feat: add support for multi-doc VLAN config

Fixes #10961

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>

Author: smira

internal/app/machined/pkg/controllers/network/link_config.go

@@ -443,6 +443,8 @@ func (ctrl *LinkConfigController) processLinkConfigs(logger *zap.Logger, linkMap
 			// nothing specific for physical links
 		case talosconfig.NetworkDummyLinkConfig:
 			dummyLink(linkMap[linkName])
+		case talosconfig.NetworkVLANConfig:
+			vlanLink(linkMap[linkName], linkName, specificLinkConfig.ParentLink(), networkVLANConfigToVlaner{specificLinkConfig})
 		default:
 			logger.Error("unknown link config type", zap.String("linkName", linkName), zap.String("type", fmt.Sprintf("%T", specificLinkConfig)))
 		}
@@ -465,20 +467,37 @@ func (ctrl *LinkConfigController) processLinkConfigs(logger *zap.Logger, linkMap
 
 type vlaner interface {
 	ID() uint16
-	MTU() uint32
+	Mode() nethelpers.VLANProtocol
+}
+
+type networkVLANConfigToVlaner struct {
+	talosconfig.NetworkVLANConfig
+}
+
+func (v networkVLANConfigToVlaner) ID() uint16 {
+	return v.VLANID()
+}
+
+func (v networkVLANConfigToVlaner) Mode() nethelpers.VLANProtocol {
+	return v.VLANMode().ValueOr(nethelpers.VLANProtocol8021Q)
 }
 
 func vlanLink(link *network.LinkSpecSpec, vlanName, linkName string, vlan vlaner) {
 	link.Name = vlanName
 	link.Logical = true
 	link.Up = true
-	link.MTU = vlan.MTU()
+
+	// only legacy config specifies MTUs on VLANs this way
+	if mtuConfig, ok := vlan.(interface{ MTU() uint32 }); ok {
+		link.MTU = mtuConfig.MTU()
+	}
+
 	link.Kind = network.LinkKindVLAN
 	link.Type = nethelpers.LinkEther
 	link.ParentName = linkName
 	link.VLAN = network.VLANSpec{
 		VID:      vlan.ID(),
-		Protocol: nethelpers.VLANProtocol8021Q,
+		Protocol: vlan.Mode(),
 	}
 }
 

internal/app/machined/pkg/controllers/network/link_config_test.go

@@ -2,7 +2,7 @@
 // License, v. 2.0. If a copy of the MPL was not distributed with this
 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
-//nolint:goconst
+//nolint:goconst,dupl
 package network_test
 
 import (
@@ -469,7 +469,14 @@ func (suite *LinkConfigSuite) TestMachineConfigurationNewStyle() {
 	dc1.HardwareAddressConfig = nethelpers.HardwareAddr{0x02, 0x42, 0xac, 0x11, 0x00, 0x02}
 	dc1.LinkUp = pointer.To(true)
 
-	ctr, err := container.New(dc1, lc1)
+	vl1 := networkcfg.NewVLANConfigV1Alpha1("dummy1.100")
+	vl1.VLANIDConfig = 100
+	vl1.ParentLinkConfig = "dummy1"
+	vl1.VLANModeConfig = pointer.To(nethelpers.VLANProtocol8021AD)
+	vl1.LinkMTU = 200
+	vl1.LinkUp = pointer.To(true)
+
+	ctr, err := container.New(dc1, lc1, vl1)
 	suite.Require().NoError(err)
 
 	cfg := config.NewMachineConfig(ctr)
@@ -494,6 +501,7 @@ func (suite *LinkConfigSuite) TestMachineConfigurationNewStyle() {
 		[]string{
 			"configuration/eth0",
 			"configuration/dummy1",
+			"configuration/dummy1.100",
 		}, func(r *network.LinkSpec, asrt *assert.Assertions) {
 			asrt.Equal(network.ConfigMachineConfiguration, r.TypedSpec().ConfigLayer)
 
@@ -507,6 +515,15 @@ func (suite *LinkConfigSuite) TestMachineConfigurationNewStyle() {
 				asrt.True(r.TypedSpec().Logical)
 				asrt.Equal(nethelpers.LinkEther, r.TypedSpec().Type)
 				asrt.Equal("dummy", r.TypedSpec().Kind)
+			case "dummy1.100":
+				asrt.True(r.TypedSpec().Up)
+				asrt.True(r.TypedSpec().Logical)
+				asrt.Equal(nethelpers.LinkEther, r.TypedSpec().Type)
+				asrt.Equal(network.LinkKindVLAN, r.TypedSpec().Kind)
+				asrt.Equal("dummy1", r.TypedSpec().ParentName)
+				asrt.Equal(nethelpers.VLANProtocol8021AD, r.TypedSpec().VLAN.Protocol)
+				asrt.EqualValues(100, r.TypedSpec().VLAN.VID)
+				asrt.EqualValues(200, r.TypedSpec().MTU)
 			}
 		},
 	)

internal/integration/api/network-config.go

@@ -301,8 +301,6 @@ func (suite *NetworkConfigSuite) TestLinkAliasConfig() {
 
 // TestVirtualIPConfig tests configuring virtual IPs.
 func (suite *NetworkConfigSuite) TestVirtualIPConfig() {
-	suite.T().Skip("[TODO]: this test causes kube-apiserver to restart causing random failure")
-
 	if suite.Cluster == nil || suite.Cluster.Provisioner() != base.ProvisionerQEMU {
 		suite.T().Skip("skipping if cluster is not qemu")
 	}
@@ -328,12 +326,13 @@ func (suite *NetworkConfigSuite) TestVirtualIPConfig() {
 
 	suite.Require().NotEmpty(linkName, "expected to find at least one physical link")
 
-	virtualIP := "fd13:1234::34"
+	// using link-local address to avoid kube-apiserver picking it up
+	virtualIP := "169.254.100.100"
 
 	cfg := network.NewLayer2VIPConfigV1Alpha1(virtualIP)
 	cfg.LinkName = linkName
 
-	addressID := linkName + "/" + virtualIP + "/128"
+	addressID := linkName + "/" + virtualIP + "/32"
 
 	suite.PatchMachineConfig(nodeCtx, cfg)
 
@@ -348,6 +347,88 @@ func (suite *NetworkConfigSuite) TestVirtualIPConfig() {
 	rtestutils.AssertNoResource[*networkres.AddressStatus](nodeCtx, suite.T(), suite.Client.COSI, addressID)
 }
 
+// TestVLANConfig tests creation of VLAN interfaces.
+func (suite *NetworkConfigSuite) TestVLANConfig() {
+	if suite.Cluster == nil {
+		suite.T().Skip("skipping if cluster is not qemu/docker")
+	}
+
+	node := suite.RandomDiscoveredNodeInternalIP(machine.TypeWorker)
+	nodeCtx := client.WithNode(suite.ctx, node)
+
+	suite.T().Logf("testing on node %q", node)
+
+	dummyName := fmt.Sprintf("dummy%d", rand.IntN(10000))
+
+	dummy := network.NewDummyLinkConfigV1Alpha1(dummyName)
+	dummy.LinkUp = pointer.To(true)
+	dummy.LinkMTU = 9000
+
+	vlanName := dummyName + ".v"
+
+	vlan := network.NewVLANConfigV1Alpha1(vlanName)
+	vlan.VLANIDConfig = 100
+	vlan.LinkMTU = 2000
+	vlan.ParentLinkConfig = dummyName
+	vlan.LinkAddresses = []network.AddressConfig{
+		{
+			AddressAddress:  netip.MustParsePrefix("fd13:1234::1/64"),
+			AddressPriority: pointer.To[uint32](100),
+		},
+	}
+	vlan.LinkRoutes = []network.RouteConfig{
+		{
+			RouteDestination: network.Prefix{Prefix: netip.MustParsePrefix("fd13:1235::/64")},
+			RouteGateway:     network.Addr{Addr: netip.MustParseAddr("fd13:1234::ffff")},
+		},
+	}
+
+	addressID := vlanName + "/fd13:1234::1/64"
+	routeID := vlanName + "/inet6/fd13:1234::ffff/fd13:1235::/64/1024"
+	addressRouteID := vlanName + "/inet6//fd13:1234::/64/100"
+
+	suite.PatchMachineConfig(nodeCtx, dummy, vlan)
+
+	rtestutils.AssertResource(nodeCtx, suite.T(), suite.Client.COSI, dummyName,
+		func(link *networkres.LinkStatus, asrt *assert.Assertions) {
+			asrt.Equal("dummy", link.TypedSpec().Kind)
+			asrt.Equal(dummy.LinkMTU, link.TypedSpec().MTU)
+		},
+	)
+
+	rtestutils.AssertResource(nodeCtx, suite.T(), suite.Client.COSI, vlanName,
+		func(link *networkres.LinkStatus, asrt *assert.Assertions) {
+			asrt.Equal("vlan", link.TypedSpec().Kind)
+			asrt.Equal(vlan.LinkMTU, link.TypedSpec().MTU)
+			asrt.NotZero(link.TypedSpec().LinkIndex)
+			asrt.Equal(vlan.VLANIDConfig, link.TypedSpec().VLAN.VID)
+			asrt.Equal(nethelpers.VLANProtocol8021Q, link.TypedSpec().VLAN.Protocol)
+		},
+	)
+
+	rtestutils.AssertResource(nodeCtx, suite.T(), suite.Client.COSI, addressID,
+		func(addr *networkres.AddressStatus, asrt *assert.Assertions) {
+			asrt.Equal(vlanName, addr.TypedSpec().LinkName)
+		},
+	)
+
+	rtestutils.AssertResources(nodeCtx, suite.T(), suite.Client.COSI,
+		[]resource.ID{routeID, addressRouteID},
+		func(route *networkres.RouteStatus, asrt *assert.Assertions) {
+			asrt.Equal(vlanName, route.TypedSpec().OutLinkName)
+		},
+	)
+
+	suite.RemoveMachineConfigDocumentsByName(nodeCtx, network.VLANKind, vlanName)
+	suite.RemoveMachineConfigDocumentsByName(nodeCtx, network.DummyLinkKind, dummyName)
+
+	rtestutils.AssertNoResource[*networkres.LinkStatus](nodeCtx, suite.T(), suite.Client.COSI, dummyName)
+	rtestutils.AssertNoResource[*networkres.LinkStatus](nodeCtx, suite.T(), suite.Client.COSI, vlanName)
+	rtestutils.AssertNoResource[*networkres.AddressStatus](nodeCtx, suite.T(), suite.Client.COSI, addressID)
+	rtestutils.AssertNoResource[*networkres.RouteStatus](nodeCtx, suite.T(), suite.Client.COSI, addressRouteID)
+	rtestutils.AssertNoResource[*networkres.RouteStatus](nodeCtx, suite.T(), suite.Client.COSI, routeID)
+}
+
 func init() {
 	allSuites = append(allSuites, new(NetworkConfigSuite))
 }

pkg/machinery/config/config/machine.go

@@ -284,6 +284,7 @@ type Vlan interface {
 	DHCP() bool
 	ID() uint16
 	MTU() uint32
+	Mode() nethelpers.VLANProtocol
 	VIPConfig() VIPConfig
 	DHCPOptions() DHCPOptions
 }

pkg/machinery/config/config/network.go

@@ -209,3 +209,13 @@ type NetworkHCloudVIPConfig interface {
 	NetworkVirtualIPConfig
 	HCloudAPIToken() string
 }
+
+// NetworkVLANConfig defines a VLAN link configuration.
+type NetworkVLANConfig interface {
+	NamedDocument
+	NetworkCommonLinkConfig
+	VLANConfig()
+	VLANID() uint16
+	ParentLink() string
+	VLANMode() optional.Optional[nethelpers.VLANProtocol]
+}

pkg/machinery/config/schemas/config.schema.json

@@ -1763,6 +1763,103 @@
       ],
       "description": "StaticHostConfig is a config document to set /etc/hosts entries."
     },
+    "network.VLANConfigV1Alpha1": {
+      "properties": {
+        "apiVersion": {
+          "enum": [
+            "v1alpha1"
+          ],
+          "title": "apiVersion",
+          "description": "apiVersion is the API version of the resource.\n",
+          "markdownDescription": "apiVersion is the API version of the resource.",
+          "x-intellij-html-description": "\u003cp\u003eapiVersion is the API version of the resource.\u003c/p\u003e\n"
+        },
+        "kind": {
+          "enum": [
+            "VLANConfig"
+          ],
+          "title": "kind",
+          "description": "kind is the kind of the resource.\n",
+          "markdownDescription": "kind is the kind of the resource.",
+          "x-intellij-html-description": "\u003cp\u003ekind is the kind of the resource.\u003c/p\u003e\n"
+        },
+        "name": {
+          "type": "string",
+          "title": "name",
+          "description": "Name of the VLAN link (interface) to be created.\n",
+          "markdownDescription": "Name of the VLAN link (interface) to be created.",
+          "x-intellij-html-description": "\u003cp\u003eName of the VLAN link (interface) to be created.\u003c/p\u003e\n"
+        },
+        "vlanID": {
+          "type": "integer",
+          "title": "vlanID",
+          "description": "VLAN ID to be used for the VLAN link.\n",
+          "markdownDescription": "VLAN ID to be used for the VLAN link.",
+          "x-intellij-html-description": "\u003cp\u003eVLAN ID to be used for the VLAN link.\u003c/p\u003e\n"
+        },
+        "vlanMode": {
+          "enum": [
+            "802.1q",
+            "802.1ad"
+          ],
+          "title": "vlanMode",
+          "description": "Set the VLAN mode to use.\nIf not set, defaults to ‘802.1q’.\n",
+          "markdownDescription": "Set the VLAN mode to use.\nIf not set, defaults to '802.1q'.",
+          "x-intellij-html-description": "\u003cp\u003eSet the VLAN mode to use.\nIf not set, defaults to \u0026lsquo;802.1q\u0026rsquo;.\u003c/p\u003e\n"
+        },
+        "parent": {
+          "type": "string",
+          "title": "parent",
+          "description": "Name of the parent link (interface) on which the VLAN link will be created.\n",
+          "markdownDescription": "Name of the parent link (interface) on which the VLAN link will be created.",
+          "x-intellij-html-description": "\u003cp\u003eName of the parent link (interface) on which the VLAN link will be created.\u003c/p\u003e\n"
+        },
+        "up": {
+          "type": "boolean",
+          "title": "up",
+          "description": "Bring the link up or down.\n\nIf not specified, the link will be brought up.\n",
+          "markdownDescription": "Bring the link up or down.\n\nIf not specified, the link will be brought up.",
+          "x-intellij-html-description": "\u003cp\u003eBring the link up or down.\u003c/p\u003e\n\n\u003cp\u003eIf not specified, the link will be brought up.\u003c/p\u003e\n"
+        },
+        "mtu": {
+          "type": "integer",
+          "title": "mtu",
+          "description": "Configure LinkMTU (Maximum Transmission Unit) for the link.\n\nIf not specified, the system default LinkMTU will be used (usually 1500).\n",
+          "markdownDescription": "Configure LinkMTU (Maximum Transmission Unit) for the link.\n\nIf not specified, the system default LinkMTU will be used (usually 1500).",
+          "x-intellij-html-description": "\u003cp\u003eConfigure LinkMTU (Maximum Transmission Unit) for the link.\u003c/p\u003e\n\n\u003cp\u003eIf not specified, the system default LinkMTU will be used (usually 1500).\u003c/p\u003e\n"
+        },
+        "addresses": {
+          "items": {
+            "$ref": "#/$defs/network.AddressConfig"
+          },
+          "type": "array",
+          "title": "addresses",
+          "description": "Configure addresses to be statically assigned to the link.\n",
+          "markdownDescription": "Configure addresses to be statically assigned to the link.",
+          "x-intellij-html-description": "\u003cp\u003eConfigure addresses to be statically assigned to the link.\u003c/p\u003e\n"
+        },
+        "routes": {
+          "items": {
+            "$ref": "#/$defs/network.RouteConfig"
+          },
+          "type": "array",
+          "title": "routes",
+          "description": "Configure routes to be statically created via the link.\n",
+          "markdownDescription": "Configure routes to be statically created via the link.",
+          "x-intellij-html-description": "\u003cp\u003eConfigure routes to be statically created via the link.\u003c/p\u003e\n"
+        }
+      },
+      "additionalProperties": false,
+      "type": "object",
+      "required": [
+        "apiVersion",
+        "kind",
+        "name",
+        "parent",
+        "vlanID"
+      ],
+      "description": "VLANConfig is a config document to create a VLAN (virtual LAN) over a parent link."
+    },
     "runtime.EventSinkV1Alpha1": {
       "properties": {
         "apiVersion": {
@@ -5001,6 +5098,9 @@
     {
       "$ref": "#/$defs/network.StaticHostConfigV1Alpha1"
     },
+    {
+      "$ref": "#/$defs/network.VLANConfigV1Alpha1"
+    },
     {
       "$ref": "#/$defs/runtime.EventSinkV1Alpha1"
     },

pkg/machinery/config/types/network/deep_copy.generated.go

@@ -40,6 +40,7 @@ func conflictingLinkKinds(selfKind string) []string {
 	return xslices.Filter([]string{
 		DummyLinkKind,
 		LinkKind,
+		VLANKind,
 	}, func(kind string) bool {
 		return kind != selfKind
 	})