API to autocreate subnets for external hosts #10621
Conversation
|
@pravisankar Thanks for the help. Please take a look. PS: This is for 3.4 release. So do not merge before the 1.3 has been cut. |
| @@ -87,7 +87,10 @@ func ValidateHostSubnet(hs *sdnapi.HostSubnet) field.ErrorList { | |||
|
|
|||
| _, _, err := net.ParseCIDR(hs.Subnet) | |||
| if err != nil { | |||
| allErrs = append(allErrs, field.Invalid(field.NewPath("subnet"), hs.Subnet, err.Error())) | |||
| // check if annotation exists, then let the Subnet field be empty | |||
| if _, ok := hs.Annotations["hostsubnet.sdn.openshift.io/autocreate"]; !ok { | |||
There was a problem hiding this comment.
Why not make this an actual field?
There was a problem hiding this comment.
This annotation is mainly to address F5 use case. We use actual fields for generic use cases?
There was a problem hiding this comment.
When this annotation/field is set, ensure Subnet field is empty?
There was a problem hiding this comment.
I am in favour of an actual field. Will be easy to identify such hostsubnets easily post creation too. Thanks.
There was a problem hiding this comment.
We use actual fields for generic use cases?
at the point where API-level validation is using the data, it should probably be a field rather than an annotation
There was a problem hiding this comment.
Then it makes me against the field idea here. This is not a useful field at runtime, its merely a direction at create time.
|
In SubnetStartMaster(), you need to ignore HostSubnets that doesn't have populated Subnet field. |
| } | ||
|
|
||
| if _, ok := hs.Annotations["hostsubnet.sdn.openshift.io/autocreate"]; ok { | ||
| err = master.registry.DeleteSubnet(name) |
There was a problem hiding this comment.
Add a comment on why we are doing delete+create subnet instead of update subnet.
knobunc
changed the title
Why not just drop the annotation, and say people with HostSubnet-creating permission can always create HostSubnets-without-Subnet-fields, and the master will always then fill in the missing field?
Why does it do this rather than just update the existing one? |
|
Fixed the issues in feedback. Also, added a comment about why a delete+create is done instead of an update. The only reason is to avoid migration issues. The node side watchSubnets skips the actual planting of OVS rules if the hostsubnet was modified but the host name remains the same. |
|
LGTM, update docs about this feature? |
|
Yes, docs need to be updated. But, kind of a half story right now without the F5 use case. The complete F5 native-vxlan thing is coming in another PR, so probably a doc when that is ready. Thanks for the feedback. |
rajatchopra
changed the title
| @@ -87,7 +88,10 @@ func ValidateHostSubnet(hs *sdnapi.HostSubnet) field.ErrorList { | |||
|
|
|||
| _, _, err := net.ParseCIDR(hs.Subnet) | |||
| if err != nil { | |||
| allErrs = append(allErrs, field.Invalid(field.NewPath("subnet"), hs.Subnet, err.Error())) | |||
| // check if annotation exists, then let the Subnet field be empty | |||
| if _, ok := hs.Annotations[sdnplugin.AssignHostSubnetAnnotation]; !ok { | |||
There was a problem hiding this comment.
this isn't just allowing the subnet field to be empty, it's allowing it to be invalid... that's not what we want is it?
There was a problem hiding this comment.
Fixed this. The check is made only on empty field.
rajatchopra
force-pushed
the
f5
branch
2 times, most recently
from
081564b to
75940fd
Compare
|
Refactored with feedback and the restructure from eventQueue to DeltaFifo |
|
[test] |
| @@ -240,6 +241,41 @@ func (node *OsdnNode) initSelfSubnet() error { | |||
| return nil | |||
| } | |||
|
|
|||
| // Only run on the master | |||
| // Watch for all hostsubnet events and if one is found with the right annotation, use the IPAM to dole a real subnet | |||
There was a problem hiding this comment.
"use the subnet allocator" not "use the IPAM". "IPAM" refers to assigning IPs to pods, not networks to nodes
|
[test] |
…luster. This is useful when a host wants to be part of the SDN, but not part of the cluster (e.g. F5)
|
re [test] |
|
re [test] |
|
Evaluated for origin test up to 6926d71 |
|
continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/9758/) |
|
[merge] |
|
Flake #11315 [merge] |
|
Evaluated for origin merge up to 6926d71 |
|
continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/9985/) (Base Commit: a5c2619) (Image: devenv-rhel7_5166) |
One can now allocate hostsubnets for hosts that are not part of the cluster. This is useful when a host wants to be part of the SDN, but not part of the cluster (e.g. F5)
Trello: https://trello.com/c/fnW1tPCY/155-8-f5-integration-get-lease-from-cluster-cidr
Implementation details:
The deletion and recreation have been done so that migration of existing infrastructure can go on smoothly. Even if one were to update master and not the nodes, and add an F5 machine in the middle, no issues should appear.