Skip to content

Commit

Permalink
Add IP pool config to disable new allocations (#3472)
Browse files Browse the repository at this point in the history 
* Add IP pool config to disable new allocations

* Fix ut

* Use ptr helper
  • Loading branch information
@caseydavenport
caseydavenport authored Aug 27, 2024
1 parent bef5d5c commit 6eeefb1
Show file tree
Hide file tree
Showing 7 changed files with 94 additions and 39 deletions.
26 changes: 21 additions & 5 deletions api/v1/installation_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -665,6 +665,11 @@ type IPPool struct {
// +kubebuilder:default:=false
DisableBGPExport *bool `json:"disableBGPExport,omitempty"`

// DisableNewAllocations specifies whether or not new IP allocations are allowed from this pool.
// This is useful when you want to prevent new pods from receiving IP addresses from this pool, without
// impacting any existing pods that have already been assigned addresses from this pool.
DisableNewAllocations *bool `json:"disableNewAllocations,omitempty"`

// AllowedUse controls what the IP pool will be used for. If not specified or empty, defaults to
// ["Tunnel", "Workload"] for back-compatibility
AllowedUses []IPPoolAllowedUse `json:"allowedUses,omitempty" validate:"omitempty"`
Expand Down Expand Up @@ -710,6 +715,10 @@ func (p *IPPool) ToProjectCalicoV1() (*pcv1.IPPool, error) {
pool.Spec.NATOutgoing = true
}

if p.DisableNewAllocations != nil {
pool.Spec.Disabled = *p.DisableNewAllocations
}

// Set BlockSize
if p.BlockSize != nil {
pool.Spec.BlockSize = int(*p.BlockSize)
Expand Down Expand Up @@ -754,8 +763,17 @@ func (p *IPPool) FromProjectCalicoV1(crd pcv1.IPPool) {
// Set NAT
if crd.Spec.NATOutgoing {
p.NATOutgoing = NATOutgoingEnabled
} else {
p.NATOutgoing = NATOutgoingDisabled
}

// Configure DisableNewAllocations
disableAlloc := false
if crd.Spec.Disabled {
disableAlloc = true
}
p.DisableNewAllocations = &disableAlloc

// Set BlockSize
blockSize := int32(crd.Spec.BlockSize)
p.BlockSize = &blockSize
Expand All @@ -764,13 +782,11 @@ func (p *IPPool) FromProjectCalicoV1(crd pcv1.IPPool) {
p.NodeSelector = crd.Spec.NodeSelector

// Set BGP export.
disableExport := false
if crd.Spec.DisableBGPExport {
t := true
p.DisableBGPExport = &t
} else {
f := false
p.DisableBGPExport = &f
disableExport = true
}
p.DisableBGPExport = &disableExport

for _, use := range crd.Spec.AllowedUses {
p.AllowedUses = append(p.AllowedUses, IPPoolAllowedUse(use))
Expand Down
5 changes: 5 additions & 0 deletions api/v1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

11 changes: 7 additions & 4 deletions pkg/controller/ippool/defaults.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ import (
configv1 "github.com/openshift/api/config/v1"
operator "github.com/tigera/operator/api/v1"
crdv1 "github.com/tigera/operator/pkg/apis/crd.projectcalico.org/v1"
"github.com/tigera/operator/pkg/ptr"
corev1 "k8s.io/api/core/v1"
apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
Expand Down Expand Up @@ -183,8 +184,7 @@ func fillDefaults(ctx context.Context, client client.Client, instance *operator.
pool.NodeSelector = operator.NodeSelectorDefault
}
if pool.BlockSize == nil {
var twentySix int32 = 26
pool.BlockSize = &twentySix
pool.BlockSize = ptr.ToPtr[int32](26)
}
} else if err == nil && addr.To16() != nil {
// This is an IPv6 pool.
Expand All @@ -198,11 +198,14 @@ func fillDefaults(ctx context.Context, client client.Client, instance *operator.
pool.NodeSelector = operator.NodeSelectorDefault
}
if pool.BlockSize == nil {
var oneTwentyTwo int32 = 122
pool.BlockSize = &oneTwentyTwo
pool.BlockSize = ptr.ToPtr[int32](122)
}
}

if pool.DisableNewAllocations == nil {
pool.DisableNewAllocations = ptr.ToPtr(false)
}

// Default the name if it's not set.
if pool.Name == "" {
if name, ok := currentPoolLookup[pool.CIDR]; ok {
Expand Down
2 changes: 1 addition & 1 deletion pkg/controller/ippool/pool_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -342,7 +342,7 @@ func (r *Reconciler) Reconcile(ctx context.Context, request reconcile.Request) (
if !found {
// This pool needs to be deleted. We only ever send deletes via the API server,
// since deletion requires rather complex logic. If the API server isn't available,
// we'll instead just mark the pool as disabled temporarily.
// we won't delete the pool and will mark the controller as degraded.
reqLogger.WithValues("cidr", cidr, "valid", installation.Spec.CalicoNetwork.IPPools).Info("Pool needs to be deleted")
if apiAvailable {
// v3 API is available - send a delete request.
Expand Down
45 changes: 24 additions & 21 deletions pkg/controller/ippool/pool_controller_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -444,13 +444,14 @@ var _ = table.DescribeTable("Test OpenShift IP pool defaulting",
&operator.CalicoNetworkSpec{
IPPools: []operator.IPPool{
{
Name: "default-ipv4-ippool",
CIDR: "192.168.0.0/16",
Encapsulation: "IPIP",
NATOutgoing: "Enabled",
NodeSelector: "all()",
BlockSize: &twentySix,
AllowedUses: []operator.IPPoolAllowedUse{operator.IPPoolAllowedUseWorkload, operator.IPPoolAllowedUseTunnel},
Name: "default-ipv4-ippool",
CIDR: "192.168.0.0/16",
Encapsulation: "IPIP",
NATOutgoing: "Enabled",
NodeSelector: "all()",
BlockSize: &twentySix,
AllowedUses: []operator.IPPoolAllowedUse{operator.IPPoolAllowedUseWorkload, operator.IPPoolAllowedUseTunnel},
DisableNewAllocations: &false_,
},
},
}),
Expand All @@ -472,13 +473,14 @@ var _ = table.DescribeTable("Test OpenShift IP pool defaulting",
&operator.CalicoNetworkSpec{
IPPools: []operator.IPPool{
{
Name: "default-ipv4-ippool",
CIDR: "10.0.0.0/8",
Encapsulation: "IPIP",
NATOutgoing: "Enabled",
NodeSelector: "all()",
BlockSize: &twentySix,
AllowedUses: []operator.IPPoolAllowedUse{operator.IPPoolAllowedUseWorkload, operator.IPPoolAllowedUseTunnel},
Name: "default-ipv4-ippool",
CIDR: "10.0.0.0/8",
Encapsulation: "IPIP",
NATOutgoing: "Enabled",
NodeSelector: "all()",
BlockSize: &twentySix,
AllowedUses: []operator.IPPoolAllowedUse{operator.IPPoolAllowedUseWorkload, operator.IPPoolAllowedUseTunnel},
DisableNewAllocations: &false_,
},
},
}),
Expand Down Expand Up @@ -508,13 +510,14 @@ var _ = table.DescribeTable("Test OpenShift IP pool defaulting",
&operator.CalicoNetworkSpec{
IPPools: []operator.IPPool{
{
Name: "default-ipv4-ippool",
CIDR: "10.0.0.0/24",
Encapsulation: "VXLAN",
NATOutgoing: "Disabled",
NodeSelector: "all()",
BlockSize: &twentySix,
AllowedUses: []operator.IPPoolAllowedUse{operator.IPPoolAllowedUseWorkload, operator.IPPoolAllowedUseTunnel},
Name: "default-ipv4-ippool",
CIDR: "10.0.0.0/24",
Encapsulation: "VXLAN",
NATOutgoing: "Disabled",
NodeSelector: "all()",
BlockSize: &twentySix,
AllowedUses: []operator.IPPoolAllowedUse{operator.IPPoolAllowedUseWorkload, operator.IPPoolAllowedUseTunnel},
DisableNewAllocations: &false_,
},
},
}),
Expand Down
32 changes: 24 additions & 8 deletions pkg/controller/ippool/pool_conversion_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,10 @@ import (
operator "github.com/tigera/operator/api/v1"
)

var true_ = true
var (
true_ = true
false_ = false
)

var _ = table.DescribeTable("IPPool operator.tigera.io <-> crd.projectcalico.org/v1 conversion tests",
func(input operator.IPPool) {
Expand All @@ -35,12 +38,25 @@ var _ = table.DescribeTable("IPPool operator.tigera.io <-> crd.projectcalico.org
},

table.Entry("Fully-specified pool", operator.IPPool{
CIDR: "172.16.0.0/16",
Encapsulation: operator.EncapsulationVXLANCrossSubnet,
NATOutgoing: operator.NATOutgoingEnabled,
NodeSelector: "foo == 'bar'",
BlockSize: &twentySix,
DisableBGPExport: &true_,
AllowedUses: []operator.IPPoolAllowedUse{operator.IPPoolAllowedUseWorkload},
CIDR: "172.16.0.0/16",
Encapsulation: operator.EncapsulationVXLANCrossSubnet,
NATOutgoing: operator.NATOutgoingEnabled,
NodeSelector: "foo == 'bar'",
BlockSize: &twentySix,
DisableBGPExport: &true_,
DisableNewAllocations: &true_,
AllowedUses: []operator.IPPoolAllowedUse{operator.IPPoolAllowedUseWorkload},
}),

// Test fields that implicitly default to false when they are explicitly set to false.
table.Entry("Explicitly false fields", operator.IPPool{
CIDR: "172.16.0.0/16",
Encapsulation: operator.EncapsulationIPIPCrossSubnet,
NATOutgoing: operator.NATOutgoingDisabled,
NodeSelector: "",
BlockSize: &twentySix,
DisableBGPExport: &false_,
DisableNewAllocations: &false_,
AllowedUses: nil,
}),
)
12 changes: 12 additions & 0 deletions pkg/crds/operator/operator.tigera.io_installations.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1100,6 +1100,12 @@ spec:
DisableBGPExport specifies whether routes from this IP pool's CIDR are exported over BGP.
Default: false
type: boolean
disableNewAllocations:
description: |-
DisableNewAllocations specifies whether or not new IP allocations are allowed from this pool.
This is useful when you want to prevent new pods from receiving IP addresses from this pool, without
impacting any existing pods that have already been assigned addresses from this pool.
type: boolean
encapsulation:
description: |-
Encapsulation specifies the encapsulation type that will be used with
Expand Down Expand Up @@ -8478,6 +8484,12 @@ spec:
DisableBGPExport specifies whether routes from this IP pool's CIDR are exported over BGP.
Default: false
type: boolean
disableNewAllocations:
description: |-
DisableNewAllocations specifies whether or not new IP allocations are allowed from this pool.
This is useful when you want to prevent new pods from receiving IP addresses from this pool, without
impacting any existing pods that have already been assigned addresses from this pool.
type: boolean
encapsulation:
description: |-
Encapsulation specifies the encapsulation type that will be used with
Expand Down

0 comments on commit 6eeefb1

Please sign in to comment.