Extend NamespaceNetworkConfiguration to support VPC#48
Draft
ihgann wants to merge 2 commits into
Draft
Conversation
ihgann
force-pushed
the
topic/ig010188/nnc-add-vpc
branch
from
8643cc0 to
11b44ef
Compare
Adds VPCConfig as the second provider-specific config block alongside
VSphereDistributedConfig. VPC networking is activated by setting
spec.type to "vpc" and populating spec.vpcConfig.
VPCConfig supports two mutually exclusive VPC provisioning modes,
enforced by CEL mutual-exclusion guards on the type:
- vpc: associates a pre-existing NSX VPC by its Manager API path.
- managedVPCConfig: directs Net Operator to auto-provision a new VPC.
ManagedVPCConfig.project and ManagedVPCConfig.connectivityProfile
correspond to nsxProject and vpcConnectivityProfile in the nsx-operator
VPCNetworkConfiguration CRD [1]. Both fields are required when
managedVPCConfig is set; since all fields carry omitempty (KAL
convention), enforcement is via CEL rules on the type itself rather
than the OpenAPI required array — an absent field is seen as "" in CEL,
so self.project != '' catches the omitted case.
Both modes additionally accept:
- sharedSubnets: list-map of pre-existing NSX Subnets (keyed by path)
to inject into each associated Namespace, with optional podDefault
and vmDefault markers to designate workload-class defaults.
VPCSharedSubnet.name is immutable once set (CEL oldSelf guard).
- defaultSubnetSize: number of IP addresses for auto-created subnets
(maximum 65536, consistent with VPCNetworkConfiguration upstream [1]).
The temporary CEL restriction that limited spec.type to
"vsphere-distributed" is removed. A parallel CEL guard is added for
vpc: self.type == 'vpc' ? has(self.vpcConfig) : true.
All new types conform to kube-api-linter without suppressions or
exclusions. VPCConfig is embedded as *VPCConfig (pointer) because all
its fields are optional, meaning the zero value {} is only ruled out by
CEL, not by schema alone; the pointer satisfies KAL's optionalfields
linter which requires a pointer when schema validation is incomplete.
[1] https://github.com/vmware-tanzu/nsx-operator/blob/main/pkg/apis/vpc/v1alpha1/vpcnetworkconfiguration_types.go
Co-authored-by: Cursor <cursoragent@cursor.com>
ihgann
force-pushed
the
topic/ig010188/nnc-add-vpc
branch
from
11b44ef to
ecc0cb3
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds VPCConfig as the second provider-specific config block alongside
VSphereDistributedConfig. VPC networking is activated by setting
spec.type to "vpc" and populating spec.vpcConfig.
VPCConfig supports two mutually exclusive VPC provisioning modes,
enforced by CEL mutual-exclusion guards on the type:
ManagedVPCConfig.project and ManagedVPCConfig.connectivityProfile
correspond to nsxProject and vpcConnectivityProfile in the nsx-operator
VPCNetworkConfiguration CRD [1]. Both fields are required when
managedVPCConfig is set; since all fields carry omitempty (KAL
convention), enforcement is via CEL rules on the type itself rather
than the OpenAPI required array — an absent field is seen as "" in CEL,
so self.project != '' catches the omitted case.
Both modes additionally accept:
to inject into each associated Namespace, with optional podDefault
and vmDefault markers to designate workload-class defaults.
VPCSharedSubnet.name is immutable once set (CEL oldSelf guard).
(maximum 65536, consistent with VPCNetworkConfiguration upstream [1]).
The temporary CEL restriction that limited spec.type to
"vsphere-distributed" is removed. A parallel CEL guard is added for
vpc: self.type == 'vpc' ? has(self.vpcConfig) : true.
All new types conform to kube-api-linter without suppressions or
exclusions. VPCConfig is embedded as *VPCConfig (pointer) because all
its fields are optional, meaning the zero value {} is only ruled out by
CEL, not by schema alone; the pointer satisfies KAL's optionalfields
linter which requires a pointer when schema validation is incomplete.
[1] https://github.com/vmware-tanzu/nsx-operator/blob/main/pkg/apis/vpc/v1alpha1/vpcnetworkconfiguration_types.go
Testing Done: