Enable setting VNet peering properties#3340
Conversation
k8s-ci-robot
added
release-note
nprokopic
force-pushed
the
more-peering-properties-clean
branch
2 times, most recently
from
5660020 to
5dc706b
Compare
willie-yao
left a comment
willie-yao
left a comment
There was a problem hiding this comment.
This looks great, thanks for working on this @nprokopic !
Just one comment from my end: would you be able to add a unit test for VnetPeeringSpecs() in cluster_test.go?
Jont828
left a comment
Jont828
left a comment
There was a problem hiding this comment.
Thanks for the contribution! As @willie-yao said, we might want to add some tests in cluster_tests.go, and here are a couple points from me.
| AllowVirtualNetworkAccess *bool `json:"allowVirtualNetworkAccess,omitempty"` | ||
|
|
||
| // UseRemoteGateways specifies if remote gateways can be used on this virtual network. | ||
| // |
There was a problem hiding this comment.
Can probably remove this extra line
|
|
||
| // UseRemoteGateways specifies if remote gateways can be used on this virtual network. | ||
| // | ||
| // If the flag is set to true, and allowGatewayTransit on remote peering is also true, virtual network will use |
There was a problem hiding this comment.
| // If the flag is set to true, and allowGatewayTransit on remote peering is also true, virtual network will use | |
| // If the flag is set to true, and allowGatewayTransit on remote peering is also set to true, the virtual network will use |
| // UseRemoteGateways specifies if remote gateways can be used on this virtual network. | ||
| // | ||
| // If the flag is set to true, and allowGatewayTransit on remote peering is also true, virtual network will use | ||
| // gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot |
There was a problem hiding this comment.
| // gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot | |
| // the gateways of the remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot |
| RemoteVnetName: "spoke-vnet", | ||
| RemoteResourceGroup: "spoke-group", | ||
| SubscriptionID: "sub1", | ||
| AllowForwardedTraffic: to.BoolPtr(true), |
There was a problem hiding this comment.
| AllowForwardedTraffic: to.BoolPtr(true), | |
| AllowForwardedTraffic: pointer.Bool(true), |
I think we want to switch to the "k8s.io/utils/pointer" library
Thanks for the review! Sure, I will add a unit test for |
nprokopic
force-pushed
the
more-peering-properties-clean
branch
from
5dc706b to
82d0936
Compare
k8s-ci-robot
added
size/XL
|
@Jont828 @willie-yao I have added missing tests and also addressed other suggestions from the review. All tests are 🟢 :) Can we add this PR to the |
|
/lgtm This looks great! Unless there are any objections, I don't see why not. |
k8s-ci-robot
added
the
lgtm
|
LGTM label has been added. DetailsGit tree hash: 324aa8ade4d393ac71aa222ab473486159927d13 |
|
/lgtm Thanks for all the great work on this! |
|
/milestone v1.9 |
|
@willie-yao: You must be a member of the kubernetes-sigs/cluster-api-provider-azure-maintainers GitHub team to set the milestone. If you believe you should be able to issue the /milestone command, please contact your Cluster API Provider Azure Maintainers and have them propose you as an additional delegate for this responsibility. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
Sweet! Thanks for adding this! 🚀 |
Can somebody from @kubernetes-sigs/cluster-api-provider-azure-maintainers help out here? |
|
/milestone v1.9 |
|
/approve Thanks all for the reviews 🚀 |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: CecileRobertMichon The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
7 participants
What type of PR is this?
/kind feature
What this PR does / why we need it:
This PR enables setting additional properties for VNet peering (
AllowForwardedTraffic,AllowGatewayTransit,AllowVirtualNetworkAccessandUseRemoteGateways).One use case for setting these properties to non-default values is to, for example, configure VPN gateway transit for virtual network peering.
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes #3183
Special notes for your reviewer:
Please confirm that if this PR changes any image versions, then that's the sole change this PR makes.
TODOs:
Release note: