Merge pull request #2012 from duanjiong/network-policy

Network policy

cmd/controller-manager/app/controllers.go

@@ -25,6 +25,8 @@ import (
 	"kubesphere.io/kubesphere/pkg/controller/devopscredential"
 	"kubesphere.io/kubesphere/pkg/controller/devopsproject"
 	"kubesphere.io/kubesphere/pkg/controller/job"
+	"kubesphere.io/kubesphere/pkg/controller/network/nsnetworkpolicy"
+	"kubesphere.io/kubesphere/pkg/controller/network/provider"
 	"kubesphere.io/kubesphere/pkg/controller/pipeline"
 	"kubesphere.io/kubesphere/pkg/controller/s2ibinary"
 	"kubesphere.io/kubesphere/pkg/controller/s2irun"
@@ -126,6 +128,17 @@ func AddControllers(
 		kubesphereInformer.Cluster().V1alpha1().Clusters(),
 		client.KubeSphere().ClusterV1alpha1().Clusters())
 
+	nsnpProvider, err := provider.NewNsNetworkPolicyProvider(client.Kubernetes(),
+		kubernetesInformer.Networking().V1().NetworkPolicies())
+	if err != nil {
+		return err
+	}
+	nsnpController := nsnetworkpolicy.NewNSNetworkPolicyController(client.Kubernetes(),
+		client.KubeSphere().NetworkV1alpha1(), kubesphereInformer.Network().V1alpha1().NamespaceNetworkPolicies(),
+		kubernetesInformer.Core().V1().Services(), kubernetesInformer.Core().V1().Nodes(),
+		kubesphereInformer.Tenant().V1alpha1().Workspaces(),
+		kubernetesInformer.Core().V1().Namespaces(), nsnpProvider)
+
 	controllers := map[string]manager.Runnable{
 		"virtualservice-controller":   vsController,
 		"destinationrule-controller":  drController,
@@ -137,8 +150,9 @@ func AddControllers(
 		"devopsprojects-controller":   devopsProjectController,
 		"pipeline-controller":         devopsPipelineController,
 		"devopscredential-controller": devopsCredentialController,
-		"cluster-controller":          clusterController,
 		"user-controller":             userController,
+		"cluster-controller":          clusterController,
+		"nsnp-controller":             nsnpController,
 	}
 
 	for name, ctrl := range controllers {

cmd/controller-manager/app/server.go

@@ -35,6 +35,7 @@ import (
 	controllerconfig "kubesphere.io/kubesphere/pkg/apiserver/config"
 	"kubesphere.io/kubesphere/pkg/client/clientset/versioned/scheme"
 	"kubesphere.io/kubesphere/pkg/controller/namespace"
+	"kubesphere.io/kubesphere/pkg/controller/network/nsnetworkpolicy"
 	"kubesphere.io/kubesphere/pkg/controller/user"
 	"kubesphere.io/kubesphere/pkg/controller/workspace"
 	"kubesphere.io/kubesphere/pkg/simple/client/openpitrix"
@@ -160,6 +161,7 @@ func Run(s *options.KubeSphereControllerManagerOptions, stopCh <-chan struct{})
 		klog.Info("registering webhooks to the webhook server")
 		hookServer.Register("/mutating-encrypt-password-iam-kubesphere-io-v1alpha2-user", &webhook.Admission{Handler: &user.PasswordCipher{Client: mgr.GetClient()}})
 		hookServer.Register("/validate-email-iam-kubesphere-io-v1alpha2-user", &webhook.Admission{Handler: &user.EmailValidator{Client: mgr.GetClient()}})
+		hookServer.Register("/validate-service-nsnp-kubesphere-io-v1alpha1-network", &webhook.Admission{Handler: &nsnetworkpolicy.ServiceValidator{}})
 
 		klog.V(0).Info("Starting the controllers.")
 		if err = mgr.Start(stopCh); err != nil {

cmd/ks-network/main.go

@@ -1,25 +0,0 @@
-package main
-
-import (
-	"flag"
-
-	"k8s.io/klog"
-	"kubesphere.io/kubesphere/pkg/controller/network/runoption"
-)
-
-var opt runoption.RunOption
-
-func init() {
-	flag.StringVar(&opt.ProviderName, "np-provider", "calico", "specify the network policy provider, k8s or calico")
-	flag.BoolVar(&opt.AllowInsecureEtcd, "allow-insecure-etcd", false, "specify allow connect to etcd using insecure http")
-	flag.StringVar(&opt.DataStoreType, "datastore-type", "k8s", "specify the datastore type of calico")
-	//TODO add more flags
-}
-
-func main() {
-	klog.InitFlags(nil)
-	flag.Set("logtostderr", "true")
-	flag.Parse()
-	klog.V(1).Info("Preparing kubernetes client")
-	klog.Fatal(opt.Run())
-}