feat: define CRDs for VRF type

In this commit we define VRF type. A VRF is composed by a single route
distinguisher (RD), and a set of route targets (RTs). Each route target
is composed by the address families it affects, an action for it (e.g.,
import or export). The ipv4-evpn and ipv6-evpn will apply the route
target actions to the EVPN context.

Author: nikatza

PROJECT

@@ -28,4 +28,13 @@ resources:
   kind: Device
   path: github.com/ironcore-dev/network-operator/api/v1alpha1
   version: v1alpha1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: cloud.sap
+  group: networking
+  kind: VRF
+  path: github.com/ironcore-dev/network-operator/api/v1alpha1
+  version: v1alpha1
 version: "3"

api/v1alpha1/vrf_types.go

@@ -0,0 +1,144 @@
+// SPDX-FileCopyrightText: 2025 SAP SE or an SAP affiliate company and IronCore contributors
+// SPDX-License-Identifier: Apache-2.0
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	ctrl "sigs.k8s.io/controller-runtime"
+)
+
+// has a single Route Distinguisher (RD) and a set of Route Targets (RT). RTs control the import and export of routes
+// VRFSpec defines the basic structure of a Virtual Routing and Forwarding (VRF) instance/context. A single VRF instance
+// among different VRFs.
+type VRFSpec struct {
+	// DeviceName is a ref to the device owning this VRF. Device must exist in the same namespace as the VRF.
+	//
+	// +required
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=63
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="deviceName is immutable"
+	DeviceName string `json:"deviceName,omitempty"`
+
+	// Name defines the name of the VRF.
+	//
+	// +required
+	// +kubebuilder:validation:MaxLength=32
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:Pattern=`^[a-zA-Z0-9]+$`
+	Name *string `json:"name,omitempty"`
+
+	// AdminState defines the administrative state of the VRF.
+	//
+	// +required
+	// +kubebuilder:validation:Enum=Up;Down
+	AdminState *AdminState `json:"adminState,omitempty"`
+
+	// RD defines the Route Distinguisher (RD) for the VRF as per RFC 4364
+	//
+	// +kubebuilder:validation:Pattern=`^([0-9]+:[0-9]+|([0-9]{1,3}\.){3}[0-9]{1,3}:[0-9]+)$`
+	// +required
+	RD *string `json:"routeDistinguisher,omitempty"`
+
+	// RTs defines the list of Route Targets (RTs) associated with the VRF.
+	//
+	// +optional
+	RTs []RouteTarget `json:"routeTargets,omitempty"`
+
+	// TODO(nikatza): Discuss in weekly, depends on #30
+	// ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this VRF
+	// (e.g., a layer-3 VNI on cisco).
+	//
+	// +optional
+	// ProviderConfigRef *any `json:"providerConfigRef,omitempty"` // TODO: any is a placeholder until we discuss #30
+}
+
+// VRFStatus defines the observed state of VRF.
+type VRFStatus struct {
+	// The conditions are a list of status objects that describe the state of the D.
+	// +listType=map
+	// +listMapKey=type
+	// +patchStrategy=merge
+	// +patchMergeKey=type
+	// +optional
+	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:resource:path=vrfs
+// +kubebuilder:resource:singular=vrf
+// +kubebuilder:resource:shortName=vrf
+// +kubebuilder:printcolumn:name="VRF",type=string,JSONPath=`.spec.name`
+// +kubebuilder:printcolumn:name="Admin State",type=string,JSONPath=`.spec.adminState`
+// +kubebuilder:printcolumn:name="Device",type=string,JSONPath=`.spec.deviceName`
+// +kubebuilder:printcolumn:name="Ready",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].status`
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
+//
+// VRF is the Schema for the VRFs API
+type VRF struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty,omitzero"`
+
+	Spec   VRFSpec   `json:"spec,omitempty"`
+	Status VRFStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// VRFList contains a list of VRF
+type VRFList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []VRF `json:"items"`
+}
+
+// RouteTarget defines the structure for a single route target in a VRF. A RT is essentially an extended BGP
+// community used to control route import/export between VRFs. RTs may be also be associated with address
+// families (IPv4, IPv6), and might be also added to the EVPN via the ipv4-evpn and ipv6-evpn address families.
+type RouteTarget struct {
+	// Value specifies the Route Target (RT) value as per RFC 4364.
+	//
+	// +kubebuilder:validation:Pattern=`^([0-9]+:[0-9]+|([0-9]{1,3}\.){3}[0-9]{1,3}:[0-9]+)$`
+	Value string `json:"value,omitempty"`
+
+	// AddressFamily specifies the address families for the Route Target. Families ipv4-evpn and ipv6-evpn indicate
+	// that the RT should be applied to the EVPN contexts (see RFC 7432).
+	//
+	// +kubebuilder:validation:MinItems=1
+	AddressFamilies []AddressFamily `json:"addressFamilies,omitempty"`
+
+	// Action specifies how this RT should be used within the VRF.
+	//
+	// +kubebuilder:validation:Enum=none;import;export;both
+	Action RTAction `json:"action,omitempty"`
+}
+
+// +kubebuilder:validation:Enum=ipv4;ipv6;ipv4-evpn;ipv6-evpn
+type AddressFamily string
+
+const (
+	AddressFamilyIPv4     AddressFamily = "ipv4"
+	AddressFamilyIPv6     AddressFamily = "ipv6"
+	AddressFamilyIPv4EVPN AddressFamily = "ipv4-evpn"
+	AddressFamilyIPv6EVPN AddressFamily = "ipv6-evpn"
+)
+
+type RTAction string
+
+const (
+	RTNone   RTAction = "none"
+	RTImport RTAction = "import"
+	RTExport RTAction = "export"
+	RTBoth   RTAction = "both"
+)
+
+func init() {
+	SchemeBuilder.Register(&VRF{}, &VRFList{})
+}
+
+func (r *VRF) SetupWebhookWithManager(mgr ctrl.Manager) error {
+	return ctrl.NewWebhookManagedBy(mgr).
+		For(r).
+		Complete()
+}

api/v1alpha1/zz_generated.deepcopy.go

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.18.0
+    controller-gen.kubebuilder.io/version: v0.19.0
   name: devices.networking.cloud.sap
 spec:
   group: networking.cloud.sap

config/crd/bases/networking.cloud.sap_devices.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.18.0
+    controller-gen.kubebuilder.io/version: v0.19.0
   name: interfaces.networking.cloud.sap
 spec:
   group: networking.cloud.sap