Refactor antctl framework

- The antctl running against controller is consuming API server instead
  antctl server.
- Updated yaml file to add essential RBAC to access corresponding APIs.
- Add `get network-policy`, `get address-group` and `get
  applied-to-group` commands.

Signed-off-by: Weiqiang TANG <weiqiangt@vmware.com>

build/yamls/antrea-ipsec.yml

@@ -69,11 +69,23 @@ metadata:
     app: antrea
   name: antctl
 rules:
-- nonResourceURLs:
-  - /apis/system.antrea.tanzu.vmware.com
-  - /apis/system.antrea.tanzu.vmware.com/*
+- apiGroups:
+  - clusterinformation.antrea.tanzu.vmware.com
+  resourceNames:
+  - antrea-controller
+  resources:
+  - antreacontrollerinfos
   verbs:
   - get
+- apiGroups:
+  - networking.antrea.tanzu.vmware.com
+  resources:
+  - networkpolicies
+  - appliedtogroups
+  - addressgroups
+  verbs:
+  - get
+  - list
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -379,9 +391,9 @@ kind: APIService
 metadata:
   labels:
     app: antrea
-  name: v1beta1.system.antrea.tanzu.vmware.com
+  name: v1beta1.networking.antrea.tanzu.vmware.com
 spec:
-  group: system.antrea.tanzu.vmware.com
+  group: networking.antrea.tanzu.vmware.com
   groupPriorityMinimum: 100
   insecureSkipTLSVerify: true
   service:

build/yamls/antrea.yml

@@ -69,11 +69,23 @@ metadata:
     app: antrea
   name: antctl
 rules:
-- nonResourceURLs:
-  - /apis/system.antrea.tanzu.vmware.com
-  - /apis/system.antrea.tanzu.vmware.com/*
+- apiGroups:
+  - clusterinformation.antrea.tanzu.vmware.com
+  resourceNames:
+  - antrea-controller
+  resources:
+  - antreacontrollerinfos
   verbs:
   - get
+- apiGroups:
+  - networking.antrea.tanzu.vmware.com
+  resources:
+  - networkpolicies
+  - appliedtogroups
+  - addressgroups
+  verbs:
+  - get
+  - list
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -370,9 +382,9 @@ kind: APIService
 metadata:
   labels:
     app: antrea
-  name: v1beta1.system.antrea.tanzu.vmware.com
+  name: v1beta1.networking.antrea.tanzu.vmware.com
 spec:
-  group: system.antrea.tanzu.vmware.com
+  group: networking.antrea.tanzu.vmware.com
   groupPriorityMinimum: 100
   insecureSkipTLSVerify: true
   service:

build/yamls/base/antctl.yml

@@ -10,11 +10,23 @@ apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: antctl
 rules:
-  - nonResourceURLs:
-      - /apis/system.antrea.tanzu.vmware.com
-      - /apis/system.antrea.tanzu.vmware.com/*
+  - apiGroups:
+      - clusterinformation.antrea.tanzu.vmware.com
+    resources:
+      - antreacontrollerinfos
+    resourceNames:
+      - antrea-controller
     verbs:
       - get
+  - apiGroups:
+      - networking.antrea.tanzu.vmware.com
+    resources:
+      - networkpolicies
+      - appliedtogroups
+      - addressgroups
+    verbs:
+      - get
+      - list
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding

build/yamls/base/controller.yml

@@ -14,10 +14,10 @@ spec:
 apiVersion: apiregistration.k8s.io/v1
 kind: APIService
 metadata:
-  name: v1beta1.system.antrea.tanzu.vmware.com
+  name: v1beta1.networking.antrea.tanzu.vmware.com
 spec:
   insecureSkipTLSVerify: true
-  group: system.antrea.tanzu.vmware.com
+  group: networking.antrea.tanzu.vmware.com
   groupPriorityMinimum: 100
   version: v1beta1
   versionPriority: 100

cmd/antctl/main.go

@@ -18,7 +18,6 @@ import (
 	"flag"
 	"os"
 	"path"
-	"strings"
 
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
@@ -27,12 +26,7 @@ import (
 	"github.com/vmware-tanzu/antrea/pkg/antctl"
 )
 
-var (
-	commandName = path.Base(os.Args[0])
-	// TODO: May not work for antrea on windows
-	inPod   = len(os.Getenv("POD_NAME")) != 0
-	isAgent = strings.HasPrefix(os.Getenv("POD_NAME"), "antrea-agent")
-)
+var commandName = path.Base(os.Args[0])
 
 var rootCmd = &cobra.Command{
 	Use:   commandName,
@@ -51,7 +45,7 @@ func main() {
 	logs.InitLogs()
 	defer logs.FlushLogs()
 
-	antctl.CommandList.ApplyToRootCommand(rootCmd, isAgent, inPod)
+	antctl.CommandList.ApplyToRootCommand(rootCmd)
 	err := rootCmd.Execute()
 	if err != nil {
 		logs.FlushLogs()

cmd/antrea-agent/agent.go

@@ -90,7 +90,7 @@ func run(o *Options) error {
 	}
 	nodeConfig := agentInitializer.GetNodeConfig()
 
-	antctlServer, err := antctl.NewLocalServer()
+	antctlServer, err := antctl.NewAgentServer()
 	if err != nil {
 		return fmt.Errorf("error when creating local antctl server: %w", err)
 	}
@@ -144,7 +144,7 @@ func run(o *Options) error {
 
 	go agentMonitor.Run(stopCh)
 
-	antctlServer.Start(agentMonitor, nil, stopCh)
+	antctlServer.Start(agentMonitor, stopCh)
 
 	<-stopCh
 	klog.Info("Stopping Antrea agent")

cmd/antrea-controller/controller.go

@@ -24,7 +24,6 @@ import (
 	"k8s.io/client-go/informers"
 	"k8s.io/klog"
 
-	"github.com/vmware-tanzu/antrea/pkg/antctl"
 	"github.com/vmware-tanzu/antrea/pkg/apiserver"
 	"github.com/vmware-tanzu/antrea/pkg/apiserver/storage"
 	"github.com/vmware-tanzu/antrea/pkg/controller/networkpolicy"
@@ -78,11 +77,6 @@ func run(o *Options) error {
 		return fmt.Errorf("error creating API server: %v", err)
 	}
 
-	antctlServer, err := antctl.NewLocalServer()
-	if err != nil {
-		return fmt.Errorf("error when creating local antctl server: %w", err)
-	}
-
 	// set up signal capture: the first SIGTERM / SIGINT signal is handled gracefully and will
 	// cause the stopCh channel to be closed; if another signal is received before the program
 	// exits, we will force exit.
@@ -95,13 +89,7 @@ func run(o *Options) error {
 
 	go networkPolicyController.Run(stopCh)
 
-	preparedAPIServer := apiServer.GenericAPIServer.PrepareRun()
-	// Set up the antctl handlers on the controller API server for remote access.
-	antctl.CommandList.InstallToAPIServer(preparedAPIServer.GenericAPIServer, controllerMonitor)
-	go preparedAPIServer.Run(stopCh)
-
-	// Set up the antctl server for in-pod access.
-	antctlServer.Start(nil, controllerMonitor, stopCh)
+	go apiServer.GenericAPIServer.PrepareRun().Run(stopCh)
 
 	<-stopCh
 	klog.Info("Stopping Antrea controller")

go.mod

@@ -18,12 +18,10 @@ require (
 	github.com/gogo/protobuf v1.2.1
 	github.com/golang/mock v1.3.1
 	github.com/golang/protobuf v1.3.2
-	github.com/google/gofuzz v1.0.0 // indirect
 	github.com/google/uuid v1.1.1
 	github.com/googleapis/gnostic v0.3.1 // indirect
 	github.com/imdario/mergo v0.3.7 // indirect
 	github.com/j-keck/arping v1.0.0
-	github.com/json-iterator/go v1.1.6 // indirect
 	github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd
 	github.com/satori/go.uuid v1.2.0
 	github.com/spf13/cobra v0.0.5

go.sum

@@ -152,9 +152,8 @@ github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf h1:+RRA9JqSOZFfKrOeqr2z77+8R2RKyh8PG66dcu1V0ck=
 github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI=
-github.com/google/gofuzz v1.0.0 h1:A8PeW59pxE9IoFRqBp37U+mSNaQoZ46F1f0f863XSXw=
-github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
@@ -208,9 +207,8 @@ github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJS
 github.com/jonboulle/clockwork v0.0.0-20141017032234-72f9bd7c4e0c h1:XpRROA6ssPlTwJI8/pH+61uieOkcJhmAFz25cu0B94Y=
 github.com/jonboulle/clockwork v0.0.0-20141017032234-72f9bd7c4e0c/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
 github.com/json-iterator/go v0.0.0-20180701071628-ab8a2e0c74be/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
+github.com/json-iterator/go v1.1.5 h1:gL2yXlmiIo4+t+y32d4WGwOjKGYcGOuyrg46vadswDE=
 github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/json-iterator/go v1.1.6 h1:MrUvLMLTMxbqFJ9kzlvat/rYZqZnW3u4wkLzWTaFwKs=
-github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/juju/errors v0.0.0-20180806074554-22422dad46e1/go.mod h1:W54LbzXuIE0boCoNJfwqpmkKJ1O4TCTZMetAt6jGk7Q=
 github.com/juju/loggo v0.0.0-20190526231331-6e530bcce5d8/go.mod h1:vgyd7OREkbtVEN/8IXZe5Ooef3LQePvuBm9UWj6ZL8U=
 github.com/juju/testing v0.0.0-20190613124551-e81189438503/go.mod h1:63prj8cnj0tU0S9OHjGJn+b1h0ZghCndfnbQolrYTwA=

pkg/antctl/antctl.go

@@ -15,66 +15,93 @@
 package antctl
 
 import (
-	"encoding/json"
-	"io"
-	"io/ioutil"
 	"reflect"
 
 	"k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/klog"
 
 	"github.com/vmware-tanzu/antrea/pkg/antctl/handlers"
+	"github.com/vmware-tanzu/antrea/pkg/antctl/transform/addressgroup"
+	"github.com/vmware-tanzu/antrea/pkg/antctl/transform/appliedtogroup"
+	"github.com/vmware-tanzu/antrea/pkg/antctl/transform/networkpolicy"
+	"github.com/vmware-tanzu/antrea/pkg/antctl/transform/version"
+	clusterinfov1beta1 "github.com/vmware-tanzu/antrea/pkg/apis/clusterinformation/v1beta1"
+	networkingv1beta1 "github.com/vmware-tanzu/antrea/pkg/apis/networking/v1beta1"
 	"github.com/vmware-tanzu/antrea/pkg/client/clientset/versioned/scheme"
-	"github.com/vmware-tanzu/antrea/pkg/version"
 )
 
-// unixDomainSockAddr is the address for antctl server in local mode.
+// unixDomainSockAddr is the address for antctl server running alongside with antrea-agent.
 const unixDomainSockAddr = "/var/run/antctl.sock"
 
-var systemGroup = schema.GroupVersion{Group: "system.antrea.tanzu.vmware.com", Version: "v1beta1"}
-
-type transformedVersionResponse struct {
-	handlers.ComponentVersionResponse `json:",inline" yaml:",inline"`
-	AntctlVersion                     string `json:"antctlVersion" yaml:"antctlVersion"`
-}
-
-// versionTransform is the AddonTransform for the version command. This function
-// will try to parse the response as a ComponentVersionResponse and then populate
-// it with the version of antctl to a transformedVersionResponse object.
-func versionTransform(reader io.Reader, _ bool) (interface{}, error) {
-	b, err := ioutil.ReadAll(reader)
-	if err != nil {
-		return nil, err
-	}
-	klog.Infof("version transform received: %s", string(b))
-	cv := new(handlers.ComponentVersionResponse)
-	err = json.Unmarshal(b, cv)
-	if err != nil {
-		return nil, err
-	}
-	resp := &transformedVersionResponse{
-		ComponentVersionResponse: *cv,
-		AntctlVersion:            version.GetFullVersion(),
-	}
-	return resp, nil
-}
-
-// CommandList defines all commands that could be used in the antctl for both agent
+// CommandList defines all commands that could be used in the antctl for both agents
 // and controller. The unit test "TestCommandListValidation" ensures it to be valid.
 var CommandList = &commandList{
 	definitions: []commandDefinition{
 		{
-			Use:                 "version",
-			Short:               "Print version information",
-			Long:                "Print version information of the antctl and the ${component}",
-			HandlerFactory:      new(handlers.Version),
-			GroupVersion:        &systemGroup,
-			TransformedResponse: reflect.TypeOf(transformedVersionResponse{}),
-			Agent:               true,
-			Controller:          true,
-			SingleObject:        true,
-			CommandGroup:        flat,
-			AddonTransform:      versionTransform,
+			use:          "version",
+			short:        "Print version information",
+			long:         "Print version information of the antctl and the ${component}",
+			singleObject: true,
+			commandGroup: flat,
+			controllerEndpoint: &controllerEndpoint{
+				resourceName: "antrea-controller",
+				groupVersionResource: &schema.GroupVersionResource{
+					Group:    clusterinfov1beta1.SchemeGroupVersion.Group,
+					Version:  clusterinfov1beta1.SchemeGroupVersion.Version,
+					Resource: "antreacontrollerinfos",
+				},
+				addonTransform: version.ControllerTransform,
+			},
+			agentEndpoint: &agentEndpoint{
+				HandlerFactory: new(handlers.Version),
+				addonTransform: version.AgentTransform,
+			},
+			transformedResponse: reflect.TypeOf(version.Response{}),
+		},
+		{
+			use:          "network-policy",
+			short:        "Print network policies",
+			long:         "Print network policies in antrea controller",
+			commandGroup: get,
+			controllerEndpoint: &controllerEndpoint{
+				groupVersionResource: &schema.GroupVersionResource{
+					Group:    networkingv1beta1.SchemeGroupVersion.Group,
+					Version:  networkingv1beta1.SchemeGroupVersion.Version,
+					Resource: "networkpolicies",
+				},
+				namespaced:     true,
+				addonTransform: networkpolicy.Transform,
+			},
+			transformedResponse: reflect.TypeOf(networkpolicy.Response{}),
+		},
+		{
+			use:          "applied-to-group",
+			short:        "Print applied-to-groups",
+			long:         "Print applied-to-groups in antrea controller",
+			commandGroup: get,
+			controllerEndpoint: &controllerEndpoint{
+				groupVersionResource: &schema.GroupVersionResource{
+					Group:    networkingv1beta1.SchemeGroupVersion.Group,
+					Version:  networkingv1beta1.SchemeGroupVersion.Version,
+					Resource: "appliedtogroups",
+				},
+				addonTransform: appliedtogroup.Transform,
+			},
+			transformedResponse: reflect.TypeOf(appliedtogroup.Response{}),
+		},
+		{
+			use:          "address-group",
+			short:        "Print address groups",
+			long:         "Print address groups in antrea controller",
+			commandGroup: get,
+			controllerEndpoint: &controllerEndpoint{
+				groupVersionResource: &schema.GroupVersionResource{
+					Group:    networkingv1beta1.SchemeGroupVersion.Group,
+					Version:  networkingv1beta1.SchemeGroupVersion.Version,
+					Resource: "addressgroups",
+				},
+				addonTransform: addressgroup.Transform,
+			},
+			transformedResponse: reflect.TypeOf(addressgroup.Response{}),
 		},
 	},
 	codec: scheme.Codecs,