Added sync for external CIDR

Author: andrejatcastai

README.md

@@ -7,17 +7,19 @@ This Terraform module enables CAST AI Omni functionality for a Kubernetes cluste
 - Enables CAST AI Omni functionality for existing clusters
 - Installs and configures Liqo for multi-cluster networking
 - Deploys CAST AI Omni Agent for cluster management
-- Automatic extraction of network configuration from GKE clusters
+- Automatic extraction of network configuration from GKE clusters (including external CIDR from Liqo)
 - Support for both zonal and regional GKE clusters
-- Configurable IPAM and network settings
+- Automatic synchronization with Liqo IPAM for external CIDR allocation
 
 ## Prerequisites
 
 - An existing Kubernetes cluster onboarded to CAST AI
 - CAST AI API credentials
+- `kubectl` configured with access to your Kubernetes cluster
 - Terraform >= 1.11
-- CAST AI Terraform provider >= 8.1.1
-- Helm provider >= 3.0.0
+- CAST AI Terraform provider >= 8.1.0
+- Helm provider >= 2.0
+- Null provider >= 3.0
 - Google provider >= 4.0 (for GKE clusters)
 
 ## What This Module Installs
@@ -31,54 +33,49 @@ This Terraform module enables CAST AI Omni functionality for a Kubernetes cluste
 ### Complete GKE Example
 
 ```hcl
+data "google_client_config" "default" {}
+
 data "google_container_cluster" "gke" {
   project  = var.gke_project_id
   location = var.gke_cluster_location
   name     = var.gke_cluster_name
 }
 
 locals {
-  # Extract subnet and region/zone information
-  subnet_name      = element(reverse(split("/", data.google_container_cluster.gke.subnetwork)), 0)
+  # The subnetwork can be a full path like "projects/PROJECT/regions/REGION/subnetworks/SUBNET"
+  # or just the subnet name
+  subnet_name = element(reverse(split("/", data.google_container_cluster.gke.subnetwork)), 0)
+
+  # Determine region from location (if zonal, extract region; if regional, use as-is)
   is_zonal_cluster = length(regexall("^.*-[a-z]$", var.gke_cluster_location)) > 0
   cluster_region   = local.is_zonal_cluster ? regex("^(.*)-[a-z]$", var.gke_cluster_location)[0] : var.gke_cluster_location
   cluster_zone     = local.is_zonal_cluster ? var.gke_cluster_location : ""
 }
 
+# Get subnet details to retrieve the IP CIDR range
 data "google_compute_subnetwork" "gke_subnet" {
   project = var.gke_project_id
   name    = local.subnet_name
   region  = local.cluster_region
 }
 
 module "castai-omni-cluster" {
-  source = "github.com/castai/terraform-castai-omni-cluster"
+  source = "../.."
 
-  # CAST AI Configuration
-  api_url         = "https://api.cast.ai"
+  api_url         = var.castai_api_url
   api_token       = var.castai_api_token
   organization_id = var.organization_id
   cluster_id      = var.cluster_id
   cluster_name    = var.gke_cluster_name
+  cluster_region  = local.cluster_region
+  cluster_zone    = local.cluster_zone
 
-  # Cluster Location
-  cluster_region = local.cluster_region
-  cluster_zone   = local.cluster_zone
-
-  # Kubernetes Configuration
-  api_server_address = "https://${data.google_container_cluster.gke.endpoint}"
-
-  # Network Configuration
-  external_cidr         = var.external_cidr
+  api_server_address    = "https://${data.google_container_cluster.gke.endpoint}"
   pod_cidr              = data.google_container_cluster.gke.cluster_ipv4_cidr
   service_cidr          = data.google_container_cluster.gke.services_ipv4_cidr
   reserved_subnet_cidrs = [data.google_compute_subnetwork.gke_subnet.ip_cidr_range]
-
-  # Liqo Configuration
-  liqo_chart_version = "v1.0.1-5"
 }
 
-# Create edge location
 module "castai_gcp_edge_location" {
   source = "github.com/castai/terraform-castai-omni-edge-location"
 
@@ -89,44 +86,60 @@ module "castai_gcp_edge_location" {
     region = "europe-west4"
   }
 
+  tags = {
+    ManagedBy = "terraform"
+  }
+
   depends_on = [module.castai-omni-cluster]
 }
 ```
 
 ### Required Providers
 
 ```hcl
+data "google_client_config" "default" {}
+
+data "google_container_cluster" "gke" {
+  project  = var.gke_project_id
+  location = var.gke_cluster_location
+  name     = var.gke_cluster_name
+}
+
 terraform {
   required_version = ">= 1.11"
 
   required_providers {
     castai = {
       source  = "castai/castai"
-      version = ">= 8.1.1"
-    }
-    helm = {
-      source  = "hashicorp/helm"
-      version = ">= 3.0.0"
+      version = ">= 8.1.0"
     }
     google = {
       source  = "hashicorp/google"
       version = ">= 4.0"
     }
+    helm = {
+      source  = "hashicorp/helm"
+      version = ">= 2.0"
+    }
   }
 }
 
-provider "castai" {
-  api_token = var.castai_api_token
-  api_url   = "https://api.cast.ai"
+provider "google" {
+  project = var.gke_project_id
 }
 
 provider "helm" {
-  kubernetes {
+  kubernetes = {
     host                   = "https://${data.google_container_cluster.gke.endpoint}"
     token                  = data.google_client_config.default.access_token
-    cluster_ca_certificate = base64decode(data.google_container_cluster.gke.master_auth[0].cluster_ca_certificate)
+    cluster_ca_certificate = base64decode(data.google_container_cluster.gke.master_auth.0.cluster_ca_certificate)
   }
 }
+
+provider "castai" {
+  api_token = var.castai_api_token
+  api_url   = var.castai_api_url
+}
 ```
 
 ## Inputs
@@ -140,7 +153,6 @@ provider "helm" {
 | cluster_region | Kubernetes cluster region | `string` | - | yes |
 | cluster_zone | Kubernetes cluster zone | `string` | - | yes |
 | api_server_address | Kubernetes API server address | `string` | - | yes |
-| external_cidr | External CIDR for IPAM configuration | `string` | - | yes |
 | pod_cidr | Pod CIDR for network configuration | `string` | - | yes |
 | service_cidr | Service CIDR for network configuration | `string` | - | yes |
 | reserved_subnet_cidrs | List of reserved subnet CIDRs | `list(string)` | - | yes |
@@ -162,6 +174,7 @@ The module automatically extracts network configuration from your GKE cluster:
 - **Subnet CIDR**: Retrieved from the cluster's subnetwork
 - **Pod CIDR**: Retrieved from `cluster_ipv4_cidr`
 - **Service CIDR**: Retrieved from `services_ipv4_cidr`
+- **External CIDR**: Automatically extracted from Liqo network resources after IPAM initialization
 - **Region/Zone**: Automatically determined from cluster location
 
 ## Liqo Configuration
@@ -172,6 +185,20 @@ The module includes a GKE-specific submodule that:
 - Sets up topology labels for GKE region and zone
 - Enables virtual node capabilities for edge locations
 
+## Installation Order and Dependencies
+
+The module ensures proper installation order by:
+
+1. **Liqo Installation** - Installs the Liqo Helm chart with network configuration
+2. **Network Resource Readiness Check** - Waits for Liqo network resources to be ready:
+   - Waits for `networks.ipam.liqo.io` CRD to be established
+   - Waits for the external CIDR network resource to be created and populated
+   - Validates that the `status.cidr` field contains the external CIDR value
+3. **CAST AI Omni Cluster** - Enables Omni functionality in CAST AI
+4. **CAST AI Omni Agent** - Deploys the agent for cluster management
+
+This ordering ensures that Liqo's IPAM system is fully initialized and the external CIDR network resource is available before proceeding with CAST AI components.
+
 ## Examples
 
 See the [examples/onboarding-with-existing-gke-cluster](./examples/onboarding-with-existing-gke-cluster) directory for a complete working example.

examples/onboarding-with-existing-gke-cluster/main.tf

@@ -24,7 +24,7 @@ data "google_compute_subnetwork" "gke_subnet" {
   region  = local.cluster_region
 }
 
-module "castai-omni-cluster" {
+module "castai_omni_cluster" {
   source = "../.."
 
   api_url         = var.castai_api_url
@@ -36,25 +36,17 @@ module "castai-omni-cluster" {
   cluster_zone    = local.cluster_zone
 
   api_server_address    = "https://${data.google_container_cluster.gke.endpoint}"
-  external_cidr         = var.external_cidr
   pod_cidr              = data.google_container_cluster.gke.cluster_ipv4_cidr
   service_cidr          = data.google_container_cluster.gke.services_ipv4_cidr
   reserved_subnet_cidrs = [data.google_compute_subnetwork.gke_subnet.ip_cidr_range]
 }
 
-module "castai_gcp_edge_location" {
-  source = "github.com/castai/terraform-castai-omni-edge-location"
+module "castai_omni_edge_location_gcp" {
+  source = "github.com/castai/terraform-castai-omni-edge-location-gcp"
 
   cluster_id      = var.cluster_id
   organization_id = var.organization_id
+  region          = "europe-west4"
 
-  gcp = {
-    region = "europe-west4"
-  }
-
-  tags = {
-    ManagedBy = "terraform"
-  }
-
-  depends_on = [module.castai-omni-cluster]
+  depends_on = [module.castai_omni_cluster]
 }

examples/onboarding-with-existing-gke-cluster/variables.tf

@@ -34,8 +34,3 @@ variable "cluster_id" {
   description = "Cast AI Cluster ID"
   type        = string
 }
-
-variable "external_cidr" {
-  description = "External CIDR for IPAM configuration"
-  type        = string
-}

main.tf

@@ -9,6 +9,7 @@ locals {
 module "liqo" {
   source = "./modules/gke"
 
+  namespace             = local.omni_namespace
   liqo_chart_version    = var.liqo_chart_version
   cluster_name          = var.cluster_name
   cluster_region        = var.cluster_region
@@ -19,12 +20,67 @@ module "liqo" {
   reserved_subnet_cidrs = var.reserved_subnet_cidrs
 }
 
+# Wait for Liqo network resources to be ready before proceeding
+resource "null_resource" "wait_for_liqo_network" {
+  provisioner "local-exec" {
+    command = <<-EOT
+      set -e
+
+      echo "Waiting for Liqo networks.ipam.liqo.io CRD to be established..."
+      kubectl wait --for condition=established --timeout=300s crd/networks.ipam.liqo.io
+
+      echo "Waiting for external CIDR network resource to be created..."
+      timeout=300
+      elapsed=0
+      interval=5
+
+      while [ $elapsed -lt $timeout ]; do
+        CIDR=$(kubectl get networks.ipam.liqo.io -n ${local.omni_namespace} \
+          -l ipam.liqo.io/network-type=external-cidr \
+          -o jsonpath='{.items[0].status.cidr}' 2>/dev/null || echo "")
+
+        if [ -n "$CIDR" ]; then
+          echo "External CIDR network resource is ready: $CIDR"
+          exit 0
+        fi
+
+        echo "Waiting for external CIDR to be populated... ($elapsed/$timeout seconds)"
+        sleep $interval
+        elapsed=$((elapsed + interval))
+      done
+
+      echo "Timeout waiting for external CIDR network resource"
+      exit 1
+    EOT
+  }
+
+  depends_on = [module.liqo]
+}
+
+# Extract the external CIDR value from Liqo network resource
+data "external" "liqo_external_cidr" {
+  program = ["bash", "-c", <<-EOT
+    CIDR=$(kubectl get networks.ipam.liqo.io -n ${local.omni_namespace} \
+      -l ipam.liqo.io/network-type=external-cidr \
+      -o jsonpath='{.items[0].status.cidr}' 2>/dev/null)
+
+    if [ -z "$CIDR" ]; then
+      echo '{"cidr":""}'
+    else
+      echo "{\"cidr\":\"$CIDR\"}"
+    fi
+  EOT
+  ]
+
+  depends_on = [null_resource.wait_for_liqo_network]
+}
+
 # Enabling CAST AI Omni functionality for a given cluster
 resource "castai_omni_cluster" "this" {
   cluster_id      = var.cluster_id
   organization_id = var.organization_id
 
-  depends_on = [module.liqo]
+  depends_on = [null_resource.wait_for_liqo_network]
 }
 
 # CAST AI Omni Agent Helm Release
@@ -40,7 +96,7 @@ resource "helm_release" "omni_agent" {
   set = [
     {
       name  = "network.externalCIDR"
-      value = var.external_cidr
+      value = data.external.liqo_external_cidr.result.cidr
     },
     {
       name  = "network.podCIDR"

modules/gke/variables.tf

@@ -1,7 +1,6 @@
 variable "namespace" {
   description = "Kubernetes namespace to install liqo"
   type        = string
-  default     = "liqo"
 }
 
 variable "liqo_chart_version" {

variables.tf

@@ -46,12 +46,6 @@ variable "api_server_address" {
   type        = string
 }
 
-variable "external_cidr" {
-  description = "External CIDR for IPAM configuration"
-  type        = string
-  default     = "10.0.0.0/16"
-}
-
 variable "pod_cidr" {
   description = "Pod CIDR for network configuration"
   type        = string

versions.tf

@@ -10,5 +10,9 @@ terraform {
       source  = "hashicorp/helm"
       version = ">= 3.0.0"
     }
+    null = {
+      source  = "hashicorp/null"
+      version = ">= 3.0"
+    }
   }
 }