|
| 1 | +// Copyright 2023 D2iQ, Inc. All rights reserved. |
| 2 | +// SPDX-License-Identifier: Apache-2.0 |
| 3 | + |
| 4 | +package calico |
| 5 | + |
| 6 | +import ( |
| 7 | + "context" |
| 8 | + _ "embed" |
| 9 | + |
| 10 | + "github.com/go-logr/logr" |
| 11 | + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" |
| 12 | + "k8s.io/apimachinery/pkg/runtime" |
| 13 | + runtimehooksv1 "sigs.k8s.io/cluster-api/exp/runtime/hooks/api/v1alpha1" |
| 14 | + "sigs.k8s.io/cluster-api/exp/runtime/topologymutation" |
| 15 | + ctrl "sigs.k8s.io/controller-runtime" |
| 16 | + "sigs.k8s.io/controller-runtime/pkg/client" |
| 17 | + |
| 18 | + "github.com/d2iq-labs/capi-runtime-extensions/api/v1alpha1" |
| 19 | + "github.com/d2iq-labs/capi-runtime-extensions/common/pkg/capi/apis" |
| 20 | + commonhandlers "github.com/d2iq-labs/capi-runtime-extensions/common/pkg/capi/clustertopology/handlers" |
| 21 | + "github.com/d2iq-labs/capi-runtime-extensions/common/pkg/capi/clustertopology/handlers/mutation" |
| 22 | + "github.com/d2iq-labs/capi-runtime-extensions/common/pkg/capi/clustertopology/patches" |
| 23 | + "github.com/d2iq-labs/capi-runtime-extensions/common/pkg/capi/clustertopology/patches/selectors" |
| 24 | + "github.com/d2iq-labs/capi-runtime-extensions/common/pkg/capi/clustertopology/variables" |
| 25 | + capav1 "github.com/d2iq-labs/capi-runtime-extensions/common/pkg/external/sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2" |
| 26 | + "github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/generic/clusterconfig" |
| 27 | + "github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/generic/mutation/cni" |
| 28 | +) |
| 29 | + |
| 30 | +const ( |
| 31 | + // HandlerNamePatch is the name of the inject handler. |
| 32 | + HandlerNamePatch = "CalicoCNIPatch" |
| 33 | +) |
| 34 | + |
| 35 | +type calicoPatchHandler struct { |
| 36 | + variableName string |
| 37 | + variableFieldPath []string |
| 38 | +} |
| 39 | + |
| 40 | +var ( |
| 41 | + _ commonhandlers.Named = &calicoPatchHandler{} |
| 42 | + _ mutation.GeneratePatches = &calicoPatchHandler{} |
| 43 | + _ mutation.MetaMutator = &calicoPatchHandler{} |
| 44 | +) |
| 45 | + |
| 46 | +func NewPatch() *calicoPatchHandler { |
| 47 | + return newCalicoPatchHandler(cni.VariableName) |
| 48 | +} |
| 49 | + |
| 50 | +func NewMetaPatch() *calicoPatchHandler { |
| 51 | + return newCalicoPatchHandler(clusterconfig.MetaVariableName, cni.VariableName) |
| 52 | +} |
| 53 | + |
| 54 | +func newCalicoPatchHandler( |
| 55 | + variableName string, |
| 56 | + variableFieldPath ...string, |
| 57 | +) *calicoPatchHandler { |
| 58 | + return &calicoPatchHandler{ |
| 59 | + variableName: variableName, |
| 60 | + variableFieldPath: variableFieldPath, |
| 61 | + } |
| 62 | +} |
| 63 | + |
| 64 | +func (h *calicoPatchHandler) Name() string { |
| 65 | + return HandlerNamePatch |
| 66 | +} |
| 67 | + |
| 68 | +func (h *calicoPatchHandler) Mutate( |
| 69 | + ctx context.Context, |
| 70 | + obj runtime.Object, |
| 71 | + vars map[string]apiextensionsv1.JSON, |
| 72 | + holderRef runtimehooksv1.HolderReference, |
| 73 | + _ client.ObjectKey, |
| 74 | +) error { |
| 75 | + log := ctrl.LoggerFrom(ctx).WithValues( |
| 76 | + "holderRef", holderRef, |
| 77 | + ) |
| 78 | + |
| 79 | + cniVar, found, err := variables.Get[v1alpha1.CNI]( |
| 80 | + vars, |
| 81 | + h.variableName, |
| 82 | + h.variableFieldPath..., |
| 83 | + ) |
| 84 | + if err != nil { |
| 85 | + return err |
| 86 | + } |
| 87 | + if !found { |
| 88 | + log.V(5).Info("cni variable not defined") |
| 89 | + return nil |
| 90 | + } |
| 91 | + if cniVar.Provider != v1alpha1.CNIProviderCalico { |
| 92 | + log.V(5). |
| 93 | + WithValues("cniProvider", cniVar.Provider). |
| 94 | + Info("CNI provider not defined as Calico - skipping") |
| 95 | + return nil |
| 96 | + } |
| 97 | + |
| 98 | + log = log.WithValues( |
| 99 | + "variableName", |
| 100 | + h.variableName, |
| 101 | + "variableFieldPath", |
| 102 | + h.variableFieldPath, |
| 103 | + "variableValue", |
| 104 | + cniVar, |
| 105 | + ) |
| 106 | + |
| 107 | + return patches.Generate( |
| 108 | + obj, |
| 109 | + vars, |
| 110 | + &holderRef, |
| 111 | + selectors.InfrastructureCluster(capav1.GroupVersion.Version, "AWSClusterTemplate"), |
| 112 | + log, |
| 113 | + mutateAWSClusterTemplateFunc(log), |
| 114 | + ) |
| 115 | +} |
| 116 | + |
| 117 | +func (h *calicoPatchHandler) GeneratePatches( |
| 118 | + ctx context.Context, |
| 119 | + req *runtimehooksv1.GeneratePatchesRequest, |
| 120 | + resp *runtimehooksv1.GeneratePatchesResponse, |
| 121 | +) { |
| 122 | + topologymutation.WalkTemplates( |
| 123 | + ctx, |
| 124 | + apis.DecoderForScheme(apis.CAPAScheme()), |
| 125 | + req, |
| 126 | + resp, |
| 127 | + func( |
| 128 | + ctx context.Context, |
| 129 | + obj runtime.Object, |
| 130 | + vars map[string]apiextensionsv1.JSON, |
| 131 | + holderRef runtimehooksv1.HolderReference, |
| 132 | + ) error { |
| 133 | + return h.Mutate(ctx, obj, vars, holderRef, client.ObjectKey{}) |
| 134 | + }, |
| 135 | + ) |
| 136 | +} |
| 137 | + |
| 138 | +func mutateAWSClusterTemplateFunc(log logr.Logger) func(obj *capav1.AWSClusterTemplate) error { |
| 139 | + return func(obj *capav1.AWSClusterTemplate) error { |
| 140 | + log.WithValues( |
| 141 | + "patchedObjectKind", obj.GetObjectKind().GroupVersionKind().String(), |
| 142 | + "patchedObjectName", client.ObjectKeyFromObject(obj), |
| 143 | + ).Info("setting CNI ingress rules in AWS cluster spec") |
| 144 | + |
| 145 | + if obj.Spec.Template.Spec.NetworkSpec.CNI == nil { |
| 146 | + obj.Spec.Template.Spec.NetworkSpec.CNI = &capav1.CNISpec{} |
| 147 | + } |
| 148 | + obj.Spec.Template.Spec.NetworkSpec.CNI.CNIIngressRules = append( |
| 149 | + obj.Spec.Template.Spec.NetworkSpec.CNI.CNIIngressRules, |
| 150 | + capav1.CNIIngressRule{ |
| 151 | + Description: "typha (calico)", |
| 152 | + Protocol: capav1.SecurityGroupProtocolTCP, |
| 153 | + FromPort: 5473, |
| 154 | + ToPort: 5473, |
| 155 | + }, |
| 156 | + capav1.CNIIngressRule{ |
| 157 | + Description: "bgp (calico)", |
| 158 | + Protocol: capav1.SecurityGroupProtocolTCP, |
| 159 | + FromPort: 179, |
| 160 | + ToPort: 179, |
| 161 | + }, |
| 162 | + capav1.CNIIngressRule{ |
| 163 | + Description: "IP-in-IP (calico)", |
| 164 | + Protocol: capav1.SecurityGroupProtocolIPinIP, |
| 165 | + FromPort: -1, |
| 166 | + ToPort: 65535, |
| 167 | + }, |
| 168 | + capav1.CNIIngressRule{ |
| 169 | + Description: "node metrics (calico)", |
| 170 | + Protocol: capav1.SecurityGroupProtocolTCP, |
| 171 | + FromPort: 9091, |
| 172 | + ToPort: 9091, |
| 173 | + }, |
| 174 | + capav1.CNIIngressRule{ |
| 175 | + Description: "typha metrics (calico)", |
| 176 | + Protocol: capav1.SecurityGroupProtocolTCP, |
| 177 | + FromPort: 9093, |
| 178 | + ToPort: 9093, |
| 179 | + }, |
| 180 | + ) |
| 181 | + |
| 182 | + return nil |
| 183 | + } |
| 184 | +} |
0 commit comments