diff --git a/addons/controllers/antrea/antreaconfig_controller.go b/addons/controllers/antrea/antreaconfig_controller.go index 23eae603754..338f7c223ec 100644 --- a/addons/controllers/antrea/antreaconfig_controller.go +++ b/addons/controllers/antrea/antreaconfig_controller.go @@ -184,7 +184,7 @@ func (r *AntreaConfigReconciler) ReconcileAntreaConfigNormal( return err } - if antreaConfig.Spec.AntreaNsx.AntreaNsxProvider != nil && antreaConfig.Spec.AntreaNsx.AntreaNsxInline != nil { + if antreaConfig.Spec.AntreaNsx.BootstrapFrom.ProviderRef != nil && antreaConfig.Spec.AntreaNsx.BootstrapFrom.Inline != nil { err := fmt.Errorf("AntreaNsxProvider can not be used with AntreaNsxInline in antreaConfig") antreaConfig.Status.Message = err.Error() } @@ -192,6 +192,10 @@ func (r *AntreaConfigReconciler) ReconcileAntreaConfigNormal( dataValueSecretName := util.GenerateDataValueSecretName(cluster.Name, constants.AntreaAddonName) antreaConfig.Status.SecretRef = dataValueSecretName + if !antreaConfig.Spec.AntreaNsx.Enable { + r.Log.Info("antreaNsx is not enabled, there is no ProviderServiceAccount or NsxServiceAccount to be created") + return nil + } err := r.confirmProviderServiceAccount(antreaConfig, cluster) if err != nil { return err @@ -300,6 +304,10 @@ func (r *AntreaConfigReconciler) confirmProviderServiceAccount(antreaConfig *cni } func (r *AntreaConfigReconciler) deleteAccounts(antreaConfig *cniv1alpha1.AntreaConfig) error { + if !antreaConfig.Spec.AntreaNsx.Enable { + r.Log.Info("antreaNsx is not enabled, there is no ProviderServiceAccount or NsxServiceAccount to be deleted") + return nil + } account := &nsxoperatorapi.NSXServiceAccount{} clusterName, exists := getClusterName(antreaConfig) if !exists { diff --git a/addons/controllers/antrea/antreaconfig_util.go b/addons/controllers/antrea/antreaconfig_util.go index a169e95eb80..1ff6bcbfa4e 100644 --- a/addons/controllers/antrea/antreaconfig_util.go +++ b/addons/controllers/antrea/antreaconfig_util.go @@ -31,22 +31,43 @@ type antrea struct { } type antreaNsx struct { - Enable bool `yaml:"enable,omitempty"` - BootstrapFrom string `yaml:"bootstrapFrom,omitempty"` - AntreaNsxProvider *antreaNsxProvider `yaml:"provider,omitempty"` - AntreaNsxInline *antreaNsxInline `yaml:"inline,omitempty"` - AntreaNsxConfig antreaNsxConfig `yaml:"config,omitempty"` + Enable bool `yaml:"enable,omitempty"` + BootstrapFrom AntreaNsxBootstrapFrom `yaml:"bootstrapFrom,omitempty"` + AntreaNsxConfig antreaNsxConfig `yaml:"config,omitempty"` } type antreaNsxProvider struct { - ApiGroup string `yaml:"apiGroup,omitempty"` - Kind string `yaml:"kind,omitempty"` + ApiVersion string `yaml:"apiVersion,omitempty"` + Kind string `yaml:"kind,omitempty"` +} + +type AntreaNsxBootstrapFrom struct { + // providerRef is used with uTKG, which will be filled by NCP operator + ProviderRef *antreaNsxProvider `yaml:"providerRef,omitempty"` + // inline is used with TKGm, user need to fill in manually + Inline *antreaNsxInline `yaml:"inline,omitempty"` +} + +type AntreaNsxProvider struct { + // api version for nsxServiceAccount, its value is "nsx.vmware.com/v1alpha1" now + ApiVersion string `yaml:"apiVersion,omitempty"` + // its value is NsxServiceAccount + Kind string `yaml:"kind,omitempty"` + // the name for NsxServiceAccount + Name string `yaml:"name,omitempty"` +} + +type nsxCertRef struct { + // tls.crt is cert file to access nsx manager + TLSCert string `yaml:"tls.crt,omitempty"` + // tls.key is key file to access nsx manager + TLSKey string `yaml:"tls.key,omitempty"` } type antreaNsxInline struct { - NsxManagers []string `yaml:"nsxManagers,omitempty"` - ClusterName string `yaml:"ClusterName,omitempty"` - NsxCertRef string `yaml:"NsxCertRef,omitempty"` + NsxManagers []string `yaml:"nsxManagers,omitempty"` + ClusterName string `yaml:"clusterName,omitempty"` + NsxCertRef nsxCertRef `yaml:"NsxCert,omitempty"` } type antreaNsxConfig struct { @@ -85,9 +106,9 @@ type antreaConfigDataValue struct { AntreaProxy antreaProxy `yaml:"antreaProxy,omitempty"` FlowExporter antreaFlowExporter `yaml:"flowExporter,omitempty"` KubeAPIServerOverride string `yaml:"kubeAPIServerOverride,omitempty"` - transportInterface string `yaml:"transportInterface,omitempty"` - transportInterfaceCIDRs []string `yaml:"transportInterfaceCIDRs,omitempty"` - multicastInterfaces []string `yaml:"multicastInterfaces,omitempty"` + TransportInterface string `yaml:"transportInterface,omitempty"` + TransportInterfaceCIDRs []string `yaml:"transportInterfaceCIDRs,omitempty"` + MulticastInterfaces []string `yaml:"multicastInterfaces,omitempty"` TunnelType string `yaml:"tunnelType,omitempty"` TrafficEncryptionMode string `yaml:"trafficEncryptionMode,omitempty"` EnableUsageReporting bool `yaml:"enableUsageReporting,omitempty"` @@ -199,9 +220,9 @@ func mapAntreaConfigSpec(cluster *clusterv1beta1.Cluster, config *cniv1alpha1.An configSpec.Antrea.AntreaConfigDataValue.FlowExporter.ActiveFlowTimeout = config.Spec.Antrea.AntreaConfigDataValue.AntreaFlowExporter.ActiveFlowTimeout configSpec.Antrea.AntreaConfigDataValue.FlowExporter.IdleFlowTimeout = config.Spec.Antrea.AntreaConfigDataValue.AntreaFlowExporter.IdleFlowTimeout configSpec.Antrea.AntreaConfigDataValue.KubeAPIServerOverride = config.Spec.Antrea.AntreaConfigDataValue.KubeAPIServerOverride - configSpec.Antrea.AntreaConfigDataValue.transportInterface = config.Spec.Antrea.AntreaConfigDataValue.TransportInterface - configSpec.Antrea.AntreaConfigDataValue.transportInterfaceCIDRs = config.Spec.Antrea.AntreaConfigDataValue.TransportInterfaceCIDRs - configSpec.Antrea.AntreaConfigDataValue.multicastInterfaces = config.Spec.Antrea.AntreaConfigDataValue.MulticastInterfaces + configSpec.Antrea.AntreaConfigDataValue.TransportInterface = config.Spec.Antrea.AntreaConfigDataValue.TransportInterface + configSpec.Antrea.AntreaConfigDataValue.TransportInterfaceCIDRs = config.Spec.Antrea.AntreaConfigDataValue.TransportInterfaceCIDRs + configSpec.Antrea.AntreaConfigDataValue.MulticastInterfaces = config.Spec.Antrea.AntreaConfigDataValue.MulticastInterfaces configSpec.Antrea.AntreaConfigDataValue.TunnelType = config.Spec.Antrea.AntreaConfigDataValue.TunnelType configSpec.Antrea.AntreaConfigDataValue.EnableUsageReporting = config.Spec.Antrea.AntreaConfigDataValue.EnableUsageReporting configSpec.Antrea.AntreaConfigDataValue.WireGuard.Port = config.Spec.Antrea.AntreaConfigDataValue.WireGuard.Port @@ -225,22 +246,7 @@ func mapAntreaConfigSpec(cluster *clusterv1beta1.Cluster, config *cniv1alpha1.An configSpec.Antrea.AntreaConfigDataValue.FeatureGates.Multicast = config.Spec.Antrea.AntreaConfigDataValue.FeatureGates.Multicast //nsx config - if config.Spec.AntreaNsx.Enable { - configSpec.AntreaNsx.Enable = config.Spec.AntreaNsx.Enable - if config.Spec.AntreaNsx.AntreaNsxProvider != nil { - configSpec.AntreaNsx.AntreaNsxProvider.ApiGroup = config.Spec.AntreaNsx.AntreaNsxProvider.ApiGroup - configSpec.AntreaNsx.AntreaNsxProvider.Kind = config.Spec.AntreaNsx.AntreaNsxProvider.Kind - } else if config.Spec.AntreaNsx.AntreaNsxInline == nil { - configSpec.AntreaNsx.AntreaNsxProvider = new(antreaNsxProvider) - configSpec.AntreaNsx.AntreaNsxProvider.ApiGroup = "nsx.vmware.com" - configSpec.AntreaNsx.AntreaNsxProvider.Kind = "NSXServiceAccount" - } - if config.Spec.AntreaNsx.AntreaNsxInline != nil { - configSpec.AntreaNsx.AntreaNsxInline.NsxManagers = config.Spec.AntreaNsx.AntreaNsxInline.NsxManagers - configSpec.AntreaNsx.AntreaNsxInline.ClusterName = config.Spec.AntreaNsx.AntreaNsxInline.ClusterName - configSpec.AntreaNsx.AntreaNsxInline.NsxCertRef = config.Spec.AntreaNsx.AntreaNsxInline.NsxCertRef - } - } + configSpec.AntreaNsx.Enable = config.Spec.AntreaNsx.Enable return configSpec, nil } diff --git a/apis/addonconfigs/cni/v1alpha1/antreaconfig_types.go b/apis/addonconfigs/cni/v1alpha1/antreaconfig_types.go index 229c29693e1..b6b74ab5891 100644 --- a/apis/addonconfigs/cni/v1alpha1/antreaconfig_types.go +++ b/apis/addonconfigs/cni/v1alpha1/antreaconfig_types.go @@ -11,7 +11,8 @@ type AntreaProxyNodePortAddress []string // AntreaConfigSpec defines the desired state of AntreaConfig type AntreaConfigSpec struct { - Antrea Antrea `json:"antrea,omitempty"` + Antrea Antrea `json:"antrea,omitempty"` + // AntreaNsx defines nsxt adapter related configurations AntreaNsx AntreaNsx `json:"antreaNsx,omitempty"` } @@ -218,25 +219,51 @@ type AntreaConfigStatus struct { } type AntreaNsx struct { - Enable bool `json:"enable,omitempty"` - BootstrapFrom string `json:"bootstrapFrom,omitempty"` - AntreaNsxProvider *AntreaNsxProvider `json:"provider,omitempty"` - AntreaNsxInline *AntreaNsxInline `json:"inline,omitempty"` - AntreaNsxConfig AntreaNsxConfig `json:"config,omitempty"` + // enable indicates whether nsxt adapter shall be enabled in the cluster + // +kubebuilder:validation:Optional + // +kubebuilder:default:=false + Enable bool `json:"enable,omitempty"` + // bootstrapFrom either providerRef or inline configs + BootstrapFrom AntreaNsxBootstrapFrom `json:"bootstrapFrom,omitempty"` + // config is configuration for nsxt adapter + AntreaNsxConfig AntreaNsxConfig `json:"config,omitempty"` +} + +type AntreaNsxBootstrapFrom struct { + // providerRef is used with uTKG, which will be filled by uTKG Addon Controller + ProviderRef *AntreaNsxProvider `json:"providerRef,omitempty"` + // inline is used with TKGm, user need to fill in manually + Inline *AntreaNsxInline `json:"inline,omitempty"` } type AntreaNsxProvider struct { - ApiGroup string `json:"apiGroup,omitempty"` - Kind string `json:"kind,omitempty"` + // api version for nsxServiceAccount, its value is "nsx.vmware.com/v1alpha1" now + ApiVersion string `json:"apiVersion,omitempty"` + // its value is NsxServiceAccount + Kind string `json:"kind,omitempty"` + // the name for NsxServiceAccount + Name string `json:"name,omitempty"` } type AntreaNsxInline struct { + // nsxManagers is the list for nsx managers, it can be either IP address or domain name NsxManagers []string `json:"nsxManagers,omitempty"` - ClusterName string `json:"ClusterName,omitempty"` - NsxCertRef string `json:"NsxCertRef,omitempty"` + // clusterName is the name for the created cluster + ClusterName string `json:"clusterName,omitempty"` + // nsxCert is cert files to access nsx manager + NsxCert NsxCertRef `json:"nsxCert,omitempty"` +} + +type NsxCertRef struct { + // tls.crt is cert file to access nsx manager + TLSCert string `json:"tls.crt,omitempty"` + // tls.key is key file to access nsx manager + TLSKey string `json:"tls.key,omitempty"` } type AntreaNsxConfig struct { + // infraType is the type for infrastructure, so far it is vSphere, VMC, AWS, Azure + InfraType string `json:"infraType,omitempty"` } // +kubebuilder:object:root=true diff --git a/apis/addonconfigs/cni/v1alpha1/zz_generated.deepcopy.go b/apis/addonconfigs/cni/v1alpha1/zz_generated.deepcopy.go index a355bdc1975..f782e36908c 100644 --- a/apis/addonconfigs/cni/v1alpha1/zz_generated.deepcopy.go +++ b/apis/addonconfigs/cni/v1alpha1/zz_generated.deepcopy.go @@ -218,25 +218,41 @@ func (in *AntreaNodePortLocal) DeepCopy() *AntreaNodePortLocal { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AntreaNsx) DeepCopyInto(out *AntreaNsx) { *out = *in - if in.AntreaNsxProvider != nil { - in, out := &in.AntreaNsxProvider, &out.AntreaNsxProvider + in.BootstrapFrom.DeepCopyInto(&out.BootstrapFrom) + out.AntreaNsxConfig = in.AntreaNsxConfig +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AntreaNsx. +func (in *AntreaNsx) DeepCopy() *AntreaNsx { + if in == nil { + return nil + } + out := new(AntreaNsx) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AntreaNsxBootstrapFrom) DeepCopyInto(out *AntreaNsxBootstrapFrom) { + *out = *in + if in.ProviderRef != nil { + in, out := &in.ProviderRef, &out.ProviderRef *out = new(AntreaNsxProvider) **out = **in } - if in.AntreaNsxInline != nil { - in, out := &in.AntreaNsxInline, &out.AntreaNsxInline + if in.Inline != nil { + in, out := &in.Inline, &out.Inline *out = new(AntreaNsxInline) (*in).DeepCopyInto(*out) } - out.AntreaNsxConfig = in.AntreaNsxConfig } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AntreaNsx. -func (in *AntreaNsx) DeepCopy() *AntreaNsx { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AntreaNsxBootstrapFrom. +func (in *AntreaNsxBootstrapFrom) DeepCopy() *AntreaNsxBootstrapFrom { if in == nil { return nil } - out := new(AntreaNsx) + out := new(AntreaNsxBootstrapFrom) in.DeepCopyInto(out) return out } @@ -264,6 +280,7 @@ func (in *AntreaNsxInline) DeepCopyInto(out *AntreaNsxInline) { *out = make([]string, len(*in)) copy(*out, *in) } + out.NsxCert = in.NsxCert } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AntreaNsxInline. @@ -470,3 +487,18 @@ func (in *CalicoConfigStatus) DeepCopy() *CalicoConfigStatus { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NsxCertRef) DeepCopyInto(out *NsxCertRef) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NsxCertRef. +func (in *NsxCertRef) DeepCopy() *NsxCertRef { + if in == nil { + return nil + } + out := new(NsxCertRef) + in.DeepCopyInto(out) + return out +} diff --git a/apis/addonconfigs/config/crd/bases/cni.tanzu.vmware.com_antreaconfigs.yaml b/apis/addonconfigs/config/crd/bases/cni.tanzu.vmware.com_antreaconfigs.yaml index cf154027e82..5e201111f30 100644 --- a/apis/addonconfigs/config/crd/bases/cni.tanzu.vmware.com_antreaconfigs.yaml +++ b/apis/addonconfigs/config/crd/bases/cni.tanzu.vmware.com_antreaconfigs.yaml @@ -238,31 +238,64 @@ spec: type: object type: object antreaNsx: + description: AntreaNsx defines nsxt adapter related configurations properties: bootstrapFrom: - type: string - config: - type: object - enable: - type: boolean - inline: + description: bootstrapFrom either providerRef or inline configs properties: - ClusterName: - type: string - NsxCertRef: - type: string - nsxManagers: - items: - type: string - type: array + inline: + description: inline is used with TKGm, user need to fill in + manually + properties: + clusterName: + description: clusterName is the name for the created cluster + type: string + nsxCert: + description: nsxCert is cert files to access nsx manager + properties: + tls.crt: + description: tls.crt is cert file to access nsx manager + type: string + tls.key: + description: tls.key is key file to access nsx manager + type: string + type: object + nsxManagers: + description: nsxManagers is the list for nsx managers, + it can be either IP address or domain name + items: + type: string + type: array + type: object + providerRef: + description: providerRef is used with uTKG, which will be + filled by uTKG Addon Controller + properties: + apiVersion: + description: api version for nsxServiceAccount, its value + is "nsx.vmware.com/v1alpha1" now + type: string + kind: + description: its value is NsxServiceAccount + type: string + name: + description: the name for NsxServiceAccount + type: string + type: object type: object - provider: + config: + description: config is configuration for nsxt adapter properties: - apiGroup: - type: string - kind: + infraType: + description: infraType is the type for infrastructure, so + far it is vSphere, VMC, AWS, Azure type: string type: object + enable: + default: false + description: enable indicates whether nsxt adapter shall be enabled + in the cluster + type: boolean type: object type: object status: diff --git a/packages/addons-manager/bundle/config/upstream/addonconfigscrds/cni.tanzu.vmware.com_antreaconfigs.yaml b/packages/addons-manager/bundle/config/upstream/addonconfigscrds/cni.tanzu.vmware.com_antreaconfigs.yaml index cf154027e82..5e201111f30 100644 --- a/packages/addons-manager/bundle/config/upstream/addonconfigscrds/cni.tanzu.vmware.com_antreaconfigs.yaml +++ b/packages/addons-manager/bundle/config/upstream/addonconfigscrds/cni.tanzu.vmware.com_antreaconfigs.yaml @@ -238,31 +238,64 @@ spec: type: object type: object antreaNsx: + description: AntreaNsx defines nsxt adapter related configurations properties: bootstrapFrom: - type: string - config: - type: object - enable: - type: boolean - inline: + description: bootstrapFrom either providerRef or inline configs properties: - ClusterName: - type: string - NsxCertRef: - type: string - nsxManagers: - items: - type: string - type: array + inline: + description: inline is used with TKGm, user need to fill in + manually + properties: + clusterName: + description: clusterName is the name for the created cluster + type: string + nsxCert: + description: nsxCert is cert files to access nsx manager + properties: + tls.crt: + description: tls.crt is cert file to access nsx manager + type: string + tls.key: + description: tls.key is key file to access nsx manager + type: string + type: object + nsxManagers: + description: nsxManagers is the list for nsx managers, + it can be either IP address or domain name + items: + type: string + type: array + type: object + providerRef: + description: providerRef is used with uTKG, which will be + filled by uTKG Addon Controller + properties: + apiVersion: + description: api version for nsxServiceAccount, its value + is "nsx.vmware.com/v1alpha1" now + type: string + kind: + description: its value is NsxServiceAccount + type: string + name: + description: the name for NsxServiceAccount + type: string + type: object type: object - provider: + config: + description: config is configuration for nsxt adapter properties: - apiGroup: - type: string - kind: + infraType: + description: infraType is the type for infrastructure, so + far it is vSphere, VMC, AWS, Azure type: string type: object + enable: + default: false + description: enable indicates whether nsxt adapter shall be enabled + in the cluster + type: boolean type: object type: object status: