disable network overlay for cilium by default and extend tests

go.mod

@@ -11,6 +11,7 @@ require (
 	github.com/gardener/etcd-druid v0.12.3
 	github.com/gardener/gardener v1.59.0
 	github.com/gardener/gardener-extension-networking-calico v1.27.1
+	github.com/gardener/gardener-extension-networking-cilium v1.18.0
 	github.com/gardener/machine-controller-manager v0.45.0
 	github.com/go-logr/logr v1.2.3
 	github.com/golang/mock v1.6.0
@@ -48,7 +49,6 @@ require (
 	github.com/cyphar/filepath-securejoin v0.2.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dsnet/compress v0.0.1 // indirect
-	github.com/elazarl/goproxy v0.0.0-20191011121108-aa519ddbe484 // indirect
 	github.com/emicklei/go-restful/v3 v3.8.0 // indirect
 	github.com/evanphx/json-patch v4.12.0+incompatible // indirect
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
@@ -81,7 +81,6 @@ require (
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/kr/pretty v0.3.0 // indirect
 	github.com/kubernetes-csi/external-snapshotter/v2 v2.1.4 // indirect
 	github.com/magiconair/properties v1.8.6 // indirect
 	github.com/mailru/easyjson v0.7.6 // indirect
@@ -106,6 +105,7 @@ require (
 	github.com/prometheus/client_model v0.2.0 // indirect
 	github.com/prometheus/common v0.32.1 // indirect
 	github.com/prometheus/procfs v0.7.3 // indirect
+	github.com/rogpeppe/go-internal v1.6.1 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/spf13/afero v1.8.2 // indirect
 	github.com/spf13/cast v1.4.1 // indirect

go.sum

@@ -140,8 +140,6 @@ github.com/dsnet/golib v0.0.0-20171103203638-1ea166775780/go.mod h1:Lj+Z9rebOhdf
 github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
 github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
 github.com/elazarl/goproxy v0.0.0-20191011121108-aa519ddbe484 h1:pEtiCjIXx3RvGjlUJuCNxNOw0MNblyR9Wi+vJGBFh+8=
-github.com/elazarl/goproxy v0.0.0-20191011121108-aa519ddbe484/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
-github.com/elazarl/goproxy/ext v0.0.0-20190711103511-473e67f1d7d2/go.mod h1:gNh8nYJoAm43RfaxurUnxr+N1PwuFV3ZMl/efxlIlY8=
 github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
 github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
 github.com/emicklei/go-restful/v3 v3.8.0 h1:eCZ8ulSerjdAiaNpF7GxXIE7ZCMo1moN1qX+S609eVw=
@@ -177,6 +175,8 @@ github.com/gardener/gardener v1.59.0 h1:9T8C2lPwaFTKxUi3afpVjmbao/uDcn5lfYRmFqMF
 github.com/gardener/gardener v1.59.0/go.mod h1:4vopE/Pg4LJud1CRg80rAcp94v83MJIgktlHNcSKO84=
 github.com/gardener/gardener-extension-networking-calico v1.27.1 h1:q/lsdqbwV+qlwNPxlqFxGeqKMDwPk+dPhUGXjxObzGE=
 github.com/gardener/gardener-extension-networking-calico v1.27.1/go.mod h1:MURFRmYPHiXSfmJ82S3nXH3qGcszeYQwhMVKn/J5XoU=
+github.com/gardener/gardener-extension-networking-cilium v1.18.0 h1:LNBMqVAkltHBDkP+C5Vq/dFgve/YOG8MIvTJJuWWCtU=
+github.com/gardener/gardener-extension-networking-cilium v1.18.0/go.mod h1:bXE/CwHLju+AMsqYXdFIQTt1r+GRHOTW8hJ9EIR84Z0=
 github.com/gardener/hvpa-controller/api v0.5.0 h1:f4F3O7YUrenwh4S3TgPREPiB287JjjUiUL18OqPLyAA=
 github.com/gardener/hvpa-controller/api v0.5.0/go.mod h1:QQl3ELkCaki+8RhXl0FZMfvnm0WCGwGJlGmrxJj6lvM=
 github.com/gardener/machine-controller-manager v0.45.0 h1:rpf0PHRXJMGY93oMruNP+tnMawKJXhhzCACyNJsT8Lo=
@@ -387,7 +387,6 @@ github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORN
 github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
-github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
@@ -506,7 +505,6 @@ github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0
 github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
-github.com/rogpeppe/go-charset v0.0.0-20180617210344-2471d30d28b4/go.mod h1:qgYeAmZ5ZIpBWTGllZSQnw97Dj+woV0toclVaRGI8pc=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=

pkg/admission/mutator/shoot.go

@@ -19,6 +19,10 @@ import (
 	"fmt"
 
 	calicov1alpha1 "github.com/gardener/gardener-extension-networking-calico/pkg/apis/calico/v1alpha1"
+	ciliumv1alpha1 "github.com/gardener/gardener-extension-networking-cilium/pkg/apis/cilium/v1alpha1"
+
+	"github.com/gardener/gardener-extension-networking-calico/pkg/calico"
+	"github.com/gardener/gardener-extension-networking-cilium/pkg/cilium"
 
 	extensionswebhook "github.com/gardener/gardener/extensions/pkg/webhook"
 	gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1"
@@ -44,7 +48,6 @@ func (s *shoot) InjectScheme(scheme *runtime.Scheme) error {
 
 // Mutate mutates the given shoot object.
 func (s *shoot) Mutate(ctx context.Context, new, old client.Object) error {
-	overlay := &calicov1alpha1.Overlay{Enabled: false}
 
 	shoot, ok := new.(*gardencorev1beta1.Shoot)
 	if !ok {
@@ -73,32 +76,66 @@ func (s *shoot) Mutate(ctx context.Context, new, old client.Object) error {
 		return nil
 	}
 
-	networkConfig, err := s.decodeNetworkingConfig(shoot.Spec.Networking.ProviderConfig)
-	if err != nil {
-		return err
-	}
+	switch shoot.Spec.Networking.Type {
+	case calico.ReleaseName:
+		overlay := &calicov1alpha1.Overlay{Enabled: false}
+		networkConfig, err := s.decodeCalicoNetworkConfig(shoot.Spec.Networking.ProviderConfig)
+		if err != nil {
+			return err
+		}
 
-	if oldShoot == nil && networkConfig.Overlay == nil {
-		networkConfig.Overlay = overlay
-	}
+		if oldShoot == nil && networkConfig.Overlay == nil {
+			networkConfig.Overlay = overlay
+		}
+
+		if oldShoot != nil && networkConfig.Overlay == nil {
+			oldNetworkConfig, err := s.decodeCalicoNetworkConfig(oldShoot.Spec.Networking.ProviderConfig)
+			if err != nil {
+				return err
+			}
 
-	if oldShoot != nil && networkConfig.Overlay == nil {
-		oldNetworkConfig, err := s.decodeNetworkingConfig(oldShoot.Spec.Networking.ProviderConfig)
+			if oldNetworkConfig.Overlay != nil {
+				networkConfig.Overlay = oldNetworkConfig.Overlay
+			}
+
+		}
+
+		shoot.Spec.Networking.ProviderConfig = &runtime.RawExtension{
+			Object: networkConfig,
+		}
+
+	case cilium.ReleaseName:
+		overlay := &ciliumv1alpha1.Overlay{Enabled: false}
+
+		networkConfig, err := s.decodeCiliumNetworkConfig(shoot.Spec.Networking.ProviderConfig)
 		if err != nil {
 			return err
 		}
-		if oldNetworkConfig.Overlay != nil {
-			networkConfig.Overlay = oldNetworkConfig.Overlay
+
+		if oldShoot == nil && networkConfig.Overlay == nil {
+			networkConfig.Overlay = overlay
+		}
+
+		if oldShoot != nil && networkConfig.Overlay == nil {
+			oldNetworkConfig, err := s.decodeCiliumNetworkConfig(oldShoot.Spec.Networking.ProviderConfig)
+			if err != nil {
+				return err
+			}
+
+			if oldNetworkConfig.Overlay != nil {
+				networkConfig.Overlay = oldNetworkConfig.Overlay
+			}
+
+		}
+		shoot.Spec.Networking.ProviderConfig = &runtime.RawExtension{
+			Object: networkConfig,
 		}
-	}
-	shoot.Spec.Networking.ProviderConfig = &runtime.RawExtension{
-		Object: networkConfig,
 	}
 
 	return nil
 }
 
-func (s *shoot) decodeNetworkingConfig(network *runtime.RawExtension) (*calicov1alpha1.NetworkConfig, error) {
+func (s *shoot) decodeCalicoNetworkConfig(network *runtime.RawExtension) (*calicov1alpha1.NetworkConfig, error) {
 	networkConfig := &calicov1alpha1.NetworkConfig{}
 	if network != nil && network.Raw != nil {
 		if _, _, err := s.decoder.Decode(network.Raw, nil, networkConfig); err != nil {
@@ -108,6 +145,16 @@ func (s *shoot) decodeNetworkingConfig(network *runtime.RawExtension) (*calicov1
 	return networkConfig, nil
 }
 
+func (s *shoot) decodeCiliumNetworkConfig(network *runtime.RawExtension) (*ciliumv1alpha1.NetworkConfig, error) {
+	networkConfig := &ciliumv1alpha1.NetworkConfig{}
+	if network != nil && network.Raw != nil {
+		if _, _, err := s.decoder.Decode(network.Raw, nil, networkConfig); err != nil {
+			return nil, err
+		}
+	}
+	return networkConfig, nil
+}
+
 // wasShootRescheduledToNewSeed returns true if the shoot.Spec.SeedName has been changed, but the migration operation has not started yet.
 func wasShootRescheduledToNewSeed(shoot *gardencorev1beta1.Shoot) bool {
 	return shoot.Status.LastOperation != nil &&

pkg/admission/mutator/shoot_test.go

@@ -18,6 +18,8 @@ import (
 	"context"
 	"time"
 
+	calicov1alpha1 "github.com/gardener/gardener-extension-networking-calico/pkg/apis/calico/v1alpha1"
+	ciliumv1alpha1 "github.com/gardener/gardener-extension-networking-cilium/pkg/apis/cilium/v1alpha1"
 	"github.com/gardener/gardener-extension-provider-gcp/pkg/admission/mutator"
 	"github.com/gardener/gardener-extension-provider-gcp/pkg/gcp"
 	extensionswebhook "github.com/gardener/gardener/extensions/pkg/webhook"
@@ -40,6 +42,7 @@ var _ = Describe("Shoot mutator", func() {
 		var (
 			shootMutator extensionswebhook.Mutator
 			shoot        *gardencorev1beta1.Shoot
+			oldShoot     *gardencorev1beta1.Shoot
 			ctx          = context.TODO()
 			now          = metav1.Now()
 		)
@@ -67,11 +70,106 @@ var _ = Describe("Shoot mutator", func() {
 					},
 				},
 			}
+
+			oldShoot = &gardencorev1beta1.Shoot{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "foo",
+					Namespace: namespace,
+				},
+				Spec: gardencorev1beta1.ShootSpec{
+					SeedName: pointer.String("gcp"),
+					Provider: gardencorev1beta1.Provider{
+						Type: gcp.Type,
+					},
+					Region: "us-west1",
+					Networking: gardencorev1beta1.Networking{
+						Nodes: pointer.String("10.250.0.0/16"),
+						Type:  "calico",
+					},
+				},
+			}
+		})
+
+		Context("Mutate shoot networking providerconfig for type calico", func() {
+			It("should return without mutation when shoot is in scheduled to new seed phase", func() {
+				shoot.Status.LastOperation = &gardencorev1beta1.LastOperation{
+					Description:    "test",
+					LastUpdateTime: metav1.Time{Time: metav1.Now().Add(time.Second * -1000)},
+					Progress:       0,
+					Type:           gardencorev1beta1.LastOperationTypeReconcile,
+					State:          gardencorev1beta1.LastOperationStateProcessing,
+				}
+				shoot.Status.SeedName = pointer.String("aws")
+				shootExpected := shoot.DeepCopy()
+				err := shootMutator.Mutate(ctx, shoot, nil)
+				Expect(err).NotTo(HaveOccurred())
+				Expect(shoot).To(DeepEqual(shootExpected))
+			})
+
+			It("should return wihtout mutation when shoot is in migration or restore phase", func() {
+				shoot.Status.LastOperation = &gardencorev1beta1.LastOperation{
+					Description:    "test",
+					LastUpdateTime: metav1.Time{Time: metav1.Now().Add(time.Second * -1000)},
+					Progress:       0,
+					Type:           gardencorev1beta1.LastOperationTypeMigrate,
+					State:          gardencorev1beta1.LastOperationStateProcessing,
+				}
+				shoot.Status.SeedName = pointer.String("gcp")
+				shootExpected := shoot.DeepCopy()
+				err := shootMutator.Mutate(ctx, shoot, shoot)
+				Expect(err).NotTo(HaveOccurred())
+				Expect(shoot).To(DeepEqual(shootExpected))
+			})
+
+			It("should return without mutation when shoot is in deletion phase", func() {
+				shoot.DeletionTimestamp = &now
+				shootExpected := shoot.DeepCopy()
+				err := shootMutator.Mutate(ctx, shoot, nil)
+				Expect(err).NotTo(HaveOccurred())
+				Expect(shoot).To(DeepEqual(shootExpected))
+			})
+
+			It("should disable overlay for a new shoot", func() {
+				err := shootMutator.Mutate(ctx, shoot, nil)
+				Expect(err).NotTo(HaveOccurred())
+				Expect(shoot.Spec.Networking.ProviderConfig).To(Equal(&runtime.RawExtension{
+					Object: &calicov1alpha1.NetworkConfig{
+						Overlay: &calicov1alpha1.Overlay{
+							Enabled: false,
+						},
+					},
+				}))
+			})
+
+			It("should take overlay field value from old shoot when unspecified in new shoot", func() {
+				oldShoot.Spec.Networking.ProviderConfig = &runtime.RawExtension{
+					Raw: []byte(`{"overlay":{"enabled":true}}`),
+					Object: &calicov1alpha1.NetworkConfig{
+						Overlay: &calicov1alpha1.Overlay{
+							Enabled: true,
+						},
+					},
+				}
+				err := shootMutator.Mutate(ctx, shoot, oldShoot)
+				Expect(err).NotTo(HaveOccurred())
+				Expect(shoot.Spec.Networking.ProviderConfig).To(Equal(&runtime.RawExtension{
+					Object: &calicov1alpha1.NetworkConfig{
+						Overlay: &calicov1alpha1.Overlay{
+							Enabled: true,
+						},
+					},
+				}))
+			})
 		})
 
-		// TODO (DockToFuture): mutator tests need to be complemented.
-		Context("Mutate shoot", func() {
-			It("should return nil when shoot is in scheduled to new seed phase", func() {
+		Context("Mutate shoot networking providerconfig for type cilium", func() {
+
+			BeforeEach(func() {
+				shoot.Spec.Networking.Type = "cilium"
+				oldShoot.Spec.Networking.Type = "cilium"
+			})
+
+			It("should return without mutation when shoot is in scheduled to new seed phase", func() {
 				shoot.Status.LastOperation = &gardencorev1beta1.LastOperation{
 					Description:    "test",
 					LastUpdateTime: metav1.Time{Time: metav1.Now().Add(time.Second * -1000)},
@@ -86,7 +184,7 @@ var _ = Describe("Shoot mutator", func() {
 				Expect(shoot).To(DeepEqual(shootExpected))
 			})
 
-			It("should return nil when shoot is in migration or restore phase", func() {
+			It("should return wihtout mutation when shoot is in migration or restore phase", func() {
 				shoot.Status.LastOperation = &gardencorev1beta1.LastOperation{
 					Description:    "test",
 					LastUpdateTime: metav1.Time{Time: metav1.Now().Add(time.Second * -1000)},
@@ -101,13 +199,45 @@ var _ = Describe("Shoot mutator", func() {
 				Expect(shoot).To(DeepEqual(shootExpected))
 			})
 
-			It("should return nil when shoot is in deletion phase", func() {
+			It("should return without mutation when shoot is in deletion phase", func() {
 				shoot.DeletionTimestamp = &now
 				shootExpected := shoot.DeepCopy()
 				err := shootMutator.Mutate(ctx, shoot, nil)
 				Expect(err).NotTo(HaveOccurred())
 				Expect(shoot).To(DeepEqual(shootExpected))
 			})
+
+			It("should disable overlay for a new shoot", func() {
+				err := shootMutator.Mutate(ctx, shoot, nil)
+				Expect(err).NotTo(HaveOccurred())
+				Expect(shoot.Spec.Networking.ProviderConfig).To(Equal(&runtime.RawExtension{
+					Object: &ciliumv1alpha1.NetworkConfig{
+						Overlay: &ciliumv1alpha1.Overlay{
+							Enabled: false,
+						},
+					},
+				}))
+			})
+
+			It("should take overlay field value from old shoot when unspecified in new shoot", func() {
+				oldShoot.Spec.Networking.ProviderConfig = &runtime.RawExtension{
+					Raw: []byte(`{"overlay":{"enabled":true}}`),
+					Object: &ciliumv1alpha1.NetworkConfig{
+						Overlay: &ciliumv1alpha1.Overlay{
+							Enabled: true,
+						},
+					},
+				}
+				err := shootMutator.Mutate(ctx, shoot, oldShoot)
+				Expect(err).NotTo(HaveOccurred())
+				Expect(shoot.Spec.Networking.ProviderConfig).To(Equal(&runtime.RawExtension{
+					Object: &ciliumv1alpha1.NetworkConfig{
+						Overlay: &ciliumv1alpha1.Overlay{
+							Enabled: true,
+						},
+					},
+				}))
+			})
 		})
 	})
 })