diff --git a/api/v1beta1/conversion.go b/api/v1beta1/conversion.go
index d5601e2308..8dbf7aeeed 100644
--- a/api/v1beta1/conversion.go
+++ b/api/v1beta1/conversion.go
@@ -364,6 +364,42 @@ func Convert_v1beta2_OpenStackMachineSpec_To_v1beta1_OpenStackMachineSpec(
return nil
}
+func Convert_v1beta1_OpenStackClusterSpec_To_v1beta2_OpenStackClusterSpec(
+ in *OpenStackClusterSpec,
+ out *infrav1.OpenStackClusterSpec,
+ s apiconversion.Scope,
+) error {
+ if err := autoConvert_v1beta1_OpenStackClusterSpec_To_v1beta2_OpenStackClusterSpec(in, out, s); err != nil {
+ return err
+ }
+
+ if in.NetworkMTU != nil || in.DisablePortSecurity != nil {
+ out.ManagedNetwork = &infrav1.ManagedNetwork{
+ MTU: in.NetworkMTU,
+ DisablePortSecurity: in.DisablePortSecurity,
+ }
+ }
+
+ return nil
+}
+
+func Convert_v1beta2_OpenStackClusterSpec_To_v1beta1_OpenStackClusterSpec(
+ in *infrav1.OpenStackClusterSpec,
+ out *OpenStackClusterSpec,
+ s apiconversion.Scope,
+) error {
+ if err := autoConvert_v1beta2_OpenStackClusterSpec_To_v1beta1_OpenStackClusterSpec(in, out, s); err != nil {
+ return err
+ }
+
+ if in.ManagedNetwork != nil {
+ out.NetworkMTU = in.ManagedNetwork.MTU
+ out.DisablePortSecurity = in.ManagedNetwork.DisablePortSecurity
+ }
+
+ return nil
+}
+
// LegacyCalicoSecurityGroupRules returns a list of security group rules for calico
// that need to be applied to the control plane and worker security groups when
// managed security groups are enabled and upgrading to v1beta1.
diff --git a/api/v1beta1/conversion_test.go b/api/v1beta1/conversion_test.go
index 7f1efa8903..211c244f6a 100644
--- a/api/v1beta1/conversion_test.go
+++ b/api/v1beta1/conversion_test.go
@@ -98,6 +98,7 @@ func TestOpenStackClusterConversion(t *testing.T) {
g.Expect(dst.Namespace).To(Equal("default"))
g.Expect(dst.Spec.IdentityRef.Name).To(Equal("cloud-config"))
g.Expect(dst.Spec.ManagedSubnets).To(HaveLen(1))
+ g.Expect(dst.Spec.ManagedNetwork).To(BeNil())
// Verify flavor mapping (name -> FlavorParam.Filter.Name)
g.Expect(dst.Spec.Bastion.Spec.Flavor.ID).To(BeNil())
@@ -136,6 +137,8 @@ func TestOpenStackClusterConversion(t *testing.T) {
g.Expect(restored.Spec.IdentityRef).To(Equal(src.Spec.IdentityRef))
g.Expect(restored.Status.Ready).To(BeTrue())
g.Expect(restored.Status.Conditions).To(HaveLen(2))
+ g.Expect(restored.Spec.NetworkMTU).To(BeNil())
+ g.Expect(restored.Spec.DisablePortSecurity).To(BeNil())
// Severity is lost during conversion, so it won't match exactly
g.Expect(restored.Status.Conditions[0].Type).To(Equal(src.Status.Conditions[0].Type))
@@ -967,3 +970,64 @@ func TestIsReadyHelper(t *testing.T) {
g.Expect(infrav1.IsReady(nil)).To(BeFalse())
g.Expect(infrav1.IsReady([]metav1.Condition{})).To(BeFalse())
}
+
+func TestOpenStackCluster_RoundTrip_ManagedNetwork(t *testing.T) {
+ mtu := optional.Int(ptr.To(1500))
+ disablePS := optional.Bool(ptr.To(true))
+
+ tests := []struct {
+ name string
+ in OpenStackCluster
+ }{
+ {
+ name: "both fields set",
+ in: OpenStackCluster{
+ Spec: OpenStackClusterSpec{
+ NetworkMTU: mtu,
+ DisablePortSecurity: disablePS,
+ },
+ },
+ },
+ {
+ name: "only MTU set",
+ in: OpenStackCluster{
+ Spec: OpenStackClusterSpec{NetworkMTU: mtu},
+ },
+ },
+ {
+ name: "only DisablePortSecurity set",
+ in: OpenStackCluster{
+ Spec: OpenStackClusterSpec{DisablePortSecurity: disablePS},
+ },
+ },
+ {
+ name: "neither set — ManagedNetwork stays nil",
+ in: OpenStackCluster{},
+ },
+ }
+
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ g := NewWithT(t)
+
+ hub := &infrav1.OpenStackCluster{}
+ g.Expect(tt.in.ConvertTo(hub)).To(Succeed())
+
+ // Verify intermediate v1beta2 state
+ if tt.in.Spec.NetworkMTU == nil && tt.in.Spec.DisablePortSecurity == nil {
+ g.Expect(hub.Spec.ManagedNetwork).To(BeNil())
+ } else {
+ g.Expect(hub.Spec.ManagedNetwork).NotTo(BeNil())
+ g.Expect(hub.Spec.ManagedNetwork.MTU).To(Equal(tt.in.Spec.NetworkMTU))
+ g.Expect(hub.Spec.ManagedNetwork.DisablePortSecurity).To(Equal(tt.in.Spec.DisablePortSecurity))
+ }
+
+ restored := &OpenStackCluster{}
+ g.Expect(restored.ConvertFrom(hub)).To(Succeed())
+
+ // Verify final v1beta1 state
+ g.Expect(restored.Spec.NetworkMTU).To(Equal(tt.in.Spec.NetworkMTU))
+ g.Expect(restored.Spec.DisablePortSecurity).To(Equal(tt.in.Spec.DisablePortSecurity))
+ })
+ }
+}
diff --git a/api/v1beta1/zz_generated.conversion.go b/api/v1beta1/zz_generated.conversion.go
index 9916ce76c7..1c58135686 100644
--- a/api/v1beta1/zz_generated.conversion.go
+++ b/api/v1beta1/zz_generated.conversion.go
@@ -311,16 +311,6 @@ func RegisterConversions(s *runtime.Scheme) error {
}); err != nil {
return err
}
- if err := s.AddGeneratedConversionFunc((*OpenStackClusterSpec)(nil), (*v1beta2.OpenStackClusterSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
- return Convert_v1beta1_OpenStackClusterSpec_To_v1beta2_OpenStackClusterSpec(a.(*OpenStackClusterSpec), b.(*v1beta2.OpenStackClusterSpec), scope)
- }); err != nil {
- return err
- }
- if err := s.AddGeneratedConversionFunc((*v1beta2.OpenStackClusterSpec)(nil), (*OpenStackClusterSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
- return Convert_v1beta2_OpenStackClusterSpec_To_v1beta1_OpenStackClusterSpec(a.(*v1beta2.OpenStackClusterSpec), b.(*OpenStackClusterSpec), scope)
- }); err != nil {
- return err
- }
if err := s.AddGeneratedConversionFunc((*OpenStackClusterTemplate)(nil), (*v1beta2.OpenStackClusterTemplate)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_OpenStackClusterTemplate_To_v1beta2_OpenStackClusterTemplate(a.(*OpenStackClusterTemplate), b.(*v1beta2.OpenStackClusterTemplate), scope)
}); err != nil {
@@ -711,6 +701,11 @@ func RegisterConversions(s *runtime.Scheme) error {
}); err != nil {
return err
}
+ if err := s.AddConversionFunc((*OpenStackClusterSpec)(nil), (*v1beta2.OpenStackClusterSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
+ return Convert_v1beta1_OpenStackClusterSpec_To_v1beta2_OpenStackClusterSpec(a.(*OpenStackClusterSpec), b.(*v1beta2.OpenStackClusterSpec), scope)
+ }); err != nil {
+ return err
+ }
if err := s.AddConversionFunc((*OpenStackClusterStatus)(nil), (*v1beta2.OpenStackClusterStatus)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta1_OpenStackClusterStatus_To_v1beta2_OpenStackClusterStatus(a.(*OpenStackClusterStatus), b.(*v1beta2.OpenStackClusterStatus), scope)
}); err != nil {
@@ -726,6 +721,11 @@ func RegisterConversions(s *runtime.Scheme) error {
}); err != nil {
return err
}
+ if err := s.AddConversionFunc((*v1beta2.OpenStackClusterSpec)(nil), (*OpenStackClusterSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
+ return Convert_v1beta2_OpenStackClusterSpec_To_v1beta1_OpenStackClusterSpec(a.(*v1beta2.OpenStackClusterSpec), b.(*OpenStackClusterSpec), scope)
+ }); err != nil {
+ return err
+ }
if err := s.AddConversionFunc((*v1beta2.OpenStackClusterStatus)(nil), (*OpenStackClusterStatus)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1beta2_OpenStackClusterStatus_To_v1beta1_OpenStackClusterStatus(a.(*v1beta2.OpenStackClusterStatus), b.(*OpenStackClusterStatus), scope)
}); err != nil {
@@ -1459,7 +1459,7 @@ func autoConvert_v1beta1_OpenStackClusterSpec_To_v1beta2_OpenStackClusterSpec(in
out.Router = (*v1beta2.RouterParam)(unsafe.Pointer(in.Router))
out.Network = (*v1beta2.NetworkParam)(unsafe.Pointer(in.Network))
out.Subnets = *(*[]v1beta2.SubnetParam)(unsafe.Pointer(&in.Subnets))
- out.NetworkMTU = (optional.Int)(unsafe.Pointer(in.NetworkMTU))
+ // WARNING: in.NetworkMTU requires manual conversion: does not exist in peer-type
out.ExternalRouterIPs = *(*[]v1beta2.ExternalRouterIPParam)(unsafe.Pointer(&in.ExternalRouterIPs))
out.ExternalNetwork = (*v1beta2.NetworkParam)(unsafe.Pointer(in.ExternalNetwork))
out.DisableExternalNetwork = (optional.Bool)(unsafe.Pointer(in.DisableExternalNetwork))
@@ -1469,7 +1469,7 @@ func autoConvert_v1beta1_OpenStackClusterSpec_To_v1beta2_OpenStackClusterSpec(in
out.APIServerFixedIP = (optional.String)(unsafe.Pointer(in.APIServerFixedIP))
out.APIServerPort = (optional.UInt16)(unsafe.Pointer(in.APIServerPort))
out.ManagedSecurityGroups = (*v1beta2.ManagedSecurityGroups)(unsafe.Pointer(in.ManagedSecurityGroups))
- out.DisablePortSecurity = (optional.Bool)(unsafe.Pointer(in.DisablePortSecurity))
+ // WARNING: in.DisablePortSecurity requires manual conversion: does not exist in peer-type
out.Tags = *(*[]string)(unsafe.Pointer(&in.Tags))
out.ControlPlaneEndpoint = (*corev1beta2.APIEndpoint)(unsafe.Pointer(in.ControlPlaneEndpoint))
out.ControlPlaneAvailabilityZones = *(*[]string)(unsafe.Pointer(&in.ControlPlaneAvailabilityZones))
@@ -1489,17 +1489,12 @@ func autoConvert_v1beta1_OpenStackClusterSpec_To_v1beta2_OpenStackClusterSpec(in
return nil
}
-// Convert_v1beta1_OpenStackClusterSpec_To_v1beta2_OpenStackClusterSpec is an autogenerated conversion function.
-func Convert_v1beta1_OpenStackClusterSpec_To_v1beta2_OpenStackClusterSpec(in *OpenStackClusterSpec, out *v1beta2.OpenStackClusterSpec, s conversion.Scope) error {
- return autoConvert_v1beta1_OpenStackClusterSpec_To_v1beta2_OpenStackClusterSpec(in, out, s)
-}
-
func autoConvert_v1beta2_OpenStackClusterSpec_To_v1beta1_OpenStackClusterSpec(in *v1beta2.OpenStackClusterSpec, out *OpenStackClusterSpec, s conversion.Scope) error {
out.ManagedSubnets = *(*[]SubnetSpec)(unsafe.Pointer(&in.ManagedSubnets))
+ out.Subnets = *(*[]SubnetParam)(unsafe.Pointer(&in.Subnets))
out.Router = (*RouterParam)(unsafe.Pointer(in.Router))
+ // WARNING: in.ManagedNetwork requires manual conversion: does not exist in peer-type
out.Network = (*NetworkParam)(unsafe.Pointer(in.Network))
- out.Subnets = *(*[]SubnetParam)(unsafe.Pointer(&in.Subnets))
- out.NetworkMTU = (optional.Int)(unsafe.Pointer(in.NetworkMTU))
out.ExternalRouterIPs = *(*[]ExternalRouterIPParam)(unsafe.Pointer(&in.ExternalRouterIPs))
out.ExternalNetwork = (*NetworkParam)(unsafe.Pointer(in.ExternalNetwork))
out.DisableExternalNetwork = (optional.Bool)(unsafe.Pointer(in.DisableExternalNetwork))
@@ -1509,7 +1504,6 @@ func autoConvert_v1beta2_OpenStackClusterSpec_To_v1beta1_OpenStackClusterSpec(in
out.APIServerFixedIP = (optional.String)(unsafe.Pointer(in.APIServerFixedIP))
out.APIServerPort = (optional.UInt16)(unsafe.Pointer(in.APIServerPort))
out.ManagedSecurityGroups = (*ManagedSecurityGroups)(unsafe.Pointer(in.ManagedSecurityGroups))
- out.DisablePortSecurity = (optional.Bool)(unsafe.Pointer(in.DisablePortSecurity))
out.Tags = *(*[]string)(unsafe.Pointer(&in.Tags))
out.ControlPlaneEndpoint = (*corev1beta1.APIEndpoint)(unsafe.Pointer(in.ControlPlaneEndpoint))
out.ControlPlaneAvailabilityZones = *(*[]string)(unsafe.Pointer(&in.ControlPlaneAvailabilityZones))
@@ -1529,11 +1523,6 @@ func autoConvert_v1beta2_OpenStackClusterSpec_To_v1beta1_OpenStackClusterSpec(in
return nil
}
-// Convert_v1beta2_OpenStackClusterSpec_To_v1beta1_OpenStackClusterSpec is an autogenerated conversion function.
-func Convert_v1beta2_OpenStackClusterSpec_To_v1beta1_OpenStackClusterSpec(in *v1beta2.OpenStackClusterSpec, out *OpenStackClusterSpec, s conversion.Scope) error {
- return autoConvert_v1beta2_OpenStackClusterSpec_To_v1beta1_OpenStackClusterSpec(in, out, s)
-}
-
func autoConvert_v1beta1_OpenStackClusterStatus_To_v1beta2_OpenStackClusterStatus(in *OpenStackClusterStatus, out *v1beta2.OpenStackClusterStatus, s conversion.Scope) error {
// WARNING: in.Ready requires manual conversion: does not exist in peer-type
out.Initialization = (*v1beta2.ClusterInitialization)(unsafe.Pointer(in.Initialization))
diff --git a/api/v1beta2/openstackcluster_types.go b/api/v1beta2/openstackcluster_types.go
index 8342b6063f..985a6935b8 100644
--- a/api/v1beta2/openstackcluster_types.go
+++ b/api/v1beta2/openstackcluster_types.go
@@ -41,16 +41,6 @@ type OpenStackClusterSpec struct {
// +optional
ManagedSubnets []SubnetSpec `json:"managedSubnets,omitempty"`
- // Router specifies an existing router to be used if ManagedSubnets are
- // specified. If specified, no new router will be created.
- // +optional
- Router *RouterParam `json:"router,omitempty"`
-
- // Network specifies an existing network to use if no ManagedSubnets
- // are specified.
- // +optional
- Network *NetworkParam `json:"network,omitempty"`
-
// Subnets specifies existing subnets to use if not ManagedSubnets are
// specified. All subnets must be in the network specified by Network.
// There can be zero, one, or two subnets. If no subnets are specified,
@@ -61,12 +51,21 @@ type OpenStackClusterSpec struct {
// +optional
Subnets []SubnetParam `json:"subnets,omitempty"`
- // NetworkMTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID.
- // This value will be used only if the Cluster actuator creates the network.
- // If left empty, the network will have the default MTU defined in Openstack network service.
- // To use this field, the Openstack installation requires the net-mtu neutron API extension.
+ // Router specifies an existing router to be used if ManagedSubnets are
+ // specified. If specified, no new router will be created.
// +optional
- NetworkMTU optional.Int `json:"networkMTU,omitempty"`
+ Router *RouterParam `json:"router,omitempty"`
+
+ // ManagedNetwork specifies attributes of the network. The values are used only
+ // if the Cluster actuator creates the network.
+ // +kubebuilder:validation:XValidation:rule="self == null || has(self.mtu) || has(self.disablePortSecurity)",message="managedNetwork must not be empty if set"
+ // +optional
+ ManagedNetwork *ManagedNetwork `json:"managedNetwork,omitempty"`
+
+ // Network specifies an existing network to use if no ManagedSubnets
+ // are specified.
+ // +optional
+ Network *NetworkParam `json:"network,omitempty"`
// ExternalRouterIPs is an array of externalIPs on the respective subnets.
// This is necessary if the router needs a fixed ip in a specific subnet.
@@ -148,11 +147,6 @@ type OpenStackClusterSpec struct {
// +optional
ManagedSecurityGroups *ManagedSecurityGroups `json:"managedSecurityGroups,omitempty"`
- // DisablePortSecurity disables the port security of the network created for the
- // Kubernetes cluster, which also disables SecurityGroups
- // +optional
- DisablePortSecurity optional.Bool `json:"disablePortSecurity,omitempty"`
-
// Tags to set on all resources in cluster which support tags
// +listType=set
// +optional
@@ -285,6 +279,21 @@ type OpenStackClusterList struct {
Items []OpenStackCluster `json:"items"`
}
+// ManagedNetwork specifies attributes of the network.
+type ManagedNetwork struct {
+ // MTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID.
+ // This value will be used only if the Cluster actuator creates the network.
+ // If left empty, the network will have the default MTU defined in Openstack network service.
+ // To use this field, the Openstack installation requires the net-mtu neutron API extension.
+ // +optional
+ MTU optional.Int `json:"mtu,omitempty"`
+
+ // DisablePortSecurity disables the port security of the network created for the
+ // Kubernetes cluster, which also disables SecurityGroups
+ // +optional
+ DisablePortSecurity optional.Bool `json:"disablePortSecurity,omitempty"`
+}
+
// ManagedSecurityGroups defines the desired state of security groups and rules for the cluster.
type ManagedSecurityGroups struct {
// allNodesSecurityGroupRules defines the rules that should be applied to all nodes.
diff --git a/api/v1beta2/zz_generated.deepcopy.go b/api/v1beta2/zz_generated.deepcopy.go
index c7582af421..c5940c3116 100644
--- a/api/v1beta2/zz_generated.deepcopy.go
+++ b/api/v1beta2/zz_generated.deepcopy.go
@@ -536,6 +536,31 @@ func (in *MachineResources) DeepCopy() *MachineResources {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ManagedNetwork) DeepCopyInto(out *ManagedNetwork) {
+ *out = *in
+ if in.MTU != nil {
+ in, out := &in.MTU, &out.MTU
+ *out = new(int)
+ **out = **in
+ }
+ if in.DisablePortSecurity != nil {
+ in, out := &in.DisablePortSecurity, &out.DisablePortSecurity
+ *out = new(bool)
+ **out = **in
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedNetwork.
+func (in *ManagedNetwork) DeepCopy() *ManagedNetwork {
+ if in == nil {
+ return nil
+ }
+ out := new(ManagedNetwork)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ManagedSecurityGroups) DeepCopyInto(out *ManagedSecurityGroups) {
*out = *in
@@ -740,28 +765,28 @@ func (in *OpenStackClusterSpec) DeepCopyInto(out *OpenStackClusterSpec) {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
+ if in.Subnets != nil {
+ in, out := &in.Subnets, &out.Subnets
+ *out = make([]SubnetParam, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
if in.Router != nil {
in, out := &in.Router, &out.Router
*out = new(RouterParam)
(*in).DeepCopyInto(*out)
}
+ if in.ManagedNetwork != nil {
+ in, out := &in.ManagedNetwork, &out.ManagedNetwork
+ *out = new(ManagedNetwork)
+ (*in).DeepCopyInto(*out)
+ }
if in.Network != nil {
in, out := &in.Network, &out.Network
*out = new(NetworkParam)
(*in).DeepCopyInto(*out)
}
- if in.Subnets != nil {
- in, out := &in.Subnets, &out.Subnets
- *out = make([]SubnetParam, len(*in))
- for i := range *in {
- (*in)[i].DeepCopyInto(&(*out)[i])
- }
- }
- if in.NetworkMTU != nil {
- in, out := &in.NetworkMTU, &out.NetworkMTU
- *out = new(int)
- **out = **in
- }
if in.ExternalRouterIPs != nil {
in, out := &in.ExternalRouterIPs, &out.ExternalRouterIPs
*out = make([]ExternalRouterIPParam, len(*in))
@@ -809,11 +834,6 @@ func (in *OpenStackClusterSpec) DeepCopyInto(out *OpenStackClusterSpec) {
*out = new(ManagedSecurityGroups)
(*in).DeepCopyInto(*out)
}
- if in.DisablePortSecurity != nil {
- in, out := &in.DisablePortSecurity, &out.DisablePortSecurity
- *out = new(bool)
- **out = **in
- }
if in.Tags != nil {
in, out := &in.Tags, &out.Tags
*out = make([]string, len(*in))
diff --git a/cmd/models-schema/zz_generated.openapi.go b/cmd/models-schema/zz_generated.openapi.go
index 49494a64bf..19b2a4b41d 100644
--- a/cmd/models-schema/zz_generated.openapi.go
+++ b/cmd/models-schema/zz_generated.openapi.go
@@ -430,6 +430,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA
"sigs.k8s.io/cluster-api-provider-openstack/api/v1beta2.LoadBalancer": schema_sigsk8sio_cluster_api_provider_openstack_api_v1beta2_LoadBalancer(ref),
"sigs.k8s.io/cluster-api-provider-openstack/api/v1beta2.MachineInitialization": schema_sigsk8sio_cluster_api_provider_openstack_api_v1beta2_MachineInitialization(ref),
"sigs.k8s.io/cluster-api-provider-openstack/api/v1beta2.MachineResources": schema_sigsk8sio_cluster_api_provider_openstack_api_v1beta2_MachineResources(ref),
+ "sigs.k8s.io/cluster-api-provider-openstack/api/v1beta2.ManagedNetwork": schema_sigsk8sio_cluster_api_provider_openstack_api_v1beta2_ManagedNetwork(ref),
"sigs.k8s.io/cluster-api-provider-openstack/api/v1beta2.ManagedSecurityGroups": schema_sigsk8sio_cluster_api_provider_openstack_api_v1beta2_ManagedSecurityGroups(ref),
"sigs.k8s.io/cluster-api-provider-openstack/api/v1beta2.NetworkFilter": schema_sigsk8sio_cluster_api_provider_openstack_api_v1beta2_NetworkFilter(ref),
"sigs.k8s.io/cluster-api-provider-openstack/api/v1beta2.NetworkParam": schema_sigsk8sio_cluster_api_provider_openstack_api_v1beta2_NetworkParam(ref),
@@ -22990,6 +22991,33 @@ func schema_sigsk8sio_cluster_api_provider_openstack_api_v1beta2_MachineResource
}
}
+func schema_sigsk8sio_cluster_api_provider_openstack_api_v1beta2_ManagedNetwork(ref common.ReferenceCallback) common.OpenAPIDefinition {
+ return common.OpenAPIDefinition{
+ Schema: spec.Schema{
+ SchemaProps: spec.SchemaProps{
+ Description: "ManagedNetwork specifies attributes of the network.",
+ Type: []string{"object"},
+ Properties: map[string]spec.Schema{
+ "mtu": {
+ SchemaProps: spec.SchemaProps{
+ Description: "MTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID. This value will be used only if the Cluster actuator creates the network. If left empty, the network will have the default MTU defined in Openstack network service. To use this field, the Openstack installation requires the net-mtu neutron API extension.",
+ Type: []string{"integer"},
+ Format: "int32",
+ },
+ },
+ "disablePortSecurity": {
+ SchemaProps: spec.SchemaProps{
+ Description: "DisablePortSecurity disables the port security of the network created for the Kubernetes cluster, which also disables SecurityGroups",
+ Type: []string{"boolean"},
+ Format: "",
+ },
+ },
+ },
+ },
+ },
+ }
+}
+
func schema_sigsk8sio_cluster_api_provider_openstack_api_v1beta2_ManagedSecurityGroups(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
@@ -23467,18 +23495,6 @@ func schema_sigsk8sio_cluster_api_provider_openstack_api_v1beta2_OpenStackCluste
},
},
},
- "router": {
- SchemaProps: spec.SchemaProps{
- Description: "Router specifies an existing router to be used if ManagedSubnets are specified. If specified, no new router will be created.",
- Ref: ref("sigs.k8s.io/cluster-api-provider-openstack/api/v1beta2.RouterParam"),
- },
- },
- "network": {
- SchemaProps: spec.SchemaProps{
- Description: "Network specifies an existing network to use if no ManagedSubnets are specified.",
- Ref: ref("sigs.k8s.io/cluster-api-provider-openstack/api/v1beta2.NetworkParam"),
- },
- },
"subnets": {
VendorExtensible: spec.VendorExtensible{
Extensions: spec.Extensions{
@@ -23498,11 +23514,22 @@ func schema_sigsk8sio_cluster_api_provider_openstack_api_v1beta2_OpenStackCluste
},
},
},
- "networkMTU": {
+ "router": {
SchemaProps: spec.SchemaProps{
- Description: "NetworkMTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID. This value will be used only if the Cluster actuator creates the network. If left empty, the network will have the default MTU defined in Openstack network service. To use this field, the Openstack installation requires the net-mtu neutron API extension.",
- Type: []string{"integer"},
- Format: "int32",
+ Description: "Router specifies an existing router to be used if ManagedSubnets are specified. If specified, no new router will be created.",
+ Ref: ref("sigs.k8s.io/cluster-api-provider-openstack/api/v1beta2.RouterParam"),
+ },
+ },
+ "managedNetwork": {
+ SchemaProps: spec.SchemaProps{
+ Description: "ManagedNetwork specifies attributes of the network. The values are used only if the Cluster actuator creates the network.",
+ Ref: ref("sigs.k8s.io/cluster-api-provider-openstack/api/v1beta2.ManagedNetwork"),
+ },
+ },
+ "network": {
+ SchemaProps: spec.SchemaProps{
+ Description: "Network specifies an existing network to use if no ManagedSubnets are specified.",
+ Ref: ref("sigs.k8s.io/cluster-api-provider-openstack/api/v1beta2.NetworkParam"),
},
},
"externalRouterIPs": {
@@ -23577,13 +23604,6 @@ func schema_sigsk8sio_cluster_api_provider_openstack_api_v1beta2_OpenStackCluste
Ref: ref("sigs.k8s.io/cluster-api-provider-openstack/api/v1beta2.ManagedSecurityGroups"),
},
},
- "disablePortSecurity": {
- SchemaProps: spec.SchemaProps{
- Description: "DisablePortSecurity disables the port security of the network created for the Kubernetes cluster, which also disables SecurityGroups",
- Type: []string{"boolean"},
- Format: "",
- },
- },
"tags": {
VendorExtensible: spec.VendorExtensible{
Extensions: spec.Extensions{
@@ -23655,7 +23675,7 @@ func schema_sigsk8sio_cluster_api_provider_openstack_api_v1beta2_OpenStackCluste
},
},
Dependencies: []string{
- "sigs.k8s.io/cluster-api-provider-openstack/api/v1beta2.APIServerLoadBalancer", "sigs.k8s.io/cluster-api-provider-openstack/api/v1beta2.Bastion", "sigs.k8s.io/cluster-api-provider-openstack/api/v1beta2.ExternalRouterIPParam", "sigs.k8s.io/cluster-api-provider-openstack/api/v1beta2.ManagedSecurityGroups", "sigs.k8s.io/cluster-api-provider-openstack/api/v1beta2.NetworkParam", "sigs.k8s.io/cluster-api-provider-openstack/api/v1beta2.OpenStackIdentityReference", "sigs.k8s.io/cluster-api-provider-openstack/api/v1beta2.RouterParam", "sigs.k8s.io/cluster-api-provider-openstack/api/v1beta2.SubnetParam", "sigs.k8s.io/cluster-api-provider-openstack/api/v1beta2.SubnetSpec", "sigs.k8s.io/cluster-api/api/core/v1beta2.APIEndpoint"},
+ "sigs.k8s.io/cluster-api-provider-openstack/api/v1beta2.APIServerLoadBalancer", "sigs.k8s.io/cluster-api-provider-openstack/api/v1beta2.Bastion", "sigs.k8s.io/cluster-api-provider-openstack/api/v1beta2.ExternalRouterIPParam", "sigs.k8s.io/cluster-api-provider-openstack/api/v1beta2.ManagedNetwork", "sigs.k8s.io/cluster-api-provider-openstack/api/v1beta2.ManagedSecurityGroups", "sigs.k8s.io/cluster-api-provider-openstack/api/v1beta2.NetworkParam", "sigs.k8s.io/cluster-api-provider-openstack/api/v1beta2.OpenStackIdentityReference", "sigs.k8s.io/cluster-api-provider-openstack/api/v1beta2.RouterParam", "sigs.k8s.io/cluster-api-provider-openstack/api/v1beta2.SubnetParam", "sigs.k8s.io/cluster-api-provider-openstack/api/v1beta2.SubnetSpec", "sigs.k8s.io/cluster-api/api/core/v1beta2.APIEndpoint"},
}
}
diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclusters.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclusters.yaml
index fa0c07a844..a5ff9070bd 100644
--- a/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclusters.yaml
+++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclusters.yaml
@@ -4021,11 +4021,6 @@ spec:
to an external network. This allows for the creation of clusters when connecting
to an external network is not possible or desirable, e.g. if using a provider network.
type: boolean
- disablePortSecurity:
- description: |-
- DisablePortSecurity disables the port security of the network created for the
- Kubernetes cluster, which also disables SecurityGroups
- type: boolean
externalNetwork:
description: |-
ExternalNetwork is the OpenStack Network to be used to get public internet to the VMs.
@@ -4257,6 +4252,27 @@ spec:
- message: region is immutable
rule: (!has(self.region) && !has(oldSelf.region)) || self.region
== oldSelf.region
+ managedNetwork:
+ description: |-
+ ManagedNetwork specifies attributes of the network. The values are used only
+ if the Cluster actuator creates the network.
+ properties:
+ disablePortSecurity:
+ description: |-
+ DisablePortSecurity disables the port security of the network created for the
+ Kubernetes cluster, which also disables SecurityGroups
+ type: boolean
+ mtu:
+ description: |-
+ MTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID.
+ This value will be used only if the Cluster actuator creates the network.
+ If left empty, the network will have the default MTU defined in Openstack network service.
+ To use this field, the Openstack installation requires the net-mtu neutron API extension.
+ type: integer
+ type: object
+ x-kubernetes-validations:
+ - message: managedNetwork must not be empty if set
+ rule: self == null || has(self.mtu) || has(self.disablePortSecurity)
managedSecurityGroups:
description: |-
ManagedSecurityGroups determines whether OpenStack security groups for the cluster
@@ -4641,13 +4657,6 @@ spec:
format: uuid
type: string
type: object
- networkMTU:
- description: |-
- NetworkMTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID.
- This value will be used only if the Cluster actuator creates the network.
- If left empty, the network will have the default MTU defined in Openstack network service.
- To use this field, the Openstack installation requires the net-mtu neutron API extension.
- type: integer
router:
description: |-
Router specifies an existing router to be used if ManagedSubnets are
diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclustertemplates.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclustertemplates.yaml
index 0c0054674e..bbc02cd61c 100644
--- a/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclustertemplates.yaml
+++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_openstackclustertemplates.yaml
@@ -3488,11 +3488,6 @@ spec:
to an external network. This allows for the creation of clusters when connecting
to an external network is not possible or desirable, e.g. if using a provider network.
type: boolean
- disablePortSecurity:
- description: |-
- DisablePortSecurity disables the port security of the network created for the
- Kubernetes cluster, which also disables SecurityGroups
- type: boolean
externalNetwork:
description: |-
ExternalNetwork is the OpenStack Network to be used to get public internet to the VMs.
@@ -3725,6 +3720,27 @@ spec:
- message: region is immutable
rule: (!has(self.region) && !has(oldSelf.region)) || self.region
== oldSelf.region
+ managedNetwork:
+ description: |-
+ ManagedNetwork specifies attributes of the network. The values are used only
+ if the Cluster actuator creates the network.
+ properties:
+ disablePortSecurity:
+ description: |-
+ DisablePortSecurity disables the port security of the network created for the
+ Kubernetes cluster, which also disables SecurityGroups
+ type: boolean
+ mtu:
+ description: |-
+ MTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID.
+ This value will be used only if the Cluster actuator creates the network.
+ If left empty, the network will have the default MTU defined in Openstack network service.
+ To use this field, the Openstack installation requires the net-mtu neutron API extension.
+ type: integer
+ type: object
+ x-kubernetes-validations:
+ - message: managedNetwork must not be empty if set
+ rule: self == null || has(self.mtu) || has(self.disablePortSecurity)
managedSecurityGroups:
description: |-
ManagedSecurityGroups determines whether OpenStack security groups for the cluster
@@ -4112,13 +4128,6 @@ spec:
format: uuid
type: string
type: object
- networkMTU:
- description: |-
- NetworkMTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID.
- This value will be used only if the Cluster actuator creates the network.
- If left empty, the network will have the default MTU defined in Openstack network service.
- To use this field, the Openstack installation requires the net-mtu neutron API extension.
- type: integer
router:
description: |-
Router specifies an existing router to be used if ManagedSubnets are
diff --git a/docs/book/src/api/v1beta2/api.md b/docs/book/src/api/v1beta2/api.md
index 1838e7d91e..f9fa49c6d9 100644
--- a/docs/book/src/api/v1beta2/api.md
+++ b/docs/book/src/api/v1beta2/api.md
@@ -85,65 +85,65 @@ subnet is supported. If you leave this empty, no network will be created.
-router
+subnets
-
-RouterParam
+
+[]SubnetParam
|
(Optional)
- Router specifies an existing router to be used if ManagedSubnets are
-specified. If specified, no new router will be created.
+Subnets specifies existing subnets to use if not ManagedSubnets are
+specified. All subnets must be in the network specified by Network.
+There can be zero, one, or two subnets. If no subnets are specified,
+all subnets in Network will be used. If 2 subnets are specified, one
+must be IPv4 and the other IPv6.
|
-network
+router
-
-NetworkParam
+
+RouterParam
|
(Optional)
- Network specifies an existing network to use if no ManagedSubnets
-are specified.
+Router specifies an existing router to be used if ManagedSubnets are
+specified. If specified, no new router will be created.
|
-subnets
+managedNetwork
-
-[]SubnetParam
+
+ManagedNetwork
|
(Optional)
- Subnets specifies existing subnets to use if not ManagedSubnets are
-specified. All subnets must be in the network specified by Network.
-There can be zero, one, or two subnets. If no subnets are specified,
-all subnets in Network will be used. If 2 subnets are specified, one
-must be IPv4 and the other IPv6.
+ManagedNetwork specifies attributes of the network. The values are used only
+if the Cluster actuator creates the network.
|
-networkMTU
+network
-int
+
+NetworkParam
+
|
(Optional)
- NetworkMTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID.
-This value will be used only if the Cluster actuator creates the network.
-If left empty, the network will have the default MTU defined in Openstack network service.
-To use this field, the Openstack installation requires the net-mtu neutron API extension.
+Network specifies an existing network to use if no ManagedSubnets
+are specified.
|
@@ -304,19 +304,6 @@ When defined to an empty struct, the managed security groups will be created wit
-disablePortSecurity
-
-bool
-
- |
-
-(Optional)
- DisablePortSecurity disables the port security of the network created for the
-Kubernetes cluster, which also disables SecurityGroups
- |
-
-
-
tags
[]string
@@ -2132,6 +2119,53 @@ The value of this field is never updated after provisioning is completed.
|
+ManagedNetwork
+
+
+(Appears on:
+OpenStackClusterSpec)
+
+
+
ManagedNetwork specifies attributes of the network.
+
+
+
+
+| Field |
+Description |
+
+
+
+
+
+mtu
+
+int
+
+ |
+
+(Optional)
+ MTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID.
+This value will be used only if the Cluster actuator creates the network.
+If left empty, the network will have the default MTU defined in Openstack network service.
+To use this field, the Openstack installation requires the net-mtu neutron API extension.
+ |
+
+
+
+disablePortSecurity
+
+bool
+
+ |
+
+(Optional)
+ DisablePortSecurity disables the port security of the network created for the
+Kubernetes cluster, which also disables SecurityGroups
+ |
+
+
+
ManagedSecurityGroupName
(string alias)
@@ -2500,65 +2534,65 @@ subnet is supported. If you leave this empty, no network will be created.
-router
+subnets
-
-RouterParam
+
+[]SubnetParam
|
(Optional)
- Router specifies an existing router to be used if ManagedSubnets are
-specified. If specified, no new router will be created.
+Subnets specifies existing subnets to use if not ManagedSubnets are
+specified. All subnets must be in the network specified by Network.
+There can be zero, one, or two subnets. If no subnets are specified,
+all subnets in Network will be used. If 2 subnets are specified, one
+must be IPv4 and the other IPv6.
|
-network
+router
-
-NetworkParam
+
+RouterParam
|
(Optional)
- Network specifies an existing network to use if no ManagedSubnets
-are specified.
+Router specifies an existing router to be used if ManagedSubnets are
+specified. If specified, no new router will be created.
|
-subnets
+managedNetwork
-
-[]SubnetParam
+
+ManagedNetwork
|
(Optional)
- Subnets specifies existing subnets to use if not ManagedSubnets are
-specified. All subnets must be in the network specified by Network.
-There can be zero, one, or two subnets. If no subnets are specified,
-all subnets in Network will be used. If 2 subnets are specified, one
-must be IPv4 and the other IPv6.
+ManagedNetwork specifies attributes of the network. The values are used only
+if the Cluster actuator creates the network.
|
-networkMTU
+network
-int
+
+NetworkParam
+
|
(Optional)
- NetworkMTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID.
-This value will be used only if the Cluster actuator creates the network.
-If left empty, the network will have the default MTU defined in Openstack network service.
-To use this field, the Openstack installation requires the net-mtu neutron API extension.
+Network specifies an existing network to use if no ManagedSubnets
+are specified.
|
@@ -2719,19 +2753,6 @@ When defined to an empty struct, the managed security groups will be created wit
-disablePortSecurity
-
-bool
-
- |
-
-(Optional)
- DisablePortSecurity disables the port security of the network created for the
-Kubernetes cluster, which also disables SecurityGroups
- |
-
-
-
tags
[]string
@@ -3046,65 +3067,65 @@ subnet is supported. If you leave this empty, no network will be created.
|
-router
+subnets
-
-RouterParam
+
+[]SubnetParam
|
(Optional)
- Router specifies an existing router to be used if ManagedSubnets are
-specified. If specified, no new router will be created.
+Subnets specifies existing subnets to use if not ManagedSubnets are
+specified. All subnets must be in the network specified by Network.
+There can be zero, one, or two subnets. If no subnets are specified,
+all subnets in Network will be used. If 2 subnets are specified, one
+must be IPv4 and the other IPv6.
|
-network
+router
-
-NetworkParam
+
+RouterParam
|
(Optional)
- Network specifies an existing network to use if no ManagedSubnets
-are specified.
+Router specifies an existing router to be used if ManagedSubnets are
+specified. If specified, no new router will be created.
|
-subnets
+managedNetwork
-
-[]SubnetParam
+
+ManagedNetwork
|
(Optional)
- Subnets specifies existing subnets to use if not ManagedSubnets are
-specified. All subnets must be in the network specified by Network.
-There can be zero, one, or two subnets. If no subnets are specified,
-all subnets in Network will be used. If 2 subnets are specified, one
-must be IPv4 and the other IPv6.
+ManagedNetwork specifies attributes of the network. The values are used only
+if the Cluster actuator creates the network.
|
-networkMTU
+network
-int
+
+NetworkParam
+
|
(Optional)
- NetworkMTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID.
-This value will be used only if the Cluster actuator creates the network.
-If left empty, the network will have the default MTU defined in Openstack network service.
-To use this field, the Openstack installation requires the net-mtu neutron API extension.
+Network specifies an existing network to use if no ManagedSubnets
+are specified.
|
@@ -3265,19 +3286,6 @@ When defined to an empty struct, the managed security groups will be created wit
-disablePortSecurity
-
-bool
-
- |
-
-(Optional)
- DisablePortSecurity disables the port security of the network created for the
-Kubernetes cluster, which also disables SecurityGroups
- |
-
-
-
tags
[]string
diff --git a/docs/book/src/topics/crd-changes/v1beta1-to-v1beta2.md b/docs/book/src/topics/crd-changes/v1beta1-to-v1beta2.md
index 77375cf6dd..c8fcc1f060 100644
--- a/docs/book/src/topics/crd-changes/v1beta1-to-v1beta2.md
+++ b/docs/book/src/topics/crd-changes/v1beta1-to-v1beta2.md
@@ -6,6 +6,7 @@
- [Migration](#migration)
- [API Changes](#api-changes)
- [Flavor field restructure](#flavor-field-restructure)
+ - [Network management fields restructure](#network-management-fields-restructure)
- [Conditions format change](#conditions-format-change)
- [Removal of deprecated status fields](#removal-of-deprecated-status-fields)
- [FailureDomains representation change](#failuredomains-representation-change)
@@ -44,6 +45,23 @@ following the ID/Filter pattern used by other fields. This applies to `OpenStack
For `OpenStackCluster` the same change applies under `spec.bastion.spec.flavor`.
+### Network management fields restructure
+
+`spec.networkMTU` and `spec.disablePortSecurity` have been replaced by a structured
+`spec.managedNetwork` object. The field is optional, but must not be empty if set.
+This applies to `OpenStackCluster` and `OpenStackClusterTemplate`.
+
+```diff
+ spec:
+- networkMTU:
+- disablePortSecurity:
++ managedNetwork:
++ mtu:
++ disablePortSecurity:
+```
+
+For `OpenStackClusterTemplate` the same change applies under `spec.template.spec.managedNetwork`.
+
### Conditions format change
Conditions have changed from CAPI v1beta1 `Conditions` type to standard Kubernetes `[]metav1.Condition`.
diff --git a/pkg/cloud/services/networking/network.go b/pkg/cloud/services/networking/network.go
index d5f21fd2db..5b204d4d71 100644
--- a/pkg/cloud/services/networking/network.go
+++ b/pkg/cloud/services/networking/network.go
@@ -118,12 +118,14 @@ func (s *Service) ReconcileNetwork(openStackCluster *infrav1.OpenStackCluster, c
Name: networkName,
}
- if ptr.Deref(openStackCluster.Spec.DisablePortSecurity, false) {
- opts.PortSecurityEnabled = gophercloud.Disabled
- }
+ if openStackCluster.Spec.ManagedNetwork != nil {
+ if ptr.Deref(openStackCluster.Spec.ManagedNetwork.DisablePortSecurity, false) {
+ opts.PortSecurityEnabled = gophercloud.Disabled
+ }
- if openStackCluster.Spec.NetworkMTU != nil {
- opts.MTU = openStackCluster.Spec.NetworkMTU
+ if openStackCluster.Spec.ManagedNetwork.MTU != nil {
+ opts.MTU = openStackCluster.Spec.ManagedNetwork.MTU
+ }
}
network, err := s.client.CreateNetwork(opts)
diff --git a/pkg/cloud/services/networking/network_test.go b/pkg/cloud/services/networking/network_test.go
index 13d5f8a834..780408ada1 100644
--- a/pkg/cloud/services/networking/network_test.go
+++ b/pkg/cloud/services/networking/network_test.go
@@ -210,7 +210,9 @@ func Test_ReconcileNetwork(t *testing.T) {
name: "creation with disabled port security",
openStackCluster: &infrav1.OpenStackCluster{
Spec: infrav1.OpenStackClusterSpec{
- DisablePortSecurity: ptr.To(true),
+ ManagedNetwork: &infrav1.ManagedNetwork{
+ DisablePortSecurity: ptr.To(true),
+ },
},
},
expect: func(m *mock.MockNetworkClientMockRecorder) {
@@ -246,7 +248,9 @@ func Test_ReconcileNetwork(t *testing.T) {
name: "creation with mtu set",
openStackCluster: &infrav1.OpenStackCluster{
Spec: infrav1.OpenStackClusterSpec{
- NetworkMTU: ptr.To(1500),
+ ManagedNetwork: &infrav1.ManagedNetwork{
+ MTU: ptr.To(1500),
+ },
},
},
expect: func(m *mock.MockNetworkClientMockRecorder) {
diff --git a/pkg/generated/applyconfiguration/api/v1beta2/managednetwork.go b/pkg/generated/applyconfiguration/api/v1beta2/managednetwork.go
new file mode 100644
index 0000000000..ba459b2948
--- /dev/null
+++ b/pkg/generated/applyconfiguration/api/v1beta2/managednetwork.go
@@ -0,0 +1,56 @@
+/*
+Copyright 2026 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1beta2
+
+// ManagedNetworkApplyConfiguration represents a declarative configuration of the ManagedNetwork type for use
+// with apply.
+//
+// ManagedNetwork specifies attributes of the network.
+type ManagedNetworkApplyConfiguration struct {
+ // MTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID.
+ // This value will be used only if the Cluster actuator creates the network.
+ // If left empty, the network will have the default MTU defined in Openstack network service.
+ // To use this field, the Openstack installation requires the net-mtu neutron API extension.
+ MTU *int `json:"mtu,omitempty"`
+ // DisablePortSecurity disables the port security of the network created for the
+ // Kubernetes cluster, which also disables SecurityGroups
+ DisablePortSecurity *bool `json:"disablePortSecurity,omitempty"`
+}
+
+// ManagedNetworkApplyConfiguration constructs a declarative configuration of the ManagedNetwork type for use with
+// apply.
+func ManagedNetwork() *ManagedNetworkApplyConfiguration {
+ return &ManagedNetworkApplyConfiguration{}
+}
+
+// WithMTU sets the MTU field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the MTU field is set to the value of the last call.
+func (b *ManagedNetworkApplyConfiguration) WithMTU(value int) *ManagedNetworkApplyConfiguration {
+ b.MTU = &value
+ return b
+}
+
+// WithDisablePortSecurity sets the DisablePortSecurity field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DisablePortSecurity field is set to the value of the last call.
+func (b *ManagedNetworkApplyConfiguration) WithDisablePortSecurity(value bool) *ManagedNetworkApplyConfiguration {
+ b.DisablePortSecurity = &value
+ return b
+}
diff --git a/pkg/generated/applyconfiguration/api/v1beta2/openstackclusterspec.go b/pkg/generated/applyconfiguration/api/v1beta2/openstackclusterspec.go
index 9de2109c03..53a1677768 100644
--- a/pkg/generated/applyconfiguration/api/v1beta2/openstackclusterspec.go
+++ b/pkg/generated/applyconfiguration/api/v1beta2/openstackclusterspec.go
@@ -31,23 +31,21 @@ type OpenStackClusterSpecApplyConfiguration struct {
// subnets with the defined CIDR, and a router connected to these subnets. Currently only one IPv4
// subnet is supported. If you leave this empty, no network will be created.
ManagedSubnets []SubnetSpecApplyConfiguration `json:"managedSubnets,omitempty"`
- // Router specifies an existing router to be used if ManagedSubnets are
- // specified. If specified, no new router will be created.
- Router *RouterParamApplyConfiguration `json:"router,omitempty"`
- // Network specifies an existing network to use if no ManagedSubnets
- // are specified.
- Network *NetworkParamApplyConfiguration `json:"network,omitempty"`
// Subnets specifies existing subnets to use if not ManagedSubnets are
// specified. All subnets must be in the network specified by Network.
// There can be zero, one, or two subnets. If no subnets are specified,
// all subnets in Network will be used. If 2 subnets are specified, one
// must be IPv4 and the other IPv6.
Subnets []SubnetParamApplyConfiguration `json:"subnets,omitempty"`
- // NetworkMTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID.
- // This value will be used only if the Cluster actuator creates the network.
- // If left empty, the network will have the default MTU defined in Openstack network service.
- // To use this field, the Openstack installation requires the net-mtu neutron API extension.
- NetworkMTU *int `json:"networkMTU,omitempty"`
+ // Router specifies an existing router to be used if ManagedSubnets are
+ // specified. If specified, no new router will be created.
+ Router *RouterParamApplyConfiguration `json:"router,omitempty"`
+ // ManagedNetwork specifies attributes of the network. The values are used only
+ // if the Cluster actuator creates the network.
+ ManagedNetwork *ManagedNetworkApplyConfiguration `json:"managedNetwork,omitempty"`
+ // Network specifies an existing network to use if no ManagedSubnets
+ // are specified.
+ Network *NetworkParamApplyConfiguration `json:"network,omitempty"`
// ExternalRouterIPs is an array of externalIPs on the respective subnets.
// This is necessary if the router needs a fixed ip in a specific subnet.
ExternalRouterIPs []ExternalRouterIPParamApplyConfiguration `json:"externalRouterIPs,omitempty"`
@@ -109,9 +107,6 @@ type OpenStackClusterSpecApplyConfiguration struct {
// It's possible to add additional rules to the managed security groups.
// When defined to an empty struct, the managed security groups will be created with the default rules.
ManagedSecurityGroups *ManagedSecurityGroupsApplyConfiguration `json:"managedSecurityGroups,omitempty"`
- // DisablePortSecurity disables the port security of the network created for the
- // Kubernetes cluster, which also disables SecurityGroups
- DisablePortSecurity *bool `json:"disablePortSecurity,omitempty"`
// Tags to set on all resources in cluster which support tags
Tags []string `json:"tags,omitempty"`
// ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.
@@ -160,22 +155,6 @@ func (b *OpenStackClusterSpecApplyConfiguration) WithManagedSubnets(values ...*S
return b
}
-// WithRouter sets the Router field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the Router field is set to the value of the last call.
-func (b *OpenStackClusterSpecApplyConfiguration) WithRouter(value *RouterParamApplyConfiguration) *OpenStackClusterSpecApplyConfiguration {
- b.Router = value
- return b
-}
-
-// WithNetwork sets the Network field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the Network field is set to the value of the last call.
-func (b *OpenStackClusterSpecApplyConfiguration) WithNetwork(value *NetworkParamApplyConfiguration) *OpenStackClusterSpecApplyConfiguration {
- b.Network = value
- return b
-}
-
// WithSubnets adds the given value to the Subnets field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the Subnets field.
@@ -189,11 +168,27 @@ func (b *OpenStackClusterSpecApplyConfiguration) WithSubnets(values ...*SubnetPa
return b
}
-// WithNetworkMTU sets the NetworkMTU field in the declarative configuration to the given value
+// WithRouter sets the Router field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Router field is set to the value of the last call.
+func (b *OpenStackClusterSpecApplyConfiguration) WithRouter(value *RouterParamApplyConfiguration) *OpenStackClusterSpecApplyConfiguration {
+ b.Router = value
+ return b
+}
+
+// WithManagedNetwork sets the ManagedNetwork field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the NetworkMTU field is set to the value of the last call.
-func (b *OpenStackClusterSpecApplyConfiguration) WithNetworkMTU(value int) *OpenStackClusterSpecApplyConfiguration {
- b.NetworkMTU = &value
+// If called multiple times, the ManagedNetwork field is set to the value of the last call.
+func (b *OpenStackClusterSpecApplyConfiguration) WithManagedNetwork(value *ManagedNetworkApplyConfiguration) *OpenStackClusterSpecApplyConfiguration {
+ b.ManagedNetwork = value
+ return b
+}
+
+// WithNetwork sets the Network field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Network field is set to the value of the last call.
+func (b *OpenStackClusterSpecApplyConfiguration) WithNetwork(value *NetworkParamApplyConfiguration) *OpenStackClusterSpecApplyConfiguration {
+ b.Network = value
return b
}
@@ -274,14 +269,6 @@ func (b *OpenStackClusterSpecApplyConfiguration) WithManagedSecurityGroups(value
return b
}
-// WithDisablePortSecurity sets the DisablePortSecurity field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the DisablePortSecurity field is set to the value of the last call.
-func (b *OpenStackClusterSpecApplyConfiguration) WithDisablePortSecurity(value bool) *OpenStackClusterSpecApplyConfiguration {
- b.DisablePortSecurity = &value
- return b
-}
-
// WithTags adds the given value to the Tags field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the Tags field.
diff --git a/pkg/generated/applyconfiguration/internal/internal.go b/pkg/generated/applyconfiguration/internal/internal.go
index bb199992fc..cd192f4a39 100644
--- a/pkg/generated/applyconfiguration/internal/internal.go
+++ b/pkg/generated/applyconfiguration/internal/internal.go
@@ -2050,6 +2050,15 @@ var schemaYAML = typed.YAMLObject(`types:
elementType:
namedType: io.k8s.sigs.cluster-api-provider-openstack.api.v1beta2.PortStatus
elementRelationship: atomic
+- name: io.k8s.sigs.cluster-api-provider-openstack.api.v1beta2.ManagedNetwork
+ map:
+ fields:
+ - name: disablePortSecurity
+ type:
+ scalar: boolean
+ - name: mtu
+ type:
+ scalar: numeric
- name: io.k8s.sigs.cluster-api-provider-openstack.api.v1beta2.ManagedSecurityGroups
map:
fields:
@@ -2229,9 +2238,6 @@ var schemaYAML = typed.YAMLObject(`types:
- name: disableExternalNetwork
type:
scalar: boolean
- - name: disablePortSecurity
- type:
- scalar: boolean
- name: externalNetwork
type:
namedType: io.k8s.sigs.cluster-api-provider-openstack.api.v1beta2.NetworkParam
@@ -2245,6 +2251,9 @@ var schemaYAML = typed.YAMLObject(`types:
type:
namedType: io.k8s.sigs.cluster-api-provider-openstack.api.v1beta2.OpenStackIdentityReference
default: {}
+ - name: managedNetwork
+ type:
+ namedType: io.k8s.sigs.cluster-api-provider-openstack.api.v1beta2.ManagedNetwork
- name: managedSecurityGroups
type:
namedType: io.k8s.sigs.cluster-api-provider-openstack.api.v1beta2.ManagedSecurityGroups
@@ -2257,9 +2266,6 @@ var schemaYAML = typed.YAMLObject(`types:
- name: network
type:
namedType: io.k8s.sigs.cluster-api-provider-openstack.api.v1beta2.NetworkParam
- - name: networkMTU
- type:
- scalar: numeric
- name: router
type:
namedType: io.k8s.sigs.cluster-api-provider-openstack.api.v1beta2.RouterParam
diff --git a/pkg/generated/applyconfiguration/utils.go b/pkg/generated/applyconfiguration/utils.go
index 7a856e92b1..7612f8a9af 100644
--- a/pkg/generated/applyconfiguration/utils.go
+++ b/pkg/generated/applyconfiguration/utils.go
@@ -228,6 +228,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
return &apiv1beta2.MachineInitializationApplyConfiguration{}
case v1beta2.SchemeGroupVersion.WithKind("MachineResources"):
return &apiv1beta2.MachineResourcesApplyConfiguration{}
+ case v1beta2.SchemeGroupVersion.WithKind("ManagedNetwork"):
+ return &apiv1beta2.ManagedNetworkApplyConfiguration{}
case v1beta2.SchemeGroupVersion.WithKind("ManagedSecurityGroups"):
return &apiv1beta2.ManagedSecurityGroupsApplyConfiguration{}
case v1beta2.SchemeGroupVersion.WithKind("NetworkFilter"):
|