bump version to v1.2.0

.github/workflows/build-image-ci.yaml

@@ -7,6 +7,23 @@ env:
   ONLINE_REGISTER_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
 
 on:
+  workflow_dispatch:
+    inputs:
+      ref:
+        description: 'Git ref to build (branch, tag, or SHA)'
+        required: false
+        default: ''
+        type: string
+      push:
+        description: 'Push images to registry'
+        required: false
+        default: false
+        type: boolean
+      upload_artifacts:
+        description: 'Upload images as artifacts for download'
+        required: true
+        default: true
+        type: boolean
   workflow_run:
     workflows:
       - "Image CI Cache Cleaner"
@@ -63,7 +80,17 @@ jobs:
         id: tag
         run: |
           echo ${{ github.event_name }}
-          if ${{ inputs.ref != '' }}; then
+          if ${{ github.event_name == 'workflow_dispatch' }}; then
+              echo "trigger by workflow_dispatch"
+              # Use provided ref or default to current commit SHA
+              REF="${{ github.event.inputs.ref }}"
+              if [ -z "$REF" ]; then
+                  REF="${{ github.sha }}"
+              fi
+              echo "tag=$REF" >> $GITHUB_ENV
+              echo "push=${{ github.event.inputs.push }}" >> $GITHUB_ENV
+              echo "upload_artifacts=${{ github.event.inputs.upload_artifacts }}" >> $GITHUB_ENV
+          elif ${{ inputs.ref != '' }}; then
               echo "trigger by workflow_call"
               echo "tag=${{ inputs.ref }}" >> $GITHUB_ENV
               echo "push=${{ inputs.push }}" >> $GITHUB_ENV
@@ -75,10 +102,11 @@ jobs:
               echo "trigger by pull_request_target"
               echo "tag=${{ github.event.pull_request.head.sha }}" >> $GITHUB_ENV
               echo "push=false" >> $GITHUB_ENV
-          elif ${{ github.event_name == 'workflow_run' }} ; then
+          elif ${{ github.event_name == 'workflow_run' }}; then
               echo "trigger by workflow_run"
               echo "tag=main" >> $GITHUB_ENV
               echo "push=false" >> $GITHUB_ENV
+              echo "upload_artifacts=false" >> $GITHUB_ENV
           else
               echo "trigger by ${{ github.event_name }}"
               echo "tag=${{ github.sha }}" >> $GITHUB_ENV
@@ -248,6 +276,42 @@ jobs:
           echo "${{ env.ONLINE_REGISTER }}/${{ github.repository }}/${{ matrix.name }}-ci:${{ env.tag }}@${{ steps.docker_build_ci_pr.outputs.digest }}" > image-digest/${{ matrix.name }}.txt
           echo "${{ env.ONLINE_REGISTER }}/${{ github.repository }}/${{ matrix.name }}-ci:${{ env.tag }}-race@${{ steps.docker_build_ci_pr_detect_race_condition.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt
 
+      # Export amd64 image tar for workflow_dispatch
+      - name: Export ${{ matrix.name }} amd64 image
+        if: ${{ github.event_name == 'workflow_dispatch' && env.upload_artifacts == 'true' }}
+        uses: docker/build-push-action@v6.15.0
+        with:
+          context: .
+          file: ${{ matrix.dockerfile }}
+          push: false
+          platforms: linux/amd64
+          outputs: type=docker,dest=/tmp/${{ matrix.name }}-amd64.tar
+          github-token: ${{ secrets.WELAN_PAT }}
+          tags: |
+            ${{ env.ONLINE_REGISTER }}/${{ github.repository }}/${{ matrix.name }}-ci:${{ env.tag }}-amd64
+          build-args: |
+            GIT_COMMIT_VERSION=${{ env.commitver }}
+            GIT_COMMIT_TIME=${{ env.committime }}
+            VERSION=${{ env.tag }}
+
+      # Export arm64 image tar for workflow_dispatch
+      - name: Export ${{ matrix.name }} arm64 image
+        if: ${{ github.event_name == 'workflow_dispatch' && env.upload_artifacts == 'true' }}
+        uses: docker/build-push-action@v6.15.0
+        with:
+          context: .
+          file: ${{ matrix.dockerfile }}
+          push: false
+          platforms: linux/arm64
+          outputs: type=docker,dest=/tmp/${{ matrix.name }}-arm64.tar
+          github-token: ${{ secrets.WELAN_PAT }}
+          tags: |
+            ${{ env.ONLINE_REGISTER }}/${{ github.repository }}/${{ matrix.name }}-ci:${{ env.tag }}-arm64
+          build-args: |
+            GIT_COMMIT_VERSION=${{ env.commitver }}
+            GIT_COMMIT_TIME=${{ env.committime }}
+            VERSION=${{ env.tag }}
+
       # Upload artifact digests
       - name: Upload artifact digests
         uses: actions/upload-artifact@v6.0.0
@@ -256,6 +320,24 @@ jobs:
           path: image-digest
           retention-days: 1
 
+      # Upload artifact amd64 images tar
+      - name: Upload artifact ${{ matrix.name }} amd64 tar
+        if: ${{ github.event_name == 'workflow_dispatch' && env.upload_artifacts == 'true' }}
+        uses: actions/upload-artifact@v6.0.0
+        with:
+          name: ${{ matrix.name }}-amd64-${{ env.tag }}
+          path: /tmp/${{ matrix.name }}-amd64.tar
+          retention-days: 7
+
+      # Upload artifact arm64 images tar
+      - name: Upload artifact ${{ matrix.name }} arm64 tar
+        if: ${{ github.event_name == 'workflow_dispatch' && env.upload_artifacts == 'true' }}
+        uses: actions/upload-artifact@v6.0.0
+        with:
+          name: ${{ matrix.name }}-arm64-${{ env.tag }}
+          path: /tmp/${{ matrix.name }}-arm64.tar
+          retention-days: 7
+
       # Upload artifact race images tar
       - name: Upload artifact race image tar
         uses: actions/upload-artifact@v6.0.0

.github/workflows/build-image-plugins.yaml

@@ -88,6 +88,7 @@ jobs:
           echo "SRIOV_VERSION=${SRIOV_VERSION}" >> $GITHUB_OUTPUT
           echo "IB_SRIOV_VERSION=${IB_SRIOV_VERSION}" >> $GITHUB_OUTPUT
           echo "IPOIB_VERSION=${IPOIB_VERSION}" >> $GITHUB_OUTPUT
+          echo "VLAN_VERSION=${VLAN_VERSION}" >> $GITHUB_OUTPUT
 
       - name: Login to online register
         uses: docker/login-action@v3.4.0
@@ -118,6 +119,7 @@ jobs:
             SRIOV_VERSION=${{ steps.arg.outputs.SRIOV_VERSION }}
             IB_SRIOV_VERSION=${{ steps.arg.outputs.IB_SRIOV_VERSION }}
             IPOIB_VERSION=${{ steps.arg.outputs.IPOIB_VERSION }}
+            VLAN_VERSION=${{ steps.arg.outputs.VLAN_VERSION }}
 
       - name: Image Release Digest
         if: ${{ env == 'false' }}

AGENTS.md

@@ -0,0 +1,33 @@
+# Repository Guidelines
+
+## Project Structure & Module Organization
+
+Spiderpool is a Go Kubernetes networking project. Main binaries live in `cmd/`, reusable packages in `pkg/`, and Kubernetes APIs, generated clients, and OpenAPI specs in `api/`. Helm packaging is under `charts/spiderpool/`; container build assets are in `images/`. End-to-end assets and cluster scripts live in `test/`, documentation in `docs/`, design/spec work in `specs/`, and shared automation in `tools/` and `contrib/`. Avoid editing `vendor/` directly unless dependency vendoring is the explicit task.
+
+## Build, Test, and Development Commands
+
+- `make build-bin`: build Spiderpool binaries into the local output path.
+- `make install-bin`: install built binaries.
+- `make build_image`: build Docker images with buildx using the current commit version.
+- `make build_docker_image`: local Docker fallback when buildx has pull issues.
+- `make dev-doctor`: verify Go and required e2e tools such as Docker, kubectl, kind, and p2ctl.
+- `make gofmt`: run `go fmt` on Go packages.
+- `make lint-golang`: run format checks, lock checks, `go vet`, and `golangci-lint`.
+- `make manifests generate-k8s-api`: regenerate CRDs/RBAC/webhooks and deepcopy code.
+- `make openapi-code-gen`: regenerate OpenAPI clients from `api/v1/*/openapi.yaml`.
+
+## Coding Style & Naming Conventions
+
+Use Go 1.25 as declared in `go.mod`. Keep Go code `gofmt`/`gofumpt` clean and satisfy `.golangci.yaml` linters: `govet`, `errcheck`, `staticcheck`, `ineffassign`, and `errorlint`. Package names are lowercase and directory-oriented, for example `pkg/ippoolmanager` and `pkg/workloadendpointmanager`. Tests use `_test.go`; suite files follow `*_suite_test.go`.
+
+## Testing Guidelines
+
+Unit tests use Ginkgo v2 and Gomega. Run `make unittest-tests` for package and command tests; it also checks that non-suite test files include a Ginkgo `Label(...)`. For e2e work, build or pull images first, then use targets such as `make e2e_init_spiderpool` and `make e2e_test_spiderpool`. Narrow e2e runs with `E2E_GINKGO_LABELS=smoke` or `GINKGO_OPTION="--label-filter=CaseLabel"`.
+
+## Commit & Pull Request Guidelines
+
+History uses short imperative subjects with optional scopes, such as `fix: ...`, `test: ...`, `CI: ...`, `charts: ...`, and release bumps. Keep commits focused and sign them when following the contribution docs (`git commit -s`). PRs should link issues with `Fixes #...`, state unit or e2e coverage, mention docs impact, include reviewer notes when needed, and fill the release-note block with either content or `NONE`. Apply one release label: `release/none`, `release/bug`, or `release/feature`.
+
+## Agent-Specific Instructions
+
+Before changing generated Kubernetes or OpenAPI files, update the source definitions and run the matching generation or verify target. Do not revert unrelated local changes; this repository may contain concurrent contributor work.

CODEOWNERS

@@ -31,3 +31,4 @@
 /.openhands @weizhoublue
 /specs/ @weizhoublue @cyclinder
 /.dockerignore @weizhoublue @cyclinder
+/AGENTS.md @weizhoublue @cyclinder

README-zh_CN.md

@@ -35,7 +35,7 @@ Spiderpool 社区将定期维护如下的几个版本，之前较旧的 Spiderpo
 |                         发布分支                                      |                               发行说明                                              |
 | -------------------------------------------------------------------- | -------------------------------------------------------------------------------- |
 | [release-v1.1](https://github.com/spidernet-io/spiderpool/tree/release-v1.1) | [Release Notes](https://github.com/spidernet-io/spiderpool/releases/tag/v1.1.0)   |
-| [release-v1.0](https://github.com/spidernet-io/spiderpool/tree/release-v1.0) | [Release Notes](https://github.com/spidernet-io/spiderpool/releases/tag/v1.0.5)   |
+| [release-v1.0](https://github.com/spidernet-io/spiderpool/tree/release-v1.0) | [Release Notes](https://github.com/spidernet-io/spiderpool/releases/tag/v1.0.6)   |
 
 ## Underlay CNI 的优势
 
@@ -61,7 +61,7 @@ underlay CNI 主要指 macvlan、ipvlan、SR-IOV 等能够直接访问宿主机
 
 * 基于 CRD 的双栈 IPAM 能力
 
-    提供了独享、共享的 IP 地址池，支持设置各种亲和性，为中间件等有状态应用和 kubevirt 等固定 IP 地址值，为无状态应用固定 IP 地址范围，自动化管理独享的 IP 池，优秀的 IP 回收避免 IP 泄露等。并且，具备优秀的 [IPAM 分配性能](./docs/concepts/ipam-performance-zh_CN.md)。
+    提供了独享、共享的 IP 地址池，支持设置各种亲和性，为中间件等有状态应用和 kubevirt 等固定 IP 地址值，支持云上 IaaS 网络提供商绑定/释放云侧 IP 资源，为无状态应用固定 IP 地址范围，自动化管理独享的 IP 池，优秀的 IP 回收避免 IP 泄露等。并且，具备优秀的 [IPAM 分配性能](./docs/concepts/ipam-performance-zh_CN.md)。
 
     Spiderpool IPAM 组件能够为任何支持第三方 IPAM 的 main CNI 使用，不仅包含了 [Macvlan CNI](https://github.com/containernetworking/plugins/tree/main/plugins/main/macvlan)、[ipvlan CNI](https://github.com/containernetworking/plugins/tree/main/plugins/main/ipvlan) 和 [SR-IOV CNI](https://github.com/k8snetworkplumbingwg/sriov-cni), 也包括了 [calico](https://github.com/projectcalico/calico) 和 [weave](https://github.com/weaveworks/weave) 作为静态 IP 场景使用。
 

README.md

@@ -36,7 +36,7 @@ Listed below are the release notes for the currently maintained release branches
 
 |                         release branches                             |                               Release Notes                                       |
 | -------------------------------------------------------------------- | --------------------------------------------------------------------------------- |
-| [release-v1.1](https://github.com/spidernet-io/spiderpool/tree/release-v1.1) | [Release Notes](https://github.com/spidernet-io/spiderpool/releases/tag/v1.1.0)   |
+| [release-v1.1](https://github.com/spidernet-io/spiderpool/tree/release-v1.1) | [Release Notes](https://github.com/spidernet-io/spiderpool/releases/tag/v1.1.2)   |
 | [release-v1.0](https://github.com/spidernet-io/spiderpool/tree/release-v1.0) | [Release Notes](https://github.com/spidernet-io/spiderpool/releases/tag/v1.0.5)   |
 
 ## The Advantages Of Underlay CNI
@@ -63,7 +63,7 @@ The underlay CNI is mainly including macvlan, ipvlan, and SR-IOV, which cloud ac
 
 * CRD-based dual-stack IPAM
 
-    Spiderpool provides exclusive and shared IP address pools, supporting various affinity settings. It supports to assign static IP addresses for stateful applications such as [mysql](https://www.mysql.com), [redis](https://github.com/redis/redis), [kubevirt](https://github.com/kubevirt/kubevirt), while enabling fixed IP address ranges for stateless ones. Spiderpool automates the management of exclusive IP pools, ensuring excellent IP reclamation to avoid IP leakage. In additions, it provides [wonderful IPAM performance](./docs/concepts/ipam-performance.md).
+    Spiderpool provides exclusive and shared IP address pools, supporting various affinity settings. It supports to assign static IP addresses for stateful applications such as [mysql](https://www.mysql.com), [redis](https://github.com/redis/redis), [kubevirt](https://github.com/kubevirt/kubevirt), while enabling fixed IP address ranges for stateless ones. It also supports binding/releasing cloud-side IP resources with a generic IaaS Network Provider. Spiderpool automates the management of exclusive IP pools, ensuring excellent IP reclamation to avoid IP leakage. In additions, it provides [wonderful IPAM performance](./docs/concepts/ipam-performance.md).
 
     The IPAM of Spiderpool could be available for any main CNI supporting third-party IPAM plugin, not only including [Macvlan CNI](https://github.com/containernetworking/plugins/tree/main/plugins/main/macvlan), [ipvlan CNI](https://github.com/containernetworking/plugins/tree/main/plugins/main/ipvlan), and [SR-IOV CNI](https://github.com/k8snetworkplumbingwg/sriov-cni), but also [calico](https://github.com/projectcalico/calico) and [weave](https://github.com/weaveworks/weave) as static IP usage.
 

VERSION

@@ -1 +1 @@
-v1.2.0-rc1
+v1.2.0

charts/spiderpool/Chart.yaml

@@ -5,11 +5,11 @@ icon: https://raw.githubusercontent.com/spidernet-io/spiderpool/main/docs/images
 # application or library
 type: application
 # no need to modify this version , CI will auto update it with /VERSION
-version: 1.2.0-rc1
+version: 1.2.0
 # This field is informational, and has no impact on chart version calculations .
 # Leaving it unquoted can lead to parsing issues in some cases
 # no need to modify this version , CI will auto update it with /VERSION
-appVersion: "1.2.0-rc1"
+appVersion: "1.2.0"
 kubeVersion: ">= 1.16.0-0"
 description: underlay CNI solution for kubernetes
 sources:

charts/spiderpool/README.md

@@ -224,6 +224,7 @@ helm install spiderpool spiderpool/spiderpool --wait --namespace kube-system \
 | `plugins.installSriovCNI`        | install sriov cni to each node                             | `true`                                       |
 | `plugins.installibSriovCNI`      | install ib-sriov cni to each node                          | `true`                                       |
 | `plugins.installIpoibCNI`        | install ipoib cni to each node                             | `true`                                       |
+| `plugins.installVlanCNI`         | install vlan cni to each node                              | `true`                                       |
 | `plugins.image.registry`         | the image registry of plugins                              | `ghcr.io`                                    |
 | `plugins.image.repository`       | the image repository of plugins                            | `spidernet-io/spiderpool/spiderpool-plugins` |
 | `plugins.image.pullPolicy`       | the image pullPolicy of plugins                            | `IfNotPresent`                               |
@@ -459,3 +460,9 @@ helm install spiderpool spiderpool/spiderpool --wait --namespace kube-system \
 | `sriov.injectortls.auto.certExpiration`              | server cert expiration for auto method                                                                      | `73000`                                               |
 | `sriov.injectortls.auto.extraIpAddresses`            | extra IP addresses of server certificate for auto method                                                    | `[]`                                                  |
 | `sriov.injectortls.auto.extraDnsNames`               | extra DNS names of server cert for auto method                                                              | `[]`                                                  |
+
+### IaaS Network Provider Integration
+
+| Name                            | Description                                                                                                                 | Value |
+| ------------------------------- | --------------------------------------------------------------------------------------------------------------------------- | ----- |
+| `iaasNetworkProvider.serverUrl` | the URL of the IaaS provider service. Must include scheme (http or https) and port. If empty, IaaS integration is disabled. | `""`  |

charts/spiderpool/crds/spiderpool.spidernet.io_spidermultusconfigs.yaml

@@ -549,7 +549,6 @@ spec:
                     type: integer
                 required:
                 - master
-                - vlanID
                 type: object
             type: object
         type: object

charts/spiderpool/templates/configmap.yaml

@@ -36,6 +36,8 @@ data:
       enabled: {{ .Values.spiderpoolController.podResourceInject.enabled }}
       namespacesExclude: {{ toJson .Values.spiderpoolController.podResourceInject.namespacesExclude }}
       namespacesInclude: {{ toJson .Values.spiderpoolController.podResourceInject.namespacesInclude }}
+    iaasNetworkProvider:
+      serverUrl: {{ (.Values.iaasNetworkProvider).serverUrl | default "" | quote }}
 {{- if .Values.multus.multusCNI.install }}
 ---
 kind: ConfigMap

charts/spiderpool/templates/daemonset.yaml

@@ -80,7 +80,7 @@ spec:
                       - linux
       {{- end }}
       initContainers:
-        {{- if or .Values.plugins.installCNI .Values.plugins.installRdmaCNI .Values.plugins.installOvsCNI .Values.plugins.installibSriovCNI .Values.plugins.installIpoibCNI }}
+        {{- if or .Values.plugins.installCNI .Values.plugins.installRdmaCNI .Values.plugins.installOvsCNI .Values.plugins.installibSriovCNI .Values.plugins.installIpoibCNI .Values.plugins.installVlanCNI }}
         - name: install-plugins
           image: {{ include "plugins.image" . | quote }}
           imagePullPolicy: {{ .Values.plugins.image.pullPolicy }}
@@ -97,6 +97,8 @@ spec:
               value: {{ .Values.plugins.installibSriovCNI | quote }}
             - name: INSTALL_IPOIB_PLUGIN
               value: {{ .Values.plugins.installIpoibCNI | quote }}
+            - name: INSTALL_VLAN_PLUGIN
+              value: {{ .Values.plugins.installVlanCNI | quote }}
           command:
             - "/bin/sh"
             - "entrypoint.sh"

charts/spiderpool/values.yaml

@@ -307,6 +307,9 @@ plugins:
   ## @param plugins.installIpoibCNI install ipoib cni to each node
   installIpoibCNI: true
 
+  ## @param plugins.installVlanCNI install vlan cni to each node
+  installVlanCNI: true
+
   image:
     ## @param plugins.image.registry the image registry of plugins
     registry: ghcr.io
@@ -321,7 +324,7 @@ plugins:
     digest: ""
 
     ## @param plugins.image.tag the image tag of plugins
-    tag: bbd68a1183524257baae9c7456bbdcbfdbd9cb1e
+    tag: 19f19457ae7cec86457b0411543a3cf21dd9f95a
 
     ## @param plugins.image.imagePullSecrets the image imagePullSecrets of plugins
     imagePullSecrets: []
@@ -1063,3 +1066,9 @@ sriov:
 
       ## @param sriov.injectortls.auto.extraDnsNames extra DNS names of server cert for auto method
       extraDnsNames: []
+
+## @section IaaS Network Provider Integration
+##
+iaasNetworkProvider:
+  ## @param iaasNetworkProvider.serverUrl the URL of the IaaS provider service. Must include scheme (http or https) and port. If empty, IaaS integration is disabled.
+  serverUrl: ""