Vpc extended apis

[cjschaef]

Extending VPC related Cluster API's in order to provide additional VPC Infrastructure reconciliation support.

What this PR does / why we need it: introduces API's that will be used for extended VPC Cluster (Infrastructure) support

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #

Special notes for your reviewer:

/area provider/ibmcloud

1. Please confirm that if this PR changes any image versions, then that's the sole change this PR makes.

Release note:

add additional API's for extended VPC Cluster support

[k8s-ci-robot]

Hi @cjschaef. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[netlify]

✅ Deploy Preview for kubernetes-sigs-cluster-api-ibmcloud ready!

Name	Link
🔨 Latest commit	4012d7c
🔍 Latest deploy log	https://app.netlify.com/sites/kubernetes-sigs-cluster-api-ibmcloud/deploys/66c60b58c96a7000085b9642
😎 Deploy Preview	https://deploy-preview-1895--kubernetes-sigs-cluster-api-ibmcloud.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[mkumatag]

/cc @Karthik-K-N

[mkumatag]

/ok-to-test

[Karthik-K-N]

I think you are planing to have SG seperatly for LB as well as VPC, do you have any use case in mind?
Also we recently implemented it for PowerVS see if it helps

cluster-api-provider-ibmcloud/api/v1beta2/ibmpowervscluster_types.go

Line 109 in 104ee47

VPCSecurityGroups []VPCSecurityGroup `json:"vpcSecurityGroups,omitempty"`

[cjschaef]

The SG's listed for the LB merely list the SecurityGroups the LB expects to have attached during LB creation.

The SecurityGroup (VPCSecurityGroup) reconciliation occurs separately, so we expect the SG's should already exist by the time we reach LB reconciliation (or error if they do not).

[dharaneeshvrd]

In that case can you please reframe the description the same for better understanding?
It looks like, you are defining the SG from scratch.

[cjschaef]

I added some details that the SG's are expected to exist for LB reconciliation

[cjschaef]

I've also added subnet definitions to LB's, since we don't expect to default to using all subnets.

[Karthik-K-N]

Whats the use case you have in mind to expose Backedpool,Do you think user should worry about it? Also what happens if user does not pass anything here?

[cjschaef]

I currently have some default pools implemented in test code. I have not yet decided whether to leave them in, or force the user to have to define pools (no defaults).

[Karthik-K-N]

I think we have ResourceGroup at various place. Do you think this option is needed, can't we create image in cluster resource group?

[cjschaef]

The ResourceGroup is imbedded within Power code, I do not wish reuse Power dependent code

cluster-api-provider-ibmcloud/api/v1beta2/ibmpowervscluster_types.go

Lines 175 to 182 in 112f968

	// ResourceReference identifies a resource with id.
	type ResourceReference struct {
	// id represents the id of the resource.
	ID *string `json:"id,omitempty"`
	// +kubebuilder:default=false
	// controllerCreated indicates whether the resource is created by the controller.
	ControllerCreated *bool `json:"controllerCreated,omitempty"`
	}

The ResourceGroup can be used for Image creation, or to retrieve an existing image. So, the RG doesn't have to match the Cluster RG.

[Karthik-K-N]

Since we are defining here as well, We may need to add proper comment for VPCSpec.ControlplaneLoadbalancer.

[cjschaef]

Sure, I can try to add something to the old field.

[cjschaef]

Added some details about legacy use versus extended support.

[Karthik-K-N]

@dharaneeshvrd please take a look when you get some time.

[mkumatag]

/cc @dharaneeshvrd

[mkumatag]

I have added few comments about adding validation to all the new fields added, lets add validation for all the newly introduced fields referring the apispec from the doc here - https://cloud.ibm.com/apidocs/vpc/latest#create-load-balancer

[mkumatag]

lets add a validation here for the Allowable values: [least_connections,round_robin,weighted_round_robin] and also a default value set when no option mentioned

[cjschaef]

added an enum

[mkumatag]

can we add validation here for the algorithm like Allowable values: [http,https,tcp,udp]

[cjschaef]

added an enum

[mkumatag]

lets add a regex for the validation here - Possible values: 1 ≤ length ≤ 63, Value must match regular expression ^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$

[cjschaef]

added

[dharaneeshvrd]

LGTM overall!

[dharaneeshvrd]

In that case can you please reframe the description the same for better understanding?
It looks like, you are defining the SG from scratch.

[cjschaef]

Based on further investigation on requirements for Catalog Offerings, I have extended the ImageSpec to include a CatalogOffering resource now as well, to allow user to define whether an existing VPC Image is used, a Catalog Offering, or a new VPC Image gets created during Infrastructure reconciliation.

[dharaneeshvrd]

Can we prefix with VPCLoadBalancer to align with other structs?

[cjschaef]

Updated

[dharaneeshvrd]

Same as other comment, it would be good to prefix this with VPCLoadBalancer to be more clear IMO.
Also can we keep it as VPCLoadBalancerHealthCheckSpec to align with VPC term and here also I can see you have referred as health check in many places?

[cjschaef]

Updated the struct name. I was trying to stay aligned with the IBM Cloud API documentation, as it refers to the fields for health checks.

[dharaneeshvrd]

Suggested change

	type CatalogOffering struct {
	type IBMCloudCatalogOffering struct {

[cjschaef]

Updated.

[dharaneeshvrd]

CatalogOffering's spec looks like to identify generic ibm cloud catalog offering, how are you planning to use that to identify the catalog image?

[cjschaef]

Using a Catalog Offering for a VSI "image" requires either a Catalog Offering CRN or Catalog Offering Version CRN (with an optional Catalog Offering Plan CRN for either) per the IBM Cloud VPC API's.

Supplying the catalogOffering field for the ImageSpec, with one of the offeringCRN or versionCRN, with result in the VSI API calls to be made using an InstancePrototypeInstanceByCatalogOffering instead of the ...ByImage for the API calls to create a VSI.

[cjschaef]

I dropped the Catalog Offering since we may not have permission to validate the Image as an Offering. We will have to rely on results/errors during Machine creation.

[cjschaef]

Rebased to resolve mock generation.

[cjschaef]

I dropped the Catalog Offering configuration for the Image definition, as I expect to handle it only within Machine API's and we may not have permission to validate a Catalog Offering, thus providing it in the Infrastructure is not useful.

[dharaneeshvrd]

It seems you need to regenerate the CRD def yamls, otherwise it LGTM!

[cjschaef]

@dharaneeshvrd Is there something specific I need to run to do that?

[dharaneeshvrd]

make generate would do that.

[cjschaef]

@dharaneeshvrd I have run that prior, I don't think it passes CI tests unless the CRD files are updated.
Is there something specific missing, or perhaps something I need to add into a list to generate what appears to be missing?

[dharaneeshvrd]

@cjschaef Apologies for the confusion, it is updated properly.
LGTM, @mkumatag please review!

[mkumatag]

I don't see validations working fine, please fix them.

e.g: I created following spec and it got created without any issues

apiVersion: infrastructure.cluster.x-k8s.io/v1beta2
kind: IBMVPCCluster
metadata:
  labels:
    cluster.x-k8s.io/cluster-name: test-1
  name: test-1
spec:
  region: us-south
  resourceGroup: Default
  vpc: vpc-1
  zone: us-south-1
  controlPlaneLoadBalancer:
    name: lb-test
    backendPools:
    - name: pool-1
      algorithm: invalid-algo
      healthMonitor:
        delay: 2
        retries: 1
        timeout: 1
        type: invalidtype

oc get IBMVPCCluster -A -o=yaml
apiVersion: v1
items:
- apiVersion: infrastructure.cluster.x-k8s.io/v1beta2
  kind: IBMVPCCluster
  metadata:
    annotations:
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"infrastructure.cluster.x-k8s.io/v1beta2","kind":"IBMVPCCluster","metadata":{"annotations":{},"labels":{"cluster.x-k8s.io/cluster-name":"test-1"},"name":"test-1","namespace":"default"},"spec":{"controlPlaneLoadBalancer":{"backendPools":[{"algorithm":"invalid-algo","healthMonitor":{"delay":2,"retries":1,"timeout":1,"type":"invalidtype"},"name":"pool-1"}],"name":"lb-test"},"region":"us-south","resourceGroup":"Default","vpc":"vpc-1","zone":"us-south-1"}}
    creationTimestamp: "2024-08-16T07:37:55Z"
    generation: 1
    labels:
      cluster.x-k8s.io/cluster-name: test-1
    name: test-1
    namespace: default
    resourceVersion: "2534"
    uid: 5147b1a5-2251-484c-b3c4-335b0d6c57f3
  spec:
    controlPlaneEndpoint:
      host: ""
      port: 0
    controlPlaneLoadBalancer:
      backendPools:
      - algorithm: invalid-algo
        healthMonitor:
          delay: 2
          retries: 1
          timeout: 1
          type: invalidtype
        name: pool-1
        protocol: ""
      name: lb-test
      public: true
    region: us-south
    resourceGroup: Default
    vpc: vpc-1
    zone: us-south-1
kind: List
metadata:
  resourceVersion: ""

[cjschaef]

@mkumatag I added some enum validation to some of the type fields, but I cannot validate locally to confirm things work as expected (issues with CRD resource creation). Please let me know if you see further issues.

[mkumatag]

@mkumatag I added some enum validation to some of the type fields, but I cannot validate locally to confirm things work as expected (issues with CRD resource creation). Please let me know if you see further issues.

Getting a proper message now,

k apply -f test/vpc_cluster.yaml 
The IBMVPCCluster "test-1" is invalid: 
* spec.controlPlaneLoadBalancer.backendPools[0].algorithm: Unsupported value: "invalid-algo": supported values: "least_connections", "round_robin", "weighted_round_robin"
* spec.controlPlaneLoadBalancer.backendPools[0].healthMonitor.type: Unsupported value: "invalidtype": supported values: "http", "https", "tcp"
* spec.controlPlaneLoadBalancer.backendPools[0].protocol: Unsupported value: "": supported values: "http", "https", "tcp", "udp"
(base) 

[mkumatag]

/lgtm

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cjschaef, mkumatag

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [mkumatag]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment