From a3e93654f1121ff0b2b21e6c5d7ec8b343a4e426 Mon Sep 17 00:00:00 2001 From: Simon Murray Date: Tue, 3 Sep 2024 12:46:42 +0100 Subject: [PATCH] Add Network Quota Updates Ensure we are in control of network quotas, specifically to prevent IP address abuse. --- charts/region/Chart.yaml | 4 ++-- pkg/providers/openstack/network.go | 19 +++++++++++++++++++ pkg/providers/openstack/provider.go | 9 +++++++++ 3 files changed, 30 insertions(+), 2 deletions(-) diff --git a/charts/region/Chart.yaml b/charts/region/Chart.yaml index 14cec62..be03b10 100644 --- a/charts/region/Chart.yaml +++ b/charts/region/Chart.yaml @@ -4,8 +4,8 @@ description: A Helm chart for deploying Unikorn's Region Controller type: application -version: v0.1.39 -appVersion: v0.1.39 +version: v0.1.40 +appVersion: v0.1.40 icon: https://raw.githubusercontent.com/unikorn-cloud/assets/main/images/logos/dark-on-light/icon.png diff --git a/pkg/providers/openstack/network.go b/pkg/providers/openstack/network.go index 48a416c..4ca6c2b 100644 --- a/pkg/providers/openstack/network.go +++ b/pkg/providers/openstack/network.go @@ -29,11 +29,13 @@ import ( "github.com/gophercloud/gophercloud/v2/openstack/networking/v2/extensions/external" "github.com/gophercloud/gophercloud/v2/openstack/networking/v2/extensions/layer3/routers" "github.com/gophercloud/gophercloud/v2/openstack/networking/v2/extensions/provider" + "github.com/gophercloud/gophercloud/v2/openstack/networking/v2/extensions/quotas" "github.com/gophercloud/gophercloud/v2/openstack/networking/v2/networks" "github.com/gophercloud/gophercloud/v2/openstack/networking/v2/subnets" "go.opentelemetry.io/otel" "go.opentelemetry.io/otel/trace" + "github.com/unikorn-cloud/core/pkg/util" "github.com/unikorn-cloud/core/pkg/util/cache" unikornv1 "github.com/unikorn-cloud/region/pkg/apis/unikorn/v1alpha1" "github.com/unikorn-cloud/region/pkg/constants" @@ -294,3 +296,20 @@ func (c *NetworkClient) RemoveRouterInterface(ctx context.Context, routerID, sub return routers.RemoveInterface(ctx, c.client, routerID, opts).Err } + +func (c *NetworkClient) UpdateQuotas(ctx context.Context, projectID string) error { + tracer := otel.GetTracerProvider().Tracer(constants.Application) + + _, span := tracer.Start(ctx, "PUT /network/v2.0/os-quota-sets") + defer span.End() + + opts := "as.UpdateOpts{ + // TODO: this is a relatively restrictive default, as floating IPs are + // in short supply. This allows 1 for a Kubernetes API load balancer, + // 1 for an ingress controller, and a spare for debugging or as a + // bastion. + FloatingIP: util.ToPointer(3), + } + + return quotas.Update(ctx, c.client, projectID, opts).Err +} diff --git a/pkg/providers/openstack/provider.go b/pkg/providers/openstack/provider.go index b86e35b..3b0adb5 100644 --- a/pkg/providers/openstack/provider.go +++ b/pkg/providers/openstack/provider.go @@ -553,6 +553,15 @@ func (p *Provider) provisionQuotas(ctx context.Context, identity *unikornv1.Open return err } + network, err := NewNetworkClient(ctx, providerClient, p.region.Spec.Openstack.Network) + if err != nil { + return err + } + + if err := network.UpdateQuotas(ctx, *identity.Spec.ProjectID); err != nil { + return err + } + return nil }