diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 1d6621b..d9126a9 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -22,19 +22,20 @@ jobs: steps: - name: Log in to the container registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ secrets.DOCKER_REGISTRY_USER }} password: ${{ secrets.DOCKER_REGISTRY_TOKEN }} - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up Go 1.21 - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: '1.21.x' + cache: false - name: Lint uses: golangci/golangci-lint-action@v3 @@ -48,7 +49,7 @@ jobs: [ "${GITHUB_EVENT_NAME}" == 'push' ] && echo "tag=latest" >> $GITHUB_ENV || true - name: Build and push image - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: context: . push: true diff --git a/metal/cloud.go b/metal/cloud.go index 50744a9..34c5fcc 100644 --- a/metal/cloud.go +++ b/metal/cloud.go @@ -63,10 +63,6 @@ func NewCloud(_ io.Reader) (cloudprovider.Interface, error) { return nil, fmt.Errorf("environment variable %q is required", constants.MetalClusterIDEnvVar) } - if defaultExternalNetworkID == "" { - return nil, fmt.Errorf("environment variable %q is required", constants.MetalDefaultExternalNetworkEnvVar) - } - if url == "" { return nil, fmt.Errorf("environment variable %q is required", constants.MetalAPIUrlEnvVar) } diff --git a/pkg/controllers/instances/instances.go b/pkg/controllers/instances/instances.go index f554d6c..ee9b9f9 100644 --- a/pkg/controllers/instances/instances.go +++ b/pkg/controllers/instances/instances.go @@ -73,6 +73,11 @@ func nodeAddresses(machine *models.V1MachineResponse, defaultExternalNetwork str continue } + if defaultExternalNetwork == "" { + // empty default external network assumes isolated-cluster with forbidden access, so these nodes don't have an external IP + continue + } + if *nw.Networkid == defaultExternalNetwork { for _, ip := range nw.Ips { addresses = append(addresses, v1.NodeAddress{Type: v1.NodeExternalIP, Address: ip}) diff --git a/pkg/controllers/loadbalancer/addresspool.go b/pkg/controllers/loadbalancer/addresspool.go index 330d2d7..464be75 100644 --- a/pkg/controllers/loadbalancer/addresspool.go +++ b/pkg/controllers/loadbalancer/addresspool.go @@ -1,6 +1,10 @@ package loadbalancer -import "fmt" +import ( + "fmt" + + "github.com/metal-stack/metal-lib/pkg/pointer" +) const ( bgpProtocol = "bgp" @@ -13,11 +17,11 @@ type AddressPool struct { CIDRs []string `json:"addresses,omitempty" yaml:"addresses,omitempty"` // It is assumed that only /32 addresses are used. } -func NewBGPAddressPool(name string, autoAssign bool) *AddressPool { +func NewBGPAddressPool(name string) *AddressPool { return &AddressPool{ Name: name, Protocol: bgpProtocol, - AutoAssign: &autoAssign, + AutoAssign: pointer.Pointer(false), } } diff --git a/pkg/controllers/loadbalancer/loadbalancer.go b/pkg/controllers/loadbalancer/loadbalancer.go index 4709ab1..414e0a8 100644 --- a/pkg/controllers/loadbalancer/loadbalancer.go +++ b/pkg/controllers/loadbalancer/loadbalancer.go @@ -309,15 +309,15 @@ func (l *LoadBalancerController) acquireIP(ctx context.Context, service *v1.Serv annotations := service.GetAnnotations() addressPool, ok := annotations[constants.MetalLBSpecificAddressPool] if !ok { - return l.acquireIPFromDefaultExternalNetwork(ctx, service) + if l.defaultExternalNetworkID == "" { + return "", fmt.Errorf(`no default network for ip acquisition specified, acquire an ip for your cluster's project and specify it directly in "spec.loadBalancerIP"`) + } + + return l.acquireIPFromSpecificNetwork(ctx, service, l.defaultExternalNetworkID) } return l.acquireIPFromSpecificNetwork(ctx, service, addressPool) } -func (l *LoadBalancerController) acquireIPFromDefaultExternalNetwork(ctx context.Context, service *v1.Service) (string, error) { - return l.acquireIPFromSpecificNetwork(ctx, service, l.defaultExternalNetworkID) -} - func (l *LoadBalancerController) acquireIPFromSpecificNetwork(ctx context.Context, service *v1.Service, addressPoolName string) (string, error) { nwID := strings.TrimSuffix(addressPoolName, "-"+models.V1IPBaseTypeEphemeral) nwID = strings.TrimSuffix(nwID, "-"+models.V1IPBaseTypeEphemeral) @@ -337,7 +337,7 @@ func (l *LoadBalancerController) updateLoadBalancerConfig(ctx context.Context, n return fmt.Errorf("could not find ips of this project's cluster: %w", err) } - config := newMetalLBConfig(l.defaultExternalNetworkID) + config := newMetalLBConfig() err = config.CalculateConfig(ips, l.additionalNetworks, nodes) if err != nil { return err diff --git a/pkg/controllers/loadbalancer/metallb.go b/pkg/controllers/loadbalancer/metallb.go index 9175729..d5c9dfb 100644 --- a/pkg/controllers/loadbalancer/metallb.go +++ b/pkg/controllers/loadbalancer/metallb.go @@ -26,15 +26,12 @@ const ( // MetalLBConfig is a struct containing a config for metallb type MetalLBConfig struct { - Peers []*Peer `json:"peers,omitempty" yaml:"peers,omitempty"` - AddressPools []*AddressPool `json:"address-pools,omitempty" yaml:"address-pools,omitempty"` - defaultNetworkID string + Peers []*Peer `json:"peers,omitempty" yaml:"peers,omitempty"` + AddressPools []*AddressPool `json:"address-pools,omitempty" yaml:"address-pools,omitempty"` } -func newMetalLBConfig(defaultNetworkID string) *MetalLBConfig { - return &MetalLBConfig{ - defaultNetworkID: defaultNetworkID, - } +func newMetalLBConfig() *MetalLBConfig { + return &MetalLBConfig{} } // CalculateConfig computes the metallb config from given parameter input. @@ -101,14 +98,14 @@ func (cfg *MetalLBConfig) Write(ctx context.Context, client clientset.Interface) // getOrCreateAddressPool returns the address pool of the given network. // It will be created if it does not exist yet. -func (cfg *MetalLBConfig) getOrCreateAddressPool(poolName string, autoAssign bool) *AddressPool { +func (cfg *MetalLBConfig) getOrCreateAddressPool(poolName string) *AddressPool { for _, pool := range cfg.AddressPools { if pool.Name == poolName { return pool } } - pool := NewBGPAddressPool(poolName, autoAssign) + pool := NewBGPAddressPool(poolName) cfg.AddressPools = append(cfg.AddressPools, pool) return pool @@ -118,13 +115,11 @@ func (cfg *MetalLBConfig) getOrCreateAddressPool(poolName string, autoAssign boo func (cfg *MetalLBConfig) addIPToPool(network string, ip models.V1IPResponse) { t := ip.Type poolType := models.V1IPBaseTypeEphemeral - autoAssign := network == cfg.defaultNetworkID if t != nil && *t == models.V1IPBaseTypeStatic { poolType = models.V1IPBaseTypeStatic - autoAssign = false } poolName := fmt.Sprintf("%s-%s", network, poolType) - pool := cfg.getOrCreateAddressPool(poolName, autoAssign) + pool := cfg.getOrCreateAddressPool(poolName) pool.appendIP(*ip.Ipaddress) } diff --git a/pkg/controllers/loadbalancer/metallb_test.go b/pkg/controllers/loadbalancer/metallb_test.go index baedfff..9645df6 100644 --- a/pkg/controllers/loadbalancer/metallb_test.go +++ b/pkg/controllers/loadbalancer/metallb_test.go @@ -25,18 +25,16 @@ var ( func TestMetalLBConfig_CalculateConfig(t *testing.T) { tests := []struct { - name string - defaultNetworkID string - nws sets.Set[string] - ips []*models.V1IPResponse - nodes []v1.Node - wantErr error - want map[string]interface{} + name string + nws sets.Set[string] + ips []*models.V1IPResponse + nodes []v1.Node + wantErr error + want map[string]interface{} }{ { - name: "one ip acquired, no nodes", - defaultNetworkID: "internet", - nws: testNetworks, + name: "one ip acquired, no nodes", + nws: testNetworks, ips: []*models.V1IPResponse{ { Ipaddress: pointer.String("84.1.1.1"), @@ -57,7 +55,7 @@ func TestMetalLBConfig_CalculateConfig(t *testing.T) { "addresses": []string{ "84.1.1.1/32", }, - "auto-assign": true, + "auto-assign": false, "name": "internet-ephemeral", "protocol": "bgp", }, @@ -65,9 +63,8 @@ func TestMetalLBConfig_CalculateConfig(t *testing.T) { }, }, { - name: "two ips acquired, no nodes", - defaultNetworkID: "internet", - nws: testNetworks, + name: "two ips acquired, no nodes", + nws: testNetworks, ips: []*models.V1IPResponse{ { Ipaddress: pointer.String("84.1.1.1"), @@ -99,7 +96,7 @@ func TestMetalLBConfig_CalculateConfig(t *testing.T) { "84.1.1.1/32", "84.1.1.2/32", }, - "auto-assign": true, + "auto-assign": false, "name": "internet-ephemeral", "protocol": "bgp", }, @@ -107,9 +104,8 @@ func TestMetalLBConfig_CalculateConfig(t *testing.T) { }, }, { - name: "two ips acquired, one static ip, no nodes", - defaultNetworkID: "internet", - nws: testNetworks, + name: "two ips acquired, one static ip, no nodes", + nws: testNetworks, ips: []*models.V1IPResponse{ { Ipaddress: pointer.String("84.1.1.1"), @@ -151,7 +147,7 @@ func TestMetalLBConfig_CalculateConfig(t *testing.T) { "84.1.1.1/32", "84.1.1.2/32", }, - "auto-assign": true, + "auto-assign": false, "name": "internet-ephemeral", "protocol": "bgp", }, @@ -168,9 +164,8 @@ func TestMetalLBConfig_CalculateConfig(t *testing.T) { }, { - name: "connected to internet,storage,dmz and mpls, two ips acquired, one static ip, no nodes", - defaultNetworkID: "internet", - nws: testNetworks, + name: "connected to internet,storage,dmz and mpls, two ips acquired, one static ip, no nodes", + nws: testNetworks, ips: []*models.V1IPResponse{ { Ipaddress: pointer.String("84.1.1.1"), @@ -252,7 +247,7 @@ func TestMetalLBConfig_CalculateConfig(t *testing.T) { "84.1.1.1/32", "84.1.1.2/32", }, - "auto-assign": true, + "auto-assign": false, "name": "internet-ephemeral", "protocol": "bgp", }, @@ -303,9 +298,7 @@ func TestMetalLBConfig_CalculateConfig(t *testing.T) { for _, tt := range tests { tt := tt t.Run(tt.name, func(t *testing.T) { - cfg := &MetalLBConfig{ - defaultNetworkID: tt.defaultNetworkID, - } + cfg := &MetalLBConfig{} err := cfg.CalculateConfig(tt.ips, tt.nws, tt.nodes) if diff := cmp.Diff(err, tt.wantErr); diff != "" {