diff --git a/build/yaml/crd/vpc/crd.nsx.vmware.com_networkinfos.yaml b/build/yaml/crd/vpc/crd.nsx.vmware.com_networkinfos.yaml index 85fcb94f7..67578b5fe 100644 --- a/build/yaml/crd/vpc/crd.nsx.vmware.com_networkinfos.yaml +++ b/build/yaml/crd/vpc/crd.nsx.vmware.com_networkinfos.yaml @@ -50,7 +50,7 @@ spec: name: description: VPC name. type: string - privateIPv4CIDRs: + privateIPs: description: Private CIDRs used for the VPC. items: type: string diff --git a/build/yaml/crd/vpc/crd.nsx.vmware.com_subnets.yaml b/build/yaml/crd/vpc/crd.nsx.vmware.com_subnets.yaml index 299fdd984..6ae9ac287 100644 --- a/build/yaml/crd/vpc/crd.nsx.vmware.com_subnets.yaml +++ b/build/yaml/crd/vpc/crd.nsx.vmware.com_subnets.yaml @@ -65,6 +65,7 @@ spec: enum: - Private - Public + - PrivateTGW type: string advancedConfig: description: Subnet advanced configuration. diff --git a/build/yaml/crd/vpc/crd.nsx.vmware.com_subnetsets.yaml b/build/yaml/crd/vpc/crd.nsx.vmware.com_subnetsets.yaml index 6d0b23fae..6f6cbc65b 100644 --- a/build/yaml/crd/vpc/crd.nsx.vmware.com_subnetsets.yaml +++ b/build/yaml/crd/vpc/crd.nsx.vmware.com_subnetsets.yaml @@ -65,6 +65,7 @@ spec: enum: - Private - Public + - PrivateTGW type: string advancedConfig: description: Subnet advanced configuration. diff --git a/build/yaml/crd/vpc/crd.nsx.vmware.com_vpcnetworkconfigurations.yaml b/build/yaml/crd/vpc/crd.nsx.vmware.com_vpcnetworkconfigurations.yaml index 70e26048e..47255a7da 100644 --- a/build/yaml/crd/vpc/crd.nsx.vmware.com_vpcnetworkconfigurations.yaml +++ b/build/yaml/crd/vpc/crd.nsx.vmware.com_vpcnetworkconfigurations.yaml @@ -15,17 +15,13 @@ spec: scope: Cluster versions: - additionalPrinterColumns: - - description: NSXTProject the Namespace associated with - jsonPath: .spec.nsxtProject - name: NSXTProject + - description: NSXProject the Namespace associated with + jsonPath: .spec.nsxProject + name: NSXProject type: string - - description: ExternalIPv4Blocks assigned to the Namespace - jsonPath: .spec.externalIPv4Blocks - name: ExternalIPv4Blocks - type: string - - description: PrivateIPv4CIDRs assigned to the Namespace - jsonPath: .spec.privateIPv4CIDRs - name: PrivateIPv4CIDRs + - description: PrivateIPs assigned to the Namespace + jsonPath: .spec.privateIPs + name: PrivateIPs type: string name: v1alpha1 schema: @@ -58,56 +54,45 @@ spec: in a Namespace's VPCNetworkConfiguration, the Namespace will use the value in the default VPCNetworkConfiguration. properties: - defaultGatewayPath: - description: PolicyPath of Tier0 or Tier0 VRF gateway. - type: string - defaultIPv4SubnetSize: + defaultSubnetSize: default: 32 description: |- - Default size of Subnet based upon estimated workload count. + Default size of Subnets. Defaults to 32. type: integer - defaultSubnetAccessMode: + nsxProject: + description: NSX Project the Namespace associated with. + type: string + podSubnetAccessMode: description: |- - DefaultSubnetAccessMode defines the access mode of the default SubnetSet for PodVM and VM. - Must be Public or Private. + PodSubnetAccessMode defines the access mode of the default SubnetSet for PodVMs. + Must be Public, Private or PrivateTGW. enum: - Public - Private + - PrivateTGW type: string - edgeClusterPath: - description: Edge cluster path on which the networking elements will - be created. - type: string - externalIPv4Blocks: - description: NSX-T IPv4 Block paths used to allocate external Subnets. + privateIPs: + description: Private IPs. items: type: string - maxItems: 5 - minItems: 0 - type: array - nsxtProject: - description: NSX-T Project the Namespace associated with. - type: string - privateIPv4CIDRs: - description: Private IPv4 CIDRs used to allocate Private Subnets. - items: - type: string - maxItems: 5 - minItems: 0 type: array shortID: description: |- ShortID specifies Identifier to use when displaying VPC context in logs. - Less than or equal to 8 characters. + Less than equal to 8 characters. maxLength: 8 type: string vpc: description: |- NSX path of the VPC the Namespace associated with. - If vpc is set, only defaultIPv4SubnetSize and defaultSubnetAccessMode + If VPC is set, only defaultIPv4SubnetSize and defaultSubnetAccessMode take effect, other fields are ignored. type: string + vpcConnectivityProfile: + description: VPCConnectivityProfile ID. This profile has configuration + related to creating VPC transit gateway attachment. + type: string type: object status: description: VPCNetworkConfigurationStatus defines the observed state diff --git a/build/yaml/samples/nsx_v1alpha1_networkinfo.yaml b/build/yaml/samples/nsx_v1alpha1_networkinfo.yaml index f2793029b..1368d2e6a 100644 --- a/build/yaml/samples/nsx_v1alpha1_networkinfo.yaml +++ b/build/yaml/samples/nsx_v1alpha1_networkinfo.yaml @@ -13,6 +13,6 @@ vpcs: - defaultSNATIP: 192.168.0.0 loadBalancerIPAddresses: 172.26.0.0/26 name: vpc-d110d5aa-006d-4b59-9caf-424a4fba932c--kube-system - privateIPv4CIDRs: + privateIPs: - 172.26.0.0/16 vpcPath: /orgs/default/projects/project-quality/vpcs/19a8a52e-beb0-4396-91ce-5821a15a43db \ No newline at end of file diff --git a/build/yaml/samples/nsx_v1alpha1_vpcnetworkconfigurations.yaml b/build/yaml/samples/nsx_v1alpha1_vpcnetworkconfigurations.yaml index 35772867e..e6802178e 100644 --- a/build/yaml/samples/nsx_v1alpha1_vpcnetworkconfigurations.yaml +++ b/build/yaml/samples/nsx_v1alpha1_vpcnetworkconfigurations.yaml @@ -3,16 +3,12 @@ kind: VPCNetworkConfiguration metadata: name: vpc-network-config1 spec: - defaultGatewayPath: /infra/tier-0s/t0 - edgeClusterPath: /infra/sites/default/enforcement-points/default/edge-clusters/2d9df59f-6dc6-4911-8865-21fadc23d4da - defaultIPv4SubnetSize: 32 - nsxtProject: proj-1 - externalIPv4Blocks: - - block1 - privateIPv4CIDRs: + defaultSubnetSize: 32 + nsxProject: proj-1 + privateIPs: - 172.26.0.0/16 - 172.36.0.0/16 - defaultSubnetAccessMode: Private + podSubnetAccessMode: Private --- # Sample to create VPCNetworkConfiguration CR using a pre-created NSX VPC. apiVersion: crd.nsx.vmware.com/v1alpha1 @@ -21,5 +17,6 @@ metadata: name: vpc-network-config-with-pre-created-vpc spec: vpc: /orgs/default/projects/proj-1/vpcs/vpc-1 - defaultIPv4SubnetSize: 32 - defaultSubnetAccessMode: Private + defaultSubnetSize: 32 + podSubnetAccessMode: Private + vpcConnectivityProfile: /orgs/default/projects/wenqi-test/vpc-connectivity-profiles/default diff --git a/pkg/apis/crd.nsx.vmware.com/v1alpha1/networkinfo_types.go b/pkg/apis/crd.nsx.vmware.com/v1alpha1/networkinfo_types.go index 4785fa7ec..5327cec21 100644 --- a/pkg/apis/crd.nsx.vmware.com/v1alpha1/networkinfo_types.go +++ b/pkg/apis/crd.nsx.vmware.com/v1alpha1/networkinfo_types.go @@ -8,8 +8,8 @@ import ( ) // +genclient -//+kubebuilder:object:root=true -//+kubebuilder:storageversion +// +kubebuilder:object:root=true +// +kubebuilder:storageversion // NetworkInfo is used to report the network information for a namespace. // +kubebuilder:resource:path=networkinfos @@ -20,7 +20,7 @@ type NetworkInfo struct { VPCs []VPCState `json:"vpcs"` } -//+kubebuilder:object:root=true +// +kubebuilder:object:root=true // NetworkInfoList contains a list of NetworkInfo. type NetworkInfoList struct { @@ -40,7 +40,7 @@ type VPCState struct { // LoadBalancerIPAddresses (AVI SE Subnet CIDR or NSX LB SNAT IPs). LoadBalancerIPAddresses string `json:"loadBalancerIPAddresses,omitempty"` // Private CIDRs used for the VPC. - PrivateIPv4CIDRs []string `json:"privateIPv4CIDRs,omitempty"` + PrivateIPs []string `json:"privateIPs,omitempty"` } func init() { diff --git a/pkg/apis/crd.nsx.vmware.com/v1alpha1/subnet_types.go b/pkg/apis/crd.nsx.vmware.com/v1alpha1/subnet_types.go index 47553cd10..6cbdfc7b2 100644 --- a/pkg/apis/crd.nsx.vmware.com/v1alpha1/subnet_types.go +++ b/pkg/apis/crd.nsx.vmware.com/v1alpha1/subnet_types.go @@ -16,7 +16,7 @@ type SubnetSpec struct { // +kubebuilder:validation:Minimum:=16 IPv4SubnetSize int `json:"ipv4SubnetSize,omitempty"` // Access mode of Subnet, accessible only from within VPC or from outside VPC. - // +kubebuilder:validation:Enum=Private;Public + // +kubebuilder:validation:Enum=Private;Public;PrivateTGW AccessMode AccessMode `json:"accessMode,omitempty"` // Subnet CIDRS. // +kubebuilder:validation:MinItems=0 @@ -38,9 +38,9 @@ type SubnetStatus struct { } // +genclient -//+kubebuilder:object:root=true -//+kubebuilder:subresource:status -//+kubebuilder:storageversion +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:storageversion // Subnet is the Schema for the subnets API. // +kubebuilder:printcolumn:name="AccessMode",type=string,JSONPath=`.spec.accessMode`,description="Access mode of Subnet" @@ -54,7 +54,7 @@ type Subnet struct { Status SubnetStatus `json:"status,omitempty"` } -//+kubebuilder:object:root=true +// +kubebuilder:object:root=true // SubnetList contains a list of Subnet. type SubnetList struct { diff --git a/pkg/apis/crd.nsx.vmware.com/v1alpha1/subnetset_types.go b/pkg/apis/crd.nsx.vmware.com/v1alpha1/subnetset_types.go index 3d8883355..fe83dae54 100644 --- a/pkg/apis/crd.nsx.vmware.com/v1alpha1/subnetset_types.go +++ b/pkg/apis/crd.nsx.vmware.com/v1alpha1/subnetset_types.go @@ -14,7 +14,7 @@ type SubnetSetSpec struct { // +kubebuilder:validation:Minimum:=16 IPv4SubnetSize int `json:"ipv4SubnetSize,omitempty"` // Access mode of Subnet, accessible only from within VPC or from outside VPC. - // +kubebuilder:validation:Enum=Private;Public + // +kubebuilder:validation:Enum=Private;Public;PrivateTGW AccessMode AccessMode `json:"accessMode,omitempty"` // Subnet advanced configuration. AdvancedConfig AdvancedConfig `json:"advancedConfig,omitempty"` @@ -37,9 +37,9 @@ type SubnetSetStatus struct { } // +genclient -//+kubebuilder:object:root=true -//+kubebuilder:subresource:status -//+kubebuilder:storageversion +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:storageversion // SubnetSet is the Schema for the subnetsets API. // +kubebuilder:printcolumn:name="AccessMode",type=string,JSONPath=`.spec.accessMode`,description="Access mode of Subnet" @@ -53,7 +53,7 @@ type SubnetSet struct { Status SubnetSetStatus `json:"status,omitempty"` } -//+kubebuilder:object:root=true +// +kubebuilder:object:root=true // SubnetSetList contains a list of SubnetSet. type SubnetSetList struct { diff --git a/pkg/apis/crd.nsx.vmware.com/v1alpha1/vpcnetworkconfiguration_types.go b/pkg/apis/crd.nsx.vmware.com/v1alpha1/vpcnetworkconfiguration_types.go index f2b36df24..96a3de7bc 100644 --- a/pkg/apis/crd.nsx.vmware.com/v1alpha1/vpcnetworkconfiguration_types.go +++ b/pkg/apis/crd.nsx.vmware.com/v1alpha1/vpcnetworkconfiguration_types.go @@ -11,6 +11,7 @@ import ( const ( AccessModePublic string = "Public" AccessModePrivate string = "Private" + AccessModeProject string = "PrivateTGW" ) // VPCNetworkConfigurationSpec defines the desired state of VPCNetworkConfiguration. @@ -19,38 +20,36 @@ const ( // in a Namespace's VPCNetworkConfiguration, the Namespace will use the value // in the default VPCNetworkConfiguration. type VPCNetworkConfigurationSpec struct { - // PolicyPath of Tier0 or Tier0 VRF gateway. - DefaultGatewayPath string `json:"defaultGatewayPath,omitempty"` - // Edge cluster path on which the networking elements will be created. - EdgeClusterPath string `json:"edgeClusterPath,omitempty"` - // NSX-T Project the Namespace associated with. - NSXTProject string `json:"nsxtProject,omitempty"` - // NSX-T IPv4 Block paths used to allocate external Subnets. - // +kubebuilder:validation:MinItems=0 - // +kubebuilder:validation:MaxItems=5 - ExternalIPv4Blocks []string `json:"externalIPv4Blocks,omitempty"` - // Private IPv4 CIDRs used to allocate Private Subnets. - // +kubebuilder:validation:MinItems=0 - // +kubebuilder:validation:MaxItems=5 - PrivateIPv4CIDRs []string `json:"privateIPv4CIDRs,omitempty"` - // Default size of Subnet based upon estimated workload count. - // Defaults to 32. - // +kubebuilder:default=32 - DefaultIPv4SubnetSize int `json:"defaultIPv4SubnetSize,omitempty"` - // DefaultSubnetAccessMode defines the access mode of the default SubnetSet for PodVM and VM. - // Must be Public or Private. - // +kubebuilder:validation:Enum=Public;Private - DefaultSubnetAccessMode string `json:"defaultSubnetAccessMode,omitempty"` - // ShortID specifies Identifier to use when displaying VPC context in logs. - // Less than or equal to 8 characters. - // +kubebuilder:validation:MaxLength=8 - // +optional - ShortID string `json:"shortID,omitempty"` // NSX path of the VPC the Namespace associated with. - // If vpc is set, only defaultIPv4SubnetSize and defaultSubnetAccessMode + // If VPC is set, only defaultIPv4SubnetSize and defaultSubnetAccessMode // take effect, other fields are ignored. // +optional VPC string `json:"vpc,omitempty"` + + // NSX Project the Namespace associated with. + NSXProject string `json:"nsxProject,omitempty"` + + // VPCConnectivityProfile ID. This profile has configuration related to creating VPC transit gateway attachment. + VPCConnectivityProfile string `json:"vpcConnectivityProfile,omitempty"` + + // Private IPs. + PrivateIPs []string `json:"privateIPs,omitempty"` + + // ShortID specifies Identifier to use when displaying VPC context in logs. + // Less than equal to 8 characters. + // +kubebuilder:validation:MaxLength=8 + // +optional + ShortID string `json:"shortID,omitempty"` + + // Default size of Subnets. + // Defaults to 32. + // +kubebuilder:default=32 + DefaultSubnetSize int `json:"defaultSubnetSize,omitempty"` + + // PodSubnetAccessMode defines the access mode of the default SubnetSet for PodVMs. + // Must be Public, Private or PrivateTGW. + // +kubebuilder:validation:Enum=Public;Private;PrivateTGW + PodSubnetAccessMode string `json:"podSubnetAccessMode,omitempty"` } // VPCNetworkConfigurationStatus defines the observed state of VPCNetworkConfiguration @@ -71,15 +70,14 @@ type VPCInfo struct { // +genclient // +genclient:nonNamespaced -//+kubebuilder:object:root=true -//+kubebuilder:subresource:status -//+kubebuilder:storageversion +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:storageversion // VPCNetworkConfiguration is the Schema for the vpcnetworkconfigurations API. // +kubebuilder:resource:scope="Cluster" -// +kubebuilder:printcolumn:name="NSXTProject",type=string,JSONPath=`.spec.nsxtProject`,description="NSXTProject the Namespace associated with" -// +kubebuilder:printcolumn:name="ExternalIPv4Blocks",type=string,JSONPath=`.spec.externalIPv4Blocks`,description="ExternalIPv4Blocks assigned to the Namespace" -// +kubebuilder:printcolumn:name="PrivateIPv4CIDRs",type=string,JSONPath=`.spec.privateIPv4CIDRs`,description="PrivateIPv4CIDRs assigned to the Namespace" +// +kubebuilder:printcolumn:name="NSXProject",type=string,JSONPath=`.spec.nsxProject`,description="NSXProject the Namespace associated with" +// +kubebuilder:printcolumn:name="PrivateIPs",type=string,JSONPath=`.spec.privateIPs`,description="PrivateIPs assigned to the Namespace" type VPCNetworkConfiguration struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -88,7 +86,7 @@ type VPCNetworkConfiguration struct { Status VPCNetworkConfigurationStatus `json:"status,omitempty"` } -//+kubebuilder:object:root=true +// +kubebuilder:object:root=true // VPCNetworkConfigurationList contains a list of VPCNetworkConfiguration. type VPCNetworkConfigurationList struct { diff --git a/pkg/apis/crd.nsx.vmware.com/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/crd.nsx.vmware.com/v1alpha1/zz_generated.deepcopy.go index ff4d1c0b6..f87de6dc6 100644 --- a/pkg/apis/crd.nsx.vmware.com/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/crd.nsx.vmware.com/v1alpha1/zz_generated.deepcopy.go @@ -1205,13 +1205,8 @@ func (in *VPCNetworkConfigurationList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VPCNetworkConfigurationSpec) DeepCopyInto(out *VPCNetworkConfigurationSpec) { *out = *in - if in.ExternalIPv4Blocks != nil { - in, out := &in.ExternalIPv4Blocks, &out.ExternalIPv4Blocks - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.PrivateIPv4CIDRs != nil { - in, out := &in.PrivateIPv4CIDRs, &out.PrivateIPv4CIDRs + if in.PrivateIPs != nil { + in, out := &in.PrivateIPs, &out.PrivateIPs *out = make([]string, len(*in)) copy(*out, *in) } @@ -1250,8 +1245,8 @@ func (in *VPCNetworkConfigurationStatus) DeepCopy() *VPCNetworkConfigurationStat // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VPCState) DeepCopyInto(out *VPCState) { *out = *in - if in.PrivateIPv4CIDRs != nil { - in, out := &in.PrivateIPv4CIDRs, &out.PrivateIPv4CIDRs + if in.PrivateIPs != nil { + in, out := &in.PrivateIPs, &out.PrivateIPs *out = make([]string, len(*in)) copy(*out, *in) } diff --git a/pkg/apis/v1alpha1/networkinfo_types.go b/pkg/apis/v1alpha1/networkinfo_types.go index 4785fa7ec..5327cec21 100644 --- a/pkg/apis/v1alpha1/networkinfo_types.go +++ b/pkg/apis/v1alpha1/networkinfo_types.go @@ -8,8 +8,8 @@ import ( ) // +genclient -//+kubebuilder:object:root=true -//+kubebuilder:storageversion +// +kubebuilder:object:root=true +// +kubebuilder:storageversion // NetworkInfo is used to report the network information for a namespace. // +kubebuilder:resource:path=networkinfos @@ -20,7 +20,7 @@ type NetworkInfo struct { VPCs []VPCState `json:"vpcs"` } -//+kubebuilder:object:root=true +// +kubebuilder:object:root=true // NetworkInfoList contains a list of NetworkInfo. type NetworkInfoList struct { @@ -40,7 +40,7 @@ type VPCState struct { // LoadBalancerIPAddresses (AVI SE Subnet CIDR or NSX LB SNAT IPs). LoadBalancerIPAddresses string `json:"loadBalancerIPAddresses,omitempty"` // Private CIDRs used for the VPC. - PrivateIPv4CIDRs []string `json:"privateIPv4CIDRs,omitempty"` + PrivateIPs []string `json:"privateIPs,omitempty"` } func init() { diff --git a/pkg/apis/v1alpha1/subnet_types.go b/pkg/apis/v1alpha1/subnet_types.go index 47553cd10..6cbdfc7b2 100644 --- a/pkg/apis/v1alpha1/subnet_types.go +++ b/pkg/apis/v1alpha1/subnet_types.go @@ -16,7 +16,7 @@ type SubnetSpec struct { // +kubebuilder:validation:Minimum:=16 IPv4SubnetSize int `json:"ipv4SubnetSize,omitempty"` // Access mode of Subnet, accessible only from within VPC or from outside VPC. - // +kubebuilder:validation:Enum=Private;Public + // +kubebuilder:validation:Enum=Private;Public;PrivateTGW AccessMode AccessMode `json:"accessMode,omitempty"` // Subnet CIDRS. // +kubebuilder:validation:MinItems=0 @@ -38,9 +38,9 @@ type SubnetStatus struct { } // +genclient -//+kubebuilder:object:root=true -//+kubebuilder:subresource:status -//+kubebuilder:storageversion +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:storageversion // Subnet is the Schema for the subnets API. // +kubebuilder:printcolumn:name="AccessMode",type=string,JSONPath=`.spec.accessMode`,description="Access mode of Subnet" @@ -54,7 +54,7 @@ type Subnet struct { Status SubnetStatus `json:"status,omitempty"` } -//+kubebuilder:object:root=true +// +kubebuilder:object:root=true // SubnetList contains a list of Subnet. type SubnetList struct { diff --git a/pkg/apis/v1alpha1/subnetset_types.go b/pkg/apis/v1alpha1/subnetset_types.go index 3d8883355..fe83dae54 100644 --- a/pkg/apis/v1alpha1/subnetset_types.go +++ b/pkg/apis/v1alpha1/subnetset_types.go @@ -14,7 +14,7 @@ type SubnetSetSpec struct { // +kubebuilder:validation:Minimum:=16 IPv4SubnetSize int `json:"ipv4SubnetSize,omitempty"` // Access mode of Subnet, accessible only from within VPC or from outside VPC. - // +kubebuilder:validation:Enum=Private;Public + // +kubebuilder:validation:Enum=Private;Public;PrivateTGW AccessMode AccessMode `json:"accessMode,omitempty"` // Subnet advanced configuration. AdvancedConfig AdvancedConfig `json:"advancedConfig,omitempty"` @@ -37,9 +37,9 @@ type SubnetSetStatus struct { } // +genclient -//+kubebuilder:object:root=true -//+kubebuilder:subresource:status -//+kubebuilder:storageversion +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:storageversion // SubnetSet is the Schema for the subnetsets API. // +kubebuilder:printcolumn:name="AccessMode",type=string,JSONPath=`.spec.accessMode`,description="Access mode of Subnet" @@ -53,7 +53,7 @@ type SubnetSet struct { Status SubnetSetStatus `json:"status,omitempty"` } -//+kubebuilder:object:root=true +// +kubebuilder:object:root=true // SubnetSetList contains a list of SubnetSet. type SubnetSetList struct { diff --git a/pkg/apis/v1alpha1/vpcnetworkconfiguration_types.go b/pkg/apis/v1alpha1/vpcnetworkconfiguration_types.go index f2b36df24..96a3de7bc 100644 --- a/pkg/apis/v1alpha1/vpcnetworkconfiguration_types.go +++ b/pkg/apis/v1alpha1/vpcnetworkconfiguration_types.go @@ -11,6 +11,7 @@ import ( const ( AccessModePublic string = "Public" AccessModePrivate string = "Private" + AccessModeProject string = "PrivateTGW" ) // VPCNetworkConfigurationSpec defines the desired state of VPCNetworkConfiguration. @@ -19,38 +20,36 @@ const ( // in a Namespace's VPCNetworkConfiguration, the Namespace will use the value // in the default VPCNetworkConfiguration. type VPCNetworkConfigurationSpec struct { - // PolicyPath of Tier0 or Tier0 VRF gateway. - DefaultGatewayPath string `json:"defaultGatewayPath,omitempty"` - // Edge cluster path on which the networking elements will be created. - EdgeClusterPath string `json:"edgeClusterPath,omitempty"` - // NSX-T Project the Namespace associated with. - NSXTProject string `json:"nsxtProject,omitempty"` - // NSX-T IPv4 Block paths used to allocate external Subnets. - // +kubebuilder:validation:MinItems=0 - // +kubebuilder:validation:MaxItems=5 - ExternalIPv4Blocks []string `json:"externalIPv4Blocks,omitempty"` - // Private IPv4 CIDRs used to allocate Private Subnets. - // +kubebuilder:validation:MinItems=0 - // +kubebuilder:validation:MaxItems=5 - PrivateIPv4CIDRs []string `json:"privateIPv4CIDRs,omitempty"` - // Default size of Subnet based upon estimated workload count. - // Defaults to 32. - // +kubebuilder:default=32 - DefaultIPv4SubnetSize int `json:"defaultIPv4SubnetSize,omitempty"` - // DefaultSubnetAccessMode defines the access mode of the default SubnetSet for PodVM and VM. - // Must be Public or Private. - // +kubebuilder:validation:Enum=Public;Private - DefaultSubnetAccessMode string `json:"defaultSubnetAccessMode,omitempty"` - // ShortID specifies Identifier to use when displaying VPC context in logs. - // Less than or equal to 8 characters. - // +kubebuilder:validation:MaxLength=8 - // +optional - ShortID string `json:"shortID,omitempty"` // NSX path of the VPC the Namespace associated with. - // If vpc is set, only defaultIPv4SubnetSize and defaultSubnetAccessMode + // If VPC is set, only defaultIPv4SubnetSize and defaultSubnetAccessMode // take effect, other fields are ignored. // +optional VPC string `json:"vpc,omitempty"` + + // NSX Project the Namespace associated with. + NSXProject string `json:"nsxProject,omitempty"` + + // VPCConnectivityProfile ID. This profile has configuration related to creating VPC transit gateway attachment. + VPCConnectivityProfile string `json:"vpcConnectivityProfile,omitempty"` + + // Private IPs. + PrivateIPs []string `json:"privateIPs,omitempty"` + + // ShortID specifies Identifier to use when displaying VPC context in logs. + // Less than equal to 8 characters. + // +kubebuilder:validation:MaxLength=8 + // +optional + ShortID string `json:"shortID,omitempty"` + + // Default size of Subnets. + // Defaults to 32. + // +kubebuilder:default=32 + DefaultSubnetSize int `json:"defaultSubnetSize,omitempty"` + + // PodSubnetAccessMode defines the access mode of the default SubnetSet for PodVMs. + // Must be Public, Private or PrivateTGW. + // +kubebuilder:validation:Enum=Public;Private;PrivateTGW + PodSubnetAccessMode string `json:"podSubnetAccessMode,omitempty"` } // VPCNetworkConfigurationStatus defines the observed state of VPCNetworkConfiguration @@ -71,15 +70,14 @@ type VPCInfo struct { // +genclient // +genclient:nonNamespaced -//+kubebuilder:object:root=true -//+kubebuilder:subresource:status -//+kubebuilder:storageversion +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:storageversion // VPCNetworkConfiguration is the Schema for the vpcnetworkconfigurations API. // +kubebuilder:resource:scope="Cluster" -// +kubebuilder:printcolumn:name="NSXTProject",type=string,JSONPath=`.spec.nsxtProject`,description="NSXTProject the Namespace associated with" -// +kubebuilder:printcolumn:name="ExternalIPv4Blocks",type=string,JSONPath=`.spec.externalIPv4Blocks`,description="ExternalIPv4Blocks assigned to the Namespace" -// +kubebuilder:printcolumn:name="PrivateIPv4CIDRs",type=string,JSONPath=`.spec.privateIPv4CIDRs`,description="PrivateIPv4CIDRs assigned to the Namespace" +// +kubebuilder:printcolumn:name="NSXProject",type=string,JSONPath=`.spec.nsxProject`,description="NSXProject the Namespace associated with" +// +kubebuilder:printcolumn:name="PrivateIPs",type=string,JSONPath=`.spec.privateIPs`,description="PrivateIPs assigned to the Namespace" type VPCNetworkConfiguration struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -88,7 +86,7 @@ type VPCNetworkConfiguration struct { Status VPCNetworkConfigurationStatus `json:"status,omitempty"` } -//+kubebuilder:object:root=true +// +kubebuilder:object:root=true // VPCNetworkConfigurationList contains a list of VPCNetworkConfiguration. type VPCNetworkConfigurationList struct { diff --git a/pkg/apis/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/v1alpha1/zz_generated.deepcopy.go index ff4d1c0b6..f87de6dc6 100644 --- a/pkg/apis/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/v1alpha1/zz_generated.deepcopy.go @@ -1205,13 +1205,8 @@ func (in *VPCNetworkConfigurationList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VPCNetworkConfigurationSpec) DeepCopyInto(out *VPCNetworkConfigurationSpec) { *out = *in - if in.ExternalIPv4Blocks != nil { - in, out := &in.ExternalIPv4Blocks, &out.ExternalIPv4Blocks - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.PrivateIPv4CIDRs != nil { - in, out := &in.PrivateIPv4CIDRs, &out.PrivateIPv4CIDRs + if in.PrivateIPs != nil { + in, out := &in.PrivateIPs, &out.PrivateIPs *out = make([]string, len(*in)) copy(*out, *in) } @@ -1250,8 +1245,8 @@ func (in *VPCNetworkConfigurationStatus) DeepCopy() *VPCNetworkConfigurationStat // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VPCState) DeepCopyInto(out *VPCState) { *out = *in - if in.PrivateIPv4CIDRs != nil { - in, out := &in.PrivateIPv4CIDRs, &out.PrivateIPv4CIDRs + if in.PrivateIPs != nil { + in, out := &in.PrivateIPs, &out.PrivateIPs *out = make([]string, len(*in)) copy(*out, *in) } diff --git a/pkg/apis/vpc/v1alpha1/networkinfo_types.go b/pkg/apis/vpc/v1alpha1/networkinfo_types.go index 4785fa7ec..5327cec21 100644 --- a/pkg/apis/vpc/v1alpha1/networkinfo_types.go +++ b/pkg/apis/vpc/v1alpha1/networkinfo_types.go @@ -8,8 +8,8 @@ import ( ) // +genclient -//+kubebuilder:object:root=true -//+kubebuilder:storageversion +// +kubebuilder:object:root=true +// +kubebuilder:storageversion // NetworkInfo is used to report the network information for a namespace. // +kubebuilder:resource:path=networkinfos @@ -20,7 +20,7 @@ type NetworkInfo struct { VPCs []VPCState `json:"vpcs"` } -//+kubebuilder:object:root=true +// +kubebuilder:object:root=true // NetworkInfoList contains a list of NetworkInfo. type NetworkInfoList struct { @@ -40,7 +40,7 @@ type VPCState struct { // LoadBalancerIPAddresses (AVI SE Subnet CIDR or NSX LB SNAT IPs). LoadBalancerIPAddresses string `json:"loadBalancerIPAddresses,omitempty"` // Private CIDRs used for the VPC. - PrivateIPv4CIDRs []string `json:"privateIPv4CIDRs,omitempty"` + PrivateIPs []string `json:"privateIPs,omitempty"` } func init() { diff --git a/pkg/apis/vpc/v1alpha1/subnet_types.go b/pkg/apis/vpc/v1alpha1/subnet_types.go index 47553cd10..6cbdfc7b2 100644 --- a/pkg/apis/vpc/v1alpha1/subnet_types.go +++ b/pkg/apis/vpc/v1alpha1/subnet_types.go @@ -16,7 +16,7 @@ type SubnetSpec struct { // +kubebuilder:validation:Minimum:=16 IPv4SubnetSize int `json:"ipv4SubnetSize,omitempty"` // Access mode of Subnet, accessible only from within VPC or from outside VPC. - // +kubebuilder:validation:Enum=Private;Public + // +kubebuilder:validation:Enum=Private;Public;PrivateTGW AccessMode AccessMode `json:"accessMode,omitempty"` // Subnet CIDRS. // +kubebuilder:validation:MinItems=0 @@ -38,9 +38,9 @@ type SubnetStatus struct { } // +genclient -//+kubebuilder:object:root=true -//+kubebuilder:subresource:status -//+kubebuilder:storageversion +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:storageversion // Subnet is the Schema for the subnets API. // +kubebuilder:printcolumn:name="AccessMode",type=string,JSONPath=`.spec.accessMode`,description="Access mode of Subnet" @@ -54,7 +54,7 @@ type Subnet struct { Status SubnetStatus `json:"status,omitempty"` } -//+kubebuilder:object:root=true +// +kubebuilder:object:root=true // SubnetList contains a list of Subnet. type SubnetList struct { diff --git a/pkg/apis/vpc/v1alpha1/subnetset_types.go b/pkg/apis/vpc/v1alpha1/subnetset_types.go index 3d8883355..fe83dae54 100644 --- a/pkg/apis/vpc/v1alpha1/subnetset_types.go +++ b/pkg/apis/vpc/v1alpha1/subnetset_types.go @@ -14,7 +14,7 @@ type SubnetSetSpec struct { // +kubebuilder:validation:Minimum:=16 IPv4SubnetSize int `json:"ipv4SubnetSize,omitempty"` // Access mode of Subnet, accessible only from within VPC or from outside VPC. - // +kubebuilder:validation:Enum=Private;Public + // +kubebuilder:validation:Enum=Private;Public;PrivateTGW AccessMode AccessMode `json:"accessMode,omitempty"` // Subnet advanced configuration. AdvancedConfig AdvancedConfig `json:"advancedConfig,omitempty"` @@ -37,9 +37,9 @@ type SubnetSetStatus struct { } // +genclient -//+kubebuilder:object:root=true -//+kubebuilder:subresource:status -//+kubebuilder:storageversion +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:storageversion // SubnetSet is the Schema for the subnetsets API. // +kubebuilder:printcolumn:name="AccessMode",type=string,JSONPath=`.spec.accessMode`,description="Access mode of Subnet" @@ -53,7 +53,7 @@ type SubnetSet struct { Status SubnetSetStatus `json:"status,omitempty"` } -//+kubebuilder:object:root=true +// +kubebuilder:object:root=true // SubnetSetList contains a list of SubnetSet. type SubnetSetList struct { diff --git a/pkg/apis/vpc/v1alpha1/vpcnetworkconfiguration_types.go b/pkg/apis/vpc/v1alpha1/vpcnetworkconfiguration_types.go index f2b36df24..1c54cb8be 100644 --- a/pkg/apis/vpc/v1alpha1/vpcnetworkconfiguration_types.go +++ b/pkg/apis/vpc/v1alpha1/vpcnetworkconfiguration_types.go @@ -11,6 +11,7 @@ import ( const ( AccessModePublic string = "Public" AccessModePrivate string = "Private" + AccessModeProject string = "PrivateTGW" ) // VPCNetworkConfigurationSpec defines the desired state of VPCNetworkConfiguration. @@ -19,38 +20,36 @@ const ( // in a Namespace's VPCNetworkConfiguration, the Namespace will use the value // in the default VPCNetworkConfiguration. type VPCNetworkConfigurationSpec struct { - // PolicyPath of Tier0 or Tier0 VRF gateway. - DefaultGatewayPath string `json:"defaultGatewayPath,omitempty"` - // Edge cluster path on which the networking elements will be created. - EdgeClusterPath string `json:"edgeClusterPath,omitempty"` - // NSX-T Project the Namespace associated with. - NSXTProject string `json:"nsxtProject,omitempty"` - // NSX-T IPv4 Block paths used to allocate external Subnets. - // +kubebuilder:validation:MinItems=0 - // +kubebuilder:validation:MaxItems=5 - ExternalIPv4Blocks []string `json:"externalIPv4Blocks,omitempty"` - // Private IPv4 CIDRs used to allocate Private Subnets. - // +kubebuilder:validation:MinItems=0 - // +kubebuilder:validation:MaxItems=5 - PrivateIPv4CIDRs []string `json:"privateIPv4CIDRs,omitempty"` - // Default size of Subnet based upon estimated workload count. - // Defaults to 32. - // +kubebuilder:default=32 - DefaultIPv4SubnetSize int `json:"defaultIPv4SubnetSize,omitempty"` - // DefaultSubnetAccessMode defines the access mode of the default SubnetSet for PodVM and VM. - // Must be Public or Private. - // +kubebuilder:validation:Enum=Public;Private - DefaultSubnetAccessMode string `json:"defaultSubnetAccessMode,omitempty"` - // ShortID specifies Identifier to use when displaying VPC context in logs. - // Less than or equal to 8 characters. - // +kubebuilder:validation:MaxLength=8 - // +optional - ShortID string `json:"shortID,omitempty"` // NSX path of the VPC the Namespace associated with. - // If vpc is set, only defaultIPv4SubnetSize and defaultSubnetAccessMode + // If VPC is set, only defaultIPv4SubnetSize and defaultSubnetAccessMode // take effect, other fields are ignored. // +optional VPC string `json:"vpc,omitempty"` + + // NSX Project the Namespace associated with. + NSXProject string `json:"nsxProject,omitempty"` + + // VPCConnectivityProfile ID. This profile has configuration related to creating VPC transit gateway attachment. + VPCConnectivityProfile string `json:"vpcConnectivityProfile,omitempty"` + + // Private IPs. + PrivateIPs []string `json:"privateIPs,omitempty"` + + // ShortID specifies Identifier to use when displaying VPC context in logs. + // Less than equal to 8 characters. + // +kubebuilder:validation:MaxLength=8 + // +optional + ShortID string `json:"shortID,omitempty"` + + // Default size of Subnets. + // Defaults to 32. + // +kubebuilder:default=32 + DefaultSubnetSize int `json:"defaultSubnetSize,omitempty"` + + // PodSubnetAccessMode defines the access mode of the default SubnetSet for PodVMs. + // Must be Public, Private or PrivateTGW. + // +kubebuilder:validation:Enum=Public;Private;PrivateTGW + PodSubnetAccessMode string `json:"podSubnetAccessMode,omitempty"` } // VPCNetworkConfigurationStatus defines the observed state of VPCNetworkConfiguration @@ -71,15 +70,14 @@ type VPCInfo struct { // +genclient // +genclient:nonNamespaced -//+kubebuilder:object:root=true -//+kubebuilder:subresource:status -//+kubebuilder:storageversion +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:storageversion // VPCNetworkConfiguration is the Schema for the vpcnetworkconfigurations API. // +kubebuilder:resource:scope="Cluster" -// +kubebuilder:printcolumn:name="NSXTProject",type=string,JSONPath=`.spec.nsxtProject`,description="NSXTProject the Namespace associated with" -// +kubebuilder:printcolumn:name="ExternalIPv4Blocks",type=string,JSONPath=`.spec.externalIPv4Blocks`,description="ExternalIPv4Blocks assigned to the Namespace" -// +kubebuilder:printcolumn:name="PrivateIPv4CIDRs",type=string,JSONPath=`.spec.privateIPv4CIDRs`,description="PrivateIPv4CIDRs assigned to the Namespace" +// +kubebuilder:printcolumn:name="NsxProject",type=string,JSONPath=`.spec.nsxProject`,description="NsxProject the Namespace associated with" +// +kubebuilder:printcolumn:name="PrivateIPs",type=string,JSONPath=`.spec.privateIPs`,description="PrivateIPs assigned to the Namespace" type VPCNetworkConfiguration struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -88,7 +86,7 @@ type VPCNetworkConfiguration struct { Status VPCNetworkConfigurationStatus `json:"status,omitempty"` } -//+kubebuilder:object:root=true +// +kubebuilder:object:root=true // VPCNetworkConfigurationList contains a list of VPCNetworkConfiguration. type VPCNetworkConfigurationList struct { diff --git a/pkg/apis/vpc/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/vpc/v1alpha1/zz_generated.deepcopy.go index 7b0908b6f..22995ca5a 100644 --- a/pkg/apis/vpc/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/vpc/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright © 2024 VMware, Inc. All Rights Reserved. SPDX-License-Identifier: Apache-2.0 */ @@ -1342,13 +1341,8 @@ func (in *VPCNetworkConfigurationList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VPCNetworkConfigurationSpec) DeepCopyInto(out *VPCNetworkConfigurationSpec) { *out = *in - if in.ExternalIPv4Blocks != nil { - in, out := &in.ExternalIPv4Blocks, &out.ExternalIPv4Blocks - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.PrivateIPv4CIDRs != nil { - in, out := &in.PrivateIPv4CIDRs, &out.PrivateIPv4CIDRs + if in.PrivateIPs != nil { + in, out := &in.PrivateIPs, &out.PrivateIPs *out = make([]string, len(*in)) copy(*out, *in) } @@ -1387,8 +1381,8 @@ func (in *VPCNetworkConfigurationStatus) DeepCopy() *VPCNetworkConfigurationStat // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VPCState) DeepCopyInto(out *VPCState) { *out = *in - if in.PrivateIPv4CIDRs != nil { - in, out := &in.PrivateIPv4CIDRs, &out.PrivateIPv4CIDRs + if in.PrivateIPs != nil { + in, out := &in.PrivateIPs, &out.PrivateIPs *out = make([]string, len(*in)) copy(*out, *in) } diff --git a/pkg/apis/vpc/v1alpha2/ippool_types.go b/pkg/apis/vpc/v1alpha2/ippool_types.go index 56dac408a..791241c6c 100644 --- a/pkg/apis/vpc/v1alpha2/ippool_types.go +++ b/pkg/apis/vpc/v1alpha2/ippool_types.go @@ -10,9 +10,9 @@ import ( ) // +genclient -//+kubebuilder:object:root=true -//+kubebuilder:subresource:status -//+kubebuilder:storageversion +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:storageversion // IPPool is the Schema for the ippools API. // +kubebuilder:printcolumn:name="Type",type=string,JSONPath=`.spec.type`,description="Type of IPPool" @@ -25,7 +25,7 @@ type IPPool struct { Status IPPoolStatus `json:"status,omitempty"` } -//+kubebuilder:object:root=true +// +kubebuilder:object:root=true // IPPoolList contains a list of IPPool. type IPPoolList struct { @@ -36,8 +36,8 @@ type IPPoolList struct { // IPPoolSpec defines the desired state of IPPool. type IPPoolSpec struct { - // Type defines the type of this IPPool, Public or Private. - // +kubebuilder:validation:Enum=Public;Private + // Type defines the type of this IPPool, can be Public, Private, PrivateTGW. + // +kubebuilder:validation:Enum=Public;Private;PrivateTGW // +optional Type string `json:"type,omitempty"` // Subnets defines set of subnets need to be allocated. diff --git a/pkg/apis/vpc/v1alpha2/zz_generated.deepcopy.go b/pkg/apis/vpc/v1alpha2/zz_generated.deepcopy.go index 4118fb35c..dbd5ee6b7 100644 --- a/pkg/apis/vpc/v1alpha2/zz_generated.deepcopy.go +++ b/pkg/apis/vpc/v1alpha2/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright © 2024 VMware, Inc. All Rights Reserved. SPDX-License-Identifier: Apache-2.0 */ diff --git a/pkg/config/config.go b/pkg/config/config.go index 29a3c60c5..06b8e3afa 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -112,7 +112,6 @@ type NsxConfig struct { SingleTierSrTopology bool `ini:"single_tier_sr_topology"` EnforcementPoint string `ini:"enforcement_point"` DefaultProject string `ini:"default_project"` - ExternalIPv4Blocks []string `ini:"external_ipv4_blocks"` DefaultSubnetSize int `ini:"default_subnet_size"` DefaultTimeout int `ini:"default_timeout"` EnvoyHost string `ini:"envoy_host"` diff --git a/pkg/controllers/namespace/namespace_controller.go b/pkg/controllers/namespace/namespace_controller.go index 07ecab241..825d57893 100644 --- a/pkg/controllers/namespace/namespace_controller.go +++ b/pkg/controllers/namespace/namespace_controller.go @@ -57,18 +57,6 @@ func (r *NamespaceReconciler) createNetworkInfoCR(ctx *context.Context, obj clie log.Info("networkInfo already exists", "networkInfo", networkInfos.Items[0].Name, "Namespace", ns) return &networkInfos.Items[0], nil } - nc, ncExist := r.VPCService.GetVPCNetworkConfig(ncName) - if !ncExist { - message := fmt.Sprintf("missing network config %s for namespace %s", ncName, ns) - r.namespaceError(ctx, obj, message, nil) - return nil, errors.New(message) - } - if !r.VPCService.ValidateNetworkConfig(nc) { - // if network config is not valid, no need to retry, skip processing - message := fmt.Sprintf("invalid network config %s for namespace %s, missing private cidr", ncName, ns) - r.namespaceError(ctx, obj, message, nil) - return nil, errors.New(message) - } // create networkInfo cr with existing vpc network config log.V(2).Info("building networkInfo", "ns", ns) @@ -96,7 +84,7 @@ func (r *NamespaceReconciler) createNetworkInfoCR(ctx *context.Context, obj clie return networkInfoCR, nil } -func (r *NamespaceReconciler) createDefaultSubnetSet(ns string) error { +func (r *NamespaceReconciler) createDefaultSubnetSet(ns string, defaultPodAccessMode string) error { defaultSubnetSets := map[string]string{ types.DefaultVMSubnetSet: types.LabelDefaultVMSubnetSet, types.DefaultPodSubnetSet: types.LabelDefaultPodSubnetSet, @@ -132,6 +120,12 @@ func (r *NamespaceReconciler) createDefaultSubnetSet(ns string) error { }, }, } + if name == types.DefaultVMSubnetSet { + // use "Private" type for VM + obj.Spec.AccessMode = v1alpha1.AccessMode("Private") + } else if name == types.DefaultPodSubnetSet { + obj.Spec.AccessMode = v1alpha1.AccessMode(defaultPodAccessMode) + } if err := r.Client.Create(context.Background(), obj); err != nil { return err } @@ -229,10 +223,23 @@ func (r *NamespaceReconciler) Reconcile(ctx context.Context, req ctrl.Request) ( } } + nc, ncExist := r.VPCService.GetVPCNetworkConfig(ncName) + if !ncExist { + message := fmt.Sprintf("missing network config %s for namespace %s", ncName, ns) + r.namespaceError(&ctx, obj, message, nil) + return common.ResultRequeueAfter10sec, nil + } + if !r.VPCService.ValidateNetworkConfig(nc) { + // if network config is not valid, no need to retry, skip processing + message := fmt.Sprintf("invalid network config %s for namespace %s, missing private cidr", ncName, ns) + r.namespaceError(&ctx, obj, message, nil) + return common.ResultRequeueAfter10sec, nil + } + if _, err := r.createNetworkInfoCR(&ctx, obj, ns, ncName); err != nil { return common.ResultRequeueAfter10sec, nil } - if err := r.createDefaultSubnetSet(ns); err != nil { + if err := r.createDefaultSubnetSet(ns, nc.PodSubnetAccessMode); err != nil { return common.ResultRequeueAfter10sec, nil } return common.ResultNormal, nil diff --git a/pkg/controllers/networkinfo/networkinfo_controller.go b/pkg/controllers/networkinfo/networkinfo_controller.go index 427192a20..71abdcae2 100644 --- a/pkg/controllers/networkinfo/networkinfo_controller.go +++ b/pkg/controllers/networkinfo/networkinfo_controller.go @@ -5,6 +5,7 @@ package networkinfo import ( "context" + "strings" corev1 "k8s.io/api/core/v1" apimachineryruntime "k8s.io/apimachinery/pkg/runtime" @@ -81,18 +82,41 @@ func (r *NetworkInfoReconciler) Reconcile(ctx context.Context, req ctrl.Request) VPCPath: *createdVpc.Path, DefaultSNATIP: "", LoadBalancerIPAddresses: "", - PrivateIPv4CIDRs: nc.PrivateIPv4CIDRs, + PrivateIPs: nc.PrivateIPs, } - log.Error(err, "update avi rule failed, would retry exponentially", "NetworkInfo", req.NamespacedName) - updateFail(r, &ctx, obj, &err, r.Client, state) - return common.ResultRequeueAfter10sec, err + log.Error(err, "update avi rule failed, would retry exponentially", "NetworkInfo", req.NamespacedName, "state", state) + // updateFail(r, &ctx, obj, &err, r.Client, state) + // return common.ResultRequeueAfter10sec, err } } snatIP, path, cidr := "", "", "" + parts := strings.Split(nc.VPCConnectivityProfile, "/") + if len(parts) < 1 { + log.Error(err, "failed to check VPCConnectivityProfile length", "VPCConnectivityProfile", nc.VPCConnectivityProfile) + return common.ResultRequeue, err + } + vpcConnectivityProfileName := parts[len(parts)-1] + vpcConnectivityProfile, err := r.Service.NSXClient.VPCConnectivityProfilesClient.Get(nc.Org, nc.NSXProject, vpcConnectivityProfileName) + if err != nil { + log.Error(err, "failed to get NSX VPC ConnectivityProfile object", "vpcConnectivityProfileName", vpcConnectivityProfileName) + return common.ResultRequeue, err + } + isEnableAutoSNAT := func() bool { + if vpcConnectivityProfile.ServiceGateway == nil || vpcConnectivityProfile.ServiceGateway.Enable == nil { + return false + } + if *vpcConnectivityProfile.ServiceGateway.Enable { + if vpcConnectivityProfile.ServiceGateway.NatConfig == nil || vpcConnectivityProfile.ServiceGateway.NatConfig.EnableDefaultSnat == nil { + return false + } + return *vpcConnectivityProfile.ServiceGateway.NatConfig.EnableDefaultSnat + } + return false + } // currently, auto snat is not exposed, and use default value True // checking autosnat to support future extension in vpc configuration - if createdVpc.ServiceGateway != nil && createdVpc.ServiceGateway.AutoSnat != nil && *createdVpc.ServiceGateway.AutoSnat { + if isEnableAutoSNAT() { snatIP, err = r.Service.GetDefaultSNATIP(*createdVpc) if err != nil { log.Error(err, "failed to read default SNAT ip from VPC", "VPC", createdVpc.Id) @@ -101,7 +125,7 @@ func (r *NetworkInfoReconciler) Reconcile(ctx context.Context, req ctrl.Request) VPCPath: *createdVpc.Path, DefaultSNATIP: "", LoadBalancerIPAddresses: "", - PrivateIPv4CIDRs: nc.PrivateIPv4CIDRs, + PrivateIPs: nc.PrivateIPs, } updateFail(r, &ctx, obj, &err, r.Client, state) return common.ResultRequeueAfter10sec, err @@ -120,7 +144,7 @@ func (r *NetworkInfoReconciler) Reconcile(ctx context.Context, req ctrl.Request) VPCPath: *createdVpc.Path, DefaultSNATIP: snatIP, LoadBalancerIPAddresses: "", - PrivateIPv4CIDRs: nc.PrivateIPv4CIDRs, + PrivateIPs: nc.PrivateIPs, } updateFail(r, &ctx, obj, &err, r.Client, state) return common.ResultRequeueAfter10sec, err @@ -132,7 +156,7 @@ func (r *NetworkInfoReconciler) Reconcile(ctx context.Context, req ctrl.Request) VPCPath: *createdVpc.Path, DefaultSNATIP: snatIP, LoadBalancerIPAddresses: cidr, - PrivateIPv4CIDRs: nc.PrivateIPv4CIDRs, + PrivateIPs: nc.PrivateIPs, } updateSuccess(r, &ctx, obj, r.Client, state, nc.Name, path, r.Service.GetNSXLBSPath(*createdVpc.Id)) } else { diff --git a/pkg/controllers/networkinfo/vpcnetworkconfig_handler.go b/pkg/controllers/networkinfo/vpcnetworkconfig_handler.go index 7c20b9afb..21bc9c402 100644 --- a/pkg/controllers/networkinfo/vpcnetworkconfig_handler.go +++ b/pkg/controllers/networkinfo/vpcnetworkconfig_handler.go @@ -52,15 +52,8 @@ func (h *VPCNetworkConfigurationHandler) Generic(_ context.Context, _ event.Gene func (h *VPCNetworkConfigurationHandler) Update(ctx context.Context, e event.UpdateEvent, q workqueue.RateLimitingInterface) { log.V(1).Info("start processing VPC network config update event") - oldNc := e.ObjectOld.(*v1alpha1.VPCNetworkConfiguration) newNc := e.ObjectNew.(*v1alpha1.VPCNetworkConfiguration) - if getListSize(oldNc.Spec.ExternalIPv4Blocks) == getListSize(newNc.Spec.ExternalIPv4Blocks) && - getListSize(oldNc.Spec.PrivateIPv4CIDRs) == getListSize(newNc.Spec.PrivateIPv4CIDRs) { - log.V(1).Info("only support updating external/private ipv4 cidr, no change") - return - } - // update network config info in store info, err := buildNetworkConfigInfo(*newNc) if err != nil { @@ -105,33 +98,23 @@ var VPCNetworkConfigurationPredicate = predicate.Funcs{ }, } -func getListSize(s []string) int { - if s == nil { - return 0 - } else { - return len(s) - } -} - func buildNetworkConfigInfo(vpcConfigCR v1alpha1.VPCNetworkConfiguration) (*commontypes.VPCNetworkConfigInfo, error) { - org, project, err := nsxtProjectPathToId(vpcConfigCR.Spec.NSXTProject) + org, project, err := nsxtProjectPathToId(vpcConfigCR.Spec.NSXProject) if err != nil { - log.Error(err, "failed to parse nsx-t project in network config", "Project Path", vpcConfigCR.Spec.NSXTProject) + log.Error(err, "failed to parse NSX project in network config", "Project Path", vpcConfigCR.Spec.NSXProject) return nil, err } ninfo := &commontypes.VPCNetworkConfigInfo{ - IsDefault: isDefaultNetworkConfigCR(vpcConfigCR), - Org: org, - Name: vpcConfigCR.Name, - DefaultGatewayPath: vpcConfigCR.Spec.DefaultGatewayPath, - EdgeClusterPath: vpcConfigCR.Spec.EdgeClusterPath, - NsxtProject: project, - ExternalIPv4Blocks: vpcConfigCR.Spec.ExternalIPv4Blocks, - PrivateIPv4CIDRs: vpcConfigCR.Spec.PrivateIPv4CIDRs, - DefaultIPv4SubnetSize: vpcConfigCR.Spec.DefaultIPv4SubnetSize, - DefaultSubnetAccessMode: vpcConfigCR.Spec.DefaultSubnetAccessMode, - ShortID: vpcConfigCR.Spec.ShortID, + IsDefault: isDefaultNetworkConfigCR(vpcConfigCR), + Org: org, + Name: vpcConfigCR.Name, + VPCConnectivityProfile: vpcConfigCR.Spec.VPCConnectivityProfile, + NSXProject: project, + PrivateIPs: vpcConfigCR.Spec.PrivateIPs, + DefaultSubnetSize: vpcConfigCR.Spec.DefaultSubnetSize, + PodSubnetAccessMode: vpcConfigCR.Spec.PodSubnetAccessMode, + ShortID: vpcConfigCR.Spec.ShortID, } return ninfo, nil } @@ -150,7 +133,7 @@ func isDefaultNetworkConfigCR(vpcConfigCR v1alpha1.VPCNetworkConfiguration) bool return false } -// parse org id and project id from nsxtProject path +// parse org id and project id from nsxProject path // example /orgs/default/projects/nsx_operator_e2e_test func nsxtProjectPathToId(path string) (string, string, error) { parts := strings.Split(path, "/") diff --git a/pkg/controllers/networkinfo/vpcnetworkconfig_handler_test.go b/pkg/controllers/networkinfo/vpcnetworkconfig_handler_test.go index 127c2288e..860813261 100644 --- a/pkg/controllers/networkinfo/vpcnetworkconfig_handler_test.go +++ b/pkg/controllers/networkinfo/vpcnetworkconfig_handler_test.go @@ -64,7 +64,7 @@ func TestBuildNetworkConfigInfo(t *testing.T) { emptyCRD := &v1alpha1.VPCNetworkConfiguration{} emptyCRD2 := &v1alpha1.VPCNetworkConfiguration{ Spec: v1alpha1.VPCNetworkConfigurationSpec{ - NSXTProject: "/invalid/path", + NSXProject: "/invalid/path", }, } _, e := buildNetworkConfigInfo(*emptyCRD) @@ -73,22 +73,17 @@ func TestBuildNetworkConfigInfo(t *testing.T) { assert.NotNil(t, e) spec1 := v1alpha1.VPCNetworkConfigurationSpec{ - DefaultGatewayPath: "test-gw-path-1", - EdgeClusterPath: "test-edge-path-1", - ExternalIPv4Blocks: []string{"external-ipb-1", "external-ipb-2"}, - PrivateIPv4CIDRs: []string{"private-ipb-1", "private-ipb-2"}, - DefaultIPv4SubnetSize: 64, - DefaultSubnetAccessMode: "Public", - NSXTProject: "/orgs/default/projects/nsx_operator_e2e_test", + PrivateIPs: []string{"private-ipb-1", "private-ipb-2"}, + DefaultSubnetSize: 64, + VPCConnectivityProfile: "test-VPCConnectivityProfile", + PodSubnetAccessMode: "Public", + NSXProject: "/orgs/default/projects/nsx_operator_e2e_test", } spec2 := v1alpha1.VPCNetworkConfigurationSpec{ - DefaultGatewayPath: "test-gw-path-2", - EdgeClusterPath: "test-edge-path-2", - ExternalIPv4Blocks: []string{"external-ipb-1", "external-ipb-2"}, - PrivateIPv4CIDRs: []string{"private-ipb-1", "private-ipb-2"}, - DefaultIPv4SubnetSize: 32, - DefaultSubnetAccessMode: "Private", - NSXTProject: "/orgs/anotherOrg/projects/anotherProject", + PrivateIPs: []string{"private-ipb-1", "private-ipb-2"}, + DefaultSubnetSize: 32, + PodSubnetAccessMode: "Private", + NSXProject: "/orgs/anotherOrg/projects/anotherProject", } testCRD1 := v1alpha1.VPCNetworkConfiguration{ Spec: spec1, @@ -110,30 +105,31 @@ func TestBuildNetworkConfigInfo(t *testing.T) { testCRD3.Name = "test-3" tests := []struct { - name string - nc v1alpha1.VPCNetworkConfiguration - gw string - edge string - org string - project string - subnetSize int - accessMode string - isDefault bool + name string + nc v1alpha1.VPCNetworkConfiguration + gw string + edge string + org string + project string + subnetSize int + accessMode string + isDefault bool + vpcConnectivityProfile string }{ - {"1", testCRD1, "test-gw-path-1", "test-edge-path-1", "default", "nsx_operator_e2e_test", 64, "Public", false}, - {"2", testCRD2, "test-gw-path-2", "test-edge-path-2", "anotherOrg", "anotherProject", 32, "Private", false}, - {"3", testCRD3, "test-gw-path-2", "test-edge-path-2", "anotherOrg", "anotherProject", 32, "Private", true}, + {"test-nsxtProjectPathToId", testCRD1, "test-gw-path-1", "test-edge-path-1", "default", "nsx_operator_e2e_test", 64, "Public", false, ""}, + {"with-VPCConnectivityProfile", testCRD2, "test-gw-path-2", "test-edge-path-2", "anotherOrg", "anotherProject", 32, "Private", false, "test-VPCConnectivityProfile"}, + {"with-defaultNetworkConfig", testCRD3, "test-gw-path-2", "test-edge-path-2", "anotherOrg", "anotherProject", 32, "Private", true, ""}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { nc, e := buildNetworkConfigInfo(tt.nc) assert.Nil(t, e) - assert.Equal(t, tt.gw, nc.DefaultGatewayPath) - assert.Equal(t, tt.edge, nc.EdgeClusterPath) + // assert.Equal(t, tt.gw, nc.DefaultGatewayPath) + // assert.Equal(t, tt.edge, nc.EdgeClusterPath) assert.Equal(t, tt.org, nc.Org) - assert.Equal(t, tt.project, nc.NsxtProject) - assert.Equal(t, tt.subnetSize, nc.DefaultIPv4SubnetSize) - assert.Equal(t, tt.accessMode, nc.DefaultSubnetAccessMode) + assert.Equal(t, tt.project, nc.NSXProject) + assert.Equal(t, tt.subnetSize, nc.DefaultSubnetSize) + assert.Equal(t, tt.accessMode, nc.PodSubnetAccessMode) assert.Equal(t, tt.isDefault, nc.IsDefault) }) } diff --git a/pkg/controllers/subnet/subnet_controller.go b/pkg/controllers/subnet/subnet_controller.go index 2efd9e373..0a975018f 100644 --- a/pkg/controllers/subnet/subnet_controller.go +++ b/pkg/controllers/subnet/subnet_controller.go @@ -78,11 +78,15 @@ func (r *SubnetReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctr updateFail(r, &ctx, obj, "") return ResultRequeue, err } + if obj.Spec.AccessMode == "" { - obj.Spec.AccessMode = v1alpha1.AccessMode(vpcNetworkConfig.DefaultSubnetAccessMode) + obj.Spec.AccessMode = v1alpha1.AccessMode(v1alpha1.AccessModePrivate) + if obj.Name == servicecommon.DefaultPodSubnetSet { + obj.Spec.AccessMode = v1alpha1.AccessMode(vpcNetworkConfig.PodSubnetAccessMode) + } } if obj.Spec.IPv4SubnetSize == 0 { - obj.Spec.IPv4SubnetSize = vpcNetworkConfig.DefaultIPv4SubnetSize + obj.Spec.IPv4SubnetSize = vpcNetworkConfig.DefaultSubnetSize } } tags := r.SubnetService.GenerateSubnetNSTags(obj, obj.Namespace) diff --git a/pkg/controllers/subnetset/subnetset_controller.go b/pkg/controllers/subnetset/subnetset_controller.go index d4068c6d2..583304b1b 100644 --- a/pkg/controllers/subnetset/subnetset_controller.go +++ b/pkg/controllers/subnetset/subnetset_controller.go @@ -70,10 +70,13 @@ func (r *SubnetSetReconciler) Reconcile(ctx context.Context, req ctrl.Request) ( return ResultRequeue, err } if obj.Spec.AccessMode == "" { - obj.Spec.AccessMode = v1alpha1.AccessMode(vpcNetworkConfig.DefaultSubnetAccessMode) + obj.Spec.AccessMode = v1alpha1.AccessMode(v1alpha1.AccessModePrivate) + if obj.Name == servicecommon.DefaultPodSubnetSet { + obj.Spec.AccessMode = v1alpha1.AccessMode(vpcNetworkConfig.PodSubnetAccessMode) + } } if obj.Spec.IPv4SubnetSize == 0 { - obj.Spec.IPv4SubnetSize = vpcNetworkConfig.DefaultIPv4SubnetSize + obj.Spec.IPv4SubnetSize = vpcNetworkConfig.DefaultSubnetSize } } if err := r.Client.Update(ctx, obj); err != nil { diff --git a/pkg/nsx/client.go b/pkg/nsx/client.go index ea1e845ed..c41f26d7a 100644 --- a/pkg/nsx/client.go +++ b/pkg/nsx/client.go @@ -18,11 +18,11 @@ import ( "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/infra/domains" "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/infra/domains/security_policies" "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/infra/sites/enforcement_points" - projects "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/orgs/projects" - infra "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/orgs/projects/infra" + "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/orgs/projects" + "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/orgs/projects/infra" "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/orgs/projects/infra/realized_state" "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/orgs/projects/vpcs" - nat "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/orgs/projects/vpcs/nat" + "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/orgs/projects/vpcs/nat" vpc_sp "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/orgs/projects/vpcs/security_policies" "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/orgs/projects/vpcs/subnets" "github.com/vmware/vsphere-automation-sdk-go/services/nsxt/orgs/projects/vpcs/subnets/ip_pools" @@ -71,21 +71,22 @@ type Client struct { VPCSecurityClient vpcs.SecurityPoliciesClient VPCRuleClient vpc_sp.RulesClient - OrgRootClient nsx_policy.OrgRootClient - ProjectInfraClient projects.InfraClient - VPCClient projects.VpcsClient - IPBlockClient infra.IpBlocksClient - StaticRouteClient vpcs.StaticRoutesClient - NATRuleClient nat.NatRulesClient - VpcGroupClient vpcs.GroupsClient - PortClient subnets.PortsClient - PortStateClient ports.StateClient - IPPoolClient subnets.IpPoolsClient - IPAllocationClient ip_pools.IpAllocationsClient - SubnetsClient vpcs.SubnetsClient - RealizedStateClient realized_state.RealizedEntitiesClient - IPAddressAllocationClient vpcs.IpAddressAllocationsClient - VPCLBSClient vpcs.VpcLbsClient + OrgRootClient nsx_policy.OrgRootClient + ProjectInfraClient projects.InfraClient + VPCClient projects.VpcsClient + VPCConnectivityProfilesClient projects.VpcConnectivityProfilesClient + IPBlockClient infra.IpBlocksClient + StaticRouteClient vpcs.StaticRoutesClient + NATRuleClient nat.NatRulesClient + VpcGroupClient vpcs.GroupsClient + PortClient subnets.PortsClient + PortStateClient ports.StateClient + IPPoolClient subnets.IpPoolsClient + IPAllocationClient ip_pools.IpAllocationsClient + SubnetsClient vpcs.SubnetsClient + RealizedStateClient realized_state.RealizedEntitiesClient + IPAddressAllocationClient vpcs.IpAddressAllocationsClient + VPCLBSClient vpcs.VpcLbsClient NSXChecker NSXHealthChecker NSXVerChecker NSXVersionChecker @@ -154,6 +155,7 @@ func GetClient(cf *config.NSXOperatorConfig) *Client { orgRootClient := nsx_policy.NewOrgRootClient(restConnector(cluster)) projectInfraClient := projects.NewInfraClient(restConnector(cluster)) vpcClient := projects.NewVpcsClient(restConnector(cluster)) + vpcConnectivityProfilesClient := projects.NewVpcConnectivityProfilesClient(restConnector(cluster)) ipBlockClient := infra.NewIpBlocksClient(restConnector(cluster)) staticRouteClient := vpcs.NewStaticRoutesClient(restConnector(cluster)) natRulesClient := nat.NewNatRulesClient(restConnector(cluster)) @@ -196,19 +198,20 @@ func GetClient(cf *config.NSXOperatorConfig) *Client { PrincipalIdentitiesClient: principalIdentitiesClient, WithCertificateClient: withCertificateClient, - OrgRootClient: orgRootClient, - ProjectInfraClient: projectInfraClient, - VPCClient: vpcClient, - IPBlockClient: ipBlockClient, - StaticRouteClient: staticRouteClient, - NATRuleClient: natRulesClient, - VpcGroupClient: vpcGroupClient, - PortClient: portClient, - PortStateClient: portStateClient, - SubnetStatusClient: subnetStatusClient, - VPCSecurityClient: vpcSecurityClient, - VPCRuleClient: vpcRuleClient, - VPCLBSClient: vpcLBSClient, + OrgRootClient: orgRootClient, + ProjectInfraClient: projectInfraClient, + VPCClient: vpcClient, + VPCConnectivityProfilesClient: vpcConnectivityProfilesClient, + IPBlockClient: ipBlockClient, + StaticRouteClient: staticRouteClient, + NATRuleClient: natRulesClient, + VpcGroupClient: vpcGroupClient, + PortClient: portClient, + PortStateClient: portStateClient, + SubnetStatusClient: subnetStatusClient, + VPCSecurityClient: vpcSecurityClient, + VPCRuleClient: vpcRuleClient, + VPCLBSClient: vpcLBSClient, NSXChecker: *nsxChecker, NSXVerChecker: *nsxVersionChecker, diff --git a/pkg/nsx/services/common/builder_test.go b/pkg/nsx/services/common/builder_test.go index 5c222fcec..9a00f4d03 100644 --- a/pkg/nsx/services/common/builder_test.go +++ b/pkg/nsx/services/common/builder_test.go @@ -135,13 +135,12 @@ func TestParseVPCResourcePath(t *testing.T) { nsxResourcePath: "/orgs/org1/projects/proj1/vpcs/vpc1/subnets/subnet1/ports/port1", }, want: VPCResourceInfo{ - OrgID: "org1", - ProjectID: "proj1", - VPCID: "vpc1", - ParentID: "subnet1", - ID: "port1", - PrivateIpv4Blocks: nil, - ExternalIPv4Blocks: nil, + OrgID: "org1", + ProjectID: "proj1", + VPCID: "vpc1", + ParentID: "subnet1", + ID: "port1", + PrivateIpv4Blocks: nil, }, wantErr: false, }, @@ -151,13 +150,12 @@ func TestParseVPCResourcePath(t *testing.T) { nsxResourcePath: "/orgs/org1/projects/proj1/vpcs/vpc1", }, want: VPCResourceInfo{ - OrgID: "org1", - ProjectID: "proj1", - VPCID: "vpc1", - ParentID: "proj1", - ID: "vpc1", - PrivateIpv4Blocks: nil, - ExternalIPv4Blocks: nil, + OrgID: "org1", + ProjectID: "proj1", + VPCID: "vpc1", + ParentID: "proj1", + ID: "vpc1", + PrivateIpv4Blocks: nil, }, wantErr: false, }, diff --git a/pkg/nsx/services/common/types.go b/pkg/nsx/services/common/types.go index 802c403dc..85044ac6e 100644 --- a/pkg/nsx/services/common/types.go +++ b/pkg/nsx/services/common/types.go @@ -197,22 +197,19 @@ type VPCResourceInfo struct { // ID=port1, ParentID=s1; // 2. For the subnet with path /orgs/o1/projects/p1/vpcs/v1/subnets/s1, // ID=s1, ParentID=v1 (ParentID==VPCID). - ID string - ParentID string - PrivateIpv4Blocks []string - ExternalIPv4Blocks []string + ID string + ParentID string + PrivateIpv4Blocks []string } type VPCNetworkConfigInfo struct { - IsDefault bool - Org string - Name string - DefaultGatewayPath string - EdgeClusterPath string - NsxtProject string - ExternalIPv4Blocks []string - PrivateIPv4CIDRs []string - DefaultIPv4SubnetSize int - DefaultSubnetAccessMode string - ShortID string + IsDefault bool + Org string + Name string + VPCConnectivityProfile string + NSXProject string + PrivateIPs []string + DefaultSubnetSize int + PodSubnetAccessMode string + ShortID string } diff --git a/pkg/nsx/services/vpc/builder.go b/pkg/nsx/services/vpc/builder.go index 2c87fffd1..d22fef1f9 100644 --- a/pkg/nsx/services/vpc/builder.go +++ b/pkg/nsx/services/vpc/builder.go @@ -67,15 +67,8 @@ func buildNSXVPC(obj *v1alpha1.NetworkInfo, nsObj *v1.Namespace, nc common.VPCNe vpcName := util.GenerateIDByObjectByLimit(obj, common.MaxNameLength) vpc.DisplayName = &vpcName vpc.Id = common.String(util.GenerateIDByObject(obj)) - vpc.DefaultGatewayPath = &nc.DefaultGatewayPath vpc.IpAddressType = &DefaultVPCIPAddressType - siteInfos := []model.SiteInfo{ - { - EdgeClusterPaths: []string{nc.EdgeClusterPath}, - }, - } - vpc.SiteInfos = siteInfos if useAVILB { loadBalancerVPCEndpointEnabled := true vpc.LoadBalancerVpcEndpoint = &model.LoadBalancerVPCEndpoint{Enabled: &loadBalancerVPCEndpointEnabled} @@ -83,8 +76,12 @@ func buildNSXVPC(obj *v1alpha1.NetworkInfo, nsObj *v1.Namespace, nc common.VPCNe vpc.Tags = util.BuildBasicTags(cluster, obj, nsObj.UID) } - // update private/public blocks - vpc.ExternalIpv4Blocks = nc.ExternalIPv4Blocks + if nc.VPCConnectivityProfile != "" { + vpc.VpcConnectivityProfile = &nc.VPCConnectivityProfile + } + + // TODO: add PrivateIps and remove PrivateIpv4Blocks once the NSX VPC API support private_ips field. + // vpc.PrivateIps = nc.PrivateIPs vpc.PrivateIpv4Blocks = util.GetMapValues(pathMap) if nc.ShortID != "" { vpc.ShortId = &nc.ShortID diff --git a/pkg/nsx/services/vpc/builder_test.go b/pkg/nsx/services/vpc/builder_test.go index b7301b228..478045e80 100644 --- a/pkg/nsx/services/vpc/builder_test.go +++ b/pkg/nsx/services/vpc/builder_test.go @@ -80,11 +80,8 @@ func Test_buildNSXLBS(t *testing.T) { func TestBuildNSXVPC(t *testing.T) { nc := common.VPCNetworkConfigInfo{ - ExternalIPv4Blocks: []string{"10.10.0.0/16"}, - PrivateIPv4CIDRs: []string{"192.168.1.0/24"}, - DefaultGatewayPath: "gw1", - ShortID: "short1", - EdgeClusterPath: "edge1", + PrivateIPs: []string{"192.168.1.0/24"}, + ShortID: "short1", } netInfoObj := &v1alpha1.NetworkInfo{ ObjectMeta: metav1.ObjectMeta{Namespace: "ns1", Name: "ns1", UID: "netinfouid1"}, @@ -105,23 +102,20 @@ func TestBuildNSXVPC(t *testing.T) { { name: "existing VPC not change", existingVPC: &model.Vpc{ - ExternalIpv4Blocks: []string{"10.10.0.0/16"}, - PrivateIpv4Blocks: []string{"192.168.1.0/24"}, + PrivateIps: []string{"192.168.1.0/24"}, }, useAVILB: true, }, { name: "existing VPC changes private IPv4 blocks", existingVPC: &model.Vpc{ - ExternalIpv4Blocks: []string{"10.10.0.0/16"}, - PrivateIpv4Blocks: []string{}, + PrivateIpv4Blocks: []string{}, }, pathMap: map[string]string{"vpc1": "192.168.3.0/24"}, useAVILB: false, expVPC: &model.Vpc{ - ExternalIpv4Blocks: []string{"10.10.0.0/16"}, - PrivateIpv4Blocks: []string{"192.168.3.0/24"}, - ShortId: common.String("short1"), + PrivateIpv4Blocks: []string{"192.168.3.0/24"}, + ShortId: common.String("short1"), }, }, { @@ -129,16 +123,9 @@ func TestBuildNSXVPC(t *testing.T) { pathMap: map[string]string{"vpc1": "192.168.3.0/24"}, useAVILB: true, expVPC: &model.Vpc{ - Id: common.String("ns1-netinfouid1"), - DisplayName: common.String("ns1-netinfouid1"), - DefaultGatewayPath: common.String("gw1"), - SiteInfos: []model.SiteInfo{ - { - EdgeClusterPaths: []string{"edge1"}, - }, - }, + Id: common.String("ns1-netinfouid1"), + DisplayName: common.String("ns1-netinfouid1"), LoadBalancerVpcEndpoint: &model.LoadBalancerVPCEndpoint{Enabled: common.Bool(true)}, - ExternalIpv4Blocks: []string{"10.10.0.0/16"}, PrivateIpv4Blocks: []string{"192.168.3.0/24"}, IpAddressType: common.String("IPV4"), ShortId: common.String("short1"), @@ -155,18 +142,11 @@ func TestBuildNSXVPC(t *testing.T) { pathMap: map[string]string{"vpc1": "192.168.3.0/24"}, useAVILB: false, expVPC: &model.Vpc{ - Id: common.String("ns1-netinfouid1"), - DisplayName: common.String("ns1-netinfouid1"), - DefaultGatewayPath: common.String("gw1"), - SiteInfos: []model.SiteInfo{ - { - EdgeClusterPaths: []string{"edge1"}, - }, - }, - ExternalIpv4Blocks: []string{"10.10.0.0/16"}, - PrivateIpv4Blocks: []string{"192.168.3.0/24"}, - IpAddressType: common.String("IPV4"), - ShortId: common.String("short1"), + Id: common.String("ns1-netinfouid1"), + DisplayName: common.String("ns1-netinfouid1"), + PrivateIpv4Blocks: []string{"192.168.3.0/24"}, + IpAddressType: common.String("IPV4"), + ShortId: common.String("short1"), Tags: []model.Tag{ {Scope: common.String("nsx-op/cluster"), Tag: common.String("cluster1")}, {Scope: common.String("nsx-op/version"), Tag: common.String("1.0.0")}, diff --git a/pkg/nsx/services/vpc/compare.go b/pkg/nsx/services/vpc/compare.go index f41ccb66c..45686a7bd 100644 --- a/pkg/nsx/services/vpc/compare.go +++ b/pkg/nsx/services/vpc/compare.go @@ -9,11 +9,7 @@ import ( // currently we only support appending public/private cidrs // so only comparing list size is enough to identify if vcp changed func IsVPCChanged(nc common.VPCNetworkConfigInfo, vpc *model.Vpc) bool { - if len(nc.ExternalIPv4Blocks) != len(vpc.ExternalIpv4Blocks) { - return true - } - - if len(nc.PrivateIPv4CIDRs) != len(vpc.PrivateIpv4Blocks) { + if len(nc.PrivateIPs) != len(vpc.PrivateIps) { return true } diff --git a/pkg/nsx/services/vpc/vpc.go b/pkg/nsx/services/vpc/vpc.go index b3a5badd5..698c16b1a 100644 --- a/pkg/nsx/services/vpc/vpc.go +++ b/pkg/nsx/services/vpc/vpc.go @@ -141,7 +141,7 @@ func (s *VPCService) GetVPCNetworkConfigByNamespace(ns string) *common.VPCNetwor // TBD: for now, if network config info do not contains private cidr, we consider this is // incorrect configuration, and skip creating this VPC CR func (s *VPCService) ValidateNetworkConfig(nc common.VPCNetworkConfigInfo) bool { - return nc.PrivateIPv4CIDRs != nil && len(nc.PrivateIPv4CIDRs) != 0 + return nc.PrivateIPs != nil && len(nc.PrivateIPs) != 0 } // InitializeVPC sync NSX resources @@ -318,8 +318,8 @@ func (s *VPCService) CreateOrUpdatePrivateIPBlock(obj *v1alpha1.NetworkInfo, nsO error) { // if network config contains PrivateIPV4CIDRs section, create private ip block for each cidr path := map[string]string{} - if nc.PrivateIPv4CIDRs != nil { - for _, pCidr := range nc.PrivateIPv4CIDRs { + if nc.PrivateIPs != nil { + for _, pCidr := range nc.PrivateIPs { log.Info("start processing private cidr", "cidr", pCidr) // if parse success, then check if private cidr exist, here we suppose it must be a cidr format string ip, _, err := net.ParseCIDR(pCidr) @@ -336,10 +336,10 @@ func (s *VPCService) CreateOrUpdatePrivateIPBlock(obj *v1alpha1.NetworkInfo, nsO block := s.IpblockStore.GetByKey(key) if block == nil { log.Info("no ip block found in store for cidr", "CIDR", pCidr) - block := buildPrivateIpBlock(obj, nsObj, pCidr, ip.String(), nc.NsxtProject, s.NSXConfig.Cluster) + block := buildPrivateIpBlock(obj, nsObj, pCidr, ip.String(), nc.NSXProject, s.NSXConfig.Cluster) log.Info("creating ip block", "IPBlock", block.Id, "VPC", obj.Name) // can not find private ip block from store, create one - _err := s.NSXClient.IPBlockClient.Patch(nc.Org, nc.NsxtProject, *block.Id, block) + _err := s.NSXClient.IPBlockClient.Patch(nc.Org, nc.NSXProject, *block.Id, block) _err = nsxutil.NSXApiError(_err) if _err != nil { message := fmt.Sprintf("failed to create private ip block for cidr %s for VPC %s", pCidr, obj.Name) @@ -348,11 +348,11 @@ func (s *VPCService) CreateOrUpdatePrivateIPBlock(obj *v1alpha1.NetworkInfo, nsO return nil, ipblockError } ignoreIpblockUsage := true - createdBlock, err := s.NSXClient.IPBlockClient.Get(nc.Org, nc.NsxtProject, *block.Id, &ignoreIpblockUsage) + createdBlock, err := s.NSXClient.IPBlockClient.Get(nc.Org, nc.NSXProject, *block.Id, &ignoreIpblockUsage) err = nsxutil.NSXApiError(err) if err != nil { // created by can not get, ignore this error - log.Info("failed to read ip blocks from NSX", "Project", nc.NsxtProject, "IPBlock", block.Id) + log.Info("failed to read ip blocks from NSX", "Project", nc.NSXProject, "IPBlock", block.Id) continue } // update ip block store @@ -577,7 +577,7 @@ func (s *VPCService) CreateOrUpdateVPC(obj *v1alpha1.NetworkInfo) (*model.Vpc, * return nil, nil, err } - // if there is not change in public cidr and private cidr, build partial vpc will return nil + // if there is no change in public cidr and private cidr, build partial vpc will return nil if createdVpc == nil { log.Info("no VPC changes detect, skip creating or updating process") return existingVPC[0], &nc, nil @@ -587,7 +587,7 @@ func (s *VPCService) CreateOrUpdateVPC(obj *v1alpha1.NetworkInfo) (*model.Vpc, * var createdLBS *model.LBService if s.NSXConfig.NsxConfig.NSXLBEnabled() { lbsSize := s.NSXConfig.NsxConfig.GetNSXLBSize() - vpcPath := fmt.Sprintf(VPCKey, nc.Org, nc.NsxtProject, nc.Name) + vpcPath := fmt.Sprintf(VPCKey, nc.Org, nc.NSXProject, nc.Name) var relaxScaleValidation *bool if s.NSXConfig.NsxConfig.RelaxNSXLBScaleValication { relaxScaleValidation = common.Bool(true) @@ -595,7 +595,7 @@ func (s *VPCService) CreateOrUpdateVPC(obj *v1alpha1.NetworkInfo) (*model.Vpc, * createdLBS, _ = buildNSXLBS(obj, nsObj, s.NSXConfig.Cluster, lbsSize, vpcPath, relaxScaleValidation) } // build HAPI request - orgRoot, err := s.WrapHierarchyVPC(nc.Org, nc.NsxtProject, createdVpc, createdLBS) + orgRoot, err := s.WrapHierarchyVPC(nc.Org, nc.NSXProject, createdVpc, createdLBS) if err != nil { log.Error(err, "failed to build HAPI request") return nil, nil, err @@ -605,23 +605,23 @@ func (s *VPCService) CreateOrUpdateVPC(obj *v1alpha1.NetworkInfo) (*model.Vpc, * err = s.NSXClient.OrgRootClient.Patch(*orgRoot, &EnforceRevisionCheckParam) err = nsxutil.NSXApiError(err) if err != nil { - log.Error(err, "failed to create VPC", "Project", nc.NsxtProject, "Namespace", obj.Namespace) + log.Error(err, "failed to create VPC", "Project", nc.NSXProject, "Namespace", obj.Namespace) // TODO: this seems to be a nsx bug, in some case, even if nsx returns failed but the object is still created. log.Info("try to read VPC although VPC creation failed", "VPC", *createdVpc.Id) - failedVpc, rErr := s.NSXClient.VPCClient.Get(nc.Org, nc.NsxtProject, *createdVpc.Id) + failedVpc, rErr := s.NSXClient.VPCClient.Get(nc.Org, nc.NSXProject, *createdVpc.Id) rErr = nsxutil.NSXApiError(rErr) if rErr != nil { // failed to read, but already created, we consider this scenario as success, but store may not sync with nsx log.Info("confirmed VPC is not created", "VPC", createdVpc.Id) return nil, nil, err } else { - // vpc created anyway, in this case, we consider this vpc is created successfully and continue realize process + // vpc created anyway, in this case, we consider this vpc is created successfully and continue to realize process log.Info("vpc created although nsx return error, continue to check realization", "VPC", *failedVpc.Id) } } // get the created vpc from nsx, it contains the path of the resources - newVpc, err := s.NSXClient.VPCClient.Get(nc.Org, nc.NsxtProject, *createdVpc.Id) + newVpc, err := s.NSXClient.VPCClient.Get(nc.Org, nc.NSXProject, *createdVpc.Id) err = nsxutil.NSXApiError(err) if err != nil { // failed to read, but already created, we consider this scenario as success, but store may not sync with nsx @@ -649,7 +649,7 @@ func (s *VPCService) CreateOrUpdateVPC(obj *v1alpha1.NetworkInfo) (*model.Vpc, * // Check LBS realization if createdLBS != nil { - newLBS, err := s.NSXClient.VPCLBSClient.Get(nc.Org, nc.NsxtProject, *createdVpc.Id, *createdLBS.Id) + newLBS, err := s.NSXClient.VPCLBSClient.Get(nc.Org, nc.NSXProject, *createdVpc.Id, *createdLBS.Id) if err != nil { log.Error(err, "failed to read LBS object after creating or updating", "LBS", createdLBS.Id) return nil, nil, err @@ -957,7 +957,6 @@ func (service *VPCService) ListVPCInfo(ns string) []common.VPCResourceInfo { if err != nil { log.Error(err, "Failed to get vpc info from vpc path", "vpc path", *v.Path) } - vpcResourceInfo.ExternalIPv4Blocks = v.ExternalIpv4Blocks vpcResourceInfo.PrivateIpv4Blocks = v.PrivateIpv4Blocks VPCInfoList = append(VPCInfoList, vpcResourceInfo) } diff --git a/test/e2e/manifest/testVPC/customize_networkconfig.yaml b/test/e2e/manifest/testVPC/customize_networkconfig.yaml index 63ceee316..fc7ff3ffc 100644 --- a/test/e2e/manifest/testVPC/customize_networkconfig.yaml +++ b/test/e2e/manifest/testVPC/customize_networkconfig.yaml @@ -5,15 +5,10 @@ kind: VPCNetworkConfiguration metadata: name: selfdefinedconfig spec: - defaultGatewayPath: /infra/tier-0s/PLR - # nsx-operator-ci would replace '{edge-cluster-id}' with real edge-cluster-id of testbed - edgeClusterPath: /infra/sites/default/enforcement-points/default/edge-clusters/{edge-cluster-id} - defaultIPv4SubnetSize: 32 - nsxtProject: /orgs/default/projects/nsx_operator_e2e_test - externalIPv4Blocks: - - /infra/ip-blocks/e2e_test_external_ip_blk - privateIPv4CIDRs: + defaultSubnetSize: 32 + nsxProject: /orgs/default/projects/nsx_operator_e2e_test + privateIPs: - 172.29.0.0/16 - 172.39.0.0/16 - defaultSubnetAccessMode: Public - \ No newline at end of file + podSubnetAccessMode: Public + vpcConnectivityProfile: /orgs/default/projects/nsx_operator_e2e_test/vpc-connectivity-profiles/default diff --git a/test/e2e/manifest/testVPC/customize_networkconfig_updated.yaml b/test/e2e/manifest/testVPC/customize_networkconfig_updated.yaml index 13711e079..c9858a3b1 100644 --- a/test/e2e/manifest/testVPC/customize_networkconfig_updated.yaml +++ b/test/e2e/manifest/testVPC/customize_networkconfig_updated.yaml @@ -5,16 +5,11 @@ kind: VPCNetworkConfiguration metadata: name: selfdefinedconfig spec: - defaultGatewayPath: /infra/tier-0s/PLR - # nsx-operator-ci would replace '{edge-cluster-id}' with real edge-cluster-id of testbed - edgeClusterPath: /infra/sites/default/enforcement-points/default/edge-clusters/{edge-cluster-id} - defaultIPv4SubnetSize: 32 - nsxtProject: /orgs/default/projects/nsx_operator_e2e_test - externalIPv4Blocks: - - /infra/ip-blocks/e2e_test_external_ip_blk - privateIPv4CIDRs: + defaultSubnetSize: 32 + nsxProject: /orgs/default/projects/nsx_operator_e2e_test + privateIPs: - 172.29.0.0/16 - 172.39.0.0/16 - 172.49.0.0/16 - defaultSubnetAccessMode: Public - \ No newline at end of file + podSubnetAccessMode: Public + vpcConnectivityProfile: /orgs/default/projects/nsx_operator_e2e_test/vpc-connectivity-profiles/default diff --git a/test/e2e/manifest/testVPC/default_networkconfig.yaml b/test/e2e/manifest/testVPC/default_networkconfig.yaml index a13fc8fa7..a268a7d76 100644 --- a/test/e2e/manifest/testVPC/default_networkconfig.yaml +++ b/test/e2e/manifest/testVPC/default_networkconfig.yaml @@ -9,14 +9,10 @@ metadata: annotations: nsx.vmware.com/default: "true" spec: - defaultGatewayPath: /infra/tier-0s/PLR - # nsx-operator-ci would replace '{edge-cluster-id}' with real edge-cluster-id of testbed - edgeClusterPath: /infra/sites/default/enforcement-points/default/edge-clusters/{edge-cluster-id} - defaultIPv4SubnetSize: 32 - nsxtProject: /orgs/default/projects/nsx_operator_e2e_test - externalIPv4Blocks: - - /infra/ip-blocks/e2e_test_external_ip_blk - privateIPv4CIDRs: + defaultSubnetSize: 32 + nsxProject: /orgs/default/projects/nsx_operator_e2e_test + privateIPs: - 172.28.0.0/16 - 172.38.0.0/16 - defaultSubnetAccessMode: Public + podSubnetAccessMode: Public + vpcConnectivityProfile: /orgs/default/projects/nsx_operator_e2e_test/vpc-connectivity-profiles/default diff --git a/test/e2e/manifest/testVPC/system_networkconfig.yaml b/test/e2e/manifest/testVPC/system_networkconfig.yaml index 86dcea799..023b69dd1 100644 --- a/test/e2e/manifest/testVPC/system_networkconfig.yaml +++ b/test/e2e/manifest/testVPC/system_networkconfig.yaml @@ -6,15 +6,10 @@ kind: VPCNetworkConfiguration metadata: name: system spec: - defaultGatewayPath: /infra/tier-0s/PLR - # nsx-operator-ci would replace '{edge-cluster-id}' with real edge-cluster-id of testbed - edgeClusterPath: /infra/sites/default/enforcement-points/default/edge-clusters/{edge-cluster-id} - defaultIPv4SubnetSize: 32 - nsxtProject: /orgs/default/projects/nsx_operator_e2e_test - externalIPv4Blocks: - - /infra/ip-blocks/e2e_test_external_ip_blk - privateIPv4CIDRs: + defaultSubnetSize: 32 + nsxProject: /orgs/default/projects/nsx_operator_e2e_test + privateIPs: - 172.27.0.0/16 - 172.37.0.0/16 - defaultSubnetAccessMode: Public - \ No newline at end of file + podSubnetAccessMode: Public + vpcConnectivityProfile: /orgs/default/projects/nsx_operator_e2e_test/vpc-connectivity-profiles/default diff --git a/test/e2e/nsx_networkinfo_test.go b/test/e2e/nsx_networkinfo_test.go index 33bcb8927..88e51b6d3 100644 --- a/test/e2e/nsx_networkinfo_test.go +++ b/test/e2e/nsx_networkinfo_test.go @@ -78,7 +78,7 @@ func TestCustomizedNetworkInfo(t *testing.T) { err := testData.waitForResourceExistByPath(vpcPath, true) assertNil(t, err) - //verify private ipblocks created for vpc + // verify private ipblocks created for vpc p_ipb_id1 := ns_uid + "_" + CustomizedPrivateCIDR1 p_ipb_id2 := ns_uid + "_" + CustomizedPrivateCIDR2 @@ -97,7 +97,7 @@ func TestInfraNetworkInfo(t *testing.T) { err := testData.waitForResourceExistByPath(vpcPath, true) assertNil(t, err) - //verify private ipblocks created for vpc + // verify private ipblocks created for vpc p_ipb_id1 := ns_uid + "_" + InfraPrivateCIDR1 p_ipb_id2 := ns_uid + "_" + InfraPrivateCIDR2 @@ -128,7 +128,7 @@ func TestDefaultNetworkInfo(t *testing.T) { err := testData.waitForResourceExistByPath(vpcPath, true) assertNil(t, err) - //verify private ipblocks created for vpc, id is nsuid + cidr + // verify private ipblocks created for vpc, id is nsuid + cidr p_ipb_id1 := ns_uid + "_" + DefaultPrivateCIDR1 p_ipb_id2 := ns_uid + "_" + DefaultPrivateCIDR2 @@ -171,7 +171,7 @@ func TestSharedNetworkInfo(t *testing.T) { assertTrue(t, vpcPath == vpcPath1, "vpcPath %s should be the same as vpcPath2 %s", vpcPath, vpcPath1) - //verify private ipblocks created for vpc, id is nsuid + cidr + // verify private ipblocks created for vpc, id is nsuid + cidr p_ipb_id1 := ns_uid + "_" + CustomizedPrivateCIDR1 p_ipb_id2 := ns_uid + "_" + CustomizedPrivateCIDR2 @@ -205,12 +205,12 @@ func TestUpdateVPCNetworkconfigNetworkInfo(t *testing.T) { // Check networkinfo cr existence networkinfo_name, _ := verifyCRCreated(t, NetworkInfoCRType, ns, 1) - privateIPv4CIDRs, err := testData.getCRPropertiesByJson(defaultTimeout, NetworkInfoCRType, networkinfo_name, ns, ".vpcs[0].privateIPv4CIDRs") - assertTrue(t, strings.Contains(privateIPv4CIDRs, CustomizedPrivateCIDR1), "privateIPv4CIDRs %s should contain %s", privateIPv4CIDRs, CustomizedPrivateCIDR1) - assertTrue(t, strings.Contains(privateIPv4CIDRs, CustomizedPrivateCIDR2), "privateIPv4CIDRs %s should contain %s", privateIPv4CIDRs, CustomizedPrivateCIDR1) + privateIPs, err := testData.getCRPropertiesByJson(defaultTimeout, NetworkInfoCRType, networkinfo_name, ns, ".vpcs[0].privateIPs") + assertTrue(t, strings.Contains(privateIPs, CustomizedPrivateCIDR1), "privateIPs %s should contain %s", privateIPs, CustomizedPrivateCIDR1) + assertTrue(t, strings.Contains(privateIPs, CustomizedPrivateCIDR2), "privateIPs %s should contain %s", privateIPs, CustomizedPrivateCIDR1) assertNil(t, err) - //verify private ipblocks created for vpc, id is nsuid + cidr + // verify private ipblocks created for vpc, id is nsuid + cidr p_ipb_id1 := ns_uid + "_" + CustomizedPrivateCIDR1 p_ipb_id2 := ns_uid + "_" + CustomizedPrivateCIDR2 @@ -220,8 +220,8 @@ func TestUpdateVPCNetworkconfigNetworkInfo(t *testing.T) { vncPath, _ := filepath.Abs("./manifest/testVPC/customize_networkconfig_updated.yaml") _ = applyYAML(vncPath, "") - privateIPv4CIDRs, err = testData.getCRPropertiesByJson(defaultTimeout, NetworkInfoCRType, networkinfo_name, ns, ".vpcs[0].privateIPv4CIDRs") - assertTrue(t, strings.Contains(privateIPv4CIDRs, CustomizedPrivateCIDR3), "privateIPv4CIDRs %s should contain %s", privateIPv4CIDRs, CustomizedPrivateCIDR3) + privateIPs, err = testData.getCRPropertiesByJson(defaultTimeout, NetworkInfoCRType, networkinfo_name, ns, ".vpcs[0].privateIPs") + assertTrue(t, strings.Contains(privateIPs, CustomizedPrivateCIDR3), "privateIPs %s should contain %s", privateIPs, CustomizedPrivateCIDR3) assertNil(t, err) p_ipb_id3 := ns_uid + "_" + CustomizedPrivateCIDR3 verifyPrivateIPBlockCreated(t, ns, p_ipb_id3) diff --git a/test/e2e/nsx_subnet_test.go b/test/e2e/nsx_subnet_test.go index 0aa6e405e..0442d0f6e 100644 --- a/test/e2e/nsx_subnet_test.go +++ b/test/e2e/nsx_subnet_test.go @@ -42,12 +42,16 @@ func verifySubnetSetCR(subnetSet string) bool { log.Printf("Failed to get %s/%s: %s", E2ENamespace, subnetSet, err) return false } - if string(subnetSetCR.Spec.AccessMode) != vpcNetworkConfig.Spec.DefaultSubnetAccessMode { - log.Printf("AccessMode is %s, while it's expected to be %s", subnetSetCR.Spec.AccessMode, vpcNetworkConfig.Spec.DefaultSubnetAccessMode) - return false + + if subnetSet == common.DefaultPodSubnetSet { + if string(subnetSetCR.Spec.AccessMode) != vpcNetworkConfig.Spec.PodSubnetAccessMode { + log.Printf("AccessMode is %s, while it's expected to be %s", subnetSetCR.Spec.AccessMode, vpcNetworkConfig.Spec.PodSubnetAccessMode) + return false + } } - if subnetSetCR.Spec.IPv4SubnetSize != vpcNetworkConfig.Spec.DefaultIPv4SubnetSize { - log.Printf("IPv4SubnetSize is %d, while it's expected to be %d", subnetSetCR.Spec.IPv4SubnetSize, vpcNetworkConfig.Spec.DefaultIPv4SubnetSize) + + if subnetSetCR.Spec.IPv4SubnetSize != vpcNetworkConfig.Spec.DefaultSubnetSize { + log.Printf("IPv4SubnetSize is %d, while it's expected to be %d", subnetSetCR.Spec.IPv4SubnetSize, vpcNetworkConfig.Spec.DefaultSubnetSize) return false } return true