operator: add support for CiliumPodIPPool CRD

The operator watches CiliumPodIPPool resources when using the multi-pool IPAM mode and propagates upsert and delete operations to the internal IPAM multipool allocator bookkeeping using the interfaces added in the preceding commits. Signed-off-by: Tobias Klauser <tobias@cilium.io>
cilium · Jun 5, 2023 · b8050d8 · b8050d8
1 parent e62f548
commit b8050d8
Show file tree

Hide file tree

Showing 4 changed files with 81 additions and 4 deletions.
diff --git a/operator/cmd/root.go b/operator/cmd/root.go
@@ -459,6 +459,12 @@ func (legacy *legacyOnLeader) onStart(_ hive.HookContext) error {
 			log.WithError(err).Fatalf("Unable to init %s allocator", ipamMode)
 		}
 
+		if pooledAlloc, ok := alloc.(operatorWatchers.PooledAllocatorProvider); ok {
+			// The following operation will block until all pools are restored, thus it
+			// is safe to continue starting node allocation right after return.
+			operatorWatchers.StartIPPoolAllocator(legacy.ctx, legacy.clientset, pooledAlloc, legacy.resources.CiliumPodIPPools)
+		}
+
 		nm, err := alloc.Start(legacy.ctx, &ciliumNodeUpdateImplementation{legacy.clientset})
 		if err != nil {
 			log.WithError(err).Fatalf("Unable to start %s allocator", ipamMode)

diff --git a/operator/k8s/resources.go b/operator/k8s/resources.go
@@ -27,6 +27,7 @@ var (
 			k8s.EndpointsResource,
 			k8s.LBIPPoolsResource,
 			k8s.CiliumIdentityResource,
+			k8s.CiliumPodIPPoolResource,
 		),
 	)
 )
@@ -35,8 +36,9 @@ var (
 type Resources struct {
 	cell.In
 
-	Services   resource.Resource[*slim_corev1.Service]
-	Endpoints  resource.Resource[*k8s.Endpoints]
-	LBIPPools  resource.Resource[*cilium_api_v2alpha1.CiliumLoadBalancerIPPool]
-	Identities resource.Resource[*cilium_api_v2.CiliumIdentity]
+	Services         resource.Resource[*slim_corev1.Service]
+	Endpoints        resource.Resource[*k8s.Endpoints]
+	LBIPPools        resource.Resource[*cilium_api_v2alpha1.CiliumLoadBalancerIPPool]
+	Identities       resource.Resource[*cilium_api_v2.CiliumIdentity]
+	CiliumPodIPPools resource.Resource[*cilium_api_v2alpha1.CiliumPodIPPool]
 }
diff --git a/operator/watchers/cilium_podippool.go b/operator/watchers/cilium_podippool.go
@@ -0,0 +1,58 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium
+
+package watchers
+
+import (
+	"context"
+
+	cilium_v2alpha1 "github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2alpha1"
+	"github.com/cilium/cilium/pkg/k8s/client"
+	"github.com/cilium/cilium/pkg/k8s/resource"
+)
+
+// PooledAllocatorProvider defines the functions of IPAM provider front-end which additionally allow
+// definition of IP pools at runtime.
+// This is implemented by e.g. pkg/ipam/allocator/multipool
+type PooledAllocatorProvider interface {
+	UpsertPool(ctx context.Context, pool *cilium_v2alpha1.CiliumPodIPPool) error
+	DeletePool(ctx context.Context, pool *cilium_v2alpha1.CiliumPodIPPool) error
+}
+
+func StartIPPoolAllocator(
+	ctx context.Context,
+	clientset client.Clientset,
+	allocator PooledAllocatorProvider,
+	ipPools resource.Resource[*cilium_v2alpha1.CiliumPodIPPool],
+) {
+	log.Info("Starting CiliumPodIPPool allocator watcher")
+
+	synced := make(chan struct{})
+
+	go func() {
+		for ev := range ipPools.Events(ctx) {
+			var err error
+			var action string
+
+			switch ev.Kind {
+			case resource.Sync:
+				close(synced)
+			case resource.Upsert:
+				err = allocator.UpsertPool(ctx, ev.Object)
+				action = "upsert"
+			case resource.Delete:
+				err = allocator.DeletePool(ctx, ev.Object)
+				action = "delete"
+			}
+			ev.Done(err)
+			if err != nil {
+				log.WithError(err).Errorf("failed to %s pool %q", action, ev.Key)
+			}
+		}
+	}()
+
+	// Block until all pools are restored, so callers can safely start node allocation
+	// right after return.
+	<-synced
+	log.Info("All CiliumPodIPPool resources synchronized")
+}
diff --git a/pkg/k8s/resource_ctors.go b/pkg/k8s/resource_ctors.go
@@ -140,6 +140,17 @@ func CiliumCIDRGroupResource(lc hive.Lifecycle, cs client.Clientset, opts ...fun
 	return resource.New[*cilium_api_v2alpha1.CiliumCIDRGroup](lc, lw), nil
 }
 
+func CiliumPodIPPoolResource(lc hive.Lifecycle, cs client.Clientset, opts ...func(*metav1.ListOptions)) (resource.Resource[*cilium_api_v2alpha1.CiliumPodIPPool], error) {
+	if !cs.IsEnabled() {
+		return nil, nil
+	}
+	lw := utils.ListerWatcherWithModifiers(
+		utils.ListerWatcherFromTyped[*cilium_api_v2alpha1.CiliumPodIPPoolList](cs.CiliumV2alpha1().CiliumPodIPPools()),
+		opts...,
+	)
+	return resource.New[*cilium_api_v2alpha1.CiliumPodIPPool](lc, lw), nil
+}
+
 func EndpointsResource(lc hive.Lifecycle, cs client.Clientset) (resource.Resource[*Endpoints], error) {
 	if !cs.IsEnabled() {
 		return nil, nil