Skip to content

Improve uniqueness of ClusterControlPlane Id and name#1386

Open
Atish-iaf wants to merge 1 commit intovmware-tanzu:mainfrom
Atish-iaf:unique-ccp-name
Open

Improve uniqueness of ClusterControlPlane Id and name#1386
Atish-iaf wants to merge 1 commit intovmware-tanzu:mainfrom
Atish-iaf:unique-ccp-name

Conversation

@Atish-iaf
Copy link
Copy Markdown
Contributor

@Atish-iaf Atish-iaf commented Mar 9, 2026
edited
Loading

nsx-operator uses the following name pattern when generating cluster-control-plane names.
fmt.Sprintf("%s-%s-%s", s.NSXConfig.CoeConfig.Cluster, namespace, name)
"-" as delimiter when generating cluster-control-plane names results in following two different namespaces and clusters to have the same name

  1. namespace: xx, cluster: yy-zz, result: xx-yy-zz
  2. namespace: xx-yy, cluster: zz, result: xx-yy-zz

Use _ instead of - as delimiter when generating cluster-control-plane names because
K8s doesn't allow namespace and name to include underscore _.

Do not change existing NSXServiceAccount cluster-control-plane Id and name.
This new name pattern should only apply to new NSXServiceAccount CRs created after this new name pattern is enabled in nsx-operator.

Delete PrincipalIdentity and ClusterControlPlane node by NSXServiceAccount UID.

Test summary
Doesn't change status.clusterName in existing NSXServiceAccount CR

apiVersion: nsx.vmware.com/v1alpha1
kind: NSXServiceAccount
metadata:
  creationTimestamp: "2026-03-26T05:05:19Z"
  finalizers:
  - nsxserviceaccount.nsx.vmware.com/finalizer
  generation: 1
  name: cluster-default-antrea
  namespace: antrea-test
  ownerReferences:
  - apiVersion: cluster.x-k8s.io/v1beta2
    kind: Cluster
    name: cluster-default
    uid: ab0ab128-df31-4e77-bbe0-23a73215d571
  resourceVersion: "11427886"
  uid: fa0c7a30-192e-4830-a61f-f86d9ae39fdd
spec: {}
status:
  clusterID: 303a3ee7-d500-4d80-99a3-899e74413651
  clusterName: 65106a70-649c-49c7-a891-32fad66b9e84-antrea-test-cluster-default-antrea
  conditions:
  - lastTransitionTime: "2026-03-26T05:05:18Z"
    message: Success.
    observedGeneration: 1
    reason: RealizationSuccess
    status: "True"
    type: Realized
  nsxManagers:
  - 10.162.160.211:443
  phase: realized
  proxyEndpoints:
    addresses:
    - ip: 192.168.0.10
    ports:
    - name: rest-api
      port: 10091
      protocol: TCP
    - name: nsx-rpc-fwd-proxy
      port: 10092
      protocol: TCP
  reason: Success
  secrets:
  - name: cluster-default-antrea-nsx-cert
    namespace: antrea-test
  vpcPath: /orgs/default/projects/65106a70-649c-49c7-a891-32fad66b9e84/vpcs/antrea-test-default-vpc

For new NSXServiceAccount CR, it uses the new pattern _ to join namespace and name instead of - when generating clusterName so that it is unique.

apiVersion: nsx.vmware.com/v1alpha1
kind: NSXServiceAccount
metadata:
  creationTimestamp: "2026-03-26T05:11:42Z"
  finalizers:
  - nsxserviceaccount.nsx.vmware.com/finalizer
  generation: 1
  name: test-cluster-default-antrea
  namespace: antrea
  ownerReferences:
  - apiVersion: cluster.x-k8s.io/v1beta2
    kind: Cluster
    name: test-cluster-default
    uid: 9f3f1cfe-2c30-4d76-9a52-2dc28efc49ed
  resourceVersion: "11432691"
  uid: ca4792ad-2225-449d-8416-a88e127fe3e6
spec: {}
status:
  clusterID: 989ebfc2-0455-42f3-bcff-6b38eb7ebef4
  clusterName: 65106a70-649c-49c7-a891-32fad66b9e84_antrea_test-cluster-default-antrea
  conditions:
  - lastTransitionTime: "2026-03-26T05:11:43Z"
    message: Success.
    observedGeneration: 1
    reason: RealizationSuccess
    status: "True"
    type: Realized
  nsxManagers:
  - 10.162.160.211:443
  phase: realized
  proxyEndpoints:
    addresses:
    - ip: 192.168.0.10
    ports:
    - name: rest-api
      port: 10091
      protocol: TCP
    - name: nsx-rpc-fwd-proxy
      port: 10092
      protocol: TCP
  reason: Success
  secrets:
  - name: test-cluster-default-antrea-nsx-cert
    namespace: antrea
  vpcPath: /orgs/default/projects/65106a70-649c-49c7-a891-32fad66b9e84/vpcs/antrea-default-vpc

@zhengxiexie
Copy link
Copy Markdown
Contributor

zhengxiexie commented Mar 9, 2026

Can one of the admins verify this patch?

@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Mar 9, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 90.24390% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 76.80%. Comparing base (5434566) to head (43c5956).

Files with missing lines Patch % Lines
pkg/nsx/services/nsxserviceaccount/cluster.go 90.24% 2 Missing and 2 partials ⚠️
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #1386      +/-   ##
==========================================
+ Coverage   76.75%   76.80%   +0.04%     
==========================================
  Files         151      151              
  Lines       21319    21335      +16     
==========================================
+ Hits        16364    16386      +22     
+ Misses       3785     3780       -5     
+ Partials     1170     1169       -1
Flag Coverage Δ
unit-tests 76.80% <90.24%> (+0.04%) ⬆️
Files with missing lines Coverage Δ
pkg/nsx/services/nsxserviceaccount/cluster.go 82.55% <90.24%> (+1.93%) ⬆️
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@Atish-iaf Atish-iaf force-pushed the unique-ccp-name branch 2 times, most recently from 0fe343c to cc434c2 Compare March 10, 2026 06:15
@Atish-iaf
Copy link
Copy Markdown
Contributor Author

Atish-iaf commented Mar 10, 2026

Hi @edwardbadboy @liu4480
Could you please help to review this patch ?
Thanks!

liu4480
liu4480 reviewed Mar 10, 2026
View reviewed changes
liu4480
liu4480 reviewed Mar 10, 2026
View reviewed changes
liu4480
liu4480 reviewed Mar 10, 2026
View reviewed changes
@Atish-iaf Atish-iaf changed the title Improve uniqueness of ClusterClontrolPlane Improve uniqueness of ClusterClontrolPlane name Mar 16, 2026
@liu4480 liu4480 mentioned this pull request Mar 18, 2026
Open
@edwardbadboy edwardbadboy requested a review from andrew-su March 18, 2026 07:49
edwardbadboy
edwardbadboy reviewed Mar 20, 2026
View reviewed changes
edwardbadboy
edwardbadboy reviewed Mar 20, 2026
View reviewed changes
Copy link
Copy Markdown

@edwardbadboy edwardbadboy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is a typo in PR title and commit message title: ClusterClontrolPlane -> ClusterControlPlane

@Atish-iaf Atish-iaf changed the title Improve uniqueness of ClusterClontrolPlane name Improve uniqueness of ClusterControlPlane name Mar 20, 2026
edwardbadboy
edwardbadboy reviewed Mar 27, 2026
View reviewed changes
pkg/nsx/services/nsxserviceaccount/cluster.go

func (s *NSXServiceAccountService) getClusterName(namespace, name string) string {
return fmt.Sprintf("%s-%s-%s", s.NSXConfig.CoeConfig.Cluster, namespace, name)
func (s *NSXServiceAccountService) getClusterName(clusterName, namespace, name string) string {
Copy link
Copy Markdown

@edwardbadboy edwardbadboy Mar 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When DeleteNSXServiceAccount is called by the garbageCollector, the namespace and name can be parsed from a cluster-control-plane/SV-NS-ClusterName resource (from its tags), and there is no corresponding K8s NSXSA resource. When getClusterName is called with getClusterName("", "NS", "ClusterName"), it will return SV_NS_ClusterName which doesn't match the existing CCPN ID SV-NS-ClusterName.

Need to think of how to solve this corner case.

Copy link
Copy Markdown
Contributor Author

@Atish-iaf Atish-iaf Mar 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, updated to delete CCP and PI by getting CCP and PI from store using NSXSA uid.

@Atish-iaf Atish-iaf force-pushed the unique-ccp-name branch 2 times, most recently from d0bd271 to fe71ef7 Compare March 28, 2026 12:03
@Atish-iaf Atish-iaf requested a review from edwardbadboy March 28, 2026 12:59
@Atish-iaf
Improve uniqueness of ClusterControlPlane
43c5956 
- "-" as delimiter when generating cluster-control-plane names
  results in following two different namespaces and clusters to have the same name.
  namespace: xx, cluster: yy-zz, result: xx-yy-zz
  namespace: xx-yy, cluster: zz, result: xx-yy-zz

- Use '_' instead of '-' as delimiter when generating cluster-control-plane names because
  K8s doesn't allow namespace and name to include underscore "_".

- Do not change existing NSXServiceAccount cluster-control-plane node IDs and names.

- Delete PrincipalIdentity and ClusterControlPlane node by NSXServiceAccount UID.

Signed-off-by: Kumar Atish <kumar.atish@broadcom.com>
@Atish-iaf Atish-iaf changed the title Improve uniqueness of ClusterControlPlane name Improve uniqueness of ClusterControlPlane Node ID and name Mar 28, 2026
@Atish-iaf Atish-iaf changed the title Improve uniqueness of ClusterControlPlane Node ID and name Improve uniqueness of ClusterControlPlane Id and name Mar 31, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@andrew-su andrew-su Awaiting requested review from andrew-su

@liu4480 liu4480 Awaiting requested review from liu4480

@edwardbadboy edwardbadboy Awaiting requested review from edwardbadboy

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@Atish-iaf @zhengxiexie @codecov-commenter @edwardbadboy @liu4480