def _create_isolated_ns_virtual_network(self, ns_name, vn_name, proj_obj, ipam_obj=None, provider=None): """ Create a virtual network for this namespace. """ vn = VirtualNetwork( name=vn_name, parent_obj=proj_obj, virtual_network_properties=VirtualNetworkType(forwarding_mode='l3'), address_allocation_mode='flat-subnet-only') # Add annotatins on this isolated virtual-network. VirtualNetworkKM.add_annotations(self, vn, namespace=ns_name, name=ns_name, isolated='True') try: vn_uuid = self._vnc_lib.virtual_network_create(vn) except RefsExistError: vn_obj = self._vnc_lib.virtual_network_read( fq_name=vn.get_fq_name()) vn_uuid = vn_obj.uuid vn = vn_obj # Instance-Ip for pods on this VN, should be allocated from # cluster pod ipam. Attach the cluster pod-ipam object # to this virtual network. vn.add_network_ipam(ipam_obj, VnSubnetsType([])) # enable ip-fabric-forwarding if provider: ip_fabric_forwarding = self._get_ip_fabric_forwarding(ns_name) if ip_fabric_forwarding == True: add_provider = True elif ip_fabric_forwarding == False: add_provider = False else: add_provider = self._args.ip_fabric_forwarding if add_provider: vn.add_virtual_network(provider) else: vn_refs = vn.get_virtual_network_refs() for vn_ref in vn_refs or []: vn_ref_obj = self._vnc_lib.virtual_network_read(id=vn_ref['uuid']) vn.del_virtual_network(vn_ref_obj) # Update VN. self._vnc_lib.virtual_network_update(vn) # Cache the virtual network. VirtualNetworkKM.locate(vn_uuid) return vn
def _create_isolated_ns_virtual_network(self, ns_name, vn_name, proj_obj): """ Create a virtual network for this namespace. """ vn = VirtualNetwork(name=vn_name, parent_obj=proj_obj, virtual_network_properties=VirtualNetworkType( forwarding_mode='l3'), address_allocation_mode='flat-subnet-only') # Add annotatins on this isolated virtual-network. VirtualNetworkKM.add_annotations(self, vn, namespace=ns_name, name=ns_name, isolated='True') try: vn_uuid = self._vnc_lib.virtual_network_create(vn) except RefsExistError: vn_obj = self._vnc_lib.virtual_network_read( fq_name=vn.get_fq_name()) vn_uuid = vn_obj.uuid # Instance-Ip for pods on this VN, should be allocated from # cluster pod ipam. Attach the cluster pod-ipam object # to this virtual network. ipam_fq_name = vnc_kube_config.pod_ipam_fq_name() ipam_obj = self._vnc_lib.network_ipam_read(fq_name=ipam_fq_name) vn.add_network_ipam(ipam_obj, VnSubnetsType([])) # Update VN. self._vnc_lib.virtual_network_update(vn) try: ip_fabric_vn_obj = self._vnc_lib. \ virtual_network_read(fq_name=self._ip_fabric_fq_name) self._create_attach_policy(proj_obj, ip_fabric_vn_obj, vn) except NoIdError: pass # Cache the virtual network. VirtualNetworkKM.locate(vn_uuid) # Cache network info in namespace entry. self._set_namespace_virtual_network(ns_name, vn.get_fq_name()) return vn_uuid
def _create_isolated_ns_virtual_network(self, ns_name, vn_name, proj_obj): """ Create a virtual network for this namespace. """ vn = VirtualNetwork( name=vn_name, parent_obj=proj_obj, virtual_network_properties=VirtualNetworkType(forwarding_mode='l3'), address_allocation_mode='flat-subnet-only') # Add annotatins on this isolated virtual-network. VirtualNetworkKM.add_annotations(self, vn, namespace=ns_name, name=ns_name, isolated='True') try: vn_uuid = self._vnc_lib.virtual_network_create(vn) except RefsExistError: vn_obj = self._vnc_lib.virtual_network_read( fq_name=vn.get_fq_name()) vn_uuid = vn_obj.uuid # Instance-Ip for pods on this VN, should be allocated from # cluster pod ipam. Attach the cluster pod-ipam object # to this virtual network. ipam_fq_name = vnc_kube_config.pod_ipam_fq_name() ipam_obj = self._vnc_lib.network_ipam_read( fq_name=ipam_fq_name) vn.add_network_ipam(ipam_obj, VnSubnetsType([])) # Update VN. self._vnc_lib.virtual_network_update(vn) # Cache the virtual network. VirtualNetworkKM.locate(vn_uuid) # Cache network info in namespace entry. self._set_namespace_virtual_network(ns_name, vn.get_fq_name()) return vn_uuid
def _create_isolated_ns_virtual_network(self, ns_name, vn_name, vn_type, proj_obj, ipam_obj=None, provider=None, enforce_policy=False): """ Create/Update a virtual network for this namespace. """ vn_exists = False vn = VirtualNetwork(name=vn_name, parent_obj=proj_obj, virtual_network_properties=VirtualNetworkType( forwarding_mode='l3'), address_allocation_mode='flat-subnet-only') try: vn_obj = self._vnc_lib.virtual_network_read( fq_name=vn.get_fq_name()) vn_exists = True except NoIdError: # VN does not exist. Create one. vn_obj = vn # Add annotatins on this isolated virtual-network. VirtualNetworkKM.add_annotations(self, vn, namespace=ns_name, name=ns_name, isolated='True') # Instance-Ip for pods on this VN, should be allocated from # cluster pod ipam. Attach the cluster pod-ipam object # to this virtual network. vn_obj.add_network_ipam(ipam_obj, VnSubnetsType([])) fabric_snat = False if vn_type == 'pod-network': if self._is_ip_fabric_snat_enabled(ns_name): fabric_snat = True if not vn_exists: if provider: # enable ip_fabric_forwarding vn_obj.add_virtual_network(provider) elif fabric_snat: # enable fabric_snat vn_obj.set_fabric_snat(True) else: # disable fabric_snat vn_obj.set_fabric_snat(False) vn_uuid = self._vnc_lib.virtual_network_create(vn_obj) # Cache the virtual network. VirtualNetworkKM.locate(vn_uuid) else: ip_fabric_enabled = False if provider: vn_refs = vn_obj.get_virtual_network_refs() ip_fabric_fq_name = provider.fq_name for vn in vn_refs or []: vn_fq_name = vn['to'] if vn_fq_name == ip_fabric_fq_name: ip_fabric_enabled = True break if not ip_fabric_enabled and fabric_snat: # enable fabric_snat vn_obj.set_fabric_snat(True) else: # disable fabric_snat vn_obj.set_fabric_snat(False) # Update VN. self._vnc_lib.virtual_network_update(vn_obj) vn_uuid = vn_obj.get_uuid() vn_obj = self._vnc_lib.virtual_network_read(id=vn_uuid) # If required, enforce security policy at virtual network level. if enforce_policy: self._vnc_lib.set_tags( vn_obj, self._labels.get_labels_dict( VncSecurityPolicy.cluster_aps_uuid)) return vn_obj
def _create_isolated_ns_virtual_network(self, ns_name, vn_name, vn_type, proj_obj, ipam_obj=None, provider=None, enforce_policy=False): """ Create/Update a virtual network for this namespace. """ vn_exists = False vn = VirtualNetwork( name=vn_name, parent_obj=proj_obj, virtual_network_properties=VirtualNetworkType(forwarding_mode='l3'), address_allocation_mode='flat-subnet-only') try: vn_obj = self._vnc_lib.virtual_network_read( fq_name=vn.get_fq_name()) vn_exists = True except NoIdError: # VN does not exist. Create one. vn_obj = vn fabric_snat = False if vn_type == 'pod-network': if self._is_ip_fabric_snat_enabled(ns_name): fabric_snat = True if not vn_exists: # Add annotatins on this isolated virtual-network. VirtualNetworkKM.add_annotations(self, vn, namespace=ns_name, name=ns_name, isolated='True') # Instance-Ip for pods on this VN, should be allocated from # cluster pod ipam. Attach the cluster pod-ipam object # to this virtual network. vn_obj.add_network_ipam(ipam_obj, VnSubnetsType([])) if provider: # enable ip_fabric_forwarding vn_obj.add_virtual_network(provider) elif fabric_snat: # enable fabric_snat vn_obj.set_fabric_snat(True) else: # disable fabric_snat vn_obj.set_fabric_snat(False) vn_uuid = self._vnc_lib.virtual_network_create(vn_obj) # Cache the virtual network. VirtualNetworkKM.locate(vn_uuid) else: ip_fabric_enabled = False if provider: vn_refs = vn_obj.get_virtual_network_refs() ip_fabric_fq_name = provider.fq_name for vn in vn_refs or []: vn_fq_name = vn['to'] if vn_fq_name == ip_fabric_fq_name: ip_fabric_enabled = True break if not ip_fabric_enabled and fabric_snat: # enable fabric_snat vn_obj.set_fabric_snat(True) else: # disable fabric_snat vn_obj.set_fabric_snat(False) # Update VN. self._vnc_lib.virtual_network_update(vn_obj) vn_uuid = vn_obj.get_uuid() vn_obj = self._vnc_lib.virtual_network_read(id=vn_uuid) # If required, enforce security policy at virtual network level. if enforce_policy: self._vnc_lib.set_tags(vn_obj, self._labels.get_labels_dict(VncSecurityPolicy.cluster_aps_uuid)) return vn_obj