Skip to content

Commit

Permalink
feat: security group
Browse files Browse the repository at this point in the history
  • Loading branch information
fanriming committed Aug 8, 2021
1 parent 63d391d commit 14ccbeb
Show file tree
Hide file tree
Showing 26 changed files with 1,881 additions and 28 deletions.
97 changes: 97 additions & 0 deletions dist/images/install-pre-1.16.sh
Original file line number Diff line number Diff line change
Expand Up @@ -642,6 +642,99 @@ spec:
type: string
lastTransitionTime:
type: string
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: security-groups.kubeovn.io
spec:
group: kubeovn.io
names:
plural: security-groups
singular: security-group
shortNames:
- sg
kind: SecurityGroup
listKind: SecurityGroupList
scope: Cluster
versions:
- name: v1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
ingressRules:
type: array
items:
type: object
properties:
ipVersion:
type: string
protocol:
type: string
priority:
type: integer
remoteType:
type: string
remoteAddress:
type: string
remoteSecurityGroup:
type: string
portRangeMin:
type: integer
portRangeMax:
type: integer
policy:
type: string
egressRules:
type: array
items:
type: object
properties:
ipVersion:
type: string
protocol:
type: string
priority:
type: integer
remoteType:
type: string
remoteAddress:
type: string
remoteSecurityGroup:
type: string
portRangeMin:
type: integer
portRangeMax:
type: integer
policy:
type: string
allowSameGroupTraffic:
type: boolean
status:
type: object
properties:
portGroup:
type: string
allowSameGroupTraffic:
type: boolean
ingressMd5:
type: string
egressMd5:
type: string
ingressLastSyncSuccess:
type: boolean
egressLastSyncSuccess:
type: boolean
subresources:
status: {}
conversion:
strategy: None
EOF

if $DPDK; then
Expand Down Expand Up @@ -713,6 +806,8 @@ rules:
- vlans
- provider-networks
- provider-networks/status
- security-groups
- security-groups/status
verbs:
- "*"
- apiGroups:
Expand Down Expand Up @@ -1193,6 +1288,8 @@ rules:
- provider-networks
- provider-networks/status
- networks
- security-groups
- security-groups/status
verbs:
- "*"
- apiGroups:
Expand Down
97 changes: 97 additions & 0 deletions dist/images/install.sh
Original file line number Diff line number Diff line change
Expand Up @@ -684,6 +684,99 @@ spec:
singular: provider-network
kind: ProviderNetwork
listKind: ProviderNetworkList
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: security-groups.kubeovn.io
spec:
group: kubeovn.io
names:
plural: security-groups
singular: security-group
shortNames:
- sg
kind: SecurityGroup
listKind: SecurityGroupList
scope: Cluster
versions:
- name: v1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
ingressRules:
type: array
items:
type: object
properties:
ipVersion:
type: string
protocol:
type: string
priority:
type: integer
remoteType:
type: string
remoteAddress:
type: string
remoteSecurityGroup:
type: string
portRangeMin:
type: integer
portRangeMax:
type: integer
policy:
type: string
egressRules:
type: array
items:
type: object
properties:
ipVersion:
type: string
protocol:
type: string
priority:
type: integer
remoteType:
type: string
remoteAddress:
type: string
remoteSecurityGroup:
type: string
portRangeMin:
type: integer
portRangeMax:
type: integer
policy:
type: string
allowSameGroupTraffic:
type: boolean
status:
type: object
properties:
portGroup:
type: string
allowSameGroupTraffic:
type: boolean
ingressMd5:
type: string
egressMd5:
type: string
ingressLastSyncSuccess:
type: boolean
egressLastSyncSuccess:
type: boolean
subresources:
status: {}
conversion:
strategy: None
EOF

if $DPDK; then
Expand Down Expand Up @@ -755,6 +848,8 @@ rules:
- vlans
- provider-networks
- provider-networks/status
- security-groups
- security-groups/status
verbs:
- "*"
- apiGroups:
Expand Down Expand Up @@ -1236,6 +1331,8 @@ rules:
- provider-networks
- provider-networks/status
- networks
- security-groups
- security-groups/status
verbs:
- "*"
- apiGroups:
Expand Down
2 changes: 2 additions & 0 deletions pkg/apis/kubeovn/v1/register.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
&VpcList{},
&VpcNatGateway{},
&VpcNatGatewayList{},
&SecurityGroup{},
&SecurityGroupList{},
)
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil
Expand Down
10 changes: 10 additions & 0 deletions pkg/apis/kubeovn/v1/status.go
Original file line number Diff line number Diff line change
Expand Up @@ -47,3 +47,13 @@ func (vs *VpcStatus) Bytes() ([]byte, error) {
klog.V(5).Info("status body", newStr)
return []byte(newStr), nil
}

func (sgs *SecurityGroupStatus) Bytes() ([]byte, error) {
bytes, err := json.Marshal(sgs)
if err != nil {
return nil, err
}
newStr := fmt.Sprintf(`{"status": %s}`, string(bytes))
klog.V(5).Info("status body", newStr)
return []byte(newStr), nil
}
72 changes: 72 additions & 0 deletions pkg/apis/kubeovn/v1/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,29 @@ const (
GWCentralizedType = "centralized"
)

type SgRemoteType string

const (
SgRemoteTypeAddress SgRemoteType = "address"
SgRemoteTypeSg SgRemoteType = "securityGroup"
)

type SgProtocol string

const (
ProtocolALL SgProtocol = "all"
ProtocolICMP SgProtocol = "icmp"
ProtocolTCP SgProtocol = "tcp"
ProtocolUDP SgProtocol = "udp"
)

type SgPolicy string

const (
PolicyAllow SgPolicy = "allow"
PolicyDrop SgPolicy = "drop"
)

// Constants for condition
const (
// Ready => controller considers this resource Ready
Expand Down Expand Up @@ -416,3 +439,52 @@ type VpcNatGatewayList struct {

Items []VpcNatGateway `json:"items"`
}

// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +genclient:nonNamespaced
// +resourceName=security-groups

type SecurityGroup struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`

Spec SecurityGroupSpec `json:"spec"`
Status SecurityGroupStatus `json:"status"`
}

type SecurityGroupSpec struct {
IngressRules []*SgRule `json:"ingressRules,omitempty"`
EgressRules []*SgRule `json:"egressRules,omitempty"`
AllowSameGroupTraffic bool `json:"allowSameGroupTraffic,omitempty"`
}

type SecurityGroupStatus struct {
PortGroup string `json:"portGroup"`
AllowSameGroupTraffic bool `json:"allowSameGroupTraffic"`
IngressMd5 string `json:"ingressMd5"`
EgressMd5 string `json:"egressMd5"`
IngressLastSyncSuccess bool `json:"ingressLastSyncSuccess"`
EgressLastSyncSuccess bool `json:"egressLastSyncSuccess"`
}

type SgRule struct {
IPVersion string `json:"ipVersion"`
Protocol SgProtocol `json:"protocol,omitempty"`
Priority int `json:"priority,omitempty"`
RemoteType SgRemoteType `json:"remoteType"`
RemoteAddress string `json:"remoteAddress,omitempty"`
RemoteSecurityGroup string `json:"remoteSecurityGroup,omitempty"`
PortRangeMin int `json:"portRangeMin,omitempty"`
PortRangeMax int `json:"portRangeMax,omitempty"`
Policy SgPolicy `json:"policy"`
}

// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

type SecurityGroupList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`

Items []SecurityGroup `json:"items"`
}
Loading

0 comments on commit 14ccbeb

Please sign in to comment.