New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenStack: allow to specify additional networks and security groups for masters and workers #3291
OpenStack: allow to specify additional networks and security groups for masters and workers #3291
Conversation
853ebb9
to
9cdb9ab
Compare
/hold |
9cdb9ab
to
ac8c26d
Compare
7e241f8
to
0023428
Compare
if this get's merged, it would be very nice to have an enhancement created to document what user stories / use case this is solving. for other cloud platforms we don't allow these additional sets unless they are necessary for successful installation... because otherwise we are increasing the surface area of configuration at install-time, which needs to be tested, and which goes against the OpenShift 4 goals. if this is to just ease process of users, i would recommend we look into controller driven OLM operator like component to achieve this as a day-2 configuration. |
@abhinavdahiya yeah, documentation is coming. most likely when you read this message, it's already available. We need this change to enable OpenStack Manila (shared filesystem) integration in IPI. This is not a hard requirement, but in OSP we create an additional network for shared volumes, and we have to add workers to this network to allow mounting. |
/hold cancel |
/retest |
/test e2e-aws |
b79ba33
to
25ec4aa
Compare
/hold blocked by openshift/cluster-api-provider-openstack#86 |
25ec4aa
to
cbf221f
Compare
/hold cancel |
cbf221f
to
240f2a3
Compare
/test e2e-openstack |
1 similar comment
/test e2e-openstack |
This commit adds validations that all provided network and security group ids are UUID v4 strings.
/test e2e-openstack |
4 similar comments
/test e2e-openstack |
/test e2e-openstack |
/test e2e-openstack |
/test e2e-openstack |
networks := []openstackprovider.NetworkParam{ | ||
{ | ||
Subnets: []openstackprovider.SubnetParam{ | ||
{ | ||
Filter: openstackprovider.SubnetFilter{ | ||
Name: fmt.Sprintf("%s-nodes", clusterID), | ||
Tags: fmt.Sprintf("%s=%s", "openshiftClusterID", clusterID), | ||
}, | ||
}, | ||
}, | ||
}, | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit:
networks := []openstackprovider.NetworkParam{ | |
{ | |
Subnets: []openstackprovider.SubnetParam{ | |
{ | |
Filter: openstackprovider.SubnetFilter{ | |
Name: fmt.Sprintf("%s-nodes", clusterID), | |
Tags: fmt.Sprintf("%s=%s", "openshiftClusterID", clusterID), | |
}, | |
}, | |
}, | |
}, | |
} | |
networks := []openstackprovider.NetworkParam{{ | |
Subnets: []openstackprovider.SubnetParam{{ | |
Filter: openstackprovider.SubnetFilter{ | |
Name: fmt.Sprintf("%s-nodes", clusterID), | |
Tags: fmt.Sprintf("%s=%s", "openshiftClusterID", clusterID), | |
}, | |
}}, | |
}} |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: abhinavdahiya, mandre The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/hold |
@@ -20,5 +21,35 @@ func ValidateMachinePool(p *openstack.MachinePool, fldPath *field.Path) field.Er | |||
} | |||
} | |||
|
|||
allErrs = append(allErrs, validateUUIDV4s(p.AdditionalNetworkIDs, fldPath.Child("additionalNetworkIDs"))...) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we be using the valid values fetcher here to validate that these networks and security groups actually exist in openstack?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will be done as a part of our Validation epic
@@ -390,6 +390,7 @@ func (t *TerraformVariables) Generate(parents asset.Parents) error { | |||
clusterID.InfraID, | |||
caCert, | |||
bootstrapIgn, | |||
installConfig.Config.ControlPlane.Platform.OpenStack, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You dont have to do this in this patch, but could we just pass the install config here, or make a new struct to pass tfvars? The number of arguments to this function is becoming ludicrous :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know... Abhinav asked the same question #3291 (comment)
But I think we don't have other options, because we need to differenciate between primary and additional objects, and the only way is to read them from the machine pool :(
/lgtm |
/hold cancel |
/retest Please review the full test history for this PR and help us cut down flakes. |
3 similar comments
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
@Fedosin: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
In some cases we may need to provide access to additional networks and security groups. An example of this need would be to mount RWX volumes from OpenStack Manila, when shares are in another network (OSP default).
Since we plan to use Manila as the primary backend for the image registry, it is essential that we have this feature in IPI.
This PR adds two new parameters to OpenStack's MachinePool:
additionalNetworkIDs
(optional list of strings): IDs of additional networks for machines.additionalSecurityGroupIDs
(optional list of strings): IDs of additional security groups for machines.