Add vrf association to Interface resource

This change introduces a new field on the `Interface` resource to allow
to configure an interface as part of a specified `VRF` (Network
Instance) instead of configuring them in the DEFAULT_INSTANCE vrf where
they are configured by default. This configuration is only allowed in L3
interfaces.

Author: felix-kaestner

Tiltfile

@@ -49,6 +49,7 @@ k8s_resource(new_name='eth1-2', objects=['eth1-2:interface'], trigger_mode=TRIGG
 k8s_resource(new_name='eth1-10', objects=['eth1-10:interface'], trigger_mode=TRIGGER_MODE_MANUAL, auto_init=False)
 k8s_resource(new_name='po10', objects=['po-10:interface'], trigger_mode=TRIGGER_MODE_MANUAL, auto_init=False)
 k8s_resource(new_name='svi-10', objects=['svi-10:interface'], resource_deps=['vlan-10'], trigger_mode=TRIGGER_MODE_MANUAL, auto_init=False)
+k8s_resource(new_name='eth1-30', objects=['eth1-30:interface'], resource_deps=['vrf-vpc-keepalive'], trigger_mode=TRIGGER_MODE_MANUAL, auto_init=False)
 
 k8s_yaml('./config/samples/v1alpha1_banner.yaml')
 k8s_resource(new_name='banner', objects=['banner:banner'], trigger_mode=TRIGGER_MODE_MANUAL, auto_init=False)
@@ -83,6 +84,7 @@ k8s_resource(new_name='isis-underlay', objects=['underlay:isis'], resource_deps=
 k8s_yaml('./config/samples/v1alpha1_vrf.yaml')
 k8s_resource(new_name='vrf-admin', objects=['vrf-cc-admin:vrf'], trigger_mode=TRIGGER_MODE_MANUAL, auto_init=False)
 k8s_resource(new_name='vrf-001', objects=['vrf-cc-prod-001:vrf'], trigger_mode=TRIGGER_MODE_MANUAL, auto_init=False)
+k8s_resource(new_name='vrf-vpc-keepalive', objects=['vpc-keepalive:vrf'], trigger_mode=TRIGGER_MODE_MANUAL, auto_init=False)
 
 k8s_yaml('./config/samples/v1alpha1_pim.yaml')
 k8s_resource(new_name='pim', objects=['pim:pim'], resource_deps=['lo0', 'lo1', 'eth1-1', 'eth1-2'], trigger_mode=TRIGGER_MODE_MANUAL, auto_init=False)

api/core/v1alpha1/groupversion_info.go

@@ -50,6 +50,10 @@ const AggregateLabel = "networking.metal.ironcore.dev/aggregate-name"
 // the name of the RoutedVLAN interface that provides Layer 3 routing for the VLAN.
 const RoutedVLANLabel = "networking.metal.ironcore.dev/routed-vlan-name"
 
+// VRFLabel is a label applied to interfaces to indicate
+// the name of the VRF they belong to.
+const VRFLabel = "networking.metal.ironcore.dev/vrf-name"
+
 // Condition types that are used across different objects.
 const (
 	// ReadyCondition is the top-level status condition that reports if an object is ready.
@@ -122,4 +126,7 @@ const (
 
 	// VLANAlreadyInUseReason indicates that a VLAN is already in use by another routed VLAN interface.
 	VLANAlreadyInUseReason = "VLANAlreadyInUse"
+
+	// VRFNotFoundReason indicates that a referenced VRF was not found.
+	VRFNotFoundReason = "VRFNotFound"
 )

api/core/v1alpha1/interface_types.go

@@ -18,6 +18,8 @@ import (
 // +kubebuilder:validation:XValidation:rule="self.type == 'RoutedVLAN' || !has(self.vlanRef)", message="vlanRef must only be specified on interfaces of type RoutedVLAN"
 // +kubebuilder:validation:XValidation:rule="self.type != 'RoutedVLAN' || !has(self.switchport)", message="switchport must not be specified for interfaces of type RoutedVLAN"
 // +kubebuilder:validation:XValidation:rule="self.type != 'RoutedVLAN' || !has(self.aggregation)", message="aggregation must not be specified for interfaces of type RoutedVLAN"
+// +kubebuilder:validation:XValidation:rule="self.type != 'Aggregate' || !has(self.vrfRef)", message="vrfRef must not be specified for interfaces of type Aggregate"
+// +kubebuilder:validation:XValidation:rule="self.type != 'Physical' || !has(self.switchport) || !has(self.vrfRef)", message="vrfRef must not be specified for Physical interfaces with switchport configuration"
 type InterfaceSpec struct {
 	// DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace.
 	// Immutable.
@@ -76,6 +78,13 @@ type InterfaceSpec struct {
 	// The referenced VLAN must exist in the same namespace.
 	// +optional
 	VlanRef *LocalObjectReference `json:"vlanRef,omitempty"`
+
+	// VrfRef is a reference to the VRF resource that this interface belongs to.
+	// If not specified, the interface will be part of the default VRF.
+	// This is only applicable for Layer 3 interfaces.
+	// The referenced VRF must exist in the same namespace.
+	// +optional
+	VrfRef *LocalObjectReference `json:"vrfRef,omitempty"`
 }
 
 // AdminState represents the administrative state of the interface.

api/core/v1alpha1/vrf_types.go

@@ -21,9 +21,11 @@ type VRFSpec struct {
 	ProviderConfigRef *TypedLocalObjectReference `json:"providerConfigRef,omitempty"`
 
 	// Name is the name of the VRF.
+	// Immutable.
 	// +required
 	// +kubebuilder:validation:MinLength=1
 	// +kubebuilder:validation:MaxLength=32
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Name is immutable"
 	Name string `json:"name"`
 
 	// Description provides a human-readable description of the VRF.

api/core/v1alpha1/zz_generated.deepcopy.go

@@ -345,6 +345,24 @@ spec:
                 - name
                 type: object
                 x-kubernetes-map-type: atomic
+              vrfRef:
+                description: |-
+                  VrfRef is a reference to the VRF resource that this interface belongs to.
+                  If not specified, the interface will be part of the default VRF.
+                  This is only applicable for Layer 3 interfaces.
+                  The referenced VRF must exist in the same namespace.
+                properties:
+                  name:
+                    description: |-
+                      Name of the referent.
+                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                    maxLength: 63
+                    minLength: 1
+                    type: string
+                required:
+                - name
+                type: object
+                x-kubernetes-map-type: atomic
             required:
             - adminState
             - deviceRef
@@ -373,6 +391,11 @@ spec:
               rule: self.type != 'RoutedVLAN' || !has(self.switchport)
             - message: aggregation must not be specified for interfaces of type RoutedVLAN
               rule: self.type != 'RoutedVLAN' || !has(self.aggregation)
+            - message: vrfRef must not be specified for interfaces of type Aggregate
+              rule: self.type != 'Aggregate' || !has(self.vrfRef)
+            - message: vrfRef must not be specified for Physical interfaces with switchport
+                configuration
+              rule: self.type != 'Physical' || !has(self.switchport) || !has(self.vrfRef)
           status:
             description: |-
               Status of the resource. This is set and updated automatically.

charts/network-operator/templates/crd/networking.metal.ironcore.dev_interfaces.yaml

@@ -86,10 +86,15 @@ spec:
                 - message: DeviceRef is immutable
                   rule: self == oldSelf
               name:
-                description: Name is the name of the VRF.
+                description: |-
+                  Name is the name of the VRF.
+                  Immutable.
                 maxLength: 32
                 minLength: 1
                 type: string
+                x-kubernetes-validations:
+                - message: Name is immutable
+                  rule: self == oldSelf
               providerConfigRef:
                 description: |-
                   ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface.

charts/network-operator/templates/crd/networking.metal.ironcore.dev_vrfs.yaml

@@ -339,6 +339,24 @@ spec:
                 - name
                 type: object
                 x-kubernetes-map-type: atomic
+              vrfRef:
+                description: |-
+                  VrfRef is a reference to the VRF resource that this interface belongs to.
+                  If not specified, the interface will be part of the default VRF.
+                  This is only applicable for Layer 3 interfaces.
+                  The referenced VRF must exist in the same namespace.
+                properties:
+                  name:
+                    description: |-
+                      Name of the referent.
+                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                    maxLength: 63
+                    minLength: 1
+                    type: string
+                required:
+                - name
+                type: object
+                x-kubernetes-map-type: atomic
             required:
             - adminState
             - deviceRef
@@ -367,6 +385,11 @@ spec:
               rule: self.type != 'RoutedVLAN' || !has(self.switchport)
             - message: aggregation must not be specified for interfaces of type RoutedVLAN
               rule: self.type != 'RoutedVLAN' || !has(self.aggregation)
+            - message: vrfRef must not be specified for interfaces of type Aggregate
+              rule: self.type != 'Aggregate' || !has(self.vrfRef)
+            - message: vrfRef must not be specified for Physical interfaces with switchport
+                configuration
+              rule: self.type != 'Physical' || !has(self.switchport) || !has(self.vrfRef)
           status:
             description: |-
               Status of the resource. This is set and updated automatically.

config/crd/bases/networking.metal.ironcore.dev_interfaces.yaml

@@ -80,10 +80,15 @@ spec:
                 - message: DeviceRef is immutable
                   rule: self == oldSelf
               name:
-                description: Name is the name of the VRF.
+                description: |-
+                  Name is the name of the VRF.
+                  Immutable.
                 maxLength: 32
                 minLength: 1
                 type: string
+                x-kubernetes-validations:
+                - message: Name is immutable
+                  rule: self == oldSelf
               providerConfigRef:
                 description: |-
                   ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface.

config/crd/bases/networking.metal.ironcore.dev_vrfs.yaml

@@ -155,3 +155,24 @@ spec:
   ipv4:
     addresses:
       - 192.168.10.254/24
+---
+apiVersion: networking.metal.ironcore.dev/v1alpha1
+kind: Interface
+metadata:
+  labels:
+    app.kubernetes.io/name: network-operator
+    app.kubernetes.io/managed-by: kustomize
+    networking.metal.ironcore.dev/device-name: leaf1
+  name: eth1-30
+spec:
+  deviceRef:
+    name: leaf1
+  name: eth1/30
+  description: vPC Keepalive
+  adminState: Up
+  type: Physical
+  ipv4:
+    addresses:
+      - 10.1.1.1/30
+  vrfRef:
+    name: vpc-keepalive