Add NetworkSet resource

lib/apis/v3/constants.go

@@ -1,4 +1,4 @@
-// Copyright (c) 2017-2018 Tigera, Inc. All rights reserved.
+// Copyright (c) 2017-2019 Tigera, Inc. All rights reserved.
 
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -28,7 +28,7 @@ const (
 	// AllNames is used for List or Watch queries to wildcard the name.
 	AllNames = ""
 
-	// Label used to denote the Namespace.  This is added to the workload endpoints by Calico
+	// Label used to denote the Namespace.  This is added to workload endpoints and network sets by Calico
 	// and may be used for label matches by Policy selectors.
 	LabelNamespace = "projectcalico.org/namespace"
 

lib/apis/v3/networkset.go

@@ -0,0 +1,72 @@
+// Copyright (c) 2019 Tigera, Inc. All rights reserved.
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v3
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+const (
+	KindNetworkSet     = "NetworkSet"
+	KindNetworkSetList = "NetworkSetList"
+)
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// NetworkSet is the Namespaced-equivalent of the GlobalNetworkSet.
+type NetworkSet struct {
+	metav1.TypeMeta `json:",inline"`
+	// Standard object's metadata.
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+	// Specification of the NetworkSet.
+	Spec NetworkSetSpec `json:"spec,omitempty"`
+}
+
+// NetworkSetSpec contains the specification for a NetworkSet resource.
+type NetworkSetSpec struct {
+	// The list of IP networks that belong to this set.
+	Nets []string `json:"nets,omitempty" validate:"omitempty,dive,cidr"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// NetworkSetList contains a list of NetworkSet resources.
+type NetworkSetList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata"`
+	Items           []NetworkSet `json:"items"`
+}
+
+// NewNetworkSet creates a new (zeroed) NetworkSet struct with the TypeMetadata initialised to the current version.
+func NewNetworkSet() *NetworkSet {
+	return &NetworkSet{
+		TypeMeta: metav1.TypeMeta{
+			Kind:       KindNetworkSet,
+			APIVersion: GroupVersionCurrent,
+		},
+	}
+}
+
+// NewNetworkSetList creates a new (zeroed) NetworkSetList struct with the TypeMetadata initialised to the current
+// version.
+func NewNetworkSetList() *NetworkSetList {
+	return &NetworkSetList{
+		TypeMeta: metav1.TypeMeta{
+			Kind:       KindNetworkSetList,
+			APIVersion: GroupVersionCurrent,
+		},
+	}
+}

lib/backend/k8s/k8s.go

@@ -159,6 +159,12 @@ func NewKubeClient(ca *apiconfig.CalicoAPIConfigSpec) (api.Client, error) {
 		apiv3.KindNetworkPolicy,
 		resources.NewNetworkPolicyClient(cs, crdClientV1),
 	)
+	kubeClient.registerResourceClient(
+		reflect.TypeOf(model.ResourceKey{}),
+		reflect.TypeOf(model.ResourceListOptions{}),
+		apiv3.KindNetworkSet,
+		resources.NewNetworkSetClient(cs, crdClientV1),
+	)
 	kubeClient.registerResourceClient(
 		reflect.TypeOf(model.ResourceKey{}),
 		reflect.TypeOf(model.ResourceListOptions{}),
@@ -294,6 +300,7 @@ func (c *KubeClient) Clean() error {
 		apiv3.KindFelixConfiguration,
 		apiv3.KindGlobalNetworkPolicy,
 		apiv3.KindGlobalNetworkSet,
+		apiv3.KindNetworkSet,
 		apiv3.KindIPPool,
 		apiv3.KindHostEndpoint,
 	}
@@ -385,6 +392,7 @@ func buildCRDClientV1(cfg rest.Config) (*rest.RESTClient, error) {
 				&apiv3.GlobalNetworkPolicyList{},
 				&apiv3.NetworkPolicy{},
 				&apiv3.NetworkPolicyList{},
+				&apiv3.NetworkSet{},
 				&apiv3.HostEndpoint{},
 				&apiv3.HostEndpointList{},
 				&apiv3.BlockAffinity{},

lib/backend/k8s/resources/customresource.go

@@ -213,9 +213,9 @@ func (c *customK8sResourceClient) Get(ctx context.Context, key model.Key, revisi
 	}
 	namespace := key.(model.ResourceKey).Namespace
 
-	// Add the name to the log context now that we know it, and query
-	// Kubernetes.
-	logContext = logContext.WithField("Name", name)
+	// Add the name and namespace to the log context now that we know it, and query Kubernetes.
+	logContext = logContext.WithFields(log.Fields{"Name": name, "Namespace": namespace})
+
 	logContext.Debug("Get custom Kubernetes resource by name")
 	resOut := reflect.New(c.k8sResourceType).Interface().(Resource)
 	err = c.restClient.Get().

lib/backend/k8s/resources/networkset.go

@@ -0,0 +1,48 @@
+// Copyright (c) 2019 Tigera, Inc. All rights reserved.
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package resources
+
+import (
+	"reflect"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
+
+	apiv3 "github.com/projectcalico/libcalico-go/lib/apis/v3"
+)
+
+const (
+	NetworkSetResourceName = "NetworkSets"
+	NetworkSetCRDName      = "networksets.crd.projectcalico.org"
+)
+
+func NewNetworkSetClient(c *kubernetes.Clientset, r *rest.RESTClient) K8sResourceClient {
+	return &customK8sResourceClient{
+		clientSet:       c,
+		restClient:      r,
+		name:            NetworkSetCRDName,
+		resource:        NetworkSetResourceName,
+		description:     "Calico Network Sets",
+		k8sResourceType: reflect.TypeOf(apiv3.NetworkSet{}),
+		k8sResourceTypeMeta: metav1.TypeMeta{
+			Kind:       apiv3.KindNetworkSet,
+			APIVersion: apiv3.GroupVersionCurrent,
+		},
+		k8sListType:  reflect.TypeOf(apiv3.NetworkSetList{}),
+		resourceKind: apiv3.KindNetworkSet,
+		namespaced:   true,
+	}
+}

lib/backend/model/resource.go

@@ -1,4 +1,4 @@
-// Copyright (c) 2016-2018 Tigera, Inc. All rights reserved.
+// Copyright (c) 2016-2019 Tigera, Inc. All rights reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -98,6 +98,11 @@ func init() {
 		"networkpolicies",
 		reflect.TypeOf(apiv3.NetworkPolicy{}),
 	)
+	registerResourceInfo(
+		apiv3.KindNetworkSet,
+		"networksets",
+		reflect.TypeOf(apiv3.NetworkSet{}),
+	)
 	registerResourceInfo(
 		apiv3.KindNode,
 		"nodes",

lib/backend/syncersv1/felixsyncer/felixsyncer_e2e_test.go

@@ -1,4 +1,4 @@
-// Copyright (c) 2017-2018 Tigera, Inc. All rights reserved.
+// Copyright (c) 2017-2019 Tigera, Inc. All rights reserved.
 
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -240,7 +240,7 @@ var _ = testutils.E2eDatastoreDescribe("Felix syncer tests", testutils.Datastore
 			)
 			expectedCacheSize++
 			syncTester.ExpectCacheSize(expectedCacheSize)
-			_, expNet, err := net.ParseCIDROrIP("11.0.0.0/16")
+			_, expGNet, err := net.ParseCIDROrIP("11.0.0.0/16")
 			Expect(err).NotTo(HaveOccurred())
 			syncTester.ExpectData(model.KVPair{
 				Key: model.NetworkSetKey{Name: "anetworkset"},
@@ -249,12 +249,45 @@ var _ = testutils.E2eDatastoreDescribe("Felix syncer tests", testutils.Datastore
 						"a": "b",
 					},
 					Nets: []net.IPNet{
-						*expNet,
+						*expGNet,
 					},
 				},
 				Revision: gns.ResourceVersion,
 			})
 
+			By("Creating a NetworkSet")
+			ns := apiv3.NewNetworkSet()
+			ns.Name = "anetworkset"
+			ns.Namespace = "namespace-1"
+			ns.Labels = map[string]string{
+				"a": "b",
+			}
+			ns.Spec.Nets = []string{
+				"11.0.0.0/16",
+			}
+			ns, err = c.NetworkSets().Create(
+				ctx,
+				ns,
+				options.SetOptions{},
+			)
+			expectedCacheSize++
+			syncTester.ExpectCacheSize(expectedCacheSize)
+			_, expNet, err := net.ParseCIDROrIP("11.0.0.0/16")
+			Expect(err).NotTo(HaveOccurred())
+			syncTester.ExpectData(model.KVPair{
+				Key: model.NetworkSetKey{Name: "namespace-1/anetworkset"},
+				Value: &model.NetworkSet{
+					Labels: map[string]string{
+						"a":                           "b",
+						"projectcalico.org/namespace": "namespace-1",
+					},
+					Nets: []net.IPNet{
+						*expNet,
+					},
+				},
+				Revision: ns.ResourceVersion,
+			})
+
 			By("Creating a HostEndpoint")
 			hep, err := c.HostEndpoints().Create(
 				ctx,

lib/backend/syncersv1/felixsyncer/felixsyncerv1.go

@@ -1,4 +1,4 @@
-// Copyright (c) 2017-2018 Tigera, Inc. All rights reserved.
+// Copyright (c) 2017-2019 Tigera, Inc. All rights reserved.
 
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -64,6 +64,10 @@ func New(client api.Client, callbacks api.SyncerCallbacks) api.Syncer {
 			ListInterface:   model.ResourceListOptions{Kind: apiv3.KindNetworkPolicy},
 			UpdateProcessor: updateprocessors.NewNetworkPolicyUpdateProcessor(),
 		},
+		{
+			ListInterface:   model.ResourceListOptions{Kind: apiv3.KindNetworkSet},
+			UpdateProcessor: updateprocessors.NewNetworkSetUpdateProcessor(),
+		},
 		{
 			ListInterface:   model.ResourceListOptions{Kind: apiv3.KindHostEndpoint},
 			UpdateProcessor: updateprocessors.NewHostEndpointUpdateProcessor(),