Make Network Handling More Generic

The compute service needs a network to attach servers to, and the only
way that is possible is with a VLAN provider network, which isn't going
to work for like 90% of users, so make the provisioning more generic so
we only worry about VLANs if we need to.

Makefile

@@ -13,7 +13,7 @@ REVISION := $(shell git rev-parse HEAD)
 CONTROLLERS = \
   unikorn-region-controller \
   unikorn-identity-controller \
-  unikorn-physical-network-controller \
+  unikorn-network-controller \
   unikorn-security-group-controller \
   unikorn-security-group-rule-controller \
   unikorn-server-controller

charts/region/crds/region.unikorn-cloud.org_physicalnetworks.yaml → charts/region/crds/region.unikorn-cloud.org_networks.yaml

@@ -4,16 +4,16 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.16.1
-  name: physicalnetworks.region.unikorn-cloud.org
+  name: networks.region.unikorn-cloud.org
 spec:
   group: region.unikorn-cloud.org
   names:
     categories:
     - unikorn
-    kind: PhysicalNetwork
-    listKind: PhysicalNetworkList
-    plural: physicalnetworks
-    singular: physicalnetwork
+    kind: Network
+    listKind: NetworkList
+    plural: networks
+    singular: network
   scope: Namespaced
   versions:
   - additionalPrinterColumns:
@@ -26,7 +26,7 @@ spec:
     name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: PhysicalNetwork defines a physical network beloning to an identity.
+        description: Network defines a physical network beloning to an identity.
         properties:
           apiVersion:
             description: |-

charts/region/crds/region.unikorn-cloud.org_openstackphysicalnetworks.yaml → charts/region/crds/region.unikorn-cloud.org_openstacknetworks.yaml

@@ -4,16 +4,16 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.16.1
-  name: openstackphysicalnetworks.region.unikorn-cloud.org
+  name: openstacknetworks.region.unikorn-cloud.org
 spec:
   group: region.unikorn-cloud.org
   names:
     categories:
     - unikorn
-    kind: OpenstackPhysicalNetwork
-    listKind: OpenstackPhysicalNetworkList
-    plural: openstackphysicalnetworks
-    singular: openstackphysicalnetwork
+    kind: OpenstackNetwork
+    listKind: OpenstackNetworkList
+    plural: openstacknetworks
+    singular: openstacknetwork
   scope: Namespaced
   versions:
   - additionalPrinterColumns:
@@ -23,8 +23,7 @@ spec:
     name: v1alpha1
     schema:
       openAPIV3Schema:
-        description: OpenstackPhysicalNetwork defines a physical network beloning
-          to an identity.
+        description: OpenstackNetwork defines a physical network beloning to an identity.
         properties:
           apiVersion:
             description: |-

charts/region/crds/region.unikorn-cloud.org_regions.yaml

@@ -251,7 +251,7 @@ spec:
                         properties:
                           physicalNetwork:
                             description: |-
-                              PhysicalNetwork is the neutron provider specific network name used
+                              Network is the neutron provider specific network name used
                               to provision provider networks e.g. VLANs for bare metal clusters.
                             type: string
                           vlan:

charts/region/crds/region.unikorn-cloud.org_servers.yaml

@@ -85,14 +85,11 @@ spec:
                 description: Networks is the server network configuration.
                 items:
                   properties:
-                    physicalNetwork:
-                      properties:
-                        id:
-                          description: ID is the physical network ID.
-                          type: string
-                      required:
-                      - id
-                      type: object
+                    id:
+                      description: ID is the physical network ID.
+                      type: string
+                  required:
+                  - id
                   type: object
                 type: array
               pause:

charts/region/crds/region.unikorn-cloud.org_vlanallocations.yaml

@@ -56,7 +56,7 @@ spec:
                       type: integer
                     physicalNetworkID:
                       description: |-
-                        PhysicalNetworkID is the physical network/provider specific physical network
+                        NetworkID is the physical network/provider specific physical network
                         identifier that owns this entry.
                       type: string
                   required:

charts/region/templates/_helpers.tpl

@@ -9,8 +9,8 @@ Create the container images
 {{- .Values.identityController.image | default (printf "%s/unikorn-identity-controller:%s" (include "unikorn.defaultRepositoryPath" .) (.Values.tag | default .Chart.Version)) }}
 {{- end }}
 
-{{- define "unikorn.physicalNetworkControllerImage" -}}
-{{- .Values.physicalNetworkController.image | default (printf "%s/unikorn-physical-network-controller:%s" (include "unikorn.defaultRepositoryPath" .) (.Values.tag | default .Chart.Version)) }}
+{{- define "unikorn.networkControllerImage" -}}
+{{- .Values.networkController.image | default (printf "%s/unikorn-network-controller:%s" (include "unikorn.defaultRepositoryPath" .) (.Values.tag | default .Chart.Version)) }}
 {{- end }}
 
 {{- define "unikorn.securityGroupControllerImage" -}}

charts/region/templates/identity-controller/clusterrole.yaml

@@ -36,7 +36,7 @@ rules:
   - region.unikorn-cloud.org
   resources:
   - quotas
-  - physicalnetworks
+  - networks
   - securitygroups
   - servers
   verbs:

charts/region/templates/physical-network-controller/clusterrole.yaml → charts/region/templates/network-controller/clusterrole.yaml

@@ -1,7 +1,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: unikorn-physical-network-controller
+  name: unikorn-network-controller
   labels:
     {{- include "unikorn.labels" . | nindent 4 }}
 rules:
@@ -17,7 +17,7 @@ rules:
 - apiGroups:
   - region.unikorn-cloud.org
   resources:
-  - physicalnetworks
+  - networks
   verbs:
   - list
   - watch
@@ -26,13 +26,13 @@ rules:
 - apiGroups:
   - region.unikorn-cloud.org
   resources:
-  - physicalnetworks/status
+  - networks/status
   verbs:
   - update
 - apiGroups:
   - region.unikorn-cloud.org
   resources:
-  - openstackphysicalnetworks
+  - openstacknetworks
   verbs:
   - list
   - watch

charts/region/templates/physical-network-controller/clusterrolebinding.yaml → charts/region/templates/network-controller/clusterrolebinding.yaml

@@ -1,14 +1,14 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: unikorn-physical-network-controller
+  name: unikorn-network-controller
   labels:
     {{- include "unikorn.labels" . | nindent 4 }}
 subjects:
 - kind: ServiceAccount
   namespace: {{ .Release.Namespace }}
-  name: unikorn-physical-network-controller
+  name: unikorn-network-controller
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: unikorn-physical-network-controller
+  name: unikorn-network-controller

charts/region/templates/physical-network-controller/deployment.yaml → charts/region/templates/network-controller/deployment.yaml

@@ -1,22 +1,22 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: unikorn-physical-network-controller
+  name: unikorn-network-controller
   labels:
     {{- include "unikorn.labels" . | nindent 4 }}
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app: unikorn-physical-network-controller
+      app: unikorn-network-controller
   template:
     metadata:
       labels:
-        app: unikorn-physical-network-controller
+        app: unikorn-network-controller
     spec:
       containers:
-      - name: unikorn-physical-network-controller
-        image: {{ include "unikorn.physicalNetworkControllerImage" . }}
+      - name: unikorn-network-controller
+        image: {{ include "unikorn.networkControllerImage" . }}
         args:
         {{- include "unikorn.core.flags" . | nindent 8 }}
         {{- include "unikorn.otlp.flags" . | nindent 8 }}
@@ -36,6 +36,6 @@ spec:
             memory: 100Mi
         securityContext:
           readOnlyRootFilesystem: true
-      serviceAccountName: unikorn-physical-network-controller
+      serviceAccountName: unikorn-network-controller
       securityContext:
         runAsNonRoot: true

charts/region/templates/physical-network-controller/role.yaml → charts/region/templates/network-controller/role.yaml

@@ -1,7 +1,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name: unikorn-physical-network-controller
+  name: unikorn-network-controller
   labels:
     {{- include "unikorn.labels" . | nindent 4 }}
 rules:

charts/region/templates/physical-network-controller/rolebinding.yaml → charts/region/templates/network-controller/rolebinding.yaml

@@ -1,14 +1,14 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: unikorn-physical-network-controller
+  name: unikorn-network-controller
   labels:
     {{- include "unikorn.labels" . | nindent 4 }}
 subjects:
 - kind: ServiceAccount
   namespace: {{ .Release.Namespace }}
-  name: unikorn-physical-network-controller
+  name: unikorn-network-controller
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: unikorn-physical-network-controller
+  name: unikorn-network-controller

charts/region/templates/physical-network-controller/serviceaccount.yaml → charts/region/templates/network-controller/serviceaccount.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: unikorn-physical-network-controller
+  name: unikorn-network-controller
   labels:
     {{- include "unikorn.labels" . | nindent 4 }}
 {{- with ( include "unikorn.imagePullSecrets" . ) }}

charts/region/templates/region-controller/clusterrole.yaml

@@ -17,7 +17,7 @@ rules:
   - region.unikorn-cloud.org
   resources:
   - identities
-  - physicalnetworks
+  - networks
   - quotas
   - securitygroups
   - securitygrouprules
@@ -33,7 +33,7 @@ rules:
   - region.unikorn-cloud.org
   resources:
   - openstackidentities
-  - openstackphysicalnetworks
+  - openstacknetworks
   - openstacksecuritygroups
   - openstacksecuritygrouprules
   verbs:

charts/region/templates/server-controller/clusterrole.yaml

@@ -12,8 +12,8 @@ rules:
   - regions
   - identities
   - openstackidentities
-  - physicalnetworks
-  - openstackphysicalnetworks
+  - networks
+  - openstacknetworks
   - securitygroups
   - openstacksecuritygroups
   verbs:

charts/region/values.yaml

@@ -107,7 +107,7 @@ identityController:
   # Allow override of the controller image.
   image: ~
 
-physicalNetworkController:
+networkController:
   # Allow override of the controller image.
   image: ~
 

cmd/unikorn-physical-network-controller/main.go → cmd/unikorn-network-controller/main.go

@@ -19,9 +19,9 @@ package main
 
 import (
 	"github.com/unikorn-cloud/core/pkg/manager"
-	"github.com/unikorn-cloud/region/pkg/managers/physicalnetwork"
+	"github.com/unikorn-cloud/region/pkg/managers/network"
 )
 
 func main() {
-	manager.Run(&physicalnetwork.Factory{})
+	manager.Run(&network.Factory{})
 }

docker/unikorn-network-controller/.dockerignore

@@ -0,0 +1,2 @@
+*
+!bin/*-linux-gnu/unikorn-network-controller

docker/unikorn-network-controller/Dockerfile

@@ -0,0 +1,8 @@
+FROM gcr.io/distroless/static:nonroot
+
+# This is implcitly created by 'docker buildx build'
+ARG TARGETARCH
+
+COPY bin/${TARGETARCH}-linux-gnu/unikorn-network-controller /
+
+ENTRYPOINT ["/unikorn-network-controller"]

pkg/apis/unikorn/v1alpha1/helpers.go

@@ -48,26 +48,26 @@ func (c *Identity) ResourceLabels() (labels.Set, error) {
 }
 
 // Paused implements the ReconcilePauser interface.
-func (c *PhysicalNetwork) Paused() bool {
+func (c *Network) Paused() bool {
 	return c.Spec.Pause
 }
 
 // StatusConditionRead scans the status conditions for an existing condition whose type
 // matches.
-func (c *PhysicalNetwork) StatusConditionRead(t unikornv1core.ConditionType) (*unikornv1core.Condition, error) {
+func (c *Network) StatusConditionRead(t unikornv1core.ConditionType) (*unikornv1core.Condition, error) {
 	return unikornv1core.GetCondition(c.Status.Conditions, t)
 }
 
 // StatusConditionWrite either adds or updates a condition in the cluster manager status.
 // If the condition, status and message match an existing condition the update is
 // ignored.
-func (c *PhysicalNetwork) StatusConditionWrite(t unikornv1core.ConditionType, status corev1.ConditionStatus, reason unikornv1core.ConditionReason, message string) {
+func (c *Network) StatusConditionWrite(t unikornv1core.ConditionType, status corev1.ConditionStatus, reason unikornv1core.ConditionReason, message string) {
 	unikornv1core.UpdateCondition(&c.Status.Conditions, t, status, reason, message)
 }
 
 // ResourceLabels generates a set of labels to uniquely identify the resource
 // if it were to be placed in a single global namespace.
-func (c *PhysicalNetwork) ResourceLabels() (labels.Set, error) {
+func (c *Network) ResourceLabels() (labels.Set, error) {
 	return nil, nil
 }
 
@@ -142,3 +142,7 @@ func (c *Server) StatusConditionWrite(t unikornv1core.ConditionType, status core
 func (c *Server) ResourceLabels() (labels.Set, error) {
 	return nil, nil
 }
+
+func (s *RegionOpenstackNetworkSpec) UseProviderNetworks() bool {
+	return s != nil && s.ProviderNetworks != nil && s.ProviderNetworks.Network != nil
+}

pkg/apis/unikorn/v1alpha1/register.go

@@ -51,9 +51,9 @@ func init() {
 	SchemeBuilder.Register(&Region{}, &RegionList{})
 	SchemeBuilder.Register(&Identity{}, &IdentityList{})
 	SchemeBuilder.Register(&Quota{}, &QuotaList{})
-	SchemeBuilder.Register(&PhysicalNetwork{}, &PhysicalNetworkList{})
+	SchemeBuilder.Register(&Network{}, &NetworkList{})
 	SchemeBuilder.Register(&OpenstackIdentity{}, &OpenstackIdentityList{})
-	SchemeBuilder.Register(&OpenstackPhysicalNetwork{}, &OpenstackPhysicalNetworkList{})
+	SchemeBuilder.Register(&OpenstackNetwork{}, &OpenstackNetworkList{})
 	SchemeBuilder.Register(&VLANAllocation{}, &VLANAllocationList{})
 	SchemeBuilder.Register(&SecurityGroup{}, &SecurityGroupList{})
 	SchemeBuilder.Register(&OpenstackSecurityGroup{}, &OpenstackSecurityGroupList{})