Add NPRecommendationController to Theia Manager

This change adds an example controller to Theia manager, which watches NetworkPolicyRecommendation and exposes querier interface for APIServer to consume. When NetworkPolicyRecommendation is deployed in flow-visibility NS, the k8s resources and be properly returned via REST endpoint /apis/intelligence.theia.antrea.io/v1alpha1/networkpolicyrecommendations/{name} Signed-off-by: Shawn Wang <wshaoquan@vmware.com>
antrea-io · Aug 24, 2022 · 0755ccf · 0755ccf
1 parent c114f38
commit 0755ccf
Show file tree

Hide file tree

Showing 36 changed files with 2,118 additions and 17 deletions.
diff --git a/build/charts/theia/crds/network-policy-recommendation-crd.yaml b/build/charts/theia/crds/network-policy-recommendation-crd.yaml
@@ -0,0 +1,72 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: networkpolicyrecommendations.crd.theia.antrea.io
+  labels:
+    app: theia
+spec:
+  group: crd.theia.antrea.io
+  versions:
+    - name: v1alpha1
+      served: true
+      storage: true
+      schema:
+        openAPIV3Schema:
+          type: object
+          required:
+            - spec
+          properties:
+            spec:
+              type: object
+              required:
+                - jobType
+              properties:
+                jobType:
+                  type: string
+                limit:
+                  type: integer
+                policyType:
+                  type: string
+                startTime:
+                  type: string
+                  format: datetime
+                endTime:
+                  type: string
+                  format: datetime
+                nsAllowList:
+                  type: array
+                  items:
+                    type: string
+                excludeLabels:
+                  type: boolean
+                toServices:
+                  type: boolean
+                executorInstances:
+                  type: integer
+                driverCoreRequest:
+                  type: string
+                driverMemory:
+                  type: string
+                executorCoreRequest:
+                  type: string
+                executorMemory:
+                  type: string
+            status:
+              type: object
+              properties:
+                state:
+                  type: string
+      additionalPrinterColumns:
+        - description: Current state of the job
+          jsonPath: .status.state
+          name: State
+          type: string
+      subresources:
+        status: {}
+  scope: Namespaced
+  names:
+    plural: networkpolicyrecommendations
+    singular: networkpolicyrecommendation
+    kind: NetworkPolicyRecommendation
+    shortNames:
+      - npr
diff --git a/build/charts/theia/templates/theia-manager/clusterrole.yaml b/build/charts/theia/templates/theia-manager/clusterrole.yaml
@@ -16,4 +16,7 @@ rules:
     resourceNames: ["extension-apiserver-authentication"]
     resources: ["configmaps"]
     verbs: ["get", "list", "watch"]
+  - apiGroups: ["crd.theia.antrea.io"]
+    resources: ["networkpolicyrecommendations"]
+    verbs: ["get", "list", "watch"]
 {{- end }}
diff --git a/cmd/theia-manager/theia-manager.go b/cmd/theia-manager/theia-manager.go
@@ -16,15 +16,25 @@ package main
 
 import (
 	"fmt"
+	"time"
 
 	"antrea.io/antrea/pkg/log"
 	"antrea.io/antrea/pkg/signals"
 	"antrea.io/antrea/pkg/util/cipher"
+	"k8s.io/client-go/rest"
 	"k8s.io/klog/v2"
 
 	"antrea.io/theia/pkg/apiserver"
+	crdclientset "antrea.io/theia/pkg/client/clientset/versioned"
+	crdinformers "antrea.io/theia/pkg/client/informers/externalversions"
+	"antrea.io/theia/pkg/controller/networkpolicyrecommendation"
 )
 
+// informerDefaultResync is the default resync period if a handler doesn't specify one.
+// Use the same default value as kube-controller-manager:
+// https://github.com/kubernetes/kubernetes/blob/release-1.17/pkg/controller/apis/config/v1alpha1/defaults.go#L120
+const informerDefaultResync = 12 * time.Hour
+
 func run(o *Options) error {
 	klog.Infof("Theia manager starting...")
 	// Set up signal capture: the first SIGTERM / SIGINT signal is handled gracefully and will
@@ -34,17 +44,33 @@ func run(o *Options) error {
 
 	log.StartLogFileNumberMonitor(stopCh)
 
+	kubeConfig, err := rest.InClusterConfig()
+	if err != nil {
+		return fmt.Errorf("error generating KubeConfig: %v", err)
+	}
+	crdClient, err := crdclientset.NewForConfig(kubeConfig)
+	if err != nil {
+		return fmt.Errorf("error generating CRD client: %v", err)
+	}
+	crdInformerFactory := crdinformers.NewSharedInformerFactory(crdClient, informerDefaultResync)
+	npRecommendationInformer := crdInformerFactory.Crd().V1alpha1().NetworkPolicyRecommendations()
+	npRecoController := networkpolicyrecommendation.NewNPRecommendationController(crdClient, npRecommendationInformer)
+
 	cipherSuites, err := cipher.GenerateCipherSuitesList(o.config.APIServer.TLSCipherSuites)
 	if err != nil {
 		return fmt.Errorf("error generating Cipher Suite list: %v", err)
 	}
 	apiServer, err := apiserver.New(
+		npRecoController,
 		o.config.APIServer.APIPort,
 		cipherSuites,
 		cipher.TLSVersionMap[o.config.APIServer.TLSMinVersion])
 	if err != nil {
 		return fmt.Errorf("error when creating API server: %v", err)
 	}
+
+	crdInformerFactory.Start(stopCh)
+	go npRecoController.Run(stopCh)
 	go apiServer.Run(stopCh)
 
 	<-stopCh

diff --git a/hack/update-codegen-dockerized.sh b/hack/update-codegen-dockerized.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-# Copyright 2019 Antrea Authors
+# Copyright 2022 Antrea Authors
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -36,8 +36,31 @@ function reset_year_change {
   done
 }
 
+# Generate clientset and apis code with K8s codegen tools.
+$GOPATH/bin/client-gen \
+  --clientset-name versioned \
+  --input-base "${THEIA_PKG}/pkg/apis/" \
+  --input "crd/v1alpha1" \
+  --output-package "${THEIA_PKG}/pkg/client/clientset" \
+  --go-header-file hack/boilerplate/license_header.go.txt
+
+# Generate listers with K8s codegen tools.
+$GOPATH/bin/lister-gen \
+  --input-dirs "${THEIA_PKG}/pkg/apis/crd/v1alpha1" \
+  --output-package "${THEIA_PKG}/pkg/client/listers" \
+  --go-header-file hack/boilerplate/license_header.go.txt
+
+# Generate informers with K8s codegen tools.
+$GOPATH/bin/informer-gen \
+  --input-dirs "${THEIA_PKG}/pkg/apis/crd/v1alpha1" \
+  --versioned-clientset-package "${THEIA_PKG}/pkg/client/clientset/versioned" \
+  --listers-package "${THEIA_PKG}/pkg/client/listers" \
+  --output-package "${THEIA_PKG}/pkg/client/informers" \
+  --go-header-file hack/boilerplate/license_header.go.txt
+
 $GOPATH/bin/deepcopy-gen \
   --input-dirs "${THEIA_PKG}/pkg/apis/intelligence/v1alpha1" \
+  --input-dirs "${THEIA_PKG}/pkg/apis/crd/v1alpha1" \
   -O zz_generated.deepcopy \
   --go-header-file hack/boilerplate/license_header.go.txt
 

diff --git a/pkg/apis/crd/v1alpha1/doc.go b/pkg/apis/crd/v1alpha1/doc.go
@@ -0,0 +1,20 @@
+// Copyright 2022 Antrea Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// +k8s:openapi-gen=true
+// +k8s:deepcopy-gen=package
+// +k8s:defaulter-gen=TypeMeta
+// +groupName=crd.theia.antrea.io
+
+package v1alpha1
diff --git a/pkg/apis/crd/v1alpha1/register.go b/pkg/apis/crd/v1alpha1/register.go
@@ -0,0 +1,62 @@
+// Copyright 2022 Antrea Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+const GroupName = "crd.theia.antrea.io"
+
+var (
+	SchemeGroupVersion = schema.GroupVersion{
+		Group:   GroupName,
+		Version: "v1alpha1"}
+)
+
+var (
+	SchemeBuilder      runtime.SchemeBuilder
+	localSchemeBuilder = &SchemeBuilder
+	AddToScheme        = localSchemeBuilder.AddToScheme
+)
+
+func init() {
+	localSchemeBuilder.Register(addKnownTypes)
+}
+
+// Kind takes an unqualified kind and returns back a Group qualified GroupKind
+func Kind(kind string) schema.GroupKind {
+	return SchemeGroupVersion.WithKind(kind).GroupKind()
+}
+
+func Resource(resource string) schema.GroupResource {
+	return SchemeGroupVersion.WithResource(resource).GroupResource()
+}
+
+func addKnownTypes(scheme *runtime.Scheme) error {
+	scheme.AddKnownTypes(
+		SchemeGroupVersion,
+		&NetworkPolicyRecommendation{},
+		&NetworkPolicyRecommendationList{},
+	)
+
+	metav1.AddToGroupVersion(
+		scheme,
+		SchemeGroupVersion,
+	)
+	return nil
+}
diff --git a/pkg/apis/crd/v1alpha1/types.go b/pkg/apis/crd/v1alpha1/types.go
@@ -0,0 +1,63 @@
+// Copyright 2022 Antrea Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// +k8s:openapi-gen=true
+// +k8s:deepcopy-gen=package
+// +k8s:defaulter-gen=TypeMeta
+// +groupName=crd.theia.antrea.io
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+type NetworkPolicyRecommendation struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   NetworkPolicyRecommendationSpec   `json:"spec,omitempty"`
+	Status NetworkPolicyRecommendationStatus `json:"status,omitempty"`
+}
+
+type NetworkPolicyRecommendationSpec struct {
+	Type                string      `json:"type,omitempty"`
+	Limit               int         `json:"limit,omitempty"`
+	PolicyType          string      `json:"policyType,omitempty"`
+	StartTime           metav1.Time `json:"startTime,omitempty"`
+	EndTime             metav1.Time `json:"endTime,omitempty"`
+	NSAllowList         []string    `json:"nsAllowList,omitempty"`
+	ExcludeLabels       bool        `json:"excludeLabels,omitempty"`
+	ToServices          bool        `json:"toServices,omitempty"`
+	ExecutorInstances   int         `json:"executorInstances,omitempty"`
+	DriverCoreRequest   string      `json:"driverCoreRequest,omitempty"`
+	DriverMemory        string      `json:"driverMemory,omitempty"`
+	ExecutorCoreRequest string      `json:"executorCoreRequest,omitempty"`
+	ExecutorMemory      string      `json:"executorMemory,omitempty"`
+}
+
+type NetworkPolicyRecommendationStatus struct {
+	State string `json:"state,omitempty"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+type NetworkPolicyRecommendationList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []NetworkPolicyRecommendation `json:"items"`
+}