rfc: IGP resource, controller, and provider

Add a Custom Resource for Interior Gateway Protocol (IGP) spec. While we
plan support for ISIS and OSPF, we consider only ISIS here.  We also include
a `cisco-nxos-gnmi` provider with an `isis` pkg to configure ISIS over
gNMI using ygot objects from openconfig. This provider does not
implement yet the `interface` resource.

Both the resource and the provider implementation DO NOT support
multiple processes on the same device.

Author: nikatza

Makefile

@@ -42,7 +42,7 @@ install-kustomize: FORCE
 
 fmt: FORCE install-gofumpt
 	@printf "\e[1;36m>> gofumpt -l -w .\e[0m\n"
-	@gofumpt -l -w $(shell git ls-files '*.go' | grep -v '^internal/provider/openconfig|internal/provider/cisco/nxos/genyang')
+	@gofumpt -l -w $(shell git ls-files '*.go' | grep -v '^internal/provider/openconfig|internal/provider/cisco/nxos/genyang|internal/provider/cisco/nxos/isis')
 
 # Run the e2e tests against a k8s cluster.
 test-e2e: FORCE
@@ -59,7 +59,7 @@ test-e2e: FORCE
 
 docker-build: FORCE
 	@printf "\e[1;36m>> $(CONTAINER_TOOL) build --tag=$(IMG) .\e[0m\n"
-	@$(CONTAINER_TOOL) build --build-arg=BININFO_BUILD_DATE=$(BININFO_BUILD_DATE) --build-arg=BININFO_COMMIT_HASH=$(BININFO_COMMIT_HASH) --build-arg=BININFO_VERSION=$(BININFO_VERSION) --tag=$(IMG) .
+	@$(CONTAINER_TOOL) build --no-cache --build-arg=BININFO_BUILD_DATE=$(BININFO_BUILD_DATE) --build-arg=BININFO_COMMIT_HASH=$(BININFO_COMMIT_HASH) --build-arg=BININFO_VERSION=$(BININFO_VERSION) --tag=$(IMG) .
 
 docker-push: FORCE
 	@printf "\e[1;36m>> $(CONTAINER_TOOL) push $(IMG)\e[0m\n"
@@ -188,7 +188,7 @@ ifeq ($(GO_TESTPKGS),)
 GO_TESTPKGS := ./...
 endif
 # which packages to measure coverage for
-GO_COVERPKGS := $(shell go list ./... | grep -E '/internal' | grep -Ev '/internal/provider/openconfig|internal/provider/cisco/nxos/genyang')
+GO_COVERPKGS := $(shell go list ./... | grep -E '/internal' | grep -Ev '/internal/provider/openconfig|internal/provider/cisco/nxos/genyang|internal/provider/cisco/nxos/isis')
 # to get around weird Makefile syntax restrictions, we need variables containing nothing, a space and comma
 null :=
 space := $(null) $(null)

Makefile.maker.yaml

@@ -16,7 +16,7 @@ controllerGen:
 
 coverageTest:
   only: "/internal"
-  except: "/internal/provider/openconfig|internal/provider/cisco/nxos/genyang"
+  except: "/internal/provider/openconfig|internal/provider/cisco/nxos/genyang|internal/provider/cisco/nxos/isis"
 
 dockerfile:
   enabled: false

Tiltfile

@@ -8,7 +8,7 @@ analytics_settings(False)
 allow_k8s_contexts(['minikube', 'kind-network'])
 
 docker_build('controller:latest', '.', ignore=['*/*/zz_generated.deepcopy.go', 'config/crd/bases/*'], only=[
-    'api/', 'cmd/', 'hack/', 'internal/', 'go.mod', 'go.sum', 'Makefile',
+    'api/', 'cmd/', 'hack/', 'internal/', 'go.mod', 'go.sum', 'Makefile', 'vendor/', ".force-rebuild"
 ])
 
 local_resource('controller-gen', 'make generate', ignore=['*/*/zz_generated.deepcopy.go', 'config/crd/bases/*'], deps=[
@@ -25,6 +25,8 @@ k8s_resource(new_name='lo1', objects=['lo1:interface'], trigger_mode=TRIGGER_MOD
 k8s_resource(new_name='eth1-1', objects=['eth1-1:interface'], trigger_mode=TRIGGER_MODE_MANUAL, auto_init=False)
 k8s_resource(new_name='eth1-2', objects=['eth1-2:interface'], trigger_mode=TRIGGER_MODE_MANUAL, auto_init=False)
 k8s_resource(new_name='eth1-10', objects=['eth1-10:interface'], trigger_mode=TRIGGER_MODE_MANUAL, auto_init=False)
+k8s_yaml('./config/samples/v1alpha1_igp.yaml')
+k8s_resource(new_name='underlay-isis-area-0', objects=['underlay-isis-area-0:igp'], trigger_mode=TRIGGER_MODE_MANUAL, auto_init=False)
 
 print('🚀 network-operator development environment')
 print('👉 Edit the code inside the api/, cmd/, or internal/ directories')

api/v1alpha1/igp_types.go

@@ -0,0 +1,107 @@
+// SPDX-FileCopyrightText: 2025 SAP SE or an SAP affiliate company and IronCore contributors
+// SPDX-License-Identifier: Apache-2.0
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// +kubebuilder:validation:Enum=isis
+type IGPType string
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:resource:path=igps
+// +kubebuilder:resource:singular=igp
+// +kubebuilder:resource:shortName=igp
+// +kubebuilder:printcolumn:name="Process name",type=string,JSONPath=`.spec.name`
+
+// IGP is the Schema for the igp API.
+type IGP struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// Specification of the desired state of the resource.
+	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+	Spec IGPSpec `json:"spec"`
+
+	// Status of the resource. This is set and updated automatically.
+	// Read-only.
+	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+	Status IGPStatus `json:"status"`
+}
+
+// IGProcessSpec defines the desired state of Interior Gateway Protocol (IGP) process on a device.
+type IGPSpec struct {
+	// The name of the routing instance.
+	//+kubebuilder:validation:Required
+	Name string `json:"name"`
+	//+kubebuilder:validation:Required
+	ISIS *ISISSpec `json:"isis,omitempty"`
+}
+
+// IGPStatus defines the observed state of an IGP process.
+type IGPStatus struct {
+	// The conditions are a list of status objects that describe the state of the Interface.
+	//+listType=map
+	//+listMapKey=type
+	//+patchStrategy=merge
+	//+patchMergeKey=type
+	//+optional
+	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"`
+}
+
+// +kubebuilder:object:root=true
+
+// IGPList contains a list of IGP (processes).
+type IGPList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []IGP `json:"items"`
+}
+
+// +kubebuilder:validation:Enum=Level1;Level2;Level12
+type ISISLevel string
+
+const (
+	Level1  ISISLevel = "Level1"
+	Level2  ISISLevel = "Level2"
+	Level12 ISISLevel = "Level12"
+)
+
+// +kubebuilder:validation:Enum=v4-unicast;v6-unicast
+type ISISAF string
+
+const (
+	IPv4Unicast ISISAF = "v4-unicast"
+	IPv6Unicast ISISAF = "v6-unicast"
+)
+
+type ISISSpec struct {
+	// The Network Entity Title (NET) for the ISIS instance.
+	//+kubebuilder:validation:Required
+	NET string `json:"net"`
+	// The is-type of the process (the level)
+	//+kubebuilder:validation:Required
+	Level ISISLevel `json:"level"`
+	// Overload bit configuration for this ISIS instance
+	//+kubebuilder:validation:Optional
+	OverloadBit *OverloadBit `json:"overloadBit"`
+	//+kubebuilder:validation:Required
+	//+kubebuilder:validation:MinItems=1
+	//+kubebuilder:validation:MaxItems=2
+	AddressFamilies []ISISAF `json:"addressFamilies,omitempty"`
+}
+
+type OverloadBit struct {
+	// Duration of the OverloadBit in seconds.
+	//+kubebuilder:validation:Required
+	//+kubebuilder:validation:Minimum=576
+	//+kubebuilder:validation:Maximum=86400
+	OnStartup uint32 `json:"onStartup"`
+}
+
+func init() {
+	SchemeBuilder.Register(&IGP{}, &IGPList{})
+}

api/v1alpha1/zz_generated.deepcopy.go

@@ -35,6 +35,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
 
 	// Import all supported provider implementations.
+	_ "github.com/ironcore-dev/network-operator/internal/provider/cisco/nxos"
 	_ "github.com/ironcore-dev/network-operator/internal/provider/openconfig"
 
 	"github.com/ironcore-dev/network-operator/api/v1alpha1"
@@ -79,8 +80,8 @@ func main() {
 	flag.StringVar(&metricsCertName, "metrics-cert-name", "tls.crt", "The name of the metrics server certificate file.")
 	flag.StringVar(&metricsCertKey, "metrics-cert-key", "tls.key", "The name of the metrics server key file.")
 	flag.BoolVar(&enableHTTP2, "enable-http2", false, "If set, HTTP/2 will be enabled for the metrics and webhook servers")
-	flag.StringVar(&watchFilterValue, "watch-filter", "", fmt.Sprintf("Label value that the controller watches to reconcile api objects. Label key is always %q. If unspecified, the controller watches for all api objects.", v1alpha1.WatchLabel))
-	flag.StringVar(&providerName, "provider", "openconfig", "The provider to use for the controller. If not specified, the default provider is used. Available providers: "+strings.Join(provider.Providers(), ", "))
+	flag.StringVar(&watchFilterValue, "watch-filter", "", fmt.Sprintf("Label value that the controllers watch to reconcile api objects. Label key is always %q. If unspecified, the controller watches for all api objects.", v1alpha1.WatchLabel))
+	flag.StringVar(&providerName, "provider", "openconfig", "The provider to use for the controllers. If not specified, the default provider is used. Available providers: "+strings.Join(provider.Providers(), ", "))
 	opts := zap.Options{
 		Development: true,
 		TimeEncoder: zapcore.ISO8601TimeEncoder,
@@ -220,6 +221,23 @@ func main() {
 		os.Exit(1)
 	}
 
+	prov, err = provider.Get("cisco-nxos-gnmi")
+	if err != nil {
+		setupLog.Error(err, "failed to get provider", "provider", providerName)
+		os.Exit(1)
+	}
+
+	if err = (&controller.IGPReconciler{
+		Client:           mgr.GetClient(),
+		Scheme:           mgr.GetScheme(),
+		Recorder:         mgr.GetEventRecorderFor("igp-controller"),
+		WatchFilterValue: watchFilterValue,
+		Provider:         prov,
+	}).SetupWithManager(mgr); err != nil {
+		setupLog.Error(err, "unable to create controller", "controller", "IGP")
+		os.Exit(1)
+	}
+
 	// +kubebuilder:scaffold:builder
 
 	if metricsCertWatcher != nil {