Update antrea-interworking config types

Signed-off-by: Wenqi Qiu <[email protected]>
vmware-tanzu · Mar 30, 2023 · f163330 · f163330
1 parent 06e90be
commit f163330
Show file tree

Hide file tree

Showing 9 changed files with 280 additions and 167 deletions.
diff --git a/addons/controllers/antrea/antreaconfig_controller.go b/addons/controllers/antrea/antreaconfig_controller.go
@@ -202,13 +202,6 @@ func (r *AntreaConfigReconciler) ReconcileAntreaConfigNormal(
 		return err
 	}
 
-	if antreaConfig.Spec.AntreaNsx.BootstrapFrom.ProviderRef != nil && antreaConfig.Spec.AntreaNsx.BootstrapFrom.Inline != nil {
-		err := fmt.Errorf("providerRef and inline should not be both set in AntreaConfig.spec.antreaNsx.bootstrapFrom")
-		antreaConfig.Status.Message = err.Error()
-	} else {
-		// clear the message here.
-		antreaConfig.Status.Message = ""
-	}
 	// update status.secretRef
 	dataValueSecretName := util.GenerateDataValueSecretName(cluster.Name, constants.AntreaAddonName)
 	antreaConfig.Status.SecretRef = dataValueSecretName
@@ -329,21 +322,11 @@ func (r *AntreaConfigReconciler) ensureProviderServiceAccount(ctx context.Contex
 }
 
 func (r *AntreaConfigReconciler) registerAntreaNSX(ctx context.Context, antreaConfig *cniv1alpha2.AntreaConfig, cluster *clusterapiv1beta1.Cluster) error {
-	if !antreaConfig.Spec.AntreaNsx.Enable || antreaConfig.Spec.AntreaNsx.BootstrapFrom.Inline != nil {
+	if !antreaConfig.Spec.AntreaNsx.Enable || antreaConfig.Spec.AntreaNsx.AntreaNsxConfig.BootstrapFrom == bootstrapFromInline {
 		r.Log.Info("antreaNsx is not enabled or inline is set, there is no ProviderServiceAccount or NsxServiceAccount to be created")
 		r.deregisterAntreaNSX(ctx, antreaConfig, cluster)
 		return nil
 	}
-	if antreaConfig.Spec.AntreaNsx.BootstrapFrom.ProviderRef != nil {
-		if strings.ToLower(antreaConfig.Spec.AntreaNsx.BootstrapFrom.ProviderRef.Kind) != nsxServiceAccountKind ||
-			strings.ToLower(antreaConfig.Spec.AntreaNsx.BootstrapFrom.ProviderRef.ApiGroup) != nsxServiceAccountAPIGroup {
-			err := fmt.Errorf("either ProviderRef.Kind(%s) or ProviderRef.ApiGroup(%s) is invalid, expcted:ProviderRef.Kind(%s) ProviderRef.ApiGroup(%s)",
-				antreaConfig.Spec.AntreaNsx.BootstrapFrom.ProviderRef.Kind, antreaConfig.Spec.AntreaNsx.BootstrapFrom.ProviderRef.ApiGroup,
-				nsxServiceAccountKind, nsxServiceAccountAPIGroup)
-			antreaConfig.Status.Message = err.Error()
-			return err
-		}
-	}
 	antreaConfig.Status.Message = ""
 	err := r.ensureProviderServiceAccount(ctx, antreaConfig, cluster)
 	if err != nil {

diff --git a/addons/controllers/antrea/antreaconfig_util.go b/addons/controllers/antrea/antreaconfig_util.go
@@ -6,6 +6,7 @@ package controllers
 import (
 	"context"
 	"fmt"
+	"reflect"
 	"strings"
 
 	"github.com/pkg/errors"
@@ -24,6 +25,11 @@ import (
 	cniv1alpha2 "github.com/vmware-tanzu/tanzu-framework/apis/addonconfigs/cni/v1alpha2"
 )
 
+const (
+	bootstrapFromInline            = "Inline"
+	bootstrapFromSupervisorCluster = "SupervisorCluster"
+)
+
 // AntreaConfigSpec defines the desired state of AntreaConfig
 type AntreaConfigSpec struct {
 	InfraProvider string    `yaml:"infraProvider"`
@@ -36,42 +42,65 @@ type antrea struct {
 }
 
 type antreaNsx struct {
-	Enable          bool                   `yaml:"enable,omitempty"`
-	BootstrapFrom   antreaNsxBootstrapFrom `yaml:"bootstrapFrom,omitempty"`
-	AntreaNsxConfig antreaNsxConfig        `yaml:"config,omitempty"`
-}
-
-type antreaNsxBootstrapFrom struct {
-	// ProviderRef is used with uTKG, which will be filled by NCP operator
-	ProviderRef *antreaNsxProvider `yaml:"providerRef,omitempty"`
-	// Inline is used with TKGm, user need to fill in manually
-	Inline *antreaNsxInline `yaml:"inline,omitempty"`
+	Enable          bool            `yaml:"enable,omitempty"`
+	AntreaNsxConfig antreaNsxConfig `yaml:"config,omitempty"`
 }
 
-type antreaNsxProvider struct {
-	// Api version for nsxServiceAccount, its value is "nsx.vmware.com/v1alpha1" now
-	ApiVersion string `yaml:"apiVersion,omitempty"`
-	// Its value is NsxServiceAccount
-	Kind string `yaml:"kind,omitempty"`
-	// Name is the name for NsxServiceAccount
-	Name string `yaml:"name,omitempty"`
+type antreaNsxConfig struct {
+	InfraType                       string         `yaml:"infraType,omitempty"`
+	BootstrapFrom                   string         `yaml:"bootstrapFrom,omitempty"`
+	BootstrapSupervisorResourceName string         `yaml:"bootstrapSupervisorResourceName,omitempty"`
+	NSXCert                         string         `yaml:"nsxCert,omitempty"`
+	NSXKey                          string         `yaml:"nsxKey,omitempty"`
+	NSXUser                         string         `yaml:"nsxUser,omitempty"`
+	NSXPassword                     string         `yaml:"nsxPassword,omitempty"`
+	ClusterName                     string         `yaml:"clusterName,omitempty"`
+	NSXManagers                     []string       `yaml:"NSXManagers,omitempty"`
+	VPCPath                         []string       `yaml:"vpcPath,omitempty"`
+	ProxyEndpoints                  proxyEndpoints `yaml:"proxyEndpoints,omitempty"`
+	MpAdapterConf                   mpAdapterConf  `yaml:"mp_adapter_conf,omitempty"`
+	CcpAdapterConf                  ccpAdapterConf `yaml:"ccp_adapter_conf,omitempty"`
 }
 
-type nsxCertRef struct {
-	// TLSCert is cert file to access nsx manager
-	TLSCert string `yaml:"tls.crt,omitempty"`
-	// TLSKey is key file to access nsx manager
-	TLSKey string `yaml:"tls.key,omitempty"`
+type proxyEndpoints struct {
+	RestApi        []string `yaml:"rest_api,omitempty"`
+	NSXRpcFwdProxy []string `yaml:"nsx_rpc_fwd_proxy,omitempty"`
 }
 
-type antreaNsxInline struct {
-	NsxManagers []string   `yaml:"nsxManagers,omitempty"`
-	ClusterName string     `yaml:"clusterName,omitempty"`
-	NsxCertRef  nsxCertRef `yaml:"NsxCert,omitempty"`
+type mpAdapterConf struct {
+	NSXClientAuthCertFile string `yaml:"NSXClientAuthCertFile,omitempty"`
+	NSXClientAuthKeyFile  string `yaml:"NSXClientAuthKeyFile,omitempty"`
+	NSXRemoteAuth         bool   `yaml:"NSXRemoteAuth,omitempty"`
+	NSXCAFile             string `yaml:"NSXCAFile,omitempty"`
+	NSXInsecure           bool   `yaml:"NSXInsecure,omitempty"`
+	NSXRPCConnType        string `yaml:"NSXRPCConnType,omitempty"`
+	ClusterType           string `yaml:"clusterType,omitempty"`
+	NSXClientTimeout      int    `yaml:"NSXClientTimeout,omitempty"`
+	InventoryBatchSize    int    `yaml:"InventoryBatchSize,omitempty"`
+	InventoryBatchPeriod  int    `yaml:"InventoryBatchPeriod,omitempty"`
+	EnableDebugServer     bool   `yaml:"EnableDebugServer,omitempty"`
+	APIServerPort         int    `yaml:"APIServerPort,omitempty"`
+	DebugServerPort       int    `yaml:"DebugServerPort,omitempty"`
+	NSXRPCDebug           bool   `yaml:"NSXRPCDebug,omitempty"`
+	ConditionTimeout      int    `yaml:"ConditionTimeout,omitempty"`
 }
 
-type antreaNsxConfig struct {
-	InfraType string `yaml:"infraType,omitempty"`
+type ccpAdapterConf struct {
+	EnableDebugServer bool `yaml:"EnableDebugServer,omitempty"`
+	APIServerPort     int  `yaml:"APIServerPort,omitempty"`
+	DebugServerPort   int  `yaml:"DebugServerPort,omitempty"`
+	NSXRPCDebug       bool `yaml:"NSXRPCDebug,omitempty"`
+	// Time to wait for realization
+	RealizeTimeoutSeconds int `yaml:"RealizeTimeoutSeconds,omitempty"`
+	// An interval for regularly report latest realization error in background
+	RealizeErrorSyncIntervalSeconds int `yaml:"RealizeErrorSyncIntervalSeconds,omitempty"`
+	ReconcilerWorkerCount           int `yaml:"ReconcilerWorkerCount,omitempty"`
+	// Average QPS = ReconcilerWorkerCount * ReconcilerQPS
+	ReconcilerQPS int `yaml:"ReconcilerQPS,omitempty"`
+	// Peak QPS =  ReconcilerWorkerCount * ReconcilerBurst
+	ReconcilerBurst int `yaml:"ReconcilerBurst,omitempty"`
+	// #! 24 Hours
+	ReconcilerResyncSeconds int `yaml:"ReconcilerResyncSeconds,omitempty"`
 }
 
 type antreaEgress struct {
@@ -299,27 +328,50 @@ func mapAntreaConfigSpec(cluster *clusterv1beta1.Cluster, config *cniv1alpha2.An
 	// NSX related
 	if semver.Compare(version, "1.9.0") >= 0 && config.Spec.AntreaNsx.Enable {
 		configSpec.AntreaNsx.Enable = config.Spec.AntreaNsx.Enable
-		if config.Spec.AntreaNsx.BootstrapFrom.Inline != nil {
-			configSpec.AntreaNsx.BootstrapFrom.Inline.NsxManagers = config.Spec.AntreaNsx.BootstrapFrom.Inline.NsxManagers
-			configSpec.AntreaNsx.BootstrapFrom.Inline.ClusterName = config.Spec.AntreaNsx.BootstrapFrom.Inline.ClusterName
+		switch config.Spec.AntreaNsx.AntreaNsxConfig.BootstrapFrom {
+		case bootstrapFromInline:
+			configSpec.AntreaNsx.AntreaNsxConfig.NSXManagers = config.Spec.AntreaNsx.AntreaNsxConfig.NSXManagers
+			configSpec.AntreaNsx.AntreaNsxConfig.ClusterName = config.Spec.AntreaNsx.AntreaNsxConfig.ClusterName
 			// NSX cert
 			secret, err := getNSXCert(client, config.Name, config.Namespace)
 			if err != nil {
 				return configSpec, err
 			}
-			configSpec.AntreaNsx.BootstrapFrom.Inline.NsxCertRef.TLSCert = string(secret.Data["tls.crt"])
-			configSpec.AntreaNsx.BootstrapFrom.Inline.NsxCertRef.TLSKey = string(secret.Data["tls.key"])
-		} else if config.Spec.AntreaNsx.BootstrapFrom.ProviderRef != nil {
-			configSpec.AntreaNsx.BootstrapFrom.ProviderRef.ApiVersion = config.Spec.AntreaNsx.BootstrapFrom.ProviderRef.ApiGroup
-			configSpec.AntreaNsx.BootstrapFrom.ProviderRef.Kind = config.Spec.AntreaNsx.BootstrapFrom.ProviderRef.Kind
-			configSpec.AntreaNsx.BootstrapFrom.ProviderRef.Name = config.Spec.AntreaNsx.BootstrapFrom.ProviderRef.Name
+			configSpec.AntreaNsx.AntreaNsxConfig.NSXCert = string(secret.Data["tls.crt"])
+			configSpec.AntreaNsx.AntreaNsxConfig.NSXKey = string(secret.Data["tls.key"])
+			configSpec.AntreaNsx.AntreaNsxConfig.VPCPath = config.Spec.AntreaNsx.AntreaNsxConfig.VPCPath
+		case bootstrapFromSupervisorCluster:
+			configSpec.AntreaNsx.AntreaNsxConfig.BootstrapSupervisorResourceName = config.Spec.AntreaNsx.AntreaNsxConfig.BootstrapSupervisorResourceName
 		}
+		configSpec.AntreaNsx.AntreaNsxConfig.ProxyEndpoints.NSXRpcFwdProxy = config.Spec.AntreaNsx.AntreaNsxConfig.ProxyEndpoints.NSXRpcFwdProxy
+		configSpec.AntreaNsx.AntreaNsxConfig.ProxyEndpoints.RestApi = config.Spec.AntreaNsx.AntreaNsxConfig.ProxyEndpoints.RestApi
 
+		ccpConf := config.Spec.AntreaNsx.AntreaNsxConfig.CcpAdapterConf
+		if err := copyStructAtoB(ccpConf, &configSpec.AntreaNsx.AntreaNsxConfig.CcpAdapterConf); err != nil {
+			return configSpec, err
+		}
+		mpConf := config.Spec.AntreaNsx.AntreaNsxConfig.MpAdapterConf
+		if err := copyStructAtoB(mpConf, &configSpec.AntreaNsx.AntreaNsxConfig.MpAdapterConf); err != nil {
+			return configSpec, err
+		}
 	}
 
 	return configSpec, nil
 }
 
+func copyStructAtoB(a interface{}, b interface{}) error {
+	va := reflect.ValueOf(a)
+	vb := reflect.ValueOf(b).Elem()
+	for i := 0; i < va.NumField(); i++ {
+		fieldA := va.Field(i)
+		fieldB := vb.FieldByName(va.Type().Field(i).Name)
+		if fieldB.IsValid() && fieldA.Type() == fieldB.Type() {
+			fieldB.Set(fieldA)
+		}
+	}
+	return nil
+}
+
 func getNSXCert(client client.Client, secretName, secretNamespace string) (secret *corev1.Secret, err error) {
 	secret = &corev1.Secret{}
 	if err := client.Get(context.TODO(), types.NamespacedName{

diff --git a/addons/controllers/antrea/antreaconfig_util_test.go b/addons/controllers/antrea/antreaconfig_util_test.go
@@ -4,6 +4,8 @@ import (
 	"context"
 	"testing"
 
+	"github.com/vmware-tanzu/tanzu-framework/apis/addonconfigs/cni/v1alpha2"
+
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	corev1 "k8s.io/api/core/v1"
@@ -46,3 +48,31 @@ func TestGetNSXCert(t *testing.T) {
 		t.Error("returned secret missing tls.key field")
 	}
 }
+
+func TestCopyStruct(t *testing.T) {
+	ccpConf := v1alpha2.CcpAdapterConf{
+		EnableDebugServer: true,
+		APIServerPort:     1234,
+	}
+	descCcpAdapterConf := ccpAdapterConf{
+		EnableDebugServer: false,
+		APIServerPort:     0,
+	}
+	err := copyStructAtoB(ccpConf, &descCcpAdapterConf)
+	require.NoError(t, err, "copy CcpAdapterConf values error")
+	assert.Equal(t, 1234, descCcpAdapterConf.APIServerPort)
+	assert.Equal(t, true, descCcpAdapterConf.EnableDebugServer)
+
+	mpConf := v1alpha2.MpAdapterConf{
+		NSXClientAuthCertFile: "fake-cert-file",
+		ConditionTimeout:      150,
+	}
+	descMpAdapterConf := mpAdapterConf{
+		NSXClientAuthCertFile: "",
+		ConditionTimeout:      0,
+	}
+	err = copyStructAtoB(mpConf, &descMpAdapterConf)
+	require.NoError(t, err, "copy MpAdapterConf values error")
+	assert.Equal(t, "fake-cert-file", descMpAdapterConf.NSXClientAuthCertFile)
+	assert.Equal(t, 150, descMpAdapterConf.ConditionTimeout)
+}