Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add K8s CR name and uuid into NSX resource ID #643

Merged
merged 1 commit into from
Aug 7, 2024
Merged

Add K8s CR name and uuid into NSX resource ID #643

merged 1 commit into from
Aug 7, 2024

Conversation

wenyingd
Copy link
Contributor

@wenyingd wenyingd commented Jul 19, 2024
edited
Loading

A pre-created VPC is possibly shared in mutiple K8s Namespaces even K8s
clusters, which required the corresponding NSX resources created in the same VPC
must use unique id.

To avoid NSX resources created by the K8s CRs in different Namespaces use the
same ID and to improve the readability of the reource ID, this change uses the
format ${cr_name}-${cr_uuid} to generate the NSX resource ID. For the scenario
that one K8s CR is translated to multiple NSX resources, e.g., Groups, a suffix
is added in the ID field to ensure it is unique. In the meanwhile, the prefix
which represents the resource type is removed from both the NSX resource id and
display_name.

Another change is for the VpcSubnet Id generated by SubnetSet CR. The index is
changed from a uuid to the hash of a uuid and its length is 8.

For the NSX resource's display_name, the corresponding CR's name is used to
improve its readability. The exceptions include Subnet and VPC (NSX LBs is also
changed), which uses format ${cr_name}-${cr_uuid}. This is because vCenter
create folders for subnet and VPC using its display_name, we use a UUID as a
suffix in the display_names field to ensure it is unique.

These NSX resources created because of K8s CRs are impacted in this change.

  • Subnet and Subnetset
  • SubnetPort
  • SecurityPolicy and NetworkPolicy
  • StaticRoute
  • Group
  • IPAllocation

Test Done:
Unit test is added.
e2e test
- K8s CR: subnet/subnetset
- K8s CR: staticroute
- K8s CR: securitypolicy and networkpolicy (including Groups and Rule)
- K8s CR: subnetport

---------- kubectl get subnets ----------
NAME      Namespace        UID
subnet1   vpc2-namespace   d578ef4b-e1d2-471b-88f7-f6885077efae
********** NSX API: get VpcSubnet, tag: nsx-op/subnet_name: subnet1 **********
{
  "id": "subnet1-d578ef4b-e1d2-471b-88f7-f6885077efae",
  "display_name": "3d7b2c3f-1b87-454f-9f38-5bdebd9d8214-subnet1"
}
---------- kubectl get staticroutes ----------
NAME     Namespace        UID
test-2   vpc2-namespace   50fd5059-55bf-4016-8c05-a195693644e0
********** NSX API: get StaticRoutes, tag: nsx-op/static_route_name: test-2 **********
{
  "id": "test-2-50fd5059-55bf-4016-8c05-a195693644e0",
  "display_name": "test-2-50fd5059-55bf-4016-8c05-a195693644e0"
}
---------- kubectl get securitypolicy ingress-policy-1 ----------
NAME               Namespace        UID
ingress-policy-1   vpc2-namespace   0774edad-74bd-4fc2-8560-f1175fe40dfb
********** NSX API: get SecurityPolicy, tag: nsx-op/security_policy_name: ingress-policy-1 **********
{
  "id": "ingress-policy-1-0774edad-74bd-4fc2-8560-f1175fe40dfb",
  "display_name": "ingress-policy-1"
}
********** NSX API: get Group, tag: nsx-op/security_policy_name: ingress-policy-1 **********
{
  "id": "ingress-policy-1-0774edad-74bd-4fc2-8560-f1175fe40dfb_scope",
  "display_name": "vpc2-namespace-ingress-policy-1-scope"
}
{
  "id": "ingress-policy-1-0774edad-74bd-4fc2-8560-f1175fe40dfb_0_src",
  "display_name": "ingress-policy-1-0-src"
}
********** NSX API: get Rule, tag: nsx-op/security_policy_name: ingress-policy-1 **********
{
  "id": "ingress-policy-1-0774edad-74bd-4fc2-8560-f1175fe40dfb_0_a8c1e289467c571eeed9c3bbdbbb451a9946965c_0_0",
  "display_name": "TCP.8000-ingress-allow"
}
---------- kubectl get networkpolicy test-network-policy ----------
NAME                  Namespace        UID
test-network-policy   vpc2-namespace   ccd46d0b-0301-446e-8efd-ba0ff909f771
********** NSX API: get SecurityPolicy, tag: nsx-op/network_policy_name: ingress-policy-1 **********
{
  "id": "test-network-policy-allow-ccd46d0b-0301-446e-8efd-ba0ff909f771_allow",
  "display_name": "test-network-policy-allow"
}
********** NSX API: get Group, tag: nsx-op/network_policy_name: test-network-policy-allow **********
{
  "id": "test-network-policy-allow-ccd46d0b-0301-446e-8efd-ba0ff909f771_allow_scope",
  "display_name": "vpc2-namespace-test-network-policy-allow-scope"
}
{
  "id": "test-network-policy-allow-ccd46d0b-0301-446e-8efd-ba0ff909f771_allow_0_dst",
  "display_name": "test-network-policy-allow-0-dst"
}
********** NSX API: get Rule, tag: nsx-op/network_policy_name: test-network-policy-allow **********
{
  "id": "test-network-policy-allow-ccd46d0b-0301-446e-8efd-ba0ff909f771_allow_0_707c3a6b759b426540d1c7c218dc9782a74685b6_0_0",
  "display_name": "TCP.5978-egress-allow"
}
---------- kubectl get ipallocations ----------
NAME                     Namespace        UID
guestcluster-workers-a   vpc2-namespace   f95fd988-7ed4-4a5e-aab1-e69a9f39ba11
********** NSX API: get VpcIpAddressAllocation under vpc2-namespace **********
{
  "id": "guestcluster-workers-a-f95fd988-7ed4-4a5e-aab1-e69a9f39ba11",
  "display_name": "3d7b2c3f-1b87-454f-9f38-5bdebd9d8214-guestcluster-workers-a"
}

@wenyingd wenyingd force-pushed the precreated_vpc_naming branch 3 times, most recently from 9466b99 to 586c322 Compare July 19, 2024 03:37
@wenyingd wenyingd changed the title Add K8s CR uuid into NSX resource display name Add K8s CR uuid into NSX resource display name +1 Jul 19, 2024
@wenyingd wenyingd changed the title Add K8s CR uuid into NSX resource display name +1 Add K8s CR uuid into NSX resource display name Jul 19, 2024
@wenyingd wenyingd changed the title Add K8s CR uuid into NSX resource display name Add K8s CR uuid into NSX resource display name +1 Jul 23, 2024
@wenyingd wenyingd changed the title Add K8s CR uuid into NSX resource display name +1 Add K8s CR uuid into NSX resource display name Jul 23, 2024
@wenyingd
Copy link
Contributor Author

+1

@wenyingd wenyingd force-pushed the precreated_vpc_naming branch 2 times, most recently from 232aa62 to 9d855d2 Compare July 24, 2024 03:12
@timdengyun timdengyun closed this Jul 24, 2024
@timdengyun timdengyun reopened this Jul 24, 2024
@timdengyun timdengyun requested a review from TaoZou1 July 24, 2024 15:10
@timdengyun
Copy link
Contributor

@TaoZou1 please take a look at static route part.

timdengyun
timdengyun previously approved these changes Jul 25, 2024
View reviewed changes
Copy link
Contributor

@timdengyun timdengyun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The SP part looks good to me.

@wenyingd wenyingd force-pushed the precreated_vpc_naming branch 2 times, most recently from 91abaff to c28610f Compare July 29, 2024 07:17
TaoZou1
TaoZou1 previously approved these changes Aug 5, 2024
View reviewed changes
timdengyun
timdengyun previously approved these changes Aug 5, 2024
View reviewed changes
@zhengxiexie
Copy link
Contributor

/e2e

heypnus
heypnus previously approved these changes Aug 6, 2024
View reviewed changes
Copy link
Contributor

@heypnus heypnus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

subnet/subnetset/subnetport lgtm

@zhengxiexie
Copy link
Contributor

/e2e

1 similar comment
@wenyingd
Copy link
Contributor Author

wenyingd commented Aug 7, 2024

/e2e

@wenyingd
Add K8s CR name and uuid into NSX resource ID
cc9674c 
A pre-created VPC is possibly shared in mutiple K8s Namespaces even K8s
clusters, which required the corresponding NSX resources created in the same VPC
must use unique id.

To avoid NSX resources created by the K8s CRs in different Namespaces use the
same ID and to improve the readability of the reource ID, this change uses the
format ${cr_name}-${cr_uuid} to generate the NSX resource ID. For the scenario
that one K8s CR is translated to multiple NSX resources, e.g., Groups, a suffix
is added in the ID field to ensure it is unique. In the meanwhile, the prefix
which represents the resource type is removed from both the NSX resource id and
display_name.

Another change is for the VpcSubnet Id generated by SubnetSet CR. The index is
changed from a uuid to the hash of a uuid and its length is 8.

For the NSX resource's display_name, the corresponding CR's name is used to
improve its readability. The exceptions include Subnet and VPC, which uses
format ${cr_name}-${cr_uuid}. This is because vCenter create folders for subnet
and VPC using its display_name, we use a UUID as a suffix in the display_names
field to ensure it is unique.

These NSX resources created because of K8s CRs are impacted in this change.
- Subnet and Subnetset
- SubnetPort
- SecurityPolicy and NetworkPolicy
- StaticRoute
- Group
- IPAllocation

Test Done:
  Unit test is added, e2e test on local testbed is passed.
@wenyingd wenyingd dismissed stale reviews from heypnus, TaoZou1, and timdengyun via cc9674c August 7, 2024 02:55
@zhengxiexie
Copy link
Contributor

/e2e

2 similar comments
@zhengxiexie
Copy link
Contributor

/e2e

@wenyingd
Copy link
Contributor Author

wenyingd commented Aug 7, 2024

/e2e

@wenyingd wenyingd merged commit 2cc0f8d into vmware-tanzu:main Aug 7, 2024
2 checks passed
@wenyingd wenyingd deleted the precreated_vpc_naming branch August 7, 2024 07:55
@timdengyun timdengyun mentioned this pull request Sep 9, 2024
Merged
timdengyun added a commit to timdengyun/nsx-operator-1 that referenced this pull request Sep 14, 2024
@timdengyun
Unify NSX resoruce ID and name connector as underline
ad6c980 
Previsouly, we use hyphen "-" to connect strings when building NSX resource
name, and use underline "_" to connect strings when builindg NSX
resource ID.

This patch is to unify NSX resource ID and name connecotr as underline when building
ID and name from K8s CR.

For the NSX resoruce ID and name convention,
this patch is follow the standard in PR:vmware-tanzu#643

These NSX resources name are impacted in this change.
Subnet
SubnetPort
SecurityPolicy and NetworkPolicy
NSGroup, IPSetGroup and NSRule
StaticRoute
IPAllocation
VPC
timdengyun added a commit to timdengyun/nsx-operator-1 that referenced this pull request Sep 14, 2024
@timdengyun
Unify NSX resoruce ID and name connector as underline
6952890 
Previsouly, we use hyphen "-" to connect strings when building NSX resource
name, and use underline "_" to connect strings when builindg NSX
resource ID.

This patch is to unify NSX resource ID and name connecotr as underline when building
ID and name from K8s CR.

For the NSX resoruce ID and name convention,
this patch is follow the standard in PR:vmware-tanzu#643

These NSX resources name are impacted in this change.
VPC
Subnet
SubnetPort
SecurityPolicy and NetworkPolicy
NSGroup and IPSetGroup
NSRule
Share
StaticRoute
IPAllocation
@timdengyun timdengyun mentioned this pull request Sep 14, 2024
Open
timdengyun added a commit to timdengyun/nsx-operator-1 that referenced this pull request Sep 14, 2024
@timdengyun
Unify NSX resoruce ID and name connector as underline
1bfa2f9 
Previsouly, we use hyphen "-" to connect strings when building NSX resource
name, and use underline "_" to connect strings when builindg NSX
resource ID.

This patch is to unify NSX resource ID and name connecotr as underline when building
ID and name from K8s CR.

For the NSX resoruce ID and name convention,
this patch is follow the standard in PR:vmware-tanzu#643

These NSX resources name are impacted in this change.
VPC
Subnet
SubnetPort
SecurityPolicy and NetworkPolicy
NSGroup and IPSetGroup
NSRule
Share
StaticRoute
IPAllocation
timdengyun added a commit to timdengyun/nsx-operator-1 that referenced this pull request Sep 14, 2024
@timdengyun
Unify NSX resoruce ID and name connector as underline
ba3794e 
Previsouly, we use hyphen "-" to connect strings when building NSX resource
name, and use underline "_" to connect strings when builindg NSX
resource ID.

This patch is to unify NSX resource ID and name connecotr as underline when building
ID and name from K8s CR.

For the NSX resoruce ID and name convention,
this patch is follow the standard in PR:vmware-tanzu#643

These NSX resources name are impacted in this change:
VPC
Subnet
SubnetPort
SecurityPolicy and NetworkPolicy
NSGroup and IPSetGroup
NSRule
Share
StaticRoute
IPAllocation
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dantingl dantingl dantingl approved these changes

@heypnus heypnus heypnus approved these changes

@timdengyun timdengyun timdengyun approved these changes

@zhengxiexie zhengxiexie Awaiting requested review from zhengxiexie

@lxiaopei lxiaopei Awaiting requested review from lxiaopei

@gran-vmv gran-vmv Awaiting requested review from gran-vmv

@TaoZou1 TaoZou1 Awaiting requested review from TaoZou1

Assignees
No one assigned
Labels
cla-not-required
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@wenyingd @timdengyun @heypnus @zhengxiexie @dantingl @gran-vmv @TaoZou1 @vmwclabot