Add source ports in policy API (antrea-io#4687)

This commit adds two optional fields, namely 'sourcePort' and 'sourceEndPort' to the NetworkPolicyPort definition of Antrea-native policies. When specified, the policy rule will only match traffic initiated from a specific port (if only sourcePort is provided) or from a specific port range (if both sourcePort and sourceEndPort are provided). Supported protocols are TCP, UDP and SCTP. Signed-off-by: Dyanngg <dingyang@vmware.com>
ceclinux · May 30, 2023 · d29afe1 · d29afe1
1 parent 9cf3152
commit d29afe1
Show file tree

Hide file tree

Showing 33 changed files with 900 additions and 275 deletions.
diff --git a/build/charts/antrea/crds/clusternetworkpolicy.yaml b/build/charts/antrea/crds/clusternetworkpolicy.yaml
@@ -226,6 +226,10 @@ spec:
                               x-kubernetes-int-or-string: true
                             endPort:
                               type: integer
+                            sourcePort:
+                              type: integer
+                            sourceEndPort:
+                              type: integer
                       protocols:
                         type: array
                         items:
@@ -472,6 +476,10 @@ spec:
                               x-kubernetes-int-or-string: true
                             endPort:
                               type: integer
+                            sourcePort:
+                              type: integer
+                            sourceEndPort:
+                              type: integer
                       protocols:
                         type: array
                         items:

diff --git a/build/charts/antrea/crds/networkpolicy.yaml b/build/charts/antrea/crds/networkpolicy.yaml
@@ -162,6 +162,10 @@ spec:
                               x-kubernetes-int-or-string: true
                             endPort:
                               type: integer
+                            sourcePort:
+                              type: integer
+                            sourceEndPort:
+                              type: integer
                       protocols:
                         type: array
                         items:
@@ -381,6 +385,10 @@ spec:
                               x-kubernetes-int-or-string: true
                             endPort:
                               type: integer
+                            sourcePort:
+                              type: integer
+                            sourceEndPort:
+                              type: integer
                       protocols:
                         type: array
                         items:

diff --git a/build/yamls/antrea-aks.yml b/build/yamls/antrea-aks.yml
@@ -604,6 +604,10 @@ spec:
                               x-kubernetes-int-or-string: true
                             endPort:
                               type: integer
+                            sourcePort:
+                              type: integer
+                            sourceEndPort:
+                              type: integer
                       protocols:
                         type: array
                         items:
@@ -850,6 +854,10 @@ spec:
                               x-kubernetes-int-or-string: true
                             endPort:
                               type: integer
+                            sourcePort:
+                              type: integer
+                            sourceEndPort:
+                              type: integer
                       protocols:
                         type: array
                         items:
@@ -1713,6 +1721,10 @@ spec:
                               x-kubernetes-int-or-string: true
                             endPort:
                               type: integer
+                            sourcePort:
+                              type: integer
+                            sourceEndPort:
+                              type: integer
                       protocols:
                         type: array
                         items:
@@ -1932,6 +1944,10 @@ spec:
                               x-kubernetes-int-or-string: true
                             endPort:
                               type: integer
+                            sourcePort:
+                              type: integer
+                            sourceEndPort:
+                              type: integer
                       protocols:
                         type: array
                         items:

diff --git a/build/yamls/antrea-crds.yml b/build/yamls/antrea-crds.yml
@@ -597,6 +597,10 @@ spec:
                               x-kubernetes-int-or-string: true
                             endPort:
                               type: integer
+                            sourcePort:
+                              type: integer
+                            sourceEndPort:
+                              type: integer
                       protocols:
                         type: array
                         items:
@@ -843,6 +847,10 @@ spec:
                               x-kubernetes-int-or-string: true
                             endPort:
                               type: integer
+                            sourcePort:
+                              type: integer
+                            sourceEndPort:
+                              type: integer
                       protocols:
                         type: array
                         items:
@@ -1694,6 +1702,10 @@ spec:
                               x-kubernetes-int-or-string: true
                             endPort:
                               type: integer
+                            sourcePort:
+                              type: integer
+                            sourceEndPort:
+                              type: integer
                       protocols:
                         type: array
                         items:
@@ -1913,6 +1925,10 @@ spec:
                               x-kubernetes-int-or-string: true
                             endPort:
                               type: integer
+                            sourcePort:
+                              type: integer
+                            sourceEndPort:
+                              type: integer
                       protocols:
                         type: array
                         items:

diff --git a/build/yamls/antrea-eks.yml b/build/yamls/antrea-eks.yml
@@ -604,6 +604,10 @@ spec:
                               x-kubernetes-int-or-string: true
                             endPort:
                               type: integer
+                            sourcePort:
+                              type: integer
+                            sourceEndPort:
+                              type: integer
                       protocols:
                         type: array
                         items:
@@ -850,6 +854,10 @@ spec:
                               x-kubernetes-int-or-string: true
                             endPort:
                               type: integer
+                            sourcePort:
+                              type: integer
+                            sourceEndPort:
+                              type: integer
                       protocols:
                         type: array
                         items:
@@ -1713,6 +1721,10 @@ spec:
                               x-kubernetes-int-or-string: true
                             endPort:
                               type: integer
+                            sourcePort:
+                              type: integer
+                            sourceEndPort:
+                              type: integer
                       protocols:
                         type: array
                         items:
@@ -1932,6 +1944,10 @@ spec:
                               x-kubernetes-int-or-string: true
                             endPort:
                               type: integer
+                            sourcePort:
+                              type: integer
+                            sourceEndPort:
+                              type: integer
                       protocols:
                         type: array
                         items:

diff --git a/build/yamls/antrea-gke.yml b/build/yamls/antrea-gke.yml
@@ -604,6 +604,10 @@ spec:
                               x-kubernetes-int-or-string: true
                             endPort:
                               type: integer
+                            sourcePort:
+                              type: integer
+                            sourceEndPort:
+                              type: integer
                       protocols:
                         type: array
                         items:
@@ -850,6 +854,10 @@ spec:
                               x-kubernetes-int-or-string: true
                             endPort:
                               type: integer
+                            sourcePort:
+                              type: integer
+                            sourceEndPort:
+                              type: integer
                       protocols:
                         type: array
                         items:
@@ -1713,6 +1721,10 @@ spec:
                               x-kubernetes-int-or-string: true
                             endPort:
                               type: integer
+                            sourcePort:
+                              type: integer
+                            sourceEndPort:
+                              type: integer
                       protocols:
                         type: array
                         items:
@@ -1932,6 +1944,10 @@ spec:
                               x-kubernetes-int-or-string: true
                             endPort:
                               type: integer
+                            sourcePort:
+                              type: integer
+                            sourceEndPort:
+                              type: integer
                       protocols:
                         type: array
                         items:

diff --git a/build/yamls/antrea-ipsec.yml b/build/yamls/antrea-ipsec.yml
@@ -604,6 +604,10 @@ spec:
                               x-kubernetes-int-or-string: true
                             endPort:
                               type: integer
+                            sourcePort:
+                              type: integer
+                            sourceEndPort:
+                              type: integer
                       protocols:
                         type: array
                         items:
@@ -850,6 +854,10 @@ spec:
                               x-kubernetes-int-or-string: true
                             endPort:
                               type: integer
+                            sourcePort:
+                              type: integer
+                            sourceEndPort:
+                              type: integer
                       protocols:
                         type: array
                         items:
@@ -1713,6 +1721,10 @@ spec:
                               x-kubernetes-int-or-string: true
                             endPort:
                               type: integer
+                            sourcePort:
+                              type: integer
+                            sourceEndPort:
+                              type: integer
                       protocols:
                         type: array
                         items:
@@ -1932,6 +1944,10 @@ spec:
                               x-kubernetes-int-or-string: true
                             endPort:
                               type: integer
+                            sourcePort:
+                              type: integer
+                            sourceEndPort:
+                              type: integer
                       protocols:
                         type: array
                         items:

diff --git a/build/yamls/antrea.yml b/build/yamls/antrea.yml
@@ -604,6 +604,10 @@ spec:
                               x-kubernetes-int-or-string: true
                             endPort:
                               type: integer
+                            sourcePort:
+                              type: integer
+                            sourceEndPort:
+                              type: integer
                       protocols:
                         type: array
                         items:
@@ -850,6 +854,10 @@ spec:
                               x-kubernetes-int-or-string: true
                             endPort:
                               type: integer
+                            sourcePort:
+                              type: integer
+                            sourceEndPort:
+                              type: integer
                       protocols:
                         type: array
                         items:
@@ -1713,6 +1721,10 @@ spec:
                               x-kubernetes-int-or-string: true
                             endPort:
                               type: integer
+                            sourcePort:
+                              type: integer
+                            sourceEndPort:
+                              type: integer
                       protocols:
                         type: array
                         items:
@@ -1932,6 +1944,10 @@ spec:
                               x-kubernetes-int-or-string: true
                             endPort:
                               type: integer
+                            sourcePort:
+                              type: integer
+                            sourceEndPort:
+                              type: integer
                       protocols:
                         type: array
                         items: