Merge pull request #8151 from patrickdillon/gcp-capi-int-lb

CORS-3260: CAPI: Create GCP Internal LB

Author: openshift-merge-bot[bot]

pkg/asset/machines/master.go

@@ -265,6 +265,26 @@ func (m *Master) Generate(dependencies asset.Parents) error {
 		if err != nil {
 			return err
 		}
+
+		// CAPG-based installs will use only backend services--no target pools,
+		// so we don't want to include target pools in the control plane machineset.
+		// TODO(padillon): once this feature gate is the default and we are
+		// no longer using Terraform, we can update ConfigMasters not to populate this.
+		if ic.EnabledFeatureGates().Enabled(configv1.FeatureGateClusterAPIInstall) {
+			for _, machine := range machines {
+				providerSpec, ok := machine.Spec.ProviderSpec.Value.Object.(*machinev1beta1.GCPMachineProviderSpec)
+				if !ok {
+					return errors.New("unable to convert ProviderSpec to GCPMachineProviderSpec")
+				}
+				providerSpec.TargetPools = nil
+			}
+			cpms := controlPlaneMachineSet.Spec.Template.OpenShiftMachineV1Beta1Machine.Spec.ProviderSpec.Value.Object
+			providerSpec, ok := cpms.(*machinev1beta1.GCPMachineProviderSpec)
+			if !ok {
+				return errors.New("Unable to set target pools to control plane machine set")
+			}
+			providerSpec.TargetPools = nil
+		}
 	case ibmcloudtypes.Name:
 		subnets := map[string]string{}
 		if len(ic.Platform.IBMCloud.ControlPlaneSubnets) > 0 {

pkg/asset/manifests/clusterapi/cluster.go

@@ -9,6 +9,7 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/utils/ptr"
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/yaml"
@@ -90,7 +91,11 @@ func (c *Cluster) Generate(dependencies asset.Parents) error {
 			Name:      clusterID.InfraID,
 			Namespace: capiutils.Namespace,
 		},
-		Spec: clusterv1.ClusterSpec{},
+		Spec: clusterv1.ClusterSpec{
+			ClusterNetwork: &clusterv1.ClusterNetwork{
+				APIServerPort: ptr.To[int32](6443),
+			},
+		},
 	}
 	cluster.SetGroupVersionKind(clusterv1.GroupVersion.WithKind("Cluster"))
 	c.FileList = append(c.FileList, &asset.RuntimeFile{Object: cluster, File: asset.File{Filename: "01_capi-cluster.yaml"}})

pkg/asset/manifests/gcp/cluster.go

@@ -10,6 +10,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/utils/ptr"
 	capg "sigs.k8s.io/cluster-api-provider-gcp/api/v1beta1"
+	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 
 	"github.com/openshift/installer/pkg/asset"
 	"github.com/openshift/installer/pkg/asset/installconfig"
@@ -105,8 +106,9 @@ func GenerateClusterAssets(installConfig *installconfig.InstallConfig, clusterID
 			Namespace: capiutils.Namespace,
 		},
 		Spec: capg.GCPClusterSpec{
-			Project: installConfig.Config.GCP.ProjectID,
-			Region:  installConfig.Config.GCP.Region,
+			Project:              installConfig.Config.GCP.ProjectID,
+			Region:               installConfig.Config.GCP.Region,
+			ControlPlaneEndpoint: clusterv1.APIEndpoint{Port: 6443},
 			Network: capg.NetworkSpec{
 				// TODO: Need a network project for installs where the network resources will exist in another
 				// project such as shared vpc installs

pkg/destroy/gcp/cloudcontroller.go

@@ -121,7 +121,7 @@ func (o *ClusterUninstaller) discoverCloudControllerLoadBalancerResources(ctx co
 	o.insertPendingItems("forwardingrule", found)
 
 	// Discover associated health checks: loadBalancerName
-	found, err = o.listHealthChecksWithFilter(ctx, "items(name),nextPageToken", loadBalancerNameFilter, nil)
+	found, err = o.listHealthChecksWithFilter(ctx, "healthcheck", "items(name),nextPageToken", loadBalancerNameFilter, o.healthCheckList)
 	if err != nil {
 		return err
 	}
@@ -196,7 +196,7 @@ func (o *ClusterUninstaller) discoverCloudControllerResources(ctx context.Contex
 	if len(o.cloudControllerUID) > 0 {
 		// Discover Cloud Controller health checks: k8s-cloudControllerUID-node
 		filter := fmt.Sprintf("name eq \"k8s-%s-node\"", o.cloudControllerUID)
-		found, err := o.listHealthChecksWithFilter(ctx, "items(name),nextPageToken", filter, nil)
+		found, err := o.listHealthChecksWithFilter(ctx, "healthcheck", "items(name),nextPageToken", filter, o.healthCheckList)
 		if err != nil {
 			return err
 		}

pkg/destroy/gcp/healthcheck.go

@@ -2,6 +2,7 @@ package gcp
 
 import (
 	"context"
+	"fmt"
 
 	"github.com/pkg/errors"
 	"google.golang.org/api/compute/v1"
@@ -10,54 +11,47 @@ import (
 	"github.com/openshift/installer/pkg/types/gcp"
 )
 
-func (o *ClusterUninstaller) listHealthChecks(ctx context.Context) ([]cloudResource, error) {
-	return o.listHealthChecksWithFilter(ctx, "items(name),nextPageToken", o.clusterIDFilter(), nil)
+func (o *ClusterUninstaller) listHealthChecks(ctx context.Context, typeName string, listFunc healthCheckListFunc) ([]cloudResource, error) {
+	return o.listHealthChecksWithFilter(ctx, typeName, "items(name),nextPageToken", o.clusterIDFilter(), listFunc)
 }
 
 // listHealthChecksWithFilter lists health checks in the project that satisfy the filter criteria.
 // The fields parameter specifies which fields should be returned in the result, the filter string contains
 // a filter string passed to the API to filter results. The filterFunc is a client-side filtering function
 // that determines whether a particular result should be returned or not.
-func (o *ClusterUninstaller) listHealthChecksWithFilter(ctx context.Context, fields string, filter string, filterFunc func(*compute.HealthCheck) bool) ([]cloudResource, error) {
+func (o *ClusterUninstaller) listHealthChecksWithFilter(ctx context.Context, typeName, fields, filter string, listFunc healthCheckListFunc) ([]cloudResource, error) {
 	o.Logger.Debugf("Listing health checks")
 	ctx, cancel := context.WithTimeout(ctx, defaultTimeout)
 	defer cancel()
 	result := []cloudResource{}
-	req := o.computeSvc.HealthChecks.List(o.ProjectID).Fields(googleapi.Field(fields))
-	if len(filter) > 0 {
-		req = req.Filter(filter)
-	}
-	err := req.Pages(ctx, func(list *compute.HealthCheckList) error {
-		for _, item := range list.Items {
-			if filterFunc == nil || filterFunc != nil && filterFunc(item) {
-				o.Logger.Debugf("Found health check: %s", item.Name)
-				result = append(result, cloudResource{
-					key:      item.Name,
-					name:     item.Name,
-					typeName: "healthcheck",
-					quota: []gcp.QuotaUsage{{
-						Metric: &gcp.Metric{
-							Service: gcp.ServiceComputeEngineAPI,
-							Limit:   "health_checks",
-						},
-						Amount: 1,
-					}},
-				})
-			}
-		}
-		return nil
-	})
+	list, err := listFunc(ctx, filter, fields)
 	if err != nil {
-		return nil, errors.Wrapf(err, "failed to list health checks")
+		return nil, fmt.Errorf("failed to list health checks: %w", err)
+	}
+
+	for _, item := range list.Items {
+		o.Logger.Debugf("Found health check: %s", item.Name)
+		result = append(result, cloudResource{
+			key:      item.Name,
+			name:     item.Name,
+			typeName: typeName,
+			quota: []gcp.QuotaUsage{{
+				Metric: &gcp.Metric{
+					Service: gcp.ServiceComputeEngineAPI,
+					Limit:   "health_checks",
+				},
+				Amount: 1,
+			}},
+		})
 	}
 	return result, nil
 }
 
-func (o *ClusterUninstaller) deleteHealthCheck(ctx context.Context, item cloudResource) error {
+func (o *ClusterUninstaller) deleteHealthCheck(ctx context.Context, item cloudResource, deleteFunc healthCheckDestroyFunc) error {
 	o.Logger.Debugf("Deleting health check %s", item.name)
 	ctx, cancel := context.WithTimeout(ctx, defaultTimeout)
 	defer cancel()
-	op, err := o.computeSvc.HealthChecks.Delete(o.ProjectID, item.name).RequestId(o.requestID(item.typeName, item.name)).Context(ctx).Do()
+	op, err := deleteFunc(ctx, item)
 	if err != nil && !isNoOp(err) {
 		o.resetRequestID(item.typeName, item.name)
 		return errors.Wrapf(err, "failed to delete health check %s", item.name)
@@ -77,19 +71,56 @@ func (o *ClusterUninstaller) deleteHealthCheck(ctx context.Context, item cloudRe
 // destroyHealthChecks removes all health check resources that have a name prefixed
 // with the cluster's infra ID.
 func (o *ClusterUninstaller) destroyHealthChecks(ctx context.Context) error {
-	found, err := o.listHealthChecks(ctx)
-	if err != nil {
-		return err
-	}
-	items := o.insertPendingItems("healthcheck", found)
-	for _, item := range items {
-		err := o.deleteHealthCheck(ctx, item)
+	for _, hcd := range []healthCheckDestroyer{
+		{
+			itemTypeName: "healthcheck",
+			destroyFunc:  o.healthCheckDelete,
+			listFunc:     o.healthCheckList,
+		},
+		{
+			itemTypeName: "regionHealthCheck",
+			destroyFunc:  o.regionHealthCheckDelete,
+			listFunc:     o.regionHealthCheckList,
+		},
+	} {
+		found, err := o.listHealthChecks(ctx, hcd.itemTypeName, hcd.listFunc)
 		if err != nil {
-			o.errorTracker.suppressWarning(item.key, err, o.Logger)
+			return err
+		}
+		items := o.insertPendingItems(hcd.itemTypeName, found)
+		for _, item := range items {
+			err := o.deleteHealthCheck(ctx, item, hcd.destroyFunc)
+			if err != nil {
+				o.errorTracker.suppressWarning(item.key, err, o.Logger)
+			}
+		}
+		if items = o.getPendingItems(hcd.itemTypeName); len(items) > 0 {
+			return errors.Errorf("%d items pending", len(items))
 		}
-	}
-	if items = o.getPendingItems("healthcheck"); len(items) > 0 {
-		return errors.Errorf("%d items pending", len(items))
 	}
 	return nil
 }
+
+type healthCheckListFunc func(ctx context.Context, filter, fields string) (*compute.HealthCheckList, error)
+type healthCheckDestroyFunc func(ctx context.Context, item cloudResource) (*compute.Operation, error)
+type healthCheckDestroyer struct {
+	itemTypeName string
+	destroyFunc  healthCheckDestroyFunc
+	listFunc     healthCheckListFunc
+}
+
+func (o *ClusterUninstaller) healthCheckDelete(ctx context.Context, item cloudResource) (*compute.Operation, error) {
+	return o.computeSvc.HealthChecks.Delete(o.ProjectID, item.name).RequestId(o.requestID(item.typeName, item.name)).Context(ctx).Do()
+}
+
+func (o *ClusterUninstaller) healthCheckList(ctx context.Context, filter, fields string) (*compute.HealthCheckList, error) {
+	return o.computeSvc.HealthChecks.List(o.ProjectID).Filter(filter).Fields(googleapi.Field(fields)).Context(ctx).Do()
+}
+
+func (o *ClusterUninstaller) regionHealthCheckDelete(ctx context.Context, item cloudResource) (*compute.Operation, error) {
+	return o.computeSvc.RegionHealthChecks.Delete(o.ProjectID, o.Region, item.name).RequestId(o.requestID(item.typeName, item.name)).Context(ctx).Do()
+}
+
+func (o *ClusterUninstaller) regionHealthCheckList(ctx context.Context, filter, fields string) (*compute.HealthCheckList, error) {
+	return o.computeSvc.RegionHealthChecks.List(o.ProjectID, o.Region).Filter(filter).Fields(googleapi.Field(fields)).Context(ctx).Do()
+}

pkg/infrastructure/gcp/clusterapi/clusterapi.go

@@ -4,6 +4,8 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"path"
+	"strings"
 	"time"
 
 	"github.com/sirupsen/logrus"
@@ -13,6 +15,7 @@ import (
 	"github.com/openshift/installer/pkg/asset/cluster/metadata"
 	"github.com/openshift/installer/pkg/asset/cluster/tfvars"
 	"github.com/openshift/installer/pkg/asset/ignition/bootstrap/gcp"
+	icgcp "github.com/openshift/installer/pkg/asset/installconfig/gcp"
 	"github.com/openshift/installer/pkg/asset/manifests/capiutils"
 	"github.com/openshift/installer/pkg/infrastructure/clusterapi"
 	"github.com/openshift/installer/pkg/types"
@@ -141,13 +144,47 @@ func (p Provider) InfraReady(ctx context.Context, in clusterapi.InfraReadyInput)
 		logrus.Debugf("publish strategy is set to external but api address is empty")
 	}
 
+	client, err := icgcp.NewClient(context.TODO())
+	if err != nil {
+		return err
+	}
+
+	networkProjectID := in.InstallConfig.Config.GCP.NetworkProjectID
+	if networkProjectID == "" {
+		networkProjectID = in.InstallConfig.Config.GCP.ProjectID
+	}
+
+	networkSelfLink := *gcpCluster.Status.Network.SelfLink
+	networkName := path.Base(networkSelfLink)
+	masterSubnetName := gcptypes.DefaultSubnetName(in.InfraID, "master")
+	if in.InstallConfig.Config.GCP.ControlPlaneSubnet != "" {
+		masterSubnetName = in.InstallConfig.Config.GCP.ControlPlaneSubnet
+	}
+
+	subnets, err := client.GetSubnetworks(context.TODO(), networkName, networkProjectID, in.InstallConfig.Config.GCP.Region)
+	if err != nil {
+		return fmt.Errorf("failed to retrieve subnets: %w", err)
+	}
+
+	var masterSubnetSelflink string
+	for _, s := range subnets {
+		if strings.EqualFold(s.Name, masterSubnetName) {
+			masterSubnetSelflink = s.SelfLink
+			break
+		}
+	}
+
+	if masterSubnetSelflink == "" {
+		return fmt.Errorf("could not find master subnet %s in subnets %v", masterSubnetName, subnets)
+	}
+
+	zones := gcpCluster.Status.FailureDomains.GetIDs()
+
 	// Currently, the internal/private load balancer is not created by CAPG. The load balancer will be created
-	// by the installer for now
+	// by the installer for now.
 	// TODO: remove the creation of the LB and health check here when supported by CAPG.
 	// https://github.com/kubernetes-sigs/cluster-api-provider-gcp/issues/903
-	// Create the public (optional) and private load balancer static ip addresses
-	// TODO: Do we then need to setup a subnet for internal load balancing ?
-	apiIntIPAddress, err := createInternalLBAddress(ctx, in)
+	apiIntIPAddress, err := createInternalLB(ctx, in, masterSubnetSelflink, networkSelfLink, zones)
 	if err != nil {
 		return fmt.Errorf("failed to create internal load balancer address: %w", err)
 	}