NSX: Add CKS Support

Pearl1594 · Pearl1594 · commit 24495c1c7b05 · 2023-11-06T15:50:16.000-05:00
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/admin/network/CreateNetworkOfferingCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/admin/network/CreateNetworkOfferingCmd.java
@@ -59,6 +59,7 @@
 import static com.cloud.network.Network.Service.PortForwarding;
 import static com.cloud.network.Network.Service.NetworkACL;
 import static com.cloud.network.Network.Service.UserData;
+import static com.cloud.network.Network.Service.Firewall;
 
 @APICommand(name = "createNetworkOffering", description = "Creates a network offering.", responseObject = NetworkOfferingResponse.class, since = "3.0.0",
         requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
@@ -250,7 +251,8 @@ public List<String> getSupportedServices() {
             ));
             if (Boolean.TRUE.equals(forVpc)) {
                 services.add(NetworkACL.getName());
-                return services;
+            } else {
+                services.add(Firewall.getName());
             }
             return services;
         }
@@ -337,10 +339,15 @@ public Map<String, List<String>> getServiceProviders() {
     private void getServiceProviderMapForNsx(Map<String, List<String>> serviceProviderMap) {
         String routerProvider = Boolean.TRUE.equals(getForVpc()) ? VirtualRouterProvider.Type.VPCVirtualRouter.name() :
                 VirtualRouterProvider.Type.VirtualRouter.name();
-        List<String> unsupportedServices = List.of("Vpn", "SecurityGroup", "Connectivity",
-                "Gateway", "Firewall", "BaremetalPxeService");
+        List<String> unsupportedServices = new ArrayList<>(List.of("Vpn", "SecurityGroup", "Connectivity",
+                "Gateway", "BaremetalPxeService"));
         List<String> routerSupported = List.of("Dhcp", "Dns", "UserData");
         List<String> allServices = Service.listAllServices().stream().map(Service::getName).collect(Collectors.toList());
+        if (routerProvider.equals(VirtualRouterProvider.Type.VPCVirtualRouter.name())) {
+            unsupportedServices.add("Firewall");
+        } else {
+            unsupportedServices.add("NetworkACL");
+        }
         for (String service : allServices) {
             if (unsupportedServices.contains(service))
                 continue;
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
@@ -183,6 +183,9 @@ public class KubernetesClusterManagerImpl extends ManagerBase implements Kuberne
 
     private static final Logger LOGGER = Logger.getLogger(KubernetesClusterManagerImpl.class);
     private static final String DEFAULT_NETWORK_OFFERING_FOR_KUBERNETES_SERVICE_NAME = "DefaultNetworkOfferingforKubernetesService";
+    private static final String DEFAULT_NETWORK_OFFERING_FOR_KUBERNETES_SERVICE_DISPLAY_TEXT = "Network Offering used for CloudStack Kubernetes service";
+    private static final String DEFAULT_NSX_NETWORK_OFFERING_FOR_KUBERNETES_SERVICE_NAME = "DefaultNSXNetworkOfferingforKubernetesService";
+    private static final String DEFAULT_NSX_NETWORK_OFFERING_FOR_KUBERNETES_SERVICE_DISPLAY_TEXT = "NSX Network Offering used for CloudStack Kubernetes service";
 
     protected StateMachine2<KubernetesCluster.State, KubernetesCluster.Event, KubernetesCluster> _stateMachine = KubernetesCluster.State.getStateMachine();
 
@@ -1875,21 +1878,37 @@ boolean isClusterVMsInDesiredState(KubernetesCluster kubernetesCluster, VirtualM
 
     @Override
     public boolean start() {
+        createNetworkOfferingForKubernetes(DEFAULT_NETWORK_OFFERING_FOR_KUBERNETES_SERVICE_NAME,
+                DEFAULT_NETWORK_OFFERING_FOR_KUBERNETES_SERVICE_DISPLAY_TEXT, false);
+
+        createNetworkOfferingForKubernetes(DEFAULT_NSX_NETWORK_OFFERING_FOR_KUBERNETES_SERVICE_NAME,
+                DEFAULT_NSX_NETWORK_OFFERING_FOR_KUBERNETES_SERVICE_DISPLAY_TEXT, true);
+
+        _gcExecutor.scheduleWithFixedDelay(new KubernetesClusterGarbageCollector(), 300, 300, TimeUnit.SECONDS);
+        _stateScanner.scheduleWithFixedDelay(new KubernetesClusterStatusScanner(), 300, 30, TimeUnit.SECONDS);
+
+        return true;
+    }
+
+    private void createNetworkOfferingForKubernetes(String offeringName, String offeringDesc, boolean forNsx) {
         final Map<Network.Service, Network.Provider> defaultKubernetesServiceNetworkOfferingProviders = new HashMap<Service, Network.Provider>();
         defaultKubernetesServiceNetworkOfferingProviders.put(Service.Dhcp, Network.Provider.VirtualRouter);
         defaultKubernetesServiceNetworkOfferingProviders.put(Service.Dns, Network.Provider.VirtualRouter);
         defaultKubernetesServiceNetworkOfferingProviders.put(Service.UserData, Network.Provider.VirtualRouter);
-        defaultKubernetesServiceNetworkOfferingProviders.put(Service.Firewall, Network.Provider.VirtualRouter);
-        defaultKubernetesServiceNetworkOfferingProviders.put(Service.Gateway, Network.Provider.VirtualRouter);
-        defaultKubernetesServiceNetworkOfferingProviders.put(Service.Lb, Network.Provider.VirtualRouter);
-        defaultKubernetesServiceNetworkOfferingProviders.put(Service.SourceNat, Network.Provider.VirtualRouter);
-        defaultKubernetesServiceNetworkOfferingProviders.put(Service.StaticNat, Network.Provider.VirtualRouter);
-        defaultKubernetesServiceNetworkOfferingProviders.put(Service.PortForwarding, Network.Provider.VirtualRouter);
-        defaultKubernetesServiceNetworkOfferingProviders.put(Service.Vpn, Network.Provider.VirtualRouter);
+        defaultKubernetesServiceNetworkOfferingProviders.put(Service.Firewall, forNsx ? Network.Provider.Nsx : Network.Provider.VirtualRouter);
+        defaultKubernetesServiceNetworkOfferingProviders.put(Service.Lb, forNsx ? Network.Provider.Nsx : Network.Provider.VirtualRouter);
+        defaultKubernetesServiceNetworkOfferingProviders.put(Service.SourceNat, forNsx ? Network.Provider.Nsx : Network.Provider.VirtualRouter);
+        defaultKubernetesServiceNetworkOfferingProviders.put(Service.StaticNat, forNsx ? Network.Provider.Nsx : Network.Provider.VirtualRouter);
+        defaultKubernetesServiceNetworkOfferingProviders.put(Service.PortForwarding, forNsx ? Network.Provider.Nsx : Network.Provider.VirtualRouter);
+        defaultKubernetesServiceNetworkOfferingProviders.put(Service.Vpn, forNsx ? Network.Provider.Nsx : Network.Provider.VirtualRouter);
+
+        if (!forNsx) {
+            defaultKubernetesServiceNetworkOfferingProviders.put(Service.Gateway, Network.Provider.VirtualRouter);
+        }
 
         NetworkOfferingVO defaultKubernetesServiceNetworkOffering =
-                new NetworkOfferingVO(DEFAULT_NETWORK_OFFERING_FOR_KUBERNETES_SERVICE_NAME,
-                        "Network Offering used for CloudStack Kubernetes service", Networks.TrafficType.Guest,
+                new NetworkOfferingVO(offeringName,
+                        offeringDesc, Networks.TrafficType.Guest,
                         false, false, null, null, true,
                         NetworkOffering.Availability.Required, null, Network.GuestType.Isolated, true,
                         true, false, false, false, false,
@@ -1906,11 +1925,6 @@ public boolean start() {
             networkOfferingServiceMapDao.persist(offService);
             LOGGER.trace("Added service for the network offering: " + offService);
         }
-
-        _gcExecutor.scheduleWithFixedDelay(new KubernetesClusterGarbageCollector(), 300, 300, TimeUnit.SECONDS);
-        _stateScanner.scheduleWithFixedDelay(new KubernetesClusterStatusScanner(), 300, 30, TimeUnit.SECONDS);
-
-        return true;
     }
 
     @Override
diff --git a/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxElement.java b/plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxElement.java
@@ -159,6 +159,7 @@ private static Map<Network.Service, Map<Network.Capability, String>> initCapabil
         capabilities.put(Network.Service.Lb, null);
         capabilities.put(Network.Service.PortForwarding, null);
         capabilities.put(Network.Service.NetworkACL, null);
+        capabilities.put(Network.Service.Firewall, null);
         Map<Network.Capability, String> sourceNatCapabilities = new HashMap<>();
         sourceNatCapabilities.put(Network.Capability.RedundantRouter, "true");
         sourceNatCapabilities.put(Network.Capability.SupportedSourceNatTypes, "peraccount");
diff --git a/server/src/main/java/com/cloud/network/NetworkModelImpl.java b/server/src/main/java/com/cloud/network/NetworkModelImpl.java
@@ -491,7 +491,7 @@ Map<Provider, Set<Service>> getProviderServicesMap(long networkId) {
     @Override
     public Map<Provider, ArrayList<PublicIpAddress>> getProviderToIpList(Network network, Map<PublicIpAddress, Set<Service>> ipToServices) {
         NetworkOffering offering = _networkOfferingDao.findById(network.getNetworkOfferingId());
-        if (!offering.isConserveMode()) {
+        if (!offering.isConserveMode() && !offering.isForNsx()) {
             for (PublicIpAddress ip : ipToServices.keySet()) {
                 Set<Service> services = new HashSet<Service>();
                 services.addAll(ipToServices.get(ip));
@@ -1617,7 +1617,7 @@ public boolean checkIpForService(IpAddress userIp, Service service, Long network
         if (!canIpUsedForService(publicIp, service, networkId)) {
             return false;
         }
-        if (!offering.isConserveMode()) {
+        if (!offering.isConserveMode() && !offering.isForNsx()) {
             return canIpUsedForNonConserveService(publicIp, service);
         }
         return true;
diff --git a/ui/public/locales/en.json b/ui/public/locales/en.json
@@ -889,6 +889,7 @@
 "label.forgedtransmits": "Forged transmits",
 "label.format": "Format",
 "label.fornsx": "NSX",
+"label.forvpc": "VPC",
 "label.free": "Free",
 "label.french.azerty.keyboard": "French AZERTY keyboard",
 "label.friday": "Friday",
@@ -1402,7 +1403,7 @@
 "label.not.suitable": "Not suitable",
 "label.notifications": "Notifications",
 "label.nsx": "NSX",
-"label.nsx.mode": "NSX Mode",
+"label.nsxmode": "NSX Mode",
 "label.nsx.provider": "NSX Provider",
 "label.nsx.provider.name": "NSX provider name",
 "label.nsx.provider.hostname": "NSX provider hostname",
diff --git a/ui/src/views/offering/AddNetworkOffering.vue b/ui/src/views/offering/AddNetworkOffering.vue
@@ -131,7 +131,7 @@
         </a-row>
         <a-form-item name="nsxmode" ref="nsxmode" v-if="forNsx">
           <template #label>
-            <tooltip-label :title="$t('label.nsx.mode')" :tooltip="apiParams.nsxmode.description"/>
+            <tooltip-label :title="$t('label.nsxmode')" :tooltip="apiParams.nsxmode.description"/>
           </template>
           <a-select
             v-if="showMode"
@@ -548,6 +548,7 @@ export default {
       lbType: 'publicLb',
       macLearningValue: '',
       supportedServices: [],
+      supportedSvcs: [],
       supportedServiceLoading: false,
       isVirtualRouterForAtLeastOneService: false,
       isVpcVirtualRouterForAtLeastOneService: false,
@@ -841,17 +842,16 @@ export default {
           }
         })
         setTimeout(() => {
+          self.supportedSvcs = self.supportedServices
           self.supportedServices = supportedServices
           self.supportedServiceLoading = false
         }, 50)
       } else {
+        supportedServices = this.supportedSvcs
         supportedServices = supportedServices.filter(svc => {
           return Object.keys(this.nsxSupportedServicesMap).includes(svc.name)
         })
-        supportedServices.forEach(function (svc, index) {
-          svc.provider = [self.nsxSupportedServicesMap[svc.name]]
-          supportedServices[index] = svc
-        })
+        self.supportedSvcs = self.supportedServices
         self.supportedServices = supportedServices
         self.supportedServiceLoading = false
       }
@@ -863,19 +863,29 @@ export default {
           Dhcp: this.forVpc ? this.VPCVR : this.VR,
           Dns: this.forVpc ? this.VPCVR : this.VR,
           UserData: this.forVpc ? this.VPCVR : this.VR,
-          SourceNat: this.NSX
+          SourceNat: this.NSX,
+          StaticNat: this.NSX,
+          PortForwarding: this.NSX,
+          Lb: this.NSX,
+          ...(forVpc && { NetworkACL: this.NSX }),
+          ...(!forVpc && { Firewall: this.NSX })
         }
       }
       this.updateSupportedServices()
     },
-    async handleForNsxChange (forNsx) {
+    handleForNsxChange (forNsx) {
       this.forNsx = forNsx
       this.showMode = forNsx
       this.nsxSupportedServicesMap = {
         Dhcp: this.forVpc ? this.VPCVR : this.VR,
         Dns: this.forVpc ? this.VPCVR : this.VR,
         UserData: this.forVpc ? this.VPCVR : this.VR,
-        SourceNat: this.NSX
+        SourceNat: this.NSX,
+        StaticNat: this.NSX,
+        PortForwarding: this.NSX,
+        Lb: this.NSX,
+        ...(this.forVpc && { NetworkACL: this.NSX }),
+        ...(!this.forVpc && { Firewall: this.NSX })
       }
       this.fetchSupportedServiceData()
     },
