package k8objectsutils import ( "fmt" containerApi "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/clients/generated/apis/container/v1beta1" kcck8s "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/clients/generated/apis/k8s/v1alpha1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" k8sTypes "k8s.io/apimachinery/pkg/types" "edge-infra.dev/pkg/edge/api/graph/mapper" gkeClusterApi "edge-infra.dev/pkg/edge/apis/gkecluster/v1alpha1" edgeconstants "edge-infra.dev/pkg/edge/constants" "edge-infra.dev/pkg/k8s/konfigkonnector/apis/meta" "edge-infra.dev/pkg/lib/featureflag" gcpsecurity "edge-infra.dev/pkg/lib/ncr/gcp/security" ) const defaultNodePoolAnno = "cnrm.cloud.google.com/remove-default-node-pool" func BuildContainerCluster(cluster *gkeClusterApi.GKECluster, key k8sTypes.NamespacedName) *containerApi.ContainerCluster { workloadPool := fmt.Sprintf("%s.svc.id.goog", cluster.Spec.ProjectID) releaseChannel := &containerApi.ClusterReleaseChannel{Channel: "STABLE"} var manConfig *containerApi.ClusterMasterAuthorizedNetworksConfig manEnabled, err := featureflag.FeatureEnabled(featureflag.UseMasterAuthorizedNetworks, false) if err != nil { manEnabled = false } if manEnabled { cidrs := []containerApi.ClusterCidrBlocks{} for _, v := range gcpsecurity.ZscalerIPs() { blk := containerApi.ClusterCidrBlocks{ CidrBlock: v, } cidrs = append(cidrs, blk) } manConfig = &containerApi.ClusterMasterAuthorizedNetworksConfig{ CidrBlocks: cidrs, } } return &containerApi.ContainerCluster{ TypeMeta: metav1.TypeMeta{ Kind: containerApi.ContainerClusterGVK.Kind, APIVersion: containerApi.SchemeGroupVersion.String(), }, ObjectMeta: metav1.ObjectMeta{ Name: mapper.ConvertK8sName(key.Name), Namespace: key.Namespace, Annotations: map[string]string{ defaultNodePoolAnno: "true", meta.ProjectAnnotation: mapper.ConvertK8sName(cluster.Spec.ProjectID), edgeconstants.Tenant: mapper.ConvertK8sName(cluster.Spec.ProjectID), edgeconstants.Fleet: string(cluster.Spec.Fleet), edgeconstants.Banner: cluster.Spec.Banner, edgeconstants.Organization: cluster.Spec.Organization, meta.DeletionPolicyAnnotation: meta.DeletionPolicyAbandon, }, //add labels on kcc resource that will be added to gke resource Labels: map[string]string{ edgeconstants.GKEFleet: string(cluster.Spec.Fleet), edgeconstants.GKEBanner: cluster.Spec.Banner, edgeconstants.GKEOrganization: cluster.Spec.Organization, edgeconstants.GKECluster: cluster.Spec.Name, edgeconstants.GKEClusterUUID: cluster.ObjectMeta.Name, }, }, Spec: containerApi.ContainerClusterSpec{ InitialNodeCount: &cluster.Spec.NumNode, WorkloadIdentityConfig: &containerApi.ClusterWorkloadIdentityConfig{ WorkloadPool: &workloadPool, }, Location: cluster.Spec.Location, LoggingConfig: &containerApi.ClusterLoggingConfig{ EnableComponents: []string{"SYSTEM_COMPONENTS"}, }, MasterAuth: &containerApi.ClusterMasterAuth{ ClientCertificateConfig: &containerApi.ClusterClientCertificateConfig{ IssueClientCertificate: true, }, }, MasterAuthorizedNetworksConfig: manConfig, ReleaseChannel: releaseChannel, }, } } func BuildContainerNodePool(projectID, banner, bslOrg, namespace, name, location, machineType string, nodeCount, minNodes, maxNodes int, fleet string, autoscale bool) *containerApi.ContainerNodePool { auto := true private := true podPidsLimit := 0 autoscaling := &containerApi.NodepoolAutoscaling{ MaxNodeCount: &maxNodes, MinNodeCount: &minNodes, } if !autoscale { autoscaling = nil } return &containerApi.ContainerNodePool{ TypeMeta: metav1.TypeMeta{ Kind: containerApi.ContainerNodePoolGVK.Kind, APIVersion: containerApi.SchemeGroupVersion.String(), }, ObjectMeta: metav1.ObjectMeta{ Name: mapper.ConvertK8sName(name), Namespace: namespace, Annotations: map[string]string{ edgeconstants.Tenant: mapper.ConvertK8sName(projectID), edgeconstants.Fleet: fleet, edgeconstants.Banner: banner, edgeconstants.Organization: bslOrg, meta.ProjectAnnotation: mapper.ConvertK8sName(projectID), meta.DeletionPolicyAnnotation: meta.DeletionPolicyAbandon, }, }, Spec: containerApi.ContainerNodePoolSpec{ InitialNodeCount: &nodeCount, NodeConfig: &containerApi.NodepoolNodeConfig{ MachineType: &machineType, Metadata: map[string]string{ "disable-legacy-endpoints": "true", }, OauthScopes: []string{ "https://www.googleapis.com/auth/monitoring", "https://www.googleapis.com/auth/devstorage.read_only", "https://www.googleapis.com/auth/cloud-platform", }, KubeletConfig: &containerApi.NodepoolKubeletConfig{ CpuManagerPolicy: "", PodPidsLimit: &podPidsLimit, }, }, ClusterRef: kcck8s.ResourceRef{ Name: mapper.ConvertK8sName(name), Namespace: namespace, }, Location: location, Management: &containerApi.NodepoolManagement{ AutoRepair: &auto, AutoUpgrade: &auto, }, Autoscaling: autoscaling, NetworkConfig: &containerApi.NodepoolNetworkConfig{ EnablePrivateNodes: &private, //private to make node vms private }, }, } } func WithNetworkConfig(cluster *containerApi.ContainerCluster, network, subnetwork, netmask string) *containerApi.ContainerCluster { cc := cluster.DeepCopy() cc.Spec.NetworkRef = &kcck8s.ResourceRef{ External: network, } cc.Spec.SubnetworkRef = &kcck8s.ResourceRef{ External: subnetwork, } cc.Spec.IpAllocationPolicy = &containerApi.ClusterIpAllocationPolicy{ ClusterIpv4CidrBlock: &netmask, ServicesIpv4CidrBlock: &netmask, } return cc }