✨ Add feature to create ports with custom options

[macaptain]

This commit adds a new field to the v1alpha4 API: OpenStackMachineTemplateSpec.ports.

The list of ports are added per instance. Each port may be customized with options. These ports are created in addition to any ports created in the networks: field.

If networks: is not specified, only the ports specified in ports: will be created and attached to the instance. If neither networks: nor ports: are specified, the instance will be connected to the default cluster network and subnet.

This feature is very much based on the work on @jsen-, and a lot of credit goes there for the implementation:

#778

Example spec to give you some idea. Creates exactly three ports, two ports on the same network on different subnets with different VNIC types and a further example showing how to add security groups.

apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4
kind: OpenStackMachineTemplate
metadata:
  name: basic-1-control-plane
  namespace: default
spec:
  template:
    spec:
      ports:
      - networkId: 2f796e80-65e4-4589-b92d-77a6c019fe35
        description: primary    
        vnicType: normal
        fixedIps:
        - subnetId: 74ba4ed6-239a-44f4-81ac-95cc65b540b3
          ipAddress: 192.168.1.35
      - networkId: 2f796e80-65e4-4589-b92d-77a6c019fe35
        description: direct    
        vnicType: direct
        fixedIps:
        - subnetId: b6e81653-2bd6-4334-ab93-a7c7ec8bc66f
          ipAddress: 10.10.10.10
      - networkId: e6810d0c-85c5-41ce-b1d4-c2795611b9a0
        description: secondary
        vnicType: direct
        securityGroups:
        - one
        - two
      cloudName: openstack
      cloudsSecret:
        name: basic-1-cloud-config
      flavor: 2C-4GB-100GB
      image: Ubuntu_20.04_node

What this PR does / why we need it:
I'd like to be able to have instances on different networks with different settings per port. In particular, customizable VNIC types and customizable security groups.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #788

Special notes for your reviewer:
This PR is about trying to get #778 merged to master, so firstly, huge credit + thanks to @jsen- for the implementation (plus the OpenShift fork was a very helpful reference so thanks to those working on that too). I've taken on board the comments in the original PR and:

• Rebased on master after 🏃 Add some events and refactor related to instance #862 was merged
• Kept the API camel case instead of using gophercloud's structs
• Fixed the API generation warnings from v1alpha4 to v1alpha3

In addition, I've changed the behavior slightly with regard to defaults:

• Usually if networks: isn't specified, you get your port on the default cluster network. Now if neither networks: nor ports: is specified, you get this default.
• For a port, the field NetworkID used to be required. Now if unspecified, it defaults to the default cluster network.
• For a port, the field NameSuffix used to be mandatory. Now if unspecified, it defaults to the 0-based index of the port of the instance.

I've tried to keep the API consistent with this project, but also similar to the OpenShift fork, maybe @iamemilio could comment on that.

TODOs:

• squashed commits
• verify that the API change meets all my requirements
• manual testing
• add e2e tests: TODO in follow-up PR
• rebase after 🏃 Refactor: use Service struct field more #871 is merged
• if necessary:
  • includes documentation: TODO in follow-up PR
  • adds unit tests

/hold

[k8s-ci-robot]

Welcome @macaptain!

It looks like this is your first PR to kubernetes-sigs/cluster-api-provider-openstack 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/cluster-api-provider-openstack has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[k8s-ci-robot]

Hi @macaptain. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[hidekazuna]

Can this logic move to before 126? it is easier to understand constructing security groups(from line 114-126) then construct nets(from line 128-164).

[macaptain]

The security groups can be set on a port and can be different per port, so I don't think we can put this before 126, before we've looped through the nets and ports in the spec.

SecurityGroups could be added as a field to the Network struct and we could set this default in lines 128-164, instead of in getOrCreatePort. I wonder also if constructing nets should be pulled into a separate function, as I agree it takes some understanding, and could also use some tests. Let me make those changes and you can tell me what you think.

[hidekazuna]

Thanks, I understand we can not move this before 126. Please make a separate function as you think.

[sbueringer]

/ok-to-test

[sbueringer]

I gave it a first high-level review, overall lgtm.

@iamemilio if you have some time to spare to review this, that would be great :)

[sbueringer]

Should be adjusted once: https://github.com/kubernetes-sigs/cluster-api-provider-openstack/pull/870/files is merged (which should be soon)

[macaptain]

I've updated to use this new function to get the default description (if none is provided in the port options).

[sbueringer]

@macaptain I think we will get #863 and #870 merged soon, then you're a bit safer against rebase conflicts

[macaptain]

@macaptain I think we will get #863 and #870 merged soon, then you're a bit safer against rebase conflicts

Sure, no problem, I don't mind rebasing when it's needed.

[sbueringer]

@macaptain I think we will get #863 and #870 merged soon, then you're a bit safer against rebase conflicts

Sure, no problem, I don't mind rebasing when it's needed.

Yup, just wanted to let you know in case you want to wait a day or so with the rebase so you only have to do it once. Not sure how problematic to rebase the conflicts will be.

[hidekazuna]

@macaptain we see stacktrace in https://storage.googleapis.com/kubernetes-jenkins/pr-logs/pull/kubernetes-sigs_cluster-api-provider-openstack/876/pull-cluster-api-provider-openstack-e2e-test/1398202842900074496/artifacts/clusters/bootstrap/controllers/capo-controller-manager/capo-controller-manager-7598cb9d55-lbhgd/manager.log

We have to care about CreateBastion method as well.

[macaptain]

@macaptain we see stacktrace in https://storage.googleapis.com/kubernetes-jenkins/pr-logs/pull/kubernetes-sigs_cluster-api-provider-openstack/876/pull-cluster-api-provider-openstack-e2e-test/1398202842900074496/artifacts/clusters/bootstrap/controllers/capo-controller-manager/capo-controller-manager-7598cb9d55-lbhgd/manager.log

We have to care about CreateBastion method as well.

Thanks, I'll have a look at this today and try to fix up this failure.

[iamemilio]

lgtm :)

[hidekazuna]

@macaptain Is this still WIP?

[jichenjc]

as follow up, we may need consider add some samples in how to use this opts (not this PR)

[macaptain]

I can certainly add additional documentation in a follow up PR.

[macaptain]

One thought: it would be possible here is to make the type SubnetParam instead of specifying the subnet only with SubnetID. Then (with additional code) it would be possible to specify this subnet with a filter, like the networks can be specified with a filter. Would that be desirable? It would be different from the OpenShift interface. I also think it would be possible to add a SubnetFilter as an additional optional field in the future if we wanted.

[iamemilio]

That would be cool. That is probably a good idea for a lot of these fields that only take IDs as an input, but might be content for another iteration

[macaptain]

@macaptain Is this still WIP?

I've taken WIP off the PR. I've been testing this manually and I'm happy with the implementation. The feature meets my requirements.

The only question for me is would you prefer I use 'Filters' for NetworkId / SubnetId / SecurityGroups so that these fields can be chosen by details other than Id. If you want, I can look at implementing that before the API gets fixed in place. If not, let's look to merge this as it is.

Thanks very much!

[hidekazuna]

The only question for me is would you prefer I use 'Filters' for NetworkId / SubnetId / SecurityGroups so that these fields can be chosen by details other than Id. If you want, I can look at implementing that before the API gets fixed in place. If not, let's look to merge this as it is.

I do not need filters for these fields. Another PR would be proposed if someone wants 😃

/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: hidekazuna, macaptain

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [hidekazuna]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[macaptain]

/remove-hold

[hidekazuna]

@sbueringer @jichenjc PTAL

[jichenjc]

/lgtm

let's merge this and continue evolution