weizhouapache opened a new pull request, #13032:
URL: https://github.com/apache/cloudstack/pull/13032
## Overview
This PR introduces and wires a new extension model for external network
orchestration in CloudStack, centered on a new extension type:
**`NetworkOrchestrator`**.
It extends the extension lifecycle from cluster-only registration to
physical-network registration, adds API support for updating registered
extension metadata, and enables automatic offering creation (network and VPC)
based on provider-declared supported services and capabilities.
It also adds smoke coverage (KVM-only) using a Linux network namespace based
implementation.
---
## What's new
### 1) New extension type: `NetworkOrchestrator`
- Adds support for creating extensions of type `NetworkOrchestrator`.
- Intended to back CloudStack network/VPC operations via an external
orchestrator/provider.
### 2) Register extension with **PhysicalNetwork** (in addition to Cluster)
- Extensions can now be registered against a `PhysicalNetwork` resource.
- This enables network service provider behavior at physical-network scope,
not only cluster scope.
### 3) Physical network registration details support
- Registered extension details for `PhysicalNetwork` are handled similarly
to cluster registration details.
- Supports storing/updating external access metadata
(credentials/endpoints/config details).
### 4) New API: update registered extension
- Adds API support to update extension registration metadata after
registration.
- Useful for rotating credentials, updating endpoints, and changing external
connection properties without re-registering.
### 5) Offering automation from external provider capabilities
- Network/VPC offerings can be created with the external network provider
using:
- provider `supportedservices`
- per-service `service capabilities`
- This allows CloudStack offerings to align with what the external provider
actually supports.
### 6) Network support via generated offerings
Using offerings backed by the external provider, networks can be created and
operated with supported services/capabilities.
Supported operations include (based on provider capabilities):
- Source NAT
- Static NAT
- Port Forwarding
- Firewall
- Load Balancing
- DHCP
- DNS
- UserData
### 7) VPC support via generated offerings
Using VPC offerings backed by the external provider, VPCs and tiers can be
created and operated with supported services/capabilities.
Supported operations include (based on provider capabilities):
- VPC tier creation/implementation
- Source NAT in VPC context
- Static NAT / Port Forwarding / LB on VPC tiers
- Network ACL association and ACL rule apply paths
- Related lifecycle/restart/reapply operations
### 8) Linux network namespace based external implementation
- Adds/uses a network extension implementation based on Linux network
namespaces.
- Reference implementation:
`https://github.com/apache/cloudstack-extensions/tree/network-namespace/Network-Namespace`
### 9) Smoke test coverage (KVM-only)
- Adds smoke tests using the namespace-based extension implementation.
- Scope includes provider lifecycle, offering creation, network/VPC flows,
and key network services.
- Applicable hypervisor for this smoke suite: **KVM**.
---
## API / behavior changes
- New extension type: `NetworkOrchestrator`
- Extension registration now supports `PhysicalNetwork` resource targets
- New API to update registered extension details
- Offering creation and network/VPC service wiring can be driven by external
provider capabilities
---
## Why this change
This enables CloudStack to integrate external network orchestrators as
first-class providers with:
- clean registration lifecycle
- dynamic external detail management
- capability-driven offering generation
- practical end-to-end validation via smoke tests
---
## Testing
### Added/updated tests
- Smoke tests for external network orchestrator flows (KVM-only), including:
- extension/provider lifecycle
- network and VPC offering-based deployments
- NAT/PF/LB/ACL and related connectivity checks
- custom actions/policy operations where applicable
### Validation intent
- Verify control-plane integration (API and DB mappings)
- Verify data-plane behavior through end-to-end smoke paths
---
## Notes / limitations
- Namespace-based implementation is currently validated in KVM environments.
- Provider behavior is capability-driven; enabled operations depend on
declared supported services and service capabilities.
<!---
*******************************************************************************
-->
<!--- NOTE: AUTOMATION USES THE DESCRIPTIONS TO SET LABELS AND PRODUCE
DOCUMENTATION. -->
<!--- PLEASE PUT AN 'X' in only **ONE** box -->
<!---
*******************************************************************************
-->
## Types of changes
- [ ] Breaking change (fix or feature that would cause existing
functionality to change)
- [x] New feature (non-breaking change which adds functionality)
- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] Enhancement (improves an existing feature and functionality)
- [ ] Cleanup (Code refactoring and cleanup, that may add test cases)
- [ ] Build/CI
- [ ] Test (unit or integration test code)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
