-
Notifications
You must be signed in to change notification settings - Fork 25
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add Thiea Manager with basic functionality (#97)
This change adds Theia Manager API Server and a basic NPRecommendationController. For API Server, the followings are added: 1. API server setup and config 2. sample REST endpoint apis/intelligence.theia.antrea.io/v1alpha1/networkpolicyrecommendations 3. codegen scripts for API server 4. helm charts for theia Manager and API server config values An example controller, NPRecommendationController, is also added to Theia manager, which watches NetworkPolicyRecommendation and exposes querier interface for APIServer to consume. When NetworkPolicyRecommendation is deployed in flow-visibility NS, the k8s resources and be properly returned via REST endpoint /apis/intelligence.theia.antrea.io/v1alpha1/networkpolicyrecommendations/{name} Signed-off-by: Shawn Wang <wshaoquan@vmware.com>
- Loading branch information
Showing
60 changed files
with
3,642 additions
and
149 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# apiServer contains APIServer related configuration options. | ||
apiServer: | ||
# The port for the theia-manager APIServer to serve on. | ||
apiPort: {{ .Values.theiaManager.apiServer.apiPort }} | ||
|
||
# Comma-separated list of Cipher Suites. If omitted, the default Go Cipher Suites will be used. | ||
# https://golang.org/pkg/crypto/tls/#pkg-constants | ||
# Note that TLS1.3 Cipher Suites cannot be added to the list. But the apiserver will always | ||
# prefer TLS1.3 Cipher Suites whenever possible. | ||
tlsCipherSuites: {{ .Values.theiaManager.apiServer.tlsCipherSuites | quote }} | ||
|
||
# TLS min version from: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13. | ||
tlsMinVersion: {{ .Values.theiaManager.apiServer.tlsMinVersion | quote }} |
72 changes: 72 additions & 0 deletions
72
build/charts/theia/crds/network-policy-recommendation-crd.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
apiVersion: apiextensions.k8s.io/v1 | ||
kind: CustomResourceDefinition | ||
metadata: | ||
name: networkpolicyrecommendations.crd.theia.antrea.io | ||
labels: | ||
app: theia | ||
spec: | ||
group: crd.theia.antrea.io | ||
versions: | ||
- name: v1alpha1 | ||
served: true | ||
storage: true | ||
schema: | ||
openAPIV3Schema: | ||
type: object | ||
required: | ||
- spec | ||
properties: | ||
spec: | ||
type: object | ||
required: | ||
- jobType | ||
properties: | ||
jobType: | ||
type: string | ||
limit: | ||
type: integer | ||
policyType: | ||
type: string | ||
startTime: | ||
type: string | ||
format: datetime | ||
endTime: | ||
type: string | ||
format: datetime | ||
nsAllowList: | ||
type: array | ||
items: | ||
type: string | ||
excludeLabels: | ||
type: boolean | ||
toServices: | ||
type: boolean | ||
executorInstances: | ||
type: integer | ||
driverCoreRequest: | ||
type: string | ||
driverMemory: | ||
type: string | ||
executorCoreRequest: | ||
type: string | ||
executorMemory: | ||
type: string | ||
status: | ||
type: object | ||
properties: | ||
state: | ||
type: string | ||
additionalPrinterColumns: | ||
- description: Current state of the job | ||
jsonPath: .status.state | ||
name: State | ||
type: string | ||
subresources: | ||
status: {} | ||
scope: Namespaced | ||
names: | ||
plural: networkpolicyrecommendations | ||
singular: networkpolicyrecommendation | ||
kind: NetworkPolicyRecommendation | ||
shortNames: | ||
- npr |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
22 changes: 22 additions & 0 deletions
22
build/charts/theia/templates/theia-manager/clusterrole.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{{- if .Values.theiaManager.enable }} | ||
kind: ClusterRole | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
metadata: | ||
labels: | ||
app: theia-manager | ||
name: theia-manager-role | ||
rules: | ||
# This is the content of built-in role kube-system/extension-apiserver-authentication-reader. | ||
# But it doesn't have list/watch permission before K8s v1.17.0 so the extension apiserver (antrea-agent) will | ||
# have permission issue after bumping up apiserver library to a version that supports dynamic authentication. | ||
# See https://github.com/kubernetes/kubernetes/pull/85375 | ||
# To support K8s clusters older than v1.17.0, we grant the required permissions directly instead of relying on | ||
# the extension-apiserver-authentication role. | ||
- apiGroups: [""] | ||
resourceNames: ["extension-apiserver-authentication"] | ||
resources: ["configmaps"] | ||
verbs: ["get", "list", "watch"] | ||
- apiGroups: ["crd.theia.antrea.io"] | ||
resources: ["networkpolicyrecommendations"] | ||
verbs: ["get", "list", "watch"] | ||
{{- end }} |
16 changes: 16 additions & 0 deletions
16
build/charts/theia/templates/theia-manager/clusterrolebinding.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
{{- if .Values.theiaManager.enable }} | ||
kind: ClusterRoleBinding | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
metadata: | ||
labels: | ||
app: theia-manager | ||
name: theia-manager-cluster-role-binding | ||
subjects: | ||
- kind: ServiceAccount | ||
name: theia-manager | ||
namespace: {{ .Release.Namespace }} | ||
roleRef: | ||
kind: ClusterRole | ||
name: theia-manager-role | ||
apiGroup: rbac.authorization.k8s.io | ||
{{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
{{- if .Values.theiaManager.enable }} | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: theia-manager-configmap | ||
namespace: {{ .Release.Namespace }} | ||
labels: | ||
app: theia-manager | ||
data: | ||
{{ tpl (.Files.Glob "conf/*").AsConfig . | indent 2 | replace " \n" "\n" }} | ||
{{- end }} |
64 changes: 64 additions & 0 deletions
64
build/charts/theia/templates/theia-manager/deployment.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
{{- if .Values.theiaManager.enable }} | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
labels: | ||
app: theia-manager | ||
name: theia-manager | ||
namespace: {{ .Release.Namespace }} | ||
spec: | ||
replicas: 1 | ||
selector: | ||
matchLabels: | ||
app: theia-manager | ||
template: | ||
metadata: | ||
labels: | ||
app: theia-manager | ||
spec: | ||
containers: | ||
- name: theia-manager | ||
image: {{ include "theiaManagerImage" . | quote }} | ||
imagePullPolicy: {{ .Values.theiaManager.image.pullPolicy }} | ||
args: | ||
- --config | ||
- /etc/theia-manager/theia-manager.conf | ||
- --logtostderr=false | ||
- --log_dir=/var/log/antrea/theia-manager | ||
- --alsologtostderr | ||
- --log_file_max_size=100 | ||
- --log_file_max_num=4 | ||
{{- if .Values.theiaManager.logVerbosity }} | ||
- "--v={{ .Values.theiaManager.logVerbosity }}" | ||
{{- end }} | ||
env: | ||
- name: POD_NAME | ||
valueFrom: | ||
fieldRef: | ||
fieldPath: metadata.name | ||
- name: POD_NAMESPACE | ||
valueFrom: | ||
fieldRef: | ||
fieldPath: metadata.namespace | ||
ports: | ||
- name: "theia-api-http" | ||
containerPort: {{ .Values.theiaManager.apiServer.apiPort }} | ||
volumeMounts: | ||
- mountPath: /etc/theia-manager | ||
name: theia-manager-config | ||
readOnly: true | ||
- mountPath: /var/log/antrea/theia-manager | ||
name: host-var-log-antrea-theia-manager | ||
nodeSelector: | ||
kubernetes.io/os: linux | ||
kubernetes.io/arch: amd64 | ||
serviceAccountName: theia-manager | ||
volumes: | ||
- name: theia-manager-config | ||
configMap: | ||
name: theia-manager-configmap | ||
- name: host-var-log-antrea-theia-manager | ||
hostPath: | ||
path: /var/log/antrea/theia-manager | ||
type: DirectoryOrCreate | ||
{{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
{{- if .Values.theiaManager.enable }} | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
labels: | ||
app: theia-manager | ||
name: theia-manager | ||
namespace: {{ .Release.Namespace }} | ||
spec: | ||
ports: | ||
- port: {{ .Values.theiaManager.apiServer.apiPort }} | ||
protocol: TCP | ||
targetPort: theia-api-http | ||
selector: | ||
app: theia-manager | ||
{{- end }} |
9 changes: 9 additions & 0 deletions
9
build/charts/theia/templates/theia-manager/serviceaccount.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
{{- if .Values.theiaManager.enable }} | ||
apiVersion: v1 | ||
kind: ServiceAccount | ||
metadata: | ||
labels: | ||
app: theia-manager | ||
name: theia-manager | ||
namespace: {{ .Release.Namespace }} | ||
{{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
ARG GO_VERSION | ||
FROM golang:${GO_VERSION} as theia-manager-build | ||
|
||
COPY . /theia | ||
WORKDIR /theia | ||
|
||
RUN make theia-manager-bin | ||
|
||
# Chose this base image so that a shell is available for users to exec into the container | ||
FROM ubuntu:20.04 | ||
|
||
LABEL maintainer="Antrea <projectantrea-dev@googlegroups.com>" | ||
LABEL description="A docker image to deploy theia manager." | ||
|
||
COPY --from=theia-manager-build /theia/bin/theia-manager / | ||
|
||
ENTRYPOINT ["/theia-manager"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
// Copyright 2022 Antrea Authors | ||
// | ||
// Licensed under the Apache License, Version 2.0 (the "License"); | ||
// you may not use this file except in compliance with the License. | ||
// You may obtain a copy of the License at | ||
// | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// | ||
// Unless required by applicable law or agreed to in writing, software | ||
// distributed under the License is distributed on an "AS IS" BASIS, | ||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
// See the License for the specific language governing permissions and | ||
// limitations under the License. | ||
|
||
// Package main under directory cmd parses and validates user input, | ||
// instantiates and initializes objects imported from pkg, and runs | ||
// the process. | ||
package main | ||
|
||
import ( | ||
"os" | ||
|
||
"antrea.io/antrea/pkg/log" | ||
"github.com/spf13/cobra" | ||
"k8s.io/klog/v2" | ||
) | ||
|
||
func main() { | ||
command := newTheiaManagerCommand() | ||
if err := command.Execute(); err != nil { | ||
os.Exit(1) | ||
} | ||
} | ||
|
||
func newTheiaManagerCommand() *cobra.Command { | ||
opts := newOptions() | ||
|
||
cmd := &cobra.Command{ | ||
Use: "theia-manager", | ||
Long: "The Theia Manager.", | ||
Run: func(cmd *cobra.Command, args []string) { | ||
log.InitLogs(cmd.Flags()) | ||
defer log.FlushLogs() | ||
if err := opts.complete(args); err != nil { | ||
klog.Fatalf("Failed to complete args: %v", err) | ||
} | ||
if err := opts.validate(args); err != nil { | ||
klog.Fatalf("Failed to validate args: %v", err) | ||
} | ||
if err := run(opts); err != nil { | ||
klog.Fatalf("Error running theia manager: %v", err) | ||
} | ||
}, | ||
} | ||
|
||
flags := cmd.Flags() | ||
opts.addFlags(flags) | ||
log.AddFlags(flags) | ||
return cmd | ||
} |
Oops, something went wrong.