Make IP pool names configurable in MachineClass

kubernetes/machine-class.yaml

@@ -6,6 +6,7 @@ metadata:
 provider: local
 providerSpec:
   image: timebertt/kind-node@sha256:2909ded4504ad3f03aad545e2046fca56bec4532023bc271295d03c04ef84dde
+  ipPoolName: default-ipv4-ippool
 secretRef:
   name: test-secret
   namespace: default

pkg/api/v1alpha1/provider_spec.go

@@ -17,4 +17,6 @@ type ProviderSpec struct {
 	APIVersion string `json:"apiVersion,omitempty"`
 	// Image is the container image to use for the node.
 	Image string `json:"image,omitempty"`
+	// IPPoolName is the name of the crd.projectcalico.org/v1.IPPool that should be used for machine pods.
+	IPPoolName string `json:"ipPoolName,omitempty"`
 }

pkg/local/create_machine.go

@@ -14,7 +14,6 @@ import (
 	"github.com/gardener/machine-controller-manager/pkg/util/provider/machinecodes/codes"
 	"github.com/gardener/machine-controller-manager/pkg/util/provider/machinecodes/status"
 	corev1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/util/intstr"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	"k8s.io/klog/v2"
 	"k8s.io/utils/pointer"
@@ -49,10 +48,6 @@ func (d *localDriver) CreateMachine(ctx context.Context, req *driver.CreateMachi
 		return nil, status.Error(codes.Internal, fmt.Sprintf("error applying user data secret: %s", err.Error()))
 	}
 
-	if _, err := d.applyService(ctx, req); err != nil {
-		return nil, err
-	}
-
 	pod, err := d.applyPod(ctx, req, providerSpec, userDataSecret)
 	if err != nil {
 		return nil, err
@@ -64,27 +59,6 @@ func (d *localDriver) CreateMachine(ctx context.Context, req *driver.CreateMachi
 	}, nil
 }
 
-func (d *localDriver) applyService(ctx context.Context, req *driver.CreateMachineRequest) (*corev1.Service, error) {
-	svc := service(req.Machine)
-	svc.Spec.Type = corev1.ServiceTypeClusterIP
-	svc.Spec.ClusterIP = corev1.ClusterIPNone
-	svc.Spec.Ports = []corev1.ServicePort{{
-		Port:       10250,
-		Protocol:   corev1.ProtocolTCP,
-		TargetPort: intstr.FromInt(10250),
-	}}
-	svc.Spec.Selector = map[string]string{
-		labelKeyProvider: apiv1alpha1.Provider,
-		labelKeyApp:      labelValueMachine,
-	}
-
-	if err := d.client.Patch(ctx, svc, client.Apply, fieldOwner, client.ForceOwnership); err != nil {
-		return nil, status.Error(codes.Internal, fmt.Sprintf("error applying service: %s", err.Error()))
-	}
-
-	return svc, nil
-}
-
 func (d *localDriver) applyPod(
 	ctx context.Context,
 	req *driver.CreateMachineRequest,
@@ -95,13 +69,15 @@ func (d *localDriver) applyPod(
 	error,
 ) {
 	pod := podForMachine(req.Machine)
+	pod.Annotations = map[string]string{
+		"cni.projectcalico.org/ipv4pools": `["` + providerSpec.IPPoolName + `"]`,
+	}
 	pod.Labels = map[string]string{
 		labelKeyProvider:                   apiv1alpha1.Provider,
 		labelKeyApp:                        labelValueMachine,
 		"networking.gardener.cloud/to-dns": "allowed",
 		"networking.gardener.cloud/to-private-networks":                 "allowed",
 		"networking.gardener.cloud/to-public-networks":                  "allowed",
-		"networking.gardener.cloud/to-shoot-networks":                   "allowed",
 		"networking.gardener.cloud/to-runtime-apiserver":                "allowed", // needed for ManagedSeeds such that gardenlets deployed to these Machines can talk to the seed's kube-apiserver (which is the same like the garden cluster kube-apiserver)
 		"networking.resources.gardener.cloud/to-kube-apiserver-tcp-443": "allowed",
 	}