[improvement] Select subnet for cluster (#677)

* Added NetworkSpec option for subnet name
* Added logic to select specific subnet by name
* Updated templates to have configurable IP CIDRs
* Doc updates for new fields and environment variables

Author: Andrews2024

api/v1alpha2/linodecluster_types.go

@@ -174,6 +174,9 @@ type NetworkSpec struct {
 	// additionalPorts contains list of ports to be configured with NodeBalancer.
 	// +optional
 	AdditionalPorts []LinodeNBPortConfig `json:"additionalPorts,omitempty"`
+	// subnetName is the name/label of the VPC subnet to be used by the cluster
+	// +optional
+	SubnetName string `json:"subnetName,omitempty"`
 
 	// UseVlan provisions a cluster that uses VLANs instead of VPCs. IPAM is managed internally.
 	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"

config/crd/bases/infrastructure.cluster.x-k8s.io_linodeclusters.yaml

@@ -170,6 +170,10 @@ spec:
                   nodeBalancerID:
                     description: NodeBalancerID is the id of NodeBalancer.
                     type: integer
+                  subnetName:
+                    description: subnetName is the name/label of the VPC subnet to
+                      be used by the cluster
+                    type: string
                   useVlan:
                     description: UseVlan provisions a cluster that uses VLANs instead
                       of VPCs. IPAM is managed internally.

config/crd/bases/infrastructure.cluster.x-k8s.io_linodeclustertemplates.yaml

@@ -164,6 +164,10 @@ spec:
                           nodeBalancerID:
                             description: NodeBalancerID is the id of NodeBalancer.
                             type: integer
+                          subnetName:
+                            description: subnetName is the name/label of the VPC subnet
+                              to be used by the cluster
+                            type: string
                           useVlan:
                             description: UseVlan provisions a cluster that uses VLANs
                               instead of VPCs. IPAM is managed internally.

docs/src/reference/out.md

@@ -1120,6 +1120,7 @@ _Appears in:_
 | `nodeBalancerFirewallID` _integer_ | NodeBalancerFirewallID is the id of NodeBalancer Firewall. |  |  |
 | `apiserverNodeBalancerConfigID` _integer_ | apiserverNodeBalancerConfigID is the config ID of api server NodeBalancer config. |  |  |
 | `additionalPorts` _[LinodeNBPortConfig](#linodenbportconfig) array_ | additionalPorts contains list of ports to be configured with NodeBalancer. |  |  |
+| `subnetName` _string_ | subnetName is the name/label of the VPC subnet to be used by the cluster |  |  |
 | `useVlan` _boolean_ | UseVlan provisions a cluster that uses VLANs instead of VPCs. IPAM is managed internally. |  |  |
 
 

docs/src/topics/vpc.md

@@ -61,6 +61,11 @@ spec:
 
 Reference to LinodeVPC object is added to LinodeCluster object which then uses the specified VPC to provision resources.
 
+### Additional Configuration
+By default, the VPC will use the subnet with the `default` label for deploying clusters. To modify this behavior, set the `SUBNET_NAME` environment variable to match the label of the subnet to be used. Make sure the subnet is set up in the LinodeVPC manifest.
+
+Additionally, the `VPC_NETWORK_CIDR` and `K8S_CLUSTER_CIDR` environment variables can be used to change which CIDR blocks are used by the VPC and its clusters. `VPC_NETWORK_CIDR` designates the range used by the VPC, while `K8S_CLUSTER_CIDR` designates the range used by clusters for nodes. The `K8S_CLUSTER_CIDR` should be within the `VPC_NETWORK_CIDR`.
+
 ## Troubleshooting
 ### If pod-to-pod connectivity is failing
 If a pod can't ping pod ips on different node, check and make sure pod CIDRs are added to ip_ranges of VPC interface.

internal/controller/linodemachine_controller_helpers.go

@@ -431,7 +431,24 @@ func getVPCInterfaceConfig(ctx context.Context, machineScope *scope.MachineScope
 		return nil, errors.New("failed to find subnet")
 	}
 
-	subnetID := linodeVPC.Spec.Subnets[0].SubnetID
+	var subnetID int
+
+	subnetName := machineScope.LinodeCluster.Spec.Network.SubnetName // name of subnet to use
+
+	if subnetName != "" {
+		for _, subnet := range linodeVPC.Spec.Subnets {
+			if subnet.Label == subnetName {
+				subnetID = subnet.SubnetID
+			}
+		}
+
+		if subnetID == 0 {
+			logger.Info("Failed to fetch subnet ID for specified subnet name")
+		}
+	} else {
+		subnetID = linodeVPC.Spec.Subnets[0].SubnetID // get first subnet if nothing specified
+	}
+
 	if subnetID == 0 {
 		return nil, errors.New("failed to find subnet as subnet id set is 0")
 	}

internal/controller/linodemachine_controller_test.go

@@ -1985,6 +1985,7 @@ var _ = Describe("machine in VPC", Label("machine", "VPC"), Ordered, func() {
 				DNSRootDomain:       "lkedevs.net",
 				DNSUniqueIdentifier: "abc123",
 				DNSTTLSec:           30,
+				SubnetName:          "test",
 			},
 			VPCRef: &corev1.ObjectReference{
 				Namespace: "default",
@@ -2219,6 +2220,83 @@ var _ = Describe("machine in VPC", Label("machine", "VPC"), Ordered, func() {
 				Primary: true,
 			}}))
 	})
+	It("creates an instance with vpc with a specific subnet", func(ctx SpecContext) {
+		linodeMachine := infrav1alpha2.LinodeMachine{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "mock",
+				Namespace: defaultNamespace,
+				UID:       "12345",
+			},
+			Spec: infrav1alpha2.LinodeMachineSpec{
+				ProviderID: ptr.To("linode://0"),
+				Type:       "g6-nanode-1",
+				Interfaces: []infrav1alpha2.InstanceConfigInterfaceCreateOptions{
+					{
+						Primary: true,
+					},
+				},
+			},
+			Status: infrav1alpha2.LinodeMachineStatus{
+				CloudinitMetadataSupport: true,
+			},
+		}
+		mockLinodeClient := mock.NewMockLinodeClient(mockCtrl)
+		mockLinodeClient.EXPECT().
+			ListVPCs(ctx, gomock.Any()).
+			Return([]linodego.VPC{}, nil)
+		mockLinodeClient.EXPECT().
+			CreateVPC(ctx, gomock.Any()).
+			Return(&linodego.VPC{ID: 1, Subnets: []linodego.VPCSubnet{{
+				ID:    1,
+				Label: "primary",
+				IPv4:  "192.16.0.0/24",
+			},
+				{
+					ID:    27,
+					Label: "test",
+					IPv4:  "10.0.0.0/24",
+				},
+			}}, nil)
+		helper, err := patch.NewHelper(&linodeVPC, k8sClient)
+		Expect(err).NotTo(HaveOccurred())
+
+		_, err = lvpcReconciler.reconcile(ctx, logger, &scope.VPCScope{
+			PatchHelper:  helper,
+			Client:       k8sClient,
+			LinodeClient: mockLinodeClient,
+			LinodeVPC:    &linodeVPC,
+		})
+
+		Expect(err).NotTo(HaveOccurred())
+
+		mScope := scope.MachineScope{
+			Client:        k8sClient,
+			LinodeClient:  mockLinodeClient,
+			Cluster:       &cluster,
+			Machine:       &machine,
+			LinodeCluster: &linodeCluster,
+			LinodeMachine: &linodeMachine,
+		}
+
+		patchHelper, err := patch.NewHelper(mScope.LinodeMachine, k8sClient)
+		Expect(err).NotTo(HaveOccurred())
+		mScope.PatchHelper = patchHelper
+
+		createOpts, err := newCreateConfig(ctx, &mScope, gzipCompressionFlag, logger)
+		Expect(err).NotTo(HaveOccurred())
+		Expect(createOpts).NotTo(BeNil())
+		Expect(createOpts.Interfaces).To(Equal([]linodego.InstanceConfigInterfaceCreateOptions{
+			{
+				Purpose:  linodego.InterfacePurposeVPC,
+				Primary:  true,
+				SubnetID: ptr.To(27),
+				IPv4:     &linodego.VPCIPv4{NAT1To1: ptr.To("any")},
+			},
+			{
+				Primary: true,
+			},
+		}))
+	})
 })
 
 var _ = Describe("machine in vlan", Label("machine", "vlan"), Ordered, func() {

templates/addons/ccm-linode/ccm-linode.yaml

@@ -17,7 +17,7 @@ spec:
   valuesTemplate: |
     routeController:
       vpcNames: {{ .InfraCluster.spec.vpcRef.name }}
-      clusterCIDR: 10.0.0.0/8
+      clusterCIDR: ${VPC_NETWORK_CIDR:=10.0.0.0/8}
       configureCloudRoutes: true
     secretRef:
       name: "linode-token-region"

templates/addons/cilium/cilium.yaml

@@ -19,7 +19,7 @@ spec:
       enabled: true
     routingMode: native
     kubeProxyReplacement: true
-    ipv4NativeRoutingCIDR: 10.0.0.0/8
+    ipv4NativeRoutingCIDR: ${VPC_NETWORK_CIDR:=10.0.0.0/8}
     tunnelProtocol: ""
     enableIPv4Masquerade: true
     policyAuditMode: ${FW_AUDIT_ONLY:=true}

templates/flavors/clusterclass-kubeadm/cluster-template.yaml

@@ -10,7 +10,7 @@ spec:
   clusterNetwork:
     pods:
       cidrBlocks:
-        - 10.192.0.0/10
+        - ${K8S_CLUSTER_CIDR:=10.192.0.0/10}
   topology:
     class: kubeadm
     version: ${KUBERNETES_VERSION}