Allow to mark internal network as external

README.md

@@ -294,6 +294,7 @@ Environment Variable | Default | Description
 `LINODE_INSTANCE_CACHE_TTL` | `15` | Default timeout of instance cache in seconds
 `LINODE_ROUTES_CACHE_TTL_SECONDS` | `60` | Default timeout of route cache in seconds
 `LINODE_REQUEST_TIMEOUT_SECONDS` | `120` | Default timeout in seconds for http requests to linode API
+`LINODE_EXTERNAL_SUBNET` | `` | Mark private network as external. Example - `172.24.0.0/16`
 
 ## Generating a Manifest for Deployment
 Use the script located at `./deploy/generate-manifest.sh` to generate a self-contained deployment manifest for the Linode CCM. Two arguments are required.

cloud/linode/cloud.go

@@ -3,6 +3,7 @@ package linode
 import (
 	"fmt"
 	"io"
+	"net/netip"
 	"os"
 	"strconv"
 	"sync"
@@ -37,6 +38,7 @@ var Options struct {
 	VPCName               string
 	LoadBalancerType      string
 	BGPNodeSelector       string
+	LinodeExternalNetwork *netip.Prefix
 }
 
 // vpcDetails is set when VPCName options flag is set.

cloud/linode/common.go

@@ -2,6 +2,8 @@
 
 import (
 	"fmt"
+	"net"
+	"net/netip"
 	"strconv"
 	"strings"
 
@@ -42,3 +44,14 @@
 
 	return err
 }
+
+func isPrivate(ip *net.IP) bool {
+	if Options.LinodeExternalNetwork == nil {
+		return ip.IsPrivate()
+	}
+	ipAddr, err := netip.ParseAddr(ip.String())
+	if err != nil {
+		panic(err)
+	}
+	return ip.IsPrivate() && !Options.LinodeExternalNetwork.Contains(ipAddr)
+}

cloud/linode/instances.go

@@ -49,7 +49,7 @@ func (nc *nodeCache) getInstanceAddresses(instance linodego.Instance, vpcips []s
 
 	for _, ip := range instance.IPv4 {
 		ipType := v1.NodeExternalIP
-		if ip.IsPrivate() {
+		if isPrivate(ip) {
 			ipType = v1.NodeInternalIP
 		}
 		ips = append(ips, nodeIP{ip: ip.String(), ipType: ipType})
@@ -155,7 +155,7 @@ func (i *instances) linodeByIP(kNode *v1.Node) (*linodego.Instance, error) {
 	}
 	for _, node := range i.nodeCache.nodes {
 		for _, nodeIP := range node.instance.IPv4 {
-			if !nodeIP.IsPrivate() && slices.Contains(kNodeAddresses, nodeIP.String()) {
+			if !isPrivate(nodeIP) && slices.Contains(kNodeAddresses, nodeIP.String()) {
 				return node.instance, nil
 			}
 		}

cloud/linode/node_controller.go

@@ -172,7 +172,7 @@
 	// supports other subnets with nodebalancer, this logic needs to be updated.
 	// https://www.linode.com/docs/api/linode-instances/#linode-view
 	for _, addr := range linode.IPv4 {
-		if addr.IsPrivate() {
+		if isPrivate(addr) {
 			expectedPrivateIP = addr.String()
 			break
 		}

main.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"flag"
 	"fmt"
+	"net/netip"
 	"os"
 
 	"k8s.io/component-base/logs"
@@ -25,9 +26,10 @@ import (
 )
 
 const (
-	sentryDSNVariable         = "SENTRY_DSN"
-	sentryEnvironmentVariable = "SENTRY_ENVIRONMENT"
-	sentryReleaseVariable     = "SENTRY_RELEASE"
+	sentryDSNVariable            = "SENTRY_DSN"
+	sentryEnvironmentVariable    = "SENTRY_ENVIRONMENT"
+	sentryReleaseVariable        = "SENTRY_RELEASE"
+	linodeExternalSubnetVariable = "LINODE_EXTERNAL_SUBNET"
 )
 
 func initializeSentry() {
@@ -114,6 +116,17 @@ func main() {
 		os.Exit(1)
 	}
 
+	if externalSubnet, ok := os.LookupEnv(linodeExternalSubnetVariable); ok && externalSubnet != "" {
+		network, err := netip.ParsePrefix(externalSubnet)
+		if err != nil {
+			msg := fmt.Sprintf("Unable to parse %s as network subnet: %v", externalSubnet, err)
+			sentry.CaptureError(ctx, fmt.Errorf(msg))
+			fmt.Fprintf(os.Stderr, "%v\n", msg)
+			os.Exit(1)
+		}
+		linode.Options.LinodeExternalNetwork = &network
+	}
+
 	pflag.CommandLine.SetNormalizeFunc(utilflag.WordSepNormalizeFunc)
 	pflag.CommandLine.AddGoFlagSet(flag.CommandLine)