Skip to content

Commit

Permalink
[WIP] Add support for ANP and externalEntities in controller
Browse files Browse the repository at this point in the history
  • Loading branch information
Dyanngg committed Aug 14, 2020
1 parent e5dfa64 commit ace946b
Show file tree
Hide file tree
Showing 25 changed files with 1,852 additions and 335 deletions.
184 changes: 184 additions & 0 deletions build/yamls/antrea-aks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -174,6 +174,174 @@ spec:
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
app: antrea
name: externalentities.core.antrea.tanzu.vmware.com
spec:
group: core.antrea.tanzu.vmware.com
names:
kind: ExternalEntity
plural: externalentities
shortNames:
- ee
singular: externalentity
preserveUnknownFields: false
scope: Namespaced
validation:
openAPIV3Schema:
properties:
spec:
properties:
endpoints:
items:
properties:
ip:
format: ipv4
type: string
name:
type: string
ports:
items:
properties:
name:
type: string
port:
x-kubernetes-int-or-string: true
protocol:
type: string
type: object
type: array
type: object
type: array
externalNode:
type: string
type: object
type: object
versions:
- name: v1alpha1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
app: antrea
name: networkpolicies.security.antrea.tanzu.vmware.com
spec:
group: security.antrea.tanzu.vmware.com
names:
kind: NetworkPolicy
plural: networkpolicies
shortNames:
- anp
singular: networkpolicy
preserveUnknownFields: false
scope: Namespaced
validation:
openAPIV3Schema:
properties:
spec:
properties:
appliedTo:
items:
properties:
externalEntitySelector:
x-kubernetes-preserve-unknown-fields: true
podSelector:
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
egress:
items:
properties:
action:
pattern: \bAllow|\bDrop
type: string
ports:
items:
properties:
port:
x-kubernetes-int-or-string: true
protocol:
type: string
type: object
type: array
to:
items:
properties:
externalEntitySelector:
x-kubernetes-preserve-unknown-fields: true
ipBlock:
properties:
cidr:
format: cidr
type: string
type: object
namespaceSelector:
x-kubernetes-preserve-unknown-fields: true
podSelector:
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
required:
- action
type: object
type: array
ingress:
items:
properties:
action:
pattern: \bAllow|\bDrop
type: string
from:
items:
properties:
externalEntitySelector:
x-kubernetes-preserve-unknown-fields: true
ipBlock:
properties:
cidr:
format: cidr
type: string
type: object
namespaceSelector:
x-kubernetes-preserve-unknown-fields: true
podSelector:
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
ports:
items:
properties:
port:
x-kubernetes-int-or-string: true
protocol:
type: string
type: object
type: array
required:
- action
type: object
type: array
priority:
format: float
maximum: 10000
minimum: 1
type: number
required:
- appliedTo
- priority
type: object
type: object
versions:
- name: v1alpha1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
app: antrea
Expand Down Expand Up @@ -611,6 +779,22 @@ rules:
- patch
- create
- delete
- apiGroups:
- security.antrea.tanzu.vmware.com
resources:
- networkpolicies
verbs:
- get
- watch
- list
- apiGroups:
- core.antrea.tanzu.vmware.com
resources:
- externalentities
verbs:
- get
- watch
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
Expand Down
184 changes: 184 additions & 0 deletions build/yamls/antrea-eks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -174,6 +174,174 @@ spec:
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
app: antrea
name: externalentities.core.antrea.tanzu.vmware.com
spec:
group: core.antrea.tanzu.vmware.com
names:
kind: ExternalEntity
plural: externalentities
shortNames:
- ee
singular: externalentity
preserveUnknownFields: false
scope: Namespaced
validation:
openAPIV3Schema:
properties:
spec:
properties:
endpoints:
items:
properties:
ip:
format: ipv4
type: string
name:
type: string
ports:
items:
properties:
name:
type: string
port:
x-kubernetes-int-or-string: true
protocol:
type: string
type: object
type: array
type: object
type: array
externalNode:
type: string
type: object
type: object
versions:
- name: v1alpha1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
app: antrea
name: networkpolicies.security.antrea.tanzu.vmware.com
spec:
group: security.antrea.tanzu.vmware.com
names:
kind: NetworkPolicy
plural: networkpolicies
shortNames:
- anp
singular: networkpolicy
preserveUnknownFields: false
scope: Namespaced
validation:
openAPIV3Schema:
properties:
spec:
properties:
appliedTo:
items:
properties:
externalEntitySelector:
x-kubernetes-preserve-unknown-fields: true
podSelector:
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
egress:
items:
properties:
action:
pattern: \bAllow|\bDrop
type: string
ports:
items:
properties:
port:
x-kubernetes-int-or-string: true
protocol:
type: string
type: object
type: array
to:
items:
properties:
externalEntitySelector:
x-kubernetes-preserve-unknown-fields: true
ipBlock:
properties:
cidr:
format: cidr
type: string
type: object
namespaceSelector:
x-kubernetes-preserve-unknown-fields: true
podSelector:
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
required:
- action
type: object
type: array
ingress:
items:
properties:
action:
pattern: \bAllow|\bDrop
type: string
from:
items:
properties:
externalEntitySelector:
x-kubernetes-preserve-unknown-fields: true
ipBlock:
properties:
cidr:
format: cidr
type: string
type: object
namespaceSelector:
x-kubernetes-preserve-unknown-fields: true
podSelector:
x-kubernetes-preserve-unknown-fields: true
type: object
type: array
ports:
items:
properties:
port:
x-kubernetes-int-or-string: true
protocol:
type: string
type: object
type: array
required:
- action
type: object
type: array
priority:
format: float
maximum: 10000
minimum: 1
type: number
required:
- appliedTo
- priority
type: object
type: object
versions:
- name: v1alpha1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
app: antrea
Expand Down Expand Up @@ -611,6 +779,22 @@ rules:
- patch
- create
- delete
- apiGroups:
- security.antrea.tanzu.vmware.com
resources:
- networkpolicies
verbs:
- get
- watch
- list
- apiGroups:
- core.antrea.tanzu.vmware.com
resources:
- externalentities
verbs:
- get
- watch
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
Expand Down
Loading

0 comments on commit ace946b

Please sign in to comment.