Merge pull request #589 from ScheererJ/network-webhook/disable-overla…

…y-network Create shoot cluster per default without overlay network for kubernetes >= 1.22.
gardener · Sep 1, 2022 · 826b0b0 · 826b0b0
2 parents 90d57a1 + 0262b79
commit 826b0b0
Show file tree

Hide file tree

Showing 25 changed files with 1,898 additions and 0 deletions.
diff --git a/go.mod b/go.mod
@@ -10,6 +10,7 @@ require (
 	github.com/coreos/go-systemd/v22 v22.3.2
 	github.com/gardener/etcd-druid v0.9.0
 	github.com/gardener/gardener v1.53.0
+	github.com/gardener/gardener-extension-networking-calico v1.25.0
 	github.com/gardener/machine-controller-manager v0.45.0
 	github.com/go-logr/logr v1.2.3
 	github.com/golang/mock v1.6.0

diff --git a/go.sum b/go.sum
@@ -212,6 +212,8 @@ github.com/gardener/external-dns-management v0.7.18 h1:15uIyFfZSbR8fivnXvqb1Dvv4
 github.com/gardener/external-dns-management v0.7.18/go.mod h1:oHhauLQ3/sop0c1urS6n304Wqv/WM4me0geLn9nTAcY=
 github.com/gardener/gardener v1.53.0 h1:SffBCuyxcPlveZkxFuek+sVwMeF2F5wEjD8F6+EiNvE=
 github.com/gardener/gardener v1.53.0/go.mod h1:O+59kTQavqxX5nr5jyHqD6o4JxIukHMaW2t5BLiXqmc=
+github.com/gardener/gardener-extension-networking-calico v1.25.0 h1:mkdroxXFkMDNgX0wMrqGWKBGuB4YaXnNFIJFSgeyyCk=
+github.com/gardener/gardener-extension-networking-calico v1.25.0/go.mod h1:A6pG11WJwT0WD7fY6nNupfm/w9YNla7P9YTcC/Baz5I=
 github.com/gardener/hvpa-controller/api v0.5.0 h1:f4F3O7YUrenwh4S3TgPREPiB287JjjUiUL18OqPLyAA=
 github.com/gardener/hvpa-controller/api v0.5.0/go.mod h1:QQl3ELkCaki+8RhXl0FZMfvnm0WCGwGJlGmrxJj6lvM=
 github.com/gardener/machine-controller-manager v0.45.0 h1:rpf0PHRXJMGY93oMruNP+tnMawKJXhhzCACyNJsT8Lo=

diff --git a/pkg/cmd/options.go b/pkg/cmd/options.go
@@ -28,6 +28,7 @@ import (
 	workercontroller "github.com/gardener/gardener-extension-provider-aws/pkg/controller/worker"
 	controlplanewebhook "github.com/gardener/gardener-extension-provider-aws/pkg/webhook/controlplane"
 	controlplaneexposurewebhook "github.com/gardener/gardener-extension-provider-aws/pkg/webhook/controlplaneexposure"
+	networkwebhook "github.com/gardener/gardener-extension-provider-aws/pkg/webhook/network"
 	shootwebhook "github.com/gardener/gardener-extension-provider-aws/pkg/webhook/shoot"
 
 	extensionsbackupbucketcontroller "github.com/gardener/gardener/extensions/pkg/controller/backupbucket"
@@ -42,6 +43,7 @@ import (
 	extensionsworkercontroller "github.com/gardener/gardener/extensions/pkg/controller/worker"
 	webhookcmd "github.com/gardener/gardener/extensions/pkg/webhook/cmd"
 	extensioncontrolplanewebhook "github.com/gardener/gardener/extensions/pkg/webhook/controlplane"
+	extensionsnetworkwebhook "github.com/gardener/gardener/extensions/pkg/webhook/network"
 	extensionshootwebhook "github.com/gardener/gardener/extensions/pkg/webhook/shoot"
 	"github.com/spf13/pflag"
 	"golang.org/x/time/rate"
@@ -75,6 +77,7 @@ func ControllerSwitchOptions() *controllercmd.SwitchOptions {
 // WebhookSwitchOptions are the webhookcmd.SwitchOptions for the provider webhooks.
 func WebhookSwitchOptions() *webhookcmd.SwitchOptions {
 	return webhookcmd.NewSwitchOptions(
+		webhookcmd.Switch(extensionsnetworkwebhook.WebhookName, networkwebhook.AddToManager),
 		webhookcmd.Switch(extensioncontrolplanewebhook.WebhookName, controlplanewebhook.AddToManager),
 		webhookcmd.Switch(extensioncontrolplanewebhook.ExposureWebhookName, controlplaneexposurewebhook.AddToManager),
 		webhookcmd.Switch(extensionshootwebhook.WebhookName, shootwebhook.AddToManager),

diff --git a/pkg/webhook/network/add.go b/pkg/webhook/network/add.go
@@ -0,0 +1,41 @@
+// Copyright (c) 2022 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package network
+
+import (
+	"github.com/gardener/gardener-extension-provider-aws/pkg/aws"
+
+	"github.com/gardener/gardener-extension-networking-calico/pkg/calico"
+	extensionswebhook "github.com/gardener/gardener/extensions/pkg/webhook"
+	"github.com/gardener/gardener/extensions/pkg/webhook/network"
+	extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1"
+	"sigs.k8s.io/controller-runtime/pkg/log"
+	"sigs.k8s.io/controller-runtime/pkg/manager"
+)
+
+var logger = log.Log.WithName("networking-calico-webhook")
+
+// AddToManager creates a webhook and adds it to the manager.
+func AddToManager(mgr manager.Manager) (*extensionswebhook.Webhook, error) {
+	logger.Info("Adding webhook to manager")
+	return network.New(mgr, network.Args{
+		CloudProvider:   aws.Type,
+		NetworkProvider: calico.Type,
+		Types: []extensionswebhook.Type{
+			{Obj: &extensionsv1alpha1.Network{}},
+		},
+		Mutator: NewMutator(logger),
+	})
+}
diff --git a/pkg/webhook/network/mutate.go b/pkg/webhook/network/mutate.go
@@ -0,0 +1,121 @@
+// Copyright (c) 2022 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package network
+
+import (
+	"context"
+
+	extensionswebhook "github.com/gardener/gardener/extensions/pkg/webhook"
+	"github.com/go-logr/logr"
+
+	calicov1alpha1 "github.com/gardener/gardener-extension-networking-calico/pkg/apis/calico/v1alpha1"
+	calicov1alpha1helper "github.com/gardener/gardener-extension-networking-calico/pkg/apis/calico/v1alpha1/helper"
+	"github.com/gardener/gardener/extensions/pkg/webhook/network"
+	extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1"
+	"github.com/gardener/gardener/pkg/extensions"
+	versionutils "github.com/gardener/gardener/pkg/utils/version"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/utils/pointer"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+// NewMutator creates a new network mutator.
+func NewMutator(logger logr.Logger) extensionswebhook.Mutator {
+	mutator := &mutator{}
+	mutator.mutator = network.NewMutator(logger, mutator.mutateNetworkConfig)
+	return mutator
+}
+
+type mutator struct {
+	client  client.Client
+	mutator extensionswebhook.Mutator
+}
+
+// InjectClient injects the given client into the mutator.
+func (m *mutator) InjectClient(client client.Client) error {
+	m.client = client
+	return nil
+}
+
+// Mutate validates and if needed mutates the given object.
+func (m *mutator) Mutate(ctx context.Context, new, old client.Object) error {
+	return m.mutator.Mutate(ctx, new, old)
+}
+
+func (m *mutator) mutateNetworkConfig(new, old *extensionsv1alpha1.Network) error {
+	extensionswebhook.LogMutation(logger, "Network", new.Namespace, new.Name)
+
+	var (
+		networkConfig *calicov1alpha1.NetworkConfig
+		ipv4          = calicov1alpha1.IPv4{Mode: (*calicov1alpha1.IPv4PoolMode)(pointer.StringPtr(string(calicov1alpha1.Never)))}
+		backendNone   = calicov1alpha1.None
+		ipv4PoolMode  = calicov1alpha1.Never
+		err           error
+	)
+
+	// do network resource update only for a create operation
+	if old != nil {
+		return nil
+	}
+
+	// source/destination checks are only disabled for kubernetes >= 1.22
+	// see https://github.com/gardener/machine-controller-manager-provider-aws/issues/36 for details
+	if greaterEqual122, err := m.isKubernetesGreaterOrEqual122(new.Namespace); err != nil {
+		return err
+	} else if !greaterEqual122 {
+		return nil
+	}
+
+	if new.Spec.ProviderConfig != nil {
+		networkConfig, err = calicov1alpha1helper.CalicoNetworkConfigFromNetworkResource(new)
+		if err != nil {
+			return err
+		}
+	} else {
+		networkConfig = &calicov1alpha1.NetworkConfig{
+			TypeMeta: metav1.TypeMeta{
+				APIVersion: calicov1alpha1.SchemeGroupVersion.String(),
+				Kind:       "NetworkConfig",
+			},
+		}
+	}
+
+	if networkConfig.IPv4 == nil {
+		networkConfig.IPv4 = &ipv4
+	}
+
+	if networkConfig.IPv4 != nil && networkConfig.IPv4.Mode == nil {
+		networkConfig.IPv4.Mode = &ipv4PoolMode
+	}
+
+	if networkConfig.Backend == nil {
+		networkConfig.Backend = &backendNone
+	}
+
+	new.Spec.ProviderConfig = &runtime.RawExtension{
+		Object: networkConfig,
+	}
+
+	return nil
+}
+
+func (m *mutator) isKubernetesGreaterOrEqual122(name string) (bool, error) {
+	cluster, err := extensions.GetCluster(context.TODO(), m.client, name)
+	if err != nil {
+		return false, err
+	}
+	return versionutils.CompareVersions(cluster.Shoot.Spec.Kubernetes.Version, ">=", "1.22")
+}