feat: optional node network

Author: vknabel

api/v1alpha1/metalstackcluster_types.go

@@ -37,6 +37,7 @@ const (
 	ClusterControlPlaneEndpointDefaultPort = 443
 
 	ClusterPaused                clusterv1.ConditionType = clusterv1.PausedV1Beta2Condition
+	ClusterNodeNetworkEnsured    clusterv1.ConditionType = "ClusterNodeNetworkEnsured"
 	ClusterControlPlaneIPEnsured clusterv1.ConditionType = "ClusterControlPlaneIPEnsured"
 )
 
@@ -57,7 +58,9 @@ type MetalStackClusterSpec struct {
 	ProjectID string `json:"projectID"`
 
 	// NodeNetworkID is the network ID in metal-stack in which the worker nodes and the firewall of the cluster are placed.
-	NodeNetworkID string `json:"nodeNetworkID"`
+	// If not provided this will automatically be acquired during reconcile.
+	// +optional
+	NodeNetworkID *string `json:"nodeNetworkID,omitempty"`
 
 	// ControlPlaneIP is the ip address in metal-stack on which the control plane will be exposed.
 	// If this ip and the control plane endpoint are not provided, an ephemeral ip will automatically be acquired during reconcile.
@@ -153,6 +156,6 @@ func (c *MetalStackCluster) SetConditions(conditions clusterv1.Conditions) {
 	c.Status.Conditions = conditions
 }
 
-func (c *MetalStackCluster) GetClusterID() string {
+func (c *MetalStackCluster) GetClusterName() string {
 	return fmt.Sprintf("%s.%s", c.GetNamespace(), c.GetName())
 }

api/v1alpha1/metalstackcluster_types_test.go

@@ -17,7 +17,7 @@ var _ = Describe("MetalStackCluster", func() {
 			},
 		}
 
-		clusterID := cluster.GetClusterID()
+		clusterID := cluster.GetClusterName()
 		Expect(utilvalidation.IsValidLabelValue(clusterID)).To(BeEmpty())
 	})
 
@@ -29,7 +29,7 @@ var _ = Describe("MetalStackCluster", func() {
 			},
 		}
 
-		clusterID := cluster.GetClusterID()
+		clusterID := cluster.GetClusterName()
 		Expect(clusterID).To(Equal("some-namespace.my-cluster"))
 	})
 })

api/v1alpha1/zz_generated.deepcopy.go

@@ -31,7 +31,7 @@ metadata:
 spec:
   projectID: ${METAL_PROJECT_ID}
   partition: ${METAL_PARTITION}
-  nodeNetworkID: ${METAL_NODE_NETWORK_ID}
+  nodeNetworkID: ${METAL_NODE_NETWORK_ID:=null}
   controlPlaneIP: ${CONTROL_PLANE_IP}
   firewallDeploymentRef:
     name: ${CLUSTER_NAME}

config/clusterctl-templates/cluster-template-calico-lab.yaml

@@ -31,7 +31,7 @@ metadata:
 spec:
   projectID: ${METAL_PROJECT_ID}
   partition: ${METAL_PARTITION}
-  nodeNetworkID: ${METAL_NODE_NETWORK_ID}
+  nodeNetworkID: ${METAL_NODE_NETWORK_ID:=null}
   controlPlaneIP: ${CONTROL_PLANE_IP}
   firewallDeploymentRef:
     name: ${CLUSTER_NAME}

config/clusterctl-templates/cluster-template-calico.yaml

@@ -27,7 +27,7 @@ metadata:
 spec:
   projectID: ${METAL_PROJECT_ID}
   partition: ${METAL_PARTITION}
-  nodeNetworkID: ${METAL_NODE_NETWORK_ID}
+  nodeNetworkID: ${METAL_NODE_NETWORK_ID:=null}
   controlPlaneIP: ${CONTROL_PLANE_IP}
   firewallDeploymentRef:
     name: ${CLUSTER_NAME}

config/clusterctl-templates/cluster-template-pre-v1.33.yaml

@@ -27,7 +27,7 @@ metadata:
 spec:
   projectID: ${METAL_PROJECT_ID}
   partition: ${METAL_PARTITION}
-  nodeNetworkID: ${METAL_NODE_NETWORK_ID}
+  nodeNetworkID: ${METAL_NODE_NETWORK_ID:=null}
   controlPlaneIP: ${CONTROL_PLANE_IP}
   firewallDeploymentRef:
     name: ${CLUSTER_NAME}

config/clusterctl-templates/cluster-template.yaml

@@ -104,8 +104,9 @@ spec:
                 - name
                 type: object
               nodeNetworkID:
-                description: NodeNetworkID is the network ID in metal-stack in which
-                  the worker nodes and the firewall of the cluster are placed.
+                description: |-
+                  NodeNetworkID is the network ID in metal-stack in which the worker nodes and the firewall of the cluster are placed.
+                  If not provided this will automatically be acquired during reconcile.
                 type: string
               partition:
                 description: Partition is the data center partition in which the resources
@@ -116,7 +117,6 @@ spec:
                   in which the associated metal-stack resources are created.
                 type: string
             required:
-            - nodeNetworkID
             - partition
             - projectID
             type: object

config/crd/bases/infrastructure.cluster.x-k8s.io_metalstackclusters.yaml

@@ -303,6 +303,16 @@ func (r *MetalStackClusterReconciler) metalStackFirewallToMetalStackCluster(log
 }
 
 func (r *clusterReconciler) reconcile() error {
+	nodeNetworkID, err := r.ensureNodeNetwork()
+	if err != nil {
+		conditions.MarkFalse(r.infraCluster, v1alpha1.ClusterNodeNetworkEnsured, "InternalError", clusterv1.ConditionSeverityError, "%s", err.Error())
+		return fmt.Errorf("unable to ensure node network: %w", err)
+	}
+	conditions.MarkTrue(r.infraCluster, v1alpha1.ClusterNodeNetworkEnsured)
+	r.infraCluster.Spec.NodeNetworkID = &nodeNetworkID
+
+	r.log.Info("reconciled node network", "network-id", nodeNetworkID)
+
 	if r.infraCluster.Spec.FirewallDeploymentRef != nil {
 		err := r.ensureFirewallDeployment()
 		if err != nil {
@@ -360,12 +370,53 @@ func (r *clusterReconciler) delete() error {
 	}
 	r.infraCluster.Spec.ControlPlaneIP = nil
 
+	err = r.deleteNodeNetwork()
+	if err != nil {
+		return fmt.Errorf("unable to delete node network: %w", err)
+	}
+	r.infraCluster.Spec.NodeNetworkID = nil
+
 	r.log.Info("deletion finished, removing finalizer")
 	controllerutil.RemoveFinalizer(r.infraCluster, v1alpha1.ClusterFinalizer)
 
 	return err
 }
 
+func (r *clusterReconciler) ensureNodeNetwork() (string, error) {
+	if r.infraCluster.Spec.NodeNetworkID != nil {
+		return *r.infraCluster.Spec.NodeNetworkID, nil
+	}
+
+	resp, err := r.metalClient.Network().AllocateNetwork(network.NewAllocateNetworkParams().WithBody(&models.V1NetworkAllocateRequest{
+		Projectid:   r.infraCluster.Spec.ProjectID,
+		Partitionid: r.infraCluster.Spec.Partition,
+		Name:        r.infraCluster.GetName(),
+		Description: fmt.Sprintf("%s/%s", r.infraCluster.GetNamespace(), r.infraCluster.GetName()),
+		Labels: map[string]string{
+			v1alpha1.TagInfraClusterResource: r.infraCluster.GetClusterName(),
+		},
+	}).WithContext(r.ctx), nil)
+	if err != nil {
+		return "", fmt.Errorf("error creating node network: %w", err)
+	}
+
+	return *resp.Payload.ID, nil
+}
+
+func (r *clusterReconciler) deleteNodeNetwork() error {
+	if r.infraCluster.Spec.NodeNetworkID == nil {
+		return nil
+	}
+
+	_, err := r.metalClient.Network().FreeNetwork(network.NewFreeNetworkParams().WithID(*r.infraCluster.Spec.NodeNetworkID).WithContext(r.ctx), nil)
+	if err != nil {
+		return err
+	}
+	r.log.Info("deleted node network")
+
+	return nil
+}
+
 func (r *clusterReconciler) ensureFirewallDeployment() error {
 	fwdeploy := &v1alpha1.MetalStackFirewallDeployment{}
 	err := r.client.Get(r.ctx, types.NamespacedName{
@@ -415,12 +466,12 @@ func (r *clusterReconciler) ensureControlPlaneIP() (string, error) {
 
 	defaultNetwork := nwResp.Payload[0]
 	resp, err := r.metalClient.IP().AllocateIP(ipmodels.NewAllocateIPParams().WithBody(&models.V1IPAllocateRequest{
-		Description: fmt.Sprintf("%s control plane ip", r.infraCluster.GetClusterID()),
+		Description: fmt.Sprintf("%s control plane ip", r.infraCluster.GetClusterName()),
 		Name:        r.infraCluster.GetName() + "-control-plane",
 		Networkid:   defaultNetwork.ID,
 		Projectid:   &r.infraCluster.Spec.ProjectID,
 		Tags: []string{
-			tag.New(tag.ClusterID, r.infraCluster.GetClusterID()),
+			tag.New(tag.ClusterID, r.infraCluster.GetClusterName()),
 			v1alpha1.TagControlPlanePurpose,
 		},
 		Type: ptr.To(models.V1IPBaseTypeEphemeral),

internal/controller/metalstackcluster_controller.go

@@ -107,7 +107,7 @@ var _ = Describe("MetalStackCluster Controller", func() {
 			resource.Spec = v1alpha1.MetalStackClusterSpec{
 				ControlPlaneEndpoint: v1alpha1.APIEndpoint{},
 				ProjectID:            "test-project",
-				NodeNetworkID:        "node-network-id",
+				NodeNetworkID:        nil,
 				ControlPlaneIP:       nil,
 				Partition:            "test-partition",
 			}
@@ -229,7 +229,7 @@ var _ = Describe("MetalStackCluster Controller", func() {
 			resource.Spec = v1alpha1.MetalStackClusterSpec{
 				ControlPlaneEndpoint: v1alpha1.APIEndpoint{},
 				ProjectID:            "test-project",
-				NodeNetworkID:        "node-network-id",
+				NodeNetworkID:        nil,
 				ControlPlaneIP:       nil,
 				Partition:            "test-partition",
 			}
@@ -271,11 +271,11 @@ var _ = Describe("MetalStackCluster Controller", func() {
 				IP: func(m *mock.Mock) {
 					m.On("AllocateIP", testcommon.MatchIgnoreContext(testingT, metalip.NewAllocateIPParams().WithBody(&models.V1IPAllocateRequest{
 						Tags: []string{
-							"cluster.metal-stack.io/id=" + resource.GetClusterID(),
+							"cluster.metal-stack.io/id=" + resource.GetClusterName(),
 							"metal-stack.infrastructure.cluster.x-k8s.io/purpose=control-plane",
 						},
 						Name:        resource.Name + "-control-plane",
-						Description: resource.GetClusterID() + " control plane ip",
+						Description: resource.GetClusterName() + " control plane ip",
 						Networkid:   ptr.To("internet"),
 						Projectid:   ptr.To("test-project"),
 						Type:        ptr.To("ephemeral"),
@@ -286,6 +286,26 @@ var _ = Describe("MetalStackCluster Controller", func() {
 					}, nil)
 				},
 				Network: func(m *mock.Mock) {
+					m.On("AllocateNetwork", testcommon.MatchIgnoreContext(testingT, metalnetwork.NewAllocateNetworkParams().WithBody(&models.V1NetworkAllocateRequest{
+						Name:        resource.Name,
+						Description: resource.Namespace + "/" + resource.Name,
+						Labels: map[string]string{
+							"cluster.metal-stack.io/id": string(resource.UID),
+						},
+						Partitionid: "test-partition",
+						Projectid:   "test-project",
+					})), nil).Return(&metalnetwork.AllocateNetworkCreated{
+						Payload: &models.V1NetworkResponse{
+							Labels: map[string]string{
+								"cluster.metal-stack.io/id": string(resource.UID),
+							},
+							Partitionid: "test-partition",
+							Projectid:   "test-project",
+							ID:          ptr.To("test-network"),
+							Prefixes:    []string{"192.168.42.0/24"},
+						},
+					}, nil)
+
 					m.On("FindNetworks", testcommon.MatchIgnoreContext(testingT, metalnetwork.NewFindNetworksParams().WithBody(&models.V1NetworkFindRequest{
 						Labels: map[string]string{
 							"network.metal-stack.io/default": "",
@@ -325,6 +345,10 @@ var _ = Describe("MetalStackCluster Controller", func() {
 
 			Expect(k8sClient.Get(ctx, typeNamespacedName, resource)).To(Succeed())
 
+			Expect(resource.Status.Conditions).To(ContainElement(MatchFields(IgnoreExtras, Fields{
+				"Type":   Equal(v1alpha1.ClusterNodeNetworkEnsured),
+				"Status": Equal(corev1.ConditionTrue),
+			})))
 			Expect(resource.Status.Conditions).To(ContainElement(MatchFields(IgnoreExtras, Fields{
 				"Type":   Equal(v1alpha1.ClusterControlPlaneIPEnsured),
 				"Status": Equal(corev1.ConditionTrue),
@@ -351,7 +375,7 @@ var _ = Describe("MetalStackCluster Controller", func() {
 			resource.Spec = v1alpha1.MetalStackClusterSpec{
 				ControlPlaneEndpoint: v1alpha1.APIEndpoint{},
 				ProjectID:            "test-project",
-				NodeNetworkID:        nodeNetworkID,
+				NodeNetworkID:        &nodeNetworkID,
 				ControlPlaneIP:       &controlPlaneIP,
 				Partition:            "test-partition",
 			}
@@ -402,6 +426,10 @@ var _ = Describe("MetalStackCluster Controller", func() {
 
 					return resource.Status.Conditions
 				}, "20s").Should(ContainElements(
+					MatchFields(IgnoreExtras, Fields{
+						"Type":   Equal(v1alpha1.ClusterNodeNetworkEnsured),
+						"Status": Equal(corev1.ConditionTrue),
+					}),
 					MatchFields(IgnoreExtras, Fields{
 						"Type":   Equal(v1alpha1.ClusterControlPlaneIPEnsured),
 						"Status": Equal(corev1.ConditionTrue),
@@ -447,6 +475,10 @@ var _ = Describe("MetalStackCluster Controller", func() {
 
 					return resource.Status.Conditions
 				}, "20s").Should(ContainElements(
+					MatchFields(IgnoreExtras, Fields{
+						"Type":   Equal(v1alpha1.ClusterNodeNetworkEnsured),
+						"Status": Equal(corev1.ConditionTrue),
+					}),
 					MatchFields(IgnoreExtras, Fields{
 						"Type":   Equal(v1alpha1.ClusterControlPlaneIPEnsured),
 						"Status": Equal(corev1.ConditionTrue),