feat: skip in deleting ips and networks

Author: cheina97

cmd/ipam/main.go

@@ -70,9 +70,12 @@ func main() {
 
 	// Server options.
 	cmd.Flags().IntVar(&options.ServerOpts.Port, "port", consts.IpamPort, "The port on which to listen for incoming gRPC requests.")
-	cmd.Flags().DurationVar(&options.ServerOpts.SyncFrequency, "interval", consts.SyncFrequency,
+	cmd.Flags().DurationVar(&options.ServerOpts.SyncFrequency, "sync-interval", consts.SyncInterval,
 		"The interval at which the IPAM will synchronize the IPAM storage.")
 	cmd.Flags().BoolVar(&options.ServerOpts.GraphvizEnabled, "enable-graphviz", false, "Enable the graphviz output for the IPAM.")
+	cmd.Flags().StringSliceVar(&options.ServerOpts.Pools, "pools",
+		[]string{"10.0.0.0/8", "192.168.0.0/16", "172.16.0.0/12"}, "The pools used by the IPAM.",
+	)
 
 	// Leader election flags.
 	cmd.Flags().BoolVar(&options.EnableLeaderElection, "leader-election", false, "Enable leader election for IPAM. "+
@@ -133,9 +136,7 @@ func run(cmd *cobra.Command, _ []string) error {
 		}
 	}
 
-	liqoIPAM, err := ipam.New(ctx, cl, []string{
-		"10.0.0.0/8", "192.168.0.0/16", "172.16.0.0/12",
-	}, &options.ServerOpts)
+	liqoIPAM, err := ipam.New(ctx, cl, options.ServerOpts.Pools, &options.ServerOpts)
 	if err != nil {
 		return err
 	}

cmd/liqo-controller-manager/modules/networking.go

@@ -264,7 +264,7 @@ func initializeReservedNetworks(ctx context.Context, cl client.Client, ipamClien
 				Cidr: nw.Spec.CIDR.String(),
 			})
 			if err != nil {
-				return err
+				return fmt.Errorf("IPAM: %w", err)
 			}
 
 			if res.Available {
@@ -275,7 +275,7 @@ func initializeReservedNetworks(ctx context.Context, cl client.Client, ipamClien
 					PreAllocated: nw.Spec.PreAllocated,
 				})
 				if err != nil {
-					return err
+					return fmt.Errorf("IPAM: %w", err)
 				}
 			}
 
@@ -286,6 +286,7 @@ func initializeReservedNetworks(ctx context.Context, cl client.Client, ipamClien
 		if err := cl.Status().Update(ctx, nw); err != nil {
 			return fmt.Errorf("unable to update the reserved network %s: %w", nw.Name, err)
 		}
+		klog.Infof("Updated reserved Network %q status (spec: %s | status: %s)", client.ObjectKeyFromObject(nw), nw.Spec.CIDR, nw.Status.CIDR)
 	}
 
 	klog.Info("Reserved networks initialized")

deployments/liqo/templates/liqo-ipam-deployment.yaml

@@ -51,7 +51,7 @@ spec:
           args:
             - --pod-name=$(POD_NAME)
             - --port=6000
-            - --interval={{ .Values.ipam.internal.syncInterval }}
+            - --sync-interval={{ .Values.ipam.internal.syncInterval }}
             {{- if $ha }}
             - --leader-election
             - --leader-election-namespace=$(POD_NAMESPACE)

pkg/consts/ipam.go

@@ -22,8 +22,8 @@ type NetworkType string
 const (
 	// IpamPort is the port used by the IPAM gRPC server.
 	IpamPort = 6000
-	// SyncFrequency is the frequency at which the IPAM should periodically sync its status.
-	SyncFrequency = 2 * time.Minute
+	// SyncInterval is the frequency at which the IPAM should periodically sync its status.
+	SyncInterval = 2 * time.Minute
 
 	// NetworkNotRemappedLabelKey is the label key used to mark a Network that does not need CIDR remapping.
 	NetworkNotRemappedLabelKey = "ipam.liqo.io/network-not-remapped"

pkg/ipam/core/doc.go

@@ -13,4 +13,10 @@
 // limitations under the License.
 
 // Package ipamcore provides the core functionality for the IPAM service.
+//
+// The IPAM is organized like a binary tree, where each node represents a network.
+// In order to optimize the network allocation we use buddy mmory allocation alghorithm
+// to allocate networks like they are memory blocks (https://en.wikipedia.org/wiki/Buddy_memory_allocation).
+// When a network is splitted in two, the left child represents the first half of the network, while the right child
+// represents the second half. The splitting is done until the network is splitted in blocks of the desired size.
 package ipamcore

pkg/ipam/core/ipam.go

@@ -26,17 +26,17 @@ type Ipam struct {
 }
 
 // NewIpam creates a new IPAM instance.
-func NewIpam(roots []string) (*Ipam, error) {
-	ipamRootsPrefixes := make([]netip.Prefix, len(roots))
-	for i, root := range roots {
+func NewIpam(pools []string) (*Ipam, error) {
+	ipamRootsPrefixes := make([]netip.Prefix, len(pools))
+	for i, root := range pools {
 		ipamRootsPrefixes[i] = netip.MustParsePrefix(root)
 	}
 
 	if err := checkRoots(ipamRootsPrefixes); err != nil {
 		return nil, err
 	}
 
-	ipamRoots := make([]node, len(roots))
+	ipamRoots := make([]node, len(pools))
 	for i := range ipamRootsPrefixes {
 		ipamRoots[i] = newNode(ipamRootsPrefixes[i])
 	}
@@ -173,6 +173,17 @@ func (ipam *Ipam) IsAllocatedIP(prefix netip.Prefix, addr netip.Addr) (bool, err
 	return false, nil
 }
 
+// IsPrefixInRoots checks if the given prefix is contained in the roots.
+// It returns true if the prefix is contained, false otherwise.
+func (ipam *Ipam) IsPrefixInRoots(prefix netip.Prefix) bool {
+	for i := range ipam.roots {
+		if isPrefixChildOf(ipam.roots[i].prefix, prefix) {
+			return true
+		}
+	}
+	return false
+}
+
 // ToGraphviz generates the Graphviz representation of the IPAM structure.
 func (ipam *Ipam) ToGraphviz() error {
 	for i := range ipam.roots {

pkg/ipam/core/net.go

@@ -45,34 +45,47 @@ func checkHostBitsZero(prefix netip.Prefix) error {
 	return nil
 }
 
+// splitNetworkPrefix splits a network prefix into two subnets.
+// It increases the prefix length by one and sets the bit at
+// the new position to 0 or 1 to retrieve the two subnets.
 func splitNetworkPrefix(prefix netip.Prefix) (left, right netip.Prefix) {
+	// We neer to check that the host bits are zero.
 	if err := checkHostBitsZero(prefix); err != nil {
 		panic("Host bits must be zero")
 	}
 
+	// We need to convert the prefix to a byte slice to manipulate it.
 	bin, err := prefix.MarshalBinary()
 	if err != nil {
 		panic(err)
 	}
 
+	// We need to get the mask length to know where to split the prefix.
 	maskLen := bin[len(bin)-1]
 
+	// Since the prefix host bits are zero, we just need to shift
+	// the mask length by one to get the first splitted prefix.
 	left = netip.MustParsePrefix(
 		fmt.Sprintf("%s/%d", convertByteSliceToString(bin[:4]), maskLen+1),
 	)
 
+	// We need to set the bit at the mask length position to 1 to get the second splitted prefix.
+	// Since the IP is expressed like a slice of bytes, we need to get the byte index and the bit index to set the bit.
 	byteIndex := maskLen / 8
 	bitIndex := maskLen % 8
 
+	// We set the bit at the mask length position to 1.
 	bin[byteIndex] = setBit(bin[byteIndex], bitIndex)
 
+	// We forge and return the second splitted prefix.
 	right = netip.MustParsePrefix(
 		fmt.Sprintf("%s/%d", convertByteSliceToString(bin[:4]), maskLen+1),
 	)
 
 	return left, right
 }
 
+// isPrefixChildOf checks if the child prefix is a child of the parent prefix.
 func isPrefixChildOf(parent, child netip.Prefix) bool {
 	if parent.Bits() <= child.Bits() && parent.Overlaps(child) {
 		return true

pkg/ipam/core/node.go

@@ -50,14 +50,14 @@ func allocateNetwork(size int, node *node) *netip.Prefix {
 		return nil
 	}
 	if node.prefix.Bits() == size {
-		if !node.isSplit() {
+		if !node.isSplitted() {
 			node.acquired = true
 			return &node.prefix
 		}
 		return nil
 	}
 
-	if !node.isSplit() {
+	if !node.isSplitted() {
 		node.split()
 	}
 
@@ -81,7 +81,7 @@ func allocateNetworkWithPrefix(prefix netip.Prefix, node *node) *netip.Prefix {
 		return nil
 	}
 
-	if !node.isSplit() {
+	if !node.isSplitted() {
 		node.split()
 	}
 
@@ -157,6 +157,7 @@ func (n *node) ipAcquire() *netip.Addr {
 
 	size := int(math.Pow(2, float64(n.prefix.Addr().BitLen()-n.prefix.Bits())))
 
+	// If the lastip is not initialized, set it to the first address of the prefix.
 	if !n.lastip.IsValid() {
 		n.lastip = n.prefix.Addr()
 	}
@@ -168,6 +169,8 @@ func (n *node) ipAcquire() *netip.Addr {
 	}
 
 	for i := 0; i < size; i++ {
+		// we need to check if the address is contained in the prefix.
+		// If it is not, we need to set it to the first address of the prefix to prevent overflow.
 		if !n.prefix.Contains(addr) {
 			addr = n.prefix.Addr()
 		}
@@ -235,7 +238,7 @@ func search(prefix netip.Prefix, node *node) *node {
 }
 
 func (n *node) split() {
-	if n.isSplit() {
+	if n.isSplitted() {
 		return
 	}
 	left, right := splitNetworkPrefix(n.prefix)
@@ -265,16 +268,16 @@ func (n *node) insert(nd nodeDirection, prefix netip.Prefix) {
 }
 
 func (n *node) bestDirection() (first, second nodeDirection) {
-	if n.left.isSplit() {
+	if n.left.isSplitted() {
 		return leftDirection, rightDirection
 	}
-	if n.right.isSplit() {
+	if n.right.isSplitted() {
 		return rightDirection, leftDirection
 	}
 	return leftDirection, rightDirection
 }
 
-func (n *node) isSplit() bool {
+func (n *node) isSplitted() bool {
 	if n.left != nil && n.right != nil {
 		return true
 	}

pkg/ipam/initialize.go

@@ -25,6 +25,8 @@ import (
 // +kubebuilder:rbac:groups=ipam.liqo.io,resources=networks,verbs=get;list;watch
 
 func (lipam *LiqoIPAM) initialize(ctx context.Context) error {
+	lipam.mutex.Lock()
+	defer lipam.mutex.Unlock()
 	klog.Info("Initializing IPAM")
 
 	if err := lipam.initializeNetworks(ctx); err != nil {

pkg/ipam/ipam.go

@@ -19,6 +19,7 @@ import (
 	"errors"
 	"fmt"
 	"net/netip"
+	"strings"
 	"sync"
 	"time"
 
@@ -90,6 +91,10 @@ func (lipam *LiqoIPAM) IPAcquire(_ context.Context, req *IPAcquireRequest) (*IPA
 		return &IPAcquireResponse{}, fmt.Errorf("failed to parse prefix %q: %w", req.GetCidr(), err)
 	}
 
+	if !lipam.isInPool(prefix) {
+		return nil, fmt.Errorf("prefix %q is not in the pool %q", req.GetCidr(), strings.Join(lipam.opts.Pools, ","))
+	}
+
 	remappedIP, err := lipam.ipAcquire(prefix)
 	if err != nil {
 		return &IPAcquireResponse{}, err
@@ -133,6 +138,10 @@ func (lipam *LiqoIPAM) NetworkAcquire(_ context.Context, req *NetworkAcquireRequ
 		return &NetworkAcquireResponse{}, fmt.Errorf("failed to parse prefix %q: %w", req.GetCidr(), err)
 	}
 
+	if !lipam.isInPool(prefix) {
+		return &NetworkAcquireResponse{}, fmt.Errorf("prefix %q is not in the pool %q", req.GetCidr(), strings.Join(lipam.opts.Pools, ","))
+	}
+
 	if req.GetImmutable() {
 		remappedCidr, err = lipam.networkAcquireSpecific(prefix)
 		if err != nil {
@@ -182,6 +191,10 @@ func (lipam *LiqoIPAM) NetworkIsAvailable(_ context.Context, req *NetworkAvailab
 		return &NetworkAvailableResponse{}, fmt.Errorf("failed to parse prefix %q: %w", req.GetCidr(), err)
 	}
 
+	if !lipam.isInPool(prefix) {
+		return &NetworkAvailableResponse{}, fmt.Errorf("prefix %q is not in the pool %q", req.GetCidr(), strings.Join(lipam.opts.Pools, ","))
+	}
+
 	available := lipam.networkIsAvailable(prefix)
 
 	return &NetworkAvailableResponse{Available: available}, nil