Add dynamic ranges to generated communication matrix

This PR is adding the following changes:
1. As requested from the partenrs, the dynamic port ranges of the
   cluster (Linux dynamic\private ranges, kubelet node port dynamic
range, host level services dynamic range), are added to the generated
communication matrix in all of the supported formats.
The dynamic ranges are extracted in the following ways:
	- Host level services range: are set by a static defined range
	  (9000-9999).
	- Node port dynamic range: we are looking for a custom defined
	  range (network.Spec.ServiceNodePortRange), if there is no
range set, we use a default static range (30000-32767)
	- Linux dynamic\private range: we retrive the dynamic range by
	  reading the host sysctl
(/proc/sys/net/ipv4/ip_local_port_range).
2. We also have added the option of using a custom entries file that
   include ranges, so partners will be able to add their own ranges if
needed.
3. The e2e tests have been modified the following:
	- EPS vs SS: in the comparsion between the matrices, we also check if
	  host level open ports (from ss matrix) which don't have an EPS
are in the range specified in the generated commatrix.
	- Doc vs EPS: in the comparison between the matrices, we also
	  chcek if the ports in the genereted commatrix which are not
documented in the doc matrix, do appear in the doc ranges.
4. The custom entries samples had been modified to also include ranges.
5. commatrix.go file's unit tests had been modified to allow mocking of
   a debugpod in the tests. For that sense, we have added to the
commatrixCreator struct a utils field similar to what's done in the
ConnectionCheck struct.

Author: shirmoran

cmd/generate/generate.go

@@ -6,9 +6,6 @@ import (
 	"path/filepath"
 	"slices"
 	"strings"
-	"time"
-
-	"context"
 
 	"github.com/openshift-kni/commatrix/pkg/client"
 	commatrixcreator "github.com/openshift-kni/commatrix/pkg/commatrix-creator"
@@ -20,13 +17,9 @@ import (
 	configv1 "github.com/openshift/api/config/v1"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
-	corev1 "k8s.io/api/core/v1"
-	apierrors "k8s.io/apimachinery/pkg/api/errors"
-	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/cli-runtime/pkg/genericclioptions"
 	"k8s.io/cli-runtime/pkg/genericiooptions"
 	"k8s.io/kubectl/pkg/util/templates"
-	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
 
 	"github.com/openshift-kni/commatrix/pkg/types"
 )
@@ -261,8 +254,10 @@ func generateMatrix(o *GenerateOptions, deployment types.Deployment, platformTyp
 		return nil, fmt.Errorf("failed creating the endpointslices exporter %s", err)
 	}
 
+	utilsHelpers := utils.New(o.cs)
+
 	log.Debug("Creating communication matrix")
-	commMatrix, err := commatrixcreator.New(epExporter, o.customEntriesPath, o.customEntriesFormat, platformType, deployment, ipv6Enabled)
+	commMatrix, err := commatrixcreator.New(epExporter, o.customEntriesPath, o.customEntriesFormat, platformType, deployment, ipv6Enabled, utilsHelpers)
 	if err != nil {
 		return nil, err
 	}
@@ -301,21 +296,6 @@ func generateSS(o *GenerateOptions, deployment types.Deployment) (*types.ComMatr
 	defer func() {
 		if delErr := o.utilsHelpers.DeleteNamespace(consts.DefaultDebugNamespace); delErr != nil {
 			log.Warnf("failed to delete namespace %s: %v", consts.DefaultDebugNamespace, delErr)
-			return
-		}
-		if pollErr := wait.PollUntilContextTimeout(context.TODO(), time.Second, 2*time.Minute, true, func(ctx context.Context) (bool, error) {
-			ns := &corev1.Namespace{}
-			err := o.cs.Get(context.TODO(), ctrlclient.ObjectKey{Name: consts.DefaultDebugNamespace}, ns)
-			if apierrors.IsNotFound(err) {
-				return true, nil
-			}
-			if err != nil {
-				log.Warningf("retrying due to error: %v", err)
-				return false, nil // keep retrying
-			}
-			return false, nil
-		}); pollErr != nil {
-			log.Errorf("error while waiting for namespace %s deletion: %v", consts.DefaultDebugNamespace, pollErr)
 		}
 	}()
 

pkg/commatrix-creator/commatrix.go

@@ -1,18 +1,26 @@
 package commatrixcreator
 
 import (
+	"context"
 	"fmt"
 	"io"
 	"os"
 	"path/filepath"
 	"slices"
+	"strconv"
+	"strings"
 
 	log "github.com/sirupsen/logrus"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
+	"github.com/openshift-kni/commatrix/pkg/consts"
 	"github.com/openshift-kni/commatrix/pkg/endpointslices"
 	"github.com/openshift-kni/commatrix/pkg/mcp"
 	"github.com/openshift-kni/commatrix/pkg/types"
+	"github.com/openshift-kni/commatrix/pkg/utils"
 	configv1 "github.com/openshift/api/config/v1"
+	clientOptions "sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 type CommunicationMatrixCreator struct {
@@ -22,16 +30,18 @@ type CommunicationMatrixCreator struct {
 	platformType        configv1.PlatformType
 	deployment          types.Deployment
 	ipv6Enabled         bool
+	utilsHelpers        utils.UtilsInterface
 }
 
-func New(exporter *endpointslices.EndpointSlicesExporter, customEntriesPath string, customEntriesFormat string, platformType configv1.PlatformType, deployment types.Deployment, ipv6Enabled bool) (*CommunicationMatrixCreator, error) {
+func New(exporter *endpointslices.EndpointSlicesExporter, customEntriesPath string, customEntriesFormat string, platformType configv1.PlatformType, deployment types.Deployment, ipv6Enabled bool, utilsHelpers utils.UtilsInterface) (*CommunicationMatrixCreator, error) {
 	return &CommunicationMatrixCreator{
 		exporter:            exporter,
 		customEntriesPath:   customEntriesPath,
 		customEntriesFormat: customEntriesFormat,
 		platformType:        platformType,
 		deployment:          deployment,
 		ipv6Enabled:         ipv6Enabled,
+		utilsHelpers:        utilsHelpers,
 	}, nil
 }
 
@@ -74,23 +84,33 @@ func (cm *CommunicationMatrixCreator) CreateEndpointMatrix() (*types.ComMatrix,
 	staticEntries = expandStaticEntriesByPool(staticEntries, PoolRolesForStaticEntriesExpansion)
 	epSliceComDetails = append(epSliceComDetails, staticEntries...)
 
+	var customMatrix *types.ComMatrix
 	if cm.customEntriesPath != "" {
 		log.Debug("Loading custom entries from file")
-		customComDetails, err := cm.GetComDetailsListFromFile()
+		customMatrix, err = cm.GetComMatrixFromFile()
 		if err != nil {
 			log.Errorf("Failed adding custom entries: %s", err)
 			return nil, fmt.Errorf("failed adding custom entries: %s", err)
 		}
-		epSliceComDetails = append(epSliceComDetails, customComDetails...)
+		epSliceComDetails = append(epSliceComDetails, customMatrix.Matrix...)
 	}
 
-	commMatrix := &types.ComMatrix{Matrix: epSliceComDetails}
+	dynamicRanges, err := cm.getDynamicRanges()
+	if err != nil {
+		log.Errorf("Failed to get dynamic ranges: %v", err)
+		return nil, fmt.Errorf("failed to get dynamic ranges: %w", err)
+	}
+	if customMatrix != nil && len(customMatrix.DynamicRanges) > 0 {
+		dynamicRanges = append(dynamicRanges, customMatrix.DynamicRanges...)
+	}
+
+	commMatrix := &types.ComMatrix{Matrix: epSliceComDetails, DynamicRanges: dynamicRanges}
 	log.Debug("Sorting ComMatrix and removing duplicates")
 	commMatrix.SortAndRemoveDuplicates()
 	return commMatrix, nil
 }
 
-func (cm *CommunicationMatrixCreator) GetComDetailsListFromFile() ([]types.ComDetails, error) {
+func (cm *CommunicationMatrixCreator) GetComMatrixFromFile() (*types.ComMatrix, error) {
 	log.Debugf("Opening file %s", cm.customEntriesPath)
 	f, err := os.Open(filepath.Clean(cm.customEntriesPath))
 	if err != nil {
@@ -107,7 +127,7 @@ func (cm *CommunicationMatrixCreator) GetComDetailsListFromFile() ([]types.ComDe
 	}
 
 	log.Debugf("Unmarshalling file content with format %s", cm.customEntriesFormat)
-	res, err := types.ParseToComDetailsList(raw, cm.customEntriesFormat)
+	res, err := types.ParseToComMatrix(raw, cm.customEntriesFormat)
 	if err != nil {
 		log.Errorf("Failed to unmarshal %s file: %v", cm.customEntriesFormat, err)
 		return nil, fmt.Errorf("failed to unmarshal custom entries file: %v", err)
@@ -174,3 +194,150 @@ func expandStaticEntriesByPool(staticEntries []types.ComDetails, poolToRoles map
 	}
 	return out
 }
+
+func (cm *CommunicationMatrixCreator) getDynamicRanges() ([]types.DynamicRange, error) {
+	log.Debug("Getting dynamic ranges")
+	dynamicRanges := types.HostLevelServicesDynamicRange
+
+	nodePortDynamicRange, err := cm.getNodePortDynamicRange()
+	if err != nil {
+		log.Errorf("Failed to get node port dynamic range: %v", err)
+		return nil, fmt.Errorf("failed to get node port dynamic range: %w", err)
+	}
+	dynamicRanges = append(dynamicRanges, nodePortDynamicRange...)
+
+	linuxDynamicPrivateRange, err := cm.getLinuxDynamicPrivateRange()
+	if err != nil {
+		log.Errorf("Failed to get Linux dynamic private range: %v", err)
+		return nil, fmt.Errorf("failed to get Linux dynamic private range: %w", err)
+	}
+	dynamicRanges = append(dynamicRanges, linuxDynamicPrivateRange...)
+
+	return dynamicRanges, nil
+}
+
+// GetNodePortDynamicRange returns the cluster's Service NodePort range as dynamic ranges.
+// If the cluster does not define a custom range, it falls back to the Kubernetes default (30000-32767).
+func (cm *CommunicationMatrixCreator) getNodePortDynamicRange() ([]types.DynamicRange, error) {
+	log.Debug("Getting node port dynamic range")
+	network := &configv1.Network{}
+	if err := cm.exporter.Get(context.TODO(), clientOptions.ObjectKey{Name: "cluster"}, network); err != nil {
+		log.Errorf("Failed to get Network config: %v", err)
+		return nil, fmt.Errorf("failed to get Network config: %w", err)
+	}
+
+	dr := types.KubeletNodePortDefaultDynamicRange
+	rangeStr := strings.TrimSpace(network.Spec.ServiceNodePortRange)
+	if rangeStr == "" {
+		log.Debug("ServiceNodePortRange not set; using default")
+		return dr, nil
+	}
+
+	minPort, maxPort, err := parsePortRange(rangeStr)
+	if err != nil {
+		log.Errorf("Invalid ServiceNodePortRange format %q: %v", rangeStr, err)
+		return nil, fmt.Errorf("invalid ServiceNodePortRange format %q: %w", rangeStr, err)
+	}
+
+	for i := range dr {
+		dr[i].MinPort = minPort
+		dr[i].MaxPort = maxPort
+	}
+	return dr, nil
+}
+
+// getLinuxDynamicPrivateRange retrieves the Linux dynamic/private port range from a cluster node
+// by reading the host sysctl:
+//   - /proc/sys/net/ipv4/ip_local_port_range
+func (cm *CommunicationMatrixCreator) getLinuxDynamicPrivateRange() ([]types.DynamicRange, error) {
+	log.Debug("Getting Linux dynamic/private port range from cluster")
+
+	// Pick an arbitrary node to query (ranges are expected to be consistent across nodes).
+	nodes, err := cm.exporter.CoreV1Interface.Nodes().List(context.TODO(), metav1.ListOptions{})
+	if err != nil {
+		log.Errorf("Failed to list nodes: %v", err)
+		return nil, fmt.Errorf("failed to list nodes: %w", err)
+	}
+	if len(nodes.Items) == 0 {
+		return nil, fmt.Errorf("no nodes found in the cluster")
+	}
+	nodeName := nodes.Items[0].Name
+
+	// Ensure namespace exists.
+	if err := cm.utilsHelpers.CreateNamespace(consts.DefaultDebugNamespace); err != nil {
+		log.Errorf("Failed to create debug namespace: %v", err)
+		return nil, fmt.Errorf("failed to create debug namespace: %w", err)
+	}
+	defer func() {
+		if delErr := cm.utilsHelpers.DeleteNamespace(consts.DefaultDebugNamespace); delErr != nil {
+			log.Warnf("failed to delete namespace %s: %v", consts.DefaultDebugNamespace, delErr)
+		}
+	}()
+
+	// Create a privileged pod on the selected node.
+	pod, err := cm.utilsHelpers.CreatePodOnNode(nodeName, consts.DefaultDebugNamespace, consts.DefaultDebugPodImage, []string{})
+	if err != nil {
+		log.Errorf("Failed to create debug pod: %v", err)
+		return nil, fmt.Errorf("failed to create debug pod: %w", err)
+	}
+	defer func() {
+		if delErr := cm.utilsHelpers.DeletePod(pod); delErr != nil {
+			log.Warnf("failed to delete debug pod %s: %v", pod.Name, delErr)
+		}
+	}()
+
+	// Wait for the pod to be running.
+	if err := cm.utilsHelpers.WaitForPodStatus(consts.DefaultDebugNamespace, pod, corev1.PodRunning); err != nil {
+		log.Errorf("Debug pod did not reach Running state: %v", err)
+		return nil, fmt.Errorf("debug pod did not reach Running state: %w", err)
+	}
+
+	// Read IPv4 range (applies to both IPv4 and IPv6 ephemeral ports).
+	out, err := cm.utilsHelpers.RunCommandOnPod(pod, []string{"/bin/sh", "-c", "cat /host/proc/sys/net/ipv4/ip_local_port_range"})
+	if err != nil {
+		log.Errorf("Failed to read IPv4 ip_local_port_range: %v", err)
+		return nil, fmt.Errorf("failed to read IPv4 ip_local_port_range: %w", err)
+	}
+	minPort, maxPort, err := parsePortRange(string(out))
+	if err != nil {
+		log.Errorf("Failed to parse IPv4 ip_local_port_range output: %v", err)
+		return nil, fmt.Errorf("failed to parse IPv4 ip_local_port_range: %w", err)
+	}
+
+	return []types.DynamicRange{
+		{
+			Direction:   "Ingress",
+			Protocol:    "TCP",
+			MinPort:     minPort,
+			MaxPort:     maxPort,
+			Description: "Linux dynamic/private ports",
+			Optional:    true,
+		},
+		{
+			Direction:   "Ingress",
+			Protocol:    "UDP",
+			MinPort:     minPort,
+			MaxPort:     maxPort,
+			Description: "Linux dynamic/private ports",
+			Optional:    true,
+		},
+	}, nil
+}
+
+// parsePortRange parses "MIN MAX" or "MIN-MAX" formatted ranges.
+func parsePortRange(s string) (int, int, error) {
+	normalized := strings.TrimSpace(strings.ReplaceAll(s, "-", " "))
+	fields := strings.Fields(normalized)
+	if len(fields) != 2 {
+		return 0, 0, fmt.Errorf("unexpected format %q", s)
+	}
+	minPort, err := strconv.Atoi(fields[0])
+	if err != nil {
+		return 0, 0, err
+	}
+	maxPort, err := strconv.Atoi(fields[1])
+	if err != nil {
+		return 0, 0, err
+	}
+	return minPort, maxPort, nil
+}