Add support for IP address exclusions to IPPool CRD

Signed-off-by: Yury Kulazhenkov <ykulazhenkov@nvidia.com>

README.md

@@ -342,6 +342,9 @@ spec:
   subnet: 192.168.0.0/16
   perNodeBlockSize: 100
   gateway: 192.168.0.1
+  exclusions: # optional
+  - startIP: 192.168.0.10
+    endIP: 192.168.0.20
   nodeSelector:
     nodeSelectorTerms:
     - matchExpressions:
@@ -374,6 +377,11 @@ spec:
   * `subnet`: IP Subnet of the pool.
   * `gateway` (optional): Gateway IP of the subnet.
   * `perNodeBlockSize`: the number of IPs of IP Blocks allocated to Nodes.
+  * `exclusions` (optional, list): contains reserved IP addresses that should not be allocated by nv-ipam node component.
+
+    * `startIP`: start IP of the exclude range (inclusive).
+    * `endIP`: end IP of the exclude range (inclusive).
+
   * `nodeSelector` (optional): A list of node selector terms. The terms are ORed. Each term can have a list of matchExpressions that are ANDed. Only the nodes that match the provided labels will get assigned IP Blocks for the defined pool.
 
 > __Notes:__

api/v1alpha1/ippool_test.go

@@ -30,7 +30,10 @@ var _ = Describe("Validate", func() {
 			Spec: v1alpha1.IPPoolSpec{
 				Subnet:           "192.168.0.0/16",
 				PerNodeBlockSize: 128,
-				Gateway:          "192.168.0.1",
+				Exclusions: []v1alpha1.ExcludeRange{
+					{StartIP: "192.168.0.100", EndIP: "192.168.0.110"},
+				},
+				Gateway: "192.168.0.1",
 				NodeSelector: &corev1.NodeSelector{
 					NodeSelectorTerms: []corev1.NodeSelectorTerm{{
 						MatchExpressions: []corev1.NodeSelectorRequirement{{
@@ -49,7 +52,10 @@ var _ = Describe("Validate", func() {
 			Spec: v1alpha1.IPPoolSpec{
 				Subnet:           "2001:db8:3333:4444::0/64",
 				PerNodeBlockSize: 1000,
-				Gateway:          "2001:db8:3333:4444::1",
+				Exclusions: []v1alpha1.ExcludeRange{
+					{StartIP: "2001:db8:3333:4444::3", EndIP: "2001:db8:3333:4444::4"},
+				},
+				Gateway: "2001:db8:3333:4444::1",
 			},
 		}
 		Expect(ipPool.Validate()).To(BeEmpty())
@@ -98,6 +104,22 @@ var _ = Describe("Validate", func() {
 				ContainSubstring("spec.perNodeBlockSize"),
 			)
 	})
+	It("Invalid - exclusions not part of the subnet", func() {
+		ipPool := v1alpha1.IPPool{
+			ObjectMeta: metav1.ObjectMeta{Name: "test"},
+			Spec: v1alpha1.IPPoolSpec{
+				Subnet: "192.168.0.0/24",
+				Exclusions: []v1alpha1.ExcludeRange{
+					{StartIP: "10.10.10.10", EndIP: "10.10.10.20"},
+				},
+				PerNodeBlockSize: 10,
+			},
+		}
+		Expect(ipPool.Validate().ToAggregate().Error()).
+			To(
+				ContainSubstring("spec.exclusions"),
+			)
+	})
 	It("Invalid - gateway outside of the subnet", func() {
 		ipPool := v1alpha1.IPPool{
 			ObjectMeta: metav1.ObjectMeta{Name: "test"},

api/v1alpha1/ippool_type.go

@@ -39,6 +39,8 @@ type IPPoolSpec struct {
 	// amount of IPs to allocate for each node,
 	// must be less than amount of available IPs in the subnet
 	PerNodeBlockSize int `json:"perNodeBlockSize"`
+	// contains reserved IP addresses that should not be allocated by nv-ipam
+	Exclusions []ExcludeRange `json:"exclusions,omitempty"`
 	// gateway for the pool
 	Gateway string `json:"gateway,omitempty"`
 	// selector for nodes, if empty match all nodes

api/v1alpha1/ippool_validate.go

@@ -49,6 +49,9 @@ func (r *IPPool) Validate() field.ErrorList {
 				"is larger then amount of IPs available in the subnet"))
 		}
 	}
+	if network != nil {
+		errList = append(errList, validateExclusions(network, r.Spec.Exclusions, field.NewPath("spec"))...)
+	}
 	var parsedGW net.IP
 	if r.Spec.Gateway != "" {
 		parsedGW = net.ParseIP(r.Spec.Gateway)

deploy/crds/nv-ipam.nvidia.com_ippools.yaml

@@ -44,6 +44,22 @@ spec:
           spec:
             description: IPPoolSpec contains configuration for IP pool
             properties:
+              exclusions:
+                description: contains reserved IP addresses that should not be allocated
+                  by nv-ipam
+                items:
+                  description: ExcludeRange contains range of IP addresses to exclude
+                    from allocation startIP and endIP are part of the ExcludeRange
+                  properties:
+                    endIP:
+                      type: string
+                    startIP:
+                      type: string
+                  required:
+                  - endIP
+                  - startIP
+                  type: object
+                type: array
               gateway:
                 description: gateway for the pool
                 type: string

examples/ippool-1.yaml

@@ -6,6 +6,9 @@ metadata:
 spec:
   subnet: 192.168.0.0/16
   perNodeBlockSize: 128
+  exclusions: # optional
+  - startIP: 192.168.0.10
+    endIP: 192.168.0.20
   gateway: 192.168.0.1
   nodeSelector:
     nodeSelectorTerms:

pkg/ipam-node/controllers/ippool/ippool.go

@@ -52,15 +52,19 @@ func (r *IPPoolReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctr
 	}
 	reqLog.Info("Notification on IPPool", "name", ipPool.Name)
 	found := false
-
 	for _, alloc := range ipPool.Status.Allocations {
 		if alloc.NodeName == r.NodeName {
+			exclusions := make([]pool.ExclusionRange, 0, len(ipPool.Spec.Exclusions))
+			for _, e := range ipPool.Spec.Exclusions {
+				exclusions = append(exclusions, pool.ExclusionRange{StartIP: e.StartIP, EndIP: e.EndIP})
+			}
 			ipPool := &pool.Pool{
-				Name:    ipPool.Name,
-				Subnet:  ipPool.Spec.Subnet,
-				Gateway: ipPool.Spec.Gateway,
-				StartIP: alloc.StartIP,
-				EndIP:   alloc.EndIP,
+				Name:       ipPool.Name,
+				Subnet:     ipPool.Spec.Subnet,
+				Gateway:    ipPool.Spec.Gateway,
+				StartIP:    alloc.StartIP,
+				EndIP:      alloc.EndIP,
+				Exclusions: exclusions,
 			}
 			r.PoolManager.UpdatePool(poolKey, ipPool)
 			found = true