Add ACNP copy span for multi-cluster

Signed-off-by: Yang Ding <[email protected]>

ci/jenkins/clean-mc.sh

@@ -0,0 +1,148 @@
+#!/usr/bin/env bash
+
+# Copyright 2021 Antrea Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -eo pipefail
+
+DEFAULT_WORKDIR="/var/lib/jenkins"
+DEFAULT_KUBECONFIG_PATH=$DEFAULT_WORKDIR/kube.conf
+WORKDIR=$DEFAULT_WORKDIR
+TESTCASE=""
+TEST_FAILURE=false
+DOCKER_REGISTRY=$(head -n1 "/var/lib/jenkins/antrea/ci/docker-registry")
+GO_VERSION=$(head -n1 "/var/lib/jenkins/antrea/build/images/deps/go-version")
+IMAGE_PULL_POLICY="Always"
+MULTICLUSTER_KUBECONFIG_PATH=$WORKDIR/.kube
+LEADER_CLUSTER_CONFIG="--kubeconfig=$MULTICLUSTER_KUBECONFIG_PATH/leader"
+EAST_CLUSTER_CONFIG="--kubeconfig=$MULTICLUSTER_KUBECONFIG_PATH/east"
+WEST_CLUSTER_CONFIG="--kubeconfig=$MULTICLUSTER_KUBECONFIG_PATH/west"
+
+NGINX_IMAGE=projects.registry.vmware.com/antrea/nginx:1.21.6-alpine
+
+CONTROL_PLANE_NODE_ROLE="control-plane,master"
+
+multicluster_kubeconfigs=($EAST_CLUSTER_CONFIG $LEADER_CLUSTER_CONFIG $WEST_CLUSTER_CONFIG)
+membercluter_kubeconfigs=($EAST_CLUSTER_CONFIG $WEST_CLUSTER_CONFIG)
+
+CLEAN_STALE_IMAGES="docker system prune --force --all --filter until=48h"
+
+_usage="Usage: $0 [--kubeconfigs-path <KubeconfigSavePath>] [--workdir <HomePath>]
+                  [--testcase <e2e>]
+
+Run Antrea multi-cluster e2e tests on a remote (Jenkins) Linux Cluster Set.
+
+        --kubeconfigs-path            Path of cluster set kubeconfigs.
+        --workdir                     Home path for Go, vSphere information and antrea_logs during cluster setup. Default is $WORKDIR.
+        --testcase                    Antrea multi-cluster e2e test cases on a Linux cluster set.
+        --registry                    The docker registry to use instead of dockerhub."
+
+function print_usage {
+    echoerr "$_usage"
+}
+
+
+while [[ $# -gt 0 ]]
+do
+key="$1"
+
+case $key in
+    --kubeconfigs-path)
+    MULTICLUSTER_KUBECONFIG_PATH="$2"
+    shift 2
+    ;;
+    --workdir)
+    WORKDIR="$2"
+    shift 2
+    ;;
+    --testcase)
+    TESTCASE="$2"
+    shift 2
+    ;;
+    --registry)
+    DOCKER_REGISTRY="$2"
+    shift 2
+    ;;
+    -h|--help)
+    print_usage
+    exit 0
+    ;;
+    *)    # unknown option
+    echoerr "Unknown option $1"
+    exit 1
+    ;;
+esac
+done
+
+
+function clean_tmp() {
+    echo "===== Clean up stale files & folders older than 7 days under /tmp ====="
+    CLEAN_LIST=(
+        "*codecov*"
+        "kustomize-*"
+        "*antrea*"
+        "go-build*"
+    )
+    for item in "${CLEAN_LIST[@]}"; do
+        find /tmp -name "${item}" -mtime +7 -exec rm -rf {} \; 2>&1 | grep -v "Permission denied" || true
+    done
+    find ${WORKDIR} -name "support-bundles*" -mtime +7 -exec rm -rf {} \; 2>&1 | grep -v "Permission denied" || true
+}
+
+
+function cleanup_multicluster_ns {
+    ns=$1
+    kubeconfig=$2
+
+    kubectl delete ns "${ns}" --ignore-not-found=true ${kubeconfig} --timeout=30s || true
+}
+
+function cleanup_multicluster_controller {
+    echo "====== Cleanup Multicluster Controller Installation ======"
+    kubeconfig=$1
+    for multicluster_yml in /var/lib/jenkins/antrea/multicluster/test/yamls/*.yml; do
+        kubectl delete -f $multicluster_yml $kubeconfig --ignore-not-found=true  --timeout=30s || true
+    done
+
+    for multicluster_yml in /var/lib/jenkins/antrea/multicluster/build/yamls/*.yml; do
+        kubectl delete -f $multicluster_yml $kubeconfig --ignore-not-found=true --timeout=30s || true
+    done
+}
+
+function cleanup_multicluster_antrea {
+    echo "====== Cleanup Antrea controller and agent ======"
+    kubeconfig=$1
+    kubectl get pod -n kube-system -l component=antrea-agent --no-headers=true $kubeconfig | awk '{print $1}' | while read AGENTNAME; do
+       kubectl exec $AGENTNAME -c antrea-agent -n kube-system ${kubeconfig}  ovs-vsctl del-port br-int gw0 || true
+    done
+
+   for antrea_yml in ${WORKDIR}/*.yml; do
+        kubectl delete -f $antrea_yml --ignore-not-found=true ${kubeconfig} --timeout=30s || true
+    done
+}
+
+function clean_multicluster {
+    echo "====== Cleanup Multicluster Antrea Installation in clusters ======"
+    for kubeconfig in "${multicluster_kubeconfigs[@]}"
+    do
+        cleanup_multicluster_ns "antrea-multicluster-test" $kubeconfig
+        cleanup_multicluster_ns "antrea-mcs-ns" $kubeconfig
+        cleanup_multicluster_controller $kubeconfig
+        cleanup_multicluster_antrea $kubeconfig
+    done
+}
+
+trap clean_multicluster EXIT
+clean_tmp
+

ci/jenkins/test-mc.sh

@@ -25,8 +25,8 @@ DEFAULT_KUBECONFIG_PATH=$DEFAULT_WORKDIR/kube.conf
 WORKDIR=$DEFAULT_WORKDIR
 TESTCASE=""
 TEST_FAILURE=false
-DOCKER_REGISTRY=$(head -n1 "${WORKSPACE}/ci/docker-registry")
-GO_VERSION=$(head -n1 "${WORKSPACE}/build/images/deps/go-version")
+DOCKER_REGISTRY=$(head -n1 "/var/lib/jenkins/antrea/ci/docker-registry")
+GO_VERSION=$(head -n1 "/var/lib/jenkins/antrea/build/images/deps/go-version")
 IMAGE_PULL_POLICY="Always"
 MULTICLUSTER_KUBECONFIG_PATH=$WORKDIR/.kube
 LEADER_CLUSTER_CONFIG="--kubeconfig=$MULTICLUSTER_KUBECONFIG_PATH/leader"
@@ -115,11 +115,11 @@ function cleanup_multicluster_ns {
 function cleanup_multicluster_controller {
     echo "====== Cleanup Multicluster Controller Installation ======"
     kubeconfig=$1
-    for multicluster_yml in ${WORKSPACE}/multicluster/test/yamls/*.yml; do
+    for multicluster_yml in /var/lib/jenkins/antrea/multicluster/test/yamls/*.yml; do
         kubectl delete -f $multicluster_yml $kubeconfig --ignore-not-found=true  --timeout=30s || true
     done
 
-    for multicluster_yml in ${WORKSPACE}/multicluster/build/yamls/*.yml; do
+    for multicluster_yml in /var/lib/jenkins/antrea/multicluster/build/yamls/*.yml; do
         kubectl delete -f $multicluster_yml $kubeconfig --ignore-not-found=true --timeout=30s || true
     done
 }
@@ -138,7 +138,7 @@ function cleanup_multicluster_antrea {
 
 function clean_multicluster {
     echo "====== Cleanup Multicluster Antrea Installation in clusters ======"
-    for kubeconfig in ${multicluster_kubeconfigs[@]}
+    for kubeconfig in "${multicluster_kubeconfigs[@]}"
     do
         cleanup_multicluster_ns "antrea-multicluster-test" $kubeconfig
         cleanup_multicluster_ns "antrea-mcs-ns" $kubeconfig
@@ -174,7 +174,7 @@ function wait_for_multicluster_controller_ready {
     sed -i 's/antrea-mcs-ns/kube-system/g' ./multicluster/test/yamls/leader-access-token.yml
     echo "type: Opaque" >>./multicluster/test/yamls/leader-access-token.yml
 
-    for config in ${membercluter_kubeconfigs[@]};
+    for config in "${membercluter_kubeconfigs[@]}";
     do
         kubectl apply -f ./multicluster/build/yamls/antrea-multicluster-member.yml ${config}
         kubectl rollout status deployment/antrea-mc-controller -n kube-system ${config}
@@ -203,7 +203,7 @@ function deliver_antrea_multicluster {
     docker save -o ${WORKDIR}/antrea-ubuntu.tar $DOCKER_REGISTRY/antrea/antrea-ubuntu:latest
 
 
-    for kubeconfig in ${multicluster_kubeconfigs[@]}
+    for kubeconfig in "${multicluster_kubeconfigs[@]}"
     do
        kubectl get nodes -o wide --no-headers=true ${kubeconfig}| awk '{print $6}' | while read IP; do
             rsync -avr --progress --inplace -e "ssh -o StrictHostKeyChecking=no" "${WORKDIR}"/antrea-ubuntu.tar jenkins@[${IP}]:${WORKDIR}/antrea-ubuntu.tar
@@ -226,7 +226,7 @@ function deliver_multicluster_controller {
     docker save antrea/antrea-mc-controller:latest -o "${WORKDIR}"/antrea-mcs.tar
     ./multicluster/hack/generate-manifest.sh -l antrea-mcs-ns >./multicluster/test/yamls/manifest.yml
 
-    for kubeconfig in ${multicluster_kubeconfigs[@]}
+    for kubeconfig in "${multicluster_kubeconfigs[@]}"
     do
         kubectl get nodes -o wide --no-headers=true "${kubeconfig}"| awk '{print $6}' | while read IP; do
             rsync -avr --progress --inplace -e "ssh -o StrictHostKeyChecking=no" "${WORKDIR}"/antrea-mcs.tar jenkins@[${IP}]:${WORKDIR}/antrea-mcs.tar
@@ -238,7 +238,7 @@ function deliver_multicluster_controller {
     sed -i "s|<LEADER_CLUSTER_IP>|${leader_ip}|" ./multicluster/test/yamls/east-member-cluster.yml
     sed -i "s|<LEADER_CLUSTER_IP>|${leader_ip}|" ./multicluster/test/yamls/west-member-cluster.yml
 
-    for kubeconfig in ${membercluter_kubeconfigs[@]}
+    for kubeconfig in "${membercluter_kubeconfigs[@]}"
     do
        ip=$(kubectl get nodes -o wide --no-headers=true ${EAST_CLUSTER_CONFIG} | awk -v role="$CONTROL_PLANE_NODE_ROLE" '$3 == role {print $6}')
        rsync -avr --progress --inplace -e "ssh -o StrictHostKeyChecking=no" ./multicluster/test/yamls/test-east-serviceexport.yml jenkins@[${ip}]:${WORKDIR}/serviceexport.yml
@@ -266,7 +266,7 @@ function run_multicluster_e2e {
     docker tag "${DOCKER_REGISTRY}/antrea/agnhost:2.26" "agnhost:2.26"
     docker save agnhost:2.26 -o "${WORKDIR}"/agnhost.tar
 
-    for kubeconfig in ${membercluter_kubeconfigs[@]}
+    for kubeconfig in "${membercluter_kubeconfigs[@]}"
     do
         kubectl get nodes -o wide --no-headers=true "${kubeconfig}"| awk '{print $6}' | while read IP; do
             rsync -avr --progress --inplace -e "ssh -o StrictHostKeyChecking=no" "${WORKDIR}"/nginx.tar jenkins@["${IP}"]:"${WORKDIR}"/nginx.tar
@@ -278,17 +278,17 @@ function run_multicluster_e2e {
 
     done
 
-    set +e
-    mkdir -p `pwd`/antrea-multicluster-test-logs
-    go test -v antrea.io/antrea/multicluster/test/e2e --logs-export-dir  `pwd`/antrea-multicluster-test-logs
-    if [[ "$?" != "0" ]]; then
-        TEST_FAILURE=true
-    fi
-    set -e
+#    set +e
+#    mkdir -p `pwd`/antrea-multicluster-test-logs
+#    go test -v antrea.io/antrea/multicluster/test/e2e --logs-export-dir  `pwd`/antrea-multicluster-test-logs
+#    if [[ "$?" != "0" ]]; then
+#        TEST_FAILURE=true
+#    fi
+#    set -e
 }
 
-trap clean_multicluster EXIT
-clean_tmp
+#trap clean_multicluster EXIT
+#clean_tmp
 
 if [[ ${TESTCASE} =~ "e2e" ]]; then
     deliver_antrea_multicluster

multicluster/Makefile

@@ -2,7 +2,7 @@
 # Image URL to use all building/pushing image targets
 IMG ?= antrea/antrea-mc-controller:latest
 # Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
-CRD_OPTIONS ?= "crd:trivialVersions=true,preserveUnknownFields=false"
+CRD_OPTIONS ?= "crd:trivialVersions=true,allowDangerousTypes=true,preserveUnknownFields=false"
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))

multicluster/apis/multicluster/v1alpha1/acnpimport.go

@@ -0,0 +1,80 @@
+/*
+Copyright 2022 Antrea Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// +genclient
+// +genclient:nonNamespaced
+// +kubebuilder:object:root=true
+// +kubebuilder:resource:path=acnpimports,scope=Cluster
+// +kubebuilder:subresource:status
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// ACNPImport describes an ACNP imported from the leader cluster in a ClusterSet.
+type ACNPImport struct {
+	metav1.TypeMeta `json:",inline"`
+	// +optional
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+	// +optional
+	Status ACNPImportStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// ACNPImportList contains a list of ACNPImport.
+type ACNPImportList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []ACNPImport `json:"items"`
+}
+
+type ACNPImportStatus struct {
+	// +optional
+	// +patchStrategy=merge
+	// +patchMergeKey=type
+	// +listType=map
+	// +listMapKey=type
+	Conditions []ACNPImportCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
+}
+
+type ACNPImportConditionType string
+
+const (
+	ACNPImportRealizable ACNPImportConditionType = "Realizable"
+)
+
+type ACNPImportCondition struct {
+	Type ACNPImportConditionType `json:"type"`
+	// Status is one of {"True", "False", "Unknown"}
+	// +kubebuilder:validation:Enum=True;False;Unknown
+	Status v1.ConditionStatus `json:"status"`
+	// +optional
+	LastTransitionTime *metav1.Time `json:"lastTransitionTime,omitempty"`
+	// +optional
+	Reason *string `json:"reason,omitempty"`
+	// +optional
+	Message *string `json:"message,omitempty"`
+}
+
+func init() {
+	SchemeBuilder.Register(&ACNPImport{}, &ACNPImportList{})
+}

multicluster/apis/multicluster/v1alpha1/resourceexport_types.go

@@ -20,6 +20,7 @@ import (
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
+	"antrea.io/antrea/pkg/apis/crd/v1alpha1"
 	"antrea.io/antrea/pkg/apis/crd/v1alpha2"
 )
 
@@ -63,6 +64,8 @@ type ResourceExportSpec struct {
 	Endpoints *EndpointsExport `json:"endpoints,omitempty"`
 	// If exported resource is ExternalEntity.
 	ExternalEntity *ExternalEntityExport `json:"externalentity,omitempty"`
+	// If exported resource is AntreaClusterNetworkPolicy.
+	ClusterNetworkPolicy *v1alpha1.ClusterNetworkPolicySpec `json:"clusternetworkpolicy,omitempty"`
 	// If exported resource Kind is unknown.
 	Raw RawResourceExport `json:"raw,omitempty"`
 }

multicluster/apis/multicluster/v1alpha1/resourceexport_webhook.go

@@ -21,6 +21,8 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
+
+	"antrea.io/antrea/multicluster/controllers/multicluster/common"
 )
 
 // log is for logging in this package.
@@ -39,6 +41,26 @@ var _ webhook.Defaulter = &ResourceExport{}
 // Default implements webhook.Defaulter so a webhook will be registered for the type
 func (r *ResourceExport) Default() {
 	resourceexportlog.Info("default", "name", r.Name)
+	if r.Spec.ClusterNetworkPolicy == nil {
+		// Only mutate ResourceExport created for ClusterNetworkPolicy resources
+		return
+	}
+	if len(r.Labels) == 0 {
+		r.Labels = map[string]string{}
+	}
+	if nameLabelVal, exists := r.Labels[common.SourceName]; !exists || nameLabelVal != r.Spec.Name {
+		r.Labels[common.SourceName] = r.Spec.Name
+	}
+	if namespaceLabelVal, exists := r.Labels[common.SourceNamespace]; !exists || namespaceLabelVal != "" {
+		r.Labels[common.SourceNamespace] = ""
+	}
+	// TODO: put sourceClusterID for leader cluster?
+	if kindLabelVal, exists := r.Labels[common.SourceKind]; !exists || kindLabelVal != common.AntreaClusterNetworkPolicyKind {
+		r.Labels[common.SourceKind] = common.AntreaClusterNetworkPolicyKind
+	}
+	if r.DeletionTimestamp.IsZero() && !common.StringExistsInSlice(r.Finalizers, common.ResourceExportFinalizer) {
+		r.Finalizers = []string{common.ResourceExportFinalizer}
+	}
 }
 
 //+kubebuilder:webhook:path=/validate-multicluster-crd-antrea-io-v1alpha1-resourceexport,mutating=false,failurePolicy=fail,sideEffects=None,groups=multicluster.crd.antrea.io,resources=resourceexports,verbs=create;update,versions=v1alpha1,name=vresourceexport.kb.io,admissionReviewVersions={v1,v1beta1}