Adding TunnelingAgentIP to ClusterNetworkingConfig (#11381)

* Adding TunnelAgentIP to ClusterNetworkingConfig Signed-off-by: Sachin Tiptur <[email protected]> * Handling and Validation of TunnelingAgentIP Signed-off-by: Sachin Tiptur <[email protected]> Signed-off-by: Sachin Tiptur <[email protected]>
kubermatic · Nov 23, 2022 · 38574e5 · 38574e5
1 parent 2779c69
commit 38574e5
Show file tree

Hide file tree

Showing 7 changed files with 23 additions and 1 deletion.
diff --git a/pkg/apis/kubermatic/v1/cluster.go b/pkg/apis/kubermatic/v1/cluster.go
@@ -809,6 +809,9 @@ type ClusterNetworkingConfig struct {
 
 	// KonnectivityEnabled enables konnectivity for controlplane to node network communication.
 	KonnectivityEnabled *bool `json:"konnectivityEnabled,omitempty"`
+
+	// TunnelingAgentIP is the address used by the tunneling agents
+	TunnelingAgentIP string `json:"tunnelingAgentIP,omitempty"`
 }
 
 // MachineNetworkingConfig specifies the networking parameters used for IPAM.

diff --git a/pkg/controller/seed-controller-manager/kubernetes/address.go b/pkg/controller/seed-controller-manager/kubernetes/address.go
@@ -45,7 +45,7 @@ func (r *Reconciler) syncAddress(ctx context.Context, log *zap.SugaredLogger, cl
 	b := address.NewModifiersBuilder(log)
 	// we only need providing the agentIP if the Tunneling strategy is used.
 	if cluster.Spec.ExposeStrategy == kubermaticv1.ExposeStrategyTunneling {
-		b.TunnelingAgentIP(r.tunnelingAgentIP)
+		b.TunnelingAgentIP(cluster.Spec.ClusterNetwork.TunnelingAgentIP)
 	}
 	modifiers, err := b.
 		Cluster(cluster).

diff --git a/pkg/crd/k8c.io/kubermatic.k8c.io_clusters.yaml b/pkg/crd/k8c.io/kubermatic.k8c.io_clusters.yaml
@@ -1010,6 +1010,9 @@ spec:
                       required:
                         - cidrBlocks
                       type: object
+                    tunnelingAgentIP:
+                      description: TunnelingAgentIP is the address used by the tunneling agents
+                      type: string
                   required:
                     - dnsDomain
                     - pods

diff --git a/pkg/crd/k8c.io/kubermatic.k8c.io_clustertemplates.yaml b/pkg/crd/k8c.io/kubermatic.k8c.io_clustertemplates.yaml
@@ -1005,6 +1005,9 @@ spec:
                       required:
                         - cidrBlocks
                       type: object
+                    tunnelingAgentIP:
+                      description: TunnelingAgentIP is the address used by the tunneling agents
+                      type: string
                   required:
                     - dnsDomain
                     - pods

diff --git a/pkg/resources/resources.go b/pkg/resources/resources.go
@@ -742,6 +742,8 @@ const (
 	EnvoyAgentCreateInterfaceInitContainerName = "create-dummy-interface"
 	EnvoyAgentAssignAddressInitContainerName   = "assign-address"
 	EnvoyAgentDeviceSetupImage                 = "kubermatic/kubeletdnat-controller"
+	// Default tunneling agent IP address.
+	DefaultTunnelingAgentIP = "192.168.30.10"
 )
 
 const (

diff --git a/pkg/test/e2e/expose-strategy/tunneling_test.go b/pkg/test/e2e/expose-strategy/tunneling_test.go
@@ -69,6 +69,10 @@ func TestExposeKubernetesApiserver(t *testing.T) {
 		WithPatch(func(cs *kubermaticv1.ClusterSpec) *kubermaticv1.ClusterSpec {
 			cs.ComponentsOverride.Apiserver.EndpointReconcilingDisabled = pointer.Bool(true)
 			return cs
+		}).
+		WithPatch(func(cs *kubermaticv1.ClusterSpec) *kubermaticv1.ClusterSpec {
+			cs.ClusterNetwork.TunnelingAgentIP = "192.168.30.10"
+			return cs
 		})
 
 	_, cluster, err := testJig.Setup(ctx, jig.WaitForNothing)

diff --git a/pkg/validation/cluster.go b/pkg/validation/cluster.go
@@ -74,6 +74,8 @@ const (
 
 // ValidateClusterSpec validates the given cluster spec. If this is not called from within another validation
 // routine, parentFieldPath can be nil.
+//
+//gocyclo:ignore
 func ValidateClusterSpec(spec *kubermaticv1.ClusterSpec, dc *kubermaticv1.Datacenter, enabledFeatures features.FeatureGate, versionManager *version.Manager, parentFieldPath *field.Path) field.ErrorList {
 	allErrs := field.ErrorList{}
 
@@ -120,6 +122,11 @@ func ValidateClusterSpec(spec *kubermaticv1.ClusterSpec, dc *kubermaticv1.Datace
 		allErrs = append(allErrs, field.Forbidden(parentFieldPath.Child("APIServerAllowedIPRanges"), "Access control for API server is supported only for LoadBalancer expose strategy"))
 	}
 
+	// Validate TunnelingAgentIP for Tunneling Expose strategy
+	if spec.ExposeStrategy != kubermaticv1.ExposeStrategyTunneling && spec.ClusterNetwork.TunnelingAgentIP != "" {
+		allErrs = append(allErrs, field.Forbidden(parentFieldPath.Child("TunnelingAgentIP"), "Tunneling agent IP can be configured only for Tunneling Expose strategy"))
+	}
+
 	// External CCM is not supported for all providers and all Kubernetes versions.
 	if spec.Features[kubermaticv1.ClusterFeatureExternalCloudProvider] {
 		if !resources.ExternalCloudControllerFeatureSupported(dc, &spec.Cloud, spec.Version, versionManager.GetIncompatibilities()...) {