Add out of range ip count to pool status

Co-authored-by: Aidan Obley <[email protected]>

Author: 2 people

api/v1alpha1/inclusterippool_types.go

@@ -59,6 +59,11 @@ type InClusterIPPoolStatusIPAddresses struct {
 	// Used is the count of allocated IPs in the pool.
 	// Counts greater than int can contain will report as math.MaxInt.
 	Used int `json:"used"`
+
+	// Out of Range is the count of allocated IPs in the pool that is not
+	// contained within spec.Addresses.
+	// Counts greater than int can contain will report as math.MaxInt.
+	OutOfRange int `json:"outOfRange"`
 }
 
 // +kubebuilder:object:root=true

config/crd/bases/ipam.cluster.x-k8s.io_globalinclusterippools.yaml

@@ -103,6 +103,11 @@ spec:
                     description: Free is the count of unallocated IPs in the pool.
                       Counts greater than int can contain will report as math.MaxInt.
                     type: integer
+                  outOfRange:
+                    description: Out of Range is the count of allocated IPs in the
+                      pool that is not contained within spec.Addresses. Counts greater
+                      than int can contain will report as math.MaxInt.
+                    type: integer
                   total:
                     description: Total is the total number of IPs configured for the
                       pool. Counts greater than int can contain will report as math.MaxInt.
@@ -113,6 +118,7 @@ spec:
                     type: integer
                 required:
                 - free
+                - outOfRange
                 - total
                 - used
                 type: object

config/crd/bases/ipam.cluster.x-k8s.io_inclusterippools.yaml

@@ -105,6 +105,11 @@ spec:
                     description: Free is the count of unallocated IPs in the pool.
                       Counts greater than int can contain will report as math.MaxInt.
                     type: integer
+                  outOfRange:
+                    description: Out of Range is the count of allocated IPs in the
+                      pool that is not contained within spec.Addresses. Counts greater
+                      than int can contain will report as math.MaxInt.
+                    type: integer
                   total:
                     description: Total is the total number of IPs configured for the
                       pool. Counts greater than int can contain will report as math.MaxInt.
@@ -115,6 +120,7 @@ spec:
                     type: integer
                 required:
                 - free
+                - outOfRange
                 - total
                 - used
                 type: object

internal/controllers/inclusterippool.go

@@ -183,11 +183,16 @@ func genericReconcile(ctx context.Context, c client.Client, pool pooltypes.Gener
 
 	inUseCount := len(addressesInUse)
 	free := poolCount - inUseCount
+	outOfRangeIPSet, err := poolutil.AddressesOutOfRangeIPSet(addressesInUse, poolIPSet)
+	if err != nil {
+		return ctrl.Result{}, errors.Wrap(err, "failed to build out of range ip set")
+	}
 
 	pool.PoolStatus().Addresses = &v1alpha1.InClusterIPPoolStatusIPAddresses{
-		Total: poolCount,
-		Used:  inUseCount,
-		Free:  free,
+		Total:      poolCount,
+		Used:       inUseCount,
+		Free:       free,
+		OutOfRange: poolutil.IPSetCount(outOfRangeIPSet),
 	}
 
 	log.Info("Updating pool with usage info", "statusAddresses", pool.PoolStatus().Addresses)

internal/controllers/inclusterippool_test.go

@@ -119,5 +119,66 @@ var _ = Describe("IP Pool Reconciler", func() {
 			Entry("When there is 1 claim with gateway outside of range - GlobalInClusterIPPool",
 				"GlobalInClusterIPPool", []string{"10.0.0.10-10.0.0.20"}, "10.0.0.1", 11, 1, 10),
 		)
+
+		DescribeTable("it shows the out of range ips if any",
+			func(poolType string, addresses []string, gateway string, updatedAddresses []string, numClaims, expectedOutOfRange int) {
+				poolSpec := v1alpha1.InClusterIPPoolSpec{
+					Prefix:    24,
+					Gateway:   gateway,
+					Addresses: addresses,
+				}
+
+				switch poolType {
+				case "InClusterIPPool":
+					genericPool = &v1alpha1.InClusterIPPool{
+						ObjectMeta: metav1.ObjectMeta{GenerateName: testPool, Namespace: namespace},
+						Spec:       poolSpec,
+					}
+				case "GlobalInClusterIPPool":
+					genericPool = &v1alpha1.GlobalInClusterIPPool{
+						ObjectMeta: metav1.ObjectMeta{GenerateName: testPool, Namespace: namespace},
+						Spec:       poolSpec,
+					}
+				default:
+					Fail("Unknown pool type")
+				}
+
+				Expect(k8sClient.Create(context.Background(), genericPool)).To(Succeed())
+
+				for i := 0; i < numClaims; i++ {
+					claim := clusterv1.IPAddressClaim{
+						ObjectMeta: metav1.ObjectMeta{
+							Name:      fmt.Sprintf("test%d", i),
+							Namespace: namespace,
+						},
+						Spec: clusterv1.IPAddressClaimSpec{
+							PoolRef: corev1.TypedLocalObjectReference{
+								APIGroup: pointer.String("ipam.cluster.x-k8s.io"),
+								Kind:     poolType,
+								Name:     genericPool.GetName(),
+							},
+						},
+					}
+					Expect(k8sClient.Create(context.Background(), &claim)).To(Succeed())
+					createdClaimNames = append(createdClaimNames, claim.Name)
+				}
+
+				Eventually(Object(genericPool)).
+					WithTimeout(5 * time.Second).WithPolling(100 * time.Millisecond).Should(
+					HaveField("Status.Addresses.Used", Equal(numClaims)))
+
+				genericPool.PoolSpec().Addresses = updatedAddresses
+				Expect(k8sClient.Update(context.Background(), genericPool)).To(Succeed())
+
+				Eventually(Object(genericPool)).
+					WithTimeout(5 * time.Second).WithPolling(100 * time.Millisecond).Should(
+					HaveField("Status.Addresses.OutOfRange", Equal(expectedOutOfRange)))
+			},
+
+			Entry("InClusterIPPool",
+				"InClusterIPPool", []string{"10.0.0.10-10.0.0.20"}, "10.0.0.1", []string{"10.0.0.13-10.0.0.20"}, 5, 3),
+			Entry("GlobalInClusterIPPool",
+				"GlobalInClusterIPPool", []string{"10.0.0.10-10.0.0.20"}, "10.0.0.1", []string{"10.0.0.13-10.0.0.20"}, 5, 3),
+		)
 	})
 })

internal/index/index.go

@@ -23,7 +23,7 @@ const (
 func SetupIndexes(ctx context.Context, mgr manager.Manager) error {
 	err := mgr.GetCache().IndexField(ctx, &ipamv1.IPAddress{},
 		IPAddressPoolRefCombinedField,
-		ipAddressByCombinedPoolRef,
+		IPAddressByCombinedPoolRef,
 	)
 	if err != nil {
 		return err
@@ -35,7 +35,8 @@ func SetupIndexes(ctx context.Context, mgr manager.Manager) error {
 	)
 }
 
-func ipAddressByCombinedPoolRef(o client.Object) []string {
+// IPAddressByCombinedPoolRef fulfills the IndexerFunc for IPAddress poolRefs
+func IPAddressByCombinedPoolRef(o client.Object) []string {
 	ip, ok := o.(*ipamv1.IPAddress)
 	if !ok {
 		panic(fmt.Sprintf("Expected an IPAddress but got a %T", o))

internal/poolutil/pool.go

@@ -19,6 +19,22 @@ import (
 	"github.com/telekom/cluster-api-ipam-provider-in-cluster/internal/index"
 )
 
+// AddressesOutOfRangeIPSet returns an IPSet of the inUseAddresses IPs that are
+// not in the poolIPSet.
+func AddressesOutOfRangeIPSet(inUseAddresses []ipamv1.IPAddress, poolIPSet *netipx.IPSet) (*netipx.IPSet, error) {
+	outOfRangeBuilder := &netipx.IPSetBuilder{}
+	for _, address := range inUseAddresses {
+		ip, err := netip.ParseAddr(address.Spec.Address)
+		if err != nil {
+			// if an address we fetch for the pool is unparsable then it isn't in the pool ranges
+			continue
+		}
+		outOfRangeBuilder.Add(ip)
+	}
+	outOfRangeBuilder.RemoveSet(poolIPSet)
+	return outOfRangeBuilder.IPSet()
+}
+
 // ListAddressesInUse fetches all IPAddresses belonging to the specified pool.
 // Note: requires `index.ipAddressByCombinedPoolRef` to be set up.
 func ListAddressesInUse(ctx context.Context, c client.Reader, namespace string, poolRef corev1.TypedLocalObjectReference) ([]ipamv1.IPAddress, error) {

internal/webhooks/inclusterippool.go

@@ -5,13 +5,12 @@ import (
 	"fmt"
 	"net/netip"
 
-	corev1 "k8s.io/api/core/v1"
-	"k8s.io/utils/pointer"
-
 	"go4.org/netipx"
+	corev1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/util/validation/field"
+	"k8s.io/utils/pointer"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
@@ -155,7 +154,7 @@ func (webhook *InClusterIPPool) ValidateUpdate(ctx context.Context, oldObj, newO
 	inUseBuilder.RemoveSet(newPoolIPSet)
 	outOfRangeIPSet, err := inUseBuilder.IPSet()
 	if err != nil {
-		panic("oh no")
+		return apierrors.NewInternalError(err)
 	}
 
 	if outOfRange := outOfRangeIPSet.Ranges(); len(outOfRange) > 0 {

internal/webhooks/inclusterippool_test.go

@@ -14,6 +14,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client/fake"
 
 	"github.com/telekom/cluster-api-ipam-provider-in-cluster/api/v1alpha1"
+	"github.com/telekom/cluster-api-ipam-provider-in-cluster/internal/index"
 	"github.com/telekom/cluster-api-ipam-provider-in-cluster/pkg/types"
 )
 
@@ -224,7 +225,10 @@ func TestInClusterIPPoolDefaulting(t *testing.T) {
 		scheme := runtime.NewScheme()
 		g.Expect(ipamv1.AddToScheme(scheme)).To(Succeed())
 		webhook := InClusterIPPool{
-			Client: fake.NewClientBuilder().WithScheme(scheme).Build(),
+			Client: fake.NewClientBuilder().
+				WithScheme(scheme).
+				WithIndex(&ipamv1.IPAddress{}, index.IPAddressPoolRefCombinedField, index.IPAddressByCombinedPoolRef).
+				Build(),
 		}
 
 		t.Run(tt.name, customDefaultValidateTest(ctx, namespacedPool.DeepCopyObject(), &webhook))