Topic/wenqi/add code cov #2
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Cert-manager may be not ready when deploying nsx-operator, which make that nsx-operator can't leverage cert-manager to issuing webhook certs. Instead, add an init container to generate self-signed certificates and inject CA into webhook configurations. Test done: 1. Check webhook server certificate generated by init container. 2. Check CA is injected into webhook configurations. 3. Check webhook server running up.
Add logger parameter for Clean. If logger != nil, use the external logger, else using internal logger Test Done: 1. create a logger and pass it to Clean, check if log work 2. pass a nil logger to Clean, check if log work
In DHCP subnet, the static ip pool size should be zero. Testing done: 1. Patch the fix in a live testbed and ceate a DHCP subnet 2. Create a VM under the DHCP subnet and check the VM can get the DHCP IP: > # kubectl get vm -n yiyi-ns -o wide test-vm-dhcp-cloudinit-jammy-fixed > NAME POWER-STATE CLASS IMAGE PRIMARY-IP4 AGE > test-vm-dhcp-cloudinit-jammy-fixed PoweredOn best-effort-small vmi-d8b7c860a0eab5c84 172.26.1.131 5m47s
Add locker for VPC network config storage map object to avoid concurrent modification.
Support external logger for clean
The cleanup should support timeout for whole procedure. Currently initializing service doesn't support timeout since nsx-operator doesn't need it. Add timeout control during clean initialize Test Done: 1. add time.Sleep(20*time.Second) in InitializeCleanupService 2. set the timeout to 10*time.Second in ctx, check if clean procedure could be timeout
Add init container for generating webhook cert
…ic-size Fix the issue that VM cannot get DHCP IP
Add lock for vpc networkconfig storage
Signed-off-by: Xie Zheng <[email protected]>
…info2 Replace vpc controller with networkinfo controller
Add timeout for clean initialize
The error returned by SDK api only shown brief info if it's not parsed. Call DumpAPIErrror for the error to show more error info. Refactor the TransError by using DumpAPIErrror. Update the staticroute_controller error handling as sample Test Done: 1. change PageSize=2000 to trigger error 2. check if message is dumped
Avi controller will create subnetport on avi subnet of VPC, when there are stale subnetports left behind, it will fail to cleanup VPC complaining "IpAddressSubnet cannot be deleted as IP from subnet range is being used.", if delete avi subnet ports before deleting VPC, it will succeed to cleanup vpc even though there is avi subnet. Signed-off-by: Xie Zheng <[email protected]>
Dump api error
…vi_subnetports Add clean avi subnet ports before deleting vpc
For kubernetes client-go, the generated networkinfo plural is networkinfos. Change NetworkInfo CRD to use networkinfos as plural instead of networkinfoes.
…cific ingress/egress
When a network policy without any ingress/egress is created, e.g.
```
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: networkpolicy-deny-ingress
spec:
podSelector: {}
policyTypes:
- Ingress
```
the NSX operator didn't create the correct isolation section because
the section doesn't have any rule. This patch will fix the issue.
Testing done:
```
Step 1. Create the above network policy "networkpolicy-deny-ingress" in
namespace default.
Step 2. Check the NSX and ensure that there's a valid rule "ingress-isolation"
in the isolation section "np-default-networkpolicy-deny-ingress-isolation".
```
Fixes vmware-tanzu#559 Testing done: Create a DHCP subnetport and check the ipAddress in status is empty.
Keep the status.ipAddress empty for DHCP subnetport
…pty-isolation-section Fix the invalid isolation section issue for networkpolicy without specific ingress/egress
…plural Change NetworkInfo CR plural
When nsx-operator is deployed with HA mode, each instances will try to generate webhook certificates and update webhook configuration. This will cause that each instance is using different certs and the webhook can't work. So use secret to store webhook certs instead. Each instance will try to create cert secret and k8s api-server could guarantee that only one will succeed. Tests: 1. Depeloy nsx-operator with mutli replicas, check the webhook server work as expected.
Fix webhook cert issue in HA mode
Previous ZapLogger used global function opts.BindFlags which make it 1. could be called only once 2. may conflict with other module Refactor it not to use BindFlags Test Done: 1. call ZapLogger twice in the test program to check if it's panic or not
Refactor ZapLogger
Signed-off-by: Wenqi Qiu <[email protected]>
There is data race while running cleanup The root cause is that lazy creation without lock 1. switch to use NewConnector instead of NewRestConnector 2. call connector.NewExecutionContext to avoid lazy creation
Update setNetworkInfoVPCStatus function to remove VPC if createdVPC is empty Signed-off-by: Xie Zheng <[email protected]>
Workaround for DATA RACE
Move vpcPath to NetworkConfigurations CR
…_delete_bug Fix delete ipaddressallocation bug
``` Testing done: Apply the new CRD in the testbed, and check the NETWORKADDRESSES column can show the networks: NAME ACCESSMODE IPV4SUBNETSIZE NETWORKADDRESSES test-subnet Private 16 172.26.0.0/28 ```
…mware-tanzu#717) To adapt the NSX API change.
Testing done: 1. create the subnet CR with `DHCPConfig.enableDHCP=false`, check the NSX subnet has properties `dhcp_config.enable_dhcp=false` and `advanced_config.static_ip_allocation.enabled=true` 2. create the subnet CR with `DHCPConfig.enableDHCP=true`, check the NSX subnet has properties `dhcp_config.enable_dhcp=true` and `advanced_config.static_ip_allocation.enabled=false` 3. create the subnet CR without explict DHCPConfig, check the NSX subnet has properties `dhcp_config.enable_dhcp=false` and `advanced_config.static_ip_allocation.enabled=true` 4. create a new namespace and check the subnetset `vm-default` has spec `DHCPConfig.enableDHCP=false`, then create a VM in the namespace, check the new created NSX subnet has properties `dhcp_config.enable_dhcp=false` and `advanced_config.static_ip_allocation.enabled=true`
Signed-off-by: Xie Zheng <[email protected]>
Signed-off-by: Xie Zheng <[email protected]>
It's easy to forget to add new type support in CasttoPointer. Change CasttoPointer to use reflect. The performance will be worse but no need to add each new type for it any more
Fix bug of subnetset and ipaddressallocation garbage collector startup
…cidr Rename CIDR to AllocationIPs of ipaddressallocation
Signed-off-by: Xie Zheng <[email protected]>
* Update Namespace default SubnetSize at runtime * Update Subnet/SubnetSet IPv4SubnetSize when it is not set Signed-off-by: Wenqi Qiu <[email protected]>
…e-tanzu#704) Signed-off-by: Wenqi Qiu <[email protected]>
Signed-off-by: Xie Zheng <[email protected]>
Using reflect to get pointer
…lean Add ipaddressallocation cleanup
…re-tanzu#729) Signed-off-by: Wenqi Qiu <[email protected]>
There were some avi allowed rule code left. Remove those useless code
Remove avi allowed rule code
…orkInfo (vmware-tanzu#691) * Delete stale VPC status in VPCNetworkConfiguration when deleting NetworkInfo Signed-off-by: Wenqi Qiu <[email protected]>
) Signed-off-by: gran <[email protected]>
…s left When there are stale subnetports in one subnet of subnetset, we should not allow deleting it. Signed-off-by: Xie Zheng <[email protected]>
In this change, we delete NCP created resource (share/sharedResource/certificate/lbAppProfile/lbPersistenProfile) in the cleanup process. Signed-off-by: Yun-Tang Hsu <[email protected]>
… event (vmware-tanzu#741) Signed-off-by: gran <[email protected]>
…VPCConnectivityProfile (vmware-tanzu#730) * Set VPCNetworkConfiguration status when no ExternalIPBlocks exist in VPCConnectivityProfile Signed-off-by: Wenqi Qiu <[email protected]>
Change AVI Subnet name from `_AVI_SUBNET--LB` to `_services` Signed-off-by: Wenqi Qiu <[email protected]>
Signed-off-by: Wenqi Qiu <[email protected]>
Welcome to Codecov 🎉Once you merge this PR into your default branch, you're all set! Codecov will compare coverage reports and display results in all future pull requests. Thanks for integrating Codecov - We've got you covered ☂️ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.