Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GCVE network mode for 2-networking-b-nva stage #2544

Merged
merged 25 commits into from
Oct 15, 2024
Merged

GCVE network mode for 2-networking-b-nva stage #2544

merged 25 commits into from
Oct 15, 2024

Conversation

eliamaldini
Copy link
Collaborator

Hi Team, this is a draft of a NVA stage change to add GCVE compatibility.

The code is almost ready, I'm working on the Readme file and tests....

Main changes:

  • added a variable to manage the network mode
  • code adaptations for simple and ncc_ra options to support the new variable
  • added two new regional truted VPC
  • added a new NVA deployment option to support regional VPCs
  • VPC routing

Checklist

I applicable, I acknowledge that I have:

  • Read the contributing guide
  • Ran terraform fmt on all modified files
  • Regenerated the relevant README.md files using tools/tfdoc.py
  • Made sure all relevant tests pass

@ludoo
Copy link
Collaborator

ludoo commented Aug 30, 2024

I'm not sure we should have a ton of GCVE-specific resources in the network stage. But I have no idea about an alternative. Let's sit down and discuss all together.

@eliamaldini
Copy link
Collaborator Author

I'm not sure we should have a ton of GCVE-specific resources in the network stage. But I have no idea about an alternative. Let's sit down and discuss all together.

An idea could be, instead of referring to GCVE we can call the option in a generic way like "regional_trusted". It would be a design option that can be used not only for GCVE but in all the cases where regional trusted are required

@ludoo
Copy link
Collaborator

ludoo commented Aug 30, 2024

I'm not sure we should have a ton of GCVE-specific resources in the network stage. But I have no idea about an alternative. Let's sit down and discuss all together.

An idea could be, instead of referring to GCVE we can call the option in a generic way like "regional_trusted". It would be a design option that can be used not only for GCVE but in all the cases where regional trusted are required

Makes a lot of sense, but then would this be an additional net design or a "flavor" of the current one? And how would it combine with ncc-ra support?

@eliamaldini
Copy link
Collaborator Author

I'm not sure we should have a ton of GCVE-specific resources in the network stage. But I have no idea about an alternative. Let's sit down and discuss all together.

An idea could be, instead of referring to GCVE we can call the option in a generic way like "regional_trusted". It would be a design option that can be used not only for GCVE but in all the cases where regional trusted are required

Makes a lot of sense, but then would this be an additional net design or a "flavor" of the current one? And how would it combine with ncc-ra support?

I would leave the net experts to undersatnd if a dedicated stage is better.

GCVE mode cannot be combined with ncc-ra (regional VPC doesn't require ncc/bgp routing) if you see the code, the three net modes (simple, ncc-ra, gcve) are mutually exclusive. you can have just one of them enabled.

@ludoo
Copy link
Collaborator

ludoo commented Aug 30, 2024

I'm not sure we should have a ton of GCVE-specific resources in the network stage. But I have no idea about an alternative. Let's sit down and discuss all together.

An idea could be, instead of referring to GCVE we can call the option in a generic way like "regional_trusted". It would be a design option that can be used not only for GCVE but in all the cases where regional trusted are required

Makes a lot of sense, but then would this be an additional net design or a "flavor" of the current one? And how would it combine with ncc-ra support?

I would leave the net experts to undersatnd if a dedicated stage is better.

GCVE mode cannot be combined with ncc-ra (regional VPC doesn't require ncc/bgp routing) if you see the code, the three net modes (simple, ncc-ra, gcve) are mutually exclusive. you can have just one of them enabled.

sure, but the point is gcve depends on simple mode, it's not a different net mode so we need different way of expressing this

@eliamaldini eliamaldini marked this pull request as ready for review September 23, 2024 08:21
sruffilli
sruffilli requested changes Oct 2, 2024
View reviewed changes
Copy link
Collaborator

@sruffilli sruffilli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM pending the highlighted changes

@eliamaldini eliamaldini merged commit 81a6ff3 into master Oct 15, 2024
18 checks passed
@eliamaldini eliamaldini deleted the em-gcve-net branch October 15, 2024 06:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ludoo ludoo ludoo left review comments

@sruffilli sruffilli sruffilli approved these changes

Assignees
No one assigned
Labels
on:FAST
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@eliamaldini @ludoo @sruffilli