openstack/kuryr-kubernetes
Code Issues Proposed changes
02492ad314
kuryr-kubernetes/kuryr_kubernetes/controller/drivers/base.py

782 lines
27 KiB
Python
Raw Normal View History

Controller driver base and pod project driver This patch adds stevedore-based driver support to the controller and implements a driver to determine OpenStack project ID used to create pod ports. Change-Id: I0002ce1c1f7985955b7f66902dcf5386db212a1a Partially-Implements: blueprint kuryr-k8s-integration
2016-11-15 20:21:27 +03:00
# Copyright (c) 2016 Mirantis, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import abc
Remove log translations Log messages are no longer being translated. This removes all use of the _LE, _LI, and _LW translation markers to simplify logging and to avoid confusion with new contributions. See: http://lists.openstack.org/pipermail/openstack-i18n/2016-November/002574.html http://lists.openstack.org/pipermail/openstack-dev/2017-March/113365.html Change-Id: If4735fc3ac1803585efd90657539e540d157a59a
2017-03-28 09:47:09 +08:00
from kuryr.lib._i18n import _
Controller driver base and pod project driver This patch adds stevedore-based driver support to the controller and implements a driver to determine OpenStack project ID used to create pod ports. Change-Id: I0002ce1c1f7985955b7f66902dcf5386db212a1a Partially-Implements: blueprint kuryr-k8s-integration
2016-11-15 20:21:27 +03:00
from stevedore import driver as stv_driver
from kuryr_kubernetes import config
_DRIVER_NAMESPACE_BASE = 'kuryr_kubernetes.controller.drivers'
_DRIVER_MANAGERS = {}
Implement multi-vif driver This patch implements the multi-vif of VIF-Handler And Vif Drivers Design. This patch creates a new driver type MultiVIFDriver. It will be the base class of real drivers like sriov, additional_subnet and npwg_multiple_interfaces. Each of the derived driver should implement the parsing of the additional interfaces definition in K8S pods, and call VIF driver to either create or acquire the Neutron port and its VIF object. A list of enabled drivers can be returned by its class method. So that the VIFHandler can invoke each driver one by one to get the whole list of interfaces for one pod. Partially Implements: blueprint multi-vif-pods Change-Id: I8b5175a4637b18a0b574e27674a217865afb22b7 Signed-off-by: Peng Liu <pliu@redhat.com>
2018-06-15 14:11:34 +08:00
_MULTI_VIF_DRIVERS = []
Controller driver base and pod project driver This patch adds stevedore-based driver support to the controller and implements a driver to determine OpenStack project ID used to create pod ports. Change-Id: I0002ce1c1f7985955b7f66902dcf5386db212a1a Partially-Implements: blueprint kuryr-k8s-integration
2016-11-15 20:21:27 +03:00
class DriverBase(object):
"""Base class for controller drivers.
Subclasses must define an *ALIAS* attribute that is used to find a driver
implementation by `get_instance` class method which utilises
`stevedore.driver.DriverManager` with the namespace set to
'kuryr_kubernetes.controller.drivers.*ALIAS*' and the name of
the driver determined from the '[kubernetes]/*ALIAS*_driver' configuration
parameter.
Usage example:
Removing six library. Since we already migrated fully to Python3, it's time to also remove bits needed for Python2. One of those libs is six. Change-Id: Ib984d7b4b3c1048ed091c78986c634689a8ace8c
2020-02-28 12:00:19 +01:00
class SomeDriverInterface(DriverBase, metaclass=abc.ABCMeta):
Controller driver base and pod project driver This patch adds stevedore-based driver support to the controller and implements a driver to determine OpenStack project ID used to create pod ports. Change-Id: I0002ce1c1f7985955b7f66902dcf5386db212a1a Partially-Implements: blueprint kuryr-k8s-integration
2016-11-15 20:21:27 +03:00
ALIAS = 'driver_alias'
@abc.abstractmethod
def some_method(self):
pass
driver = SomeDriverInterface.get_instance()
driver.some_method()
"""
@classmethod
Refactor DriverBase.get_instance() scope param is added to allow getting multiple independent instances of a driver. This is particularly useful for using same VIFPoolDriver implementation for multiple PodVIFDrivers (eg. NoopVIFPool may be used for multiple PodVIFDriver types) Also renames driver_alias to specific_driver to better indicate its function. Related-Bug: 1747406 Change-Id: Iea3b65b91f362a18cca6bf9d44d938063a56118b Signed-off-by: Yash Gupta <y.gupta@samsung.com>
2018-08-27 17:09:38 +09:00
def get_instance(cls, specific_driver=None, scope='default'):
"""Get an implementing driver instance.
:param specific_driver: Loads a specific driver instead of using conf.
Uses separate manager entry so that loading of
default/other drivers is not affected.
:param scope: Loads the driver in the given scope (if independent
instances of a driver are required)
"""
Controller driver base and pod project driver This patch adds stevedore-based driver support to the controller and implements a driver to determine OpenStack project ID used to create pod ports. Change-Id: I0002ce1c1f7985955b7f66902dcf5386db212a1a Partially-Implements: blueprint kuryr-k8s-integration
2016-11-15 20:21:27 +03:00
alias = cls.ALIAS
Refactor DriverBase.get_instance() scope param is added to allow getting multiple independent instances of a driver. This is particularly useful for using same VIFPoolDriver implementation for multiple PodVIFDrivers (eg. NoopVIFPool may be used for multiple PodVIFDriver types) Also renames driver_alias to specific_driver to better indicate its function. Related-Bug: 1747406 Change-Id: Iea3b65b91f362a18cca6bf9d44d938063a56118b Signed-off-by: Yash Gupta <y.gupta@samsung.com>
2018-08-27 17:09:38 +09:00
if specific_driver:
driver_key = '{}:{}:{}'.format(alias, specific_driver, scope)
else:
driver_key = '{}:_from_cfg:{}'.format(alias, scope)
Controller driver base and pod project driver This patch adds stevedore-based driver support to the controller and implements a driver to determine OpenStack project ID used to create pod ports. Change-Id: I0002ce1c1f7985955b7f66902dcf5386db212a1a Partially-Implements: blueprint kuryr-k8s-integration
2016-11-15 20:21:27 +03:00
try:
Refactor DriverBase.get_instance() scope param is added to allow getting multiple independent instances of a driver. This is particularly useful for using same VIFPoolDriver implementation for multiple PodVIFDrivers (eg. NoopVIFPool may be used for multiple PodVIFDriver types) Also renames driver_alias to specific_driver to better indicate its function. Related-Bug: 1747406 Change-Id: Iea3b65b91f362a18cca6bf9d44d938063a56118b Signed-off-by: Yash Gupta <y.gupta@samsung.com>
2018-08-27 17:09:38 +09:00
manager = _DRIVER_MANAGERS[driver_key]
Controller driver base and pod project driver This patch adds stevedore-based driver support to the controller and implements a driver to determine OpenStack project ID used to create pod ports. Change-Id: I0002ce1c1f7985955b7f66902dcf5386db212a1a Partially-Implements: blueprint kuryr-k8s-integration
2016-11-15 20:21:27 +03:00
except KeyError:
Refactor DriverBase.get_instance() scope param is added to allow getting multiple independent instances of a driver. This is particularly useful for using same VIFPoolDriver implementation for multiple PodVIFDrivers (eg. NoopVIFPool may be used for multiple PodVIFDriver types) Also renames driver_alias to specific_driver to better indicate its function. Related-Bug: 1747406 Change-Id: Iea3b65b91f362a18cca6bf9d44d938063a56118b Signed-off-by: Yash Gupta <y.gupta@samsung.com>
2018-08-27 17:09:38 +09:00
driver_name = (specific_driver or
config.CONF.kubernetes[alias + '_driver'])
Controller driver base and pod project driver This patch adds stevedore-based driver support to the controller and implements a driver to determine OpenStack project ID used to create pod ports. Change-Id: I0002ce1c1f7985955b7f66902dcf5386db212a1a Partially-Implements: blueprint kuryr-k8s-integration
2016-11-15 20:21:27 +03:00
manager = stv_driver.DriverManager(
namespace="%s.%s" % (_DRIVER_NAMESPACE_BASE, alias),
Refactor DriverBase.get_instance() scope param is added to allow getting multiple independent instances of a driver. This is particularly useful for using same VIFPoolDriver implementation for multiple PodVIFDrivers (eg. NoopVIFPool may be used for multiple PodVIFDriver types) Also renames driver_alias to specific_driver to better indicate its function. Related-Bug: 1747406 Change-Id: Iea3b65b91f362a18cca6bf9d44d938063a56118b Signed-off-by: Yash Gupta <y.gupta@samsung.com>
2018-08-27 17:09:38 +09:00
name=driver_name,
Controller driver base and pod project driver This patch adds stevedore-based driver support to the controller and implements a driver to determine OpenStack project ID used to create pod ports. Change-Id: I0002ce1c1f7985955b7f66902dcf5386db212a1a Partially-Implements: blueprint kuryr-k8s-integration
2016-11-15 20:21:27 +03:00
invoke_on_load=True)
Refactor DriverBase.get_instance() scope param is added to allow getting multiple independent instances of a driver. This is particularly useful for using same VIFPoolDriver implementation for multiple PodVIFDrivers (eg. NoopVIFPool may be used for multiple PodVIFDriver types) Also renames driver_alias to specific_driver to better indicate its function. Related-Bug: 1747406 Change-Id: Iea3b65b91f362a18cca6bf9d44d938063a56118b Signed-off-by: Yash Gupta <y.gupta@samsung.com>
2018-08-27 17:09:38 +09:00
_DRIVER_MANAGERS[driver_key] = manager
Controller driver base and pod project driver This patch adds stevedore-based driver support to the controller and implements a driver to determine OpenStack project ID used to create pod ports. Change-Id: I0002ce1c1f7985955b7f66902dcf5386db212a1a Partially-Implements: blueprint kuryr-k8s-integration
2016-11-15 20:21:27 +03:00
driver = manager.driver
if not isinstance(driver, cls):
Remove log translations Log messages are no longer being translated. This removes all use of the _LE, _LI, and _LW translation markers to simplify logging and to avoid confusion with new contributions. See: http://lists.openstack.org/pipermail/openstack-i18n/2016-November/002574.html http://lists.openstack.org/pipermail/openstack-dev/2017-March/113365.html Change-Id: If4735fc3ac1803585efd90657539e540d157a59a
2017-03-28 09:47:09 +08:00
raise TypeError(_("Invalid %(alias)r driver type: %(driver)s, "
"must be a subclass of %(type)s") % {
Cleanup and enforce pep8 checks tox.ini contains a bunch of excludes, that are unnecessary. Some are leftovers from neutron. Some are already fixed and there is no point in excluding them and some are easy to fix. This commit does not fix E128 as it is the only serious exclusion with (currently 166 lines to be changed) Change-Id: I48cb6cd2258b2d8ed5b8dfdd3ceac7d8d573be81
2017-06-08 15:30:40 +03:00
'alias': alias,
'driver': driver.__class__.__name__,
'type': cls})
Controller driver base and pod project driver This patch adds stevedore-based driver support to the controller and implements a driver to determine OpenStack project ID used to create pod ports. Change-Id: I0002ce1c1f7985955b7f66902dcf5386db212a1a Partially-Implements: blueprint kuryr-k8s-integration
2016-11-15 20:21:27 +03:00
return driver
Add ports pool clean up support to namespace deletion This patch extends the namespace handler to account for existing ports at kuryr ports pools before deleting the network namespace resources. It extends the vif_pool driver with support for removing all the ports of the different pools belonging to the namespace to be deleted. Partially Implements: blueprint network-namespace Change-Id: I84580201f38c219f1943510bb493da0f07e07153
2018-04-25 09:31:10 +00:00
def __str__(self):
return self.__class__.__name__
Controller driver base and pod project driver This patch adds stevedore-based driver support to the controller and implements a driver to determine OpenStack project ID used to create pod ports. Change-Id: I0002ce1c1f7985955b7f66902dcf5386db212a1a Partially-Implements: blueprint kuryr-k8s-integration
2016-11-15 20:21:27 +03:00
Removing six library. Since we already migrated fully to Python3, it's time to also remove bits needed for Python2. One of those libs is six. Change-Id: Ib984d7b4b3c1048ed091c78986c634689a8ace8c
2020-02-28 12:00:19 +01:00
class PodProjectDriver(DriverBase, metaclass=abc.ABCMeta):
Controller driver base and pod project driver This patch adds stevedore-based driver support to the controller and implements a driver to determine OpenStack project ID used to create pod ports. Change-Id: I0002ce1c1f7985955b7f66902dcf5386db212a1a Partially-Implements: blueprint kuryr-k8s-integration
2016-11-15 20:21:27 +03:00
"""Provides an OpenStack project ID for Kubernetes Pod ports."""
ALIAS = 'pod_project'
@abc.abstractmethod
def get_project(self, pod):
"""Get an OpenStack project ID for Kubernetes Pod ports.
:param pod: dict containing Kubernetes Pod object
:return: project ID
"""
raise NotImplementedError()
Default pod subnet driver and os-vif utils This patch adds a new driver type used to determine Neutron subnet that should be used for Kubernetes pods' ports. This patch also provides a default subnet driver implementation that uses a subnet set in configuration file. This patch also introduces the 'os_vif_util' module that contains functions to translate data structures returned by Neutron client to os-vif objects. Only the subnet-related functions are added in this patch. Change-Id: I643b22858239ce7f64e6ba81822b31e788fc9990 Partially-Implements: blueprint kuryr-k8s-integration
2016-11-16 15:19:11 +03:00
Removing six library. Since we already migrated fully to Python3, it's time to also remove bits needed for Python2. One of those libs is six. Change-Id: Ib984d7b4b3c1048ed091c78986c634689a8ace8c
2020-02-28 12:00:19 +01:00
class ServiceProjectDriver(DriverBase, metaclass=abc.ABCMeta):
K8s Services support: LBaaSSpecHandler This patch introduces LBaaSSpecHandler that handles K8s Service events and updates related Endpoints with LBaaSServiceSpec when necessary. Change-Id: I09a0235842edd06827437f37aeac7ca5daeb1774 Partially-Implements: blueprint kuryr-k8s-integration
2017-01-31 23:19:32 +03:00
"""Provides an OpenStack project ID for Kubernetes Services."""
ALIAS = 'service_project'
@abc.abstractmethod
def get_project(self, service):
"""Get an OpenStack project ID for Kubernetes Service.
:param service: dict containing Kubernetes Service object
:return: project ID
"""
raise NotImplementedError()
Removing six library. Since we already migrated fully to Python3, it's time to also remove bits needed for Python2. One of those libs is six. Change-Id: Ib984d7b4b3c1048ed091c78986c634689a8ace8c
2020-02-28 12:00:19 +01:00
class NamespaceProjectDriver(DriverBase, metaclass=abc.ABCMeta):
Add default namespace project driver This patch adds a new default driver to get the project ID associated to a namespace. Same as the pod and service project drivers Partially Implements: blueprint network-namespace Change-Id: Ib4306ba2c3d07ddfa311e2970b67d8b617c951e7
2018-07-10 17:19:53 +02:00
"""Provides an OpenStack project ID for Kubernetes Namespace."""
ALIAS = 'namespace_project'
@abc.abstractmethod
def get_project(self, namespace):
"""Get an OpenStack project ID for Kubernetes Namespace.
:param service: dict containing Kubernetes Namespace object
:return: project ID
"""
raise NotImplementedError()
Removing six library. Since we already migrated fully to Python3, it's time to also remove bits needed for Python2. One of those libs is six. Change-Id: Ib984d7b4b3c1048ed091c78986c634689a8ace8c
2020-02-28 12:00:19 +01:00
class PodSubnetsDriver(DriverBase, metaclass=abc.ABCMeta):
Default pod subnet driver and os-vif utils This patch adds a new driver type used to determine Neutron subnet that should be used for Kubernetes pods' ports. This patch also provides a default subnet driver implementation that uses a subnet set in configuration file. This patch also introduces the 'os_vif_util' module that contains functions to translate data structures returned by Neutron client to os-vif objects. Only the subnet-related functions are added in this patch. Change-Id: I643b22858239ce7f64e6ba81822b31e788fc9990 Partially-Implements: blueprint kuryr-k8s-integration
2016-11-16 15:19:11 +03:00
"""Provides subnets for Kubernetes Pods."""
ALIAS = 'pod_subnets'
@abc.abstractmethod
def get_subnets(self, pod, project_id):
"""Get subnets for Pod.
:param pod: dict containing Kubernetes Pod object
:param project_id: OpenStack project ID
:return: dict containing the mapping 'subnet_id' -> 'network' for all
the subnets we want to create ports on, where 'network' is an
`os_vif.network.Network` object containing a single
`os_vif.subnet.Subnet` object corresponding to the 'subnet_id'
"""
raise NotImplementedError()
Default pod security groups driver This patch adds a new driver type used to determine Neutron security groups that should be used for Kubernetes pods. This patch also provides a default driver implementation that uses a list of security groups set in configuration file. Change-Id: Id76f70b8a99ffa8372dfd3d199371e7db46fb812 Partially-Implements: blueprint kuryr-k8s-integration
2016-11-18 13:43:46 +03:00
Ensure isolation between namespaces This patch ensures that a different security group is attached to each newly created namespace. Thus providing extra isolation between the pods allocated on the different namespaces. Implements: blueprint openshift-project-isolation-support Change-Id: Ibf63841b2a6b0c339c4c76980f1489e26af016d7
2018-06-29 14:38:18 +02:00
def create_namespace_network(self, namespace, project_id):
Add namespace subnet driver for namespace creation This patch adds a new subnet driver that creates a new network for each created k8s namespace. It makes use of K8s CRDs to store the information about the network resources created for each namespace Partially Implements: blueprint network-namespace Change-Id: I7988e1da7a9ed57f29c85ddcd99bb2c87808010e
2018-04-18 11:03:27 +00:00
"""Create network resources for a namespace.
:param namespace: string with the namespace name
Ensure isolation between namespaces This patch ensures that a different security group is attached to each newly created namespace. Thus providing extra isolation between the pods allocated on the different namespaces. Implements: blueprint openshift-project-isolation-support Change-Id: Ibf63841b2a6b0c339c4c76980f1489e26af016d7
2018-06-29 14:38:18 +02:00
:param project_id: OpenStack project ID
:return: dict with the keys and values for the CRD spec, such as
routerId or subnetId
Add namespace subnet driver for namespace creation This patch adds a new subnet driver that creates a new network for each created k8s namespace. It makes use of K8s CRDs to store the information about the network resources created for each namespace Partially Implements: blueprint network-namespace Change-Id: I7988e1da7a9ed57f29c85ddcd99bb2c87808010e
2018-04-18 11:03:27 +00:00
"""
raise NotImplementedError()
Namespace deletion functionality for namespace_subnet driver This patch extends the namespace_subnet driver to handle namespace deletion. It ensures the created resources during namespace creation are removed upon namespace deletion. Note it does not currently support deleting the extra ports created by the ports pool feature, so it should not be used if ports pool feature is enabled. A follow up patch will address this issue Partially Implements: blueprint network-namespace Change-Id: I2eed278dafacd5090a902bacfd366f7cdf9edca4
2018-04-18 11:31:48 +00:00
def delete_namespace_subnet(self, kuryr_net_crd):
"""Delete network resources associated to a namespace.
Namespace event handling through KuryrNet CRD This patch moves the namespace handling to be more aligned with the k8s style. Depends-on: If0aaf748d13027b3d660aa0f74c4f6653e911250 Change-Id: Ia2811d743f6c4791321b05977118d0b4276787b5
2020-02-10 08:46:03 +01:00
:param kuryr_net_crd: kuryrnetwork CRD obj dict that contains Neutron's
Namespace deletion functionality for namespace_subnet driver This patch extends the namespace_subnet driver to handle namespace deletion. It ensures the created resources during namespace creation are removed upon namespace deletion. Note it does not currently support deleting the extra ports created by the ports pool feature, so it should not be used if ports pool feature is enabled. A follow up patch will address this issue Partially Implements: blueprint network-namespace Change-Id: I2eed278dafacd5090a902bacfd366f7cdf9edca4
2018-04-18 11:31:48 +00:00
network resources associated to a namespace
"""
raise NotImplementedError()
Ensure isolation between namespaces This patch ensures that a different security group is attached to each newly created namespace. Thus providing extra isolation between the pods allocated on the different namespaces. Implements: blueprint openshift-project-isolation-support Change-Id: Ibf63841b2a6b0c339c4c76980f1489e26af016d7
2018-06-29 14:38:18 +02:00
def rollback_network_resources(self, crd_spec, namespace):
Add namespace subnet driver for namespace creation This patch adds a new subnet driver that creates a new network for each created k8s namespace. It makes use of K8s CRDs to store the information about the network resources created for each namespace Partially Implements: blueprint network-namespace Change-Id: I7988e1da7a9ed57f29c85ddcd99bb2c87808010e
2018-04-18 11:03:27 +00:00
"""Rollback created network resources for a namespace.
Ensure isolation between namespaces This patch ensures that a different security group is attached to each newly created namespace. Thus providing extra isolation between the pods allocated on the different namespaces. Implements: blueprint openshift-project-isolation-support Change-Id: Ibf63841b2a6b0c339c4c76980f1489e26af016d7
2018-06-29 14:38:18 +02:00
:param crd_spec: dict with the keys and values for the CRD spec, such
as routerId or subnetId
Add namespace subnet driver for namespace creation This patch adds a new subnet driver that creates a new network for each created k8s namespace. It makes use of K8s CRDs to store the information about the network resources created for each namespace Partially Implements: blueprint network-namespace Change-Id: I7988e1da7a9ed57f29c85ddcd99bb2c87808010e
2018-04-18 11:03:27 +00:00
:param namespace: name of the Kubernetes namespace object
"""
raise NotImplementedError()
Ensure namespace network resources are cleaned up In case of kuryr-controller crash/restart while creating a namespace it may happen that some network resources are leftover as the kuryr net crd was not yet created. This may lead to a waste of OpenStack network resources (networks, subnets). This patch ensures the namespace is cleaned up before creating the resources in case a previous attempt was made without completing the kuryr net crd creation. Change-Id: Iddc03090dc8a847abe4afa2bed0900f0c7cf6936
2019-07-18 16:11:54 +02:00
def cleanup_namespace_networks(self, namespace):
"""Clean up network leftover on the namespace.
Due to Kuryr controller restarts it may happen that some network
resources are leftover. This method ensures they are deleted upon
retries.
:param namespace: name of the Kubernetes namespace object
"""
raise NotImplementedError()
Default pod security groups driver This patch adds a new driver type used to determine Neutron security groups that should be used for Kubernetes pods. This patch also provides a default driver implementation that uses a list of security groups set in configuration file. Change-Id: Id76f70b8a99ffa8372dfd3d199371e7db46fb812 Partially-Implements: blueprint kuryr-k8s-integration
2016-11-18 13:43:46 +03:00
Removing six library. Since we already migrated fully to Python3, it's time to also remove bits needed for Python2. One of those libs is six. Change-Id: Ib984d7b4b3c1048ed091c78986c634689a8ace8c
2020-02-28 12:00:19 +01:00
class ServiceSubnetsDriver(DriverBase, metaclass=abc.ABCMeta):
K8s Services support: LBaaSSpecHandler This patch introduces LBaaSSpecHandler that handles K8s Service events and updates related Endpoints with LBaaSServiceSpec when necessary. Change-Id: I09a0235842edd06827437f37aeac7ca5daeb1774 Partially-Implements: blueprint kuryr-k8s-integration
2017-01-31 23:19:32 +03:00
"""Provides subnets for Kubernetes Services."""
ALIAS = 'service_subnets'
@abc.abstractmethod
def get_subnets(self, service, project_id):
"""Get subnets for Service.
:param service: dict containing Kubernetes Pod object
:param project_id: OpenStack project ID
:return: dict containing the mapping 'subnet_id' -> 'network' for all
the subnets we want to create ports on, where 'network' is an
`os_vif.network.Network` object containing a single
`os_vif.subnet.Subnet` object corresponding to the 'subnet_id'
"""
raise NotImplementedError()
Removing six library. Since we already migrated fully to Python3, it's time to also remove bits needed for Python2. One of those libs is six. Change-Id: Ib984d7b4b3c1048ed091c78986c634689a8ace8c
2020-02-28 12:00:19 +01:00
class PodSecurityGroupsDriver(DriverBase, metaclass=abc.ABCMeta):
Default pod security groups driver This patch adds a new driver type used to determine Neutron security groups that should be used for Kubernetes pods. This patch also provides a default driver implementation that uses a list of security groups set in configuration file. Change-Id: Id76f70b8a99ffa8372dfd3d199371e7db46fb812 Partially-Implements: blueprint kuryr-k8s-integration
2016-11-18 13:43:46 +03:00
"""Provides security groups for Kubernetes Pods."""
ALIAS = 'pod_security_groups'
@abc.abstractmethod
def get_security_groups(self, pod, project_id):
"""Get a list of security groups' IDs for Pod.
:param pod: dict containing Kubernetes Pod object
:param project_id: OpenStack project ID
:return: list containing security groups' IDs
"""
raise NotImplementedError()
Generic VIF controller driver This patch introduces a driver that manages normal Neutron ports to provide VIFs for Kubernetes Pods. Change-Id: Ice32e96e107f7b7331caca3b79c488532710b4a2 Partially-Implements: blueprint kuryr-k8s-integration
2016-11-21 04:18:05 +03:00
Update CRD when NP has podSelectors When a pod gets created, deleted or updated and its labels matches the PodSelector of a NP, the sg must be updated. Partially Implements: blueprint k8s-network-policies Change-Id: Ic0dd3bc93e2453460c4d8dea360efd414b6ae42b
2018-12-17 12:53:51 +00:00
def create_sg_rules(self, pod):
"""Create security group rules for a pod.
:param pod: dict containing Kubernetes Pod object
Ensure only affected services are updated on Pod/NetworkPolicy events When Pods or Network Policies are created/updated/deleted, only the affected service(s) should have the SG updated. Right now, all the services are updated. This commit fixes the issue, on the Network Policy side, by checking if any of the pods selected by a Service is also selected by a Network Policy, and if so update the SG of that LBaaS. And on the Pods side, by matching the Service selectors and Network Policy selectors, when this NP got the pointed pods SG updated. If the selectors match the LBaaS SG is updated. Closes-Bug: 1818203 Change-Id: Id996651a7d03bc7621e57b46825ddfa9d98e48ce
2019-02-28 22:46:22 +00:00
:return: a list containing podSelectors of CRDs
that had security group rules created
Update CRD when NP has podSelectors When a pod gets created, deleted or updated and its labels matches the PodSelector of a NP, the sg must be updated. Partially Implements: blueprint k8s-network-policies Change-Id: Ic0dd3bc93e2453460c4d8dea360efd414b6ae42b
2018-12-17 12:53:51 +00:00
"""
raise NotImplementedError()
def delete_sg_rules(self, pod):
"""Delete security group rules for a pod
:param pod: dict containing Kubernetes Pod object
Ensure only affected services are updated on Pod/NetworkPolicy events When Pods or Network Policies are created/updated/deleted, only the affected service(s) should have the SG updated. Right now, all the services are updated. This commit fixes the issue, on the Network Policy side, by checking if any of the pods selected by a Service is also selected by a Network Policy, and if so update the SG of that LBaaS. And on the Pods side, by matching the Service selectors and Network Policy selectors, when this NP got the pointed pods SG updated. If the selectors match the LBaaS SG is updated. Closes-Bug: 1818203 Change-Id: Id996651a7d03bc7621e57b46825ddfa9d98e48ce
2019-02-28 22:46:22 +00:00
:return: a list containing podSelectors of CRDs
that had security group rules deleted
Update CRD when NP has podSelectors When a pod gets created, deleted or updated and its labels matches the PodSelector of a NP, the sg must be updated. Partially Implements: blueprint k8s-network-policies Change-Id: Ic0dd3bc93e2453460c4d8dea360efd414b6ae42b
2018-12-17 12:53:51 +00:00
"""
raise NotImplementedError()
def update_sg_rules(self, pod):
"""Update security group rules for a pod
:param pod: dict containing Kubernetes Pod object
Ensure only affected services are updated on Pod/NetworkPolicy events When Pods or Network Policies are created/updated/deleted, only the affected service(s) should have the SG updated. Right now, all the services are updated. This commit fixes the issue, on the Network Policy side, by checking if any of the pods selected by a Service is also selected by a Network Policy, and if so update the SG of that LBaaS. And on the Pods side, by matching the Service selectors and Network Policy selectors, when this NP got the pointed pods SG updated. If the selectors match the LBaaS SG is updated. Closes-Bug: 1818203 Change-Id: Id996651a7d03bc7621e57b46825ddfa9d98e48ce
2019-02-28 22:46:22 +00:00
:return: a list containing podSelectors of CRDs
that had security group rules updated
Update CRD when NP has podSelectors When a pod gets created, deleted or updated and its labels matches the PodSelector of a NP, the sg must be updated. Partially Implements: blueprint k8s-network-policies Change-Id: Ic0dd3bc93e2453460c4d8dea360efd414b6ae42b
2018-12-17 12:53:51 +00:00
"""
raise NotImplementedError()
Update CRD when NP has namespaceSelectors When a namespace is created, deleted or updated and its labels matches the namespaceSelector of a NP, the CRD and the respective sg must be updated. Partially Implements: blueprint k8s-network-policies Change-Id: I515de28647f5f06248555733c27dd4f5a56149ec
2018-12-30 22:10:51 +00:00
def delete_namespace_sg_rules(self, namespace):
"""Delete security group rule associated to a namespace.
:param namespace: dict containing K8S Namespace object
"""
raise NotImplementedError()
def create_namespace_sg_rules(self, namespace):
"""Create security group rule associated to a namespace.
:param namespace: dict containing K8S Namespace object
"""
raise NotImplementedError()
def update_namespace_sg_rules(self, namespace):
"""Update security group rule associated to a namespace.
:param namespace: dict containing K8S Namespace object
"""
raise NotImplementedError()
Generic VIF controller driver This patch introduces a driver that manages normal Neutron ports to provide VIFs for Kubernetes Pods. Change-Id: Ice32e96e107f7b7331caca3b79c488532710b4a2 Partially-Implements: blueprint kuryr-k8s-integration
2016-11-21 04:18:05 +03:00
Removing six library. Since we already migrated fully to Python3, it's time to also remove bits needed for Python2. One of those libs is six. Change-Id: Ib984d7b4b3c1048ed091c78986c634689a8ace8c
2020-02-28 12:00:19 +01:00
class ServiceSecurityGroupsDriver(DriverBase, metaclass=abc.ABCMeta):
K8s Services support: LBaaSSpecHandler This patch introduces LBaaSSpecHandler that handles K8s Service events and updates related Endpoints with LBaaSServiceSpec when necessary. Change-Id: I09a0235842edd06827437f37aeac7ca5daeb1774 Partially-Implements: blueprint kuryr-k8s-integration
2017-01-31 23:19:32 +03:00
"""Provides security groups for Kubernetes Services."""
ALIAS = 'service_security_groups'
@abc.abstractmethod
def get_security_groups(self, service, project_id):
"""Get a list of security groups' IDs for Service.
:param service: dict containing Kubernetes Service object
:param project_id: OpenStack project ID
:return: list containing security groups' IDs
"""
raise NotImplementedError()
Removing six library. Since we already migrated fully to Python3, it's time to also remove bits needed for Python2. One of those libs is six. Change-Id: Ib984d7b4b3c1048ed091c78986c634689a8ace8c
2020-02-28 12:00:19 +01:00
class PodVIFDriver(DriverBase, metaclass=abc.ABCMeta):
Generic VIF controller driver This patch introduces a driver that manages normal Neutron ports to provide VIFs for Kubernetes Pods. Change-Id: Ice32e96e107f7b7331caca3b79c488532710b4a2 Partially-Implements: blueprint kuryr-k8s-integration
2016-11-21 04:18:05 +03:00
"""Manages Neutron ports to provide VIFs for Kubernetes Pods."""
ALIAS = 'pod_vif'
@abc.abstractmethod
def request_vif(self, pod, project_id, subnets, security_groups):
"""Links Neutron port to pod and returns it as VIF object.
Implementing drivers must ensure the Neutron port satisfying the
requested parameters is present and is valid for specified `pod`. It
is up to the implementing drivers to either create new ports on each
request or reuse available ports when possible.
Implementing drivers may return a VIF object with its `active` field
set to 'False' to indicate that Neutron port requires additional
actions to enable network connectivity after VIF is plugged (e.g.
setting up OpenFlow and/or iptables rules by OpenVSwitch agent). In
that case the Controller will call driver's `activate_vif` method
and the CNI plugin will block until it receives activation
confirmation from the Controller.
:param pod: dict containing Kubernetes Pod object
:param project_id: OpenStack project ID
:param subnets: dict containing subnet mapping as returned by
`PodSubnetsDriver.get_subnets`. If multiple entries
are present in that mapping, it is guaranteed that
all entries have the same value of `Network.id`.
:param security_groups: list containing security groups' IDs as
returned by
`PodSecurityGroupsDriver.get_security_groups`
:return: VIF object
"""
raise NotImplementedError()
Generic vif pool driver extension to precreate reusable ports This patch enhances the generic vif pool driver to also pre-create ports in bulk request, so that containers can make use of them when being boot -- even if not that many containers have been created and deleted before. This patch also removes the port deletion/recycle from the pod deletion pipeline by having a dedicated thread performing periodic recycling actions. Partially Implements blueprint ports-pool Change-Id: I7a3165b8a43e314c360b04cb0cefc69e0e5e768f
2017-02-22 12:00:48 +01:00
def request_vifs(self, pod, project_id, subnets, security_groups,
Limit the number of concurrent create_ports requests This commit proposes to limit the number of create ports in bulk requests to 20, since Neutron takes long to handle this requests when the Number of ports and parallel calls increase. Change-Id: Ifa4fb9e1d1c899d55859fc5f33ba4c0670ba86b6
2021-12-13 21:53:52 +00:00
num_ports, semaphore):
Generic vif pool driver extension to precreate reusable ports This patch enhances the generic vif pool driver to also pre-create ports in bulk request, so that containers can make use of them when being boot -- even if not that many containers have been created and deleted before. This patch also removes the port deletion/recycle from the pod deletion pipeline by having a dedicated thread performing periodic recycling actions. Partially Implements blueprint ports-pool Change-Id: I7a3165b8a43e314c360b04cb0cefc69e0e5e768f
2017-02-22 12:00:48 +01:00
"""Creates Neutron ports for pods and returns them as VIF objects list.
It follows the same pattern as request_vif but creating the specified
amount of ports and vif objects at num_ports parameter.
The port creation request is generic as it not going to be used by the
pod -- at least not all of them. Additionally, in order to save Neutron
calls, the ports creation is handled in a bulk request.
:param pod: dict containing Kubernetes Pod object
:param project_id: OpenStack project ID
:param subnets: dict containing subnet mapping as returned by
`PodSubnetsDriver.get_subnets`. If multiple entries
are present in that mapping, it is guaranteed that
all entries have the same value of `Network.id`.
:param security_groups: list containing security groups' IDs as
returned by
`PodSecurityGroupsDriver.get_security_groups`
:param num_ports: number of ports to be created
Limit the number of concurrent create_ports requests This commit proposes to limit the number of create ports in bulk requests to 20, since Neutron takes long to handle this requests when the Number of ports and parallel calls increase. Change-Id: Ifa4fb9e1d1c899d55859fc5f33ba4c0670ba86b6
2021-12-13 21:53:52 +00:00
:param semaphore: a eventlet Semaphore to limit the number of create
Port in bulk running in parallel
Generic vif pool driver extension to precreate reusable ports This patch enhances the generic vif pool driver to also pre-create ports in bulk request, so that containers can make use of them when being boot -- even if not that many containers have been created and deleted before. This patch also removes the port deletion/recycle from the pod deletion pipeline by having a dedicated thread performing periodic recycling actions. Partially Implements blueprint ports-pool Change-Id: I7a3165b8a43e314c360b04cb0cefc69e0e5e768f
2017-02-22 12:00:48 +01:00
:return: VIF objects list
"""
raise NotImplementedError()
Generic VIF controller driver This patch introduces a driver that manages normal Neutron ports to provide VIFs for Kubernetes Pods. Change-Id: Ice32e96e107f7b7331caca3b79c488532710b4a2 Partially-Implements: blueprint kuryr-k8s-integration
2016-11-21 04:18:05 +03:00
@abc.abstractmethod
Cleanup KuryrPort when Pod is missing We can easily imagine an user frustrated by his pod not getting deleted and opting to remove the finalizer from the Pod. If the cause of the deletion delay was the kuryr-controller being down, we end up with an orphaned KuryrPort. At the moment this causes crashes, which obviously it shouldn't. Moreover we should figure out how to clean up the Neutron port if that happens. This commit does so as explained below. 1. KuryrPort on_present() will trigger its deletion when it detects that Pod does not longer exist. 2. Turns out security_groups parameter passed to release_vif() was never used. I removed it from drivers and got rid of get_security_groups() call from on_finalize() as it's no longer necessary. 3. When we cannot get the Pod in KuryrPort on_finalize() we attempt to gather info required to cleanup the KuryrPort and "mock" a Pod object. A precaution is added that any error from release_vif() is ignored in that case to make sure failed cleanup is not causing the system to go down. Change-Id: Iaf48296ff28394823f68d58362bcc87d38a2cd42
2022-08-23 11:54:04 +02:00
def release_vif(self, pod, vif, project_id=None):
Generic VIF controller driver This patch introduces a driver that manages normal Neutron ports to provide VIFs for Kubernetes Pods. Change-Id: Ice32e96e107f7b7331caca3b79c488532710b4a2 Partially-Implements: blueprint kuryr-k8s-integration
2016-11-21 04:18:05 +03:00
"""Unlinks Neutron port corresponding to VIF object from pod.
Implementing drivers must ensure the port is either deleted or made
available for reuse by `PodVIFDriver.request_vif`.
:param pod: dict containing Kubernetes Pod object
:param vif: VIF object as returned by `PodVIFDriver.request_vif`
Generic vif driver extension to enable ports reuse In order to speed up containers creation/deletion a new generic-vif driver is proposed that build upon the port pool driver to ensure ports already created can be reused in the future. Note this remove the neutron.create_port from the container creation process. As measured in the performance evaluation performed in [0], these times are, on average, around 2 seconds. [0] https://blog.russellbryant.net/2016/12/19/comparing-openstack-neutron-ml2ovs-and-ovn-control-plane/ Partially Implements blueprint ports-pool Change-Id: Ib127735570470850dde452c453eac3d5545f7a43
2017-02-22 11:10:05 +01:00
:param project_id: OpenStack project ID
Generic VIF controller driver This patch introduces a driver that manages normal Neutron ports to provide VIFs for Kubernetes Pods. Change-Id: Ice32e96e107f7b7331caca3b79c488532710b4a2 Partially-Implements: blueprint kuryr-k8s-integration
2016-11-21 04:18:05 +03:00
"""
raise NotImplementedError()
Cleanup KuryrPort when Pod is missing We can easily imagine an user frustrated by his pod not getting deleted and opting to remove the finalizer from the Pod. If the cause of the deletion delay was the kuryr-controller being down, we end up with an orphaned KuryrPort. At the moment this causes crashes, which obviously it shouldn't. Moreover we should figure out how to clean up the Neutron port if that happens. This commit does so as explained below. 1. KuryrPort on_present() will trigger its deletion when it detects that Pod does not longer exist. 2. Turns out security_groups parameter passed to release_vif() was never used. I removed it from drivers and got rid of get_security_groups() call from on_finalize() as it's no longer necessary. 3. When we cannot get the Pod in KuryrPort on_finalize() we attempt to gather info required to cleanup the KuryrPort and "mock" a Pod object. A precaution is added that any error from release_vif() is ignored in that case to make sure failed cleanup is not causing the system to go down. Change-Id: Iaf48296ff28394823f68d58362bcc87d38a2cd42
2022-08-23 11:54:04 +02:00
def release_vifs(self, pods, vifs, project_id=None):
Generic vif pool driver extension to precreate reusable ports This patch enhances the generic vif pool driver to also pre-create ports in bulk request, so that containers can make use of them when being boot -- even if not that many containers have been created and deleted before. This patch also removes the port deletion/recycle from the pod deletion pipeline by having a dedicated thread performing periodic recycling actions. Partially Implements blueprint ports-pool Change-Id: I7a3165b8a43e314c360b04cb0cefc69e0e5e768f
2017-02-22 12:00:48 +01:00
"""Unlinks Neutron ports corresponding to VIF objects.
It follows the same pattern as release_vif but releasing num_ports
ports. Ideally it will also make use of bulk request to save Neutron
calls in the release/recycle process.
:param pods: list of dict containing Kubernetes Pod objects
:param vifs: list of VIF objects as returned by
`PodVIFDriver.request_vif`
:param project_id: (optional) OpenStack project ID
"""
raise NotImplementedError()
Generic VIF controller driver This patch introduces a driver that manages normal Neutron ports to provide VIFs for Kubernetes Pods. Change-Id: Ice32e96e107f7b7331caca3b79c488532710b4a2 Partially-Implements: blueprint kuryr-k8s-integration
2016-11-21 04:18:05 +03:00
@abc.abstractmethod
Workaround OVN bug causing subports to be DOWN Neutron should make a subport that is already attached to a trunk ACTIVE immediately. Unfortunately there seems to be an OVN bug causing an event triggering this to be lost, leaving the port in DOWN state forever. This is a disaster for Kuryr, because we can't proceed to wire the pods in such case. This commit attempts to workaround this by making Kuryr reattach the ports that are in DOWN state for more than 90 seconds after they're plugged. Change-Id: If9a3968d68dced588614cd5521d4a111e78d435f
2021-06-07 09:41:36 +02:00
def activate_vif(self, vif, **kwargs):
Generic VIF controller driver This patch introduces a driver that manages normal Neutron ports to provide VIFs for Kubernetes Pods. Change-Id: Ice32e96e107f7b7331caca3b79c488532710b4a2 Partially-Implements: blueprint kuryr-k8s-integration
2016-11-21 04:18:05 +03:00
"""Updates VIF to become active.
Implementing drivers should update the specified `vif` object's
`active` field to 'True' but must ensure that the corresponding
Neutron port is fully configured (i.e. the container using the `vif`
can access the requested network resources).
Implementing drivers may raise `ResourceNotReady` exception to
indicate that port activation should be retried later which will
cause `activate_vif` to be called again with the same arguments.
This method may be called before, after or while the VIF is being
plugged by the CNI plugin.
:param vif: VIF object as returned by `PodVIFDriver.request_vif`
"""
raise NotImplementedError()
K8s Services support: LBaaSv2Driver This patch adds new LBaaSDriver driver used to support K8s services and provides LBaaSv2Driver implementation that relies on Neutron LBaaSv2 API. NOTE: functionality added by this patch can only be properly verified after corresponding handler is added to the controller in subsequent patch. Change-Id: Iaaeec7b6f8357ed1f7efbfcff0972f5349c28fe0 Partially-Implements: blueprint kuryr-k8s-integration
2017-02-14 03:33:02 +03:00
Ensure existing pods use the right network policy This patch set ensures that: - A new network policy is applied to existing pods - A modification on the network policy selector gets applied on the associated pods - Deleting a network policy updated the access policies on the associated pods - There is no race at deleting the network policy, ensuring the security group is first deleted from the ports and then removed as part of the network policy deletion process Partially Implements: blueprint k8s-network-policies Change-Id: I25aa23b87947662333c021b9df3e83b9de2515e2
2018-11-07 18:46:07 +01:00
@abc.abstractmethod
def update_vif_sgs(self, pod, security_groups):
"""Update VIF security groups.
Implementing drivers should update the port associated to the pod
with the specified security groups.
:param pod: dict containing Kubernetes Pod object
:param security_groups: list containing security groups' IDs as
returned by
`PodSecurityGroupsDriver.get_security_groups`
"""
raise NotImplementedError()
K8s Services support: LBaaSv2Driver This patch adds new LBaaSDriver driver used to support K8s services and provides LBaaSv2Driver implementation that relies on Neutron LBaaSv2 API. NOTE: functionality added by this patch can only be properly verified after corresponding handler is added to the controller in subsequent patch. Change-Id: Iaaeec7b6f8357ed1f7efbfcff0972f5349c28fe0 Partially-Implements: blueprint kuryr-k8s-integration
2017-02-14 03:33:02 +03:00
Removing six library. Since we already migrated fully to Python3, it's time to also remove bits needed for Python2. One of those libs is six. Change-Id: Ib984d7b4b3c1048ed091c78986c634689a8ace8c
2020-02-28 12:00:19 +01:00
class MultiVIFDriver(DriverBase, metaclass=abc.ABCMeta):
Implement multi-vif driver This patch implements the multi-vif of VIF-Handler And Vif Drivers Design. This patch creates a new driver type MultiVIFDriver. It will be the base class of real drivers like sriov, additional_subnet and npwg_multiple_interfaces. Each of the derived driver should implement the parsing of the additional interfaces definition in K8S pods, and call VIF driver to either create or acquire the Neutron port and its VIF object. A list of enabled drivers can be returned by its class method. So that the VIFHandler can invoke each driver one by one to get the whole list of interfaces for one pod. Partially Implements: blueprint multi-vif-pods Change-Id: I8b5175a4637b18a0b574e27674a217865afb22b7 Signed-off-by: Peng Liu <pliu@redhat.com>
2018-06-15 14:11:34 +08:00
"""Manages additional ports of Kubernetes Pods."""
ALIAS = 'multi_vif'
@abc.abstractmethod
def request_additional_vifs(
self, pod, project_id, security_groups):
"""Links Neutron ports to pod and returns them as a list of VIF objects.
Implementing drivers must be able to parse the additional interface
definition from pod. The format of the definition is up to the
implementation of each driver. Then implementing drivers must invoke
the VIF drivers to either create new Neutron ports on each request or
reuse available ports when possible.
:param pod: dict containing Kubernetes Pod object
:param project_id: OpenStack project ID
:param security_groups: list containing security groups' IDs as
returned by
`PodSecurityGroupsDriver.get_security_groups`
:return: VIF object list
"""
raise NotImplementedError()
@classmethod
def get_enabled_drivers(cls):
if _MULTI_VIF_DRIVERS:
pass
else:
drivers = config.CONF.kubernetes['multi_vif_drivers']
for driver in drivers:
_MULTI_VIF_DRIVERS.append(cls.get_instance(driver))
return _MULTI_VIF_DRIVERS
K8s Services support: LBaaSv2Driver This patch adds new LBaaSDriver driver used to support K8s services and provides LBaaSv2Driver implementation that relies on Neutron LBaaSv2 API. NOTE: functionality added by this patch can only be properly verified after corresponding handler is added to the controller in subsequent patch. Change-Id: Iaaeec7b6f8357ed1f7efbfcff0972f5349c28fe0 Partially-Implements: blueprint kuryr-k8s-integration
2017-02-14 03:33:02 +03:00
class LBaaSDriver(DriverBase):
OCP-Router: Ingress controller support This is the second patch of the Ingress Controller capability. In order for the K8S Ingress and OpenShift Route resources to work, the cluster must have an Ingress Controller running. This patch extends LBaaS driver to support L7 load balancing and verifies, retrieves and stores the L7 router LB (pre-created by admin or Devstack) details. The OCP-route and K8S-endpoint handlers (implemented in next patch) will query the ingress controller for the L7 router details. Partially Implements: blueprint openshift-router-support Change-Id: Id55169f6c9c1c607b2aa54c92711dfbd04a9e39d
2018-01-22 16:43:00 +02:00
"""Base class for Openstack loadbalancer services."""
K8s Services support: LBaaSv2Driver This patch adds new LBaaSDriver driver used to support K8s services and provides LBaaSv2Driver implementation that relies on Neutron LBaaSv2 API. NOTE: functionality added by this patch can only be properly verified after corresponding handler is added to the controller in subsequent patch. Change-Id: Iaaeec7b6f8357ed1f7efbfcff0972f5349c28fe0 Partially-Implements: blueprint kuryr-k8s-integration
2017-02-14 03:33:02 +03:00
K8s Services support: LoadBalancerHandler This patch implements LoadBalancerHandler that handles K8s Endpoints events and tracks changes in LBaaSServiceSpec to update Neutron LBaaS accordingly and to reflect its' actual state in LBaaSState. Change-Id: I718daf6d3def981c1bde5ca9831f955766935fbd Partially-Implements: blueprint kuryr-k8s-integration
2017-03-28 18:43:26 +03:00
ALIAS = 'endpoints_lbaas'
K8s Services support: LBaaSv2Driver This patch adds new LBaaSDriver driver used to support K8s services and provides LBaaSv2Driver implementation that relies on Neutron LBaaSv2 API. NOTE: functionality added by this patch can only be properly verified after corresponding handler is added to the controller in subsequent patch. Change-Id: Iaaeec7b6f8357ed1f7efbfcff0972f5349c28fe0 Partially-Implements: blueprint kuryr-k8s-integration
2017-02-14 03:33:02 +03:00
@abc.abstractmethod
Service: Decoupling and improvements of LBaaS driver A Kuryr controller handler associates itself with specific Kubernetes object kind (e.g: endpoint) and it's responsible for handling the events of this object. The Kuryr controller handlers call one or more Kuryr controller drivers to manage specific aspects of the Kubernetes resource in the OpenStack domain. This patch makes K8S-Endpoint handler and LBaaS driver decoupled, and also updates LBaaS driver to be more generic (e.g: support create a pool that attached to loadbalancer). After having this change the LBaaS driver could be extended to support L7 load balancing, means it could be used as the Ingress driver. Closes-Bug: 1770934 Change-Id: Ifcda04cc0116bf42e79aa4f855dc9df73671b4d9
2018-05-04 00:55:34 +03:00
def get_service_loadbalancer_name(self, namespace, svc_name):
"""Generate name of a load balancer that represents K8S service.
In case a load balancer represents K8S service/ep, the handler
should call first this API to get the load balancer name and use the
return value of this function as 'name' parameter for the
'ensure_loadbalancer' function
:param namespace: K8S service namespace
:param svc_name: K8S service name
"""
raise NotImplementedError()
@abc.abstractmethod
def ensure_loadbalancer(self, name, project_id, subnet_id, ip,
LBaaS driver: Add provider support The OVN provider was added lately to Octavia [1] in addition to the 'amphora' provider. In order to create a LB with a specific provider the provider name should be posted in load balancer creation request, in case the provider name is not specified, Octavia default provider will be used. This patch enhances LBaaS driver to support LB provider functionality. The functionality of translating K8S-services into Octavia-OVN load balancers will be based on this change. [1] https://github.com/openstack/networking-ovn/commit/66502f19f2994512fb89e6e453429e140da5fa4b Partially Implements: blueprint octavia-ovn-provider Change-Id: I07532c0fd93d9269f317eace53b4baaa70df9201
2018-09-16 14:57:28 +03:00
security_groups_ids, service_type, provider):
K8s Services support: LBaaSv2Driver This patch adds new LBaaSDriver driver used to support K8s services and provides LBaaSv2Driver implementation that relies on Neutron LBaaSv2 API. NOTE: functionality added by this patch can only be properly verified after corresponding handler is added to the controller in subsequent patch. Change-Id: Iaaeec7b6f8357ed1f7efbfcff0972f5349c28fe0 Partially-Implements: blueprint kuryr-k8s-integration
2017-02-14 03:33:02 +03:00
"""Get or create load balancer.
Service: Decoupling and improvements of LBaaS driver A Kuryr controller handler associates itself with specific Kubernetes object kind (e.g: endpoint) and it's responsible for handling the events of this object. The Kuryr controller handlers call one or more Kuryr controller drivers to manage specific aspects of the Kubernetes resource in the OpenStack domain. This patch makes K8S-Endpoint handler and LBaaS driver decoupled, and also updates LBaaS driver to be more generic (e.g: support create a pool that attached to loadbalancer). After having this change the LBaaS driver could be extended to support L7 load balancing, means it could be used as the Ingress driver. Closes-Bug: 1770934 Change-Id: Ifcda04cc0116bf42e79aa4f855dc9df73671b4d9
2018-05-04 00:55:34 +03:00
:param name: LoadBlancer name
K8s Services support: LBaaSv2Driver This patch adds new LBaaSDriver driver used to support K8s services and provides LBaaSv2Driver implementation that relies on Neutron LBaaSv2 API. NOTE: functionality added by this patch can only be properly verified after corresponding handler is added to the controller in subsequent patch. Change-Id: Iaaeec7b6f8357ed1f7efbfcff0972f5349c28fe0 Partially-Implements: blueprint kuryr-k8s-integration
2017-02-14 03:33:02 +03:00
:param project_id: OpenStack project ID
:param subnet_id: Neutron subnet ID to host load balancer
:param ip: IP of the load balancer
:param security_groups_ids: security groups that should be allowed
access to the load balancer
Services: Set SGs for N-S with haproxy provider This is continuation of Ie4a53dedf54472394f92fdfacddf0632e33f1f5b and aims to orchestrate security groups and rules creation to make sure listeners are available for each LoadBalancer Service. This is done on-demand in LBaaS v2 driver. Related-Bug: 1749968 Change-Id: Ie6b3783eff7a21ad602923c32bacc37356664e82
2018-02-21 18:57:14 +01:00
:param service_type: K8s service type (ClusterIP or LoadBalancer)
LBaaS driver: Add provider support The OVN provider was added lately to Octavia [1] in addition to the 'amphora' provider. In order to create a LB with a specific provider the provider name should be posted in load balancer creation request, in case the provider name is not specified, Octavia default provider will be used. This patch enhances LBaaS driver to support LB provider functionality. The functionality of translating K8S-services into Octavia-OVN load balancers will be based on this change. [1] https://github.com/openstack/networking-ovn/commit/66502f19f2994512fb89e6e453429e140da5fa4b Partially Implements: blueprint octavia-ovn-provider Change-Id: I07532c0fd93d9269f317eace53b4baaa70df9201
2018-09-16 14:57:28 +03:00
:param provider: load balancer backend service
K8s Services support: LBaaSv2Driver This patch adds new LBaaSDriver driver used to support K8s services and provides LBaaSv2Driver implementation that relies on Neutron LBaaSv2 API. NOTE: functionality added by this patch can only be properly verified after corresponding handler is added to the controller in subsequent patch. Change-Id: Iaaeec7b6f8357ed1f7efbfcff0972f5349c28fe0 Partially-Implements: blueprint kuryr-k8s-integration
2017-02-14 03:33:02 +03:00
"""
raise NotImplementedError()
@abc.abstractmethod
Service: Decoupling and improvements of LBaaS driver A Kuryr controller handler associates itself with specific Kubernetes object kind (e.g: endpoint) and it's responsible for handling the events of this object. The Kuryr controller handlers call one or more Kuryr controller drivers to manage specific aspects of the Kubernetes resource in the OpenStack domain. This patch makes K8S-Endpoint handler and LBaaS driver decoupled, and also updates LBaaS driver to be more generic (e.g: support create a pool that attached to loadbalancer). After having this change the LBaaS driver could be extended to support L7 load balancing, means it could be used as the Ingress driver. Closes-Bug: 1770934 Change-Id: Ifcda04cc0116bf42e79aa4f855dc9df73671b4d9
2018-05-04 00:55:34 +03:00
def release_loadbalancer(self, loadbalancer):
K8s Services support: LBaaSv2Driver This patch adds new LBaaSDriver driver used to support K8s services and provides LBaaSv2Driver implementation that relies on Neutron LBaaSv2 API. NOTE: functionality added by this patch can only be properly verified after corresponding handler is added to the controller in subsequent patch. Change-Id: Iaaeec7b6f8357ed1f7efbfcff0972f5349c28fe0 Partially-Implements: blueprint kuryr-k8s-integration
2017-02-14 03:33:02 +03:00
"""Release load balancer.
Should return without errors if load balancer does not exist (e.g.
already deleted).
:param loadbalancer: `LBaaSLoadBalancer` object
"""
raise NotImplementedError()
@abc.abstractmethod
Service: Decoupling and improvements of LBaaS driver A Kuryr controller handler associates itself with specific Kubernetes object kind (e.g: endpoint) and it's responsible for handling the events of this object. The Kuryr controller handlers call one or more Kuryr controller drivers to manage specific aspects of the Kubernetes resource in the OpenStack domain. This patch makes K8S-Endpoint handler and LBaaS driver decoupled, and also updates LBaaS driver to be more generic (e.g: support create a pool that attached to loadbalancer). After having this change the LBaaS driver could be extended to support L7 load balancing, means it could be used as the Ingress driver. Closes-Bug: 1770934 Change-Id: Ifcda04cc0116bf42e79aa4f855dc9df73671b4d9
2018-05-04 00:55:34 +03:00
def ensure_listener(self, loadbalancer, protocol, port):
K8s Services support: LBaaSv2Driver This patch adds new LBaaSDriver driver used to support K8s services and provides LBaaSv2Driver implementation that relies on Neutron LBaaSv2 API. NOTE: functionality added by this patch can only be properly verified after corresponding handler is added to the controller in subsequent patch. Change-Id: Iaaeec7b6f8357ed1f7efbfcff0972f5349c28fe0 Partially-Implements: blueprint kuryr-k8s-integration
2017-02-14 03:33:02 +03:00
"""Get or create listener.
:param loadbalancer: `LBaaSLoadBalancer` object
:param protocol: listener's protocol (only TCP is supported for now)
:param port: listener's port
"""
raise NotImplementedError()
@abc.abstractmethod
Service: Decoupling and improvements of LBaaS driver A Kuryr controller handler associates itself with specific Kubernetes object kind (e.g: endpoint) and it's responsible for handling the events of this object. The Kuryr controller handlers call one or more Kuryr controller drivers to manage specific aspects of the Kubernetes resource in the OpenStack domain. This patch makes K8S-Endpoint handler and LBaaS driver decoupled, and also updates LBaaS driver to be more generic (e.g: support create a pool that attached to loadbalancer). After having this change the LBaaS driver could be extended to support L7 load balancing, means it could be used as the Ingress driver. Closes-Bug: 1770934 Change-Id: Ifcda04cc0116bf42e79aa4f855dc9df73671b4d9
2018-05-04 00:55:34 +03:00
def release_listener(self, loadbalancer, listener):
K8s Services support: LBaaSv2Driver This patch adds new LBaaSDriver driver used to support K8s services and provides LBaaSv2Driver implementation that relies on Neutron LBaaSv2 API. NOTE: functionality added by this patch can only be properly verified after corresponding handler is added to the controller in subsequent patch. Change-Id: Iaaeec7b6f8357ed1f7efbfcff0972f5349c28fe0 Partially-Implements: blueprint kuryr-k8s-integration
2017-02-14 03:33:02 +03:00
"""Release listener.
Should return without errors if listener or load balancer does not
exist (e.g. already deleted).
:param loadbalancer: `LBaaSLoadBalancer` object
:param listener: `LBaaSListener` object
"""
raise NotImplementedError()
@abc.abstractmethod
Service: Decoupling and improvements of LBaaS driver A Kuryr controller handler associates itself with specific Kubernetes object kind (e.g: endpoint) and it's responsible for handling the events of this object. The Kuryr controller handlers call one or more Kuryr controller drivers to manage specific aspects of the Kubernetes resource in the OpenStack domain. This patch makes K8S-Endpoint handler and LBaaS driver decoupled, and also updates LBaaS driver to be more generic (e.g: support create a pool that attached to loadbalancer). After having this change the LBaaS driver could be extended to support L7 load balancing, means it could be used as the Ingress driver. Closes-Bug: 1770934 Change-Id: Ifcda04cc0116bf42e79aa4f855dc9df73671b4d9
2018-05-04 00:55:34 +03:00
def ensure_pool(self, loadbalancer, listener):
"""Get or create pool attached to Listener.
K8s Services support: LBaaSv2Driver This patch adds new LBaaSDriver driver used to support K8s services and provides LBaaSv2Driver implementation that relies on Neutron LBaaSv2 API. NOTE: functionality added by this patch can only be properly verified after corresponding handler is added to the controller in subsequent patch. Change-Id: Iaaeec7b6f8357ed1f7efbfcff0972f5349c28fe0 Partially-Implements: blueprint kuryr-k8s-integration
2017-02-14 03:33:02 +03:00
:param loadbalancer: `LBaaSLoadBalancer` object
:param listener: `LBaaSListener` object
"""
raise NotImplementedError()
@abc.abstractmethod
Service: Decoupling and improvements of LBaaS driver A Kuryr controller handler associates itself with specific Kubernetes object kind (e.g: endpoint) and it's responsible for handling the events of this object. The Kuryr controller handlers call one or more Kuryr controller drivers to manage specific aspects of the Kubernetes resource in the OpenStack domain. This patch makes K8S-Endpoint handler and LBaaS driver decoupled, and also updates LBaaS driver to be more generic (e.g: support create a pool that attached to loadbalancer). After having this change the LBaaS driver could be extended to support L7 load balancing, means it could be used as the Ingress driver. Closes-Bug: 1770934 Change-Id: Ifcda04cc0116bf42e79aa4f855dc9df73671b4d9
2018-05-04 00:55:34 +03:00
def ensure_pool_attached_to_lb(self, loadbalancer, namespace,
svc_name, protocol):
"""Get or create pool attached to LoadBalancer.
:param loadbalancer: `LBaaSLoadBalancer` object
:param namespace: K8S service's namespace
:param svc_name: K8S service's name
:param protocol: pool's protocol
"""
raise NotImplementedError()
@abc.abstractmethod
def get_loadbalancer_pool_name(self, loadbalancer, namespace, svc_name):
"""Get name of a load balancer's pool attached to LB.
The pool's name should be unique per K8S service
:param loadbalancer: `LBaaSLoadBalancer` object
:param namespace: K8S service's namespace
:param svc_name: K8S service's name
"""
raise NotImplementedError()
@abc.abstractmethod
def release_pool(self, loadbalancer, pool):
K8s Services support: LBaaSv2Driver This patch adds new LBaaSDriver driver used to support K8s services and provides LBaaSv2Driver implementation that relies on Neutron LBaaSv2 API. NOTE: functionality added by this patch can only be properly verified after corresponding handler is added to the controller in subsequent patch. Change-Id: Iaaeec7b6f8357ed1f7efbfcff0972f5349c28fe0 Partially-Implements: blueprint kuryr-k8s-integration
2017-02-14 03:33:02 +03:00
"""Release pool.
Should return without errors if pool or load balancer does not exist
(e.g. already deleted).
:param loadbalancer: `LBaaSLoadBalancer` object
:param pool: `LBaaSPool` object
"""
raise NotImplementedError()
@abc.abstractmethod
Service: Decoupling and improvements of LBaaS driver A Kuryr controller handler associates itself with specific Kubernetes object kind (e.g: endpoint) and it's responsible for handling the events of this object. The Kuryr controller handlers call one or more Kuryr controller drivers to manage specific aspects of the Kubernetes resource in the OpenStack domain. This patch makes K8S-Endpoint handler and LBaaS driver decoupled, and also updates LBaaS driver to be more generic (e.g: support create a pool that attached to loadbalancer). After having this change the LBaaS driver could be extended to support L7 load balancing, means it could be used as the Ingress driver. Closes-Bug: 1770934 Change-Id: Ifcda04cc0116bf42e79aa4f855dc9df73671b4d9
2018-05-04 00:55:34 +03:00
def ensure_member(self, loadbalancer, pool,
subnet_id, ip, port, target_ref_namespace,
target_ref_name):
K8s Services support: LBaaSv2Driver This patch adds new LBaaSDriver driver used to support K8s services and provides LBaaSv2Driver implementation that relies on Neutron LBaaSv2 API. NOTE: functionality added by this patch can only be properly verified after corresponding handler is added to the controller in subsequent patch. Change-Id: Iaaeec7b6f8357ed1f7efbfcff0972f5349c28fe0 Partially-Implements: blueprint kuryr-k8s-integration
2017-02-14 03:33:02 +03:00
"""Get or create member.
:param loadbalancer: `LBaaSLoadBalancer` object
:param pool: `LBaaSPool` object
:param subnet_id: Neutron subnet ID of the target
:param ip: target's IP (e.g. Pod's IP)
:param port: target port
Service: Decoupling and improvements of LBaaS driver A Kuryr controller handler associates itself with specific Kubernetes object kind (e.g: endpoint) and it's responsible for handling the events of this object. The Kuryr controller handlers call one or more Kuryr controller drivers to manage specific aspects of the Kubernetes resource in the OpenStack domain. This patch makes K8S-Endpoint handler and LBaaS driver decoupled, and also updates LBaaS driver to be more generic (e.g: support create a pool that attached to loadbalancer). After having this change the LBaaS driver could be extended to support L7 load balancing, means it could be used as the Ingress driver. Closes-Bug: 1770934 Change-Id: Ifcda04cc0116bf42e79aa4f855dc9df73671b4d9
2018-05-04 00:55:34 +03:00
:param target_ref_namespace: Kubernetes EP target_ref namespace
:param target_ref_name: Kubernetes EP target_ref name
K8s Services support: LBaaSv2Driver This patch adds new LBaaSDriver driver used to support K8s services and provides LBaaSv2Driver implementation that relies on Neutron LBaaSv2 API. NOTE: functionality added by this patch can only be properly verified after corresponding handler is added to the controller in subsequent patch. Change-Id: Iaaeec7b6f8357ed1f7efbfcff0972f5349c28fe0 Partially-Implements: blueprint kuryr-k8s-integration
2017-02-14 03:33:02 +03:00
"""
raise NotImplementedError()
@abc.abstractmethod
Service: Decoupling and improvements of LBaaS driver A Kuryr controller handler associates itself with specific Kubernetes object kind (e.g: endpoint) and it's responsible for handling the events of this object. The Kuryr controller handlers call one or more Kuryr controller drivers to manage specific aspects of the Kubernetes resource in the OpenStack domain. This patch makes K8S-Endpoint handler and LBaaS driver decoupled, and also updates LBaaS driver to be more generic (e.g: support create a pool that attached to loadbalancer). After having this change the LBaaS driver could be extended to support L7 load balancing, means it could be used as the Ingress driver. Closes-Bug: 1770934 Change-Id: Ifcda04cc0116bf42e79aa4f855dc9df73671b4d9
2018-05-04 00:55:34 +03:00
def release_member(self, loadbalancer, member):
K8s Services support: LBaaSv2Driver This patch adds new LBaaSDriver driver used to support K8s services and provides LBaaSv2Driver implementation that relies on Neutron LBaaSv2 API. NOTE: functionality added by this patch can only be properly verified after corresponding handler is added to the controller in subsequent patch. Change-Id: Iaaeec7b6f8357ed1f7efbfcff0972f5349c28fe0 Partially-Implements: blueprint kuryr-k8s-integration
2017-02-14 03:33:02 +03:00
"""Release member.
Should return without errors if memberor load balancer does not exist
(e.g. already deleted).
:param loadbalancer: `LBaaSLoadBalancer` object
:param member: `LBaaSMember` object
"""
raise NotImplementedError()
Adding support for vif pool driver Every time a container is created or deleted there is a call from Kuryr to Neutron to create/remove the port used by the container. In order to speed up both container creation and deletion a vif pool driver is added, enabling the posibility of performing Neutron resource management actions before/after containers creation/deletion process. This patch introduces a basic structure for the driver to trigger ports creation and cleanup as part of the vif pool management. Note it will be followed up with extended versions of the drivers to support the extra ports pool functionality. Partially Implements blueprint ports-pool Change-Id: I441aa8f8ef567414f38d40365e3799de33de5b8c
2017-02-22 10:18:37 +01:00
Ensure NP changes are applied to services When a Network Policy is changed, services must also be updated, deleting the unnecessary rules that do not match the NP anymore and create needed ones. Closes-Bug: #1811242 Partially Implements: blueprint k8s-network-policies Change-Id: I800477d08fd1f46c2a94d3653496f8f1188a3844
2019-01-10 13:07:03 +00:00
@abc.abstractmethod
def update_lbaas_sg(self, service, sgs):
"""Update security group rules associated to the loadbalancer
:param service: k8s service object
:param sgs: list of security group ids to use for updating the rules
"""
raise NotImplementedError()
Ensure leftover LBaaS are deleted upon Controller start When the deletion of a SVC is triggered while the load balancer is still creating and the controller restarts, the deletion event will be gone and the lbaas remains. This commit fixes the issue, by removing the leftover lbaas upon controller restart. Change-Id: I2d7dd14c3f05b0b1da6db7ac9b58731e34b593e6
2019-11-22 11:53:16 +00:00
@abc.abstractmethod
def add_tags(self, resource, req):
"""Add tags to a request if the resource supports it"""
raise NotImplementedError()
Adding support for vif pool driver Every time a container is created or deleted there is a call from Kuryr to Neutron to create/remove the port used by the container. In order to speed up both container creation and deletion a vif pool driver is added, enabling the posibility of performing Neutron resource management actions before/after containers creation/deletion process. This patch introduces a basic structure for the driver to trigger ports creation and cleanup as part of the vif pool management. Note it will be followed up with extended versions of the drivers to support the extra ports pool functionality. Partially Implements blueprint ports-pool Change-Id: I441aa8f8ef567414f38d40365e3799de33de5b8c
2017-02-22 10:18:37 +01:00
Removing six library. Since we already migrated fully to Python3, it's time to also remove bits needed for Python2. One of those libs is six. Change-Id: Ib984d7b4b3c1048ed091c78986c634689a8ace8c
2020-02-28 12:00:19 +01:00
class VIFPoolDriver(PodVIFDriver, metaclass=abc.ABCMeta):
Adding support for vif pool driver Every time a container is created or deleted there is a call from Kuryr to Neutron to create/remove the port used by the container. In order to speed up both container creation and deletion a vif pool driver is added, enabling the posibility of performing Neutron resource management actions before/after containers creation/deletion process. This patch introduces a basic structure for the driver to trigger ports creation and cleanup as part of the vif pool management. Note it will be followed up with extended versions of the drivers to support the extra ports pool functionality. Partially Implements blueprint ports-pool Change-Id: I441aa8f8ef567414f38d40365e3799de33de5b8c
2017-02-22 10:18:37 +01:00
"""Manages Pool of Neutron ports to provide VIFs for Kubernetes Pods."""
ALIAS = 'vif_pool'
@abc.abstractmethod
def set_vif_driver(self, driver):
"""Sets the driver the Pool should use to manage resources
The driver will be used for acquiring, releasing and updating the
vif resources.
"""
raise NotImplementedError()
Add support for service type=LoadBalancer Service loadbalancerIP could be one of the following : 1. loadbalancerIP allocated from pre-defined pool k8s service.spec.type = 'LoadBalancer' 2. loadbalancerIP specified by user k8s service.spec.type = 'LoadBalancer' and service.spec.loadBalancerIP='x.y.z.t' This commit extend service capability to support '1' and '2' Implements: blueprint k8s-service-type-loadbalancer Change-Id: I98f56692e143aa7ab14dd9920139819c7026acce
2017-08-27 12:27:18 +03:00
Ensure ports from pool do not reference deleted SGs/NPs When a NP is deleted its associated SG should be deleted too. However, when using pools, ports may have that SG assigned, not allowing the SG deletion and consequently stoping the kuryrnetpolicy associated object deletion -- which may cause kuryr-controller crashes too Closes-Bug: 1846717 Change-Id: I7ee071b32f08af567dd92bc6e081f2cb4a3b3366
2019-10-04 13:11:56 +02:00
@abc.abstractmethod
def remove_sg_from_pools(self, sg_id, net_id):
"""Remove the SG from the ports associated to the pools.
This method ensure that ports on net_id that belongs to pools and have
the referenced SG are updated to clean up their SGs and put back on
the default pool for that network.
:param sg_id: Security Group ID that needs to be removed from pool
ports
:param net_id: Network ID associated to the pools to clean up, and
where the ports must belong to.
"""
raise NotImplementedError()
Add support for service type=LoadBalancer Service loadbalancerIP could be one of the following : 1. loadbalancerIP allocated from pre-defined pool k8s service.spec.type = 'LoadBalancer' 2. loadbalancerIP specified by user k8s service.spec.type = 'LoadBalancer' and service.spec.loadBalancerIP='x.y.z.t' This commit extend service capability to support '1' and '2' Implements: blueprint k8s-service-type-loadbalancer Change-Id: I98f56692e143aa7ab14dd9920139819c7026acce
2017-08-27 12:27:18 +03:00
Removing six library. Since we already migrated fully to Python3, it's time to also remove bits needed for Python2. One of those libs is six. Change-Id: Ib984d7b4b3c1048ed091c78986c634689a8ace8c
2020-02-28 12:00:19 +01:00
class ServicePubIpDriver(DriverBase, metaclass=abc.ABCMeta):
Add support for service type=LoadBalancer Service loadbalancerIP could be one of the following : 1. loadbalancerIP allocated from pre-defined pool k8s service.spec.type = 'LoadBalancer' 2. loadbalancerIP specified by user k8s service.spec.type = 'LoadBalancer' and service.spec.loadBalancerIP='x.y.z.t' This commit extend service capability to support '1' and '2' Implements: blueprint k8s-service-type-loadbalancer Change-Id: I98f56692e143aa7ab14dd9920139819c7026acce
2017-08-27 12:27:18 +03:00
"""Manages loadbalancerIP/public ip for neutron lbaas."""
ALIAS = 'service_public_ip'
@abc.abstractmethod
Allocate service FIP after LB was provisioned This patch changes the FIP allocation to be only after all LB components were provisioned. With this approach, the FIP allocation is performed just before Kuryr annotates endpoints details, this should reduce the probability for orphan FIPs in case of kuryr-controller restart. In addition it updates FIP allocation to check if FIP already allocated for LB vip before allocating new FIP. Change-Id: Idb734f81a1f4fc60155b0700de275d0b01f52a30 Closes-Bug: 1806647
2018-12-04 13:47:37 +02:00
def acquire_service_pub_ip_info(self, spec_type, spec_lb_ip, project_id,
port_id_to_be_associated=None):
Add support for service type=LoadBalancer Service loadbalancerIP could be one of the following : 1. loadbalancerIP allocated from pre-defined pool k8s service.spec.type = 'LoadBalancer' 2. loadbalancerIP specified by user k8s service.spec.type = 'LoadBalancer' and service.spec.loadBalancerIP='x.y.z.t' This commit extend service capability to support '1' and '2' Implements: blueprint k8s-service-type-loadbalancer Change-Id: I98f56692e143aa7ab14dd9920139819c7026acce
2017-08-27 12:27:18 +03:00
"""Get k8s service loadbalancer IP info based on service spec
:param spec_type: service.spec.type field
:param spec_lb_ip: service spec LoadBlaceIP field
:param project_id: openstack project id
Allocate service FIP after LB was provisioned This patch changes the FIP allocation to be only after all LB components were provisioned. With this approach, the FIP allocation is performed just before Kuryr annotates endpoints details, this should reduce the probability for orphan FIPs in case of kuryr-controller restart. In addition it updates FIP allocation to check if FIP already allocated for LB vip before allocating new FIP. Change-Id: Idb734f81a1f4fc60155b0700de275d0b01f52a30 Closes-Bug: 1806647
2018-12-04 13:47:37 +02:00
:param port_id_to_be_associated: port id to associate
Add support for service type=LoadBalancer Service loadbalancerIP could be one of the following : 1. loadbalancerIP allocated from pre-defined pool k8s service.spec.type = 'LoadBalancer' 2. loadbalancerIP specified by user k8s service.spec.type = 'LoadBalancer' and service.spec.loadBalancerIP='x.y.z.t' This commit extend service capability to support '1' and '2' Implements: blueprint k8s-service-type-loadbalancer Change-Id: I98f56692e143aa7ab14dd9920139819c7026acce
2017-08-27 12:27:18 +03:00
"""
raise NotImplementedError()
@abc.abstractmethod
def release_pub_ip(self, service_pub_ip_info):
"""Release (if needed) based on service_pub_ip_info content
:param service_pub_ip_info: service loadbalancer IP info
Eliminate wrong ERROR report when service of type LoadBalancer type is deleted Closes-Bug: #1724495 Change-Id: I844dc779709349c670cf90b30dcec5f20abe8fef
2017-10-17 18:16:21 +03:00
:returns True/False
Add support for service type=LoadBalancer Service loadbalancerIP could be one of the following : 1. loadbalancerIP allocated from pre-defined pool k8s service.spec.type = 'LoadBalancer' 2. loadbalancerIP specified by user k8s service.spec.type = 'LoadBalancer' and service.spec.loadBalancerIP='x.y.z.t' This commit extend service capability to support '1' and '2' Implements: blueprint k8s-service-type-loadbalancer Change-Id: I98f56692e143aa7ab14dd9920139819c7026acce
2017-08-27 12:27:18 +03:00
"""
raise NotImplementedError()
@abc.abstractmethod
def associate_pub_ip(self, service_pub_ip_info, vip_port_id):
"""Associate loadbalancer IP to lbaas VIP port ID
:param service_pub_ip_info: service loadbalancer IP info
:param vip_port_id: Lbaas VIP port id
"""
raise NotImplementedError()
@abc.abstractmethod
def disassociate_pub_ip(self, service_pub_ip_info):
"""Disassociate loadbalancer IP and lbaas VIP port ID
:param service_pub_ip_info: service loadbalancer IP info
"""
Create network policy handler and driver This patch adds a base driver and handler for network policy events. Follow up patches will implement the driver and actions on network policies crud actions, as well as tempest tests. Partially Implements: blueprint k8s-network-policies Co-Authored-By: Eyal Leshem <eyal.leshem@toganetworks.com> Change-Id: I26969f2597c112259ca90724ff8b357bd8bb376e
2018-06-08 08:28:34 +00:00
Removing six library. Since we already migrated fully to Python3, it's time to also remove bits needed for Python2. One of those libs is six. Change-Id: Ib984d7b4b3c1048ed091c78986c634689a8ace8c
2020-02-28 12:00:19 +01:00
class NetworkPolicyDriver(DriverBase, metaclass=abc.ABCMeta):
Create network policy handler and driver This patch adds a base driver and handler for network policy events. Follow up patches will implement the driver and actions on network policies crud actions, as well as tempest tests. Partially Implements: blueprint k8s-network-policies Co-Authored-By: Eyal Leshem <eyal.leshem@toganetworks.com> Change-Id: I26969f2597c112259ca90724ff8b357bd8bb376e
2018-06-08 08:28:34 +00:00
"""Provide network-policy for pods"""
ALIAS = 'network_policy'
@abc.abstractmethod
KuryrNetworkPolicy CRD This commit is a huge refactoring of how we handle network policies. In general: * KuryrNetPolicy is replaced by KuryrNetworkPolicy. The upgrade path is handled in the constructor of KuryrNetworkPolicyHandler. * New CRD has spec and status properties. spec is always populated by NetworkPolicyHandler. status is handled by KuryrNetworkPolicyHandler. This means that in order to trigger SG rules recalculation on Pod ang Service events, the NetworkPolicy is "bumped" with a dummy annotation. * NetworkPolicyHandler injects finalizers onto NetworkPolicy and KuryrNetworkPolicy objects, so that objects cannot get removed before KuryrNetworkPolicyHandler won't process deletion correctly. Depends-On: https://review.opendev.org/742209 Change-Id: Iafc982e590ada0cd9d82e922c103583e4304e9ce
2020-03-11 11:27:09 +01:00
def ensure_network_policy(self, policy):
Create network policy handler and driver This patch adds a base driver and handler for network policy events. Follow up patches will implement the driver and actions on network policies crud actions, as well as tempest tests. Partially Implements: blueprint k8s-network-policies Co-Authored-By: Eyal Leshem <eyal.leshem@toganetworks.com> Change-Id: I26969f2597c112259ca90724ff8b357bd8bb376e
2018-06-08 08:28:34 +00:00
"""Policy created or updated
:param policy: dict containing Kubernetes NP object
"""
raise NotImplementedError()
@abc.abstractmethod
Ensure existing pods use the right network policy This patch set ensures that: - A new network policy is applied to existing pods - A modification on the network policy selector gets applied on the associated pods - Deleting a network policy updated the access policies on the associated pods - There is no race at deleting the network policy, ensuring the security group is first deleted from the ports and then removed as part of the network policy deletion process Partially Implements: blueprint k8s-network-policies Change-Id: I25aa23b87947662333c021b9df3e83b9de2515e2
2018-11-07 18:46:07 +01:00
def release_network_policy(self, kuryrnetpolicy):
Create network policy handler and driver This patch adds a base driver and handler for network policy events. Follow up patches will implement the driver and actions on network policies crud actions, as well as tempest tests. Partially Implements: blueprint k8s-network-policies Co-Authored-By: Eyal Leshem <eyal.leshem@toganetworks.com> Change-Id: I26969f2597c112259ca90724ff8b357bd8bb376e
2018-06-08 08:28:34 +00:00
"""Delete a network policy
KuryrNetworkPolicy CRD This commit is a huge refactoring of how we handle network policies. In general: * KuryrNetPolicy is replaced by KuryrNetworkPolicy. The upgrade path is handled in the constructor of KuryrNetworkPolicyHandler. * New CRD has spec and status properties. spec is always populated by NetworkPolicyHandler. status is handled by KuryrNetworkPolicyHandler. This means that in order to trigger SG rules recalculation on Pod ang Service events, the NetworkPolicy is "bumped" with a dummy annotation. * NetworkPolicyHandler injects finalizers onto NetworkPolicy and KuryrNetworkPolicy objects, so that objects cannot get removed before KuryrNetworkPolicyHandler won't process deletion correctly. Depends-On: https://review.opendev.org/742209 Change-Id: Iafc982e590ada0cd9d82e922c103583e4304e9ce
2020-03-11 11:27:09 +01:00
:param kuryrnetpolicy: dict containing NetworkPolicy object
Ensure existing pods use the right network policy This patch set ensures that: - A new network policy is applied to existing pods - A modification on the network policy selector gets applied on the associated pods - Deleting a network policy updated the access policies on the associated pods - There is no race at deleting the network policy, ensuring the security group is first deleted from the ports and then removed as part of the network policy deletion process Partially Implements: blueprint k8s-network-policies Change-Id: I25aa23b87947662333c021b9df3e83b9de2515e2
2018-11-07 18:46:07 +01:00
"""
raise NotImplementedError()
@abc.abstractmethod
def affected_pods(self, policy, selector=None):
"""Return affected pods by the policy
This method returns the list of pod objects affected by the policy, or
by the selector if it is specified.
:param policy: dict containing Kubernetes NP object
:param selector: (optional) specifc pod selector
:returns: list of Pods objects affected by the policy or the selector
Fix some misspellings within Kuryr-Kubernetes This commit fixes a few typos that were around Kuryr-Kubernetes code and attempts to keep a saner codebase avoiding one-liner committers. Change-Id: I57380d69570a74abd167ef02e6a346885bda8d5d
2019-01-03 07:22:04 -05:00
if it is passed
Ensure existing pods use the right network policy This patch set ensures that: - A new network policy is applied to existing pods - A modification on the network policy selector gets applied on the associated pods - Deleting a network policy updated the access policies on the associated pods - There is no race at deleting the network policy, ensuring the security group is first deleted from the ports and then removed as part of the network policy deletion process Partially Implements: blueprint k8s-network-policies Change-Id: I25aa23b87947662333c021b9df3e83b9de2515e2
2018-11-07 18:46:07 +01:00
"""
raise NotImplementedError()
@abc.abstractmethod
def namespaced_pods(self, policy):
"""Return pods on the policy namespace
This method returns the pods on the network policy namespace
:param policy: dict containing Kubernetes NP object
:returns: list of Pods objects on the policy namespace
"""
raise NotImplementedError()
Create network policy handler and driver This patch adds a base driver and handler for network policy events. Follow up patches will implement the driver and actions on network policies crud actions, as well as tempest tests. Partially Implements: blueprint k8s-network-policies Co-Authored-By: Eyal Leshem <eyal.leshem@toganetworks.com> Change-Id: I26969f2597c112259ca90724ff8b357bd8bb376e
2018-06-08 08:28:34 +00:00
Removing six library. Since we already migrated fully to Python3, it's time to also remove bits needed for Python2. One of those libs is six. Change-Id: Ib984d7b4b3c1048ed091c78986c634689a8ace8c
2020-02-28 12:00:19 +01:00
class NetworkPolicyProjectDriver(DriverBase, metaclass=abc.ABCMeta):
Create network policy handler and driver This patch adds a base driver and handler for network policy events. Follow up patches will implement the driver and actions on network policies crud actions, as well as tempest tests. Partially Implements: blueprint k8s-network-policies Co-Authored-By: Eyal Leshem <eyal.leshem@toganetworks.com> Change-Id: I26969f2597c112259ca90724ff8b357bd8bb376e
2018-06-08 08:28:34 +00:00
"""Get an OpenStack project id for K8s network policies"""
Add Network Policies Driver This patch adds the driver skel for Network Policy Support and hooks the previously merged handler to use it. Follow up patches will provide translation between NP and Neutron security groups and driver implementation. Partially Implements: blueprint k8s-network-policies Co-Authored-By: Eyal Leshem <eyal.leshem@toganetworks.com> Change-Id: Ie8cca7b717677347f6a100e8d3b3912bdc20a148
2018-07-09 04:39:05 -04:00
ALIAS = 'network_policy_project'
Create network policy handler and driver This patch adds a base driver and handler for network policy events. Follow up patches will implement the driver and actions on network policies crud actions, as well as tempest tests. Partially Implements: blueprint k8s-network-policies Co-Authored-By: Eyal Leshem <eyal.leshem@toganetworks.com> Change-Id: I26969f2597c112259ca90724ff8b357bd8bb376e
2018-06-08 08:28:34 +00:00
@abc.abstractmethod
def get_project(self, policy):
"""Get an OpenStack project id for K8s pod ports.
:param policy: dict containing Kubernetes NP object
:returns: OpenStack project_id
"""
raise NotImplementedError()
Introduce NodesSubnetsDriver In order to have more control over the nodes subnets we expect instead of relying on static configuration option it's better to have flexibility. This commit introduces NodesSubnetsDriver model that will allow writing more complicated drivers providing the worker_nodes_subnets setting. A use case in mind is to use OpenShift Machine Custom Resources in order to discover subnets the nodes are using. Change-Id: I0eb5d9ad50895151967c23d3ad6d1237cc4d9667
2020-12-23 17:39:11 +01:00
class NodesSubnetsDriver(DriverBase, metaclass=abc.ABCMeta):
"""Keeps list of subnet_ids of the OpenShift Nodes."""
ALIAS = 'nodes_subnets'
@abc.abstractmethod
def get_nodes_subnets(self, raise_on_empty=False):
"""Gets list of subnet_ids of OpenShift Nodes.
:param raise_on_empty: whether it should raise if list is empty.
:return: list of subnets
"""
raise NotImplementedError()
@abc.abstractmethod
def add_node(self, node):
"""Handles node addition.
:param node: Node object
"""
pass
@abc.abstractmethod
def delete_node(self, node):
"""Handles node removal
:param node: Node object
"""
pass
Copy Permalink