Skip to content

Added support for project network isolation #10365

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 13 commits into from
Aug 17, 2016
Merged

Added support for project network isolation #10365

merged 13 commits into from
Aug 17, 2016

Conversation

pravisankar
Copy link

@pravisankar pravisankar force-pushed the support-project-isolation branch from 50fe5b2 to 6548c75 Compare August 12, 2016 17:49
@pravisankar
Copy link
Author

@openshift/networking PTAL

danwinship
danwinship reviewed Aug 12, 2016
View reviewed changes
pkg/sdn/api/netid.go
value, ok := netns.Annotations[ChangePodNetworkAnnotation]
if !ok {
return PodNetworkAction(""), "", ErrorPodNetworkAnnotationNotFound
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you don't need the nil check; if it's nil, then "value, ok := ..." will return ok=false

@pravisankar pravisankar force-pushed the support-project-isolation branch 2 times, most recently from 5f76b19 to 5c69e9f Compare August 12, 2016 23:20
@pravisankar
Copy link
Author

[test]

@pravisankar pravisankar mentioned this pull request Aug 13, 2016
Closed
@openshift-bot openshift-bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Aug 13, 2016
danwinship
danwinship reviewed Aug 15, 2016
View reviewed changes
pkg/sdn/plugin/vnids_master.go
netIDRange, err := pnetid.NewNetIDRange(osapi.MinVNID, osapi.MaxVNID-osapi.MinVNID+1)
if err != nil {
return nil, fmt.Errorf("unable to create NetID range: %v", err)
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can only get an error here if there's a problem with the MinVNID/MaxVNID constants, which could never happen in production. So just panic if you get an error, and then newMasterVNIDMap() doesn't need to return an error.

(Also, maybe make NetNetIDRange() take min,max rather than min,size?)

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

@danwinship
Copy link
Contributor

LGTM other than noted. Not sure what's up with the test failure.

Ravi Sankar Penta added 11 commits August 15, 2016 15:30
Accessor methods for ChangePodNetworkAnnotation on NetNamespace
bcc7b12 
ChangePodNetworkAnnotation will be processed by the SDN master controller.
SDN master controller provides synchronization when manipulating vnids
for namespaces.
Added network ID range interface
f9b17b1
Test cases for network ID range interface
624996b
Added network ID allocator interface
8b7b540
Test cases for network ID allocator interface
282f30d
Handling VNID manipulations
e0621a7 
- Split vnids.go based on master and node roles
- Use netID allocator interface (bitmap instead of integer map)
- Use ChangePodNetworkAnnotation on NetNamespace for VNID manipulation
- Synchronize add/delete/update VNID operations
- Added support for exposing project network isolation
Test cases for assign/update/revoke VNIDs
59d1aa0
Remove old SDN netid allocator
3ee1f81
Make pod-network cli command to use ChangePodNetworkAnnotation instea…
09c1521 
…d of updating VNID directly

This will ensure VNID is synchronized across add/delete/update operations.
CLI changes to support project network isolation
e54838c
Added test cases for 'oadm pod-network isolate-projects'
718eab9
@pravisankar pravisankar force-pushed the support-project-isolation branch from 5c69e9f to 419be05 Compare August 15, 2016 23:47
@pravisankar pravisankar force-pushed the support-project-isolation branch from 419be05 to 047c65d Compare August 16, 2016 00:08
@openshift-bot openshift-bot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Aug 16, 2016
@openshift-bot
Copy link
Contributor

Evaluated for origin test up to 047c65d

@openshift-bot
Copy link
Contributor

continuous-integration/openshift-jenkins/test FAILURE (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/7944/)

@knobunc
Copy link
Contributor

knobunc commented Aug 17, 2016

[merge]

@openshift-bot
Copy link
Contributor

openshift-bot commented Aug 17, 2016
edited
Loading

continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/8067/) (Image: devenv-rhel7_4856)

@openshift-bot
Copy link
Contributor

Evaluated for origin merge up to 047c65d

@openshift-bot openshift-bot merged commit cd3a82a into openshift:master Aug 17, 2016
@pravisankar
Copy link
Author

Docs PR: openshift/openshift-docs#2673

@pravisankar pravisankar mentioned this pull request Aug 17, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@pravisankar @danwinship @openshift-bot @knobunc