Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: validates NUTANIX_ENDPOINT does not fall in the Load Balancer IP Range #996

Closed
wants to merge 3 commits into from
Closed

fix: validates NUTANIX_ENDPOINT does not fall in the Load Balancer IP Range #996

wants to merge 3 commits into from

Conversation

manoj-nutanix
Copy link
Contributor

webhook errors out if NUTANIX_ENDPOINT IP falls in Load Balancer IP Range. It only implements dumb check which compares PC IP with Load Balancer IP Range. It's complex to achieve with CEL so going with webhook as we'll need to use regex(isIP() func is not working for cluster variables) to extract IP from PC URL and do string compare which not robust as we can do error handling through webhook.

What problem does this PR solve?:

Which issue(s) this PR fixes:
Fixes #
https://jira.nutanix.com/browse/NCN-102628

How Has This Been Tested?:

Special notes for your reviewer:

clusterctl generate cluster ${CLUSTER_NAME} \        
  --from ${CLUSTER_FILE} \
  --kubernetes-version ${KUBERNETES_VERSION} \
  --worker-machine-count 1 | \
kubectl apply --server-side -f -
secret/nutanix-cluster-cilium-helm-addonexport-dockerhub-credentials serverside-applied
secret/nutanix-cluster-cilium-helm-addonexport-pc-creds-for-csi serverside-applied
Warning: Detected changes to resource nutanix-cluster-cilium-helm-addonexport-pc-creds which is currently being deleted.
secret/nutanix-cluster-cilium-helm-addonexport-pc-creds serverside-applied
Error from server (Forbidden): admission webhook "cluster-validator.caren.nutanix.com" denied the request: prism central IP "198.18.1.1" must not be part of MetalLB address range "198.18.1.1"-"198.18.1.10"

@github-actions github-actions bot added the fix label Dec 11, 2024
@manoj-nutanix manoj-nutanix mentioned this pull request Dec 11, 2024
Closed
jimmidyson
jimmidyson requested changes Dec 11, 2024
View reviewed changes
Copy link
Member

@jimmidyson jimmidyson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Recently noticed that net/netip has improved functions for parsing IPs (errors instead of nil slices if not an IP!) and netipx has really useful functions for handling ranges.

pkg/helpers/helpers.go Outdated Show resolved Hide resolved
pkg/webhook/cluster/nutanix_validator.go Show resolved Hide resolved
jimmidyson
jimmidyson approved these changes Dec 12, 2024
View reviewed changes
pkg/helpers/helpers.go Show resolved Hide resolved
@manoj-nutanix
Copy link
Contributor Author

Closing this PR in favor of #1001 as forked repos don't have access to github secrets so some e2e tests failing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jimmidyson jimmidyson jimmidyson approved these changes

@dlipovetsky dlipovetsky Awaiting requested review from dlipovetsky

@dkoshkin dkoshkin Awaiting requested review from dkoshkin

Assignees
No one assigned
Labels
fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@manoj-nutanix @jimmidyson