Fix/dynamic ipam

config/crd/kustomization.yaml

@@ -12,6 +12,7 @@ resources:
   - bases/controller.kubeslice.io_sliceqosconfigs.yaml
   - bases/worker.kubeslice.io_workerslicegwrecyclers.yaml
   - bases/controller.kubeslice.io_vpnkeyrotations.yaml
+  - bases/controller.kubeslice.io_sliceipams.yaml
   #+kubebuilder:scaffold:crdkustomizeresource
 
 patchesStrategicMerge:

service/slice_config_service.go

@@ -240,17 +240,32 @@ func (s *SliceConfigService) ReconcileSliceConfig(ctx context.Context, req ctrl.
 		logger.Infof("Using Static IPAM for slice %s with clusterCidr %s", sliceConfig.Name, clusterCidr)
 	}
 
+	// For Dynamic IPAM, we need the SliceSubnet from the SliceIpam resource to generate VPN addresses
+	// sliceConfig.Spec.SliceSubnet is empty for Dynamic IPAM
+	effectiveSliceSubnet := sliceConfig.Spec.SliceSubnet
+	if sliceConfig.Spec.SliceIpamType == "Dynamic" && s.sipam != nil {
+		sliceIpam := &v1alpha1.SliceIpam{}
+		ipamKey := types.NamespacedName{Name: sliceConfig.Name, Namespace: sliceConfig.Namespace}
+		foundIpam, ipamErr := util.GetResourceIfExist(ctx, ipamKey, sliceIpam)
+		if ipamErr == nil && foundIpam {
+			effectiveSliceSubnet = sliceIpam.Spec.SliceSubnet
+			logger.Infof("Using SliceSubnet %s from SliceIpam for VPN address generation", effectiveSliceSubnet)
+		} else {
+			logger.Warnf("Could not get SliceSubnet from SliceIpam for VPN address generation")
+		}
+	}
+
 	// collect slice gw svc info for given clusters
 	sliceGwSvcTypeMap := getSliceGwSvcTypes(sliceConfig)
 
 	// Pass sliceConfig and sipam service to enable Dynamic IPAM in worker slice config creation
-	clusterMap, err := s.ms.CreateMinimalWorkerSliceConfig(ctx, sliceConfig.Spec.Clusters, req.Namespace, ownershipLabel, sliceConfig.Name, sliceConfig.Spec.SliceSubnet, clusterCidr, sliceGwSvcTypeMap, sliceConfig, s.sipam)
+	clusterMap, subnetMap, err := s.ms.CreateMinimalWorkerSliceConfig(ctx, sliceConfig.Spec.Clusters, req.Namespace, ownershipLabel, sliceConfig.Name, effectiveSliceSubnet, clusterCidr, sliceGwSvcTypeMap, sliceConfig, s.sipam)
 	if err != nil {
 		return ctrl.Result{}, err
 	}
 
 	// Create gateways with minimum specification
-	_, err = s.sgs.CreateMinimumWorkerSliceGateways(ctx, sliceConfig.Name, sliceConfig.Spec.Clusters, req.Namespace, ownershipLabel, clusterMap, sliceConfig.Spec.SliceSubnet, clusterCidr, sliceGwSvcTypeMap)
+	_, err = s.sgs.CreateMinimumWorkerSliceGateways(ctx, sliceConfig.Name, sliceConfig.Spec.Clusters, req.Namespace, ownershipLabel, clusterMap, subnetMap, effectiveSliceSubnet, clusterCidr, sliceGwSvcTypeMap)
 	if err != nil {
 		return ctrl.Result{}, err
 	}

service/vpn_key_rotation_service.go

@@ -45,6 +45,7 @@ type IVpnKeyRotationService interface {
 type VpnKeyRotationService struct {
 	wsgs                  IWorkerSliceGatewayService
 	wscs                  IWorkerSliceConfigService
+	sipam                 ISliceIpamService
 	jobCreationInProgress atomic.Bool
 }
 
@@ -353,8 +354,28 @@ func (v *VpnKeyRotationService) triggerJobsForCertCreation(ctx context.Context,
 				return err
 			}
 			clusterMap := v.wscs.ComputeClusterMap(s.Spec.Clusters, workerSliceConfigs)
+
+			// Construct subnetMap from WorkerSliceConfigs
+			subnetMap := make(map[string]string)
+			for _, wsc := range workerSliceConfigs {
+				if wsc.Spec.ClusterSubnetCIDR != "" {
+					subnetMap[wsc.Labels["worker-cluster"]] = wsc.Spec.ClusterSubnetCIDR
+				}
+			}
+
+			// For Dynamic IPAM, we need the SliceSubnet from the SliceIpam resource
+			effectiveSliceSubnet := s.Spec.SliceSubnet
+			if s.Spec.SliceIpamType == "Dynamic" && v.sipam != nil {
+				sliceIpam := &controllerv1alpha1.SliceIpam{}
+				ipamKey := types.NamespacedName{Name: s.Name, Namespace: s.Namespace}
+				foundIpam, ipamErr := util.GetResourceIfExist(ctx, ipamKey, sliceIpam)
+				if ipamErr == nil && foundIpam {
+					effectiveSliceSubnet = sliceIpam.Spec.SliceSubnet
+				}
+			}
+
 			// contruct gw address
-			gatewayAddresses := v.wsgs.BuildNetworkAddresses(s.Spec.SliceSubnet, gateway.Spec.LocalGatewayConfig.ClusterName, gateway.Spec.RemoteGatewayConfig.ClusterName, clusterMap, clusterCidr)
+			gatewayAddresses := v.wsgs.BuildNetworkAddresses(effectiveSliceSubnet, gateway.Spec.LocalGatewayConfig.ClusterName, gateway.Spec.RemoteGatewayConfig.ClusterName, clusterMap, subnetMap, clusterCidr)
 			// call GenerateCerts()
 			if err := v.wsgs.GenerateCerts(ctx, s.Name, s.Namespace, gateway.Spec.GatewayProtocol, &gateway, cl, gatewayAddresses); err != nil {
 				return err

service/worker_slice_config_service.go

@@ -42,7 +42,7 @@ type IWorkerSliceConfigService interface {
 	DeleteWorkerSliceConfigByLabel(ctx context.Context, label map[string]string, namespace string) error
 	ListWorkerSliceConfigs(ctx context.Context, ownerLabel map[string]string, namespace string) ([]workerv1alpha1.WorkerSliceConfig, error)
 	ComputeClusterMap(clusterNames []string, workerSliceConfigs []workerv1alpha1.WorkerSliceConfig) map[string]int
-	CreateMinimalWorkerSliceConfig(ctx context.Context, clusters []string, namespace string, label map[string]string, name, sliceSubnet string, clusterCidr string, sliceGwSvcTypeMap map[string]*controllerv1alpha1.SliceGatewayServiceType, sliceConfig *controllerv1alpha1.SliceConfig, sipam interface{}) (map[string]int, error)
+	CreateMinimalWorkerSliceConfig(ctx context.Context, clusters []string, namespace string, label map[string]string, name, sliceSubnet string, clusterCidr string, sliceGwSvcTypeMap map[string]*controllerv1alpha1.SliceGatewayServiceType, sliceConfig *controllerv1alpha1.SliceConfig, sipam interface{}) (map[string]int, map[string]string, error)
 	CreateMinimalWorkerSliceConfigForNoNetworkSlice(ctx context.Context, clusters []string, namespace string, label map[string]string, name string) error
 }
 
@@ -288,7 +288,7 @@ outer:
 
 // CreateMinimalWorkerSliceConfig CreateWorkerSliceConfig is a function to create the worker slice configs with minimum number of fields.
 // More fields are added in reconciliation loop.
-func (s *WorkerSliceConfigService) CreateMinimalWorkerSliceConfig(ctx context.Context, clusters []string, namespace string, label map[string]string, name, sliceSubnet string, clusterCidr string, sliceGwSvcTypeMap map[string]*controllerv1alpha1.SliceGatewayServiceType, sliceConfig *controllerv1alpha1.SliceConfig, sipam interface{}) (map[string]int, error) {
+func (s *WorkerSliceConfigService) CreateMinimalWorkerSliceConfig(ctx context.Context, clusters []string, namespace string, label map[string]string, name, sliceSubnet string, clusterCidr string, sliceGwSvcTypeMap map[string]*controllerv1alpha1.SliceGatewayServiceType, sliceConfig *controllerv1alpha1.SliceConfig, sipam interface{}) (map[string]int, map[string]string, error) {
 	logger := util.CtxLogger(ctx)
 
 	//Load Event Recorder with project name, slice name and namespace
@@ -304,13 +304,14 @@ func (s *WorkerSliceConfigService) CreateMinimalWorkerSliceConfig(ctx context.Co
 
 	err := s.cleanUpSlices(ctx, label, namespace, clusters)
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 	workerSliceConfigs, err := s.ListWorkerSliceConfigs(ctx, label, namespace)
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 	clusterMap := s.ComputeClusterMap(clusters, workerSliceConfigs)
+	subnetMap := make(map[string]string)
 
 	// Check if we're using Dynamic IPAM and convert sipam to proper type
 	var sliceIpamService ISliceIpamService
@@ -332,7 +333,7 @@ func (s *WorkerSliceConfigService) CreateMinimalWorkerSliceConfig(ctx context.Co
 		}, existingSlice)
 
 		if err != nil {
-			return clusterMap, err
+			return clusterMap, nil, err
 		}
 
 		// Determine cluster subnet based on IPAM type
@@ -345,7 +346,7 @@ func (s *WorkerSliceConfigService) CreateMinimalWorkerSliceConfig(ctx context.Co
 			subnet, allocErr := sliceIpamService.AllocateSubnetForCluster(ctx, name, cluster, namespace)
 			if allocErr != nil {
 				logger.Errorf("Failed to allocate subnet for cluster %s: %v", cluster, allocErr)
-				return clusterMap, fmt.Errorf("dynamic IPAM allocation failed for cluster %s: %v", cluster, allocErr)
+				return clusterMap, nil, fmt.Errorf("dynamic IPAM allocation failed for cluster %s: %v", cluster, allocErr)
 			}
 			clusterSubnetCIDR = subnet
 			logger.Infof("Allocated subnet %s to cluster %s via Dynamic IPAM", subnet, cluster)
@@ -354,6 +355,7 @@ func (s *WorkerSliceConfigService) CreateMinimalWorkerSliceConfig(ctx context.Co
 			clusterSubnetCIDR = util.GetClusterPrefixPool(sliceSubnet, ipamOctet, clusterCidr)
 			logger.Debugf("Using Static IPAM: subnet %s for cluster %s", clusterSubnetCIDR, cluster)
 		}
+		subnetMap[cluster] = clusterSubnetCIDR
 
 		// determine gw svc type
 		sliceGwSvcType := defaultSliceGatewayServiceType
@@ -400,7 +402,7 @@ func (s *WorkerSliceConfigService) CreateMinimalWorkerSliceConfig(ctx context.Co
 				if !k8sErrors.IsAlreadyExists(err) { // ignores resource already exists error(for handling parallel calls to create same resource)
 					logger.Debug("failed to create worker slice %s since it already exists, namespace - %s ",
 						expectedSlice.Name, namespace)
-					return clusterMap, err
+					return clusterMap, nil, err
 				}
 			}
 			//Register an event for worker slice config creation success
@@ -439,7 +441,7 @@ func (s *WorkerSliceConfigService) CreateMinimalWorkerSliceConfig(ctx context.Co
 				if !k8sErrors.IsAlreadyExists(err) { // ignores resource already exists error(for handling parallel calls to create same resource)
 					logger.Debug("failed to create worker slice %s since it already exists, namespace - %s ",
 						workerSliceConfigName, namespace)
-					return clusterMap, err
+					return clusterMap, nil, err
 				}
 			}
 			//Register an event for worker slice config update success
@@ -454,7 +456,7 @@ func (s *WorkerSliceConfigService) CreateMinimalWorkerSliceConfig(ctx context.Co
 			)
 		}
 	}
-	return clusterMap, nil
+	return clusterMap, subnetMap, nil
 }
 
 func (s *WorkerSliceConfigService) CreateMinimalWorkerSliceConfigForNoNetworkSlice(ctx context.Context, clusters []string, namespace string, label map[string]string, name string) error {