IPPool controller added

PROJECT

@@ -35,4 +35,11 @@ resources:
   kind: NSXServiceAccount
   path: github.com/vmware-tanzu/nsx-operator/pkg/api/v1alpha1
   version: v1alpha1
+- api:
+    crdVersion: v1
+    namespaced: true
+  domain: nsx.vmware.com
+  kind: IPPool
+  path: github.com/vmware-tanzu/nsx-operator/pkg/api/v1alpha2
+  version: v1alpha2
 version: "3"

build/yaml/crd/nsx.vmware.com_ippools.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.7.0
+    controller-gen.kubebuilder.io/version: v0.11.0
   creationTimestamp: null
   name: ippools.nsx.vmware.com
 spec:
@@ -15,34 +15,10 @@ spec:
     singular: ippool
   scope: Namespaced
   versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            properties:
-              subnets:
-                items:
-                  properties:
-                    ipFamily:
-                      pattern: ^ipv(4|6)$
-                      type: string
-                    name:
-                      type: string
-                    prefixLength:
-                      minimum: 1
-                      type: integer
-                  type: object
-                type: array
-            type: object
-        type: object
-        x-kubernetes-preserve-unknown-fields: true
-    served: true
-    storage: false
   - name: v1alpha2
     schema:
       openAPIV3Schema:
-        description: IPPool is the Schema for the ippools API
+        description: IPPool is the Schema for the ippools API.
         properties:
           apiVersion:
             description: 'APIVersion defines the versioned schema of this representation
@@ -152,9 +128,3 @@ spec:
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: ["v1alpha2"]

build/yaml/crd/nsx.vmware.com_subnets.yaml

@@ -33,8 +33,7 @@ spec:
           metadata:
             type: object
           spec:
-            description: SubnetSpec defines the desired state of Subnet. TODO Add
-              validate webhook or CEL(k8s 1.25+) for immutable fields(IPv4SubnetSize/AccessMode/IPAddresses/DHCPConfig).
+            description: SubnetSpec defines the desired state of Subnet.
             properties:
               DHCPConfig:
                 description: DHCPConfig DHCP configuration.

build/yaml/crd/nsx.vmware.com_subnetsets.yaml

@@ -33,8 +33,7 @@ spec:
           metadata:
             type: object
           spec:
-            description: SubnetSetSpec defines the desired state of SubnetSet. TODO
-              Add validate webhook or CEL(k8s 1.25+) for immutable fields(IPv4SubnetSize/AccessMode/DHCPConfig).
+            description: SubnetSetSpec defines the desired state of SubnetSet.
             properties:
               DHCPConfig:
                 description: DHCPConfig DHCP configuration.

cmd/main.go

@@ -15,20 +15,21 @@ import (
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 
 	"github.com/vmware-tanzu/nsx-operator/pkg/apis/v1alpha1"
+	"github.com/vmware-tanzu/nsx-operator/pkg/apis/v1alpha2"
 	"github.com/vmware-tanzu/nsx-operator/pkg/config"
 	commonctl "github.com/vmware-tanzu/nsx-operator/pkg/controllers/common"
-	namespacecontroller "github.com/vmware-tanzu/nsx-operator/pkg/controllers/namespace"
+	ippool2 "github.com/vmware-tanzu/nsx-operator/pkg/controllers/ippool"
 	nsxserviceaccountcontroller "github.com/vmware-tanzu/nsx-operator/pkg/controllers/nsxserviceaccount"
 	securitypolicycontroller "github.com/vmware-tanzu/nsx-operator/pkg/controllers/securitypolicy"
 	staticroutecontroller "github.com/vmware-tanzu/nsx-operator/pkg/controllers/staticroute"
 	"github.com/vmware-tanzu/nsx-operator/pkg/controllers/subnet"
 	"github.com/vmware-tanzu/nsx-operator/pkg/controllers/subnetport"
 	"github.com/vmware-tanzu/nsx-operator/pkg/controllers/subnetset"
-	vpccontroller "github.com/vmware-tanzu/nsx-operator/pkg/controllers/vpc"
 	"github.com/vmware-tanzu/nsx-operator/pkg/logger"
 	"github.com/vmware-tanzu/nsx-operator/pkg/metrics"
 	"github.com/vmware-tanzu/nsx-operator/pkg/nsx"
 	"github.com/vmware-tanzu/nsx-operator/pkg/nsx/services/common"
+	"github.com/vmware-tanzu/nsx-operator/pkg/nsx/services/ippool"
 	"github.com/vmware-tanzu/nsx-operator/pkg/nsx/services/nsxserviceaccount"
 	"github.com/vmware-tanzu/nsx-operator/pkg/nsx/services/securitypolicy"
 	"github.com/vmware-tanzu/nsx-operator/pkg/nsx/services/vpc"
@@ -45,6 +46,7 @@ func init() {
 	var err error
 	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
 	utilruntime.Must(v1alpha1.AddToScheme(scheme))
+	utilruntime.Must(v1alpha2.AddToScheme(scheme))
 	config.AddFlags()
 
 	logf.SetLogger(logger.ZapLogger())
@@ -105,33 +107,27 @@ func StartNSXServiceAccountController(mgr ctrl.Manager, commonService common.Ser
 	}
 }
 
-func StartVPCController(mgr ctrl.Manager, commonService common.Service) {
-	vpcReconciler := &vpccontroller.VPCReconciler{
+func StartIPPoolController(mgr ctrl.Manager, commonService common.Service) {
+	ippoolReconcile := &ippool2.IPPoolReconciler{
 		Client: mgr.GetClient(),
 		Scheme: mgr.GetScheme(),
 	}
-	if vpcService, err := vpc.InitializeVPC(commonService); err != nil {
-		log.Error(err, "failed to initialize vpc commonService", "controller", "VPC")
+	if ipPoolService, err := ippool.InitializeIPPool(commonService); err != nil {
+		log.Error(err, "failed to initialize ippool commonService", "controller", "IPPool")
 		os.Exit(1)
 	} else {
-		vpcReconciler.Service = vpcService
-		commonctl.ServiceMediator.VPCService = vpcService
-	}
-	if err := vpcReconciler.Start(mgr); err != nil {
-		log.Error(err, "failed to create vpc controller", "controller", "VPC")
-		os.Exit(1)
+		ippoolReconcile.Service = ipPoolService
 	}
-}
 
-func StartNamespaceController(mgr ctrl.Manager, commonService common.Service) {
-	nsReconciler := &namespacecontroller.NamespaceReconciler{
-		Client:    mgr.GetClient(),
-		Scheme:    mgr.GetScheme(),
-		NSXConfig: commonService.NSXConfig,
+	// TODO: remove this after vpc is ready
+	if vpcService, err := vpc.InitializeVPC(commonService); err != nil {
+		log.Error(err, "failed to initialize vpc commonService", "controller", "vpc")
+		os.Exit(1)
+	} else {
+		commonctl.ServiceMediator.VPCService = vpcService
 	}
-
-	if err := nsReconciler.Start(mgr); err != nil {
-		log.Error(err, "failed to create namespace controller", "controller", "Namespace")
+	if err := ippoolReconcile.Start(mgr); err != nil {
+		log.Error(err, "failed to create controller", "controller", "IPPool")
 		os.Exit(1)
 	}
 }
@@ -166,30 +162,23 @@ func main() {
 		NSXConfig: cf,
 	}
 
-	if cf.CoeConfig.EnableVPCNetwork && commonService.NSXClient.NSXCheckVersion(nsx.VPC) {
-		log.V(1).Info("VPC mode enabled")
-		// Start controllers which only supports VPC
-		// Start subnet/subnetset controller.
-		if err := subnet.StartSubnetController(mgr, commonService); err != nil {
-			os.Exit(1)
-		}
-		if err := subnetset.StartSubnetSetController(mgr, commonService); err != nil {
-			os.Exit(1)
-		}
-
-		staticroutecontroller.StartStaticRouteController(mgr, commonService)
-		subnetport.StartSubnetPortController(mgr, commonService)
-
-		StartNamespaceController(mgr, commonService)
-		StartVPCController(mgr, commonService)
-	}
-	// Start the security policy controller, it supports VPC and non VPC mode
+	// Start the security policy controller.
 	StartSecurityPolicyController(mgr, commonService)
-
+	staticroutecontroller.StartStaticRouteController(mgr, commonService)
 	// Start the NSXServiceAccount controller.
 	if cf.EnableAntreaNSXInterworking {
 		StartNSXServiceAccountController(mgr, commonService)
 	}
+	// Start subnet/subnetset controller.
+	if err := subnet.StartSubnetController(mgr, commonService); err != nil {
+		os.Exit(1)
+	}
+	if err := subnetset.StartSubnetSetController(mgr, commonService); err != nil {
+		os.Exit(1)
+	}
+
+	StartIPPoolController(mgr, commonService)
+	subnetport.StartSubnetPortController(mgr, commonService)
 
 	if metrics.AreMetricsExposed(cf) {
 		go updateHealthMetricsPeriodically(nsxClient)

go.mod

@@ -79,7 +79,7 @@ require (
 	github.com/stretchr/objx v0.4.0 // indirect
 	go.uber.org/atomic v1.7.0 // indirect
 	go.uber.org/multierr v1.6.0 // indirect
-	golang.org/x/mod v0.11.0 // indirect
+	golang.org/x/mod v0.6.0 // indirect
 	golang.org/x/net v0.5.0 // indirect
 	golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect
 	golang.org/x/sys v0.4.0 // indirect

go.sum

@@ -371,8 +371,8 @@ golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzB
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU=
-golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.6.0 h1:b9gGHsz9/HhJ3HF5DHQytPpuwocVTChQJK3AvoLRD5I=
+golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=

hack/boilerplate.go.txt

@@ -1,2 +1,2 @@
-/* Copyright © 2022 VMware, Inc. All Rights Reserved.
+/* Copyright © 2023 VMware, Inc. All Rights Reserved.
    SPDX-License-Identifier: Apache-2.0 */

pkg/config/config.go

@@ -6,9 +6,7 @@ package config
 import (
 	"errors"
 	"flag"
-	"fmt"
 	"io/ioutil"
-	"os"
 
 	ini "gopkg.in/ini.v1"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
@@ -229,70 +227,27 @@ func (vcConfig *VCConfig) validate() error {
 	return nil
 }
 
-func removeEmptyItem(source []string) []string {
-	target := make([]string, 0)
-	for _, value := range source {
-		if len(value) == 0 {
-			continue
-		}
-		target = append(target, value)
-	}
-	return target
-}
-
-func (nsxConfig *NsxConfig) validateCert() error {
-	if nsxConfig.Insecure == true {
-		return nil
-	}
-	nsxConfig.Thumbprint = removeEmptyItem(nsxConfig.Thumbprint)
-	nsxConfig.CaFile = removeEmptyItem(nsxConfig.CaFile)
-	mCount := len(nsxConfig.NsxApiManagers)
-	tpCount := len(nsxConfig.Thumbprint)
-	caCount := len(nsxConfig.CaFile)
-	// ca file has high priority than thumbprint
-	// ca file(thumbprint) == 1 or equal to manager count
-	if caCount == 0 && tpCount == 0 {
-		err := errors.New("no ca file or thumbprint provided")
-		log.Error(err, "validate NsxConfig failed")
-		return err
-	}
-	if caCount > 0 {
-		log.V(1).Info("validate CA file", "CA file number", caCount)
-		if caCount > 1 && caCount != mCount {
-			err := errors.New("ca file count not match manager count")
-			log.Error(err, "validate NsxConfig failed", "ca file count", caCount, "manager count", mCount)
-			return err
-		}
-		for _, file := range nsxConfig.CaFile {
-			if _, err := os.Stat(file); os.IsNotExist(err) {
-				err = fmt.Errorf("ca file does not exist %s", file)
-				log.Error(err, "validate NsxConfig failed")
-				return err
-			}
-		}
-	} else {
-		log.V(1).Info("validate thumbprint", "thumbprint number", tpCount)
-		if tpCount > 1 && tpCount != mCount {
-			err := errors.New("thumbprint count not match manager count")
-			log.Error(err, "validate NsxConfig failed", "thumbprint count", tpCount, "manager count", mCount)
-			return err
-		}
-	}
-	return nil
-}
-
 func (nsxConfig *NsxConfig) validate(enableVPC bool) error {
-	nsxConfig.NsxApiManagers = removeEmptyItem(nsxConfig.NsxApiManagers)
 	mCount := len(nsxConfig.NsxApiManagers)
 	if mCount == 0 {
 		err := errors.New("invalid field " + "NsxApiManagers")
 		log.Error(err, "validate NsxConfig failed", "NsxApiManagers", nsxConfig.NsxApiManagers)
 		return err
 	}
-	if err := nsxConfig.validateCert(); err != nil {
+	tpCount := len(nsxConfig.Thumbprint)
+	if tpCount == 0 {
+		log.V(1).Info("no thumbprint provided")
+		return nil
+	}
+	if tpCount == 1 {
+		log.V(1).Info("all endpoints share one thumbprint")
+		return nil
+	}
+	if tpCount > 1 && tpCount != mCount {
+		err := errors.New("thumbprint count not match manager count")
+		log.Error(err, "validate NsxConfig failed", "thumbprint count", tpCount, "manager count", mCount)
 		return err
 	}
-	nsxConfig.ExternalIPv4Blocks = removeEmptyItem(nsxConfig.ExternalIPv4Blocks)
 	if enableVPC {
 		if nsxConfig.DefaultProject == "" || len(nsxConfig.ExternalIPv4Blocks) == 0 {
 			err := errors.New("default_project is none or external_ipv4_blocks is empty")

pkg/config/config_test.go

@@ -51,27 +51,13 @@ func TestConfig_NsxConfig(t *testing.T) {
 	assert.Equal(t, err, expect)
 
 	nsxConfig.NsxApiManagers = []string{"10.0.0.1"}
-	expect = errors.New("no ca file or thumbprint provided")
-	err = nsxConfig.validate(false)
-	assert.Equal(t, err, expect)
-
-	nsxConfig.Thumbprint = []string{"0a:fc"}
 	err = nsxConfig.validate(false)
 	assert.Equal(t, err, nil)
 
-	nsxConfig.CaFile = []string{"0a:fc", "ob:fd"}
-	expect = errors.New("ca file count not match manager count")
-	err = nsxConfig.validate(false)
-	assert.Equal(t, err, expect)
-
-	// Insecure == true
-	nsxConfig.CaFile = []string{"0a:fc", "ob:fd"}
-	nsxConfig.Insecure = true
+	nsxConfig.Thumbprint = []string{"0a:fc"}
 	err = nsxConfig.validate(false)
 	assert.Equal(t, err, nil)
 
-	nsxConfig.CaFile = []string{}
-	nsxConfig.Insecure = false
 	nsxConfig.Thumbprint = []string{"0a:fc", "ob:fd"}
 	expect = errors.New("thumbprint count not match manager count")
 	err = nsxConfig.validate(false)