One can now allocate hostsubnets for hosts that are not part of the cluster. This is useful when a host wants to be part of the SDN, but not part of the cluster (e.g. F5)

Author: Rajat Chopra

pkg/sdn/api/validation/validation.go

@@ -8,6 +8,7 @@ import (
 
 	oapi "github.com/openshift/origin/pkg/api"
 	sdnapi "github.com/openshift/origin/pkg/sdn/api"
+	sdnplugin "github.com/openshift/origin/pkg/sdn/plugin"
 )
 
 // ValidateClusterNetwork tests if required fields in the ClusterNetwork are set.
@@ -87,7 +88,10 @@ func ValidateHostSubnet(hs *sdnapi.HostSubnet) field.ErrorList {
 
 	_, _, err := net.ParseCIDR(hs.Subnet)
 	if err != nil {
-		allErrs = append(allErrs, field.Invalid(field.NewPath("subnet"), hs.Subnet, err.Error()))
+		// check if annotation exists, then let the Subnet field be empty
+		if _, ok := hs.Annotations[sdnplugin.AssignHostSubnetAnnotation]; !ok {
+			allErrs = append(allErrs, field.Invalid(field.NewPath("subnet"), hs.Subnet, err.Error()))
+		}
 	}
 	if net.ParseIP(hs.HostIP) == nil {
 		allErrs = append(allErrs, field.Invalid(field.NewPath("hostIP"), hs.HostIP, "invalid IP address"))

pkg/sdn/plugin/plugin.go

@@ -23,6 +23,7 @@ const (
 	IngressBandwidthAnnotation string = "kubernetes.io/ingress-bandwidth"
 	EgressBandwidthAnnotation  string = "kubernetes.io/egress-bandwidth"
 	AssignMacVlanAnnotation    string = "pod.network.openshift.io/assign-macvlan"
+	AssignHostSubnetAnnotation string = "pod.network.openshift.io/assign-subnet"
 )
 
 func IsOpenShiftNetworkPlugin(pluginName string) bool {

pkg/sdn/plugin/subnets.go

@@ -42,6 +42,7 @@ func (master *OsdnMaster) SubnetStartMaster(clusterNetwork *net.IPNet, hostSubne
 	}
 
 	go utilwait.Forever(master.watchNodes, 0)
+	go utilwait.Forever(master.watchSubnets, 0)
 	return nil
 }
 
@@ -240,6 +241,47 @@ func (node *OsdnNode) initSelfSubnet() error {
 	return nil
 }
 
+// Only run on the master
+// Watch for all hostsubnet events and if one is found with the right annotation, use the IPAM to dole a real subnet
+func (master *OsdnMaster) watchSubnets() {
+	eventQueue := master.registry.RunEventQueue(HostSubnets)
+
+	for {
+		eventType, obj, err := eventQueue.Pop()
+		if err != nil {
+			utilruntime.HandleError(fmt.Errorf("EventQueue failed for subnets: %v", err))
+			return
+		}
+		hs := obj.(*osapi.HostSubnet)
+		name := hs.ObjectMeta.Name
+		hostIP := hs.HostIP
+
+		log.V(5).Infof("Watch %s event for HostSubnet %q", strings.Title(string(eventType)), name)
+		switch eventType {
+		case watch.Added, watch.Modified:
+			if _, ok := hs.Annotations[AssignHostSubnetAnnotation]; ok {
+				// Delete the annotated hostsubnet and create a new one with an assigned subnet
+				// We do not update (instead of delete+create) because the watchSubnets on the nodes
+				// will skip the event if it finds that the hostsubnet has the same host
+				// And we cannot fix the watchSubnets code for node because it will break migration if
+				// nodes are upgraded after the master
+				err = master.registry.DeleteSubnet(name)
+				if err != nil {
+					log.Errorf("Error in deleting annotated subnet from master, name: %s, ip %s: %v", name, hostIP, err)
+					continue
+				}
+				err = master.addNode(name, hostIP)
+				if err != nil {
+					log.Errorf("Error creating subnet for node %s, ip %s: %v", name, hostIP, err)
+					continue
+				}
+			}
+		case watch.Deleted:
+			// ignore all deleted hostsubnets
+		}
+	}
+}
+
 // Only run on the nodes
 func (node *OsdnNode) watchSubnets() {
 	subnets := make(map[string]*osapi.HostSubnet)

pkg/util/netutils/subnet_allocator.go

@@ -3,6 +3,7 @@ package netutils
 import (
 	"fmt"
 	"net"
+	"sync"
 )
 
 type SubnetAllocator struct {
@@ -14,6 +15,7 @@ type SubnetAllocator struct {
 	rightMask  uint32
 	next       uint32
 	allocMap   map[string]bool
+	mutex      sync.Mutex
 }
 
 func NewSubnetAllocator(network string, hostBits uint32, inUse []string) (*SubnetAllocator, error) {
@@ -85,6 +87,9 @@ func (sna *SubnetAllocator) GetNetwork() (*net.IPNet, error) {
 		numSubnets    uint32
 		numSubnetBits uint32
 	)
+	sna.mutex.Lock()
+	defer sna.mutex.Unlock()
+
 	baseipu := IPToUint32(sna.network.IP)
 	netMaskSize, _ := sna.network.Mask.Size()
 	numSubnetBits = 32 - uint32(netMaskSize) - sna.hostBits
@@ -109,6 +114,8 @@ func (sna *SubnetAllocator) GetNetwork() (*net.IPNet, error) {
 }
 
 func (sna *SubnetAllocator) ReleaseNetwork(ipnet *net.IPNet) error {
+	sna.mutex.Lock()
+	defer sna.mutex.Unlock()
 	if !sna.network.Contains(ipnet.IP) {
 		return fmt.Errorf("Provided subnet %v doesn't belong to the network %v.", ipnet, sna.network)
 	}