Skip to content

Adding netbox support for EgressIP for OcpSandbox #146

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
agonzalezrh wants to merge 17 commits into
base: main
Choose a base branch
from
Open

Adding netbox support for EgressIP for OcpSandbox #146

agonzalezrh wants to merge 17 commits into from

Conversation

@agonzalezrh
Copy link
Contributor

@agonzalezrh agonzalezrh commented Jun 16, 2025
edited
Loading

Ordering a OcpSandbox, sandbox will do:

  • Check if the ocpv has associated netbox_api_url and netbox_token
  • Check if there is prefixes (subnets)
  • Get an availabile IP
  • Create a EgressIP object on OCP, filtering to namespace with label guid: theguidrequested

If connection or if there is any error getting the Egressip, is ignored and throwing error to the log.

Idea EgressIP is not, at this point, blocking the provisioning.

@agonzalezrh agonzalezrh changed the title WIP Adding netbox support for EgressIP for OcpSandbox Jun 17, 2025
@agonzalezrh agonzalezrh requested a review from fridim June 17, 2025 20:28
@agonzalezrh agonzalezrh marked this pull request as ready for review June 17, 2025 20:43
fridim
fridim requested changes Jul 1, 2025
View reviewed changes
internal/models/ocp_sandbox.go Outdated
"egressIPs": []string{strings.Split(egressIPAvailable, "/")[0]},
"namespaceSelector": map[string]any{
"matchLabels": map[string]any{
"guid": guid, // The label selector for the Keycloak realm
Copy link
Contributor

@fridim fridim Jul 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we use service_uuid instead?

internal/models/ocp_sandbox.go
Copy link
Contributor

@fridim fridim Jul 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't we add some logic in the Candidate loop to check:

  • if the annotation egressip is there
  • make sure the cluster has an availableIP
  • otherwise => move to the next one

?

internal/models/ocp_sandbox.go
egressIPAvailable, err = netbox.RequestIP(selectedCluster.NetboxApiUrl, selectedCluster.NetboxToken, rnew.ServiceUuid)
log.Logger.Info("selectedCluster", "egressip", egressIPAvailable)
if err != nil {
log.Logger.Error("Error creating EgressIP", "error", err)
Copy link
Contributor

@fridim fridim Jul 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So this is non-fatal?

internal/models/ocp_sandbox.go
if ok && egressIP != "" {
err = netbox.ReleaseIP(cluster.NetboxApiUrl, cluster.NetboxToken, egressIP+"/"+deletens.Labels["egressNetmask"])
if err != nil {
log.Logger.Error("Error deleting egressIP on netbox", egressIP, err)
Copy link
Contributor

@fridim fridim Jul 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should make this fatal, no?
Releasing the IP should work, otherwise consider the delete as fail, and don't proceed. Retry later

Otherwise it's going to leak IPs?

Problem is if something goes wrong here with the netboxapi, then namespaces aren't deleted

Not sure how we can address that?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fridim fridim fridim requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@agonzalezrh @fridim