add vpc support for capl clusters

Author: Rahul Sharma

controller/linodemachine_controller.go

@@ -327,6 +327,14 @@ func (r *LinodeMachineReconciler) reconcileCreate(
 			return nil, err
 		}
 
+		// add public interface to linode (eth0)
+		iface := &linodego.InstanceConfigInterfaceCreateOptions{
+			Purpose: linodego.InterfacePurposePublic,
+			Primary: true,
+		}
+		createOpts.Interfaces = append(createOpts.Interfaces, *iface)
+
+		// if vpc, attach additional interface to linode (eth1)
 		if machineScope.LinodeCluster.Spec.VPCRef != nil {
 			iface, err := r.getVPCInterfaceConfig(ctx, machineScope, createOpts.Interfaces, logger)
 			if err != nil {

templates/addons/cilium/cilium.yaml

@@ -15,8 +15,17 @@ spec:
     wait: true
     timeout: 5m
   valuesTemplate: |
+    routingMode: native
+    kubeProxyReplacement: true
+    ipv4NativeRoutingCIDR: 10.0.0.0/8
+    tunnelProtocol: ""
+    enableIPv4Masquerade: true
     ipam:
       mode: kubernetes
+    ipv4:
+      enabled: true
+    ipv6:
+      enabled: false
     k8s:
       requireIPv4PodCIDR: true
     hubble:

templates/flavors/base/kustomization.yaml

@@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - cluster.yaml
+  - linodeVPC.yaml
   - linodeCluster.yaml
   - linodeMachineTemplate.yaml
   - machineDeployment.yaml

templates/flavors/base/linodeCluster.yaml

@@ -5,3 +5,8 @@ metadata:
   name: ${CLUSTER_NAME}
 spec:
   region: ${LINODE_REGION}
+  vpcRef:
+    apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
+    kind: LinodeVPC
+    name: vpc-${CLUSTER_NAME}
+

templates/flavors/base/linodeVPC.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
+kind: LinodeVPC
+metadata:
+  name: vpc-${CLUSTER_NAME}
+spec:
+  region: ${LINODE_REGION}
+  subnets:
+    - ipv4: 10.0.0.0/8
+      label: default
+

templates/flavors/rke2/rke2ControlPlane.yaml

@@ -21,6 +21,30 @@ spec:
           name: linode-${CLUSTER_NAME}-crs-0
       owner: root:root
       path: /var/lib/rancher/rke2/server/manifests/linode-token-region.yaml
+    - path: /var/lib/rancher/rke2/server/manifests/rke2-cilium-config.yaml
+      owner: root:root
+      permissions: "0640"
+      content: |
+        apiVersion: helm.cattle.io/v1
+        kind: HelmChartConfig
+        metadata:
+          name: rke2-cilium
+          namespace: kube-system
+        spec:
+          valuesContent: |-
+            routingMode: native
+            kubeProxyReplacement: true
+            ipv4NativeRoutingCIDR: 10.0.0.0/8
+            tunnelProtocol: ""
+            enableIPv4Masquerade: true
+            ipam:
+              mode: kubernetes
+            ipv4:
+              enabled: true
+            ipv6:
+              enabled: false
+            k8s:
+              requireIPv4PodCIDR: true
   serverConfig:
     cni: cilium
     cloudProviderName: external