diff --git a/k8s/crds/kops.k8s.io_clusters.yaml b/k8s/crds/kops.k8s.io_clusters.yaml index 10eea53c29..816f7cd2db 100644 --- a/k8s/crds/kops.k8s.io_clusters.yaml +++ b/k8s/crds/kops.k8s.io_clusters.yaml @@ -4830,6 +4830,11 @@ spec: to provide L3/L4 network visibility, policy enforcement and other advanced features. Default: none' type: string + clusterID: + description: ClusterID is the ID of the cluster. It is only + relevant when building a mesh of clusters. Must be a number + between 1 and 255. + type: integer clusterName: description: ClusterName is the name of the cluster. It is only relevant when building a mesh of clusters. diff --git a/pkg/apis/kops/networking.go b/pkg/apis/kops/networking.go index 8abb5e6b4a..c2a7e31100 100644 --- a/pkg/apis/kops/networking.go +++ b/pkg/apis/kops/networking.go @@ -438,6 +438,9 @@ type CiliumNetworkingSpec struct { SidecarIstioProxyImage string `json:"sidecarIstioProxyImage,omitempty"` // ClusterName is the name of the cluster. It is only relevant when building a mesh of clusters. ClusterName string `json:"clusterName,omitempty"` + // ClusterID is the ID of the cluster. It is only relevant when building a mesh of clusters. + // Must be a number between 1 and 255. + ClusterID uint8 `json:"clusterID,omitempty"` // ToFQDNsDNSRejectResponseCode sets the DNS response code for rejecting DNS requests. // Possible values are "nameError" or "refused". // Default: refused diff --git a/pkg/apis/kops/v1alpha2/networking.go b/pkg/apis/kops/v1alpha2/networking.go index 1b7d7a9016..3ff1c4fe67 100644 --- a/pkg/apis/kops/v1alpha2/networking.go +++ b/pkg/apis/kops/v1alpha2/networking.go @@ -541,6 +541,9 @@ type CiliumNetworkingSpec struct { SidecarIstioProxyImage string `json:"sidecarIstioProxyImage,omitempty"` // ClusterName is the name of the cluster. It is only relevant when building a mesh of clusters. ClusterName string `json:"clusterName,omitempty"` + // ClusterID is the ID of the cluster. It is only relevant when building a mesh of clusters. + // Must be a number between 1 and 255. + ClusterID uint8 `json:"clusterID,omitempty"` // ToFQDNsDNSRejectResponseCode sets the DNS response code for rejecting DNS requests. // Possible values are "nameError" or "refused". // Default: refused diff --git a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go index ff7dcd32c4..a79b1203bd 100644 --- a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go +++ b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go @@ -1988,6 +1988,7 @@ func autoConvert_v1alpha2_CiliumNetworkingSpec_To_kops_CiliumNetworkingSpec(in * out.PreallocateBPFMaps = in.PreallocateBPFMaps out.SidecarIstioProxyImage = in.SidecarIstioProxyImage out.ClusterName = in.ClusterName + out.ClusterID = in.ClusterID out.ToFQDNsDNSRejectResponseCode = in.ToFQDNsDNSRejectResponseCode out.ToFQDNsEnablePoller = in.ToFQDNsEnablePoller // INFO: in.ContainerRuntimeLabels opted out of conversion generation @@ -2053,6 +2054,7 @@ func autoConvert_kops_CiliumNetworkingSpec_To_v1alpha2_CiliumNetworkingSpec(in * out.PreallocateBPFMaps = in.PreallocateBPFMaps out.SidecarIstioProxyImage = in.SidecarIstioProxyImage out.ClusterName = in.ClusterName + out.ClusterID = in.ClusterID out.ToFQDNsDNSRejectResponseCode = in.ToFQDNsDNSRejectResponseCode out.ToFQDNsEnablePoller = in.ToFQDNsEnablePoller out.IPAM = in.IPAM diff --git a/pkg/apis/kops/v1alpha3/networking.go b/pkg/apis/kops/v1alpha3/networking.go index 2d4b5d5e05..519a6afa86 100644 --- a/pkg/apis/kops/v1alpha3/networking.go +++ b/pkg/apis/kops/v1alpha3/networking.go @@ -401,6 +401,9 @@ type CiliumNetworkingSpec struct { SidecarIstioProxyImage string `json:"sidecarIstioProxyImage,omitempty"` // ClusterName is the name of the cluster. It is only relevant when building a mesh of clusters. ClusterName string `json:"clusterName,omitempty"` + // ClusterID is the ID of the cluster. It is only relevant when building a mesh of clusters. + // Must be a number between 1 and 255. + ClusterID uint8 `json:"clusterID,omitempty"` // ToFQDNsDNSRejectResponseCode sets the DNS response code for rejecting DNS requests. // Possible values are "nameError" or "refused". // Default: refused diff --git a/pkg/apis/kops/v1alpha3/zz_generated.conversion.go b/pkg/apis/kops/v1alpha3/zz_generated.conversion.go index e2f0edc638..c3cf2aa49b 100644 --- a/pkg/apis/kops/v1alpha3/zz_generated.conversion.go +++ b/pkg/apis/kops/v1alpha3/zz_generated.conversion.go @@ -2124,6 +2124,7 @@ func autoConvert_v1alpha3_CiliumNetworkingSpec_To_kops_CiliumNetworkingSpec(in * out.PreallocateBPFMaps = in.PreallocateBPFMaps out.SidecarIstioProxyImage = in.SidecarIstioProxyImage out.ClusterName = in.ClusterName + out.ClusterID = in.ClusterID out.ToFQDNsDNSRejectResponseCode = in.ToFQDNsDNSRejectResponseCode out.ToFQDNsEnablePoller = in.ToFQDNsEnablePoller out.IPAM = in.IPAM @@ -2188,6 +2189,7 @@ func autoConvert_kops_CiliumNetworkingSpec_To_v1alpha3_CiliumNetworkingSpec(in * out.PreallocateBPFMaps = in.PreallocateBPFMaps out.SidecarIstioProxyImage = in.SidecarIstioProxyImage out.ClusterName = in.ClusterName + out.ClusterID = in.ClusterID out.ToFQDNsDNSRejectResponseCode = in.ToFQDNsDNSRejectResponseCode out.ToFQDNsEnablePoller = in.ToFQDNsEnablePoller out.IPAM = in.IPAM diff --git a/pkg/apis/kops/validation/validation_test.go b/pkg/apis/kops/validation/validation_test.go index c9f2e232a2..cf1dc28142 100644 --- a/pkg/apis/kops/validation/validation_test.go +++ b/pkg/apis/kops/validation/validation_test.go @@ -895,6 +895,11 @@ func Test_Validate_Cilium(t *testing.T) { }, }, }, + { + Cilium: kops.CiliumNetworkingSpec{ + ClusterID: 253, + }, + }, { Cilium: kops.CiliumNetworkingSpec{ Masquerade: fi.PtrTo(true), diff --git a/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_cluster-completed.spec_content index 695950d3d8..81daf221c9 100644 --- a/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_cluster-completed.spec_content @@ -206,6 +206,7 @@ spec: bpfNATGlobalMax: 524288 bpfNeighGlobalMax: 524288 bpfPolicyMapMax: 16384 + clusterID: 253 clusterName: default cpuRequest: 25m disableCNPStatusUpdates: true diff --git a/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content b/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content index d8014d3bb6..61eda3d4aa 100644 --- a/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-bootstrap_content @@ -162,7 +162,7 @@ spec: version: 9.99.0 - id: k8s-1.16 manifest: networking.cilium.io/k8s-1.16-v1.13.yaml - manifestHash: 94282761f698163d4f9aa873a28fc28992db00d8f335c9c9a27d2a91cb8802fd + manifestHash: d2ad53421a11b1a5fca6315c724813682a49d4c2e66b0213d1e6faf6efb1cb50 name: networking.cilium.io needsPKI: true needsRollingUpdate: all diff --git a/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-networking.cilium.io-k8s-1.16_content b/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-networking.cilium.io-k8s-1.16_content index 4465aeeb68..823ad8dd7a 100644 --- a/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-networking.cilium.io-k8s-1.16_content +++ b/tests/integration/update_cluster/privatecilium2/data/aws_s3_object_privatecilium.example.com-addons-networking.cilium.io-k8s-1.16_content @@ -51,6 +51,7 @@ data: bpf-neigh-global-max: "524288" bpf-policy-map-max: "16384" cgroup-root: /run/cilium/cgroupv2 + cluster-id: "253" cluster-name: default debug: "false" disable-cnp-status-updates: "true" diff --git a/tests/integration/update_cluster/privatecilium2/in-v1alpha2.yaml b/tests/integration/update_cluster/privatecilium2/in-v1alpha2.yaml index 71280f14cf..9cf91f3a0c 100644 --- a/tests/integration/update_cluster/privatecilium2/in-v1alpha2.yaml +++ b/tests/integration/update_cluster/privatecilium2/in-v1alpha2.yaml @@ -28,6 +28,7 @@ spec: networkCIDR: 172.20.0.0/16 networking: cilium: + clusterID: 253 hubble: enabled: true nonMasqueradeCIDR: 100.64.0.0/10 diff --git a/upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.16-v1.13.yaml.template b/upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.16-v1.13.yaml.template index 049d2490e7..93e966be68 100644 --- a/upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.16-v1.13.yaml.template +++ b/upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.16-v1.13.yaml.template @@ -193,6 +193,11 @@ data: # Name of the cluster. Only relevant when building a mesh of clusters. cluster-name: "{{ .ClusterName }}" + # ID of the cluster. Only relevant when building a mesh of clusters. + # Must be a number between 1 and 255. + {{ if .ClusterID }} + cluster-id: "{{ .ClusterID }}" + {{ end }} # DNS response code for rejecting DNS requests, # available options are "nameError" and "refused"