Revert "Stop serving v1alpha2 version of the ClusterGroup CRD (antrea…

…-io#4812)" This reverts commit 4f6e9aa. Signed-off-by: graysonwu <wgrayson@vmware.com>
GraysonWu · Jul 19, 2023 · f0d52d9 · f0d52d9
1 parent c0b9027
commit f0d52d9
Show file tree

Hide file tree

Showing 12 changed files with 225 additions and 31 deletions.
diff --git a/build/charts/antrea/crds/clustergroup.yaml b/build/charts/antrea/crds/clustergroup.yaml
@@ -9,7 +9,7 @@ spec:
   group: crd.antrea.io
   versions:
     - name: v1alpha2
-      served: false
+      served: true
       storage: false
       schema:
         openAPIV3Schema:

diff --git a/build/yamls/antrea-aks.yml b/build/yamls/antrea-aks.yml
@@ -121,7 +121,7 @@ spec:
   group: crd.antrea.io
   versions:
     - name: v1alpha2
-      served: false
+      served: true
       storage: false
       schema:
         openAPIV3Schema:

diff --git a/build/yamls/antrea-crds.yml b/build/yamls/antrea-crds.yml
@@ -116,7 +116,7 @@ spec:
   group: crd.antrea.io
   versions:
     - name: v1alpha2
-      served: false
+      served: true
       storage: false
       schema:
         openAPIV3Schema:

diff --git a/build/yamls/antrea-eks.yml b/build/yamls/antrea-eks.yml
@@ -121,7 +121,7 @@ spec:
   group: crd.antrea.io
   versions:
     - name: v1alpha2
-      served: false
+      served: true
       storage: false
       schema:
         openAPIV3Schema:

diff --git a/build/yamls/antrea-gke.yml b/build/yamls/antrea-gke.yml
@@ -121,7 +121,7 @@ spec:
   group: crd.antrea.io
   versions:
     - name: v1alpha2
-      served: false
+      served: true
       storage: false
       schema:
         openAPIV3Schema:

diff --git a/build/yamls/antrea-ipsec.yml b/build/yamls/antrea-ipsec.yml
@@ -121,7 +121,7 @@ spec:
   group: crd.antrea.io
   versions:
     - name: v1alpha2
-      served: false
+      served: true
       storage: false
       schema:
         openAPIV3Schema:

diff --git a/build/yamls/antrea.yml b/build/yamls/antrea.yml
@@ -121,7 +121,7 @@ spec:
   group: crd.antrea.io
   versions:
     - name: v1alpha2
-      served: false
+      served: true
       storage: false
       schema:
         openAPIV3Schema:

diff --git a/docs/api.md b/docs/api.md
@@ -28,6 +28,7 @@ These are the CRDs currently available in `crd.antrea.io`.
 |---|---|---|---|---|
 | `AntreaAgentInfo` | v1beta1 | v1.0.0 | N/A | N/A |
 | `AntreaControllerInfo` | v1beta1 | v1.0.0 | N/A | N/A |
+| `ClusterGroup` | v1alpha2 | v1.0.0 | v1.1.0 | Feb 2022 |
 | `ClusterGroup` | v1alpha3 | v1.1.0 | N/A | N/A |
 | `ClusterNetworkPolicy` | v1alpha1 | v1.0.0 | N/A | N/A |
 | `Egress` | v1alpha2 | v1.0.0 | N/A | N/A |
@@ -52,8 +53,6 @@ These are the API group versions which are curently available when using Antrea.
 
 ## Previously-supported
 
-### Previously-supported API groups
-
 | API group | API version | API Service? | Introduced in | Deprecated in | Removed in |
 |---|---|---|---|---|---|
 | `core.antrea.tanzu.vmware.com` | `v1alpha1` | No | v0.8.0 | v0.11.0 | v0.11.0 |
@@ -67,15 +66,6 @@ These are the API group versions which are curently available when using Antrea.
 | `stats.antrea.tanzu.vmware.com` | `v1alpha1` | Yes | v0.10.0 | v1.0.0 | v1.6.0 |
 | `system.antrea.tanzu.vmware.com` | `v1beta1` | Yes | v0.5.0 | v1.0.0 | v1.6.0 |
 
-### Previously-supported CRDs
-
-| CRD | CRD version | Introduced in | Deprecated in | Removed in |
-|---|---|---|---|---|
-| `ClusterGroup` | v1alpha2 | v1.0.0 | v1.1.0 | v1.12.0 [^1] |
-
-[^1]: The v1alpha2 version of the `ClusterGroup` CRD is no longer served by the
-      apiserver in v1.12 and is completely removed in v1.13.
-
 ## API renaming from `*.antrea.tanzu.vmware.com` to `*.antrea.io`
 
 For the v1.0 release, we undertook to rename all Antrea APIs to use the

diff --git a/test/e2e/antreapolicy_test.go b/test/e2e/antreapolicy_test.go
@@ -38,6 +38,7 @@ import (
 
 	"antrea.io/antrea/pkg/agent/apiserver/handlers/podinterface"
 	crdv1alpha1 "antrea.io/antrea/pkg/apis/crd/v1alpha1"
+	crdv1alpha2 "antrea.io/antrea/pkg/apis/crd/v1alpha2"
 	crdv1alpha3 "antrea.io/antrea/pkg/apis/crd/v1alpha3"
 	crdv1beta1 "antrea.io/antrea/pkg/apis/crd/v1beta1"
 	"antrea.io/antrea/pkg/controller/networkpolicy"
@@ -741,7 +742,7 @@ func testACNPNoEffectOnOtherProtocols(t *testing.T) {
 // testACNPAppliedToDenyXBtoCGWithYA tests traffic from X/B to ClusterGroup Y/A on named port 81 is dropped.
 func testACNPAppliedToDenyXBtoCGWithYA(t *testing.T) {
 	cgName := "cg-pods-ya"
-	cgBuilder := &ClusterGroupV1Alpha3SpecBuilder{}
+	cgBuilder := &ClusterGroupV1Alpha2SpecBuilder{}
 	cgBuilder = cgBuilder.SetName(cgName).
 		SetNamespaceSelector(map[string]string{"ns": namespaces["y"]}, nil).
 		SetPodSelector(map[string]string{"pod": "a"}, nil)
@@ -778,7 +779,7 @@ func testACNPAppliedToDenyXBtoCGWithYA(t *testing.T) {
 // testACNPIngressRuleDenyCGWithXBtoYA tests traffic from ClusterGroup with X/B to Y/A on named port 81 is dropped.
 func testACNPIngressRuleDenyCGWithXBtoYA(t *testing.T) {
 	cgName := "cg-pods-xb"
-	cgBuilder := &ClusterGroupV1Alpha3SpecBuilder{}
+	cgBuilder := &ClusterGroupV1Alpha2SpecBuilder{}
 	cgBuilder = cgBuilder.SetName(cgName).
 		SetNamespaceSelector(map[string]string{"ns": namespaces["x"]}, nil).
 		SetPodSelector(map[string]string{"pod": "b"}, nil)
@@ -1098,13 +1099,14 @@ func testACNPClusterGroupRefRuleIPBlocks(t *testing.T) {
 		ipBlock2 = append(ipBlock2, crdv1alpha1.IPBlock{CIDR: genCIDR(podZAIP[i])})
 	}
 
-	cgName := "cg-ipblocks-pod-in-ns-x"
+	cgv1a3Name := "cg-ipblocks-pod-in-ns-x"
 	cgBuilder := &ClusterGroupV1Alpha3SpecBuilder{}
-	cgBuilder = cgBuilder.SetName(cgName).
+	cgBuilder = cgBuilder.SetName(cgv1a3Name).
 		SetIPBlocks(ipBlock1)
-	cgName2 := "cg-ipblock-pod-za"
+	// crd/v1alpha2 ClusterGroups should be converted to crd/v1alpha3.
+	cgv1a2Name := "cg-ipblock-pod-za"
 	cgBuilder2 := &ClusterGroupV1Alpha3SpecBuilder{}
-	cgBuilder2 = cgBuilder2.SetName(cgName2).
+	cgBuilder2 = cgBuilder2.SetName(cgv1a2Name).
 		SetIPBlocks(ipBlock2)
 
 	builder := &ClusterNetworkPolicySpecBuilder{}
@@ -1117,9 +1119,9 @@ func testACNPClusterGroupRefRuleIPBlocks(t *testing.T) {
 			},
 		})
 	builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil,
-		nil, nil, false, nil, crdv1alpha1.RuleActionDrop, cgName, "", nil)
+		nil, nil, false, nil, crdv1alpha1.RuleActionDrop, cgv1a3Name, "", nil)
 	builder.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, nil, nil,
-		nil, nil, false, nil, crdv1alpha1.RuleActionDrop, cgName2, "", nil)
+		nil, nil, false, nil, crdv1alpha1.RuleActionDrop, cgv1a2Name, "", nil)
 
 	reachability := NewReachability(allPods, Connected)
 	reachability.Expect(Pod(namespaces["x"]+"/a"), Pod(namespaces["y"]+"/a"), Dropped)
@@ -4150,6 +4152,9 @@ func applyTestStepResources(t *testing.T, step *TestStep) {
 		case *crdv1alpha3.ClusterGroup:
 			_, err := k8sUtils.CreateOrUpdateV1Alpha3CG(o)
 			failOnError(err, t)
+		case *crdv1alpha2.ClusterGroup:
+			_, err := k8sUtils.CreateOrUpdateV1Alpha2CG(o)
+			failOnError(err, t)
 		case *crdv1alpha3.Group:
 			_, err := k8sUtils.CreateOrUpdateV1Alpha3Group(o)
 			failOnError(err, t)
@@ -4166,7 +4171,7 @@ func cleanupTestCaseResources(t *testing.T, c *TestCase) {
 	// TestSteps in a TestCase may first create and then update the same resource.
 	// Use sets to avoid duplicates.
 	acnpsToDelete, annpsToDelete, npsToDelete := sets.Set[string]{}, sets.Set[string]{}, sets.Set[string]{}
-	svcsToDelete, v1a3ClusterGroupsToDelete, v1a3GroupsToDelete := sets.Set[string]{}, sets.Set[string]{}, sets.Set[string]{}
+	svcsToDelete, v1a2ClusterGroupsToDelete, v1a3ClusterGroupsToDelete, v1a3GroupsToDelete := sets.Set[string]{}, sets.Set[string]{}, sets.Set[string]{}, sets.Set[string]{}
 	for _, step := range c.Steps {
 		for _, r := range step.TestResources {
 			switch o := r.(type) {
@@ -4178,6 +4183,8 @@ func cleanupTestCaseResources(t *testing.T, c *TestCase) {
 				npsToDelete.Insert(o.Namespace + "/" + o.Name)
 			case *crdv1alpha3.ClusterGroup:
 				v1a3ClusterGroupsToDelete.Insert(o.Name)
+			case *crdv1alpha2.ClusterGroup:
+				v1a2ClusterGroupsToDelete.Insert(o.Name)
 			case *crdv1alpha3.Group:
 				v1a3GroupsToDelete.Insert(o.Namespace + "/" + o.Name)
 			case *v1.Service:
@@ -4198,6 +4205,9 @@ func cleanupTestCaseResources(t *testing.T, c *TestCase) {
 		name := strings.Split(np, "/")[1]
 		failOnError(k8sUtils.DeleteNetworkPolicy(namespace, name), t)
 	}
+	for cg := range v1a2ClusterGroupsToDelete {
+		failOnError(k8sUtils.DeleteV1Alpha2CG(cg), t)
+	}
 	for cg := range v1a3ClusterGroupsToDelete {
 		failOnError(k8sUtils.DeleteV1Alpha3CG(cg), t)
 	}
@@ -4258,6 +4268,7 @@ func waitForResourceReady(t *testing.T, timeout time.Duration, obj metav1.Object
 		// The minInterval of AntreaProxy's BoundedFrequencyRunner is 1s, which means a Service may be handled after 1s.
 		time.Sleep(1 * time.Second)
 	case *crdv1beta1.Tier:
+	case *crdv1alpha2.ClusterGroup:
 	case *crdv1alpha3.ClusterGroup:
 	case *crdv1alpha3.Group:
 	}

diff --git a/test/e2e/clustergroup_test.go b/test/e2e/clustergroup_test.go
@@ -19,10 +19,12 @@ import (
 	"testing"
 	"time"
 
+	"github.com/stretchr/testify/assert"
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	crdv1alpha1 "antrea.io/antrea/pkg/apis/crd/v1alpha1"
+	crdv1alpha2 "antrea.io/antrea/pkg/apis/crd/v1alpha2"
 	crdv1alpha3 "antrea.io/antrea/pkg/apis/crd/v1alpha3"
 )
 
@@ -68,6 +70,28 @@ func testInvalidCGIPBlockWithNSSelector(t *testing.T) {
 	}
 }
 
+func testInvalidCGIPBlockWithIPBlocks(t *testing.T) {
+	invalidErr := fmt.Errorf("clustergroup created with ipBlock and ipBlocks")
+	cgName := "ipb-ipbs"
+	cidr := "10.0.0.10/32"
+	cidr2 := "10.0.0.20/32"
+	ipb := &crdv1alpha1.IPBlock{CIDR: cidr}
+	ipbs := []crdv1alpha1.IPBlock{{CIDR: cidr2}}
+	cg := &crdv1alpha2.ClusterGroup{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: cgName,
+		},
+		Spec: crdv1alpha2.GroupSpec{
+			IPBlocks: ipbs,
+			IPBlock:  ipb,
+		},
+	}
+	if _, err := k8sUtils.CreateOrUpdateV1Alpha2CG(cg); err == nil {
+		// Above creation of CG must fail as it is an invalid spec.
+		failOnError(invalidErr, t)
+	}
+}
+
 func testInvalidCGServiceRefWithPodSelector(t *testing.T) {
 	invalidErr := fmt.Errorf("clustergroup created with serviceReference and podSelector")
 	cgName := "svcref-pod-selector"
@@ -311,6 +335,51 @@ func testClusterGroupRealizationStatus(t *testing.T) {
 
 }
 
+func testClusterGroupConversionV1A2AndV1A3(t *testing.T) {
+	cgName1, cgName2 := "cg-v1a2", "cg-v1a3"
+	ipb1 := crdv1alpha1.IPBlock{
+		CIDR: "192.168.1.0/24",
+	}
+	ipb2 := crdv1alpha1.IPBlock{
+		CIDR: "192.168.2.0/24",
+	}
+	cg1 := &crdv1alpha2.ClusterGroup{
+		ObjectMeta: metav1.ObjectMeta{Name: cgName1},
+		Spec: crdv1alpha2.GroupSpec{
+			IPBlock: &ipb1,
+		},
+	}
+	cg2 := &crdv1alpha3.ClusterGroup{
+		ObjectMeta: metav1.ObjectMeta{Name: cgName2},
+		Spec: crdv1alpha3.GroupSpec{
+			IPBlocks: []crdv1alpha1.IPBlock{
+				ipb1,
+				ipb2,
+			},
+		},
+	}
+	if _, err := k8sUtils.CreateOrUpdateV1Alpha2CG(cg1); err != nil {
+		// Above creation of CG must succeed as it is a valid spec.
+		failOnError(err, t)
+	}
+	// Get v1alpha3 version of ClusterGroup, which was created as v1alpha2
+	cg1Returned, err := k8sUtils.GetV1Alpha3CG(cgName1)
+	if err != nil {
+		failOnError(err, t)
+	}
+	assert.ElementsMatch(t, cg1Returned.Spec.IPBlocks, []crdv1alpha1.IPBlock{ipb1})
+	if _, err := k8sUtils.CreateOrUpdateV1Alpha3CG(cg2); err != nil {
+		// Above creation of CG must succeed as it is a valid spec.
+		failOnError(err, t)
+	}
+	// Get v1alpha2 version of ClusterGroup, which was created as v1alpha3
+	cg2Returned, err := k8sUtils.GetV1Alpha2CG(cgName2)
+	if err != nil {
+		failOnError(err, t)
+	}
+	assert.ElementsMatch(t, cg2Returned.Spec.IPBlocks, []crdv1alpha1.IPBlock{ipb1, ipb2})
+}
+
 func TestClusterGroup(t *testing.T) {
 	skipIfHasWindowsNodes(t)
 	skipIfAntreaPolicyDisabled(t)
@@ -326,6 +395,7 @@ func TestClusterGroup(t *testing.T) {
 	t.Run("TestGroupClusterGroupValidate", func(t *testing.T) {
 		t.Run("Case=IPBlockWithPodSelectorDenied", func(t *testing.T) { testInvalidCGIPBlockWithPodSelector(t) })
 		t.Run("Case=IPBlockWithNamespaceSelectorDenied", func(t *testing.T) { testInvalidCGIPBlockWithNSSelector(t) })
+		t.Run("Case=IPBlockWithIPBlocksDenied", func(t *testing.T) { testInvalidCGIPBlockWithIPBlocks(t) })
 		t.Run("Case=ServiceRefWithPodSelectorDenied", func(t *testing.T) { testInvalidCGServiceRefWithPodSelector(t) })
 		t.Run("Case=ServiceRefWithNamespaceSelectorDenied", func(t *testing.T) { testInvalidCGServiceRefWithNSSelector(t) })
 		t.Run("Case=ServiceRefWithIPBlockDenied", func(t *testing.T) { testInvalidCGServiceRefWithIPBlock(t) })
@@ -338,5 +408,8 @@ func TestClusterGroup(t *testing.T) {
 		t.Run("Case=ClusterGroupRealizationStatusWithChildGroups", func(t *testing.T) { testClusterGroupRealizationStatus(t) })
 		cleanupChildCGForTest(t)
 	})
+	t.Run("TestGroupClusterGroupConversion", func(t *testing.T) {
+		t.Run("Case=ConvertBetweenV1A2AndV1A3", func(t *testing.T) { testClusterGroupConversionV1A2AndV1A3(t) })
+	})
 	k8sUtils.Cleanup(namespaces) // clean up all cluster-scope resources, including CGs
 }