Skip to content

Commit

Permalink
Adding the new DANM 4.0 management API definitions, and schema files.
Browse files Browse the repository at this point in the history 
Say hello to my little friends ClusterNetwork, TenantNetwork, and TenantConfig!
  • Loading branch information
@Levovar
Levovar committed May 23, 2019
1 parent 0195b55 commit 3f4c47f
Show file tree
Hide file tree
Showing 9 changed files with 424 additions and 28 deletions.
69 changes: 69 additions & 0 deletions integration/crds/ClusterNetwork.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: clusternetworks.danm.k8s.io
spec:
scope: Cluster
group: danm.k8s.io
version: v1
names:
kind: ClusterNetwork
plural: clusternetworks
singular: clusternetwork
shortNames:
- cn
- cnet
validation:
openAPIV3Schema:
properties:
spec:
required:
- NetworkID
properties:
NetworkID:
type: string
NetworkType:
type: string
AllowedTenants:
type: array
items:
type: string
Options:
properties:
cidr:
type: string
pattern: '^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))$'
allocation_pool:
properties:
start:
type: string
pattern: '(^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$)?'
end:
type: string
pattern: '(^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$)?'
container_prefix:
type: string
host_device:
type: string
device_pool:
type: string
vxlan:
type: integer
format: int32
minimum: 1
maximum: 16777214
vlan:
type: integer
format: int32
minimum: 1
maximum: 4094
rt_tables:
type: integer
format: int32
net6:
type: string
pattern: '^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))$'
routes:
type: object
routes6:
type: object
4 changes: 1 addition & 3 deletions integration/crds/DanmNet.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,5 @@ spec:
pattern: '^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))$'
routes:
type: object
additionalProperties:
routes6:
type: object
additionalProperties:
type: object
15 changes: 15 additions & 0 deletions integration/crds/TenantConfig.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: tenantconfigs.danm.k8s.io
spec:
scope: Cluster
group: danm.k8s.io
version: v1
names:
kind: TenantConfig
plural: tenantconfigs
singular: tenantconfig
shortNames:
- tc
- tconf
51 changes: 51 additions & 0 deletions integration/crds/TenantNetwork.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: tenantnetworks.danm.k8s.io
spec:
scope: Namespaced
group: danm.k8s.io
version: v1
names:
kind: TenantNetwork
plural: tenantnetworks
singular: tenantnetwork
shortNames:
- tn
- tnet
validation:
openAPIV3Schema:
properties:
spec:
properties:
NetworkID:
type: string
NetworkType:
type: string
Options:
properties:
cidr:
type: string
pattern: '^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))$'
allocation_pool:
properties:
start:
type: string
pattern: '(^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$)?'
end:
type: string
pattern: '(^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$)?'
container_prefix:
type: string
device_pool:
type: string
rt_tables:
type: integer
format: int32
net6:
type: string
pattern: '^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))$'
routes:
type: object
routes6:
type: object
116 changes: 116 additions & 0 deletions schema/ClusterNetwork.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,116 @@
### K8s CRD ClusterNetwork API schema description ###
apiVersion: danm.k8s.io/v1
# A ClusterNetwork object represents a physical network together with its resources and configuration.
# ClusterNetworks are cluster-wide usable, non-namespaced objects and are an abstraction for external networks reachable by multiple tenant, or in K8s terminology, namespace users.
# This results in the following characteristics:
# - ClusterNetworks are expected to be provisioned purely, and strictly by the cluster's network administrators; and should not be writable by tenant users, or even tenant network administrators.
# - Cluster specific networking attributes (VLAN ID, VxLAN ID, name of host NICs, backend associated CNI config files) can be freely configured via the ClusterNetwork API.
# DANM can connect Pods of any tenant to a ClusterNetwork if the cluster administrator allows it.
kind: ClusterNetwork
metadata:
# Name of the K8s ClusterNetwork object this file represents
# MANDATORY - STRING
name: ## ClusterNetwork_NAME ##
spec:
# This parameter provides a second identifier for ClusterNetworks, and can be used to control a number of API features.
# For static delegates, the parameter configures which CNI configuration file is to be used if NetworkType points to a static-level CNI backend.
# For dynamic delegates, VxLAN host interfaces are suffixed, while VLAN host interfaces are prefixed with the NetworkID.
# This allows deployment administrators to separate their own interfaces from others' in a multi-tenant environment, i.e. by setting NetworkID to "name_namespace" value.
# OPTIONAL - STRING, MAXIMUM 12 CHARACTERS
NetworkID: ## NETWORK_ID ##
# This parameter, denotes which backend is used to provision the container interface connected to this network.
# Currently supported values with dynamic integration level are IPVLAN (default), SRIOV, or MACVLAN.
# - IPVLAN option results in an IPVLAN sub-interface provisioned in L2 mode, and connected to the designated host device
# - SRIOV option pushes a pre-allocated Virtual Function of the configured host device to the container's netns
# - MACVLAN option results in a MACVLAN sub-interface provisioned in bridge mode, and connected to the designated host device
# Setting this option to another value results in delegating the network provisioning operation to the named backend with static configuration (i.e. most Options are ignored).
# The default IPVLAN backend is used when this parameter is not specified.
# OPTIONAL - ONE OF {ipvlan,sriov,macvlan,<NAME_OF_ANY_STATIC_LEVEL_CNI_COMPLIANT_BINARY>}
# DEFAULT VALUE: ipvlan
NetworkType: ## BACKEND_TYPE ##
# Even though ClusterNetwork is a cluster scoped API, operators can still control which tenants have access to these networks via the AllowedTenants attribute.
# AllowedTenants is a whitelist of K8s namespaces. Pods belonging to at least one of the listed namespaces are allowed to connect to the particular ClusterNetwork.
# If AllowedTenants is not defined, it is interpreted as "all". This means all Pods of every K8s namespace can connect to a ClusterNetwork by default.
# OPTIONAL - LIST OF STRINGS
# DEFAULT VALUE: EMPTY - NO RESTRICTIONS TO TENANTS
AllowedTenants:
# - K8S_NAMESPACE1
# - K8S_NAMESPACE2
# Specific extra configuration options can be passed to the network provisioning backends.
# Most of the parameters are only supported for dynamic level backends, such as IPVLAN, MACVLAN, and SRIOV.
# Other network interfaces are always provisioned based on their associated static CNI configuration files.
# The exceptional attributes are "rt_tables", "container_prefix", and "routes/6". DANM universally supports the features related to these parameters for all CNI backends.
Options:
# Name of the parent host device (i.e. physical host NIC).
# Sub-interfaces are connected to this NIC in case NetworkType is set to IPVLAN, or MACVLAN.
# Only has an effect with dynamically integrated backends. Ignored for other NetworkTypes.
# Also ignored for SR-IOV, as the pre-allocated Virtual Functions belonging to the configured Kubernetes Device pool are pushed into the connecting Pod's network namespace, regardless which Physical Funtion they belong to.
# OPTIONAL - STRING
host_device: ## PARENT_DEVICE_NAME ##
# Name of a network Device Plugin resource pool
# The device_pool parameter generally represents the base resource name of the Kubernetes Devices connected to this network.
# This option is mandatory for ClusterNetworks with "NetworkType: sriov", and it represents the K8s Virtual Function Device pool connecting Pods are getting their VFs from.
# OPTIONAL - STRING
device_pool: ## DEVICE_PLUGIN_RESOURCE_POOL_MAME ##
# The IPv4 CIDR notation of the subnet associated with the network.
# Pods connecting to this network will get their IPv4 IP from this subnet, if defined.
# Only has an effect with dynamically integrated backends. Ignored for other NetworkTypes.
# OPTIONAL - IPv4 CIDR FORMAT (e.g. "10.0.0.0/24")
cidr: ## SUBNET_CIDR ##
# IPv4 allocation will be done according to the narrowed down allocation pool parameter, if defined.
# Allocation pool must be provided together with "cidr", and shall be included in the subnet range.
# Only has an effect with dynamically integrated backends. Ignored for other NetworkTypes.
# If CIDR is provided without defining an allocation pool, it is automatically calculated for the whole netmask (minus the first, and the last IP).
# The gateway IPs of all the configured IP routes are also automatically reserved from the allocation pool when it is generated.
# When the network administrator sets the allocation pool, DANM assumes the non-usable IPs (e.g. broadcast IP, gateway IPs etc.) were already discounted.
allocation_pool:
start: ## FIRST_ASSIGNABLE_IP ##
end: ## LAST_ASSIGNABLE_IP ##
# The IPv6 CIDR notation of the subnet associated with the network.
# Pods connecting to this network will get their IPv6 addresses from this subnet, if defined.
# Only has an effect with dynamically integrated backends. Ignored for other NetworkTypes.
# OPTIONAL - IPv6 CIDR FORMAT (e.g. "2001:db8::/45").
# NOTE: Netmask of the subnet cannot be higher than /64 (i.e. /65 and upwards).
net6: ## SUBNET_CIDR ##
# Interfaces connected to this network are renamed inside the Pod's network namespace to a string starting with "container_prefix".
# If not provided, DANM uses "eth" as the prefix.
# In both cases DANM dynamically suffixes the interface names in Pod instantiation time with a unique integer number, corresponding to the sequence number of the interface during the specific network creation operation.
# Thus it becomes guaranteed no network interfaces will ever receive the same name, even if more than one belongs to the same ClusterNetwork.
# Generally supported parameter, works with all NetworkTypes (except where the CNI backend itself is not following the CNI standard, such is the case with Flannel).
# OPTIONAL - STRING
# NOTE: DANM ignores this parameter if the respective interface is the first in the connecting Pod's network namespace. That interface will be named "eth0".
container_prefix: ## INTERNAL_IF_NAME ##
# Policy-based IP routes belonging to this network are installed into this routing table, when a user defines them in her Pod's interfaces annotation.
# Generally supported parameter, works with all NetworkTypes.
# OPTIONAL - INTEGER (e.g. 201)
rt_tables: ## HOST_UNIQUE_ROUTING_TABLE_NUMBER ##
# IPv4 routes to be installed into the default routing table of all Pods connected to this network.
# Generally supported parameter, works with all NetworkTypes.
# NOTE: some CNI backends, like Flannel might provision IP routes into the default routing table of a Pod on their own.
# Beware of clashes.
# OPTIONAL - LIST OF DESTINATION_IPV4_CIDR:IPV4_GW ENTRIES (e.g. "10.20.0.0/24: 10.0.0.1")
routes:
## IP_ROUTE_1 ##
## IP_ROUTE_2 ##
# IPv6 routes to be installed into the default routing table of all Pods connected to this network.
# Generally supported parameter, works with all NetworkTypes.
# NOTE: some CNI backends might provision IP routes into the default routing table of a Pod on their own.
# Beware of clashes.
# OPTIONAL - LIST OF DESTINATION_IPV6_CIDR:IPV6_GW ENTRIES
routes6:
## IP_ROUTE_1 ##
## IP_ROUTE_2 ##
# When this parameter is present, traffic flowing through the connected network interfaces is VxLAN tagged with the provided virtual ID.
# The VxLAN tag shall be unique on the level of the underlying host.
# Management of the VxLAN interface is handled automatically by DANM. Provisioning is generally supported for all NetworkTypes.
# Only IPVLAN, and MACVLAN interfaces are automatically connected to the provisioned VxLAN VTEP though.
# VLAN and VxLAN paramaters are mutually exclusive! Defining both in the same ClusterNetwork will result in a validation error!
# OPTIONAL - INTEGER (e.g. 50)
vxlan: ## VXLAN_TAG ##
# When this parameter is present, traffic flowing through the connected network interfaces is VLAN tagged with the provided identifier.
# The VLAN ID shall be unique on the level of the underlying host.
# Management of the VLAN interface is handled automatically by DANM. Provisioning is generally supported for all NetworkTypes.
# Only dynamically supported NetworkType interfaces are automatically VLAN tagged though.
# VLAN and VxLAN paramaters are mutually exclusive! Defining both in the same ClusterNetwork will result in a validation error!
# OPTIONAL - INTEGER (e.g. 4000)
vlan: ## VLAN_TAG ##
Loading

0 comments on commit 3f4c47f

Please sign in to comment.