2128c26774a 100644 --- a/pkg/client/clientset/versioned/clientset.go +++ b/pkg/client/clientset/versioned/clientset.go @@ -23,6 +23,7 @@ import ( controlplanev1beta2 "antrea.io/antrea/pkg/client/clientset/versioned/typed/controlplane/v1beta2" crdv1alpha1 "antrea.io/antrea/pkg/client/clientset/versioned/typed/crd/v1alpha1" crdv1alpha2 "antrea.io/antrea/pkg/client/clientset/versioned/typed/crd/v1alpha2" + crdv1alpha3 "antrea.io/antrea/pkg/client/clientset/versioned/typed/crd/v1alpha3" crdv1beta1 "antrea.io/antrea/pkg/client/clientset/versioned/typed/crd/v1beta1" statsv1alpha1 "antrea.io/antrea/pkg/client/clientset/versioned/typed/stats/v1alpha1" systemv1beta1 "antrea.io/antrea/pkg/client/clientset/versioned/typed/system/v1beta1" @@ -37,6 +38,7 @@ type Interface interface { ControlplaneV1beta2() controlplanev1beta2.ControlplaneV1beta2Interface CrdV1alpha1() crdv1alpha1.CrdV1alpha1Interface CrdV1alpha2() crdv1alpha2.CrdV1alpha2Interface + CrdV1alpha3() crdv1alpha3.CrdV1alpha3Interface CrdV1beta1() crdv1beta1.CrdV1beta1Interface StatsV1alpha1() statsv1alpha1.StatsV1alpha1Interface SystemV1beta1() systemv1beta1.SystemV1beta1Interface @@ -50,6 +52,7 @@ type Clientset struct { controlplaneV1beta2 *controlplanev1beta2.ControlplaneV1beta2Client crdV1alpha1 *crdv1alpha1.CrdV1alpha1Client crdV1alpha2 *crdv1alpha2.CrdV1alpha2Client + crdV1alpha3 *crdv1alpha3.CrdV1alpha3Client crdV1beta1 *crdv1beta1.CrdV1beta1Client statsV1alpha1 *statsv1alpha1.StatsV1alpha1Client systemV1beta1 *systemv1beta1.SystemV1beta1Client @@ -75,6 +78,11 @@ func (c *Clientset) CrdV1alpha2() crdv1alpha2.CrdV1alpha2Interface { return c.crdV1alpha2 } +// CrdV1alpha3 retrieves the CrdV1alpha3Client +func (c *Clientset) CrdV1alpha3() crdv1alpha3.CrdV1alpha3Interface { + return c.crdV1alpha3 +} + // CrdV1beta1 retrieves the CrdV1beta1Client func (c *Clientset) CrdV1beta1() crdv1beta1.CrdV1beta1Interface { return c.crdV1beta1 @@ -127,6 +135,10 @@ func NewForConfig(c *rest.Config) (*Clientset, error) { if err != nil { return nil, err } + cs.crdV1alpha3, err = crdv1alpha3.NewForConfig(&configShallowCopy) + if err != nil { + return nil, err + } cs.crdV1beta1, err = crdv1beta1.NewForConfig(&configShallowCopy) if err != nil { return nil, err @@ -155,6 +167,7 @@ func NewForConfigOrDie(c *rest.Config) *Clientset { cs.controlplaneV1beta2 = controlplanev1beta2.NewForConfigOrDie(c) cs.crdV1alpha1 = crdv1alpha1.NewForConfigOrDie(c) cs.crdV1alpha2 = crdv1alpha2.NewForConfigOrDie(c) + cs.crdV1alpha3 = crdv1alpha3.NewForConfigOrDie(c) cs.crdV1beta1 = crdv1beta1.NewForConfigOrDie(c) cs.statsV1alpha1 = statsv1alpha1.NewForConfigOrDie(c) cs.systemV1beta1 = systemv1beta1.NewForConfigOrDie(c) @@ -170,6 +183,7 @@ func New(c rest.Interface) *Clientset { cs.controlplaneV1beta2 = controlplanev1beta2.New(c) cs.crdV1alpha1 = crdv1alpha1.New(c) cs.crdV1alpha2 = crdv1alpha2.New(c) + cs.crdV1alpha3 = crdv1alpha3.New(c) cs.crdV1beta1 = crdv1beta1.New(c) cs.statsV1alpha1 = statsv1alpha1.New(c) cs.systemV1beta1 = systemv1beta1.New(c) diff --git a/pkg/client/clientset/versioned/fake/clientset_generated.go b/pkg/client/clientset/versioned/fake/clientset_generated.go index c582cd29b08..7f48e493437 100644 --- a/pkg/client/clientset/versioned/fake/clientset_generated.go +++ b/pkg/client/clientset/versioned/fake/clientset_generated.go @@ -26,6 +26,8 @@ import ( fakecrdv1alpha1 "antrea.io/antrea/pkg/client/clientset/versioned/typed/crd/v1alpha1/fake" crdv1alpha2 "antrea.io/antrea/pkg/client/clientset/versioned/typed/crd/v1alpha2" fakecrdv1alpha2 "antrea.io/antrea/pkg/client/clientset/versioned/typed/crd/v1alpha2/fake" + crdv1alpha3 "antrea.io/antrea/pkg/client/clientset/versioned/typed/crd/v1alpha3" + fakecrdv1alpha3 "antrea.io/antrea/pkg/client/clientset/versioned/typed/crd/v1alpha3/fake" crdv1beta1 "antrea.io/antrea/pkg/client/clientset/versioned/typed/crd/v1beta1" fakecrdv1beta1 "antrea.io/antrea/pkg/client/clientset/versioned/typed/crd/v1beta1/fake" statsv1alpha1 "antrea.io/antrea/pkg/client/clientset/versioned/typed/stats/v1alpha1" @@ -106,6 +108,11 @@ func (c *Clientset) CrdV1alpha2() crdv1alpha2.CrdV1alpha2Interface { return &fakecrdv1alpha2.FakeCrdV1alpha2{Fake: &c.Fake} } +// CrdV1alpha3 retrieves the CrdV1alpha3Client +func (c *Clientset) CrdV1alpha3() crdv1alpha3.CrdV1alpha3Interface { + return &fakecrdv1alpha3.FakeCrdV1alpha3{Fake: &c.Fake} +} + // CrdV1beta1 retrieves the CrdV1beta1Client func (c *Clientset) CrdV1beta1() crdv1beta1.CrdV1beta1Interface { return &fakecrdv1beta1.FakeCrdV1beta1{Fake: &c.Fake} diff --git a/pkg/client/clientset/versioned/fake/register.go b/pkg/client/clientset/versioned/fake/register.go index 559b0ea05b2..8dfa0998dab 100644 --- a/pkg/client/clientset/versioned/fake/register.go +++ b/pkg/client/clientset/versioned/fake/register.go @@ -21,6 +21,7 @@ import ( controlplanev1beta2 "antrea.io/antrea/pkg/apis/controlplane/v1beta2" crdv1alpha1 "antrea.io/antrea/pkg/apis/crd/v1alpha1" crdv1alpha2 "antrea.io/antrea/pkg/apis/crd/v1alpha2" + crdv1alpha3 "antrea.io/antrea/pkg/apis/crd/v1alpha3" crdv1beta1 "antrea.io/antrea/pkg/apis/crd/v1beta1" statsv1alpha1 "antrea.io/antrea/pkg/apis/stats/v1alpha1" systemv1beta1 "antrea.io/antrea/pkg/apis/system/v1beta1" @@ -39,6 +40,7 @@ var localSchemeBuilder = runtime.SchemeBuilder{ controlplanev1beta2.AddToScheme, crdv1alpha1.AddToScheme, crdv1alpha2.AddToScheme, + crdv1alpha3.AddToScheme, crdv1beta1.AddToScheme, statsv1alpha1.AddToScheme, systemv1beta1.AddToScheme, diff --git a/pkg/client/clientset/versioned/scheme/register.go b/pkg/client/clientset/versioned/scheme/register.go index c048a193596..82a1ab51832 100644 --- a/pkg/client/clientset/versioned/scheme/register.go +++ b/pkg/client/clientset/versioned/scheme/register.go @@ -21,6 +21,7 @@ import ( controlplanev1beta2 "antrea.io/antrea/pkg/apis/controlplane/v1beta2" crdv1alpha1 "antrea.io/antrea/pkg/apis/crd/v1alpha1" crdv1alpha2 "antrea.io/antrea/pkg/apis/crd/v1alpha2" + crdv1alpha3 "antrea.io/antrea/pkg/apis/crd/v1alpha3" crdv1beta1 "antrea.io/antrea/pkg/apis/crd/v1beta1" statsv1alpha1 "antrea.io/antrea/pkg/apis/stats/v1alpha1" systemv1beta1 "antrea.io/antrea/pkg/apis/system/v1beta1" @@ -39,6 +40,7 @@ var localSchemeBuilder = runtime.SchemeBuilder{ controlplanev1beta2.AddToScheme, crdv1alpha1.AddToScheme, crdv1alpha2.AddToScheme, + crdv1alpha3.AddToScheme, crdv1beta1.AddToScheme, statsv1alpha1.AddToScheme, systemv1beta1.AddToScheme, diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha3/clustergroup.go b/pkg/client/clientset/versioned/typed/crd/v1alpha3/clustergroup.go new file mode 100644 index 00000000000..66fc7ce49dd --- /dev/null +++ b/pkg/client/clientset/versioned/typed/crd/v1alpha3/clustergroup.go @@ -0,0 +1,182 @@ +// Copyright 2021 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha3 + +import ( + "context" + "time" + + v1alpha3 "antrea.io/antrea/pkg/apis/crd/v1alpha3" + scheme "antrea.io/antrea/pkg/client/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// ClusterGroupsGetter has a method to return a ClusterGroupInterface. +// A group's client should implement this interface. +type ClusterGroupsGetter interface { + ClusterGroups() ClusterGroupInterface +} + +// ClusterGroupInterface has methods to work with ClusterGroup resources. +type ClusterGroupInterface interface { + Create(ctx context.Context, clusterGroup *v1alpha3.ClusterGroup, opts v1.CreateOptions) (*v1alpha3.ClusterGroup, error) + Update(ctx context.Context, clusterGroup *v1alpha3.ClusterGroup, opts v1.UpdateOptions) (*v1alpha3.ClusterGroup, error) + UpdateStatus(ctx context.Context, clusterGroup *v1alpha3.ClusterGroup, opts v1.UpdateOptions) (*v1alpha3.ClusterGroup, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha3.ClusterGroup, error) + List(ctx context.Context, opts v1.ListOptions) (*v1alpha3.ClusterGroupList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha3.ClusterGroup, err error) + ClusterGroupExpansion +} + +// clusterGroups implements ClusterGroupInterface +type clusterGroups struct { + client rest.Interface +} + +// newClusterGroups returns a ClusterGroups +func newClusterGroups(c *CrdV1alpha3Client) *clusterGroups { + return &clusterGroups{ + client: c.RESTClient(), + } +} + +// Get takes name of the clusterGroup, and returns the corresponding clusterGroup object, and an error if there is any. +func (c *clusterGroups) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha3.ClusterGroup, err error) { + result = &v1alpha3.ClusterGroup{} + err = c.client.Get(). + Resource("clustergroups"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of ClusterGroups that match those selectors. +func (c *clusterGroups) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha3.ClusterGroupList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1alpha3.ClusterGroupList{} + err = c.client.Get(). + Resource("clustergroups"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested clusterGroups. +func (c *clusterGroups) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Resource("clustergroups"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a clusterGroup and creates it. Returns the server's representation of the clusterGroup, and an error, if there is any. +func (c *clusterGroups) Create(ctx context.Context, clusterGroup *v1alpha3.ClusterGroup, opts v1.CreateOptions) (result *v1alpha3.ClusterGroup, err error) { + result = &v1alpha3.ClusterGroup{} + err = c.client.Post(). + Resource("clustergroups"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterGroup). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a clusterGroup and updates it. Returns the server's representation of the clusterGroup, and an error, if there is any. +func (c *clusterGroups) Update(ctx context.Context, clusterGroup *v1alpha3.ClusterGroup, opts v1.UpdateOptions) (result *v1alpha3.ClusterGroup, err error) { + result = &v1alpha3.ClusterGroup{} + err = c.client.Put(). + Resource("clustergroups"). + Name(clusterGroup.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterGroup). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *clusterGroups) UpdateStatus(ctx context.Context, clusterGroup *v1alpha3.ClusterGroup, opts v1.UpdateOptions) (result *v1alpha3.ClusterGroup, err error) { + result = &v1alpha3.ClusterGroup{} + err = c.client.Put(). + Resource("clustergroups"). + Name(clusterGroup.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(clusterGroup). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the clusterGroup and deletes it. Returns an error if one occurs. +func (c *clusterGroups) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + return c.client.Delete(). + Resource("clustergroups"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *clusterGroups) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Resource("clustergroups"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched clusterGroup. +func (c *clusterGroups) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha3.ClusterGroup, err error) { + result = &v1alpha3.ClusterGroup{} + err = c.client.Patch(pt). + Resource("clustergroups"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha3/crd_client.go b/pkg/client/clientset/versioned/typed/crd/v1alpha3/crd_client.go new file mode 100644 index 00000000000..34fbc38ca17 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/crd/v1alpha3/crd_client.go @@ -0,0 +1,87 @@ +// Copyright 2021 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha3 + +import ( + v1alpha3 "antrea.io/antrea/pkg/apis/crd/v1alpha3" + "antrea.io/antrea/pkg/client/clientset/versioned/scheme" + rest "k8s.io/client-go/rest" +) + +type CrdV1alpha3Interface interface { + RESTClient() rest.Interface + ClusterGroupsGetter +} + +// CrdV1alpha3Client is used to interact with features provided by the crd.antrea.io group. +type CrdV1alpha3Client struct { + restClient rest.Interface +} + +func (c *CrdV1alpha3Client) ClusterGroups() ClusterGroupInterface { + return newClusterGroups(c) +} + +// NewForConfig creates a new CrdV1alpha3Client for the given config. +func NewForConfig(c *rest.Config) (*CrdV1alpha3Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + client, err := rest.RESTClientFor(&config) + if err != nil { + return nil, err + } + return &CrdV1alpha3Client{client}, nil +} + +// NewForConfigOrDie creates a new CrdV1alpha3Client for the given config and +// panics if there is an error in the config. +func NewForConfigOrDie(c *rest.Config) *CrdV1alpha3Client { + client, err := NewForConfig(c) + if err != nil { + panic(err) + } + return client +} + +// New creates a new CrdV1alpha3Client for the given RESTClient. +func New(c rest.Interface) *CrdV1alpha3Client { + return &CrdV1alpha3Client{c} +} + +func setConfigDefaults(config *rest.Config) error { + gv := v1alpha3.SchemeGroupVersion + config.GroupVersion = &gv + config.APIPath = "/apis" + config.NegotiatedSerializer = scheme.Codecs.WithoutConversion() + + if config.UserAgent == "" { + config.UserAgent = rest.DefaultKubernetesUserAgent() + } + + return nil +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *CrdV1alpha3Client) RESTClient() rest.Interface { + if c == nil { + return nil + } + return c.restClient +} diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha3/doc.go b/pkg/client/clientset/versioned/typed/crd/v1alpha3/doc.go new file mode 100644 index 00000000000..7ef94bbb3fa --- /dev/null +++ b/pkg/client/clientset/versioned/typed/crd/v1alpha3/doc.go @@ -0,0 +1,18 @@ +// Copyright 2021 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by client-gen. DO NOT EDIT. + +// This package has the automatically generated typed clients. +package v1alpha3 diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha3/fake/doc.go b/pkg/client/clientset/versioned/typed/crd/v1alpha3/fake/doc.go new file mode 100644 index 00000000000..5807b680f75 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/crd/v1alpha3/fake/doc.go @@ -0,0 +1,18 @@ +// Copyright 2021 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by client-gen. DO NOT EDIT. + +// Package fake has the automatically generated clients. +package fake diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha3/fake/fake_clustergroup.go b/pkg/client/clientset/versioned/typed/crd/v1alpha3/fake/fake_clustergroup.go new file mode 100644 index 00000000000..f775397c74f --- /dev/null +++ b/pkg/client/clientset/versioned/typed/crd/v1alpha3/fake/fake_clustergroup.go @@ -0,0 +1,131 @@ +// Copyright 2021 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1alpha3 "antrea.io/antrea/pkg/apis/crd/v1alpha3" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeClusterGroups implements ClusterGroupInterface +type FakeClusterGroups struct { + Fake *FakeCrdV1alpha3 +} + +var clustergroupsResource = schema.GroupVersionResource{Group: "crd.antrea.io", Version: "v1alpha3", Resource: "clustergroups"} + +var clustergroupsKind = schema.GroupVersionKind{Group: "crd.antrea.io", Version: "v1alpha3", Kind: "ClusterGroup"} + +// Get takes name of the clusterGroup, and returns the corresponding clusterGroup object, and an error if there is any. +func (c *FakeClusterGroups) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha3.ClusterGroup, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootGetAction(clustergroupsResource, name), &v1alpha3.ClusterGroup{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha3.ClusterGroup), err +} + +// List takes label and field selectors, and returns the list of ClusterGroups that match those selectors. +func (c *FakeClusterGroups) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha3.ClusterGroupList, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootListAction(clustergroupsResource, clustergroupsKind, opts), &v1alpha3.ClusterGroupList{}) + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha3.ClusterGroupList{ListMeta: obj.(*v1alpha3.ClusterGroupList).ListMeta} + for _, item := range obj.(*v1alpha3.ClusterGroupList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested clusterGroups. +func (c *FakeClusterGroups) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewRootWatchAction(clustergroupsResource, opts)) +} + +// Create takes the representation of a clusterGroup and creates it. Returns the server's representation of the clusterGroup, and an error, if there is any. +func (c *FakeClusterGroups) Create(ctx context.Context, clusterGroup *v1alpha3.ClusterGroup, opts v1.CreateOptions) (result *v1alpha3.ClusterGroup, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootCreateAction(clustergroupsResource, clusterGroup), &v1alpha3.ClusterGroup{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha3.ClusterGroup), err +} + +// Update takes the representation of a clusterGroup and updates it. Returns the server's representation of the clusterGroup, and an error, if there is any. +func (c *FakeClusterGroups) Update(ctx context.Context, clusterGroup *v1alpha3.ClusterGroup, opts v1.UpdateOptions) (result *v1alpha3.ClusterGroup, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateAction(clustergroupsResource, clusterGroup), &v1alpha3.ClusterGroup{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha3.ClusterGroup), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeClusterGroups) UpdateStatus(ctx context.Context, clusterGroup *v1alpha3.ClusterGroup, opts v1.UpdateOptions) (*v1alpha3.ClusterGroup, error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateSubresourceAction(clustergroupsResource, "status", clusterGroup), &v1alpha3.ClusterGroup{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha3.ClusterGroup), err +} + +// Delete takes name of the clusterGroup and deletes it. Returns an error if one occurs. +func (c *FakeClusterGroups) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewRootDeleteAction(clustergroupsResource, name), &v1alpha3.ClusterGroup{}) + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeClusterGroups) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewRootDeleteCollectionAction(clustergroupsResource, listOpts) + + _, err := c.Fake.Invokes(action, &v1alpha3.ClusterGroupList{}) + return err +} + +// Patch applies the patch and returns the patched clusterGroup. +func (c *FakeClusterGroups) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha3.ClusterGroup, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootPatchSubresourceAction(clustergroupsResource, name, pt, data, subresources...), &v1alpha3.ClusterGroup{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha3.ClusterGroup), err +} diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha3/fake/fake_crd_client.go b/pkg/client/clientset/versioned/typed/crd/v1alpha3/fake/fake_crd_client.go new file mode 100644 index 00000000000..3d3f1b461f3 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/crd/v1alpha3/fake/fake_crd_client.go @@ -0,0 +1,38 @@ +// Copyright 2021 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + v1alpha3 "antrea.io/antrea/pkg/client/clientset/versioned/typed/crd/v1alpha3" + rest "k8s.io/client-go/rest" + testing "k8s.io/client-go/testing" +) + +type FakeCrdV1alpha3 struct { + *testing.Fake +} + +func (c *FakeCrdV1alpha3) ClusterGroups() v1alpha3.ClusterGroupInterface { + return &FakeClusterGroups{c} +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *FakeCrdV1alpha3) RESTClient() rest.Interface { + var ret *rest.RESTClient + return ret +} diff --git a/pkg/client/clientset/versioned/typed/crd/v1alpha3/generated_expansion.go b/pkg/client/clientset/versioned/typed/crd/v1alpha3/generated_expansion.go new file mode 100644 index 00000000000..c0bcbbf4871 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/crd/v1alpha3/generated_expansion.go @@ -0,0 +1,19 @@ +// Copyright 2021 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha3 + +type ClusterGroupExpansion interface{} diff --git a/pkg/client/informers/externalversions/crd/interface.go b/pkg/client/informers/externalversions/crd/interface.go index 1d0d678e894..35f21f51d74 100644 --- a/pkg/client/informers/externalversions/crd/interface.go +++ b/pkg/client/informers/externalversions/crd/interface.go @@ -19,6 +19,7 @@ package crd import ( v1alpha1 "antrea.io/antrea/pkg/client/informers/externalversions/crd/v1alpha1" v1alpha2 "antrea.io/antrea/pkg/client/informers/externalversions/crd/v1alpha2" + v1alpha3 "antrea.io/antrea/pkg/client/informers/externalversions/crd/v1alpha3" v1beta1 "antrea.io/antrea/pkg/client/informers/externalversions/crd/v1beta1" internalinterfaces "antrea.io/antrea/pkg/client/informers/externalversions/internalinterfaces" ) @@ -29,6 +30,8 @@ type Interface interface { V1alpha1() v1alpha1.Interface // V1alpha2 provides access to shared informers for resources in V1alpha2. V1alpha2() v1alpha2.Interface + // V1alpha3 provides access to shared informers for resources in V1alpha3. + V1alpha3() v1alpha3.Interface // V1beta1 provides access to shared informers for resources in V1beta1. V1beta1() v1beta1.Interface } @@ -54,6 +57,11 @@ func (g *group) V1alpha2() v1alpha2.Interface { return v1alpha2.New(g.factory, g.namespace, g.tweakListOptions) } +// V1alpha3 returns a new v1alpha3.Interface. +func (g *group) V1alpha3() v1alpha3.Interface { + return v1alpha3.New(g.factory, g.namespace, g.tweakListOptions) +} + // V1beta1 returns a new v1beta1.Interface. func (g *group) V1beta1() v1beta1.Interface { return v1beta1.New(g.factory, g.namespace, g.tweakListOptions) diff --git a/pkg/client/informers/externalversions/crd/v1alpha3/clustergroup.go b/pkg/client/informers/externalversions/crd/v1alpha3/clustergroup.go new file mode 100644 index 00000000000..d8f4545cc37 --- /dev/null +++ b/pkg/client/informers/externalversions/crd/v1alpha3/clustergroup.go @@ -0,0 +1,87 @@ +// Copyright 2021 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha3 + +import ( + "context" + time "time" + + crdv1alpha3 "antrea.io/antrea/pkg/apis/crd/v1alpha3" + versioned "antrea.io/antrea/pkg/client/clientset/versioned" + internalinterfaces "antrea.io/antrea/pkg/client/informers/externalversions/internalinterfaces" + v1alpha3 "antrea.io/antrea/pkg/client/listers/crd/v1alpha3" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// ClusterGroupInformer provides access to a shared informer and lister for +// ClusterGroups. +type ClusterGroupInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1alpha3.ClusterGroupLister +} + +type clusterGroupInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// NewClusterGroupInformer constructs a new informer for ClusterGroup type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewClusterGroupInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredClusterGroupInformer(client, resyncPeriod, indexers, nil) +} + +// NewFilteredClusterGroupInformer constructs a new informer for ClusterGroup type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredClusterGroupInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CrdV1alpha3().ClusterGroups().List(context.TODO(), options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.CrdV1alpha3().ClusterGroups().Watch(context.TODO(), options) + }, + }, + &crdv1alpha3.ClusterGroup{}, + resyncPeriod, + indexers, + ) +} + +func (f *clusterGroupInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredClusterGroupInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *clusterGroupInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&crdv1alpha3.ClusterGroup{}, f.defaultInformer) +} + +func (f *clusterGroupInformer) Lister() v1alpha3.ClusterGroupLister { + return v1alpha3.NewClusterGroupLister(f.Informer().GetIndexer()) +} diff --git a/pkg/client/informers/externalversions/crd/v1alpha3/interface.go b/pkg/client/informers/externalversions/crd/v1alpha3/interface.go new file mode 100644 index 00000000000..aa4f24f5aae --- /dev/null +++ b/pkg/client/informers/externalversions/crd/v1alpha3/interface.go @@ -0,0 +1,43 @@ +// Copyright 2021 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha3 + +import ( + internalinterfaces "antrea.io/antrea/pkg/client/informers/externalversions/internalinterfaces" +) + +// Interface provides access to all the informers in this group version. +type Interface interface { + // ClusterGroups returns a ClusterGroupInformer. + ClusterGroups() ClusterGroupInformer +} + +type version struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// ClusterGroups returns a ClusterGroupInformer. +func (v *version) ClusterGroups() ClusterGroupInformer { + return &clusterGroupInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} +} diff --git a/pkg/client/informers/externalversions/generic.go b/pkg/client/informers/externalversions/generic.go index bb451e24a02..3c2e8def088 100644 --- a/pkg/client/informers/externalversions/generic.go +++ b/pkg/client/informers/externalversions/generic.go @@ -21,6 +21,7 @@ import ( v1alpha1 "antrea.io/antrea/pkg/apis/crd/v1alpha1" v1alpha2 "antrea.io/antrea/pkg/apis/crd/v1alpha2" + v1alpha3 "antrea.io/antrea/pkg/apis/crd/v1alpha3" v1beta1 "antrea.io/antrea/pkg/apis/crd/v1beta1" schema "k8s.io/apimachinery/pkg/runtime/schema" cache "k8s.io/client-go/tools/cache" @@ -70,6 +71,10 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource case v1alpha2.SchemeGroupVersion.WithResource("externalentities"): return &genericInformer{resource: resource.GroupResource(), informer: f.Crd().V1alpha2().ExternalEntities().Informer()}, nil + // Group=crd.antrea.io, Version=v1alpha3 + case v1alpha3.SchemeGroupVersion.WithResource("clustergroups"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Crd().V1alpha3().ClusterGroups().Informer()}, nil + // Group=crd.antrea.io, Version=v1beta1 case v1beta1.SchemeGroupVersion.WithResource("antreaagentinfos"): return &genericInformer{resource: resource.GroupResource(), informer: f.Crd().V1beta1().AntreaAgentInfos().Informer()}, nil diff --git a/pkg/client/listers/crd/v1alpha3/clustergroup.go b/pkg/client/listers/crd/v1alpha3/clustergroup.go new file mode 100644 index 00000000000..ac569ec96c9 --- /dev/null +++ b/pkg/client/listers/crd/v1alpha3/clustergroup.go @@ -0,0 +1,66 @@ +// Copyright 2021 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha3 + +import ( + v1alpha3 "antrea.io/antrea/pkg/apis/crd/v1alpha3" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// ClusterGroupLister helps list ClusterGroups. +// All objects returned here must be treated as read-only. +type ClusterGroupLister interface { + // List lists all ClusterGroups in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha3.ClusterGroup, err error) + // Get retrieves the ClusterGroup from the index for a given name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1alpha3.ClusterGroup, error) + ClusterGroupListerExpansion +} + +// clusterGroupLister implements the ClusterGroupLister interface. +type clusterGroupLister struct { + indexer cache.Indexer +} + +// NewClusterGroupLister returns a new ClusterGroupLister. +func NewClusterGroupLister(indexer cache.Indexer) ClusterGroupLister { + return &clusterGroupLister{indexer: indexer} +} + +// List lists all ClusterGroups in the indexer. +func (s *clusterGroupLister) List(selector labels.Selector) (ret []*v1alpha3.ClusterGroup, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha3.ClusterGroup)) + }) + return ret, err +} + +// Get retrieves the ClusterGroup from the index for a given name. +func (s *clusterGroupLister) Get(name string) (*v1alpha3.ClusterGroup, error) { + obj, exists, err := s.indexer.GetByKey(name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1alpha3.Resource("clustergroup"), name) + } + return obj.(*v1alpha3.ClusterGroup), nil +} diff --git a/pkg/client/listers/crd/v1alpha3/expansion_generated.go b/pkg/client/listers/crd/v1alpha3/expansion_generated.go new file mode 100644 index 00000000000..cb87c45ce99 --- /dev/null +++ b/pkg/client/listers/crd/v1alpha3/expansion_generated.go @@ -0,0 +1,21 @@ +// Copyright 2021 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha3 + +// ClusterGroupListerExpansion allows custom methods to be added to +// ClusterGroupLister. +type ClusterGroupListerExpansion interface{} diff --git a/pkg/controller/networkpolicy/clustergroup.go b/pkg/controller/networkpolicy/clustergroup.go index 669420286ab..1f532ce2341 100644 --- a/pkg/controller/networkpolicy/clustergroup.go +++ b/pkg/controller/networkpolicy/clustergroup.go @@ -26,14 +26,14 @@ import ( "antrea.io/antrea/pkg/apis/controlplane" crdv1alpha1 "antrea.io/antrea/pkg/apis/crd/v1alpha1" - crdv1alpha2 "antrea.io/antrea/pkg/apis/crd/v1alpha2" + crdv1alpha3 "antrea.io/antrea/pkg/apis/crd/v1alpha3" "antrea.io/antrea/pkg/controller/networkpolicy/store" antreatypes "antrea.io/antrea/pkg/controller/types" ) // addClusterGroup is responsible for processing the ADD event of a ClusterGroup resource. func (n *NetworkPolicyController) addClusterGroup(curObj interface{}) { - cg := curObj.(*crdv1alpha2.ClusterGroup) + cg := curObj.(*crdv1alpha3.ClusterGroup) key := internalGroupKeyFunc(cg) klog.V(2).Infof("Processing ADD event for ClusterGroup %s", cg.Name) newGroup := n.processClusterGroup(cg) @@ -44,8 +44,8 @@ func (n *NetworkPolicyController) addClusterGroup(curObj interface{}) { // updateClusterGroup is responsible for processing the UPDATE event of a ClusterGroup resource. func (n *NetworkPolicyController) updateClusterGroup(oldObj, curObj interface{}) { - cg := curObj.(*crdv1alpha2.ClusterGroup) - og := oldObj.(*crdv1alpha2.ClusterGroup) + cg := curObj.(*crdv1alpha3.ClusterGroup) + og := oldObj.(*crdv1alpha3.ClusterGroup) key := internalGroupKeyFunc(cg) klog.V(2).Infof("Processing UPDATE event for ClusterGroup %s", cg.Name) newGroup := n.processClusterGroup(cg) @@ -93,7 +93,7 @@ func (n *NetworkPolicyController) updateClusterGroup(oldObj, curObj interface{}) // deleteClusterGroup is responsible for processing the DELETE event of a ClusterGroup resource. func (n *NetworkPolicyController) deleteClusterGroup(oldObj interface{}) { - og, ok := oldObj.(*crdv1alpha2.ClusterGroup) + og, ok := oldObj.(*crdv1alpha3.ClusterGroup) klog.V(2).Infof("Processing DELETE event for ClusterGroup %s", og.Name) if !ok { tombstone, ok := oldObj.(cache.DeletedFinalStateUnknown) @@ -101,7 +101,7 @@ func (n *NetworkPolicyController) deleteClusterGroup(oldObj interface{}) { klog.Errorf("Error decoding object when deleting ClusterGroup, invalid type: %v", oldObj) return } - og, ok = tombstone.Obj.(*crdv1alpha2.ClusterGroup) + og, ok = tombstone.Obj.(*crdv1alpha3.ClusterGroup) if !ok { klog.Errorf("Error decoding object tombstone when deleting ClusterGroup, invalid type: %v", tombstone.Obj) return @@ -116,7 +116,7 @@ func (n *NetworkPolicyController) deleteClusterGroup(oldObj interface{}) { n.enqueueInternalGroup(key) } -func (n *NetworkPolicyController) processClusterGroup(cg *crdv1alpha2.ClusterGroup) *antreatypes.Group { +func (n *NetworkPolicyController) processClusterGroup(cg *crdv1alpha3.ClusterGroup) *antreatypes.Group { internalGroup := antreatypes.Group{ Name: cg.Name, UID: cg.UID, @@ -127,11 +127,7 @@ func (n *NetworkPolicyController) processClusterGroup(cg *crdv1alpha2.ClusterGro } return &internalGroup } - if cg.Spec.IPBlock != nil { - ipb, _ := toAntreaIPBlockForCRD(cg.Spec.IPBlock) - internalGroup.IPBlocks = append(internalGroup.IPBlocks, *ipb) - return &internalGroup - } else if len(cg.Spec.IPBlocks) > 0 { + if len(cg.Spec.IPBlocks) > 0 { for i := range cg.Spec.IPBlocks { ipb, _ := toAntreaIPBlockForCRD(&cg.Spec.IPBlocks[i]) internalGroup.IPBlocks = append(internalGroup.IPBlocks, *ipb) @@ -261,7 +257,7 @@ func (n *NetworkPolicyController) triggerParentGroupSync(grp *antreatypes.Group) } // triggerCNPUpdates triggers processing of ClusterNetworkPolicies associated with the input ClusterGroup. -func (n *NetworkPolicyController) triggerCNPUpdates(cg *crdv1alpha2.ClusterGroup) error { +func (n *NetworkPolicyController) triggerCNPUpdates(cg *crdv1alpha3.ClusterGroup) error { // If a ClusterGroup is added/updated, it might have a reference in ClusterNetworkPolicy. cnps, err := n.cnpInformer.Informer().GetIndexer().ByIndex(ClusterGroupIndex, cg.Name) if err != nil { @@ -310,31 +306,31 @@ func (n *NetworkPolicyController) triggerCNPUpdates(cg *crdv1alpha2.ClusterGroup } // updateGroupStatus updates the Status subresource for a ClusterGroup. -func (n *NetworkPolicyController) updateGroupStatus(cg *crdv1alpha2.ClusterGroup, cStatus v1.ConditionStatus) error { - condStatus := crdv1alpha2.GroupCondition{ +func (n *NetworkPolicyController) updateGroupStatus(cg *crdv1alpha3.ClusterGroup, cStatus v1.ConditionStatus) error { + condStatus := crdv1alpha3.GroupCondition{ Status: cStatus, - Type: crdv1alpha2.GroupMembersComputed, + Type: crdv1alpha3.GroupMembersComputed, } if groupMembersComputedConditionEqual(cg.Status.Conditions, condStatus) { // There is no change in conditions. return nil } condStatus.LastTransitionTime = metav1.Now() - status := crdv1alpha2.GroupStatus{ - Conditions: []crdv1alpha2.GroupCondition{condStatus}, + status := crdv1alpha3.GroupStatus{ + Conditions: []crdv1alpha3.GroupCondition{condStatus}, } klog.V(4).Infof("Updating ClusterGroup %s status to %#v", cg.Name, condStatus) toUpdate := cg.DeepCopy() toUpdate.Status = status - _, err := n.crdClient.CrdV1alpha2().ClusterGroups().UpdateStatus(context.TODO(), toUpdate, metav1.UpdateOptions{}) + _, err := n.crdClient.CrdV1alpha3().ClusterGroups().UpdateStatus(context.TODO(), toUpdate, metav1.UpdateOptions{}) return err } // groupMembersComputedConditionEqual checks whether the condition status for GroupMembersComputed condition // is same. Returns true if equal, otherwise returns false. It disregards the lastTransitionTime field. -func groupMembersComputedConditionEqual(conds []crdv1alpha2.GroupCondition, condition crdv1alpha2.GroupCondition) bool { +func groupMembersComputedConditionEqual(conds []crdv1alpha3.GroupCondition, condition crdv1alpha3.GroupCondition) bool { for _, c := range conds { - if c.Type == crdv1alpha2.GroupMembersComputed { + if c.Type == crdv1alpha3.GroupMembersComputed { if c.Status == condition.Status { return true } diff --git a/pkg/controller/networkpolicy/clustergroup_test.go b/pkg/controller/networkpolicy/clustergroup_test.go index 1e9e3361158..db55e3b9ea5 100644 --- a/pkg/controller/networkpolicy/clustergroup_test.go +++ b/pkg/controller/networkpolicy/clustergroup_test.go @@ -25,6 +25,7 @@ import ( "antrea.io/antrea/pkg/apis/controlplane" crdv1alpha1 "antrea.io/antrea/pkg/apis/crd/v1alpha1" crdv1alpha2 "antrea.io/antrea/pkg/apis/crd/v1alpha2" + crdv1alpha3 "antrea.io/antrea/pkg/apis/crd/v1alpha3" antreatypes "antrea.io/antrea/pkg/controller/types" ) @@ -37,14 +38,14 @@ func TestProcessClusterGroup(t *testing.T) { cidrIPNet, _ := cidrStrToIPNet(cidr) tests := []struct { name string - inputGroup *crdv1alpha2.ClusterGroup + inputGroup *crdv1alpha3.ClusterGroup expectedGroup *antreatypes.Group }{ { name: "cg-with-ns-selector", - inputGroup: &crdv1alpha2.ClusterGroup{ + inputGroup: &crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgA", UID: "uidA"}, - Spec: crdv1alpha2.GroupSpec{ + Spec: crdv1alpha3.GroupSpec{ NamespaceSelector: &selectorA, }, }, @@ -56,9 +57,9 @@ func TestProcessClusterGroup(t *testing.T) { }, { name: "cg-with-pod-selector", - inputGroup: &crdv1alpha2.ClusterGroup{ + inputGroup: &crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgB", UID: "uidB"}, - Spec: crdv1alpha2.GroupSpec{ + Spec: crdv1alpha3.GroupSpec{ PodSelector: &selectorB, }, }, @@ -70,9 +71,9 @@ func TestProcessClusterGroup(t *testing.T) { }, { name: "cg-with-pod-ns-selector", - inputGroup: &crdv1alpha2.ClusterGroup{ + inputGroup: &crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgC", UID: "uidC"}, - Spec: crdv1alpha2.GroupSpec{ + Spec: crdv1alpha3.GroupSpec{ NamespaceSelector: &selectorD, PodSelector: &selectorC, }, @@ -85,11 +86,13 @@ func TestProcessClusterGroup(t *testing.T) { }, { name: "cg-with-ip-block", - inputGroup: &crdv1alpha2.ClusterGroup{ + inputGroup: &crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgD", UID: "uidD"}, - Spec: crdv1alpha2.GroupSpec{ - IPBlock: &crdv1alpha1.IPBlock{ - CIDR: cidr, + Spec: crdv1alpha3.GroupSpec{ + IPBlocks: []crdv1alpha1.IPBlock{ + { + CIDR: cidr, + }, }, }, }, @@ -106,10 +109,10 @@ func TestProcessClusterGroup(t *testing.T) { }, { name: "cg-with-svc-reference", - inputGroup: &crdv1alpha2.ClusterGroup{ + inputGroup: &crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgE", UID: "uidE"}, - Spec: crdv1alpha2.GroupSpec{ - ServiceReference: &crdv1alpha2.ServiceReference{ + Spec: crdv1alpha3.GroupSpec{ + ServiceReference: &crdv1alpha3.ServiceReference{ Name: "test-svc", Namespace: "test-ns", }, @@ -126,10 +129,10 @@ func TestProcessClusterGroup(t *testing.T) { }, { name: "cg-with-child-groups", - inputGroup: &crdv1alpha2.ClusterGroup{ + inputGroup: &crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgF", UID: "uidF"}, - Spec: crdv1alpha2.GroupSpec{ - ChildGroups: []crdv1alpha2.ClusterGroupReference{"cgA", "cgB"}, + Spec: crdv1alpha3.GroupSpec{ + ChildGroups: []crdv1alpha3.ClusterGroupReference{"cgA", "cgB"}, }, }, expectedGroup: &antreatypes.Group{ @@ -157,14 +160,14 @@ func TestAddClusterGroup(t *testing.T) { cidrIPNet, _ := cidrStrToIPNet(cidr) tests := []struct { name string - inputGroup *crdv1alpha2.ClusterGroup + inputGroup *crdv1alpha3.ClusterGroup expectedGroup *antreatypes.Group }{ { name: "cg-with-ns-selector", - inputGroup: &crdv1alpha2.ClusterGroup{ + inputGroup: &crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgA", UID: "uidA"}, - Spec: crdv1alpha2.GroupSpec{ + Spec: crdv1alpha3.GroupSpec{ NamespaceSelector: &selectorA, }, }, @@ -176,9 +179,9 @@ func TestAddClusterGroup(t *testing.T) { }, { name: "cg-with-pod-selector", - inputGroup: &crdv1alpha2.ClusterGroup{ + inputGroup: &crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgB", UID: "uidB"}, - Spec: crdv1alpha2.GroupSpec{ + Spec: crdv1alpha3.GroupSpec{ PodSelector: &selectorB, }, }, @@ -190,9 +193,9 @@ func TestAddClusterGroup(t *testing.T) { }, { name: "cg-with-pod-ns-selector", - inputGroup: &crdv1alpha2.ClusterGroup{ + inputGroup: &crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgC", UID: "uidC"}, - Spec: crdv1alpha2.GroupSpec{ + Spec: crdv1alpha3.GroupSpec{ NamespaceSelector: &selectorD, PodSelector: &selectorC, }, @@ -205,11 +208,13 @@ func TestAddClusterGroup(t *testing.T) { }, { name: "cg-with-ip-block", - inputGroup: &crdv1alpha2.ClusterGroup{ + inputGroup: &crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgD", UID: "uidD"}, - Spec: crdv1alpha2.GroupSpec{ - IPBlock: &crdv1alpha1.IPBlock{ - CIDR: cidr, + Spec: crdv1alpha3.GroupSpec{ + IPBlocks: []crdv1alpha1.IPBlock{ + { + CIDR: cidr, + }, }, }, }, @@ -242,9 +247,9 @@ func TestUpdateClusterGroup(t *testing.T) { selectorB := metav1.LabelSelector{MatchLabels: map[string]string{"foo2": "bar2"}} selectorC := metav1.LabelSelector{MatchLabels: map[string]string{"foo3": "bar3"}} selectorD := metav1.LabelSelector{MatchLabels: map[string]string{"foo4": "bar4"}} - testCG := crdv1alpha2.ClusterGroup{ + testCG := crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgA", UID: "uidA"}, - Spec: crdv1alpha2.GroupSpec{ + Spec: crdv1alpha3.GroupSpec{ NamespaceSelector: &selectorA, }, } @@ -252,14 +257,14 @@ func TestUpdateClusterGroup(t *testing.T) { cidrIPNet, _ := cidrStrToIPNet(cidr) tests := []struct { name string - updatedGroup *crdv1alpha2.ClusterGroup + updatedGroup *crdv1alpha3.ClusterGroup expectedGroup *antreatypes.Group }{ { name: "cg-update-ns-selector", - updatedGroup: &crdv1alpha2.ClusterGroup{ + updatedGroup: &crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgA", UID: "uidA"}, - Spec: crdv1alpha2.GroupSpec{ + Spec: crdv1alpha3.GroupSpec{ NamespaceSelector: &selectorB, }, }, @@ -271,9 +276,9 @@ func TestUpdateClusterGroup(t *testing.T) { }, { name: "cg-update-pod-selector", - updatedGroup: &crdv1alpha2.ClusterGroup{ + updatedGroup: &crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgA", UID: "uidA"}, - Spec: crdv1alpha2.GroupSpec{ + Spec: crdv1alpha3.GroupSpec{ PodSelector: &selectorC, }, }, @@ -285,9 +290,9 @@ func TestUpdateClusterGroup(t *testing.T) { }, { name: "cg-update-pod-ns-selector", - updatedGroup: &crdv1alpha2.ClusterGroup{ + updatedGroup: &crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgA", UID: "uidA"}, - Spec: crdv1alpha2.GroupSpec{ + Spec: crdv1alpha3.GroupSpec{ NamespaceSelector: &selectorD, PodSelector: &selectorC, }, @@ -300,11 +305,13 @@ func TestUpdateClusterGroup(t *testing.T) { }, { name: "cg-update-ip-block", - updatedGroup: &crdv1alpha2.ClusterGroup{ + updatedGroup: &crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgA", UID: "uidA"}, - Spec: crdv1alpha2.GroupSpec{ - IPBlock: &crdv1alpha1.IPBlock{ - CIDR: cidr, + Spec: crdv1alpha3.GroupSpec{ + IPBlocks: []crdv1alpha1.IPBlock{ + { + CIDR: cidr, + }, }, }, }, @@ -321,10 +328,10 @@ func TestUpdateClusterGroup(t *testing.T) { }, { name: "cg-update-svc-reference", - updatedGroup: &crdv1alpha2.ClusterGroup{ + updatedGroup: &crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgA", UID: "uidA"}, - Spec: crdv1alpha2.GroupSpec{ - ServiceReference: &crdv1alpha2.ServiceReference{ + Spec: crdv1alpha3.GroupSpec{ + ServiceReference: &crdv1alpha3.ServiceReference{ Name: "test-svc", Namespace: "test-ns", }, @@ -341,10 +348,10 @@ func TestUpdateClusterGroup(t *testing.T) { }, { name: "cg-update-child-groups", - updatedGroup: &crdv1alpha2.ClusterGroup{ + updatedGroup: &crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgA", UID: "uidA"}, - Spec: crdv1alpha2.GroupSpec{ - ChildGroups: []crdv1alpha2.ClusterGroupReference{"cgB", "cgC"}, + Spec: crdv1alpha3.GroupSpec{ + ChildGroups: []crdv1alpha3.ClusterGroupReference{"cgB", "cgC"}, }, }, expectedGroup: &antreatypes.Group{ @@ -369,9 +376,9 @@ func TestUpdateClusterGroup(t *testing.T) { func TestDeleteCG(t *testing.T) { selectorA := metav1.LabelSelector{MatchLabels: map[string]string{"foo1": "bar1"}} - testCG := crdv1alpha2.ClusterGroup{ + testCG := crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgA", UID: "uidA"}, - Spec: crdv1alpha2.GroupSpec{ + Spec: crdv1alpha3.GroupSpec{ NamespaceSelector: &selectorA, }, } @@ -386,15 +393,15 @@ func TestDeleteCG(t *testing.T) { func TestGroupMembersComputedConditionEqual(t *testing.T) { tests := []struct { name string - existingConds []crdv1alpha2.GroupCondition + existingConds []crdv1alpha3.GroupCondition checkStatus corev1.ConditionStatus expValue bool }{ { name: "groupmem-cond-exists-not-equal", - existingConds: []crdv1alpha2.GroupCondition{ + existingConds: []crdv1alpha3.GroupCondition{ { - Type: crdv1alpha2.GroupMembersComputed, + Type: crdv1alpha3.GroupMembersComputed, Status: corev1.ConditionFalse, }, }, @@ -403,9 +410,9 @@ func TestGroupMembersComputedConditionEqual(t *testing.T) { }, { name: "groupmem-cond-exists-equal", - existingConds: []crdv1alpha2.GroupCondition{ + existingConds: []crdv1alpha3.GroupCondition{ { - Type: crdv1alpha2.GroupMembersComputed, + Type: crdv1alpha3.GroupMembersComputed, Status: corev1.ConditionTrue, }, }, @@ -414,7 +421,7 @@ func TestGroupMembersComputedConditionEqual(t *testing.T) { }, { name: "groupmem-cond-not-exists-not-equal", - existingConds: []crdv1alpha2.GroupCondition{ + existingConds: []crdv1alpha3.GroupCondition{ { Status: corev1.ConditionFalse, }, @@ -425,8 +432,8 @@ func TestGroupMembersComputedConditionEqual(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - inCond := crdv1alpha2.GroupCondition{ - Type: crdv1alpha2.GroupMembersComputed, + inCond := crdv1alpha3.GroupCondition{ + Type: crdv1alpha3.GroupMembersComputed, Status: tt.checkStatus, } actualValue := groupMembersComputedConditionEqual(tt.existingConds, inCond) diff --git a/pkg/controller/networkpolicy/clusternetworkpolicy_test.go b/pkg/controller/networkpolicy/clusternetworkpolicy_test.go index 939cf8495c2..ea36f14f219 100644 --- a/pkg/controller/networkpolicy/clusternetworkpolicy_test.go +++ b/pkg/controller/networkpolicy/clusternetworkpolicy_test.go @@ -22,7 +22,7 @@ import ( "antrea.io/antrea/pkg/apis/controlplane" crdv1alpha1 "antrea.io/antrea/pkg/apis/crd/v1alpha1" - crdv1alpha2 "antrea.io/antrea/pkg/apis/crd/v1alpha2" + crdv1alpha3 "antrea.io/antrea/pkg/apis/crd/v1alpha3" antreatypes "antrea.io/antrea/pkg/controller/types" ) @@ -42,9 +42,9 @@ func TestProcessClusterNetworkPolicy(t *testing.T) { selectorA := metav1.LabelSelector{MatchLabels: map[string]string{"foo1": "bar1"}} selectorB := metav1.LabelSelector{MatchLabels: map[string]string{"foo2": "bar2"}} selectorC := metav1.LabelSelector{MatchLabels: map[string]string{"foo3": "bar3"}} - cgA := crdv1alpha2.ClusterGroup{ + cgA := crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgA", UID: "uidA"}, - Spec: crdv1alpha2.GroupSpec{ + Spec: crdv1alpha3.GroupSpec{ NamespaceSelector: &selectorA, }, } @@ -1249,25 +1249,27 @@ func TestProcessRefCG(t *testing.T) { cidr := "10.0.0.0/24" cidrIPNet, _ := cidrStrToIPNet(cidr) // cgA with selector present in cache - cgA := crdv1alpha2.ClusterGroup{ + cgA := crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgA", UID: "uidA"}, - Spec: crdv1alpha2.GroupSpec{ + Spec: crdv1alpha3.GroupSpec{ NamespaceSelector: &selectorA, }, } // cgB with IPBlock present in cache - cgB := crdv1alpha2.ClusterGroup{ + cgB := crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgB", UID: "uidB"}, - Spec: crdv1alpha2.GroupSpec{ - IPBlock: &crdv1alpha1.IPBlock{ - CIDR: cidr, + Spec: crdv1alpha3.GroupSpec{ + IPBlocks: []crdv1alpha1.IPBlock{ + { + CIDR: cidr, + }, }, }, } // cgC not found in cache - cgC := crdv1alpha2.ClusterGroup{ + cgC := crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgC", UID: "uidC"}, - Spec: crdv1alpha2.GroupSpec{ + Spec: crdv1alpha3.GroupSpec{ NamespaceSelector: &selectorA, }, } @@ -1325,25 +1327,27 @@ func TestProcessAppliedToGroupsForCGs(t *testing.T) { selectorA := metav1.LabelSelector{MatchLabels: map[string]string{"foo1": "bar1"}} cidr := "10.0.0.0/24" // cgA with selector present in cache - cgA := crdv1alpha2.ClusterGroup{ + cgA := crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgA", UID: "uidA"}, - Spec: crdv1alpha2.GroupSpec{ + Spec: crdv1alpha3.GroupSpec{ NamespaceSelector: &selectorA, }, } // cgB with IPBlock present in cache - cgB := crdv1alpha2.ClusterGroup{ + cgB := crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgB", UID: "uidB"}, - Spec: crdv1alpha2.GroupSpec{ - IPBlock: &crdv1alpha1.IPBlock{ - CIDR: cidr, + Spec: crdv1alpha3.GroupSpec{ + IPBlocks: []crdv1alpha1.IPBlock{ + { + CIDR: cidr, + }, }, }, } // cgC not found in cache - cgC := crdv1alpha2.ClusterGroup{ + cgC := crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgC", UID: "uidC"}, - Spec: crdv1alpha2.GroupSpec{ + Spec: crdv1alpha3.GroupSpec{ NamespaceSelector: &selectorA, }, } diff --git a/pkg/controller/networkpolicy/convert.go b/pkg/controller/networkpolicy/convert.go new file mode 100644 index 00000000000..b1d960227d5 --- /dev/null +++ b/pkg/controller/networkpolicy/convert.go @@ -0,0 +1,69 @@ +// Copyright 2021 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package networkpolicy + +import ( + "fmt" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/klog/v2" +) + +func statusErrorWithMessage(msg string, params ...interface{}) metav1.Status { + return metav1.Status{ + Message: fmt.Sprintf(msg, params...), + Status: metav1.StatusFailure, + } +} + +func ConvertClusterGroupCRD(Object *unstructured.Unstructured, toVersion string) (*unstructured.Unstructured, metav1.Status) { + klog.V(2).Infof("Converting CRD for ClusterGroup %s", Object.GetName()) + convertedObject := Object.DeepCopy() + fromVersion := Object.GetAPIVersion() + if toVersion == fromVersion { + return nil, statusErrorWithMessage("conversion from a version to itself should not call the webhook: %s", toVersion) + } + switch Object.GetAPIVersion() { + case "crd.antrea.io/v1alpha2": + switch toVersion { + case "crd.antrea.io/v1alpha3": + ipb, found, err := unstructured.NestedMap(convertedObject.Object, "spec", "ipBlock") + if err == nil && found && len(ipb) > 0 { + unstructured.RemoveNestedField(convertedObject.Object, "spec", "ipBlock") + // unstructured.SetNestedSlice expects a slice of interface as value + ipBlocks := make([]interface{}, 1) + ipBlocks[0] = ipb + unstructured.SetNestedSlice(convertedObject.Object, ipBlocks, "spec", "ipBlocks") + } + default: + return nil, statusErrorWithMessage("unexpected conversion version %q", toVersion) + } + case "crd.antrea.io/v1alpha3": + switch toVersion { + case "crd.antrea.io/v1alpha2": + return convertedObject, metav1.Status{ + Status: metav1.StatusSuccess, + } + default: + return nil, statusErrorWithMessage("unexpected conversion version %q", toVersion) + } + default: + return nil, statusErrorWithMessage("unexpected conversion version %q", fromVersion) + } + return convertedObject, metav1.Status{ + Status: metav1.StatusSuccess, + } +} diff --git a/pkg/controller/networkpolicy/crd_utils_test.go b/pkg/controller/networkpolicy/crd_utils_test.go index 6b51f45c0a7..1e0af6079f2 100644 --- a/pkg/controller/networkpolicy/crd_utils_test.go +++ b/pkg/controller/networkpolicy/crd_utils_test.go @@ -25,7 +25,7 @@ import ( "antrea.io/antrea/pkg/apis/controlplane" crdv1alpha1 "antrea.io/antrea/pkg/apis/crd/v1alpha1" - crdv1alpha2 "antrea.io/antrea/pkg/apis/crd/v1alpha2" + crdv1alpha3 "antrea.io/antrea/pkg/apis/crd/v1alpha3" ) func TestToAntreaServicesForCRD(t *testing.T) { @@ -152,9 +152,9 @@ func TestToAntreaPeerForCRD(t *testing.T) { matchAllPodsPeer := matchAllPeer matchAllPodsPeer.AddressGroups = []string{getNormalizedUID(toGroupSelector("", nil, &selectorAll, nil).NormalizedName)} // cgA with selector present in cache - cgA := crdv1alpha2.ClusterGroup{ + cgA := crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgA", UID: "uidA"}, - Spec: crdv1alpha2.GroupSpec{ + Spec: crdv1alpha3.GroupSpec{ NamespaceSelector: &selectorA, }, } diff --git a/pkg/controller/networkpolicy/networkpolicy_controller.go b/pkg/controller/networkpolicy/networkpolicy_controller.go index 80a650ef535..0bb29fc3c12 100644 --- a/pkg/controller/networkpolicy/networkpolicy_controller.go +++ b/pkg/controller/networkpolicy/networkpolicy_controller.go @@ -52,9 +52,9 @@ import ( "antrea.io/antrea/pkg/apiserver/storage" "antrea.io/antrea/pkg/client/clientset/versioned" secinformers "antrea.io/antrea/pkg/client/informers/externalversions/crd/v1alpha1" - corev1a2informers "antrea.io/antrea/pkg/client/informers/externalversions/crd/v1alpha2" + crdv1a3informers "antrea.io/antrea/pkg/client/informers/externalversions/crd/v1alpha3" seclisters "antrea.io/antrea/pkg/client/listers/crd/v1alpha1" - corev1a2listers "antrea.io/antrea/pkg/client/listers/crd/v1alpha2" + crdv1a3listers "antrea.io/antrea/pkg/client/listers/crd/v1alpha3" "antrea.io/antrea/pkg/controller/grouping" "antrea.io/antrea/pkg/controller/metrics" "antrea.io/antrea/pkg/controller/networkpolicy/store" @@ -161,10 +161,10 @@ type NetworkPolicyController struct { // tierListerSynced is a function which returns true if the Tiers shared informer has been synced at least once. tierListerSynced cache.InformerSynced - cgInformer corev1a2informers.ClusterGroupInformer + cgInformer crdv1a3informers.ClusterGroupInformer // cgLister is able to list/get ClusterGroups and is populated by the shared informer passed to // NewClusterGroupController. - cgLister corev1a2listers.ClusterGroupLister + cgLister crdv1a3listers.ClusterGroupLister // cgListerSynced is a function which returns true if the ClusterGroup shared informer has been synced at least // once. cgListerSynced cache.InformerSynced @@ -218,7 +218,7 @@ func NewNetworkPolicyController(kubeClient clientset.Interface, cnpInformer secinformers.ClusterNetworkPolicyInformer, anpInformer secinformers.NetworkPolicyInformer, tierInformer secinformers.TierInformer, - cgInformer corev1a2informers.ClusterGroupInformer, + cgInformer crdv1a3informers.ClusterGroupInformer, addressGroupStore storage.Interface, appliedToGroupStore storage.Interface, internalNetworkPolicyStore storage.Interface, diff --git a/pkg/controller/networkpolicy/networkpolicy_controller_test.go b/pkg/controller/networkpolicy/networkpolicy_controller_test.go index cf9110ea35f..7237691d04f 100644 --- a/pkg/controller/networkpolicy/networkpolicy_controller_test.go +++ b/pkg/controller/networkpolicy/networkpolicy_controller_test.go @@ -38,6 +38,7 @@ import ( "antrea.io/antrea/pkg/apis/controlplane" "antrea.io/antrea/pkg/apis/crd/v1alpha2" + "antrea.io/antrea/pkg/apis/crd/v1alpha3" "antrea.io/antrea/pkg/apiserver/storage" fakeversioned "antrea.io/antrea/pkg/client/clientset/versioned/fake" crdinformers "antrea.io/antrea/pkg/client/informers/externalversions" @@ -91,8 +92,7 @@ func newController(objects ...runtime.Object) (*fake.Clientset, *networkPolicyCo addressGroupStore := store.NewAddressGroupStore() internalNetworkPolicyStore := store.NewNetworkPolicyStore() internalGroupStore := store.NewGroupStore() - cgInformer := crdInformerFactory.Crd().V1alpha2().ClusterGroups() - cgStore := crdInformerFactory.Crd().V1alpha2().ClusterGroups().Informer().GetStore() + cgInformer := crdInformerFactory.Crd().V1alpha3().ClusterGroups() groupEntityIndex := grouping.NewGroupEntityIndex() groupingController := grouping.NewGroupEntityController(groupEntityIndex, informerFactory.Core().V1().Pods(), @@ -126,7 +126,7 @@ func newController(objects ...runtime.Object) (*fake.Clientset, *networkPolicyCo informerFactory.Networking().V1().NetworkPolicies().Informer().GetStore(), crdInformerFactory.Crd().V1alpha1().ClusterNetworkPolicies().Informer().GetStore(), crdInformerFactory.Crd().V1alpha1().Tiers().Informer().GetStore(), - cgStore, + crdInformerFactory.Crd().V1alpha3().ClusterGroups().Informer().GetStore(), appliedToGroupStore, addressGroupStore, internalNetworkPolicyStore, @@ -949,11 +949,11 @@ func TestAddPod(t *testing.T) { selectorGroup := metav1.LabelSelector{ MatchLabels: map[string]string{"clustergroup": "yes"}, } - testCG := &v1alpha2.ClusterGroup{ + testCG := &v1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "cgA", }, - Spec: v1alpha2.GroupSpec{ + Spec: v1alpha3.GroupSpec{ PodSelector: &selectorGroup, }, } @@ -1426,11 +1426,11 @@ func TestDeletePod(t *testing.T) { selectorGroup := metav1.LabelSelector{ MatchLabels: ruleLabels, } - testCG := &v1alpha2.ClusterGroup{ + testCG := &v1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "cgA", }, - Spec: v1alpha2.GroupSpec{ + Spec: v1alpha3.GroupSpec{ PodSelector: &selectorGroup, }, } @@ -1487,11 +1487,11 @@ func TestAddNamespace(t *testing.T) { selectorGroup := metav1.LabelSelector{ MatchLabels: map[string]string{"clustergroup": "yes"}, } - testCG := &v1alpha2.ClusterGroup{ + testCG := &v1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "cgA", }, - Spec: v1alpha2.GroupSpec{ + Spec: v1alpha3.GroupSpec{ NamespaceSelector: &selectorGroup, }, } @@ -1645,11 +1645,11 @@ func TestDeleteNamespace(t *testing.T) { selectorGroup := metav1.LabelSelector{ MatchLabels: map[string]string{"clustergroup": "yes"}, } - testCG := &v1alpha2.ClusterGroup{ + testCG := &v1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "cgA", }, - Spec: v1alpha2.GroupSpec{ + Spec: v1alpha3.GroupSpec{ NamespaceSelector: &selectorGroup, }, } @@ -1836,23 +1836,23 @@ func TestAddAndUpdateService(t *testing.T) { }, }, } - testCG1 := &v1alpha2.ClusterGroup{ + testCG1 := &v1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "cg-1", }, - Spec: v1alpha2.GroupSpec{ - ServiceReference: &v1alpha2.ServiceReference{ + Spec: v1alpha3.GroupSpec{ + ServiceReference: &v1alpha3.ServiceReference{ Name: "test-svc-1", Namespace: "test-ns", }, }, } - testCG2 := &v1alpha2.ClusterGroup{ + testCG2 := &v1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "cg-2", }, - Spec: v1alpha2.GroupSpec{ - ServiceReference: &v1alpha2.ServiceReference{ + Spec: v1alpha3.GroupSpec{ + ServiceReference: &v1alpha3.ServiceReference{ Name: "test-svc-2", Namespace: "test-ns", }, @@ -1942,12 +1942,12 @@ func TestDeleteService(t *testing.T) { }, }, } - testCG := &v1alpha2.ClusterGroup{ + testCG := &v1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "test-cg", }, - Spec: v1alpha2.GroupSpec{ - ServiceReference: &v1alpha2.ServiceReference{ + Spec: v1alpha3.GroupSpec{ + ServiceReference: &v1alpha3.ServiceReference{ Name: "test-svc", Namespace: "test-ns", }, @@ -2937,9 +2937,9 @@ func TestDeleteFinalStateUnknownNetworkPolicy(t *testing.T) { func TestInternalGroupKeyFunc(t *testing.T) { expValue := "cgA" - cg := v1alpha2.ClusterGroup{ + cg := v1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgA", UID: "uid-a"}, - Spec: v1alpha2.GroupSpec{ + Spec: v1alpha3.GroupSpec{ NamespaceSelector: &selectorA, }, } @@ -2951,48 +2951,48 @@ func TestGetAppliedToWorkloads(t *testing.T) { var emptyEEs []*v1alpha2.ExternalEntity var emptyPods []*corev1.Pod selectorA := metav1.LabelSelector{MatchLabels: map[string]string{"foo1": "bar1"}} - cgA := v1alpha2.ClusterGroup{ + cgA := v1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgA", UID: "uidA"}, - Spec: v1alpha2.GroupSpec{ + Spec: v1alpha3.GroupSpec{ PodSelector: &selectorA, }, } selectorB := metav1.LabelSelector{MatchLabels: map[string]string{"foo2": "bar2"}} - cgB := v1alpha2.ClusterGroup{ + cgB := v1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgB", UID: "uidB"}, - Spec: v1alpha2.GroupSpec{ + Spec: v1alpha3.GroupSpec{ PodSelector: &selectorB, }, } selectorC := metav1.LabelSelector{MatchLabels: map[string]string{"foo3": "bar3"}} - cgC := v1alpha2.ClusterGroup{ + cgC := v1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgC", UID: "uidC"}, - Spec: v1alpha2.GroupSpec{ + Spec: v1alpha3.GroupSpec{ PodSelector: &selectorC, }, } - cgD := v1alpha2.ClusterGroup{ + cgD := v1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgD", UID: "uidD"}, - Spec: v1alpha2.GroupSpec{ + Spec: v1alpha3.GroupSpec{ PodSelector: &selectorC, }, } - nestedCG1 := v1alpha2.ClusterGroup{ + nestedCG1 := v1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "nested-cg-A-B", UID: "uidE"}, - Spec: v1alpha2.GroupSpec{ - ChildGroups: []v1alpha2.ClusterGroupReference{"cgA", "cgB"}, + Spec: v1alpha3.GroupSpec{ + ChildGroups: []v1alpha3.ClusterGroupReference{"cgA", "cgB"}, }, } - nestedCG2 := v1alpha2.ClusterGroup{ + nestedCG2 := v1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "nested-cg-A-C", UID: "uidF"}, - Spec: v1alpha2.GroupSpec{ - ChildGroups: []v1alpha2.ClusterGroupReference{"cgA", "cgC"}, + Spec: v1alpha3.GroupSpec{ + ChildGroups: []v1alpha3.ClusterGroupReference{"cgA", "cgC"}, }, } - nestedCG3 := v1alpha2.ClusterGroup{ + nestedCG3 := v1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "nested-cg-A-C", UID: "uidG"}, - Spec: v1alpha2.GroupSpec{ - ChildGroups: []v1alpha2.ClusterGroupReference{"cgA", "cgC", "cgD"}, + Spec: v1alpha3.GroupSpec{ + ChildGroups: []v1alpha3.ClusterGroupReference{"cgA", "cgC", "cgD"}, }, } podA := getPod("podA", "nsA", "nodeA", "10.0.0.1", false) @@ -3054,7 +3054,7 @@ func TestGetAppliedToWorkloads(t *testing.T) { _, c := newController() c.groupingInterface.AddPod(podA) c.groupingInterface.AddPod(podB) - clusterGroups := []v1alpha2.ClusterGroup{cgA, cgB, cgC, cgD, nestedCG1, nestedCG2} + clusterGroups := []v1alpha3.ClusterGroup{cgA, cgB, cgC, cgD, nestedCG1, nestedCG2} for i, cg := range clusterGroups { c.cgStore.Add(&clusterGroups[i]) c.addClusterGroup(&clusterGroups[i]) @@ -3071,48 +3071,48 @@ func TestGetAppliedToWorkloads(t *testing.T) { func TestGetAddressGroupMemberSet(t *testing.T) { selectorA := metav1.LabelSelector{MatchLabels: map[string]string{"foo1": "bar1"}} - cgA := v1alpha2.ClusterGroup{ + cgA := v1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgA", UID: "uidA"}, - Spec: v1alpha2.GroupSpec{ + Spec: v1alpha3.GroupSpec{ PodSelector: &selectorA, }, } selectorB := metav1.LabelSelector{MatchLabels: map[string]string{"foo2": "bar2"}} - cgB := v1alpha2.ClusterGroup{ + cgB := v1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgB", UID: "uidB"}, - Spec: v1alpha2.GroupSpec{ + Spec: v1alpha3.GroupSpec{ PodSelector: &selectorB, }, } selectorC := metav1.LabelSelector{MatchLabels: map[string]string{"foo3": "bar3"}} - cgC := v1alpha2.ClusterGroup{ + cgC := v1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgC", UID: "uidC"}, - Spec: v1alpha2.GroupSpec{ + Spec: v1alpha3.GroupSpec{ PodSelector: &selectorC, }, } - cgD := v1alpha2.ClusterGroup{ + cgD := v1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "cgD", UID: "uidD"}, - Spec: v1alpha2.GroupSpec{ + Spec: v1alpha3.GroupSpec{ PodSelector: &selectorC, }, } - nestedCG1 := v1alpha2.ClusterGroup{ + nestedCG1 := v1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "nested-cg-A-B", UID: "uidE"}, - Spec: v1alpha2.GroupSpec{ - ChildGroups: []v1alpha2.ClusterGroupReference{"cgA", "cgB"}, + Spec: v1alpha3.GroupSpec{ + ChildGroups: []v1alpha3.ClusterGroupReference{"cgA", "cgB"}, }, } - nestedCG2 := v1alpha2.ClusterGroup{ + nestedCG2 := v1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "nested-cg-A-C", UID: "uidF"}, - Spec: v1alpha2.GroupSpec{ - ChildGroups: []v1alpha2.ClusterGroupReference{"cgA", "cgC"}, + Spec: v1alpha3.GroupSpec{ + ChildGroups: []v1alpha3.ClusterGroupReference{"cgA", "cgC"}, }, } - nestedCG3 := v1alpha2.ClusterGroup{ + nestedCG3 := v1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: "nested-cg-A-C", UID: "uidG"}, - Spec: v1alpha2.GroupSpec{ - ChildGroups: []v1alpha2.ClusterGroupReference{"cgA", "cgC", "cgD"}, + Spec: v1alpha3.GroupSpec{ + ChildGroups: []v1alpha3.ClusterGroupReference{"cgA", "cgC", "cgD"}, }, } podA := getPod("podA", "nsA", "nodeA", "10.0.0.1", false) @@ -3174,7 +3174,7 @@ func TestGetAddressGroupMemberSet(t *testing.T) { _, c := newController() c.groupingInterface.AddPod(podA) c.groupingInterface.AddPod(podB) - clusterGroups := []v1alpha2.ClusterGroup{cgA, cgB, cgC, cgD, nestedCG1, nestedCG2} + clusterGroups := []v1alpha3.ClusterGroup{cgA, cgB, cgC, cgD, nestedCG1, nestedCG2} for i, cg := range clusterGroups { c.cgStore.Add(&clusterGroups[i]) c.addClusterGroup(&clusterGroups[i]) diff --git a/pkg/k8s/client.go b/pkg/k8s/client.go index 7fad434fbd1..e750dea20cd 100644 --- a/pkg/k8s/client.go +++ b/pkg/k8s/client.go @@ -15,6 +15,7 @@ package k8s import ( + apiextensionclientset "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset" clientset "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" @@ -27,7 +28,8 @@ import ( ) // CreateClients creates kube clients from the given config. -func CreateClients(config componentbaseconfig.ClientConnectionConfiguration, kubeAPIServerOverride string) (clientset.Interface, aggregatorclientset.Interface, crdclientset.Interface, error) { +func CreateClients(config componentbaseconfig.ClientConnectionConfiguration, kubeAPIServerOverride string) ( + clientset.Interface, aggregatorclientset.Interface, crdclientset.Interface, apiextensionclientset.Interface, error) { var kubeConfig *rest.Config var err error @@ -45,7 +47,7 @@ func CreateClients(config componentbaseconfig.ClientConnectionConfiguration, kub } if err != nil { - return nil, nil, nil, err + return nil, nil, nil, nil, err } kubeConfig.AcceptContentTypes = config.AcceptContentTypes @@ -55,19 +57,24 @@ func CreateClients(config componentbaseconfig.ClientConnectionConfiguration, kub client, err := clientset.NewForConfig(kubeConfig) if err != nil { - return nil, nil, nil, err + return nil, nil, nil, nil, err } aggregatorClient, err := aggregatorclientset.NewForConfig(kubeConfig) if err != nil { - return nil, nil, nil, err + return nil, nil, nil, nil, err } // Create client for crd operations crdClient, err := crdclientset.NewForConfig(kubeConfig) if err != nil { - return nil, nil, nil, err + return nil, nil, nil, nil, err } - return client, aggregatorClient, crdClient, nil + // Create client for crd manipulations + apiExtensionClient, err := apiextensionclientset.NewForConfig(kubeConfig) + if err != nil { + return nil, nil, nil, nil, err + } + return client, aggregatorClient, crdClient, apiExtensionClient, nil } // CreateLegacyCRDClient creates legacyCRD client from the given config. diff --git a/pkg/ovs/ovsctl/ovsctl_others.go b/pkg/ovs/ovsctl/ovsctl_others.go index 3014c1f77c4..f83b73ee79f 100644 --- a/pkg/ovs/ovsctl/ovsctl_others.go +++ b/pkg/ovs/ovsctl/ovsctl_others.go @@ -22,5 +22,5 @@ import "os/exec" const ovsVSwitchdUDS = "/var/run/openvswitch/ovs-vswitchd.*.ctl" func getOVSCommand(cmdStr string) *exec.Cmd { - return exec.Command("/bin/sh", "-c", cmdStr) + return exec.Command("/bin/sh", "-c", cmdStr) // lgtm[go/command-injection] } diff --git a/plugins/octant/go.sum b/plugins/octant/go.sum index fbd49b42666..8807deb45fc 100644 --- a/plugins/octant/go.sum +++ b/plugins/octant/go.sum @@ -1061,8 +1061,9 @@ honnef.co/go/tools v0.0.1-2020.1.4 h1:UoveltGrhghAA7ePc+e+QYDHXrBps2PqFZiHkGR/xK honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= k8s.io/api v0.19.8 h1:U50vBUCb5kc2J483mnITLKfdyoITaC7PnaOJwT7oRRM= k8s.io/api v0.19.8/go.mod h1:9TMGoKoidvicOK0LSqj+Mj98pugQycbViPKyZHqutBc= -k8s.io/apiextensions-apiserver v0.19.3 h1:WZxBypSHW4SdXHbdPTS/Jy7L2la6Niggs8BuU5o+avo= k8s.io/apiextensions-apiserver v0.19.3/go.mod h1:igVEkrE9TzInc1tYE7qSqxaLg/rEAp6B5+k9Q7+IC8Q= +k8s.io/apiextensions-apiserver v0.21.0 h1:Nd4uBuweg6ImzbxkC1W7xUNZcCV/8Vt10iTdTIVF3hw= +k8s.io/apiextensions-apiserver v0.21.0/go.mod h1:gsQGNtGkc/YoDG9loKI0V+oLZM4ljRPjc/sql5tmvzc= k8s.io/apimachinery v0.19.8 h1:MaehcNcx8brsgvMsqspcI0bi22E1np/DACnjf2mhJ5A= k8s.io/apimachinery v0.19.8/go.mod h1:6sRbGRAVY5DOCuZwB5XkqguBqpqLU6q/kOaOdk29z6Q= k8s.io/apiserver v0.19.3/go.mod h1:bx6dMm+H6ifgKFpCQT/SAhPwhzoeIMlHIaibomUDec0= diff --git a/test/e2e/antreapolicy_test.go b/test/e2e/antreapolicy_test.go index c3e3d9059e3..25700051221 100644 --- a/test/e2e/antreapolicy_test.go +++ b/test/e2e/antreapolicy_test.go @@ -35,6 +35,7 @@ import ( "antrea.io/antrea/pkg/agent/config" crdv1alpha1 "antrea.io/antrea/pkg/apis/crd/v1alpha1" crdv1alpha2 "antrea.io/antrea/pkg/apis/crd/v1alpha2" + crdv1alpha3 "antrea.io/antrea/pkg/apis/crd/v1alpha3" "antrea.io/antrea/pkg/features" legacycorev1a2 "antrea.io/antrea/pkg/legacyapis/core/v1alpha2" legacysecv1alpha1 "antrea.io/antrea/pkg/legacyapis/security/v1alpha1" @@ -944,10 +945,10 @@ func testACNPNoEffectOnOtherProtocols(t *testing.T) { // testACNPAppliedToDenyXBtoCGWithYA tests traffic from X/B to ClusterGroup Y/A on named port 81 is dropped. func testACNPAppliedToDenyXBtoCGWithYA(t *testing.T) { cgName := "cg-pods-ya" - cgBuilder := &ClusterGroupSpecBuilder{} - cgBuilder = cgBuilder.SetName(cgName) - cgBuilder = cgBuilder.SetNamespaceSelector(map[string]string{"ns": "y"}, nil) - cgBuilder = cgBuilder.SetPodSelector(map[string]string{"pod": "a"}, nil) + cgBuilder := &ClusterGroupV1Alpha2SpecBuilder{} + cgBuilder = cgBuilder.SetName(cgName). + SetNamespaceSelector(map[string]string{"ns": "y"}, nil). + SetPodSelector(map[string]string{"pod": "a"}, nil) port81Name := "serve-81" builder := &ClusterNetworkPolicySpecBuilder{} builder = builder.SetName("acnp-deny-cg-with-ya-from-xb"). @@ -981,10 +982,10 @@ func testACNPAppliedToDenyXBtoCGWithYA(t *testing.T) { // testACNPIngressRuleDenyCGWithXBtoYA tests traffic from ClusterGroup with X/B to Y/A on named port 81 is dropped. func testACNPIngressRuleDenyCGWithXBtoYA(t *testing.T) { cgName := "cg-pods-xb" - cgBuilder := &ClusterGroupSpecBuilder{} - cgBuilder = cgBuilder.SetName(cgName) - cgBuilder = cgBuilder.SetNamespaceSelector(map[string]string{"ns": "x"}, nil) - cgBuilder = cgBuilder.SetPodSelector(map[string]string{"pod": "b"}, nil) + cgBuilder := &ClusterGroupV1Alpha2SpecBuilder{} + cgBuilder = cgBuilder.SetName(cgName). + SetNamespaceSelector(map[string]string{"ns": "x"}, nil). + SetPodSelector(map[string]string{"pod": "b"}, nil) port81Name := "serve-81" builder := &ClusterNetworkPolicySpecBuilder{} builder = builder.SetName("acnp-deny-cg-with-xb-to-ya"). @@ -1018,9 +1019,8 @@ func testACNPIngressRuleDenyCGWithXBtoYA(t *testing.T) { // testACNPAppliedToRuleCGWithPodsAToNsZ tests that a ACNP is able to drop egress traffic from CG with pods labelled A namespace Z. func testACNPAppliedToRuleCGWithPodsAToNsZ(t *testing.T) { cgName := "cg-pods-a" - cgBuilder := &ClusterGroupSpecBuilder{} - cgBuilder = cgBuilder.SetName(cgName) - cgBuilder = cgBuilder.SetPodSelector(map[string]string{"pod": "a"}, nil) + cgBuilder := &ClusterGroupV1Alpha3SpecBuilder{} + cgBuilder = cgBuilder.SetName(cgName).SetPodSelector(map[string]string{"pod": "a"}, nil) builder := &ClusterNetworkPolicySpecBuilder{} builder = builder.SetName("acnp-deny-cg-with-a-to-z"). SetPriority(1.0) @@ -1058,9 +1058,8 @@ func testACNPAppliedToRuleCGWithPodsAToNsZ(t *testing.T) { // testACNPEgressRulePodsAToCGWithNsZ tests that a ACNP is able to drop egress traffic from pods labelled A to a CG with namespace Z. func testACNPEgressRulePodsAToCGWithNsZ(t *testing.T) { cgName := "cg-ns-z" - cgBuilder := &ClusterGroupSpecBuilder{} - cgBuilder = cgBuilder.SetName(cgName) - cgBuilder = cgBuilder.SetNamespaceSelector(map[string]string{"ns": "z"}, nil) + cgBuilder := &ClusterGroupV1Alpha3SpecBuilder{} + cgBuilder = cgBuilder.SetName(cgName).SetNamespaceSelector(map[string]string{"ns": "z"}, nil) builder := &ClusterNetworkPolicySpecBuilder{} builder = builder.SetName("acnp-deny-a-to-cg-with-z-egress"). SetPriority(1.0). @@ -1098,13 +1097,11 @@ func testACNPEgressRulePodsAToCGWithNsZ(t *testing.T) { func testACNPClusterGroupUpdateAppliedTo(t *testing.T) { cgName := "cg-pods-a-then-c" - cgBuilder := &ClusterGroupSpecBuilder{} - cgBuilder = cgBuilder.SetName(cgName) - cgBuilder = cgBuilder.SetPodSelector(map[string]string{"pod": "a"}, nil) + cgBuilder := &ClusterGroupV1Alpha3SpecBuilder{} + cgBuilder = cgBuilder.SetName(cgName).SetPodSelector(map[string]string{"pod": "a"}, nil) // Update CG Pod selector to group Pods C - updatedCgBuilder := &ClusterGroupSpecBuilder{} - updatedCgBuilder = updatedCgBuilder.SetName(cgName) - updatedCgBuilder = updatedCgBuilder.SetPodSelector(map[string]string{"pod": "c"}, nil) + updatedCgBuilder := &ClusterGroupV1Alpha3SpecBuilder{} + updatedCgBuilder = updatedCgBuilder.SetName(cgName).SetPodSelector(map[string]string{"pod": "c"}, nil) builder := &ClusterNetworkPolicySpecBuilder{} builder = builder.SetName("acnp-deny-cg-with-a-to-z-egress"). SetPriority(1.0). @@ -1161,13 +1158,11 @@ func testACNPClusterGroupUpdateAppliedTo(t *testing.T) { func testACNPClusterGroupUpdate(t *testing.T) { cgName := "cg-ns-z-then-y" - cgBuilder := &ClusterGroupSpecBuilder{} - cgBuilder = cgBuilder.SetName(cgName) - cgBuilder = cgBuilder.SetNamespaceSelector(map[string]string{"ns": "z"}, nil) + cgBuilder := &ClusterGroupV1Alpha3SpecBuilder{} + cgBuilder = cgBuilder.SetName(cgName).SetNamespaceSelector(map[string]string{"ns": "z"}, nil) // Update CG NS selector to group Pods from Namespace Y - updatedCgBuilder := &ClusterGroupSpecBuilder{} - updatedCgBuilder = updatedCgBuilder.SetName(cgName) - updatedCgBuilder = updatedCgBuilder.SetNamespaceSelector(map[string]string{"ns": "y"}, nil) + updatedCgBuilder := &ClusterGroupV1Alpha3SpecBuilder{} + updatedCgBuilder = updatedCgBuilder.SetName(cgName).SetNamespaceSelector(map[string]string{"ns": "y"}, nil) builder := &ClusterNetworkPolicySpecBuilder{} builder = builder.SetName("acnp-deny-a-to-cg-with-z-egress"). SetPriority(1.0). @@ -1224,7 +1219,7 @@ func testACNPClusterGroupUpdate(t *testing.T) { func testACNPClusterGroupAppliedToPodAdd(t *testing.T, data *TestData) { cgName := "cg-pod-custom-pod-zj" - cgBuilder := &ClusterGroupSpecBuilder{} + cgBuilder := &ClusterGroupV1Alpha3SpecBuilder{} cgBuilder = cgBuilder.SetName(cgName). SetNamespaceSelector(map[string]string{"ns": "z"}, nil). SetPodSelector(map[string]string{"pod": "j"}, nil) @@ -1268,7 +1263,7 @@ func testACNPClusterGroupAppliedToPodAdd(t *testing.T, data *TestData) { func testACNPClusterGroupRefRulePodAdd(t *testing.T, data *TestData) { cgName := "cg-pod-custom-pod-zk" - cgBuilder := &ClusterGroupSpecBuilder{} + cgBuilder := &ClusterGroupV1Alpha3SpecBuilder{} cgBuilder = cgBuilder.SetName(cgName). SetNamespaceSelector(map[string]string{"ns": "z"}, nil). SetPodSelector(map[string]string{"pod": "k"}, nil) @@ -1319,6 +1314,7 @@ func testACNPClusterGroupRefRuleIPBlocks(t *testing.T) { podXAIP, _ := podIPs["x/a"] podXBIP, _ := podIPs["x/b"] podXCIP, _ := podIPs["x/c"] + podZAIP, _ := podIPs["z/a"] // There are three situations of a Pod's IP(s): // 1. Only one IPv4 address. // 2. Only one IPv6 address. @@ -1330,16 +1326,23 @@ func testACNPClusterGroupRefRuleIPBlocks(t *testing.T) { } return ip + "/128" } - cgName := "cg-ipblock-pod-in-ns-x" - cgBuilder := &ClusterGroupSpecBuilder{} - var ipBlock []crdv1alpha1.IPBlock + var ipBlock1, ipBlock2 []crdv1alpha1.IPBlock for i := 0; i < len(podXAIP); i++ { - ipBlock = append(ipBlock, crdv1alpha1.IPBlock{CIDR: genCIDR(podXAIP[i])}) - ipBlock = append(ipBlock, crdv1alpha1.IPBlock{CIDR: genCIDR(podXBIP[i])}) - ipBlock = append(ipBlock, crdv1alpha1.IPBlock{CIDR: genCIDR(podXCIP[i])}) - } - cgBuilder = cgBuilder.SetName(cgName). - SetIPBlocks(ipBlock) + ipBlock1 = append(ipBlock1, crdv1alpha1.IPBlock{CIDR: genCIDR(podXAIP[i])}) + ipBlock1 = append(ipBlock1, crdv1alpha1.IPBlock{CIDR: genCIDR(podXBIP[i])}) + ipBlock1 = append(ipBlock1, crdv1alpha1.IPBlock{CIDR: genCIDR(podXCIP[i])}) + ipBlock2 = append(ipBlock2, crdv1alpha1.IPBlock{CIDR: genCIDR(podZAIP[i])}) + } + + cgv1a3Name := "cg-ipblocks-pod-in-ns-x" + cgBuilder := &ClusterGroupV1Alpha3SpecBuilder{} + cgBuilder = cgBuilder.SetName(cgv1a3Name). + SetIPBlocks(ipBlock1) + // crd/v1alpha2 ClusterGroups should be converted to crd/v1alpha3. + cgv1a2Name := "cg-ipblock-pod-za" + cgBuilder2 := &ClusterGroupV1Alpha3SpecBuilder{} + cgBuilder2 = cgBuilder2.SetName(cgv1a2Name). + SetIPBlocks(ipBlock2) builder := &ClusterNetworkPolicySpecBuilder{} builder = builder.SetName("acnp-deny-ya-to-x-ips-ingress"). @@ -1351,17 +1354,21 @@ func testACNPClusterGroupRefRuleIPBlocks(t *testing.T) { }, }) builder.AddIngress(v1.ProtocolTCP, &p80, nil, nil, nil, nil, nil, - nil, nil, nil, crdv1alpha1.RuleActionDrop, cgName, "") + nil, nil, nil, crdv1alpha1.RuleActionDrop, cgv1a3Name, "") + builder.AddIngress(v1.ProtocolTCP, &p80, nil, nil, nil, nil, nil, + nil, nil, nil, crdv1alpha1.RuleActionDrop, cgv1a2Name, "") + reachability := NewReachability(allPods, Connected) reachability.Expect(Pod("x/a"), Pod("y/a"), Dropped) reachability.Expect(Pod("x/b"), Pod("y/a"), Dropped) reachability.Expect(Pod("x/c"), Pod("y/a"), Dropped) + reachability.Expect(Pod("z/a"), Pod("y/a"), Dropped) testStep := []*TestStep{ { "Port 80", reachability, []metav1.Object{builder.Get()}, - []metav1.Object{cgBuilder.Get()}, + []metav1.Object{cgBuilder.Get(), cgBuilder2.Get()}, []int32{80}, v1.ProtocolTCP, 0, @@ -1369,7 +1376,7 @@ func testACNPClusterGroupRefRuleIPBlocks(t *testing.T) { }, } testCase := []*TestCase{ - {"ACNP Drop Ingress From Pod: y/a to ClusterGroup with ipBlocks of Pods IPs in NS x", testStep}, + {"ACNP Drop Ingress From Pod: y/a to ClusterGroup with ipBlocks", testStep}, } executeTests(t, testCase) } @@ -2135,9 +2142,9 @@ func testACNPClusterGroupServiceRefCreateAndUpdate(t *testing.T, data *TestData) svc2 := k8sUtils.BuildService("svc2", "y", 80, 80, map[string]string{"app": "b"}, nil) cg1Name, cg2Name := "cg-svc1", "cg-svc2" - cgBuilder1 := &ClusterGroupSpecBuilder{} + cgBuilder1 := &ClusterGroupV1Alpha3SpecBuilder{} cgBuilder1 = cgBuilder1.SetName(cg1Name).SetServiceReference("x", "svc1") - cgBuilder2 := &ClusterGroupSpecBuilder{} + cgBuilder2 := &ClusterGroupV1Alpha3SpecBuilder{} cgBuilder2 = cgBuilder2.SetName(cg2Name).SetServiceReference("y", "svc2") builder := &ClusterNetworkPolicySpecBuilder{} @@ -2220,14 +2227,14 @@ func testACNPClusterGroupServiceRefCreateAndUpdate(t *testing.T, data *TestData) func testACNPNestedClusterGroupCreateAndUpdate(t *testing.T, data *TestData) { svc1 := k8sUtils.BuildService("svc1", "x", 80, 80, map[string]string{"app": "a"}, nil) cg1Name, cg2Name := "cg-svc-x-a", "cg-select-y-b" - cgBuilder1 := &ClusterGroupSpecBuilder{} + cgBuilder1 := &ClusterGroupV1Alpha3SpecBuilder{} cgBuilder1 = cgBuilder1.SetName(cg1Name).SetServiceReference("x", "svc1") - cgBuilder2 := &ClusterGroupSpecBuilder{} + cgBuilder2 := &ClusterGroupV1Alpha3SpecBuilder{} cgBuilder2 = cgBuilder2.SetName(cg2Name). SetNamespaceSelector(map[string]string{"ns": "y"}, nil). SetPodSelector(map[string]string{"pod": "b"}, nil) cgNestedName := "cg-nested" - cgBuilderNested := &ClusterGroupSpecBuilder{} + cgBuilderNested := &ClusterGroupV1Alpha3SpecBuilder{} cgBuilderNested = cgBuilderNested.SetName(cgNestedName).SetChildGroups([]string{cg1Name}) builder := &ClusterNetworkPolicySpecBuilder{} @@ -2418,8 +2425,11 @@ func cleanupTestCasePolicies(t *testing.T, c *TestCase) { func applyTestStepServicesAndGroups(t *testing.T, step *TestStep) { for _, obj := range step.ServicesAndGroups { switch o := obj.(type) { + case *crdv1alpha3.ClusterGroup: + _, err := k8sUtils.CreateOrUpdateV1Alpha3CG(o) + failOnError(err, t) case *crdv1alpha2.ClusterGroup: - _, err := k8sUtils.CreateOrUpdateCG(o) + _, err := k8sUtils.CreateOrUpdateV1Alpha2CG(o) failOnError(err, t) case *v1.Service: _, err := k8sUtils.CreateOrUpdateService(o) @@ -2439,13 +2449,16 @@ func cleanupTestCaseServicesAndGroups(t *testing.T, c *TestCase) { // be created before referred and can only be deleted after the parentGroup is deleted, // CG deletion must be performed in the reverse order of creation. An orderedGroups // list is used to maintain the order of group creation. - svcsToDelete, groupsToDelete := sets.String{}, sets.String{} + svcsToDelete, v1a2GroupsToDelete, v1a3GroupsToDelete := sets.String{}, sets.String{}, sets.String{} var orderedGroups []string for _, step := range c.Steps { for _, obj := range step.ServicesAndGroups { switch o := obj.(type) { + case *crdv1alpha3.ClusterGroup: + v1a3GroupsToDelete.Insert(o.Name) + orderedGroups = append(orderedGroups, o.Name) case *crdv1alpha2.ClusterGroup: - groupsToDelete.Insert(o.Name) + v1a2GroupsToDelete.Insert(o.Name) orderedGroups = append(orderedGroups, o.Name) case *v1.Service: svcsToDelete.Insert(o.Namespace + "/" + o.Name) @@ -2454,10 +2467,12 @@ func cleanupTestCaseServicesAndGroups(t *testing.T, c *TestCase) { } for i := len(orderedGroups) - 1; i >= 0; i-- { cg := orderedGroups[i] - if groupsToDelete.Has(cg) { - failOnError(k8sUtils.DeleteCG(cg), t) - failOnError(waitForResourceDelete("", cg, resourceCG, timeout), t) - groupsToDelete.Delete(cg) + if v1a2GroupsToDelete.Has(cg) { + failOnError(k8sUtils.DeleteV1Alpha2CG(cg), t) + v1a2GroupsToDelete.Delete(cg) + } else if v1a3GroupsToDelete.Has(cg) { + failOnError(k8sUtils.DeleteV1Alpha3CG(cg), t) + v1a3GroupsToDelete.Delete(cg) } } for _, svc := range svcsToDelete.List() { @@ -2512,7 +2527,7 @@ func waitForResourceReady(obj metav1.Object, timeout time.Duration) error { case *legacysecv1alpha1.Tier: _, err = k8sUtils.GetTier(p.Name) case *legacycorev1a2.ClusterGroup: - _, err = k8sUtils.GetCG(p.Name) + _, err = k8sUtils.GetV1Alpha2CG(p.Name) case *crdv1alpha1.ClusterNetworkPolicy: _, err = k8sUtils.GetACNP(p.Name) case *crdv1alpha1.NetworkPolicy: @@ -2520,7 +2535,9 @@ func waitForResourceReady(obj metav1.Object, timeout time.Duration) error { case *crdv1alpha1.Tier: _, err = k8sUtils.GetTier(p.Name) case *crdv1alpha2.ClusterGroup: - _, err = k8sUtils.GetCG(p.Name) + _, err = k8sUtils.GetV1Alpha2CG(p.Name) + case *crdv1alpha3.ClusterGroup: + _, err = k8sUtils.GetV1Alpha3CG(p.Name) case *v1net.NetworkPolicy: _, err = k8sUtils.GetNetworkPolicy(p.Namespace, p.Name) case *v1.Service: @@ -2548,7 +2565,7 @@ func waitForResourceDelete(namespace, name string, resource string, timeout time case resourceTier: _, err = k8sUtils.GetTier(name) case resourceCG: - _, err = k8sUtils.GetCG(name) + _, err = k8sUtils.GetV1Alpha3CG(name) case resourceNetworkPolicy: _, err = k8sUtils.GetNetworkPolicy(namespace, name) case resourceSVC: diff --git a/test/e2e/clustergroup_test.go b/test/e2e/clustergroup_test.go index ba48e92349e..9d512e6d109 100644 --- a/test/e2e/clustergroup_test.go +++ b/test/e2e/clustergroup_test.go @@ -18,10 +18,12 @@ import ( "fmt" "testing" + "github.com/stretchr/testify/assert" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" crdv1alpha1 "antrea.io/antrea/pkg/apis/crd/v1alpha1" crdv1alpha2 "antrea.io/antrea/pkg/apis/crd/v1alpha2" + crdv1alpha3 "antrea.io/antrea/pkg/apis/crd/v1alpha3" ) func testInvalidCGIPBlockWithPodSelector(t *testing.T) { @@ -29,17 +31,17 @@ func testInvalidCGIPBlockWithPodSelector(t *testing.T) { cgName := "ipb-pod" pSel := &metav1.LabelSelector{MatchLabels: map[string]string{"pod": "x"}} cidr := "10.0.0.10/32" - ipb := &crdv1alpha1.IPBlock{CIDR: cidr} - cg := &crdv1alpha2.ClusterGroup{ + ipb := []crdv1alpha1.IPBlock{{CIDR: cidr}} + cg := &crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{ Name: cgName, }, - Spec: crdv1alpha2.GroupSpec{ + Spec: crdv1alpha3.GroupSpec{ PodSelector: pSel, - IPBlock: ipb, + IPBlocks: ipb, }, } - if _, err := k8sUtils.CreateOrUpdateCG(cg); err == nil { + if _, err := k8sUtils.CreateOrUpdateV1Alpha3CG(cg); err == nil { // Above creation of CG must fail as it is an invalid spec. failOnError(invalidErr, t) } @@ -50,17 +52,17 @@ func testInvalidCGIPBlockWithNSSelector(t *testing.T) { cgName := "ipb-ns" nSel := &metav1.LabelSelector{MatchLabels: map[string]string{"ns": "y"}} cidr := "10.0.0.10/32" - ipb := &crdv1alpha1.IPBlock{CIDR: cidr} - cg := &crdv1alpha2.ClusterGroup{ + ipb := []crdv1alpha1.IPBlock{{CIDR: cidr}} + cg := &crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{ Name: cgName, }, - Spec: crdv1alpha2.GroupSpec{ + Spec: crdv1alpha3.GroupSpec{ NamespaceSelector: nSel, - IPBlock: ipb, + IPBlocks: ipb, }, } - if _, err := k8sUtils.CreateOrUpdateCG(cg); err == nil { + if _, err := k8sUtils.CreateOrUpdateV1Alpha3CG(cg); err == nil { // Above creation of CG must fail as it is an invalid spec. failOnError(invalidErr, t) } @@ -82,7 +84,7 @@ func testInvalidCGIPBlockWithIPBlocks(t *testing.T) { IPBlock: ipb, }, } - if _, err := k8sUtils.CreateOrUpdateCG(cg); err == nil { + if _, err := k8sUtils.CreateOrUpdateV1Alpha2CG(cg); err == nil { // Above creation of CG must fail as it is an invalid spec. failOnError(invalidErr, t) } @@ -92,20 +94,20 @@ func testInvalidCGServiceRefWithPodSelector(t *testing.T) { invalidErr := fmt.Errorf("clustergroup created with serviceReference and podSelector") cgName := "svcref-pod-selector" pSel := &metav1.LabelSelector{MatchLabels: map[string]string{"pod": "x"}} - svcRef := &crdv1alpha2.ServiceReference{ + svcRef := &crdv1alpha3.ServiceReference{ Namespace: "y", Name: "test-svc", } - cg := &crdv1alpha2.ClusterGroup{ + cg := &crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{ Name: cgName, }, - Spec: crdv1alpha2.GroupSpec{ + Spec: crdv1alpha3.GroupSpec{ PodSelector: pSel, ServiceReference: svcRef, }, } - if _, err := k8sUtils.CreateOrUpdateCG(cg); err == nil { + if _, err := k8sUtils.CreateOrUpdateV1Alpha3CG(cg); err == nil { // Above creation of CG must fail as it is an invalid spec. failOnError(invalidErr, t) } @@ -115,20 +117,20 @@ func testInvalidCGServiceRefWithNSSelector(t *testing.T) { invalidErr := fmt.Errorf("clustergroup created with serviceReference and namespaceSelector") cgName := "svcref-ns-selector" nSel := &metav1.LabelSelector{MatchLabels: map[string]string{"ns": "y"}} - svcRef := &crdv1alpha2.ServiceReference{ + svcRef := &crdv1alpha3.ServiceReference{ Namespace: "y", Name: "test-svc", } - cg := &crdv1alpha2.ClusterGroup{ + cg := &crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{ Name: cgName, }, - Spec: crdv1alpha2.GroupSpec{ + Spec: crdv1alpha3.GroupSpec{ NamespaceSelector: nSel, ServiceReference: svcRef, }, } - if _, err := k8sUtils.CreateOrUpdateCG(cg); err == nil { + if _, err := k8sUtils.CreateOrUpdateV1Alpha3CG(cg); err == nil { // Above creation of CG must fail as it is an invalid spec. failOnError(invalidErr, t) } @@ -138,21 +140,21 @@ func testInvalidCGServiceRefWithIPBlock(t *testing.T) { invalidErr := fmt.Errorf("clustergroup created with ipblock and namespaceSelector") cgName := "ipb-svcref" cidr := "10.0.0.10/32" - ipb := &crdv1alpha1.IPBlock{CIDR: cidr} - svcRef := &crdv1alpha2.ServiceReference{ + ipb := []crdv1alpha1.IPBlock{{CIDR: cidr}} + svcRef := &crdv1alpha3.ServiceReference{ Namespace: "y", Name: "test-svc", } - cg := &crdv1alpha2.ClusterGroup{ + cg := &crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{ Name: cgName, }, - Spec: crdv1alpha2.GroupSpec{ + Spec: crdv1alpha3.GroupSpec{ ServiceReference: svcRef, - IPBlock: ipb, + IPBlocks: ipb, }, } - if _, err := k8sUtils.CreateOrUpdateCG(cg); err == nil { + if _, err := k8sUtils.CreateOrUpdateV1Alpha3CG(cg); err == nil { // Above creation of CG must fail as it is an invalid spec. failOnError(invalidErr, t) } @@ -161,15 +163,15 @@ func testInvalidCGServiceRefWithIPBlock(t *testing.T) { func testInvalidCGChildGroupDoesNotExist(t *testing.T) { invalidErr := fmt.Errorf("clustergroup childGroup does not exist") cgName := "child-group-not-exist" - cg := &crdv1alpha2.ClusterGroup{ + cg := &crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{ Name: cgName, }, - Spec: crdv1alpha2.GroupSpec{ - ChildGroups: []crdv1alpha2.ClusterGroupReference{crdv1alpha2.ClusterGroupReference("some-non-existing-cg")}, + Spec: crdv1alpha3.GroupSpec{ + ChildGroups: []crdv1alpha3.ClusterGroupReference{crdv1alpha3.ClusterGroupReference("some-non-existing-cg")}, }, } - if _, err := k8sUtils.CreateOrUpdateCG(cg); err == nil { + if _, err := k8sUtils.CreateOrUpdateV1Alpha3CG(cg); err == nil { // Above creation of CG must fail as it is an invalid spec. failOnError(invalidErr, t) } @@ -178,21 +180,21 @@ func testInvalidCGChildGroupDoesNotExist(t *testing.T) { var testChildCGName = "test-child-cg" func createChildCGForTest(t *testing.T) { - cg := &crdv1alpha2.ClusterGroup{ + cg := &crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{ Name: testChildCGName, }, - Spec: crdv1alpha2.GroupSpec{ + Spec: crdv1alpha3.GroupSpec{ PodSelector: &metav1.LabelSelector{}, }, } - if _, err := k8sUtils.CreateOrUpdateCG(cg); err != nil { + if _, err := k8sUtils.CreateOrUpdateV1Alpha3CG(cg); err != nil { failOnError(err, t) } } func cleanupChildCGForTest(t *testing.T) { - if err := k8sUtils.DeleteCG(testChildCGName); err != nil { + if err := k8sUtils.DeleteV1Alpha3CG(testChildCGName); err != nil { failOnError(err, t) } } @@ -201,16 +203,16 @@ func testInvalidCGChildGroupWithPodSelector(t *testing.T) { invalidErr := fmt.Errorf("clustergroup created with childGroups and podSelector") cgName := "child-group-pod-selector" pSel := &metav1.LabelSelector{MatchLabels: map[string]string{"pod": "x"}} - cg := &crdv1alpha2.ClusterGroup{ + cg := &crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{ Name: cgName, }, - Spec: crdv1alpha2.GroupSpec{ + Spec: crdv1alpha3.GroupSpec{ PodSelector: pSel, - ChildGroups: []crdv1alpha2.ClusterGroupReference{crdv1alpha2.ClusterGroupReference(testChildCGName)}, + ChildGroups: []crdv1alpha3.ClusterGroupReference{crdv1alpha3.ClusterGroupReference(testChildCGName)}, }, } - if _, err := k8sUtils.CreateOrUpdateCG(cg); err == nil { + if _, err := k8sUtils.CreateOrUpdateV1Alpha3CG(cg); err == nil { // Above creation of CG must fail as it is an invalid spec. failOnError(invalidErr, t) } @@ -219,20 +221,20 @@ func testInvalidCGChildGroupWithPodSelector(t *testing.T) { func testInvalidCGChildGroupWithServiceReference(t *testing.T) { invalidErr := fmt.Errorf("clustergroup created with childGroups and ServiceReference") cgName := "child-group-svcref" - svcRef := &crdv1alpha2.ServiceReference{ + svcRef := &crdv1alpha3.ServiceReference{ Namespace: "y", Name: "test-svc", } - cg := &crdv1alpha2.ClusterGroup{ + cg := &crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{ Name: cgName, }, - Spec: crdv1alpha2.GroupSpec{ + Spec: crdv1alpha3.GroupSpec{ ServiceReference: svcRef, - ChildGroups: []crdv1alpha2.ClusterGroupReference{crdv1alpha2.ClusterGroupReference(testChildCGName)}, + ChildGroups: []crdv1alpha3.ClusterGroupReference{crdv1alpha3.ClusterGroupReference(testChildCGName)}, }, } - if _, err := k8sUtils.CreateOrUpdateCG(cg); err == nil { + if _, err := k8sUtils.CreateOrUpdateV1Alpha3CG(cg); err == nil { // Above creation of CG must fail as it is an invalid spec. failOnError(invalidErr, t) } @@ -241,30 +243,75 @@ func testInvalidCGChildGroupWithServiceReference(t *testing.T) { func testInvalidCGMaxNestedLevel(t *testing.T) { invalidErr := fmt.Errorf("clustergroup created with childGroup which has childGroups itself") cgName1, cgName2 := "cg-nested-1", "cg-nested-2" - cg1 := &crdv1alpha2.ClusterGroup{ + cg1 := &crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: cgName1}, - Spec: crdv1alpha2.GroupSpec{ - ChildGroups: []crdv1alpha2.ClusterGroupReference{crdv1alpha2.ClusterGroupReference(testChildCGName)}, + Spec: crdv1alpha3.GroupSpec{ + ChildGroups: []crdv1alpha3.ClusterGroupReference{crdv1alpha3.ClusterGroupReference(testChildCGName)}, }, } - if _, err := k8sUtils.CreateOrUpdateCG(cg1); err != nil { + if _, err := k8sUtils.CreateOrUpdateV1Alpha3CG(cg1); err != nil { // Above creation of CG must succeed as it is a valid spec. failOnError(err, t) } - cg2 := &crdv1alpha2.ClusterGroup{ + cg2 := &crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{Name: cgName2}, - Spec: crdv1alpha2.GroupSpec{ - ChildGroups: []crdv1alpha2.ClusterGroupReference{crdv1alpha2.ClusterGroupReference(cgName1)}, + Spec: crdv1alpha3.GroupSpec{ + ChildGroups: []crdv1alpha3.ClusterGroupReference{crdv1alpha3.ClusterGroupReference(cgName1)}, }, } - if _, err := k8sUtils.CreateOrUpdateCG(cg2); err == nil { + if _, err := k8sUtils.CreateOrUpdateV1Alpha3CG(cg2); err == nil { // Above creation of CG must fail as it is an invalid spec. failOnError(invalidErr, t) } // cleanup cg-nested-1 - if err := k8sUtils.DeleteCG(cgName1); err != nil { + if err := k8sUtils.DeleteV1Alpha3CG(cgName1); err != nil { + failOnError(err, t) + } +} + +func testClusterGroupConversionV1A2AndV1A3(t *testing.T) { + cgName1, cgName2 := "cg-v1a2", "cg-v1a3" + ipb1 := crdv1alpha1.IPBlock{ + CIDR: "192.168.1.0/24", + } + ipb2 := crdv1alpha1.IPBlock{ + CIDR: "192.168.2.0/24", + } + cg1 := &crdv1alpha2.ClusterGroup{ + ObjectMeta: metav1.ObjectMeta{Name: cgName1}, + Spec: crdv1alpha2.GroupSpec{ + IPBlock: &ipb1, + }, + } + cg2 := &crdv1alpha3.ClusterGroup{ + ObjectMeta: metav1.ObjectMeta{Name: cgName2}, + Spec: crdv1alpha3.GroupSpec{ + IPBlocks: []crdv1alpha1.IPBlock{ + ipb1, + ipb2, + }, + }, + } + if _, err := k8sUtils.CreateOrUpdateV1Alpha2CG(cg1); err != nil { + // Above creation of CG must succeed as it is a valid spec. + failOnError(err, t) + } + // Get v1alpha3 version of ClusterGroup, which was created as v1alpha2 + cg1Returned, err := k8sUtils.GetV1Alpha3CG(cgName1) + if err != nil { + failOnError(err, t) + } + assert.ElementsMatch(t, cg1Returned.Spec.IPBlocks, []crdv1alpha1.IPBlock{ipb1}) + if _, err := k8sUtils.CreateOrUpdateV1Alpha3CG(cg2); err != nil { + // Above creation of CG must succeed as it is a valid spec. + failOnError(err, t) + } + // Get v1alpha2 version of ClusterGroup, which was created as v1alpha3 + cg2Returned, err := k8sUtils.GetV1Alpha2CG(cgName2) + if err != nil { failOnError(err, t) } + assert.ElementsMatch(t, cg2Returned.Spec.IPBlocks, []crdv1alpha1.IPBlock{ipb1, ipb2}) } func TestClusterGroup(t *testing.T) { @@ -294,6 +341,8 @@ func TestClusterGroup(t *testing.T) { t.Run("Case=ChildGroupExceedMaxNestedLevel", func(t *testing.T) { testInvalidCGMaxNestedLevel(t) }) cleanupChildCGForTest(t) }) - + t.Run("TestGroupClusterGroupConversion", func(t *testing.T) { + t.Run("Case=ConvertBetweenV1A2AndV1A3", func(t *testing.T) { testClusterGroupConversionV1A2AndV1A3(t) }) + }) k8sUtils.Cleanup(namespaces) // clean up all cluster-scope resources, including CGs } diff --git a/test/e2e/k8s_util.go b/test/e2e/k8s_util.go index d2a95705aca..f1fbd16d767 100644 --- a/test/e2e/k8s_util.go +++ b/test/e2e/k8s_util.go @@ -30,6 +30,7 @@ import ( crdv1alpha1 "antrea.io/antrea/pkg/apis/crd/v1alpha1" crdv1alpha2 "antrea.io/antrea/pkg/apis/crd/v1alpha2" + crdv1alpha3 "antrea.io/antrea/pkg/apis/crd/v1alpha3" legacycorev1a2 "antrea.io/antrea/pkg/legacyapis/core/v1alpha2" legacysecv1alpha1 "antrea.io/antrea/pkg/legacyapis/security/v1alpha1" ) @@ -435,8 +436,8 @@ func (k *KubernetesUtils) DeleteTier(name string) error { return nil } -// CreateOrUpdateCG is a convenience function for idempotent setup of ClusterGroups -func (k *KubernetesUtils) CreateOrUpdateCG(cg *crdv1alpha2.ClusterGroup) (*crdv1alpha2.ClusterGroup, error) { +// CreateOrUpdateV1Alpha2CG is a convenience function for idempotent setup of crd/v1alpha2 ClusterGroups +func (k *KubernetesUtils) CreateOrUpdateV1Alpha2CG(cg *crdv1alpha2.ClusterGroup) (*crdv1alpha2.ClusterGroup, error) { log.Infof("Creating/updating ClusterGroup %s", cg.Name) cgReturned, err := k.crdClient.CrdV1alpha2().ClusterGroups().Get(context.TODO(), cg.Name, metav1.GetOptions{}) if err != nil { @@ -455,12 +456,40 @@ func (k *KubernetesUtils) CreateOrUpdateCG(cg *crdv1alpha2.ClusterGroup) (*crdv1 return nil, fmt.Errorf("error occurred in creating/updating ClusterGroup %s", cg.Name) } +// CreateOrUpdateV1Alpha3CG is a convenience function for idempotent setup of crd/v1alpha3 ClusterGroups +func (k *KubernetesUtils) CreateOrUpdateV1Alpha3CG(cg *crdv1alpha3.ClusterGroup) (*crdv1alpha3.ClusterGroup, error) { + log.Infof("Creating/updating ClusterGroup %s", cg.Name) + cgReturned, err := k.crdClient.CrdV1alpha3().ClusterGroups().Get(context.TODO(), cg.Name, metav1.GetOptions{}) + if err != nil { + cgr, err := k.crdClient.CrdV1alpha3().ClusterGroups().Create(context.TODO(), cg, metav1.CreateOptions{}) + if err != nil { + log.Infof("Unable to create cluster group %s: %v", cg.Name, err) + return nil, err + } + return cgr, nil + } else if cgReturned.Name != "" { + log.Debugf("ClusterGroup with name %s already exists, updating", cg.Name) + cgReturned.Spec = cg.Spec + cgr, err := k.crdClient.CrdV1alpha3().ClusterGroups().Update(context.TODO(), cgReturned, metav1.UpdateOptions{}) + return cgr, err + } + return nil, fmt.Errorf("error occurred in creating/updating ClusterGroup %s", cg.Name) +} + +func (k *KubernetesUtils) GetV1Alpha2CG(cgName string) (*crdv1alpha2.ClusterGroup, error) { + return k.crdClient.CrdV1alpha2().ClusterGroups().Get(context.TODO(), cgName, metav1.GetOptions{}) +} + +func (k *KubernetesUtils) GetV1Alpha3CG(cgName string) (*crdv1alpha3.ClusterGroup, error) { + return k.crdClient.CrdV1alpha3().ClusterGroups().Get(context.TODO(), cgName, metav1.GetOptions{}) +} + // CreateCG is a convenience function for creating an Antrea ClusterGroup by name and selector. -func (k *KubernetesUtils) CreateCG(name string, pSelector, nSelector *metav1.LabelSelector, ipBlock *crdv1alpha1.IPBlock) (*crdv1alpha2.ClusterGroup, error) { +func (k *KubernetesUtils) CreateCG(name string, pSelector, nSelector *metav1.LabelSelector, ipBlocks []crdv1alpha1.IPBlock) (*crdv1alpha3.ClusterGroup, error) { log.Infof("Creating clustergroup %s", name) - _, err := k.crdClient.CrdV1alpha2().ClusterGroups().Get(context.TODO(), name, metav1.GetOptions{}) + _, err := k.crdClient.CrdV1alpha3().ClusterGroups().Get(context.TODO(), name, metav1.GetOptions{}) if err != nil { - cg := &crdv1alpha2.ClusterGroup{ + cg := &crdv1alpha3.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{ Name: name, }, @@ -471,10 +500,10 @@ func (k *KubernetesUtils) CreateCG(name string, pSelector, nSelector *metav1.Lab if nSelector != nil { cg.Spec.NamespaceSelector = nSelector } - if ipBlock != nil { - cg.Spec.IPBlock = ipBlock + if len(ipBlocks) > 0 { + cg.Spec.IPBlocks = ipBlocks } - cg, err = k.crdClient.CrdV1alpha2().ClusterGroups().Create(context.TODO(), cg, metav1.CreateOptions{}) + cg, err = k.crdClient.CrdV1alpha3().ClusterGroups().Create(context.TODO(), cg, metav1.CreateOptions{}) if err != nil { log.Debugf("Unable to create clustergroup %s: %s", name, err) } @@ -492,8 +521,8 @@ func (k *KubernetesUtils) GetCG(name string) (*crdv1alpha2.ClusterGroup, error) return res, nil } -// DeleteCG is a convenience function for deleting ClusterGroup by name. -func (k *KubernetesUtils) DeleteCG(name string) error { +// DeleteV1Alpha2CG is a convenience function for deleting crd/v1alpha2 ClusterGroup by name. +func (k *KubernetesUtils) DeleteV1Alpha2CG(name string) error { log.Infof("Deleting ClusterGroup %s", name) err := k.crdClient.CrdV1alpha2().ClusterGroups().Delete(context.TODO(), name, metav1.DeleteOptions{}) if err != nil { @@ -502,14 +531,33 @@ func (k *KubernetesUtils) DeleteCG(name string) error { return nil } +// DeleteV1Alpha3CG is a convenience function for deleting core/v1alpha3 ClusterGroup by name. +func (k *KubernetesUtils) DeleteV1Alpha3CG(name string) error { + log.Infof("deleting ClusterGroup %s", name) + err := k.crdClient.CrdV1alpha3().ClusterGroups().Delete(context.TODO(), name, metav1.DeleteOptions{}) + if err != nil { + return errors.Wrapf(err, "unable to delete ClusterGroup %s", name) + } + return nil +} + // CleanCGs is a convenience function for deleting all ClusterGroups in the cluster. func (k *KubernetesUtils) CleanCGs() error { l, err := k.crdClient.CrdV1alpha2().ClusterGroups().List(context.TODO(), metav1.ListOptions{}) if err != nil { - return errors.Wrapf(err, "unable to list ClusterGroups") + return errors.Wrapf(err, "unable to list ClusterGroups in v1alpha2") } for _, cg := range l.Items { - if err := k.DeleteCG(cg.Name); err != nil { + if err := k.DeleteV1Alpha2CG(cg.Name); err != nil { + return err + } + } + l2, err := k.crdClient.CrdV1alpha3().ClusterGroups().List(context.TODO(), metav1.ListOptions{}) + if err != nil { + return errors.Wrapf(err, "unable to list ClusterGroups in v1alpha3") + } + for _, cg := range l2.Items { + if err := k.DeleteV1Alpha3CG(cg.Name); err != nil { return err } } diff --git a/test/e2e/legacyantreapolicy_test.go b/test/e2e/legacyantreapolicy_test.go index 0ba14b8a3ba..b8607c13546 100644 --- a/test/e2e/legacyantreapolicy_test.go +++ b/test/e2e/legacyantreapolicy_test.go @@ -766,7 +766,7 @@ func testLegacyACNPNoEffectOnOtherProtocols(t *testing.T) { // testACNPAppliedToDenyXBtoCGWithYA tests traffic from X/B to ClusterGroup Y/A on named port 81 is dropped. func testLegacyACNPAppliedToDenyXBtoCGWithYA(t *testing.T) { cgName := "cg-pods-ya" - cgBuilder := &ClusterGroupSpecBuilder{} + cgBuilder := &ClusterGroupV1Alpha2SpecBuilder{} cgBuilder = cgBuilder.SetName(cgName) cgBuilder = cgBuilder.SetNamespaceSelector(map[string]string{"ns": "y"}, nil) cgBuilder = cgBuilder.SetPodSelector(map[string]string{"pod": "a"}, nil) @@ -803,7 +803,7 @@ func testLegacyACNPAppliedToDenyXBtoCGWithYA(t *testing.T) { // testACNPIngressRuleDenyCGWithXBtoYA tests traffic from ClusterGroup with X/B to Y/A on named port 81 is dropped. func testLegacyACNPIngressRuleDenyCGWithXBtoYA(t *testing.T) { cgName := "cg-pods-xb" - cgBuilder := &ClusterGroupSpecBuilder{} + cgBuilder := &ClusterGroupV1Alpha2SpecBuilder{} cgBuilder = cgBuilder.SetName(cgName) cgBuilder = cgBuilder.SetNamespaceSelector(map[string]string{"ns": "x"}, nil) cgBuilder = cgBuilder.SetPodSelector(map[string]string{"pod": "b"}, nil) @@ -840,7 +840,7 @@ func testLegacyACNPIngressRuleDenyCGWithXBtoYA(t *testing.T) { // testACNPAppliedToRuleCGWithPodsAToNsZ tests that a ACNP is able to drop egress traffic from CG with pods labelled A namespace Z. func testLegacyACNPAppliedToRuleCGWithPodsAToNsZ(t *testing.T) { cgName := "cg-pods-a" - cgBuilder := &ClusterGroupSpecBuilder{} + cgBuilder := &ClusterGroupV1Alpha2SpecBuilder{} cgBuilder = cgBuilder.SetName(cgName) cgBuilder = cgBuilder.SetPodSelector(map[string]string{"pod": "a"}, nil) builder := &ClusterNetworkPolicySpecBuilder{} @@ -880,7 +880,7 @@ func testLegacyACNPAppliedToRuleCGWithPodsAToNsZ(t *testing.T) { // testACNPEgressRulePodsAToCGWithNsZ tests that a ACNP is able to drop egress traffic from pods labelled A to a CG with namespace Z. func testLegacyACNPEgressRulePodsAToCGWithNsZ(t *testing.T) { cgName := "cg-ns-z" - cgBuilder := &ClusterGroupSpecBuilder{} + cgBuilder := &ClusterGroupV1Alpha2SpecBuilder{} cgBuilder = cgBuilder.SetName(cgName) cgBuilder = cgBuilder.SetNamespaceSelector(map[string]string{"ns": "z"}, nil) builder := &ClusterNetworkPolicySpecBuilder{} @@ -920,11 +920,11 @@ func testLegacyACNPEgressRulePodsAToCGWithNsZ(t *testing.T) { func testLegacyACNPClusterGroupUpdateAppliedTo(t *testing.T) { cgName := "cg-pods-a-then-c" - cgBuilder := &ClusterGroupSpecBuilder{} + cgBuilder := &ClusterGroupV1Alpha2SpecBuilder{} cgBuilder = cgBuilder.SetName(cgName) cgBuilder = cgBuilder.SetPodSelector(map[string]string{"pod": "a"}, nil) // Update CG Pod selector to group Pods C - updatedCgBuilder := &ClusterGroupSpecBuilder{} + updatedCgBuilder := &ClusterGroupV1Alpha2SpecBuilder{} updatedCgBuilder = updatedCgBuilder.SetName(cgName) updatedCgBuilder = updatedCgBuilder.SetPodSelector(map[string]string{"pod": "c"}, nil) builder := &ClusterNetworkPolicySpecBuilder{} @@ -983,11 +983,11 @@ func testLegacyACNPClusterGroupUpdateAppliedTo(t *testing.T) { func testLegacyACNPClusterGroupUpdate(t *testing.T) { cgName := "cg-ns-z-then-y" - cgBuilder := &ClusterGroupSpecBuilder{} + cgBuilder := &ClusterGroupV1Alpha2SpecBuilder{} cgBuilder = cgBuilder.SetName(cgName) cgBuilder = cgBuilder.SetNamespaceSelector(map[string]string{"ns": "z"}, nil) // Update CG NS selector to group Pods from Namespace Y - updatedCgBuilder := &ClusterGroupSpecBuilder{} + updatedCgBuilder := &ClusterGroupV1Alpha2SpecBuilder{} updatedCgBuilder = updatedCgBuilder.SetName(cgName) updatedCgBuilder = updatedCgBuilder.SetNamespaceSelector(map[string]string{"ns": "y"}, nil) builder := &ClusterNetworkPolicySpecBuilder{} @@ -1046,7 +1046,7 @@ func testLegacyACNPClusterGroupUpdate(t *testing.T) { func testLegacyACNPClusterGroupAppliedToPodAdd(t *testing.T, data *TestData) { cgName := "cg-pod-custom-pod-zj" - cgBuilder := &ClusterGroupSpecBuilder{} + cgBuilder := &ClusterGroupV1Alpha2SpecBuilder{} cgBuilder = cgBuilder.SetName(cgName) cgBuilder = cgBuilder.SetNamespaceSelector(map[string]string{"ns": "z"}, nil) cgBuilder = cgBuilder.SetPodSelector(map[string]string{"pod": "j"}, nil) @@ -1090,7 +1090,7 @@ func testLegacyACNPClusterGroupAppliedToPodAdd(t *testing.T, data *TestData) { func testLegacyACNPClusterGroupRefRulePodAdd(t *testing.T, data *TestData) { cgName := "cg-pod-custom-pod-zk" - cgBuilder := &ClusterGroupSpecBuilder{} + cgBuilder := &ClusterGroupV1Alpha2SpecBuilder{} cgBuilder = cgBuilder.SetName(cgName) cgBuilder = cgBuilder.SetNamespaceSelector(map[string]string{"ns": "z"}, nil) cgBuilder = cgBuilder.SetPodSelector(map[string]string{"pod": "k"}, nil) @@ -1823,9 +1823,9 @@ func testLegacyACNPClusterGroupServiceRefCreateAndUpdate(t *testing.T, data *Tes svc2 := k8sUtils.BuildService("svc2", "y", 80, 80, map[string]string{"app": "b"}, nil) cg1Name, cg2Name := "cg-svc1", "cg-svc2" - cgBuilder1 := &ClusterGroupSpecBuilder{} + cgBuilder1 := &ClusterGroupV1Alpha2SpecBuilder{} cgBuilder1 = cgBuilder1.SetName(cg1Name).SetServiceReference("x", "svc1") - cgBuilder2 := &ClusterGroupSpecBuilder{} + cgBuilder2 := &ClusterGroupV1Alpha2SpecBuilder{} cgBuilder2 = cgBuilder2.SetName(cg2Name).SetServiceReference("y", "svc2") builder := &ClusterNetworkPolicySpecBuilder{} @@ -1908,14 +1908,14 @@ func testLegacyACNPClusterGroupServiceRefCreateAndUpdate(t *testing.T, data *Tes func testLegacyACNPNestedClusterGroupCreateAndUpdate(t *testing.T, data *TestData) { svc1 := k8sUtils.BuildService("svc1", "x", 80, 80, map[string]string{"app": "a"}, nil) cg1Name, cg2Name := "cg-svc-x-a", "cg-select-y-b" - cgBuilder1 := &ClusterGroupSpecBuilder{} + cgBuilder1 := &ClusterGroupV1Alpha2SpecBuilder{} cgBuilder1 = cgBuilder1.SetName(cg1Name).SetServiceReference("x", "svc1") - cgBuilder2 := &ClusterGroupSpecBuilder{} + cgBuilder2 := &ClusterGroupV1Alpha2SpecBuilder{} cgBuilder2 = cgBuilder2.SetName(cg2Name). SetNamespaceSelector(map[string]string{"ns": "y"}, nil). SetPodSelector(map[string]string{"pod": "b"}, nil) cgNestedName := "cg-nested" - cgBuilderNested := &ClusterGroupSpecBuilder{} + cgBuilderNested := &ClusterGroupV1Alpha2SpecBuilder{} cgBuilderNested = cgBuilderNested.SetName(cgNestedName).SetChildGroups([]string{cg1Name}) builder := &ClusterNetworkPolicySpecBuilder{} diff --git a/test/e2e/utils/cgspecbuilder.go b/test/e2e/utils/cgspecbuilder.go index 7e6fad7d5d0..fde8ddaf88e 100644 --- a/test/e2e/utils/cgspecbuilder.go +++ b/test/e2e/utils/cgspecbuilder.go @@ -19,15 +19,16 @@ import ( crdv1alpha1 "antrea.io/antrea/pkg/apis/crd/v1alpha1" crdv1alpha2 "antrea.io/antrea/pkg/apis/crd/v1alpha2" + crdv1alpha3 "antrea.io/antrea/pkg/apis/crd/v1alpha3" legacycorev1alpha2 "antrea.io/antrea/pkg/legacyapis/core/v1alpha2" ) -type ClusterGroupSpecBuilder struct { +type ClusterGroupV1Alpha2SpecBuilder struct { Spec crdv1alpha2.GroupSpec Name string } -func (b *ClusterGroupSpecBuilder) Get() *crdv1alpha2.ClusterGroup { +func (b *ClusterGroupV1Alpha2SpecBuilder) Get() *crdv1alpha2.ClusterGroup { return &crdv1alpha2.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{ Name: b.Name, @@ -36,7 +37,7 @@ func (b *ClusterGroupSpecBuilder) Get() *crdv1alpha2.ClusterGroup { } } -func (b *ClusterGroupSpecBuilder) GetLegacy() *legacycorev1alpha2.ClusterGroup { +func (b *ClusterGroupV1Alpha2SpecBuilder) GetLegacy() *legacycorev1alpha2.ClusterGroup { return &legacycorev1alpha2.ClusterGroup{ ObjectMeta: metav1.ObjectMeta{ Name: b.Name, @@ -45,12 +46,12 @@ func (b *ClusterGroupSpecBuilder) GetLegacy() *legacycorev1alpha2.ClusterGroup { } } -func (b *ClusterGroupSpecBuilder) SetName(name string) *ClusterGroupSpecBuilder { +func (b *ClusterGroupV1Alpha2SpecBuilder) SetName(name string) *ClusterGroupV1Alpha2SpecBuilder { b.Name = name return b } -func (b *ClusterGroupSpecBuilder) SetPodSelector(podSelector map[string]string, podSelectorMatchExp []metav1.LabelSelectorRequirement) *ClusterGroupSpecBuilder { +func (b *ClusterGroupV1Alpha2SpecBuilder) SetPodSelector(podSelector map[string]string, podSelectorMatchExp []metav1.LabelSelectorRequirement) *ClusterGroupV1Alpha2SpecBuilder { var ps *metav1.LabelSelector if podSelector != nil { ps = &metav1.LabelSelector{ @@ -64,7 +65,7 @@ func (b *ClusterGroupSpecBuilder) SetPodSelector(podSelector map[string]string, return b } -func (b *ClusterGroupSpecBuilder) SetNamespaceSelector(nsSelector map[string]string, nsSelectorMatchExp []metav1.LabelSelectorRequirement) *ClusterGroupSpecBuilder { +func (b *ClusterGroupV1Alpha2SpecBuilder) SetNamespaceSelector(nsSelector map[string]string, nsSelectorMatchExp []metav1.LabelSelectorRequirement) *ClusterGroupV1Alpha2SpecBuilder { var ns *metav1.LabelSelector if nsSelector != nil { ns = &metav1.LabelSelector{ @@ -78,12 +79,17 @@ func (b *ClusterGroupSpecBuilder) SetNamespaceSelector(nsSelector map[string]str return b } -func (b *ClusterGroupSpecBuilder) SetIPBlocks(ipBlocks []crdv1alpha1.IPBlock) *ClusterGroupSpecBuilder { +func (b *ClusterGroupV1Alpha2SpecBuilder) SetIPBlock(ipb *crdv1alpha1.IPBlock) *ClusterGroupV1Alpha2SpecBuilder { + b.Spec.IPBlock = ipb + return b +} + +func (b *ClusterGroupV1Alpha2SpecBuilder) SetIPBlocks(ipBlocks []crdv1alpha1.IPBlock) *ClusterGroupV1Alpha2SpecBuilder { b.Spec.IPBlocks = ipBlocks return b } -func (b *ClusterGroupSpecBuilder) SetServiceReference(svcNS, svcName string) *ClusterGroupSpecBuilder { +func (b *ClusterGroupV1Alpha2SpecBuilder) SetServiceReference(svcNS, svcName string) *ClusterGroupV1Alpha2SpecBuilder { svcRef := &crdv1alpha2.ServiceReference{ Namespace: svcNS, Name: svcName, @@ -92,7 +98,7 @@ func (b *ClusterGroupSpecBuilder) SetServiceReference(svcNS, svcName string) *Cl return b } -func (b *ClusterGroupSpecBuilder) SetChildGroups(cgs []string) *ClusterGroupSpecBuilder { +func (b *ClusterGroupV1Alpha2SpecBuilder) SetChildGroups(cgs []string) *ClusterGroupV1Alpha2SpecBuilder { var childGroups []crdv1alpha2.ClusterGroupReference for _, c := range cgs { childGroups = append(childGroups, crdv1alpha2.ClusterGroupReference(c)) @@ -100,3 +106,74 @@ func (b *ClusterGroupSpecBuilder) SetChildGroups(cgs []string) *ClusterGroupSpec b.Spec.ChildGroups = childGroups return b } + +// ClusterGroupV1Alpha3SpecBuilder builds a core/v1alpha3 ClusterGroup object. +type ClusterGroupV1Alpha3SpecBuilder struct { + Spec crdv1alpha3.GroupSpec + Name string +} + +func (b *ClusterGroupV1Alpha3SpecBuilder) Get() *crdv1alpha3.ClusterGroup { + return &crdv1alpha3.ClusterGroup{ + ObjectMeta: metav1.ObjectMeta{ + Name: b.Name, + }, + Spec: b.Spec, + } +} + +func (b *ClusterGroupV1Alpha3SpecBuilder) SetName(name string) *ClusterGroupV1Alpha3SpecBuilder { + b.Name = name + return b +} + +func (b *ClusterGroupV1Alpha3SpecBuilder) SetPodSelector(podSelector map[string]string, podSelectorMatchExp []metav1.LabelSelectorRequirement) *ClusterGroupV1Alpha3SpecBuilder { + var ps *metav1.LabelSelector + if podSelector != nil { + ps = &metav1.LabelSelector{ + MatchLabels: podSelector, + } + if podSelectorMatchExp != nil { + ps.MatchExpressions = podSelectorMatchExp + } + } + b.Spec.PodSelector = ps + return b +} + +func (b *ClusterGroupV1Alpha3SpecBuilder) SetNamespaceSelector(nsSelector map[string]string, nsSelectorMatchExp []metav1.LabelSelectorRequirement) *ClusterGroupV1Alpha3SpecBuilder { + var ns *metav1.LabelSelector + if nsSelector != nil { + ns = &metav1.LabelSelector{ + MatchLabels: nsSelector, + } + if nsSelectorMatchExp != nil { + ns.MatchExpressions = nsSelectorMatchExp + } + } + b.Spec.NamespaceSelector = ns + return b +} + +func (b *ClusterGroupV1Alpha3SpecBuilder) SetIPBlocks(ipBlocks []crdv1alpha1.IPBlock) *ClusterGroupV1Alpha3SpecBuilder { + b.Spec.IPBlocks = ipBlocks + return b +} + +func (b *ClusterGroupV1Alpha3SpecBuilder) SetServiceReference(svcNS, svcName string) *ClusterGroupV1Alpha3SpecBuilder { + svcRef := &crdv1alpha3.ServiceReference{ + Namespace: svcNS, + Name: svcName, + } + b.Spec.ServiceReference = svcRef + return b +} + +func (b *ClusterGroupV1Alpha3SpecBuilder) SetChildGroups(cgs []string) *ClusterGroupV1Alpha3SpecBuilder { + var childGroups []crdv1alpha3.ClusterGroupReference + for _, c := range cgs { + childGroups = append(childGroups, crdv1alpha3.ClusterGroupReference(c)) + } + b.Spec.ChildGroups = childGroups + return b +}