Skip to content

Commit

Permalink
NetworkPolicyStatus refactor
Browse files Browse the repository at this point in the history 
Signed-off-by: Qiyue Yao <yaoq@vmware.com>
  • Loading branch information
@qiyueyao
qiyueyao committed Aug 9, 2022
1 parent e1023d5 commit f1cad44
Show file tree
Hide file tree
Showing 27 changed files with 535 additions and 270 deletions.
15 changes: 15 additions & 0 deletions build/charts/antrea/crds/clusternetworkpolicy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -616,6 +616,21 @@ spec:
type: integer
desiredNodesRealized:
type: integer
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
lastTransitionTime:
type: string
reason:
type: string
message:
type: string
subresources:
status: {}
scope: Cluster
Expand Down
15 changes: 15 additions & 0 deletions build/charts/antrea/crds/networkpolicy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -507,6 +507,21 @@ spec:
type: integer
desiredNodesRealized:
type: integer
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
lastTransitionTime:
type: string
reason:
type: string
message:
type: string
subresources:
status: {}
scope: Namespaced
Expand Down
30 changes: 30 additions & 0 deletions build/yamls/antrea-aks.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -994,6 +994,21 @@ spec:
type: integer
desiredNodesRealized:
type: integer
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
lastTransitionTime:
type: string
reason:
type: string
message:
type: string
subresources:
status: {}
scope: Cluster
Expand Down Expand Up @@ -1931,6 +1946,21 @@ spec:
type: integer
desiredNodesRealized:
type: integer
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
lastTransitionTime:
type: string
reason:
type: string
message:
type: string
subresources:
status: {}
scope: Namespaced
Expand Down
30 changes: 30 additions & 0 deletions build/yamls/antrea-crds.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -987,6 +987,21 @@ spec:
type: integer
desiredNodesRealized:
type: integer
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
lastTransitionTime:
type: string
reason:
type: string
message:
type: string
subresources:
status: {}
scope: Cluster
Expand Down Expand Up @@ -1914,6 +1929,21 @@ spec:
type: integer
desiredNodesRealized:
type: integer
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
lastTransitionTime:
type: string
reason:
type: string
message:
type: string
subresources:
status: {}
scope: Namespaced
Expand Down
30 changes: 30 additions & 0 deletions build/yamls/antrea-eks.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -994,6 +994,21 @@ spec:
type: integer
desiredNodesRealized:
type: integer
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
lastTransitionTime:
type: string
reason:
type: string
message:
type: string
subresources:
status: {}
scope: Cluster
Expand Down Expand Up @@ -1931,6 +1946,21 @@ spec:
type: integer
desiredNodesRealized:
type: integer
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
lastTransitionTime:
type: string
reason:
type: string
message:
type: string
subresources:
status: {}
scope: Namespaced
Expand Down
30 changes: 30 additions & 0 deletions build/yamls/antrea-gke.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -994,6 +994,21 @@ spec:
type: integer
desiredNodesRealized:
type: integer
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
lastTransitionTime:
type: string
reason:
type: string
message:
type: string
subresources:
status: {}
scope: Cluster
Expand Down Expand Up @@ -1931,6 +1946,21 @@ spec:
type: integer
desiredNodesRealized:
type: integer
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
lastTransitionTime:
type: string
reason:
type: string
message:
type: string
subresources:
status: {}
scope: Namespaced
Expand Down
30 changes: 30 additions & 0 deletions build/yamls/antrea-ipsec.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -994,6 +994,21 @@ spec:
type: integer
desiredNodesRealized:
type: integer
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
lastTransitionTime:
type: string
reason:
type: string
message:
type: string
subresources:
status: {}
scope: Cluster
Expand Down Expand Up @@ -1931,6 +1946,21 @@ spec:
type: integer
desiredNodesRealized:
type: integer
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
lastTransitionTime:
type: string
reason:
type: string
message:
type: string
subresources:
status: {}
scope: Namespaced
Expand Down
30 changes: 30 additions & 0 deletions build/yamls/antrea.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -994,6 +994,21 @@ spec:
type: integer
desiredNodesRealized:
type: integer
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
lastTransitionTime:
type: string
reason:
type: string
message:
type: string
subresources:
status: {}
scope: Cluster
Expand Down Expand Up @@ -1931,6 +1946,21 @@ spec:
type: integer
desiredNodesRealized:
type: integer
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
lastTransitionTime:
type: string
reason:
type: string
message:
type: string
subresources:
status: {}
scope: Namespaced
Expand Down
13 changes: 5 additions & 8 deletions docs/antrea-network-policy.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1625,14 +1625,11 @@ restrictions.
Antrea NetworkPolicy is Namespace scoped. For example, the
`test-grp-with-namespace` Group in the [sample](#group-crd) cannot be
used by Antrea NetworkPolicy `appliedTo`.
- Antrea will not validate the referenced Group resources; it will however report
an error in the Antrea NetworkPolicy status if the Group violates the
`appliedTo` convention.
- If the convention is violated in the Antrea NetworkPolicy's `appliedTo` section
or for all the rules' `appliedTo`, then the Antrea NetworkPolicy status will
be updated to `Unrealizable`.
- If the convention is violated for part of, but not all, Antrea NetworkPolicy
rules, the Antrea NetworkPolicy status will be updated to `PartiallyRealizable`.
- Antrea will not validate the referenced Group resources; if the convention is
violated in the Antrea NetworkPolicy's `appliedTo` section or for any of the rules'
`appliedTo`, then Antrea will report a condition of type `Realizable` in the
NetworkPolicy status with `False` status, `NetworkPolicyAppliedToUnsupportedGroup`
reason and a detailed message.
- The `childGroup` only accepts strings, and they will be considered as names of
the Groups and looked for in the policy's own Namespace. For example, if
child Group `child-0` exists in `ns-2`, it should not be added as part of
Expand Down
4 changes: 0 additions & 4 deletions pkg/agent/controller/networkpolicy/status_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -164,10 +164,6 @@ func (c *StatusController) syncHandler(uid types.UID) error {
if policy == nil {
return nil
}
// The policy is unrealizable, no further processing of rules.
if policy.Realizable == v1beta2.Unrealizable {
return nil
}
desiredRules := c.ruleCache.getEffectiveRulesByNetworkPolicy(string(uid))
// The policy must have been deleted, no further processing.
if len(desiredRules) == 0 {
Expand Down
18 changes: 3 additions & 15 deletions pkg/apis/controlplane/types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -203,18 +203,6 @@ type NetworkPolicyReference struct {
// NetworkPolicyRealizableStatus defines the how a NetworkPolicy can be realized.
type NetworkPolicyRealizableStatus string

// These are the valid values for NetworkPolicyRealizable.
const (
// Unrealizable means the internal NetworkPolicy has been processed and marked
// as entirely unrealizable.
Unrealizable NetworkPolicyRealizableStatus = "Unrealizable"
// PartiallyRealizable means the internal NetworkPolicy has been processed
// and marked as partially realizable.
PartiallyRealizable NetworkPolicyRealizableStatus = "PartiallyRealizable"
// Realizable means the internal NetworkPolicy has been processed.
Realizable NetworkPolicyRealizableStatus = ""
)

// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

// NetworkPolicy is the message format of antrea/pkg/controller/types.NetworkPolicy in an API response.
Expand All @@ -234,9 +222,9 @@ type NetworkPolicy struct {
TierPriority *int32
// Reference to the original NetworkPolicy that the internal NetworkPolicy is created for.
SourceRef *NetworkPolicyReference
// Realizable status of the internal Network Policy. It is set when processing the original
// Network Policy. "Unrealizable", "PartiallyRealizable" and "Realizable" are supported.
Realizable NetworkPolicyRealizableStatus
// RealizableMessage stores realizable information of the internal Network Policy.
// It is set when processing the original Network Policy.
RealizableMessage string
}

// Direction defines traffic direction of NetworkPolicyRule.
Expand Down
Loading

0 comments on commit f1cad44

Please sign in to comment.