From 6e22f26bbf324803cd8687e48189acf51ac74749 Mon Sep 17 00:00:00 2001 From: Quan Tian Date: Tue, 16 Mar 2021 23:21:55 +0800 Subject: [PATCH] Add EgressGroup API and Controller --- build/yamls/antrea-aks.yml | 60 +- build/yamls/antrea-eks.yml | 60 +- build/yamls/antrea-gke.yml | 60 +- build/yamls/antrea-ipsec.yml | 60 +- build/yamls/antrea.yml | 60 +- build/yamls/base/agent-rbac.yml | 16 + build/yamls/base/conf/antrea-agent.conf | 3 + build/yamls/base/conf/antrea-controller.conf | 3 + build/yamls/base/controller-rbac.yml | 8 + build/yamls/base/crds.yml | 22 + cmd/antrea-controller/controller.go | 18 + pkg/apis/controlplane/register.go | 3 + pkg/apis/controlplane/types.go | 25 + pkg/apis/controlplane/v1beta1/conversion.go | 2 +- pkg/apis/controlplane/v1beta1/generated.pb.go | 1035 ++++++++++++++--- pkg/apis/controlplane/v1beta1/generated.proto | 29 + pkg/apis/controlplane/v1beta1/register.go | 3 + pkg/apis/controlplane/v1beta1/types.go | 28 + .../v1beta1/zz_generated.conversion.go | 178 +++ .../v1beta1/zz_generated.deepcopy.go | 106 ++ .../controlplane/zz_generated.deepcopy.go | 106 ++ pkg/apiserver/apiserver.go | 7 +- pkg/apiserver/openapi/zz_generated.openapi.go | 146 +++ .../registry/controlplane/egressgroup/rest.go | 103 ++ .../v1beta1/controlplane_client.go | 7 +- .../typed/controlplane/v1beta1/egressgroup.go | 96 ++ .../v1beta1/fake/fake_controlplane_client.go | 6 +- .../v1beta1/fake/fake_egressgroup.go | 74 ++ .../v1beta1/generated_expansion.go | 4 +- pkg/controller/egress/controller.go | 241 ++++ pkg/controller/egress/store/egressgroup.go | 203 ++++ pkg/controller/types/egress.go | 33 + pkg/features/antrea_features.go | 5 + 33 files changed, 2648 insertions(+), 162 deletions(-) create mode 100644 pkg/apiserver/registry/controlplane/egressgroup/rest.go create mode 100644 pkg/client/clientset/versioned/typed/controlplane/v1beta1/egressgroup.go create mode 100644 pkg/client/clientset/versioned/typed/controlplane/v1beta1/fake/fake_egressgroup.go create mode 100644 pkg/controller/egress/controller.go create mode 100644 pkg/controller/egress/store/egressgroup.go create mode 100644 pkg/controller/types/egress.go diff --git a/build/yamls/antrea-aks.yml b/build/yamls/antrea-aks.yml index 8bdc85fc084..c305ef6af69 100644 --- a/build/yamls/antrea-aks.yml +++ b/build/yamls/antrea-aks.yml @@ -306,6 +306,30 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + labels: + app: antrea + name: egresses.egress.antrea.tanzu.vmware.com +spec: + group: egress.antrea.tanzu.vmware.com + names: + kind: Egress + plural: egresses + shortNames: + - eg + singular: egress + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: labels: app: antrea @@ -1036,6 +1060,14 @@ rules: - get - watch - list +- apiGroups: + - controlplane.antrea.tanzu.vmware.com + resources: + - egressgroups + verbs: + - get + - watch + - list - apiGroups: - controlplane.antrea.tanzu.vmware.com resources: @@ -1094,6 +1126,14 @@ rules: - patch - create - delete +- apiGroups: + - egress.antrea.tanzu.vmware.com + resources: + - egresses + verbs: + - get + - watch + - list --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -1258,6 +1298,14 @@ rules: - get - watch - list +- apiGroups: + - egress.antrea.tanzu.vmware.com + resources: + - egresses + verbs: + - get + - watch + - list - apiGroups: - core.antrea.tanzu.vmware.com resources: @@ -1360,6 +1408,9 @@ data: # Enable collecting and exposing NetworkPolicy statistics. # NetworkPolicyStats: false + # Enable controlling SNAT IPs of Pod egress traffic. + # Egress: false + # Name of the OpenVSwitch bridge antrea-agent will create and use. # Make sure it doesn't conflict with your existing OpenVSwitch bridges. #ovsBridge: br-int @@ -1508,6 +1559,9 @@ data: # Enable collecting and exposing NetworkPolicy statistics. # NetworkPolicyStats: false + # Enable controlling SNAT IPs of Pod egress traffic. + # Egress: false + # The port for the antrea-controller APIServer to serve on. # Note that if it's set to another value, the `containerPort` of the `api` port of the # `antrea-controller` container must be set to the same value. @@ -1538,7 +1592,7 @@ metadata: annotations: {} labels: app: antrea - name: antrea-config-h7cktb4h6k + name: antrea-config-b45h5tckch namespace: kube-system --- apiVersion: v1 @@ -1658,7 +1712,7 @@ spec: key: node-role.kubernetes.io/master volumes: - configMap: - name: antrea-config-h7cktb4h6k + name: antrea-config-b45h5tckch name: antrea-config - name: antrea-controller-tls secret: @@ -1922,7 +1976,7 @@ spec: operator: Exists volumes: - configMap: - name: antrea-config-h7cktb4h6k + name: antrea-config-b45h5tckch name: antrea-config - hostPath: path: /etc/cni/net.d diff --git a/build/yamls/antrea-eks.yml b/build/yamls/antrea-eks.yml index ebec4bd6e2b..a44fcd37011 100644 --- a/build/yamls/antrea-eks.yml +++ b/build/yamls/antrea-eks.yml @@ -306,6 +306,30 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + labels: + app: antrea + name: egresses.egress.antrea.tanzu.vmware.com +spec: + group: egress.antrea.tanzu.vmware.com + names: + kind: Egress + plural: egresses + shortNames: + - eg + singular: egress + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: labels: app: antrea @@ -1036,6 +1060,14 @@ rules: - get - watch - list +- apiGroups: + - controlplane.antrea.tanzu.vmware.com + resources: + - egressgroups + verbs: + - get + - watch + - list - apiGroups: - controlplane.antrea.tanzu.vmware.com resources: @@ -1094,6 +1126,14 @@ rules: - patch - create - delete +- apiGroups: + - egress.antrea.tanzu.vmware.com + resources: + - egresses + verbs: + - get + - watch + - list --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -1258,6 +1298,14 @@ rules: - get - watch - list +- apiGroups: + - egress.antrea.tanzu.vmware.com + resources: + - egresses + verbs: + - get + - watch + - list - apiGroups: - core.antrea.tanzu.vmware.com resources: @@ -1360,6 +1408,9 @@ data: # Enable collecting and exposing NetworkPolicy statistics. # NetworkPolicyStats: false + # Enable controlling SNAT IPs of Pod egress traffic. + # Egress: false + # Name of the OpenVSwitch bridge antrea-agent will create and use. # Make sure it doesn't conflict with your existing OpenVSwitch bridges. #ovsBridge: br-int @@ -1508,6 +1559,9 @@ data: # Enable collecting and exposing NetworkPolicy statistics. # NetworkPolicyStats: false + # Enable controlling SNAT IPs of Pod egress traffic. + # Egress: false + # The port for the antrea-controller APIServer to serve on. # Note that if it's set to another value, the `containerPort` of the `api` port of the # `antrea-controller` container must be set to the same value. @@ -1538,7 +1592,7 @@ metadata: annotations: {} labels: app: antrea - name: antrea-config-h7cktb4h6k + name: antrea-config-b45h5tckch namespace: kube-system --- apiVersion: v1 @@ -1658,7 +1712,7 @@ spec: key: node-role.kubernetes.io/master volumes: - configMap: - name: antrea-config-h7cktb4h6k + name: antrea-config-b45h5tckch name: antrea-config - name: antrea-controller-tls secret: @@ -1924,7 +1978,7 @@ spec: operator: Exists volumes: - configMap: - name: antrea-config-h7cktb4h6k + name: antrea-config-b45h5tckch name: antrea-config - hostPath: path: /etc/cni/net.d diff --git a/build/yamls/antrea-gke.yml b/build/yamls/antrea-gke.yml index f6c3e274516..6d3536993a2 100644 --- a/build/yamls/antrea-gke.yml +++ b/build/yamls/antrea-gke.yml @@ -306,6 +306,30 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + labels: + app: antrea + name: egresses.egress.antrea.tanzu.vmware.com +spec: + group: egress.antrea.tanzu.vmware.com + names: + kind: Egress + plural: egresses + shortNames: + - eg + singular: egress + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: labels: app: antrea @@ -1036,6 +1060,14 @@ rules: - get - watch - list +- apiGroups: + - controlplane.antrea.tanzu.vmware.com + resources: + - egressgroups + verbs: + - get + - watch + - list - apiGroups: - controlplane.antrea.tanzu.vmware.com resources: @@ -1094,6 +1126,14 @@ rules: - patch - create - delete +- apiGroups: + - egress.antrea.tanzu.vmware.com + resources: + - egresses + verbs: + - get + - watch + - list --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -1258,6 +1298,14 @@ rules: - get - watch - list +- apiGroups: + - egress.antrea.tanzu.vmware.com + resources: + - egresses + verbs: + - get + - watch + - list - apiGroups: - core.antrea.tanzu.vmware.com resources: @@ -1360,6 +1408,9 @@ data: # Enable collecting and exposing NetworkPolicy statistics. # NetworkPolicyStats: false + # Enable controlling SNAT IPs of Pod egress traffic. + # Egress: false + # Name of the OpenVSwitch bridge antrea-agent will create and use. # Make sure it doesn't conflict with your existing OpenVSwitch bridges. #ovsBridge: br-int @@ -1508,6 +1559,9 @@ data: # Enable collecting and exposing NetworkPolicy statistics. # NetworkPolicyStats: false + # Enable controlling SNAT IPs of Pod egress traffic. + # Egress: false + # The port for the antrea-controller APIServer to serve on. # Note that if it's set to another value, the `containerPort` of the `api` port of the # `antrea-controller` container must be set to the same value. @@ -1538,7 +1592,7 @@ metadata: annotations: {} labels: app: antrea - name: antrea-config-ck9cm44gbk + name: antrea-config-g45k8dcmg8 namespace: kube-system --- apiVersion: v1 @@ -1658,7 +1712,7 @@ spec: key: node-role.kubernetes.io/master volumes: - configMap: - name: antrea-config-ck9cm44gbk + name: antrea-config-g45k8dcmg8 name: antrea-config - name: antrea-controller-tls secret: @@ -1925,7 +1979,7 @@ spec: path: /home/kubernetes/bin name: host-cni-bin - configMap: - name: antrea-config-ck9cm44gbk + name: antrea-config-g45k8dcmg8 name: antrea-config - hostPath: path: /etc/cni/net.d diff --git a/build/yamls/antrea-ipsec.yml b/build/yamls/antrea-ipsec.yml index 1e3f7e9103c..01cea385c08 100644 --- a/build/yamls/antrea-ipsec.yml +++ b/build/yamls/antrea-ipsec.yml @@ -306,6 +306,30 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + labels: + app: antrea + name: egresses.egress.antrea.tanzu.vmware.com +spec: + group: egress.antrea.tanzu.vmware.com + names: + kind: Egress + plural: egresses + shortNames: + - eg + singular: egress + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: labels: app: antrea @@ -1036,6 +1060,14 @@ rules: - get - watch - list +- apiGroups: + - controlplane.antrea.tanzu.vmware.com + resources: + - egressgroups + verbs: + - get + - watch + - list - apiGroups: - controlplane.antrea.tanzu.vmware.com resources: @@ -1094,6 +1126,14 @@ rules: - patch - create - delete +- apiGroups: + - egress.antrea.tanzu.vmware.com + resources: + - egresses + verbs: + - get + - watch + - list --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -1258,6 +1298,14 @@ rules: - get - watch - list +- apiGroups: + - egress.antrea.tanzu.vmware.com + resources: + - egresses + verbs: + - get + - watch + - list - apiGroups: - core.antrea.tanzu.vmware.com resources: @@ -1360,6 +1408,9 @@ data: # Enable collecting and exposing NetworkPolicy statistics. # NetworkPolicyStats: false + # Enable controlling SNAT IPs of Pod egress traffic. + # Egress: false + # Name of the OpenVSwitch bridge antrea-agent will create and use. # Make sure it doesn't conflict with your existing OpenVSwitch bridges. #ovsBridge: br-int @@ -1513,6 +1564,9 @@ data: # Enable collecting and exposing NetworkPolicy statistics. # NetworkPolicyStats: false + # Enable controlling SNAT IPs of Pod egress traffic. + # Egress: false + # The port for the antrea-controller APIServer to serve on. # Note that if it's set to another value, the `containerPort` of the `api` port of the # `antrea-controller` container must be set to the same value. @@ -1543,7 +1597,7 @@ metadata: annotations: {} labels: app: antrea - name: antrea-config-gd8b5282d2 + name: antrea-config-7tgg29h7mm namespace: kube-system --- apiVersion: v1 @@ -1672,7 +1726,7 @@ spec: key: node-role.kubernetes.io/master volumes: - configMap: - name: antrea-config-gd8b5282d2 + name: antrea-config-7tgg29h7mm name: antrea-config - name: antrea-controller-tls secret: @@ -1971,7 +2025,7 @@ spec: operator: Exists volumes: - configMap: - name: antrea-config-gd8b5282d2 + name: antrea-config-7tgg29h7mm name: antrea-config - hostPath: path: /etc/cni/net.d diff --git a/build/yamls/antrea.yml b/build/yamls/antrea.yml index 0a9723918ba..76098f573dd 100644 --- a/build/yamls/antrea.yml +++ b/build/yamls/antrea.yml @@ -306,6 +306,30 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + labels: + app: antrea + name: egresses.egress.antrea.tanzu.vmware.com +spec: + group: egress.antrea.tanzu.vmware.com + names: + kind: Egress + plural: egresses + shortNames: + - eg + singular: egress + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: labels: app: antrea @@ -1036,6 +1060,14 @@ rules: - get - watch - list +- apiGroups: + - controlplane.antrea.tanzu.vmware.com + resources: + - egressgroups + verbs: + - get + - watch + - list - apiGroups: - controlplane.antrea.tanzu.vmware.com resources: @@ -1094,6 +1126,14 @@ rules: - patch - create - delete +- apiGroups: + - egress.antrea.tanzu.vmware.com + resources: + - egresses + verbs: + - get + - watch + - list --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -1258,6 +1298,14 @@ rules: - get - watch - list +- apiGroups: + - egress.antrea.tanzu.vmware.com + resources: + - egresses + verbs: + - get + - watch + - list - apiGroups: - core.antrea.tanzu.vmware.com resources: @@ -1360,6 +1408,9 @@ data: # Enable collecting and exposing NetworkPolicy statistics. # NetworkPolicyStats: false + # Enable controlling SNAT IPs of Pod egress traffic. + # Egress: false + # Name of the OpenVSwitch bridge antrea-agent will create and use. # Make sure it doesn't conflict with your existing OpenVSwitch bridges. #ovsBridge: br-int @@ -1513,6 +1564,9 @@ data: # Enable collecting and exposing NetworkPolicy statistics. # NetworkPolicyStats: false + # Enable controlling SNAT IPs of Pod egress traffic. + # Egress: false + # The port for the antrea-controller APIServer to serve on. # Note that if it's set to another value, the `containerPort` of the `api` port of the # `antrea-controller` container must be set to the same value. @@ -1543,7 +1597,7 @@ metadata: annotations: {} labels: app: antrea - name: antrea-config-7ghm8d9bm9 + name: antrea-config-7tt2t8mbc7 namespace: kube-system --- apiVersion: v1 @@ -1663,7 +1717,7 @@ spec: key: node-role.kubernetes.io/master volumes: - configMap: - name: antrea-config-7ghm8d9bm9 + name: antrea-config-7tt2t8mbc7 name: antrea-config - name: antrea-controller-tls secret: @@ -1927,7 +1981,7 @@ spec: operator: Exists volumes: - configMap: - name: antrea-config-7ghm8d9bm9 + name: antrea-config-7tt2t8mbc7 name: antrea-config - hostPath: path: /etc/cni/net.d diff --git a/build/yamls/base/agent-rbac.yml b/build/yamls/base/agent-rbac.yml index 28bc15d3942..c81cda472c6 100644 --- a/build/yamls/base/agent-rbac.yml +++ b/build/yamls/base/agent-rbac.yml @@ -64,6 +64,14 @@ rules: - get - watch - list + - apiGroups: + - controlplane.antrea.tanzu.vmware.com + resources: + - egressgroups + verbs: + - get + - watch + - list - apiGroups: - controlplane.antrea.tanzu.vmware.com resources: @@ -128,6 +136,14 @@ rules: - patch - create - delete + - apiGroups: + - egress.antrea.tanzu.vmware.com + resources: + - egresses + verbs: + - get + - watch + - list --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/build/yamls/base/conf/antrea-agent.conf b/build/yamls/base/conf/antrea-agent.conf index 52fe04312dd..b9e8641c25f 100644 --- a/build/yamls/base/conf/antrea-agent.conf +++ b/build/yamls/base/conf/antrea-agent.conf @@ -28,6 +28,9 @@ featureGates: # Enable collecting and exposing NetworkPolicy statistics. # NetworkPolicyStats: false +# Enable controlling SNAT IPs of Pod egress traffic. +# Egress: false + # Name of the OpenVSwitch bridge antrea-agent will create and use. # Make sure it doesn't conflict with your existing OpenVSwitch bridges. #ovsBridge: br-int diff --git a/build/yamls/base/conf/antrea-controller.conf b/build/yamls/base/conf/antrea-controller.conf index d6ec73e8bd4..f5760bff570 100644 --- a/build/yamls/base/conf/antrea-controller.conf +++ b/build/yamls/base/conf/antrea-controller.conf @@ -11,6 +11,9 @@ featureGates: # Enable collecting and exposing NetworkPolicy statistics. # NetworkPolicyStats: false +# Enable controlling SNAT IPs of Pod egress traffic. +# Egress: false + # The port for the antrea-controller APIServer to serve on. # Note that if it's set to another value, the `containerPort` of the `api` port of the # `antrea-controller` container must be set to the same value. diff --git a/build/yamls/base/controller-rbac.yml b/build/yamls/base/controller-rbac.yml index 778edb522b5..40be08ce825 100644 --- a/build/yamls/base/controller-rbac.yml +++ b/build/yamls/base/controller-rbac.yml @@ -156,6 +156,14 @@ rules: - get - watch - list + - apiGroups: + - egress.antrea.tanzu.vmware.com + resources: + - egresses + verbs: + - get + - watch + - list - apiGroups: - core.antrea.tanzu.vmware.com resources: diff --git a/build/yamls/base/crds.yml b/build/yamls/base/crds.yml index 64b8750f3d7..e4d8cca9190 100644 --- a/build/yamls/base/crds.yml +++ b/build/yamls/base/crds.yml @@ -45,6 +45,28 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + name: egresses.egress.antrea.tanzu.vmware.com +spec: + group: egress.antrea.tanzu.vmware.com + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + scope: Cluster + names: + plural: egresses + singular: egress + kind: Egress + shortNames: + - eg +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: name: traceflows.ops.antrea.tanzu.vmware.com spec: diff --git a/cmd/antrea-controller/controller.go b/cmd/antrea-controller/controller.go index a043251fa3c..9032a2455fe 100644 --- a/cmd/antrea-controller/controller.go +++ b/cmd/antrea-controller/controller.go @@ -36,6 +36,8 @@ import ( "github.com/vmware-tanzu/antrea/pkg/apiserver/storage" crdinformers "github.com/vmware-tanzu/antrea/pkg/client/informers/externalversions" "github.com/vmware-tanzu/antrea/pkg/clusteridentity" + "github.com/vmware-tanzu/antrea/pkg/controller/egress" + egressstore "github.com/vmware-tanzu/antrea/pkg/controller/egress/store" "github.com/vmware-tanzu/antrea/pkg/controller/grouping" "github.com/vmware-tanzu/antrea/pkg/controller/metrics" "github.com/vmware-tanzu/antrea/pkg/controller/networkpolicy" @@ -108,6 +110,7 @@ func run(o *Options) error { tierInformer := crdInformerFactory.Security().V1alpha1().Tiers() traceflowInformer := crdInformerFactory.Ops().V1alpha1().Traceflows() cgInformer := crdInformerFactory.Core().V1alpha2().ClusterGroups() + egressInformer := crdInformerFactory.Egress().V1alpha1().Egresses() clusterIdentityAllocator := clusteridentity.NewClusterIdentityAllocator( env.GetAntreaNamespace(), @@ -119,6 +122,7 @@ func run(o *Options) error { addressGroupStore := store.NewAddressGroupStore() appliedToGroupStore := store.NewAppliedToGroupStore() networkPolicyStore := store.NewNetworkPolicyStore() + egressGroupStore := egressstore.NewEgressGroupStore() groupStore := store.NewGroupStore() groupEntityIndex := grouping.NewGroupEntityIndex() groupEntityController := grouping.NewGroupEntityController(groupEntityIndex, podInformer, namespaceInformer, externalEntityInformer) @@ -148,6 +152,11 @@ func run(o *Options) error { controllerMonitor := monitor.NewControllerMonitor(crdClient, nodeInformer, controllerQuerier) + var egressController *egress.EgressController + if features.DefaultFeatureGate.Enabled(features.Egress) { + egressController = egress.NewEgressController(groupEntityIndex, egressInformer, egressGroupStore) + } + var traceflowController *traceflow.Controller if features.DefaultFeatureGate.Enabled(features.Traceflow) { traceflowController = traceflow.NewTraceflowController(crdClient, podInformer, traceflowInformer) @@ -174,6 +183,7 @@ func run(o *Options) error { appliedToGroupStore, networkPolicyStore, groupStore, + egressGroupStore, controllerQuerier, endpointQuerier, networkPolicyController, @@ -213,6 +223,8 @@ func run(o *Options) error { go networkPolicyController.Run(stopCh) + go egressController.Run(stopCh) + go apiServer.Run(stopCh) if features.DefaultFeatureGate.Enabled(features.NetworkPolicyStats) { @@ -231,6 +243,10 @@ func run(o *Options) error { go networkPolicyStatusController.Run(stopCh) } + if features.DefaultFeatureGate.Enabled(features.Egress) { + go egressController.Run(stopCh) + } + <-stopCh klog.Info("Stopping Antrea controller") return nil @@ -245,6 +261,7 @@ func createAPIServerConfig(kubeconfig string, appliedToGroupStore storage.Interface, networkPolicyStore storage.Interface, groupStore storage.Interface, + egressGroupStore storage.Interface, controllerQuerier querier.ControllerQuerier, endpointQuerier networkpolicy.EndpointQuerier, npController *networkpolicy.NetworkPolicyController, @@ -302,6 +319,7 @@ func createAPIServerConfig(kubeconfig string, appliedToGroupStore, networkPolicyStore, groupStore, + egressGroupStore, caCertController, statsAggregator, controllerQuerier, diff --git a/pkg/apis/controlplane/register.go b/pkg/apis/controlplane/register.go index 8d0631e4f36..f34be95ec80 100644 --- a/pkg/apis/controlplane/register.go +++ b/pkg/apis/controlplane/register.go @@ -57,6 +57,9 @@ func addKnownTypes(scheme *runtime.Scheme) error { &NodeStatsSummary{}, &ClusterGroupMembers{}, &GroupAssociation{}, + &EgressGroup{}, + &EgressGroupPatch{}, + &EgressGroupList{}, ) return nil } diff --git a/pkg/apis/controlplane/types.go b/pkg/apis/controlplane/types.go index 857c64720ed..69b8c3fa52b 100644 --- a/pkg/apis/controlplane/types.go +++ b/pkg/apis/controlplane/types.go @@ -330,3 +330,28 @@ type GroupAssociation struct { // Pod/ExternalEntity being queried. AssociatedGroups []GroupReference } + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type EgressGroup struct { + metav1.TypeMeta + metav1.ObjectMeta + // GroupMembers is a list of GroupMember selected by this group. + GroupMembers []GroupMember +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// EgressGroupPatch describes the incremental update of an EgressGroup. +type EgressGroupPatch struct { + metav1.TypeMeta + metav1.ObjectMeta + AddedGroupMembers []GroupMember + RemovedGroupMembers []GroupMember +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// EgressGroupList is a list of EgressGroup objects. +type EgressGroupList struct { + metav1.TypeMeta + metav1.ListMeta + Items []EgressGroup +} diff --git a/pkg/apis/controlplane/v1beta1/conversion.go b/pkg/apis/controlplane/v1beta1/conversion.go index 4c8152d0523..4481dbad1de 100644 --- a/pkg/apis/controlplane/v1beta1/conversion.go +++ b/pkg/apis/controlplane/v1beta1/conversion.go @@ -31,7 +31,7 @@ func init() { // addConversionFuncs adds non-generated conversion functions to the given scheme. func addConversionFuncs(scheme *runtime.Scheme) error { - for _, kind := range []string{"AppliedToGroup", "AddressGroup", "NetworkPolicy"} { + for _, kind := range []string{"AppliedToGroup", "AddressGroup", "NetworkPolicy", "EgressGroup"} { err := scheme.AddFieldLabelConversionFunc(SchemeGroupVersion.WithKind(kind), func(label, value string) (string, string, error) { switch label { diff --git a/pkg/apis/controlplane/v1beta1/generated.pb.go b/pkg/apis/controlplane/v1beta1/generated.pb.go index 84c8975a29c..2316e940534 100644 --- a/pkg/apis/controlplane/v1beta1/generated.pb.go +++ b/pkg/apis/controlplane/v1beta1/generated.pb.go @@ -214,10 +214,94 @@ func (m *AppliedToGroupPatch) XXX_DiscardUnknown() { var xxx_messageInfo_AppliedToGroupPatch proto.InternalMessageInfo +func (m *EgressGroup) Reset() { *m = EgressGroup{} } +func (*EgressGroup) ProtoMessage() {} +func (*EgressGroup) Descriptor() ([]byte, []int) { + return fileDescriptor_345cd0a9074e5729, []int{6} +} +func (m *EgressGroup) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *EgressGroup) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *EgressGroup) XXX_Merge(src proto.Message) { + xxx_messageInfo_EgressGroup.Merge(m, src) +} +func (m *EgressGroup) XXX_Size() int { + return m.Size() +} +func (m *EgressGroup) XXX_DiscardUnknown() { + xxx_messageInfo_EgressGroup.DiscardUnknown(m) +} + +var xxx_messageInfo_EgressGroup proto.InternalMessageInfo + +func (m *EgressGroupList) Reset() { *m = EgressGroupList{} } +func (*EgressGroupList) ProtoMessage() {} +func (*EgressGroupList) Descriptor() ([]byte, []int) { + return fileDescriptor_345cd0a9074e5729, []int{7} +} +func (m *EgressGroupList) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *EgressGroupList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *EgressGroupList) XXX_Merge(src proto.Message) { + xxx_messageInfo_EgressGroupList.Merge(m, src) +} +func (m *EgressGroupList) XXX_Size() int { + return m.Size() +} +func (m *EgressGroupList) XXX_DiscardUnknown() { + xxx_messageInfo_EgressGroupList.DiscardUnknown(m) +} + +var xxx_messageInfo_EgressGroupList proto.InternalMessageInfo + +func (m *EgressGroupPatch) Reset() { *m = EgressGroupPatch{} } +func (*EgressGroupPatch) ProtoMessage() {} +func (*EgressGroupPatch) Descriptor() ([]byte, []int) { + return fileDescriptor_345cd0a9074e5729, []int{8} +} +func (m *EgressGroupPatch) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *EgressGroupPatch) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *EgressGroupPatch) XXX_Merge(src proto.Message) { + xxx_messageInfo_EgressGroupPatch.Merge(m, src) +} +func (m *EgressGroupPatch) XXX_Size() int { + return m.Size() +} +func (m *EgressGroupPatch) XXX_DiscardUnknown() { + xxx_messageInfo_EgressGroupPatch.DiscardUnknown(m) +} + +var xxx_messageInfo_EgressGroupPatch proto.InternalMessageInfo + func (m *Endpoint) Reset() { *m = Endpoint{} } func (*Endpoint) ProtoMessage() {} func (*Endpoint) Descriptor() ([]byte, []int) { - return fileDescriptor_345cd0a9074e5729, []int{6} + return fileDescriptor_345cd0a9074e5729, []int{9} } func (m *Endpoint) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -245,7 +329,7 @@ var xxx_messageInfo_Endpoint proto.InternalMessageInfo func (m *ExternalEntityReference) Reset() { *m = ExternalEntityReference{} } func (*ExternalEntityReference) ProtoMessage() {} func (*ExternalEntityReference) Descriptor() ([]byte, []int) { - return fileDescriptor_345cd0a9074e5729, []int{7} + return fileDescriptor_345cd0a9074e5729, []int{10} } func (m *ExternalEntityReference) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -273,7 +357,7 @@ var xxx_messageInfo_ExternalEntityReference proto.InternalMessageInfo func (m *GroupMember) Reset() { *m = GroupMember{} } func (*GroupMember) ProtoMessage() {} func (*GroupMember) Descriptor() ([]byte, []int) { - return fileDescriptor_345cd0a9074e5729, []int{8} + return fileDescriptor_345cd0a9074e5729, []int{11} } func (m *GroupMember) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -301,7 +385,7 @@ var xxx_messageInfo_GroupMember proto.InternalMessageInfo func (m *GroupMemberPod) Reset() { *m = GroupMemberPod{} } func (*GroupMemberPod) ProtoMessage() {} func (*GroupMemberPod) Descriptor() ([]byte, []int) { - return fileDescriptor_345cd0a9074e5729, []int{9} + return fileDescriptor_345cd0a9074e5729, []int{12} } func (m *GroupMemberPod) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -329,7 +413,7 @@ var xxx_messageInfo_GroupMemberPod proto.InternalMessageInfo func (m *IPBlock) Reset() { *m = IPBlock{} } func (*IPBlock) ProtoMessage() {} func (*IPBlock) Descriptor() ([]byte, []int) { - return fileDescriptor_345cd0a9074e5729, []int{10} + return fileDescriptor_345cd0a9074e5729, []int{13} } func (m *IPBlock) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -357,7 +441,7 @@ var xxx_messageInfo_IPBlock proto.InternalMessageInfo func (m *IPNet) Reset() { *m = IPNet{} } func (*IPNet) ProtoMessage() {} func (*IPNet) Descriptor() ([]byte, []int) { - return fileDescriptor_345cd0a9074e5729, []int{11} + return fileDescriptor_345cd0a9074e5729, []int{14} } func (m *IPNet) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -385,7 +469,7 @@ var xxx_messageInfo_IPNet proto.InternalMessageInfo func (m *NamedPort) Reset() { *m = NamedPort{} } func (*NamedPort) ProtoMessage() {} func (*NamedPort) Descriptor() ([]byte, []int) { - return fileDescriptor_345cd0a9074e5729, []int{12} + return fileDescriptor_345cd0a9074e5729, []int{15} } func (m *NamedPort) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -413,7 +497,7 @@ var xxx_messageInfo_NamedPort proto.InternalMessageInfo func (m *NetworkPolicy) Reset() { *m = NetworkPolicy{} } func (*NetworkPolicy) ProtoMessage() {} func (*NetworkPolicy) Descriptor() ([]byte, []int) { - return fileDescriptor_345cd0a9074e5729, []int{13} + return fileDescriptor_345cd0a9074e5729, []int{16} } func (m *NetworkPolicy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -441,7 +525,7 @@ var xxx_messageInfo_NetworkPolicy proto.InternalMessageInfo func (m *NetworkPolicyList) Reset() { *m = NetworkPolicyList{} } func (*NetworkPolicyList) ProtoMessage() {} func (*NetworkPolicyList) Descriptor() ([]byte, []int) { - return fileDescriptor_345cd0a9074e5729, []int{14} + return fileDescriptor_345cd0a9074e5729, []int{17} } func (m *NetworkPolicyList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -469,7 +553,7 @@ var xxx_messageInfo_NetworkPolicyList proto.InternalMessageInfo func (m *NetworkPolicyPeer) Reset() { *m = NetworkPolicyPeer{} } func (*NetworkPolicyPeer) ProtoMessage() {} func (*NetworkPolicyPeer) Descriptor() ([]byte, []int) { - return fileDescriptor_345cd0a9074e5729, []int{15} + return fileDescriptor_345cd0a9074e5729, []int{18} } func (m *NetworkPolicyPeer) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -497,7 +581,7 @@ var xxx_messageInfo_NetworkPolicyPeer proto.InternalMessageInfo func (m *NetworkPolicyReference) Reset() { *m = NetworkPolicyReference{} } func (*NetworkPolicyReference) ProtoMessage() {} func (*NetworkPolicyReference) Descriptor() ([]byte, []int) { - return fileDescriptor_345cd0a9074e5729, []int{16} + return fileDescriptor_345cd0a9074e5729, []int{19} } func (m *NetworkPolicyReference) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -525,7 +609,7 @@ var xxx_messageInfo_NetworkPolicyReference proto.InternalMessageInfo func (m *NetworkPolicyRule) Reset() { *m = NetworkPolicyRule{} } func (*NetworkPolicyRule) ProtoMessage() {} func (*NetworkPolicyRule) Descriptor() ([]byte, []int) { - return fileDescriptor_345cd0a9074e5729, []int{17} + return fileDescriptor_345cd0a9074e5729, []int{20} } func (m *NetworkPolicyRule) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -553,7 +637,7 @@ var xxx_messageInfo_NetworkPolicyRule proto.InternalMessageInfo func (m *NetworkPolicyStats) Reset() { *m = NetworkPolicyStats{} } func (*NetworkPolicyStats) ProtoMessage() {} func (*NetworkPolicyStats) Descriptor() ([]byte, []int) { - return fileDescriptor_345cd0a9074e5729, []int{18} + return fileDescriptor_345cd0a9074e5729, []int{21} } func (m *NetworkPolicyStats) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -581,7 +665,7 @@ var xxx_messageInfo_NetworkPolicyStats proto.InternalMessageInfo func (m *NodeStatsSummary) Reset() { *m = NodeStatsSummary{} } func (*NodeStatsSummary) ProtoMessage() {} func (*NodeStatsSummary) Descriptor() ([]byte, []int) { - return fileDescriptor_345cd0a9074e5729, []int{19} + return fileDescriptor_345cd0a9074e5729, []int{22} } func (m *NodeStatsSummary) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -609,7 +693,7 @@ var xxx_messageInfo_NodeStatsSummary proto.InternalMessageInfo func (m *PodReference) Reset() { *m = PodReference{} } func (*PodReference) ProtoMessage() {} func (*PodReference) Descriptor() ([]byte, []int) { - return fileDescriptor_345cd0a9074e5729, []int{20} + return fileDescriptor_345cd0a9074e5729, []int{23} } func (m *PodReference) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -637,7 +721,7 @@ var xxx_messageInfo_PodReference proto.InternalMessageInfo func (m *Service) Reset() { *m = Service{} } func (*Service) ProtoMessage() {} func (*Service) Descriptor() ([]byte, []int) { - return fileDescriptor_345cd0a9074e5729, []int{21} + return fileDescriptor_345cd0a9074e5729, []int{24} } func (m *Service) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -669,6 +753,9 @@ func init() { proto.RegisterType((*AppliedToGroup)(nil), "github.com.vmware_tanzu.antrea.pkg.apis.controlplane.v1beta1.AppliedToGroup") proto.RegisterType((*AppliedToGroupList)(nil), "github.com.vmware_tanzu.antrea.pkg.apis.controlplane.v1beta1.AppliedToGroupList") proto.RegisterType((*AppliedToGroupPatch)(nil), "github.com.vmware_tanzu.antrea.pkg.apis.controlplane.v1beta1.AppliedToGroupPatch") + proto.RegisterType((*EgressGroup)(nil), "github.com.vmware_tanzu.antrea.pkg.apis.controlplane.v1beta1.EgressGroup") + proto.RegisterType((*EgressGroupList)(nil), "github.com.vmware_tanzu.antrea.pkg.apis.controlplane.v1beta1.EgressGroupList") + proto.RegisterType((*EgressGroupPatch)(nil), "github.com.vmware_tanzu.antrea.pkg.apis.controlplane.v1beta1.EgressGroupPatch") proto.RegisterType((*Endpoint)(nil), "github.com.vmware_tanzu.antrea.pkg.apis.controlplane.v1beta1.Endpoint") proto.RegisterType((*ExternalEntityReference)(nil), "github.com.vmware_tanzu.antrea.pkg.apis.controlplane.v1beta1.ExternalEntityReference") proto.RegisterType((*GroupMember)(nil), "github.com.vmware_tanzu.antrea.pkg.apis.controlplane.v1beta1.GroupMember") @@ -692,113 +779,117 @@ func init() { } var fileDescriptor_345cd0a9074e5729 = []byte{ - // 1681 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x59, 0xbd, 0x6f, 0x1b, 0x47, - 0x16, 0xd7, 0xf2, 0x43, 0x12, 0x47, 0xa4, 0x3e, 0x46, 0xe7, 0x33, 0xcf, 0xe7, 0x23, 0xe5, 0xbd, - 0x2b, 0x54, 0x9c, 0x97, 0x96, 0xcf, 0x97, 0x18, 0x88, 0x53, 0x88, 0x96, 0xec, 0x30, 0x91, 0x65, - 0x62, 0x24, 0x37, 0x41, 0x80, 0x64, 0xb5, 0x3b, 0xa4, 0xd6, 0x5a, 0xee, 0xac, 0x67, 0x87, 0xb2, - 0x15, 0x20, 0x41, 0x8c, 0x54, 0x71, 0x91, 0xcf, 0x26, 0x4d, 0xca, 0x34, 0x41, 0xfe, 0x81, 0xa4, - 0x4b, 0xe7, 0xd2, 0xa5, 0x9b, 0x10, 0x11, 0x8d, 0x18, 0xe9, 0xd2, 0x0b, 0x08, 0x10, 0xcc, 0xec, - 0xec, 0x17, 0x29, 0xda, 0x4a, 0x48, 0x09, 0x29, 0x5c, 0x49, 0x3b, 0xf3, 0xe6, 0xfd, 0x7e, 0xf3, - 0xde, 0x9b, 0xdf, 0xbe, 0x1d, 0x82, 0xb5, 0xa6, 0xc5, 0xb6, 0xdb, 0x5b, 0x9a, 0x41, 0x5a, 0x95, - 0xdd, 0xd6, 0x5d, 0x9d, 0xe2, 0xf3, 0x4c, 0x77, 0xde, 0x6d, 0x57, 0x74, 0x87, 0x51, 0xac, 0x57, - 0xdc, 0x9d, 0x66, 0x45, 0x77, 0x2d, 0xaf, 0x62, 0x10, 0x87, 0x51, 0x62, 0xbb, 0xb6, 0xee, 0xe0, - 0xca, 0xee, 0xd2, 0x16, 0x66, 0xfa, 0x52, 0xa5, 0x89, 0x1d, 0x4c, 0x75, 0x86, 0x4d, 0xcd, 0xa5, - 0x84, 0x11, 0x78, 0x25, 0xf2, 0xa6, 0xf9, 0xde, 0xde, 0x16, 0xde, 0x34, 0xdf, 0x9b, 0xe6, 0xee, - 0x34, 0x35, 0xee, 0x4d, 0x8b, 0x7b, 0xd3, 0xa4, 0xb7, 0x33, 0xe7, 0x63, 0x5c, 0x9a, 0xa4, 0x49, - 0x2a, 0xc2, 0xe9, 0x56, 0xbb, 0x21, 0x9e, 0xc4, 0x83, 0xf8, 0xcf, 0x07, 0x3b, 0x73, 0xed, 0xa8, - 0xd4, 0x3d, 0xa6, 0x33, 0xaf, 0xb2, 0xbb, 0xa4, 0xdb, 0xee, 0x76, 0x3f, 0xe9, 0x33, 0x97, 0x76, - 0x2e, 0x7b, 0x9a, 0x45, 0xb8, 0x6d, 0x4b, 0x37, 0xb6, 0x2d, 0x07, 0xd3, 0xbd, 0x68, 0x71, 0x0b, - 0x33, 0xbd, 0xb2, 0xdb, 0xbf, 0xaa, 0x32, 0x68, 0x15, 0x6d, 0x3b, 0xcc, 0x6a, 0xe1, 0xbe, 0x05, - 0x2f, 0x3d, 0x6f, 0x81, 0x67, 0x6c, 0xe3, 0x96, 0xde, 0xb7, 0xee, 0x7f, 0x83, 0xd6, 0xb5, 0x99, - 0x65, 0x57, 0x2c, 0x87, 0x79, 0x8c, 0xf6, 0x2e, 0x52, 0x9f, 0xa6, 0x40, 0x7e, 0xd9, 0x34, 0x29, - 0xf6, 0xbc, 0xeb, 0x94, 0xb4, 0x5d, 0xf8, 0x0e, 0x98, 0xe4, 0x3b, 0x31, 0x75, 0xa6, 0x17, 0x95, - 0x05, 0x65, 0x71, 0xea, 0xe2, 0x05, 0xcd, 0x77, 0xac, 0xc5, 0x1d, 0x47, 0x19, 0xe2, 0xd6, 0xda, - 0xee, 0x92, 0x76, 0x73, 0xeb, 0x36, 0x36, 0xd8, 0x0d, 0xcc, 0xf4, 0x2a, 0x7c, 0xd8, 0x29, 0x8f, - 0x75, 0x3b, 0x65, 0x10, 0x8d, 0xa1, 0xd0, 0x2b, 0x74, 0x40, 0xc6, 0x25, 0xa6, 0x57, 0x4c, 0x2d, - 0xa4, 0x17, 0xa7, 0x2e, 0xae, 0x69, 0xc3, 0x94, 0x82, 0x26, 0x48, 0xdf, 0xc0, 0xad, 0x2d, 0x4c, - 0xeb, 0xc4, 0xac, 0xe6, 0x25, 0x72, 0xa6, 0x4e, 0x4c, 0x0f, 0x09, 0x1c, 0xf8, 0xa1, 0x02, 0xf2, - 0xcd, 0xc8, 0xcc, 0x2b, 0xa6, 0x05, 0x70, 0x6d, 0x64, 0xc0, 0xd5, 0xbf, 0x49, 0xd4, 0x7c, 0x6c, - 0xd0, 0x43, 0x09, 0x50, 0x75, 0x5f, 0x01, 0xb3, 0xf1, 0x40, 0xaf, 0x59, 0x1e, 0x83, 0x6f, 0xf5, - 0x05, 0x5b, 0x3b, 0x5a, 0xb0, 0xf9, 0x6a, 0x11, 0xea, 0x59, 0x09, 0x3d, 0x19, 0x8c, 0xc4, 0x02, - 0x4d, 0x40, 0xd6, 0x62, 0xb8, 0x15, 0x44, 0xfa, 0xf5, 0xe1, 0x36, 0x1c, 0x27, 0x5f, 0x2d, 0x48, - 0xd8, 0x6c, 0x8d, 0x03, 0x20, 0x1f, 0x47, 0xfd, 0x26, 0x0b, 0xe6, 0xe2, 0x66, 0x75, 0x9d, 0x19, - 0xdb, 0x27, 0x50, 0x51, 0xef, 0x81, 0x9c, 0x6e, 0x9a, 0xd8, 0xac, 0x1f, 0x57, 0x59, 0xcd, 0x49, - 0xf8, 0xdc, 0x72, 0x00, 0x83, 0x22, 0x44, 0x5e, 0x60, 0x53, 0x14, 0xb7, 0xc8, 0xae, 0x64, 0x90, - 0x3e, 0x06, 0x06, 0xf3, 0x92, 0xc1, 0x14, 0x8a, 0x80, 0x50, 0x1c, 0x15, 0x7e, 0xae, 0x80, 0x39, - 0xc1, 0x29, 0x5e, 0x84, 0xc5, 0xcc, 0xa8, 0x6b, 0xfd, 0x1f, 0x92, 0xc8, 0xdc, 0x72, 0x2f, 0x16, - 0xea, 0x87, 0x87, 0x5f, 0x2a, 0x60, 0x5e, 0x92, 0x4c, 0xd0, 0xca, 0x8e, 0x9a, 0xd6, 0x3f, 0x25, - 0xad, 0x79, 0xd4, 0x8f, 0x86, 0x0e, 0xa3, 0xa0, 0xfe, 0x92, 0x02, 0xd3, 0xcb, 0xae, 0x6b, 0x5b, - 0xd8, 0xdc, 0x24, 0x2f, 0xb4, 0xef, 0x38, 0xb5, 0xef, 0x67, 0x05, 0xc0, 0x64, 0xa8, 0x4f, 0x40, - 0xfd, 0xee, 0x24, 0xd5, 0x6f, 0xc8, 0x58, 0x27, 0xe9, 0x0f, 0xd0, 0xbf, 0x6f, 0xb3, 0x60, 0x3e, - 0x69, 0xf8, 0x42, 0x01, 0x5f, 0x28, 0xe0, 0x5f, 0x56, 0x01, 0xbf, 0x52, 0xc0, 0xe4, 0xaa, 0x63, - 0xba, 0xc4, 0x72, 0x18, 0xfc, 0x37, 0x48, 0x59, 0xae, 0xa8, 0xce, 0x7c, 0x75, 0xbe, 0xdb, 0x29, - 0xa7, 0x6a, 0xf5, 0x83, 0x4e, 0x39, 0x57, 0xab, 0xcb, 0x17, 0x3a, 0x4a, 0x59, 0x2e, 0xb4, 0x41, - 0xd6, 0x25, 0x94, 0x05, 0x25, 0x76, 0x7d, 0x38, 0xf6, 0xeb, 0x7a, 0x8b, 0x67, 0x8e, 0xb2, 0xe8, - 0x38, 0xf1, 0x27, 0x0f, 0xf9, 0x20, 0xaa, 0x0d, 0x4e, 0xaf, 0xde, 0x63, 0x98, 0x3a, 0xba, 0xbd, - 0xea, 0x30, 0x8b, 0xed, 0x21, 0xdc, 0xc0, 0x14, 0x3b, 0x06, 0x86, 0x0b, 0x20, 0xe3, 0xe8, 0x2d, - 0x2c, 0xf8, 0xe6, 0x22, 0xe5, 0xe3, 0x1e, 0x91, 0x98, 0x81, 0x15, 0x90, 0xe3, 0x7f, 0x3d, 0x57, - 0x37, 0x70, 0x31, 0x25, 0xcc, 0xc2, 0x1a, 0x5e, 0x0f, 0x26, 0x50, 0x64, 0xa3, 0xde, 0x4f, 0x83, - 0xa9, 0x58, 0x78, 0x20, 0x06, 0x69, 0x97, 0x98, 0xf2, 0xbc, 0x0e, 0xd9, 0x3b, 0xd5, 0x89, 0x19, - 0x72, 0xaf, 0x4e, 0x74, 0x3b, 0xe5, 0x34, 0x1f, 0xe1, 0xfe, 0xe1, 0x67, 0x0a, 0x98, 0xc6, 0x89, - 0x5d, 0x0a, 0xb6, 0x53, 0x17, 0x6f, 0x0d, 0x07, 0x39, 0x20, 0x72, 0x55, 0xd8, 0xed, 0x94, 0xa7, - 0x7b, 0x26, 0x7b, 0x08, 0xc0, 0xbb, 0x20, 0x87, 0x65, 0x5d, 0x04, 0x67, 0xf9, 0xda, 0x90, 0x6c, - 0xa4, 0xbb, 0x28, 0x07, 0xc1, 0x88, 0x87, 0x22, 0x2c, 0xf5, 0x41, 0x0a, 0x4c, 0x27, 0x8f, 0xfd, - 0x49, 0xa5, 0xc1, 0x2f, 0xff, 0xd4, 0x11, 0xcb, 0x3f, 0x7d, 0x12, 0xe5, 0xff, 0xa3, 0x02, 0x26, - 0x6a, 0xf5, 0xaa, 0x4d, 0x8c, 0x1d, 0x88, 0x41, 0xc6, 0xb0, 0x4c, 0x2a, 0xc3, 0x70, 0x75, 0x38, - 0xe0, 0x5a, 0x7d, 0x1d, 0xb3, 0xe8, 0xd0, 0x5c, 0xad, 0xad, 0x20, 0x24, 0xdc, 0xc3, 0x1d, 0x30, - 0x8e, 0xef, 0x19, 0xd8, 0x65, 0xf2, 0x80, 0x8f, 0x04, 0x68, 0x5a, 0x02, 0x8d, 0xaf, 0x0a, 0xd7, - 0x48, 0x42, 0xa8, 0x0d, 0x90, 0x15, 0x06, 0x47, 0x93, 0x9e, 0xcb, 0x20, 0xef, 0x52, 0xdc, 0xb0, - 0xee, 0xad, 0x61, 0xa7, 0xc9, 0xb6, 0x45, 0xaa, 0xb2, 0x51, 0xf7, 0x51, 0x8f, 0xcd, 0xa1, 0x84, - 0xa5, 0xfa, 0x91, 0x02, 0x72, 0x61, 0xac, 0xb9, 0x72, 0xf0, 0xf0, 0x0a, 0xb8, 0x6c, 0xbc, 0x67, - 0xa2, 0x0c, 0x89, 0x99, 0x50, 0x5b, 0x52, 0x03, 0xb5, 0xe5, 0x32, 0x98, 0x14, 0x5f, 0xcf, 0x06, - 0xb1, 0x8b, 0x69, 0x61, 0x75, 0x36, 0x68, 0x44, 0xea, 0x72, 0xfc, 0x20, 0xf6, 0x3f, 0x0a, 0xad, - 0xd5, 0x07, 0x19, 0x50, 0x58, 0xc7, 0xec, 0x2e, 0xa1, 0x3b, 0x75, 0x62, 0x5b, 0xc6, 0xde, 0x09, - 0xf4, 0x06, 0x0c, 0x64, 0x69, 0xdb, 0xc6, 0x81, 0x68, 0xdf, 0x1c, 0xb2, 0x6a, 0xe3, 0xec, 0x51, - 0xdb, 0xc6, 0x51, 0xf5, 0xf2, 0x27, 0x0f, 0xf9, 0x60, 0xf0, 0x55, 0x30, 0xa3, 0x27, 0x5a, 0x21, - 0xff, 0xd4, 0xe4, 0x44, 0x86, 0x67, 0x92, 0x5d, 0x92, 0x87, 0x7a, 0x6d, 0xe1, 0x22, 0x0f, 0xb1, - 0x45, 0x28, 0xd7, 0xc3, 0xcc, 0x82, 0xb2, 0xa8, 0x54, 0xf3, 0x7e, 0x78, 0xfd, 0x31, 0x14, 0xce, - 0xc2, 0x4b, 0x20, 0xcf, 0x2c, 0x4c, 0x83, 0x99, 0x62, 0x56, 0x24, 0x76, 0x96, 0x17, 0xc5, 0x66, - 0x6c, 0x1c, 0x25, 0xac, 0xe0, 0x7d, 0x05, 0xe4, 0x3c, 0xd2, 0xa6, 0x06, 0x46, 0xb8, 0x51, 0x1c, - 0x17, 0x81, 0xdf, 0x1c, 0x65, 0x64, 0x42, 0x9d, 0x29, 0x70, 0xb5, 0xdb, 0x08, 0xa0, 0x50, 0x84, - 0xaa, 0x3e, 0x51, 0xc0, 0x5c, 0x62, 0xd1, 0x09, 0x74, 0xc5, 0x6e, 0xb2, 0x2b, 0x7e, 0x63, 0x84, - 0x5b, 0x1e, 0xd0, 0x14, 0xff, 0xd0, 0xbb, 0xcb, 0x3a, 0xc6, 0x14, 0xbe, 0x0c, 0x0a, 0x7a, 0xec, - 0xa6, 0xc0, 0x2b, 0x2a, 0xa2, 0x38, 0xe6, 0xba, 0x9d, 0x72, 0x21, 0x7e, 0x85, 0xe0, 0xa1, 0xa4, - 0x1d, 0xf4, 0xc0, 0xa4, 0xe5, 0x0a, 0x51, 0x0c, 0xf6, 0xb0, 0x3a, 0xac, 0x48, 0x09, 0x6f, 0x51, - 0xd4, 0xe4, 0x80, 0x87, 0x42, 0x20, 0xf5, 0xa9, 0x02, 0xfe, 0x7e, 0x78, 0x7a, 0xe1, 0xff, 0x41, - 0x86, 0xed, 0xb9, 0x41, 0x27, 0x72, 0x2e, 0x50, 0x8b, 0xcd, 0x3d, 0x17, 0x1f, 0x74, 0xca, 0xc9, - 0x9d, 0xf3, 0x41, 0x24, 0xcc, 0xff, 0x70, 0x7b, 0x12, 0xaa, 0x52, 0x7a, 0xa0, 0x2a, 0x55, 0x41, - 0xba, 0x6d, 0x99, 0xe2, 0xb4, 0xe4, 0xaa, 0x17, 0xa4, 0x41, 0xfa, 0x56, 0x6d, 0xe5, 0xa0, 0x53, - 0x3e, 0x37, 0xe8, 0x6e, 0x90, 0x93, 0xf1, 0xb4, 0x5b, 0xb5, 0x15, 0xc4, 0x17, 0xab, 0xbf, 0x65, - 0x7a, 0x92, 0xc5, 0xcf, 0x34, 0xbc, 0x02, 0x72, 0xa6, 0x45, 0xb1, 0xc1, 0x2c, 0xe2, 0xc8, 0x8d, - 0x96, 0x02, 0xb2, 0x2b, 0xc1, 0xc4, 0x41, 0xfc, 0x01, 0x45, 0x0b, 0xe0, 0x1d, 0x90, 0x69, 0x50, - 0xd2, 0x92, 0x6d, 0xcd, 0x28, 0xe5, 0x87, 0x57, 0x52, 0x14, 0x8a, 0x6b, 0x94, 0xb4, 0x90, 0x80, - 0x82, 0x3b, 0x20, 0xc5, 0x88, 0x08, 0xd5, 0x31, 0x00, 0x02, 0x09, 0x98, 0xda, 0x24, 0x28, 0xc5, - 0x08, 0xaf, 0x48, 0x0f, 0xd3, 0x5d, 0xcb, 0xc0, 0xc1, 0xc7, 0xc6, 0x90, 0x15, 0xb9, 0xe1, 0x7b, - 0x8b, 0x2a, 0x52, 0x0e, 0x78, 0x28, 0x04, 0x82, 0xff, 0x8d, 0xe9, 0xa3, 0x54, 0xbc, 0xe8, 0x15, - 0xd4, 0xa7, 0x91, 0xb7, 0xc1, 0xb8, 0xee, 0x67, 0x6f, 0x5c, 0x64, 0x0f, 0xf1, 0xd7, 0xf1, 0x72, - 0x90, 0xb6, 0x95, 0x23, 0xdf, 0x8f, 0x63, 0xa3, 0xcd, 0xfd, 0x85, 0x57, 0xe4, 0x1a, 0x2f, 0x0f, - 0xdf, 0x0f, 0x92, 0x08, 0xf0, 0x15, 0x50, 0xc0, 0x8e, 0xbe, 0x65, 0xe3, 0x35, 0xd2, 0x6c, 0x5a, - 0x4e, 0xb3, 0x38, 0xb1, 0xa0, 0x2c, 0x4e, 0x56, 0x4f, 0x49, 0x7a, 0x85, 0xd5, 0xf8, 0x24, 0x4a, - 0xda, 0xaa, 0xdf, 0xa5, 0x01, 0x4c, 0x44, 0x7c, 0x83, 0xe9, 0xcc, 0xe3, 0x4d, 0x72, 0xc1, 0x89, - 0x0f, 0x4b, 0x65, 0x3c, 0x1e, 0xc5, 0x0e, 0xa9, 0x26, 0xe7, 0x93, 0x0c, 0xe0, 0xfb, 0x20, 0xcf, - 0xa8, 0xde, 0x68, 0x58, 0x86, 0xe0, 0x28, 0xcb, 0x7b, 0xe5, 0xc8, 0x8c, 0xc4, 0x8f, 0x0d, 0x5a, - 0x18, 0xc9, 0xcd, 0x98, 0xaf, 0xa8, 0xad, 0x89, 0x8f, 0xa2, 0x04, 0x1e, 0xfc, 0x58, 0x01, 0xb3, - 0xfc, 0x55, 0x1b, 0x37, 0x91, 0x8d, 0xe9, 0x6b, 0x7f, 0x96, 0x04, 0xea, 0xf1, 0x57, 0x2d, 0x4a, - 0x22, 0xb3, 0xbd, 0x33, 0xa8, 0x0f, 0x5b, 0xfd, 0x35, 0x03, 0x66, 0xd7, 0x89, 0x89, 0xc5, 0xd3, - 0x46, 0xbb, 0xd5, 0xd2, 0xe9, 0x49, 0xb4, 0x37, 0x5f, 0x28, 0x60, 0x26, 0x9e, 0x19, 0x2b, 0xec, - 0x74, 0xea, 0x23, 0xac, 0x0e, 0x3f, 0x1c, 0xa7, 0x25, 0x93, 0x99, 0xf5, 0x24, 0x20, 0xea, 0x65, - 0x00, 0xbf, 0x57, 0xc0, 0x59, 0x1f, 0xe5, 0xaa, 0xdd, 0xf6, 0x18, 0xa6, 0x3d, 0x2b, 0x64, 0xa6, - 0x46, 0x4f, 0xf1, 0x3f, 0x92, 0xe2, 0xd9, 0xe5, 0x67, 0xa0, 0xa3, 0x67, 0x72, 0x83, 0x5f, 0x2b, - 0xe0, 0x94, 0x6f, 0xd0, 0xcb, 0x3a, 0x73, 0x4c, 0xac, 0xff, 0x25, 0x59, 0x9f, 0x5a, 0x3e, 0x0c, - 0x16, 0x1d, 0xce, 0x46, 0xd5, 0x41, 0x3e, 0xfe, 0x49, 0x77, 0x1c, 0xb7, 0x02, 0x9f, 0x28, 0x60, - 0x42, 0xca, 0x2f, 0xbc, 0x14, 0x6b, 0xfb, 0x7d, 0x88, 0xe2, 0xf3, 0x5b, 0x7e, 0xb8, 0x2e, 0x3f, - 0x38, 0x52, 0xcf, 0xa9, 0xfe, 0x36, 0xb3, 0x6c, 0xcd, 0xff, 0x95, 0x4e, 0xab, 0x39, 0xec, 0x26, - 0xdd, 0x60, 0xd4, 0x72, 0x9a, 0xd5, 0xc9, 0xe4, 0xe7, 0x49, 0xf5, 0xfc, 0xc3, 0xfd, 0xd2, 0xd8, - 0xa3, 0xfd, 0xd2, 0xd8, 0xe3, 0xfd, 0xd2, 0xd8, 0x07, 0xdd, 0x92, 0xf2, 0xb0, 0x5b, 0x52, 0x1e, - 0x75, 0x4b, 0xca, 0xe3, 0x6e, 0x49, 0xf9, 0xa9, 0x5b, 0x52, 0x3e, 0x7d, 0x52, 0x1a, 0x7b, 0x73, - 0x42, 0x06, 0xfb, 0xf7, 0x00, 0x00, 0x00, 0xff, 0xff, 0x7b, 0x59, 0x4d, 0x75, 0xb8, 0x1d, 0x00, - 0x00, + // 1750 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x59, 0xcf, 0x73, 0xe3, 0x48, + 0x15, 0x8e, 0x64, 0x3b, 0x89, 0x5f, 0x9c, 0x5f, 0x1d, 0x86, 0x35, 0xc3, 0x60, 0x67, 0x05, 0x87, + 0x1c, 0x18, 0x79, 0x67, 0x18, 0x60, 0xaa, 0x58, 0x0e, 0xf1, 0x24, 0xb3, 0x18, 0xb2, 0x19, 0x57, + 0x27, 0x73, 0xa1, 0xa8, 0x02, 0x45, 0xea, 0x38, 0xda, 0xc8, 0x6a, 0x6d, 0xab, 0x9d, 0x99, 0x50, + 0x05, 0xc5, 0x16, 0x27, 0xf6, 0xc0, 0xcf, 0x0b, 0x17, 0x8e, 0x54, 0x51, 0x14, 0xff, 0x00, 0xdc, + 0xb8, 0xcd, 0x71, 0x8f, 0x7b, 0xc1, 0x30, 0xde, 0x62, 0x8b, 0x1b, 0x27, 0x2e, 0xa9, 0xa2, 0x8a, + 0x52, 0xab, 0x25, 0xb5, 0xec, 0x78, 0x27, 0xac, 0x1d, 0xef, 0x1e, 0xe6, 0x94, 0xa8, 0xfb, 0xf5, + 0xfb, 0xbe, 0x7e, 0xef, 0xf5, 0xa7, 0xd7, 0x32, 0xec, 0x75, 0x5c, 0x7e, 0xd2, 0x3b, 0x32, 0x6d, + 0xda, 0x6d, 0x9c, 0x75, 0x9f, 0x58, 0x8c, 0xdc, 0xe6, 0x96, 0xff, 0xc3, 0x5e, 0xc3, 0xf2, 0x39, + 0x23, 0x56, 0x23, 0x38, 0xed, 0x34, 0xac, 0xc0, 0x0d, 0x1b, 0x36, 0xf5, 0x39, 0xa3, 0x5e, 0xe0, + 0x59, 0x3e, 0x69, 0x9c, 0xdd, 0x39, 0x22, 0xdc, 0xba, 0xd3, 0xe8, 0x10, 0x9f, 0x30, 0x8b, 0x13, + 0xc7, 0x0c, 0x18, 0xe5, 0x14, 0xbd, 0x9e, 0x79, 0x33, 0x63, 0x6f, 0xdf, 0x17, 0xde, 0xcc, 0xd8, + 0x9b, 0x19, 0x9c, 0x76, 0xcc, 0xc8, 0x9b, 0xa9, 0x7a, 0x33, 0xa5, 0xb7, 0x9b, 0xb7, 0x15, 0x2e, + 0x1d, 0xda, 0xa1, 0x0d, 0xe1, 0xf4, 0xa8, 0x77, 0x2c, 0x9e, 0xc4, 0x83, 0xf8, 0x2f, 0x06, 0xbb, + 0xf9, 0xf0, 0xaa, 0xd4, 0x43, 0x6e, 0xf1, 0xb0, 0x71, 0x76, 0xc7, 0xf2, 0x82, 0x93, 0x51, 0xd2, + 0x37, 0xef, 0x9d, 0xde, 0x0f, 0x4d, 0x97, 0x46, 0xb6, 0x5d, 0xcb, 0x3e, 0x71, 0x7d, 0xc2, 0xce, + 0xb3, 0xc5, 0x5d, 0xc2, 0xad, 0xc6, 0xd9, 0xe8, 0xaa, 0xc6, 0xb8, 0x55, 0xac, 0xe7, 0x73, 0xb7, + 0x4b, 0x46, 0x16, 0x7c, 0xed, 0x45, 0x0b, 0x42, 0xfb, 0x84, 0x74, 0xad, 0x91, 0x75, 0x5f, 0x19, + 0xb7, 0xae, 0xc7, 0x5d, 0xaf, 0xe1, 0xfa, 0x3c, 0xe4, 0x6c, 0x78, 0x91, 0xf1, 0xa1, 0x0e, 0x95, + 0x6d, 0xc7, 0x61, 0x24, 0x0c, 0xdf, 0x60, 0xb4, 0x17, 0xa0, 0x1f, 0xc0, 0x62, 0xb4, 0x13, 0xc7, + 0xe2, 0x56, 0x55, 0xdb, 0xd4, 0xb6, 0x96, 0xee, 0xbe, 0x66, 0xc6, 0x8e, 0x4d, 0xd5, 0x71, 0x96, + 0xa1, 0xc8, 0xda, 0x3c, 0xbb, 0x63, 0x3e, 0x3a, 0x7a, 0x8b, 0xd8, 0xfc, 0x4d, 0xc2, 0xad, 0x26, + 0x7a, 0xd6, 0xaf, 0xcf, 0x0d, 0xfa, 0x75, 0xc8, 0xc6, 0x70, 0xea, 0x15, 0xf9, 0x50, 0x0c, 0xa8, + 0x13, 0x56, 0xf5, 0xcd, 0xc2, 0xd6, 0xd2, 0xdd, 0x3d, 0x73, 0x92, 0x52, 0x30, 0x05, 0xe9, 0x37, + 0x49, 0xf7, 0x88, 0xb0, 0x36, 0x75, 0x9a, 0x15, 0x89, 0x5c, 0x6c, 0x53, 0x27, 0xc4, 0x02, 0x07, + 0xfd, 0x54, 0x83, 0x4a, 0x27, 0x33, 0x0b, 0xab, 0x05, 0x01, 0xdc, 0x9a, 0x1a, 0x70, 0xf3, 0x33, + 0x12, 0xb5, 0xa2, 0x0c, 0x86, 0x38, 0x07, 0x6a, 0x3c, 0xd7, 0x60, 0x4d, 0x0d, 0xf4, 0x9e, 0x1b, + 0x72, 0xf4, 0xbd, 0x91, 0x60, 0x9b, 0x57, 0x0b, 0x76, 0xb4, 0x5a, 0x84, 0x7a, 0x4d, 0x42, 0x2f, + 0x26, 0x23, 0x4a, 0xa0, 0x29, 0x94, 0x5c, 0x4e, 0xba, 0x49, 0xa4, 0xbf, 0x3d, 0xd9, 0x86, 0x55, + 0xf2, 0xcd, 0x65, 0x09, 0x5b, 0x6a, 0x45, 0x00, 0x38, 0xc6, 0x31, 0xfe, 0x58, 0x82, 0x75, 0xd5, + 0xac, 0x6d, 0x71, 0xfb, 0x64, 0x06, 0x15, 0xf5, 0x23, 0x28, 0x5b, 0x8e, 0x43, 0x9c, 0xf6, 0x75, + 0x95, 0xd5, 0xba, 0x84, 0x2f, 0x6f, 0x27, 0x30, 0x38, 0x43, 0x8c, 0x0a, 0x6c, 0x89, 0x91, 0x2e, + 0x3d, 0x93, 0x0c, 0x0a, 0xd7, 0xc0, 0x60, 0x43, 0x32, 0x58, 0xc2, 0x19, 0x10, 0x56, 0x51, 0xd1, + 0xaf, 0x35, 0x58, 0x17, 0x9c, 0xd4, 0x22, 0xac, 0x16, 0xa7, 0x5d, 0xeb, 0x9f, 0x93, 0x44, 0xd6, + 0xb7, 0x87, 0xb1, 0xf0, 0x28, 0x3c, 0xfa, 0xad, 0x06, 0x1b, 0x92, 0x64, 0x8e, 0x56, 0x69, 0xda, + 0xb4, 0x3e, 0x2f, 0x69, 0x6d, 0xe0, 0x51, 0x34, 0x7c, 0x19, 0x05, 0xe3, 0x5f, 0x3a, 0xac, 0x6c, + 0x07, 0x81, 0xe7, 0x12, 0xe7, 0x90, 0xbe, 0xd4, 0xbe, 0xeb, 0xd4, 0xbe, 0x7f, 0x6a, 0x80, 0xf2, + 0xa1, 0x9e, 0x81, 0xfa, 0xbd, 0x9d, 0x57, 0xbf, 0x09, 0x63, 0x9d, 0xa7, 0x3f, 0x46, 0xff, 0xfe, + 0x54, 0x82, 0x8d, 0xbc, 0xe1, 0x4b, 0x05, 0x7c, 0xa9, 0x80, 0x9f, 0x5a, 0x05, 0xfc, 0x8f, 0x06, + 0x4b, 0xbb, 0x9d, 0x59, 0xb6, 0x7e, 0x23, 0x72, 0xa4, 0x7f, 0x12, 0x72, 0xf4, 0x77, 0x0d, 0x56, + 0x95, 0x7d, 0xcf, 0x40, 0x8b, 0xfc, 0xbc, 0x16, 0x4d, 0xb8, 0x5f, 0x85, 0xfb, 0x18, 0x21, 0xfa, + 0x43, 0x01, 0xd6, 0x14, 0xab, 0x58, 0x85, 0x1c, 0x00, 0x9a, 0x26, 0x65, 0xaa, 0x09, 0x56, 0xfc, + 0x8e, 0x39, 0x84, 0xfa, 0xa7, 0xf3, 0x10, 0x16, 0x3e, 0xf9, 0x43, 0xf8, 0x3b, 0x0d, 0x16, 0x77, + 0x7d, 0x27, 0xa0, 0xae, 0xcf, 0xd1, 0x17, 0x41, 0x77, 0x03, 0x91, 0x9a, 0x4a, 0x73, 0x63, 0xd0, + 0xaf, 0xeb, 0xad, 0xf6, 0x45, 0xbf, 0x5e, 0x6e, 0xb5, 0x65, 0x57, 0x8d, 0x75, 0x37, 0x40, 0x1e, + 0x94, 0x02, 0xca, 0x78, 0x12, 0xd4, 0x37, 0x26, 0x63, 0xbf, 0x6f, 0x75, 0x23, 0xf9, 0x64, 0x3c, + 0x2b, 0xa5, 0xe8, 0x29, 0xc4, 0x31, 0x88, 0xe1, 0xc1, 0x2b, 0xbb, 0x4f, 0x39, 0x61, 0xbe, 0xe5, + 0xed, 0xfa, 0xdc, 0xe5, 0xe7, 0x98, 0x1c, 0x13, 0x46, 0x7c, 0x9b, 0xa0, 0x4d, 0x28, 0xfa, 0x56, + 0x97, 0x08, 0xbe, 0xe5, 0xac, 0xfd, 0x88, 0x3c, 0x62, 0x31, 0x83, 0x1a, 0x50, 0x8e, 0xfe, 0x86, + 0x81, 0x65, 0x93, 0xaa, 0x2e, 0xcc, 0xd2, 0x17, 0xc9, 0x7e, 0x32, 0x81, 0x33, 0x1b, 0xe3, 0x9d, + 0x02, 0x2c, 0x29, 0xe1, 0x41, 0x04, 0x0a, 0x01, 0x75, 0x64, 0xb1, 0x4e, 0x78, 0x81, 0x69, 0x53, + 0x27, 0xe5, 0xde, 0x5c, 0x18, 0xf4, 0xeb, 0x85, 0x68, 0x24, 0xf2, 0x8f, 0x7e, 0xa5, 0xc1, 0x0a, + 0xc9, 0xed, 0x52, 0xb0, 0x5d, 0xba, 0xfb, 0x78, 0xc2, 0x93, 0x7a, 0x79, 0xe4, 0x9a, 0x68, 0xd0, + 0xaf, 0xaf, 0x0c, 0x4d, 0x0e, 0x11, 0x40, 0x4f, 0xa0, 0x4c, 0x64, 0x5d, 0x24, 0x85, 0xfa, 0x70, + 0x42, 0x36, 0xd2, 0x5d, 0x96, 0x83, 0x64, 0x24, 0xc4, 0x19, 0x96, 0xf1, 0xae, 0x0e, 0x2b, 0xf9, + 0x77, 0xef, 0xac, 0xd2, 0x10, 0x97, 0xbf, 0x7e, 0xc5, 0xf2, 0x2f, 0xcc, 0xa2, 0xfc, 0xff, 0xa6, + 0xc1, 0x42, 0xab, 0xdd, 0xf4, 0xa8, 0x7d, 0x8a, 0x08, 0x14, 0x6d, 0xd7, 0x61, 0x32, 0x0c, 0x0f, + 0x26, 0x03, 0x6e, 0xb5, 0xf7, 0x09, 0xcf, 0x0e, 0xcd, 0x83, 0xd6, 0x0e, 0xc6, 0xc2, 0x3d, 0x3a, + 0x85, 0x79, 0xf2, 0xd4, 0x26, 0x01, 0x97, 0x07, 0x7c, 0x2a, 0x40, 0x2b, 0x12, 0x68, 0x7e, 0x57, + 0xb8, 0xc6, 0x12, 0xc2, 0x38, 0x86, 0x92, 0x30, 0xb8, 0x9a, 0xf4, 0xdc, 0x87, 0x4a, 0xc0, 0xc8, + 0xb1, 0xfb, 0x74, 0x8f, 0xf8, 0x1d, 0x7e, 0x22, 0x52, 0x55, 0xca, 0xde, 0xb9, 0x6d, 0x65, 0x0e, + 0xe7, 0x2c, 0x8d, 0x9f, 0x69, 0x50, 0x4e, 0x63, 0x1d, 0x29, 0x47, 0x14, 0x5e, 0x01, 0x57, 0x52, + 0x2f, 0x2e, 0x8c, 0x63, 0x31, 0x93, 0x6a, 0x8b, 0x3e, 0x56, 0x5b, 0xee, 0xc3, 0xa2, 0xf8, 0x84, + 0x65, 0x53, 0xaf, 0x5a, 0x10, 0x56, 0xb7, 0x92, 0x37, 0x70, 0x5b, 0x8e, 0x5f, 0x28, 0xff, 0xe3, + 0xd4, 0xda, 0x78, 0xb7, 0x08, 0xcb, 0xfb, 0x84, 0x3f, 0xa1, 0xec, 0xb4, 0x4d, 0x3d, 0xd7, 0x3e, + 0x9f, 0x41, 0xe7, 0xc3, 0xa1, 0xc4, 0x7a, 0x1e, 0x49, 0x44, 0xfb, 0xd1, 0x84, 0x55, 0xab, 0xb2, + 0xc7, 0x3d, 0x8f, 0x64, 0xd5, 0x1b, 0x3d, 0x85, 0x38, 0x06, 0x43, 0xdf, 0x84, 0x55, 0x2b, 0x77, + 0x1f, 0x89, 0x4f, 0x4d, 0x59, 0x64, 0x78, 0x35, 0x7f, 0x55, 0x09, 0xf1, 0xb0, 0x2d, 0xda, 0x8a, + 0x42, 0xec, 0x52, 0x16, 0xe9, 0x61, 0x71, 0x53, 0xdb, 0xd2, 0x9a, 0x95, 0x38, 0xbc, 0xf1, 0x18, + 0x4e, 0x67, 0xd1, 0x3d, 0xa8, 0x70, 0x97, 0xb0, 0x64, 0xa6, 0x5a, 0x12, 0x89, 0x5d, 0x8b, 0x8a, + 0xe2, 0x50, 0x19, 0xc7, 0x39, 0x2b, 0xf4, 0x8e, 0x06, 0xe5, 0x90, 0xf6, 0x98, 0x4d, 0x30, 0x39, + 0xae, 0xce, 0x8b, 0xc0, 0x1f, 0x4e, 0x33, 0x32, 0xa9, 0xce, 0x2c, 0x47, 0x6a, 0x77, 0x90, 0x40, + 0xe1, 0x0c, 0xd5, 0xf8, 0x40, 0x83, 0xf5, 0xdc, 0xa2, 0x19, 0xb4, 0x83, 0x41, 0xbe, 0x1d, 0xfc, + 0xce, 0x14, 0xb7, 0x3c, 0xa6, 0x21, 0xfc, 0xeb, 0xf0, 0x2e, 0xdb, 0x84, 0x30, 0xf4, 0x75, 0x58, + 0xb6, 0x94, 0xcf, 0x75, 0x61, 0x55, 0x13, 0xc5, 0xb1, 0x3e, 0xe8, 0xd7, 0x97, 0xd5, 0xef, 0x78, + 0x21, 0xce, 0xdb, 0xa1, 0x10, 0x16, 0xdd, 0x40, 0x88, 0x62, 0xb2, 0x87, 0xdd, 0x49, 0x45, 0x4a, + 0x78, 0xcb, 0xa2, 0x26, 0x07, 0x42, 0x9c, 0x02, 0x19, 0x1f, 0x6a, 0xf0, 0xd9, 0xcb, 0xd3, 0x8b, + 0xbe, 0x0a, 0x45, 0x7e, 0x1e, 0x24, 0x9d, 0xc8, 0xab, 0x89, 0x5a, 0x1c, 0x9e, 0x07, 0xe4, 0xa2, + 0x5f, 0xcf, 0xef, 0x3c, 0x1a, 0xc4, 0xc2, 0xfc, 0xff, 0x6e, 0x4f, 0x52, 0x55, 0x2a, 0x8c, 0x55, + 0xa5, 0x26, 0x14, 0x7a, 0xae, 0x23, 0x4e, 0x4b, 0xb9, 0xf9, 0x9a, 0x34, 0x28, 0x3c, 0x6e, 0xed, + 0x5c, 0xf4, 0xeb, 0xaf, 0x8e, 0xfb, 0x40, 0x1f, 0x91, 0x09, 0xcd, 0xc7, 0xad, 0x1d, 0x1c, 0x2d, + 0x36, 0xfe, 0x5b, 0x1c, 0x4a, 0x56, 0x74, 0xa6, 0xd1, 0xeb, 0x50, 0x76, 0x5c, 0x46, 0x6c, 0xee, + 0x52, 0x5f, 0x6e, 0xb4, 0x96, 0x90, 0xdd, 0x49, 0x26, 0x2e, 0xd4, 0x07, 0x9c, 0x2d, 0x40, 0x6f, + 0x43, 0xf1, 0x98, 0xd1, 0xae, 0x6c, 0x6b, 0xa6, 0x29, 0x3f, 0x51, 0x25, 0x65, 0xa1, 0x78, 0xc8, + 0x68, 0x17, 0x0b, 0x28, 0x74, 0x0a, 0x3a, 0xa7, 0x22, 0x54, 0xd7, 0x00, 0x08, 0x12, 0x50, 0x3f, + 0xa4, 0x58, 0xe7, 0x34, 0xaa, 0xc8, 0x90, 0xb0, 0x33, 0xd7, 0x26, 0xc9, 0x8d, 0x7f, 0xc2, 0x8a, + 0x3c, 0x88, 0xbd, 0x65, 0x15, 0x29, 0x07, 0x42, 0x9c, 0x02, 0xa1, 0x2f, 0x2b, 0xfa, 0x28, 0x15, + 0x2f, 0x7b, 0x05, 0x8d, 0x68, 0xe4, 0x5b, 0x30, 0x6f, 0xc5, 0xd9, 0x9b, 0x17, 0xd9, 0xc3, 0xd1, + 0xeb, 0x78, 0x3b, 0x49, 0xdb, 0xce, 0x95, 0x7f, 0xa4, 0x22, 0x76, 0x2f, 0xf2, 0x97, 0xfe, 0x4e, + 0x65, 0x46, 0xe5, 0x11, 0xfb, 0xc1, 0x12, 0x01, 0x7d, 0x03, 0x96, 0x89, 0x6f, 0x1d, 0x79, 0x64, + 0x8f, 0x76, 0x3a, 0xae, 0xdf, 0xa9, 0x2e, 0x6c, 0x6a, 0x5b, 0x8b, 0xcd, 0x1b, 0x92, 0xde, 0xf2, + 0xae, 0x3a, 0x89, 0xf3, 0xb6, 0xc6, 0x9f, 0x0b, 0x80, 0x72, 0x11, 0x3f, 0xe0, 0x16, 0x0f, 0xa3, + 0x26, 0x79, 0xd9, 0x57, 0x87, 0xa5, 0x32, 0x5e, 0x8f, 0x62, 0xa7, 0x54, 0xf3, 0xf3, 0x79, 0x06, + 0xe8, 0xc7, 0x50, 0xe1, 0xcc, 0x3a, 0x3e, 0x76, 0x6d, 0xc1, 0x51, 0x96, 0xf7, 0xce, 0x95, 0x19, + 0x89, 0x5f, 0xfc, 0xcc, 0x34, 0x92, 0x87, 0x8a, 0xaf, 0xac, 0xad, 0x51, 0x47, 0x71, 0x0e, 0x0f, + 0xfd, 0x5c, 0x83, 0xb5, 0xe8, 0x55, 0xab, 0x9a, 0xc8, 0xc6, 0xf4, 0x5b, 0x1f, 0x97, 0x04, 0x1e, + 0xf2, 0xd7, 0xac, 0x4a, 0x22, 0x6b, 0xc3, 0x33, 0x78, 0x04, 0xdb, 0xf8, 0x77, 0x11, 0xd6, 0xf6, + 0xa9, 0x43, 0xc4, 0xd3, 0x41, 0xaf, 0xdb, 0xb5, 0xd8, 0x2c, 0xda, 0x9b, 0xdf, 0x68, 0xb0, 0xaa, + 0x66, 0xc6, 0x4d, 0x3b, 0x9d, 0xf6, 0x14, 0xab, 0x23, 0x0e, 0xc7, 0x2b, 0x92, 0xc9, 0xea, 0x7e, + 0x1e, 0x10, 0x0f, 0x33, 0x40, 0x7f, 0xd1, 0xe0, 0x56, 0x8c, 0xf2, 0xc0, 0xeb, 0x85, 0x9c, 0xb0, + 0xa1, 0x15, 0x32, 0x53, 0xd3, 0xa7, 0xf8, 0x25, 0x49, 0xf1, 0xd6, 0xf6, 0x47, 0xa0, 0xe3, 0x8f, + 0xe4, 0x86, 0x7e, 0xaf, 0xc1, 0x8d, 0xd8, 0x60, 0x98, 0x75, 0xf1, 0x9a, 0x58, 0x7f, 0x41, 0xb2, + 0xbe, 0xb1, 0x7d, 0x19, 0x2c, 0xbe, 0x9c, 0x8d, 0x61, 0x41, 0x45, 0xbd, 0xd2, 0x5d, 0xc7, 0x57, + 0x81, 0x5f, 0x68, 0xb0, 0x20, 0xe5, 0x17, 0xdd, 0x53, 0xda, 0xfe, 0x18, 0xa2, 0xfa, 0xe2, 0x96, + 0x1f, 0xed, 0xcb, 0x0b, 0x87, 0xfe, 0x82, 0xea, 0xef, 0x71, 0xd7, 0x33, 0xe3, 0x9f, 0xca, 0xcd, + 0x96, 0xcf, 0x1f, 0xb1, 0x03, 0xce, 0x5c, 0xbf, 0xd3, 0x5c, 0xcc, 0x5f, 0x4f, 0x9a, 0xb7, 0x9f, + 0x3d, 0xaf, 0xcd, 0xbd, 0xf7, 0xbc, 0x36, 0xf7, 0xfe, 0xf3, 0xda, 0xdc, 0x4f, 0x06, 0x35, 0xed, + 0xd9, 0xa0, 0xa6, 0xbd, 0x37, 0xa8, 0x69, 0xef, 0x0f, 0x6a, 0xda, 0x3f, 0x06, 0x35, 0xed, 0x97, + 0x1f, 0xd4, 0xe6, 0xbe, 0xbb, 0x20, 0x83, 0xfd, 0xbf, 0x00, 0x00, 0x00, 0xff, 0xff, 0x6b, 0xa1, + 0x9b, 0x0b, 0x3d, 0x21, 0x00, 0x00, } func (m *AddressGroup) Marshal() (dAtA []byte, err error) { @@ -1195,6 +1286,161 @@ func (m *AppliedToGroupPatch) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } +func (m *EgressGroup) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *EgressGroup) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *EgressGroup) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.GroupMembers) > 0 { + for iNdEx := len(m.GroupMembers) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.GroupMembers[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + } + { + size, err := m.ObjectMeta.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *EgressGroupList) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *EgressGroupList) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *EgressGroupList) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Items) > 0 { + for iNdEx := len(m.Items) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Items[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + } + { + size, err := m.ListMeta.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *EgressGroupPatch) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *EgressGroupPatch) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *EgressGroupPatch) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.RemovedGroupMembers) > 0 { + for iNdEx := len(m.RemovedGroupMembers) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.RemovedGroupMembers[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a + } + } + if len(m.AddedGroupMembers) > 0 { + for iNdEx := len(m.AddedGroupMembers) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.AddedGroupMembers[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + } + { + size, err := m.ObjectMeta.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + func (m *Endpoint) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -2168,18 +2414,16 @@ func (m *AppliedToGroupPatch) Size() (n int) { return n } -func (m *Endpoint) Size() (n int) { +func (m *EgressGroup) Size() (n int) { if m == nil { return 0 } var l int _ = l - if m.IP != nil { - l = len(m.IP) - n += 1 + l + sovGenerated(uint64(l)) - } - if len(m.Ports) > 0 { - for _, e := range m.Ports { + l = m.ObjectMeta.Size() + n += 1 + l + sovGenerated(uint64(l)) + if len(m.GroupMembers) > 0 { + for _, e := range m.GroupMembers { l = e.Size() n += 1 + l + sovGenerated(uint64(l)) } @@ -2187,32 +2431,91 @@ func (m *Endpoint) Size() (n int) { return n } -func (m *ExternalEntityReference) Size() (n int) { +func (m *EgressGroupList) Size() (n int) { if m == nil { return 0 } var l int _ = l - l = len(m.Name) - n += 1 + l + sovGenerated(uint64(l)) - l = len(m.Namespace) + l = m.ListMeta.Size() n += 1 + l + sovGenerated(uint64(l)) + if len(m.Items) > 0 { + for _, e := range m.Items { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } return n } -func (m *GroupMember) Size() (n int) { +func (m *EgressGroupPatch) Size() (n int) { if m == nil { return 0 } var l int _ = l - if m.Pod != nil { - l = m.Pod.Size() - n += 1 + l + sovGenerated(uint64(l)) - } - if m.ExternalEntity != nil { - l = m.ExternalEntity.Size() - n += 1 + l + sovGenerated(uint64(l)) + l = m.ObjectMeta.Size() + n += 1 + l + sovGenerated(uint64(l)) + if len(m.AddedGroupMembers) > 0 { + for _, e := range m.AddedGroupMembers { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } + if len(m.RemovedGroupMembers) > 0 { + for _, e := range m.RemovedGroupMembers { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } + return n +} + +func (m *Endpoint) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.IP != nil { + l = len(m.IP) + n += 1 + l + sovGenerated(uint64(l)) + } + if len(m.Ports) > 0 { + for _, e := range m.Ports { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } + return n +} + +func (m *ExternalEntityReference) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Name) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Namespace) + n += 1 + l + sovGenerated(uint64(l)) + return n +} + +func (m *GroupMember) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.Pod != nil { + l = m.Pod.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + if m.ExternalEntity != nil { + l = m.ExternalEntity.Size() + n += 1 + l + sovGenerated(uint64(l)) } if len(m.Endpoints) > 0 { for _, e := range m.Endpoints { @@ -2634,6 +2937,60 @@ func (this *AppliedToGroupPatch) String() string { }, "") return s } +func (this *EgressGroup) String() string { + if this == nil { + return "nil" + } + repeatedStringForGroupMembers := "[]GroupMember{" + for _, f := range this.GroupMembers { + repeatedStringForGroupMembers += strings.Replace(strings.Replace(f.String(), "GroupMember", "GroupMember", 1), `&`, ``, 1) + "," + } + repeatedStringForGroupMembers += "}" + s := strings.Join([]string{`&EgressGroup{`, + `ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`, + `GroupMembers:` + repeatedStringForGroupMembers + `,`, + `}`, + }, "") + return s +} +func (this *EgressGroupList) String() string { + if this == nil { + return "nil" + } + repeatedStringForItems := "[]EgressGroup{" + for _, f := range this.Items { + repeatedStringForItems += strings.Replace(strings.Replace(f.String(), "EgressGroup", "EgressGroup", 1), `&`, ``, 1) + "," + } + repeatedStringForItems += "}" + s := strings.Join([]string{`&EgressGroupList{`, + `ListMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ListMeta), "ListMeta", "v1.ListMeta", 1), `&`, ``, 1) + `,`, + `Items:` + repeatedStringForItems + `,`, + `}`, + }, "") + return s +} +func (this *EgressGroupPatch) String() string { + if this == nil { + return "nil" + } + repeatedStringForAddedGroupMembers := "[]GroupMember{" + for _, f := range this.AddedGroupMembers { + repeatedStringForAddedGroupMembers += strings.Replace(strings.Replace(f.String(), "GroupMember", "GroupMember", 1), `&`, ``, 1) + "," + } + repeatedStringForAddedGroupMembers += "}" + repeatedStringForRemovedGroupMembers := "[]GroupMember{" + for _, f := range this.RemovedGroupMembers { + repeatedStringForRemovedGroupMembers += strings.Replace(strings.Replace(f.String(), "GroupMember", "GroupMember", 1), `&`, ``, 1) + "," + } + repeatedStringForRemovedGroupMembers += "}" + s := strings.Join([]string{`&EgressGroupPatch{`, + `ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`, + `AddedGroupMembers:` + repeatedStringForAddedGroupMembers + `,`, + `RemovedGroupMembers:` + repeatedStringForRemovedGroupMembers + `,`, + `}`, + }, "") + return s +} func (this *Endpoint) String() string { if this == nil { return "nil" @@ -3887,6 +4244,400 @@ func (m *AppliedToGroupPatch) Unmarshal(dAtA []byte) error { } return nil } +func (m *EgressGroup) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: EgressGroup: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: EgressGroup: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field GroupMembers", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.GroupMembers = append(m.GroupMembers, GroupMember{}) + if err := m.GroupMembers[len(m.GroupMembers)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *EgressGroupList) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: EgressGroupList: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: EgressGroupList: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ListMeta", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ListMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Items = append(m.Items, EgressGroup{}) + if err := m.Items[len(m.Items)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *EgressGroupPatch) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: EgressGroupPatch: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: EgressGroupPatch: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field AddedGroupMembers", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.AddedGroupMembers = append(m.AddedGroupMembers, GroupMember{}) + if err := m.AddedGroupMembers[len(m.AddedGroupMembers)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field RemovedGroupMembers", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.RemovedGroupMembers = append(m.RemovedGroupMembers, GroupMember{}) + if err := m.RemovedGroupMembers[len(m.RemovedGroupMembers)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func (m *Endpoint) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 diff --git a/pkg/apis/controlplane/v1beta1/generated.proto b/pkg/apis/controlplane/v1beta1/generated.proto index c4f736737cf..18c115bc1e2 100644 --- a/pkg/apis/controlplane/v1beta1/generated.proto +++ b/pkg/apis/controlplane/v1beta1/generated.proto @@ -99,6 +99,35 @@ message AppliedToGroupPatch { repeated GroupMember removedGroupMembers = 5; } +// +genclient +// +genclient:nonNamespaced +// +genclient:onlyVerbs=list,get,watch +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +message EgressGroup { + optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + + // GroupMembers is list of resources selected by this group. + repeated GroupMember groupMembers = 2; +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// EgressGroupList is a list of EgressGroup objects. +message EgressGroupList { + optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + + repeated EgressGroup items = 2; +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// EgressGroupPatch describes the incremental update of an EgressGroup. +message EgressGroupPatch { + optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta objectMeta = 1; + + repeated GroupMember addedGroupMembers = 2; + + repeated GroupMember removedGroupMembers = 3; +} + // Endpoint represents an external endpoint. message Endpoint { // IP is the IP address of the Endpoint. diff --git a/pkg/apis/controlplane/v1beta1/register.go b/pkg/apis/controlplane/v1beta1/register.go index ba58759c73f..a48956e9592 100644 --- a/pkg/apis/controlplane/v1beta1/register.go +++ b/pkg/apis/controlplane/v1beta1/register.go @@ -51,6 +51,9 @@ func addKnownTypes(scheme *runtime.Scheme) error { &NetworkPolicy{}, &NetworkPolicyList{}, &NodeStatsSummary{}, + &EgressGroup{}, + &EgressGroupPatch{}, + &EgressGroupList{}, ) metav1.AddToGroupVersion(scheme, SchemeGroupVersion) diff --git a/pkg/apis/controlplane/v1beta1/types.go b/pkg/apis/controlplane/v1beta1/types.go index 5cbb99e3ec8..c5a5c6be498 100644 --- a/pkg/apis/controlplane/v1beta1/types.go +++ b/pkg/apis/controlplane/v1beta1/types.go @@ -302,3 +302,31 @@ type NetworkPolicyStats struct { // The stats of the NetworkPolicy rules. It's empty for K8s NetworkPolicies as they don't have rule name to identify a rule. RuleTrafficStats []statsv1alpha1.RuleTrafficStats `json:"ruleTrafficStats,omitempty" protobuf:"bytes,3,rep,name=ruleTrafficStats"` } + +// +genclient +// +genclient:nonNamespaced +// +genclient:onlyVerbs=list,get,watch +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type EgressGroup struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + // GroupMembers is list of resources selected by this group. + GroupMembers []GroupMember `json:"groupMembers,omitempty" protobuf:"bytes,2,rep,name=groupMembers"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// EgressGroupPatch describes the incremental update of an EgressGroup. +type EgressGroupPatch struct { + metav1.TypeMeta + metav1.ObjectMeta `protobuf:"bytes,1,opt,name=objectMeta"` + AddedGroupMembers []GroupMember `protobuf:"bytes,2,rep,name=addedGroupMembers"` + RemovedGroupMembers []GroupMember `protobuf:"bytes,3,rep,name=removedGroupMembers"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// EgressGroupList is a list of EgressGroup objects. +type EgressGroupList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + Items []EgressGroup `json:"items" protobuf:"bytes,2,rep,name=items"` +} diff --git a/pkg/apis/controlplane/v1beta1/zz_generated.conversion.go b/pkg/apis/controlplane/v1beta1/zz_generated.conversion.go index d9b3f8a8f8c..d58485bbe19 100644 --- a/pkg/apis/controlplane/v1beta1/zz_generated.conversion.go +++ b/pkg/apis/controlplane/v1beta1/zz_generated.conversion.go @@ -57,6 +57,36 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } + if err := s.AddGeneratedConversionFunc((*EgressGroup)(nil), (*controlplane.EgressGroup)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1beta1_EgressGroup_To_controlplane_EgressGroup(a.(*EgressGroup), b.(*controlplane.EgressGroup), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*controlplane.EgressGroup)(nil), (*EgressGroup)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_controlplane_EgressGroup_To_v1beta1_EgressGroup(a.(*controlplane.EgressGroup), b.(*EgressGroup), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*EgressGroupList)(nil), (*controlplane.EgressGroupList)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1beta1_EgressGroupList_To_controlplane_EgressGroupList(a.(*EgressGroupList), b.(*controlplane.EgressGroupList), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*controlplane.EgressGroupList)(nil), (*EgressGroupList)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_controlplane_EgressGroupList_To_v1beta1_EgressGroupList(a.(*controlplane.EgressGroupList), b.(*EgressGroupList), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*EgressGroupPatch)(nil), (*controlplane.EgressGroupPatch)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1beta1_EgressGroupPatch_To_controlplane_EgressGroupPatch(a.(*EgressGroupPatch), b.(*controlplane.EgressGroupPatch), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*controlplane.EgressGroupPatch)(nil), (*EgressGroupPatch)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_controlplane_EgressGroupPatch_To_v1beta1_EgressGroupPatch(a.(*controlplane.EgressGroupPatch), b.(*EgressGroupPatch), scope) + }); err != nil { + return err + } if err := s.AddGeneratedConversionFunc((*ExternalEntityReference)(nil), (*controlplane.ExternalEntityReference)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_v1beta1_ExternalEntityReference_To_controlplane_ExternalEntityReference(a.(*ExternalEntityReference), b.(*controlplane.ExternalEntityReference), scope) }); err != nil { @@ -507,6 +537,154 @@ func autoConvert_controlplane_AppliedToGroupPatch_To_v1beta1_AppliedToGroupPatch return nil } +func autoConvert_v1beta1_EgressGroup_To_controlplane_EgressGroup(in *EgressGroup, out *controlplane.EgressGroup, s conversion.Scope) error { + out.ObjectMeta = in.ObjectMeta + if in.GroupMembers != nil { + in, out := &in.GroupMembers, &out.GroupMembers + *out = make([]controlplane.GroupMember, len(*in)) + for i := range *in { + if err := Convert_v1beta1_GroupMember_To_controlplane_GroupMember(&(*in)[i], &(*out)[i], s); err != nil { + return err + } + } + } else { + out.GroupMembers = nil + } + return nil +} + +// Convert_v1beta1_EgressGroup_To_controlplane_EgressGroup is an autogenerated conversion function. +func Convert_v1beta1_EgressGroup_To_controlplane_EgressGroup(in *EgressGroup, out *controlplane.EgressGroup, s conversion.Scope) error { + return autoConvert_v1beta1_EgressGroup_To_controlplane_EgressGroup(in, out, s) +} + +func autoConvert_controlplane_EgressGroup_To_v1beta1_EgressGroup(in *controlplane.EgressGroup, out *EgressGroup, s conversion.Scope) error { + out.ObjectMeta = in.ObjectMeta + if in.GroupMembers != nil { + in, out := &in.GroupMembers, &out.GroupMembers + *out = make([]GroupMember, len(*in)) + for i := range *in { + if err := Convert_controlplane_GroupMember_To_v1beta1_GroupMember(&(*in)[i], &(*out)[i], s); err != nil { + return err + } + } + } else { + out.GroupMembers = nil + } + return nil +} + +// Convert_controlplane_EgressGroup_To_v1beta1_EgressGroup is an autogenerated conversion function. +func Convert_controlplane_EgressGroup_To_v1beta1_EgressGroup(in *controlplane.EgressGroup, out *EgressGroup, s conversion.Scope) error { + return autoConvert_controlplane_EgressGroup_To_v1beta1_EgressGroup(in, out, s) +} + +func autoConvert_v1beta1_EgressGroupList_To_controlplane_EgressGroupList(in *EgressGroupList, out *controlplane.EgressGroupList, s conversion.Scope) error { + out.ListMeta = in.ListMeta + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]controlplane.EgressGroup, len(*in)) + for i := range *in { + if err := Convert_v1beta1_EgressGroup_To_controlplane_EgressGroup(&(*in)[i], &(*out)[i], s); err != nil { + return err + } + } + } else { + out.Items = nil + } + return nil +} + +// Convert_v1beta1_EgressGroupList_To_controlplane_EgressGroupList is an autogenerated conversion function. +func Convert_v1beta1_EgressGroupList_To_controlplane_EgressGroupList(in *EgressGroupList, out *controlplane.EgressGroupList, s conversion.Scope) error { + return autoConvert_v1beta1_EgressGroupList_To_controlplane_EgressGroupList(in, out, s) +} + +func autoConvert_controlplane_EgressGroupList_To_v1beta1_EgressGroupList(in *controlplane.EgressGroupList, out *EgressGroupList, s conversion.Scope) error { + out.ListMeta = in.ListMeta + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]EgressGroup, len(*in)) + for i := range *in { + if err := Convert_controlplane_EgressGroup_To_v1beta1_EgressGroup(&(*in)[i], &(*out)[i], s); err != nil { + return err + } + } + } else { + out.Items = nil + } + return nil +} + +// Convert_controlplane_EgressGroupList_To_v1beta1_EgressGroupList is an autogenerated conversion function. +func Convert_controlplane_EgressGroupList_To_v1beta1_EgressGroupList(in *controlplane.EgressGroupList, out *EgressGroupList, s conversion.Scope) error { + return autoConvert_controlplane_EgressGroupList_To_v1beta1_EgressGroupList(in, out, s) +} + +func autoConvert_v1beta1_EgressGroupPatch_To_controlplane_EgressGroupPatch(in *EgressGroupPatch, out *controlplane.EgressGroupPatch, s conversion.Scope) error { + out.ObjectMeta = in.ObjectMeta + if in.AddedGroupMembers != nil { + in, out := &in.AddedGroupMembers, &out.AddedGroupMembers + *out = make([]controlplane.GroupMember, len(*in)) + for i := range *in { + if err := Convert_v1beta1_GroupMember_To_controlplane_GroupMember(&(*in)[i], &(*out)[i], s); err != nil { + return err + } + } + } else { + out.AddedGroupMembers = nil + } + if in.RemovedGroupMembers != nil { + in, out := &in.RemovedGroupMembers, &out.RemovedGroupMembers + *out = make([]controlplane.GroupMember, len(*in)) + for i := range *in { + if err := Convert_v1beta1_GroupMember_To_controlplane_GroupMember(&(*in)[i], &(*out)[i], s); err != nil { + return err + } + } + } else { + out.RemovedGroupMembers = nil + } + return nil +} + +// Convert_v1beta1_EgressGroupPatch_To_controlplane_EgressGroupPatch is an autogenerated conversion function. +func Convert_v1beta1_EgressGroupPatch_To_controlplane_EgressGroupPatch(in *EgressGroupPatch, out *controlplane.EgressGroupPatch, s conversion.Scope) error { + return autoConvert_v1beta1_EgressGroupPatch_To_controlplane_EgressGroupPatch(in, out, s) +} + +func autoConvert_controlplane_EgressGroupPatch_To_v1beta1_EgressGroupPatch(in *controlplane.EgressGroupPatch, out *EgressGroupPatch, s conversion.Scope) error { + out.ObjectMeta = in.ObjectMeta + if in.AddedGroupMembers != nil { + in, out := &in.AddedGroupMembers, &out.AddedGroupMembers + *out = make([]GroupMember, len(*in)) + for i := range *in { + if err := Convert_controlplane_GroupMember_To_v1beta1_GroupMember(&(*in)[i], &(*out)[i], s); err != nil { + return err + } + } + } else { + out.AddedGroupMembers = nil + } + if in.RemovedGroupMembers != nil { + in, out := &in.RemovedGroupMembers, &out.RemovedGroupMembers + *out = make([]GroupMember, len(*in)) + for i := range *in { + if err := Convert_controlplane_GroupMember_To_v1beta1_GroupMember(&(*in)[i], &(*out)[i], s); err != nil { + return err + } + } + } else { + out.RemovedGroupMembers = nil + } + return nil +} + +// Convert_controlplane_EgressGroupPatch_To_v1beta1_EgressGroupPatch is an autogenerated conversion function. +func Convert_controlplane_EgressGroupPatch_To_v1beta1_EgressGroupPatch(in *controlplane.EgressGroupPatch, out *EgressGroupPatch, s conversion.Scope) error { + return autoConvert_controlplane_EgressGroupPatch_To_v1beta1_EgressGroupPatch(in, out, s) +} + func autoConvert_v1beta1_ExternalEntityReference_To_controlplane_ExternalEntityReference(in *ExternalEntityReference, out *controlplane.ExternalEntityReference, s conversion.Scope) error { out.Name = in.Name out.Namespace = in.Namespace diff --git a/pkg/apis/controlplane/v1beta1/zz_generated.deepcopy.go b/pkg/apis/controlplane/v1beta1/zz_generated.deepcopy.go index 1a60b1a01ef..0f8b67a3b3b 100644 --- a/pkg/apis/controlplane/v1beta1/zz_generated.deepcopy.go +++ b/pkg/apis/controlplane/v1beta1/zz_generated.deepcopy.go @@ -279,6 +279,112 @@ func (in *AppliedToGroupPatch) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EgressGroup) DeepCopyInto(out *EgressGroup) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + if in.GroupMembers != nil { + in, out := &in.GroupMembers, &out.GroupMembers + *out = make([]GroupMember, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressGroup. +func (in *EgressGroup) DeepCopy() *EgressGroup { + if in == nil { + return nil + } + out := new(EgressGroup) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *EgressGroup) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EgressGroupList) DeepCopyInto(out *EgressGroupList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]EgressGroup, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressGroupList. +func (in *EgressGroupList) DeepCopy() *EgressGroupList { + if in == nil { + return nil + } + out := new(EgressGroupList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *EgressGroupList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EgressGroupPatch) DeepCopyInto(out *EgressGroupPatch) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + if in.AddedGroupMembers != nil { + in, out := &in.AddedGroupMembers, &out.AddedGroupMembers + *out = make([]GroupMember, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.RemovedGroupMembers != nil { + in, out := &in.RemovedGroupMembers, &out.RemovedGroupMembers + *out = make([]GroupMember, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressGroupPatch. +func (in *EgressGroupPatch) DeepCopy() *EgressGroupPatch { + if in == nil { + return nil + } + out := new(EgressGroupPatch) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *EgressGroupPatch) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Endpoint) DeepCopyInto(out *Endpoint) { *out = *in diff --git a/pkg/apis/controlplane/zz_generated.deepcopy.go b/pkg/apis/controlplane/zz_generated.deepcopy.go index d6856f8c2d9..f491f0d0679 100644 --- a/pkg/apis/controlplane/zz_generated.deepcopy.go +++ b/pkg/apis/controlplane/zz_generated.deepcopy.go @@ -270,6 +270,112 @@ func (in *ClusterGroupMembers) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EgressGroup) DeepCopyInto(out *EgressGroup) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + if in.GroupMembers != nil { + in, out := &in.GroupMembers, &out.GroupMembers + *out = make([]GroupMember, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressGroup. +func (in *EgressGroup) DeepCopy() *EgressGroup { + if in == nil { + return nil + } + out := new(EgressGroup) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *EgressGroup) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EgressGroupList) DeepCopyInto(out *EgressGroupList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]EgressGroup, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressGroupList. +func (in *EgressGroupList) DeepCopy() *EgressGroupList { + if in == nil { + return nil + } + out := new(EgressGroupList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *EgressGroupList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EgressGroupPatch) DeepCopyInto(out *EgressGroupPatch) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + if in.AddedGroupMembers != nil { + in, out := &in.AddedGroupMembers, &out.AddedGroupMembers + *out = make([]GroupMember, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.RemovedGroupMembers != nil { + in, out := &in.RemovedGroupMembers, &out.RemovedGroupMembers + *out = make([]GroupMember, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressGroupPatch. +func (in *EgressGroupPatch) DeepCopy() *EgressGroupPatch { + if in == nil { + return nil + } + out := new(EgressGroupPatch) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *EgressGroupPatch) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ExternalEntityReference) DeepCopyInto(out *ExternalEntityReference) { *out = *in diff --git a/pkg/apiserver/apiserver.go b/pkg/apiserver/apiserver.go index fa030851c02..045aace0d5a 100644 --- a/pkg/apiserver/apiserver.go +++ b/pkg/apiserver/apiserver.go @@ -40,6 +40,7 @@ import ( "github.com/vmware-tanzu/antrea/pkg/apiserver/handlers/endpoint" "github.com/vmware-tanzu/antrea/pkg/apiserver/handlers/loglevel" "github.com/vmware-tanzu/antrea/pkg/apiserver/handlers/webhook" + "github.com/vmware-tanzu/antrea/pkg/apiserver/registry/controlplane/egressgroup" "github.com/vmware-tanzu/antrea/pkg/apiserver/registry/controlplane/nodestatssummary" "github.com/vmware-tanzu/antrea/pkg/apiserver/registry/networkpolicy/addressgroup" "github.com/vmware-tanzu/antrea/pkg/apiserver/registry/networkpolicy/appliedtogroup" @@ -82,6 +83,7 @@ type ExtraConfig struct { addressGroupStore storage.Interface appliedToGroupStore storage.Interface networkPolicyStore storage.Interface + egressGroupStore storage.Interface controllerQuerier querier.ControllerQuerier endpointQuerier controllernetworkpolicy.EndpointQuerier networkPolicyController *controllernetworkpolicy.NetworkPolicyController @@ -119,7 +121,7 @@ type completedConfig struct { func NewConfig( genericConfig *genericapiserver.Config, - addressGroupStore, appliedToGroupStore, networkPolicyStore, groupStore storage.Interface, + addressGroupStore, appliedToGroupStore, networkPolicyStore, groupStore, egressGroupStore storage.Interface, caCertController *certificate.CACertController, statsAggregator *stats.Aggregator, controllerQuerier querier.ControllerQuerier, @@ -132,6 +134,7 @@ func NewConfig( addressGroupStore: addressGroupStore, appliedToGroupStore: appliedToGroupStore, networkPolicyStore: networkPolicyStore, + egressGroupStore: egressGroupStore, caCertController: caCertController, statsAggregator: statsAggregator, controllerQuerier: controllerQuerier, @@ -154,12 +157,14 @@ func installAPIGroup(s *APIServer, c completedConfig) error { clusterGroupMembershipStorage := clustergroupmember.NewREST(c.extraConfig.networkPolicyController) groupAssociationStorage := groupassociation.NewREST(c.extraConfig.networkPolicyController) nodeStatsSummaryStorage := nodestatssummary.NewREST(c.extraConfig.statsAggregator) + egressGroupStorage := egressgroup.NewREST(c.extraConfig.egressGroupStore) cpGroup := genericapiserver.NewDefaultAPIGroupInfo(controlplane.GroupName, Scheme, metav1.ParameterCodec, Codecs) cpv1beta1Storage := map[string]rest.Storage{} cpv1beta1Storage["addressgroups"] = addressGroupStorage cpv1beta1Storage["appliedtogroups"] = appliedToGroupStorage cpv1beta1Storage["networkpolicies"] = networkPolicyStorage cpv1beta1Storage["nodestatssummaries"] = nodeStatsSummaryStorage + cpv1beta1Storage["egressgroups"] = egressGroupStorage cpGroup.VersionedResourcesStorageMap["v1beta1"] = cpv1beta1Storage cpv1beta2Storage := map[string]rest.Storage{} cpv1beta2Storage["addressgroups"] = addressGroupStorage diff --git a/pkg/apiserver/openapi/zz_generated.openapi.go b/pkg/apiserver/openapi/zz_generated.openapi.go index f339c077e3a..d38917ba88a 100644 --- a/pkg/apiserver/openapi/zz_generated.openapi.go +++ b/pkg/apiserver/openapi/zz_generated.openapi.go @@ -43,6 +43,9 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/vmware-tanzu/antrea/pkg/apis/controlplane/v1beta1.AppliedToGroup": schema_pkg_apis_controlplane_v1beta1_AppliedToGroup(ref), "github.com/vmware-tanzu/antrea/pkg/apis/controlplane/v1beta1.AppliedToGroupList": schema_pkg_apis_controlplane_v1beta1_AppliedToGroupList(ref), "github.com/vmware-tanzu/antrea/pkg/apis/controlplane/v1beta1.AppliedToGroupPatch": schema_pkg_apis_controlplane_v1beta1_AppliedToGroupPatch(ref), + "github.com/vmware-tanzu/antrea/pkg/apis/controlplane/v1beta1.EgressGroup": schema_pkg_apis_controlplane_v1beta1_EgressGroup(ref), + "github.com/vmware-tanzu/antrea/pkg/apis/controlplane/v1beta1.EgressGroupList": schema_pkg_apis_controlplane_v1beta1_EgressGroupList(ref), + "github.com/vmware-tanzu/antrea/pkg/apis/controlplane/v1beta1.EgressGroupPatch": schema_pkg_apis_controlplane_v1beta1_EgressGroupPatch(ref), "github.com/vmware-tanzu/antrea/pkg/apis/controlplane/v1beta1.Endpoint": schema_pkg_apis_controlplane_v1beta1_Endpoint(ref), "github.com/vmware-tanzu/antrea/pkg/apis/controlplane/v1beta1.ExternalEntityReference": schema_pkg_apis_controlplane_v1beta1_ExternalEntityReference(ref), "github.com/vmware-tanzu/antrea/pkg/apis/controlplane/v1beta1.GroupMember": schema_pkg_apis_controlplane_v1beta1_GroupMember(ref), @@ -1177,6 +1180,149 @@ func schema_pkg_apis_controlplane_v1beta1_AppliedToGroupPatch(ref common.Referen } } +func schema_pkg_apis_controlplane_v1beta1_EgressGroup(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + }, + }, + "groupMembers": { + SchemaProps: spec.SchemaProps{ + Description: "GroupMembers is list of resources selected by this group.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/vmware-tanzu/antrea/pkg/apis/controlplane/v1beta1.GroupMember"), + }, + }, + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/vmware-tanzu/antrea/pkg/apis/controlplane/v1beta1.GroupMember", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + } +} + +func schema_pkg_apis_controlplane_v1beta1_EgressGroupList(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "EgressGroupList is a list of EgressGroup objects.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/vmware-tanzu/antrea/pkg/apis/controlplane/v1beta1.EgressGroup"), + }, + }, + }, + }, + }, + }, + Required: []string{"items"}, + }, + }, + Dependencies: []string{ + "github.com/vmware-tanzu/antrea/pkg/apis/controlplane/v1beta1.EgressGroup", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + } +} + +func schema_pkg_apis_controlplane_v1beta1_EgressGroupPatch(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "EgressGroupPatch describes the incremental update of an EgressGroup.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "TypeMeta": { + SchemaProps: spec.SchemaProps{ + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.TypeMeta"), + }, + }, + "ObjectMeta": { + SchemaProps: spec.SchemaProps{ + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + }, + }, + "AddedGroupMembers": { + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/vmware-tanzu/antrea/pkg/apis/controlplane/v1beta1.GroupMember"), + }, + }, + }, + }, + }, + "RemovedGroupMembers": { + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/vmware-tanzu/antrea/pkg/apis/controlplane/v1beta1.GroupMember"), + }, + }, + }, + }, + }, + }, + Required: []string{"TypeMeta", "ObjectMeta", "AddedGroupMembers", "RemovedGroupMembers"}, + }, + }, + Dependencies: []string{ + "github.com/vmware-tanzu/antrea/pkg/apis/controlplane/v1beta1.GroupMember", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta", "k8s.io/apimachinery/pkg/apis/meta/v1.TypeMeta"}, + } +} + func schema_pkg_apis_controlplane_v1beta1_Endpoint(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/pkg/apiserver/registry/controlplane/egressgroup/rest.go b/pkg/apiserver/registry/controlplane/egressgroup/rest.go new file mode 100644 index 00000000000..b41d6b49f28 --- /dev/null +++ b/pkg/apiserver/registry/controlplane/egressgroup/rest.go @@ -0,0 +1,103 @@ +// Copyright 2021 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package egressgroup + +import ( + "context" + + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/apis/meta/internalversion" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/watch" + "k8s.io/apiserver/pkg/registry/rest" + + "github.com/vmware-tanzu/antrea/pkg/apis/controlplane" + "github.com/vmware-tanzu/antrea/pkg/apiserver/registry/networkpolicy" + "github.com/vmware-tanzu/antrea/pkg/apiserver/storage" + "github.com/vmware-tanzu/antrea/pkg/controller/egress/store" + "github.com/vmware-tanzu/antrea/pkg/controller/types" +) + +// REST implements rest.Storage for EgressGroups. +type REST struct { + egressGroupStore storage.Interface +} + +var ( + _ rest.Storage = &REST{} + _ rest.Watcher = &REST{} + _ rest.Scoper = &REST{} + _ rest.Lister = &REST{} + _ rest.Getter = &REST{} +) + +// NewREST returns a REST object that will work against API services. +func NewREST(egressGroupStore storage.Interface) *REST { + return &REST{egressGroupStore} +} + +func (r *REST) New() runtime.Object { + return &controlplane.EgressGroup{} +} + +func (r *REST) NewList() runtime.Object { + return &controlplane.EgressGroupList{} +} + +func (r *REST) Get(ctx context.Context, name string, options *metav1.GetOptions) (runtime.Object, error) { + egressGroup, exists, err := r.egressGroupStore.Get(name) + if err != nil { + return nil, errors.NewInternalError(err) + } + if !exists { + return nil, errors.NewNotFound(controlplane.Resource("egressgroup"), name) + } + obj := new(controlplane.EgressGroup) + store.ToEgressGroupMsg(egressGroup.(*types.EgressGroup), obj, true, nil) + return obj, nil +} + +func (r *REST) List(ctx context.Context, options *internalversion.ListOptions) (runtime.Object, error) { + labelSelector := labels.Everything() + if options != nil && options.LabelSelector != nil { + labelSelector = options.LabelSelector + } + egressGroups := r.egressGroupStore.List() + items := make([]controlplane.EgressGroup, 0, len(egressGroups)) + for i := range egressGroups { + var item controlplane.EgressGroup + store.ToEgressGroupMsg(egressGroups[i].(*types.EgressGroup), &item, true, nil) + if labelSelector.Matches(labels.Set(item.Labels)) { + items = append(items, item) + } + } + list := &controlplane.EgressGroupList{Items: items} + return list, nil +} + +func (r *REST) NamespaceScoped() bool { + return false +} + +func (r *REST) Watch(ctx context.Context, options *internalversion.ListOptions) (watch.Interface, error) { + key, label, field := networkpolicy.GetSelectors(options) + return r.egressGroupStore.Watch(ctx, key, label, field) +} + +func (r *REST) ConvertToTable(ctx context.Context, obj runtime.Object, tableOptions runtime.Object) (*metav1.Table, error) { + return rest.NewDefaultTableConvertor(controlplane.Resource("egressgroup")).ConvertToTable(ctx, obj, tableOptions) +} diff --git a/pkg/client/clientset/versioned/typed/controlplane/v1beta1/controlplane_client.go b/pkg/client/clientset/versioned/typed/controlplane/v1beta1/controlplane_client.go index 6dea05badc0..2fe3659dd5f 100644 --- a/pkg/client/clientset/versioned/typed/controlplane/v1beta1/controlplane_client.go +++ b/pkg/client/clientset/versioned/typed/controlplane/v1beta1/controlplane_client.go @@ -1,4 +1,4 @@ -// Copyright 2020 Antrea Authors +// Copyright 2021 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -26,6 +26,7 @@ type ControlplaneV1beta1Interface interface { RESTClient() rest.Interface AddressGroupsGetter AppliedToGroupsGetter + EgressGroupsGetter NetworkPoliciesGetter NodeStatsSummariesGetter } @@ -43,6 +44,10 @@ func (c *ControlplaneV1beta1Client) AppliedToGroups() AppliedToGroupInterface { return newAppliedToGroups(c) } +func (c *ControlplaneV1beta1Client) EgressGroups() EgressGroupInterface { + return newEgressGroups(c) +} + func (c *ControlplaneV1beta1Client) NetworkPolicies(namespace string) NetworkPolicyInterface { return newNetworkPolicies(c, namespace) } diff --git a/pkg/client/clientset/versioned/typed/controlplane/v1beta1/egressgroup.go b/pkg/client/clientset/versioned/typed/controlplane/v1beta1/egressgroup.go new file mode 100644 index 00000000000..2160e37204a --- /dev/null +++ b/pkg/client/clientset/versioned/typed/controlplane/v1beta1/egressgroup.go @@ -0,0 +1,96 @@ +// Copyright 2021 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by client-gen. DO NOT EDIT. + +package v1beta1 + +import ( + "context" + "time" + + v1beta1 "github.com/vmware-tanzu/antrea/pkg/apis/controlplane/v1beta1" + scheme "github.com/vmware-tanzu/antrea/pkg/client/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// EgressGroupsGetter has a method to return a EgressGroupInterface. +// A group's client should implement this interface. +type EgressGroupsGetter interface { + EgressGroups() EgressGroupInterface +} + +// EgressGroupInterface has methods to work with EgressGroup resources. +type EgressGroupInterface interface { + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta1.EgressGroup, error) + List(ctx context.Context, opts v1.ListOptions) (*v1beta1.EgressGroupList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + EgressGroupExpansion +} + +// egressGroups implements EgressGroupInterface +type egressGroups struct { + client rest.Interface +} + +// newEgressGroups returns a EgressGroups +func newEgressGroups(c *ControlplaneV1beta1Client) *egressGroups { + return &egressGroups{ + client: c.RESTClient(), + } +} + +// Get takes name of the egressGroup, and returns the corresponding egressGroup object, and an error if there is any. +func (c *egressGroups) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.EgressGroup, err error) { + result = &v1beta1.EgressGroup{} + err = c.client.Get(). + Resource("egressgroups"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of EgressGroups that match those selectors. +func (c *egressGroups) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.EgressGroupList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1beta1.EgressGroupList{} + err = c.client.Get(). + Resource("egressgroups"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested egressGroups. +func (c *egressGroups) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Resource("egressgroups"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} diff --git a/pkg/client/clientset/versioned/typed/controlplane/v1beta1/fake/fake_controlplane_client.go b/pkg/client/clientset/versioned/typed/controlplane/v1beta1/fake/fake_controlplane_client.go index 001bf1c10fc..b1cdea9a3a2 100644 --- a/pkg/client/clientset/versioned/typed/controlplane/v1beta1/fake/fake_controlplane_client.go +++ b/pkg/client/clientset/versioned/typed/controlplane/v1beta1/fake/fake_controlplane_client.go @@ -1,4 +1,4 @@ -// Copyright 2020 Antrea Authors +// Copyright 2021 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -34,6 +34,10 @@ func (c *FakeControlplaneV1beta1) AppliedToGroups() v1beta1.AppliedToGroupInterf return &FakeAppliedToGroups{c} } +func (c *FakeControlplaneV1beta1) EgressGroups() v1beta1.EgressGroupInterface { + return &FakeEgressGroups{c} +} + func (c *FakeControlplaneV1beta1) NetworkPolicies(namespace string) v1beta1.NetworkPolicyInterface { return &FakeNetworkPolicies{c, namespace} } diff --git a/pkg/client/clientset/versioned/typed/controlplane/v1beta1/fake/fake_egressgroup.go b/pkg/client/clientset/versioned/typed/controlplane/v1beta1/fake/fake_egressgroup.go new file mode 100644 index 00000000000..b7b05503de6 --- /dev/null +++ b/pkg/client/clientset/versioned/typed/controlplane/v1beta1/fake/fake_egressgroup.go @@ -0,0 +1,74 @@ +// Copyright 2021 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1beta1 "github.com/vmware-tanzu/antrea/pkg/apis/controlplane/v1beta1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + schema "k8s.io/apimachinery/pkg/runtime/schema" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeEgressGroups implements EgressGroupInterface +type FakeEgressGroups struct { + Fake *FakeControlplaneV1beta1 +} + +var egressgroupsResource = schema.GroupVersionResource{Group: "controlplane.antrea.tanzu.vmware.com", Version: "v1beta1", Resource: "egressgroups"} + +var egressgroupsKind = schema.GroupVersionKind{Group: "controlplane.antrea.tanzu.vmware.com", Version: "v1beta1", Kind: "EgressGroup"} + +// Get takes name of the egressGroup, and returns the corresponding egressGroup object, and an error if there is any. +func (c *FakeEgressGroups) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.EgressGroup, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootGetAction(egressgroupsResource, name), &v1beta1.EgressGroup{}) + if obj == nil { + return nil, err + } + return obj.(*v1beta1.EgressGroup), err +} + +// List takes label and field selectors, and returns the list of EgressGroups that match those selectors. +func (c *FakeEgressGroups) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.EgressGroupList, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootListAction(egressgroupsResource, egressgroupsKind, opts), &v1beta1.EgressGroupList{}) + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1beta1.EgressGroupList{ListMeta: obj.(*v1beta1.EgressGroupList).ListMeta} + for _, item := range obj.(*v1beta1.EgressGroupList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested egressGroups. +func (c *FakeEgressGroups) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewRootWatchAction(egressgroupsResource, opts)) +} diff --git a/pkg/client/clientset/versioned/typed/controlplane/v1beta1/generated_expansion.go b/pkg/client/clientset/versioned/typed/controlplane/v1beta1/generated_expansion.go index 49b5c2bdcc9..7d32df9ef34 100644 --- a/pkg/client/clientset/versioned/typed/controlplane/v1beta1/generated_expansion.go +++ b/pkg/client/clientset/versioned/typed/controlplane/v1beta1/generated_expansion.go @@ -1,4 +1,4 @@ -// Copyright 2020 Antrea Authors +// Copyright 2021 Antrea Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -20,6 +20,8 @@ type AddressGroupExpansion interface{} type AppliedToGroupExpansion interface{} +type EgressGroupExpansion interface{} + type NetworkPolicyExpansion interface{} type NodeStatsSummaryExpansion interface{} diff --git a/pkg/controller/egress/controller.go b/pkg/controller/egress/controller.go new file mode 100644 index 00000000000..75eb0adb7c7 --- /dev/null +++ b/pkg/controller/egress/controller.go @@ -0,0 +1,241 @@ +// Copyright 2021 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package egress + +import ( + "reflect" + "time" + + "k8s.io/apimachinery/pkg/util/sets" + "k8s.io/apimachinery/pkg/util/wait" + "k8s.io/client-go/tools/cache" + "k8s.io/client-go/util/workqueue" + "k8s.io/klog" + + "github.com/vmware-tanzu/antrea/pkg/apis/controlplane" + egressv1alpha1 "github.com/vmware-tanzu/antrea/pkg/apis/egress/v1alpha1" + "github.com/vmware-tanzu/antrea/pkg/apiserver/storage" + egressinformers "github.com/vmware-tanzu/antrea/pkg/client/informers/externalversions/egress/v1alpha1" + "github.com/vmware-tanzu/antrea/pkg/controller/grouping" + antreatypes "github.com/vmware-tanzu/antrea/pkg/controller/types" +) + +const ( + controllerName = "EgressController" + // Set resyncPeriod to 0 to disable resyncing. + resyncPeriod time.Duration = 0 + // How long to wait before retrying the processing of an Egress change. + minRetryDelay = 5 * time.Second + maxRetryDelay = 300 * time.Second + // Default number of workers processing an Egress change. + defaultWorkers = 4 + + egressGroupType grouping.GroupType = "egressGroup" +) + +// EgressController is responsible for synchronizing the EgressGroups selected by Egresses. +type EgressController struct { + egressInformer egressinformers.EgressInformer + // egressListerSynced is a function which returns true if the Egresses shared informer has been synced at least once. + egressListerSynced cache.InformerSynced + + // egressGroupStore is the storage where the EgressGroups are stored. + egressGroupStore storage.Interface + + // queue maintains the EgressGroup objects that need to be synced. + queue workqueue.RateLimitingInterface + + // groupingInterface knows Pods that a given group selects. + groupingInterface grouping.Interface + // Added as a member to the struct to allow injection for testing. + groupingInterfaceSynced func() bool +} + +// NewEgressController returns a new *EgressController. +func NewEgressController(groupingInterface grouping.Interface, + egressInformer egressinformers.EgressInformer, + egressGroupStore storage.Interface) *EgressController { + c := &EgressController{ + egressInformer: egressInformer, + egressListerSynced: egressInformer.Informer().HasSynced, + egressGroupStore: egressGroupStore, + queue: workqueue.NewNamedRateLimitingQueue(workqueue.NewItemExponentialFailureRateLimiter(minRetryDelay, maxRetryDelay), "egress"), + groupingInterface: groupingInterface, + groupingInterfaceSynced: groupingInterface.HasSynced, + } + c.groupingInterface.AddEventHandler(egressGroupType, c.enqueueEgressGroup) + // Add handlers for Egress events. + egressInformer.Informer().AddEventHandlerWithResyncPeriod( + cache.ResourceEventHandlerFuncs{ + AddFunc: c.addEgress, + UpdateFunc: c.updateEgress, + DeleteFunc: c.deleteEgress, + }, + resyncPeriod, + ) + return c +} + +// Run begins watching and syncing of an EgressController. +func (c *EgressController) Run(stopCh <-chan struct{}) { + defer c.queue.ShutDown() + + klog.Infof("Starting %s", controllerName) + defer klog.Infof("Shutting down %s", controllerName) + + cacheSyncs := []cache.InformerSynced{c.egressListerSynced, c.groupingInterfaceSynced} + if !cache.WaitForNamedCacheSync(controllerName, stopCh, cacheSyncs...) { + return + } + + for i := 0; i < defaultWorkers; i++ { + go wait.Until(c.egressGroupWorker, time.Second, stopCh) + } + <-stopCh +} + +func (c *EgressController) egressGroupWorker() { + for c.processNextEgressGroupWorkItem() { + } +} + +func (c *EgressController) processNextEgressGroupWorkItem() bool { + key, quit := c.queue.Get() + if quit { + return false + } + defer c.queue.Done(key) + + err := c.syncEgressGroup(key.(string)) + if err != nil { + // Put the item back on the workqueue to handle any transient errors. + c.queue.AddRateLimited(key) + klog.Errorf("Failed to sync EgressGroup %s: %v", key, err) + return true + } + // If no error occurs we Forget this item so it does not get queued again until + // another change happens. + c.queue.Forget(key) + return true +} + +func (c *EgressController) syncEgressGroup(key string) error { + startTime := time.Now() + defer func() { + d := time.Since(startTime) + klog.V(2).Infof("Finished syncing EgressGroup %s. (%v)", key, d) + }() + + egressGroupObj, found, _ := c.egressGroupStore.Get(key) + if !found { + klog.V(2).Infof("EgressGroup %s not found", key) + return nil + } + + nodeNames := sets.String{} + podNum := 0 + memberSetByNode := make(map[string]controlplane.GroupMemberSet) + egressGroup := egressGroupObj.(*antreatypes.EgressGroup) + pods, _ := c.groupingInterface.GetEntities(egressGroupType, key) + for _, pod := range pods { + // Ignore Pod if it's not scheduled or not running. + // TODO: If a Pod is scheduled but not running, it can be included in the EgressGroup so that the agent can + // install its SNAT rule right after the Pod's CNI request is processed, which requires a notification from + // CNIServer to the agent's EgressController. However the current notification mechanism (the entityUpdate + // channel) allows only single consumer. Once it allows multiple consumers, we can change the condition to + // include scheduled Pods that have no IPs. + if pod.Spec.NodeName == "" || len(pod.Status.PodIPs) == 0 { + continue + } + podNum++ + podSet := memberSetByNode[pod.Spec.NodeName] + if podSet == nil { + podSet = controlplane.GroupMemberSet{} + memberSetByNode[pod.Spec.NodeName] = podSet + } + groupMember := &controlplane.GroupMember{ + Pod: &controlplane.PodReference{ + Name: pod.Name, + Namespace: pod.Namespace, + }, + } + podSet.Insert(groupMember) + // Update the NodeNames in order to set the SpanMeta for EgressGroup. + nodeNames.Insert(pod.Spec.NodeName) + } + updatedEgressGroup := &antreatypes.EgressGroup{ + UID: egressGroup.UID, + Name: egressGroup.Name, + GroupMemberByNode: memberSetByNode, + SpanMeta: antreatypes.SpanMeta{NodeNames: nodeNames}, + } + klog.V(2).Infof("Updating existing EgressGroup %s with %d Pods on %d Nodes", key, podNum, nodeNames.Len()) + c.egressGroupStore.Update(updatedEgressGroup) + return nil +} + +func (c *EgressController) enqueueEgressGroup(key string) { + klog.V(4).Infof("Adding new key %s to EgressGroup queue", key) + c.queue.Add(key) +} + +// createEgressGroup creates an EgressGroup object in store if it is not created already. +func (c *EgressController) registerEgressGroup(egress *egressv1alpha1.Egress) { + groupSelector := antreatypes.NewGroupSelector("", egress.Spec.AppliedTo.PodSelector, egress.Spec.AppliedTo.NamespaceSelector, nil) + klog.V(2).Infof("Registering EgressGroup %s with selector (%s)", egress.Name, groupSelector.NormalizedName) + c.groupingInterface.AddGroup(egressGroupType, egress.Name, groupSelector) +} + +// createEgressGroup creates an EgressGroup object in store if it is not created already. +func (c *EgressController) unregisterEgressGroup(egress *egressv1alpha1.Egress) { + klog.V(2).Infof("Unregistering EgressGroup %s", egress.Name) + c.groupingInterface.DeleteGroup(egressGroupType, egress.Name) +} + +// addEgress receives Egress ADD events and creates corresponding EgressGroup. +func (c *EgressController) addEgress(obj interface{}) { + egress := obj.(*egressv1alpha1.Egress) + klog.Infof("Processing Egress %s ADD event", egress.Name) + // Create an EgressGroup object corresponding to this Egress and enqueue task to the workqueue. + egressGroup := &antreatypes.EgressGroup{ + Name: egress.Name, + UID: egress.UID, + } + c.egressGroupStore.Create(egressGroup) + c.registerEgressGroup(egress) + c.queue.Add(egress.Name) +} + +// updateEgress receives Egress UPDATE events and updates corresponding EgressGroup. +func (c *EgressController) updateEgress(old, cur interface{}) { + oldEgress := old.(*egressv1alpha1.Egress) + curEgress := cur.(*egressv1alpha1.Egress) + klog.Infof("Processing Egress %s UPDATE event", curEgress.Name) + // Do nothing if AppliedTo doesn't change. + if reflect.DeepEqual(oldEgress.Spec.AppliedTo, curEgress.Spec.AppliedTo) { + return + } + + c.registerEgressGroup(curEgress) + c.queue.Add(curEgress.Name) +} + +// deleteEgress receives Egress DELETED events and deletes corresponding EgressGroup. +func (c *EgressController) deleteEgress(obj interface{}) { + egress := obj.(*egressv1alpha1.Egress) + klog.Infof("Processing Egress %s DELETE event", egress.Name) + c.egressGroupStore.Delete(egress.Name) + c.unregisterEgressGroup(egress) +} diff --git a/pkg/controller/egress/store/egressgroup.go b/pkg/controller/egress/store/egressgroup.go new file mode 100644 index 00000000000..4bf8752e8ef --- /dev/null +++ b/pkg/controller/egress/store/egressgroup.go @@ -0,0 +1,203 @@ +// Copyright 2021 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package store + +import ( + "fmt" + "reflect" + + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/watch" + + "github.com/vmware-tanzu/antrea/pkg/apis/controlplane" + "github.com/vmware-tanzu/antrea/pkg/apiserver/storage" + "github.com/vmware-tanzu/antrea/pkg/apiserver/storage/ram" + "github.com/vmware-tanzu/antrea/pkg/controller/types" +) + +// egressGroupEvent implements storage.InternalEvent. +type egressGroupEvent struct { + // The current version of the stored EgressGroup. + CurrGroup *types.EgressGroup + // The previous version of the stored EgressGroup. + PrevGroup *types.EgressGroup + // The current version of the transferred EgressGroup, which will be used in Added events. + CurrObject *controlplane.EgressGroup + // The previous version of the transferred EgressGroup, which will be used in Deleted events. + // Note that only metadata will be set in Deleted events for efficiency. + PrevObject *controlplane.EgressGroup + // The patch object of the message for transferring, which will be used in Modified events. + PatchObject *controlplane.EgressGroupPatch + // The key of this EgressGroup. + Key string + ResourceVersion uint64 +} + +/// ToWatchEvent converts the egressGroupEvent to *watch.Event based on the provided Selectors. It has the following features: +// 1. Added event will be generated if the Selectors was not interested in the object but is now. +// 2. Modified event will be generated if the Selectors was and is interested in the object. +// 3. Deleted event will be generated if the Selectors was interested in the object but is not now. +// 4. If nodeName is specified, only GroupMembers that hosted by the Node will be in the event. +func (event *egressGroupEvent) ToWatchEvent(selectors *storage.Selectors, isInitEvent bool) *watch.Event { + prevObjSelected, currObjSelected := isSelected(event.Key, event.PrevGroup, event.CurrGroup, selectors, isInitEvent) + + // If nodeName is specified in selectors, only GroupMembers that hosted by the Node should be in the event. + nodeName, nodeSpecified := selectors.Field.RequiresExactMatch("nodeName") + + switch { + case !currObjSelected && !prevObjSelected: + // Watcher is not interested in that object. + return nil + case currObjSelected && !prevObjSelected: + // Watcher was not interested in that object but is now, an added event will be generated. + obj := new(controlplane.EgressGroup) + if nodeSpecified { + ToEgressGroupMsg(event.CurrGroup, obj, true, &nodeName) + } else { + ToEgressGroupMsg(event.CurrGroup, obj, true, nil) + } + return &watch.Event{Type: watch.Added, Object: obj} + case currObjSelected && prevObjSelected: + // Watcher was and is interested in that object, a modified event will be generated. + obj := new(controlplane.EgressGroupPatch) + obj.UID = event.CurrGroup.UID + obj.Name = event.CurrGroup.Name + + var currMembers, prevMembers controlplane.GroupMemberSet + if nodeSpecified { + currMembers = event.CurrGroup.GroupMemberByNode[nodeName] + prevMembers = event.PrevGroup.GroupMemberByNode[nodeName] + } else { + currMembers = controlplane.GroupMemberSet{} + for _, members := range event.CurrGroup.GroupMemberByNode { + currMembers = currMembers.Union(members) + } + prevMembers = controlplane.GroupMemberSet{} + for _, members := range event.PrevGroup.GroupMemberByNode { + prevMembers = prevMembers.Union(members) + } + } + for _, member := range currMembers.Difference(prevMembers) { + obj.AddedGroupMembers = append(obj.AddedGroupMembers, *member) + } + for _, member := range prevMembers.Difference(currMembers) { + obj.RemovedGroupMembers = append(obj.RemovedGroupMembers, *member) + } + + if len(obj.AddedGroupMembers)+len(obj.RemovedGroupMembers) == 0 { + // No change for the watcher. + return nil + } + return &watch.Event{Type: watch.Modified, Object: obj} + case !currObjSelected && prevObjSelected: + // Watcher was interested in that object but is not interested now, a deleted event will be generated. + obj := new(controlplane.EgressGroup) + if nodeSpecified { + ToEgressGroupMsg(event.PrevGroup, obj, false, &nodeName) + } else { + ToEgressGroupMsg(event.PrevGroup, obj, false, nil) + } + return &watch.Event{Type: watch.Deleted, Object: obj} + } + return nil +} + +func (event *egressGroupEvent) GetResourceVersion() uint64 { + return event.ResourceVersion +} + +var _ storage.GenEventFunc = genEgressGroupEvent + +// genEgressGroupEvent generates InternalEvent from the given versions of an EgressGroup. +func genEgressGroupEvent(key string, prevObj, currObj interface{}, rv uint64) (storage.InternalEvent, error) { + if reflect.DeepEqual(prevObj, currObj) { + return nil, nil + } + + event := &egressGroupEvent{Key: key, ResourceVersion: rv} + + if prevObj != nil { + event.PrevGroup = prevObj.(*types.EgressGroup) + } + if currObj != nil { + event.CurrGroup = currObj.(*types.EgressGroup) + } + + return event, nil +} + +// ToEgressGroupMsg converts the stored EgressGroup to its message form. +// If includeBody is true, GroupMembers will be copied. +// If nodeName is provided, only GroupMembers that hosted by the Node will be copied. +func ToEgressGroupMsg(in *types.EgressGroup, out *controlplane.EgressGroup, includeBody bool, nodeName *string) { + out.Name = in.Name + out.UID = in.UID + if !includeBody || in.GroupMemberByNode == nil { + return + } + if nodeName != nil { + if members, exists := in.GroupMemberByNode[*nodeName]; exists { + for _, member := range members { + out.GroupMembers = append(out.GroupMembers, *member) + } + } + } else { + for _, members := range in.GroupMemberByNode { + for _, member := range members { + out.GroupMembers = append(out.GroupMembers, *member) + } + } + } +} + +// EgressGroupKeyFunc knows how to get the key of an EgressGroup. +func EgressGroupKeyFunc(obj interface{}) (string, error) { + group, ok := obj.(*types.EgressGroup) + if !ok { + return "", fmt.Errorf("object is not *types.EgressGroup: %v", obj) + } + return group.Name, nil +} + +// NewEgressGroupStore creates a store of EgressGroup. +func NewEgressGroupStore() storage.Interface { + return ram.NewStore(EgressGroupKeyFunc, nil, genEgressGroupEvent, keyAndSpanSelectFunc, func() runtime.Object { return new(controlplane.EgressGroup) }) +} + +// keyAndSpanSelectFunc returns whether the provided selectors matches the key and/or the nodeNames. +func keyAndSpanSelectFunc(selectors *storage.Selectors, key string, obj interface{}) bool { + // If Key is present in selectors, the provided key must match it. + if selectors.Key != "" && key != selectors.Key { + return false + } + // If nodeName is present in selectors's Field selector, the provided nodeNames must contain it. + if nodeName, found := selectors.Field.RequiresExactMatch("nodeName"); found { + if !obj.(types.Span).Has(nodeName) { + return false + } + } + return true +} + +// isSelected determines if the previous and the current version of an object should be selected by the given selectors. +func isSelected(key string, prevObj, currObj interface{}, selectors *storage.Selectors, isInitEvent bool) (bool, bool) { + // We have filtered out init events that we are not interested in, so the current object must be selected. + if isInitEvent { + return false, true + } + prevObjSelected := !reflect.ValueOf(prevObj).IsNil() && keyAndSpanSelectFunc(selectors, key, prevObj) + currObjSelected := !reflect.ValueOf(currObj).IsNil() && keyAndSpanSelectFunc(selectors, key, currObj) + return prevObjSelected, currObjSelected +} diff --git a/pkg/controller/types/egress.go b/pkg/controller/types/egress.go new file mode 100644 index 00000000000..d8b12358973 --- /dev/null +++ b/pkg/controller/types/egress.go @@ -0,0 +1,33 @@ +// Copyright 2021 Antrea Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package types + +import ( + "k8s.io/apimachinery/pkg/types" + + "github.com/vmware-tanzu/antrea/pkg/apis/controlplane" +) + +// EgressGroup describes a set of GroupMembers to apply Egress to. +type EgressGroup struct { + SpanMeta + // UID of this EgressGroup, it's same as the UID of the Egress. + UID types.UID + // Name of this EgressGroup, it's same as the name of the Egress. + Name string + // GroupMemberByNode is a mapping from nodeName to a set of GroupMembers on the Node. + // It will be converted to a slice of GroupMember for transferring according to client's selection. + GroupMemberByNode map[string]controlplane.GroupMemberSet +} diff --git a/pkg/features/antrea_features.go b/pkg/features/antrea_features.go index a8e4aca2370..4edd3065517 100644 --- a/pkg/features/antrea_features.go +++ b/pkg/features/antrea_features.go @@ -61,6 +61,10 @@ const ( // alpha: v0.13 // Expose Pod ports through NodePort NodePortLocal featuregate.Feature = "NodePortLocal" + + // alpha: v1.0 + // Enable controlling SNAT IPs of Pod egress traffic. + Egress featuregate.Feature = "Egress" ) var ( @@ -77,6 +81,7 @@ var ( defaultAntreaFeatureGates = map[featuregate.Feature]featuregate.FeatureSpec{ AntreaPolicy: {Default: false, PreRelease: featuregate.Alpha}, AntreaProxy: {Default: true, PreRelease: featuregate.Beta}, + Egress: {Default: false, PreRelease: featuregate.Alpha}, EndpointSlice: {Default: false, PreRelease: featuregate.Alpha}, Traceflow: {Default: true, PreRelease: featuregate.Beta}, FlowExporter: {Default: false, PreRelease: featuregate.Alpha},