Add support for Shared VPC Networking

barbacbd · barbacbd · commit f257382ac5a3 · 2024-05-28T14:37:32.000-04:00
This is an update to the stale PR #991 ** Added support for Host Project for a shared VPC in the Network struct. ** Network Resources will now use the host project name if exists, otherwise the normal project. ** Update the cluster getter interface to include the NetworkProject and Indicator for a shared VPC. ** Update reconcilers for girewall rules, subnets and network. ** Update the services to use the host project for resources when a shared vpc is used.
diff --git a/api/v1beta1/types.go b/api/v1beta1/types.go
@@ -112,6 +112,10 @@ type NetworkSpec struct {
 	// Allow for configuration of load balancer backend (useful for changing apiserver port)
 	// +optional
 	LoadBalancerBackendPort *int32 `json:"loadBalancerBackendPort,omitempty"`
+
+	// HostProject is the name of the project hosting the shared VPC network resources.
+	// +optional
+	HostProject *string `json:"hostProject,omitempty"`
 }
 
 // LoadBalancerSpec contains configuration for one or more LoadBalancers.
diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
diff --git a/cloud/interfaces.go b/cloud/interfaces.go
@@ -46,6 +46,7 @@ type ReconcilerWithResult interface {
 // Client is an interface which can get cloud client.
 type Client interface {
 	Cloud() Cloud
+	NetworkCloud() Cloud
 }
 
 // ClusterGetter is an interface which can get cluster information.
@@ -56,6 +57,8 @@ type ClusterGetter interface {
 	Name() string
 	Namespace() string
 	NetworkName() string
+	NetworkProject() string
+	IsSharedVpc() bool
 	Network() *infrav1.Network
 	AdditionalLabels() infrav1.Labels
 	FailureDomains() clusterv1.FailureDomains
diff --git a/cloud/scope/cluster.go b/cloud/scope/cluster.go
@@ -90,11 +90,27 @@ func (s *ClusterScope) Cloud() cloud.Cloud {
 	return newCloud(s.Project(), s.GCPServices)
 }
 
+// NetworkCloud returns initialized cloud.
+func (s *ClusterScope) NetworkCloud() cloud.Cloud {
+	return newCloud(s.NetworkProject(), s.GCPServices)
+}
+
 // Project returns the current project name.
 func (s *ClusterScope) Project() string {
 	return s.GCPCluster.Spec.Project
 }
 
+// NetworkProject returns the project name where network resources should exist.
+// The network project defaults to the Project when one is not supplied.
+func (s *ClusterScope) NetworkProject() string {
+	return ptr.Deref(s.GCPCluster.Spec.Network.HostProject, s.Project())
+}
+
+// IsSharedVpc returns true If sharedVPC used else , returns false.
+func (s *ClusterScope) IsSharedVpc() bool {
+	return s.NetworkProject() != s.Project()
+}
+
 // Region returns the cluster region.
 func (s *ClusterScope) Region() string {
 	return s.GCPCluster.Spec.Region
@@ -117,7 +133,7 @@ func (s *ClusterScope) NetworkName() string {
 
 // NetworkLink returns the partial URL for the network.
 func (s *ClusterScope) NetworkLink() string {
-	return fmt.Sprintf("projects/%s/global/networks/%s", s.Project(), s.NetworkName())
+	return fmt.Sprintf("projects/%s/global/networks/%s", s.NetworkProject(), s.NetworkName())
 }
 
 // Network returns the cluster network object.
diff --git a/cloud/scope/machine.go b/cloud/scope/machine.go
@@ -94,6 +94,11 @@ func (m *MachineScope) Cloud() cloud.Cloud {
 	return m.ClusterGetter.Cloud()
 }
 
+// NetworkCloud returns initialized network cloud.
+func (m *MachineScope) NetworkCloud() cloud.Cloud {
+	return m.ClusterGetter.NetworkCloud()
+}
+
 // Zone returns the FailureDomain for the GCPMachine.
 func (m *MachineScope) Zone() string {
 	if m.Machine.Spec.FailureDomain == nil {
@@ -319,7 +324,7 @@ func (m *MachineScope) InstanceAdditionalDiskSpec() []*compute.AttachedDisk {
 // InstanceNetworkInterfaceSpec returns compute network interface spec.
 func (m *MachineScope) InstanceNetworkInterfaceSpec() *compute.NetworkInterface {
 	networkInterface := &compute.NetworkInterface{
-		Network: path.Join("projects", m.ClusterGetter.Project(), "global", "networks", m.ClusterGetter.NetworkName()),
+		Network: path.Join("projects", m.ClusterGetter.NetworkProject(), "global", "networks", m.ClusterGetter.NetworkName()),
 	}
 
 	if m.GCPMachine.Spec.PublicIP != nil && *m.GCPMachine.Spec.PublicIP {
@@ -332,7 +337,7 @@ func (m *MachineScope) InstanceNetworkInterfaceSpec() *compute.NetworkInterface
 	}
 
 	if m.GCPMachine.Spec.Subnet != nil {
-		networkInterface.Subnetwork = path.Join("regions", m.ClusterGetter.Region(), "subnetworks", *m.GCPMachine.Spec.Subnet)
+		networkInterface.Subnetwork = path.Join("projects", m.ClusterGetter.NetworkProject(), "regions", m.ClusterGetter.Region(), "subnetworks", *m.GCPMachine.Spec.Subnet)
 	}
 
 	return networkInterface
diff --git a/cloud/scope/managedcluster.go b/cloud/scope/managedcluster.go
@@ -93,6 +93,11 @@ func (s *ManagedClusterScope) Cloud() cloud.Cloud {
 	return newCloud(s.Project(), s.GCPServices)
 }
 
+// NetworkCloud returns initialized cloud.
+func (s *ManagedClusterScope) NetworkCloud() cloud.Cloud {
+	return newCloud(s.NetworkProject(), s.GCPServices)
+}
+
 // Project returns the current project name.
 func (s *ManagedClusterScope) Project() string {
 	return s.GCPManagedCluster.Spec.Project
@@ -118,9 +123,20 @@ func (s *ManagedClusterScope) NetworkName() string {
 	return ptr.Deref(s.GCPManagedCluster.Spec.Network.Name, "default")
 }
 
+// NetworkProject returns the project name where network resources should exist.
+// The network project defaults to the Project when one is not supplied.
+func (s *ManagedClusterScope) NetworkProject() string {
+	return ptr.Deref(s.GCPManagedCluster.Spec.Network.HostProject, s.Project())
+}
+
+// IsSharedVpc returns true If sharedVPC used else , returns false.
+func (s *ManagedClusterScope) IsSharedVpc() bool {
+	return s.NetworkProject() != s.Project()
+}
+
 // NetworkLink returns the partial URL for the network.
 func (s *ManagedClusterScope) NetworkLink() string {
-	return fmt.Sprintf("projects/%s/global/networks/%s", s.Project(), s.NetworkName())
+	return fmt.Sprintf("projects/%s/global/networks/%s", s.NetworkProject(), s.NetworkName())
 }
 
 // Network returns the cluster network object.
diff --git a/cloud/services/compute/firewalls/reconcile.go b/cloud/services/compute/firewalls/reconcile.go
@@ -28,6 +28,10 @@ import (
 // Reconcile reconcile cluster firewall compoenents.
 func (s *Service) Reconcile(ctx context.Context) error {
 	log := log.FromContext(ctx)
+	if s.scope.IsSharedVpc() {
+		log.V(2).Info("Shared VPC enabled. Ignore Reconciling firewall resources")
+		return nil
+	}
 	log.Info("Reconciling firewall resources")
 	for _, spec := range s.scope.FirewallRulesSpec() {
 		log.V(2).Info("Looking firewall", "name", spec.Name)
@@ -50,6 +54,10 @@ func (s *Service) Reconcile(ctx context.Context) error {
 // Delete delete cluster firewall compoenents.
 func (s *Service) Delete(ctx context.Context) error {
 	log := log.FromContext(ctx)
+	if s.scope.IsSharedVpc() {
+		log.V(2).Info("Shared VPC enabled. Ignore Deleting firewall resources")
+		return nil
+	}
 	log.Info("Deleting firewall resources")
 	for _, spec := range s.scope.FirewallRulesSpec() {
 		log.V(2).Info("Deleting firewall", "name", spec.Name)
diff --git a/cloud/services/compute/networks/reconcile.go b/cloud/services/compute/networks/reconcile.go
@@ -54,6 +54,12 @@ func (s *Service) Reconcile(ctx context.Context) error {
 // Delete delete cluster network components.
 func (s *Service) Delete(ctx context.Context) error {
 	log := log.FromContext(ctx)
+	if s.scope.IsSharedVpc() {
+		log.V(2).Info("Shared VPC enabled. Ignore Deleting network resources")
+		s.scope.Network().Router = nil
+		s.scope.Network().SelfLink = nil
+		return nil
+	}
 	log.Info("Deleting network resources")
 	networkKey := meta.GlobalKey(s.scope.NetworkName())
 	log.V(2).Info("Looking for network before deleting", "name", networkKey)
@@ -104,6 +110,11 @@ func (s *Service) createOrGetNetwork(ctx context.Context) (*compute.Network, err
 			return nil, err
 		}
 
+		if s.scope.IsSharedVpc() {
+			log.Error(err, "Shared VPC is enabled, but could not find existing network", "name", s.scope.NetworkName())
+			return nil, err
+		}
+
 		log.V(2).Info("Creating a network", "name", s.scope.NetworkName())
 		if err := s.networks.Insert(ctx, networkKey, s.scope.NetworkSpec()); err != nil {
 			log.Error(err, "Error creating a network", "name", s.scope.NetworkName())
@@ -132,6 +143,11 @@ func (s *Service) createOrGetRouter(ctx context.Context, network *compute.Networ
 			return nil, err
 		}
 
+		if s.scope.IsSharedVpc() {
+			log.Error(err, "Shared VPC is enabled, but could not find existing router", "name", routerKey)
+			return nil, err
+		}
+
 		spec.Network = network.SelfLink
 		spec.Description = infrav1.ClusterTagKey(s.scope.Name())
 		log.V(2).Info("Creating a cloudnat router", "name", spec.Name)
diff --git a/cloud/services/compute/networks/service.go b/cloud/services/compute/networks/service.go
@@ -56,9 +56,14 @@ var _ cloud.Reconciler = &Service{}
 
 // New returns Service from given scope.
 func New(scope Scope) *Service {
+	scopeCloud := scope.Cloud()
+	if scope.IsSharedVpc() {
+		scopeCloud = scope.NetworkCloud()
+	}
+
 	return &Service{
 		scope:    scope,
-		networks: scope.Cloud().Networks(),
-		routers:  scope.Cloud().Routers(),
+		networks: scopeCloud.Networks(),
+		routers:  scopeCloud.Routers(),
 	}
 }
diff --git a/cloud/services/compute/subnets/reconcile.go b/cloud/services/compute/subnets/reconcile.go
@@ -44,6 +44,10 @@ func (s *Service) Reconcile(ctx context.Context) error {
 // Delete deletes cluster subnetwork components.
 func (s *Service) Delete(ctx context.Context) error {
 	logger := log.FromContext(ctx)
+	if s.scope.IsSharedVpc() {
+		logger.V(2).Info("Shared VPC enabled. Skip deleting subnet resources")
+		return nil
+	}
 	for _, subnetSpec := range s.scope.SubnetSpecs() {
 		subnetKey := meta.RegionalKey(subnetSpec.Name, s.getSubnetRegion(subnetSpec))
 		logger.V(2).Info("Looking for subnet before deleting it", "name", subnetSpec.Name)
@@ -89,6 +93,11 @@ func (s *Service) createOrGetSubnets(ctx context.Context) ([]*compute.Subnetwork
 				return subnets, err
 			}
 
+			if s.scope.IsSharedVpc() {
+				logger.Error(err, "Shared VPC is enabled, but could not find existing subnetwork", "name", subnetSpec.Name)
+				return nil, err
+			}
+
 			// Subnet was not found, let's create it
 			logger.V(2).Info("Creating a subnet", "name", subnetSpec.Name)
 			if err := s.subnets.Insert(ctx, subnetKey, subnetSpec); err != nil {
diff --git a/cloud/services/compute/subnets/service.go b/cloud/services/compute/subnets/service.go
@@ -48,8 +48,13 @@ var _ cloud.Reconciler = &Service{}
 
 // New returns Service from given scope.
 func New(scope Scope) *Service {
+	cloudScope := scope.Cloud()
+	if scope.IsSharedVpc() {
+		cloudScope = scope.NetworkCloud()
+	}
+
 	return &Service{
 		scope:   scope,
-		subnets: scope.Cloud().Subnetworks(),
+		subnets: cloudScope.Subnetworks(),
 	}
 }
diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpclusters.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpclusters.yaml
@@ -136,6 +136,10 @@ spec:
 
                       Defaults to true.
                     type: boolean
+                  hostProject:
+                    description: HostProject is the name of the project hosting the
+                      shared VPC network resources.
+                    type: string
                   loadBalancerBackendPort:
                     description: Allow for configuration of load balancer backend
                       (useful for changing apiserver port)
diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpclustertemplates.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpclustertemplates.yaml
@@ -153,6 +153,10 @@ spec:
 
                               Defaults to true.
                             type: boolean
+                          hostProject:
+                            description: HostProject is the name of the project hosting
+                              the shared VPC network resources.
+                            type: string
                           loadBalancerBackendPort:
                             description: Allow for configuration of load balancer
                               backend (useful for changing apiserver port)
diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpmanagedclusters.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpmanagedclusters.yaml
@@ -132,6 +132,10 @@ spec:
 
                       Defaults to true.
                     type: boolean
+                  hostProject:
+                    description: HostProject is the name of the project hosting the
+                      shared VPC network resources.
+                    type: string
                   loadBalancerBackendPort:
                     description: Allow for configuration of load balancer backend
                       (useful for changing apiserver port)

Original file line number	Diff line number	Diff line change
`@@ -94,6 +94,11 @@ func (m *MachineScope) Cloud() cloud.Cloud {`
`94`	`94`	`return m.ClusterGetter.Cloud()`
`95`	`95`	`}`
`96`	`96`
	`97`	`+// NetworkCloud returns initialized network cloud.`
	`98`	`+func (m *MachineScope) NetworkCloud() cloud.Cloud {`
	`99`	`+ return m.ClusterGetter.NetworkCloud()`
	`100`	`+}`
	`101`	`+`
`97`	`102`	`// Zone returns the FailureDomain for the GCPMachine.`
`98`	`103`	`func (m *MachineScope) Zone() string {`
`99`	`104`	`if m.Machine.Spec.FailureDomain == nil {`
`@@ -319,7 +324,7 @@ func (m MachineScope) InstanceAdditionalDiskSpec() []compute.AttachedDisk {`
`319`	`324`	`// InstanceNetworkInterfaceSpec returns compute network interface spec.`
`320`	`325`	`func (m MachineScope) InstanceNetworkInterfaceSpec() compute.NetworkInterface {`
`321`	`326`	`networkInterface := &compute.NetworkInterface{`
`322`		`- Network: path.Join("projects", m.ClusterGetter.Project(), "global", "networks", m.ClusterGetter.NetworkName()),`
	`327`	`+ Network: path.Join("projects", m.ClusterGetter.NetworkProject(), "global", "networks", m.ClusterGetter.NetworkName()),`
`323`	`328`	`}`
`324`	`329`
`325`	`330`	`if m.GCPMachine.Spec.PublicIP != nil && *m.GCPMachine.Spec.PublicIP {`
`@@ -332,7 +337,7 @@ func (m MachineScope) InstanceNetworkInterfaceSpec() compute.NetworkInterface`
`332`	`337`	`}`
`333`	`338`
`334`	`339`	`if m.GCPMachine.Spec.Subnet != nil {`
`335`		`- networkInterface.Subnetwork = path.Join("regions", m.ClusterGetter.Region(), "subnetworks", *m.GCPMachine.Spec.Subnet)`
	`340`	`+ networkInterface.Subnetwork = path.Join("projects", m.ClusterGetter.NetworkProject(), "regions", m.ClusterGetter.Region(), "subnetworks", *m.GCPMachine.Spec.Subnet)`
`336`	`341`	`}`
`337`	`342`
`338`	`343`	`return networkInterface`