helm: use patched yawol with support for subnet choice

Constellation requires a CIDR that only Kubernetes nodes live in. This is needed for cilium encryption. To make yawol LBs work, they need to be placed in a different subnet with their own CIDR. This patched version supports that.
2025-02-03 11:00:09 -05:00 · 2024-02-14 16:43:50 +01:00 · 2024-02-14 16:43:50 +01:00 · d8185fdafb
commit d8185fdafb
parent 1e987f6a85
6 changed files with 33 additions and 12 deletions
--- a/internal/constellation/helm/charts/yawol/charts/yawol-controller/crds/yawol.stackit.cloud_loadbalancermachines.yaml
+++ b/internal/constellation/helm/charts/yawol/charts/yawol-controller/crds/yawol.stackit.cloud_loadbalancermachines.yaml
@ -100,6 +100,10 @@ spec:
                      networkID:
                        description: NetworkID defines an openstack ID for the network.
                        type: string
+                      subnetworkID:
+                        description: SubnetworkID defines an openstack ID for the
+                          subnetwork.
+                        type: string
                    required:
                    - networkID
                    type: object
--- a/internal/constellation/helm/charts/yawol/charts/yawol-controller/crds/yawol.stackit.cloud_loadbalancers.yaml
+++ b/internal/constellation/helm/charts/yawol/charts/yawol-controller/crds/yawol.stackit.cloud_loadbalancers.yaml
@ -131,6 +131,10 @@ spec:
                      networkID:
                        description: NetworkID defines an openstack ID for the network.
                        type: string
+                      subnetworkID:
+                        description: SubnetworkID defines an openstack ID for the
+                          subnetwork.
+                        type: string
                    required:
                    - networkID
                    type: object
--- a/internal/constellation/helm/charts/yawol/charts/yawol-controller/crds/yawol.stackit.cloud_loadbalancersets.yaml
+++ b/internal/constellation/helm/charts/yawol/charts/yawol-controller/crds/yawol.stackit.cloud_loadbalancersets.yaml
@ -165,6 +165,10 @@ spec:
                                description: NetworkID defines an openstack ID for
                                  the network.
                                type: string
+                              subnetworkID:
+                                description: SubnetworkID defines an openstack ID
+                                  for the subnetwork.
+                                type: string
                            required:
                            - networkID
                            type: object
--- a/internal/constellation/helm/charts/yawol/charts/yawol-controller/templates/yawol-cloud-controller.yaml
+++ b/internal/constellation/helm/charts/yawol/charts/yawol-controller/templates/yawol-cloud-controller.yaml
@ -61,6 +61,10 @@ spec:
        - name: NETWORK_ID
          value: {{ .Values.yawolNetworkID }}
        {{- end }}
+        {{- if .Values.yawolSubnetworkID }}
+        - name: SUBNETWORK_ID
+          value: {{ .Values.yawolSubnetworkID }}
+        {{- end }}
        {{- if .Values.yawolFlavorID }}
        - name: FLAVOR_ID
          value: {{ .Values.yawolFlavorID }}
--- a/internal/constellation/helm/charts/yawol/charts/yawol-controller/values.yaml
+++ b/internal/constellation/helm/charts/yawol/charts/yawol-controller/values.yaml
@ -20,9 +20,8 @@ yawolCloudController:
    annotations: {}
    labels: {}
  image:
-    repository: ghcr.io/stackitcloud/yawol/yawol-cloud-controller
-    # -- Allows you to override the yawol version in this chart. Use at your own risk.
-    tag: ""
+    repository: ghcr.io/malt3/yawol/yawol-cloud-controller
+    tag: "yawol-controller-0.20.0-4-g6212876@sha256:ad83538fadc5d367700f75fc71c67697338307fdd81214dfc99b4cf425b8cb30"

 yawolController:
  gardenerMonitoringEnabled: false
@ -32,9 +31,8 @@ yawolController:
    annotations: {}
    labels: {}
  image:
-    repository: ghcr.io/stackitcloud/yawol/yawol-controller
-    # -- Allows you to override the yawol version in this chart. Use at your own risk.
-    tag: ""
+    repository: ghcr.io/malt3/yawol/yawol-controller
+    tag: "yawol-controller-0.20.0-4-g6212876@sha256:290250a851de2cf4cb6eab2d40b36724c8321b7c3c36da80fd3e2333ed6808d0"

 resources:
  yawolCloudController:
@ -86,6 +84,12 @@ yawolFloatingID:
 # Placed in LoadBalancer.spec.infrastructure.networkID
 yawolNetworkID:

+# OpenStack subnetwork ID in which the Load Balancer is placed.
+# If not set, the subnetwork is chosen automatically.
+#
+# Placed in LoadBalancer.spec.infrastructure.subnetworkID
+yawolSubnetworkID:
+
 # default value for flavor that yawol Load Balancer instances should use
 # can be overridden by annotation
 #
--- a/internal/constellation/helm/overrides.go
+++ b/internal/constellation/helm/overrides.go
@ -165,12 +165,13 @@ func extraYawolValues(serviceAccURI string, output state.Infrastructure, openSta
 		extraVals["yawol-controller"] = map[string]any{
 			"yawolOSSecretName": "yawolkey",
 			// has to be larger than ~30s to account for slow OpenStack API calls.
-			"openstackTimeout": "1m",
-			"yawolFloatingID":  openStackCfg.FloatingIPPoolID,
-			"yawolFlavorID":    openStackCfg.YawolFlavorID,
-			"yawolImageID":     openStackCfg.YawolImageID,
-			"yawolNetworkID":   output.OpenStack.NetworkID,
-			"yawolAPIHost":     fmt.Sprintf("https://%s:%d", output.InClusterEndpoint, constants.KubernetesPort),
+			"openstackTimeout":  "1m",
+			"yawolFloatingID":   openStackCfg.FloatingIPPoolID,
+			"yawolFlavorID":     openStackCfg.YawolFlavorID,
+			"yawolImageID":      openStackCfg.YawolImageID,
+			"yawolNetworkID":    output.OpenStack.NetworkID,
+			"yawolSubnetworkID": output.OpenStack.SubnetID,
+			"yawolAPIHost":      fmt.Sprintf("https://%s:%d", output.InClusterEndpoint, constants.KubernetesPort),
 		}
 	}