Merge pull request #26017 from caseydavenport/cd-calico-policy

Automatic merge from submit-queue

Add Calico as policy provider in GCE

Adds Calico as policy provider to GCE, enforcing the extensions/v1beta1 NetworkPolicy API.

Still to do:
- [x] Enable NetworkPolicy API when POLICY_PROVIDER is provided.
- [x] Fix CNI plugin, policy controller versions.

CC @thockin - does this general approach look good?

cluster/common.sh

@@ -475,8 +475,19 @@ function yaml-quote {
 # Builds the RUNTIME_CONFIG var from other feature enable options (such as
 # features in alpha)
 function build-runtime-config() {
-  # There is nothing to do here for now. Just using this function as a placeholder.
-  :
+  # If a policy provider is specified, enable NetworkPolicy API.
+  if [[ -n "${NETWORK_POLICY_PROVIDER}" ]]; then
+    appends="extensions/v1beta1=true,extensions/v1beta1/networkpolicies=true"
+  fi
+
+  # Generate the RUNTIME_CONFIG.
+  if [[ -n ${appends} ]]; then
+    if [[ -n ${RUNTIME_CONFIG} ]]; then
+      RUNTIME_CONFIG="${RUNTIME_CONFIG},${appends}"
+    else 
+      RUNTIME_CONFIG="${appends}"
+    fi
+  fi
 }
 
 # Writes the cluster name into a temporary file.
@@ -553,6 +564,7 @@ HAIRPIN_MODE: $(yaml-quote ${HAIRPIN_MODE:-})
 OPENCONTRAIL_TAG: $(yaml-quote ${OPENCONTRAIL_TAG:-})
 OPENCONTRAIL_KUBERNETES_TAG: $(yaml-quote ${OPENCONTRAIL_KUBERNETES_TAG:-})
 OPENCONTRAIL_PUBLIC_SUBNET: $(yaml-quote ${OPENCONTRAIL_PUBLIC_SUBNET:-})
+NETWORK_POLICY_PROVIDER: $(yaml-quote ${NETWORK_POLICY_PROVIDER:-})
 E2E_STORAGE_TEST_ENVIRONMENT: $(yaml-quote ${E2E_STORAGE_TEST_ENVIRONMENT:-})
 KUBE_IMAGE_TAG: $(yaml-quote ${KUBE_IMAGE_TAG:-})
 KUBE_DOCKER_REGISTRY: $(yaml-quote ${KUBE_DOCKER_REGISTRY:-})