Add scope field for toServices in Antrea-native policies

[Dyanngg]

Adds a scope field for toServices feature in Antrea-native policy
egress rules. When scope is set to ClusterSet, users can simply
provide the name and Namespace of the exported Service, and
Antrea will match rule with egress traffic intended for backends of
the exported Service across all clusters in the ClusterSet.
It is equivalent to putting the imported Service name (antrea-mc-
[svcName]) in toServices field without setting scope.

Signed-off-by: Dyanngg dingyang@vmware.com

[codecov]

Codecov Report

Merging #4397 (cee3655) into main (656a1f9) will increase coverage by 0.24%.
The diff coverage is 89.28%.

❗ Current head cee3655 differs from pull request most recent head 0588522. Consider uploading reports for the commit 0588522 to get more accurate results

@@            Coverage Diff             @@
##             main    #4397      +/-   ##
==========================================
+ Coverage   69.78%   70.02%   +0.24%     
==========================================
  Files         379      391      +12     
  Lines       55438    55532      +94     
==========================================
+ Hits        38688    38887     +199     
+ Misses      14081    13981     -100     
+ Partials     2669     2664       -5     

Flag	Coverage Δ		*Carryforward flag
e2e-tests	61.47% <100.00%> (?)
integration-tests	34.55% <72.72%> (-0.04%)	⬇️	Carriedforward from 0588522
kind-e2e-tests	46.69% <12.50%> (ø)		Carriedforward from 0588522
unit-tests	58.14% <89.28%> (+0.04%)	⬆️	Carriedforward from 0588522

*This pull request uses carry forward flags. Click here to find out more.

Impacted Files	Coverage Δ
pkg/controller/networkpolicy/crd_utils.go	84.43% <76.92%> (-9.15%)	⬇️
...icluster/controllers/multicluster/common/helper.go	92.98% <100.00%> (+0.25%)	⬆️
...uster/commonarea/acnp_resourceimport_controller.go	69.74% <100.00%> (ø)
...lticluster/commonarea/resourceimport_controller.go	80.21% <100.00%> (ø)
...ntroller/networkpolicy/networkpolicy_controller.go	84.57% <100.00%> (ø)
pkg/controller/networkpolicy/validate.go	52.44% <100.00%> (ø)
...trollers/multicluster/resourceexport_controller.go	75.40% <0.00%> (-3.48%)	⬇️
pkg/ovs/openflow/ofctrl_bridge.go	76.98% <0.00%> (-0.57%)	⬇️
...ter/apis/multicluster/v1alpha1/clusterset_types.go	100.00% <0.00%> (ø)
... and 34 more

[luolanzone]

@Dyanngg Could you re-base and resolve conflicts? thanks.

[luolanzone]

@Dyanngg could you address the remain comments? I think overall is good, we may merge this after you address the comments. thanks.

[luolanzone]

@Dyanngg there is an out-of-date manifest, please check and fix it. https://github.com/antrea-io/antrea/actions/runs/3699555406/jobs/6267162564

[tnqn]

LGTM, one minor comment

[jianjuns]

@tnqn : is it an incompatible API change? Or, we do not consider client lib changes in versioning?

[tnqn]

@tnqn : is it an incompatible API change? Or, we do not consider client lib changes in versioning?

This only adds an optional field and is compatible. If you mean the type change NamespacedName -> PeerService, I think it's fine. If the lib consumer doesn't upgrade client lib, using NamespacedName would still work, it just won't be able to use multicluster service. If they upgrade client lib, they should change the type to PeerService, which kind of change happens in many libraries.

[Dyanngg]

/test-all /test-multicluster-e2e

[tnqn]

Needs to resolve the conflicts and update the PR title and description as they are stale. Could you squash the commits as well? Otherwise the automatic generated commit would include some historical information about toMulticlusterServices.

[Dyanngg]

/test-all /test-multicluster-e2e

[tnqn]

LGTM