Add gateway validation unit for CAPO

Cristian Mandarequested to merge
cm-validate-gw into main

This MR adds a validation unit to check if the networks configured on CAPO nodes provide no/multiple default gateways and fails early if they do.

In order to achieve this it will create one network.openstack.k-orc.cloud object for each additional network used, get the subnets from the status, create one subnet.openstack.k-orc.cloud for each of them to get the details and count the number of resulting gateways.

Tested locally with an md having an additional subnet with default gateway it returns:

[git:cm-validate-gw]root@jump:sylva-core# kubectl logs capo-gateway-validation-2t7l7
Creating Network CRD: capo-network-0 76759c52-f180-4931-ade6-063bfb332006
network.openstack.k-orc.cloud/capo-network-0 created
Creating Network CRD: capo-network-1 6cc58116-f0d2-434f-80ed-5b6b4b207d39
network.openstack.k-orc.cloud/capo-network-1 created
Waiting for Network CRDs to be ready...
network.openstack.k-orc.cloud/capo-network-0 condition met
network.openstack.k-orc.cloud/capo-network-1 condition met
Processing Network: capo-network-0
Found subnets: f0c81ddd-5fff-43e0-a908-46d3f8e8a894
Creating Subnet CRD: capo-network-0-subnet-f0c81ddd
subnet.openstack.k-orc.cloud/capo-network-0-subnet-f0c81ddd created
Waiting for Subnet CRDs to be ready...
subnet.openstack.k-orc.cloud/capo-network-0-subnet-f0c81ddd condition met
Checking for gateway IPs...
Subnet capo-network-0-subnet-f0c81ddd has gateway IP: 192.168.16.1

Processing Network: capo-network-1
Found subnets: 3f9f2804-0a56-4238-b341-2df9e3604ec8
Creating Subnet CRD: capo-network-1-subnet-3f9f2804
subnet.openstack.k-orc.cloud/capo-network-1-subnet-3f9f2804 created
Waiting for Subnet CRDs to be ready...
subnet.openstack.k-orc.cloud/capo-network-0-subnet-f0c81ddd condition met
subnet.openstack.k-orc.cloud/capo-network-1-subnet-3f9f2804 condition met
Checking for gateway IPs...
Subnet capo-network-0-subnet-f0c81ddd has gateway IP: 192.168.16.1
Subnet capo-network-1-subnet-3f9f2804 has gateway IP: 10.10.10.1


ERROR: None or multiple networks have default gateway set (2 found)
cleaning up temp dir...
cleaning up Network/Subnet resources...
subnet.openstack.k-orc.cloud "capo-network-0-subnet-f0c81ddd" deleted
subnet.openstack.k-orc.cloud "capo-network-1-subnet-3f9f2804" deleted
network.openstack.k-orc.cloud "capo-network-0" deleted
network.openstack.k-orc.cloud "capo-network-1" deleted

Closes #3062 (closed)

CI configuration

Below you can choose test deployment variants to run in this MR's CI.

Click to open to CI configuration

Legend:

Icon Meaning Available values
☁️ Infra Provider capd, capo, capm3
🚀 Bootstrap Provider kubeadm (alias kadm), rke2, okd, ck8s
🐧 Node OS ubuntu, suse, na, leapmicro
🛠️ Deployment Options light-deploy, dev-sources, ha, misc, maxsurge-0, logging, no-logging, cilium
🎬 Pipeline Scenarios Available scenario list and description
🟢 Enabled units Any available units name, by default apply to management and workload cluster. Can be prefixed by mgmt: or wkld: to be applied only to a specific cluster type

  • 🎬 preview ☁️ capd 🚀 kadm 🐧 ubuntu

  • 🎬 preview ☁️ capo 🚀 rke2 🐧 suse

  • 🎬 preview ☁️ capm3 🚀 rke2 🐧 ubuntu

  • ☁️ capd 🚀 kadm 🛠️ light-deploy 🐧 ubuntu

  • ☁️ capd 🚀 rke2 🛠️ light-deploy 🐧 suse

  • ☁️ capo 🚀 rke2 🐧 suse

  • ☁️ capo 🚀 rke2 🐧 leapmicro

  • ☁️ capo 🚀 kadm 🐧 ubuntu

  • ☁️ capo 🚀 kadm 🐧 ubuntu 🟢 neuvector,mgmt:harbor

  • ☁️ capo 🚀 rke2 🎬 rolling-update 🛠️ ha 🐧 ubuntu

  • ☁️ capo 🚀 kadm 🎬 wkld-k8s-upgrade 🐧 ubuntu

  • ☁️ capo 🚀 rke2 🎬 rolling-update-no-wkld 🛠️ ha 🐧 suse

  • ☁️ capo 🚀 rke2 🎬 sylva-upgrade-from-1.5.x 🛠️ ha 🐧 ubuntu

  • ☁️ capo 🚀 rke2 🎬 sylva-upgrade-from-1.5.x 🛠️ ha,misc 🐧 ubuntu

  • ☁️ capo 🚀 rke2 🛠️ ha,misc 🐧 ubuntu

  • ☁️ capo 🚀 rke2 🛠️ ha,misc🐧 suse

  • ☁️ capm3 🚀 rke2 🐧 suse

  • ☁️ capm3 🚀 kadm 🐧 ubuntu

  • ☁️ capm3 🚀 ck8s 🐧 ubuntu

  • ☁️ capm3 🚀 kadm 🎬 rolling-update-no-wkld 🛠️ ha,misc 🐧 ubuntu

  • ☁️ capm3 🚀 rke2 🎬 wkld-k8s-upgrade 🛠️ ha 🐧 suse

  • ☁️ capm3 🚀 kadm 🎬 rolling-update 🛠️ ha 🐧 ubuntu

  • ☁️ capm3 🚀 rke2 🎬 sylva-upgrade-from-1.5.x 🛠️ ha 🐧 suse

  • ☁️ capm3 🚀 rke2 🛠️ misc,ha 🐧 suse

  • ☁️ capm3 🚀 rke2 🎬 sylva-upgrade-from-1.5.x 🛠️ ha,misc 🐧 suse

  • ☁️ capm3 🚀 kadm 🎬 rolling-update 🛠️ ha 🐧 suse

  • ☁️ capm3 🚀 ck8s 🎬 rolling-update 🛠️ ha 🐧 ubuntu

  • ☁️ capm3 🚀 rke2|okd 🎬 no-update 🐧 ubuntu|na

Global config for deployment pipelines

  • autorun pipelines
  • allow failure on pipelines
  • record sylvactl events

Notes:

  • Enabling autorun will make deployment pipelines to be run automatically without human interaction
  • Disabling allow failure will make deployment pipelines mandatory for pipeline success.
  • if both autorun and allow failure are disabled, deployment pipelines will need manual triggering but will be blocking the pipeline

Be aware: after configuration change, pipeline is not triggered automatically. Please run it manually (by clicking the run pipeline button in Pipelines tab) or push new code.

Edited by Cristian Manda

Merge request reports