Skip to content

Commit

Permalink
Use events for acnp import status report
Browse files Browse the repository at this point in the history 
Signed-off-by: Yang Ding <dingyang@vmware.com>
  • Loading branch information
@Dyanngg
Dyanngg committed Mar 8, 2022
1 parent 82eaea8 commit b7f8cb9
Show file tree
Hide file tree
Showing 11 changed files with 545 additions and 178 deletions.
42 changes: 41 additions & 1 deletion docs/multicluster/architecture.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -136,4 +136,44 @@ isolation for that cluster.

Note that because the Tier that an ACNP refers to must exist before the ACNP is applied, an importing
cluster may fail to create the ACNP to be replicated, if the tier in the ResourceExport spec cannot be
found in that particular cluster.
found in that particular cluster. The ACNP creation status of each member cluster will be reported back
to the Common Area as K8s Events, and can be checked by describing the ResourceImport of the original
ResourceExport:

```
kubectl describe resourceimport -A
---
Name: strict-namespace-isolation-antreaclusternetworkpolicy
Namespace: antrea-mcs-ns
Labels: <none>
Annotations: <none>
API Version: multicluster.crd.antrea.io/v1alpha1
Kind: ResourceImport
Spec:
Clusternetworkpolicy:
Applied To:
Namespace Selector:
Ingress:
Action: Pass
Enable Logging: false
From:
Namespaces:
Match: Self
Pod Selector:
Match Labels:
k8s-app: kube-dns
Action: Drop
Enable Logging: false
From:
Namespace Selector:
Priority: 1
Tier: random
Kind: AntreaClusterNetworkPolicy
Name: strict-namespace-isolation
...
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ACNPImportSucceeded 2m11s resourceimport-controller ACNP successfully created in the importing cluster test-cluster-east
Warning ACNPImportFailed 2m11s resourceimport-controller ACNP Tier does not exist in the importing cluster test-cluster-west
```
136 changes: 116 additions & 20 deletions multicluster/build/yamls/antrea-multicluster-leader-global.yml
View file

Large diffs are not rendered by default.

30 changes: 30 additions & 0 deletions multicluster/build/yamls/antrea-multicluster-leader-namespaced.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,16 @@ rules:
- patch
- update
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- get
- list
- patch
- update
- apiGroups:
- ""
resources:
Expand Down Expand Up @@ -356,6 +366,26 @@ metadata:
name: antrea-mc-member-cluster-role
namespace: changeme
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- get
- list
- patch
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- get
- list
- patch
- update
- apiGroups:
- multicluster.crd.antrea.io
resources:
Expand Down
146 changes: 126 additions & 20 deletions multicluster/build/yamls/antrea-multicluster-member.yml
View file

Large diffs are not rendered by default.

86 changes: 74 additions & 12 deletions multicluster/config/crd/bases/multicluster.crd.antrea.io_resourceexports.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -239,6 +239,16 @@ spec:
contains only "value". The requirements are ANDed.
type: object
type: object
serviceAccount:
description: Select all Pods with the ServiceAccount matched
by this field, as workloads in AppliedTo/To/From fields.
Cannot be set with any other selector.
properties:
name:
type: string
namespace:
type: string
type: object
type: object
type: array
egress:
Expand Down Expand Up @@ -458,6 +468,16 @@ spec:
The requirements are ANDed.
type: object
type: object
serviceAccount:
description: Select all Pods with the ServiceAccount
matched by this field, as workloads in AppliedTo/To/From
fields. Cannot be set with any other selector.
properties:
name:
type: string
namespace:
type: string
type: object
type: object
type: array
enableLogging:
Expand Down Expand Up @@ -669,6 +689,16 @@ spec:
The requirements are ANDed.
type: object
type: object
serviceAccount:
description: Select all Pods with the ServiceAccount
matched by this field, as workloads in AppliedTo/To/From
fields. Cannot be set with any other selector.
properties:
name:
type: string
namespace:
type: string
type: object
type: object
type: array
name:
Expand Down Expand Up @@ -911,6 +941,16 @@ spec:
The requirements are ANDed.
type: object
type: object
serviceAccount:
description: Select all Pods with the ServiceAccount
matched by this field, as workloads in AppliedTo/To/From
fields. Cannot be set with any other selector.
properties:
name:
type: string
namespace:
type: string
type: object
type: object
type: array
toServices:
Expand All @@ -921,17 +961,13 @@ spec:
can't be used with To or Ports. If this field and To are
both empty or missing, this rule matches all destinations.
items:
description: ServiceReference represents a reference to
a v1.Service.
description: NamespacedName refers to a Namespace scoped
resource. All fields must be used together.
properties:
name:
description: Name of the Service
type: string
namespace:
description: Namespace of the Service
type: string
required:
- name
type: object
type: array
required:
Expand Down Expand Up @@ -1155,6 +1191,16 @@ spec:
The requirements are ANDed.
type: object
type: object
serviceAccount:
description: Select all Pods with the ServiceAccount
matched by this field, as workloads in AppliedTo/To/From
fields. Cannot be set with any other selector.
properties:
name:
type: string
namespace:
type: string
type: object
type: object
type: array
enableLogging:
Expand Down Expand Up @@ -1366,6 +1412,16 @@ spec:
The requirements are ANDed.
type: object
type: object
serviceAccount:
description: Select all Pods with the ServiceAccount
matched by this field, as workloads in AppliedTo/To/From
fields. Cannot be set with any other selector.
properties:
name:
type: string
namespace:
type: string
type: object
type: object
type: array
name:
Expand Down Expand Up @@ -1608,6 +1664,16 @@ spec:
The requirements are ANDed.
type: object
type: object
serviceAccount:
description: Select all Pods with the ServiceAccount
matched by this field, as workloads in AppliedTo/To/From
fields. Cannot be set with any other selector.
properties:
name:
type: string
namespace:
type: string
type: object
type: object
type: array
toServices:
Expand All @@ -1618,17 +1684,13 @@ spec:
can't be used with To or Ports. If this field and To are
both empty or missing, this rule matches all destinations.
items:
description: ServiceReference represents a reference to
a v1.Service.
description: NamespacedName refers to a Namespace scoped
resource. All fields must be used together.
properties:
name:
description: Name of the Service
type: string
namespace:
description: Namespace of the Service
type: string
required:
- name
type: object
type: array
required:
Expand Down
Loading

0 comments on commit b7f8cb9

Please sign in to comment.