diff --git a/hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go b/hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go index 463cf9d0a7..313a23afbb 100644 --- a/hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go +++ b/hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go @@ -1782,7 +1782,7 @@ func (r *HostedClusterReconciler) reconcile(ctx context.Context, req ctrl.Reques } // Reconcile the network policies - if err = r.reconcileNetworkPolicies(ctx, createOrUpdate, hcluster, hcp, releaseImageVersion, controlPlaneOperatorAppliesManagementKASNetworkPolicyLabel); err != nil { + if err = r.reconcileNetworkPolicies(ctx, log, createOrUpdate, hcluster, hcp, releaseImageVersion, controlPlaneOperatorAppliesManagementKASNetworkPolicyLabel); err != nil { return ctrl.Result{}, fmt.Errorf("failed to reconcile network policies: %w", err) } diff --git a/hypershift-operator/controllers/hostedcluster/network_policies.go b/hypershift-operator/controllers/hostedcluster/network_policies.go index 3485542d52..4105082d4f 100644 --- a/hypershift-operator/controllers/hostedcluster/network_policies.go +++ b/hypershift-operator/controllers/hostedcluster/network_policies.go @@ -7,6 +7,7 @@ import ( "net/netip" "github.com/blang/semver" + "github.com/go-logr/logr" configv1 "github.com/openshift/api/config/v1" hyperv1 "github.com/openshift/hypershift/api/hypershift/v1beta1" "github.com/openshift/hypershift/hypershift-operator/controllers/manifests" @@ -28,7 +29,7 @@ const ( NeedMetricsServerAccessLabel = "hypershift.openshift.io/need-metrics-server-access" ) -func (r *HostedClusterReconciler) reconcileNetworkPolicies(ctx context.Context, createOrUpdate upsert.CreateOrUpdateFN, hcluster *hyperv1.HostedCluster, hcp *hyperv1.HostedControlPlane, version semver.Version, controlPlaneOperatorAppliesManagementKASNetworkPolicyLabel bool) error { +func (r *HostedClusterReconciler) reconcileNetworkPolicies(ctx context.Context, log logr.Logger, createOrUpdate upsert.CreateOrUpdateFN, hcluster *hyperv1.HostedCluster, hcp *hyperv1.HostedControlPlane, version semver.Version, controlPlaneOperatorAppliesManagementKASNetworkPolicyLabel bool) error { controlPlaneNamespaceName := manifests.HostedControlPlaneNamespace(hcluster.Namespace, hcluster.Name) // Reconcile openshift-ingress Network Policy @@ -123,7 +124,7 @@ func (r *HostedClusterReconciler) reconcileNetworkPolicies(ctx context.Context, // network policy is being set on centralized infra only, not on external infra policy = networkpolicy.VirtLauncherNetworkPolicy(controlPlaneNamespaceName) if _, err := createOrUpdate(ctx, r.Client, policy, func() error { - return reconcileVirtLauncherNetworkPolicy(policy, hcluster, managementClusterNetwork) + return reconcileVirtLauncherNetworkPolicy(log, policy, hcluster, managementClusterNetwork) }); err != nil { return fmt.Errorf("failed to reconcile virt launcher policy: %w", err) } @@ -512,7 +513,7 @@ func addToBlockedNetworks(network string, blockedIPv4Networks []string, blockedI return blockedIPv4Networks, blockedIPv6Networks } -func reconcileVirtLauncherNetworkPolicy(policy *networkingv1.NetworkPolicy, hcluster *hyperv1.HostedCluster, managementClusterNetwork *configv1.Network) error { +func reconcileVirtLauncherNetworkPolicy(log logr.Logger, policy *networkingv1.NetworkPolicy, hcluster *hyperv1.HostedCluster, managementClusterNetwork *configv1.Network) error { protocolTCP := corev1.ProtocolTCP protocolUDP := corev1.ProtocolUDP protocolSCTP := corev1.ProtocolSCTP @@ -641,7 +642,8 @@ func reconcileVirtLauncherNetworkPolicy(policy *networkingv1.NetworkPolicy, hclu } else if utilsnet.IsIPv6String(nodeAddress) { prefixLength = 128 } else { - return fmt.Errorf("could not determine if %s is an IPv4 or IPv6 address", nodeAddress) + log.Info(fmt.Sprintf("could not determine if %s is an IPv4 or IPv6 address, skipping virt-launcher network policy for service %q", nodeAddress, hcService.Type)) + continue } parsedNodeAddress, err := netip.ParseAddr(nodeAddress) if err != nil {