Merge pull request #20258 from danwinship/auto-egress-ip-master

Auto-assign egress IPs from EgressCIDRs

api/docs/apis-network.openshift.io/v1.HostSubnet.adoc

@@ -19,7 +19,9 @@ Expand or mouse-over a field for more information about it.
 ++++
 <pre>
 <div style="margin-left:13px;"><span title="(string) APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources">apiVersion</span>:
-</div><details><summary><span title="(array) EgressIPs is the list of automatic egress IP addresses currently hosted by this node">egressIPs</span>:
+</div><details><summary><span title="(array) EgressCIDRs is the list of CIDR ranges available for automatically assigning egress IPs to this node from. If this field is set then EgressIPs should be treated as read-only.">egressCIDRs</span>:
+</summary><div style="margin-left:13px;">- <span title="(string)">[string]</span>:
+</div></details><details><summary><span title="(array) EgressIPs is the list of automatic egress IP addresses currently hosted by this node. If EgressCIDRs is empty, this can be set by hand; if EgressCIDRs is set then the master will overwrite the value here with its own allocation of egress IPs.">egressIPs</span>:
 </summary><div style="margin-left:13px;">- <span title="(string)">[string]</span>:
 </div></details><div style="margin-left:13px;"><span title="(string) Host is the name of the node. (This is the same as the object&#39;s name, but both fields must be set.)">host</span>:
 </div><div style="margin-left:13px;"><span title="(string) HostIP is the IP address to be used as a VTEP by other nodes in the overlay network">hostIP</span>:

api/docs/oapi/v1.HostSubnet.adoc

@@ -19,7 +19,9 @@ Expand or mouse-over a field for more information about it.
 ++++
 <pre>
 <div style="margin-left:13px;"><span title="(string) APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources">apiVersion</span>:
-</div><details><summary><span title="(array) EgressIPs is the list of automatic egress IP addresses currently hosted by this node">egressIPs</span>:
+</div><details><summary><span title="(array) EgressCIDRs is the list of CIDR ranges available for automatically assigning egress IPs to this node from. If this field is set then EgressIPs should be treated as read-only.">egressCIDRs</span>:
+</summary><div style="margin-left:13px;">- <span title="(string)">[string]</span>:
+</div></details><details><summary><span title="(array) EgressIPs is the list of automatic egress IP addresses currently hosted by this node. If EgressCIDRs is empty, this can be set by hand; if EgressCIDRs is set then the master will overwrite the value here with its own allocation of egress IPs.">egressIPs</span>:
 </summary><div style="margin-left:13px;">- <span title="(string)">[string]</span>:
 </div></details><div style="margin-left:13px;"><span title="(string) Host is the name of the node. (This is the same as the object&#39;s name, but both fields must be set.)">host</span>:
 </div><div style="margin-left:13px;"><span title="(string) HostIP is the IP address to be used as a VTEP by other nodes in the overlay network">hostIP</span>:

pkg/network/apis/network/types.go

@@ -51,7 +51,8 @@ type HostSubnet struct {
 	HostIP string
 	Subnet string
 
-	EgressIPs []string
+	EgressIPs   []string
+	EgressCIDRs []string
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

pkg/network/apis/network/validation/validation.go

@@ -174,6 +174,12 @@ func ValidateHostSubnet(hs *networkapi.HostSubnet) field.ErrorList {
 		}
 	}
 
+	for i, egressCIDR := range hs.EgressCIDRs {
+		if _, err := validateCIDRv4(egressCIDR); err != nil {
+			allErrs = append(allErrs, field.Invalid(field.NewPath("egressCIDRs").Index(i), egressCIDR, err.Error()))
+		}
+	}
+
 	return allErrs
 }
 

pkg/network/apis/network/validation/validation_test.go

@@ -405,6 +405,39 @@ func TestValidateHostSubnet(t *testing.T) {
 			},
 			expectedErrors: 2,
 		},
+		{
+			name: "Good one with EgressCIDRs",
+			hs: &networkapi.HostSubnet{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "abc.def.com",
+				},
+				Host:   "abc.def.com",
+				HostIP: "10.20.30.40",
+				Subnet: "8.8.8.0/24",
+				EgressCIDRs: []string{
+					"192.168.1.99/32",
+					"192.168.2.0/24",
+				},
+			},
+			expectedErrors: 0,
+		},
+		{
+			name: "Malformed EgressCIDRs",
+			hs: &networkapi.HostSubnet{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "abc.def.com",
+				},
+				Host:   "abc.def.com",
+				HostIP: "10.20.30.40",
+				Subnet: "8.8.8.0/24",
+				EgressCIDRs: []string{
+					"192.168.1.99",
+					"bob/32",
+					"1234::5678/64",
+				},
+			},
+			expectedErrors: 3,
+		},
 		{
 			name: "IPv6 subnet",
 			hs: &networkapi.HostSubnet{