Configuration controller

Makefile

@@ -56,7 +56,7 @@ rbacs: controller-gen
 	rm -f deployments/liqo/files/*
 	$(CONTROLLER_GEN) paths="./internal/liqonet/route-operator" rbac:roleName=liqo-route output:rbac:stdout | awk -v RS="---\n" 'NR>1{f="./deployments/liqo/files/liqo-route-" $$4 ".yaml";printf "%s",$$0 > f; close(f)}' &&  sed -i -n '/rules/,$$p' deployments/liqo/files/liqo-route-ClusterRole.yaml deployments/liqo/files/liqo-route-Role.yaml
 	$(CONTROLLER_GEN) paths="./internal/liqonet/tunnel-operator" rbac:roleName=liqo-gateway output:rbac:stdout | awk -v RS="---\n" 'NR>1{f="./deployments/liqo/files/liqo-gateway-" $$4 ".yaml";printf "%s",$$0 > f; close(f)}' &&  sed -i -n '/rules/,$$p' deployments/liqo/files/liqo-gateway-ClusterRole.yaml deployments/liqo/files/liqo-gateway-Role.yaml
-	$(CONTROLLER_GEN) paths="./internal/liqonet/network-manager/..." rbac:roleName=liqo-network-manager output:rbac:stdout | awk -v RS="---\n" 'NR>1{f="./deployments/liqo/files/liqo-network-manager-" $$4 ".yaml";printf "%s",$$0 > f; close(f)}' &&  sed -i -n '/rules/,$$p' deployments/liqo/files/liqo-network-manager-ClusterRole.yaml deployments/liqo/files/liqo-network-manager-Role.yaml
+	$(CONTROLLER_GEN) paths="{./internal/liqonet/network-manager/...,./pkg/liqonet/...}" rbac:roleName=liqo-network-manager output:rbac:stdout | awk -v RS="---\n" 'NR>1{f="./deployments/liqo/files/liqo-network-manager-" $$4 ".yaml";printf "%s",$$0 > f; close(f)}' &&  sed -i -n '/rules/,$$p' deployments/liqo/files/liqo-network-manager-ClusterRole.yaml deployments/liqo/files/liqo-network-manager-Role.yaml
 	$(CONTROLLER_GEN) paths="./internal/crdReplicator" rbac:roleName=liqo-crd-replicator output:rbac:stdout | awk -v RS="---\n" 'NR>1{f="./deployments/liqo/files/liqo-crd-replicator-" $$4 ".yaml";printf "%s",$$0 > f; close(f)}' &&  sed -i -n '/rules/,$$p' deployments/liqo/files/liqo-crd-replicator-ClusterRole.yaml deployments/liqo/files/liqo-crd-replicator-Role.yaml
 	$(CONTROLLER_GEN) paths="./pkg/discoverymanager" rbac:roleName=liqo-discovery output:rbac:stdout | awk -v RS="---\n" 'NR>1{f="./deployments/liqo/files/liqo-discovery-" $$4 ".yaml";printf "%s",$$0 > f; close(f)}' &&  sed -i -n '/rules/,$$p' deployments/liqo/files/liqo-discovery-ClusterRole.yaml deployments/liqo/files/liqo-discovery-Role.yaml
 	$(CONTROLLER_GEN) paths="./internal/auth-service" rbac:roleName=liqo-auth-service output:rbac:stdout | awk -v RS="---\n" 'NR>1{f="./deployments/liqo/files/liqo-auth-" $$4 ".yaml";printf "%s",$$0 > f; close(f)}' &&  sed -i -n '/rules/,$$p' deployments/liqo/files/liqo-auth-ClusterRole.yaml deployments/liqo/files/liqo-auth-Role.yaml

apis/ipam/v1alpha1/network_types.go

@@ -17,6 +17,8 @@ package v1alpha1
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
+
+	v1alpha1networking "github.com/liqotech/liqo/apis/networking/v1alpha1"
 )
 
 var (
@@ -36,13 +38,13 @@ var (
 // NetworkSpec defines the desired state of Network.
 type NetworkSpec struct {
 	// CIDR is the desired CIDR for the remote cluster.
-	CIDR string `json:"cidr"`
+	CIDR v1alpha1networking.CIDR `json:"cidr"`
 }
 
 // NetworkStatus defines the observed state of Network.
 type NetworkStatus struct {
 	// CIDR is the remapped CIDR for the remote cluster.
-	CIDR string `json:"cidr,omitempty"`
+	CIDR v1alpha1networking.CIDR `json:"cidr,omitempty"`
 }
 
 // +kubebuilder:object:root=true

apis/networking/v1alpha1/common_types.go

@@ -0,0 +1,37 @@
+// Copyright 2019-2023 The Liqo Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package v1alpha1 contains API Schema definitions for the networking v1alpha1 API group.
+//
+//nolint:lll // ignore long lines given by Kubebuilder marker annotations.
+package v1alpha1
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// CIDR defines a syntax validated CIDR.
+// +kubebuilder:validation:Pattern=`^(([1-9]{0,1}[0-9]{0,2}|2[0-4][0-9]|25[0-5])\.){3}([1-9]{0,1}[0-9]{0,2}|2[0-4][0-9]|25[0-5])\/([0-9]|[1-2][0-9]|3[0-2])$`
+type CIDR string
+
+func (c CIDR) String() string {
+	return string(c)
+}
+
+// IP defines a syntax validated IP.
+// +kubebuilder:validation:Pattern=`^(([1-9]{0,1}[0-9]{0,2}|2[0-4][0-9]|25[0-5])\.){3}([1-9]{0,1}[0-9]{0,2}|2[0-4][0-9]|25[0-5])$`
+type IP string
+
+func (i IP) String() string {
+	return string(i)
+}

apis/networking/v1alpha1/configuration_types.go

@@ -34,18 +34,18 @@ var ConfigurationGroupResource = schema.GroupResource{Group: GroupVersion.Group,
 // ConfigurationGroupVersionResource is groupResourceVersion used to register these objects.
 var ConfigurationGroupVersionResource = GroupVersion.WithResource(ConfigurationResource)
 
-// CIDR defines the CIDR of the cluster.
-type CIDR struct {
+// ClusterConfigCIDR defines the CIDR of the cluster.
+type ClusterConfigCIDR struct {
 	// Pod CIDR of the cluster.
-	Pod string `json:"pod,omitempty"`
+	Pod CIDR `json:"pod,omitempty"`
 	// External CIDR of the cluster.
-	External string `json:"external,omitempty"`
+	External CIDR `json:"external,omitempty"`
 }
 
 // ClusterConfig defines the configuration of a cluster.
 type ClusterConfig struct {
 	// CIDR of the cluster.
-	CIDR CIDR `json:"cidr,omitempty"`
+	CIDR ClusterConfigCIDR `json:"cidr,omitempty"`
 }
 
 // ConfigurationSpec defines the desired state of Configuration.
@@ -65,6 +65,7 @@ type ConfigurationStatus struct {
 // +kubebuilder:object:root=true
 // +kubebuilder:resource:categories=liqo
 // +kubebuilder:subresource:status
+// +kubebuilder:printcolumn:name="Alias",type=string,JSONPath=`.spec.alias`
 
 // Configuration contains the network configuration of a pair of clusters,
 // including the local and the remote pod and external CIDRs and how the where remapped.

apis/networking/v1alpha1/gatewayserver_types.go

@@ -58,7 +58,7 @@ type GatewayServerSpec struct {
 // EndpointStatus defines the observed state of the endpoint.
 type EndpointStatus struct {
 	// Addresses specifies the addresses of the endpoint.
-	Addresses []string `json:"addresses,omitempty"`
+	Addresses []IP `json:"addresses,omitempty"`
 	// Port specifies the port of the endpoint.
 	Port int32 `json:"port,omitempty"`
 	// Protocol specifies the protocol of the endpoint.

cmd/liqonet/main.go

@@ -16,6 +16,7 @@ package main
 
 import (
 	"flag"
+	"fmt"
 
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
@@ -26,6 +27,7 @@ import (
 
 	discoveryv1alpha1 "github.com/liqotech/liqo/apis/discovery/v1alpha1"
 	netv1alpha1 "github.com/liqotech/liqo/apis/net/v1alpha1"
+	networkingv1alpha1 "github.com/liqotech/liqo/apis/networking/v1alpha1"
 	liqoconst "github.com/liqotech/liqo/pkg/consts"
 	"github.com/liqotech/liqo/pkg/utils/restcfg"
 )
@@ -47,6 +49,8 @@ func init() {
 	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
 	utilruntime.Must(discoveryv1alpha1.AddToScheme(scheme))
 	utilruntime.Must(netv1alpha1.AddToScheme(scheme))
+	utilruntime.Must(networkingv1alpha1.AddToScheme(scheme))
+	fmt.Print(scheme)
 }
 
 func main() {

cmd/liqonet/network-manager.go

@@ -30,6 +30,7 @@ import (
 	"github.com/liqotech/liqo/internal/liqonet/network-manager/netcfgcreator"
 	"github.com/liqotech/liqo/internal/liqonet/network-manager/tunnelendpointcreator"
 	liqoconst "github.com/liqotech/liqo/pkg/consts"
+	configurationcontroller "github.com/liqotech/liqo/pkg/liqonet/configuration-controller"
 	liqonetIpam "github.com/liqotech/liqo/pkg/liqonet/ipam"
 	liqonetutils "github.com/liqotech/liqo/pkg/liqonet/utils"
 	"github.com/liqotech/liqo/pkg/utils/args"
@@ -109,6 +110,8 @@ func runNetworkManager(commonFlags *liqonetCommonFlags, managerFlags *networkMan
 		ExternalCIDR: externalCIDR,
 	}
 
+	cfgr := configurationcontroller.NewConfigurationReconciler(mgr.GetClient(), mgr.GetScheme(), mgr.GetEventRecorderFor("configuration-controller"))
+
 	if err = tec.SetupWithManager(mgr); err != nil {
 		klog.Errorf("unable to create controller TunnelEndpointCreator: %s", err)
 		os.Exit(1)
@@ -119,6 +122,11 @@ func runNetworkManager(commonFlags *liqonetCommonFlags, managerFlags *networkMan
 		os.Exit(1)
 	}
 
+	if err = cfgr.SetupWithManager(mgr); err != nil {
+		klog.Errorf("unable to create controller ConfigurationReconciler: %s", err)
+		os.Exit(1)
+	}
+
 	klog.Info("starting manager as liqo-network-manager")
 	if err := mgr.Start(tec.SetupSignalHandlerForTunEndCreator()); err != nil {
 		klog.Errorf("an error occurred while starting manager: %s", err)

deployments/liqo/charts/liqo-crds/crds/ipam.liqo.io_networks.yaml

@@ -48,6 +48,7 @@ spec:
             properties:
               cidr:
                 description: CIDR is the desired CIDR for the remote cluster.
+                pattern: ^(([1-9]{0,1}[0-9]{0,2}|2[0-4][0-9]|25[0-5])\.){3}([1-9]{0,1}[0-9]{0,2}|2[0-4][0-9]|25[0-5])\/([0-9]|[1-2][0-9]|3[0-2])$
                 type: string
             required:
             - cidr
@@ -57,6 +58,7 @@ spec:
             properties:
               cidr:
                 description: CIDR is the remapped CIDR for the remote cluster.
+                pattern: ^(([1-9]{0,1}[0-9]{0,2}|2[0-4][0-9]|25[0-5])\.){3}([1-9]{0,1}[0-9]{0,2}|2[0-4][0-9]|25[0-5])\/([0-9]|[1-2][0-9]|3[0-2])$
                 type: string
             type: object
         required:

deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_configurations.yaml

@@ -16,7 +16,11 @@ spec:
     singular: configuration
   scope: Namespaced
   versions:
-  - name: v1alpha1
+  - additionalPrinterColumns:
+    - jsonPath: .spec.alias
+      name: Alias
+      type: string
+    name: v1alpha1
     schema:
       openAPIV3Schema:
         description: Configuration contains the network configuration of a pair of
@@ -47,9 +51,11 @@ spec:
                     properties:
                       external:
                         description: External CIDR of the cluster.
+                        pattern: ^(([1-9]{0,1}[0-9]{0,2}|2[0-4][0-9]|25[0-5])\.){3}([1-9]{0,1}[0-9]{0,2}|2[0-4][0-9]|25[0-5])\/([0-9]|[1-2][0-9]|3[0-2])$
                         type: string
                       pod:
                         description: Pod CIDR of the cluster.
+                        pattern: ^(([1-9]{0,1}[0-9]{0,2}|2[0-4][0-9]|25[0-5])\.){3}([1-9]{0,1}[0-9]{0,2}|2[0-4][0-9]|25[0-5])\/([0-9]|[1-2][0-9]|3[0-2])$
                         type: string
                     type: object
                 type: object
@@ -61,9 +67,11 @@ spec:
                     properties:
                       external:
                         description: External CIDR of the cluster.
+                        pattern: ^(([1-9]{0,1}[0-9]{0,2}|2[0-4][0-9]|25[0-5])\.){3}([1-9]{0,1}[0-9]{0,2}|2[0-4][0-9]|25[0-5])\/([0-9]|[1-2][0-9]|3[0-2])$
                         type: string
                       pod:
                         description: Pod CIDR of the cluster.
+                        pattern: ^(([1-9]{0,1}[0-9]{0,2}|2[0-4][0-9]|25[0-5])\.){3}([1-9]{0,1}[0-9]{0,2}|2[0-4][0-9]|25[0-5])\/([0-9]|[1-2][0-9]|3[0-2])$
                         type: string
                     type: object
                 type: object
@@ -80,9 +88,11 @@ spec:
                     properties:
                       external:
                         description: External CIDR of the cluster.
+                        pattern: ^(([1-9]{0,1}[0-9]{0,2}|2[0-4][0-9]|25[0-5])\.){3}([1-9]{0,1}[0-9]{0,2}|2[0-4][0-9]|25[0-5])\/([0-9]|[1-2][0-9]|3[0-2])$
                         type: string
                       pod:
                         description: Pod CIDR of the cluster.
+                        pattern: ^(([1-9]{0,1}[0-9]{0,2}|2[0-4][0-9]|25[0-5])\.){3}([1-9]{0,1}[0-9]{0,2}|2[0-4][0-9]|25[0-5])\/([0-9]|[1-2][0-9]|3[0-2])$
                         type: string
                     type: object
                 type: object

deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_connections.yaml

@@ -88,6 +88,8 @@ spec:
                       addresses:
                         description: Addresses specifies the addresses of the endpoint.
                         items:
+                          description: IP defines a syntax validated IP.
+                          pattern: ^(([1-9]{0,1}[0-9]{0,2}|2[0-4][0-9]|25[0-5])\.){3}([1-9]{0,1}[0-9]{0,2}|2[0-4][0-9]|25[0-5])$
                           type: string
                         type: array
                       port:

deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_gatewayservers.yaml

@@ -105,6 +105,8 @@ spec:
                   addresses:
                     description: Addresses specifies the addresses of the endpoint.
                     items:
+                      description: IP defines a syntax validated IP.
+                      pattern: ^(([1-9]{0,1}[0-9]{0,2}|2[0-4][0-9]|25[0-5])\.){3}([1-9]{0,1}[0-9]{0,2}|2[0-4][0-9]|25[0-5])$
                       type: string
                     type: array
                   port:

deployments/liqo/charts/liqo-crds/crds/networking.liqo.io_wggatewayservers.yaml

@@ -8966,6 +8966,8 @@ spec:
                   addresses:
                     description: Addresses specifies the addresses of the endpoint.
                     items:
+                      description: IP defines a syntax validated IP.
+                      pattern: ^(([1-9]{0,1}[0-9]{0,2}|2[0-4][0-9]|25[0-5])\.){3}([1-9]{0,1}[0-9]{0,2}|2[0-4][0-9]|25[0-5])$
                       type: string
                     type: array
                   port:

deployments/liqo/files/liqo-network-manager-ClusterRole.yaml

@@ -84,3 +84,12 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - networking.liqo.io
+  resources:
+  - configuration
+  verbs:
+  - get
+  - list
+  - update
+  - watch

pkg/liqo-controller-manager/network-controller/network_controller.go

@@ -28,6 +28,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 
 	ipamv1alpha1 "github.com/liqotech/liqo/apis/ipam/v1alpha1"
+	networkingv1alpha1 "github.com/liqotech/liqo/apis/networking/v1alpha1"
 	"github.com/liqotech/liqo/pkg/consts"
 	"github.com/liqotech/liqo/pkg/liqonet/ipam"
 	foreignclusterutils "github.com/liqotech/liqo/pkg/utils/foreignCluster"
@@ -52,7 +53,7 @@ type NetworkReconciler struct {
 // Reconcile Network objects.
 func (r *NetworkReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 	var nw ipamv1alpha1.Network
-	var desiredCIDR, remappedCIDR string
+	var desiredCIDR, remappedCIDR networkingv1alpha1.CIDR
 
 	// Fetch the Network instance
 	if err := r.Get(ctx, req.NamespacedName, &nw); err != nil {
@@ -116,7 +117,7 @@ func (r *NetworkReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
 		// The resource is being deleted and the finalizer is still present. Call the IPAM to unmap the network CIDR.
 		remappedCIDR = nw.Status.CIDR
 
-		if _, _, err := net.ParseCIDR(remappedCIDR); err != nil {
+		if _, _, err := net.ParseCIDR(remappedCIDR.String()); err != nil {
 			klog.Errorf("Unable to unmap CIDR %s of Network %q (inavlid format): %v", remappedCIDR, req.NamespacedName, err)
 			return ctrl.Result{}, err
 		}
@@ -148,32 +149,32 @@ func (r *NetworkReconciler) SetupWithManager(mgr ctrl.Manager, workers int) erro
 }
 
 // getRemappedCIDR returns the remapped CIDR for the given CIDR and remote clusterID.
-func getRemappedCIDR(ctx context.Context, ipamClient ipam.IpamClient, desiredCIDR string) (string, error) {
+func getRemappedCIDR(ctx context.Context, ipamClient ipam.IpamClient, desiredCIDR networkingv1alpha1.CIDR) (networkingv1alpha1.CIDR, error) {
 	switch ipamClient.(type) {
 	case nil:
 		// IPAM is not enabled, use original CIDR from spec
 		return desiredCIDR, nil
 	default:
 		// interact with the IPAM to retrieve the correct mapping.
-		response, err := ipamClient.MapNetworkCIDR(ctx, &ipam.MapCIDRRequest{Cidr: desiredCIDR})
+		response, err := ipamClient.MapNetworkCIDR(ctx, &ipam.MapCIDRRequest{Cidr: desiredCIDR.String()})
 		if err != nil {
 			klog.Errorf("IPAM: error while mapping network CIDR %s: %v", desiredCIDR, err)
 			return "", err
 		}
 		klog.Infof("IPAM: mapped network CIDR %s to %s", desiredCIDR, response.Cidr)
-		return response.Cidr, nil
+		return networkingv1alpha1.CIDR(response.Cidr), nil
 	}
 }
 
 // deleteRemappedCIDR unmaps the CIDR for the given remote clusterID.
-func deleteRemappedCIDR(ctx context.Context, ipamClient ipam.IpamClient, remappedCIDR string) error {
+func deleteRemappedCIDR(ctx context.Context, ipamClient ipam.IpamClient, remappedCIDR networkingv1alpha1.CIDR) error {
 	switch ipamClient.(type) {
 	case nil:
 		// If the IPAM is not enabled we do not need to free the network CIDR.
 		return nil
 	default:
 		// Interact with the IPAM to free the network CIDR.
-		_, err := ipamClient.UnmapNetworkCIDR(ctx, &ipam.UnmapCIDRRequest{Cidr: remappedCIDR})
+		_, err := ipamClient.UnmapNetworkCIDR(ctx, &ipam.UnmapCIDRRequest{Cidr: remappedCIDR.String()})
 		if err != nil {
 			klog.Errorf("IPAM: error while unmapping CIDR %s: %v", remappedCIDR, err)
 			return err

pkg/liqo-controller-manager/webhooks/network/nw.go

@@ -89,7 +89,7 @@ func (w *nwwhv) HandleCreate(req *admission.Request) admission.Response {
 	}
 
 	// Check if the CIDR is a valid network
-	if _, _, err := net.ParseCIDR(nw.Spec.CIDR); err != nil {
+	if _, _, err := net.ParseCIDR(nw.Spec.CIDR.String()); err != nil {
 		return admission.Denied(fmt.Sprintf("Invalid CIDR: %v", err))
 	}