Enhance Network Peering translation in apinetlet and metalnetlet with Peering Prefix

Dockerfile

@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM --platform=$BUILDPLATFORM golang:1.22 as builder
+FROM --platform=$BUILDPLATFORM golang:1.22 AS builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests

api/core/v1alpha1/network_types.go

@@ -4,6 +4,7 @@
 package v1alpha1
 
 import (
+	"github.com/ironcore-dev/ironcore-net/apimachinery/api/net"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -20,6 +21,17 @@ type NetworkPeering struct {
 	Name string `json:"name"`
 	// ID is the ID of the network to peer with.
 	ID string `json:"id"`
+	// Prefixes is a list of prefixes that we want only to be exposed
+	// to the peered network, if no prefixes are specified no filtering will be done.
+	Prefixes []PeeringPrefix `json:"prefixes,omitempty"`
+}
+
+// PeeringPrefixes defines prefixes to be exposed to the peered network
+type PeeringPrefix struct {
+	// Name is the semantical name of the peering prefixes
+	Name string `json:"name"`
+	// CIDR to be exposed to the peered network
+	Prefix *net.IPPrefix `json:"prefix,omitempty"`
 }
 
 type NetworkStatus struct {

apinetlet/controllers/conversion.go

@@ -63,6 +63,10 @@ func apiNetIPPrefixesToIPPrefixes(ips []net.IPPrefix) []commonv1alpha1.IPPrefix
 	return utilslices.Map(ips, apiNetIPPrefixToIPPrefix)
 }
 
+func iPPrefixToAPINetIPPrefix(prefix commonv1alpha1.IPPrefix) *net.IPPrefix {
+	return &net.IPPrefix{Prefix: prefix.Prefix}
+}
+
 func apiNetNetworkInterfaceStateToNetworkInterfaceState(state apinetv1alpha1.NetworkInterfaceState) networkingv1alpha1.NetworkInterfaceState {
 	switch state {
 	case apinetv1alpha1.NetworkInterfaceStatePending:
@@ -83,9 +87,19 @@ func apiNetNetworkPeeringsStatusToNetworkPeeringsStatus(peerings []apinetv1alpha
 			return specPeering.ID == strconv.Itoa(int(peering.ID))
 		})
 		if idx != -1 {
+			prefixStatus := []networkingv1alpha1.PeeringPrefixStatus{}
+			if peering.State == apinetv1alpha1.NetworkPeeringStateReady {
+				for _, peeringPrefix := range specPeerings[idx].Prefixes {
+					prefixStatus = append(prefixStatus, networkingv1alpha1.PeeringPrefixStatus{
+						Name:   peeringPrefix.Name,
+						Prefix: (*commonv1alpha1.IPPrefix)(peeringPrefix.Prefix),
+					})
+				}
+			}
 			networkPeeringsStatus = append(networkPeeringsStatus, networkingv1alpha1.NetworkPeeringStatus{
-				Name:  specPeerings[idx].Name,
-				State: networkingv1alpha1.NetworkPeeringState(peering.State),
+				Name:     specPeerings[idx].Name,
+				State:    networkingv1alpha1.NetworkPeeringState(peering.State),
+				Prefixes: prefixStatus,
 			})
 		}
 	}

apinetlet/controllers/network_controller.go

@@ -14,6 +14,7 @@ import (
 	apinetletclient "github.com/ironcore-dev/ironcore-net/apinetlet/client"
 	"github.com/ironcore-dev/ironcore-net/apinetlet/handler"
 	"github.com/ironcore-dev/ironcore-net/apinetlet/provider"
+	ipamv1alpha1 "github.com/ironcore-dev/ironcore/api/ipam/v1alpha1"
 	networkingv1alpha1 "github.com/ironcore-dev/ironcore/api/networking/v1alpha1"
 	"github.com/ironcore-dev/ironcore/utils/predicates"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -206,12 +207,22 @@ func (r *NetworkReconciler) applyAPINetNetwork(ctx context.Context, log logr.Log
 		}
 
 		idx := slices.IndexFunc(network.Spec.Peerings, func(peering networkingv1alpha1.NetworkPeering) bool {
-			return peering.NetworkRef.Name == peeringClaimRef.Name
+			peeringNetworkNamespace := peering.NetworkRef.Namespace
+			if peeringNetworkNamespace == "" {
+				peeringNetworkNamespace = network.Namespace
+			}
+			return peering.NetworkRef.Name == peeringClaimRef.Name && peeringNetworkNamespace == peeringClaimRef.Namespace
 		})
 		if idx != -1 {
+			peeringPrefixes, err := r.getAPINetNetworkPeeringPrefixes(ctx, network.Spec.Peerings[idx].Prefixes, network.Namespace)
+			if err != nil {
+				return nil, fmt.Errorf("error getting apinet network peering prefixes: %w", err)
+			}
+
 			peerings = append(peerings, apinetv1alpha1.NetworkPeering{
-				Name: network.Spec.Peerings[idx].Name,
-				ID:   targetApinetNetwork.Spec.ID,
+				Name:     network.Spec.Peerings[idx].Name,
+				ID:       targetApinetNetwork.Spec.ID,
+				Prefixes: peeringPrefixes,
 			})
 		}
 	}
@@ -224,6 +235,37 @@ func (r *NetworkReconciler) applyAPINetNetwork(ctx context.Context, log logr.Log
 	return apiNetNetwork, nil
 }
 
+func (r *NetworkReconciler) getAPINetNetworkPeeringPrefixes(ctx context.Context, peeringPrefixes []networkingv1alpha1.PeeringPrefix,
+	networkNamespace string) ([]apinetv1alpha1.PeeringPrefix, error) {
+	apinetPeeringPrefixes := []apinetv1alpha1.PeeringPrefix{}
+	for _, prefix := range peeringPrefixes {
+		if prefix.Prefix != nil {
+			apinetPeeringPrefixes = append(apinetPeeringPrefixes, apinetv1alpha1.PeeringPrefix{
+				Name:   prefix.Name,
+				Prefix: iPPrefixToAPINetIPPrefix(*prefix.Prefix),
+			})
+		} else if prefix.PrefixRef.Name != "" {
+			ipamPrefix := &ipamv1alpha1.Prefix{}
+			if err := r.Get(ctx, client.ObjectKey{Namespace: networkNamespace, Name: prefix.PrefixRef.Name}, ipamPrefix); err != nil {
+				if !apierrors.IsNotFound(err) {
+					return nil, fmt.Errorf("error getting prefix %s: %w", client.ObjectKey{Namespace: networkNamespace, Name: prefix.PrefixRef.Name}, err)
+				}
+				continue
+			}
+
+			if ipamPrefix.Status.Phase != ipamv1alpha1.PrefixPhaseAllocated {
+				continue
+			}
+
+			apinetPeeringPrefixes = append(apinetPeeringPrefixes, apinetv1alpha1.PeeringPrefix{
+				Name:   prefix.Name,
+				Prefix: iPPrefixToAPINetIPPrefix(*ipamPrefix.Spec.Prefix),
+			})
+		}
+	}
+	return apinetPeeringPrefixes, nil
+}
+
 func (r *NetworkReconciler) SetupWithManager(mgr ctrl.Manager, apiNetCache cache.Cache) error {
 	log := ctrl.Log.WithName("network").WithName("setup")