✨ AccessSubnetUUID: we can specify source subnet for access IP address

[jsen-]

What this PR does / why we need it:
Currently, when we want to use multiple networks, the IP address is assigned basically randomly, this PR adds the ability to specify from which subnet the IP address will be obtained.

Which issue(s) this PR fixes:
none

Special notes for your reviewer:
This is the minimal amount of changes I found to achieve the goal of getting IP address from the correct CIDR.

Release note:

Added the ability to specify source subnet of compute instance access IP address

[k8s-ci-robot]

Hi @jsen-. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jsen-, sbueringer

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [sbueringer]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[sbueringer]

/ok-to-test

[sbueringer]

/test pull-cluster-api-provider-openstack-test

[fejta-bot]

Unknown CLA label state. Rechecking for CLA labels.

Send feedback to sig-contributor-experience at kubernetes/community.
/check-cla

[hidekazuna]

I wonder what happens if networks and subnet which is not part of networks are given.
If we do not accept the case comment it here. Or add the check logic.

[jichenjc]

I guess below discussion covered this? maybe need some comments update?

if AccessSubnet is set we will get a hit here and have a value for accessIPv4
otherwise accessIPv4 and we have no change to before this PR

[hidekazuna]

Ok, got it.

[jsen-]

I added f5ff1bf.
The instance creation will fail if no ports with fixed IP are found in the specified subnet. This also covers the case when this subnet does not exist or is not in .Networks.
I didn't notice the ...

Ok, got it.

... until now, so please let me know if you'd like to keep this change. I can drop this commit if not needed.

[hidekazuna]

@jsen- Thanks for adding checking logic which is better to be added. Keep the commit, please.

[hidekazuna]

Other variables does not start with Access. Subnet is easy to understand.

[jsen-]

renamed AccessSubnetUUID to Subnet

[hidekazuna]

@jsen- Thanks updating.

[sbueringer]

hm does it make sense to call the property in instance differently than the one in the spec?

[sbueringer]

Hm maybe I missed something / or read it incorrectly. Could it be that this adds the Subnet property to the OpenStackMachine and the AccessSubnet to the Instance struct which seems to be only used for the status of the Bastion host?

[jsen-]

Instance struct seems to be used as a status of bastion and as a holder of state of a created VM, but at the same time, it is used as an input for createInstance. I don't know why this is so, but I wanted to minimize the impact of this PR.
There are basically two possibilities how to forward the subnet UUID into the createInstance function:

• add this property to this Instance struct (what I did)
• add another (optional) parameter to createInstance function
  The second option seemed inappropriate, taking into consideration the current signature:

func createInstance(is *Service, clusterName string, i *infrav1.Instance) (*infrav1.Instance, error)

Adding accessSubnetUUID string does not feel right, but now that I'm thinking about it, the advantage would be that it would not change the public contract in bastion host status.

Just let me know, I can add another commit and forward the subnet UUID in an additional argument.

It also might make sense to keep it as it is and add the same possibility to specify subnet UUID for bastion host as well (adding similar Subnet property to Bastion struct

cluster-api-provider-openstack/api/v1alpha3/types.go

Lines 251 to 266 in 437e82f

	type Bastion struct {
	//+optional
	Enabled bool `json:"enabled"`
	//+optional
	Flavor string `json:"flavor,omitempty"`
	//+optional
	Image string `json:"image,omitempty"`
	//+optional
	SSHKeyName string `json:"sshKeyName,omitempty"`
	//+optional
	Networks []NetworkParam `json:"networks,omitempty"`
	//+optional
	FloatingIP string `json:"floatingIP,omitempty"`
	//+optional
	SecurityGroups []SecurityGroupParam `json:"securityGroups,omitempty"`
	}

)
Then having this property in Bastion status starts making sense.

[hidekazuna]

AccessSubnet is also better to be renamed to Subnet.

[jsen-]

done

[hidekazuna]

If AccessSubnet is renamed to Subnet, This comment would be updated.

[jsen-]

✔️

[hidekazuna]

Looks good to me now.

[jichenjc]

/lgtm

[sbueringer]

@jichenjc @hidekazuna I would have preferred to be able to at least take a quick look at the final implementation before merge.
It's not a big problem in this case, but what do you think about defaulting to /hold on PRs to avoid instant merge on-lgtm? #758