-
Notifications
You must be signed in to change notification settings - Fork 935
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Per-project uplink IP quotas #14631
base: main
Are you sure you want to change the base?
Per-project uplink IP quotas #14631
Conversation
c83d52d
to
d9df773
Compare
d9df773
to
ad6e23d
Compare
@minaelee Thanks for the early review, every comment was addressed as you suggested. |
Thanks! Sorry, I missed that it was marked as Draft. Looks great! |
Signed-off-by: hamistao <[email protected]>
Signed-off-by: hamistao <[email protected]>
Signed-off-by: hamistao <[email protected]>
Signed-off-by: hamistao <[email protected]>
Signed-off-by: hamistao <[email protected]>
Also changes the parameters in two ways: - Taking the project config instead of the entire object so we can use it for project config validation. - Takes the state to get networks from the database. Signed-off-by: hamistao <[email protected]>
Just following the pattern of doing the cheaper checks first. Signed-off-by: hamistao <[email protected]>
We check for the current uplink IP usage on the validator function for two reasons: - Show a more informative error message in case the provided value is not appropriate. - Avoing doing the expensive computation of uplink IP usage unless a config key was provided for a valid uplink network. Signed-off-by: hamistao <[email protected]>
…fig key to projects Signed-off-by: hamistao <[email protected]>
Signed-off-by: hamistao <[email protected]>
Factors out common steps on forward creation and load balancer creation. Signed-off-by: hamistao <[email protected]>
Signed-off-by: hamistao <[email protected]>
Signed-off-by: hamistao <[email protected]>
This way we can easily fit an additional check for project uplink IP quotas on the end Signed-off-by: hamistao <[email protected]>
Signed-off-by: hamistao <[email protected]>
Signed-off-by: hamistao <[email protected]>
ad6e23d
to
cf466fa
Compare
@tomponline @markylaing Some observations on this:
Manual tests are looking fine so far so I am opening this for review, feel free to look whenever you are able. |
I think we should have separate ipv4 and ipv6 quotas as the routes on the uplinks are defined per protocol. |
I'm not quite following here. We aren't checking if IPs are being taken away from other networks, but rather whether the quota for the project that the IP usage has exceeded the quota. For any managed networks in the default project they should still be limited by the quota set on the default project (which is likely to be nothing).
I think that probably makes sense. The default project has features.networks so that should be fine. |
Let's make this a topic for our one to one tomorrow so I can better explain. |
Going back to driver to implement suggested changes. |
Introduces per-network project uplink IP limits, adding a
limits.networks.uplink_ips.NETWORK_NAME
configuration key to projects.This config key defines the maximum value of IPs made available on a network named NETWORK_NAME to be assigned as uplink IPs for entities inside a cetain project.