feat: ipam core

Author: cheina97

.gitignore

@@ -48,5 +48,5 @@ docs/_build
 
 # development files
 /tmp
-
+/graphviz
 /k3s-ansible

cmd/ipam/main.go

@@ -72,6 +72,7 @@ func main() {
 	cmd.Flags().IntVar(&options.ServerOpts.Port, "port", consts.IpamPort, "The port on which to listen for incoming gRPC requests.")
 	cmd.Flags().DurationVar(&options.ServerOpts.SyncFrequency, "interval", consts.SyncFrequency,
 		"The interval at which the IPAM will synchronize the IPAM storage.")
+	cmd.Flags().BoolVar(&options.ServerOpts.GraphvizEnabled, "enable-graphviz", false, "Enable the graphviz output for the IPAM.")
 
 	// Leader election flags.
 	cmd.Flags().BoolVar(&options.EnableLeaderElection, "leader-election", false, "Enable leader election for IPAM. "+
@@ -132,7 +133,9 @@ func run(cmd *cobra.Command, _ []string) error {
 		}
 	}
 
-	liqoIPAM, err := ipam.New(ctx, cl, &options.ServerOpts)
+	liqoIPAM, err := ipam.New(ctx, cl, []string{
+		"10.0.0.0/8", "192.168.0.0/16", "172.16.0.0/12",
+	}, &options.ServerOpts)
 	if err != nil {
 		return err
 	}

deployments/liqo/README.md

@@ -51,6 +51,7 @@
 | ipam.external.enabled | bool | `false` | Use an external IPAM to allocate the IP addresses for the pods. Enabling it will disable the internal IPAM. |
 | ipam.external.url | string | `""` | The URL of the external IPAM. |
 | ipam.externalCIDR | string | `"10.70.0.0/16"` | The subnet used for the external CIDR. |
+| ipam.internal.graphviz | bool | `false` | Enable/Disable the generation of graphviz files inside the ipam. This feature is useful to visualize the status of the ipam. The graphviz files are stored in the /graphviz directory of the ipam pod (a file for each network pool). You can access them using "kubectl cp". |
 | ipam.internal.image.name | string | `"ghcr.io/liqotech/ipam"` | Image repository for the IPAM pod. |
 | ipam.internal.image.version | string | `""` | Custom version for the IPAM image. If not specified, the global tag is used. |
 | ipam.internal.pod.annotations | object | `{}` | Annotations for the IPAM pod. |
@@ -59,6 +60,7 @@
 | ipam.internal.pod.priorityClassName | string | `""` | PriorityClassName (https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority) for the IPAM pod. |
 | ipam.internal.pod.resources | object | `{"limits":{},"requests":{}}` | Resource requests and limits (https://kubernetes.io/docs/user-guide/compute-resources/) for the IPAM pod. |
 | ipam.internal.replicas | int | `1` | The number of IPAM instances to run, which can be increased for active/passive high availability. |
+| ipam.internal.syncInterval | string | `"2m"` | Set the interval at which the IPAM pod will synchronize it's in-memory status with the local cluster. If you want to disable the synchronization, set the interval to 0. |
 | ipam.internalCIDR | string | `"10.80.0.0/16"` | The subnet used for the internal CIDR. These IPs are assigned to the Liqo internal-network interfaces. |
 | ipam.podCIDR | string | `""` | The subnet used by the pods in your cluster, in CIDR notation (e.g., 10.0.0.0/16). |
 | ipam.reservedSubnets | list | `[]` | List of IP subnets that do not have to be used by Liqo. Liqo can perform automatic IP address remapping when a remote cluster is peering with you, e.g., in case IP address spaces (e.g., PodCIDR) overlaps. In order to prevent IP conflicting between locally used private subnets in your infrastructure and private subnets belonging to remote clusters you need tell liqo the subnets used in your cluster. E.g if your cluster nodes belong to the 192.168.2.0/24 subnet, then you should add that subnet to the reservedSubnets. PodCIDR and serviceCIDR used in the local cluster are automatically added to the reserved list. |

deployments/liqo/templates/liqo-ipam-deployment.yaml

@@ -51,6 +51,7 @@ spec:
           args:
             - --pod-name=$(POD_NAME)
             - --port=6000
+            - --interval={{ .Values.ipam.internal.syncInterval }}
             {{- if $ha }}
             - --leader-election
             - --leader-election-namespace=$(POD_NAMESPACE)
@@ -61,6 +62,7 @@ spec:
             {{- if .Values.ipam.internal.pod.extraArgs }}
             {{- toYaml .Values.ipam.internal.pod.extraArgs | nindent 12 }}
             {{- end }}
+            - --enable-graphviz={{ .Values.ipam.internal.graphviz }}
           env:
           - name: POD_NAME
             valueFrom:
@@ -71,6 +73,11 @@ spec:
              fieldRef:
                fieldPath: metadata.namespace
           resources: {{- toYaml .Values.ipam.internal.pod.resources | nindent 12 }}
+          {{- if .Values.ipam.internal.graphviz }}
+          volumeMounts:
+            - mountPath: /graphviz
+              name: graphviz
+          {{- end }}
       {{- if ((.Values.common).nodeSelector) }}
       nodeSelector:
       {{- toYaml .Values.common.nodeSelector | nindent 8 }}
@@ -86,5 +93,9 @@ spec:
       {{- if .Values.ipam.internal.pod.priorityClassName }}
       priorityClassName: {{ .Values.ipam.internal.pod.priorityClassName }}
       {{- end }}
-
+      {{- if .Values.ipam.internal.graphviz }}
+      volumes:
+        - name: graphviz
+          emptyDir: {}
+      {{- end }}
 {{- end }}

deployments/liqo/values.yaml

@@ -441,6 +441,14 @@ ipam:
         requests: {}
       # -- PriorityClassName (https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority) for the IPAM pod.
       priorityClassName: ""
+    # -- Enable/Disable the generation of graphviz files inside the ipam.
+    # This feature is useful to visualize the status of the ipam.
+    # The graphviz files are stored in the /graphviz directory of the ipam pod (a file for each network pool).
+    # You can access them using "kubectl cp".
+    graphviz: false
+    # -- Set the interval at which the IPAM pod will synchronize it's in-memory status with the local cluster.
+    # If you want to disable the synchronization, set the interval to 0.
+    syncInterval: 2m
   # -- The subnet used by the pods in your cluster, in CIDR notation (e.g., 10.0.0.0/16).
   podCIDR: ""
   # -- The subnet used by the services in you cluster, in CIDR notation (e.g., 172.16.0.0/16).

pkg/ipam/core/doc.go

@@ -0,0 +1,16 @@
+// Copyright 2019-2024 The Liqo Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package ipamcore provides the core functionality for the IPAM service.
+package ipamcore

pkg/ipam/core/ipam.go

@@ -0,0 +1,207 @@
+// Copyright 2019-2024 The Liqo Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package ipamcore
+
+import (
+	"fmt"
+	"net/netip"
+	"slices"
+)
+
+// Ipam represents the IPAM core structure.
+type Ipam struct {
+	roots []node
+}
+
+// NewIpam creates a new IPAM instance.
+func NewIpam(roots []string) (*Ipam, error) {
+	ipamRootsPrefixes := make([]netip.Prefix, len(roots))
+	for i, root := range roots {
+		ipamRootsPrefixes[i] = netip.MustParsePrefix(root)
+	}
+
+	if err := checkRoots(ipamRootsPrefixes); err != nil {
+		return nil, err
+	}
+
+	ipamRoots := make([]node, len(roots))
+	for i := range ipamRootsPrefixes {
+		ipamRoots[i] = newNode(ipamRootsPrefixes[i])
+	}
+
+	ipam := &Ipam{
+		roots: ipamRoots,
+	}
+
+	return ipam, nil
+}
+
+// NetworkAcquire allocates a network of the given size.
+// It returns the allocated network or nil if no network is available.
+func (ipam *Ipam) NetworkAcquire(size int) *netip.Prefix {
+	for i := range ipam.roots {
+		if result := allocateNetwork(size, &ipam.roots[i]); result != nil {
+			return result
+		}
+	}
+	return nil
+}
+
+// NetworkAcquireWithPrefix allocates a network with the given prefix.
+// It returns the allocated network or nil if the network is not available.
+func (ipam *Ipam) NetworkAcquireWithPrefix(prefix netip.Prefix) *netip.Prefix {
+	for i := range ipam.roots {
+		if result := allocateNetworkWithPrefix(prefix, &ipam.roots[i]); result != nil {
+			return result
+		}
+	}
+	return nil
+}
+
+// NetworkRelease frees the network with the given prefix.
+// It returns the freed network or nil if the network is not found.
+func (ipam *Ipam) NetworkRelease(prefix netip.Prefix) *netip.Prefix {
+	for i := range ipam.roots {
+		if isPrefixChildOf(ipam.roots[i].prefix, prefix) {
+			if result := networkRelease(prefix, &ipam.roots[i]); result != nil {
+				return result
+			}
+		}
+	}
+	return nil
+}
+
+// ListNetworks returns the list of allocated networks.
+func (ipam *Ipam) ListNetworks() []netip.Prefix {
+	var networks []netip.Prefix
+	for i := range ipam.roots {
+		networks = append(networks, listNetworks(&ipam.roots[i])...)
+	}
+	return networks
+}
+
+// NetworkIsAvailable checks if the network with the given prefix is allocated.
+// It returns false if the network is allocated or there is no suitable pool, true otherwise.
+func (ipam *Ipam) NetworkIsAvailable(prefix netip.Prefix) bool {
+	node, err := ipam.search(prefix)
+	if err != nil {
+		return false
+	}
+	if node == nil {
+		return true
+	}
+	return !node.acquired
+}
+
+// IPAcquire allocates an IP address from the given prefix.
+// It returns the allocated IP address or nil if the IP address is not available.
+func (ipam *Ipam) IPAcquire(prefix netip.Prefix) (*netip.Addr, error) {
+	node, err := ipam.search(prefix)
+	if err != nil {
+		return nil, err
+	}
+	if node != nil {
+		return node.ipAcquire(), nil
+	}
+
+	return nil, nil
+}
+
+// IPAcquireWithAddr allocates the IP address from the given prefix.
+// It returns the allocated IP address or nil if the IP address is not available.
+func (ipam *Ipam) IPAcquireWithAddr(prefix netip.Prefix, addr netip.Addr) (*netip.Addr, error) {
+	if !prefix.Contains(addr) {
+		return nil, fmt.Errorf("address %s is not contained in prefix %s", addr, prefix)
+	}
+	node, err := ipam.search(prefix)
+	if err != nil {
+		return nil, err
+	}
+	if node != nil {
+		return node.allocateIPWithAddr(addr), nil
+	}
+	return nil, nil
+}
+
+// IPRelease frees the IP address from the given prefix.
+// It returns the freed IP address or nil if the IP address is not found.
+func (ipam *Ipam) IPRelease(prefix netip.Prefix, addr netip.Addr) (*netip.Addr, error) {
+	node, err := ipam.search(prefix)
+	if err != nil {
+		return nil, err
+	}
+	if node != nil {
+		return node.ipRelease(addr), nil
+	}
+	return nil, nil
+}
+
+// ListIPs returns the list of allocated IP addresses from the given prefix.
+func (ipam *Ipam) ListIPs(prefix netip.Prefix) ([]netip.Addr, error) {
+	node, err := ipam.search(prefix)
+	if err != nil {
+		return nil, err
+	}
+	if node != nil {
+		return slices.Clone(node.ips), nil
+	}
+	return nil, nil
+}
+
+// IsAllocatedIP checks if the IP address is allocated from the given prefix.
+// It returns true if the IP address is allocated, false otherwise.
+func (ipam *Ipam) IsAllocatedIP(prefix netip.Prefix, addr netip.Addr) (bool, error) {
+	node, err := ipam.search(prefix)
+	if err != nil {
+		return false, err
+	}
+	if node != nil {
+		return node.isAllocatedIP(addr), nil
+	}
+	return false, nil
+}
+
+// ToGraphviz generates the Graphviz representation of the IPAM structure.
+func (ipam *Ipam) ToGraphviz() error {
+	for i := range ipam.roots {
+		_ = i
+		if err := ipam.roots[i].toGraphviz(); err != nil {
+			return fmt.Errorf("failed to generate Graphviz representation: %w", err)
+		}
+	}
+	return nil
+}
+
+func (ipam *Ipam) search(prefix netip.Prefix) (*node, error) {
+	for i := range ipam.roots {
+		if !isPrefixChildOf(ipam.roots[i].prefix, prefix) {
+			continue
+		}
+		if node := search(prefix, &ipam.roots[i]); node != nil {
+			return node, nil
+		}
+		return nil, nil
+	}
+	return nil, fmt.Errorf("prefix %s not contained in roots", prefix)
+}
+
+func checkRoots(roots []netip.Prefix) error {
+	for i := range roots {
+		if err := checkHostBitsZero(roots[i]); err != nil {
+			return err
+		}
+	}
+	return nil
+}