✨ implement CAPI IPAM contract support #769
Conversation
metal3-io-bot
added
the
do-not-merge/work-in-progress
|
Skipping CI for Draft Pull Request. |
metal3-io-bot
added
the
size/XXL
|
/test all |
metal3-io-bot
removed
the
do-not-merge/work-in-progress
|
/assign @furkatgofurov7 |
👍🏼 I'll take a closer look tomorrow |
There was a problem hiding this comment.
Thanks for this work @schrej, mostly nits for the first iteration.
I can understand why this PR keeps the allocation logic of Metal3 IPAM as "default" and provides CAPI way as an alternative since it paves the way for smoother migration, but since our current CI is still not adapted to the new way of IPAM support, I wonder if have you already tested it and could share your thoughts on that regard?
|
I did some manual testing with the in-cluster provider and it works well. |
Great!
That would be nice to have to make sure we have a CI coverage for the new support. Let me know if I can help anyway with that.
Which version of clusterctl specifically? do you mean v1.3,x? |
Yes! Release is planned for Thursday (1.12.), so not really a blocker. |
schrej
force-pushed
the
capi-ipam
branch
2 times, most recently
from
73f9e31
to
4f8a211
Compare
|
@schrej do you still have time to take a look and fix the build job on this PR? |
|
Hey @furkatgofurov7, sorry for the late response, I was on PTO the last few days. I'll update this PR as soon as I find time. I was struggling with e2e tests, it would be great if someone could assist with that! Maybe we can merge this and work on e2e tests in a separate PR. |
Hi @schrej , thanks for working on this and no worries, just wanted to check in if this is on track and if there is anything we can help!
Anything specific we can help with e2e tests? I am fine to have a follow-up to deal with e2e tests as well. |
|
Tests should be good now.
I think I was mainly struggling with undestanding how they work in general, and then finding a reasonable test to extend with CAPI IPAM. There doesn't seem to be any basic "deploy a cluster and make sure it works" test, or I'm just not seeing it... |
This is a good point. It is weird and surprising that the "least" test we do is a |
Right, most if not all of the e2e tests we have feature specific and we are missing the simple base testing e2e tests. |
indeed, but since e2e tests are quite new and when pivoting was introduced we did not have them at all, so we decided to add it as part of integration tests? /cc @kashifest |
Let's take this discussion in the issue instead #897 |
| IPAddressFromIPPool string `json:"ipAddressFromIPPool,omitempty"` | ||
|
|
||
| // FromPoolRef is a reference to a IP pool to allocate an address from. | ||
| FromPoolRef *corev1.TypedLocalObjectReference `json:"fromPoolRef,omitempty"` |
There was a problem hiding this comment.
Unfortunately these references need to be pointers, otherwise the API server complains when the reference is empty.
We have recently added |
|
/assign |
metal3-io-bot
added
do-not-merge/hold
metal3-io-bot
removed
approved
|
@schrej whats the status of CAPI IPAM btw? |
|
One provider is available, which is very similar to metal3-io/ip-address-management and provides in-cluster IPAM: telekom/cluster-api-ipam-provider-in-cluster I've also started to work on a Infoblox provider. I'm currently trying to figure out how to handle hostnames, since Infoblox can provide DNS as well, which allows to have automatic DNS records for all machines. I'll probably open an issue on CAPI level at some point. Upstream the resources are still experimental and receive occasional changes. Right now we're discussing whether Gateway should be optional: kubernetes-sigs/cluster-api#8536 |
|
/unhold |
metal3-io-bot
removed
the
do-not-merge/hold
|
/test-ubuntu-integration-main |
|
I think that one is still flaking |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mboukhalfa The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
metal3-io-bot
added
the
approved
Would be nice to follow this on some issue on capm3 and set some todo plan for integration tests with capi ipam once it is upstream now we only tested with m3ipam right ? |
I've opened an issue to track it, as promised in some comment here. The IPAM contract is upstream, it's just in the |
What this PR does / why we need it:
Adds support for the CAPI IPAM contract.
To do so, the network related specs of Metal3DataTemplate were adapted to allow referencing other types of Pools than just the one provided by metal3-io/ip-address-manager. Depending on the referenced Pool type, the corresponding controller will create the correct IP claim resource.
For the metadata section, the reference was simply extended with new fields that allow to specify the api group and resource type.
For the network section a new field
FromPoolRefwas added, which can be used as an alternative to "IPAddressFromPool". The new field also supports references to the ip-address-manager Pools.Since both allocation mechanisms are very similar, the implementation is fairly close as well.
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Resolves #671