This repository has been archived by the owner on Mar 28, 2023. It is now read-only.
generated from giantswarm/template-operator
-
Notifications
You must be signed in to change notification settings - Fork 0
/
subnet.go
255 lines (221 loc) · 7.16 KB
/
subnet.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
package subnet
import (
"context"
"fmt"
"net"
"strconv"
"time"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/client"
"github.com/aws/aws-sdk-go/service/ec2"
"github.com/giantswarm/ipam"
"github.com/giantswarm/kubelock"
"github.com/go-logr/logr"
capa "sigs.k8s.io/cluster-api-provider-aws/api/v1alpha3"
expcapa "sigs.k8s.io/cluster-api-provider-aws/exp/api/v1alpha3"
ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
"github.com/giantswarm/capa-machinepool-subnet-operator/pkg/key"
)
type Service struct {
AWSSession client.ConfigProvider
AWSMachinePool *expcapa.AWSMachinePool
CtrlClient ctrlclient.Client
Logger logr.Logger
CidrRange string
SubnetSize string
}
func (s *Service) Reconcile() error {
ec2Client := ec2.New(s.AWSSession)
ctx := context.TODO()
azCount := len(s.AWSMachinePool.Spec.AvailabilityZones)
clusterName := key.GetClusterIDFromLabels(s.AWSMachinePool.ObjectMeta)
awsCluster, err := key.GetAWSClusterByName(ctx, s.CtrlClient, clusterName)
if err != nil {
s.Logger.Error(err, "failed to fetch AWSCluster")
return err
}
var cidrBlock net.IPNet
// check if cidr is already assigned
if a, ok := s.AWSMachinePool.GetAnnotations()[key.AnnotationAssignedCIDR]; ok {
_, c, err := net.ParseCIDR(a)
if err != nil {
s.Logger.Error(err, "failed to parse awsMachinePool cidr range")
return err
}
cidrBlock = *c
} else {
lock, err := key.GetLock(clusterName)
if err != nil {
s.Logger.Error(err, "failed to get kubelock for allocation cidr for AWSMachinePool")
return err
}
// get lock so no other awsMachinePool cidr allocation run at the same moment
err = lock.Acquire(ctx, clusterName, kubelock.AcquireOptions{Owner: clusterName, TTL: time.Minute * 10})
if err != nil {
s.Logger.Error(err, "failed to acquire kubelock for cidr allocation")
return err
}
// no block is assigned to the MP, get a new one
cidrBlock, err = s.getFreeCidrBlock(ctx, clusterName, awsCluster.Spec.NetworkSpec.VPC.CidrBlock)
if err != nil {
s.Logger.Error(err, "failed to get free cidr block for awsMachinePool")
return err
}
// put annotation on the CR
s.AWSMachinePool.Annotations[key.AnnotationAssignedCIDR] = cidrBlock.String()
err = s.CtrlClient.Update(ctx, s.AWSMachinePool)
if err != nil {
s.Logger.Error(err, "failed to update AWSMachinePool")
return err
}
err = lock.Release(ctx, clusterName, kubelock.ReleaseOptions{Owner: clusterName})
if err != nil {
s.Logger.Error(err, "failed to release kubelock for cidr allocation")
return err
}
}
i := &ec2.DescribeVpcsInput{VpcIds: aws.StringSlice([]string{awsCluster.Spec.NetworkSpec.VPC.ID})}
vpcs, err := ec2Client.DescribeVpcs(i)
if err != nil {
s.Logger.Error(err, "failed to describe VPCs")
return err
}
// if the cidr block is not associated yet we will add it to the VPC
if !key.IsCidrAlreadyAssociated(cidrBlock.String(), vpcs.Vpcs[0].CidrBlockAssociationSet) {
i := &ec2.AssociateVpcCidrBlockInput{
CidrBlock: aws.String(cidrBlock.String()),
VpcId: aws.String(awsCluster.Spec.NetworkSpec.VPC.ID),
}
_, err = ec2Client.AssociateVpcCidrBlock(i)
if err != nil {
s.Logger.Error(err, "failed to associate CIDR block to cluster vpc")
return err
}
}
// add new subnets to the AWSCluster CR if they are missing
{
// check if the subnets are already added
subnetRanges, err := ipam.Split(cidrBlock, uint(azCount))
if err != nil {
s.Logger.Error(err, fmt.Sprintf("failed to split cidr '%s' into %d zones", cidrBlock.String(), azCount))
return err
}
clusterSubnetSpecs := awsCluster.Spec.NetworkSpec.Subnets
subnetFound := false
for _, s1 := range clusterSubnetSpecs {
for _, s2 := range subnetRanges {
if s1.CidrBlock == s2.String() {
subnetFound = true
break
}
}
}
if !subnetFound {
// add new subnets to AWSCluster CR
var newSubnetSpecs []*capa.SubnetSpec
{
for i, r := range subnetRanges {
subnet := &capa.SubnetSpec{
CidrBlock: r.String(),
AvailabilityZone: s.AWSMachinePool.Spec.AvailabilityZones[i],
IsPublic: false,
Tags: key.SubnetTags(s.AWSMachinePool.Name),
}
newSubnetSpecs = append(newSubnetSpecs, subnet)
}
}
clusterSubnetSpecs = append(clusterSubnetSpecs, newSubnetSpecs...)
awsCluster.Spec.NetworkSpec.Subnets = clusterSubnetSpecs
err = s.CtrlClient.Update(ctx, awsCluster)
if err != nil {
s.Logger.Error(err, "failed to add new subnets to AWSCluster")
return err
}
}
}
return nil
}
func (s *Service) Delete() error {
ec2Client := ec2.New(s.AWSSession)
ctx := context.TODO()
if cidr, ok := s.AWSMachinePool.GetAnnotations()[key.AnnotationAssignedCIDR]; ok {
clusterName := key.GetClusterIDFromLabels(s.AWSMachinePool.ObjectMeta)
awsCluster, err := key.GetAWSClusterByName(ctx, s.CtrlClient, clusterName)
if err != nil {
s.Logger.Error(err, "failed to get AWSCluster CR")
return err
}
i := &ec2.DescribeVpcsInput{VpcIds: aws.StringSlice([]string{awsCluster.Spec.NetworkSpec.VPC.ID})}
vpcs, err := ec2Client.DescribeVpcs(i)
if err != nil {
s.Logger.Error(err, "failed to describe VPCs")
return err
}
var associationID *string
for _, a := range vpcs.Vpcs[0].CidrBlockAssociationSet {
if *a.CidrBlock == cidr {
associationID = a.AssociationId
}
}
if associationID != nil {
i := &ec2.DisassociateSubnetCidrBlockInput{
AssociationId: associationID,
}
_, err := ec2Client.DisassociateSubnetCidrBlock(i)
if err != nil {
s.Logger.Error(err, "failed to disassociate cidr block from cluster VPC")
return err
}
}
// remove the annotation for cidr reservation
newAnnotations := s.AWSMachinePool.GetAnnotations()
delete(newAnnotations, key.AnnotationAssignedCIDR)
s.AWSMachinePool.Annotations = newAnnotations
err = s.CtrlClient.Update(ctx, s.AWSMachinePool)
if err != nil {
s.Logger.Error(err, "failed to remove cidr block annotation from AWSMachinePool")
return err
}
}
return nil
}
func (s *Service) getFreeCidrBlock(ctx context.Context, clusterName string, vpcCidrBlock string) (net.IPNet, error) {
size, err := strconv.Atoi(s.SubnetSize)
if err != nil {
return net.IPNet{}, err
}
subnetIPMask := net.CIDRMask(size, 32)
_, subnetRange, err := net.ParseCIDR(s.CidrRange)
if err != nil {
return net.IPNet{}, err
}
var usedSubnets []net.IPNet
{
// add VPC cidr to already used subnet list
_, vpc, err := net.ParseCIDR(vpcCidrBlock)
if err != nil {
return net.IPNet{}, err
}
usedSubnets = append(usedSubnets, *vpc)
// add ranges used by other aws machine pools
var awsMachinePoolList *expcapa.AWSMachinePoolList
err = s.CtrlClient.List(ctx, awsMachinePoolList, ctrlclient.MatchingLabels{key.ClusterNameLabel: clusterName})
if err != nil {
return net.IPNet{}, err
}
for _, mp := range awsMachinePoolList.Items {
if a, ok := mp.GetAnnotations()[key.AnnotationAssignedCIDR]; ok {
_, s, err := net.ParseCIDR(a)
if err != nil {
return net.IPNet{}, err
}
usedSubnets = append(usedSubnets, *s)
}
}
}
freeBlock, err := ipam.Free(*subnetRange, subnetIPMask, usedSubnets)
if err != nil {
return net.IPNet{}, err
}
return freeBlock, nil
}