ironcore-dev · afritzler · Aug 6, 2025 · Aug 1, 2025 · Aug 4, 2025 · Aug 4, 2025
@@ -145,6 +145,10 @@ var _ = BeforeSuite(func() {
 })
 
 func SetupTest(apiNetNamespace *corev1.Namespace) *corev1.Namespace {
+	return SetupTestWithNetworkPeeringFlag(apiNetNamespace, false)
+}
+
+func SetupTestWithNetworkPeeringFlag(apiNetNamespace *corev1.Namespace, isNetworkPeeringDisabled bool) *corev1.Namespace {
 	BeforeEach(func(ctx SpecContext) {
 		k8sManager, err := ctrl.NewManager(cfg, ctrl.Options{
 			Scheme: scheme.Scheme,
@@ -169,9 +173,10 @@ func SetupTest(apiNetNamespace *corev1.Namespace) *corev1.Namespace {
 		}).SetupWithManager(k8sManager, k8sManager.GetCache())).To(Succeed())
 
 		Expect((&NetworkReconciler{
-			Client:          k8sManager.GetClient(),
-			APINetClient:    k8sManager.GetClient(),
-			APINetNamespace: apiNetNamespace.Name,
+			Client:                 k8sManager.GetClient(),
+			APINetClient:           k8sManager.GetClient(),
+			APINetNamespace:        apiNetNamespace.Name,
+			NetworkPeeringDisabled: isNetworkPeeringDisabled,
 		}).SetupWithManager(k8sManager, k8sManager.GetCache())).To(Succeed())
 
 		Expect((&NetworkInterfaceReconciler{

@@ -42,6 +42,8 @@ type NetworkReconciler struct {
 	APINetNamespace string
 
 	WatchFilterValue string
+
+	NetworkPeeringDisabled bool
 }
 
 //+kubebuilder:rbac:groups="",resources=events,verbs=create;patch
@@ -124,7 +126,7 @@ func (r *NetworkReconciler) updateNetworkStatus(ctx context.Context, log logr.Lo
 	networkBase := network.DeepCopy()
 	statusPeerings := apiNetNetworkPeeringsStatusToNetworkPeeringsStatus(apiNetNetwork.Status.Peerings, apiNetNetwork.Spec.Peerings)
 	log.V(1).Info("network status peerings", "old", network.Status.Peerings, "new", statusPeerings)
-	if network.Status.State != state || !reflect.DeepEqual(network.Status.Peerings, statusPeerings) {
+	if network.Status.State != state || (!r.NetworkPeeringDisabled && !reflect.DeepEqual(network.Status.Peerings, statusPeerings)) {
 		log.V(1).Info("Patching network status")
 		network.Status.State = state
 		network.Status.Peerings = statusPeerings

@@ -426,6 +426,151 @@ var _ = Describe("NetworkController", func() {
 		Eventually(Get(network1)).Should(Satisfy(apierrors.IsNotFound))
 		Eventually(Get(network2)).Should(Satisfy(apierrors.IsNotFound))
 
+		By("asserting the corresponding apinet network is gone as well")
+		Expect(k8sClient.Get(ctx, client.ObjectKeyFromObject(apiNetNetwork1), apiNetNetwork1)).To(Satisfy(apierrors.IsNotFound))
+		Expect(k8sClient.Get(ctx, client.ObjectKeyFromObject(apiNetNetwork2), apiNetNetwork2)).To(Satisfy(apierrors.IsNotFound))
+	})
+
+})
+
+var _ = Describe("NetworkControllerPeering", func() {
+	ns := SetupNamespace(&k8sClient)
+	ns1 := SetupNamespace(&k8sClient)
+	apiNetNs := SetupNamespace(&k8sClient)
+	SetupTestWithNetworkPeeringFlag(apiNetNs, true)
+	It("should not updated Ironcore Network peering status if NetworkPeeringDisabled is set to true", func(ctx SpecContext) {
+		By("creating a network network-1")
+		network1 := &networkingv1alpha1.Network{
+			ObjectMeta: metav1.ObjectMeta{
+				Namespace: ns.Name,
+				Name:      "network-1",
+			},
+			Spec: networkingv1alpha1.NetworkSpec{
+				Peerings: []networkingv1alpha1.NetworkPeering{
+					{
+						Name: "peering-1",
+						NetworkRef: networkingv1alpha1.NetworkPeeringNetworkRef{
+							Name:      "network-2",
+							Namespace: ns1.Name,
+						},
+					},
+				},
+			},
+		}
+		Expect(k8sClient.Create(ctx, network1)).To(Succeed())
+
+		By("creating a network network-2")
+		network2 := &networkingv1alpha1.Network{
+			ObjectMeta: metav1.ObjectMeta{
+				Namespace: ns1.Name,
+				Name:      "network-2",
+			},
+			Spec: networkingv1alpha1.NetworkSpec{
+				Peerings: []networkingv1alpha1.NetworkPeering{
+					{
+						Name: "peering-2",
+						NetworkRef: networkingv1alpha1.NetworkPeeringNetworkRef{
+							Name:      "network-1",
+							Namespace: ns.Name,
+						},
+					},
+				},
+			},
+		}
+		Expect(k8sClient.Create(ctx, network2)).To(Succeed())
+
+		By("waiting for the corresponding APINet networks to be created")
+		apiNetNetwork1 := &apinetv1alpha1.Network{
+			ObjectMeta: metav1.ObjectMeta{
+				Namespace: apiNetNs.Name,
+				Name:      string(network1.UID),
+			},
+		}
+		Eventually(Get(apiNetNetwork1)).Should(Succeed())
+
+		apiNetNetwork2 := &apinetv1alpha1.Network{
+			ObjectMeta: metav1.ObjectMeta{
+				Namespace: apiNetNs.Name,
+				Name:      string(network2.UID),
+			},
+		}
+		Eventually(Get(apiNetNetwork2)).Should(Succeed())
+
+		By("inspecting the created apinet networks")
+		Expect(apiNetNetwork1.Labels).To(Equal(apinetletclient.SourceLabels(k8sClient.Scheme(), k8sClient.RESTMapper(), network1)))
+		Expect(apiNetNetwork1.Spec.ID).NotTo(BeEmpty())
+
+		Expect(apiNetNetwork2.Labels).To(Equal(apinetletclient.SourceLabels(k8sClient.Scheme(), k8sClient.RESTMapper(), network2)))
+		Expect(apiNetNetwork2.Spec.ID).NotTo(BeEmpty())
+
+		By("patching networks with peeringClaimRefs")
+		baseNetwork1 := network1.DeepCopy()
+		network1.Spec.PeeringClaimRefs = []networkingv1alpha1.NetworkPeeringClaimRef{{
+			Name:      network2.Name,
+			Namespace: network2.Namespace,
+			UID:       network2.UID,
+		}}
+		Expect(k8sClient.Patch(ctx, network1, client.MergeFrom(baseNetwork1))).To(Succeed())
+
+		baseNetwork2 := network2.DeepCopy()
+		network2.Spec.PeeringClaimRefs = []networkingv1alpha1.NetworkPeeringClaimRef{{
+			Name:      network1.Name,
+			Namespace: network1.Namespace,
+			UID:       network1.UID,
+		}}
+		Expect(k8sClient.Patch(ctx, network2, client.MergeFrom(baseNetwork2))).To(Succeed())
+
+		By("ensuring apinet network spec peerings are updated")
+		Eventually(Object(apiNetNetwork1)).Should(SatisfyAll(
+			HaveField("Spec.Peerings", ConsistOf(apinetv1alpha1.NetworkPeering{
+				Name: network1.Spec.Peerings[0].Name,
+				ID:   apiNetNetwork2.Spec.ID,
+			})),
+		))
+
+		Eventually(Object(apiNetNetwork2)).Should(SatisfyAll(
+			HaveField("Spec.Peerings", ConsistOf(apinetv1alpha1.NetworkPeering{
+				Name: network2.Spec.Peerings[0].Name,
+				ID:   apiNetNetwork1.Spec.ID,
+			})),
+		))
+
+		By("patching apinet network peering status")
+		apiNetNetwork2ID, _ := strconv.Atoi(apiNetNetwork2.Spec.ID)
+		Eventually(UpdateStatus(apiNetNetwork1, func() {
+			apiNetNetwork1.Status.Peerings = make(map[string][]apinetv1alpha1.NetworkPeeringStatus)
+			apiNetNetwork1.Status.Peerings["partition1"] = []apinetv1alpha1.NetworkPeeringStatus{{
+				ID:    int32(apiNetNetwork2ID),
+				State: apinetv1alpha1.NetworkPeeringStateReady,
+			}}
+		})).Should(Succeed())
+
+		apiNetNetwork1ID, _ := strconv.Atoi(apiNetNetwork1.Spec.ID)
+		Eventually(UpdateStatus(apiNetNetwork2, func() {
+			apiNetNetwork2.Status.Peerings = make(map[string][]apinetv1alpha1.NetworkPeeringStatus)
+			apiNetNetwork2.Status.Peerings["partition1"] = []apinetv1alpha1.NetworkPeeringStatus{{
+				ID:    int32(apiNetNetwork1ID),
+				State: apinetv1alpha1.NetworkPeeringStateReady,
+			}}
+		})).Should(Succeed())
+
+		By("ensuring ironcore networks peering status is updated")
+		Eventually(Object(network1)).Should(SatisfyAll(
+			HaveField("Status.Peerings", BeEmpty()),
+		))
+
+		Eventually(Object(network2)).Should(SatisfyAll(
+			HaveField("Status.Peerings", BeEmpty()),
+		))
+
+		By("deleting the networks")
+		Expect(k8sClient.Delete(ctx, network1)).To(Succeed())
+		Expect(k8sClient.Delete(ctx, network2)).To(Succeed())
+
+		By("waiting for networks to be gone")
+		Eventually(Get(network1)).Should(Satisfy(apierrors.IsNotFound))
+		Eventually(Get(network2)).Should(Satisfy(apierrors.IsNotFound))
+
 		By("asserting the corresponding apinet network is gone as well")
 		Expect(k8sClient.Get(ctx, client.ObjectKeyFromObject(apiNetNetwork1), apiNetNetwork1)).To(Satisfy(apierrors.IsNotFound))
 		Expect(k8sClient.Get(ctx, client.ObjectKeyFromObject(apiNetNetwork2), apiNetNetwork2)).To(Satisfy(apierrors.IsNotFound))

@@ -78,6 +78,8 @@ func main() {
 
 	var tlsOpts []func(*tls.Config)
 
+	var disableNetworkPeering bool
+
 	flag.StringVar(&metricsAddr, "metrics-bind-address", "0", "The address the metrics endpoint binds to. "+
 		"Use :8443 for HTTPS or :8080 for HTTP, or leave as 0 to disable the metrics service.")
 	flag.BoolVar(&secureMetrics, "metrics-secure", true,
@@ -100,6 +102,8 @@ func main() {
 
 	flag.StringVar(&watchNamespace, "namespace", "", "Namespace that the controller watches to reconcile ironcore objects. If unspecified, the controller watches for ironcore objects across all namespaces.")
 	flag.StringVar(&watchFilterValue, "watch-filter", "", fmt.Sprintf("label value that the controller watches to reconcile ironcore objects. Label key is always %s. If unspecified, the controller watches for all ironcore objects", commonv1alpha1.WatchLabel))
+	flag.BoolVar(&disableNetworkPeering, "disable-network-peering", false,
+		"Disable the metalnet based network peering. If set to true the network peering is handled externally.")
 
 	opts := zap.Options{
 		Development: true,
@@ -274,10 +278,11 @@ func main() {
 	}
 
 	if err = (&controllers.NetworkReconciler{
-		Client:           mgr.GetClient(),
-		APINetClient:     apiNetCluster.GetClient(),
-		APINetNamespace:  apiNetNamespace,
-		WatchFilterValue: watchFilterValue,
+		Client:                 mgr.GetClient(),
+		APINetClient:           apiNetCluster.GetClient(),
+		APINetNamespace:        apiNetNamespace,
+		WatchFilterValue:       watchFilterValue,
+		NetworkPeeringDisabled: disableNetworkPeering,
 	}).SetupWithManager(mgr, apiNetCluster.GetCache()); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "Network")
 		os.Exit(1)