Skip to content

Commit

Permalink
Add BGPPolicy API
Browse files Browse the repository at this point in the history 
Signed-off-by: Hongliang Liu <[email protected]>
  • Loading branch information
@hongliangl
hongliangl committed Mar 26, 2024
1 parent df82b76 commit c279227
Show file tree
Hide file tree
Showing 24 changed files with 1,860 additions and 11 deletions.
3 changes: 3 additions & 0 deletions build/charts/antrea/conf/antrea-agent.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,9 @@ featureGates:
# Enable L7FlowExporter on Pods and Namespaces to export the application layer flows such as HTTP flows.
{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "L7FlowExporter" "default" false) }}

# Allow usesrs to advertise Service IPs, Pod IPs, and Egress IPs to external BGP peers.
{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "BGPPolicy" "default" false) }}

# Name of the OpenVSwitch bridge antrea-agent will create and use.
# Make sure it doesn't conflict with your existing OpenVSwitch bridges.
ovsBridge: {{ .Values.ovs.bridgeName | quote }}
Expand Down
139 changes: 139 additions & 0 deletions build/charts/antrea/crds/bgppolicy.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,139 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: bgppolicies.crd.antrea.io
spec:
group: crd.antrea.io
versions:
- name: v1alpha2
served: true
storage: true
schema:
openAPIV3Schema:
type: object
required:
- spec
properties:
spec:
type: object
required:
- nodeSelector
- localASN
- advertisements
- bgpPeers
properties:
nodeSelector:
type: object
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
enum:
- In
- NotIn
- Exists
- DoesNotExist
type: string
values:
items:
type: string
pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$"
type: array
type: object
type: array
matchLabels:
x-kubernetes-preserve-unknown-fields: true
localASN:
type: integer
minimum: 64512
maximum: 65535
format: int32
listenPort:
type: integer
minimum: 1
maximum: 65535
format: int32
default: 179
advertisements:
type: object
anyOf:
- required: [services]
- required: [pods]
- required: [egressIPs]
properties:
services:
type: array
items:
type: object
anyOf:
- required: [ clusterIPs ]
- required: [ externalIPs ]
- required: [ loadBalancerIPs ]
properties:
clusterIPs:
type: boolean
default: false
externalIPs:
type: boolean
default: false
loadBalancerIPs:
type: boolean
default: false
pods:
type: array
items:
type: object
properties: {}
egressIPs:
type: boolean
default: false
bgpPeers:
type: array
items:
type: object
required:
- address
- asn
properties:
address:
type: string
format: cidr
port:
type: integer
default: 179
format: int32
minimum: 1
maximum: 65535
asn:
type: integer
minimum: 1
maximum: 65535
format: int32
password:
type: string
gracefulRestartTime:
type: integer
default: 120
format: int32
minimum: 1
maximum: 3600
additionalPrinterColumns:
- description: Local BGP ASN.
jsonPath: .spec.localASN
name: Local ASN
type: integer
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
subresources:
status: {}
scope: Cluster
names:
plural: bgppolicies
singular: bgppolicy
kind: BGPPolicy
shortNames:
- bp
6 changes: 6 additions & 0 deletions build/charts/antrea/templates/agent/bgp-secret.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: v1
kind: Secret
metadata:
name: antrea-bgp-passwords
namespace: {{ .Release.Namespace }}
type: Opaque
9 changes: 9 additions & 0 deletions build/charts/antrea/templates/agent/clusterrole.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -227,3 +227,12 @@ rules:
- create
- patch
- update
- apiGroups:
- ""
resources:
- secrets
resourceNames:
- antrea-bgp-passwords
verbs:
- get
- watch
166 changes: 164 additions & 2 deletions build/yamls/antrea-aks.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -300,6 +300,148 @@ spec:
shortNames:
- aci

---
# Source: crds/bgppolicy.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: bgppolicies.crd.antrea.io
spec:
group: crd.antrea.io
versions:
- name: v1alpha2
served: true
storage: true
schema:
openAPIV3Schema:
type: object
required:
- spec
properties:
spec:
type: object
required:
- nodeSelector
- localASN
- advertisements
- bgpPeers
properties:
nodeSelector:
type: object
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
enum:
- In
- NotIn
- Exists
- DoesNotExist
type: string
values:
items:
type: string
pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$"
type: array
type: object
type: array
matchLabels:
x-kubernetes-preserve-unknown-fields: true
localASN:
type: integer
minimum: 64512
maximum: 65535
format: int32
listenPort:
type: integer
minimum: 1
maximum: 65535
format: int32
default: 179
advertisements:
type: object
anyOf:
- required: [services]
- required: [pods]
- required: [egressIPs]
properties:
services:
type: array
items:
type: object
anyOf:
- required: [ clusterIPs ]
- required: [ externalIPs ]
- required: [ loadBalancerIPs ]
properties:
clusterIPs:
type: boolean
default: false
externalIPs:
type: boolean
default: false
loadBalancerIPs:
type: boolean
default: false
pods:
type: array
items:
type: object
properties: {}
egressIPs:
type: boolean
default: false
bgpPeers:
type: array
items:
type: object
required:
- address
- asn
properties:
address:
type: string
format: cidr
port:
type: integer
default: 179
format: int32
minimum: 1
maximum: 65535
asn:
type: integer
minimum: 1
maximum: 65535
format: int32
password:
type: string
gracefulRestartTime:
type: integer
default: 120
format: int32
minimum: 1
maximum: 3600
additionalPrinterColumns:
- description: Local BGP ASN.
jsonPath: .spec.localASN
name: Local ASN
type: integer
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
subresources:
status: {}
scope: Cluster
names:
plural: bgppolicies
singular: bgppolicy
kind: BGPPolicy
shortNames:
- bp

---
# Source: crds/clustergroup.yaml
apiVersion: apiextensions.k8s.io/v1
Expand Down Expand Up @@ -5394,6 +5536,14 @@ metadata:
labels:
app: antrea
---
# Source: antrea/templates/agent/bgp-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: antrea-bgp-passwords
namespace: kube-system
type: Opaque
---
# Source: antrea/templates/agent/secret.yaml
apiVersion: v1
kind: Secret
Expand Down Expand Up @@ -5514,6 +5664,9 @@ data:
# Enable L7FlowExporter on Pods and Namespaces to export the application layer flows such as HTTP flows.
# L7FlowExporter: false
# Allow usesrs to advertise Service IPs, Pod IPs, and Egress IPs to external BGP peers.
# BGPPolicy: false
# Name of the OpenVSwitch bridge antrea-agent will create and use.
# Make sure it doesn't conflict with your existing OpenVSwitch bridges.
ovsBridge: "br-int"
Expand Down Expand Up @@ -6202,6 +6355,15 @@ rules:
- create
- patch
- update
- apiGroups:
- ""
resources:
- secrets
resourceNames:
- antrea-bgp-passwords
verbs:
- get
- watch
---
# Source: antrea/templates/antctl/clusterrole.yaml
kind: ClusterRole
Expand Down Expand Up @@ -6810,7 +6972,7 @@ spec:
kubectl.kubernetes.io/default-container: antrea-agent
# Automatically restart Pods with a RollingUpdate if the ConfigMap changes
# See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
checksum/config: 30843b57762c91dfcffb560917191e3bc7e662c06552759bac2a173bc060b82c
checksum/config: cb2759de70210f84d538d2f13cd3848145c5b49fc7fa62a01928391fc3b0c058
labels:
app: antrea
component: antrea-agent
Expand Down Expand Up @@ -7048,7 +7210,7 @@ spec:
annotations:
# Automatically restart Pod if the ConfigMap changes
# See https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments
checksum/config: 30843b57762c91dfcffb560917191e3bc7e662c06552759bac2a173bc060b82c
checksum/config: cb2759de70210f84d538d2f13cd3848145c5b49fc7fa62a01928391fc3b0c058
labels:
app: antrea
component: antrea-controller
Expand Down
Loading

0 comments on commit c279227

Please sign in to comment.