Support NetworkPolicy Status for AntreaPolicy (#1442)

This patch does the following to support NetworkPolicy Status:

1. Add "status" field to Antrea ClusterNetworkPolicy and Antrea
NetworkPolicy CRD

2. Add subresource API "status" to controlplane NetworkPolicy API

3. Each antrea-agent reports controlplane NetworkPolicies' realization
status on its own Node to antrea-controller.

4. antrea-controller calculates the aggregated status and syncs it with
kube-apiserver.

build/yamls/antrea-aks.yml

@@ -73,6 +73,16 @@ spec:
       jsonPath: .spec.priority
       name: Priority
       type: number
+    - description: The total number of Nodes that should realize the NetworkPolicy.
+      format: int32
+      jsonPath: .status.desiredNodesRealized
+      name: Desired Nodes
+      type: number
+    - description: The number of Nodes that have realized the NetworkPolicy.
+      format: int32
+      jsonPath: .status.currentNodesRealized
+      name: Current Nodes
+      type: number
     - jsonPath: .metadata.creationTimestamp
       name: Age
       type: date
@@ -182,9 +192,22 @@ spec:
             - appliedTo
             - priority
             type: object
+          status:
+            properties:
+              currentNodesRealized:
+                type: integer
+              desiredNodesRealized:
+                type: integer
+              observedGeneration:
+                type: integer
+              phase:
+                type: string
+            type: object
         type: object
     served: true
     storage: true
+    subresources:
+      status: {}
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
@@ -269,6 +292,16 @@ spec:
       jsonPath: .spec.priority
       name: Priority
       type: number
+    - description: The total number of Nodes that should realize the NetworkPolicy.
+      format: int32
+      jsonPath: .status.desiredNodesRealized
+      name: Desired Nodes
+      type: number
+    - description: The number of Nodes that have realized the NetworkPolicy.
+      format: int32
+      jsonPath: .status.currentNodesRealized
+      name: Current Nodes
+      type: number
     - jsonPath: .metadata.creationTimestamp
       name: Age
       type: date
@@ -381,9 +414,22 @@ spec:
             - appliedTo
             - priority
             type: object
+          status:
+            properties:
+              currentNodesRealized:
+                type: integer
+              desiredNodesRealized:
+                type: integer
+              observedGeneration:
+                type: integer
+              phase:
+                type: string
+            type: object
         type: object
     served: true
     storage: true
+    subresources:
+      status: {}
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
@@ -815,6 +861,13 @@ rules:
   - nodestatssummaries
   verbs:
   - create
+- apiGroups:
+  - controlplane.antrea.tanzu.vmware.com
+  resources:
+  - networkpolicies/status
+  verbs:
+  - create
+  - get
 - apiGroups:
   - authentication.k8s.io
   resources:
@@ -964,6 +1017,13 @@ rules:
   - get
   - watch
   - list
+- apiGroups:
+  - security.antrea.tanzu.vmware.com
+  resources:
+  - clusternetworkpolicies/status
+  - networkpolicies/status
+  verbs:
+  - update
 - apiGroups:
   - security.antrea.tanzu.vmware.com
   resources:

build/yamls/antrea-eks.yml

@@ -73,6 +73,16 @@ spec:
       jsonPath: .spec.priority
       name: Priority
       type: number
+    - description: The total number of Nodes that should realize the NetworkPolicy.
+      format: int32
+      jsonPath: .status.desiredNodesRealized
+      name: Desired Nodes
+      type: number
+    - description: The number of Nodes that have realized the NetworkPolicy.
+      format: int32
+      jsonPath: .status.currentNodesRealized
+      name: Current Nodes
+      type: number
     - jsonPath: .metadata.creationTimestamp
       name: Age
       type: date
@@ -182,9 +192,22 @@ spec:
             - appliedTo
             - priority
             type: object
+          status:
+            properties:
+              currentNodesRealized:
+                type: integer
+              desiredNodesRealized:
+                type: integer
+              observedGeneration:
+                type: integer
+              phase:
+                type: string
+            type: object
         type: object
     served: true
     storage: true
+    subresources:
+      status: {}
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
@@ -269,6 +292,16 @@ spec:
       jsonPath: .spec.priority
       name: Priority
       type: number
+    - description: The total number of Nodes that should realize the NetworkPolicy.
+      format: int32
+      jsonPath: .status.desiredNodesRealized
+      name: Desired Nodes
+      type: number
+    - description: The number of Nodes that have realized the NetworkPolicy.
+      format: int32
+      jsonPath: .status.currentNodesRealized
+      name: Current Nodes
+      type: number
     - jsonPath: .metadata.creationTimestamp
       name: Age
       type: date
@@ -381,9 +414,22 @@ spec:
             - appliedTo
             - priority
             type: object
+          status:
+            properties:
+              currentNodesRealized:
+                type: integer
+              desiredNodesRealized:
+                type: integer
+              observedGeneration:
+                type: integer
+              phase:
+                type: string
+            type: object
         type: object
     served: true
     storage: true
+    subresources:
+      status: {}
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
@@ -815,6 +861,13 @@ rules:
   - nodestatssummaries
   verbs:
   - create
+- apiGroups:
+  - controlplane.antrea.tanzu.vmware.com
+  resources:
+  - networkpolicies/status
+  verbs:
+  - create
+  - get
 - apiGroups:
   - authentication.k8s.io
   resources:
@@ -964,6 +1017,13 @@ rules:
   - get
   - watch
   - list
+- apiGroups:
+  - security.antrea.tanzu.vmware.com
+  resources:
+  - clusternetworkpolicies/status
+  - networkpolicies/status
+  verbs:
+  - update
 - apiGroups:
   - security.antrea.tanzu.vmware.com
   resources:

build/yamls/antrea-gke.yml

@@ -73,6 +73,16 @@ spec:
       jsonPath: .spec.priority
       name: Priority
       type: number
+    - description: The total number of Nodes that should realize the NetworkPolicy.
+      format: int32
+      jsonPath: .status.desiredNodesRealized
+      name: Desired Nodes
+      type: number
+    - description: The number of Nodes that have realized the NetworkPolicy.
+      format: int32
+      jsonPath: .status.currentNodesRealized
+      name: Current Nodes
+      type: number
     - jsonPath: .metadata.creationTimestamp
       name: Age
       type: date
@@ -182,9 +192,22 @@ spec:
             - appliedTo
             - priority
             type: object
+          status:
+            properties:
+              currentNodesRealized:
+                type: integer
+              desiredNodesRealized:
+                type: integer
+              observedGeneration:
+                type: integer
+              phase:
+                type: string
+            type: object
         type: object
     served: true
     storage: true
+    subresources:
+      status: {}
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
@@ -269,6 +292,16 @@ spec:
       jsonPath: .spec.priority
       name: Priority
       type: number
+    - description: The total number of Nodes that should realize the NetworkPolicy.
+      format: int32
+      jsonPath: .status.desiredNodesRealized
+      name: Desired Nodes
+      type: number
+    - description: The number of Nodes that have realized the NetworkPolicy.
+      format: int32
+      jsonPath: .status.currentNodesRealized
+      name: Current Nodes
+      type: number
     - jsonPath: .metadata.creationTimestamp
       name: Age
       type: date
@@ -381,9 +414,22 @@ spec:
             - appliedTo
             - priority
             type: object
+          status:
+            properties:
+              currentNodesRealized:
+                type: integer
+              desiredNodesRealized:
+                type: integer
+              observedGeneration:
+                type: integer
+              phase:
+                type: string
+            type: object
         type: object
     served: true
     storage: true
+    subresources:
+      status: {}
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
@@ -815,6 +861,13 @@ rules:
   - nodestatssummaries
   verbs:
   - create
+- apiGroups:
+  - controlplane.antrea.tanzu.vmware.com
+  resources:
+  - networkpolicies/status
+  verbs:
+  - create
+  - get
 - apiGroups:
   - authentication.k8s.io
   resources:
@@ -964,6 +1017,13 @@ rules:
   - get
   - watch
   - list
+- apiGroups:
+  - security.antrea.tanzu.vmware.com
+  resources:
+  - clusternetworkpolicies/status
+  - networkpolicies/status
+  verbs:
+  - update
 - apiGroups:
   - security.antrea.tanzu.vmware.com
   resources: