Attributes needed to support nesting of container
domains in OpenStack VMs are being added.
A new extension to the network resource which allows providing
the Kubernetes instance and the list of VLANs is being added. The
extension adds the following information:
apic:nested_domain_name - name of the Kubernetes domain; empty string if no nesting
apic:nested_domain_type - specific string used in APIC
apic:nested_domain_infra_vlan - this is 4093 for Kubernetes/OpenShift
apic:nested_domain_service_vlan -
apic:nested_domain_node_network_vlan -
apic:nested_domain_allowed_vlans - {'vlans_list': <[...,...]>,
'vlan_ranges': <[{'start': <>, 'end': <>},
{'start': <>, 'end': <>},...]>}
The allowed VLANs specify the VLAN IDs used for tagging
Kubernetes pod and node traffic. The vlan_list can be used
for enumerating non-contiguous ranges, and/or the vlan_ranges
can be used for one one or more contiguos ranges.
Example CLI:
neutron net-create nn1 --apic:nested-domain-name kube \
--apic:nested-domain-type k8s \
--apic:nested_domain_infra_vlan 4093 \
--apic:nested_domain_node_network_vlan 3000 \
--apic:nested_domain_service_vlan 1000 \
--apic:nested_domain_allowed_vlans \
"{'vlans_list': [2, 3], \
'vlan_ranges': [{'start': 10, 'end': 12}]}"
Any VMs configured for host a nested domain also require
a "nested_host_vlan" configuration specified in the
"aim_mapping" section. This value is set to 4094 by default
but can be overridden to any VLAN that does not overlap
with any other VLAN used in the system. This VLAN is locally
significant and is only used so that the VM's traffic
intended for the neutron network is not dropped by the Opflex
agent configured flows.
Change-Id: Icb4ca8f4addb0f886450393c44c08d81ebfcea3c
a7903e971d