kubernetes
diff --git a/‎.gitignore‎
Lines changed: 5 additions & 0 deletions b/‎.gitignore‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎Dockerfile‎
Lines changed: 1 addition & 1 deletion b/‎Dockerfile‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎README.md‎
Lines changed: 3 additions & 0 deletions b/‎README.md‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎cmd/cloud-controller-manager/gkenetworkparamsetcontroller.go‎
Lines changed: 2 additions & 1 deletion b/‎cmd/cloud-controller-manager/gkenetworkparamsetcontroller.go‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎cmd/cloud-controller-manager/nodeipamcontroller.go‎
Lines changed: 16 additions & 183 deletions b/‎cmd/cloud-controller-manager/nodeipamcontroller.go‎
Lines changed: 16 additions & 183 deletions
diff --git a/‎deploy/cloud-controller-manager.manifest‎
Lines changed: 1 addition & 0 deletions b/‎deploy/cloud-controller-manager.manifest‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎go.mod‎
Lines changed: 3 additions & 1 deletion b/‎go.mod‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎go.sum‎
Lines changed: 2 additions & 0 deletions b/‎go.sum‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎pkg/apis/providerconfig/register.go‎
Lines changed: 19 additions & 0 deletions b/‎pkg/apis/providerconfig/register.go‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎pkg/apis/providerconfig/v1/doc.go‎
Lines changed: 16 additions & 0 deletions b/‎pkg/apis/providerconfig/v1/doc.go‎
Lines changed: 16 additions & 0 deletions
@@ -1,3 +1,8 @@
 bazel-*
 cluster/bin
 MERGED_LICENSES
+go.work
+go.work.sum
+vendor/
+cloud-controller-manager
+!cmd/cloud-controller-manager/
@@ -14,7 +14,7 @@ COPY cmd/ cmd/
 COPY pkg/ pkg/
 COPY providers/ providers/
 
-RUN CGO_ENABLED=0 go build -o /go/bin/cloud-controller-manager ./cmd/cloud-controller-manager
+RUN CGO_ENABLED=0 GOFLAGS=-mod=mod go build -o /go/bin/cloud-controller-manager ./cmd/cloud-controller-manager
 
 FROM registry.k8s.io/build-image/go-runner:v2.4.0-go1.24.10-bookworm.0
 COPY --from=builder --chown=root:root /go/bin/cloud-controller-manager /cloud-controller-manager
 
@@ -26,6 +26,9 @@ Alternatively, you can run [push-images tool](https://github.com/kubernetes/clou
 IMAGE_REPO=us-central1-docker.pkg.dev/my-project/my-repo IMAGE_TAG=v0 ./tools/push-images
 ```
 
+IMAGE_REPO=us-central1-docker.pkg.dev/panpr-gke-dev/cloud-controller-manager IMAGE_TAG=test-p4sa ./tools/push-images
+
+
 # Cross-compiling
 
 Selecting the target platform is done with the `--platforms` option with `bazel`.
 
@@ -10,6 +10,7 @@ import (
 	networkinformers "github.com/GoogleCloudPlatform/gke-networking-api/client/network/informers/externalversions"
 	cloudprovider "k8s.io/cloud-provider"
 	gkenetworkparamsetcontroller "k8s.io/cloud-provider-gcp/pkg/controller/gkenetworkparamset"
+	nodeipam "k8s.io/cloud-provider-gcp/pkg/controller/nodeipam"
 	"k8s.io/cloud-provider-gcp/pkg/controller/nodeipam/ipam"
 	"k8s.io/cloud-provider-gcp/providers/gce"
 	"k8s.io/cloud-provider/app"
@@ -73,7 +74,7 @@ func startGkeNetworkParamsController(ccmConfig *cloudcontrollerconfig.CompletedC
 // with stack type and returns a list of typed cidrs and error
 func validClusterCIDR(clusterCIDRFromFlag string) ([]*net.IPNet, error) {
 	// failure: bad cidrs in config
-	clusterCIDRs, dualStack, err := processCIDRs(clusterCIDRFromFlag)
+	clusterCIDRs, dualStack, err := nodeipam.ProcessCIDRs(clusterCIDRFromFlag)
 	if err != nil {
 		return nil, err
 	}
 
@@ -1,5 +1,5 @@
 /*
-Copyright 2018 The Kubernetes Authors.
+Copyright 2019 The Kubernetes Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -14,23 +14,16 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-// This file holds the code related with the sample nodeipamcontroller
-// which demonstrates how cloud providers add external controllers to cloud-controller-manager
-// This file  is copied from k8s.io/kubernetes/cmd/cloud-controller-manager/nodeipamcontroller.go@v1.22
-
 package main
 
 import (
 	"context"
-	"errors"
-	"fmt"
-	"net"
-	"strings"
 	"time"
 
 	networkclientset "github.com/GoogleCloudPlatform/gke-networking-api/client/network/clientset/versioned"
 	networkinformers "github.com/GoogleCloudPlatform/gke-networking-api/client/network/informers/externalversions"
 	nodetopologyclientset "github.com/GoogleCloudPlatform/gke-networking-api/client/nodetopology/clientset/versioned"
+	"k8s.io/apimachinery/pkg/util/wait"
 	cloudprovider "k8s.io/cloud-provider"
 	nodeipamcontrolleroptions "k8s.io/cloud-provider-gcp/cmd/cloud-controller-manager/options"
 	nodeipamcontroller "k8s.io/cloud-provider-gcp/pkg/controller/nodeipam"
@@ -41,14 +34,6 @@ import (
 	genericcontrollermanager "k8s.io/controller-manager/app"
 	"k8s.io/controller-manager/controller"
 	"k8s.io/klog/v2"
-	netutils "k8s.io/utils/net"
-)
-
-const (
-	// defaultNodeMaskCIDRIPv4 is default mask size for IPv4 node cidr
-	defaultNodeMaskCIDRIPv4 = 24
-	// defaultNodeMaskCIDRIPv6 is default mask size for IPv6 node cidr
-	defaultNodeMaskCIDRIPv6 = 64
 )
 
 type nodeIPAMController struct {
@@ -69,68 +54,9 @@ func (nodeIpamController *nodeIPAMController) startNodeIpamControllerWrapper(ini
 }
 
 func startNodeIpamController(ccmConfig *cloudcontrollerconfig.CompletedConfig, nodeIPAMConfig nodeipamconfig.NodeIPAMControllerConfiguration, ctx genericcontrollermanager.ControllerContext, cloud cloudprovider.Interface) (controller.Interface, bool, error) {
-	var serviceCIDR *net.IPNet
-	var secondaryServiceCIDR *net.IPNet
-	var clusterCIDRs []*net.IPNet
-	var nodeCIDRMaskSizes []int
-
-	// should we start nodeIPAM
-	if !ccmConfig.ComponentConfig.KubeCloudShared.AllocateNodeCIDRs {
-		return nil, false, fmt.Errorf("the AllocateNodeCIDRs is not enabled")
-	}
-
-	// failure: bad cidrs in config
-	cidrs, dualStack, err := processCIDRs(ccmConfig.ComponentConfig.KubeCloudShared.ClusterCIDR)
-	if err != nil {
-		return nil, false, err
-	}
-	clusterCIDRs = cidrs
-
-	// failure: more than one cidr but they are not configured as dual stack
-	if len(clusterCIDRs) > 1 && !dualStack {
-		return nil, false, fmt.Errorf("len of ClusterCIDRs==%v and they are not configured as dual stack (at least one from each IPFamily", len(clusterCIDRs))
-	}
-
-	// failure: more than 2 cidrs is not allowed even with dual stack
-	if len(clusterCIDRs) > 2 {
-		return nil, false, fmt.Errorf("len of clusters cidrs is:%v > more than max allowed of 2", len(clusterCIDRs))
-	}
-
-	// service cidr processing
-	if len(strings.TrimSpace(nodeIPAMConfig.ServiceCIDR)) != 0 {
-		_, serviceCIDR, err = net.ParseCIDR(nodeIPAMConfig.ServiceCIDR)
-		if err != nil {
-			klog.Warningf("Unsuccessful parsing of service CIDR %v: %v", nodeIPAMConfig.ServiceCIDR, err)
-		}
-	}
-
-	if len(strings.TrimSpace(nodeIPAMConfig.SecondaryServiceCIDR)) != 0 {
-		_, secondaryServiceCIDR, err = net.ParseCIDR(nodeIPAMConfig.SecondaryServiceCIDR)
-		if err != nil {
-			klog.Warningf("Unsuccessful parsing of service CIDR %v: %v", nodeIPAMConfig.SecondaryServiceCIDR, err)
-		}
-	}
-
-	// the following checks are triggered if both serviceCIDR and secondaryServiceCIDR are provided
-	if serviceCIDR != nil && secondaryServiceCIDR != nil {
-		// should be dual stack (from different IPFamilies)
-		dualstackServiceCIDR, err := netutils.IsDualStackCIDRs([]*net.IPNet{serviceCIDR, secondaryServiceCIDR})
-		if err != nil {
-			return nil, false, fmt.Errorf("failed to perform dualstack check on serviceCIDR and secondaryServiceCIDR error:%v", err)
-		}
-		if !dualstackServiceCIDR {
-			return nil, false, fmt.Errorf("serviceCIDR and secondaryServiceCIDR are not dualstack (from different IPfamiles)")
-		}
-	}
-
-	// get list of node cidr mask sizes
-	nodeCIDRMaskSizes, err = setNodeCIDRMaskSizes(nodeIPAMConfig, clusterCIDRs)
-	if err != nil {
-		return nil, false, err
-	}
-
 	kubeConfig := ccmConfig.Complete().Kubeconfig
 	kubeConfig.ContentType = "application/json" // required to serialize Networks to json
+
 	networkClient, err := networkclientset.NewForConfig(kubeConfig)
 	if err != nil {
 		return nil, false, err
@@ -139,120 +65,27 @@ func startNodeIpamController(ccmConfig *cloudcontrollerconfig.CompletedConfig, n
 	if err != nil {
 		return nil, false, err
 	}
+
 	nwInfFactory := networkinformers.NewSharedInformerFactory(networkClient, 30*time.Second)
 	nwInformer := nwInfFactory.Networking().V1().Networks()
 	gnpInformer := nwInfFactory.Networking().V1().GKENetworkParamSets()
-	nodeIpamController, err := nodeipamcontroller.NewNodeIpamController(
+
+	go nwInfFactory.Start(ctx.Stop)
+
+	return nodeipamcontroller.StartNodeIpamController(
+		wait.ContextForChannel(ctx.Stop),
 		ccmConfig.SharedInformers.Core().V1().Nodes(),
-		cloud,
 		ccmConfig.ClientBuilder.ClientOrDie("node-controller"),
+		cloud,
+		ccmConfig.ComponentConfig.KubeCloudShared.ClusterCIDR,
+		ccmConfig.ComponentConfig.KubeCloudShared.AllocateNodeCIDRs,
+		nodeIPAMConfig.ServiceCIDR,
+		nodeIPAMConfig.SecondaryServiceCIDR,
+		nodeIPAMConfig,
 		nwInformer,
 		gnpInformer,
 		nodeTopologyClient,
-		nodeIPAMConfig.EnableMultiSubnetCluster,
-		nodeIPAMConfig.EnableMultiNetworking,
-		clusterCIDRs,
-		serviceCIDR,
-		secondaryServiceCIDR,
-		nodeCIDRMaskSizes,
 		ipam.CIDRAllocatorType(ccmConfig.ComponentConfig.KubeCloudShared.CIDRAllocatorType),
+		ctx.ControllerManagerMetrics,
 	)
-	if err != nil {
-		return nil, false, err
-	}
-	nwInfFactory.Start(ctx.Stop)
-	go nodeIpamController.Run(ctx.Stop, ctx.ControllerManagerMetrics)
-	return nil, true, nil
-}
-
-// processCIDRs is a helper function that works on a comma separated cidrs and returns
-// a list of typed cidrs
-// a flag if cidrs represents a dual stack
-// error if failed to parse any of the cidrs
-func processCIDRs(cidrsList string) ([]*net.IPNet, bool, error) {
-	cidrsSplit := strings.Split(strings.TrimSpace(cidrsList), ",")
-
-	cidrs, err := netutils.ParseCIDRs(cidrsSplit)
-	if err != nil {
-		return nil, false, err
-	}
-
-	// if cidrs has an error then the previous call will fail
-	// safe to ignore error checking on next call
-	dualstack, _ := netutils.IsDualStackCIDRs(cidrs)
-
-	return cidrs, dualstack, nil
-}
-
-// setNodeCIDRMaskSizes returns the IPv4 and IPv6 node cidr mask sizes to the value provided
-// for --node-cidr-mask-size-ipv4 and --node-cidr-mask-size-ipv6 respectively. If value not provided,
-// then it will return default IPv4 and IPv6 cidr mask sizes.
-func setNodeCIDRMaskSizes(cfg nodeipamconfig.NodeIPAMControllerConfiguration, clusterCIDRs []*net.IPNet) ([]int, error) {
-
-	sortedSizes := func(maskSizeIPv4, maskSizeIPv6 int) []int {
-		nodeMaskCIDRs := make([]int, len(clusterCIDRs))
-
-		for idx, clusterCIDR := range clusterCIDRs {
-			if netutils.IsIPv6CIDR(clusterCIDR) {
-				nodeMaskCIDRs[idx] = maskSizeIPv6
-			} else {
-				nodeMaskCIDRs[idx] = maskSizeIPv4
-			}
-		}
-		return nodeMaskCIDRs
-	}
-
-	// --node-cidr-mask-size flag is incompatible with dual stack clusters.
-	ipv4Mask, ipv6Mask := defaultNodeMaskCIDRIPv4, defaultNodeMaskCIDRIPv6
-	isDualstack := len(clusterCIDRs) > 1
-
-	// case one: cluster is dualstack (i.e, more than one cidr)
-	if isDualstack {
-		// if --node-cidr-mask-size then fail, user must configure the correct dual-stack mask sizes (or use default)
-		if cfg.NodeCIDRMaskSize != 0 {
-			return nil, errors.New("usage of --node-cidr-mask-size is not allowed with dual-stack clusters")
-		}
-
-		if cfg.NodeCIDRMaskSizeIPv4 != 0 {
-			ipv4Mask = int(cfg.NodeCIDRMaskSizeIPv4)
-		}
-		if cfg.NodeCIDRMaskSizeIPv6 != 0 {
-			ipv6Mask = int(cfg.NodeCIDRMaskSizeIPv6)
-		}
-		return sortedSizes(ipv4Mask, ipv6Mask), nil
-	}
-
-	maskConfigured := cfg.NodeCIDRMaskSize != 0
-	maskV4Configured := cfg.NodeCIDRMaskSizeIPv4 != 0
-	maskV6Configured := cfg.NodeCIDRMaskSizeIPv6 != 0
-	isSingleStackIPv6 := netutils.IsIPv6CIDR(clusterCIDRs[0])
-
-	// original flag is set
-	if maskConfigured {
-		// original mask flag is still the main reference.
-		if maskV4Configured || maskV6Configured {
-			return nil, errors.New("usage of --node-cidr-mask-size-ipv4 and --node-cidr-mask-size-ipv6 is not allowed if --node-cidr-mask-size is set. For dual-stack clusters please unset it and use IPFamily specific flags")
-		}
-
-		mask := int(cfg.NodeCIDRMaskSize)
-		return sortedSizes(mask, mask), nil
-	}
-
-	if maskV4Configured {
-		if isSingleStackIPv6 {
-			klog.Info("--node-cidr-mask-size-ipv4 should not be used for a single-stack IPv6 cluster")
-		}
-
-		ipv4Mask = int(cfg.NodeCIDRMaskSizeIPv4)
-	}
-
-	// !maskV4Configured && !maskConfigured && maskV6Configured
-	if maskV6Configured {
-		if !isSingleStackIPv6 {
-			klog.Info("--node-cidr-mask-size-ipv6 should not be used for a single-stack IPv4 cluster")
-		}
-
-		ipv6Mask = int(cfg.NodeCIDRMaskSizeIPv6)
-	}
-	return sortedSizes(ipv4Mask, ipv6Mask), nil
 }
@@ -37,6 +37,7 @@
       "--also-stdout=false",
       "--redirect-stderr=true",
       "/cloud-controller-manager",
+      "--enable-multi-project=true",
       {{params}}
     ],
     {{container_env}}
 
@@ -33,6 +33,7 @@ require (
 
 require (
 	github.com/GoogleCloudPlatform/gke-networking-api v0.1.2-0.20240904205008-bc15495fd43f
+	github.com/go-ini/ini v1.67.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/natefinch/atomic v1.0.1
 	k8s.io/cloud-provider v0.34.2
@@ -145,7 +146,7 @@ require (
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/apiextensions-apiserver v0.34.2 // indirect
 	k8s.io/kms v0.34.2 // indirect
-	k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b // indirect
+	k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b
 	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
 	sigs.k8s.io/yaml v1.6.0 // indirect
 )
@@ -159,6 +160,7 @@ replace (
 	k8s.io/client-go => k8s.io/client-go v0.34.2
 	k8s.io/cloud-provider => k8s.io/cloud-provider v0.34.2
 
+	k8s.io/cloud-provider-gcp => ./
 	k8s.io/cloud-provider-gcp/providers => ./providers
 	k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.34.2
 	k8s.io/code-generator => k8s.io/code-generator v0.34.2
 
@@ -58,6 +58,8 @@ github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S
 github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
 github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM=
 github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
+github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A=
+github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
 github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 
@@ -0,0 +1,19 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package providerconfig
+
+var (
+	GroupName = "cloud.gke.io"
+)
@@ -0,0 +1,16 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// +k8s:deepcopy-gen=package
+// Package v1beta1 is the v1beta1 version of the API.
+// +groupName=cloud.gke.io
+package v1