Skip to content

Commit

Permalink
Add BGPPolicy controller
Browse files Browse the repository at this point in the history 
Signed-off-by: Hongliang Liu <lhongliang@vmware.com>
  • Loading branch information
@hongliangl
hongliangl committed Apr 10, 2024
1 parent e366d58 commit 7508c38
Show file tree
Hide file tree
Showing 39 changed files with 3,374 additions and 31 deletions.
8 changes: 8 additions & 0 deletions build/charts/antrea/conf/antrea-agent.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,9 @@ featureGates:
# Enable L7FlowExporter on Pods and Namespaces to export the application layer flows such as HTTP flows.
{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "L7FlowExporter" "default" false) }}

# Allow users to advertise Service IPs, Pod IPs, and Egress IPs to external BGP peers.
{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "BGPPolicy" "default" false) }}

# Name of the OpenVSwitch bridge antrea-agent will create and use.
# Make sure it doesn't conflict with your existing OpenVSwitch bridges.
ovsBridge: {{ .Values.ovs.bridgeName | quote }}
Expand Down Expand Up @@ -440,3 +443,8 @@ secondaryNetwork:
{{- end }}

{{- end }}

bgpPolicy:
# The name of the Secret storing passwords of the BGP peers. For each BGP peer, the Secret key is generated by
# concatenating its IP address and AS number, e.g., `192.168.1.1-65521`.
secretName: {{ .Values.bgpPolicy.secretName | quote }}
133 changes: 133 additions & 0 deletions build/charts/antrea/crds/bgppolicy.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,133 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: bgppolicies.crd.antrea.io
spec:
group: crd.antrea.io
versions:
- name: v1alpha2
served: true
storage: true
schema:
openAPIV3Schema:
type: object
required:
- spec
properties:
spec:
type: object
required:
- nodeSelector
- localASN
- advertisements
- bgpPeers
properties:
nodeSelector:
type: object
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
enum:
- In
- NotIn
- Exists
- DoesNotExist
type: string
values:
items:
type: string
pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$"
type: array
type: object
type: array
matchLabels:
x-kubernetes-preserve-unknown-fields: true
localASN:
type: integer
minimum: 64512
maximum: 65535
format: int32
listenPort:
type: integer
minimum: 1
maximum: 65535
format: int32
default: 179
advertisements:
type: object
anyOf:
- required: [service]
- required: [pod]
- required: [egress]
properties:
service:
type: object
anyOf:
- required: [ clusterIPs ]
- required: [ externalIPs ]
- required: [ loadBalancerIPs ]
properties:
clusterIPs:
type: boolean
default: false
externalIPs:
type: boolean
default: false
loadBalancerIPs:
type: boolean
default: false
pod:
type: object
properties: {}
egress:
type: object
properties: {}
bgpPeers:
type: array
items:
type: object
required:
- address
- asn
properties:
address:
type: string
format: cidr
port:
type: integer
default: 179
format: int32
minimum: 1
maximum: 65535
asn:
type: integer
minimum: 1
maximum: 65535
format: int32
gracefulRestartTime:
type: integer
default: 120
format: int32
minimum: 1
maximum: 3600
additionalPrinterColumns:
- description: Local BGP ASN.
jsonPath: .spec.localASN
name: Local ASN
type: integer
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
subresources:
status: {}
scope: Cluster
names:
plural: bgppolicies
singular: bgppolicy
kind: BGPPolicy
shortNames:
- bp
6 changes: 6 additions & 0 deletions build/charts/antrea/templates/agent/bgp-secret.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.bgpPolicy.secretName }}
namespace: {{ .Release.Namespace }}
type: Opaque
9 changes: 9 additions & 0 deletions build/charts/antrea/templates/agent/clusterrole.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -227,3 +227,12 @@ rules:
- create
- patch
- update
- apiGroups:
- ""
resources:
- secrets
resourceNames:
- {{ .Values.bgpPolicy.secretName }}
verbs:
- get
- watch
4 changes: 4 additions & 0 deletions build/charts/antrea/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -207,6 +207,10 @@ secondaryNetwork:
# [{bridgeName: "br1", physicalInterfaces: ["eth1"]}]
ovsBridges: []

bgpPolicy:
# -- The name of the Secret storing the passwords of BGP peers.
secretName: "antrea-bgp-passwords"

agent:
# -- Port for the antrea-agent APIServer to serve on.
apiPort: 10350
Expand Down
165 changes: 163 additions & 2 deletions build/yamls/antrea-aks.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -300,6 +300,142 @@ spec:
shortNames:
- aci

---
# Source: crds/bgppolicy.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: bgppolicies.crd.antrea.io
spec:
group: crd.antrea.io
versions:
- name: v1alpha2
served: true
storage: true
schema:
openAPIV3Schema:
type: object
required:
- spec
properties:
spec:
type: object
required:
- nodeSelector
- localASN
- advertisements
- bgpPeers
properties:
nodeSelector:
type: object
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
enum:
- In
- NotIn
- Exists
- DoesNotExist
type: string
values:
items:
type: string
pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$"
type: array
type: object
type: array
matchLabels:
x-kubernetes-preserve-unknown-fields: true
localASN:
type: integer
minimum: 64512
maximum: 65535
format: int32
listenPort:
type: integer
minimum: 1
maximum: 65535
format: int32
default: 179
advertisements:
type: object
anyOf:
- required: [service]
- required: [pod]
- required: [egress]
properties:
service:
type: object
anyOf:
- required: [ clusterIPs ]
- required: [ externalIPs ]
- required: [ loadBalancerIPs ]
properties:
clusterIPs:
type: boolean
default: false
externalIPs:
type: boolean
default: false
loadBalancerIPs:
type: boolean
default: false
pod:
type: object
properties: {}
egress:
type: object
properties: {}
bgpPeers:
type: array
items:
type: object
required:
- address
- asn
properties:
address:
type: string
format: cidr
port:
type: integer
default: 179
format: int32
minimum: 1
maximum: 65535
asn:
type: integer
minimum: 1
maximum: 65535
format: int32
gracefulRestartTime:
type: integer
default: 120
format: int32
minimum: 1
maximum: 3600
additionalPrinterColumns:
- description: Local BGP ASN.
jsonPath: .spec.localASN
name: Local ASN
type: integer
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
subresources:
status: {}
scope: Cluster
names:
plural: bgppolicies
singular: bgppolicy
kind: BGPPolicy
shortNames:
- bp

---
# Source: crds/clustergroup.yaml
apiVersion: apiextensions.k8s.io/v1
Expand Down Expand Up @@ -5394,6 +5530,14 @@ metadata:
labels:
app: antrea
---
# Source: antrea/templates/agent/bgp-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: antrea-bgp-passwords
namespace: kube-system
type: Opaque
---
# Source: antrea/templates/agent/secret.yaml
apiVersion: v1
kind: Secret
Expand Down Expand Up @@ -5514,6 +5658,9 @@ data:
# Enable L7FlowExporter on Pods and Namespaces to export the application layer flows such as HTTP flows.
# L7FlowExporter: false
# Allow users to advertise Service IPs, Pod IPs, and Egress IPs to external BGP peers.
# BGPPolicy: false
# Name of the OpenVSwitch bridge antrea-agent will create and use.
# Make sure it doesn't conflict with your existing OpenVSwitch bridges.
ovsBridge: "br-int"
Expand Down Expand Up @@ -5822,6 +5969,11 @@ data:
maxAge: 28
# Compress enables gzip compression on rotated files.
compress: true
bgpPolicy:
# The name of the Secret storing passwords of the BGP peers. For each BGP peer, the Secret key is generated by
# concatenating its IP address and AS number, e.g., `192.168.1.1-65521`.
secretName: "antrea-bgp-passwords"
antrea-cni.conflist: |
{
"cniVersion":"0.3.0",
Expand Down Expand Up @@ -6202,6 +6354,15 @@ rules:
- create
- patch
- update
- apiGroups:
- ""
resources:
- secrets
resourceNames:
- antrea-bgp-passwords
verbs:
- get
- watch
---
# Source: antrea/templates/antctl/clusterrole.yaml
kind: ClusterRole
Expand Down Expand Up @@ -6810,7 +6971,7 @@ spec:
kubectl.kubernetes.io/default-container: antrea-agent
# Automatically restart Pods with a RollingUpdate if the ConfigMap changes
# See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
checksum/config: 30843b57762c91dfcffb560917191e3bc7e662c06552759bac2a173bc060b82c
checksum/config: 74ddfec8614bd39885fdd52a27201ae8f1dbe3eccacae3f3e8be2a4ca1685cf1
labels:
app: antrea
component: antrea-agent
Expand Down Expand Up @@ -7048,7 +7209,7 @@ spec:
annotations:
# Automatically restart Pod if the ConfigMap changes
# See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
checksum/config: 30843b57762c91dfcffb560917191e3bc7e662c06552759bac2a173bc060b82c
checksum/config: 74ddfec8614bd39885fdd52a27201ae8f1dbe3eccacae3f3e8be2a4ca1685cf1
labels:
app: antrea
component: antrea-controller
Expand Down
Loading

0 comments on commit 7508c38

Please sign in to comment.