feat: define CRDs for VRF type

A VRF is composed by a single route distinguisher (RD), and a set of
route targets (RTs). This set might be empty. Each route target is
composed by the address families it affects and an action for it (e.g.,
import or export). The ipv4-evpn and ipv6-evpn will apply the route
target actions to the EVPN context of the device.

Author: nikatza

PROJECT

@@ -28,4 +28,13 @@ resources:
   kind: Device
   path: github.com/ironcore-dev/network-operator/api/v1alpha1
   version: v1alpha1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: cloud.sap
+  group: networking
+  kind: VRF
+  path: github.com/ironcore-dev/network-operator/api/v1alpha1
+  version: v1alpha1
 version: "3"

api/v1alpha1/vrf_types.go

@@ -0,0 +1,145 @@
+// SPDX-FileCopyrightText: 2025 SAP SE or an SAP affiliate company and IronCore contributors
+// SPDX-License-Identifier: Apache-2.0
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	ctrl "sigs.k8s.io/controller-runtime"
+)
+
+// VRFSpec defines the basic structure of a Virtual Routing and Forwarding (VRF) instance/context. A VRF has one single Route
+// Distinguisher (RD) and a set of Route Targets (RTs), which can be empty. RTs control the import and export of routes among
+//
+//	different VRFs.
+type VRFSpec struct {
+	// DeviceName is a ref to the device owning this VRF. Device must exist in the same namespace as the VRF.
+	//
+	// +required
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=63
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="deviceName is immutable"
+	DeviceName string `json:"deviceName,omitempty"`
+
+	// Name defines the name of the VRF.
+	//
+	// +required
+	// +kubebuilder:validation:MaxLength=32
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:Pattern=`^[a-zA-Z0-9]+$`
+	Name string `json:"name,omitempty"`
+
+	// AdminState defines the administrative state of the VRF.
+	//
+	// +required
+	// +kubebuilder:validation:Enum=Up;Down
+	AdminState AdminState `json:"adminState,omitempty"`
+
+	// RD defines the Route Distinguisher (RD) for the VRF as per RFC 4364
+	//
+	// +kubebuilder:validation:Pattern=`^([0-9]+:[0-9]+|([0-9]{1,3}\.){3}[0-9]{1,3}:[0-9]+)$`
+	// +required
+	RD string `json:"routeDistinguisher,omitempty"`
+
+	// RTs defines the list of Route Targets (RTs) associated with the VRF.
+	//
+	// +optional
+	RTs []RouteTarget `json:"routeTargets,omitempty"`
+
+	// TODO(nikatza): Discuss in weekly, depends on #30
+	// ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this VRF
+	// (e.g., a layer-3 VNI on cisco).
+	//
+	// +optional
+	// ProviderConfigRef *any `json:"providerConfigRef,omitempty"` // TODO: any is a placeholder until we discuss #30
+}
+
+// VRFStatus defines the observed state of VRF.
+type VRFStatus struct {
+	// The conditions are a list of status objects that describe the state of the D.
+	// +listType=map
+	// +listMapKey=type
+	// +patchStrategy=merge
+	// +patchMergeKey=type
+	// +optional
+	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:resource:path=vrfs
+// +kubebuilder:resource:singular=vrf
+// +kubebuilder:resource:shortName=vrf
+// +kubebuilder:printcolumn:name="VRF",type=string,JSONPath=`.spec.name`
+// +kubebuilder:printcolumn:name="Admin State",type=string,JSONPath=`.spec.adminState`
+// +kubebuilder:printcolumn:name="Device",type=string,JSONPath=`.spec.deviceName`
+// +kubebuilder:printcolumn:name="Ready",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].status`
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
+//
+// VRF is the Schema for the VRFs API
+type VRF struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty,omitzero"`
+
+	Spec   VRFSpec   `json:"spec,omitempty"`
+	Status VRFStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// VRFList contains a list of VRF
+type VRFList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []VRF `json:"items"`
+}
+
+// RouteTarget defines the structure for a single route target in a VRF. A RT is essentially an extended BGP
+// community used to control route import/export between VRFs. RTs may be also be associated with address
+// families (IPv4, IPv6), and might be also added to the EVPN via the ipv4-evpn and ipv6-evpn address families.
+type RouteTarget struct {
+	// Value specifies the Route Target (RT) value as per RFC 4364.
+	//
+	// +kubebuilder:validation:Pattern=`^([0-9]+:[0-9]+|([0-9]{1,3}\.){3}[0-9]{1,3}:[0-9]+)$`
+	Value string `json:"value,omitempty"`
+
+	// AddressFamily specifies the address families for the Route Target. Families ipv4-evpn and ipv6-evpn indicate
+	// that the RT should be applied to the EVPN contexts (see RFC 7432).
+	//
+	// +kubebuilder:validation:MinItems=1
+	AddressFamilies []AddressFamily `json:"addressFamilies,omitempty"`
+
+	// Action specifies how this RT should be used within the VRF.
+	//
+	// +kubebuilder:validation:Enum=none;import;export;both
+	Action RTAction `json:"action,omitempty"`
+}
+
+// +kubebuilder:validation:Enum=ipv4;ipv6;ipv4-evpn;ipv6-evpn
+type AddressFamily string
+
+const (
+	AddressFamilyIPv4     AddressFamily = "ipv4"
+	AddressFamilyIPv6     AddressFamily = "ipv6"
+	AddressFamilyIPv4EVPN AddressFamily = "ipv4-evpn"
+	AddressFamilyIPv6EVPN AddressFamily = "ipv6-evpn"
+)
+
+type RTAction string
+
+const (
+	RTNone   RTAction = "none"
+	RTImport RTAction = "import"
+	RTExport RTAction = "export"
+	RTBoth   RTAction = "both"
+)
+
+func init() {
+	SchemeBuilder.Register(&VRF{}, &VRFList{})
+}
+
+func (r *VRF) SetupWebhookWithManager(mgr ctrl.Manager) error {
+	return ctrl.NewWebhookManagedBy(mgr).
+		For(r).
+		Complete()
+}

api/v1alpha1/zz_generated.deepcopy.go

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.18.0
+    controller-gen.kubebuilder.io/version: v0.19.0
   name: devices.networking.cloud.sap
 spec:
   group: networking.cloud.sap

config/crd/bases/networking.cloud.sap_devices.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.18.0
+    controller-gen.kubebuilder.io/version: v0.19.0
   name: interfaces.networking.cloud.sap
 spec:
   group: networking.cloud.sap