[WIP] Add GCP IP Alias Mode with Cilium CNI

cmd/kops/create_cluster.go

@@ -325,7 +325,7 @@ func NewCmdCreateCluster(f *util.Factory, out io.Writer) *cobra.Command {
 	cmd.Flags().StringVar(&options.EtcdStorageType, "etcd-storage-type", options.EtcdStorageType, "The default storage type for etcd members")
 	cmd.RegisterFlagCompletionFunc("etcd-storage-type", completeStorageType)
 
-	cmd.Flags().StringVar(&options.Networking, "networking", options.Networking, "Networking mode.  kubenet, external, flannel-vxlan (or flannel), flannel-udp, calico, kube-router, amazonvpc, cilium, cilium-etcd, kindnet, cni.")
+	cmd.Flags().StringVar(&options.Networking, "networking", options.Networking, "Networking mode.  kubenet, external, flannel-vxlan (or flannel), flannel-udp, calico, kube-router, amazonvpc, cilium, gcp-with-cilium, cilium-etcd, kindnet, cni.")
 	cmd.RegisterFlagCompletionFunc("networking", completeNetworking(options))
 
 	cmd.Flags().StringVar(&options.DNSZone, "dns-zone", options.DNSZone, "DNS hosted zone (defaults to longest matching zone)")
@@ -1016,7 +1016,7 @@ func completeNetworking(options *CreateClusterOptions) func(cmd *cobra.Command,
 			}
 
 			if options.CloudProvider == "gce" || options.CloudProvider == "" {
-				completions = append(completions, "gcp")
+				completions = append(completions, "gcp", "gcp-with-cilium")
 			}
 		}
 

cmd/kops/create_cluster_integration_test.go

@@ -81,6 +81,11 @@ func TestCreateClusterCilium(t *testing.T) {
 	runCreateClusterIntegrationTest(t, "../../tests/integration/create_cluster/cilium-eni", "v1alpha2")
 }
 
+// TestCreateClusterCiliumGCE runs kops with the gcp-with-cilium networking flag
+func TestCreateClusterCiliumGCE(t *testing.T) {
+	runCreateClusterIntegrationTest(t, "../../tests/integration/create_cluster/cilium-gce", "v1alpha2")
+}
+
 // TestCreateClusterOverride tests the override flag
 func TestCreateClusterOverride(t *testing.T) {
 	runCreateClusterIntegrationTest(t, "../../tests/integration/create_cluster/overrides", "v1alpha2")

cmd/kops/integration_test.go

@@ -541,6 +541,15 @@ func TestMinimalIPv6Cilium(t *testing.T) {
 		runTestTerraformAWS(t)
 }
 
+func TestCiliumGCE(t *testing.T) {
+	newIntegrationTest("cilium-gce.example.com", "cilium-gce").
+		withAddons(
+			ciliumAddon,
+			dnsControllerAddon,
+			gcpCCMAddon).
+		runTestTerraformGCE(t)
+}
+
 // TestMinimalIPv6NoSubnetPrefix runs the test with "/64#N" subnet notation
 func TestMinimalIPv6NoSubnetPrefix(t *testing.T) {
 	newIntegrationTest("minimal-ipv6.example.com", "minimal-ipv6-no-subnet-prefix").

pkg/apis/kops/cluster.go

@@ -955,7 +955,8 @@ func (c *Cluster) UsesNoneDNS() bool {
 func (c *Cluster) InstallCNIAssets() bool {
 	return c.Spec.Networking.AmazonVPC == nil &&
 		c.Spec.Networking.Calico == nil &&
-		c.Spec.Networking.Cilium == nil
+		c.Spec.Networking.Cilium == nil &&
+		!c.Spec.Networking.NetworkingIsGCPCilium()
 }
 
 func (c *Cluster) HasImageVolumesSupport() bool {

pkg/apis/kops/model/features.go

@@ -54,7 +54,7 @@ func UseKopsControllerForNodeConfig(cluster *kops.Cluster) bool {
 
 // UseCiliumEtcd is true if we are using the Cilium etcd cluster.
 func UseCiliumEtcd(cluster *kops.Cluster) bool {
-	if cluster.Spec.Networking.Cilium == nil {
+	if cluster.Spec.Networking.Cilium == nil && !cluster.Spec.Networking.NetworkingIsGCPCilium() {
 		return false
 	}
 

pkg/apis/kops/networking.go

@@ -103,7 +103,7 @@ func (n *NetworkingSpec) UsesKubenet() bool {
 	}
 	if n.Kubenet != nil {
 		return true
-	} else if n.GCP != nil {
+	} else if n.GCP != nil && n.GCP.Cilium == nil {
 		// GCP IP Alias networking is based on kubenet
 		return true
 	} else if n.External != nil {
@@ -117,6 +117,11 @@ func (n *NetworkingSpec) UsesKubenet() bool {
 	return false
 }
 
+// NetworkingIsGCPCilium returns true if our networking is derived from GCP with Cilium
+func (n *NetworkingSpec) NetworkingIsGCPCilium() bool {
+	return n.GCP != nil && n.GCP.Cilium != nil
+}
+
 // ClassicNetworkingSpec is the specification of classic networking mode, integrated into kubernetes.
 // Support been removed since Kubernetes 1.4.
 type ClassicNetworkingSpec struct{}
@@ -584,7 +589,10 @@ type LyftVPCNetworkingSpec struct {
 }
 
 // GCPNetworkingSpec is the specification of GCP's native networking mode, using IP aliases.
-type GCPNetworkingSpec struct{}
+type GCPNetworkingSpec struct {
+	// Cilium enables Cilium on GCP.
+	Cilium *CiliumNetworkingSpec `json:"cilium,omitempty"`
+}
 
 // KindnetNetworkingSpec configures Kindnet settings.
 type KindnetNetworkingSpec struct {

pkg/apis/kops/v1alpha2/networking.go

@@ -701,7 +701,10 @@ type LyftVPCNetworkingSpec struct {
 }
 
 // GCPNetworkingSpec is the specification of GCP's native networking mode, using IP aliases.
-type GCPNetworkingSpec struct{}
+type GCPNetworkingSpec struct {
+	// Cilium enables Cilium on GCP.
+	Cilium *CiliumNetworkingSpec `json:"cilium,omitempty"`
+}
 
 // KindnetNetworkingSpec configures Kindnet settings.
 type KindnetNetworkingSpec struct {

pkg/apis/kops/v1alpha3/networking.go

@@ -526,7 +526,10 @@ type HubbleSpec struct {
 }
 
 // GCPNetworkingSpec is the specification of GCP's native networking mode, using IP aliases.
-type GCPNetworkingSpec struct{}
+type GCPNetworkingSpec struct {
+	// Cilium enables Cilium on GCP.
+	Cilium *CiliumNetworkingSpec `json:"cilium,omitempty"`
+}
 
 // KindnetNetworkingSpec configures Kindnet settings.
 type KindnetNetworkingSpec struct {

pkg/apis/nodeup/config.go

@@ -345,6 +345,19 @@ func NewConfig(cluster *kops.Cluster, instanceGroup *kops.InstanceGroup) (*Confi
 		}
 	}
 
+	if cluster.Spec.Networking.GCP != nil {
+		config.Networking.GCP = &kops.GCPNetworkingSpec{}
+		if cluster.Spec.Networking.GCP.Cilium != nil {
+			config.Networking.GCP.Cilium = cluster.Spec.Networking.GCP.Cilium
+			if cluster.Spec.Networking.GCP.Cilium.IPAM == kops.CiliumIpamEni {
+				config.Networking.GCP.Cilium.IPAM = kops.CiliumIpamEni
+			}
+			if model.UseCiliumEtcd(cluster) {
+				config.UseCiliumEtcd = true
+			}
+		}
+	}
+
 	if cluster.Spec.Networking.CNI != nil && cluster.Spec.Networking.CNI.UsesSecondaryIP {
 		config.Networking.CNI = &kops.CNINetworkingSpec{UsesSecondaryIP: true}
 	}

pkg/model/components/cilium.go

@@ -35,6 +35,9 @@ var _ loader.ClusterOptionsBuilder = &CiliumOptionsBuilder{}
 func (b *CiliumOptionsBuilder) BuildOptions(o *kops.Cluster) error {
 	clusterSpec := &o.Spec
 	c := clusterSpec.Networking.Cilium
+	if c == nil && clusterSpec.Networking.GCP != nil {
+		c = clusterSpec.Networking.GCP.Cilium
+	}
 	if c == nil {
 		return nil
 	}

pkg/model/context.go

@@ -418,3 +418,7 @@ func (b *KopsModelContext) NetworkingIsCalico() bool {
 func (b *KopsModelContext) NetworkingIsCilium() bool {
 	return b.Cluster.Spec.Networking.Cilium != nil
 }
+
+func (b *KopsModelContext) NetworkingIsGCPWithCilium() bool {
+	return b.Cluster.Spec.Networking.GCP != nil && b.Cluster.Spec.Networking.GCP.Cilium != nil
+}

pkg/model/gcemodel/firewall.go

@@ -148,7 +148,7 @@ func (b *FirewallModelBuilder) Build(c *fi.CloudupModelBuilderContext) error {
 		if b.NetworkingIsCalico() {
 			t.Allowed = append(t.Allowed, "ipip")
 		}
-		if b.NetworkingIsCilium() {
+		if b.NetworkingIsCilium() || b.NetworkingIsGCPWithCilium() {
 			t.Allowed = append(t.Allowed, fmt.Sprintf("udp:%d", wellknownports.VxlanUDP))
 			if model.UseCiliumEtcd(b.Cluster) {
 				t.Allowed = append(t.Allowed, fmt.Sprintf("tcp:%d", wellknownports.EtcdCiliumClientPort))