Add IPv6 support for IPAddressAllocation CRD and NSX payload#1436
Open
poojav25 wants to merge 3 commits into
Open
Add IPv6 support for IPAddressAllocation CRD and NSX payload#1436poojav25 wants to merge 3 commits into
poojav25 wants to merge 3 commits into
Conversation
Collaborator
|
Can one of the admins verify this patch? |
…name Kubernetes RBAC rules require the plural form of the resource name. The marker used "subnetipreservation" (singular) which would generate broken ClusterRole rules. Changed to "subnetipreservations" to match the CRD plural name and align with all other controllers in the codebase.
…fixLength Removing +kubebuilder:default=64 from IPv6AllocationPrefixLength prevents the API server from injecting the value for IPv4 allocations, which caused the CEL rule "ipv6AllocationPrefixLength can only be set when ipAddressType is IPv6" to reject all IPv4 IPAddressAllocation objects. The default of 64 is moved into the builder so IPv6 allocations that omit the field still get a /64 sent to NSX, preserving the original intent.
poojav25
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add ipAddressType (IPv4/IPv6) and ipv6AllocationPrefixLength handling
and Ipv6AllocationPrefixLength on the VpcIpAddressAllocation payload
ipv6AllocationPrefixLength field (range 64–128) to IPAddressAllocationSpec
default behavior unchanged
Fixes: RBAC marker plural form on SubnetIPReservation controller
Testing done:
-> Create IPv4 Private allocation (regression check)
Result: ALLOCATIONIPS=172.26.0.0/28. IPv4 path unaffected by IPv6 changes.
-> Create IPv6 allocation with explicit prefix length
Result: ALLOCATIONIPS=2001:db8::/64, IPV6ALLOCATIONPREFIXLENGTH=64. NSX allocated a /64 from the 2001:db8::/48 external IPv6 block.
-> Create IPv6 allocation with omitted prefix (default /64 via builder)
Result: ALLOCATIONIPS=2001:db8:0:1::/64. Builder defaulted to 64 when field was omitted; NSX allocated the next /64 from the block.
-> Deny: IPv6 + ipAddressBlockVisibility (CEL validation)
Result: API server rejected with ipAddressBlockVisibility cannot be set when ipAddressType is IPv6. No NSX call made.
-> Deny: IPv6 + allocationSize (CEL validation)
Result: API server rejected with allocationSize can only be set when ipAddressType is IPv4.
-> Deny: allocationSize + allocationIPs together (CEL validation)
Result: API server rejected with Only one of allocationSize or allocationIPs can be specified.
-> Deny: ipAddressType immutability
Result: Rejected with spec.ipAddressType: Invalid value: "IPv6": Value is immutable.