Support routed networks

.github/workflows/go-coverage.yml

@@ -14,7 +14,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
-          go-version: 1.22
+          go-version: 1.23
       - name: Run go test with coverage
         run: COVER_PROFILE=coverage.txt make test
       - name: Codecov upload

Makefile

@@ -129,8 +129,8 @@ lint: $(GOLANGCI_LINT) $(STATIC_CHECK) generate-mocks ## Run linting for the pro
 
 .PHONY: modules
 modules: ## Runs go mod to ensure proper vendoring.
-	go mod tidy -compat=1.22
-	cd $(TOOLS_DIR); go mod tidy -compat=1.22
+	go mod tidy -compat=1.23
+	cd $(TOOLS_DIR); go mod tidy -compat=1.23
 
 .PHONY: generate-all
 generate-all: generate-mocks generate-deepcopy generate-manifests

api/v1beta1/conversion.go

@@ -185,3 +185,14 @@ func Convert_v1beta3_Network_To_v1beta1_Network(in *v1beta3.Network, out *Networ
 	// Skip Gateway, Netmask, and VPC fields as they do not exist in v1beta1.Network
 	return nil
 }
+
+// Convert_v1beta3_CloudStackIsolatedNetworkStatus_To_v1beta1_CloudStackIsolatedNetworkStatus handles manual conversion of CloudStackIsolatedNetworkStatus from v1beta3 to v1beta1
+//
+//nolint:golint,revive,stylecheck
+func Convert_v1beta3_CloudStackIsolatedNetworkStatus_To_v1beta1_CloudStackIsolatedNetworkStatus(in *v1beta3.CloudStackIsolatedNetworkStatus, out *CloudStackIsolatedNetworkStatus, _ conv.Scope) error {
+	out.PublicIPID = in.PublicIPID
+	out.LBRuleID = in.LBRuleID
+	out.Ready = in.Ready
+	// RoutingMode field doesn't exist in v1beta1, so we ignore it during conversion
+	return nil
+}

api/v1beta2/conversion.go

@@ -43,3 +43,14 @@ func Convert_v1beta3_CloudStackIsolatedNetworkSpec_To_v1beta2_CloudStackIsolated
 	// Skip Gateway, Netmask, and VPC fields as they do not exist in v1beta2.CloudStackIsolatedNetworkSpec
 	return nil
 }
+
+// Convert_v1beta3_CloudStackIsolatedNetworkStatus_To_v1beta2_CloudStackIsolatedNetworkStatus handles manual conversion of CloudStackIsolatedNetworkStatus from v1beta3 to v1beta2
+//
+//nolint:golint,revive,stylecheck
+func Convert_v1beta3_CloudStackIsolatedNetworkStatus_To_v1beta2_CloudStackIsolatedNetworkStatus(in *v1beta3.CloudStackIsolatedNetworkStatus, out *CloudStackIsolatedNetworkStatus, _ conv.Scope) error {
+	out.PublicIPID = in.PublicIPID
+	out.LBRuleID = in.LBRuleID
+	out.Ready = in.Ready
+	// RoutingMode field doesn't exist in v1beta2, so we ignore it during conversion
+	return nil
+}

api/v1beta3/cloudstackfailuredomain_types.go

@@ -72,6 +72,12 @@ type Network struct {
 	// Cloudstack VPC the network belongs to.
 	// +optional
 	VPC *VPC `json:"vpc,omitempty"`
+
+	// Cloudstack Network's routing mode.
+	// Routing mode can be Dynamic, or Static.
+	// Empty value means the network mode is NATTED, not ROUTED.
+	// +optional
+	RoutingMode string `json:"routingMode,omitempty"`
 }
 
 type VPC struct {

api/v1beta3/cloudstackisolatednetwork_types.go

@@ -68,19 +68,25 @@ type CloudStackIsolatedNetworkStatus struct {
 	// The ID of the lb rule used to assign VMs to the lb.
 	LBRuleID string `json:"loadBalancerRuleID,omitempty"`
 
+	// Routing mode of the network.
+	// Routing mode can be Dynamic, or Static.
+	// Empty value means the network mode is NATTED, not ROUTED.
+	RoutingMode string `json:"routingMode,omitempty"`
+
 	// Ready indicates the readiness of this provider resource.
 	Ready bool `json:"ready"`
 }
 
 func (n *CloudStackIsolatedNetwork) Network() *Network {
 	return &Network{
-		Name:     n.Spec.Name,
-		Type:     "IsolatedNetwork",
-		ID:       n.Spec.ID,
-		Gateway:  n.Spec.Gateway,
-		Netmask:  n.Spec.Netmask,
-		VPC:      n.Spec.VPC,
-		Offering: n.Spec.Offering,
+		Name:        n.Spec.Name,
+		Type:        "IsolatedNetwork",
+		ID:          n.Spec.ID,
+		Gateway:     n.Spec.Gateway,
+		Netmask:     n.Spec.Netmask,
+		VPC:         n.Spec.VPC,
+		Offering:    n.Spec.Offering,
+		RoutingMode: n.Status.RoutingMode,
 	}
 }
 

config/crd/bases/infrastructure.cluster.x-k8s.io_cloudstackclusters.yaml

@@ -432,6 +432,12 @@ spec:
                                 isolated networks and "DefaultIsolatedNetworkOfferingForVpcNetworks"
                                 for VPC networks.
                               type: string
+                            routingMode:
+                              description: |-
+                                Cloudstack Network's routing mode.
+                                Routing mode can be Dynamic, or Static.
+                                Empty value means the network mode is NATTED, not ROUTED.
+                              type: string
                             type:
                               description: Cloudstack Network Type the cluster is
                                 built in.

config/crd/bases/infrastructure.cluster.x-k8s.io_cloudstackfailuredomains.yaml

@@ -200,6 +200,12 @@ spec:
                           isolated networks and "DefaultIsolatedNetworkOfferingForVpcNetworks"
                           for VPC networks.
                         type: string
+                      routingMode:
+                        description: |-
+                          Cloudstack Network's routing mode.
+                          Routing mode can be Dynamic, or Static.
+                          Empty value means the network mode is NATTED, not ROUTED.
+                        type: string
                       type:
                         description: Cloudstack Network Type the cluster is built
                           in.

config/crd/bases/infrastructure.cluster.x-k8s.io_cloudstackisolatednetworks.yaml

@@ -260,6 +260,12 @@ spec:
               ready:
                 description: Ready indicates the readiness of this provider resource.
                 type: boolean
+              routingMode:
+                description: |-
+                  Routing mode of the network.
+                  Routing mode can be Dynamic, or Static.
+                  Empty value means the network mode is NATTED, not ROUTED.
+                type: string
             required:
             - ready
             type: object

controllers/cks_cluster_controller_test.go

@@ -17,9 +17,9 @@ limitations under the License.
 package controllers_test
 
 import (
-	"github.com/golang/mock/gomock"
 	ginkgo "github.com/onsi/ginkgo/v2"
 	gomega "github.com/onsi/gomega"
+	"go.uber.org/mock/gomock"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/utils/ptr"
 	infrav1 "sigs.k8s.io/cluster-api-provider-cloudstack/api/v1beta3"

controllers/cks_machine_controller_test.go

@@ -17,9 +17,9 @@ limitations under the License.
 package controllers_test
 
 import (
-	"github.com/golang/mock/gomock"
 	ginkgo "github.com/onsi/ginkgo/v2"
 	gomega "github.com/onsi/gomega"
+	"go.uber.org/mock/gomock"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/utils/ptr"
 

controllers/cloudstackaffinitygroup_controller_test.go

@@ -17,9 +17,9 @@ limitations under the License.
 package controllers_test
 
 import (
-	"github.com/golang/mock/gomock"
 	ginkgo "github.com/onsi/ginkgo/v2"
 	gomega "github.com/onsi/gomega"
+	gomock "go.uber.org/mock/gomock"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/utils/ptr"
 	infrav1 "sigs.k8s.io/cluster-api-provider-cloudstack/api/v1beta3"

controllers/cloudstackcluster_controller_test.go

@@ -17,9 +17,9 @@ limitations under the License.
 package controllers_test
 
 import (
-	"github.com/golang/mock/gomock"
 	ginkgo "github.com/onsi/ginkgo/v2"
 	gomega "github.com/onsi/gomega"
+	gomock "go.uber.org/mock/gomock"
 	"k8s.io/utils/ptr"
 	infrav1 "sigs.k8s.io/cluster-api-provider-cloudstack/api/v1beta3"
 	"sigs.k8s.io/cluster-api-provider-cloudstack/controllers"

controllers/cloudstackfailuredomain_controller_test.go

@@ -17,9 +17,9 @@ limitations under the License.
 package controllers_test
 
 import (
-	"github.com/golang/mock/gomock"
 	ginkgo "github.com/onsi/ginkgo/v2"
 	gomega "github.com/onsi/gomega"
+	gomock "go.uber.org/mock/gomock"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/utils/ptr"
 	infrav1 "sigs.k8s.io/cluster-api-provider-cloudstack/api/v1beta3"

controllers/cloudstackisolatednetwork_controller_test.go

@@ -17,9 +17,9 @@ limitations under the License.
 package controllers_test
 
 import (
-	g "github.com/golang/mock/gomock"
 	ginkgo "github.com/onsi/ginkgo/v2"
 	gomega "github.com/onsi/gomega"
+	g "go.uber.org/mock/gomock"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/utils/ptr"
 	infrav1 "sigs.k8s.io/cluster-api-provider-cloudstack/api/v1beta3"

controllers/cloudstackmachine_controller.go

@@ -295,13 +295,17 @@ func (r *CloudStackMachineReconciliationRunner) RequeueIfInstanceNotRunning() (r
 // AddToLBIfNeeded adds instance to load balancer if it is a control plane in an isolated network.
 func (r *CloudStackMachineReconciliationRunner) AddToLBIfNeeded() (retRes ctrl.Result, reterr error) {
 	if util.IsControlPlaneMachine(r.CAPIMachine) && r.FailureDomain.Spec.Zone.Network.Type == cloud.NetworkTypeIsolated {
-		r.Log.Info("Assigning VM to load balancer rule.")
 		if r.IsoNet.Spec.Name == "" {
 			return r.RequeueWithMessage("Could not get required Isolated Network for VM, requeueing.")
 		}
-		err := r.CSUser.AssignVMToLoadBalancerRule(r.IsoNet, *r.ReconciliationSubject.Spec.InstanceID)
-		if err != nil {
-			return ctrl.Result{}, err
+
+		if r.IsoNet.Status.RoutingMode == "" {
+			// For non-routed networks, use load balancer
+			r.Log.Info("Assigning VM to load balancer rule.")
+			err := r.CSUser.AssignVMToLoadBalancerRule(r.IsoNet, *r.ReconciliationSubject.Spec.InstanceID)
+			if err != nil {
+				return ctrl.Result{}, err
+			}
 		}
 	}
 	return ctrl.Result{}, nil

controllers/cloudstackmachine_controller_test.go

@@ -20,9 +20,9 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/golang/mock/gomock"
 	ginkgo "github.com/onsi/ginkgo/v2"
 	gomega "github.com/onsi/gomega"
+	gomock "go.uber.org/mock/gomock"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"

controllers/controllers_suite_test.go

@@ -37,10 +37,10 @@ import (
 
 	"github.com/apache/cloudstack-go/v2/cloudstack"
 	"github.com/go-logr/logr"
-	"github.com/golang/mock/gomock"
 	ginkgo "github.com/onsi/ginkgo/v2"
 	gomega "github.com/onsi/gomega"
 	"github.com/pkg/errors"
+	gomock "go.uber.org/mock/gomock"
 	"k8s.io/client-go/kubernetes/scheme"
 	"k8s.io/client-go/rest"
 	ctrl "sigs.k8s.io/controller-runtime"

controllers/utils/base_reconciler_test.go

@@ -20,9 +20,9 @@ import (
 	"context"
 
 	"github.com/go-logr/logr"
-	"github.com/golang/mock/gomock"
 	"github.com/onsi/ginkgo/v2"
 	"github.com/onsi/gomega"
+	gomock "go.uber.org/mock/gomock"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/client-go/tools/record"

go.mod

@@ -1,13 +1,12 @@
 module sigs.k8s.io/cluster-api-provider-cloudstack
 
-go 1.22.0
+go 1.23
 
-toolchain go1.22.12
+toolchain go1.23.2
 
 require (
-	github.com/apache/cloudstack-go/v2 v2.16.1
+	github.com/apache/cloudstack-go/v2 v2.17.0
 	github.com/go-logr/logr v1.4.2
-	github.com/golang/mock v1.6.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/jellydator/ttlcache/v3 v3.2.0
 	github.com/onsi/ginkgo/v2 v2.22.2
@@ -16,6 +15,7 @@ require (
 	github.com/prometheus/client_golang v1.19.1
 	github.com/smallfish/simpleyaml v0.1.0
 	github.com/spf13/pflag v1.0.5
+	go.uber.org/mock v0.5.1
 	golang.org/x/text v0.21.0
 	gopkg.in/yaml.v3 v3.0.1
 	k8s.io/api v0.31.3