antrea
antrea copied to clipboard
antrea-io
LabelIdentity replication for MCS
This PR is the first part of the mutli-cluster stretched network policy implementation. In order to enforce policy globally based on label selections, Antrea MC Service needs to inform each member cluster of all Pod + Namespace label combinations in the ClusterSet. Each unique Pod + Namespace label combination is defined as labelidentity, which is a normalized string calculated base on Pod's own labels and its Namespace labels.
A couple of new controllers and CRDs are added, namely:
- A
label_identity_controllerin each member cluster, which watches Pod and Namespace events, and updates the ResourceExport of typelabelidentityfor the cluster with all label identities in the cluster. - A
label_identity_export_controllerin the leader cluster, which watches for ResourceExports of typelabelidentityfrom all member clusters, dedups the label identities and assigns a unique id for each for them. It also creates anLabelIdentityImportCRD object for each suchlabelidentityand id combination in the leader cluster. - A
label_identity_export_controllerin each member cluster, which watches forLabelIdentityImportevents in the leader, and creates aLabelIdentityCRD object in each member cluster for eachLabelIdentityImport.
Signed-off-by: Yang Ding [email protected]
Codecov Report
Merging #3664 (604667e) into main (e7486d5) will increase coverage by
0.57%. The diff coverage is73.02%.
:exclamation: Current head 604667e differs from pull request most recent head 4e0ea62. Consider uploading reports for the commit 4e0ea62 to get more accurate results
@@ Coverage Diff @@
## main #3664 +/- ##
==========================================
+ Coverage 62.24% 62.81% +0.57%
==========================================
Files 385 388 +3
Lines 54513 55115 +602
==========================================
+ Hits 33929 34622 +693
+ Misses 18105 17981 -124
- Partials 2479 2512 +33
| Flag | Coverage Δ | |
|---|---|---|
| e2e-tests | 39.59% <ø> (?) |
|
| integration-tests | 34.43% <12.00%> (-0.72%) |
:arrow_down: |
| kind-e2e-tests | 49.16% <ø> (+1.02%) |
:arrow_up: |
| unit-tests | 44.09% <66.23%> (+0.25%) |
:arrow_up: |
| Impacted Files | Coverage Δ | |
|---|---|---|
| multicluster/cmd/multicluster-controller/leader.go | 0.00% <0.00%> (ø) |
|
| multicluster/cmd/multicluster-controller/member.go | 0.00% <0.00%> (ø) |
|
| ...uster/controllers/multicluster/stale_controller.go | 66.66% <59.70%> (-2.44%) |
:arrow_down: |
| ...s/multicluster/label_identity_export_controller.go | 72.92% <72.92%> (ø) |
|
| ...lers/multicluster/commonarea/remote_common_area.go | 72.60% <75.00%> (+0.21%) |
:arrow_up: |
| ...uster/commonarea/labelidentityimport_controller.go | 75.30% <75.30%> (ø) |
|
| ...trollers/multicluster/label_identity_controller.go | 81.72% <81.72%> (ø) |
|
| ...lticluster/commonarea/resourceimport_controller.go | 81.54% <88.88%> (+0.50%) |
:arrow_up: |
| ...trollers/multicluster/resourceexport_controller.go | 78.87% <88.88%> (-1.18%) |
:arrow_down: |
| ...icluster/controllers/multicluster/common/helper.go | 92.72% <100.00%> (+0.72%) |
:arrow_up: |
| ... and 36 more |
@Dyanngg Could you check the github checks and fix them? some builds are failed. Please update the commit and summery of this PR to provide some info about what does this PR do. thanks.
This pull request introduces 1 alert when merging 82c1d29e798fe8b636b8ac96fb01354ef3051692 into 5b9cde5b77b99be3b660f5ddc6ab2f06679c23da - view on LGTM.com
new alerts:
- 1 for Useless assignment to local variable
![lgtm-com[bot] avatar](https://avatars.githubusercontent.com/in/17324?v=4 "Published by a pub.dev verified publisher"){kind=small}
Have not read the code yet. A typo in commit description:
which is a normalized string calculated base on Pod's own labels and its Namespace labels.
based -> base
And good to change "id" to "ID".
