diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a0209de95..dbd831edb 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -11,4 +11,4 @@ jobs: steps: - uses: actions/checkout@v2 - name: Build antrea-operator Docker image - run: make + run: make docker-build diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index d45f2fc7f..cf0181400 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -18,7 +18,5 @@ jobs: uses: actions/checkout@v2 - name: Build antrea-operator binary run: make bin - - name: Run unit tests - run: make test-unit - - name: Run golangci-lint - run: make golangci + - name: Run tests + run: make test diff --git a/.gitignore b/.gitignore index f7572f57b..a5f486b3f 100644 --- a/.gitignore +++ b/.gitignore @@ -62,6 +62,10 @@ build/_output/bin *.test # Output of the go coverage tool, specifically when used with LiteIDE *.out +# Code coverage report +cover.out +# Test bin directory +testbin ### Vim ### # swap .sw[a-p] diff --git a/Makefile b/Makefile index 3397b111c..912e53a39 100644 --- a/Makefile +++ b/Makefile @@ -1,31 +1,42 @@ -# go options -GO ?= go -LDFLAGS := -GOFLAGS := -BINDIR ?= $(CURDIR)/build/_output/bin -GO_FILES := $(shell find . -type d -name '.cache' -prune -o -type f -name '*.go' -print) -GOPATH ?= $$($(GO) env GOPATH) +SHELL := /bin/bash +# Current Operator version +VERSION ?= latest +# Default bundle image tag +BUNDLE_IMG ?= antrea-operator-bundle:$(VERSION) +# Options for 'bundle-build' +ifneq ($(origin CHANNELS), undefined) +BUNDLE_CHANNELS := --channels=$(CHANNELS) +endif +ifneq ($(origin DEFAULT_CHANNEL), undefined) +BUNDLE_DEFAULT_CHANNEL := --default-channel=$(DEFAULT_CHANNEL) +endif +BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL) -.PHONY: all -all: build +# Image URL to use all building/pushing image targets +IMG ?= antrea-operator:latest +# Produce CRDs that work back to Kubernetes 1.11 (no version conversion) +CRD_OPTIONS ?= "crd:trivialVersions=true" -LDFLAGS += $(VERSION_LDFLAGS) -OPERATOR_NAME = antrea-operator +# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) +ifeq (,$(shell go env GOBIN)) +GOBIN=$(shell go env GOPATH)/bin +else +GOBIN=$(shell go env GOBIN) +endif -.PHONY: build -build: - @echo "===> Building antrea-operator Docker image <===" - docker build -f build/Dockerfile . -t $(OPERATOR_NAME) +# Options for "packagemanifests". +ifneq ($(origin FROM_VERSION), undefined) +PKG_FROM_VERSION := --from-version=$(FROM_VERSION) +endif +ifneq ($(origin CHANNEL), undefined) +PKG_CHANNELS := --channel=$(CHANNEL) +endif +ifeq ($(IS_CHANNEL_DEFAULT), 1) +PKG_IS_DEFAULT_CHANNEL := --default-channel +endif +PKG_MAN_OPTS ?= $(FROM_VERSION) $(PKG_CHANNELS) $(PKG_IS_DEFAULT_CHANNEL) -.PHONY: bin -bin: - @echo "===> Building antrea-operator binary <===" - GOOS=linux $(GO) build -o $(BINDIR)/$(OPERATOR_NAME) $(GOFLAGS) -ldflags '$(LDFLAGS)' ./cmd/manager - -.PHONY: test-unit -test-unit: - @echo "===> Running unit tests <===" - GOOS=linux $(GO) test -race -cover github.com/vmware/antrea-operator-for-kubernetes/pkg... +all: manager .golangci-bin: @echo "===> Installing Golangci-lint <===" @@ -35,6 +46,101 @@ test-unit: golangci: .golangci-bin @GOOS=linux CGO_ENABLED=1 .golangci-bin/golangci-lint run -c .golangci.yml -.PHONY: clean -clean: - rm -f $(BINDIR)/$(OPERATOR_NAME) +# Run tests +ENVTEST_ASSETS_DIR = $(shell pwd)/testbin +test: generate golangci manifests + mkdir -p $(ENVTEST_ASSETS_DIR) + test -f $(ENVTEST_ASSETS_DIR)/setup-envtest.sh || curl -sSLo $(ENVTEST_ASSETS_DIR)/setup-envtest.sh https://raw.githubusercontent.com/kubernetes-sigs/controller-runtime/v0.6.3/hack/setup-envtest.sh + source $(ENVTEST_ASSETS_DIR)/setup-envtest.sh; fetch_envtest_tools $(ENVTEST_ASSETS_DIR); setup_envtest_env $(ENVTEST_ASSETS_DIR); go test ./... -coverprofile cover.out + +# Build manager binary +manager: generate golangci + @echo "===> Building antrea-operator binary <===" + go build -o bin/manager main.go + +# Run against the configured Kubernetes cluster in ~/.kube/config +run: generate golangci manifests + go run ./main.go + +# Install CRDs into a cluster +install: manifests kustomize + $(KUSTOMIZE) build config/crd | kubectl apply -f - + +# Uninstall CRDs from a cluster +uninstall: manifests kustomize + $(KUSTOMIZE) build config/crd | kubectl delete -f - + +# Deploy controller in the configured Kubernetes cluster in ~/.kube/config +deploy: manifests kustomize + cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} + $(KUSTOMIZE) build config/default | kubectl apply -f - + +# Generate manifests e.g. CRD, RBAC etc. +manifests: controller-gen + $(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=antrea-operator webhook paths="./..." output:crd:artifacts:config=config/crd/bases + +# Generate code +generate: controller-gen + $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." + +# Build the docker image +docker-build: test + docker build -f build/Dockerfile . -t ${IMG} + +# Push the docker image +docker-push: + docker push ${IMG} + +# find or download controller-gen +# download controller-gen if necessary +controller-gen: +ifeq (, $(shell which controller-gen)) + @{ \ + set -e ;\ + CONTROLLER_GEN_TMP_DIR=$$(mktemp -d) ;\ + cd $$CONTROLLER_GEN_TMP_DIR ;\ + go mod init tmp ;\ + go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.3.0 ;\ + rm -rf $$CONTROLLER_GEN_TMP_DIR ;\ + } +CONTROLLER_GEN=$(GOBIN)/controller-gen +else +CONTROLLER_GEN=$(shell which controller-gen) +endif + +kustomize: +ifeq (, $(shell which kustomize)) + @{ \ + set -e ;\ + KUSTOMIZE_GEN_TMP_DIR=$$(mktemp -d) ;\ + cd $$KUSTOMIZE_GEN_TMP_DIR ;\ + go mod init tmp ;\ + go get sigs.k8s.io/kustomize/kustomize/v3@v3.5.4 ;\ + rm -rf $$KUSTOMIZE_GEN_TMP_DIR ;\ + } +KUSTOMIZE=$(GOBIN)/kustomize +else +KUSTOMIZE=$(shell which kustomize) +endif + +# Generate bundle manifests and metadata, then validate generated files. +.PHONY: bundle +bundle: manifests kustomize + operator-sdk generate kustomize manifests -q + cd config/manager && $(KUSTOMIZE) edit set image antrea-operator=$(IMG) + $(KUSTOMIZE) build config/manifests | operator-sdk generate bundle -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS) + operator-sdk bundle validate ./bundle + +# Build the bundle image. +.PHONY: bundle-build +bundle-build: + docker build -f bundle.Dockerfile -t $(BUNDLE_IMG) . + +# Generate package manifests. +packagemanifests: kustomize manifests + operator-sdk generate kustomize manifests -q + cd config/manager && $(KUSTOMIZE) edit set image antrea-operator=$(IMG) + $(KUSTOMIZE) build config/manifests | operator-sdk generate packagemanifests -q --version $(VERSION) $(PKG_MAN_OPTS) + +.PHONY: bin +bin: manager diff --git a/PROJECT b/PROJECT new file mode 100644 index 000000000..917fdd327 --- /dev/null +++ b/PROJECT @@ -0,0 +1,11 @@ +domain: vmware.com +layout: go.kubebuilder.io/v2 +projectName: antrea-operator-for-kubernetes +repo: github.com/vmware/antrea-operator-for-kubernetes +resources: +- group: operator.antrea + kind: AntreaInstall + version: v1 +version: 3-alpha +plugins: + go.sdk.operatorframework.io/v2-alpha: {} diff --git a/manifest/antrea.yml b/antrea-manifest/antrea.yml similarity index 100% rename from manifest/antrea.yml rename to antrea-manifest/antrea.yml diff --git a/pkg/apis/operator/v1/antreainstall_types.go b/api/v1/antreainstall_types.go similarity index 66% rename from pkg/apis/operator/v1/antreainstall_types.go rename to api/v1/antreainstall_types.go index cc46d8745..0236b3915 100644 --- a/pkg/apis/operator/v1/antreainstall_types.go +++ b/api/v1/antreainstall_types.go @@ -8,25 +8,31 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) +// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! +// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. + // AntreaInstallSpec defines the desired state of AntreaInstall type AntreaInstallSpec struct { // INSERT ADDITIONAL SPEC FIELDS - desired state of cluster - // Important: Run "operator-sdk generate k8s" to regenerate code after modifying this file - // Add custom validation using kubebuilder tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html + // Important: Run "make" to regenerate code after modifying this file // AntreaAgentConfig holds the configurations for antrea-agent. + // +operator-sdk:csv:customresourcedefinitions:type=spec // +required AntreaAgentConfig string `json:"antreaAgentConfig"` // AntreaCNIConfig holds the configuration of CNI. + // +operator-sdk:csv:customresourcedefinitions:type=spec // +required AntreaCNIConfig string `json:"antreaCNIConfig"` // AntreaControllerConfig holds the configurations for antrea-controller. + // +operator-sdk:csv:customresourcedefinitions:type=spec // +required AntreaControllerConfig string `json:"antreaControllerConfig"` // AntreaImage is the Docker image name used by antrea-agent and antrea-controller. + // +operator-sdk:csv:customresourcedefinitions:type=spec // +optional AntreaImage string `json:"antreaImage,omitempty"` } @@ -34,21 +40,22 @@ type AntreaInstallSpec struct { // AntreaInstallStatus defines the observed state of AntreaInstall type AntreaInstallStatus struct { // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster - // Important: Run "operator-sdk generate k8s" to regenerate code after modifying this file - // Add custom validation using kubebuilder tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html + // Important: Run "make" to regenerate code after modifying this file // Conditions describes the state of Antrea installation. + // +operator-sdk:csv:customresourcedefinitions:type=status // +optional Conditions []InstallCondition `json:"conditions,omitempty"` } +// +kubebuilder:object:generate=false type InstallCondition = configv1.ClusterOperatorStatusCondition -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status // AntreaInstall is the Schema for the antreainstalls API -// +kubebuilder:subresource:status -// +kubebuilder:resource:path=antreainstalls,scope=Namespaced +// +operator-sdk:csv:customresourcedefinitions:resources={{Deployment,v1,"A Kubernetes Deployment for the Operator"},{AntreaInstall,v1,"this operator's CR"},{ClusterOperator,v1,"antrea cluster operator"},{Network,v1,"Openshift's cluster network"}} type AntreaInstall struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -57,7 +64,7 @@ type AntreaInstall struct { Status AntreaInstallStatus `json:"status,omitempty"` } -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true // AntreaInstallList contains a list of AntreaInstall type AntreaInstallList struct { diff --git a/api/v1/groupversion_info.go b/api/v1/groupversion_info.go new file mode 100644 index 000000000..8a65b61d7 --- /dev/null +++ b/api/v1/groupversion_info.go @@ -0,0 +1,23 @@ +/* Copyright © 2020 VMware, Inc. All Rights Reserved. + SPDX-License-Identifier: Apache-2.0 */ + +// Package v1 contains API Schema definitions for the operator v1 API group +// +kubebuilder:object:generate=true +// +groupName=operator.antrea.vmware.com +package v1 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +var ( + // GroupVersion is group version used to register these objects + GroupVersion = schema.GroupVersion{Group: "operator.antrea.vmware.com", Version: "v1"} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) diff --git a/pkg/apis/operator/v1/zz_generated.deepcopy.go b/api/v1/zz_generated.deepcopy.go similarity index 94% rename from pkg/apis/operator/v1/zz_generated.deepcopy.go rename to api/v1/zz_generated.deepcopy.go index 4fec8dfc5..688a21a2f 100644 --- a/pkg/apis/operator/v1/zz_generated.deepcopy.go +++ b/api/v1/zz_generated.deepcopy.go @@ -1,9 +1,9 @@ -// Copyright © 2020 VMware, Inc. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - // +build !ignore_autogenerated -// Code generated by operator-sdk. DO NOT EDIT. +/* Copyright © 2020 VMware, Inc. All Rights Reserved. + SPDX-License-Identifier: Apache-2.0 */ + +// Code generated by controller-gen. DO NOT EDIT. package v1 @@ -19,7 +19,6 @@ func (in *AntreaInstall) DeepCopyInto(out *AntreaInstall) { in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) out.Spec = in.Spec in.Status.DeepCopyInto(&out.Status) - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AntreaInstall. @@ -52,7 +51,6 @@ func (in *AntreaInstallList) DeepCopyInto(out *AntreaInstallList) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AntreaInstallList. @@ -76,7 +74,6 @@ func (in *AntreaInstallList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AntreaInstallSpec) DeepCopyInto(out *AntreaInstallSpec) { *out = *in - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AntreaInstallSpec. @@ -99,7 +96,6 @@ func (in *AntreaInstallStatus) DeepCopyInto(out *AntreaInstallStatus) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AntreaInstallStatus. diff --git a/build/Dockerfile b/build/Dockerfile index 17586461f..d94c986e3 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -1,14 +1,22 @@ FROM golang:1.13 as antrea-operator-build -WORKDIR /antrea-operator - -COPY go.mod /antrea-operator/go.mod - +WORKDIR /workspace +# Copy the Go Modules manifests +COPY go.mod go.mod +COPY go.sum go.sum +# cache deps before building and copying source so that we don't need to re-download as much +# and so that source changes don't invalidate our downloaded layer RUN go mod download -COPY . /antrea-operator +# Copy the go source +COPY main.go main.go +COPY api/ api/ +COPY controllers/ controllers/ +COPY version/ version/ + +# Build +RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager main.go -RUN make bin FROM registry.access.redhat.com/ubi8/ubi-minimal:latest @@ -28,8 +36,8 @@ ENV OPERATOR=/usr/local/bin/antrea-operator \ COPY build/bin /usr/local/bin # install operator binary -COPY --from=antrea-operator-build /antrea-operator/build/_output/bin/antrea-operator ${OPERATOR} -COPY manifest /manifest +COPY --from=antrea-operator-build /workspace/manager ${OPERATOR} +COPY antrea-manifest /antrea-manifest RUN /usr/local/bin/user_setup ENTRYPOINT ["/usr/local/bin/entrypoint"] diff --git a/bundle.Dockerfile b/bundle.Dockerfile new file mode 100644 index 000000000..6f3957f15 --- /dev/null +++ b/bundle.Dockerfile @@ -0,0 +1,15 @@ +FROM scratch + +LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 +LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ +LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ +LABEL operators.operatorframework.io.bundle.package.v1=antrea-operator-for-kubernetes +LABEL operators.operatorframework.io.bundle.channels.v1=alpha +LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.2.0 +LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 +LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v2 +LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/ +LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1 +COPY bundle/manifests /manifests/ +COPY bundle/metadata /metadata/ +COPY bundle/tests/scorecard /tests/scorecard/ diff --git a/bundle/manifests/antrea-operator-for-kubernetes.clusterserviceversion.yaml b/bundle/manifests/antrea-operator-for-kubernetes.clusterserviceversion.yaml new file mode 100644 index 000000000..5a66ae64e --- /dev/null +++ b/bundle/manifests/antrea-operator-for-kubernetes.clusterserviceversion.yaml @@ -0,0 +1,348 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "operator.antrea.vmware.com/v1", + "kind": "AntreaInstall", + "metadata": { + "name": "antrea-install", + "namespace": "antrea-operator" + }, + "spec": { + "antreaAgentConfig": "# FeatureGates is a map of feature names to bools that enable or disable experimental features.\nfeatureGates:\n# Enable antrea proxy which provides ServiceLB for in-cluster services in antrea agent.\n# It should be enabled on Windows, otherwise NetworkPolicy will not take effect on\n# Service traffic.\n# AntreaProxy: false\n\n# Enable traceflow which provides packet tracing feature to diagnose network issue.\n# Traceflow: false\n\n# Enable ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins\n# to define security policies which apply to the entire cluster.\n# ClusterNetworkPolicy: false\n\n# Enable flowexporter which exports polled conntrack connections as IPFIX flow records from each agent to a configured collector.\n# FlowExporter: false\n\n# Name of the OpenVSwitch bridge antrea-agent will create and use.\n# Make sure it doesn't conflict with your existing OpenVSwitch bridges.\n#ovsBridge: br-int\n\n# Datapath type to use for the OpenVSwitch bridge created by Antrea. Supported values are:\n# - system\n# - netdev\n# 'system' is the default value and corresponds to the kernel datapath. Use 'netdev' to run\n# OVS in userspace mode. Userspace mode requires the tun device driver to be available.\n#ovsDatapathType: system\n\n# Name of the interface antrea-agent will create and use for host \u003c--\u003e pod communication.\n# Make sure it doesn't conflict with your existing interfaces.\n#hostGateway: antrea-gw0\n\n# Encapsulation mode for communication between Pods across Nodes, supported values:\n# - geneve (default)\n# - vxlan\n# - gre\n# - stt\n#tunnelType: geneve\n\n# Default MTU to use for the host gateway interface and the network interface of each Pod.\n# If omitted, antrea-agent will discover the MTU of the Node's primary interface and\n# also adjust MTU to accommodate for tunnel encapsulation overhead (if applicable).\n#defaultMTU: 1450\n\n# Whether or not to enable IPsec encryption of tunnel traffic. IPsec encryption is only supported\n# for the GRE tunnel type.\n#enableIPSecTunnel: false\n\n# Determines how traffic is encapsulated. It has the following options\n# encap(default): Inter-node Pod traffic is always encapsulated and Pod to outbound traffic is masqueraded.\n# noEncap: Inter-node Pod traffic is not encapsulated, but Pod to outbound traffic is masqueraded.\n# Underlying network must be capable of supporting Pod traffic across IP subnet.\n# hybrid: noEncap if worker Nodes on same subnet, otherwise encap.\n# networkPolicyOnly: Antrea enforces NetworkPolicy only, and utilizes CNI chaining and delegates Pod IPAM and connectivity to primary CNI.\n#\n#trafficEncapMode: encap\n\n# The port for the antrea-agent APIServer to serve on.\n# Note that if it's set to another value, the `containerPort` of the `api` port of the\n# `antrea-agent` container must be set to the same value.\n#apiPort: 10350\n\n# Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener.\n#enablePrometheusMetrics: false\n\n# Provide flow collector address as string with format \u003cIP\u003e:\u003cport\u003e[:\u003cproto\u003e], where proto is tcp or udp. This also enables\n# the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge. If no L4 transport proto is given,\n# we consider tcp as default.\n#flowCollectorAddr: \"\"\n\n# Provide flow poll interval as a duration string. This determines how often the flow exporter dumps connections from the conntrack module.\n# Flow poll interval should be greater than or equal to 1s (one second).\n# Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\".\n#flowPollInterval: \"5s\"\n\n# Provide flow export frequency, which is the number of poll cycles elapsed before flow exporter exports flow records to\n# the flow collector.\n# Flow export frequency should be greater than or equal to 1.\n#flowExportFrequency: 12\n", + "antreaCNIConfig": "{\n \"cniVersion\":\"0.3.0\",\n \"name\": \"antrea\",\n \"plugins\": [\n {\n \"type\": \"antrea\",\n \"ipam\": {\n \"type\": \"host-local\"\n }\n },\n {\n \"type\": \"portmap\",\n \"capabilities\": {\"portMappings\": true}\n }\n ]\n}\n", + "antreaControllerConfig": "# FeatureGates is a map of feature names to bools that enable or disable experimental features.\nfeatureGates:\n# Enable traceflow which provides packet tracing feature to diagnose network issue.\n# Traceflow: false\n\n# Enable ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins\n# to define security policies which apply to the entire cluster.\n# ClusterNetworkPolicy: false\n\n# The port for the antrea-controller APIServer to serve on.\n# Note that if it's set to another value, the `containerPort` of the `api` port of the\n# `antrea-controller` container must be set to the same value.\n#apiPort: 10349\n\n# Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener.\n#enablePrometheusMetrics: false\n\n# Indicates whether to use auto-generated self-signed TLS certificate.\n# If false, A Secret named \"antrea-controller-tls\" must be provided with the following keys:\n# ca.crt: \u003cCA certificate\u003e\n# tls.crt: \u003cTLS certificate\u003e\n# tls.key: \u003cTLS private key\u003e\n# And the Secret must be mounted to directory \"/var/run/antrea/antrea-controller-tls\" of the\n# antrea-controller container.\n#selfSignedCert: true\n", + "antreaImage": "antrea/antrea-ubuntu:v0.9.1" + } + } + ] + capabilities: Basic Install + description: An operator which installs Antrea network CNI plugin on the Kubernetes cluster. + operators.operatorframework.io/builder: operator-sdk-v1.2.0 + operators.operatorframework.io/project_layout: go.kubebuilder.io/v2 + name: antrea-operator-for-kubernetes.v0.0.1 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: AntreaInstall is the Schema for the antreainstalls API + displayName: Antrea Install + kind: AntreaInstall + name: antreainstalls.operator.antrea.vmware.com + resources: + - kind: Deployment + name: A Kubernetes Deployment for the Operator + version: v1 + - kind: Network + name: Openshift's cluster network + version: v1 + - kind: ClusterOperator + name: antrea cluster operator + version: v1 + - kind: AntreaInstall + name: this operator's CR + version: v1 + specDescriptors: + - description: AntreaAgentConfig holds the configurations for antrea-agent. + displayName: Antrea Agent Config + path: antreaAgentConfig + - description: AntreaCNIConfig holds the configuration of CNI. + displayName: Antrea CNIConfig + path: antreaCNIConfig + - description: AntreaControllerConfig holds the configurations for antrea-controller. + displayName: Antrea Controller Config + path: antreaControllerConfig + - description: AntreaImage is the Docker image name used by antrea-agent and antrea-controller. + displayName: Antrea Image + path: antreaImage + statusDescriptors: + - description: Conditions describes the state of Antrea installation. + displayName: Conditions + path: conditions + version: v1 + description: An operator which installs Antrea network CNI plugin on the Kubernetes cluster. + displayName: Antrea Operator + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAAT4AAAD2CAYAAABP9OtdAAAACXBIWXMAAAsSAAALEgHS3X78AAAgAElEQVR4nO2dW3BV15nnv6MrQkYSCgILDMJAwAW2uZjuGCdpZHdNTdpJF6SmUpPqh7bS/dTVXRVlV6GXfrDy0C9QdUKqZmoe5sFyP/SkH6Ysz0zi7nRPLNrtS/mCwcYUJoCRMchcjCVhQPfT9W2tLR+d9a2917mfvdf/V5XgWmfr3PY+//3dVyqTyRAAALhEHc42AMA1IHwAAOeA8AEAnAPCBwBwDggfAMA5IHwAAOeA8AEAnAPCBwBwDggfAMA5IHwAAOeA8AEAnAPCBwBwDggfAMA5IHwAAOeA8AEAnAPCBwBwDggfAMA5IHwAAOeA8AEAnAPCBwBwDggfAMA5IHwAAOeA8AEAnAPCBwBwDggfAMA5IHwAAOeA8AEAnAPCBwBwjgacclAuPG9gDxF1ENFm9T8bRviYdProCE4MKBepTCaDLxcUjRK5XiLao/63uwRPO0FEp5QY+v+m00fHtaMAyBMIHygIzxtgS+6w+h8LXnuFvsnTSgiH0umjp7RHAbAAwgesyRG7QzXwzY0S0TBEEOQLhA9E4nkDHJ8bVIJXKcsuX9gSPJ5OHx3CGQVRQPiAEc8b6FWCd9B0TA3CVuBxZQUiHghEIHxAQ1l4QzETvFw4MdIPCxBIQPjAEiqGx9bScwn6VtgC7EN5DMgGwgd8PG+gT4lercbwiuVlJYBwfwGEz3WUlTccc7fWlgklfsPxeLugXED4HMbzBg6rWF5JrbxMQyPNtLXTzfb1NLGila63tNFsUyPdXdupHRvQMD1LD9y8TatmZ6jrzhfUMXOHWu98QY13JrVjS8CLKv4H689RIHyO4nkDnK19vlSf/v669XR1VTddXNMdKnD5woL40NgYbfxyjDpvXaH6+/dK9dSnlfWH+j8HgfA5hnJth0pRgMxid6mzhy5u2kxzzY3a44WQuT9LdZdu0ezUDDU80aM9w+O/fY02Tn5KzU3z2mMFwK7vYSQ+3APC5xBK9EaK6aNlN/ZW9xZ6e+summ57QHu8ECavTtCK0VvUeOEGLVxZ9D4XDmyhxmd2aM+W+fs3/WO2ts3SxtVT1NU2pR1TAD9B2YtbQPgcQQ0R4KC+bkZZwIL3+aYd9M43HyuJdZf6aIymz1+nuau3qXliWns8SvgCOpoW6NG196h79X3t2DyB+DkEhM8BlOiNFJrEuN2znf79kSdKIngzv/mQ6t//TFvPJfO9naKrO/93r2hrpATwDx66Qx2tM9pjefDLdPpof1EfEMQCDCJNOMWI3nTnGvrXAz+gkd1PliyG13jrK21NpGOltGpkfKaO/uVSO711aTVNz9SbDovip6qeESQcCF+CyUpk5C16Y1sepV9/51ma7MovQ3vv9j2aeeMizb03qj1WLJz4iOLK3Qb67YXVdHb9Hppd1RZxtMgLEL/kA+FLKIUmMuZbVtKrT/2A3nx0n/aYCRYkFrrp//kaNf+PE1T/6nnKTMhJh5npOW1Non59h7Y6f82u7G5qPkUnt2yj//v0Yd9NL4AXVI0jSCgQvuRyPF/RY9f21390iL5cY2fl+dbdS6do5r+PUOqfzlLDja/d2KZ1srWVfUwYqZbiXOuVnYuuMrvpv3/0Se1xC4ZUmAAkEAhfAvG8gf58Bw2Mr3/Yd21tYnlzF2/62VXfujs7Rg2CFTe7ovTbuTRO6a8jMbd2eZnNh1u2+1YsZ6bzgMMDw8pyBgkDwpcw1Ay9X+TzqVj0frf/u9p6LoHgpX717rKSklIz3d4sPuPMdbv2taZmXXTZih35w/+cr/j1qBgpSBgQvgSRlcyw5vL2fZGixy7t/D++U3bBC2hpa9HW8mF2lfz3BYrfIWVBgwSh3xpBnBnKp0CZLb2TjzyqrWcz+7uPqf7kp0SCO1tpMlOLNXpzzQ3UpNzZuYcW45GpnsV/G7Z2UVgxSyB+vW//M6XmorPEikHPGxhOp49e1h4BsQTClxCUi2vdf2vj3rJrW/fmpYq7BbNrHqAmbZVo7smt1PTsY8uErZAUSAHi165uKr3aIyCWoHMjASgX95Sttcf1bVzqYQO7uHThVt5f0t2+p6htw/LyQe7JbR16w/9vjuOxS8sWW6p9hV+wzCUsxWZz8+GxS+fpm2feyudP0NaWEGDxJYN+W9Hj+NYrT31fWzcx/Z92UfOFE4ZHzeSKHrOqcyXN/3i/L3ArlcBVTuZ0ONvbdfs6dVz7RHvMwHHl8mKOX8yB8MUcZe1ZB9/f3tubV/sZ18PN7Oz2y1ZsYWtOajhja45jcNWCkzRNX96lzOhtqrs5SXOTU3Tu7jg9ucX6DbWr73pQewTECmR144/1PhncxXC1u1tbZ7gQmWN6EnMHo7sfWOx4ogq7uCv/5hnt8Uph/AwXb/p1h5yZ5rglu+9cTM0tbhdv5DVeqx+1ffEHFl+MUdtAWhUqcyvav+14QlunYGLK2TGavnqbGgTRMll9nF1N7XyQpnZvWnJty+m6BhYbFzIHNX0Nn932/w3KbFL8f3/7J9rfhnHyegutWzVFD7RYZa5h9SUACF+8sXZx333027SwQpcl7rENxkTxXDwuX5Hm4LHVFwgfW3dNB7ZS0871vvsqZWALgXt+uR/XlORgi81/L1muyoJ2VGGcGVtFT2750vZv2eo7jlhffIHwxRTlbllNEfmqa4Po4rIFxQMFsi+ChZOfUubAFk14AquvbtNqWinMycuHQOA41paZuE+Nd+4vs9ju/9XBpeRH9nuV+zksGQ/fq4Nd3p4vW2wHmsLqizkQvvjSZxvbO7HrW9oa0/L/TtNCTmEy993Ovv8pNT21VTu+6YfF9eyzdTnz5kXfskwFbqlgtQUDBpa99pd3tTUJ7tOVCph5WkxKW13OmRsraW3bNNXXW9mRfRC++ILkRnyxcnO5UFnaG4Nn5pnaz+ZOFjdLzzQ3j8VHGjNfSqQ+XVt4mOnlL3TRNdCD0VXxBcIXQ9S4JCt/8/Xte7U1FqbMG5e09QDfIvvIvnyFcmbyzf7TR9rj/jET0W7knEm4IlzVUnH21gqan7f+WWBgaUyB8MUTqx8cb/8oWXtzb14SR0kVQjCTbyH9r0sz+VLt8pAAjuVF0bRWf7+krMViCLK/UfAQ0xuT1tHEQyhtiSeG2yuocaxcrFMb5QEEnMAw3fHY4qp/ejtldunJkGy4/WzV/z9LzQZ3uVqY+nzz4f2pTnqw4YZtH+9hjK6KHxC+mGHr5nLd3tj6B7V1dkfDrD0WPWl3s2zYwms9O6YlJQIyRQwhXWDh1Vbt3GQmtcJe9jgRwjHB7H5h7ixh23L03BnafP6k9jcCEL4YAuGLH1bW3u01G7U1pv6ja2bBMmzpqB136462lk2dYey8KZmy7JiuNlH4/JIXbdWe+V3rKcMC19NJ91Y0+QXXwevoFYNEHzy8w1b4MLElhpg8HlC7WP3QTj/0TW2N43Em8Znf+5CV6DENbSu0tWrBrnndxg6a39ntt8wFc/m09/xEj1+YzRadNEAhF+5n5j1ILGjH3hzxAxZf/DgY9Y7ZzZW2hWz6xNDHuvYBan72MW3dBFtldSGjqmZWt2oXlqnERXuP69rINCiNBS53jFWzKnQuVfdINlc6e2jbbfPnzOKwGgsGYgKEL0aoYaOR3Fm9TjwkdeGGtsZMP/t4cV0ROUgFyNypEVVATGqTIumiTP35Af9fyS0tF+e+0U3bLlg9OSy+mCFdY6B2sfqBXW3XkxrM3JVx7YSzi2ty/TiJIXVr+O7km3Id4JwhOWGCrc3Uhg4/LjjzcJcompUkGITgs7XLn19okd3VvyRQ00D44oXVD+zi2vXamt/rmpPN9feuePoR7VhSnR3+UAJB+MIw1uGN3vYtvkDomnvW0MKWNUuuKlXwYgx6hbkomusDg9l8XIMYWL6c6GGmvtFFLdevac+RA3dxdGBoQXyA8MWLzVHvli2UufZWbb11bIJyi1jq9m3ShhFQMLwgpLMjDFM5yuyejUR7Ni5ZdJmsXt1yw5+H+5Ipd3xV1r+5PwS2Pnntessa2kyRwkfqpjSirYKaBMIXLyLNr5k2g9t6fVJL4TcckEcPS8MLbDGVo5TDhQ3c0gWezTd+jxpvfbUUC8zGP8aQzZZgSzh4v1e+0U2bL38gHKUReVMCtQOEL17IqpbF/RWrtDUSCoC5/KNesPZ4UnGqwG4MntPXGpKVLRTuEmkfv7co3oJbGgjtTHODmKThwaX5yHjDxq+70O416t+RAQhfjIDwxQTbWrHxJln4cguA6x7foB3D1L9+Ie9C4WAwKc/pK8eefdwax4mZwGI1XbSm+KJk7YYxv7FzSUzvrtXLggygZzdGmK4hUHtY/bDutujxPWZmem7pZPubAQmb/vgJkDysvWzBKxS2MDnxwUME6p7YLPYI35+8L1py5WKqZ00hdYHI7MYICF/CuN4it4uxa7j03xtkK6bhrYvamgS7jrPf21mQ4LHbumL0FjVeuOHH3YKBpGxl3vnjlSS9e9sZfqYBBewe50NueQ/vQ9x4J7/nALUNhM9BmrevE13SuUs3lyUm6jbKRiZbZflcOGxJsqjy87cqEZPcaame0I85aqsypgEFddNz4utJSJ95oVF+XhBfIHwOcre7Xdv31ndzyzQdufHUFap7/zMx2xtgGhmfzwBSU7tbPq4yt8RVc5NzUBkwpMAx/PieUFoi9fGyCJQCmyGgqTVyUiafAaSzhnFY+Qi6acgBSBYQPsdoaZOnI0sCk89cPXZJ2WqUmMmKLxpZJwuf7eRkhocW5GJ6TyYahKQPSB5wdR3D5MqxwOTGwUxz9bIJuiK49m+lsJE3t4eFDT6Nei0WTZuLlIuOm4W6RGl3tiCOx8kQjgsG0178OX3a0SCJQPgcw2TF5cbBuMC5KcL64c3Hm9+85AumKUZXd+mWJqgSkqUl9RebMNbwrW6lph/vXxo+mk1uysIkenWzM9oaiDfyrwDElk2Tt2ic9LFUHNvjWJfJssqOg/miFzKcgEtSmn/zwbISGVOMzqZ4WMqkkqG/OHtcPIs4fx5J1AL8eGanXCZjC0pZkgeELz5ctnmnDYYRShzbW7AI8vvC8r1d2noAbzvZ/MoZzX2t27RaO5YMLrT2mgb3m5MVC09vXxxZtbrVFzFpXHyNuKcYUBAjkNyICen0USvh65iR98PgeJYJtuBIxcnm/8sT4sQWUhsVzQ2f0kSP1DQTiajEBlui93fI8wPZ/W16aqv/r5SJrgStN+yTKyA+wOKLFxNRgwpapmThC1xcKfO5cmoxhpV6aotRYFj0eN9cCVOJDAtqa+4MwKx5fH49ofB3tUTXvXDhzsLqxgRqAwhfvDgVtedGs2GPCLbIOHlhsuY4zlb/1FZtnSJEj0Ja4Lg1zTR4lAuNKy15XHLD8Bir1NScP7Em2OT8/g92iyLcOWlt8UH4YgSEL15ECh/TdP02zaxbLkb8o542ZF4p+OFrq8pqCxE9CmmBYzeVlJhWcvBoAGedFy7eWErCBK+f/R0shFiszLr78o0kl3T6KGJ8MQLCFy+srIqHJ7+gj9fpVlhqlz6SnlQsTboQ/Bq8l97T1nNhS64SosYWGw9I4ExxYK1xDHH+L74tCtfCyU/FeGQuDVvk+CSz4gu9o0VgVF8CtYx0vYPaxWoLww0Tn9PHpO+rO/dIt1a7Fsbsq+dC273YUmrY1yMONC0Gf7LyJzf9bhLOCvs1hhPTi3t2ZGXk/Gzx2gdE0ZPiiyamdm8SvxdObFhsNETYWjJ+QPhiBLtTnjcQ+Ybbb3ymrZFyd9mKM8X5svGLh9+Xn4fjgTw7r16YnVcKGk6cp9TZsaVxVWEDBkxWLMcXbWDxNtUA7rhttdcGoZQlfkD44seJqDgfWyltN2+Lm4rbiB4p8cmFC5vnDm5fFFDtUTuCwaPsqkpF0izMmYtW7qWPyYrNfGQnWo075UnUzIYxu011IXzxA8IXP4ZtEhy7P/s9vdb1LW3dBt/a460lFdmCJ4lMGIHbypuZ+/v6Ts/5llywfWMu82evWcXlfLatEd1c//1H1A8G8O5v0q2gYeKubcfGRDp9FK5uzIDwxQ8r66Lz1hUiKkz4eH4eFSF4/uDRc2O+1ZUtQMtG3xumN8+8eTHUtc0ms1/e38d2kjS77JJwMo+PfaKtGRiWl0Etg86NmKGsi8gsYv39e7T58qfaug08qj3z4/2+K2oShlD+4S2qf/X8sl7ebHifDgl2g8OSKdmwaEmDDUhNkrZh3hAfZDZeOaetGYCbG0Ng8cUTtjJ+GvXOd312hi5v3qStR1H/X/8g4ggzUeLFgpUyWHs8bXlB7fXL05S1waLj95bmBt7d8aDYo8vF1mGvHxBmdXZf+9y/cVgwAYsvnkD44smQjfBxF0fz5Fc03Wbu0y2EsMzwwgdXjUXS5G8otFMULKYhS4gyERen/Or2rrLJ6mT2XTqprRkYTqePFrYJMagqcHVjiHJ3T9u882+ff19bKxQWPL8b4v/IsXx+vD4rKZILW3Om0pFS0fKX3/UTJ6ZRV6SGMdTvlN1ctvZMbX8CQ/oSiANhN1VQ2xwnohei3mHHtU+o9caufDbGFpl54yJl3rjkZ1xNGdnZ9z81Wnt+L/AzO7T1UsOWqG85PtFD02p3t8zZz5dlinkYg8lizcPaG0WbWnyBxRdfhlWMKZLe828V/CH9vTT+2+8WkxXTc4vdGobY2NxJOefCgwroR/u19XLjZ6OffYya/rrXtzbZ0vM3QTcMY8jT2juurYDYAOGLKSq2ZPXj4x/zjiuyKJlgt3X+H9+h1K/eXZYsMMXG/AGlQlIhasZfJeDXbnxmhy+A9GdPGl9x/8fWN4gJuLnxBq5uvGHh64+a0cc8cu4d+n3XelpYES1ALGLTwpTlsEzownv6/AS29KaffZzaQkpiuOaPR8xnDx4IenMDokbh28ICuNIgwAfOnMxnxPxxJDXiDYQvxvCPz/MGWPyej/oUXJ7xRx+/RyO7zRYPBV0PPGVZe8Rs7bE7zLusZcMxvaYf7Rd3Pgv+Zv6lU/5mQrmDB5ZtevT0dqNrysy8dMpvcUtt7aK6xzcYa/vC4Pa+7ktnQo5YxgTc3PgjXd8gXlhbfZ2j52lHZzd9vFG22kjFxWae3u7H9LJh663ZYO3Vv35haV8Ndm3r9m0KTWT4mxW9JI+wD1iyFkOywFyzt5RF5n/PjtE9NTGmce8ma/f64Jl/09ZCgLWXAFKZTKHt5qBW8LyBQRurj8k0NNJvvvOnkbV9M7/5kOqzprNwJ4dkTfnW3q/e9f87u8XNhC96/+tto+j5yYcDW40JlKXXjZgKHQhwY4gAM8+8+5qf+baEM7lynxyIFRC+hOB5AxxkC1cLxeyqNvr1ge9HxvtY1GZe+ZCau1YZuzk4ATLf1BgpeBQhev6+vPs2RQoeWYheNpzNNYnfY5fO0zfP5JXx/mE6fRSdGgkAwpcQPG+gl4hetf00X3VtoN8e+GNtXSKsU8MWFqt5VRKzxLY1NL+x0x8tZdsTzDG9sCLpbMKSIhvGxuhb7/yLth7Cy+n00cPmh0GcgPAlCJXoiGxlCxhf/zD9bv93tfVS42eJz1+nVHuL34M70bEyNHYnwUmX+v/9nnHwQS5horf61m3qffufbacrk0po7LHd4hPUPhC+BOF5Ax1qDLqVy0sVFL9iyO4asSEsE1yA6BFc3OQB4UsYnjfAZk5eDbq1Kn5LMUahMFrCT4z8yWNiEoYKF70X0+mjfdoqiDUQvgTieQN9Nn282bD4jTz6pFWBc7nx44G8Q5qlW8vM732IGp9+xBiL5M6VnR++ka/o8SCIXpSvJA8IX0LxvAFuqXoun0/H2d5Xnvo+zTXL4lFO2LrjkVZcjGw9el4VSps2Aw/Yd+4MbT5vPXwgYEKJnjyKBsQaCF+C8bwB/tHuzucTcp3f23t76Wp3eXZQC/CF7vok1V+5vbQXRz5w8mLqDx8OTZLUTc1S75m38qnTy2YvRC+5oHMj2fSq0ejW4seuIJd53Ny4g17bm/+eHf7mQl/e9f+bhS01tShouX24vOFQMMLK+iLctoYy29b6s/R4L9+wfUC4XGX/mddtJynn8hOIXrKBxZdwVKY3L/ELmG9ZSW/v+g6NrX9QeywMLlRecfpTylwdzytOlw13XjStfYDmHur0S2AWtqwxxu+yaZiepe+ce89vzysQFj1MXkk4ED4HKEb8SCU+Xt++t6AR9v54q2vjS9Yfb2RUl+XWLjQ30ELX4jD6VPsKoo6VVL++o6CC6V0Xfk/bz7+bbwIjG4ieI0D4HKFY8WO+ePBhen3HPpprb9UeqyYseNs+OV2oWxsA0XMICJ9DlEL8SFmA7/bsosmu4sbZFwO7tDuuXC6F4HH2th+i5xYQPgcppNRFgstfrnZvow+6H66YFch7BW+5NUrtNz4rxqUNQMmKo0D4HMXzBniG3y9K9elZBK+v2UyfdHbTzQ3rtMcLpWHiLm29cY02THxeKrELQHGyw0D4HEZNdBnKp7fXlunONXR/xSoab1pFV77RTbMZoq9WPWC0DDs+u+7/u2Fqklrv36WuiWvUNDlRSqHL5pfp9NF+bRU4A4TPcVTcj8XvkAPfBO+41IdtIQGED/h43sBhNca+5NZfjfBLIhqEawsIwgeyUdZfv+0Y+5hwQgkerDywBIQPaHjeAO8rMViKzG8VGVWChzIVoAHhA0ZiKoAQPBAJhA9EogSwz3YbyyrxMidpMCkZ2ADhA3mhkiB9NZIFPq0y0sPYDwPkA4QPFIRKhHAd4GH1b6WywZysGIbYgWKA8IGSoNxhFsA9Wf8r1i1mi+6y2kBpBJlZUCogfKCsqO4QUmLYEfFaLHBcZ3cZ1hwoJxA+AIBz1OGUAwBcA8IHAHAOCB8AwDkgfAAA54DwAQCcA8IHAHAOCB8AwDkgfAAA54DwAQCcA8IHAHAOCB8AwDkgfAAA54DwAQCcA8IHAHAOCB8AwDkgfAAA54DwAQCcA8IHAHAOCB8AwDkgfAAA54DwAQCcA8IHAHAOCB8AwDkgfAAA54DwAQCcA8IHAHCOBhc+sOcd6SeijpzlU+n0sWHt4NK9Zi8R9eYsD6fTx05pB5f/dYfS6WOXhWP7iGiz9iSVYySdPjYivC/pM+TLOJ9j9TeXpc9fCJ53hL+vvip8V+I5LBTPO8K/h37hz0v6OrVK4oVPXai/0B4gGmUh0lZLB/9wn895tn5+P+n0sfEKvy6Li3Qx8w/4oLZaWTThM3yGovC8I6PqtYaLvOFtLvV7s8R0Dgulz/A5qiXsFcUFV3dQW1mkR1k8laS9zGILzPQQ0XNE9JLnHblchXNfa0jWHvOcsgYTTaKFT53Aw9oDX2M6+eXkoOcdMYkxqAwsgi943pER5RE4hRL9npDPXI3fRUVJusXXr6wsE7tVPKnSPO95R8IEGVQGdvNPed6RPY5931HWbuKFL+kxPht3ps8QZyo3Q/yDq3IgWUr62PBqzjGnC/yx5PPZf5aVrLBlj4pZ8c1tt+Fv+MbIll9vEYmnF/l8aqulpSRJMXWjj4rrtrNVmE4fK/dnqhqJFT4Lcz6AYxqDVRCgIN5XNWuj0B+65x3JXRqXsrMl5lQBr7F0fFY2VvICAvErNPF0uQKfv1TYxjYHKyDmVSPJrq5kgbyorBObYysBu9rHq/TaTsE3tnT62KC60ZwQPjuLX6LPhRJ/TvDk8nNtZTH5V40wUEVIpPCpEya5NoOGi7uvQpmsCW2F6KeI91UOJYC96iaYy3MJT3ZIN/hRdUOQvg/p+ESQVItPOmEn1EU/pGr4smmvUO3SoEH8hhwMsFebfuE6IMO1E3vUjV26xgNDQHJrDyX1RpA44VMn6pD2wHJLTzrJlbjgTxlep12JX+Lrp2oFFcuTyoqSan0fFmKbE8FvQcUopRCA9B3FniRafJKwjOZU60vubkUKmpXFKbkVuw3vC5T3XOTSk9AbkCRgQznJHOn7OJzE7yNRwhdizi876epkS+Ij/W056DckWZ5DR0HFkaycRIUdVAxZqnBYdqMNCQNJxkSsSZrF12cw56U2MekOeLASsTYlvIcN8b7jiPeBEiMJ14uGEi7J6kvczThpwied4ONSbZY66dLdXnqOkqNeX7qgEO8DJUPdRKWCZUngSFmBuTfkavS1l5XECF9IwbLpBJPB6qtYSYOKO/5Se2Ax3hf2vkHpSPoNRrqRnzAVXCsjQfKQpOeJLUmy+KQ7ksmc91EnXyppkJ6rLKTTx0zxvkNqjiAoE+oGp9V7mkQhboQULEfdVCWDoFp97WUhEcIX0n9okyWVTnJ/hV1NU7zvF4j3lRXpBifdhJL0+bjCIVT4lLHwsvaA/HyxJCm9utIJOWHZizqsBDI7KdKuxCj0AikVfKGpzFtu87///tQwAy1OCQpH3VCkQZyFnPPeMo0au1zkoADJY7AtmTou1MNWq6+95MRe+ELMeasTzIKi+mVzfwQVbdJm98rzjvxceB896n2gra1EKNGT3NmJAs/5QYPHUSwnCr0GVcxbqnCwej51PY4KcfN+g6DGiiS4upK1l1uwHIV0MfRUuodW9UxKmeZDGF5aGlTcdEQQBWYwQZa1dL3kFiwX8hyV6msvK7EWvpANU6QTZkSZ7lJBs/Tc5cYU73s+ydMyyglbeCx4PHJe7b8iid7L6fSxRHTOqOtEqnDI6/MpNzv3WqxUX3tZibura+o/LGRfi+OCy3xQzWirWExDud5h8b5yb1ZUq3BhdyGfe49wjeRyOmFFutKNP7TCIQQpDNQf9/bKuAufdILFguUoOBHieUdOCLGawUr/KFR85WfC7nDB8FIXLT+t7KREcPayr8ibyc9VmKLqqJi3FG+Uwjk2SMLXE/cJzbF1dUP6D4s5GdLfVmXXKeV2SSUF2KyoNLBn8LN0+tjhhFnQ0rVhLFiOogb62stCnGN8UvytUHPex9CkbXqtStBneD/YrKhwJtTE4c1JiekFqBu0VMa1YrsAAAQxSURBVOEg3dDzQRLTivS1l4tYCl9I/2EpLmTpOaoifFnDDCSGXNwasQAmVKacWwN/mE4f62C3NKFxUuk6jSxYjqLafe3lIK4xPukLZ8uoowSZT8lirNquUyr2GBbvc6Wz4+kod03VY/40Z9kfq1TEDmpxQnI/T5WoGmBEMDZiW9AcO+ELMed7DJnQUlG1XafYJVNWbu7n9jcrUv2+zsPfg2G/lSG1fWRis+EhQzoOCR0YpaTP4ArXNHF0dav1I6/2rlOmYQbYrGg5ktWzO6kj1LOo1u+i0n3tJQHCF5PXVtZKn1BQStis6GuUS/sz7YHFG0Qiy4AMVm6laA+JQ9cssRI+Q/9hJanqrlPqRy2JL4aXZqGytVIwfjih35F0TVSS2FnTcYvxSV/wCUPDeSmQ4iYVL2jOhhMs6g6vxftURjr2kzNKxGH1XeRO3UnUwIeQXQVfLOO1IBU098ZpjmFshC+k/7CvXFkl1dv5Qs6yv+tUlQPl/Sqbm+vePGeIAzqHav3jG9RLOZ/dH/CaoBo+ydrjEpay3ZxVWCVXbAfj1FEUJ1dXsvZeLmcqPaRJW7rYKkbEZkXVivXUHGpCj9R1MJiEGkjbXQXLgHTTOBin7zQWwhfSfyidgFIjvYZ0sVWUkM2KwHL6he6X9gIHWdQaUsy70CEd1iiXVvIsYhPri4vFJ32hoxWKKUjCVxO7ToVsVgS+/o7GDTeI3QnoeZY8j4KGdBSA9LuoSl97IdR8jE99kVIwuiIXrYoVvSgkE/prYSe0kKJd8PV3ZJpuzT3PwyXo6uDnkcbYl5JlnSshBcuV2i5hSN04pAnNNX9DiYPF1y+Z8xVuH5NOZC3tOmWK9wGFGhsluWdxLXGRrNiihnQUgPQblKzQmiMOwiedYMnMLhshTdrSe6s46v1JVjFYjnSD6InbUM0idxUsJdLm4+1x2Hy8poUvxJyvxoUqvWbFNh+PQrlBP484zGnUDUKy3p+LWdufJCy2uwqWjDhvPl7rMb49gqU1Uo0aOk4keN6Rl4Wd93sNJr9kJZb1fbM7p4Q4V4xL/bq5n6vUP7iyfXdq4MNmYapNn+FHnMu48N4qQfbn3yy8B0nQK8GgcL1RpbdsyJdUJpOp1fcGAABlIQnbSwIAQF5A+AAAzgHhAwA4B4QPAOAcED4AgHNA+AAAzgHhAwA4B4QPAOAcED4AgHNA+AAAzgHhAwA4B4QPAOAcED4AgHNA+AAAzgHhAwA4B4QPAOAcED4AgHNA+AAAzgHhAwA4B4QPAOAcED4AgHNA+AAAzgHhAwA4B4QPAOAcED4AgHNA+AAAzgHhAwA4B4QPAOAcED4AgHNA+AAAzgHhAwA4B4QPAOAcED4AgHNA+AAAzgHhAwA4B4QPAOAcED4AgHNA+AAAzgHhAwA4B4QPAOAcED4AgHNA+AAAbkFE/wE3LmoBviFqiAAAAABJRU5ErkJggg== + mediatype: image/png + install: + spec: + clusterPermissions: + - rules: + - nonResourceURLs: + - /addressgroups + - /agentinfo + - /appliedtogroups + - /networkpolicies + - /ovsflows + - /ovstracing + - /podinterfaces + verbs: + - get + - apiGroups: + - "" + resources: + - endpoints + - pods + verbs: + - delete + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - create + - delete + - get + - update + - apiGroups: + - authentication.k8s.io + resources: + - subjectaccessreviews + - tokenreviews + verbs: + - create + - apiGroups: + - clusterinformation.antrea.tanzu.vmware.com + resources: + - antreaagentinfos + - antreacontrollerinfos + verbs: + - create + - delete + - get + - list + - update + - apiGroups: + - config.openshift.io + resources: + - clusteroperators + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - config.openshift.io + resources: + - clusteroperators/status + verbs: + - get + - patch + - update + - apiGroups: + - config.openshift.io + resources: + - networks + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - config.openshift.io + resources: + - networks/finalizers + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.antrea.tanzu.vmware.com + resources: + - addressgroups + - appliedtogroups + - networkpolicies + verbs: + - delete + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - get + - list + - watch + - apiGroups: + - operator.antrea.vmware.com + resources: + - antreainstalls + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - operator.antrea.vmware.com + resources: + - antreainstalls/status + verbs: + - get + - patch + - update + - apiGroups: + - operator.openshift.io + resources: + - networks + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - ops.antrea.tanzu.vmware.com + resources: + - traceflows + - traceflows/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - security.antrea.tanzu.vmware.com + resources: + - clusternetworkpolicies + verbs: + - delete + - get + - list + - watch + - apiGroups: + - system.antrea.tanzu.vmware.com + resources: + - agentinfos + - controllerinfos + - supportbundles + - supportbundles/download + verbs: + - delete + - get + - list + - post + - watch + serviceAccountName: antrea-operator + deployments: + - name: antrea-operator + spec: + replicas: 1 + selector: + matchLabels: + name: antrea-operator + strategy: {} + template: + metadata: + labels: + name: antrea-operator + spec: + containers: + - args: + - --enable-leader-election + command: + - antrea-operator + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: antrea-operator + image: caorui/antrea-operator:v0.0.1 + imagePullPolicy: IfNotPresent + name: antrea-operator + resources: {} + hostNetwork: true + serviceAccountName: antrea-operator + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node.kubernetes.io/not-ready + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: antrea-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: true + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - networking + - security + links: + - name: Antrea Operator For Kubernetes + url: https://github.com/vmware/antrea-operator-for-kubernetes + maintainers: + - email: projectantrea-maintainers@googlegroups.com + name: Project Antrea Maintainers + maturity: alpha + provider: + name: antrea.io + version: 0.0.1 diff --git a/bundle/manifests/operator.antrea.vmware.com_antreainstalls.yaml b/bundle/manifests/operator.antrea.vmware.com_antreainstalls.yaml new file mode 100644 index 000000000..412a4ce5b --- /dev/null +++ b/bundle/manifests/operator.antrea.vmware.com_antreainstalls.yaml @@ -0,0 +1,92 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + name: antreainstalls.operator.antrea.vmware.com +spec: + group: operator.antrea.vmware.com + names: + kind: AntreaInstall + listKind: AntreaInstallList + plural: antreainstalls + singular: antreainstall + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: AntreaInstall is the Schema for the antreainstalls API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AntreaInstallSpec defines the desired state of AntreaInstall + properties: + antreaAgentConfig: + description: AntreaAgentConfig holds the configurations for antrea-agent. + type: string + antreaCNIConfig: + description: AntreaCNIConfig holds the configuration of CNI. + type: string + antreaControllerConfig: + description: AntreaControllerConfig holds the configurations for antrea-controller. + type: string + antreaImage: + description: AntreaImage is the Docker image name used by antrea-agent and antrea-controller. + type: string + required: + - antreaAgentConfig + - antreaCNIConfig + - antreaControllerConfig + type: object + status: + description: AntreaInstallStatus defines the observed state of AntreaInstall + properties: + conditions: + description: Conditions describes the state of Antrea installation. + items: + description: ClusterOperatorStatusCondition represents the state of the operator's managed and monitored components. + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update to the current status property. + format: date-time + type: string + message: + description: message provides additional information about the current condition. This is only to be consumed by humans. + type: string + reason: + description: reason is the CamelCase reason for the condition's current status. + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the aspect reported by this condition. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/bundle/metadata/annotations.yaml b/bundle/metadata/annotations.yaml new file mode 100644 index 000000000..ec596f210 --- /dev/null +++ b/bundle/metadata/annotations.yaml @@ -0,0 +1,11 @@ +annotations: + operators.operatorframework.io.bundle.channels.v1: alpha + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: antrea-operator-for-kubernetes + operators.operatorframework.io.metrics.builder: operator-sdk-v1.2.0 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v2 + operators.operatorframework.io.test.config.v1: tests/scorecard/ + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 diff --git a/bundle/tests/scorecard/config.yaml b/bundle/tests/scorecard/config.yaml new file mode 100644 index 000000000..e39a5d88b --- /dev/null +++ b/bundle/tests/scorecard/config.yaml @@ -0,0 +1,49 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.2.0 + labels: + suite: basic + test: basic-check-spec-test + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.2.0 + labels: + suite: olm + test: olm-bundle-validation-test + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.2.0 + labels: + suite: olm + test: olm-crds-have-validation-test + - entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.2.0 + labels: + suite: olm + test: olm-crds-have-resources-test + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.2.0 + labels: + suite: olm + test: olm-spec-descriptors-test + - entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.2.0 + labels: + suite: olm + test: olm-status-descriptors-test diff --git a/cmd/manager/main.go b/cmd/manager/main.go deleted file mode 100644 index 528a6218c..000000000 --- a/cmd/manager/main.go +++ /dev/null @@ -1,123 +0,0 @@ -/* Copyright © 2020 VMware, Inc. All Rights Reserved. - SPDX-License-Identifier: Apache-2.0 */ - -package main - -import ( - "context" - "flag" - "fmt" - "os" - "runtime" - - configv1 "github.com/openshift/api/config/v1" - ocoperv1 "github.com/openshift/api/operator/v1" - "github.com/operator-framework/operator-sdk/pkg/leader" - "github.com/operator-framework/operator-sdk/pkg/log/zap" - sdkVersion "github.com/operator-framework/operator-sdk/version" - "github.com/spf13/pflag" - - // Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.) - _ "k8s.io/client-go/plugin/pkg/client/auth" - "sigs.k8s.io/controller-runtime/pkg/client/config" - logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/manager/signals" - - "github.com/vmware/antrea-operator-for-kubernetes/pkg/apis" - "github.com/vmware/antrea-operator-for-kubernetes/pkg/controller" - "github.com/vmware/antrea-operator-for-kubernetes/version" -) - -var log = logf.Log.WithName("cmd") - -func printVersion() { - log.Info(fmt.Sprintf("Operator Version: %s", version.Version)) - log.Info(fmt.Sprintf("Go Version: %s", runtime.Version())) - log.Info(fmt.Sprintf("Go OS/Arch: %s/%s", runtime.GOOS, runtime.GOARCH)) - log.Info(fmt.Sprintf("Version of operator-sdk: %v", sdkVersion.Version)) -} - -func main() { - // Add the zap logger flag set to the CLI. The flag set must - // be added before calling pflag.Parse(). - pflag.CommandLine.AddFlagSet(zap.FlagSet()) - - // Add flags registered by imported packages (e.g. glog and - // controller-runtime) - pflag.CommandLine.AddGoFlagSet(flag.CommandLine) - - pflag.Parse() - - // Use a zap logr.Logger implementation. If none of the zap - // flags are configured (or if the zap flag set is not being - // used), this defaults to a production zap logger. - // - // The logger instantiated here can be changed to any logger - // implementing the logr.Logger interface. This logger will - // be propagated through the whole operator, generating - // uniform and structured logs. - logf.SetLogger(zap.Logger()) - - printVersion() - - // Get a config to talk to the apiserver - cfg, err := config.GetConfig() - if err != nil { - log.Error(err, "") - os.Exit(1) - } - - ctx := context.TODO() - // Become the leader before proceeding - err = leader.Become(ctx, "antrea-operator-lock") - if err != nil { - log.Error(err, "") - os.Exit(1) - } - - // Create a new manager to provide shared dependencies and start components - mgr, err := manager.New(cfg, manager.Options{}) - if err != nil { - log.Error(err, "") - os.Exit(1) - } - - log.Info("Registering Components.") - - // Setup Scheme for all resources - if err := apis.AddToScheme(mgr.GetScheme()); err != nil { - log.Error(err, "") - os.Exit(1) - } - - if err := configv1.Install(mgr.GetScheme()); err != nil { - log.Error(err, "") - os.Exit(1) - } - - if err := ocoperv1.Install(mgr.GetScheme()); err != nil { - log.Error(err, "") - os.Exit(1) - } - - // Setup release version - if err := os.Setenv("RELEASE_VERSION", version.Version); err != nil { - log.Error(err, "") - os.Exit(1) - } - - // Setup all Controllers - if err := controller.AddToManager(mgr); err != nil { - log.Error(err, "") - os.Exit(1) - } - - log.Info("Starting the Cmd.") - - // Start the Cmd - if err := mgr.Start(signals.SetupSignalHandler()); err != nil { - log.Error(err, "Manager exited non-zero") - os.Exit(1) - } -} diff --git a/config/certmanager/certificate.yaml b/config/certmanager/certificate.yaml new file mode 100644 index 000000000..58db114fa --- /dev/null +++ b/config/certmanager/certificate.yaml @@ -0,0 +1,26 @@ +# The following manifests contain a self-signed issuer CR and a certificate CR. +# More document can be found at https://docs.cert-manager.io +# WARNING: Targets CertManager 0.11 check https://docs.cert-manager.io/en/latest/tasks/upgrading/index.html for +# breaking changes +apiVersion: cert-manager.io/v1alpha2 +kind: Issuer +metadata: + name: selfsigned-issuer + namespace: system +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1alpha2 +kind: Certificate +metadata: + name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml + namespace: system +spec: + # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize + dnsNames: + - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc + - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local + issuerRef: + kind: Issuer + name: selfsigned-issuer + secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize diff --git a/config/certmanager/kustomization.yaml b/config/certmanager/kustomization.yaml new file mode 100644 index 000000000..bebea5a59 --- /dev/null +++ b/config/certmanager/kustomization.yaml @@ -0,0 +1,5 @@ +resources: +- certificate.yaml + +configurations: +- kustomizeconfig.yaml diff --git a/config/certmanager/kustomizeconfig.yaml b/config/certmanager/kustomizeconfig.yaml new file mode 100644 index 000000000..90d7c313c --- /dev/null +++ b/config/certmanager/kustomizeconfig.yaml @@ -0,0 +1,16 @@ +# This configuration is for teaching kustomize how to update name ref and var substitution +nameReference: +- kind: Issuer + group: cert-manager.io + fieldSpecs: + - kind: Certificate + group: cert-manager.io + path: spec/issuerRef/name + +varReference: +- kind: Certificate + group: cert-manager.io + path: spec/commonName +- kind: Certificate + group: cert-manager.io + path: spec/dnsNames diff --git a/config/crd/bases/operator.antrea.vmware.com_antreainstalls.yaml b/config/crd/bases/operator.antrea.vmware.com_antreainstalls.yaml new file mode 100644 index 000000000..9b9e054ad --- /dev/null +++ b/config/crd/bases/operator.antrea.vmware.com_antreainstalls.yaml @@ -0,0 +1,103 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + name: antreainstalls.operator.antrea.vmware.com +spec: + group: operator.antrea.vmware.com + names: + kind: AntreaInstall + listKind: AntreaInstallList + plural: antreainstalls + singular: antreainstall + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: AntreaInstall is the Schema for the antreainstalls API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AntreaInstallSpec defines the desired state of AntreaInstall + properties: + antreaAgentConfig: + description: AntreaAgentConfig holds the configurations for antrea-agent. + type: string + antreaCNIConfig: + description: AntreaCNIConfig holds the configuration of CNI. + type: string + antreaControllerConfig: + description: AntreaControllerConfig holds the configurations for antrea-controller. + type: string + antreaImage: + description: AntreaImage is the Docker image name used by antrea-agent + and antrea-controller. + type: string + required: + - antreaAgentConfig + - antreaCNIConfig + - antreaControllerConfig + type: object + status: + description: AntreaInstallStatus defines the observed state of AntreaInstall + properties: + conditions: + description: Conditions describes the state of Antrea installation. + items: + description: ClusterOperatorStatusCondition represents the state of + the operator's managed and monitored components. + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status property. + format: date-time + type: string + message: + description: message provides additional information about the + current condition. This is only to be consumed by humans. + type: string + reason: + description: reason is the CamelCase reason for the condition's + current status. + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the aspect reported by this condition. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml new file mode 100644 index 000000000..f6620d6e6 --- /dev/null +++ b/config/crd/kustomization.yaml @@ -0,0 +1,21 @@ +# This kustomization.yaml is not intended to be run by itself, +# since it depends on service name and namespace that are out of this kustomize package. +# It should be run by config/default +resources: +- bases/operator.antrea.vmware.com_antreainstalls.yaml +# +kubebuilder:scaffold:crdkustomizeresource + +patchesStrategicMerge: +# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. +# patches here are for enabling the conversion webhook for each CRD +#- patches/webhook_in_antreainstalls.yaml +# +kubebuilder:scaffold:crdkustomizewebhookpatch + +# [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix. +# patches here are for enabling the CA injection for each CRD +#- patches/cainjection_in_antreainstalls.yaml +# +kubebuilder:scaffold:crdkustomizecainjectionpatch + +# the following config is for teaching kustomize how to do kustomization for CRDs. +configurations: +- kustomizeconfig.yaml diff --git a/config/crd/kustomizeconfig.yaml b/config/crd/kustomizeconfig.yaml new file mode 100644 index 000000000..6f83d9a94 --- /dev/null +++ b/config/crd/kustomizeconfig.yaml @@ -0,0 +1,17 @@ +# This file is for teaching kustomize how to substitute name and namespace reference in CRD +nameReference: +- kind: Service + version: v1 + fieldSpecs: + - kind: CustomResourceDefinition + group: apiextensions.k8s.io + path: spec/conversion/webhookClientConfig/service/name + +namespace: +- kind: CustomResourceDefinition + group: apiextensions.k8s.io + path: spec/conversion/webhookClientConfig/service/namespace + create: false + +varReference: +- path: metadata/annotations diff --git a/config/crd/operator.antrea.vmware.com_antreainstalls.yaml b/config/crd/operator.antrea.vmware.com_antreainstalls.yaml new file mode 100644 index 000000000..9b9e054ad --- /dev/null +++ b/config/crd/operator.antrea.vmware.com_antreainstalls.yaml @@ -0,0 +1,103 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + name: antreainstalls.operator.antrea.vmware.com +spec: + group: operator.antrea.vmware.com + names: + kind: AntreaInstall + listKind: AntreaInstallList + plural: antreainstalls + singular: antreainstall + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: AntreaInstall is the Schema for the antreainstalls API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AntreaInstallSpec defines the desired state of AntreaInstall + properties: + antreaAgentConfig: + description: AntreaAgentConfig holds the configurations for antrea-agent. + type: string + antreaCNIConfig: + description: AntreaCNIConfig holds the configuration of CNI. + type: string + antreaControllerConfig: + description: AntreaControllerConfig holds the configurations for antrea-controller. + type: string + antreaImage: + description: AntreaImage is the Docker image name used by antrea-agent + and antrea-controller. + type: string + required: + - antreaAgentConfig + - antreaCNIConfig + - antreaControllerConfig + type: object + status: + description: AntreaInstallStatus defines the observed state of AntreaInstall + properties: + conditions: + description: Conditions describes the state of Antrea installation. + items: + description: ClusterOperatorStatusCondition represents the state of + the operator's managed and monitored components. + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status property. + format: date-time + type: string + message: + description: message provides additional information about the + current condition. This is only to be consumed by humans. + type: string + reason: + description: reason is the CamelCase reason for the condition's + current status. + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the aspect reported by this condition. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/config/crd/patches/cainjection_in_antreainstalls.yaml b/config/crd/patches/cainjection_in_antreainstalls.yaml new file mode 100644 index 000000000..f80afe773 --- /dev/null +++ b/config/crd/patches/cainjection_in_antreainstalls.yaml @@ -0,0 +1,8 @@ +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: antreainstalls.operator.antrea.vmware.com diff --git a/config/crd/patches/webhook_in_antreainstalls.yaml b/config/crd/patches/webhook_in_antreainstalls.yaml new file mode 100644 index 000000000..7ef7fabd4 --- /dev/null +++ b/config/crd/patches/webhook_in_antreainstalls.yaml @@ -0,0 +1,17 @@ +# The following patch enables conversion webhook for CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: antreainstalls.operator.antrea.vmware.com +spec: + conversion: + strategy: Webhook + webhookClientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml new file mode 100644 index 000000000..00ee4a76d --- /dev/null +++ b/config/default/kustomization.yaml @@ -0,0 +1,70 @@ +# Adds namespace to all resources. +namespace: antrea-operator + +# Value of this field is prepended to the +# names of all resources, e.g. a deployment named +# "wordpress" becomes "alices-wordpress". +# Note that it should also match with the prefix (text before '-') of the namespace +# field above. +#namePrefix: antrea-operator-for-kubernetes- + +# Labels to add to all resources and selectors. +#commonLabels: +# someName: someValue + +bases: +- ../crd +- ../rbac +- ../manager +# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in +# crd/kustomization.yaml +#- ../webhook +# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. +#- ../certmanager +# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. +#- ../prometheus + +patchesStrategicMerge: + # Protect the /metrics endpoint by putting it behind auth. + # If you want your controller-manager to expose the /metrics + # endpoint w/o any authn/z, please comment the following line. +#- manager_auth_proxy_patch.yaml + +# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in +# crd/kustomization.yaml +#- manager_webhook_patch.yaml + +# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. +# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. +# 'CERTMANAGER' needs to be enabled to use ca injection +#- webhookcainjection_patch.yaml + +# the following config is for teaching kustomize how to do var substitution +vars: +# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. +#- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR +# objref: +# kind: Certificate +# group: cert-manager.io +# version: v1alpha2 +# name: serving-cert # this name should match the one in certificate.yaml +# fieldref: +# fieldpath: metadata.namespace +#- name: CERTIFICATE_NAME +# objref: +# kind: Certificate +# group: cert-manager.io +# version: v1alpha2 +# name: serving-cert # this name should match the one in certificate.yaml +#- name: SERVICE_NAMESPACE # namespace of the service +# objref: +# kind: Service +# version: v1 +# name: webhook-service +# fieldref: +# fieldpath: metadata.namespace +#- name: SERVICE_NAME +# objref: +# kind: Service +# version: v1 +# name: webhook-service diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml new file mode 100644 index 000000000..33b56f112 --- /dev/null +++ b/config/default/manager_auth_proxy_patch.yaml @@ -0,0 +1,24 @@ +# This patch inject a sidecar container which is a HTTP proxy for the +# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: antrea-operator +spec: + template: + spec: + containers: + - name: kube-rbac-proxy + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 + args: + - "--secure-listen-address=0.0.0.0:8443" + - "--upstream=http://127.0.0.1:8080/" + - "--logtostderr=true" + - "--v=10" + ports: + - containerPort: 8443 + name: https + - name: antrea-operator + args: + - "--metrics-addr=127.0.0.1:8080" + - "--enable-leader-election" diff --git a/config/default/manager_webhook_patch.yaml b/config/default/manager_webhook_patch.yaml new file mode 100644 index 000000000..738de350b --- /dev/null +++ b/config/default/manager_webhook_patch.yaml @@ -0,0 +1,23 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert diff --git a/config/default/webhookcainjection_patch.yaml b/config/default/webhookcainjection_patch.yaml new file mode 100644 index 000000000..7e79bf995 --- /dev/null +++ b/config/default/webhookcainjection_patch.yaml @@ -0,0 +1,15 @@ +# This patch add annotation to admission webhook config and +# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + name: mutating-webhook-configuration + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) +--- +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + name: validating-webhook-configuration + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml new file mode 100644 index 000000000..b291429a0 --- /dev/null +++ b/config/manager/kustomization.yaml @@ -0,0 +1,14 @@ +resources: +- manager.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +- name: antrea-operator + newName: antrea-operator + newTag: latest +- name: caorui/antrea-operator + newName: caorui/antrea-operator + newTag: v0.0.1 +- name: controller + newName: antrea-operator + newTag: latest diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml new file mode 100644 index 000000000..29f654c53 --- /dev/null +++ b/config/manager/manager.yaml @@ -0,0 +1,49 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + name: antrea-operator + openshift.io/run-level: '0' + name: antrea-operator +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: antrea-operator + namespace: antrea-operator +spec: + selector: + matchLabels: + name: antrea-operator + replicas: 1 + template: + metadata: + labels: + name: antrea-operator + spec: + hostNetwork: true + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node.kubernetes.io/not-ready + serviceAccountName: antrea-operator + containers: + - command: + - antrea-operator + args: + - --enable-leader-election + image: caorui/antrea-operator:v0.0.1 + name: antrea-operator + imagePullPolicy: IfNotPresent + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: "antrea-operator" diff --git a/config/manifests/bases/antrea-operator-for-kubernetes.clusterserviceversion.yaml b/config/manifests/bases/antrea-operator-for-kubernetes.clusterserviceversion.yaml new file mode 100644 index 000000000..6339e01c1 --- /dev/null +++ b/config/manifests/bases/antrea-operator-for-kubernetes.clusterserviceversion.yaml @@ -0,0 +1,81 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: '[]' + capabilities: Basic Install + description: An operator which installs Antrea network CNI plugin on the Kubernetes cluster. + operators.operatorframework.io/builder: operator-sdk-v1.2.0 + operators.operatorframework.io/project_layout: go.kubebuilder.io/v2 + name: antrea-operator-for-kubernetes.v0.0.1 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: AntreaInstall is the Schema for the antreainstalls API + displayName: Antrea Install + kind: AntreaInstall + name: antreainstalls.operator.antrea.vmware.com + resources: + - kind: Deployment + name: A Kubernetes Deployment for the Operator + version: v1 + - kind: Network + name: Openshift's cluster network + version: v1 + - kind: ClusterOperator + name: antrea cluster operator + version: v1 + - kind: AntreaInstall + name: this operator's CR + version: v1 + specDescriptors: + - description: AntreaAgentConfig holds the configurations for antrea-agent. + displayName: Antrea Agent Config + path: antreaAgentConfig + - description: AntreaCNIConfig holds the configuration of CNI. + displayName: Antrea CNIConfig + path: antreaCNIConfig + - description: AntreaControllerConfig holds the configurations for antrea-controller. + displayName: Antrea Controller Config + path: antreaControllerConfig + - description: AntreaImage is the Docker image name used by antrea-agent and antrea-controller. + displayName: Antrea Image + path: antreaImage + statusDescriptors: + - description: Conditions describes the state of Antrea installation. + displayName: Conditions + path: conditions + version: v1 + description: An operator which installs Antrea network CNI plugin on the Kubernetes cluster. + displayName: Antrea Operator + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAAT4AAAD2CAYAAABP9OtdAAAACXBIWXMAAAsSAAALEgHS3X78AAAgAElEQVR4nO2dW3BV15nnv6MrQkYSCgILDMJAwAW2uZjuGCdpZHdNTdpJF6SmUpPqh7bS/dTVXRVlV6GXfrDy0C9QdUKqZmoe5sFyP/SkH6Ysz0zi7nRPLNrtS/mCwcYUJoCRMchcjCVhQPfT9W2tLR+d9a2917mfvdf/V5XgWmfr3PY+//3dVyqTyRAAALhEHc42AMA1IHwAAOeA8AEAnAPCBwBwDggfAMA5IHwAAOeA8AEAnAPCBwBwDggfAMA5IHwAAOeA8AEAnAPCBwBwDggfAMA5IHwAAOeA8AEAnAPCBwBwDggfAMA5IHwAAOeA8AEAnAPCBwBwDggfAMA5IHwAAOeA8AEAnAPCBwBwDggfAMA5IHwAAOeA8AEAnAPCBwBwjgacclAuPG9gDxF1ENFm9T8bRviYdProCE4MKBepTCaDLxcUjRK5XiLao/63uwRPO0FEp5QY+v+m00fHtaMAyBMIHygIzxtgS+6w+h8LXnuFvsnTSgiH0umjp7RHAbAAwgesyRG7QzXwzY0S0TBEEOQLhA9E4nkDHJ8bVIJXKcsuX9gSPJ5OHx3CGQVRQPiAEc8b6FWCd9B0TA3CVuBxZQUiHghEIHxAQ1l4QzETvFw4MdIPCxBIQPjAEiqGx9bScwn6VtgC7EN5DMgGwgd8PG+gT4lercbwiuVlJYBwfwGEz3WUlTccc7fWlgklfsPxeLugXED4HMbzBg6rWF5JrbxMQyPNtLXTzfb1NLGila63tNFsUyPdXdupHRvQMD1LD9y8TatmZ6jrzhfUMXOHWu98QY13JrVjS8CLKv4H689RIHyO4nkDnK19vlSf/v669XR1VTddXNMdKnD5woL40NgYbfxyjDpvXaH6+/dK9dSnlfWH+j8HgfA5hnJth0pRgMxid6mzhy5u2kxzzY3a44WQuT9LdZdu0ezUDDU80aM9w+O/fY02Tn5KzU3z2mMFwK7vYSQ+3APC5xBK9EaK6aNlN/ZW9xZ6e+summ57QHu8ECavTtCK0VvUeOEGLVxZ9D4XDmyhxmd2aM+W+fs3/WO2ts3SxtVT1NU2pR1TAD9B2YtbQPgcQQ0R4KC+bkZZwIL3+aYd9M43HyuJdZf6aIymz1+nuau3qXliWns8SvgCOpoW6NG196h79X3t2DyB+DkEhM8BlOiNFJrEuN2znf79kSdKIngzv/mQ6t//TFvPJfO9naKrO/93r2hrpATwDx66Qx2tM9pjefDLdPpof1EfEMQCDCJNOMWI3nTnGvrXAz+gkd1PliyG13jrK21NpGOltGpkfKaO/uVSO711aTVNz9SbDovip6qeESQcCF+CyUpk5C16Y1sepV9/51ma7MovQ3vv9j2aeeMizb03qj1WLJz4iOLK3Qb67YXVdHb9Hppd1RZxtMgLEL/kA+FLKIUmMuZbVtKrT/2A3nx0n/aYCRYkFrrp//kaNf+PE1T/6nnKTMhJh5npOW1Non59h7Y6f82u7G5qPkUnt2yj//v0Yd9NL4AXVI0jSCgQvuRyPF/RY9f21390iL5cY2fl+dbdS6do5r+PUOqfzlLDja/d2KZ1srWVfUwYqZbiXOuVnYuuMrvpv3/0Se1xC4ZUmAAkEAhfAvG8gf58Bw2Mr3/Yd21tYnlzF2/62VXfujs7Rg2CFTe7ovTbuTRO6a8jMbd2eZnNh1u2+1YsZ6bzgMMDw8pyBgkDwpcw1Ay9X+TzqVj0frf/u9p6LoHgpX717rKSklIz3d4sPuPMdbv2taZmXXTZih35w/+cr/j1qBgpSBgQvgSRlcyw5vL2fZGixy7t/D++U3bBC2hpa9HW8mF2lfz3BYrfIWVBgwSh3xpBnBnKp0CZLb2TjzyqrWcz+7uPqf7kp0SCO1tpMlOLNXpzzQ3UpNzZuYcW45GpnsV/G7Z2UVgxSyB+vW//M6XmorPEikHPGxhOp49e1h4BsQTClxCUi2vdf2vj3rJrW/fmpYq7BbNrHqAmbZVo7smt1PTsY8uErZAUSAHi165uKr3aIyCWoHMjASgX95Sttcf1bVzqYQO7uHThVt5f0t2+p6htw/LyQe7JbR16w/9vjuOxS8sWW6p9hV+wzCUsxWZz8+GxS+fpm2feyudP0NaWEGDxJYN+W9Hj+NYrT31fWzcx/Z92UfOFE4ZHzeSKHrOqcyXN/3i/L3ArlcBVTuZ0ONvbdfs6dVz7RHvMwHHl8mKOX8yB8MUcZe1ZB9/f3tubV/sZ18PN7Oz2y1ZsYWtOajhja45jcNWCkzRNX96lzOhtqrs5SXOTU3Tu7jg9ucX6DbWr73pQewTECmR144/1PhncxXC1u1tbZ7gQmWN6EnMHo7sfWOx4ogq7uCv/5hnt8Uph/AwXb/p1h5yZ5rglu+9cTM0tbhdv5DVeqx+1ffEHFl+MUdtAWhUqcyvav+14QlunYGLK2TGavnqbGgTRMll9nF1N7XyQpnZvWnJty+m6BhYbFzIHNX0Nn932/w3KbFL8f3/7J9rfhnHyegutWzVFD7RYZa5h9SUACF+8sXZx333027SwQpcl7rENxkTxXDwuX5Hm4LHVFwgfW3dNB7ZS0871vvsqZWALgXt+uR/XlORgi81/L1muyoJ2VGGcGVtFT2750vZv2eo7jlhffIHwxRTlbllNEfmqa4Po4rIFxQMFsi+ChZOfUubAFk14AquvbtNqWinMycuHQOA41paZuE+Nd+4vs9ju/9XBpeRH9nuV+zksGQ/fq4Nd3p4vW2wHmsLqizkQvvjSZxvbO7HrW9oa0/L/TtNCTmEy993Ovv8pNT21VTu+6YfF9eyzdTnz5kXfskwFbqlgtQUDBpa99pd3tTUJ7tOVCph5WkxKW13OmRsraW3bNNXXW9mRfRC++ILkRnyxcnO5UFnaG4Nn5pnaz+ZOFjdLzzQ3j8VHGjNfSqQ+XVt4mOnlL3TRNdCD0VXxBcIXQ9S4JCt/8/Xte7U1FqbMG5e09QDfIvvIvnyFcmbyzf7TR9rj/jET0W7knEm4IlzVUnH21gqan7f+WWBgaUyB8MUTqx8cb/8oWXtzb14SR0kVQjCTbyH9r0sz+VLt8pAAjuVF0bRWf7+krMViCLK/UfAQ0xuT1tHEQyhtiSeG2yuocaxcrFMb5QEEnMAw3fHY4qp/ejtldunJkGy4/WzV/z9LzQZ3uVqY+nzz4f2pTnqw4YZtH+9hjK6KHxC+mGHr5nLd3tj6B7V1dkfDrD0WPWl3s2zYwms9O6YlJQIyRQwhXWDh1Vbt3GQmtcJe9jgRwjHB7H5h7ixh23L03BnafP6k9jcCEL4YAuGLH1bW3u01G7U1pv6ja2bBMmzpqB136462lk2dYey8KZmy7JiuNlH4/JIXbdWe+V3rKcMC19NJ91Y0+QXXwevoFYNEHzy8w1b4MLElhpg8HlC7WP3QTj/0TW2N43Em8Znf+5CV6DENbSu0tWrBrnndxg6a39ntt8wFc/m09/xEj1+YzRadNEAhF+5n5j1ILGjH3hzxAxZf/DgY9Y7ZzZW2hWz6xNDHuvYBan72MW3dBFtldSGjqmZWt2oXlqnERXuP69rINCiNBS53jFWzKnQuVfdINlc6e2jbbfPnzOKwGgsGYgKEL0aoYaOR3Fm9TjwkdeGGtsZMP/t4cV0ROUgFyNypEVVATGqTIumiTP35Af9fyS0tF+e+0U3bLlg9OSy+mCFdY6B2sfqBXW3XkxrM3JVx7YSzi2ty/TiJIXVr+O7km3Id4JwhOWGCrc3Uhg4/LjjzcJcompUkGITgs7XLn19okd3VvyRQ00D44oXVD+zi2vXamt/rmpPN9feuePoR7VhSnR3+UAJB+MIw1uGN3vYtvkDomnvW0MKWNUuuKlXwYgx6hbkomusDg9l8XIMYWL6c6GGmvtFFLdevac+RA3dxdGBoQXyA8MWLzVHvli2UufZWbb11bIJyi1jq9m3ShhFQMLwgpLMjDFM5yuyejUR7Ni5ZdJmsXt1yw5+H+5Ipd3xV1r+5PwS2Pnntessa2kyRwkfqpjSirYKaBMIXLyLNr5k2g9t6fVJL4TcckEcPS8MLbDGVo5TDhQ3c0gWezTd+jxpvfbUUC8zGP8aQzZZgSzh4v1e+0U2bL38gHKUReVMCtQOEL17IqpbF/RWrtDUSCoC5/KNesPZ4UnGqwG4MntPXGpKVLRTuEmkfv7co3oJbGgjtTHODmKThwaX5yHjDxq+70O416t+RAQhfjIDwxQTbWrHxJln4cguA6x7foB3D1L9+Ie9C4WAwKc/pK8eefdwax4mZwGI1XbSm+KJk7YYxv7FzSUzvrtXLggygZzdGmK4hUHtY/bDutujxPWZmem7pZPubAQmb/vgJkDysvWzBKxS2MDnxwUME6p7YLPYI35+8L1py5WKqZ00hdYHI7MYICF/CuN4it4uxa7j03xtkK6bhrYvamgS7jrPf21mQ4LHbumL0FjVeuOHH3YKBpGxl3vnjlSS9e9sZfqYBBewe50NueQ/vQ9x4J7/nALUNhM9BmrevE13SuUs3lyUm6jbKRiZbZflcOGxJsqjy87cqEZPcaame0I85aqsypgEFddNz4utJSJ95oVF+XhBfIHwOcre7Xdv31ndzyzQdufHUFap7/zMx2xtgGhmfzwBSU7tbPq4yt8RVc5NzUBkwpMAx/PieUFoi9fGyCJQCmyGgqTVyUiafAaSzhnFY+Qi6acgBSBYQPsdoaZOnI0sCk89cPXZJ2WqUmMmKLxpZJwuf7eRkhocW5GJ6TyYahKQPSB5wdR3D5MqxwOTGwUxz9bIJuiK49m+lsJE3t4eFDT6Nei0WTZuLlIuOm4W6RGl3tiCOx8kQjgsG0178OX3a0SCJQPgcw2TF5cbBuMC5KcL64c3Hm9+85AumKUZXd+mWJqgSkqUl9RebMNbwrW6lph/vXxo+mk1uysIkenWzM9oaiDfyrwDElk2Tt2ic9LFUHNvjWJfJssqOg/miFzKcgEtSmn/zwbISGVOMzqZ4WMqkkqG/OHtcPIs4fx5J1AL8eGanXCZjC0pZkgeELz5ctnmnDYYRShzbW7AI8vvC8r1d2noAbzvZ/MoZzX2t27RaO5YMLrT2mgb3m5MVC09vXxxZtbrVFzFpXHyNuKcYUBAjkNyICen0USvh65iR98PgeJYJtuBIxcnm/8sT4sQWUhsVzQ2f0kSP1DQTiajEBlui93fI8wPZ/W16aqv/r5SJrgStN+yTKyA+wOKLFxNRgwpapmThC1xcKfO5cmoxhpV6aotRYFj0eN9cCVOJDAtqa+4MwKx5fH49ofB3tUTXvXDhzsLqxgRqAwhfvDgVtedGs2GPCLbIOHlhsuY4zlb/1FZtnSJEj0Ja4Lg1zTR4lAuNKy15XHLD8Bir1NScP7Em2OT8/g92iyLcOWlt8UH4YgSEL15ECh/TdP02zaxbLkb8o542ZF4p+OFrq8pqCxE9CmmBYzeVlJhWcvBoAGedFy7eWErCBK+f/R0shFiszLr78o0kl3T6KGJ8MQLCFy+srIqHJ7+gj9fpVlhqlz6SnlQsTboQ/Bq8l97T1nNhS64SosYWGw9I4ExxYK1xDHH+L74tCtfCyU/FeGQuDVvk+CSz4gu9o0VgVF8CtYx0vYPaxWoLww0Tn9PHpO+rO/dIt1a7Fsbsq+dC273YUmrY1yMONC0Gf7LyJzf9bhLOCvs1hhPTi3t2ZGXk/Gzx2gdE0ZPiiyamdm8SvxdObFhsNETYWjJ+QPhiBLtTnjcQ+Ybbb3ymrZFyd9mKM8X5svGLh9+Xn4fjgTw7r16YnVcKGk6cp9TZsaVxVWEDBkxWLMcXbWDxNtUA7rhttdcGoZQlfkD44seJqDgfWyltN2+Lm4rbiB4p8cmFC5vnDm5fFFDtUTuCwaPsqkpF0izMmYtW7qWPyYrNfGQnWo075UnUzIYxu011IXzxA8IXP4ZtEhy7P/s9vdb1LW3dBt/a460lFdmCJ4lMGIHbypuZ+/v6Ts/5llywfWMu82evWcXlfLatEd1c//1H1A8G8O5v0q2gYeKubcfGRDp9FK5uzIDwxQ8r66Lz1hUiKkz4eH4eFSF4/uDRc2O+1ZUtQMtG3xumN8+8eTHUtc0ms1/e38d2kjS77JJwMo+PfaKtGRiWl0Etg86NmKGsi8gsYv39e7T58qfaug08qj3z4/2+K2oShlD+4S2qf/X8sl7ebHifDgl2g8OSKdmwaEmDDUhNkrZh3hAfZDZeOaetGYCbG0Ng8cUTtjJ+GvXOd312hi5v3qStR1H/X/8g4ggzUeLFgpUyWHs8bXlB7fXL05S1waLj95bmBt7d8aDYo8vF1mGvHxBmdXZf+9y/cVgwAYsvnkD44smQjfBxF0fz5Fc03Wbu0y2EsMzwwgdXjUXS5G8otFMULKYhS4gyERen/Or2rrLJ6mT2XTqprRkYTqePFrYJMagqcHVjiHJ3T9u882+ff19bKxQWPL8b4v/IsXx+vD4rKZILW3Om0pFS0fKX3/UTJ6ZRV6SGMdTvlN1ctvZMbX8CQ/oSiANhN1VQ2xwnohei3mHHtU+o9caufDbGFpl54yJl3rjkZ1xNGdnZ9z81Wnt+L/AzO7T1UsOWqG85PtFD02p3t8zZz5dlinkYg8lizcPaG0WbWnyBxRdfhlWMKZLe828V/CH9vTT+2+8WkxXTc4vdGobY2NxJOefCgwroR/u19XLjZ6OffYya/rrXtzbZ0vM3QTcMY8jT2juurYDYAOGLKSq2ZPXj4x/zjiuyKJlgt3X+H9+h1K/eXZYsMMXG/AGlQlIhasZfJeDXbnxmhy+A9GdPGl9x/8fWN4gJuLnxBq5uvGHh64+a0cc8cu4d+n3XelpYES1ALGLTwpTlsEzownv6/AS29KaffZzaQkpiuOaPR8xnDx4IenMDokbh28ICuNIgwAfOnMxnxPxxJDXiDYQvxvCPz/MGWPyej/oUXJ7xRx+/RyO7zRYPBV0PPGVZe8Rs7bE7zLusZcMxvaYf7Rd3Pgv+Zv6lU/5mQrmDB5ZtevT0dqNrysy8dMpvcUtt7aK6xzcYa/vC4Pa+7ktnQo5YxgTc3PgjXd8gXlhbfZ2j52lHZzd9vFG22kjFxWae3u7H9LJh663ZYO3Vv35haV8Ndm3r9m0KTWT4mxW9JI+wD1iyFkOywFyzt5RF5n/PjtE9NTGmce8ma/f64Jl/09ZCgLWXAFKZTKHt5qBW8LyBQRurj8k0NNJvvvOnkbV9M7/5kOqzprNwJ4dkTfnW3q/e9f87u8XNhC96/+tto+j5yYcDW40JlKXXjZgKHQhwY4gAM8+8+5qf+baEM7lynxyIFRC+hOB5AxxkC1cLxeyqNvr1ge9HxvtY1GZe+ZCau1YZuzk4ATLf1BgpeBQhev6+vPs2RQoeWYheNpzNNYnfY5fO0zfP5JXx/mE6fRSdGgkAwpcQPG+gl4hetf00X3VtoN8e+GNtXSKsU8MWFqt5VRKzxLY1NL+x0x8tZdsTzDG9sCLpbMKSIhvGxuhb7/yLth7Cy+n00cPmh0GcgPAlCJXoiGxlCxhf/zD9bv93tfVS42eJz1+nVHuL34M70bEyNHYnwUmX+v/9nnHwQS5horf61m3qffufbacrk0po7LHd4hPUPhC+BOF5Ax1qDLqVy0sVFL9iyO4asSEsE1yA6BFc3OQB4UsYnjfAZk5eDbq1Kn5LMUahMFrCT4z8yWNiEoYKF70X0+mjfdoqiDUQvgTieQN9Nn282bD4jTz6pFWBc7nx44G8Q5qlW8vM732IGp9+xBiL5M6VnR++ka/o8SCIXpSvJA8IX0LxvAFuqXoun0/H2d5Xnvo+zTXL4lFO2LrjkVZcjGw9el4VSps2Aw/Yd+4MbT5vPXwgYEKJnjyKBsQaCF+C8bwB/tHuzucTcp3f23t76Wp3eXZQC/CF7vok1V+5vbQXRz5w8mLqDx8OTZLUTc1S75m38qnTy2YvRC+5oHMj2fSq0ejW4seuIJd53Ny4g17bm/+eHf7mQl/e9f+bhS01tShouX24vOFQMMLK+iLctoYy29b6s/R4L9+wfUC4XGX/mddtJynn8hOIXrKBxZdwVKY3L/ELmG9ZSW/v+g6NrX9QeywMLlRecfpTylwdzytOlw13XjStfYDmHur0S2AWtqwxxu+yaZiepe+ce89vzysQFj1MXkk4ED4HKEb8SCU+Xt++t6AR9v54q2vjS9Yfb2RUl+XWLjQ30ELX4jD6VPsKoo6VVL++o6CC6V0Xfk/bz7+bbwIjG4ieI0D4HKFY8WO+ePBhen3HPpprb9UeqyYseNs+OV2oWxsA0XMICJ9DlEL8SFmA7/bsosmu4sbZFwO7tDuuXC6F4HH2th+i5xYQPgcppNRFgstfrnZvow+6H66YFch7BW+5NUrtNz4rxqUNQMmKo0D4HMXzBniG3y9K9elZBK+v2UyfdHbTzQ3rtMcLpWHiLm29cY02THxeKrELQHGyw0D4HEZNdBnKp7fXlunONXR/xSoab1pFV77RTbMZoq9WPWC0DDs+u+7/u2Fqklrv36WuiWvUNDlRSqHL5pfp9NF+bRU4A4TPcVTcj8XvkAPfBO+41IdtIQGED/h43sBhNca+5NZfjfBLIhqEawsIwgeyUdZfv+0Y+5hwQgkerDywBIQPaHjeAO8rMViKzG8VGVWChzIVoAHhA0ZiKoAQPBAJhA9EogSwz3YbyyrxMidpMCkZ2ADhA3mhkiB9NZIFPq0y0sPYDwPkA4QPFIRKhHAd4GH1b6WywZysGIbYgWKA8IGSoNxhFsA9Wf8r1i1mi+6y2kBpBJlZUCogfKCsqO4QUmLYEfFaLHBcZ3cZ1hwoJxA+AIBz1OGUAwBcA8IHAHAOCB8AwDkgfAAA54DwAQCcA8IHAHAOCB8AwDkgfAAA54DwAQCcA8IHAHAOCB8AwDkgfAAA54DwAQCcA8IHAHAOCB8AwDkgfAAA54DwAQCcA8IHAHAOCB8AwDkgfAAA54DwAQCcA8IHAHAOCB8AwDkgfAAA54DwAQCcA8IHAHCOBhc+sOcd6SeijpzlU+n0sWHt4NK9Zi8R9eYsD6fTx05pB5f/dYfS6WOXhWP7iGiz9iSVYySdPjYivC/pM+TLOJ9j9TeXpc9fCJ53hL+vvip8V+I5LBTPO8K/h37hz0v6OrVK4oVPXai/0B4gGmUh0lZLB/9wn895tn5+P+n0sfEKvy6Li3Qx8w/4oLZaWTThM3yGovC8I6PqtYaLvOFtLvV7s8R0Dgulz/A5qiXsFcUFV3dQW1mkR1k8laS9zGILzPQQ0XNE9JLnHblchXNfa0jWHvOcsgYTTaKFT53Aw9oDX2M6+eXkoOcdMYkxqAwsgi943pER5RE4hRL9npDPXI3fRUVJusXXr6wsE7tVPKnSPO95R8IEGVQGdvNPed6RPY5931HWbuKFL+kxPht3ps8QZyo3Q/yDq3IgWUr62PBqzjGnC/yx5PPZf5aVrLBlj4pZ8c1tt+Fv+MbIll9vEYmnF/l8aqulpSRJMXWjj4rrtrNVmE4fK/dnqhqJFT4Lcz6AYxqDVRCgIN5XNWuj0B+65x3JXRqXsrMl5lQBr7F0fFY2VvICAvErNPF0uQKfv1TYxjYHKyDmVSPJrq5kgbyorBObYysBu9rHq/TaTsE3tnT62KC60ZwQPjuLX6LPhRJ/TvDk8nNtZTH5V40wUEVIpPCpEya5NoOGi7uvQpmsCW2F6KeI91UOJYC96iaYy3MJT3ZIN/hRdUOQvg/p+ESQVItPOmEn1EU/pGr4smmvUO3SoEH8hhwMsFebfuE6IMO1E3vUjV26xgNDQHJrDyX1RpA44VMn6pD2wHJLTzrJlbjgTxlep12JX+Lrp2oFFcuTyoqSan0fFmKbE8FvQcUopRCA9B3FniRafJKwjOZU60vubkUKmpXFKbkVuw3vC5T3XOTSk9AbkCRgQznJHOn7OJzE7yNRwhdizi876epkS+Ij/W056DckWZ5DR0HFkaycRIUdVAxZqnBYdqMNCQNJxkSsSZrF12cw56U2MekOeLASsTYlvIcN8b7jiPeBEiMJ14uGEi7J6kvczThpwied4ONSbZY66dLdXnqOkqNeX7qgEO8DJUPdRKWCZUngSFmBuTfkavS1l5XECF9IwbLpBJPB6qtYSYOKO/5Se2Ax3hf2vkHpSPoNRrqRnzAVXCsjQfKQpOeJLUmy+KQ7ksmc91EnXyppkJ6rLKTTx0zxvkNqjiAoE+oGp9V7mkQhboQULEfdVCWDoFp97WUhEcIX0n9okyWVTnJ/hV1NU7zvF4j3lRXpBifdhJL0+bjCIVT4lLHwsvaA/HyxJCm9utIJOWHZizqsBDI7KdKuxCj0AikVfKGpzFtu87///tQwAy1OCQpH3VCkQZyFnPPeMo0au1zkoADJY7AtmTou1MNWq6+95MRe+ELMeasTzIKi+mVzfwQVbdJm98rzjvxceB896n2gra1EKNGT3NmJAs/5QYPHUSwnCr0GVcxbqnCwej51PY4KcfN+g6DGiiS4upK1l1uwHIV0MfRUuodW9UxKmeZDGF5aGlTcdEQQBWYwQZa1dL3kFiwX8hyV6msvK7EWvpANU6QTZkSZ7lJBs/Tc5cYU73s+ydMyyglbeCx4PHJe7b8iid7L6fSxRHTOqOtEqnDI6/MpNzv3WqxUX3tZibura+o/LGRfi+OCy3xQzWirWExDud5h8b5yb1ZUq3BhdyGfe49wjeRyOmFFutKNP7TCIQQpDNQf9/bKuAufdILFguUoOBHieUdOCLGawUr/KFR85WfC7nDB8FIXLT+t7KREcPayr8ibyc9VmKLqqJi3FG+Uwjk2SMLXE/cJzbF1dUP6D4s5GdLfVmXXKeV2SSUF2KyoNLBn8LN0+tjhhFnQ0rVhLFiOogb62stCnGN8UvytUHPex9CkbXqtStBneD/YrKhwJtTE4c1JiekFqBu0VMa1YrsAAAQxSURBVOEg3dDzQRLTivS1l4tYCl9I/2EpLmTpOaoifFnDDCSGXNwasQAmVKacWwN/mE4f62C3NKFxUuk6jSxYjqLafe3lIK4xPukLZ8uoowSZT8lirNquUyr2GBbvc6Wz4+kod03VY/40Z9kfq1TEDmpxQnI/T5WoGmBEMDZiW9AcO+ELMed7DJnQUlG1XafYJVNWbu7n9jcrUv2+zsPfg2G/lSG1fWRis+EhQzoOCR0YpaTP4ArXNHF0dav1I6/2rlOmYQbYrGg5ktWzO6kj1LOo1u+i0n3tJQHCF5PXVtZKn1BQStis6GuUS/sz7YHFG0Qiy4AMVm6laA+JQ9cssRI+Q/9hJanqrlPqRy2JL4aXZqGytVIwfjih35F0TVSS2FnTcYvxSV/wCUPDeSmQ4iYVL2jOhhMs6g6vxftURjr2kzNKxGH1XeRO3UnUwIeQXQVfLOO1IBU098ZpjmFshC+k/7CvXFkl1dv5Qs6yv+tUlQPl/Sqbm+vePGeIAzqHav3jG9RLOZ/dH/CaoBo+ydrjEpay3ZxVWCVXbAfj1FEUJ1dXsvZeLmcqPaRJW7rYKkbEZkXVivXUHGpCj9R1MJiEGkjbXQXLgHTTOBin7zQWwhfSfyidgFIjvYZ0sVWUkM2KwHL6he6X9gIHWdQaUsy70CEd1iiXVvIsYhPri4vFJ32hoxWKKUjCVxO7ToVsVgS+/o7GDTeI3QnoeZY8j4KGdBSA9LuoSl97IdR8jE99kVIwuiIXrYoVvSgkE/prYSe0kKJd8PV3ZJpuzT3PwyXo6uDnkcbYl5JlnSshBcuV2i5hSN04pAnNNX9DiYPF1y+Z8xVuH5NOZC3tOmWK9wGFGhsluWdxLXGRrNiihnQUgPQblKzQmiMOwiedYMnMLhshTdrSe6s46v1JVjFYjnSD6InbUM0idxUsJdLm4+1x2Hy8poUvxJyvxoUqvWbFNh+PQrlBP484zGnUDUKy3p+LWdufJCy2uwqWjDhvPl7rMb49gqU1Uo0aOk4keN6Rl4Wd93sNJr9kJZb1fbM7p4Q4V4xL/bq5n6vUP7iyfXdq4MNmYapNn+FHnMu48N4qQfbn3yy8B0nQK8GgcL1RpbdsyJdUJpOp1fcGAABlIQnbSwIAQF5A+AAAzgHhAwA4B4QPAOAcED4AgHNA+AAAzgHhAwA4B4QPAOAcED4AgHNA+AAAzgHhAwA4B4QPAOAcED4AgHNA+AAAzgHhAwA4B4QPAOAcED4AgHNA+AAAzgHhAwA4B4QPAOAcED4AgHNA+AAAzgHhAwA4B4QPAOAcED4AgHNA+AAAzgHhAwA4B4QPAOAcED4AgHNA+AAAzgHhAwA4B4QPAOAcED4AgHNA+AAAzgHhAwA4B4QPAOAcED4AgHNA+AAAzgHhAwA4B4QPAOAcED4AgHNA+AAAbkFE/wE3LmoBviFqiAAAAABJRU5ErkJggg== + mediatype: image/png + install: + spec: + deployments: null + strategy: "" + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: true + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - networking + - security + links: + - name: Antrea Operator For Kubernetes + url: https://github.com/vmware/antrea-operator-for-kubernetes + maintainers: + - email: projectantrea-maintainers@googlegroups.com + name: Project Antrea Maintainers + maturity: alpha + provider: + name: antrea.io + version: 0.0.0 diff --git a/config/manifests/kustomization.yaml b/config/manifests/kustomization.yaml new file mode 100644 index 000000000..63ca74d72 --- /dev/null +++ b/config/manifests/kustomization.yaml @@ -0,0 +1,4 @@ +resources: +- ../default +- ../samples +- ../scorecard diff --git a/config/prometheus/kustomization.yaml b/config/prometheus/kustomization.yaml new file mode 100644 index 000000000..ed137168a --- /dev/null +++ b/config/prometheus/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- monitor.yaml diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml new file mode 100644 index 000000000..9b8047b76 --- /dev/null +++ b/config/prometheus/monitor.yaml @@ -0,0 +1,16 @@ + +# Prometheus Monitor Service (Metrics) +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + control-plane: controller-manager + name: controller-manager-metrics-monitor + namespace: system +spec: + endpoints: + - path: /metrics + port: https + selector: + matchLabels: + control-plane: controller-manager diff --git a/config/rbac/antreainstall_editor_role.yaml b/config/rbac/antreainstall_editor_role.yaml new file mode 100644 index 000000000..4db6ce47b --- /dev/null +++ b/config/rbac/antreainstall_editor_role.yaml @@ -0,0 +1,24 @@ +# permissions for end users to edit antreainstalls. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: antreainstall-editor-role +rules: +- apiGroups: + - operator.antrea.vmware.com + resources: + - antreainstalls + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - operator.antrea.vmware.com + resources: + - antreainstalls/status + verbs: + - get diff --git a/config/rbac/antreainstall_viewer_role.yaml b/config/rbac/antreainstall_viewer_role.yaml new file mode 100644 index 000000000..aa797b06a --- /dev/null +++ b/config/rbac/antreainstall_viewer_role.yaml @@ -0,0 +1,20 @@ +# permissions for end users to view antreainstalls. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: antreainstall-viewer-role +rules: +- apiGroups: + - operator.antrea.vmware.com + resources: + - antreainstalls + verbs: + - get + - list + - watch +- apiGroups: + - operator.antrea.vmware.com + resources: + - antreainstalls/status + verbs: + - get diff --git a/config/rbac/auth_proxy_client_clusterrole.yaml b/config/rbac/auth_proxy_client_clusterrole.yaml new file mode 100644 index 000000000..bd4af137a --- /dev/null +++ b/config/rbac/auth_proxy_client_clusterrole.yaml @@ -0,0 +1,7 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: metrics-reader +rules: +- nonResourceURLs: ["/metrics"] + verbs: ["get"] diff --git a/config/rbac/auth_proxy_role.yaml b/config/rbac/auth_proxy_role.yaml new file mode 100644 index 000000000..618f5e417 --- /dev/null +++ b/config/rbac/auth_proxy_role.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: proxy-role +rules: +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: ["create"] +- apiGroups: ["authorization.k8s.io"] + resources: + - subjectaccessreviews + verbs: ["create"] diff --git a/config/rbac/auth_proxy_role_binding.yaml b/config/rbac/auth_proxy_role_binding.yaml new file mode 100644 index 000000000..48ed1e4b8 --- /dev/null +++ b/config/rbac/auth_proxy_role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: proxy-role +subjects: +- kind: ServiceAccount + name: default + namespace: system diff --git a/config/rbac/auth_proxy_service.yaml b/config/rbac/auth_proxy_service.yaml new file mode 100644 index 000000000..6cf656be1 --- /dev/null +++ b/config/rbac/auth_proxy_service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: controller-manager-metrics-service + namespace: system +spec: + ports: + - name: https + port: 8443 + targetPort: https + selector: + control-plane: controller-manager diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml new file mode 100644 index 000000000..dbcbe1bab --- /dev/null +++ b/config/rbac/kustomization.yaml @@ -0,0 +1,12 @@ +resources: +- role.yaml +- role_binding.yaml +- leader_election_role.yaml +- leader_election_role_binding.yaml +# Comment the following 4 lines if you want to disable +# the auth proxy (https://github.com/brancz/kube-rbac-proxy) +# which protects your /metrics endpoint. +#- auth_proxy_service.yaml +#- auth_proxy_role.yaml +#- auth_proxy_role_binding.yaml +#- auth_proxy_client_clusterrole.yaml diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml new file mode 100644 index 000000000..28ff6b5c3 --- /dev/null +++ b/config/rbac/leader_election_role.yaml @@ -0,0 +1,34 @@ +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: antrea-operator-leader-election-role + namespace: antrea-operator +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml new file mode 100644 index 000000000..6f67d8769 --- /dev/null +++ b/config/rbac/leader_election_role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: leader-election-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: antrea-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: antrea-operator + namespace: antrea-operator diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml new file mode 100644 index 000000000..7880e96d1 --- /dev/null +++ b/config/rbac/role.yaml @@ -0,0 +1,187 @@ + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: antrea-operator +rules: +- nonResourceURLs: + - /addressgroups + - /agentinfo + - /appliedtogroups + - /networkpolicies + - /ovsflows + - /ovstracing + - /podinterfaces + verbs: + - get +- apiGroups: + - "" + resources: + - endpoints + - pods + verbs: + - delete + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - create + - delete + - get + - update +- apiGroups: + - authentication.k8s.io + resources: + - subjectaccessreviews + - tokenreviews + verbs: + - create +- apiGroups: + - clusterinformation.antrea.tanzu.vmware.com + resources: + - antreaagentinfos + - antreacontrollerinfos + verbs: + - create + - delete + - get + - list + - update +- apiGroups: + - config.openshift.io + resources: + - clusteroperators + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - config.openshift.io + resources: + - clusteroperators/status + verbs: + - get + - patch + - update +- apiGroups: + - config.openshift.io + resources: + - networks + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - config.openshift.io + resources: + - networks/finalizers + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - networking.antrea.tanzu.vmware.com + resources: + - addressgroups + - appliedtogroups + - networkpolicies + verbs: + - delete + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - get + - list + - watch +- apiGroups: + - operator.antrea.vmware.com + resources: + - antreainstalls + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - operator.antrea.vmware.com + resources: + - antreainstalls/status + verbs: + - get + - patch + - update +- apiGroups: + - operator.openshift.io + resources: + - networks + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - ops.antrea.tanzu.vmware.com + resources: + - traceflows + - traceflows/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - security.antrea.tanzu.vmware.com + resources: + - clusternetworkpolicies + verbs: + - delete + - get + - list + - watch +- apiGroups: + - system.antrea.tanzu.vmware.com + resources: + - agentinfos + - controllerinfos + - supportbundles + - supportbundles/download + verbs: + - delete + - get + - list + - post + - watch diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml new file mode 100644 index 000000000..930d39777 --- /dev/null +++ b/config/rbac/role_binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: antrea-operator + namespace: antrea-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: antrea-operator +subjects: +- kind: ServiceAccount + name: antrea-operator + namespace: antrea-operator diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml new file mode 100644 index 000000000..97304627c --- /dev/null +++ b/config/samples/kustomization.yaml @@ -0,0 +1,4 @@ +## Append samples you want in your CSV to this file as resources ## +resources: +- operator_v1_antreainstall.yaml +# +kubebuilder:scaffold:manifestskustomizesamples diff --git a/config/samples/operator_v1_antreainstall.yaml b/config/samples/operator_v1_antreainstall.yaml new file mode 100644 index 000000000..3784ed4b1 --- /dev/null +++ b/config/samples/operator_v1_antreainstall.yaml @@ -0,0 +1,130 @@ +apiVersion: operator.antrea.vmware.com/v1 +kind: AntreaInstall +metadata: + name: antrea-install + namespace: antrea-operator +spec: + antreaAgentConfig: | + # FeatureGates is a map of feature names to bools that enable or disable experimental features. + featureGates: + # Enable antrea proxy which provides ServiceLB for in-cluster services in antrea agent. + # It should be enabled on Windows, otherwise NetworkPolicy will not take effect on + # Service traffic. + # AntreaProxy: false + + # Enable traceflow which provides packet tracing feature to diagnose network issue. + # Traceflow: false + + # Enable ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins + # to define security policies which apply to the entire cluster. + # ClusterNetworkPolicy: false + + # Enable flowexporter which exports polled conntrack connections as IPFIX flow records from each agent to a configured collector. + # FlowExporter: false + + # Name of the OpenVSwitch bridge antrea-agent will create and use. + # Make sure it doesn't conflict with your existing OpenVSwitch bridges. + #ovsBridge: br-int + + # Datapath type to use for the OpenVSwitch bridge created by Antrea. Supported values are: + # - system + # - netdev + # 'system' is the default value and corresponds to the kernel datapath. Use 'netdev' to run + # OVS in userspace mode. Userspace mode requires the tun device driver to be available. + #ovsDatapathType: system + + # Name of the interface antrea-agent will create and use for host <--> pod communication. + # Make sure it doesn't conflict with your existing interfaces. + #hostGateway: antrea-gw0 + + # Encapsulation mode for communication between Pods across Nodes, supported values: + # - geneve (default) + # - vxlan + # - gre + # - stt + #tunnelType: geneve + + # Default MTU to use for the host gateway interface and the network interface of each Pod. + # If omitted, antrea-agent will discover the MTU of the Node's primary interface and + # also adjust MTU to accommodate for tunnel encapsulation overhead (if applicable). + #defaultMTU: 1450 + + # Whether or not to enable IPsec encryption of tunnel traffic. IPsec encryption is only supported + # for the GRE tunnel type. + #enableIPSecTunnel: false + + # Determines how traffic is encapsulated. It has the following options + # encap(default): Inter-node Pod traffic is always encapsulated and Pod to outbound traffic is masqueraded. + # noEncap: Inter-node Pod traffic is not encapsulated, but Pod to outbound traffic is masqueraded. + # Underlying network must be capable of supporting Pod traffic across IP subnet. + # hybrid: noEncap if worker Nodes on same subnet, otherwise encap. + # networkPolicyOnly: Antrea enforces NetworkPolicy only, and utilizes CNI chaining and delegates Pod IPAM and connectivity to primary CNI. + # + #trafficEncapMode: encap + + # The port for the antrea-agent APIServer to serve on. + # Note that if it's set to another value, the `containerPort` of the `api` port of the + # `antrea-agent` container must be set to the same value. + #apiPort: 10350 + + # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener. + #enablePrometheusMetrics: false + + # Provide flow collector address as string with format :[:], where proto is tcp or udp. This also enables + # the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge. If no L4 transport proto is given, + # we consider tcp as default. + #flowCollectorAddr: "" + + # Provide flow poll interval as a duration string. This determines how often the flow exporter dumps connections from the conntrack module. + # Flow poll interval should be greater than or equal to 1s (one second). + # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". + #flowPollInterval: "5s" + + # Provide flow export frequency, which is the number of poll cycles elapsed before flow exporter exports flow records to + # the flow collector. + # Flow export frequency should be greater than or equal to 1. + #flowExportFrequency: 12 + antreaCNIConfig: | + { + "cniVersion":"0.3.0", + "name": "antrea", + "plugins": [ + { + "type": "antrea", + "ipam": { + "type": "host-local" + } + }, + { + "type": "portmap", + "capabilities": {"portMappings": true} + } + ] + } + antreaControllerConfig: | + # FeatureGates is a map of feature names to bools that enable or disable experimental features. + featureGates: + # Enable traceflow which provides packet tracing feature to diagnose network issue. + # Traceflow: false + + # Enable ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins + # to define security policies which apply to the entire cluster. + # ClusterNetworkPolicy: false + + # The port for the antrea-controller APIServer to serve on. + # Note that if it's set to another value, the `containerPort` of the `api` port of the + # `antrea-controller` container must be set to the same value. + #apiPort: 10349 + + # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener. + #enablePrometheusMetrics: false + + # Indicates whether to use auto-generated self-signed TLS certificate. + # If false, A Secret named "antrea-controller-tls" must be provided with the following keys: + # ca.crt: + # tls.crt: + # tls.key: + # And the Secret must be mounted to directory "/var/run/antrea/antrea-controller-tls" of the + # antrea-controller container. + #selfSignedCert: true + antreaImage: antrea/antrea-ubuntu:v0.9.1 diff --git a/config/scorecard/bases/config.yaml b/config/scorecard/bases/config.yaml new file mode 100644 index 000000000..c77047841 --- /dev/null +++ b/config/scorecard/bases/config.yaml @@ -0,0 +1,7 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: [] diff --git a/config/scorecard/kustomization.yaml b/config/scorecard/kustomization.yaml new file mode 100644 index 000000000..d73509ee7 --- /dev/null +++ b/config/scorecard/kustomization.yaml @@ -0,0 +1,16 @@ +resources: +- bases/config.yaml +patchesJson6902: +- path: patches/basic.config.yaml + target: + group: scorecard.operatorframework.io + version: v1alpha3 + kind: Configuration + name: config +- path: patches/olm.config.yaml + target: + group: scorecard.operatorframework.io + version: v1alpha3 + kind: Configuration + name: config +# +kubebuilder:scaffold:patchesJson6902 diff --git a/config/scorecard/patches/basic.config.yaml b/config/scorecard/patches/basic.config.yaml new file mode 100644 index 000000000..f80c746f9 --- /dev/null +++ b/config/scorecard/patches/basic.config.yaml @@ -0,0 +1,10 @@ +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.2.0 + labels: + suite: basic + test: basic-check-spec-test diff --git a/config/scorecard/patches/olm.config.yaml b/config/scorecard/patches/olm.config.yaml new file mode 100644 index 000000000..ef6834b1e --- /dev/null +++ b/config/scorecard/patches/olm.config.yaml @@ -0,0 +1,50 @@ +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.2.0 + labels: + suite: olm + test: olm-bundle-validation-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.2.0 + labels: + suite: olm + test: olm-crds-have-validation-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.2.0 + labels: + suite: olm + test: olm-crds-have-resources-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.2.0 + labels: + suite: olm + test: olm-spec-descriptors-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.2.0 + labels: + suite: olm + test: olm-status-descriptors-test diff --git a/config/webhook/kustomization.yaml b/config/webhook/kustomization.yaml new file mode 100644 index 000000000..9cf26134e --- /dev/null +++ b/config/webhook/kustomization.yaml @@ -0,0 +1,6 @@ +resources: +- manifests.yaml +- service.yaml + +configurations: +- kustomizeconfig.yaml diff --git a/config/webhook/kustomizeconfig.yaml b/config/webhook/kustomizeconfig.yaml new file mode 100644 index 000000000..25e21e3c9 --- /dev/null +++ b/config/webhook/kustomizeconfig.yaml @@ -0,0 +1,25 @@ +# the following config is for teaching kustomize where to look at when substituting vars. +# It requires kustomize v2.1.0 or newer to work properly. +nameReference: +- kind: Service + version: v1 + fieldSpecs: + - kind: MutatingWebhookConfiguration + group: admissionregistration.k8s.io + path: webhooks/clientConfig/service/name + - kind: ValidatingWebhookConfiguration + group: admissionregistration.k8s.io + path: webhooks/clientConfig/service/name + +namespace: +- kind: MutatingWebhookConfiguration + group: admissionregistration.k8s.io + path: webhooks/clientConfig/service/namespace + create: true +- kind: ValidatingWebhookConfiguration + group: admissionregistration.k8s.io + path: webhooks/clientConfig/service/namespace + create: true + +varReference: +- path: metadata/annotations diff --git a/config/webhook/service.yaml b/config/webhook/service.yaml new file mode 100644 index 000000000..31e0f8295 --- /dev/null +++ b/config/webhook/service.yaml @@ -0,0 +1,12 @@ + +apiVersion: v1 +kind: Service +metadata: + name: webhook-service + namespace: system +spec: + ports: + - port: 443 + targetPort: 9443 + selector: + control-plane: controller-manager diff --git a/pkg/controller/config/config_controller.go b/controllers/antreainstall_controller.go similarity index 59% rename from pkg/controller/config/config_controller.go rename to controllers/antreainstall_controller.go index 8882e7224..8229fbe2e 100644 --- a/pkg/controller/config/config_controller.go +++ b/controllers/antreainstall_controller.go @@ -1,7 +1,7 @@ /* Copyright © 2020 VMware, Inc. All Rights Reserved. SPDX-License-Identifier: Apache-2.0 */ -package config +package controllers import ( "context" @@ -11,90 +11,77 @@ import ( configv1 "github.com/openshift/api/config/v1" ocoperv1 "github.com/openshift/api/operator/v1" "github.com/openshift/cluster-network-operator/pkg/apply" - "github.com/openshift/cluster-network-operator/pkg/controller/statusmanager" "github.com/openshift/cluster-network-operator/pkg/render" k8sutil "github.com/openshift/cluster-network-operator/pkg/util/k8s" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" uns "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" "sigs.k8s.io/controller-runtime/pkg/handler" - logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/manager" "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" - operatorv1 "github.com/vmware/antrea-operator-for-kubernetes/pkg/apis/operator/v1" - "github.com/vmware/antrea-operator-for-kubernetes/pkg/controller/sharedinfo" - operstatus "github.com/vmware/antrea-operator-for-kubernetes/pkg/controller/statusmanager" - operatortypes "github.com/vmware/antrea-operator-for-kubernetes/pkg/types" -) - -var log = logf.Log.WithName("controller_config") - -// Add creates a new ConfigMap Controller and adds it to the Manager. The Manager will set fields on the Controller -// and Start it when the Manager is Started. -func Add(mgr manager.Manager, status *statusmanager.StatusManager, sharedInfo *sharedinfo.SharedInfo) error { - return add(mgr, newReconciler(mgr, status, sharedInfo)) -} + "github.com/vmware/antrea-operator-for-kubernetes/controllers/sharedinfo" + operatortypes "github.com/vmware/antrea-operator-for-kubernetes/controllers/types" -// newReconciler returns a new reconcile.Reconciler -func newReconciler(mgr manager.Manager, status *statusmanager.StatusManager, sharedInfo *sharedinfo.SharedInfo) reconcile.Reconciler { - return &ReconcileConfig{client: mgr.GetClient(), scheme: mgr.GetScheme(), status: status, sharedInfo: sharedInfo, mapper: mgr.GetRESTMapper()} -} + "github.com/go-logr/logr" + "github.com/openshift/cluster-network-operator/pkg/controller/statusmanager" + "k8s.io/apimachinery/pkg/api/meta" + "k8s.io/apimachinery/pkg/runtime" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" -// add adds a new Controller to mgr with r as the reconcile.Reconciler -func add(mgr manager.Manager, r reconcile.Reconciler) error { - // Create a new controller - c, err := controller.New("config-controller", mgr, controller.Options{Reconciler: r}) - if err != nil { - return err - } + operatorv1 "github.com/vmware/antrea-operator-for-kubernetes/api/v1" + configutil "github.com/vmware/antrea-operator-for-kubernetes/controllers/config" + operstatus "github.com/vmware/antrea-operator-for-kubernetes/controllers/statusmanager" +) - // Watch for changes to primary resource AntreaInstall CRD - err = c.Watch(&source.Kind{Type: &operatorv1.AntreaInstall{}}, &handler.EnqueueRequestForObject{}) - if err != nil { - return err - } +var log = ctrl.Log.WithName("controllers") - // Watch for changes to primary resource Network CRD - err = c.Watch(&source.Kind{Type: &configv1.Network{}}, &handler.EnqueueRequestForObject{}) - if err != nil { - return err - } +// AntreaInstallReconciler reconciles a AntreaInstall object +type AntreaInstallReconciler struct { + Client client.Client + Log logr.Logger + Scheme *runtime.Scheme + Status *statusmanager.StatusManager + Mapper meta.RESTMapper - return nil + SharedInfo *sharedinfo.SharedInfo + AppliedClusterConfig *configv1.Network + AppliedOperConfig *operatorv1.AntreaInstall } -// blank assignment to verify that ReconcileConfig implements reconcile.Reconciler -var _ reconcile.Reconciler = &ReconcileConfig{} - -// ReconcileConfig reconciles cluster network configuration changes. -type ReconcileConfig struct { - // This client, initialized using mgr.Client() above, is a split client - // that reads objects from the cache and writes to the apiserver - client client.Client - scheme *runtime.Scheme - status *statusmanager.StatusManager - mapper meta.RESTMapper - sharedInfo *sharedinfo.SharedInfo - - appliedClusterConfig *configv1.Network - appliedOperConfig *operatorv1.AntreaInstall +func (r *AntreaInstallReconciler) SetupWithManager(mgr ctrl.Manager) error { + return ctrl.NewControllerManagedBy(mgr). + For(&operatorv1.AntreaInstall{}). + Watches(&source.Kind{Type: &configv1.Network{}}, &handler.EnqueueRequestForObject{}). + Complete(r) } -// Reconcile propagates changes from the cluster config and operater config to -// antrea config. And then update antrea resources if antrea config changes. -func (r *ReconcileConfig) Reconcile(request reconcile.Request) (reconcile.Result, error) { - reqLogger := log.WithValues("Request.Namespace", request.Namespace, "Request.Name", request.Name) - +// +kubebuilder:rbac:groups=operator.antrea.vmware.com,resources=antreainstalls,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=operator.antrea.vmware.com,resources=antreainstalls/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=config.openshift.io,resources=clusteroperators,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=config.openshift.io,resources=clusteroperators/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=config.openshift.io,resources=networks,verbs=get;list;watch;patch;update +// +kubebuilder:rbac:groups=config.openshift.io,resources=networks/finalizers,verbs=get;list;watch;patch;update +// +kubebuilder:rbac:groups=operator.openshift.io,resources=networks,verbs=get;list;watch;patch;update +// +kubebuilder:rbac:groups="",resources=pods,verbs=get;watch;list +// +kubebuilder:rbac:groups="",resources=pods;endpoints,verbs=get;watch;list;delete +// +kubebuilder:rbac:groups=authentication.k8s.io,resources=tokenreviews;subjectaccessreviews,verbs=create +// +kubebuilder:rbac:groups=apiregistration.k8s.io,resources=apiservices,verbs=get;create;update;delete +// +kubebuilder:rbac:groups=networking.k8s.io,resources=networkpolicies,verbs=get;watch;list +// +kubebuilder:rbac:groups=ops.antrea.tanzu.vmware.com,resources=traceflows;traceflows/status,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=clusterinformation.antrea.tanzu.vmware.com,resources=antreaagentinfos;antreacontrollerinfos,verbs=get;list;create;update;delete +// +kubebuilder:rbac:groups=networking.antrea.tanzu.vmware.com,resources=networkpolicies;appliedtogroups;addressgroups,verbs=get;watch;list;delete +// +kubebuilder:rbac:groups=security.antrea.tanzu.vmware.com,resources=clusternetworkpolicies,verbs=get;watch;list;delete +// +kubebuilder:rbac:groups=system.antrea.tanzu.vmware.com,resources=controllerinfos;agentinfos;supportbundles;supportbundles/download,verbs=get;watch;list;post;delete +// +kubebuilder:rbac:urls=/agentinfo;/addressgroups;/appliedtogroups;/networkpolicies;/ovsflows;/ovstracing;/podinterfaces,verbs=get + +func (r *AntreaInstallReconciler) Reconcile(request ctrl.Request) (ctrl.Result, error) { + reqLogger := r.Log.WithValues("Request.NamespacedName", request.NamespacedName) if request.Namespace == "" && request.Name == operatortypes.ClusterConfigName { reqLogger.Info("Reconciling antrea-operator Cluster Network CR change") } else if request.Namespace == operatortypes.OperatorNameSpace && request.Name == operatortypes.OperatorConfigName { @@ -105,21 +92,21 @@ func (r *ReconcileConfig) Reconcile(request reconcile.Request) (reconcile.Result // Fetch Cluster Network CR. clusterConfig := &configv1.Network{} - err := r.client.Get(context.TODO(), types.NamespacedName{Name: operatortypes.ClusterConfigName}, clusterConfig) + err := r.Client.Get(context.TODO(), types.NamespacedName{Name: operatortypes.ClusterConfigName}, clusterConfig) if err != nil { if apierrors.IsNotFound(err) { msg := "Cluster Network CR not found" log.Info(msg) - operstatus.SetDegraded(r.client, r.status, statusmanager.ClusterConfig, "NoClusterConfig", msg) + operstatus.SetDegraded(r.Client, r.Status, statusmanager.ClusterConfig, "NoClusterConfig", msg) return reconcile.Result{}, nil } - operstatus.SetDegraded(r.client, r.status, statusmanager.ClusterConfig, "InvalidClusterConfig", + operstatus.SetDegraded(r.Client, r.Status, statusmanager.ClusterConfig, "InvalidClusterConfig", fmt.Sprintf("Failed to get cluster network CRD: %v", err)) log.Error(err, "failed to get Cluster Network CR") return reconcile.Result{Requeue: true}, err } - if request.Name == clusterConfig.Name && r.appliedClusterConfig != nil { - if reflect.DeepEqual(clusterConfig.Spec, r.appliedClusterConfig.Spec) { + if request.Name == clusterConfig.Name && r.AppliedClusterConfig != nil { + if reflect.DeepEqual(clusterConfig.Spec, r.AppliedClusterConfig.Spec) { log.Info("no configuration change") return reconcile.Result{}, nil } @@ -127,10 +114,10 @@ func (r *ReconcileConfig) Reconcile(request reconcile.Request) (reconcile.Result // Fetch the Network.operator.openshift.io instance operatorNetwork := &ocoperv1.Network{} - err = r.client.Get(context.TODO(), types.NamespacedName{Name: operatortypes.ClusterOperatorNetworkName}, operatorNetwork) + err = r.Client.Get(context.TODO(), types.NamespacedName{Name: operatortypes.ClusterOperatorNetworkName}, operatorNetwork) if err != nil { if apierrors.IsNotFound(err) { - operstatus.SetDegraded(r.client, r.status, statusmanager.OperatorConfig, "NoClusterNetworkOperatorConfig", + operstatus.SetDegraded(r.Client, r.Status, statusmanager.OperatorConfig, "NoClusterNetworkOperatorConfig", fmt.Sprintf("Cluster network operator configuration not found")) return reconcile.Result{}, nil } @@ -141,47 +128,47 @@ func (r *ReconcileConfig) Reconcile(request reconcile.Request) (reconcile.Result // Fetch antrea-install CR. operConfig := &operatorv1.AntreaInstall{} - err = r.client.Get(context.TODO(), types.NamespacedName{Namespace: operatortypes.OperatorNameSpace, Name: operatortypes.OperatorConfigName}, operConfig) + err = r.Client.Get(context.TODO(), types.NamespacedName{Namespace: operatortypes.OperatorNameSpace, Name: operatortypes.OperatorConfigName}, operConfig) if err != nil { if apierrors.IsNotFound(err) { msg := fmt.Sprintf("%s CR not found", operatortypes.OperatorConfigName) log.Info(msg) - operstatus.SetDegraded(r.client, r.status, statusmanager.ClusterConfig, "NoAntreaInstallCR", msg) + operstatus.SetDegraded(r.Client, r.Status, statusmanager.ClusterConfig, "NoAntreaInstallCR", msg) return reconcile.Result{}, nil } log.Error(err, "failed to get antrea-install CR") - operstatus.SetDegraded(r.client, r.status, statusmanager.OperatorConfig, "InvalidAntreaInstallCR", + operstatus.SetDegraded(r.Client, r.Status, statusmanager.OperatorConfig, "InvalidAntreaInstallCR", fmt.Sprintf("Failed to get operator CR: %v", err)) return reconcile.Result{Requeue: true}, err } - if request.Name == operConfig.Name && r.appliedOperConfig != nil { - if reflect.DeepEqual(operConfig.Spec, r.appliedOperConfig.Spec) { + if request.Name == operConfig.Name && r.AppliedOperConfig != nil { + if reflect.DeepEqual(operConfig.Spec, r.AppliedOperConfig.Spec) { log.Info("no configuration change") return reconcile.Result{}, nil } } // Fill default configurations. - if err = FillConfigs(clusterConfig, operConfig); err != nil { + if err = configutil.FillConfigs(clusterConfig, operConfig); err != nil { log.Error(err, "failed to fill configurations") - operstatus.SetDegraded(r.client, r.status, statusmanager.OperatorConfig, "FillConfigurationsError", + operstatus.SetDegraded(r.Client, r.Status, statusmanager.OperatorConfig, "FillConfigurationsError", fmt.Sprintf("Failed to fill configurations: %v", err)) return reconcile.Result{Requeue: true}, err } // Validate configurations. - if err = ValidateConfig(clusterConfig, operConfig); err != nil { + if err = configutil.ValidateConfig(clusterConfig, operConfig); err != nil { log.Error(err, "failed to validate configurations") - operstatus.SetDegraded(r.client, r.status, statusmanager.OperatorConfig, "InvalidOperatorConfig", + operstatus.SetDegraded(r.Client, r.Status, statusmanager.OperatorConfig, "InvalidOperatorConfig", fmt.Sprintf("The operator configuration is invalid: %v", err)) return reconcile.Result{Requeue: true}, err } // Generate render data. - renderData, err := GenerateRenderData(operatorNetwork, operConfig) + renderData, err := configutil.GenerateRenderData(operatorNetwork, operConfig) if err != nil { log.Error(err, "failed to generate render data") - operstatus.SetDegraded(r.client, r.status, statusmanager.OperatorConfig, "RenderConfigError", + operstatus.SetDegraded(r.Client, r.Status, statusmanager.OperatorConfig, "RenderConfigError", fmt.Sprintf("Failed to render operator configurations: %v", err)) return reconcile.Result{Requeue: true}, err } @@ -190,11 +177,11 @@ func (r *ReconcileConfig) Reconcile(request reconcile.Request) (reconcile.Result appliedConfig, err := r.getAppliedOperConfig() if err != nil { log.Error(err, "failed to get applied config") - operstatus.SetDegraded(r.client, r.status, statusmanager.OperatorConfig, "InternalError", + operstatus.SetDegraded(r.Client, r.Status, statusmanager.OperatorConfig, "InternalError", fmt.Sprintf("Failed to get current configurations: %v", err)) return reconcile.Result{}, err } - agentNeedChange, controllerNeedChange, imageChange := NeedApplyChange(appliedConfig, operConfig) + agentNeedChange, controllerNeedChange, imageChange := configutil.NeedApplyChange(appliedConfig, operConfig) if !agentNeedChange && !controllerNeedChange { log.Info("no configuration change") } else { @@ -202,40 +189,40 @@ func (r *ReconcileConfig) Reconcile(request reconcile.Request) (reconcile.Result objs, err := render.RenderDir(operatortypes.DefaultManifestDir, renderData) if err != nil { log.Error(err, "failed to render configuration") - operstatus.SetDegraded(r.client, r.status, statusmanager.OperatorConfig, "RenderConfigError", + operstatus.SetDegraded(r.Client, r.Status, statusmanager.OperatorConfig, "RenderConfigError", fmt.Sprintf("Failed to render operator configurations: %v", err)) return reconcile.Result{Requeue: true}, err } // Update status and sharedInfo. - r.sharedInfo.Lock() - defer r.sharedInfo.Unlock() + r.SharedInfo.Lock() + defer r.SharedInfo.Unlock() if err = r.updateStatusManagerAndSharedInfo(objs, clusterConfig); err != nil { return reconcile.Result{Requeue: true}, err } // Apply configurations. for _, obj := range objs { - if err = apply.ApplyObject(context.TODO(), r.client, obj); err != nil { + if err = apply.ApplyObject(context.TODO(), r.Client, obj); err != nil { log.Error(err, "failed to apply resource") - operstatus.SetDegraded(r.client, r.status, statusmanager.OperatorConfig, "ApplyObjectsError", + operstatus.SetDegraded(r.Client, r.Status, statusmanager.OperatorConfig, "ApplyObjectsError", fmt.Sprintf("Failed to apply operator configurations: %v", err)) return reconcile.Result{Requeue: true}, err } } // Delete old antrea-agent and antrea-controller pods. - if r.appliedOperConfig != nil && agentNeedChange && !imageChange { - if err = deleteExistingPods(r.client, operatortypes.AntreaAgentDaemonSetName); err != nil { - operstatus.SetDegraded(r.client, r.status, statusmanager.OperatorConfig, "DeleteOldPodsError", + if r.AppliedOperConfig != nil && agentNeedChange && !imageChange { + if err = deleteExistingPods(r.Client, operatortypes.AntreaAgentDaemonSetName); err != nil { + operstatus.SetDegraded(r.Client, r.Status, statusmanager.OperatorConfig, "DeleteOldPodsError", fmt.Sprintf("DaemonSet %s is not using the latest configuration updates because: %v", operatortypes.AntreaAgentDaemonSetName, err)) return reconcile.Result{Requeue: true}, err } } - if r.appliedOperConfig != nil && controllerNeedChange && !imageChange { - if err = deleteExistingPods(r.client, operatortypes.AntreaControllerDeploymentName); err != nil { - operstatus.SetDegraded(r.client, r.status, statusmanager.OperatorConfig, "DeleteOldPodsError", + if r.AppliedOperConfig != nil && controllerNeedChange && !imageChange { + if err = deleteExistingPods(r.Client, operatortypes.AntreaControllerDeploymentName); err != nil { + operstatus.SetDegraded(r.Client, r.Status, statusmanager.OperatorConfig, "DeleteOldPodsError", fmt.Sprintf("Deployment %s is not using the latest configuration updates because: %v", operatortypes.AntreaControllerDeploymentName, err)) return reconcile.Result{Requeue: true}, err @@ -244,30 +231,31 @@ func (r *ReconcileConfig) Reconcile(request reconcile.Request) (reconcile.Result } // Update cluster network CR status. - clusterNetworkConfigChanged := HasClusterNetworkConfigChange(r.appliedClusterConfig, clusterConfig) - defaultMTUChanged, curDefaultMTU, err := HasDefaultMTUChange(r.appliedOperConfig, operConfig) + clusterNetworkConfigChanged := configutil.HasClusterNetworkConfigChange(r.AppliedClusterConfig, clusterConfig) + defaultMTUChanged, curDefaultMTU, err := configutil.HasDefaultMTUChange(r.AppliedOperConfig, operConfig) if err != nil { - operstatus.SetDegraded(r.client, r.status, statusmanager.OperatorConfig, "UpdateNetworkStatusError", + operstatus.SetDegraded(r.Client, r.Status, statusmanager.OperatorConfig, "UpdateNetworkStatusError", fmt.Sprintf("failed to check default MTU configuration: %v", err)) return reconcile.Result{Requeue: true}, err } if clusterNetworkConfigChanged || defaultMTUChanged { - if err = updateNetworkStatus(r.client, clusterConfig, curDefaultMTU); err != nil { - operstatus.SetDegraded(r.client, r.status, statusmanager.ClusterConfig, "UpdateNetworkStatusError", + if err = updateNetworkStatus(r.Client, clusterConfig, curDefaultMTU); err != nil { + operstatus.SetDegraded(r.Client, r.Status, statusmanager.ClusterConfig, "UpdateNetworkStatusError", fmt.Sprintf("Failed to update network status: %v", err)) return reconcile.Result{Requeue: true}, err } } - operstatus.SetNotDegraded(r.client, r.status, statusmanager.ClusterConfig) - operstatus.SetNotDegraded(r.client, r.status, statusmanager.OperatorConfig) + operstatus.SetNotDegraded(r.Client, r.Status, statusmanager.ClusterConfig) + operstatus.SetNotDegraded(r.Client, r.Status, statusmanager.OperatorConfig) + + r.AppliedClusterConfig = clusterConfig + r.AppliedOperConfig = operConfig - r.appliedClusterConfig = clusterConfig - r.appliedOperConfig = operConfig - return reconcile.Result{}, nil + return ctrl.Result{}, nil } -func (r *ReconcileConfig) updateStatusManagerAndSharedInfo(objs []*uns.Unstructured, clusterConfig *configv1.Network) error { +func (r *AntreaInstallReconciler) updateStatusManagerAndSharedInfo(objs []*uns.Unstructured, clusterConfig *configv1.Network) error { var daemonSets, deployments []types.NamespacedName var relatedObjects []configv1.ObjectReference var daemonSetObject, deploymentObject *uns.Unstructured @@ -279,7 +267,7 @@ func (r *ReconcileConfig) updateStatusManagerAndSharedInfo(objs []*uns.Unstructu deployments = append(deployments, types.NamespacedName{Namespace: obj.GetNamespace(), Name: obj.GetName()}) deploymentObject = obj } - restMapping, err := r.mapper.RESTMapping(obj.GroupVersionKind().GroupKind()) + restMapping, err := r.Mapper.RESTMapping(obj.GroupVersionKind().GroupKind()) if err != nil { log.Error(err, "failed to get REST mapping for storing related object") continue @@ -290,9 +278,9 @@ func (r *ReconcileConfig) updateStatusManagerAndSharedInfo(objs []*uns.Unstructu Name: obj.GetName(), Namespace: obj.GetNamespace(), }) - if err = controllerutil.SetControllerReference(clusterConfig, obj, r.scheme); err != nil { + if err = controllerutil.SetControllerReference(clusterConfig, obj, r.Scheme); err != nil { log.Error(err, "failed to set owner reference", "resource", obj.GetName()) - operstatus.SetDegraded(r.client, r.status, statusmanager.OperatorConfig, "ApplyObjectsError", + operstatus.SetDegraded(r.Client, r.Status, statusmanager.OperatorConfig, "ApplyObjectsError", fmt.Sprintf("Failed to set owner reference: %v", err)) return err } @@ -307,24 +295,24 @@ func (r *ReconcileConfig) updateStatusManagerAndSharedInfo(objs []*uns.Unstructu } err := fmt.Errorf("configuration of resources %v is missing", missedResources) log.Error(nil, err.Error()) - operstatus.SetDegraded(r.client, r.status, statusmanager.OperatorConfig, "ApplyObjectsError", err.Error()) + operstatus.SetDegraded(r.Client, r.Status, statusmanager.OperatorConfig, "ApplyObjectsError", err.Error()) return err } - r.status.SetDaemonSets(daemonSets) - r.status.SetDeployments(deployments) - r.status.SetRelatedObjects(relatedObjects) - r.sharedInfo.AntreaAgentDaemonSetSpec = daemonSetObject.DeepCopy() - r.sharedInfo.AntreaControllerDeploymentSpec = deploymentObject.DeepCopy() + r.Status.SetDaemonSets(daemonSets) + r.Status.SetDeployments(deployments) + r.Status.SetRelatedObjects(relatedObjects) + r.SharedInfo.AntreaAgentDaemonSetSpec = daemonSetObject.DeepCopy() + r.SharedInfo.AntreaControllerDeploymentSpec = deploymentObject.DeepCopy() return nil } -func (r *ReconcileConfig) getAppliedOperConfig() (*operatorv1.AntreaInstall, error) { - if r.appliedOperConfig != nil { - return r.appliedOperConfig, nil +func (r *AntreaInstallReconciler) getAppliedOperConfig() (*operatorv1.AntreaInstall, error) { + if r.AppliedOperConfig != nil { + return r.AppliedOperConfig, nil } operConfig := &operatorv1.AntreaInstall{} antreaConfig := corev1.ConfigMap{} - if err := r.client.Get(context.TODO(), types.NamespacedName{Namespace: operatortypes.AntreaNamespace, Name: operatortypes.AntreaConfigMapName}, &antreaConfig); err != nil { + if err := r.Client.Get(context.TODO(), types.NamespacedName{Namespace: operatortypes.AntreaNamespace, Name: operatortypes.AntreaConfigMapName}, &antreaConfig); err != nil { if apierrors.IsNotFound(err) { return nil, nil } else { @@ -332,7 +320,7 @@ func (r *ReconcileConfig) getAppliedOperConfig() (*operatorv1.AntreaInstall, err } } antreaControllerDeployment := appsv1.Deployment{} - if err := r.client.Get(context.TODO(), types.NamespacedName{Namespace: operatortypes.AntreaNamespace, Name: operatortypes.AntreaControllerDeploymentName}, &antreaControllerDeployment); err != nil { + if err := r.Client.Get(context.TODO(), types.NamespacedName{Namespace: operatortypes.AntreaNamespace, Name: operatortypes.AntreaControllerDeploymentName}, &antreaControllerDeployment); err != nil { if apierrors.IsNotFound(err) { return nil, nil } else { @@ -362,7 +350,7 @@ func deleteExistingPods(c client.Client, component string) error { } func updateNetworkStatus(c client.Client, clusterConfig *configv1.Network, defaultMTU int) error { - status := BuildNetworkStatus(clusterConfig, defaultMTU) + status := configutil.BuildNetworkStatus(clusterConfig, defaultMTU) clusterConfig.Status = *status data, err := k8sutil.ToUnstructured(clusterConfig) if err != nil { diff --git a/pkg/controller/config/config.go b/controllers/config/config.go similarity index 97% rename from pkg/controller/config/config.go rename to controllers/config/config.go index 15cebd4bd..5476a18e9 100644 --- a/pkg/controller/config/config.go +++ b/controllers/config/config.go @@ -11,12 +11,15 @@ import ( "github.com/openshift/cluster-network-operator/pkg/network" "github.com/openshift/cluster-network-operator/pkg/render" "gopkg.in/yaml.v2" + ctrl "sigs.k8s.io/controller-runtime" - operatorv1 "github.com/vmware/antrea-operator-for-kubernetes/pkg/apis/operator/v1" - "github.com/vmware/antrea-operator-for-kubernetes/pkg/types" + operatorv1 "github.com/vmware/antrea-operator-for-kubernetes/api/v1" + "github.com/vmware/antrea-operator-for-kubernetes/controllers/types" "github.com/vmware/antrea-operator-for-kubernetes/version" ) +var log = ctrl.Log.WithName("config") + func FillConfigs(clusterConfig *configv1.Network, operConfig *operatorv1.AntreaInstall) error { antreaAgentConfig := make(map[string]interface{}) err := yaml.Unmarshal([]byte(operConfig.Spec.AntreaAgentConfig), &antreaAgentConfig) diff --git a/pkg/controller/config/config_test.go b/controllers/config/config_test.go similarity index 98% rename from pkg/controller/config/config_test.go rename to controllers/config/config_test.go index a60757903..b4cc9015b 100644 --- a/pkg/controller/config/config_test.go +++ b/controllers/config/config_test.go @@ -16,8 +16,8 @@ import ( appsv1 "k8s.io/api/apps/v1" "k8s.io/apimachinery/pkg/runtime" - operatorv1 "github.com/vmware/antrea-operator-for-kubernetes/pkg/apis/operator/v1" - operatortypes "github.com/vmware/antrea-operator-for-kubernetes/pkg/types" + operatorv1 "github.com/vmware/antrea-operator-for-kubernetes/api/v1" + operatortypes "github.com/vmware/antrea-operator-for-kubernetes/controllers/types" "github.com/vmware/antrea-operator-for-kubernetes/version" ) @@ -120,7 +120,7 @@ func TestRender(t *testing.T) { g.Expect(err).ShouldNot(HaveOccurred()) renderData, err := GenerateRenderData(operatorNetwork, operConfig) g.Expect(err).ShouldNot(HaveOccurred()) - objs, err := render.RenderDir("../../../manifest", renderData) + objs, err := render.RenderDir("../../antrea-manifest", renderData) g.Expect(err).ShouldNot(HaveOccurred()) for _, obj := range objs { diff --git a/controllers/pod_controller.go b/controllers/pod_controller.go new file mode 100644 index 000000000..600e76b7a --- /dev/null +++ b/controllers/pod_controller.go @@ -0,0 +1,117 @@ +/* Copyright © 2020 VMware, Inc. All Rights Reserved. + SPDX-License-Identifier: Apache-2.0 */ + +package controllers + +import ( + "context" + "fmt" + "time" + + "sigs.k8s.io/controller-runtime/pkg/handler" + "sigs.k8s.io/controller-runtime/pkg/source" + + "github.com/go-logr/logr" + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/openshift/cluster-network-operator/pkg/apply" + "github.com/openshift/cluster-network-operator/pkg/controller/statusmanager" + appsv1 "k8s.io/api/apps/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" + uns "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/reconcile" + + "github.com/vmware/antrea-operator-for-kubernetes/controllers/sharedinfo" +) + +// The periodic resync interval. +// We will re-run the reconciliation logic, even if the NCP configuration +// hasn't changed. +var ResyncPeriod = 2 * time.Minute + +// PodReconciler reconciles a Pod object +type PodReconciler struct { + Client client.Client + Log logr.Logger + Scheme *runtime.Scheme + Status *statusmanager.StatusManager + SharedInfo *sharedinfo.SharedInfo +} + +func (r *PodReconciler) SetupWithManager(mgr ctrl.Manager) error { + return ctrl.NewControllerManagedBy(mgr). + For(&appsv1.DaemonSet{}). + Watches(&source.Kind{Type: &appsv1.Deployment{}}, &handler.EnqueueRequestForObject{}). + Complete(r) +} + +// Reconcile updates the ClusterOperator.Status to match the current state of the watched Deployments/DaemonSets +func (r *PodReconciler) Reconcile(request reconcile.Request) (reconcile.Result, error) { + reqLogger := r.Log.WithValues("Request.Namespace", request.Namespace, "Request.Name", request.Name) + reqLogger.Info("Reconciling pod update") + + if !r.isAntreaResource(&request) { + return reconcile.Result{}, nil + } + r.Status.SetFromPods() + + if err := r.recreateResourceIfNotExist(&request); err != nil { + return reconcile.Result{Requeue: true}, err + } + + return reconcile.Result{RequeueAfter: ResyncPeriod}, nil +} + +func (r *PodReconciler) isAntreaResource(request *reconcile.Request) bool { + if r.SharedInfo.AntreaAgentDaemonSetSpec != nil { + if request.Name == r.SharedInfo.AntreaAgentDaemonSetSpec.GetName() && request.Namespace == r.SharedInfo.AntreaAgentDaemonSetSpec.GetNamespace() { + return true + } + } + if r.SharedInfo.AntreaControllerDeploymentSpec != nil { + if request.Name == r.SharedInfo.AntreaControllerDeploymentSpec.GetName() && request.Namespace == r.SharedInfo.AntreaControllerDeploymentSpec.GetNamespace() { + return true + } + } + return false +} + +func (r *PodReconciler) recreateResourceIfNotExist(request *reconcile.Request) error { + r.SharedInfo.Lock() + defer r.SharedInfo.Unlock() + var curObject runtime.Object + var objectSpec *uns.Unstructured + if request.Name == r.SharedInfo.AntreaAgentDaemonSetSpec.GetName() && request.Namespace == r.SharedInfo.AntreaAgentDaemonSetSpec.GetNamespace() { + curObject = &appsv1.DaemonSet{} + objectSpec = r.SharedInfo.AntreaAgentDaemonSetSpec.DeepCopy() + } else { + curObject = &appsv1.Deployment{} + objectSpec = r.SharedInfo.AntreaControllerDeploymentSpec.DeepCopy() + } + err := r.Client.Get(context.TODO(), request.NamespacedName, curObject) + if err != nil { + if apierrors.IsNotFound(err) { + r.Log.Info(fmt.Sprintf("K8s resource - '%s' dose not exist", request.Name)) + } else { + r.Log.Error(err, fmt.Sprintf("Could not retrieve K8s resource - '%s'", request.Name)) + r.Status.SetDegraded(statusmanager.OperatorConfig, "ApplyObjectsError", fmt.Sprintf("Failed to apply objects: %v", err)) + return err + } + } else { + r.Log.Info(fmt.Sprintf("K8s resource - '%s' already exists", request.Name)) + return nil + } + if err = apply.ApplyObject(context.TODO(), r.Client, objectSpec); err != nil { + r.Log.Error( + err, fmt.Sprintf("could not apply (%s) %s/%s", + objectSpec.GroupVersionKind(), objectSpec.GetNamespace(), objectSpec.GetName())) + r.Status.SetDegraded( + statusmanager.OperatorConfig, "ApplyOperatorConfig", + fmt.Sprintf("Failed to apply operator configuration: %v", err)) + return err + } + r.Log.Info(fmt.Sprintf("Recreated K8s resource: %s", request.Name)) + return nil +} diff --git a/pkg/controller/sharedinfo/sharedinfo.go b/controllers/sharedinfo/sharedinfo.go similarity index 100% rename from pkg/controller/sharedinfo/sharedinfo.go rename to controllers/sharedinfo/sharedinfo.go diff --git a/pkg/controller/statusmanager/status_manager.go b/controllers/statusmanager/status_manager.go similarity index 51% rename from pkg/controller/statusmanager/status_manager.go rename to controllers/statusmanager/status_manager.go index fe664ff98..df24c6b65 100644 --- a/pkg/controller/statusmanager/status_manager.go +++ b/controllers/statusmanager/status_manager.go @@ -14,18 +14,19 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" logf "sigs.k8s.io/controller-runtime/pkg/log" - operatorv1 "github.com/vmware/antrea-operator-for-kubernetes/pkg/apis/operator/v1" - operatortypes "github.com/vmware/antrea-operator-for-kubernetes/pkg/types" + operatorv1 "github.com/vmware/antrea-operator-for-kubernetes/api/v1" + operatortypes "github.com/vmware/antrea-operator-for-kubernetes/controllers/types" ) var log = logf.Log.WithName("status_manager") -func SetAntreaInstallStatus(client client.Client, conditionType configv1.ClusterStatusConditionType, status configv1.ConditionStatus, t time.Time, reason, message string) { +func SetAntreaInstallStatus(cl client.Client, conditionType configv1.ClusterStatusConditionType, status configv1.ConditionStatus, t time.Time, reason, message string) { antreaInstall := &operatorv1.AntreaInstall{} - err := client.Get(context.TODO(), types.NamespacedName{Namespace: operatortypes.OperatorNameSpace, Name: operatortypes.OperatorConfigName}, antreaInstall) + err := cl.Get(context.TODO(), types.NamespacedName{Namespace: operatortypes.OperatorNameSpace, Name: operatortypes.OperatorConfigName}, antreaInstall) if err != nil { log.Error(err, "failed to get AntreaInstall") } + antreaInstallPatch := client.MergeFrom(antreaInstall.DeepCopy()) antreaInstall.Status.Conditions = []operatorv1.InstallCondition{ { Type: conditionType, @@ -39,29 +40,29 @@ func SetAntreaInstallStatus(client client.Client, conditionType configv1.Cluster if message != "" { antreaInstall.Status.Conditions[0].Message = message } - if err := client.Status().Update(context.TODO(), antreaInstall); err != nil { + if err := cl.Status().Patch(context.TODO(), antreaInstall, antreaInstallPatch); err != nil { log.Error(err, "failed to set AntreaInstall") } } -func SetAntreaInstallDegraded(client client.Client, reason, message string) { - SetAntreaInstallStatus(client, configv1.OperatorDegraded, configv1.ConditionTrue, time.Now(), reason, message) +func SetAntreaInstallDegraded(cl client.Client, reason, message string) { + SetAntreaInstallStatus(cl, configv1.OperatorDegraded, configv1.ConditionTrue, time.Now(), reason, message) } -func SetAntreaInstallNotDegraded(client client.Client) { - SetAntreaInstallStatus(client, configv1.OperatorDegraded, configv1.ConditionFalse, time.Now(), "", "") +func SetAntreaInstallNotDegraded(cl client.Client) { + SetAntreaInstallStatus(cl, configv1.OperatorDegraded, configv1.ConditionFalse, time.Now(), "", "") } -func SetDegraded(client client.Client, status *statusmanager.StatusManager, statusLevel statusmanager.StatusLevel, reason, message string) { +func SetDegraded(cl client.Client, status *statusmanager.StatusManager, statusLevel statusmanager.StatusLevel, reason, message string) { // Set clusteroperator/antrea status status.SetDegraded(statusLevel, reason, message) // Set AntreaInstall CR status - SetAntreaInstallDegraded(client, reason, message) + SetAntreaInstallDegraded(cl, reason, message) } -func SetNotDegraded(client client.Client, status *statusmanager.StatusManager, statusLevel statusmanager.StatusLevel) { +func SetNotDegraded(cl client.Client, status *statusmanager.StatusManager, statusLevel statusmanager.StatusLevel) { // Set clusteroperator/antrea status status.SetNotDegraded(statusLevel) // Set AntreaInstall CR status - SetAntreaInstallNotDegraded(client) + SetAntreaInstallNotDegraded(cl) } diff --git a/pkg/types/defaults.go b/controllers/types/defaults.go similarity index 82% rename from pkg/types/defaults.go rename to controllers/types/defaults.go index a635ab9ee..c2be1360e 100644 --- a/pkg/types/defaults.go +++ b/controllers/types/defaults.go @@ -5,6 +5,6 @@ package types const ( DefaultAntreaImage = "antrea/antrea-ubuntu:v0.9.1" - DefaultManifestDir = "manifest" + DefaultManifestDir = "antrea-manifest" DefaultMTU int = 1450 ) diff --git a/pkg/types/names.go b/controllers/types/names.go similarity index 100% rename from pkg/types/names.go rename to controllers/types/names.go diff --git a/go.mod b/go.mod index 2911460c5..9105e991f 100644 --- a/go.mod +++ b/go.mod @@ -4,22 +4,18 @@ go 1.13 require ( github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32 + github.com/go-logr/logr v0.1.0 + github.com/onsi/ginkgo v1.12.1 github.com/onsi/gomega v1.10.1 github.com/openshift/api v0.0.0-20200701144905-de5b010b2b38 github.com/openshift/cluster-network-operator v0.0.0-20200820075439-92e466db53cc - github.com/operator-framework/operator-sdk v0.17.2 - github.com/spf13/pflag v1.0.5 - golang.org/x/tools v0.0.0-20200902012652-d1954cc86c82 // indirect gopkg.in/yaml.v2 v2.3.0 - k8s.io/api v0.18.4 - k8s.io/apimachinery v0.18.4 + k8s.io/api v0.18.6 + k8s.io/apimachinery v0.18.6 k8s.io/client-go v12.0.0+incompatible - sigs.k8s.io/controller-runtime v0.5.2 + sigs.k8s.io/controller-runtime v0.6.3 ) replace ( - github.com/Azure/go-autorest => github.com/Azure/go-autorest v13.3.2+incompatible // Required by OLM - k8s.io/api => k8s.io/api v0.17.4 // Required by prometheus-operator - k8s.io/apimachinery => k8s.io/apimachinery v0.17.4 // Required by prometheus-operator - k8s.io/client-go => k8s.io/client-go v0.17.4 // Required by prometheus-operator + k8s.io/client-go => k8s.io/client-go v0.18.6 ) diff --git a/go.sum b/go.sum index 426958aa1..6c68e9ea8 100644 --- a/go.sum +++ b/go.sum @@ -25,6 +25,8 @@ github.com/Azure/azure-sdk-for-go v23.2.0+incompatible/go.mod h1:9XXNKU+eRnpl9mo github.com/Azure/azure-sdk-for-go v36.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-storage-blob-go v0.8.0/go.mod h1:lPI3aLPpuLTeUwh1sViKXFxwl2B6teiRqI0deQUvsw0= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= +github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= +github.com/Azure/go-autorest v11.2.8+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest v13.3.2+incompatible h1:VxzPyuhtnlBOzc4IWCZHqpyH2d+QMLQEuy3wREyY4oc= github.com/Azure/go-autorest v13.3.2+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI= @@ -229,15 +231,19 @@ github.com/elastic/go-sysinfo v1.1.1/go.mod h1:i1ZYdU10oLNfRzq4vq62BEwD2fH8KaWh6 github.com/elastic/go-windows v1.0.0/go.mod h1:TsU0Nrp7/y3+VwE82FoZF8gC/XFg/Elz6CcloAxnPgU= github.com/elastic/go-windows v1.0.1/go.mod h1:FoVvqWSun28vaDQPbj2Elfc0JahhPB7WQEGa3c814Ss= github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= +github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/evanphx/json-patch v0.0.0-20190203023257-5858425f7550/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v4.1.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v4.5.0+incompatible h1:ouOWdg56aJriqS0huScTkVXPC5IcNrDCXZ6OoTAWu7M= github.com/evanphx/json-patch v4.5.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch v4.9.0+incompatible h1:kLcOMZeuLAJvL2BPWLMIj5oaZQobrkAqrL+WFZwQses= +github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZMPRZwes7CROmyNKgQzC3XPs6L/G2EJLHddWejkmf4= github.com/facette/natsort v0.0.0-20181210072756-2cd4dd1e2dcb/go.mod h1:bH6Xx7IW64qjjJq8M2u4dxNaBiDfKK+z/3eGDpXEQhc= github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwoZc+/fpc= @@ -246,6 +252,8 @@ github.com/fatih/structtag v1.1.0/go.mod h1:mBJUNpUnHmRKrKlQQlmCrh5PuhftFbNv8Ys4 github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4= +github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsouza/fake-gcs-server v1.7.0/go.mod h1:5XIRs4YvwNbNoz+1JF8j6KLAyDh7RHGAyAK3EP2EsNk= github.com/fsouza/go-dockerclient v0.0.0-20171004212419-da3951ba2e9e/go.mod h1:KpcjM623fQYE9MZiTGzKhjfxXAV9wbyX2C1cyRHfhl0= github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7/go.mod h1:NR3MbYisc3/PwhQ00EMzDiPmrwpPxAn5GI05/YaO1SY= @@ -338,6 +346,7 @@ github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJA github.com/gocql/gocql v0.0.0-20190301043612-f6df8288f9b4/go.mod h1:4Fw1eo5iaEhDUs8XyuhSVCVy52Jq3L+/3GJgYkwc+/0= github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4= github.com/gofrs/flock v0.7.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= +github.com/gogo/protobuf v0.0.0-20171007142547-342cbe0a0415/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= @@ -389,6 +398,7 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI= +github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI= github.com/google/gofuzz v1.0.0 h1:A8PeW59pxE9IoFRqBp37U+mSNaQoZ46F1f0f863XSXw= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= @@ -406,6 +416,7 @@ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/googleapis/gax-go v2.0.2+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= +github.com/googleapis/gnostic v0.0.0-20170426233943-68f4ded48ba9/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/googleapis/gnostic v0.1.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/googleapis/gnostic v0.2.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= @@ -473,6 +484,8 @@ github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.3 h1:YPkqC67at8FYaadspW/6uE0COsBxS2656RLEr8Bppgk= github.com/hashicorp/golang-lru v0.5.3/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= +github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= +github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= @@ -491,6 +504,8 @@ github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJ github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.7 h1:Y+UAYTZ7gDEuOfhxKWy+dvb5dRQ6rJjFSdX2HZY1/gI= github.com/imdario/mergo v0.3.7/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/imdario/mergo v0.3.9 h1:UauaLniWCFHWd+Jp9oCEkTBj8VO/9DKg3PV3VCNMDIg= +github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/influxdata/influxdb v1.7.7/go.mod h1:qZna6X/4elxqT3yI9iZYdZrWWdeFOOprn86kgg4+IzY= github.com/jackc/fake v0.0.0-20150926172116-812a484cc733/go.mod h1:WrMFNQdiFJ80sQsxDoMokWK1W5TQtxBFNpzWTD84ibQ= @@ -507,11 +522,14 @@ github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqx github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= +github.com/json-iterator/go v0.0.0-20180701071628-ab8a2e0c74be/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.9 h1:9yzud/Ht36ygwatGx56VwCZtlI/2AD15T1X2sjSuGns= github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.10 h1:Kz6Cvnvv2wGdaG/V8yMvfkmNiXq9Ya2KUv4rouJJr68= +github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/jsonnet-bundler/jsonnet-bundler v0.2.0/go.mod h1:/by7P/OoohkI3q4CgSFqcoFsVY+IaNbzOVDknEsKDeU= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= @@ -634,6 +652,7 @@ github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+ github.com/onsi/ginkgo v1.12.1 h1:mFwc4LvZ0xpSvDZ3E+k8Yte0hLOMxXUlP+yXtJqkYfQ= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= +github.com/onsi/gomega v0.0.0-20190113212917-5533ce8a0da3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= @@ -747,6 +766,8 @@ github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDa github.com/prometheus/procfs v0.0.6/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/procfs v0.0.8 h1:+fpWZdT24pJBiqJdAwYBjPSk+5YmQzYNPYzQsdzLkt8= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= +github.com/prometheus/procfs v0.0.11 h1:DhHlBtkHWPYi8O2y31JkK0TF+DGM+51OopZjH/Ia5qI= +github.com/prometheus/procfs v0.0.11/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/prometheus v0.0.0-20180315085919-58e2a31db8de/go.mod h1:oAIUtOny2rjMX0OWN5vPR5/q/twIROJvdqnQKDdil/s= github.com/prometheus/prometheus v1.8.2-0.20200110114423-1e64d757f711/go.mod h1:7U90zPoLkWjEIQcy/rweQla82OCTUzxVHE51G3OhJbI= github.com/prometheus/prometheus v2.3.2+incompatible/go.mod h1:oAIUtOny2rjMX0OWN5vPR5/q/twIROJvdqnQKDdil/s= @@ -948,6 +969,7 @@ golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190206173232-65e2d4e15006/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190320064053-1272bf9dcd53/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= @@ -1031,13 +1053,16 @@ golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191010194322-b09406accb47/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191025021431-6c3a3bfe00ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191112214154-59a1497f0cea/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191113165036-4c7a9d0fe056/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191210023423-ac6580df4449/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200122134326-e047566fdf82 h1:ywK/j/KkyTHcdyYSZNXGjMwgmDSfjglYZ3vStQ/gSCU= golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1047,8 +1072,11 @@ golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fq golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180805044716-cb6730876b98/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.1-0.20181227161524-e6919f6577db/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1180,6 +1208,7 @@ gopkg.in/fsnotify/fsnotify.v1 v1.4.7/go.mod h1:Fyux9zXlo4rWoMSIzpn9fDAYjalPqJ/K1 gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo= gopkg.in/gorp.v1 v1.7.2/go.mod h1:Wo3h+DBQZIxATwftsglhdD/62zRFPhGhTiu5jUJmCaw= gopkg.in/imdario/mergo.v0 v0.3.7/go.mod h1:9qPP6AGrlC1G2PTNXko614FwGZvorN7MiBU0Eppok+U= +gopkg.in/inf.v0 v0.9.0/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.42.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= @@ -1215,8 +1244,21 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3 h1:3JgtbtFHMiCmsznwGVTUWbgGov+pVqnlf1dEJTNAXeM= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= +k8s.io/api v0.0.0-20190620084959-7cf5895f2711/go.mod h1:TBhBqb1AWbBQbW3XRusr7n7E4v2+5ZY8r8sAMnyFC5A= +k8s.io/api v0.0.0-20190813020757-36bff7324fb7/go.mod h1:3Iy+myeAORNCLgjd/Xu9ebwN7Vh59Bw0vh9jhoX+V58= +k8s.io/api v0.0.0-20190918155943-95b840bb6a1f/go.mod h1:uWuOHnjmNrtQomJrvEBg0c0HRNyQ+8KTEERVsK0PW48= +k8s.io/api v0.0.0-20191115095533-47f6de673b26/go.mod h1:iA/8arsvelvo4IDqIhX4IbjTEKBGgvsf2OraTuRtLFU= +k8s.io/api v0.16.7/go.mod h1:oUAiGRgo4t+5yqcxjOu5LoHT3wJ8JSbgczkaFYS5L7I= +k8s.io/api v0.17.0/go.mod h1:npsyOePkeP0CPwyGfXDHxvypiYMJxBWAMpQxCaJ4ZxI= +k8s.io/api v0.17.1/go.mod h1:zxiAc5y8Ngn4fmhWUtSxuUlkfz1ixT7j9wESokELzOg= +k8s.io/api v0.17.2/go.mod h1:BS9fjjLc4CMuqfSO8vgbHPKMt5+SF0ET6u/RVDihTo4= +k8s.io/api v0.17.3/go.mod h1:YZ0OTkuw7ipbe305fMpIdf3GLXZKRigjtZaV5gzC2J0= k8s.io/api v0.17.4 h1:HbwOhDapkguO8lTAE8OX3hdF2qp8GtpC9CW/MQATXXo= k8s.io/api v0.17.4/go.mod h1:5qxx6vjmwUVG2nHQTKGlLts8Tbok8PzHl4vHtVFuZCA= +k8s.io/api v0.18.3/go.mod h1:UOaMwERbqJMfeeeHc8XJKawj4P9TgDRnViIqqBeH2QA= +k8s.io/api v0.18.4/go.mod h1:lOIQAKYgai1+vz9J7YcDZwC26Z0zQewYOGWdyIPUUQ4= +k8s.io/api v0.18.6 h1:osqrAXbOQjkKIWDTjrqxWQ3w0GkKb1KA1XkUGHHYpeE= +k8s.io/api v0.18.6/go.mod h1:eeyxr+cwCjMdLAmr2W3RyDI0VvTawSg/3RFFBEnmZGI= k8s.io/apiextensions-apiserver v0.0.0-20190918161926-8f644eb6e783/go.mod h1:xvae1SZB3E17UpV59AWc271W/Ph25N+bjPyR63X6tPY= k8s.io/apiextensions-apiserver v0.16.7/go.mod h1:6xYRp4trGp6eT5WZ6tPi/TB2nfWQCzwUvBlpg8iswe0= k8s.io/apiextensions-apiserver v0.17.0/go.mod h1:XiIFUakZywkUl54fVXa7QTEHcqQz9HG55nHd1DCoHj8= @@ -1226,8 +1268,23 @@ k8s.io/apiextensions-apiserver v0.17.4 h1:ZKFnw3cJrGZ/9s6y+DerTF4FL+dmK0a04A++7J k8s.io/apiextensions-apiserver v0.17.4/go.mod h1:rCbbbaFS/s3Qau3/1HbPlHblrWpFivoaLYccCffvQGI= k8s.io/apiextensions-apiserver v0.18.3 h1:h6oZO+iAgg0HjxmuNnguNdKNB9+wv3O1EBDdDWJViQ0= k8s.io/apiextensions-apiserver v0.18.3/go.mod h1:TMsNGs7DYpMXd+8MOCX8KzPOCx8fnZMoIGB24m03+JE= +k8s.io/apiextensions-apiserver v0.18.6 h1:vDlk7cyFsDyfwn2rNAO2DbmUbvXy5yT5GE3rrqOzaMo= +k8s.io/apiextensions-apiserver v0.18.6/go.mod h1:lv89S7fUysXjLZO7ke783xOwVTm6lKizADfvUM/SS/M= +k8s.io/apimachinery v0.0.0-20190612205821-1799e75a0719/go.mod h1:I4A+glKBHiTgiEjQiCCQfCAIcIMFGt291SmsvcrFzJA= +k8s.io/apimachinery v0.0.0-20190809020650-423f5d784010/go.mod h1:Waf/xTS2FGRrgXCkO5FP3XxTOWh0qLf2QhL1qFZZ/R8= +k8s.io/apimachinery v0.0.0-20190913080033-27d36303b655/go.mod h1:nL6pwRT8NgfF8TT68DBI8uEePRt89cSvoXUVqbkWHq4= +k8s.io/apimachinery v0.0.0-20191115015347-3c7067801da2/go.mod h1:dXFS2zaQR8fyzuvRdJDHw2Aerij/yVGJSre0bZQSVJA= +k8s.io/apimachinery v0.16.7/go.mod h1:Xk2vD2TRRpuWYLQNM6lT9R7DSFZUYG03SarNkbGrnKE= +k8s.io/apimachinery v0.17.0/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg= +k8s.io/apimachinery v0.17.1/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg= +k8s.io/apimachinery v0.17.2/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg= +k8s.io/apimachinery v0.17.3/go.mod h1:gxLnyZcGNdZTCLnq3fgzyg2A5BVCHTNDFrw8AmuJ+0g= k8s.io/apimachinery v0.17.4 h1:UzM+38cPUJnzqSQ+E1PY4YxMHIzQyCg29LOoGfo79Zw= k8s.io/apimachinery v0.17.4/go.mod h1:gxLnyZcGNdZTCLnq3fgzyg2A5BVCHTNDFrw8AmuJ+0g= +k8s.io/apimachinery v0.18.3/go.mod h1:OaXp26zu/5J7p0f92ASynJa1pZo06YlV9fG7BoWbCko= +k8s.io/apimachinery v0.18.4/go.mod h1:OaXp26zu/5J7p0f92ASynJa1pZo06YlV9fG7BoWbCko= +k8s.io/apimachinery v0.18.6 h1:RtFHnfGNfd1N0LeSrKCUznz5xtUP1elRGvHJbL3Ntag= +k8s.io/apimachinery v0.18.6/go.mod h1:OaXp26zu/5J7p0f92ASynJa1pZo06YlV9fG7BoWbCko= k8s.io/apiserver v0.0.0-20190918160949-bfa5e2e684ad/go.mod h1:XPCXEwhjaFN29a8NldXA901ElnKeKLrLtREO9ZhFyhg= k8s.io/apiserver v0.16.7/go.mod h1:/5zSatF30/L9zYfMTl55jzzOnx7r/gGv5a5wtRp8yAw= k8s.io/apiserver v0.17.0/go.mod h1:ABM+9x/prjINN6iiffRVNCBR2Wk7uY4z+EtEGZD48cg= @@ -1235,12 +1292,15 @@ k8s.io/apiserver v0.17.2/go.mod h1:lBmw/TtQdtxvrTk0e2cgtOxHizXI+d0mmGQURIHQZlo= k8s.io/apiserver v0.17.3/go.mod h1:iJtsPpu1ZpEnHaNawpSV0nYTGBhhX2dUlnn7/QS7QiY= k8s.io/apiserver v0.17.4/go.mod h1:5ZDQ6Xr5MNBxyi3iUZXS84QOhZl+W7Oq2us/29c0j9I= k8s.io/apiserver v0.18.3/go.mod h1:tHQRmthRPLUtwqsOnJJMoI8SW3lnoReZeE861lH8vUw= +k8s.io/apiserver v0.18.6/go.mod h1:Zt2XvTHuaZjBz6EFYzpp+X4hTmgWGy8AthNVnTdm3Wg= k8s.io/autoscaler v0.0.0-20190607113959-1b4f1855cb8e/go.mod h1:QEXezc9uKPT91dwqhSJq3GNI3B1HxFRQHiku9kmrsSA= k8s.io/cli-runtime v0.17.2/go.mod h1:aa8t9ziyQdbkuizkNLAw3qe3srSyWh9zlSB7zTqRNPI= k8s.io/cli-runtime v0.17.3/go.mod h1:X7idckYphH4SZflgNpOOViSxetiMj6xI0viMAjM81TA= k8s.io/cli-runtime v0.17.4/go.mod h1:IVW4zrKKx/8gBgNNkhiUIc7nZbVVNhc1+HcQh+PiNHc= k8s.io/client-go v0.17.4 h1:VVdVbpTY70jiNHS1eiFkUt7ZIJX3txd29nDxxXH4en8= k8s.io/client-go v0.17.4/go.mod h1:ouF6o5pz3is8qU0/qYL2RnoxOPqgfuidYLowytyLJmc= +k8s.io/client-go v0.18.6 h1:I+oWqJbibLSGsZj8Xs8F0aWVXJVIoUHWaaJV3kUN/Zw= +k8s.io/client-go v0.18.6/go.mod h1:/fwtGLjYMS1MaM5oi+eXhKwG+1UHidUEXRh6cNsdO0Q= k8s.io/code-generator v0.0.0-20190912054826-cd179ad6a269/go.mod h1:V5BD6M4CyaN5m+VthcclXWsVcT1Hu+glwa1bi3MIsyE= k8s.io/code-generator v0.16.7/go.mod h1:wFdrXdVi/UC+xIfLi+4l9elsTT/uEF61IfcN2wOLULQ= k8s.io/code-generator v0.17.0/go.mod h1:DVmfPQgxQENqDIzVR2ddLXMH34qeszkKSdH/N+s+38s= @@ -1249,6 +1309,7 @@ k8s.io/code-generator v0.17.2/go.mod h1:DVmfPQgxQENqDIzVR2ddLXMH34qeszkKSdH/N+s+ k8s.io/code-generator v0.17.3/go.mod h1:l8BLVwASXQZTo2xamW5mQNFCe1XPiAesVq7Y1t7PiQQ= k8s.io/code-generator v0.17.4/go.mod h1:l8BLVwASXQZTo2xamW5mQNFCe1XPiAesVq7Y1t7PiQQ= k8s.io/code-generator v0.18.3/go.mod h1:TgNEVx9hCyPGpdtCWA34olQYLkh3ok9ar7XfSsr8b6c= +k8s.io/code-generator v0.18.6/go.mod h1:TgNEVx9hCyPGpdtCWA34olQYLkh3ok9ar7XfSsr8b6c= k8s.io/component-base v0.0.0-20190918160511-547f6c5d7090/go.mod h1:933PBGtQFJky3TEwYx4aEPZ4IxqhWh3R6DCmzqIn1hA= k8s.io/component-base v0.16.7/go.mod h1:ikdyfezOFMu5O0qJjy/Y9eXwj+fV3pVwdmt0ulVcIR0= k8s.io/component-base v0.17.0/go.mod h1:rKuRAokNMY2nn2A6LP/MiwpoaMRHpfRnrPaUJJj1Yoc= @@ -1257,6 +1318,8 @@ k8s.io/component-base v0.17.3/go.mod h1:GeQf4BrgelWm64PXkIXiPh/XS0hnO42d9gx9BtbZ k8s.io/component-base v0.17.4/go.mod h1:5BRqHMbbQPm2kKu35v3G+CpVq4K0RJKC7TRioF0I9lE= k8s.io/component-base v0.18.3 h1:QXq+P4lgi4LCIREya1RDr5gTcBaVFhxEcALir3QCSDA= k8s.io/component-base v0.18.3/go.mod h1:bp5GzGR0aGkYEfTj+eTY0AN/vXTgkJdQXjNTTVUaa3k= +k8s.io/component-base v0.18.6 h1:Wd6cHGwJN2qpufnirVOB3oMhyhbioGsKEi5HeDBsV+s= +k8s.io/component-base v0.18.6/go.mod h1:knSVsibPR5K6EW2XOjEHik6sdU5nCvKMrzMt2D4In14= k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20190822140433-26a664648505/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20191010091904-7fa3014cb28f/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= @@ -1264,6 +1327,7 @@ k8s.io/gengo v0.0.0-20200114144118-36b2048a9120/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8 k8s.io/helm v2.16.3+incompatible/go.mod h1:LZzlS4LQBHfciFOurYBFkCMTaZ0D1l+p0teMg7TSULI= k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= +k8s.io/klog v0.3.1/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v0.3.3/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v0.4.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= @@ -1272,7 +1336,9 @@ k8s.io/klog/v2 v2.0.0 h1:Foj74zO6RbjjP4hBEKjnYtjjAhGg4jNynUdYF6fJrok= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/kube-aggregator v0.17.3/go.mod h1:1dMwMFQbmH76RKF0614L7dNenMl3dwnUJuOOyZ3GMXA= k8s.io/kube-aggregator v0.18.3/go.mod h1:fux0WabUOggW2yAACL4jQGVd6kv7mSgBnJ3GgCXCris= +k8s.io/kube-openapi v0.0.0-20190228160746-b3a7cee44a30/go.mod h1:BXM9ceUBTj2QnfH2MK1odQs778ajze1RxcmP6S8RVVc= k8s.io/kube-openapi v0.0.0-20190320154901-5e45bb682580/go.mod h1:BXM9ceUBTj2QnfH2MK1odQs778ajze1RxcmP6S8RVVc= +k8s.io/kube-openapi v0.0.0-20190709113604-33be087ad058/go.mod h1:nfDlWeOsu3pUf4yWGL+ERqohP4YsZcBJXWMK+gkzOA4= k8s.io/kube-openapi v0.0.0-20190816220812-743ec37842bf/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E= k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a h1:UcxjrRMyNx/i/y8G7kPvLyy7rfbeuf1PYyBf973pgyU= k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E= @@ -1307,6 +1373,8 @@ rsc.io/letsencrypt v0.0.3/go.mod h1:buyQKZ6IXrRnB7TdkHP0RyEybLx18HHyOSoTyoOLqNY= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.7/go.mod h1:PHgbrJT7lCHcxMU+mDHEm+nx46H4zuuHZkDP6icnhu0= sigs.k8s.io/controller-runtime v0.5.2 h1:pyXbUfoTo+HA3jeIfr0vgi+1WtmNh0CwlcnQGLXwsSw= sigs.k8s.io/controller-runtime v0.5.2/go.mod h1:JZUwSMVbxDupo0lTJSSFP5pimEyxGynROImSsqIOx1A= +sigs.k8s.io/controller-runtime v0.6.3 h1:SBbr+inLPEKhvlJtrvDcwIpm+uhDvp63Bl72xYJtoOE= +sigs.k8s.io/controller-runtime v0.6.3/go.mod h1:WlZNXcM0++oyaQt4B7C2lEE5JYRs8vJUzRP4N4JpdAY= sigs.k8s.io/controller-tools v0.2.4/go.mod h1:m/ztfQNocGYBgTTCmFdnK94uVvgxeZeE3LtJvd/jIzA= sigs.k8s.io/controller-tools v0.2.8/go.mod h1:9VKHPszmf2DHz/QmHkcfZoewO6BL7pPs9uAiBVsaJSE= sigs.k8s.io/kustomize v2.0.3+incompatible/go.mod h1:MkjgH3RdOWrievjo6c9T245dYlB5QeXV4WCbnt/PEpU= diff --git a/hack/boilerplate.go.txt b/hack/boilerplate.go.txt new file mode 100644 index 000000000..95f24d976 --- /dev/null +++ b/hack/boilerplate.go.txt @@ -0,0 +1,2 @@ +/* Copyright © 2020 VMware, Inc. All Rights Reserved. + SPDX-License-Identifier: Apache-2.0 */ \ No newline at end of file diff --git a/main.go b/main.go new file mode 100644 index 000000000..9cbe721ad --- /dev/null +++ b/main.go @@ -0,0 +1,97 @@ +/* Copyright © 2020 VMware, Inc. All Rights Reserved. + SPDX-License-Identifier: Apache-2.0 */ + +package main + +import ( + "flag" + "os" + + "github.com/openshift/cluster-network-operator/pkg/controller/statusmanager" + + "github.com/vmware/antrea-operator-for-kubernetes/controllers/sharedinfo" + "github.com/vmware/antrea-operator-for-kubernetes/controllers/types" + "github.com/vmware/antrea-operator-for-kubernetes/version" + + configv1 "github.com/openshift/api/config/v1" + ocoperv1 "github.com/openshift/api/operator/v1" + "k8s.io/apimachinery/pkg/runtime" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" + clientgoscheme "k8s.io/client-go/kubernetes/scheme" + _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + operatorv1 "github.com/vmware/antrea-operator-for-kubernetes/api/v1" + "github.com/vmware/antrea-operator-for-kubernetes/controllers" + // +kubebuilder:scaffold:imports +) + +var ( + scheme = runtime.NewScheme() + setupLog = ctrl.Log.WithName("setup") +) + +func init() { + utilruntime.Must(clientgoscheme.AddToScheme(scheme)) + utilruntime.Must(configv1.Install(scheme)) + utilruntime.Must(ocoperv1.Install(scheme)) + + utilruntime.Must(operatorv1.AddToScheme(scheme)) + // +kubebuilder:scaffold:scheme +} + +func main() { + var metricsAddr string + var enableLeaderElection bool + flag.StringVar(&metricsAddr, "metrics-addr", "0", "The address the metric endpoint binds to.") + flag.BoolVar(&enableLeaderElection, "enable-leader-election", false, + "Enable leader election for controller manager. "+ + "Enabling this will ensure there is only one active controller manager.") + flag.Parse() + + ctrl.SetLogger(zap.New(zap.UseDevMode(true))) + + mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ + Scheme: scheme, + MetricsBindAddress: metricsAddr, + Port: 9443, + LeaderElection: enableLeaderElection, + LeaderElectionID: "antrea-operator.antrea.vmware.com", + }) + if err != nil { + setupLog.Error(err, "unable to start manager") + os.Exit(1) + } + statusManager := statusmanager.New(mgr.GetClient(), mgr.GetRESTMapper(), types.AntreaClusterOperatorName, version.Version) + sharedInfo := sharedinfo.New() + if err = (&controllers.AntreaInstallReconciler{ + Client: mgr.GetClient(), + Log: ctrl.Log.WithName("controllers").WithName("AntreaInstall"), + Scheme: mgr.GetScheme(), + Status: statusManager, + Mapper: mgr.GetRESTMapper(), + SharedInfo: sharedInfo, + }).SetupWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create controller", "controller", "AntreaInstall") + os.Exit(1) + } + // +kubebuilder:scaffold:builder + + if err = (&controllers.PodReconciler{ + Client: mgr.GetClient(), + Log: ctrl.Log.WithName("controllers").WithName("Pod"), + Scheme: mgr.GetScheme(), + Status: statusManager, + SharedInfo: sharedInfo, + }).SetupWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create controller", "controller", "AntreaInstall") + os.Exit(1) + } + + setupLog.Info("starting manager") + if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil { + setupLog.Error(err, "problem running manager") + os.Exit(1) + } +} diff --git a/olm-catalog/0.0.1/antrea-operator.v0.0.1.clusterserviceversion.yaml b/olm-catalog/0.0.1/antrea-operator.v0.0.1.clusterserviceversion.yaml index 8e21feec9..c50d0c373 100644 --- a/olm-catalog/0.0.1/antrea-operator.v0.0.1.clusterserviceversion.yaml +++ b/olm-catalog/0.0.1/antrea-operator.v0.0.1.clusterserviceversion.yaml @@ -26,7 +26,7 @@ metadata: containerImage: antrea/antrea-operator:0.0.1 support: VMware certified: "True" - name: antrea-operator.v0.0.1 + name: antrea-operator-for-kubernetes.v0.0.1 marketplace.openshift.io/action-text: Install-time Instructions marketplace.openshift.io/remote-workflow: https://github.com/vmware/antrea-operator-for-kubernetes/blob/main/README.md repository: github.com/vmware/antrea-operator-for-kubernetes @@ -155,10 +155,10 @@ spec: verbs: [get, watch, list] - apiGroups: [ops.antrea.tanzu.vmware.com] resources: [traceflows, traceflows/status] - verbs: [create, get, list, patch, update, watch, delete, delete] + verbs: [create, get, list, patch, update, watch, delete] - apiGroups: [clusterinformation.antrea.tanzu.vmware.com] resources: [antreaagentinfos, antreacontrollerinfos] - verbs: [get, list, create, update, delete, delete] + verbs: [get, list, create, update, delete] - apiGroups: [networking.antrea.tanzu.vmware.com] resources: [networkpolicies, appliedtogroups, addressgroups] verbs: [get, watch, list, delete] diff --git a/olm-catalog/antrea-operator.package.yaml b/olm-catalog/antrea-operator.package.yaml index aeac9a6ac..d44d81ba7 100644 --- a/olm-catalog/antrea-operator.package.yaml +++ b/olm-catalog/antrea-operator.package.yaml @@ -1,5 +1,5 @@ channels: - - currentCSV: antrea-plugin-operator.v0.0.1 + - currentCSV: antrea-operator-for-kubernetes.v0.0.1 name: alpha defaultChannel: alpha -packageName: antrea-operator +packageName: antrea-operator-for-kubernetes diff --git a/packagemanifests/0.0.1/antrea-operator-for-kubernetes.clusterserviceversion.yaml b/packagemanifests/0.0.1/antrea-operator-for-kubernetes.clusterserviceversion.yaml new file mode 100644 index 000000000..5a66ae64e --- /dev/null +++ b/packagemanifests/0.0.1/antrea-operator-for-kubernetes.clusterserviceversion.yaml @@ -0,0 +1,348 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "operator.antrea.vmware.com/v1", + "kind": "AntreaInstall", + "metadata": { + "name": "antrea-install", + "namespace": "antrea-operator" + }, + "spec": { + "antreaAgentConfig": "# FeatureGates is a map of feature names to bools that enable or disable experimental features.\nfeatureGates:\n# Enable antrea proxy which provides ServiceLB for in-cluster services in antrea agent.\n# It should be enabled on Windows, otherwise NetworkPolicy will not take effect on\n# Service traffic.\n# AntreaProxy: false\n\n# Enable traceflow which provides packet tracing feature to diagnose network issue.\n# Traceflow: false\n\n# Enable ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins\n# to define security policies which apply to the entire cluster.\n# ClusterNetworkPolicy: false\n\n# Enable flowexporter which exports polled conntrack connections as IPFIX flow records from each agent to a configured collector.\n# FlowExporter: false\n\n# Name of the OpenVSwitch bridge antrea-agent will create and use.\n# Make sure it doesn't conflict with your existing OpenVSwitch bridges.\n#ovsBridge: br-int\n\n# Datapath type to use for the OpenVSwitch bridge created by Antrea. Supported values are:\n# - system\n# - netdev\n# 'system' is the default value and corresponds to the kernel datapath. Use 'netdev' to run\n# OVS in userspace mode. Userspace mode requires the tun device driver to be available.\n#ovsDatapathType: system\n\n# Name of the interface antrea-agent will create and use for host \u003c--\u003e pod communication.\n# Make sure it doesn't conflict with your existing interfaces.\n#hostGateway: antrea-gw0\n\n# Encapsulation mode for communication between Pods across Nodes, supported values:\n# - geneve (default)\n# - vxlan\n# - gre\n# - stt\n#tunnelType: geneve\n\n# Default MTU to use for the host gateway interface and the network interface of each Pod.\n# If omitted, antrea-agent will discover the MTU of the Node's primary interface and\n# also adjust MTU to accommodate for tunnel encapsulation overhead (if applicable).\n#defaultMTU: 1450\n\n# Whether or not to enable IPsec encryption of tunnel traffic. IPsec encryption is only supported\n# for the GRE tunnel type.\n#enableIPSecTunnel: false\n\n# Determines how traffic is encapsulated. It has the following options\n# encap(default): Inter-node Pod traffic is always encapsulated and Pod to outbound traffic is masqueraded.\n# noEncap: Inter-node Pod traffic is not encapsulated, but Pod to outbound traffic is masqueraded.\n# Underlying network must be capable of supporting Pod traffic across IP subnet.\n# hybrid: noEncap if worker Nodes on same subnet, otherwise encap.\n# networkPolicyOnly: Antrea enforces NetworkPolicy only, and utilizes CNI chaining and delegates Pod IPAM and connectivity to primary CNI.\n#\n#trafficEncapMode: encap\n\n# The port for the antrea-agent APIServer to serve on.\n# Note that if it's set to another value, the `containerPort` of the `api` port of the\n# `antrea-agent` container must be set to the same value.\n#apiPort: 10350\n\n# Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener.\n#enablePrometheusMetrics: false\n\n# Provide flow collector address as string with format \u003cIP\u003e:\u003cport\u003e[:\u003cproto\u003e], where proto is tcp or udp. This also enables\n# the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge. If no L4 transport proto is given,\n# we consider tcp as default.\n#flowCollectorAddr: \"\"\n\n# Provide flow poll interval as a duration string. This determines how often the flow exporter dumps connections from the conntrack module.\n# Flow poll interval should be greater than or equal to 1s (one second).\n# Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\".\n#flowPollInterval: \"5s\"\n\n# Provide flow export frequency, which is the number of poll cycles elapsed before flow exporter exports flow records to\n# the flow collector.\n# Flow export frequency should be greater than or equal to 1.\n#flowExportFrequency: 12\n", + "antreaCNIConfig": "{\n \"cniVersion\":\"0.3.0\",\n \"name\": \"antrea\",\n \"plugins\": [\n {\n \"type\": \"antrea\",\n \"ipam\": {\n \"type\": \"host-local\"\n }\n },\n {\n \"type\": \"portmap\",\n \"capabilities\": {\"portMappings\": true}\n }\n ]\n}\n", + "antreaControllerConfig": "# FeatureGates is a map of feature names to bools that enable or disable experimental features.\nfeatureGates:\n# Enable traceflow which provides packet tracing feature to diagnose network issue.\n# Traceflow: false\n\n# Enable ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins\n# to define security policies which apply to the entire cluster.\n# ClusterNetworkPolicy: false\n\n# The port for the antrea-controller APIServer to serve on.\n# Note that if it's set to another value, the `containerPort` of the `api` port of the\n# `antrea-controller` container must be set to the same value.\n#apiPort: 10349\n\n# Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener.\n#enablePrometheusMetrics: false\n\n# Indicates whether to use auto-generated self-signed TLS certificate.\n# If false, A Secret named \"antrea-controller-tls\" must be provided with the following keys:\n# ca.crt: \u003cCA certificate\u003e\n# tls.crt: \u003cTLS certificate\u003e\n# tls.key: \u003cTLS private key\u003e\n# And the Secret must be mounted to directory \"/var/run/antrea/antrea-controller-tls\" of the\n# antrea-controller container.\n#selfSignedCert: true\n", + "antreaImage": "antrea/antrea-ubuntu:v0.9.1" + } + } + ] + capabilities: Basic Install + description: An operator which installs Antrea network CNI plugin on the Kubernetes cluster. + operators.operatorframework.io/builder: operator-sdk-v1.2.0 + operators.operatorframework.io/project_layout: go.kubebuilder.io/v2 + name: antrea-operator-for-kubernetes.v0.0.1 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: AntreaInstall is the Schema for the antreainstalls API + displayName: Antrea Install + kind: AntreaInstall + name: antreainstalls.operator.antrea.vmware.com + resources: + - kind: Deployment + name: A Kubernetes Deployment for the Operator + version: v1 + - kind: Network + name: Openshift's cluster network + version: v1 + - kind: ClusterOperator + name: antrea cluster operator + version: v1 + - kind: AntreaInstall + name: this operator's CR + version: v1 + specDescriptors: + - description: AntreaAgentConfig holds the configurations for antrea-agent. + displayName: Antrea Agent Config + path: antreaAgentConfig + - description: AntreaCNIConfig holds the configuration of CNI. + displayName: Antrea CNIConfig + path: antreaCNIConfig + - description: AntreaControllerConfig holds the configurations for antrea-controller. + displayName: Antrea Controller Config + path: antreaControllerConfig + - description: AntreaImage is the Docker image name used by antrea-agent and antrea-controller. + displayName: Antrea Image + path: antreaImage + statusDescriptors: + - description: Conditions describes the state of Antrea installation. + displayName: Conditions + path: conditions + version: v1 + description: An operator which installs Antrea network CNI plugin on the Kubernetes cluster. + displayName: Antrea Operator + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAAT4AAAD2CAYAAABP9OtdAAAACXBIWXMAAAsSAAALEgHS3X78AAAgAElEQVR4nO2dW3BV15nnv6MrQkYSCgILDMJAwAW2uZjuGCdpZHdNTdpJF6SmUpPqh7bS/dTVXRVlV6GXfrDy0C9QdUKqZmoe5sFyP/SkH6Ysz0zi7nRPLNrtS/mCwcYUJoCRMchcjCVhQPfT9W2tLR+d9a2917mfvdf/V5XgWmfr3PY+//3dVyqTyRAAALhEHc42AMA1IHwAAOeA8AEAnAPCBwBwDggfAMA5IHwAAOeA8AEAnAPCBwBwDggfAMA5IHwAAOeA8AEAnAPCBwBwDggfAMA5IHwAAOeA8AEAnAPCBwBwDggfAMA5IHwAAOeA8AEAnAPCBwBwDggfAMA5IHwAAOeA8AEAnAPCBwBwDggfAMA5IHwAAOeA8AEAnAPCBwBwjgacclAuPG9gDxF1ENFm9T8bRviYdProCE4MKBepTCaDLxcUjRK5XiLao/63uwRPO0FEp5QY+v+m00fHtaMAyBMIHygIzxtgS+6w+h8LXnuFvsnTSgiH0umjp7RHAbAAwgesyRG7QzXwzY0S0TBEEOQLhA9E4nkDHJ8bVIJXKcsuX9gSPJ5OHx3CGQVRQPiAEc8b6FWCd9B0TA3CVuBxZQUiHghEIHxAQ1l4QzETvFw4MdIPCxBIQPjAEiqGx9bScwn6VtgC7EN5DMgGwgd8PG+gT4lercbwiuVlJYBwfwGEz3WUlTccc7fWlgklfsPxeLugXED4HMbzBg6rWF5JrbxMQyPNtLXTzfb1NLGila63tNFsUyPdXdupHRvQMD1LD9y8TatmZ6jrzhfUMXOHWu98QY13JrVjS8CLKv4H689RIHyO4nkDnK19vlSf/v669XR1VTddXNMdKnD5woL40NgYbfxyjDpvXaH6+/dK9dSnlfWH+j8HgfA5hnJth0pRgMxid6mzhy5u2kxzzY3a44WQuT9LdZdu0ezUDDU80aM9w+O/fY02Tn5KzU3z2mMFwK7vYSQ+3APC5xBK9EaK6aNlN/ZW9xZ6e+summ57QHu8ECavTtCK0VvUeOEGLVxZ9D4XDmyhxmd2aM+W+fs3/WO2ts3SxtVT1NU2pR1TAD9B2YtbQPgcQQ0R4KC+bkZZwIL3+aYd9M43HyuJdZf6aIymz1+nuau3qXliWns8SvgCOpoW6NG196h79X3t2DyB+DkEhM8BlOiNFJrEuN2znf79kSdKIngzv/mQ6t//TFvPJfO9naKrO/93r2hrpATwDx66Qx2tM9pjefDLdPpof1EfEMQCDCJNOMWI3nTnGvrXAz+gkd1PliyG13jrK21NpGOltGpkfKaO/uVSO711aTVNz9SbDovip6qeESQcCF+CyUpk5C16Y1sepV9/51ma7MovQ3vv9j2aeeMizb03qj1WLJz4iOLK3Qb67YXVdHb9Hppd1RZxtMgLEL/kA+FLKIUmMuZbVtKrT/2A3nx0n/aYCRYkFrrp//kaNf+PE1T/6nnKTMhJh5npOW1Non59h7Y6f82u7G5qPkUnt2yj//v0Yd9NL4AXVI0jSCgQvuRyPF/RY9f21390iL5cY2fl+dbdS6do5r+PUOqfzlLDja/d2KZ1srWVfUwYqZbiXOuVnYuuMrvpv3/0Se1xC4ZUmAAkEAhfAvG8gf58Bw2Mr3/Yd21tYnlzF2/62VXfujs7Rg2CFTe7ovTbuTRO6a8jMbd2eZnNh1u2+1YsZ6bzgMMDw8pyBgkDwpcw1Ay9X+TzqVj0frf/u9p6LoHgpX717rKSklIz3d4sPuPMdbv2taZmXXTZih35w/+cr/j1qBgpSBgQvgSRlcyw5vL2fZGixy7t/D++U3bBC2hpa9HW8mF2lfz3BYrfIWVBgwSh3xpBnBnKp0CZLb2TjzyqrWcz+7uPqf7kp0SCO1tpMlOLNXpzzQ3UpNzZuYcW45GpnsV/G7Z2UVgxSyB+vW//M6XmorPEikHPGxhOp49e1h4BsQTClxCUi2vdf2vj3rJrW/fmpYq7BbNrHqAmbZVo7smt1PTsY8uErZAUSAHi165uKr3aIyCWoHMjASgX95Sttcf1bVzqYQO7uHThVt5f0t2+p6htw/LyQe7JbR16w/9vjuOxS8sWW6p9hV+wzCUsxWZz8+GxS+fpm2feyudP0NaWEGDxJYN+W9Hj+NYrT31fWzcx/Z92UfOFE4ZHzeSKHrOqcyXN/3i/L3ArlcBVTuZ0ONvbdfs6dVz7RHvMwHHl8mKOX8yB8MUcZe1ZB9/f3tubV/sZ18PN7Oz2y1ZsYWtOajhja45jcNWCkzRNX96lzOhtqrs5SXOTU3Tu7jg9ucX6DbWr73pQewTECmR144/1PhncxXC1u1tbZ7gQmWN6EnMHo7sfWOx4ogq7uCv/5hnt8Uph/AwXb/p1h5yZ5rglu+9cTM0tbhdv5DVeqx+1ffEHFl+MUdtAWhUqcyvav+14QlunYGLK2TGavnqbGgTRMll9nF1N7XyQpnZvWnJty+m6BhYbFzIHNX0Nn932/w3KbFL8f3/7J9rfhnHyegutWzVFD7RYZa5h9SUACF+8sXZx333027SwQpcl7rENxkTxXDwuX5Hm4LHVFwgfW3dNB7ZS0871vvsqZWALgXt+uR/XlORgi81/L1muyoJ2VGGcGVtFT2750vZv2eo7jlhffIHwxRTlbllNEfmqa4Po4rIFxQMFsi+ChZOfUubAFk14AquvbtNqWinMycuHQOA41paZuE+Nd+4vs9ju/9XBpeRH9nuV+zksGQ/fq4Nd3p4vW2wHmsLqizkQvvjSZxvbO7HrW9oa0/L/TtNCTmEy993Ovv8pNT21VTu+6YfF9eyzdTnz5kXfskwFbqlgtQUDBpa99pd3tTUJ7tOVCph5WkxKW13OmRsraW3bNNXXW9mRfRC++ILkRnyxcnO5UFnaG4Nn5pnaz+ZOFjdLzzQ3j8VHGjNfSqQ+XVt4mOnlL3TRNdCD0VXxBcIXQ9S4JCt/8/Xte7U1FqbMG5e09QDfIvvIvnyFcmbyzf7TR9rj/jET0W7knEm4IlzVUnH21gqan7f+WWBgaUyB8MUTqx8cb/8oWXtzb14SR0kVQjCTbyH9r0sz+VLt8pAAjuVF0bRWf7+krMViCLK/UfAQ0xuT1tHEQyhtiSeG2yuocaxcrFMb5QEEnMAw3fHY4qp/ejtldunJkGy4/WzV/z9LzQZ3uVqY+nzz4f2pTnqw4YZtH+9hjK6KHxC+mGHr5nLd3tj6B7V1dkfDrD0WPWl3s2zYwms9O6YlJQIyRQwhXWDh1Vbt3GQmtcJe9jgRwjHB7H5h7ixh23L03BnafP6k9jcCEL4YAuGLH1bW3u01G7U1pv6ja2bBMmzpqB136462lk2dYey8KZmy7JiuNlH4/JIXbdWe+V3rKcMC19NJ91Y0+QXXwevoFYNEHzy8w1b4MLElhpg8HlC7WP3QTj/0TW2N43Em8Znf+5CV6DENbSu0tWrBrnndxg6a39ntt8wFc/m09/xEj1+YzRadNEAhF+5n5j1ILGjH3hzxAxZf/DgY9Y7ZzZW2hWz6xNDHuvYBan72MW3dBFtldSGjqmZWt2oXlqnERXuP69rINCiNBS53jFWzKnQuVfdINlc6e2jbbfPnzOKwGgsGYgKEL0aoYaOR3Fm9TjwkdeGGtsZMP/t4cV0ROUgFyNypEVVATGqTIumiTP35Af9fyS0tF+e+0U3bLlg9OSy+mCFdY6B2sfqBXW3XkxrM3JVx7YSzi2ty/TiJIXVr+O7km3Id4JwhOWGCrc3Uhg4/LjjzcJcompUkGITgs7XLn19okd3VvyRQ00D44oXVD+zi2vXamt/rmpPN9feuePoR7VhSnR3+UAJB+MIw1uGN3vYtvkDomnvW0MKWNUuuKlXwYgx6hbkomusDg9l8XIMYWL6c6GGmvtFFLdevac+RA3dxdGBoQXyA8MWLzVHvli2UufZWbb11bIJyi1jq9m3ShhFQMLwgpLMjDFM5yuyejUR7Ni5ZdJmsXt1yw5+H+5Ipd3xV1r+5PwS2Pnntessa2kyRwkfqpjSirYKaBMIXLyLNr5k2g9t6fVJL4TcckEcPS8MLbDGVo5TDhQ3c0gWezTd+jxpvfbUUC8zGP8aQzZZgSzh4v1e+0U2bL38gHKUReVMCtQOEL17IqpbF/RWrtDUSCoC5/KNesPZ4UnGqwG4MntPXGpKVLRTuEmkfv7co3oJbGgjtTHODmKThwaX5yHjDxq+70O416t+RAQhfjIDwxQTbWrHxJln4cguA6x7foB3D1L9+Ie9C4WAwKc/pK8eefdwax4mZwGI1XbSm+KJk7YYxv7FzSUzvrtXLggygZzdGmK4hUHtY/bDutujxPWZmem7pZPubAQmb/vgJkDysvWzBKxS2MDnxwUME6p7YLPYI35+8L1py5WKqZ00hdYHI7MYICF/CuN4it4uxa7j03xtkK6bhrYvamgS7jrPf21mQ4LHbumL0FjVeuOHH3YKBpGxl3vnjlSS9e9sZfqYBBewe50NueQ/vQ9x4J7/nALUNhM9BmrevE13SuUs3lyUm6jbKRiZbZflcOGxJsqjy87cqEZPcaame0I85aqsypgEFddNz4utJSJ95oVF+XhBfIHwOcre7Xdv31ndzyzQdufHUFap7/zMx2xtgGhmfzwBSU7tbPq4yt8RVc5NzUBkwpMAx/PieUFoi9fGyCJQCmyGgqTVyUiafAaSzhnFY+Qi6acgBSBYQPsdoaZOnI0sCk89cPXZJ2WqUmMmKLxpZJwuf7eRkhocW5GJ6TyYahKQPSB5wdR3D5MqxwOTGwUxz9bIJuiK49m+lsJE3t4eFDT6Nei0WTZuLlIuOm4W6RGl3tiCOx8kQjgsG0178OX3a0SCJQPgcw2TF5cbBuMC5KcL64c3Hm9+85AumKUZXd+mWJqgSkqUl9RebMNbwrW6lph/vXxo+mk1uysIkenWzM9oaiDfyrwDElk2Tt2ic9LFUHNvjWJfJssqOg/miFzKcgEtSmn/zwbISGVOMzqZ4WMqkkqG/OHtcPIs4fx5J1AL8eGanXCZjC0pZkgeELz5ctnmnDYYRShzbW7AI8vvC8r1d2noAbzvZ/MoZzX2t27RaO5YMLrT2mgb3m5MVC09vXxxZtbrVFzFpXHyNuKcYUBAjkNyICen0USvh65iR98PgeJYJtuBIxcnm/8sT4sQWUhsVzQ2f0kSP1DQTiajEBlui93fI8wPZ/W16aqv/r5SJrgStN+yTKyA+wOKLFxNRgwpapmThC1xcKfO5cmoxhpV6aotRYFj0eN9cCVOJDAtqa+4MwKx5fH49ofB3tUTXvXDhzsLqxgRqAwhfvDgVtedGs2GPCLbIOHlhsuY4zlb/1FZtnSJEj0Ja4Lg1zTR4lAuNKy15XHLD8Bir1NScP7Em2OT8/g92iyLcOWlt8UH4YgSEL15ECh/TdP02zaxbLkb8o542ZF4p+OFrq8pqCxE9CmmBYzeVlJhWcvBoAGedFy7eWErCBK+f/R0shFiszLr78o0kl3T6KGJ8MQLCFy+srIqHJ7+gj9fpVlhqlz6SnlQsTboQ/Bq8l97T1nNhS64SosYWGw9I4ExxYK1xDHH+L74tCtfCyU/FeGQuDVvk+CSz4gu9o0VgVF8CtYx0vYPaxWoLww0Tn9PHpO+rO/dIt1a7Fsbsq+dC273YUmrY1yMONC0Gf7LyJzf9bhLOCvs1hhPTi3t2ZGXk/Gzx2gdE0ZPiiyamdm8SvxdObFhsNETYWjJ+QPhiBLtTnjcQ+Ybbb3ymrZFyd9mKM8X5svGLh9+Xn4fjgTw7r16YnVcKGk6cp9TZsaVxVWEDBkxWLMcXbWDxNtUA7rhttdcGoZQlfkD44seJqDgfWyltN2+Lm4rbiB4p8cmFC5vnDm5fFFDtUTuCwaPsqkpF0izMmYtW7qWPyYrNfGQnWo075UnUzIYxu011IXzxA8IXP4ZtEhy7P/s9vdb1LW3dBt/a460lFdmCJ4lMGIHbypuZ+/v6Ts/5llywfWMu82evWcXlfLatEd1c//1H1A8G8O5v0q2gYeKubcfGRDp9FK5uzIDwxQ8r66Lz1hUiKkz4eH4eFSF4/uDRc2O+1ZUtQMtG3xumN8+8eTHUtc0ms1/e38d2kjS77JJwMo+PfaKtGRiWl0Etg86NmKGsi8gsYv39e7T58qfaug08qj3z4/2+K2oShlD+4S2qf/X8sl7ebHifDgl2g8OSKdmwaEmDDUhNkrZh3hAfZDZeOaetGYCbG0Ng8cUTtjJ+GvXOd312hi5v3qStR1H/X/8g4ggzUeLFgpUyWHs8bXlB7fXL05S1waLj95bmBt7d8aDYo8vF1mGvHxBmdXZf+9y/cVgwAYsvnkD44smQjfBxF0fz5Fc03Wbu0y2EsMzwwgdXjUXS5G8otFMULKYhS4gyERen/Or2rrLJ6mT2XTqprRkYTqePFrYJMagqcHVjiHJ3T9u882+ff19bKxQWPL8b4v/IsXx+vD4rKZILW3Om0pFS0fKX3/UTJ6ZRV6SGMdTvlN1ctvZMbX8CQ/oSiANhN1VQ2xwnohei3mHHtU+o9caufDbGFpl54yJl3rjkZ1xNGdnZ9z81Wnt+L/AzO7T1UsOWqG85PtFD02p3t8zZz5dlinkYg8lizcPaG0WbWnyBxRdfhlWMKZLe828V/CH9vTT+2+8WkxXTc4vdGobY2NxJOefCgwroR/u19XLjZ6OffYya/rrXtzbZ0vM3QTcMY8jT2juurYDYAOGLKSq2ZPXj4x/zjiuyKJlgt3X+H9+h1K/eXZYsMMXG/AGlQlIhasZfJeDXbnxmhy+A9GdPGl9x/8fWN4gJuLnxBq5uvGHh64+a0cc8cu4d+n3XelpYES1ALGLTwpTlsEzownv6/AS29KaffZzaQkpiuOaPR8xnDx4IenMDokbh28ICuNIgwAfOnMxnxPxxJDXiDYQvxvCPz/MGWPyej/oUXJ7xRx+/RyO7zRYPBV0PPGVZe8Rs7bE7zLusZcMxvaYf7Rd3Pgv+Zv6lU/5mQrmDB5ZtevT0dqNrysy8dMpvcUtt7aK6xzcYa/vC4Pa+7ktnQo5YxgTc3PgjXd8gXlhbfZ2j52lHZzd9vFG22kjFxWae3u7H9LJh663ZYO3Vv35haV8Ndm3r9m0KTWT4mxW9JI+wD1iyFkOywFyzt5RF5n/PjtE9NTGmce8ma/f64Jl/09ZCgLWXAFKZTKHt5qBW8LyBQRurj8k0NNJvvvOnkbV9M7/5kOqzprNwJ4dkTfnW3q/e9f87u8XNhC96/+tto+j5yYcDW40JlKXXjZgKHQhwY4gAM8+8+5qf+baEM7lynxyIFRC+hOB5AxxkC1cLxeyqNvr1ge9HxvtY1GZe+ZCau1YZuzk4ATLf1BgpeBQhev6+vPs2RQoeWYheNpzNNYnfY5fO0zfP5JXx/mE6fRSdGgkAwpcQPG+gl4hetf00X3VtoN8e+GNtXSKsU8MWFqt5VRKzxLY1NL+x0x8tZdsTzDG9sCLpbMKSIhvGxuhb7/yLth7Cy+n00cPmh0GcgPAlCJXoiGxlCxhf/zD9bv93tfVS42eJz1+nVHuL34M70bEyNHYnwUmX+v/9nnHwQS5horf61m3qffufbacrk0po7LHd4hPUPhC+BOF5Ax1qDLqVy0sVFL9iyO4asSEsE1yA6BFc3OQB4UsYnjfAZk5eDbq1Kn5LMUahMFrCT4z8yWNiEoYKF70X0+mjfdoqiDUQvgTieQN9Nn282bD4jTz6pFWBc7nx44G8Q5qlW8vM732IGp9+xBiL5M6VnR++ka/o8SCIXpSvJA8IX0LxvAFuqXoun0/H2d5Xnvo+zTXL4lFO2LrjkVZcjGw9el4VSps2Aw/Yd+4MbT5vPXwgYEKJnjyKBsQaCF+C8bwB/tHuzucTcp3f23t76Wp3eXZQC/CF7vok1V+5vbQXRz5w8mLqDx8OTZLUTc1S75m38qnTy2YvRC+5oHMj2fSq0ejW4seuIJd53Ny4g17bm/+eHf7mQl/e9f+bhS01tShouX24vOFQMMLK+iLctoYy29b6s/R4L9+wfUC4XGX/mddtJynn8hOIXrKBxZdwVKY3L/ELmG9ZSW/v+g6NrX9QeywMLlRecfpTylwdzytOlw13XjStfYDmHur0S2AWtqwxxu+yaZiepe+ce89vzysQFj1MXkk4ED4HKEb8SCU+Xt++t6AR9v54q2vjS9Yfb2RUl+XWLjQ30ELX4jD6VPsKoo6VVL++o6CC6V0Xfk/bz7+bbwIjG4ieI0D4HKFY8WO+ePBhen3HPpprb9UeqyYseNs+OV2oWxsA0XMICJ9DlEL8SFmA7/bsosmu4sbZFwO7tDuuXC6F4HH2th+i5xYQPgcppNRFgstfrnZvow+6H66YFch7BW+5NUrtNz4rxqUNQMmKo0D4HMXzBniG3y9K9elZBK+v2UyfdHbTzQ3rtMcLpWHiLm29cY02THxeKrELQHGyw0D4HEZNdBnKp7fXlunONXR/xSoab1pFV77RTbMZoq9WPWC0DDs+u+7/u2Fqklrv36WuiWvUNDlRSqHL5pfp9NF+bRU4A4TPcVTcj8XvkAPfBO+41IdtIQGED/h43sBhNca+5NZfjfBLIhqEawsIwgeyUdZfv+0Y+5hwQgkerDywBIQPaHjeAO8rMViKzG8VGVWChzIVoAHhA0ZiKoAQPBAJhA9EogSwz3YbyyrxMidpMCkZ2ADhA3mhkiB9NZIFPq0y0sPYDwPkA4QPFIRKhHAd4GH1b6WywZysGIbYgWKA8IGSoNxhFsA9Wf8r1i1mi+6y2kBpBJlZUCogfKCsqO4QUmLYEfFaLHBcZ3cZ1hwoJxA+AIBz1OGUAwBcA8IHAHAOCB8AwDkgfAAA54DwAQCcA8IHAHAOCB8AwDkgfAAA54DwAQCcA8IHAHAOCB8AwDkgfAAA54DwAQCcA8IHAHAOCB8AwDkgfAAA54DwAQCcA8IHAHAOCB8AwDkgfAAA54DwAQCcA8IHAHAOCB8AwDkgfAAA54DwAQCcA8IHAHCOBhc+sOcd6SeijpzlU+n0sWHt4NK9Zi8R9eYsD6fTx05pB5f/dYfS6WOXhWP7iGiz9iSVYySdPjYivC/pM+TLOJ9j9TeXpc9fCJ53hL+vvip8V+I5LBTPO8K/h37hz0v6OrVK4oVPXai/0B4gGmUh0lZLB/9wn895tn5+P+n0sfEKvy6Li3Qx8w/4oLZaWTThM3yGovC8I6PqtYaLvOFtLvV7s8R0Dgulz/A5qiXsFcUFV3dQW1mkR1k8laS9zGILzPQQ0XNE9JLnHblchXNfa0jWHvOcsgYTTaKFT53Aw9oDX2M6+eXkoOcdMYkxqAwsgi943pER5RE4hRL9npDPXI3fRUVJusXXr6wsE7tVPKnSPO95R8IEGVQGdvNPed6RPY5931HWbuKFL+kxPht3ps8QZyo3Q/yDq3IgWUr62PBqzjGnC/yx5PPZf5aVrLBlj4pZ8c1tt+Fv+MbIll9vEYmnF/l8aqulpSRJMXWjj4rrtrNVmE4fK/dnqhqJFT4Lcz6AYxqDVRCgIN5XNWuj0B+65x3JXRqXsrMl5lQBr7F0fFY2VvICAvErNPF0uQKfv1TYxjYHKyDmVSPJrq5kgbyorBObYysBu9rHq/TaTsE3tnT62KC60ZwQPjuLX6LPhRJ/TvDk8nNtZTH5V40wUEVIpPCpEya5NoOGi7uvQpmsCW2F6KeI91UOJYC96iaYy3MJT3ZIN/hRdUOQvg/p+ESQVItPOmEn1EU/pGr4smmvUO3SoEH8hhwMsFebfuE6IMO1E3vUjV26xgNDQHJrDyX1RpA44VMn6pD2wHJLTzrJlbjgTxlep12JX+Lrp2oFFcuTyoqSan0fFmKbE8FvQcUopRCA9B3FniRafJKwjOZU60vubkUKmpXFKbkVuw3vC5T3XOTSk9AbkCRgQznJHOn7OJzE7yNRwhdizi876epkS+Ij/W056DckWZ5DR0HFkaycRIUdVAxZqnBYdqMNCQNJxkSsSZrF12cw56U2MekOeLASsTYlvIcN8b7jiPeBEiMJ14uGEi7J6kvczThpwied4ONSbZY66dLdXnqOkqNeX7qgEO8DJUPdRKWCZUngSFmBuTfkavS1l5XECF9IwbLpBJPB6qtYSYOKO/5Se2Ax3hf2vkHpSPoNRrqRnzAVXCsjQfKQpOeJLUmy+KQ7ksmc91EnXyppkJ6rLKTTx0zxvkNqjiAoE+oGp9V7mkQhboQULEfdVCWDoFp97WUhEcIX0n9okyWVTnJ/hV1NU7zvF4j3lRXpBifdhJL0+bjCIVT4lLHwsvaA/HyxJCm9utIJOWHZizqsBDI7KdKuxCj0AikVfKGpzFtu87///tQwAy1OCQpH3VCkQZyFnPPeMo0au1zkoADJY7AtmTou1MNWq6+95MRe+ELMeasTzIKi+mVzfwQVbdJm98rzjvxceB896n2gra1EKNGT3NmJAs/5QYPHUSwnCr0GVcxbqnCwej51PY4KcfN+g6DGiiS4upK1l1uwHIV0MfRUuodW9UxKmeZDGF5aGlTcdEQQBWYwQZa1dL3kFiwX8hyV6msvK7EWvpANU6QTZkSZ7lJBs/Tc5cYU73s+ydMyyglbeCx4PHJe7b8iid7L6fSxRHTOqOtEqnDI6/MpNzv3WqxUX3tZibura+o/LGRfi+OCy3xQzWirWExDud5h8b5yb1ZUq3BhdyGfe49wjeRyOmFFutKNP7TCIQQpDNQf9/bKuAufdILFguUoOBHieUdOCLGawUr/KFR85WfC7nDB8FIXLT+t7KREcPayr8ibyc9VmKLqqJi3FG+Uwjk2SMLXE/cJzbF1dUP6D4s5GdLfVmXXKeV2SSUF2KyoNLBn8LN0+tjhhFnQ0rVhLFiOogb62stCnGN8UvytUHPex9CkbXqtStBneD/YrKhwJtTE4c1JiekFqBu0VMa1YrsAAAQxSURBVOEg3dDzQRLTivS1l4tYCl9I/2EpLmTpOaoifFnDDCSGXNwasQAmVKacWwN/mE4f62C3NKFxUuk6jSxYjqLafe3lIK4xPukLZ8uoowSZT8lirNquUyr2GBbvc6Wz4+kod03VY/40Z9kfq1TEDmpxQnI/T5WoGmBEMDZiW9AcO+ELMed7DJnQUlG1XafYJVNWbu7n9jcrUv2+zsPfg2G/lSG1fWRis+EhQzoOCR0YpaTP4ArXNHF0dav1I6/2rlOmYQbYrGg5ktWzO6kj1LOo1u+i0n3tJQHCF5PXVtZKn1BQStis6GuUS/sz7YHFG0Qiy4AMVm6laA+JQ9cssRI+Q/9hJanqrlPqRy2JL4aXZqGytVIwfjih35F0TVSS2FnTcYvxSV/wCUPDeSmQ4iYVL2jOhhMs6g6vxftURjr2kzNKxGH1XeRO3UnUwIeQXQVfLOO1IBU098ZpjmFshC+k/7CvXFkl1dv5Qs6yv+tUlQPl/Sqbm+vePGeIAzqHav3jG9RLOZ/dH/CaoBo+ydrjEpay3ZxVWCVXbAfj1FEUJ1dXsvZeLmcqPaRJW7rYKkbEZkXVivXUHGpCj9R1MJiEGkjbXQXLgHTTOBin7zQWwhfSfyidgFIjvYZ0sVWUkM2KwHL6he6X9gIHWdQaUsy70CEd1iiXVvIsYhPri4vFJ32hoxWKKUjCVxO7ToVsVgS+/o7GDTeI3QnoeZY8j4KGdBSA9LuoSl97IdR8jE99kVIwuiIXrYoVvSgkE/prYSe0kKJd8PV3ZJpuzT3PwyXo6uDnkcbYl5JlnSshBcuV2i5hSN04pAnNNX9DiYPF1y+Z8xVuH5NOZC3tOmWK9wGFGhsluWdxLXGRrNiihnQUgPQblKzQmiMOwiedYMnMLhshTdrSe6s46v1JVjFYjnSD6InbUM0idxUsJdLm4+1x2Hy8poUvxJyvxoUqvWbFNh+PQrlBP484zGnUDUKy3p+LWdufJCy2uwqWjDhvPl7rMb49gqU1Uo0aOk4keN6Rl4Wd93sNJr9kJZb1fbM7p4Q4V4xL/bq5n6vUP7iyfXdq4MNmYapNn+FHnMu48N4qQfbn3yy8B0nQK8GgcL1RpbdsyJdUJpOp1fcGAABlIQnbSwIAQF5A+AAAzgHhAwA4B4QPAOAcED4AgHNA+AAAzgHhAwA4B4QPAOAcED4AgHNA+AAAzgHhAwA4B4QPAOAcED4AgHNA+AAAzgHhAwA4B4QPAOAcED4AgHNA+AAAzgHhAwA4B4QPAOAcED4AgHNA+AAAzgHhAwA4B4QPAOAcED4AgHNA+AAAzgHhAwA4B4QPAOAcED4AgHNA+AAAzgHhAwA4B4QPAOAcED4AgHNA+AAAzgHhAwA4B4QPAOAcED4AgHNA+AAAzgHhAwA4B4QPAOAcED4AgHNA+AAAbkFE/wE3LmoBviFqiAAAAABJRU5ErkJggg== + mediatype: image/png + install: + spec: + clusterPermissions: + - rules: + - nonResourceURLs: + - /addressgroups + - /agentinfo + - /appliedtogroups + - /networkpolicies + - /ovsflows + - /ovstracing + - /podinterfaces + verbs: + - get + - apiGroups: + - "" + resources: + - endpoints + - pods + verbs: + - delete + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - create + - delete + - get + - update + - apiGroups: + - authentication.k8s.io + resources: + - subjectaccessreviews + - tokenreviews + verbs: + - create + - apiGroups: + - clusterinformation.antrea.tanzu.vmware.com + resources: + - antreaagentinfos + - antreacontrollerinfos + verbs: + - create + - delete + - get + - list + - update + - apiGroups: + - config.openshift.io + resources: + - clusteroperators + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - config.openshift.io + resources: + - clusteroperators/status + verbs: + - get + - patch + - update + - apiGroups: + - config.openshift.io + resources: + - networks + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - config.openshift.io + resources: + - networks/finalizers + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.antrea.tanzu.vmware.com + resources: + - addressgroups + - appliedtogroups + - networkpolicies + verbs: + - delete + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - get + - list + - watch + - apiGroups: + - operator.antrea.vmware.com + resources: + - antreainstalls + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - operator.antrea.vmware.com + resources: + - antreainstalls/status + verbs: + - get + - patch + - update + - apiGroups: + - operator.openshift.io + resources: + - networks + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - ops.antrea.tanzu.vmware.com + resources: + - traceflows + - traceflows/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - security.antrea.tanzu.vmware.com + resources: + - clusternetworkpolicies + verbs: + - delete + - get + - list + - watch + - apiGroups: + - system.antrea.tanzu.vmware.com + resources: + - agentinfos + - controllerinfos + - supportbundles + - supportbundles/download + verbs: + - delete + - get + - list + - post + - watch + serviceAccountName: antrea-operator + deployments: + - name: antrea-operator + spec: + replicas: 1 + selector: + matchLabels: + name: antrea-operator + strategy: {} + template: + metadata: + labels: + name: antrea-operator + spec: + containers: + - args: + - --enable-leader-election + command: + - antrea-operator + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: antrea-operator + image: caorui/antrea-operator:v0.0.1 + imagePullPolicy: IfNotPresent + name: antrea-operator + resources: {} + hostNetwork: true + serviceAccountName: antrea-operator + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node.kubernetes.io/not-ready + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: antrea-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: true + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - networking + - security + links: + - name: Antrea Operator For Kubernetes + url: https://github.com/vmware/antrea-operator-for-kubernetes + maintainers: + - email: projectantrea-maintainers@googlegroups.com + name: Project Antrea Maintainers + maturity: alpha + provider: + name: antrea.io + version: 0.0.1 diff --git a/packagemanifests/0.0.1/operator.antrea.vmware.com_antreainstalls.yaml b/packagemanifests/0.0.1/operator.antrea.vmware.com_antreainstalls.yaml new file mode 100644 index 000000000..412a4ce5b --- /dev/null +++ b/packagemanifests/0.0.1/operator.antrea.vmware.com_antreainstalls.yaml @@ -0,0 +1,92 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + name: antreainstalls.operator.antrea.vmware.com +spec: + group: operator.antrea.vmware.com + names: + kind: AntreaInstall + listKind: AntreaInstallList + plural: antreainstalls + singular: antreainstall + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: AntreaInstall is the Schema for the antreainstalls API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AntreaInstallSpec defines the desired state of AntreaInstall + properties: + antreaAgentConfig: + description: AntreaAgentConfig holds the configurations for antrea-agent. + type: string + antreaCNIConfig: + description: AntreaCNIConfig holds the configuration of CNI. + type: string + antreaControllerConfig: + description: AntreaControllerConfig holds the configurations for antrea-controller. + type: string + antreaImage: + description: AntreaImage is the Docker image name used by antrea-agent and antrea-controller. + type: string + required: + - antreaAgentConfig + - antreaCNIConfig + - antreaControllerConfig + type: object + status: + description: AntreaInstallStatus defines the observed state of AntreaInstall + properties: + conditions: + description: Conditions describes the state of Antrea installation. + items: + description: ClusterOperatorStatusCondition represents the state of the operator's managed and monitored components. + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update to the current status property. + format: date-time + type: string + message: + description: message provides additional information about the current condition. This is only to be consumed by humans. + type: string + reason: + description: reason is the CamelCase reason for the condition's current status. + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the aspect reported by this condition. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/packagemanifests/antrea-operator-for-kubernetes.package.yaml b/packagemanifests/antrea-operator-for-kubernetes.package.yaml new file mode 100644 index 000000000..829c6d326 --- /dev/null +++ b/packagemanifests/antrea-operator-for-kubernetes.package.yaml @@ -0,0 +1,5 @@ +channels: +- currentCSV: antrea-operator-for-kubernetes.v0.0.1 + name: alpha +defaultChannel: alpha +packageName: antrea-operator-for-kubernetes diff --git a/pkg/apis/addtoscheme_operator_v1.go b/pkg/apis/addtoscheme_operator_v1.go deleted file mode 100644 index 92d8f8cf7..000000000 --- a/pkg/apis/addtoscheme_operator_v1.go +++ /dev/null @@ -1,13 +0,0 @@ -/* Copyright © 2020 VMware, Inc. All Rights Reserved. - SPDX-License-Identifier: Apache-2.0 */ - -package apis - -import ( - v1 "github.com/vmware/antrea-operator-for-kubernetes/pkg/apis/operator/v1" -) - -func init() { - // Register the types with the Scheme so the components can map objects to GroupVersionKinds and back - AddToSchemes = append(AddToSchemes, v1.SchemeBuilder.AddToScheme) -} diff --git a/pkg/apis/apis.go b/pkg/apis/apis.go deleted file mode 100644 index 31cee91b9..000000000 --- a/pkg/apis/apis.go +++ /dev/null @@ -1,16 +0,0 @@ -/* Copyright © 2020 VMware, Inc. All Rights Reserved. - SPDX-License-Identifier: Apache-2.0 */ - -package apis - -import ( - "k8s.io/apimachinery/pkg/runtime" -) - -// AddToSchemes may be used to add all resources defined in the project to a Scheme -var AddToSchemes runtime.SchemeBuilder - -// AddToScheme adds all Resources to the Scheme -func AddToScheme(s *runtime.Scheme) error { - return AddToSchemes.AddToScheme(s) -} diff --git a/pkg/apis/operator/group.go b/pkg/apis/operator/group.go deleted file mode 100644 index 1e9806c44..000000000 --- a/pkg/apis/operator/group.go +++ /dev/null @@ -1,9 +0,0 @@ -// Copyright © 2020 VMware, Inc. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Package operator contains operator API versions. -// -// This file ensures Go source parsers acknowledge the operator package -// and any child packages. It can be removed if any other Go source files are -// added to this package. -package operator diff --git a/pkg/apis/operator/v1/doc.go b/pkg/apis/operator/v1/doc.go deleted file mode 100644 index e91616be2..000000000 --- a/pkg/apis/operator/v1/doc.go +++ /dev/null @@ -1,7 +0,0 @@ -// Copyright © 2020 VMware, Inc. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// Package v1 contains API Schema definitions for the operator v1 API group -// +k8s:deepcopy-gen=package,register -// +groupName=operator.antrea.vmware.com -package v1 diff --git a/pkg/apis/operator/v1/register.go b/pkg/apis/operator/v1/register.go deleted file mode 100644 index a66549454..000000000 --- a/pkg/apis/operator/v1/register.go +++ /dev/null @@ -1,22 +0,0 @@ -// Copyright © 2020 VMware, Inc. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// NOTE: Boilerplate only. Ignore this file. - -// Package v1 contains API Schema definitions for the operator v1 API group -// +k8s:deepcopy-gen=package,register -// +groupName=operator.antrea.vmware.com -package v1 - -import ( - "k8s.io/apimachinery/pkg/runtime/schema" - "sigs.k8s.io/controller-runtime/pkg/scheme" -) - -var ( - // SchemeGroupVersion is group version used to register these objects - SchemeGroupVersion = schema.GroupVersion{Group: "operator.antrea.vmware.com", Version: "v1"} - - // SchemeBuilder is used to add go types to the GroupVersionKind scheme - SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion} -) diff --git a/pkg/controller/add_configmap.go b/pkg/controller/add_configmap.go deleted file mode 100644 index da49defb9..000000000 --- a/pkg/controller/add_configmap.go +++ /dev/null @@ -1,13 +0,0 @@ -/* Copyright © 2020 VMware, Inc. All Rights Reserved. - SPDX-License-Identifier: Apache-2.0 */ - -package controller - -import ( - "github.com/vmware/antrea-operator-for-kubernetes/pkg/controller/config" -) - -func init() { - // AddToManagerFuncs is a list of functions to create controllers and add them to a manager. - AddToManagerFuncs = append(AddToManagerFuncs, config.Add) -} diff --git a/pkg/controller/add_pod.go b/pkg/controller/add_pod.go deleted file mode 100644 index 5965ed9a4..000000000 --- a/pkg/controller/add_pod.go +++ /dev/null @@ -1,13 +0,0 @@ -/* Copyright © 2020 VMware, Inc. All Rights Reserved. - SPDX-License-Identifier: Apache-2.0 */ - -package controller - -import ( - "github.com/vmware/antrea-operator-for-kubernetes/pkg/controller/pod" -) - -func init() { - // AddToManagerFuncs is a list of functions to create controllers and add them to a manager. - AddToManagerFuncs = append(AddToManagerFuncs, pod.Add) -} diff --git a/pkg/controller/controller.go b/pkg/controller/controller.go deleted file mode 100644 index b12b2a948..000000000 --- a/pkg/controller/controller.go +++ /dev/null @@ -1,29 +0,0 @@ -/* Copyright © 2020 VMware, Inc. All Rights Reserved. - SPDX-License-Identifier: Apache-2.0 */ - -package controller - -import ( - "sigs.k8s.io/controller-runtime/pkg/manager" - - "github.com/openshift/cluster-network-operator/pkg/controller/statusmanager" - - "github.com/vmware/antrea-operator-for-kubernetes/pkg/controller/sharedinfo" - "github.com/vmware/antrea-operator-for-kubernetes/pkg/types" - "github.com/vmware/antrea-operator-for-kubernetes/version" -) - -// AddToManagerFuncs is a list of functions to add all Controllers to the Manager -var AddToManagerFuncs []func(manager.Manager, *statusmanager.StatusManager, *sharedinfo.SharedInfo) error - -// AddToManager adds all Controllers to the Manager -func AddToManager(m manager.Manager) error { - s := statusmanager.New(m.GetClient(), m.GetRESTMapper(), types.AntreaClusterOperatorName, version.Version) - sharedInfo := sharedinfo.New() - for _, f := range AddToManagerFuncs { - if err := f(m, s, sharedInfo); err != nil { - return err - } - } - return nil -} diff --git a/pkg/controller/pod/pod_controller.go b/pkg/controller/pod/pod_controller.go deleted file mode 100644 index 8ab5a5632..000000000 --- a/pkg/controller/pod/pod_controller.go +++ /dev/null @@ -1,147 +0,0 @@ -/* Copyright © 2020 VMware, Inc. All Rights Reserved. - SPDX-License-Identifier: Apache-2.0 */ - -package pod - -import ( - "context" - "fmt" - "time" - - "github.com/openshift/cluster-network-operator/pkg/apply" - "github.com/openshift/cluster-network-operator/pkg/controller/statusmanager" - appsv1 "k8s.io/api/apps/v1" - apierrors "k8s.io/apimachinery/pkg/api/errors" - uns "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "k8s.io/apimachinery/pkg/runtime" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/controller" - "sigs.k8s.io/controller-runtime/pkg/handler" - logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/reconcile" - "sigs.k8s.io/controller-runtime/pkg/source" - - "github.com/vmware/antrea-operator-for-kubernetes/pkg/controller/sharedinfo" -) - -var log = logf.Log.WithName("controller_pod") - -// The periodic resync interval. -// We will re-run the reconciliation logic, even if the NCP configuration -// hasn't changed. -var ResyncPeriod = 2 * time.Minute - -// Add creates a new Pod Controller and adds it to the Manager. The Manager will set fields on the Controller -// and Start it when the Manager is Started. -func Add(mgr manager.Manager, status *statusmanager.StatusManager, sharedInfo *sharedinfo.SharedInfo) error { - return add(mgr, newReconciler(mgr, status, sharedInfo)) -} - -// newReconciler returns a new reconcile.Reconciler -func newReconciler(mgr manager.Manager, status *statusmanager.StatusManager, sharedInfo *sharedinfo.SharedInfo) reconcile.Reconciler { - return &ReconcilePod{client: mgr.GetClient(), scheme: mgr.GetScheme(), status: status, sharedInfo: sharedInfo} -} - -// add adds a new Controller to mgr with r as the reconcile.Reconciler -func add(mgr manager.Manager, r reconcile.Reconciler) error { - // Create a new controller - c, err := controller.New("pod-controller", mgr, controller.Options{Reconciler: r}) - if err != nil { - return err - } - - // Watch for changes to primary resource Pod - err = c.Watch(&source.Kind{Type: &appsv1.DaemonSet{}}, &handler.EnqueueRequestForObject{}) - if err != nil { - return err - } - - // Watch for changes to primary resource Pod - err = c.Watch(&source.Kind{Type: &appsv1.Deployment{}}, &handler.EnqueueRequestForObject{}) - if err != nil { - return err - } - - return nil -} - -// blank assignment to verify that ReconcilePod implements reconcile.Reconciler -var _ reconcile.Reconciler = &ReconcilePod{} - -// ReconcilePod reconciles a Pod object -type ReconcilePod struct { - client client.Client - scheme *runtime.Scheme - status *statusmanager.StatusManager - sharedInfo *sharedinfo.SharedInfo -} - -// Reconcile updates the ClusterOperator.Status to match the current state of the watched Deployments/DaemonSets -func (r *ReconcilePod) Reconcile(request reconcile.Request) (reconcile.Result, error) { - reqLogger := log.WithValues("Request.Namespace", request.Namespace, "Request.Name", request.Name) - reqLogger.Info("Reconciling pod update") - - if !r.isAntreaResource(&request) { - return reconcile.Result{}, nil - } - r.status.SetFromPods() - - if err := r.recreateResourceIfNotExist(&request); err != nil { - return reconcile.Result{Requeue: true}, err - } - - return reconcile.Result{RequeueAfter: ResyncPeriod}, nil -} - -func (r *ReconcilePod) isAntreaResource(request *reconcile.Request) bool { - if r.sharedInfo.AntreaAgentDaemonSetSpec != nil { - if request.Name == r.sharedInfo.AntreaAgentDaemonSetSpec.GetName() && request.Namespace == r.sharedInfo.AntreaAgentDaemonSetSpec.GetNamespace() { - return true - } - } - if r.sharedInfo.AntreaControllerDeploymentSpec != nil { - if request.Name == r.sharedInfo.AntreaControllerDeploymentSpec.GetName() && request.Namespace == r.sharedInfo.AntreaControllerDeploymentSpec.GetNamespace() { - return true - } - } - return false -} - -func (r *ReconcilePod) recreateResourceIfNotExist(request *reconcile.Request) error { - r.sharedInfo.Lock() - defer r.sharedInfo.Unlock() - var curObject runtime.Object - var objectSpec *uns.Unstructured - if request.Name == r.sharedInfo.AntreaAgentDaemonSetSpec.GetName() && request.Namespace == r.sharedInfo.AntreaAgentDaemonSetSpec.GetNamespace() { - curObject = &appsv1.DaemonSet{} - objectSpec = r.sharedInfo.AntreaAgentDaemonSetSpec.DeepCopy() - } else { - curObject = &appsv1.Deployment{} - objectSpec = r.sharedInfo.AntreaControllerDeploymentSpec.DeepCopy() - } - err := r.client.Get(context.TODO(), request.NamespacedName, curObject) - if err != nil { - if apierrors.IsNotFound(err) { - log.Info(fmt.Sprintf("K8s resource - '%s' dose not exist", request.Name)) - } else { - log.Error(err, fmt.Sprintf("Could not retrieve K8s resource - '%s'", request.Name)) - r.status.SetDegraded(statusmanager.OperatorConfig, "ApplyObjectsError", fmt.Sprintf("Failed to apply objects: %v", err)) - return err - } - } else { - log.Info(fmt.Sprintf("K8s resource - '%s' already exists", request.Name)) - return nil - } - if err = apply.ApplyObject(context.TODO(), r.client, objectSpec); err != nil { - log.Error( - err, fmt.Sprintf("could not apply (%s) %s/%s", - objectSpec.GroupVersionKind(), objectSpec.GetNamespace(), objectSpec.GetName())) - r.status.SetDegraded( - statusmanager.OperatorConfig, "ApplyOperatorConfig", - fmt.Sprintf("Failed to apply operator configuration: %v", err)) - return err - } - log.Info(fmt.Sprintf("Recreated K8s resource: %s", request.Name)) - return nil -} diff --git a/tools.go b/tools.go deleted file mode 100644 index 47b48afa6..000000000 --- a/tools.go +++ /dev/null @@ -1,8 +0,0 @@ -// Copyright © 2020 VMware, Inc. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// +build tools - -// Place any runtime dependencies as imports in this file. -// Go modules will be forced to download and install them. -package tools