Add packetsampling feature

Signed-off-by: Hang Yan <[email protected]>
antrea-io · Apr 10, 2024 · 9ae8636 · 9ae8636
1 parent 62bfd6b
commit 9ae8636
Show file tree

Hide file tree

Showing 58 changed files with 5,989 additions and 320 deletions.
diff --git a/build/charts/antrea/conf/antrea-agent.conf b/build/charts/antrea/conf/antrea-agent.conf
@@ -23,6 +23,9 @@ featureGates:
 # Enable traceflow which provides packet tracing feature to diagnose network issue.
 {{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "Traceflow" "default" true) }}
 
+# Enable PacketSampling feature which provides packets sampling (capture) feature to diagnose network issue.
+{{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "PacketSampling" "default" false) }}
+
 # Enable NodePortLocal feature to make the Pods reachable externally through NodePort
 {{- include "featureGate" (dict "featureGates" .Values.featureGates "name" "NodePortLocal" "default" true) }}
 

diff --git a/build/charts/antrea/crds/packetsampling.yaml b/build/charts/antrea/crds/packetsampling.yaml
@@ -0,0 +1,173 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: packetsamplings.crd.antrea.io
+  labels:
+    app: antrea
+spec:
+  group: crd.antrea.io
+  versions:
+    - name: v1alpha1
+      served: true
+      storage: true
+      additionalPrinterColumns:
+        - jsonPath: .status.phase
+          description: The phase of the PacketSampling.
+          name: Phase
+          type: string
+        - jsonPath: .spec.source.pod
+          description: The name of the source Pod.
+          name: Source-Pod
+          type: string
+          priority: 10
+        - jsonPath: .spec.destination.pod
+          description: The name of the destination Pod.
+          name: Destination-Pod
+          type: string
+          priority: 10
+        - jsonPath: .spec.destination.ip
+          description: The IP address of the destination.
+          name: Destination-IP
+          type: string
+          priority: 10
+        - jsonPath: .spec.timeout
+          description: Timeout in seconds.
+          name: Timeout
+          type: integer
+          priority: 10
+        - jsonPath: .metadata.creationTimestamp
+          name: Age
+          type: date
+      schema:
+        openAPIV3Schema:
+          type: object
+          required:
+            - spec
+          properties:
+            spec:
+              type: object
+              properties:
+                source:
+                  type: object
+                  properties:
+                    pod:
+                      type: string
+                    namespace:
+                      type: string
+                    ip:
+                      type: string
+                      oneOf:
+                        - format: ipv4
+                        - format: ipv6
+                destination:
+                  type: object
+                  properties:
+                    pod:
+                      type: string
+                    service:
+                      type: string
+                    namespace:
+                      type: string
+                    ip:
+                      type: string
+                      oneOf:
+                        - format: ipv4
+                        - format: ipv6
+                packet:
+                  type: object
+                  properties:
+                    ipHeader:
+                      type: object
+                      properties:
+                        protocol:
+                          type: integer
+                          minimum: 0
+                          maximum: 255
+                    ipv6Header:
+                      type: object
+                      properties:
+                        nextHeader:
+                          type: integer
+                          minimum: 0
+                          maximum: 65535
+                    transportHeader:
+                      type: object
+                      properties:
+                        udp:
+                          type: object
+                          properties:
+                            srcPort:
+                              type: integer
+                              minimum: 1
+                              maximum: 65535
+                            dstPort:
+                              type: integer
+                              minimum: 1
+                              maximum: 65535
+                        tcp:
+                          type: object
+                          properties:
+                            srcPort:
+                              type: integer
+                              minimum: 1
+                              maximum: 65535
+                            dstPort:
+                              type: integer
+                              minimum: 1
+                              maximum: 65535
+                            flags:
+                              type: integer
+                              minimum: 0
+                              maximum: 255
+                timeout:
+                  type: integer
+                  minimum: 1
+                  maximum: 300
+                type:
+                  type: string
+                firstNSamplingConfig:
+                  type: object
+                  properties:
+                    number:
+                      type: integer
+                fileServer:
+                  type: object
+                  properties:
+                    url:
+                      type: string
+                authentication:
+                  type: object
+                  properties:
+                    authType:
+                      type: string
+                      enum: [ "BearerToken", "APIKey", "BasicAuthentication" ]
+                    authSecret:
+                      type: object
+                      properties:
+                        name:
+                          type: string
+                        namespace:
+                          type: string
+            status:
+              type: object
+              properties:
+                reason:
+                  type: string
+                phase:
+                  type: string
+                startTime:
+                  type: string
+                numCapturedPackets:
+                  type: integer
+                packetsPath:
+                  type: string
+
+      subresources:
+        status: {}
+  scope: Cluster
+  names:
+    plural: packetsamplings
+    singular: packetsampling
+    kind: PacketSampling
+    shortNames:
+      - ps
diff --git a/build/charts/antrea/templates/agent/clusterrole.yaml b/build/charts/antrea/templates/agent/clusterrole.yaml
@@ -33,6 +33,12 @@ rules:
       - pods/status
     verbs:
       - patch
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - get
   - apiGroups:
       - ""
     resources:
@@ -154,6 +160,20 @@ rules:
       - patch
       - create
       - delete
+  - apiGroups:
+      - crd.antrea.io
+    resources:
+      - packetsamplings
+    verbs:
+      - get
+      - watch
+      - list
+  - apiGroups:
+      - crd.antrea.io
+    resources:
+      - packetsamplings/status
+    verbs:
+      - patch
   - apiGroups:
       - crd.antrea.io
     resources:

diff --git a/build/charts/antrea/templates/webhooks/validating/crdvalidator.yaml b/build/charts/antrea/templates/webhooks/validating/crdvalidator.yaml
@@ -184,3 +184,18 @@ webhooks:
     admissionReviewVersions: ["v1", "v1beta1"]
     sideEffects: None
     timeoutSeconds: 5
+  - name: "packetsamplingvalidator.antrea.io"
+    clientConfig:
+      service:
+        name: "antrea"
+        namespace: {{ .Release.Namespace }}
+        path: "/validate/packetsampling"
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: ["crd.antrea.io"]
+        apiVersions: ["v1alpha1"]
+        resources: ["packetsampling"]
+        scope: "Cluster"
+    admissionReviewVersions: ["v1", "v1beta1"]
+    sideEffects: None
+    timeoutSeconds: 5