Support structured policy recommendation results

Signed-off-by: Yanjun Zhou <zhouya@vmware.com>

VERSION

@@ -1 +1 @@
-v0.3.0-dev
+v0.4.0-dev

VERSION_MAP

@@ -1,3 +1,4 @@
 v0.1.0 v1.7.0
 v0.2.0 v1.8.0
 v0.3.0 v1.9.0
+v0.4.0 v1.10.0

build/charts/theia/README.md

@@ -1,6 +1,6 @@
 # theia
 
-![Version: 0.3.0-dev](https://img.shields.io/badge/Version-0.3.0--dev-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square)
+![Version: 0.4.0-dev](https://img.shields.io/badge/Version-0.4.0--dev-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square)
 
 Antrea Network Flow Visibility
 

build/charts/theia/crds/network-policy-recommendation-crd.yaml

@@ -76,21 +76,6 @@ spec:
                   format: datetime
                 errorMsg:
                   type: string
-                recommendedNetworkPolicy:
-                  type: object
-                  properties:
-                    spec: 
-                      type: object
-                      properties:
-                        id:
-                          type: string
-                        resultType:
-                          type: string
-                        timeCreated:
-                          type: string
-                          format: datetime
-                        yamls:
-                          type: string
       additionalPrinterColumns:
         - description: Current state of the job
           jsonPath: .status.state
@@ -105,48 +90,3 @@ spec:
     kind: NetworkPolicyRecommendation
     shortNames:
       - npr
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: recommendednetworkpolicies.crd.theia.antrea.io
-  labels:
-    app: theia
-spec:
-  group: crd.theia.antrea.io
-  versions:
-    - name: v1alpha1
-      served: true
-      storage: true
-      schema:
-        openAPIV3Schema:
-          type: object
-          required:
-            - spec
-          properties:
-            spec:
-              type: object
-              required:
-                - id
-                - timeCreated
-                - resultType
-                - yamls
-              properties:
-                id:
-                  type: string
-                timeCreated:
-                  type: string
-                  format: datetime
-                resultType:
-                  type: string
-                yamls:
-                  type: string
-      subresources:
-        status: {}
-  scope: Namespaced
-  names:
-    plural: recommendednetworkpolicies
-    singular: recommendednetworkpolicy
-    kind: RecommendedNetworkPolicy
-    shortNames:
-      - rnp

build/charts/theia/provisioning/datasources/create_table.sh

@@ -280,7 +280,8 @@ clickhouse client -n -h 127.0.0.1 <<-EOSQL
         id String,
         type String,
         timeCreated DateTime,
-        yamls String
+        policy String,
+        kind String
     ) engine=ReplicatedMergeTree('/clickhouse/tables/{shard}/{database}/{table}', '{replica}')
     ORDER BY (timeCreated);
 

build/charts/theia/provisioning/datasources/migrators/000003_0-3-0.down.sql

@@ -0,0 +1,14 @@
+--Remove structured recommendations
+--Add yamls column
+ALTER TABLE recommendations ADD COLUMN yamls String;
+ALTER TABLE recommendations_local ADD COLUMN yamls String;
+--Copy old data and replace policy and kind by yamls
+INSERT INTO recommendations_local (id, type, timeCreated, yamls)
+SELECT id, type, timeCreated, arrayStringConcat(groupArray(policy), '\n---\n') AS yamls FROM recommendations_local GROUP BY id, type, timeCreated;
+--Delete old data
+ALTER TABLE recommendations_local DELETE WHERE yamls='';
+--Drop yamls column
+ALTER TABLE recommendations DROP COLUMN kind;
+ALTER TABLE recommendations_local DROP COLUMN kind;
+ALTER TABLE recommendations DROP COLUMN policy;
+ALTER TABLE recommendations_local DROP COLUMN policy;

build/charts/theia/provisioning/datasources/migrators/000003_0-3-0.up.sql

@@ -0,0 +1,18 @@
+--Support structured recommendations
+--Add policy and kind column
+ALTER TABLE recommendations ADD COLUMN kind String;
+ALTER TABLE recommendations_local ADD COLUMN kind String;
+ALTER TABLE recommendations ADD COLUMN policy String;
+ALTER TABLE recommendations_local ADD COLUMN policy String;
+--Copy old data and replace yamls column by policy and kind
+INSERT INTO recommendations_local (id, type, timeCreated, policy)
+SELECT id, type, timeCreated, arrayJoin(splitByString('---\n', yamls)) AS policy FROM recommendations_local WHERE kind='';
+ALTER TABLE recommendations_local UPDATE kind='knp' WHERE policy LIKE '%networking.k8s.io/v1%NetworkPolicy%';
+ALTER TABLE recommendations_local UPDATE kind='anp' WHERE policy LIKE '%crd.antrea.io/v1alpha1%NetworkPolicy%';
+ALTER TABLE recommendations_local UPDATE kind='acnp' WHERE policy LIKE '%ClusterNetworkPolicy%';
+ALTER TABLE recommendations_local UPDATE kind='acg' WHERE policy LIKE '%ClusterGroup%';
+--Delete old data
+ALTER TABLE recommendations_local DELETE WHERE policy='';
+--Drop yamls column
+ALTER TABLE recommendations DROP COLUMN yamls;
+ALTER TABLE recommendations_local DROP COLUMN yamls;

build/charts/theia/templates/theia-manager/deployment.yaml

@@ -40,6 +40,18 @@ spec:
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.namespace
+            - name: CLICKHOUSE_USERNAME
+              valueFrom:
+                secretKeyRef: 
+                  name: clickhouse-secret
+                  key: username
+            - name: CLICKHOUSE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: clickhouse-secret
+                  key: password
+            - name: CLICKHOUSE_URL
+              value: "tcp://clickhouse-clickhouse.{{ .Release.Namespace }}.svc:{{ .Values.clickhouse.service.tcpPort }}"
           ports:
             - name: "theia-api-http"
               containerPort: {{ .Values.theiaManager.apiServer.apiPort }}

build/yamls/flow-visibility.yml

@@ -152,6 +152,40 @@ data:
     ADD COLUMN clusterUUID String;
     ALTER TABLE flows_local
     ADD COLUMN clusterUUID String;
+  000003_0-3-0.down.sql: |
+    --Remove structured recommendations
+    --Add yamls column
+    ALTER TABLE recommendations ADD COLUMN yamls String;
+    ALTER TABLE recommendations_local ADD COLUMN yamls String;
+    --Copy old data and replace policy and kind by yamls
+    INSERT INTO recommendations_local (id, type, timeCreated, yamls)
+    SELECT id, type, timeCreated, arrayStringConcat(groupArray(policy), '\n---\n') AS yamls FROM recommendations_local GROUP BY id, type, timeCreated;
+    --Delete old data
+    ALTER TABLE recommendations_local DELETE WHERE yamls='';
+    --Drop yamls column
+    ALTER TABLE recommendations DROP COLUMN kind;
+    ALTER TABLE recommendations_local DROP COLUMN kind;
+    ALTER TABLE recommendations DROP COLUMN policy;
+    ALTER TABLE recommendations_local DROP COLUMN policy;
+  000003_0-3-0.up.sql: |
+    --Support structured recommendations
+    --Add policy and kind column
+    ALTER TABLE recommendations ADD COLUMN kind String;
+    ALTER TABLE recommendations_local ADD COLUMN kind String;
+    ALTER TABLE recommendations ADD COLUMN policy String;
+    ALTER TABLE recommendations_local ADD COLUMN policy String;
+    --Copy old data and replace yamls column by policy and kind
+    INSERT INTO recommendations_local (id, type, timeCreated, policy)
+    SELECT id, type, timeCreated, arrayJoin(splitByString('---\n', yamls)) AS policy FROM recommendations_local WHERE kind='';
+    ALTER TABLE recommendations_local UPDATE kind='knp' WHERE policy LIKE '%networking.k8s.io/v1%NetworkPolicy%';
+    ALTER TABLE recommendations_local UPDATE kind='anp' WHERE policy LIKE '%crd.antrea.io/v1alpha1%NetworkPolicy%';
+    ALTER TABLE recommendations_local UPDATE kind='acnp' WHERE policy LIKE '%ClusterNetworkPolicy%';
+    ALTER TABLE recommendations_local UPDATE kind='acg' WHERE policy LIKE '%ClusterGroup%';
+    --Delete old data
+    ALTER TABLE recommendations_local DELETE WHERE policy='';
+    --Drop yamls column
+    ALTER TABLE recommendations DROP COLUMN yamls;
+    ALTER TABLE recommendations_local DROP COLUMN yamls;
   create_table.sh: |
     #!/usr/bin/env bash
 
@@ -426,7 +460,8 @@ data:
             id String,
             type String,
             timeCreated DateTime,
-            yamls String
+            policy String,
+            kind String
         ) engine=ReplicatedMergeTree('/clickhouse/tables/{shard}/{database}/{table}', '{replica}')
         ORDER BY (timeCreated);
 
@@ -478,8 +513,8 @@ data:
         else
             clickhouse client -h 127.0.0.1 -q "CREATE TABLE migrate_version (version String) engine=MergeTree ORDER BY version"
         fi
-        clickhouse client -h 127.0.0.1 -q "INSERT INTO migrate_version (*) VALUES ('0.3.0')"
-        echo "=== Set data schema version to 0.3.0 ==="
+        clickhouse client -h 127.0.0.1 -q "INSERT INTO migrate_version (*) VALUES ('0.4.0')"
+        echo "=== Set data schema version to 0.4.0 ==="
     }
 
     ../clickhouse-schema-management
@@ -6273,7 +6308,7 @@ spec:
         containers:
         - env:
           - name: THEIA_VERSION
-            value: 0.3.0
+            value: 0.4.0
           - name: CLICKHOUSE_INIT_TIMEOUT
             value: "60"
           - name: DB_URL
@@ -6343,6 +6378,10 @@ spec:
               path: migrators/000002_0-2-0.down.sql
             - key: 000002_0-2-0.up.sql
               path: migrators/000002_0-2-0.up.sql
+            - key: 000003_0-3-0.down.sql
+              path: migrators/000003_0-3-0.down.sql
+            - key: 000003_0-3-0.up.sql
+              path: migrators/000003_0-3-0.up.sql
             name: clickhouse-mounted-configmap
           name: clickhouse-configmap-volume
         - emptyDir:

cmd/theia-manager/theia-manager.go

@@ -121,8 +121,7 @@ func run(o *Options) error {
 	}
 	crdInformerFactory := crdinformers.NewSharedInformerFactory(crdClient, informerDefaultResync)
 	npRecommendationInformer := crdInformerFactory.Crd().V1alpha1().NetworkPolicyRecommendations()
-	recommendedNPInformer := crdInformerFactory.Crd().V1alpha1().RecommendedNetworkPolicies()
-	npRecoController := networkpolicyrecommendation.NewNPRecommendationController(crdClient, kubeClient, npRecommendationInformer, recommendedNPInformer)
+	npRecoController := networkpolicyrecommendation.NewNPRecommendationController(crdClient, kubeClient, npRecommendationInformer)
 
 	cipherSuites, err := cipher.GenerateCipherSuitesList(o.config.APIServer.TLSCipherSuites)
 	if err != nil {

go.mod

@@ -127,7 +127,7 @@ require (
 	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.30 // indirect
 	sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect
-	sigs.k8s.io/yaml v1.3.0 // indirect
+	sigs.k8s.io/yaml v1.3.0 // direct
 )
 
 // Newer version of github.com/googleapis/gnostic make use of newer gopkg.in/yaml(v3), which conflicts with

pkg/apis/crd/v1alpha1/register.go

@@ -52,8 +52,6 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 		SchemeGroupVersion,
 		&NetworkPolicyRecommendation{},
 		&NetworkPolicyRecommendationList{},
-		&RecommendedNetworkPolicy{},
-		&RecommendedNetworkPolicyList{},
 	)
 
 	metav1.AddToGroupVersion(

pkg/apis/crd/v1alpha1/types.go

@@ -59,14 +59,13 @@ type NetworkPolicyRecommendationSpec struct {
 }
 
 type NetworkPolicyRecommendationStatus struct {
-	State            string                    `json:"state,omitempty"`
-	SparkApplication string                    `json:"sparkApplication,omitempty"`
-	CompletedStages  int                       `json:"completedStages,omitempty"`
-	TotalStages      int                       `json:"totalStages,omitempty"`
-	RecommendedNP    *RecommendedNetworkPolicy `json:"recommendedNetworkPolicy,omitempty"`
-	ErrorMsg         string                    `json:"errorMsg,omitempty"`
-	StartTime        metav1.Time               `json:"startTime,omitempty"`
-	EndTime          metav1.Time               `json:"endTime,omitempty"`
+	State            string      `json:"state,omitempty"`
+	SparkApplication string      `json:"sparkApplication,omitempty"`
+	CompletedStages  int         `json:"completedStages,omitempty"`
+	TotalStages      int         `json:"totalStages,omitempty"`
+	ErrorMsg         string      `json:"errorMsg,omitempty"`
+	StartTime        metav1.Time `json:"startTime,omitempty"`
+	EndTime          metav1.Time `json:"endTime,omitempty"`
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
@@ -76,28 +75,3 @@ type NetworkPolicyRecommendationList struct {
 	metav1.ListMeta `json:"metadata,omitempty"`
 	Items           []NetworkPolicyRecommendation `json:"items"`
 }
-
-// +genclient
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-type RecommendedNetworkPolicy struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	Spec RecommendedNetworkPolicySpec `json:"spec,omitempty"`
-}
-
-type RecommendedNetworkPolicySpec struct {
-	Id          string      `json:"id,omitempty"`
-	Type        string      `json:"resultType,omitempty"`
-	TimeCreated metav1.Time `json:"timeCreated,omitempty"`
-	Yamls       string      `json:"yamls,omitempty"`
-}
-
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-type RecommendedNetworkPolicyList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata,omitempty"`
-	Items           []RecommendedNetworkPolicy `json:"items"`
-}