Skip to content

Commit 98c8bfa

Browse files
Tomy2eTomy2e
committed
Add private LB and DNS
1 parent f177144 commit 98c8bfa

File tree

13 files changed

+734
-152
lines changed

13 files changed

+734
-152
lines changed

api/v1alpha1/scalewaycluster_types.go

Lines changed: 46 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,18 @@ import (
88
const ClusterFinalizer = "scalewaycluster.infrastructure.cluster.x-k8s.io/sc-protection"
99

1010
// ScalewayClusterSpec defines the desired state of ScalewayCluster.
11+
//
1112
// +kubebuilder:validation:XValidation:rule="!has(oldSelf.controlPlaneEndpoint) || has(self.controlPlaneEndpoint)", message="controlPlaneEndpoint is required once set"
13+
//
14+
// +kubebuilder:validation:XValidation:rule="(has(self.network) && has(self.network.controlPlaneDNS)) == (has(oldSelf.network) && has(oldSelf.network.controlPlaneDNS))",message="controlPlaneDNS cannot be added or removed"
15+
// +kubebuilder:validation:XValidation:rule="(has(self.network) && has(self.network.controlPlanePrivateDNS)) == (has(oldSelf.network) && has(oldSelf.network.controlPlanePrivateDNS))",message="controlPlanePrivateDNS cannot be added or removed"
16+
// +kubebuilder:validation:XValidation:rule="(has(self.network) && has(self.network.privateNetwork)) == (has(oldSelf.network) && has(oldSelf.network.privateNetwork))",message="privateNetwork cannot be added or removed"
17+
//
18+
// +kubebuilder:validation:XValidation:rule="(has(self.network) && has(self.network.controlPlaneLoadBalancer) && has(self.network.controlPlaneLoadBalancer.port)) == (has(oldSelf.network) && has(oldSelf.network.controlPlaneLoadBalancer) && has(oldSelf.network.controlPlaneLoadBalancer.port))",message="port cannot be added or removed"
19+
// +kubebuilder:validation:XValidation:rule="(has(self.network) && has(self.network.controlPlaneLoadBalancer) && has(self.network.controlPlaneLoadBalancer.private)) == (has(oldSelf.network) && has(oldSelf.network.controlPlaneLoadBalancer) && has(oldSelf.network.controlPlaneLoadBalancer.private))",message="private cannot be added or removed"
20+
// +kubebuilder:validation:XValidation:rule="(has(self.network) && has(self.network.controlPlaneLoadBalancer) && has(self.network.controlPlaneLoadBalancer.ip)) == (has(oldSelf.network) && has(oldSelf.network.controlPlaneLoadBalancer) && has(oldSelf.network.controlPlaneLoadBalancer.ip))",message="ip cannot be added or removed"
21+
// +kubebuilder:validation:XValidation:rule="(has(self.network) && has(self.network.controlPlaneLoadBalancer) && has(self.network.controlPlaneLoadBalancer.zone)) == (has(oldSelf.network) && has(oldSelf.network.controlPlaneLoadBalancer) && has(oldSelf.network.controlPlaneLoadBalancer.zone))",message="zone cannot be added or removed"
22+
// +kubebuilder:validation:XValidation:rule="(has(self.network) && has(self.network.controlPlaneLoadBalancer) && has(self.network.controlPlaneLoadBalancer.privateIP)) == (has(oldSelf.network) && has(oldSelf.network.controlPlaneLoadBalancer) && has(oldSelf.network.controlPlaneLoadBalancer.privateIP))",message="privateIP cannot be added or removed"
1223
type ScalewayClusterSpec struct {
1324
// ProjectID is the Scaleway project ID where the cluster will be created.
1425
// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
@@ -42,10 +53,12 @@ type ScalewayClusterSpec struct {
4253
}
4354

4455
// NetworkSpec defines network specific settings.
45-
// +kubebuilder:validation:XValidation:rule="!has(self.controlPlaneExtraLoadBalancers) || has(self.controlPlaneDNS)",message="controlPlaneDNS is required when controlPlaneExtraLoadBalancers is set"
46-
// +kubebuilder:validation:XValidation:rule="has(self.controlPlaneDNS) == has(oldSelf.controlPlaneDNS)",message="controlPlaneDNS cannot be added or removed"
47-
// +kubebuilder:validation:XValidation:rule="has(self.privateNetwork) == has(oldSelf.privateNetwork)",message="privateNetwork cannot be added or removed"
56+
//
57+
// +kubebuilder:validation:XValidation:rule="!has(self.controlPlaneExtraLoadBalancers) || has(self.controlPlaneDNS) || has(self.controlPlanePrivateDNS)",message="controlPlaneDNS or controlPlanePrivateDNS is required when controlPlaneExtraLoadBalancers is set"
4858
// +kubebuilder:validation:XValidation:rule="!has(self.publicGateways) || has(self.privateNetwork) && self.privateNetwork.enabled",message="privateNetwork is required when publicGateways is set"
59+
// +kubebuilder:validation:XValidation:rule="!has(self.controlPlaneLoadBalancer) || !has(self.controlPlaneLoadBalancer.private) || !self.controlPlaneLoadBalancer.private || has(self.privateNetwork) && self.privateNetwork.enabled",message="privateNetwork is required when private LoadBalancer is enabled"
60+
// +kubebuilder:validation:XValidation:rule="!has(self.controlPlanePrivateDNS) || has(self.controlPlaneLoadBalancer.private) && self.controlPlaneLoadBalancer.private",message="private LoadBalancer must be enabled to set controlPlanePrivateDNS"
61+
// +kubebuilder:validation:XValidation:rule="(has(self.controlPlaneDNS) ? 1 : 0) + (has(self.controlPlanePrivateDNS) ? 1 : 0) < 2",message="controlPlaneDNS and controlPlanePrivateDNS cannot be set at the same time"
4962
type NetworkSpec struct {
5063
// ControlPlaneLoadBalancer contains loadbalancer settings.
5164
// +optional
@@ -65,6 +78,14 @@ type NetworkSpec struct {
6578
// +optional
6679
ControlPlaneDNS *ControlPlaneDNSSpec `json:"controlPlaneDNS,omitempty"`
6780

81+
// ControlPlanePrivateDNS allows configuring the DNS Zone of the VPC with
82+
// records that point to the control plane LoadBalancers. This field is only
83+
// available when the control plane LoadBalancers are private. Only one of
84+
// ControlPlaneDNS or ControlPlanePrivateDNS can be set.
85+
// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
86+
// +optional
87+
ControlPlanePrivateDNS *ControlPlanePrivateDNSSpec `json:"controlPlanePrivateDNS,omitempty"`
88+
6889
// PrivateNetwork allows attaching machines of the cluster to a Private Network.
6990
// +optional
7091
PrivateNetwork *PrivateNetworkSpec `json:"privateNetwork,omitempty"`
@@ -92,15 +113,18 @@ type LoadBalancerSpec struct {
92113
// +kubebuilder:validation:Format=ipv4
93114
// +optional
94115
IP *string `json:"ip,omitempty"`
116+
117+
// Private IP to use when attaching a loadbalancer to a Private Network.
118+
// +kubebuilder:validation:Format=ipv4
119+
// +optional
120+
PrivateIP *string `json:"privateIP,omitempty"`
95121
}
96122

97123
// ControlPlaneLoadBalancerSpec defines control-plane loadbalancer settings for the cluster.
98-
// +kubebuilder:validation:XValidation:rule="has(self.port) == has(oldSelf.port)",message="port cannot be added or removed"
99124
type ControlPlaneLoadBalancerSpec struct {
100-
// +kubebuilder:validation:XValidation:rule="has(self.ip) == has(oldSelf.ip)",message="ip cannot be added or removed"
101125
// +kubebuilder:validation:XValidation:rule="!has(oldSelf.ip) || self.ip == oldSelf.ip",message="ip is immutable"
102-
// +kubebuilder:validation:XValidation:rule="has(self.zone) == has(oldSelf.zone)",message="zone cannot be added or removed"
103126
// +kubebuilder:validation:XValidation:rule="!has(oldSelf.zone) || self.zone == oldSelf.zone",message="zone is immutable"
127+
// +kubebuilder:validation:XValidation:rule="!has(oldSelf.privateIP) || self.privateIP == oldSelf.privateIP",message="privateIP is immutable"
104128
LoadBalancerSpec `json:",inline"`
105129

106130
// Port configured on the Load Balancer. It must be valid port range (1-65535).
@@ -118,6 +142,11 @@ type ControlPlaneLoadBalancerSpec struct {
118142
// +listType=set
119143
// +optional
120144
AllowedRanges []CIDR `json:"allowedRanges,omitempty"`
145+
146+
// Private disables the creation of a public IP on the LoadBalancers when it's set to true.
147+
// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
148+
// +optional
149+
Private *bool `json:"private,omitempty"`
121150
}
122151

123152
// CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8").
@@ -137,6 +166,13 @@ type ControlPlaneDNSSpec struct {
137166
Name string `json:"name"`
138167
}
139168

169+
type ControlPlanePrivateDNSSpec struct {
170+
// Name is the DNS short name of the record (non-FQDN). The format must consist of
171+
// alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.
172+
// +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9.]*[a-z0-9])?$
173+
Name string `json:"name"`
174+
}
175+
140176
// PrivateNetworkSpec defines Private Network settings for the cluster.
141177
// +kubebuilder:validation:XValidation:rule="has(self.vpcID) == has(oldSelf.vpcID)",message="vpcID cannot be added or removed"
142178
// +kubebuilder:validation:XValidation:rule="has(self.id) == has(oldSelf.id)",message="id cannot be added or removed"
@@ -203,6 +239,10 @@ type ScalewayClusterStatus struct {
203239

204240
// NetworkStatus contains information about network resources of the cluster.
205241
type NetworkStatus struct {
242+
// VPCID is set if the cluster has an associated Private Network.
243+
// +optional
244+
VPCID *string `json:"vpcID,omitempty"`
245+
206246
// PrivateNetworkID is set if the cluster has an associated Private Network.
207247
// +optional
208248
PrivateNetworkID *string `json:"privateNetworkID,omitempty"`

api/v1alpha1/zz_generated.deepcopy.go

Lines changed: 35 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

config/crd/bases/infrastructure.cluster.x-k8s.io_scalewayclusters.yaml

Lines changed: 87 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -127,6 +127,11 @@ spec:
127127
description: IP to use when creating a loadbalancer.
128128
format: ipv4
129129
type: string
130+
privateIP:
131+
description: Private IP to use when attaching a loadbalancer
132+
to a Private Network.
133+
format: ipv4
134+
type: string
130135
type:
131136
default: LB-S
132137
description: Load Balancer commercial offer type.
@@ -175,6 +180,18 @@ spec:
175180
x-kubernetes-validations:
176181
- message: Value is immutable
177182
rule: self == oldSelf
183+
private:
184+
description: Private disables the creation of a public IP
185+
on the LoadBalancers when it's set to true.
186+
type: boolean
187+
x-kubernetes-validations:
188+
- message: Value is immutable
189+
rule: self == oldSelf
190+
privateIP:
191+
description: Private IP to use when attaching a loadbalancer
192+
to a Private Network.
193+
format: ipv4
194+
type: string
178195
type:
179196
default: LB-S
180197
description: Load Balancer commercial offer type.
@@ -186,16 +203,31 @@ spec:
186203
type: string
187204
type: object
188205
x-kubernetes-validations:
189-
- message: port cannot be added or removed
190-
rule: has(self.port) == has(oldSelf.port)
191-
- message: ip cannot be added or removed
192-
rule: has(self.ip) == has(oldSelf.ip)
193206
- message: ip is immutable
194207
rule: '!has(oldSelf.ip) || self.ip == oldSelf.ip'
195-
- message: zone cannot be added or removed
196-
rule: has(self.zone) == has(oldSelf.zone)
197208
- message: zone is immutable
198209
rule: '!has(oldSelf.zone) || self.zone == oldSelf.zone'
210+
- message: privateIP is immutable
211+
rule: '!has(oldSelf.privateIP) || self.privateIP == oldSelf.privateIP'
212+
controlPlanePrivateDNS:
213+
description: |-
214+
ControlPlanePrivateDNS allows configuring the DNS Zone of the VPC with
215+
records that point to the control plane LoadBalancers. This field is only
216+
available when the control plane LoadBalancers are private. Only one of
217+
ControlPlaneDNS or ControlPlanePrivateDNS can be set.
218+
properties:
219+
name:
220+
description: |-
221+
Name is the DNS short name of the record (non-FQDN). The format must consist of
222+
alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.
223+
pattern: ^[a-z0-9]([-a-z0-9.]*[a-z0-9])?$
224+
type: string
225+
required:
226+
- name
227+
type: object
228+
x-kubernetes-validations:
229+
- message: Value is immutable
230+
rule: self == oldSelf
199231
privateNetwork:
200232
description: PrivateNetwork allows attaching machines of the cluster
201233
to a Private Network.
@@ -270,16 +302,25 @@ spec:
270302
type: array
271303
type: object
272304
x-kubernetes-validations:
273-
- message: controlPlaneDNS is required when controlPlaneExtraLoadBalancers
274-
is set
275-
rule: '!has(self.controlPlaneExtraLoadBalancers) || has(self.controlPlaneDNS)'
276-
- message: controlPlaneDNS cannot be added or removed
277-
rule: has(self.controlPlaneDNS) == has(oldSelf.controlPlaneDNS)
278-
- message: privateNetwork cannot be added or removed
279-
rule: has(self.privateNetwork) == has(oldSelf.privateNetwork)
305+
- message: controlPlaneDNS or controlPlanePrivateDNS is required when
306+
controlPlaneExtraLoadBalancers is set
307+
rule: '!has(self.controlPlaneExtraLoadBalancers) || has(self.controlPlaneDNS)
308+
|| has(self.controlPlanePrivateDNS)'
280309
- message: privateNetwork is required when publicGateways is set
281310
rule: '!has(self.publicGateways) || has(self.privateNetwork) &&
282311
self.privateNetwork.enabled'
312+
- message: privateNetwork is required when private LoadBalancer is
313+
enabled
314+
rule: '!has(self.controlPlaneLoadBalancer) || !has(self.controlPlaneLoadBalancer.private)
315+
|| !self.controlPlaneLoadBalancer.private || has(self.privateNetwork)
316+
&& self.privateNetwork.enabled'
317+
- message: private LoadBalancer must be enabled to set controlPlanePrivateDNS
318+
rule: '!has(self.controlPlanePrivateDNS) || has(self.controlPlaneLoadBalancer.private)
319+
&& self.controlPlaneLoadBalancer.private'
320+
- message: controlPlaneDNS and controlPlanePrivateDNS cannot be set
321+
at the same time
322+
rule: '(has(self.controlPlaneDNS) ? 1 : 0) + (has(self.controlPlanePrivateDNS)
323+
? 1 : 0) < 2'
283324
projectID:
284325
description: ProjectID is the Scaleway project ID where the cluster
285326
will be created.
@@ -310,6 +351,35 @@ spec:
310351
x-kubernetes-validations:
311352
- message: controlPlaneEndpoint is required once set
312353
rule: '!has(oldSelf.controlPlaneEndpoint) || has(self.controlPlaneEndpoint)'
354+
- message: controlPlaneDNS cannot be added or removed
355+
rule: (has(self.network) && has(self.network.controlPlaneDNS)) == (has(oldSelf.network)
356+
&& has(oldSelf.network.controlPlaneDNS))
357+
- message: controlPlanePrivateDNS cannot be added or removed
358+
rule: (has(self.network) && has(self.network.controlPlanePrivateDNS))
359+
== (has(oldSelf.network) && has(oldSelf.network.controlPlanePrivateDNS))
360+
- message: privateNetwork cannot be added or removed
361+
rule: (has(self.network) && has(self.network.privateNetwork)) == (has(oldSelf.network)
362+
&& has(oldSelf.network.privateNetwork))
363+
- message: port cannot be added or removed
364+
rule: (has(self.network) && has(self.network.controlPlaneLoadBalancer)
365+
&& has(self.network.controlPlaneLoadBalancer.port)) == (has(oldSelf.network)
366+
&& has(oldSelf.network.controlPlaneLoadBalancer) && has(oldSelf.network.controlPlaneLoadBalancer.port))
367+
- message: private cannot be added or removed
368+
rule: (has(self.network) && has(self.network.controlPlaneLoadBalancer)
369+
&& has(self.network.controlPlaneLoadBalancer.private)) == (has(oldSelf.network)
370+
&& has(oldSelf.network.controlPlaneLoadBalancer) && has(oldSelf.network.controlPlaneLoadBalancer.private))
371+
- message: ip cannot be added or removed
372+
rule: (has(self.network) && has(self.network.controlPlaneLoadBalancer)
373+
&& has(self.network.controlPlaneLoadBalancer.ip)) == (has(oldSelf.network)
374+
&& has(oldSelf.network.controlPlaneLoadBalancer) && has(oldSelf.network.controlPlaneLoadBalancer.ip))
375+
- message: zone cannot be added or removed
376+
rule: (has(self.network) && has(self.network.controlPlaneLoadBalancer)
377+
&& has(self.network.controlPlaneLoadBalancer.zone)) == (has(oldSelf.network)
378+
&& has(oldSelf.network.controlPlaneLoadBalancer) && has(oldSelf.network.controlPlaneLoadBalancer.zone))
379+
- message: privateIP cannot be added or removed
380+
rule: (has(self.network) && has(self.network.controlPlaneLoadBalancer)
381+
&& has(self.network.controlPlaneLoadBalancer.privateIP)) == (has(oldSelf.network)
382+
&& has(oldSelf.network.controlPlaneLoadBalancer) && has(oldSelf.network.controlPlaneLoadBalancer.privateIP))
313383
status:
314384
description: ScalewayClusterStatus defines the observed state of ScalewayCluster.
315385
properties:
@@ -355,6 +425,10 @@ spec:
355425
items:
356426
type: string
357427
type: array
428+
vpcID:
429+
description: VPCID is set if the cluster has an associated Private
430+
Network.
431+
type: string
358432
type: object
359433
ready:
360434
description: |-

0 commit comments

Comments
 (0)