From c1c835b5c545fe55fe4ab308d1a79357987fcd4b Mon Sep 17 00:00:00 2001 From: Aswin Suryanarayanan Date: Fri, 6 Dec 2024 14:55:35 -0500 Subject: [PATCH] Add custom VPC support in GCP Signed-off-by: Aswin Suryanarayanan --- pkg/gcp/cloud_info.go | 10 ++++++---- pkg/gcp/firewall_rules.go | 12 ++++++------ pkg/gcp/gcp.go | 17 ++++++++++++++--- pkg/gcp/gw-machineset.go | 4 ++-- pkg/gcp/ocpgwdeployer.go | 18 ++++++++++++++++-- 5 files changed, 44 insertions(+), 17 deletions(-) diff --git a/pkg/gcp/cloud_info.go b/pkg/gcp/cloud_info.go index 81ccaf2e..157225e8 100644 --- a/pkg/gcp/cloud_info.go +++ b/pkg/gcp/cloud_info.go @@ -26,10 +26,12 @@ import ( ) type CloudInfo struct { - InfraID string - Region string - ProjectID string - Client gcpclient.Interface + InfraID string + Region string + ProjectID string + VpcName string + PublicSubnetName string + Client gcpclient.Interface } // Open expected ports by creating related firewall rule. diff --git a/pkg/gcp/firewall_rules.go b/pkg/gcp/firewall_rules.go index 93d82f5b..b71e8eab 100644 --- a/pkg/gcp/firewall_rules.go +++ b/pkg/gcp/firewall_rules.go @@ -33,13 +33,13 @@ const ( submarinerGatewayNodeTag = "submariner-io-gateway-node" ) -func newExternalFirewallRules(projectID, infraID string, ports []api.PortSpec) *compute.Firewall { +func newExternalFirewallRules(projectID, infraID, network string, ports []api.PortSpec) *compute.Firewall { ingressName := generateRuleName(infraID, publicPortsRuleName) // We want the external firewall rules to be applied only to Gateway nodes. So, we use the TargetTags // field and include submarinerGatewayNodeTag for selection of Gateway nodes. All the Submariner Gateway // instances will be tagged with submarinerGatewayNodeTag. - ingressRule := newFirewallRule(projectID, infraID, ingressName, ingressDirection, ports) + ingressRule := newFirewallRule(projectID, ingressName, ingressDirection, network, ports) ingressRule.TargetTags = []string{ submarinerGatewayNodeTag, } @@ -47,10 +47,10 @@ func newExternalFirewallRules(projectID, infraID string, ports []api.PortSpec) * return ingressRule } -func newInternalFirewallRule(projectID, infraID string, ports []api.PortSpec) *compute.Firewall { +func newInternalFirewallRule(projectID, infraID, network string, ports []api.PortSpec) *compute.Firewall { ingressName := generateRuleName(infraID, internalPortsRuleName) - rule := newFirewallRule(projectID, infraID, ingressName, ingressDirection, ports) + rule := newFirewallRule(projectID, ingressName, ingressDirection, network, ports) rule.TargetTags = []string{ infraID + "-worker", infraID + "-master", @@ -63,7 +63,7 @@ func newInternalFirewallRule(projectID, infraID string, ports []api.PortSpec) *c return rule } -func newFirewallRule(projectID, infraID, name, direction string, ports []api.PortSpec) *compute.Firewall { +func newFirewallRule(projectID, name, direction, network string, ports []api.PortSpec) *compute.Firewall { allowedPorts := []*compute.FirewallAllowed{} for _, port := range ports { @@ -79,7 +79,7 @@ func newFirewallRule(projectID, infraID, name, direction string, ports []api.Por return &compute.Firewall{ Name: name, - Network: fmt.Sprintf("projects/%s/global/networks/%s-network", projectID, infraID), + Network: fmt.Sprintf("projects/%s/global/networks/%s", projectID, network), Direction: direction, Allowed: allowedPorts, } diff --git a/pkg/gcp/gcp.go b/pkg/gcp/gcp.go index 559da8e1..f9e8d06d 100644 --- a/pkg/gcp/gcp.go +++ b/pkg/gcp/gcp.go @@ -31,8 +31,19 @@ type gcpCloud struct { } // NewCloud creates a new api.Cloud instance which can prepare GCP for Submariner to be deployed on it. -func NewCloud(info CloudInfo) api.Cloud { - return &gcpCloud{CloudInfo: info} +func NewCloud(info CloudInfo, //nolint: gocritic //Ignore 'hugeParam' - pass by value for CloudInfo is intentional. +) api.Cloud { + gcpCloud := &gcpCloud{CloudInfo: info} + + if gcpCloud.VpcName == "" { + gcpCloud.VpcName = info.InfraID + "-network" + } + + if gcpCloud.PublicSubnetName == "" { + gcpCloud.PublicSubnetName = info.InfraID + "-worker-subnet" + } + + return gcpCloud } func (gc *gcpCloud) OpenPorts(ports []api.PortSpec, status reporter.Interface) error { @@ -40,7 +51,7 @@ func (gc *gcpCloud) OpenPorts(ports []api.PortSpec, status reporter.Interface) e status.Start("Opening internal ports %q for intra-cluster communications on GCP", formatPorts(ports)) defer status.End() - internalIngress := newInternalFirewallRule(gc.ProjectID, gc.InfraID, ports) + internalIngress := newInternalFirewallRule(gc.ProjectID, gc.InfraID, gc.VpcName, ports) if err := gc.openPorts(internalIngress); err != nil { return status.Error(err, "unable to open ports") } diff --git a/pkg/gcp/gw-machineset.go b/pkg/gcp/gw-machineset.go index 7cbc13bb..a16f1c87 100644 --- a/pkg/gcp/gw-machineset.go +++ b/pkg/gcp/gw-machineset.go @@ -64,8 +64,8 @@ spec: machineType: {{.InstanceType}} metadata: networkInterfaces: - - network: {{.InfraID}}-network - subnetwork: {{.InfraID}}-worker-subnet + - network: {{.VpcNetworkName}} + subnetwork: {{.PublicSubnetName}} publicIP: true projectID: {{.ProjectID}} region: {{.Region}} diff --git a/pkg/gcp/ocpgwdeployer.go b/pkg/gcp/ocpgwdeployer.go index d6b07d95..4e2f9946 100644 --- a/pkg/gcp/ocpgwdeployer.go +++ b/pkg/gcp/ocpgwdeployer.go @@ -44,9 +44,19 @@ type ocpGatewayDeployer struct { } // NewOcpGatewayDeployer returns a GatewayDeployer capable of deploying gateways using OCP. -func NewOcpGatewayDeployer(info CloudInfo, msDeployer ocp.MachineSetDeployer, instanceType, image string, + +func NewOcpGatewayDeployer(info CloudInfo, //nolint: gocritic // Ignore 'hugeParam' - pass by value for CloudInfo is intentional. + msDeployer ocp.MachineSetDeployer, instanceType, image string, k8sClient k8s.Interface, ) api.GatewayDeployer { + if info.VpcName == "" { + info.VpcName = info.InfraID + "-network" + } + + if info.PublicSubnetName == "" { + info.PublicSubnetName = info.InfraID + "-worker-subnet" + } + return &ocpGatewayDeployer{ CloudInfo: info, msDeployer: msDeployer, @@ -60,7 +70,7 @@ func (d *ocpGatewayDeployer) Deploy(input api.GatewayDeployInput, status reporte status.Start("Configuring the required firewall rules for inter-cluster traffic") defer status.End() - externalIngress := newExternalFirewallRules(d.ProjectID, d.InfraID, input.PublicPorts) + externalIngress := newExternalFirewallRules(d.ProjectID, d.InfraID, d.VpcName, input.PublicPorts) if err := d.openPorts(externalIngress); err != nil { return status.Error(err, "error creating firewall rule %q", externalIngress.Name) } @@ -166,6 +176,8 @@ type machineSetConfig struct { Region string Image string SubmarinerGWNodeTag string + VpcNetworkName string + PublicSubnetName string } func (d *ocpGatewayDeployer) loadGatewayYAML(zone, image string) ([]byte, error) { @@ -184,6 +196,8 @@ func (d *ocpGatewayDeployer) loadGatewayYAML(zone, image string) ([]byte, error) Region: d.Region, Image: image, SubmarinerGWNodeTag: submarinerGatewayNodeTag, + VpcNetworkName: d.VpcName, + PublicSubnetName: d.PublicSubnetName, } err = tpl.Execute(&buf, tplVars)