def _get_ns_address_list(self, np_sg_uuid, labels=None): address_list = [] if not labels: ns_uuid_list = NamespaceKM.keys() labels = self._get_ns_allow_all_label() else: ns_uuid_set = self._find_namespaces(labels) ns_uuid_list = list(ns_uuid_set) for ns_uuid in ns_uuid_list or []: address = {} ns = NamespaceKM.get(ns_uuid) if not ns: continue proj_fq_name = vnc_kube_config.cluster_project_fq_name(ns.name) ns_sg_fq_name = proj_fq_name[:] ns_sg = "-".join([vnc_kube_config.cluster_name(), ns.name, 'sg']) ns_sg_fq_name.append(ns_sg) address['security_group'] = ns_sg_fq_name address['ns_selector'] = labels if ns_sg in self._default_ns_sgs[ns.name]: address['ns_sg_uuid'] = self._default_ns_sgs[ns.name][ns_sg] address_list.append(address) for label in labels.items(): key = self._label_cache._get_key(label) self._label_cache._locate_label(key, self._ingress_ns_label_cache, label, np_sg_uuid) return address_list
def _get_linklocal_entry_name(name, k8s_ns): if not k8s_ns: project_fq_name = vnc_kube_config.cluster_default_project_fq_name() else: project_fq_name = vnc_kube_config.cluster_project_fq_name(k8s_ns) ll_name = project_fq_name + [name] return "-".join(ll_name)
def _get_ns_address_list(self, np_sg_uuid, labels=None): address_list = [] if not labels: ns_uuid_list = NamespaceKM.keys() labels = self._get_ns_allow_all_label() else: ns_uuid_set = self._find_namespaces(labels) ns_uuid_list = list(ns_uuid_set) for ns_uuid in ns_uuid_list or []: address = {} ns = NamespaceKM.get(ns_uuid) if not ns: continue proj_fq_name = vnc_kube_config.cluster_project_fq_name(ns.name) ns_sg_fq_name = proj_fq_name[:] ns_sg = "-".join([vnc_kube_config.cluster_name(), ns.name, 'sg']) ns_sg_fq_name.append(ns_sg) address['security_group'] = ns_sg_fq_name address['ns_selector'] = labels if ns_sg in self._default_ns_sgs[ns.name]: address['ns_sg_uuid'] = self._default_ns_sgs[ns.name][ns_sg] address_list.append(address) for label in labels.items(): key = self._label_cache._get_key(label) self._label_cache._locate_label(key, self._ingress_ns_label_cache, label, np_sg_uuid) return address_list
def vnc_namespace_delete(self, namespace_id, name): proj_fq_name = vnc_kube_config.cluster_project_fq_name(name) proj_obj = self._vnc_lib.project_read(fq_name=proj_fq_name) default_sg_fq_name = proj_fq_name[:] sg = "-".join([vnc_kube_config.cluster_name(), name, 'default']) default_sg_fq_name.append(sg) ns_sg_fq_name = proj_fq_name[:] ns_sg = "-".join([vnc_kube_config.cluster_name(), name, 'sg']) ns_sg_fq_name.append(ns_sg) sg_list = [default_sg_fq_name, ns_sg_fq_name] try: # If the namespace is isolated, delete its virtual network. if self._is_namespace_isolated(name) == True: self._delete_virtual_network(vn_name=name, proj=proj_obj) # delete default-sg and ns-sg security groups security_groups = proj_obj.get_security_groups() for sg in security_groups or []: if sg['to'] in sg_list[:]: self._vnc_lib.security_group_delete(id=sg['uuid']) sg_list.remove(sg['to']) if not len(sg_list): break # delete the namespace self._delete_namespace(name) # delete the project self._vnc_lib.project_delete(fq_name=proj_fq_name) except Exception as e: pass
def vnc_namespace_add(self, namespace_id, name, annotations): proj_fq_name = vnc_kube_config.cluster_project_fq_name(name) proj_obj = Project(name=proj_fq_name[-1], fq_name=proj_fq_name) try: self._vnc_lib.project_create(proj_obj) except RefsExistError: proj_obj = self._vnc_lib.project_read(fq_name=proj_fq_name) try: network_policy = None if annotations and \ 'net.beta.kubernetes.io/network-policy' in annotations: network_policy = json.loads( annotations['net.beta.kubernetes.io/network-policy']) self._create_security_groups(name, proj_obj, network_policy) except RefsExistError: pass ProjectKM.locate(proj_obj.uuid) # If this namespace is isolated, create it own network. if self._is_namespace_isolated(name) == True: vn_name = name + "-vn" self._create_virtual_network(ns_name=name, vn_name=vn_name, proj_obj=proj_obj) return proj_obj
def _get_linklocal_entry_name(name, k8s_ns): if not k8s_ns: project_fq_name = vnc_kube_config.cluster_default_project_fq_name() else: project_fq_name = vnc_kube_config.cluster_project_fq_name(k8s_ns) ll_name = project_fq_name + [name] return "-".join(ll_name)
def _get_ns_address(self, ns_name): address = {} proj_fq_name = vnc_kube_config.cluster_project_fq_name(ns_name) ns_sg_fq_name = proj_fq_name[:] ns_sg = "-".join([vnc_kube_config.cluster_name(), ns_name, 'sg']) ns_sg_fq_name.append(ns_sg) address['security_group'] = ns_sg_fq_name return address
def _get_project(self, ns_name): proj_fq_name = vnc_kube_config.cluster_project_fq_name(ns_name) try: proj_obj = self._vnc_lib.project_read(fq_name=proj_fq_name) except NoIdError: self._logger.error("%s - %s Not Found" %(self._name, proj_fq_name)) return None return proj_obj
def _get_project(self, service_namespace): proj_fq_name =\ vnc_kube_config.cluster_project_fq_name(service_namespace) try: proj_obj = self._vnc_lib.project_read(fq_name=proj_fq_name) return proj_obj except NoIdError: return None
def _get_project(self, service_namespace): proj_fq_name =\ vnc_kube_config.cluster_project_fq_name(service_namespace) try: proj_obj = self._vnc_lib.project_read(fq_name=proj_fq_name) return proj_obj except NoIdError: return None
def _get_project(self, ns_name): proj_fq_name = vnc_kube_config.cluster_project_fq_name(ns_name) try: proj_obj = self._vnc_lib.project_read(fq_name=proj_fq_name) except NoIdError: self._logger.error("%s - %s Not Found" %(self._name, proj_fq_name)) return None return proj_obj
def _get_ns_address(self, ns_name): address = {} proj_fq_name = vnc_kube_config.cluster_project_fq_name(ns_name) ns_sg_fq_name = proj_fq_name[:] ns_sg = "-".join([vnc_kube_config.cluster_name(), ns_name, 'sg']) ns_sg_fq_name.append(ns_sg) address['security_group'] = ns_sg_fq_name return address
def _create_project(self, project_name): proj_fq_name = vnc_kube_config.cluster_project_fq_name(project_name) proj_obj = Project(name=proj_fq_name[-1], fq_name=proj_fq_name) try: self.vnc_lib.project_create(proj_obj) except RefsExistError: proj_obj = self.vnc_lib.project_read(fq_name=proj_fq_name) ProjectKM.locate(proj_obj.uuid) return proj_obj
def _create_project(self, project_name): proj_fq_name = vnc_kube_config.cluster_project_fq_name(project_name) proj_obj = Project(name=proj_fq_name[-1], fq_name=proj_fq_name) try: self.vnc_lib.project_create(proj_obj) except RefsExistError: proj_obj = self.vnc_lib.project_read( fq_name=proj_fq_name) ProjectKM.locate(proj_obj.uuid) return proj_obj
def _check_service_uuid_change(self, svc_uuid, svc_name, svc_namespace, ports): proj_fq_name = vnc_kube_config.cluster_project_fq_name(svc_namespace) lb_fq_name = proj_fq_name + [svc_name] lb_uuid = LoadbalancerKM.get_fq_name_to_uuid(lb_fq_name) if lb_uuid is None: return if svc_uuid != lb_uuid: self.vnc_service_delete(lb_uuid, svc_name, svc_namespace, ports) self.logger.notice("Uuid change detected for service %s. " "Deleteing old service" % lb_fq_name);
def _check_service_uuid_change(self, svc_uuid, svc_name, svc_namespace, ports): proj_fq_name = vnc_kube_config.cluster_project_fq_name(svc_namespace) lb_fq_name = proj_fq_name + [svc_name] lb_uuid = LoadbalancerKM.get_fq_name_to_uuid(lb_fq_name) if lb_uuid is None: return if svc_uuid != lb_uuid: self.vnc_service_delete(lb_uuid, svc_name, svc_namespace, ports) self.logger.notice("Uuid change detected for service %s. " "Deleteing old service" % lb_fq_name)
def _is_service_exists(self, service_name, service_namespace): name = 'service' + '-' + service_name proj_fq_name = vnc_kube_config.cluster_project_fq_name(service_namespace) lb_fq_name = proj_fq_name + [name] try: lb_obj = self._vnc_lib.loadbalancer_read(fq_name=lb_fq_name) except NoIdError: return False, None if lb_obj is None: return False, None else: return True, lb_obj.uuid
def vnc_namespace_delete(self, namespace_id, name): proj_fq_name = vnc_kube_config.cluster_project_fq_name(name) project_uuid = ProjectKM.get_fq_name_to_uuid(proj_fq_name) if not project_uuid: self.logger.error("Unable to locate project for k8s namespace " "[%s]" % (name)) return project = ProjectKM.get(project_uuid) if not project: self.logger.error("Unable to locate project for k8s namespace " "[%s]" % (name)) return default_sg_fq_name = proj_fq_name[:] sg = "-".join([vnc_kube_config.cluster_name(), name, 'default']) default_sg_fq_name.append(sg) ns_sg_fq_name = proj_fq_name[:] ns_sg = "-".join([vnc_kube_config.cluster_name(), name, 'sg']) ns_sg_fq_name.append(ns_sg) sg_list = [default_sg_fq_name, ns_sg_fq_name] try: # If the namespace is isolated, delete its virtual network. if self._is_namespace_isolated(name) == True: vn_name = self._get_namespace_vn_name(name) self._delete_isolated_ns_virtual_network( name, vn_name=vn_name, proj_fq_name=proj_fq_name) # delete default-sg and ns-sg security groups security_groups = project.get_security_groups() for sg_uuid in security_groups: sg = SecurityGroupKM.get(sg_uuid) if sg and sg.fq_name in sg_list[:]: self._vnc_lib.security_group_delete(id=sg_uuid) sg_list.remove(sg.fq_name) if not len(sg_list): break # delete the label cache if project: self._clear_namespace_label_cache(namespace_id, project) # delete the namespace self._delete_namespace(name) # If an isolated project was created for this namespace, delete # the same. if project.is_k8s_namespace_isolated(): self._vnc_lib.project_delete(fq_name=proj_fq_name) except Exception as e: pass
def vnc_namespace_delete(self,namespace_id, name): proj_fq_name = vnc_kube_config.cluster_project_fq_name(name) project_uuid = ProjectKM.get_fq_name_to_uuid(proj_fq_name) if not project_uuid: self._logger.error("Unable to locate project for k8s namespace " "[%s]" % (name)) return project = ProjectKM.get(project_uuid) if not project: self._logger.error("Unable to locate project for k8s namespace " "[%s]" % (name)) return default_sg_fq_name = proj_fq_name[:] sg = "-".join([vnc_kube_config.cluster_name(), name, 'default']) default_sg_fq_name.append(sg) ns_sg_fq_name = proj_fq_name[:] ns_sg = "-".join([vnc_kube_config.cluster_name(), name, 'sg']) ns_sg_fq_name.append(ns_sg) sg_list = [default_sg_fq_name, ns_sg_fq_name] try: # If the namespace is isolated, delete its virtual network. if self._is_namespace_isolated(name) == True: vn_name = self._get_namespace_vn_name(name) self._delete_isolated_ns_virtual_network(name, vn_name=vn_name, proj_fq_name=proj_fq_name) # delete default-sg and ns-sg security groups security_groups = project.get_security_groups() for sg_uuid in security_groups: sg = SecurityGroupKM.get(sg_uuid) if sg and sg.fq_name in sg_list[:]: self._vnc_lib.security_group_delete(id=sg_uuid) sg_list.remove(sg.fq_name) if not len(sg_list): break # delete the label cache if project: self._clear_namespace_label_cache(namespace_id, project) # delete the namespace self._delete_namespace(name) # If namespace=project, delete the project if vnc_kube_config.cluster_project_name(name) == name: self._vnc_lib.project_delete(fq_name=proj_fq_name) except Exception as e: pass
def vnc_namespace_add(self, namespace_id, name, labels, annotations): proj_fq_name = vnc_kube_config.cluster_project_fq_name(name) proj_obj = Project(name=proj_fq_name[-1], fq_name=proj_fq_name) try: self._vnc_lib.project_create(proj_obj) except RefsExistError: proj_obj = self._vnc_lib.project_read(fq_name=proj_fq_name) project = ProjectKM.locate(proj_obj.uuid) try: network_policy = None if annotations and \ 'net.beta.kubernetes.io/network-policy' in annotations: try: network_policy = json.loads( annotations['net.beta.kubernetes.io/network-policy']) except Exception as e: string_buf = StringIO() cgitb_hook(file=string_buf, format="text") err_msg = string_buf.getvalue() self._logger.error("%s - %s" % (self._name, err_msg)) sg_dict = self._update_security_groups(name, proj_obj, network_policy) self._ns_sg[name] = sg_dict except RefsExistError: pass # Validate the presence of annotated virtual network. ann_vn_fq_name = self._get_annotated_virtual_network(name) if ann_vn_fq_name: # Validate that VN exists. try: self._vnc_lib.virtual_network_read(ann_vn_fq_name) except NoIdError as e: self.logger.error("Unable to locate virtual network [%s]" "annotated on namespace [%s]. Error [%s]" %\ (ann_vn_fq_name, name, str(e))) return None # If this namespace is isolated, create it own network. if self._is_namespace_isolated(name) == True: vn_name = name + "-vn" self._create_virtual_network(ns_name=name, vn_name=vn_name, proj_obj=proj_obj) if project: self._update_namespace_label_cache(labels, namespace_id, project) return project
def _create_vm(self, pod_namespace, pod_id, pod_name, labels): proj_fq_name = vnc_kube_config.cluster_project_fq_name(pod_namespace) vm_name = VncCommon.make_name(pod_name, pod_id) display_name=VncCommon.make_display_name(pod_namespace, pod_name) vm_obj = VirtualMachine(name=vm_name,display_name=display_name) vm_obj.uuid = pod_id VirtualMachineKM.add_annotations(self, vm_obj, pod_namespace, pod_name, k8s_uuid=str(pod_id), labels=json.dumps(labels)) try: self._vnc_lib.virtual_machine_create(vm_obj) except RefsExistError: vm_obj = self._vnc_lib.virtual_machine_read(id=pod_id) vm = VirtualMachineKM.locate(vm_obj.uuid) return vm_obj
def _get_ingress_sg_rule_list(self, namespace, name, ingress_rule_list, ingress_pod_sg_create=True): ingress_pod_sgs = set() ingress_ns_sgs = set() ingress_sg_rule_list = [] ingress_pod_sg_dict = {} ingress_pod_sg_index = 0 for ingress_rule in ingress_rule_list or []: proj_fq_name = vnc_kube_config.cluster_project_fq_name(namespace) src_sg_fq_name = proj_fq_name[:] dst_port = ingress_rule['dst_port'] src_address = ingress_rule['src_address'] if 'pod_selector' in src_address: pod_sg_created = False src_sg_name = src_address['src_sg_name'] pod_selector = src_address['pod_selector'] if src_sg_name in ingress_pod_sg_dict: pod_sg_created = True if ingress_pod_sg_create and not pod_sg_created: pod_sg = self._create_ingress_sg(namespace, src_sg_name, json.dumps(pod_selector)) if not pod_sg: continue ingress_pod_sg_dict[src_sg_name] = pod_sg.uuid pod_sg.ingress_pod_selector = pod_selector ingress_pod_sgs.add(pod_sg.uuid) self._update_sg_cache(self._ingress_pod_label_cache, pod_selector, pod_sg.uuid) pod_ids = self._find_pods(pod_selector) for pod_id in pod_ids: self._update_sg_pod_link(namespace, pod_id, pod_sg.uuid, 'ADD', validate_vm=True) src_sg_fq_name.append(src_sg_name) else: if 'ns_selector' in src_address: ns_sg_uuid = src_address['ns_sg_uuid'] ingress_ns_sgs.add(ns_sg_uuid) src_sg_fq_name = src_address['security_group'] ingress_sg_rule = self._get_ingress_sg_rule( src_sg_fq_name, dst_port) ingress_sg_rule_list.append(ingress_sg_rule) return ingress_sg_rule_list, ingress_pod_sgs, ingress_ns_sgs
def vnc_namespace_add(self, namespace_id, name, labels, annotations): isolated_ns_ann = 'True' if self._is_namespace_isolated(name) == True\ else 'False' proj_fq_name = vnc_kube_config.cluster_project_fq_name(name) proj_obj = Project(name=proj_fq_name[-1], fq_name=proj_fq_name) ProjectKM.add_annotations(self, proj_obj, namespace=name, name=name, k8s_uuid=(namespace_id), isolated=isolated_ns_ann) try: self._vnc_lib.project_create(proj_obj) except RefsExistError: proj_obj = self._vnc_lib.project_read(fq_name=proj_fq_name) project = ProjectKM.locate(proj_obj.uuid) # Validate the presence of annotated virtual network. ann_vn_fq_name = self._get_annotated_virtual_network(name) if ann_vn_fq_name: # Validate that VN exists. try: self._vnc_lib.virtual_network_read(ann_vn_fq_name) except NoIdError as e: self._logger.error("Unable to locate virtual network [%s]" "annotated on namespace [%s]. Error [%s]" %\ (ann_vn_fq_name, name, str(e))) return None # If this namespace is isolated, create it own network. if self._is_namespace_isolated(name) == True: vn_name = self._get_namespace_vn_name(name) self._create_isolated_ns_virtual_network(ns_name=name, vn_name=vn_name, proj_obj=proj_obj) try: network_policy = self._get_network_policy_annotations(name) sg_dict = self._update_security_groups(name, proj_obj, network_policy) self._ns_sg[name] = sg_dict except RefsExistError: pass if project: self._update_namespace_label_cache(labels, namespace_id, project) return project
def _create_sg(self, event, name, uuid=None): namespace = event['object']['metadata'].get('namespace') proj_fq_name = vnc_kube_config.cluster_project_fq_name(namespace) proj_obj = Project(name=proj_fq_name[-1], fq_name=proj_fq_name, parent='domain') sg_obj = SecurityGroup(name=name, parent_obj=proj_obj) if uuid: sg_obj.uuid = uuid self._set_sg_annotations(sg_obj, None, event) try: self._vnc_lib.security_group_create(sg_obj) except Exception as e: self.logger.error("Failed to create SG %s" % uuid) return None sg = SecurityGroupKM.locate(sg_obj.uuid) return sg
def vnc_namespace_delete(self, namespace_id, name): proj_fq_name = vnc_kube_config.cluster_project_fq_name(name) proj_obj = self._vnc_lib.project_read(fq_name=proj_fq_name) try: # If the namespace is isolated, delete its virtual network. if self._is_namespace_isolated(name) == True: self._delete_virtual_network(vn_name=name, proj=proj_obj) # delete all security groups security_groups = proj_obj.get_security_groups() for sg in security_groups or []: self._vnc_lib.security_group_delete(id=sg['uuid']) # delete the project self._vnc_lib.project_delete(fq_name=proj_fq_name) # delete the namespace self._delete_namespace(name) except NoIdError: pass
def _vnc_create_sg(self, np_spec, namespace, name, uuid=None, **kwargs_annotations): proj_fq_name = vnc_kube_config.cluster_project_fq_name(namespace) proj_obj = Project(name=proj_fq_name[-1], fq_name=proj_fq_name, parent='domain') sg_obj = SecurityGroup(name=name, parent_obj=proj_obj) if uuid: sg_obj.uuid = uuid if np_spec: kwargs_annotations.update({'np_spec': json.dumps(np_spec)}) self._set_sg_annotations(namespace, name, sg_obj, **kwargs_annotations) try: self._vnc_lib.security_group_create(sg_obj) except Exception as e: self._logger.error("%s - %s SG Not Created" %s(self._name, name)) return None sg = SecurityGroupKM.locate(sg_obj.uuid) return sg
def _vnc_create_sg(self, np_spec, namespace, name, uuid=None, **kwargs_annotations): proj_fq_name = vnc_kube_config.cluster_project_fq_name(namespace) proj_obj = Project(name=proj_fq_name[-1], fq_name=proj_fq_name, parent='domain') sg_obj = SecurityGroup(name=name, parent_obj=proj_obj) if uuid: sg_obj.uuid = uuid if np_spec: kwargs_annotations.update({'np_spec': json.dumps(np_spec)}) self._set_sg_annotations(namespace, name, sg_obj, **kwargs_annotations) try: self._vnc_lib.security_group_create(sg_obj) except Exception as e: self._logger.error("%s - %s SG Not Created" %s(self._name, name)) return None sg = SecurityGroupKM.locate(sg_obj.uuid) return sg
def vnc_namespace_add(self, namespace_id, name, labels, annotations): isolated_ns_ann = 'True' if self._is_namespace_isolated(name) == True\ else 'False' proj_fq_name = vnc_kube_config.cluster_project_fq_name(name) proj_obj = Project(name=proj_fq_name[-1], fq_name=proj_fq_name) ProjectKM.add_annotations(self, proj_obj, namespace=name, name=name, k8s_uuid=(namespace_id), isolated=isolated_ns_ann) try: self._vnc_lib.project_create(proj_obj) except RefsExistError: proj_obj = self._vnc_lib.project_read(fq_name=proj_fq_name) project = ProjectKM.locate(proj_obj.uuid) # Validate the presence of annotated virtual network. ann_vn_fq_name = self._get_annotated_virtual_network(name) if ann_vn_fq_name: # Validate that VN exists. try: self._vnc_lib.virtual_network_read(ann_vn_fq_name) except NoIdError as e: self._logger.error("Unable to locate virtual network [%s]" "annotated on namespace [%s]. Error [%s]" %\ (ann_vn_fq_name, name, str(e))) return None # If this namespace is isolated, create it own network. if self._is_namespace_isolated(name) == True: vn_name = self._get_namespace_vn_name(name) self._create_isolated_ns_virtual_network(ns_name=name, vn_name=vn_name, proj_obj=proj_obj) try: network_policy = self._get_network_policy_annotations(name) sg_dict = self._update_security_groups(name, proj_obj, network_policy) self._ns_sg[name] = sg_dict except RefsExistError: pass if project: self._update_namespace_label_cache(labels, namespace_id, project) return project
def _get_ingress_sg_rule_list(self, namespace, name, ingress_rule_list, ingress_pod_sg_create=True): ingress_pod_sgs = set() ingress_ns_sgs = set() ingress_sg_rule_list = [] ingress_pod_sg_dict = {} ingress_pod_sg_index = 0 for ingress_rule in ingress_rule_list or []: proj_fq_name = vnc_kube_config.cluster_project_fq_name(namespace) src_sg_fq_name = proj_fq_name[:] dst_port = ingress_rule['dst_port'] src_address = ingress_rule['src_address'] if 'pod_selector' in src_address: pod_sg_created = False src_sg_name = src_address['src_sg_name'] pod_selector = src_address['pod_selector'] if src_sg_name in ingress_pod_sg_dict: pod_sg_created = True if ingress_pod_sg_create and not pod_sg_created: pod_sg = self._create_ingress_sg( namespace, src_sg_name, json.dumps(pod_selector)) if not pod_sg: continue ingress_pod_sg_dict[src_sg_name] = pod_sg.uuid pod_sg.ingress_pod_selector = pod_selector ingress_pod_sgs.add(pod_sg.uuid) self._update_sg_cache(self._ingress_pod_label_cache, pod_selector, pod_sg.uuid) pod_ids = self._find_pods(pod_selector) for pod_id in pod_ids: self._update_sg_pod_link(namespace, pod_id, pod_sg.uuid, 'ADD', validate_vm=True) src_sg_fq_name.append(src_sg_name) else: if 'ns_selector' in src_address: ns_sg_uuid = src_address['ns_sg_uuid'] ingress_ns_sgs.add(ns_sg_uuid) src_sg_fq_name = src_address['security_group'] ingress_sg_rule = self._get_ingress_sg_rule( src_sg_fq_name, dst_port) ingress_sg_rule_list.append(ingress_sg_rule) return ingress_sg_rule_list, ingress_pod_sgs, ingress_ns_sgs
def vnc_namespace_add(self, namespace_id, name, annotations): proj_fq_name = vnc_kube_config.cluster_project_fq_name(name) proj_obj = Project(name=proj_fq_name[-1], fq_name=proj_fq_name) try: self._vnc_lib.project_create(proj_obj) except RefsExistError: proj_obj = self._vnc_lib.project_read(fq_name=proj_fq_name) try: network_policy = None if annotations and \ 'net.beta.kubernetes.io/network-policy' in annotations: network_policy = json.loads( annotations['net.beta.kubernetes.io/network-policy']) self._update_security_groups(name, proj_obj, network_policy) except RefsExistError: pass ProjectKM.locate(proj_obj.uuid) # Validate the presence of annotated virtual network. ann_vn_fq_name = self._get_annotated_virtual_network(name) if ann_vn_fq_name: # Validate that VN exists. try: self._vnc_lib.virtual_network_read(ann_vn_fq_name) except NoIdError as e: self.logger.error("Unable to locate virtual network [%s]" "annotated on namespace [%s]. Error [%s]" %\ (ann_vn_fq_name, name, str(e))) return None # If this namespace is isolated, create it own network. if self._is_namespace_isolated(name) == True: vn_name = name + "-vn" self._create_virtual_network(ns_name=name, vn_name=vn_name, proj_obj=proj_obj) return proj_obj
def _is_service_exists(self, service_name, service_namespace): resource_type = "services" service_info = self._kube.get_resource(resource_type, service_name, service_namespace) if service_info and 'metadata' in service_info: uid = service_info['metadata'].get('uid') if not uid: return False, None else: return False, None name = VncCommon.make_name(service_name, uid) proj_fq_name = vnc_kube_config.cluster_project_fq_name(service_namespace) lb_fq_name = proj_fq_name + [name] try: lb_obj = self._vnc_lib.loadbalancer_read(fq_name=lb_fq_name) except NoIdError: return False, None if lb_obj is None: return False, None else: return True, lb_obj.uuid
def _is_service_exists(self, service_name, service_namespace): resource_type = "services" service_info = self._kube.get_resource(resource_type, service_name, service_namespace) if service_info and 'metadata' in service_info: uid = service_info['metadata'].get('uid') if not uid: return False, None else: return False, None name = VncCommon.make_name(service_name, uid) proj_fq_name = vnc_kube_config.cluster_project_fq_name(service_namespace) lb_fq_name = proj_fq_name + [name] try: lb_obj = self._vnc_lib.loadbalancer_read(fq_name=lb_fq_name) except NoIdError: return False, None if lb_obj is None: return False, None else: return True, lb_obj.uuid
def _create_vmi(self, pod_name, pod_namespace, vm_obj, vn_obj, parent_vmi): proj_fq_name = vnc_kube_config.cluster_project_fq_name(pod_namespace) proj_obj = self._vnc_lib.project_read(fq_name=proj_fq_name) vmi_prop = None if self._is_pod_nested() and parent_vmi: # Pod is nested. # Allocate a vlan-id for this pod from the vlan space managed # in the VMI of the underlay VM. parent_vmi = VirtualMachineInterfaceKM.get(parent_vmi.uuid) vlan_id = parent_vmi.alloc_vlan() vmi_prop = VirtualMachineInterfacePropertiesType( sub_interface_vlan_tag=vlan_id) obj_uuid = str(uuid.uuid1()) name = VncCommon.make_name(pod_name, obj_uuid) display_name = VncCommon.make_display_name(pod_namespace, pod_name) vmi_obj = VirtualMachineInterface( name=name, parent_obj=proj_obj, virtual_machine_interface_properties=vmi_prop, display_name=display_name) vmi_obj.uuid = obj_uuid vmi_obj.set_virtual_network(vn_obj) vmi_obj.set_virtual_machine(vm_obj) self._associate_security_groups(vmi_obj, proj_obj, pod_namespace) self.add_annotations(vmi_obj, VirtualMachineInterfaceKM.kube_fq_name_key, pod_namespace, pod_name) try: vmi_uuid = self._vnc_lib.virtual_machine_interface_create(vmi_obj) except RefsExistError: vmi_uuid = self._vnc_lib.virtual_machine_interface_update(vmi_obj) VirtualMachineInterfaceKM.locate(vmi_uuid) return vmi_uuid