Skip to content

Commit

Permalink
kubevirt: Don't break on hostname NodePort.Address
Browse files Browse the repository at this point in the history
Using a hostname at NodePort service strategy is allowed by the api but
the kubevirt provider breaks trying to check if it's an ipv4 or ipv6 to
populate a network policy, this change skip that network policy because
hostname would be an external address so no network policy is needed.

Signed-off-by: Enrique Llorente <[email protected]>
  • Loading branch information
qinqon authored and openshift-cherrypick-robot committed Dec 19, 2024
1 parent 5b5c759 commit c595c0c
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 5 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -1782,7 +1782,7 @@ func (r *HostedClusterReconciler) reconcile(ctx context.Context, req ctrl.Reques
}

// Reconcile the network policies
if err = r.reconcileNetworkPolicies(ctx, createOrUpdate, hcluster, hcp, releaseImageVersion, controlPlaneOperatorAppliesManagementKASNetworkPolicyLabel); err != nil {
if err = r.reconcileNetworkPolicies(ctx, log, createOrUpdate, hcluster, hcp, releaseImageVersion, controlPlaneOperatorAppliesManagementKASNetworkPolicyLabel); err != nil {
return ctrl.Result{}, fmt.Errorf("failed to reconcile network policies: %w", err)
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"net/netip"

"github.com/blang/semver"
"github.com/go-logr/logr"
configv1 "github.com/openshift/api/config/v1"
hyperv1 "github.com/openshift/hypershift/api/hypershift/v1beta1"
"github.com/openshift/hypershift/hypershift-operator/controllers/manifests"
Expand All @@ -28,7 +29,7 @@ const (
NeedMetricsServerAccessLabel = "hypershift.openshift.io/need-metrics-server-access"
)

func (r *HostedClusterReconciler) reconcileNetworkPolicies(ctx context.Context, createOrUpdate upsert.CreateOrUpdateFN, hcluster *hyperv1.HostedCluster, hcp *hyperv1.HostedControlPlane, version semver.Version, controlPlaneOperatorAppliesManagementKASNetworkPolicyLabel bool) error {
func (r *HostedClusterReconciler) reconcileNetworkPolicies(ctx context.Context, log logr.Logger, createOrUpdate upsert.CreateOrUpdateFN, hcluster *hyperv1.HostedCluster, hcp *hyperv1.HostedControlPlane, version semver.Version, controlPlaneOperatorAppliesManagementKASNetworkPolicyLabel bool) error {
controlPlaneNamespaceName := manifests.HostedControlPlaneNamespace(hcluster.Namespace, hcluster.Name)

// Reconcile openshift-ingress Network Policy
Expand Down Expand Up @@ -123,7 +124,7 @@ func (r *HostedClusterReconciler) reconcileNetworkPolicies(ctx context.Context,
// network policy is being set on centralized infra only, not on external infra
policy = networkpolicy.VirtLauncherNetworkPolicy(controlPlaneNamespaceName)
if _, err := createOrUpdate(ctx, r.Client, policy, func() error {
return reconcileVirtLauncherNetworkPolicy(policy, hcluster, managementClusterNetwork)
return reconcileVirtLauncherNetworkPolicy(log, policy, hcluster, managementClusterNetwork)
}); err != nil {
return fmt.Errorf("failed to reconcile virt launcher policy: %w", err)
}
Expand Down Expand Up @@ -512,7 +513,7 @@ func addToBlockedNetworks(network string, blockedIPv4Networks []string, blockedI
return blockedIPv4Networks, blockedIPv6Networks
}

func reconcileVirtLauncherNetworkPolicy(policy *networkingv1.NetworkPolicy, hcluster *hyperv1.HostedCluster, managementClusterNetwork *configv1.Network) error {
func reconcileVirtLauncherNetworkPolicy(log logr.Logger, policy *networkingv1.NetworkPolicy, hcluster *hyperv1.HostedCluster, managementClusterNetwork *configv1.Network) error {
protocolTCP := corev1.ProtocolTCP
protocolUDP := corev1.ProtocolUDP
protocolSCTP := corev1.ProtocolSCTP
Expand Down Expand Up @@ -641,7 +642,8 @@ func reconcileVirtLauncherNetworkPolicy(policy *networkingv1.NetworkPolicy, hclu
} else if utilsnet.IsIPv6String(nodeAddress) {
prefixLength = 128
} else {
return fmt.Errorf("could not determine if %s is an IPv4 or IPv6 address", nodeAddress)
log.Info(fmt.Sprintf("could not determine if %s is an IPv4 or IPv6 address, skipping virt-launcher network policy for service %q", nodeAddress, hcService.Type))
continue
}
parsedNodeAddress, err := netip.ParseAddr(nodeAddress)
if err != nil {
Expand Down

0 comments on commit c595c0c

Please sign in to comment.