From d8185fdafbeb53bd898404af7f58d2fe577430a4 Mon Sep 17 00:00:00 2001
From: Malte Poll <1780588+malt3@users.noreply.github.com>
Date: Wed, 14 Feb 2024 16:43:50 +0100
Subject: [PATCH] helm: use patched yawol with support for subnet choice

Constellation requires a CIDR that only Kubernetes nodes live in.
This is needed for cilium encryption.
To make yawol LBs work, they need to be placed in a different subnet
with their own CIDR.
This patched version supports that.
---
 ...yawol.stackit.cloud_loadbalancermachines.yaml |  4 ++++
 .../crds/yawol.stackit.cloud_loadbalancers.yaml  |  4 ++++
 .../yawol.stackit.cloud_loadbalancersets.yaml    |  4 ++++
 .../templates/yawol-cloud-controller.yaml        |  4 ++++
 .../yawol/charts/yawol-controller/values.yaml    | 16 ++++++++++------
 internal/constellation/helm/overrides.go         | 13 +++++++------
 6 files changed, 33 insertions(+), 12 deletions(-)

diff --git a/internal/constellation/helm/charts/yawol/charts/yawol-controller/crds/yawol.stackit.cloud_loadbalancermachines.yaml b/internal/constellation/helm/charts/yawol/charts/yawol-controller/crds/yawol.stackit.cloud_loadbalancermachines.yaml
index f221a033b..33e8052cd 100644
--- a/internal/constellation/helm/charts/yawol/charts/yawol-controller/crds/yawol.stackit.cloud_loadbalancermachines.yaml
+++ b/internal/constellation/helm/charts/yawol/charts/yawol-controller/crds/yawol.stackit.cloud_loadbalancermachines.yaml
@@ -100,6 +100,10 @@ spec:
                       networkID:
                         description: NetworkID defines an openstack ID for the network.
                         type: string
+                      subnetworkID:
+                        description: SubnetworkID defines an openstack ID for the
+                          subnetwork.
+                        type: string
                     required:
                     - networkID
                     type: object
diff --git a/internal/constellation/helm/charts/yawol/charts/yawol-controller/crds/yawol.stackit.cloud_loadbalancers.yaml b/internal/constellation/helm/charts/yawol/charts/yawol-controller/crds/yawol.stackit.cloud_loadbalancers.yaml
index 711092796..1d18db009 100644
--- a/internal/constellation/helm/charts/yawol/charts/yawol-controller/crds/yawol.stackit.cloud_loadbalancers.yaml
+++ b/internal/constellation/helm/charts/yawol/charts/yawol-controller/crds/yawol.stackit.cloud_loadbalancers.yaml
@@ -131,6 +131,10 @@ spec:
                       networkID:
                         description: NetworkID defines an openstack ID for the network.
                         type: string
+                      subnetworkID:
+                        description: SubnetworkID defines an openstack ID for the
+                          subnetwork.
+                        type: string
                     required:
                     - networkID
                     type: object
diff --git a/internal/constellation/helm/charts/yawol/charts/yawol-controller/crds/yawol.stackit.cloud_loadbalancersets.yaml b/internal/constellation/helm/charts/yawol/charts/yawol-controller/crds/yawol.stackit.cloud_loadbalancersets.yaml
index 73121874b..9d8bea50d 100644
--- a/internal/constellation/helm/charts/yawol/charts/yawol-controller/crds/yawol.stackit.cloud_loadbalancersets.yaml
+++ b/internal/constellation/helm/charts/yawol/charts/yawol-controller/crds/yawol.stackit.cloud_loadbalancersets.yaml
@@ -165,6 +165,10 @@ spec:
                                 description: NetworkID defines an openstack ID for
                                   the network.
                                 type: string
+                              subnetworkID:
+                                description: SubnetworkID defines an openstack ID
+                                  for the subnetwork.
+                                type: string
                             required:
                             - networkID
                             type: object
diff --git a/internal/constellation/helm/charts/yawol/charts/yawol-controller/templates/yawol-cloud-controller.yaml b/internal/constellation/helm/charts/yawol/charts/yawol-controller/templates/yawol-cloud-controller.yaml
index 303a77ac8..496349bd5 100644
--- a/internal/constellation/helm/charts/yawol/charts/yawol-controller/templates/yawol-cloud-controller.yaml
+++ b/internal/constellation/helm/charts/yawol/charts/yawol-controller/templates/yawol-cloud-controller.yaml
@@ -61,6 +61,10 @@ spec:
         - name: NETWORK_ID
           value: {{ .Values.yawolNetworkID }}
         {{- end }}
+        {{- if .Values.yawolSubnetworkID }}
+        - name: SUBNETWORK_ID
+          value: {{ .Values.yawolSubnetworkID }}
+        {{- end }}
         {{- if .Values.yawolFlavorID }}
         - name: FLAVOR_ID
           value: {{ .Values.yawolFlavorID }}
diff --git a/internal/constellation/helm/charts/yawol/charts/yawol-controller/values.yaml b/internal/constellation/helm/charts/yawol/charts/yawol-controller/values.yaml
index 02bbb32c2..031966967 100644
--- a/internal/constellation/helm/charts/yawol/charts/yawol-controller/values.yaml
+++ b/internal/constellation/helm/charts/yawol/charts/yawol-controller/values.yaml
@@ -20,9 +20,8 @@ yawolCloudController:
     annotations: {}
     labels: {}
   image:
-    repository: ghcr.io/stackitcloud/yawol/yawol-cloud-controller
-    # -- Allows you to override the yawol version in this chart. Use at your own risk.
-    tag: ""
+    repository: ghcr.io/malt3/yawol/yawol-cloud-controller
+    tag: "yawol-controller-0.20.0-4-g6212876@sha256:ad83538fadc5d367700f75fc71c67697338307fdd81214dfc99b4cf425b8cb30"
 
 yawolController:
   gardenerMonitoringEnabled: false
@@ -32,9 +31,8 @@ yawolController:
     annotations: {}
     labels: {}
   image:
-    repository: ghcr.io/stackitcloud/yawol/yawol-controller
-    # -- Allows you to override the yawol version in this chart. Use at your own risk.
-    tag: ""
+    repository: ghcr.io/malt3/yawol/yawol-controller
+    tag: "yawol-controller-0.20.0-4-g6212876@sha256:290250a851de2cf4cb6eab2d40b36724c8321b7c3c36da80fd3e2333ed6808d0"
 
 resources:
   yawolCloudController:
@@ -86,6 +84,12 @@ yawolFloatingID:
 # Placed in LoadBalancer.spec.infrastructure.networkID
 yawolNetworkID:
 
+# OpenStack subnetwork ID in which the Load Balancer is placed.
+# If not set, the subnetwork is chosen automatically.
+#
+# Placed in LoadBalancer.spec.infrastructure.subnetworkID
+yawolSubnetworkID:
+
 # default value for flavor that yawol Load Balancer instances should use
 # can be overridden by annotation
 #
diff --git a/internal/constellation/helm/overrides.go b/internal/constellation/helm/overrides.go
index f4b0f5bea..6e158dc8a 100644
--- a/internal/constellation/helm/overrides.go
+++ b/internal/constellation/helm/overrides.go
@@ -165,12 +165,13 @@ func extraYawolValues(serviceAccURI string, output state.Infrastructure, openSta
 		extraVals["yawol-controller"] = map[string]any{
 			"yawolOSSecretName": "yawolkey",
 			// has to be larger than ~30s to account for slow OpenStack API calls.
-			"openstackTimeout": "1m",
-			"yawolFloatingID":  openStackCfg.FloatingIPPoolID,
-			"yawolFlavorID":    openStackCfg.YawolFlavorID,
-			"yawolImageID":     openStackCfg.YawolImageID,
-			"yawolNetworkID":   output.OpenStack.NetworkID,
-			"yawolAPIHost":     fmt.Sprintf("https://%s:%d", output.InClusterEndpoint, constants.KubernetesPort),
+			"openstackTimeout":  "1m",
+			"yawolFloatingID":   openStackCfg.FloatingIPPoolID,
+			"yawolFlavorID":     openStackCfg.YawolFlavorID,
+			"yawolImageID":      openStackCfg.YawolImageID,
+			"yawolNetworkID":    output.OpenStack.NetworkID,
+			"yawolSubnetworkID": output.OpenStack.SubnetID,
+			"yawolAPIHost":      fmt.Sprintf("https://%s:%d", output.InClusterEndpoint, constants.KubernetesPort),
 		}
 	}