Merge pull request vmware-tanzu#814 from timdengyun/topic/dengyun/syn…

…c_main_to_v420

Sync main to v4.2.0 release branch

build/yaml/crd/vpc/crd.nsx.vmware.com_subnets.yaml

@@ -59,6 +59,9 @@ spec:
                     default: false
                     type: boolean
                 type: object
+                x-kubernetes-validations:
+                - message: Value is immutable
+                  rule: self == oldSelf
               accessMode:
                 description: Access mode of Subnet, accessible only from within VPC
                   or from outside VPC.
@@ -89,6 +92,15 @@ spec:
                 - message: Value is immutable
                   rule: self == oldSelf
             type: object
+            x-kubernetes-validations:
+            - message: DHCPConfig is required once set
+              rule: '!has(oldSelf.DHCPConfig) || has(self.DHCPConfig)'
+            - message: ipv4SubnetSize is required once set
+              rule: '!has(oldSelf.ipv4SubnetSize) || has(self.ipv4SubnetSize)'
+            - message: accessMode is required once set
+              rule: '!has(oldSelf.accessMode) || has(self.accessMode)'
+            - message: ipAddresses is required once set
+              rule: '!has(oldSelf.ipAddresses) || has(self.ipAddresses)'
           status:
             description: SubnetStatus defines the observed state of Subnet.
             properties:

build/yaml/crd/vpc/crd.nsx.vmware.com_subnetsets.yaml

@@ -59,6 +59,9 @@ spec:
                     default: false
                     type: boolean
                 type: object
+                x-kubernetes-validations:
+                - message: Value is immutable
+                  rule: self == oldSelf
               accessMode:
                 description: Access mode of Subnet, accessible only from within VPC
                   or from outside VPC.
@@ -79,6 +82,13 @@ spec:
                 - message: Value is immutable
                   rule: self == oldSelf
             type: object
+            x-kubernetes-validations:
+            - message: DHCPConfig is required once set
+              rule: '!has(oldSelf.DHCPConfig) || has(self.DHCPConfig)'
+            - message: accessMode is required once set
+              rule: '!has(oldSelf.accessMode) || has(self.accessMode)'
+            - message: ipv4SubnetSize is required once set
+              rule: '!has(oldSelf.ipv4SubnetSize) || has(self.ipv4SubnetSize)'
           status:
             description: SubnetSetStatus defines the observed state of SubnetSet.
             properties:

build/yaml/samples/nsx_v1alpha1_networkinfo.yaml

@@ -2,8 +2,6 @@ apiVersion: crd.nsx.vmware.com/v1alpha1
 kind: NetworkInfo
 metadata:
   creationTimestamp: "2024-05-14T02:14:18Z"
-  finalizers:
-  - networkinfo.crd.nsx.vmware.com/finalizer
   generation: 2
   name: kube-system
   namespace: kube-system

build/yaml/webhook/certificate.yaml

@@ -31,8 +31,8 @@ metadata:
 spec:
   # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize
   dnsNames:
-    - subnetset.vmware-system-nsx.svc
-    - subnetset.vmware-system-nsx.svc.cluster.local
+    - vmware-system-nsx-operator-webhook-service.vmware-system-nsx.svc
+    - vmware-system-nsx-operator-webhook-service.vmware-system-nsx.svc.cluster.local
   issuerRef:
     kind: Issuer
     name: selfsigned-issuer

build/yaml/webhook/manifests.yaml

@@ -9,7 +9,7 @@ webhooks:
   - v1
   clientConfig:
     service:
-      name: subnetset
+      name: vmware-system-nsx-operator-webhook-service
       namespace: vmware-system-nsx
       # kubebuilder webhookpath.
       path: /validate-crd-nsx-vmware-com-v1alpha1-subnetset
@@ -30,3 +30,23 @@ webhooks:
     resources:
     - subnetsets
   sideEffects: None
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: vmware-system-nsx-operator-webhook-service
+      namespace: vmware-system-nsx
+      path: /validate-crd-nsx-vmware-com-v1alpha1-addressbinding
+  failurePolicy: Fail
+  name: addressbinding.validating.crd.nsx.vmware.com
+  rules:
+  - apiGroups:
+    - crd.nsx.vmware.com
+    apiVersions:
+    - v1alpha1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - addressbindings
+  sideEffects: None

build/yaml/webhook/service.yaml

@@ -9,7 +9,7 @@ metadata:
     app.kubernetes.io/created-by: nsx-operator
     app.kubernetes.io/part-of: nsx-operator
     app.kubernetes.io/managed-by: kustomize
-  name: subnetset
+  name: vmware-system-nsx-operator-webhook-service
   namespace: vmware-system-nsx
 spec:
   ports:

cmd/main.go

@@ -18,6 +18,7 @@ import (
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
+	"sigs.k8s.io/controller-runtime/pkg/webhook"
 
 	"github.com/vmware-tanzu/nsx-operator/pkg/apis/legacy/v1alpha1"
 	crdv1alpha1 "github.com/vmware-tanzu/nsx-operator/pkg/apis/vpc/v1alpha1"
@@ -213,18 +214,26 @@ func startServiceController(mgr manager.Manager, nsxClient *nsx.Client) {
 		if err := subnet.StartSubnetController(mgr, subnetService, subnetPortService, vpcService); err != nil {
 			os.Exit(1)
 		}
-		enableWebhook := true
+		var hookServer webhook.Server
 		if _, err := os.Stat(config.WebhookCertDir); errors.Is(err, os.ErrNotExist) {
 			log.Error(err, "server cert not found, disabling webhook server", "cert", config.WebhookCertDir)
-			enableWebhook = false
+		} else {
+			hookServer = webhook.NewServer(webhook.Options{
+				Port:    config.WebhookServerPort,
+				CertDir: config.WebhookCertDir,
+			})
+			if err := mgr.Add(hookServer); err != nil {
+				log.Error(err, "failed to add hook server")
+				os.Exit(1)
+			}
 		}
-		if err := subnetset.StartSubnetSetController(mgr, subnetService, subnetPortService, vpcService, enableWebhook); err != nil {
+		if err := subnetset.StartSubnetSetController(mgr, subnetService, subnetPortService, vpcService, hookServer); err != nil {
 			os.Exit(1)
 		}
 
 		node.StartNodeController(mgr, nodeService)
 		staticroutecontroller.StartStaticRouteController(mgr, staticRouteService)
-		subnetport.StartSubnetPortController(mgr, subnetPortService, subnetService, vpcService)
+		subnetport.StartSubnetPortController(mgr, subnetPortService, subnetService, vpcService, hookServer)
 		pod.StartPodController(mgr, subnetPortService, subnetService, vpcService, nodeService)
 		StartIPAddressAllocationController(mgr, ipAddressAllocationService, vpcService)
 		networkpolicycontroller.StartNetworkPolicyController(mgr, commonService, vpcService)

cmd/webhookcert/main.go

@@ -98,8 +98,8 @@ func generateWebhookCerts() error {
 		Bytes: caBytes,
 	})
 
-	dnsNames := []string{"subnetset", "subnetset.vmware-system-nsx", "subnetset.vmware-system-nsx.svc"}
-	commonName := "subnetset.vmware-system-nsx.svc"
+	dnsNames := []string{"vmware-system-nsx-operator-webhook-service", "vmware-system-nsx-operator-webhook-service.vmware-system-nsx", "vmware-system-nsx-operator-webhook-service.vmware-system-nsx.svc"}
+	commonName := "vmware-system-nsx-operator-webhook-service.vmware-system-nsx.svc"
 
 	serialNumber, err = rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128))
 	if err != nil {

go.mod

@@ -6,10 +6,10 @@ replace (
 	github.com/vmware-tanzu/nsx-operator/pkg/apis => ./pkg/apis
 	github.com/vmware-tanzu/nsx-operator/pkg/apis/vpc/v1alpha1 => ./pkg/apis/vpc/v1alpha1
 	github.com/vmware-tanzu/nsx-operator/pkg/client => ./pkg/client
-	github.com/vmware/vsphere-automation-sdk-go/lib => github.com/yanjunz97/vsphere-automation-sdk-go/lib v0.0.0-20240823072631-de1833ffcf2a
-	github.com/vmware/vsphere-automation-sdk-go/runtime => github.com/yanjunz97/vsphere-automation-sdk-go/runtime v0.0.0-20240823072631-de1833ffcf2a
-	github.com/vmware/vsphere-automation-sdk-go/services/nsxt => github.com/yanjunz97/vsphere-automation-sdk-go/services/nsxt v0.0.0-20240823072631-de1833ffcf2a
-	github.com/vmware/vsphere-automation-sdk-go/services/nsxt-mp => github.com/yanjunz97/vsphere-automation-sdk-go/services/nsxt-mp v0.0.0-20240823072631-de1833ffcf2a
+	github.com/vmware/vsphere-automation-sdk-go/lib => github.com/TaoZou1/vsphere-automation-sdk-go/lib v0.0.0-20241014012640-c5c5c9408962
+	github.com/vmware/vsphere-automation-sdk-go/runtime => github.com/TaoZou1/vsphere-automation-sdk-go/runtime v0.0.0-20241014012640-c5c5c9408962
+	github.com/vmware/vsphere-automation-sdk-go/services/nsxt => github.com/TaoZou1/vsphere-automation-sdk-go/services/nsxt v0.0.0-20241014012640-c5c5c9408962
+	github.com/vmware/vsphere-automation-sdk-go/services/nsxt-mp => github.com/TaoZou1/vsphere-automation-sdk-go/services/nsxt-mp v0.0.0-20241014012640-c5c5c9408962
 )
 
 require (

go.sum

@@ -1,3 +1,11 @@
+github.com/TaoZou1/vsphere-automation-sdk-go/lib v0.0.0-20241014012640-c5c5c9408962 h1:+nbR8Qgl96Ba0/gMnCGQasrUb7F7XRj+OxdfLyl8r7w=
+github.com/TaoZou1/vsphere-automation-sdk-go/lib v0.0.0-20241014012640-c5c5c9408962/go.mod h1:ADkX8BkdnvT1Kc9ZfqHaV4qzaaD+9L8Ok2+pxK4xoD8=
+github.com/TaoZou1/vsphere-automation-sdk-go/runtime v0.0.0-20241014012640-c5c5c9408962 h1:WjS+j/Y6wWU74RKx6c0IBTNZ3g3fah5X8z/c4KXA2us=
+github.com/TaoZou1/vsphere-automation-sdk-go/runtime v0.0.0-20241014012640-c5c5c9408962/go.mod h1:DzLetYAmw1+vj7bqElRWEpuy40WYE/woL3alsymYa/c=
+github.com/TaoZou1/vsphere-automation-sdk-go/services/nsxt v0.0.0-20241014012640-c5c5c9408962 h1:b5AQfl/tH4rr0OCg/hD9ARka5vJwvC2l26zAQ4dGXMA=
+github.com/TaoZou1/vsphere-automation-sdk-go/services/nsxt v0.0.0-20241014012640-c5c5c9408962/go.mod h1:NSjO9WqelbsTEDb3pVxpYYz4zjgX0XPp43dKNT4Y+9k=
+github.com/TaoZou1/vsphere-automation-sdk-go/services/nsxt-mp v0.0.0-20241014012640-c5c5c9408962 h1:KIFv8/EpZd9DJPBeLcUjPfDNoF2EU72nJ7GbHei1XGg=
+github.com/TaoZou1/vsphere-automation-sdk-go/services/nsxt-mp v0.0.0-20241014012640-c5c5c9408962/go.mod h1:ugk9I4YM62SSAox57l5NAVBCRIkPQ1RNLb3URxyTADc=
 github.com/a8m/tree v0.0.0-20210115125333-10a5fd5b637d/go.mod h1:FSdwKX97koS5efgm8WevNf7XS3PqtyFkKDDXrz778cg=
 github.com/agiledragon/gomonkey v2.0.2+incompatible h1:eXKi9/piiC3cjJD1658mEE2o3NjkJ5vDLgYjCQu0Xlw=
 github.com/agiledragon/gomonkey v2.0.2+incompatible/go.mod h1:2NGfXu1a80LLr2cmWXGBDaHEjb1idR6+FVlX5T3D9hw=
@@ -143,14 +151,6 @@ github.com/vmware-tanzu/vm-operator/api v1.8.2/go.mod h1:vauVboD3sQxP+pb28TnI9wf
 github.com/vmware/govmomi v0.27.4 h1:5kY8TAkhB20lsjzrjE073eRb8+HixBI29PVMG5lxq6I=
 github.com/vmware/govmomi v0.27.4/go.mod h1:daTuJEcQosNMXYJOeku0qdBJP9SOLLWB3Mqz8THtv6o=
 github.com/vmware/vmw-guestinfo v0.0.0-20170707015358-25eff159a728/go.mod h1:x9oS4Wk2s2u4tS29nEaDLdzvuHdB19CvSGJjPgkZJNk=
-github.com/yanjunz97/vsphere-automation-sdk-go/lib v0.0.0-20240823072631-de1833ffcf2a h1:nF3PigKL+lN4ECHkgVJIZgLbpLrV6U6wkKHnIHOU9kA=
-github.com/yanjunz97/vsphere-automation-sdk-go/lib v0.0.0-20240823072631-de1833ffcf2a/go.mod h1:ysW7/EqFugBY2TcbvlDeRGaYIoG7Cs0i4l4WsMI/RmQ=
-github.com/yanjunz97/vsphere-automation-sdk-go/runtime v0.0.0-20240823072631-de1833ffcf2a h1:b08LCEgSR6GSsvQzx2fxVbEXSKRnaGcMUqKjlgwR6xM=
-github.com/yanjunz97/vsphere-automation-sdk-go/runtime v0.0.0-20240823072631-de1833ffcf2a/go.mod h1:DzLetYAmw1+vj7bqElRWEpuy40WYE/woL3alsymYa/c=
-github.com/yanjunz97/vsphere-automation-sdk-go/services/nsxt v0.0.0-20240823072631-de1833ffcf2a h1:XEgprSLuSKIxr7OPEzBWrlo39ra7pDaWFwAIjK0VV7s=
-github.com/yanjunz97/vsphere-automation-sdk-go/services/nsxt v0.0.0-20240823072631-de1833ffcf2a/go.mod h1:aJtyfDKvGyuP1ieRHCLoYjo2XtNZ401XfS7lCd43Bqs=
-github.com/yanjunz97/vsphere-automation-sdk-go/services/nsxt-mp v0.0.0-20240823072631-de1833ffcf2a h1:4FmesihC1B7udmKl7B2giLydxibViMdyldSforV5qbU=
-github.com/yanjunz97/vsphere-automation-sdk-go/services/nsxt-mp v0.0.0-20240823072631-de1833ffcf2a/go.mod h1:FX8UiCgNEOxweA73VZsyKZvMLPFfc70GBc1d4dj0nXI=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=

pkg/apis/vpc/v1alpha1/subnet_types.go

@@ -16,6 +16,10 @@ const (
 )
 
 // SubnetSpec defines the desired state of Subnet.
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.DHCPConfig) || has(self.DHCPConfig)", message="DHCPConfig is required once set"
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.ipv4SubnetSize) || has(self.ipv4SubnetSize)", message="ipv4SubnetSize is required once set"
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.accessMode) || has(self.accessMode)", message="accessMode is required once set"
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.ipAddresses) || has(self.ipAddresses)", message="ipAddresses is required once set"
 type SubnetSpec struct {
 	// Size of Subnet based upon estimated workload count.
 	// +kubebuilder:validation:Maximum:=65536
@@ -32,6 +36,7 @@ type SubnetSpec struct {
 	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
 	IPAddresses []string `json:"ipAddresses,omitempty"`
 	// DHCPConfig DHCP configuration.
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
 	DHCPConfig DHCPConfig `json:"DHCPConfig,omitempty"`
 }
 

pkg/apis/vpc/v1alpha1/subnetset_types.go

@@ -8,6 +8,9 @@ import (
 )
 
 // SubnetSetSpec defines the desired state of SubnetSet.
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.DHCPConfig) || has(self.DHCPConfig)", message="DHCPConfig is required once set"
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.accessMode) || has(self.accessMode)", message="accessMode is required once set"
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.ipv4SubnetSize) || has(self.ipv4SubnetSize)", message="ipv4SubnetSize is required once set"
 type SubnetSetSpec struct {
 	// Size of Subnet based upon estimated workload count.
 	// +kubebuilder:validation:Maximum:=65536
@@ -19,6 +22,7 @@ type SubnetSetSpec struct {
 	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
 	AccessMode AccessMode `json:"accessMode,omitempty"`
 	// DHCPConfig DHCP configuration.
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
 	DHCPConfig DHCPConfig `json:"DHCPConfig,omitempty"`
 }
 

pkg/controllers/common/utils.go

@@ -42,7 +42,7 @@ func AllocateSubnetFromSubnetSet(subnetSet *v1alpha1.SubnetSet, vpcService servi
 			return *nsxSubnet.Path, nil
 		}
 	}
-	tags := subnetService.GenerateSubnetNSTags(subnetSet, subnetSet.Namespace)
+	tags := subnetService.GenerateSubnetNSTags(subnetSet)
 	if tags == nil {
 		return "", errors.New("failed to generate subnet tags")
 	}

pkg/controllers/ipaddressallocation/ipaddressallocation_controller.go

@@ -70,13 +70,13 @@ func updateFail(r *IPAddressAllocationReconciler, c context.Context, o *v1alpha1
 func (r *IPAddressAllocationReconciler) setReadyStatusFalse(ctx context.Context, ipaddressallocation *v1alpha1.IPAddressAllocation, transitionTime metav1.Time, err *error) {
 	conditions := []v1alpha1.Condition{
 		{
-			Type:    v1alpha1.Ready,
-			Status:  v1.ConditionFalse,
-			Message: "NSX IPAddressAllocation could not be created or updated",
-			Reason: fmt.Sprintf(
+			Type:   v1alpha1.Ready,
+			Status: v1.ConditionFalse,
+			Message: fmt.Sprintf(
 				"error occurred while processing the IPAddressAllocation CR. Error: %v",
 				*err,
 			),
+			Reason:             "IPAddressAllocationNotReady",
 			LastTransitionTime: transitionTime,
 		},
 	}
@@ -93,7 +93,7 @@ func (r *IPAddressAllocationReconciler) setReadyStatusTrue(ctx context.Context,
 			Type:               v1alpha1.Ready,
 			Status:             v1.ConditionTrue,
 			Message:            "NSX IPAddressAllocation has been successfully created/updated",
-			Reason:             "",
+			Reason:             "IPAddressAllocationReady",
 			LastTransitionTime: transitionTime,
 		},
 	}

pkg/controllers/ipaddressallocation/ipaddressallocation_controller_test.go

@@ -51,7 +51,7 @@ func TestIPAddressAllocationController_setReadyStatusTrue(t *testing.T) {
 			Type:               v1alpha1.Ready,
 			Status:             v1.ConditionTrue,
 			Message:            "NSX IPAddressAllocation has been successfully created/updated",
-			Reason:             "",
+			Reason:             "IPAddressAllocationReady",
 			LastTransitionTime: transitionTime,
 		},
 	}