Add NetworkPolicyRecommendation Controller implementations

Signed-off-by: Yanjun Zhou <zhouya@vmware.com>
antrea-io · Oct 10, 2022 · c255d55 · c255d55
1 parent 470e08e
commit c255d55
Show file tree

Hide file tree

Showing 24 changed files with 2,315 additions and 35 deletions.
diff --git a/Makefile b/Makefile
@@ -116,6 +116,11 @@ clean:
 	@rm -rf $(DOCKER_CACHE)
 	@rm -rf .golangci-bin
 
+.PHONY: codegen
+codegen:
+	@echo "===> Updating generated code <==="
+	$(CURDIR)/hack/update-codegen.sh
+
 .PHONY: manifest
 manifest:
 	@echo "===> Generating dev manifest for Theia <==="

diff --git a/build/charts/theia/README.md b/build/charts/theia/README.md
@@ -71,7 +71,7 @@ Kubernetes: `>= 1.16.0-0`
 | theiaManager.apiServer.tlsMinVersion | string | `""` | TLS min version from: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13. |
 | theiaManager.enable | bool | `false` | Determine whether to install Theia Manager. |
 | theiaManager.image | object | `{"pullPolicy":"IfNotPresent","repository":"projects.registry.vmware.com/antrea/theia-manager","tag":""}` | Container image used by Theia Manager. |
-| theiaManager.logVerbosity | int | `0` |  |
+| theiaManager.logVerbosity | int | `0` | Log verbosity switch for Theia Manager. |
 
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.7.0](https://github.com/norwoodj/helm-docs/releases/v1.7.0)
diff --git a/build/charts/theia/crds/network-policy-recommendation-crd.yaml b/build/charts/theia/crds/network-policy-recommendation-crd.yaml
@@ -20,17 +20,23 @@ spec:
               type: object
               required:
                 - jobType
+                - policyType
+                - executorInstances
+                - driverCoreRequest
+                - driverMemory
+                - executorCoreRequest
+                - executorMemory
               properties:
                 jobType:
                   type: string
                 limit:
                   type: integer
                 policyType:
                   type: string
-                startTime:
+                startInterval:
                   type: string
                   format: datetime
-                endTime:
+                endInterval:
                   type: string
                   format: datetime
                 nsAllowList:
@@ -56,6 +62,33 @@ spec:
               properties:
                 state:
                   type: string
+                sparkApplication:
+                  type: string
+                completedStages:
+                  type: integer
+                totalStages:
+                  type: integer
+                startTime:
+                  type: string
+                  format: datetime
+                endTime:
+                  type: string
+                  format: datetime
+                recommendedNetworkPolicy:
+                  type: object
+                  properties:
+                    spec: 
+                      type: object
+                      properties:
+                        id:
+                          type: string
+                        resultType:
+                          type: string
+                        timeCreated:
+                          type: string
+                          format: datetime
+                        yamls:
+                          type: string
       additionalPrinterColumns:
         - description: Current state of the job
           jsonPath: .status.state
@@ -70,3 +103,48 @@ spec:
     kind: NetworkPolicyRecommendation
     shortNames:
       - npr
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: recommendednetworkpolicies.crd.theia.antrea.io
+  labels:
+    app: theia
+spec:
+  group: crd.theia.antrea.io
+  versions:
+    - name: v1alpha1
+      served: true
+      storage: true
+      schema:
+        openAPIV3Schema:
+          type: object
+          required:
+            - spec
+          properties:
+            spec:
+              type: object
+              required:
+                - id
+                - timeCreated
+                - resultType
+                - yamls
+              properties:
+                id:
+                  type: string
+                timeCreated:
+                  type: string
+                  format: datetime
+                resultType:
+                  type: string
+                yamls:
+                  type: string
+      subresources:
+        status: {}
+  scope: Namespaced
+  names:
+    plural: recommendednetworkpolicies
+    singular: recommendednetworkpolicy
+    kind: RecommendedNetworkPolicy
+    shortNames:
+      - rnp
diff --git a/build/charts/theia/templates/theia-manager/clusterrole.yaml b/build/charts/theia/templates/theia-manager/clusterrole.yaml
@@ -44,6 +44,18 @@ rules:
     resources: ["configmaps"]
     verbs: ["get", "list", "watch"]
   - apiGroups: ["crd.theia.antrea.io"]
-    resources: ["networkpolicyrecommendations"]
-    verbs: ["get", "list", "watch"]
+    resources: ["networkpolicyrecommendations", "recommendednetworkpolicies"]
+    verbs: ["get", "list", "watch", "create", "delete"]
+  - apiGroups: ["crd.theia.antrea.io"]
+    resources: ["networkpolicyrecommendations/status"]
+    verbs: ["update"]
+  - apiGroups: [ "" ]
+    resources: [ "pods" ]
+    verbs: ["list"]
+  - apiGroups: [ "" ]
+    resources: [ "services", "secrets" ]
+    verbs: ["get"]
+  - apiGroups: ["sparkoperator.k8s.io"]
+    resources: ["sparkapplications"]
+    verbs: ["create", "delete", "get", "list"]
 {{- end }}
diff --git a/build/charts/theia/values.yaml b/build/charts/theia/values.yaml
@@ -233,5 +233,5 @@ theiaManager:
     tlsCipherSuites: ""
     # -- TLS min version from: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
     tlsMinVersion: ""
-  ## -- Log verbosity switch for Theia Manager.
+  # -- Log verbosity switch for Theia Manager.
   logVerbosity: 0
diff --git a/cmd/theia-manager/theia-manager.go b/cmd/theia-manager/theia-manager.go
@@ -27,6 +27,7 @@ import (
 	"antrea.io/antrea/pkg/util/cipher"
 	genericapiserver "k8s.io/apiserver/pkg/server"
 	genericoptions "k8s.io/apiserver/pkg/server/options"
+	"k8s.io/client-go/kubernetes"
 	clientset "k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
 	"k8s.io/klog/v2"
@@ -111,25 +112,26 @@ func run(o *Options) error {
 	if err != nil {
 		return fmt.Errorf("error when generating KubeConfig: %v", err)
 	}
-	client, err := clientset.NewForConfig(kubeConfig)
+	kubeClient, err := kubernetes.NewForConfig(kubeConfig)
 	if err != nil {
-		return fmt.Errorf("error when generating k8s client: %v", err)
+		return fmt.Errorf("error when generating kubernetes client: %v", err)
 	}
 	crdClient, err := crdclientset.NewForConfig(kubeConfig)
 	if err != nil {
 		return fmt.Errorf("error when generating CRD client: %v", err)
 	}
 	crdInformerFactory := crdinformers.NewSharedInformerFactory(crdClient, informerDefaultResync)
 	npRecommendationInformer := crdInformerFactory.Crd().V1alpha1().NetworkPolicyRecommendations()
-	npRecoController := networkpolicyrecommendation.NewNPRecommendationController(crdClient, npRecommendationInformer)
+	recommendedNPInformer := crdInformerFactory.Crd().V1alpha1().RecommendedNetworkPolicies()
+	npRecoController := networkpolicyrecommendation.NewNPRecommendationController(crdClient, kubeClient, npRecommendationInformer, recommendedNPInformer)
 
 	cipherSuites, err := cipher.GenerateCipherSuitesList(o.config.APIServer.TLSCipherSuites)
 	if err != nil {
 		return fmt.Errorf("error when generating Cipher Suite list: %v", err)
 	}
 
 	apiServerConfig, err := createAPIServerConfig(
-		client,
+		kubeClient,
 		*o.config.APIServer.SelfSignedCert,
 		o.config.APIServer.APIPort,
 		cipherSuites,

diff --git a/pkg/apis/crd/v1alpha1/register.go b/pkg/apis/crd/v1alpha1/register.go
@@ -52,6 +52,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 		SchemeGroupVersion,
 		&NetworkPolicyRecommendation{},
 		&NetworkPolicyRecommendationList{},
+		&RecommendedNetworkPolicy{},
+		&RecommendedNetworkPolicyList{},
 	)
 
 	metav1.AddToGroupVersion(

diff --git a/pkg/apis/crd/v1alpha1/types.go b/pkg/apis/crd/v1alpha1/types.go
@@ -23,6 +23,14 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
+const (
+	NPRecommendationStateNew       string = "NEW"
+	NPRecommendationStateScheduled string = "SCHEDULED"
+	NPRecommendationStateRunning   string = "RUNNING"
+	NPRecommendationStateCompleted string = "COMPLETED"
+	NPRecommendationStateFailed    string = "FAILED"
+)
+
 // +genclient
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
@@ -35,11 +43,11 @@ type NetworkPolicyRecommendation struct {
 }
 
 type NetworkPolicyRecommendationSpec struct {
-	Type                string      `json:"type,omitempty"`
+	JobType             string      `json:"jobType,omitempty"`
 	Limit               int         `json:"limit,omitempty"`
 	PolicyType          string      `json:"policyType,omitempty"`
-	StartTime           metav1.Time `json:"startTime,omitempty"`
-	EndTime             metav1.Time `json:"endTime,omitempty"`
+	StartInterval       metav1.Time `json:"startInterval,omitempty"`
+	EndInterval         metav1.Time `json:"endInterval,omitempty"`
 	NSAllowList         []string    `json:"nsAllowList,omitempty"`
 	ExcludeLabels       bool        `json:"excludeLabels,omitempty"`
 	ToServices          bool        `json:"toServices,omitempty"`
@@ -51,7 +59,14 @@ type NetworkPolicyRecommendationSpec struct {
 }
 
 type NetworkPolicyRecommendationStatus struct {
-	State string `json:"state,omitempty"`
+	State            string                    `json:"state,omitempty"`
+	SparkApplication string                    `json:"sparkApplication,omitempty"`
+	CompletedStages  int                       `json:"completedStages,omitempty"`
+	TotalStages      int                       `json:"totalStages,omitempty"`
+	RecommendedNP    *RecommendedNetworkPolicy `json:"recommendedNetworkPolicy,omitempty"`
+	ErrorMsg         string                    `json:"errorMsg,omitempty"`
+	StartTime        metav1.Time               `json:"startTime,omitempty"`
+	EndTime          metav1.Time               `json:"endTime,omitempty"`
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
@@ -61,3 +76,28 @@ type NetworkPolicyRecommendationList struct {
 	metav1.ListMeta `json:"metadata,omitempty"`
 	Items           []NetworkPolicyRecommendation `json:"items"`
 }
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+type RecommendedNetworkPolicy struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec RecommendedNetworkPolicySpec `json:"spec,omitempty"`
+}
+
+type RecommendedNetworkPolicySpec struct {
+	Id          string      `json:"id,omitempty"`
+	Type        string      `json:"resultType,omitempty"`
+	TimeCreated metav1.Time `json:"timeCreated,omitempty"`
+	Yamls       string      `json:"yamls,omitempty"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+type RecommendedNetworkPolicyList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []RecommendedNetworkPolicy `json:"items"`
+}
diff --git a/pkg/apis/crd/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/crd/v1alpha1/zz_generated.deepcopy.go