Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updates to IP Pools #2055

Closed
4 of 5 tasks
smklein opened this issue Dec 14, 2022 · 2 comments
Closed
4 of 5 tasks

Updates to IP Pools #2055

smklein opened this issue Dec 14, 2022 · 2 comments
Assignees
@smklein
Labels
api Related to the API. nexus Related to nexus
Milestone
MVP+1

Comments

@smklein
Copy link
Collaborator

smklein commented Dec 14, 2022
edited
Loading

We had a sync on 12/14/22 on this: https://drive.google.com/file/d/1ffOrgbYsoomSaNeo284FX1EmUpWMJqFR/view?usp=share_link
@smklein smklein added api Related to the API. nexus Related to nexus labels Dec 14, 2022
@zephraph zephraph mentioned this issue Dec 14, 2022
Merged
@smklein smklein self-assigned this Dec 14, 2022
@smklein
Copy link
Collaborator Author

smklein commented Dec 14, 2022

Summary from @rmustacc :

  • External IPs are best thought of like a hardware resource due to their finite nature and is much more like DRAM than say VMs or volumes in nature.
  • Fundamentally an IP pool represents a disjoint group of IPs with the same connectivity properties. For example, all just Internet facing public IPs or say a private VLAN.
  • Customers eventually want to be able to constrain groups of projects to specific IP pools. While this isn't part of the MVP, the reality is that it's more than one.
  • Internal services want to get their configuration for how to find addresses initially via IP Pools (e.g. nexus, external DNS, NTP, routing though that's a bit more nuanced).
  • The system level IP Pools API is going to be simplified right now to mostly represent a fleet (though kind of AZ) resource and the only real acl style bit is whether it's internal or external.
  • Eventually we'd like a project-specific API to list the IP pools that are accessible in that context separate from the the system level API to make it obvious what is and isn't usable. This may be worth it for MVP.
  • Longer term (e.g. not for the MVP) we want to do better with defaults at a project level or similar and figure out what more fine-grained ACLs might look like on IP Pools, but that's not today.

smklein added a commit that referenced this issue Dec 14, 2022
@smklein
First rough cut at #2055
b8362f3
@smklein smklein mentioned this issue Dec 14, 2022
Merged
smklein added a commit that referenced this issue Dec 19, 2022
@smklein
[nexus] Remove project_id, rack_id from IP pools (#2056)
f47aefc 
## Before this PR

- IP Pools could exist in at most one project. IP allocation during
instance creation occurred by [either by requesting an IP pool belonging
to a project, or by "just looking for any unreserved IP
Pool"](https://github.com/oxidecomputer/omicron/blob/79765a4e3b39a29bc9940c0e4a49c4364fbcc9e3/nexus/src/db/queries/external_ip.rs#L186-L212).
As discussed in #2055 ,
our intention is for IP pools to be used across multiple projects, and
for projects to be able to use multiple IP pools.
- "Service" IP pools were indexed by rack ID, though (as documented in
#1276 ), they should
probably be accessed by AZ instead.

## This PR

- Adds a default IP pool named `default`, which is used for address
allocation unless a more specific IP pool is provided
- Removes "project ID" from IP pools (and external IP addresses)
- Removes "rack ID" from IP pool API and DB representation

## In the future

- This PR doesn't provide the many-to-many connection between projects
and IP pools that we eventually want, where projects can be configured
to use different IP pools for different purposes. However, by removing
the not-quite-accurate relationship that an IP pool must belong to a
*single* project, the API moves closer towards this direction.
- We probably should access the `service_ip_pool` API with the AZ UUID
used for the query, but since AZs don't exist in the API yet, this has
been omitted.

Part of #2055
@smklein smklein mentioned this issue Jan 10, 2023
Closed
@morlandi7 morlandi7 added this to the MVP milestone Jan 31, 2023
@smklein smklein mentioned this issue Feb 20, 2023
Merged
@askfongjojo askfongjojo modified the milestones: MVP, MVP+1 May 10, 2023
@david-crespo
Copy link
Contributor

Closing in favor of issues I'm creating for the followup work to #3985

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@smklein smklein

Labels
api Related to the API. nexus Related to nexus
Projects
None yet
Milestone
MVP+1
Development

No branches or pull requests
4 participants
@smklein @david-crespo @askfongjojo @morlandi7