SPLAT-1733: Update vSphere and include host/vm group

[jcpowermac]

Changes

Update the vSphere installer IPI zonal enhancement to include:

• current state of zonal
• future state of zonal with vm-host group additions

Additional PRs

• SPLAT-1742: vSphere - enable host group based zonal installer#8873

• WIP - SPLAT-1781: api bump for host zonal infra change client-go#294

• WIP - SPLAT-1780: api bump for host zonal infra change library-go#1782

• SPLAT-1799: Add support for vSphere host and vm group based zonal cluster-control-plane-machine-set-operator#325

• SPLAT-1800: Add support for vSphere host and vm group based zonal machine-api-operator#1285

• SPLAT-1743: vSphere - add host and vm based zonal api#1999

• SPLAT-1733: Update vSphere and include host/vm group #1677

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci-robot]

@jcpowermac: This pull request references SPLAT-1733 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.18.0" version, but no target version was set.

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@jcpowermac: This pull request references SPLAT-1733 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.18.0" version, but no target version was set.

In response to this:

Update the vSphere installer IPI zonal enhancement to include:

• current state of zonal
• future state of zonal with vm-host group additions

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@jcpowermac: This pull request references SPLAT-1733 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.18.0" version, but no target version was set.

In response to this:

Changes

Update the vSphere installer IPI zonal enhancement to include:

• current state of zonal
• future state of zonal with vm-host group additions

Additional PRs

• SPLAT-1742: vSphere - enable host group based zonal installer#8873

• WIP - SPLAT-1781: api bump for host zonal infra change client-go#294

• WIP - SPLAT-1780: api bump for host zonal infra change library-go#1782

• SPLAT-1799: Add support for vSphere host and vm group based zonal cluster-control-plane-machine-set-operator#325

• SPLAT-1800: Add support for vSphere host and vm group based zonal machine-api-operator#1285

• SPLAT-1743: vSphere - add host and vm based zonal api#1999

• SPLAT-1733: Update vSphere and include host/vm group #1677

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[jcpowermac]

/assign @rvanderp3 @vr4manta

[jcpowermac]

/cc @gnufied @JoelSpeed

[JoelSpeed]

Topology does not appear in the spec here, I think it may have been meant to be there though?

This validation apppears that you want an optional struct, with required fields in for the zoneType, is this just a discriminated union? It would then have the standard that hostGroup is allowed if and only if type == HostGroup

region:
  type: ABC
zone:
  type: HostGroup
  hostGroup:
    vmGroup: ...
    hostGroup: ...
    vmHostRule: ...

[jcpowermac]

I broke out what is current (as of 9/9/24) and what is specifically changing for vm-host zonal. Rather than duplicating these are snipits of what would change. Would you rather have that as a single section?

[gnufied]

personally - it makes sense to put new changes into existing structs, rather than breaking them out. This way, we can still see what changed via diff, but we can also see the full datatype if we view complete file.

[jcpowermac]

@JoelSpeed does this look like the direction you are thinking? 677ce07

[jcpowermac]

or something like this: fdb3dde

Since there is a name collision with region and zone, wondering if it should be moved to the topology struct

[JoelSpeed]

The latter of the two commits is where I was thinking to go

[jcpowermac]

whew thats what I ended up with

openshift/api@906bb28

The enhancement has been updated for that

ea2162a

[JoelSpeed]

Should be vmGroup at the beginning of this godoc

[JoelSpeed]

Probably want to explain this in more depth in situ rather than referring out to a doc

[jcpowermac]

@JoelSpeed first time updating a enhancement. This is what is current in the infra installer's platform spec, so are you expecting this to be updated? I suppose that should really be a bug right?

[JoelSpeed]

Didn't realise this was the current state, we should probably look to update these where they are non-breaking, can you create a bug?

[JoelSpeed]

Please expand the godoc here, what do each of these values mean and what effect does it have when I set them?

[jcpowermac]

Same as above, this is what is current.

[JoelSpeed]

Suggested change

	// +kubebuilder:validation:Format=ipv4
	// +kubebuilder:validation:Format=ipv6
	// +kubebuilder:validation:XValidation:rule="isIP(self)",message="gateway must be a valid IPv4 or IPv6 address"

[JoelSpeed]

You'll have to define a maximal length for this

[JoelSpeed]

Which device?

[JoelSpeed]

Suggested change

	// +kubebuilder:validation:Format=ipv4
	// +kubebuilder:validation:Format=ipv6
	// +kubebuilder:validation:XValidation:rule="isIP(self)",message="gateway must be a valid IPv4 or IPv6 address"

[JoelSpeed]

Should add a maximal length to this list as well

[JoelSpeed]

Where is this struct included?

[jcpowermac]

Similar to the infra spec changes, just showing snipits of what would actually change. The current topology struct is above.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from rvanderp3. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[gnufied]

I thought one of the epics in 4.18 is to remove techpreview status from multi-vcenter support?

[jcpowermac]

I just copied and pasted what the current infra spec is as of 9/9 . afaik it is supposed to be ga'ed in 4.18 but maybe those updates have not been added yet.

cc: @vr4manta

[vr4manta]

makes sense to merge the logic in an overall doc, but while in flux, I do see the complication of multi vcenter not being here as well. Currently 4.17 it is feature gated. Once its all finalized, should be GA. Goal for GA is 4.18.

[gnufied]

How do we intend to use this?

[jcpowermac]

This was added in 4.16 I believe. It allows a compute machine to be tagged. I think it was specifically for backup processes that customers wanted it for.

[gnufied]

Is this intended to support hosts as zones? What is the use case I wonder.

[jcpowermac]

Pretty sure the answer is yes, afaik it for static ip.

@vr4manta @rvanderp3 do you want to take that one?

[gnufied]

But this is not reflected in Infrastructure type above. So information will be lost after cluster installation?

[jcpowermac]

oh I think I misunderstood, Hosts is for OCP hosts and static ip, that isn't ESXi hosts.

[gnufied]

Will this be created if it doesn't exist already?

[jcpowermac]

the installer will create the vmGroup, one per failure domain

[gnufied]

same as above.

[jcpowermac]

The installer will not create the hostGroup, that would be kinda hard since we would need to know each esxi host per zone.

[gnufied]

So, the thing - we will have to see is, if a customer specifies computeCluster as region and then specifies two different hostGroup as zones and assuming those hostGroups don't share the datastore - will CSI driver work...

[jcpowermac]

that scenario was just asked in slack the other day so yeah should be a concern.

[jcpowermac]

The enhancement has been updated to include current and future states for both the infrastructure and installer's platform spec. Hopefully that will make it more clear.

[gnufied]

If hosts are being used as zones, how will that information reflected in Infrastructure type?

[jcpowermac]

The infrastructure spec will have the name of the vm-host group of type hosts

We will not know the ESXi hosts directly that are in each zone. I don't think we should either since stretched clusters presumably should already have this defined.

[gnufied]

But then, it sounds like customer must create a vm-host group for each host? I must be misunderstanding something. The CSI driver doesn't support hostgroup as a failure-domain fwiw.

[jcpowermac]

Nope, and maybe that illustrates something that I am missing.

• I expect the customer to create a vm-host group (host type) for each zone prior to installation. This can be 1 to N number of ESXi hosts.
• Just like dc, cluster, region and zone topology the openshift-region and openshift-zone based tags are required. I don't expect the CCM or CSI to know anything about a virtual machine or host type vm-host group - and based in testing it doesn't, the region and zone labels are still populated on a control plane or compute node.

the vm-host groups and rules are required to keep rhcos virtual machines on the correct ESXi hosts for the failure domain zone.

[jcpowermac]

updated with 8c3f02c

[openshift-ci]

@jcpowermac: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[JoelSpeed]

@jcpowermac At the moment, this PR updates the existing state of the EP to what was actually implemented, and then also updates to add an extension to the feature itself. Is there a way to separate the two changes? I feel like it would probably be beneficial to get the EP updated to the current state of the world first, and then look at the updates for the new features