Add custom VPC support in GCP

Signed-off-by: Aswin Suryanarayanan <[email protected]>
submariner-io · Dec 6, 2024 · baffb51 · baffb51
1 parent 907b4d3
commit baffb51
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 14 deletions.
diff --git a/pkg/gcp/cloud_info.go b/pkg/gcp/cloud_info.go
@@ -25,11 +25,24 @@ import (
 	"google.golang.org/api/compute/v1"
 )
 
+type CloudOption func(*CloudInfo)
+
+const (
+	VPCName = "VPCName"
+)
+
 type CloudInfo struct {
-	InfraID   string
-	Region    string
-	ProjectID string
-	Client    gcpclient.Interface
+	InfraID     string
+	Region      string
+	ProjectID   string
+	cloudConfig map[string]interface{}
+	Client      gcpclient.Interface
+}
+
+func WithVPCName(name string) CloudOption {
+	return func(cloud *CloudInfo) {
+		cloud.cloudConfig[VPCName] = name
+	}
 }
 
 // Open expected ports by creating related firewall rule.

diff --git a/pkg/gcp/firewall_rules.go b/pkg/gcp/firewall_rules.go
@@ -33,24 +33,24 @@ const (
 	submarinerGatewayNodeTag = "submariner-io-gateway-node"
 )
 
-func newExternalFirewallRules(projectID, infraID string, ports []api.PortSpec) *compute.Firewall {
+func newExternalFirewallRules(projectID, infraID string, network string, ports []api.PortSpec) *compute.Firewall {
 	ingressName := generateRuleName(infraID, publicPortsRuleName)
 
 	// We want the external firewall rules to be applied only to Gateway nodes. So, we use the TargetTags
 	// field and include submarinerGatewayNodeTag for selection of Gateway nodes. All the Submariner Gateway
 	// instances will be tagged with submarinerGatewayNodeTag.
-	ingressRule := newFirewallRule(projectID, infraID, ingressName, ingressDirection, ports)
+	ingressRule := newFirewallRule(projectID, ingressName, ingressDirection, network, ports)
 	ingressRule.TargetTags = []string{
 		submarinerGatewayNodeTag,
 	}
 
 	return ingressRule
 }
 
-func newInternalFirewallRule(projectID, infraID string, ports []api.PortSpec) *compute.Firewall {
+func newInternalFirewallRule(projectID, infraID string, network string, ports []api.PortSpec) *compute.Firewall {
 	ingressName := generateRuleName(infraID, internalPortsRuleName)
 
-	rule := newFirewallRule(projectID, infraID, ingressName, ingressDirection, ports)
+	rule := newFirewallRule(projectID, ingressName, ingressDirection, network, ports)
 	rule.TargetTags = []string{
 		infraID + "-worker",
 		infraID + "-master",
@@ -63,7 +63,7 @@ func newInternalFirewallRule(projectID, infraID string, ports []api.PortSpec) *c
 	return rule
 }
 
-func newFirewallRule(projectID, infraID, name, direction string, ports []api.PortSpec) *compute.Firewall {
+func newFirewallRule(projectID, name, direction, network string, ports []api.PortSpec) *compute.Firewall {
 	allowedPorts := []*compute.FirewallAllowed{}
 
 	for _, port := range ports {
@@ -78,8 +78,9 @@ func newFirewallRule(projectID, infraID, name, direction string, ports []api.Por
 	}
 
 	return &compute.Firewall{
-		Name:      name,
-		Network:   fmt.Sprintf("projects/%s/global/networks/%s-network", projectID, infraID),
+		Name: name,
+		//Network:   fmt.Sprintf("projects/%s/global/networks/%s-network", projectID, infraID),
+		Network:   fmt.Sprintf("projects/%s/global/networks/%s-network", projectID, network),
 		Direction: direction,
 		Allowed:   allowedPorts,
 	}

diff --git a/pkg/gcp/gcp.go b/pkg/gcp/gcp.go
@@ -31,7 +31,14 @@ type gcpCloud struct {
 }
 
 // NewCloud creates a new api.Cloud instance which can prepare GCP for Submariner to be deployed on it.
-func NewCloud(info CloudInfo) api.Cloud {
+func NewCloud(info CloudInfo, opts ...CloudOption) api.Cloud {
+	info.cloudConfig = make(map[string]interface{})
+	for _, opt := range opts {
+		opt(&info)
+	}
+	if _, ok := info.cloudConfig[VPCName]; !ok {
+		info.cloudConfig[VPCName] = info.InfraID + "-network"
+	}
 	return &gcpCloud{CloudInfo: info}
 }
 
@@ -40,7 +47,9 @@ func (gc *gcpCloud) OpenPorts(ports []api.PortSpec, status reporter.Interface) e
 	status.Start("Opening internal ports %q for intra-cluster communications on GCP", formatPorts(ports))
 	defer status.End()
 
-	internalIngress := newInternalFirewallRule(gc.ProjectID, gc.InfraID, ports)
+	vpcName, _ := gc.cloudConfig[VPCName]
+
+	internalIngress := newInternalFirewallRule(gc.ProjectID, gc.InfraID, vpcName.(string), ports)
 	if err := gc.openPorts(internalIngress); err != nil {
 		return status.Error(err, "unable to open ports")
 	}

diff --git a/pkg/gcp/ocpgwdeployer.go b/pkg/gcp/ocpgwdeployer.go
@@ -60,7 +60,9 @@ func (d *ocpGatewayDeployer) Deploy(input api.GatewayDeployInput, status reporte
 	status.Start("Configuring the required firewall rules for inter-cluster traffic")
 	defer status.End()
 
-	externalIngress := newExternalFirewallRules(d.ProjectID, d.InfraID, input.PublicPorts)
+	vpcName, _ := d.cloudConfig[VPCName]
+
+	externalIngress := newExternalFirewallRules(d.ProjectID, d.InfraID, vpcName.(string), input.PublicPorts)
 	if err := d.openPorts(externalIngress); err != nil {
 		return status.Error(err, "error creating firewall rule %q", externalIngress.Name)
 	}