antrea
antrea copied to clipboard
antrea-io
Add support for updating ANP realization state
Describe what you are trying to do
Currently Antrea Controller only supports rule realization success. There could be cases like agent realized the rule and later upon agent restart or system reboot, agent fails to realize the rule. There isn't a way for agent to remove the realization which was reported as success earlier. For Nephe, we need this functionality.
Having offline discussed with @tnqn, a proposal to resolve this issue is to expand the existing controlplane API NetworkPolicyNodeStatus(https://github.com/antrea-io/antrea/blob/main/pkg/apis/controlplane/types.go#L385) with two additional fields: Realized and Message. For Nephe use case, Realized should be set with false when an ANP Node status is expected to be reverted from successfully realized or to be reported with a failure, and set the Message if needed, the Message can be appended to the Condition message of the ANP CRD status. To be compatible with the older Controller versions, Realized uses type "*bool", and it means the ANP is realized successfully on the current Node if Realized==nil.
@jianjuns Would share your thought?
The approach sounds good to me. Should we use "RealizationFailure" instead, if it is not set when no error?
The approach sounds good to me. Should we use "RealizationFailure" instead, if it is not set when no error?
If my understanding is correct, you mean we merge the Realized and Message into one string field RealizationFailure, and Nephe should set this field with failure message when the realization is failed. I would implement with this solution.
I thought about merging to one string field. But I am not sure that is the right way. It sounds implicit to indicate failure with an error message. Or maybe we can use a struct with a message string? Do we always have an error message?