Merge pull request #18177 from moshevayner/linode-support

feat(cloud): add Linode (Akamai) cloud provider API registration

Author: k8s-ci-robot

pkg/apis/kops/cluster.go

@@ -204,6 +204,8 @@ type CloudProviderSpec struct {
 	Openstack *OpenstackSpec `json:"openstack,omitempty"`
 	// Scaleway configures the Scaleway cloud provider.
 	Scaleway *ScalewaySpec `json:"scaleway,omitempty"`
+	// Linode configures the Linode (Akamai) cloud provider.
+	Linode *LinodeSpec `json:"linode,omitempty"`
 }
 
 // AWSSpec configures the AWS cloud provider.
@@ -265,6 +267,9 @@ type HetznerSpec struct{}
 type ScalewaySpec struct {
 }
 
+// LinodeSpec configures the Linode (Akamai) cloud provider.
+type LinodeSpec struct{}
+
 type KarpenterConfig struct {
 	Enabled       bool               `json:"enabled,omitempty"`
 	LogEncoding   string             `json:"logFormat,omitempty"`
@@ -1013,6 +1018,8 @@ func (c *Cluster) GetCloudProvider() CloudProviderID {
 		return CloudProviderOpenstack
 	} else if spec.CloudProvider.Scaleway != nil {
 		return CloudProviderScaleway
+	} else if spec.CloudProvider.Linode != nil {
+		return CloudProviderLinode
 	}
 	return ""
 }

pkg/apis/kops/model/features.go

@@ -31,6 +31,8 @@ func UseChallengeCallback(cloudProvider kops.CloudProviderID) bool {
 		return true
 	case kops.CloudProviderAzure:
 		return true
+	case kops.CloudProviderLinode:
+		return true
 	default:
 		return false
 	}

pkg/apis/kops/v1alpha2/conversion.go

@@ -171,6 +171,8 @@ func Convert_v1alpha2_ClusterSpec_To_kops_ClusterSpec(in *ClusterSpec, out *kops
 		}
 	case kops.CloudProviderScaleway:
 		out.CloudProvider.Scaleway = &kops.ScalewaySpec{}
+	case kops.CloudProviderLinode:
+		out.CloudProvider.Linode = &kops.LinodeSpec{}
 	case "":
 	default:
 		return field.NotSupported(field.NewPath("spec").Child("cloudProvider"), in.LegacyCloudProvider, []string{
@@ -179,6 +181,7 @@ func Convert_v1alpha2_ClusterSpec_To_kops_ClusterSpec(in *ClusterSpec, out *kops
 			string(kops.CloudProviderAzure),
 			string(kops.CloudProviderAWS),
 			string(kops.CloudProviderHetzner),
+			string(kops.CloudProviderLinode),
 			string(kops.CloudProviderOpenstack),
 			string(kops.CloudProviderScaleway),
 		})
@@ -440,6 +443,9 @@ func Convert_kops_ClusterSpec_To_v1alpha2_ClusterSpec(in *kops.ClusterSpec, out
 	if in.CloudProvider.Scaleway != nil {
 		out.LegacyCloudProvider = string(kops.CloudProviderScaleway)
 	}
+	if in.CloudProvider.Linode != nil {
+		out.LegacyCloudProvider = string(kops.CloudProviderLinode)
+	}
 	switch kops.CloudProviderID(out.LegacyCloudProvider) {
 	case kops.CloudProviderAWS:
 		aws := in.CloudProvider.AWS

pkg/apis/kops/v1alpha3/cluster.go

@@ -195,6 +195,8 @@ type CloudProviderSpec struct {
 	Openstack *OpenstackSpec `json:"openstack,omitempty"`
 	// Scaleway configures the Scaleway cloud provider.
 	Scaleway *ScalewaySpec `json:"scaleway,omitempty"`
+	// Linode configures the Linode (Akamai) cloud provider.
+	Linode *LinodeSpec `json:"linode,omitempty"`
 }
 
 // AWSSpec configures the AWS cloud provider.
@@ -256,6 +258,9 @@ type HetznerSpec struct{}
 type ScalewaySpec struct {
 }
 
+// LinodeSpec configures the Linode (Akamai) cloud provider.
+type LinodeSpec struct{}
+
 type KarpenterConfig struct {
 	Enabled       bool               `json:"enabled,omitempty"`
 	LogEncoding   string             `json:"logEncoding,omitempty"`

pkg/apis/kops/v1alpha3/zz_generated.conversion.go

@@ -170,6 +170,8 @@ func ValidateCluster(c *kops.Cluster, strict bool, vfsContext *vfs.VFSContext) f
 			k8sCloudProvider = "azure"
 		case kops.CloudProviderScaleway:
 			k8sCloudProvider = "external"
+		case kops.CloudProviderLinode:
+			k8sCloudProvider = "external"
 		default:
 			// We already added an error above
 			k8sCloudProvider = "ignore"

pkg/apis/kops/v1alpha3/zz_generated.deepcopy.go

@@ -380,6 +380,16 @@ func validateCloudProvider(c *kops.Cluster, provider *kops.CloudProviderSpec, fi
 		constraints.requiresNetworkCIDR = false
 		constraints.requiresSubnetCIDR = false
 	}
+	if c.Spec.CloudProvider.Linode != nil {
+		if optionTaken {
+			allErrs = append(allErrs, field.Forbidden(fieldSpec.Child("linode"), "only one cloudProvider option permitted"))
+		}
+		optionTaken = true
+		constraints.requiresSubnets = false
+		constraints.requiresSubnetCIDR = false
+		constraints.requiresSubnetRegion = true
+		constraints.requiresNetworkCIDR = false
+	}
 	if c.GetCloudProvider() == kops.CloudProviderMetal {
 		if optionTaken {
 			allErrs = append(allErrs, field.Forbidden(fieldSpec.Child("metal"), "only one cloudProvider option permitted"))
@@ -1018,6 +1028,17 @@ func validateNetworking(cluster *kops.Cluster, v *kops.NetworkingSpec, fldPath *
 				allErrs = append(allErrs, field.Forbidden(fldPath.Child("networkCIDR"), "DO doesn't support specifying both NetworkID and NetworkCIDR"))
 			}
 		}
+
+		if cluster.GetCloudProvider() == kops.CloudProviderLinode {
+			// verify if the NetworkCIDR is in a private range as per RFC1918
+			if networkCIDR != nil && !networkCIDR.IP.IsPrivate() {
+				allErrs = append(allErrs, field.Invalid(fldPath.Child("networkCIDR"), v.NetworkCIDR, "networkCIDR must be within a private IP range"))
+			}
+			// verify if networkID is not specified. In case of Linode (Akamai), this is mutually exclusive.
+			if v.NetworkID != "" {
+				allErrs = append(allErrs, field.Forbidden(fldPath.Child("networkCIDR"), "Linode (Akamai) doesn't support specifying both NetworkID and NetworkCIDR"))
+			}
+		}
 	}
 
 	if len(v.AdditionalNetworkCIDRs) > 0 && providerConstraints.prohibitsMultipleNetworkCIDRs {

pkg/apis/kops/validation/legacy.go

@@ -1851,3 +1851,83 @@ func Test_Validate_NriConfig(t *testing.T) {
 		testErrors(t, g.Input.Containerd, errs, g.ExpectedErrors)
 	}
 }
+
+func newLinodeClusterForNetworkingValidation(networking kops.NetworkingSpec) *kops.Cluster {
+	return &kops.Cluster{
+		Spec: kops.ClusterSpec{
+			CloudProvider: kops.CloudProviderSpec{
+				Linode: &kops.LinodeSpec{},
+			},
+			Networking: networking,
+		},
+	}
+}
+
+func validLinodeNetworkingSpec() kops.NetworkingSpec {
+	return kops.NetworkingSpec{
+		NetworkCIDR:           "10.0.0.0/8",
+		NonMasqueradeCIDR:     "100.64.0.0/10",
+		PodCIDR:               "100.96.0.0/11",
+		ServiceClusterIPRange: "100.64.0.0/13",
+		Subnets: []kops.ClusterSubnetSpec{
+			{
+				Name:   "subnet-us-east",
+				CIDR:   "10.11.0.0/16",
+				Type:   kops.SubnetTypePublic,
+				Region: "us-east",
+			},
+		},
+	}
+}
+
+func TestValidateNetworkingLinode(t *testing.T) {
+	tests := []struct {
+		name     string
+		network  kops.NetworkingSpec
+		expected []*field.Error
+	}{
+		{
+			name:    "accepts private network CIDR",
+			network: validLinodeNetworkingSpec(),
+		},
+		{
+			name: "rejects public network CIDR",
+			network: func() kops.NetworkingSpec {
+				n := validLinodeNetworkingSpec()
+				n.NetworkCIDR = "8.8.8.0/24"
+				n.Subnets[0].CIDR = "8.8.8.0/25"
+				return n
+			}(),
+			expected: []*field.Error{
+				{
+					Type:   field.ErrorTypeInvalid,
+					Field:  "networking.networkCIDR",
+					Detail: "networkCIDR must be within a private IP range",
+				},
+			},
+		},
+		{
+			name: "rejects networkID with networkCIDR",
+			network: func() kops.NetworkingSpec {
+				n := validLinodeNetworkingSpec()
+				n.NetworkID = "123456"
+				return n
+			}(),
+			expected: []*field.Error{
+				{
+					Type:   field.ErrorTypeForbidden,
+					Field:  "networking.networkCIDR",
+					Detail: "Linode (Akamai) doesn't support specifying both NetworkID and NetworkCIDR",
+				},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			cluster := newLinodeClusterForNetworkingValidation(tt.network)
+			errList := validateNetworking(cluster, &cluster.Spec.Networking, field.NewPath("networking"), true, &cloudProviderConstraints{})
+			testFieldErrors(t, errList, tt.expected)
+		})
+	}
+}