liqotech · adamjensenbot · Sep 7, 2021 · Sep 6, 2021
diff --git a/apis/config/v1alpha1/clusterconfig_types.go b/apis/config/v1alpha1/clusterconfig_types.go
@@ -29,12 +29,8 @@ type ClusterConfigSpec struct {
 	// AdvertisementConfig defines the configuration for the advertisement protocol.
 	AdvertisementConfig AdvertisementConfig `json:"resourceSharingConfig"`
 	DiscoveryConfig     DiscoveryConfig     `json:"discoveryConfig"`
-	LiqonetConfig       LiqonetConfig       `json:"liqonetConfig"`
 }
 
-// +kubebuilder:validation:Pattern="^([0-9]{1,3}.){3}[0-9]{1,3}(/([0-9]|[1-2][0-9]|3[0-2]))$"
-type CIDR string
-
 // AdvertisementConfig defines the configuration for the advertisement protocol.
 type AdvertisementConfig struct {
 	// OutgoingConfig defines the behavior for the creation of Advertisements on other clusters.
@@ -135,24 +131,6 @@ type DiscoveryConfig struct {
 	AuthServicePort    string `json:"authServicePort,omitempty"`
 }
 
-// LiqonetConfig defines the configuration of the Liqo Networking.
-type LiqonetConfig struct {
-	// This field is used by the IPAM embedded in the tunnelEndpointCreator.
-	// Subnets listed in this field are excluded from the list of possible subnets used for natting POD CIDR.
-	// Add here the subnets already used in your environment as a list in CIDR notation
-	// (e.g. [10.1.0.0/16, 10.200.1.0/24]).
-	ReservedSubnets []CIDR `json:"reservedSubnets"`
-	// The subnet used by the cluster for the pods, in CIDR notation
-	// +kubebuilder:validation:Pattern="^([0-9]{1,3}.){3}[0-9]{1,3}(/([0-9]|[1-2][0-9]|3[0-2]))$"
-	PodCIDR string `json:"podCIDR"`
-	// The subnet used by the cluster for the services, in CIDR notation
-	// +kubebuilder:validation:Pattern="^([0-9]{1,3}.){3}[0-9]{1,3}(/([0-9]|[1-2][0-9]|3[0-2]))$"
-	ServiceCIDR string `json:"serviceCIDR"`
-	// Set of additional user-defined network pools.
-	// Default set of network pools is: [192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12]
-	AdditionalPools []CIDR `json:"additionalPools"`
-}
-
 // ClusterConfigStatus defines the observed state of ClusterConfig.
 type ClusterConfigStatus struct {
 }

diff --git a/apis/config/v1alpha1/zz_generated.deepcopy.go b/apis/config/v1alpha1/zz_generated.deepcopy.go
diff --git a/cmd/liqonet/endpoint-creator-operator.go b/cmd/liqonet/endpoint-creator-operator.go
@@ -1,7 +1,10 @@
 package main
 
 import (
+	"flag"
+	"fmt"
 	"os"
+	"regexp"
 	"sync"
 	"time"
 
@@ -10,15 +13,63 @@ import (
 	"k8s.io/klog/v2"
 	ctrl "sigs.k8s.io/controller-runtime"
 
-	clusterConfig "github.com/liqotech/liqo/apis/config/v1alpha1"
 	"github.com/liqotech/liqo/internal/liqonet/tunnelEndpointCreator"
 	liqoconst "github.com/liqotech/liqo/pkg/consts"
 	liqonetIpam "github.com/liqotech/liqo/pkg/liqonet/ipam"
 	"github.com/liqotech/liqo/pkg/liqonet/utils"
 	"github.com/liqotech/liqo/pkg/mapperUtils"
+	"github.com/liqotech/liqo/pkg/utils/args"
 )
 
-func runEndpointCreatorOperator(commonFlags *liqonetCommonFlags) {
+type networkManagerFlags struct {
+	podCIDR     string
+	serviceCIDR string
+
+	additionalPools args.StringList
+	reservedPools   args.StringList
+}
+
+func addNetworkManagerFlags(managerFlags *networkManagerFlags) {
+	flag.StringVar(&managerFlags.podCIDR, "manager.pod-cidr", "", "The subnet used by the cluster for the pods, in CIDR notation")
+	flag.StringVar(&managerFlags.serviceCIDR, "manager.service-cidr", "", "The subnet used by the cluster for the pods, in services notation")
+	flag.Var(&managerFlags.reservedPools, "manager.reserved-pools",
+		"Private CIDRs slices used by the Kubernetes infrastructure, in addition to the pod and service CIDR (e.g., the node subnet).")
+	flag.Var(&managerFlags.additionalPools, "manager.additional-pools",
+		"Network pools used to map a cluster network into another one in order to prevent conflicts, in addition to standard private CIDRs.")
+}
+
+func validateNetworkManagerFlags(managerFlags *networkManagerFlags) error {
+	cidrRegex := regexp.MustCompile(`^(\d{1,3}.){3}\d{1,3}(/(\d|[12]\d|3[012]))$`)
+
+	if !cidrRegex.MatchString(managerFlags.podCIDR) {
+		return fmt.Errorf("pod CIDR is empty or invalid (%q)", managerFlags.podCIDR)
+	}
+
+	if !cidrRegex.MatchString(managerFlags.serviceCIDR) {
+		return fmt.Errorf("service CIDR is empty or invalid (%q)", managerFlags.serviceCIDR)
+	}
+
+	for _, pool := range managerFlags.reservedPools.StringList {
+		if !cidrRegex.MatchString(pool) {
+			return fmt.Errorf("reserved pool entry empty or invalid (%q)", pool)
+		}
+	}
+
+	for _, pool := range managerFlags.additionalPools.StringList {
+		if !cidrRegex.MatchString(pool) {
+			return fmt.Errorf("additional pool entry empty or invalid (%q)", pool)
+		}
+	}
+
+	return nil
+}
+
+func runEndpointCreatorOperator(commonFlags *liqonetCommonFlags, managerFlags *networkManagerFlags) {
+	if err := validateNetworkManagerFlags(managerFlags); err != nil {
+		klog.Errorf("Failed to parse flags: %s", err)
+		os.Exit(1)
+	}
+
 	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
 		MapperProvider:     mapperUtils.LiqoMapperProvider(scheme),
 		Scheme:             scheme,
@@ -30,11 +81,19 @@ func runEndpointCreatorOperator(commonFlags *liqonetCommonFlags) {
 	}
 	clientset := kubernetes.NewForConfigOrDie(mgr.GetConfig())
 	dynClient := dynamic.NewForConfigOrDie(mgr.GetConfig())
-	ipam := liqonetIpam.NewIPAM()
-	err = ipam.Init(liqonetIpam.Pools, dynClient, liqoconst.NetworkManagerIpamPort)
+
+	ipam, err := initializeIPAM(dynClient, managerFlags)
 	if err != nil {
-		klog.Errorf("cannot init IPAM:%w", err)
+		klog.Errorf("Failed to initialize IPAM: %w", err)
+		os.Exit(1)
 	}
+
+	externalCIDR, err := ipam.GetExternalCIDR(utils.GetMask(managerFlags.podCIDR))
+	if err != nil {
+		klog.Errorf("Failed to initialize the external CIDR: %w", err)
+		os.Exit(1)
+	}
+
 	podNamespace, err := utils.GetPodNamespace()
 	if err != nil {
 		klog.Errorf("unable to get pod namespace: %v", err)
@@ -48,32 +107,59 @@ func runEndpointCreatorOperator(commonFlags *liqonetCommonFlags) {
 		Manager:                    mgr,
 		Namespace:                  podNamespace,
 		WaitConfig:                 &sync.WaitGroup{},
-		ReservedSubnets:            make([]string, 0),
-		AdditionalPools:            make([]string, 0),
 		Configured:                 make(chan bool, 1),
 		ForeignClusterStartWatcher: make(chan bool, 1),
 		ForeignClusterStopWatcher:  make(chan struct{}),
 		IPManager:                  ipam,
 		RetryTimeout:               30 * time.Second,
+
+		PodCIDR:      managerFlags.podCIDR,
+		ExternalCIDR: externalCIDR,
 	}
-	r.WaitConfig.Add(3)
-	// starting configuration watcher
-	config, err := ctrl.GetConfig()
-	if err != nil {
-		klog.Error(err)
-		os.Exit(2)
-	}
-	r.WatchConfiguration(config, &clusterConfig.GroupVersion)
+
+	r.WaitConfig.Add(2)
+
 	if err = r.SetupWithManager(mgr); err != nil {
 		klog.Errorf("unable to create controller controller TunnelEndpointCreator: %s", err)
 		os.Exit(1)
 	}
+
 	go r.StartForeignClusterWatcher()
 	go r.StartServiceWatcher()
 	go r.StartSecretWatcher()
+
 	klog.Info("starting manager as tunnelEndpointCreator-operator")
 	if err := mgr.Start(r.SetupSignalHandlerForTunEndCreator()); err != nil {
 		klog.Errorf("an error occurred while starting manager: %s", err)
 		os.Exit(1)
 	}
 }
+
+func initializeIPAM(client dynamic.Interface, managerFlags *networkManagerFlags) (*liqonetIpam.IPAM, error) {
+	ipam := liqonetIpam.NewIPAM()
+
+	if err := ipam.Init(liqonetIpam.Pools, client, liqoconst.NetworkManagerIpamPort); err != nil {
+		return nil, err
+	}
+
+	if err := ipam.SetPodCIDR(managerFlags.podCIDR); err != nil {
+		return nil, err
+	}
+	if err := ipam.SetServiceCIDR(managerFlags.serviceCIDR); err != nil {
+		return nil, err
+	}
+
+	for _, pool := range managerFlags.additionalPools.StringList {
+		if err := ipam.AddNetworkPool(pool); err != nil {
+			return nil, err
+		}
+	}
+
+	for _, pool := range managerFlags.reservedPools.StringList {
+		if err := ipam.AcquireReservedSubnet(pool); err != nil {
+			return nil, err
+		}
+	}
+
+	return ipam, nil
+}
diff --git a/cmd/liqonet/flags.go b/cmd/liqonet/flags.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"flag"
+	"fmt"
 
 	liqoconst "github.com/liqotech/liqo/pkg/consts"
 )
@@ -14,5 +15,6 @@ type liqonetCommonFlags struct {
 func addCommonFlags(liqonet *liqonetCommonFlags) {
 	flag.StringVar(&liqonet.metricsAddr, "metrics-bind-addr", ":0", "The address the metric endpoint binds to.")
 	flag.StringVar(&liqonet.runAs, "run-as", liqoconst.LiqoGatewayOperatorName,
-		"The accepted values are: liqo-gateway, liqo-route, tunnelEndpointCreator-operator. The default value is \"liqo-gateway\"")
+		fmt.Sprintf("The accepted values are: %q, %q, %q.",
+			liqoconst.LiqoGatewayOperatorName, liqoconst.LiqoRouteOperatorName, liqoconst.LiqoNetworkManagerName))
 }
diff --git a/cmd/liqonet/main.go b/cmd/liqonet/main.go
@@ -47,12 +47,17 @@ func init() {
 
 func main() {
 	klog.InitFlags(nil)
+
 	commonFlags := &liqonetCommonFlags{}
 	routeFlags := &routeOperatorFlags{}
 	gatewayFlags := &gatewayOperatorFlags{}
+	managerFlags := &networkManagerFlags{}
+
 	addCommonFlags(commonFlags)
 	addGatewayOperatorFlags(gatewayFlags)
 	addRouteOperatorFlags(routeFlags)
+	addNetworkManagerFlags(managerFlags)
+
 	flag.Parse()
 
 	switch commonFlags.runAs {
@@ -61,6 +66,6 @@ func main() {
 	case liqoconst.LiqoGatewayOperatorName:
 		runGatewayOperator(commonFlags, gatewayFlags)
 	case liqoconst.LiqoNetworkManagerName:
-		runEndpointCreatorOperator(commonFlags)
+		runEndpointCreatorOperator(commonFlags, managerFlags)
 	}
 }
diff --git a/deployments/liqo/crds/config.liqo.io_clusterconfigs.yaml b/deployments/liqo/crds/config.liqo.io_clusterconfigs.yaml
@@ -91,42 +91,6 @@ spec:
                 - service
                 - ttl
                 type: object
-              liqonetConfig:
-                description: LiqonetConfig defines the configuration of the Liqo Networking.
-                properties:
-                  additionalPools:
-                    description: 'Set of additional user-defined network pools. Default
-                      set of network pools is: [192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12]'
-                    items:
-                      pattern: ^([0-9]{1,3}.){3}[0-9]{1,3}(/([0-9]|[1-2][0-9]|3[0-2]))$
-                      type: string
-                    type: array
-                  podCIDR:
-                    description: The subnet used by the cluster for the pods, in CIDR
-                      notation
-                    pattern: ^([0-9]{1,3}.){3}[0-9]{1,3}(/([0-9]|[1-2][0-9]|3[0-2]))$
-                    type: string
-                  reservedSubnets:
-                    description: This field is used by the IPAM embedded in the tunnelEndpointCreator.
-                      Subnets listed in this field are excluded from the list of possible
-                      subnets used for natting POD CIDR. Add here the subnets already
-                      used in your environment as a list in CIDR notation (e.g. [10.1.0.0/16,
-                      10.200.1.0/24]).
-                    items:
-                      pattern: ^([0-9]{1,3}.){3}[0-9]{1,3}(/([0-9]|[1-2][0-9]|3[0-2]))$
-                      type: string
-                    type: array
-                  serviceCIDR:
-                    description: The subnet used by the cluster for the services,
-                      in CIDR notation
-                    pattern: ^([0-9]{1,3}.){3}[0-9]{1,3}(/([0-9]|[1-2][0-9]|3[0-2]))$
-                    type: string
-                required:
-                - additionalPools
-                - podCIDR
-                - reservedSubnets
-                - serviceCIDR
-                type: object
               resourceSharingConfig:
                 description: AdvertisementConfig defines the configuration for the
                   advertisement protocol.
@@ -219,7 +183,6 @@ spec:
                 type: object
             required:
             - discoveryConfig
-            - liqonetConfig
             - resourceSharingConfig
             type: object
           status:

diff --git a/deployments/liqo/templates/clusterconfig.yaml b/deployments/liqo/templates/clusterconfig.yaml
@@ -30,5 +30,3 @@ spec:
     {{- else if .Values.auth.ingress.enable }}
     authServicePort: "443"
     {{- end }}
-  liqonetConfig:
-    {{- .Values.networkManager.config | toYaml | nindent 4 }}
diff --git a/deployments/liqo/templates/liqo-network-manager-deployment.yaml b/deployments/liqo/templates/liqo-network-manager-deployment.yaml
@@ -33,7 +33,17 @@ spec:
             - name: ipam-api
               containerPort: 6000
           args:
-            - --run-as=tunnelEndpointCreator-operator
+            - --run-as=liqo-network-manager
+            - --manager.pod-cidr={{ .Values.networkManager.config.podCIDR }}
+            - --manager.service-cidr={{ .Values.networkManager.config.serviceCIDR }}
+            {{- if .Values.networkManager.config.reservedSubnets }}
+            {{- $d := dict "commandName" "--manager.reserved-pools" "list" .Values.networkManager.config.reservedSubnets }}
+            {{- include "liqo.concatenateList" $d | nindent 12 }}
+            {{- end }}
+            {{- if .Values.networkManager.config.additionalPools }}
+            {{- $d := dict "commandName" "--manager.additional-pools" "list" .Values.networkManager.config.additionalPools }}
+            {{- include "liqo.concatenateList" $d | nindent 12 }}
+            {{- end }}
             {{- if .Values.networkManager.pod.extraArgs }}
             {{- toYaml .Values.networkManager.pod.extraArgs | nindent 12 }}
             {{- end }}