Vpc extended apis #1895
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -52,9 +52,14 @@ type IBMVPCClusterSpec struct { | |
| ControlPlaneEndpoint capiv1beta1.APIEndpoint `json:"controlPlaneEndpoint"` | ||
|
|
||
| // ControlPlaneLoadBalancer is optional configuration for customizing control plane behavior. | ||
| // Use this for legacy support, use Network.LoadBalancers for the extended VPC support. | ||
| // +optional | ||
| ControlPlaneLoadBalancer *VPCLoadBalancerSpec `json:"controlPlaneLoadBalancer,omitempty"` | ||
|
|
||
| // image represents the Image details used for the cluster. | ||
| // +optional | ||
| Image *ImageSpec `json:"image,omitempty"` | ||
|
|
||
| // network represents the VPC network to use for the cluster. | ||
| // +optional | ||
| Network *VPCNetworkSpec `json:"network,omitempty"` | ||
|
|
@@ -87,37 +92,168 @@ type VPCLoadBalancerSpec struct { | |
| // +optional | ||
| // ++kubebuilder:validation:UniqueItems=true | ||
| AdditionalListeners []AdditionalListenerSpec `json:"additionalListeners,omitempty"` | ||
|
|
||
| // backendPools defines the load balancer's backend pools. | ||
| // +optional | ||
| BackendPools []VPCLoadBalancerBackendPoolSpec `json:"backendPools,omitempty"` | ||
|
|
||
| // securityGroups defines the Security Groups to attach to the load balancer. | ||
| // Security Groups defined here are expected to already exist when the load balancer is reconciled (these do not get created when reconciling the load balancer). | ||
| // +optional | ||
| SecurityGroups []VPCResource `json:"securityGroups,omitempty"` | ||
|
|
||
| // subnets defines the VPC Subnets to attach to the load balancer. | ||
| // Subnets defiens here are expected to already exist when the load balancer is reconciled (these do not get created when reconciling the load balancer). | ||
| // +optional | ||
| Subnets []VPCResource `json:"subnets,omitempty"` | ||
| } | ||
|
|
||
| // AdditionalListenerSpec defines the desired state of an | ||
| // additional listener on an VPC load balancer. | ||
| type AdditionalListenerSpec struct { | ||
| // defaultPoolName defines the name of a VPC Load Balancer Backend Pool to use for the VPC Load Balancer Listener. | ||
| // +kubebuilder:validation:MinLength:=1 | ||
| // +kubebuilder:validation:MaxLength:=63 | ||
| // +kubebuilder:validation:Pattern=`^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$` | ||
| // +optional | ||
| DefaultPoolName *string `json:"defaultPoolName,omitempty"` | ||
|
|
||
| // Port sets the port for the additional listener. | ||
| // +kubebuilder:validation:Minimum=1 | ||
| // +kubebuilder:validation:Maximum=65535 | ||
| Port int64 `json:"port"` | ||
|
|
||
| // protocol defines the protocol to use for the VPC Load Balancer Listener. | ||
| // Will default to TCP protocol if not specified. | ||
| // +optional | ||
| Protocol *VPCLoadBalancerListenerProtocol `json:"protocol,omitempty"` | ||
| } | ||
|
|
||
| // VPCLoadBalancerBackendPoolSpec defines the desired configuration of a VPC Load Balancer Backend Pool. | ||
| type VPCLoadBalancerBackendPoolSpec struct { | ||
| // name defines the name of the Backend Pool. | ||
| // +kubebuilder:validation:MinLength:=1 | ||
| // +kubebuilder:validation:MaxLength:=63 | ||
| // +kubebuilder:validation:Pattern=`^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$` | ||
| // +optional | ||
| Name *string `json:"name,omitempty"` | ||
|
There was a problem hiding this comment. lets add a regex for the validation here - |
||
|
|
||
| // algorithm defines the load balancing algorithm to use. | ||
| // +required | ||
| Algorithm VPCLoadBalancerBackendPoolAlgorithm `json:"algorithm"` | ||
|
|
||
| // healthMonitor defines the backend pool's health monitor. | ||
| // +required | ||
| HealthMonitor VPCLoadBalancerHealthMonitorSpec `json:"healthMonitor"` | ||
|
|
||
| // protocol defines the protocol to use for the Backend Pool. | ||
| // +required | ||
| Protocol VPCLoadBalancerBackendPoolProtocol `json:"protocol"` | ||
| } | ||
|
|
||
| // VPCLoadBalancerHealthMonitorSpec defines the desired state of a Health Monitor resource for a VPC Load Balancer Backend Pool. | ||
| // kubebuilder:validation:XValidation:rule="self.dely > self.timeout",message="health monitor's delay must be greater than the timeout" | ||
| type VPCLoadBalancerHealthMonitorSpec struct { | ||
| // delay defines the seconds to wait between health checks. | ||
| // +kubebuilder:validation:Minimum=2 | ||
| // +kubebuilder:validation:Maximum=60 | ||
| // +required | ||
| Delay int64 `json:"delay"` | ||
|
|
||
| // retries defines the max retries for health check. | ||
| // +kubebuilder:validation:Minimum=1 | ||
| // +kubebuilder:validation:Maximum=10 | ||
| // +required | ||
| Retries int64 `json:"retries"` | ||
|
|
||
| // port defines the port to perform health monitoring on. | ||
| // +kubebuilder:validation:Minimum=1 | ||
| // +kubebuilder:validation:Maximum=65535 | ||
| // +optional | ||
| Port *int64 `json:"port,omitempty"` | ||
|
|
||
| // timeout defines the seconds to wait for a health check response. | ||
| // +kubebuilder:validation:Minimum=1 | ||
| // +kubebuilder:validation:Maximum=59 | ||
| // +required | ||
| Timeout int64 `json:"timeout"` | ||
|
|
||
| // type defines the protocol used for health checks. | ||
| // +required | ||
| Type VPCLoadBalancerBackendPoolHealthMonitorType `json:"type"` | ||
|
|
||
| // urlPath defines the URL to use for health monitoring. | ||
| // +kubebuilder:validation:Pattern=`^\/(([a-zA-Z0-9-._~!$&'()*+,;=:@]|%[a-fA-F0-9]{2})+(\/([a-zA-Z0-9-._~!$&'()*+,;=:@]|%[a-fA-F0-9]{2})*)*)?(\\?([a-zA-Z0-9-._~!$&'()*+,;=:@\/?]|%[a-fA-F0-9]{2})*)?$` | ||
| // +optional | ||
| URLPath *string `json:"urlPath,omitempty"` | ||
| } | ||
|
|
||
| // ImageSpec defines the desired state of the VPC Custom Image resources for the cluster. | ||
| // +kubebuilder:validation:XValidation:rule="(!has(self.cosInstance) && !has(self.cosBucket) && !has(self.cosObject)) || (has(self.cosInstance) && has(self.cosBucket) && has(self.cosObject))",message="if any of cosInstance, cosBucket, or cosObject are specified, all must be specified" | ||
| // +kubebuilder:validation:XValidation:rule="has(self.name) || has(self.crn) || (has(self.cosInstance) && has(self.cosBucket) && has(self.cosObject))",message="an existing image name or crn must be provided, or to create a new image the cos resources must be provided, with or without a name" | ||
| type ImageSpec struct { | ||
| // name is the name of the desired VPC Custom Image. | ||
| // +kubebuilder:validation:MinLength:=1 | ||
| // +kubebuilder:validation:MaxLength:=63 | ||
| // +kubebuilder:validation:Pattern='/^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$/' | ||
| // +optional | ||
| Name *string `json:"name,omitempty"` | ||
|
|
||
| // crn is the IBM Cloud CRN of the existing VPC Custom Image. | ||
| // +optional | ||
| CRN *string `json:"crn,omitempty"` | ||
|
|
||
| // cosInstance is the name of the IBM Cloud COS Instance containing the source of the image, if necessary. | ||
| // +optional | ||
| COSInstance *string `json:"cosInstance,omitempty"` | ||
|
|
||
| // cosBucket is the name of the IBM Cloud COS Bucket containing the source of the image, if necessary. | ||
| // +optional | ||
| COSBucket *string `json:"cosBucket,omitempty"` | ||
|
|
||
| // cosBucketRegion is the COS region the bucket is in. | ||
| // +optional | ||
| COSBucketRegion *string `json:"cosBucketRegion,omitempty"` | ||
|
|
||
| // cosObject is the name of a IBM Cloud COS Object used as the source of the image, if necessary. | ||
| // +optional | ||
| COSObject *string `json:"cosObject,omitempty"` | ||
|
|
||
| // operatingSystem is the Custom Image's Operating System name. | ||
| // +optional | ||
| OperatingSystem *string `json:"operatingSystem,omitempty"` | ||
|
|
||
| // resourceGroup is the Resource Group to create the Custom Image in. | ||
| // +optional | ||
| ResourceGroup *IBMCloudResourceReference `json:"resourceGroup,omitempty"` | ||
|
There was a problem hiding this comment. I think we have ResourceGroup at various place. Do you think this option is needed, can't we create image in cluster resource group? There was a problem hiding this comment. The ResourceGroup is imbedded within Power code, I do not wish reuse Power dependent code cluster-api-provider-ibmcloud/api/v1beta2/ibmpowervscluster_types.go Lines 175 to 182 in 112f968 The ResourceGroup can be used for Image creation, or to retrieve an existing image. So, the RG doesn't have to match the Cluster RG. |
||
| } | ||
|
|
||
| // VPCNetworkSpec defines the desired state of the network resources for the cluster for extended VPC Infrastructure support. | ||
| type VPCNetworkSpec struct { | ||
| // controlPlaneSubnets is a set of Subnet's which define the Control Plane subnets. | ||
| // +optional | ||
| ControlPlaneSubnets []Subnet `json:"controlPlaneSubnets,omitempty"` | ||
|
|
||
| // loadBalancers is a set of VPC Load Balancer definitions to use for the cluster. | ||
| // +optional | ||
| LoadBalancers []VPCLoadBalancerSpec `json:"loadBalancers,omitempty"` | ||
|
|
||
| // resourceGroup is the Resource Group containing all of the newtork resources. | ||
| // This can be different than the Resource Group containing the remaining cluster resources. | ||
| // +optional | ||
| ResourceGroup *IBMCloudResourceReference `json:"resourceGroup,omitempty"` | ||
|
|
||
| // securityGroups is a set of VPCSecurityGroup's which define the VPC Security Groups that manage traffic within and out of the VPC. | ||
| // +optional | ||
| SecurityGroups []VPCSecurityGroup `json:"securityGroups,omitempty"` | ||
|
|
||
| // workerSubnets is a set of Subnet's which define the Worker subnets. | ||
| // +optional | ||
| WorkerSubnets []Subnet `json:"workerSubnets,omitempty"` | ||
|
|
||
| // vpc defines the IBM Cloud VPC for extended VPC Infrastructure support. | ||
| // +optional | ||
| VPC *VPCResource `json:"vpc,omitempty"` | ||
| } | ||
|
|
||
| // VPCSecurityGroupStatus defines a vpc security group resource status with its id and respective rule's ids. | ||
|
|
@@ -148,11 +284,14 @@ type VPCLoadBalancerStatus struct { | |
|
|
||
| // IBMVPCClusterStatus defines the observed state of IBMVPCCluster. | ||
| type IBMVPCClusterStatus struct { | ||
| // Important: Run "make" to regenerate code after modifying this file | ||
| // dep: rely on Network instead. | ||
| VPC VPC `json:"vpc,omitempty"` | ||
|
|
||
| // image is the status of the VPC Custom Image. | ||
| // +optional | ||
| Image *ResourceStatus `json:"image,omitempty"` | ||
|
|
||
| // network is the status of the VPC network resources for extended VPC Infrastructure support. | ||
| // +optional | ||
| Network *VPCNetworkStatus `json:"network,omitempty"` | ||
|
|
@@ -180,11 +319,36 @@ type IBMVPCClusterStatus struct { | |
|
|
||
| // VPCNetworkStatus provides details on the status of VPC network resources for extended VPC Infrastructure support. | ||
| type VPCNetworkStatus struct { | ||
| // controlPlaneSubnets references the VPC Subnets for the cluster's Control Plane. | ||
| // The map simplifies lookups. | ||
| // +optional | ||
| ControlPlaneSubnets map[string]*ResourceStatus `json:"controlPlaneSubnets,omitempty"` | ||
|
|
||
| // loadBalancers references the VPC Load Balancer's for the cluster. | ||
| // The map simplifies lookups. | ||
| // +optional | ||
| LoadBalancers map[string]*VPCLoadBalancerStatus `json:"loadBalancers,omitempty"` | ||
|
|
||
| // publicGateways references the VPC Public Gateways for the cluster. | ||
| // The map simplifies lookups. | ||
| // +optional | ||
| PublicGateways map[string]*ResourceStatus `json:"publicGateways,omitempty"` | ||
|
|
||
| // resourceGroup references the Resource Group for Network resources for the cluster. | ||
| // This can be the same or unique from the cluster's Resource Group. | ||
| // +optional | ||
| ResourceGroup *ResourceStatus `json:"resourceGroup,omitempty"` | ||
|
|
||
| // securityGroups references the VPC Security Groups for the cluster. | ||
| // The map simplifies lookups. | ||
| // +optional | ||
| SecurityGroups map[string]*ResourceStatus `json:"securityGroups,omitempty"` | ||
|
|
||
| // workerSubnets references the VPC Subnets for the cluster's Data Plane. | ||
| // The map simplifies lookups. | ||
| // +optional | ||
| WorkerSubnets map[string]*ResourceStatus `json:"workerSubnets,omitempty"` | ||
|
|
||
| // vpc references the status of the IBM Cloud VPC as part of the extended VPC Infrastructure support. | ||
| // +optional | ||
| VPC *ResourceStatus `json:"vpc,omitempty"` | ||
|
|
||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you are planing to have SG seperatly for LB as well as VPC, do you have any use case in mind?
Also we recently implemented it for PowerVS see if it helps
cluster-api-provider-ibmcloud/api/v1beta2/ibmpowervscluster_types.go
Line 109 in 104ee47
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The SG's listed for the LB merely list the SecurityGroups the LB expects to have attached during LB creation.
The SecurityGroup (VPCSecurityGroup) reconciliation occurs separately, so we expect the SG's should already exist by the time we reach LB reconciliation (or error if they do not).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In that case can you please reframe the description the same for better understanding?
It looks like, you are defining the SG from scratch.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added some details that the SG's are expected to exist for LB reconciliation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've also added subnet definitions to LB's, since we don't expect to default to using all subnets.