feat(controller): add support for L3 subinterfaces

Implement basic CRUD operations for SubInterfaces:
* Validate that the parent interface exists and is in a configured state before applying subinterface;
  halt reconciliation otherwise
* Ensure parent interface is Layer 3 (no switchport configuration)
* Watch parent interface for create/update events to trigger reconciliation when it becomes available
* Cascade deletion: removing the parent interface also deletes associated subinterfaces

To support the cascading deletion of interfaces, we set owner reference on subinterface to parent
interface. Omitting device owner reference on subinterface as this
blocks deletion until device gets deleted.

Author: sven-rosenzweig

api/core/v1alpha1/groupversion_info.go

@@ -208,6 +208,15 @@ const (
 
 	// VRFNotFoundReason indicates that a referenced VRF was not found.
 	VRFNotFoundReason = "VRFNotFound"
+
+	// ParentInterfaceNotFoundReason indicates that a referenced parent interface for a subinterface was not found.
+	ParentInterfaceNotFoundReason = "ParentInterfaceNotFound"
+
+	// ParentInterfaceNotConfiguredReason indicates that the parent interface of a subinterface is not configured.
+	ParentInterfaceNotConfiguredReason = "ParentInterfaceNotConfigured"
+
+	// InvalidParentInterfaceTypeReason indicates that a referenced parent interface type is not supported.
+	InvalidParentInterfaceTypeReason = "InvalidParentInterfaceType"
 )
 
 // Reasons that are specific to [Device] objects.

internal/controller/core/interface_controller.go

@@ -215,6 +215,7 @@ const (
 	interfaceUnnumberedRefKey = ".spec.ipv4.unnumbered.interfaceRef.name"
 	interfaceVlanRefKey       = ".spec.vlanRef.name"
 	interfaceVrfRefKey        = ".spec.vrfRef.name"
+	interfaceParentRefKey     = ".spec.parentInterfaceRef.name"
 )
 
 // SetupWithManager sets up the controller with the Manager.
@@ -277,6 +278,16 @@ func (r *InterfaceReconciler) SetupWithManager(ctx context.Context, mgr ctrl.Man
 		return err
 	}
 
+	if err := mgr.GetFieldIndexer().IndexField(ctx, &v1alpha1.Interface{}, interfaceParentRefKey, func(obj client.Object) []string {
+		intf := obj.(*v1alpha1.Interface)
+		if intf.Spec.ParentInterfaceRef == nil {
+			return nil
+		}
+		return []string{intf.Spec.ParentInterfaceRef.Name}
+	}); err != nil {
+		return err
+	}
+
 	bldr := ctrl.NewControllerManagedBy(mgr).
 		For(&v1alpha1.Interface{}).
 		Named("interface").
@@ -308,6 +319,19 @@ func (r *InterfaceReconciler) SetupWithManager(ctx context.Context, mgr ctrl.Man
 				},
 			}),
 		).
+		// Watches enqueues subinterfaces when their parent interface changes.
+		Watches(
+			&v1alpha1.Interface{},
+			handler.EnqueueRequestsFromMapFunc(r.parentToSubinterfaces),
+			builder.WithPredicates(predicate.Funcs{
+				UpdateFunc: func(e event.UpdateEvent) bool {
+					return false
+				},
+				GenericFunc: func(e event.GenericEvent) bool {
+					return false
+				},
+			}),
+		).
 		// Watches enqueues Aggregate Interfaces for updates in referenced member resources.
 		Watches(
 			&v1alpha1.Interface{},
@@ -409,8 +433,9 @@ func (r *InterfaceReconciler) reconcile(ctx context.Context, s *scope) (reterr e
 
 	s.Interface.Labels[v1alpha1.DeviceLabel] = s.Device.Name
 
-	// Ensure the Interface is owned by the Device.
-	if !controllerutil.HasControllerReference(s.Interface) {
+	// Ensure the Interface (except subinterfaces) is owned by the Device.
+	// Subinterfaces have their parent interface as owner, and the parent interface is owned by the Device.
+	if !controllerutil.HasControllerReference(s.Interface) && s.Interface.Spec.Type != v1alpha1.InterfaceTypeSubinterface {
 		if err := controllerutil.SetOwnerReference(s.Device, s.Interface, r.Scheme, controllerutil.WithBlockOwnerDeletion(true)); err != nil {
 			return err
 		}
@@ -441,6 +466,13 @@ func (r *InterfaceReconciler) reconcile(ctx context.Context, s *scope) (reterr e
 		}
 	}
 
+	if s.Interface.Spec.Type == v1alpha1.InterfaceTypeSubinterface {
+		err := r.reconcileSubinterfaces(ctx, s)
+		if err != nil {
+			return err
+		}
+	}
+
 	var multiChassisID *int16
 	if s.Interface.Spec.Aggregation != nil && s.Interface.Spec.Aggregation.MultiChassis != nil {
 		multiChassisID = &s.Interface.Spec.Aggregation.MultiChassis.ID
@@ -763,6 +795,79 @@ func (r *InterfaceReconciler) reconcileMemberInterfaces(ctx context.Context, s *
 	return members, nil
 }
 
+// reconcileSubinterfaces ensures that the parent interfaces exist and belong to the same device as the subinterface.
+// It also updates the subinterfaces owner reference to the parent interface
+func (r *InterfaceReconciler) reconcileSubinterfaces(ctx context.Context, s *scope) error {
+	parentIntf := new(v1alpha1.Interface)
+
+	key := client.ObjectKey{Name: s.Interface.Spec.ParentInterfaceRef.Name, Namespace: s.Interface.Namespace}
+	if err := r.Get(ctx, key, parentIntf); err != nil {
+		if apierrors.IsNotFound(err) {
+			conditions.Set(s.Interface, metav1.Condition{
+				Type:    v1alpha1.ConfiguredCondition,
+				Status:  metav1.ConditionFalse,
+				Reason:  v1alpha1.ParentInterfaceNotFoundReason,
+				Message: fmt.Sprintf("referenced parent interface %q for not found", key),
+			})
+			return reconcile.TerminalError(fmt.Errorf("failed to get parent interface %q: %w", s.Interface.Spec.ParentInterfaceRef.Name, err))
+		}
+		return err
+	}
+
+	// Check matching device reference
+	if parentIntf.Spec.DeviceRef.Name != s.Device.Name {
+		conditions.Set(s.Interface, metav1.Condition{
+			Type:    v1alpha1.ConfiguredCondition,
+			Status:  metav1.ConditionFalse,
+			Reason:  v1alpha1.CrossDeviceReferenceReason,
+			Message: fmt.Sprintf("parent interface %q belongs to a different device", key),
+		})
+		return reconcile.TerminalError(fmt.Errorf("parent interface %q belongs to device %q in not ready state", s.Interface.Spec.ParentInterfaceRef.Name, parentIntf.Spec.DeviceRef.Name))
+	}
+
+	// Check if parent interface is an aggregate or physical interface
+	if parentIntf.Spec.Type != v1alpha1.InterfaceTypePhysical && parentIntf.Spec.Type != v1alpha1.InterfaceTypeAggregate {
+		conditions.Set(s.Interface, metav1.Condition{
+			Type:    v1alpha1.ConfiguredCondition,
+			Status:  metav1.ConditionFalse,
+			Reason:  v1alpha1.InvalidParentInterfaceTypeReason,
+			Message: fmt.Sprintf("parent interface %q is not of type Physical or Aggregate, got %q", key, parentIntf.Spec.Type),
+		})
+		return reconcile.TerminalError(fmt.Errorf("parent interface %q is not of type Physical or Aggregate, got %q", s.Interface.Spec.ParentInterfaceRef.Name, parentIntf.Spec.Type))
+	}
+
+	// L2 interfaces do not support subinterfaces config
+	if parentIntf.Spec.Switchport != nil {
+		conditions.Set(s.Interface, metav1.Condition{
+			Type:    v1alpha1.ConfiguredCondition,
+			Status:  metav1.ConditionFalse,
+			Reason:  v1alpha1.InvalidInterfaceTypeReason,
+			Message: fmt.Sprintf("parent interface %q is an L2 interface", key),
+		})
+		return reconcile.TerminalError(fmt.Errorf("parent interface %q is an L2 interface", s.Interface.Spec.ParentInterfaceRef.Name))
+	}
+
+	// Ensure the Subinterface is owned by the parent interface.
+	if !controllerutil.HasControllerReference(s.Interface) {
+		if err := controllerutil.SetOwnerReference(parentIntf, s.Interface, r.Scheme, controllerutil.WithBlockOwnerDeletion(true)); err != nil {
+			return reconcile.TerminalError(err)
+		}
+	}
+
+	// Parent interface must be configured
+	if !conditions.IsConfigured(parentIntf) {
+		conditions.Set(s.Interface, metav1.Condition{
+			Type:    v1alpha1.ConfiguredCondition,
+			Status:  metav1.ConditionFalse,
+			Reason:  v1alpha1.ParentInterfaceNotConfiguredReason,
+			Message: fmt.Sprintf("parent interface %q not ready", key),
+		})
+		return reconcile.TerminalError(fmt.Errorf("parent interface %q in not ready state", s.Interface.Spec.ParentInterfaceRef.Name))
+	}
+
+	return nil
+}
+
 func (r *InterfaceReconciler) finalize(ctx context.Context, s *scope) (reterr error) {
 	if s.Interface.Spec.Aggregation != nil {
 		if err := r.finalizeMemberInterfaces(ctx, s); err != nil {
@@ -943,6 +1048,43 @@ func (r *InterfaceReconciler) aggregateToMembers(ctx context.Context, obj client
 	return requests
 }
 
+// parentToSubinterfaces is a [handler.MapFunc] to be used to enqueue requests for reconciliation
+// for Subinterfaces based on their parent Interface.
+func (r *InterfaceReconciler) parentToSubinterfaces(ctx context.Context, obj client.Object) []ctrl.Request {
+	intf, ok := obj.(*v1alpha1.Interface)
+	if !ok {
+		panic(fmt.Sprintf("Expected a Interface but got a %T", obj))
+	}
+
+	if intf.Spec.Type != v1alpha1.InterfaceTypePhysical && intf.Spec.Type != v1alpha1.InterfaceTypeAggregate {
+		return nil
+	}
+
+	log := ctrl.LoggerFrom(ctx, "Interface", klog.KObj(intf))
+	interfaces := new(v1alpha1.InterfaceList)
+
+	// List all interfaces in the same namespace with a parent interface reference to the physical interface.
+	if err := r.List(ctx, interfaces, client.InNamespace(intf.Namespace), client.MatchingFields{interfaceParentRefKey: intf.Name}); err != nil {
+		log.Error(err, "Failed to list Interfaces")
+		return nil
+	}
+
+	requests := []ctrl.Request{}
+	for _, i := range interfaces.Items {
+		if i.Spec.ParentInterfaceRef != nil && i.Spec.ParentInterfaceRef.Name == intf.Name {
+			log.V(2).Info("Enqueuing SubInterface for reconciliation", "SubInterface", klog.KObj(&i))
+			requests = append(requests, ctrl.Request{
+				NamespacedName: client.ObjectKey{
+					Name:      i.Name,
+					Namespace: i.Namespace,
+				},
+			})
+		}
+	}
+
+	return requests
+}
+
 // vlanToRoutedVLAN is a [handler.MapFunc] to be used to enqueue requests for reconciliation
 // for a RoutedVLAN Interface when its referenced VLAN changes.
 func (r *InterfaceReconciler) vlanToRoutedVLAN(ctx context.Context, obj client.Object) []ctrl.Request {

internal/controller/core/interface_controller_test.go

@@ -754,6 +754,143 @@ var _ = Describe("Interface Controller", func() {
 			}).Should(Succeed())
 		})
 
+		It("Should fail reconcile when parent interface does not exist for subinterface", func() {
+			By("Creating a Subinterface referencing a non-existent parent")
+			subintf := &v1alpha1.Interface{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      name,
+					Namespace: metav1.NamespaceDefault,
+				},
+				Spec: v1alpha1.InterfaceSpec{
+					DeviceRef:   v1alpha1.LocalObjectReference{Name: name},
+					Name:        name + ".100",
+					AdminState:  v1alpha1.AdminStateUp,
+					Description: "Subinterface without parent",
+					Type:        v1alpha1.InterfaceTypeSubinterface,
+					ParentInterfaceRef: &v1alpha1.LocalObjectReference{
+						Name: "non-existent-parent",
+					},
+					Encapsulation: &v1alpha1.Encapsulation{
+						Type: v1alpha1.EncapsulationTypeDot1Q,
+						Tag:  100,
+					},
+					IPv4: &v1alpha1.InterfaceIPv4{
+						Addresses: []v1alpha1.IPPrefix{{Prefix: netip.MustParsePrefix("10.0.0.100/24")}},
+					},
+				},
+			}
+			Expect(k8sClient.Create(ctx, subintf)).To(Succeed())
+
+			By("Verifying the controller sets parent interface not ready status")
+			Eventually(func(g Gomega) {
+				resource := &v1alpha1.Interface{}
+				g.Expect(k8sClient.Get(ctx, key, resource)).To(Succeed())
+				g.Expect(resource.Status.Conditions).To(HaveLen(4))
+				g.Expect(resource.Status.Conditions[0].Type).To(Equal(v1alpha1.ReadyCondition))
+				g.Expect(resource.Status.Conditions[0].Status).To(Equal(metav1.ConditionFalse))
+				g.Expect(resource.Status.Conditions[1].Type).To(Equal(v1alpha1.ConfiguredCondition))
+				g.Expect(resource.Status.Conditions[1].Status).To(Equal(metav1.ConditionFalse))
+				g.Expect(resource.Status.Conditions[1].Reason).To(Equal(v1alpha1.ParentInterfaceNotFoundReason))
+				g.Expect(resource.Status.Conditions[2].Type).To(Equal(v1alpha1.OperationalCondition))
+				g.Expect(resource.Status.Conditions[2].Status).To(Equal(metav1.ConditionUnknown))
+				g.Expect(resource.Status.Conditions[3].Type).To(Equal(v1alpha1.PausedCondition))
+				g.Expect(resource.Status.Conditions[3].Status).To(Equal(metav1.ConditionFalse))
+			}).Should(Succeed())
+		})
+
+		It("Should successfully reconcile parent Physical interface and Subinterface", func() {
+			const parentName = "test-parent-eth"
+			const subinterfaceName = "test-subintf"
+
+			By("Creating a Physical parent interface")
+			parentIntf := &v1alpha1.Interface{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      parentName,
+					Namespace: metav1.NamespaceDefault,
+				},
+				Spec: v1alpha1.InterfaceSpec{
+					DeviceRef:   v1alpha1.LocalObjectReference{Name: name},
+					Name:        parentName,
+					AdminState:  v1alpha1.AdminStateUp,
+					Description: "Parent Physical Interface",
+					MTU:         9000,
+					Type:        v1alpha1.InterfaceTypePhysical,
+				},
+			}
+			Expect(k8sClient.Create(ctx, parentIntf)).To(Succeed())
+
+			By("Verifying the parent Physical interface is ready")
+			Eventually(func(g Gomega) {
+				resource := &v1alpha1.Interface{}
+				g.Expect(k8sClient.Get(ctx, client.ObjectKey{Name: parentName, Namespace: metav1.NamespaceDefault}, resource)).To(Succeed())
+				g.Expect(resource.Status.Conditions).To(HaveLen(4))
+				g.Expect(resource.Status.Conditions[0].Type).To(Equal(v1alpha1.ReadyCondition))
+				g.Expect(resource.Status.Conditions[0].Status).To(Equal(metav1.ConditionTrue))
+				g.Expect(resource.Status.Conditions[1].Type).To(Equal(v1alpha1.ConfiguredCondition))
+				g.Expect(resource.Status.Conditions[1].Status).To(Equal(metav1.ConditionTrue))
+			}).Should(Succeed())
+
+			By("Creating a Subinterface referencing the parent")
+			subintf := &v1alpha1.Interface{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      subinterfaceName,
+					Namespace: metav1.NamespaceDefault,
+				},
+				Spec: v1alpha1.InterfaceSpec{
+					DeviceRef:   v1alpha1.LocalObjectReference{Name: name},
+					Name:        parentName + ".100",
+					AdminState:  v1alpha1.AdminStateUp,
+					Description: "Subinterface with 802.1q encapsulation",
+					Type:        v1alpha1.InterfaceTypeSubinterface,
+					ParentInterfaceRef: &v1alpha1.LocalObjectReference{
+						Name: parentName,
+					},
+					Encapsulation: &v1alpha1.Encapsulation{
+						Type: v1alpha1.EncapsulationTypeDot1Q,
+						Tag:  100,
+					},
+					IPv4: &v1alpha1.InterfaceIPv4{
+						Addresses: []v1alpha1.IPPrefix{{Prefix: netip.MustParsePrefix("10.0.100.1/24")}},
+					},
+				},
+			}
+			Expect(k8sClient.Create(ctx, subintf)).To(Succeed())
+
+			By("Verifying the controller sets the parent interface as owner reference")
+			Eventually(func(g Gomega) {
+				resource := &v1alpha1.Interface{}
+				g.Expect(k8sClient.Get(ctx, client.ObjectKey{Name: subinterfaceName, Namespace: metav1.NamespaceDefault}, resource)).To(Succeed())
+				g.Expect(resource.OwnerReferences).To(HaveLen(1))
+				g.Expect(resource.OwnerReferences[0].Kind).To(Equal("Interface"))
+				g.Expect(resource.OwnerReferences[0].Name).To(Equal(parentName))
+			}).Should(Succeed())
+
+			By("Verifying the subinterface status is ready")
+			Eventually(func(g Gomega) {
+				resource := &v1alpha1.Interface{}
+				g.Expect(k8sClient.Get(ctx, client.ObjectKey{Name: subinterfaceName, Namespace: metav1.NamespaceDefault}, resource)).To(Succeed())
+				g.Expect(resource.Status.Conditions).To(HaveLen(4))
+				g.Expect(resource.Status.Conditions[0].Type).To(Equal(v1alpha1.ReadyCondition))
+				g.Expect(resource.Status.Conditions[0].Status).To(Equal(metav1.ConditionTrue))
+				g.Expect(resource.Status.Conditions[1].Type).To(Equal(v1alpha1.ConfiguredCondition))
+				g.Expect(resource.Status.Conditions[1].Status).To(Equal(metav1.ConditionTrue))
+				g.Expect(resource.Status.Conditions[2].Type).To(Equal(v1alpha1.OperationalCondition))
+				g.Expect(resource.Status.Conditions[2].Status).To(Equal(metav1.ConditionTrue))
+				g.Expect(resource.Status.Conditions[3].Type).To(Equal(v1alpha1.PausedCondition))
+				g.Expect(resource.Status.Conditions[3].Status).To(Equal(metav1.ConditionFalse))
+			}).Should(Succeed())
+
+			By("Verifying the Subinterface is configured in the provider")
+			Eventually(func(g Gomega) {
+				g.Expect(testProvider.Ports.Has(parentName+".100")).To(BeTrue(), "Provider should have Subinterface configured")
+			}).Should(Succeed())
+
+			By("Verifying the parent Physical interface is configured in the provider")
+			Eventually(func(g Gomega) {
+				g.Expect(testProvider.Ports.Has(parentName)).To(BeTrue(), "Provider should have parent Physical Interface configured")
+			}).Should(Succeed())
+		})
+
 		It("Should handle unnumbered reference to non-Loopback Interface", func() {
 			By("Creating a Physical Interface to be referenced")
 			phys := &v1alpha1.Interface{