Skip to content

Commit

Permalink
Add TrafficControl API
Browse files Browse the repository at this point in the history 
TrafficControl is a feature which allows mirroring or redirecting the
traffic Pods send or receive. It enables users to monitor and analyze
Pod traffic, and to enforce custom network protections for Pods with
fine-grained control over network traffic.

This patch adds types and CRD for TrafficControl API.

Examples:

1. Mirror Pods (web=app) ingress traffic to a VXLAN tunnel
```
apiVersion: crd.antrea.io/v1alpha2
kind: TrafficControl
metadata:
  name: mirror-web-app
spec:
  appliedTo:
    podSelector:
      matchLabels:
        app: web
  direction: Ingress
  action: Mirror
  targetPort:
    name: vxlan0
    tunnel:
      type: VXLAN
      remoteIP: 1.1.1.1
```

2. Redirect Pods (web=app) traffic in both direction to OVS internal
port firewall0 and expect the traffic to re-enter OVS via another OVS
internal port firewall1 if they are not dropped.
```
apiVersion: crd.antrea.io/v1alpha2
kind: TrafficControl
metadata:
  name: redirect
spec:
  appliedTo:
    podSelector:
      matchLabels:
        role: web
  direction: Ingress
  action: Redirect
  targetPort:
    name: firewall0
    local:
      internal: true
  returnPort:
    name: firewall1
    local:
      internal: true
```

For #3324

Signed-off-by: Quan Tian <qtian@vmware.com>
  • Loading branch information
@tnqn
tnqn committed Apr 15, 2022
1 parent ba8210c commit 762ab2c
Show file tree
Hide file tree
Showing 19 changed files with 2,111 additions and 6 deletions.
224 changes: 224 additions & 0 deletions build/yamls/antrea-aks.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2055,6 +2055,230 @@ spec:
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
app: antrea
name: trafficcontrols.crd.antrea.io
spec:
group: crd.antrea.io
names:
kind: TrafficControl
plural: trafficcontrols
shortNames:
- tc
singular: trafficcontrol
scope: Cluster
versions:
- additionalPrinterColumns:
- description: Specifies the direction of traffic that should be matched.
jsonPath: .spec.direction
name: Direction
type: string
- description: Specifies the action that should be taken for the traffic.
jsonPath: .spec.action
name: Action
type: string
- description: Specifies the port to which the traffic should be redirected or
mirrored.
jsonPath: .spec.targetPort.name
name: TargetPort
type: string
- description: Specifies the port from which the the traffic will be sent back
to OVS.
jsonPath: .spec.returnPort.name
name: ReturnPort
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha2
schema:
openAPIV3Schema:
properties:
spec:
properties:
action:
enum:
- Mirror
- Redirect
type: string
appliedTo:
properties:
namespaceSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
enum:
- In
- NotIn
- Exists
- DoesNotExist
type: string
values:
items:
pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$
type: string
type: array
type: object
type: array
matchLabels:
x-kubernetes-preserve-unknown-fields: true
type: object
podSelector:
properties:
matchExpressions:
items:
properties:
key:
type: string
operator:
enum:
- In
- NotIn
- Exists
- DoesNotExist
type: string
values:
items:
pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$
type: string
type: array
type: object
type: array
matchLabels:
x-kubernetes-preserve-unknown-fields: true
type: object
type: object
direction:
enum:
- Ingress
- Egress
- Both
type: string
returnPort:
oneOf:
- required:
- local
- required:
- tunnel
- required:
- erspan
properties:
local:
properties:
internal:
type: boolean
required:
- internal
type: object
name:
type: string
tunnel:
properties:
remoteIP:
oneOf:
- format: ipv4
- format: ipv6
type: string
tunnelID:
type: integer
type:
enum:
- VXLAN
- GENEVE
- GRE
type: string
required:
- type
- remoteIP
type: object
required:
- name
type: object
targetPort:
oneOf:
- required:
- local
- required:
- tunnel
- required:
- erspan
properties:
erspan:
properties:
dir:
type: integer
hardwareID:
type: integer
index:
type: integer
remoteIP:
oneOf:
- format: ipv4
- format: ipv6
type: string
tunnelID:
type: integer
version:
enum:
- 1
- 2
type: integer
required:
- remoteIP
- version
type: object
local:
properties:
internal:
type: boolean
required:
- internal
type: object
name:
type: string
tunnel:
properties:
remoteIP:
oneOf:
- format: ipv4
- format: ipv6
type: string
tunnelID:
type: integer
type:
enum:
- VXLAN
- GENEVE
- GRE
type: string
required:
- type
- remoteIP
type: object
required:
- name
type: object
required:
- appliedTo
- direction
- action
- targetPort
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: v1
kind: ServiceAccount
metadata:
Expand Down
Loading

0 comments on commit 762ab2c

Please sign in to comment.