Add support for Shared VPC Networking

api/v1beta1/types.go

@@ -112,6 +112,10 @@ type NetworkSpec struct {
 	// Allow for configuration of load balancer backend (useful for changing apiserver port)
 	// +optional
 	LoadBalancerBackendPort *int32 `json:"loadBalancerBackendPort,omitempty"`
+
+	// HostProject is the name of the project hosting the shared VPC network resources.
+	// +optional
+	HostProject *string `json:"hostProject,omitempty"`
 }
 
 // LoadBalancerSpec contains configuration for one or more LoadBalancers.

cloud/interfaces.go

@@ -46,6 +46,7 @@ type ReconcilerWithResult interface {
 // Client is an interface which can get cloud client.
 type Client interface {
 	Cloud() Cloud
+	NetworkCloud() Cloud
 }
 
 // ClusterGetter is an interface which can get cluster information.
@@ -56,6 +57,8 @@ type ClusterGetter interface {
 	Name() string
 	Namespace() string
 	NetworkName() string
+	NetworkProject() string
+	IsSharedVpc() bool
 	Network() *infrav1.Network
 	AdditionalLabels() infrav1.Labels
 	FailureDomains() clusterv1.FailureDomains

cloud/scope/cluster.go

@@ -90,11 +90,27 @@ func (s *ClusterScope) Cloud() cloud.Cloud {
 	return newCloud(s.Project(), s.GCPServices)
 }
 
+// NetworkCloud returns initialized cloud.
+func (s *ClusterScope) NetworkCloud() cloud.Cloud {
+	return newCloud(s.NetworkProject(), s.GCPServices)
+}
+
 // Project returns the current project name.
 func (s *ClusterScope) Project() string {
 	return s.GCPCluster.Spec.Project
 }
 
+// NetworkProject returns the project name where network resources should exist.
+// The network project defaults to the Project when one is not supplied.
+func (s *ClusterScope) NetworkProject() string {
+	return ptr.Deref(s.GCPCluster.Spec.Network.HostProject, s.Project())
+}
+
+// IsSharedVpc returns true If sharedVPC used else , returns false.
+func (s *ClusterScope) IsSharedVpc() bool {
+	return s.NetworkProject() != s.Project()
+}
+
 // Region returns the cluster region.
 func (s *ClusterScope) Region() string {
 	return s.GCPCluster.Spec.Region
@@ -117,7 +133,7 @@ func (s *ClusterScope) NetworkName() string {
 
 // NetworkLink returns the partial URL for the network.
 func (s *ClusterScope) NetworkLink() string {
-	return fmt.Sprintf("projects/%s/global/networks/%s", s.Project(), s.NetworkName())
+	return fmt.Sprintf("projects/%s/global/networks/%s", s.NetworkProject(), s.NetworkName())
 }
 
 // Network returns the cluster network object.

cloud/scope/machine.go

@@ -94,6 +94,11 @@ func (m *MachineScope) Cloud() cloud.Cloud {
 	return m.ClusterGetter.Cloud()
 }
 
+// NetworkCloud returns initialized network cloud.
+func (m *MachineScope) NetworkCloud() cloud.Cloud {
+	return m.ClusterGetter.NetworkCloud()
+}
+
 // Zone returns the FailureDomain for the GCPMachine.
 func (m *MachineScope) Zone() string {
 	if m.Machine.Spec.FailureDomain == nil {
@@ -319,7 +324,7 @@ func (m *MachineScope) InstanceAdditionalDiskSpec() []*compute.AttachedDisk {
 // InstanceNetworkInterfaceSpec returns compute network interface spec.
 func (m *MachineScope) InstanceNetworkInterfaceSpec() *compute.NetworkInterface {
 	networkInterface := &compute.NetworkInterface{
-		Network: path.Join("projects", m.ClusterGetter.Project(), "global", "networks", m.ClusterGetter.NetworkName()),
+		Network: path.Join("projects", m.ClusterGetter.NetworkProject(), "global", "networks", m.ClusterGetter.NetworkName()),
 	}
 
 	if m.GCPMachine.Spec.PublicIP != nil && *m.GCPMachine.Spec.PublicIP {
@@ -332,7 +337,7 @@ func (m *MachineScope) InstanceNetworkInterfaceSpec() *compute.NetworkInterface
 	}
 
 	if m.GCPMachine.Spec.Subnet != nil {
-		networkInterface.Subnetwork = path.Join("regions", m.ClusterGetter.Region(), "subnetworks", *m.GCPMachine.Spec.Subnet)
+		networkInterface.Subnetwork = path.Join("projects", m.ClusterGetter.NetworkProject(), "regions", m.ClusterGetter.Region(), "subnetworks", *m.GCPMachine.Spec.Subnet)
 	}
 
 	return networkInterface

cloud/scope/managedcluster.go

@@ -93,6 +93,11 @@ func (s *ManagedClusterScope) Cloud() cloud.Cloud {
 	return newCloud(s.Project(), s.GCPServices)
 }
 
+// NetworkCloud returns initialized cloud.
+func (s *ManagedClusterScope) NetworkCloud() cloud.Cloud {
+	return newCloud(s.NetworkProject(), s.GCPServices)
+}
+
 // Project returns the current project name.
 func (s *ManagedClusterScope) Project() string {
 	return s.GCPManagedCluster.Spec.Project
@@ -118,9 +123,20 @@ func (s *ManagedClusterScope) NetworkName() string {
 	return ptr.Deref(s.GCPManagedCluster.Spec.Network.Name, "default")
 }
 
+// NetworkProject returns the project name where network resources should exist.
+// The network project defaults to the Project when one is not supplied.
+func (s *ManagedClusterScope) NetworkProject() string {
+	return ptr.Deref(s.GCPManagedCluster.Spec.Network.HostProject, s.Project())
+}
+
+// IsSharedVpc returns true If sharedVPC used else , returns false.
+func (s *ManagedClusterScope) IsSharedVpc() bool {
+	return s.NetworkProject() != s.Project()
+}
+
 // NetworkLink returns the partial URL for the network.
 func (s *ManagedClusterScope) NetworkLink() string {
-	return fmt.Sprintf("projects/%s/global/networks/%s", s.Project(), s.NetworkName())
+	return fmt.Sprintf("projects/%s/global/networks/%s", s.NetworkProject(), s.NetworkName())
 }
 
 // Network returns the cluster network object.

cloud/services/compute/firewalls/reconcile.go

@@ -28,6 +28,10 @@ import (
 // Reconcile reconcile cluster firewall compoenents.
 func (s *Service) Reconcile(ctx context.Context) error {
 	log := log.FromContext(ctx)
+	if s.scope.IsSharedVpc() {
+		log.V(2).Info("Shared VPC enabled. Ignore Reconciling firewall resources")
+		return nil
+	}
 	log.Info("Reconciling firewall resources")
 	for _, spec := range s.scope.FirewallRulesSpec() {
 		log.V(2).Info("Looking firewall", "name", spec.Name)
@@ -50,6 +54,10 @@ func (s *Service) Reconcile(ctx context.Context) error {
 // Delete delete cluster firewall compoenents.
 func (s *Service) Delete(ctx context.Context) error {
 	log := log.FromContext(ctx)
+	if s.scope.IsSharedVpc() {
+		log.V(2).Info("Shared VPC enabled. Ignore Deleting firewall resources")
+		return nil
+	}
 	log.Info("Deleting firewall resources")
 	for _, spec := range s.scope.FirewallRulesSpec() {
 		log.V(2).Info("Deleting firewall", "name", spec.Name)