From 4b3d0d028b884faf301e0250a5f4f995f765bd2b Mon Sep 17 00:00:00 2001 From: Pablo Acevedo Montserrat Date: Wed, 3 Jul 2024 14:40:26 +0200 Subject: [PATCH 1/8] USHIFT-3478: Add dual stack capabilities to kube-controller-manager --- pkg/controllers/kube-controller-manager.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkg/controllers/kube-controller-manager.go b/pkg/controllers/kube-controller-manager.go index 28604916de..17e6c071f2 100644 --- a/pkg/controllers/kube-controller-manager.go +++ b/pkg/controllers/kube-controller-manager.go @@ -88,7 +88,8 @@ func configure(ctx context.Context, cfg *config.Config) (args []string, applyFn "authorization-kubeconfig": {kubeConfig}, "service-account-private-key-file": {kcmServiceAccountPrivateKeyFile()}, "allocate-node-cidrs": {"true"}, - "cluster-cidr": {cfg.Network.ClusterNetwork[0]}, + "cluster-cidr": {strings.Join(cfg.Network.ClusterNetwork, ",")}, + "service-cluster-ip-range": {strings.Join(cfg.Network.ServiceNetwork, ",")}, "root-ca-file": {kcmRootCAFile()}, "secure-port": {"10257"}, "leader-elect": {"false"}, From 8518930ba40be05c21b7d751954e79c084f3ed80 Mon Sep 17 00:00:00 2001 From: Pablo Acevedo Montserrat Date: Wed, 3 Jul 2024 14:55:02 +0200 Subject: [PATCH 2/8] USHIFT-3478: Add dual stack capabilities to apiserver --- pkg/controllers/kube-apiserver.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkg/controllers/kube-apiserver.go b/pkg/controllers/kube-apiserver.go index 71ad65c64e..abac1d915e 100644 --- a/pkg/controllers/kube-apiserver.go +++ b/pkg/controllers/kube-apiserver.go @@ -25,6 +25,7 @@ import ( "os" "path/filepath" "strconv" + "strings" "time" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -188,6 +189,7 @@ func (s *KubeAPIServer) configure(cfg *config.Config) error { // limitations. For this, we prefer using names and IPs as a fallback, supporting both single // and multi node. "kubelet-preferred-address-types": {"Hostname", "InternalIP"}, + "service-cluster-ip-range": {strings.Join(cfg.Network.ServiceNetwork, ",")}, "proxy-client-cert-file": {cryptomaterial.ClientCertPath(aggregatorClientCertDir)}, "proxy-client-key-file": {cryptomaterial.ClientKeyPath(aggregatorClientCertDir)}, @@ -250,7 +252,6 @@ func (s *KubeAPIServer) configure(cfg *config.Config) error { ServiceAccountPublicKeyFiles: []string{ filepath.Join(config.DataDir, "/resources/kube-apiserver/secrets/service-account-key/service-account.pub"), }, - ServicesSubnet: cfg.Network.ServiceNetwork[0], ServicesNodePortRange: cfg.Network.ServiceNodePortRange, } From cdd0c4022ded023302c48f7c745e0d9f6ca523b5 Mon Sep 17 00:00:00 2001 From: Pablo Acevedo Montserrat Date: Wed, 3 Jul 2024 15:12:52 +0200 Subject: [PATCH 3/8] USHIFT-3478: render multiple networks for assets variables --- pkg/components/render.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkg/components/render.go b/pkg/components/render.go index 4f5f83f192..3aa19abe62 100755 --- a/pkg/components/render.go +++ b/pkg/components/render.go @@ -5,6 +5,7 @@ import ( "crypto/sha256" "fmt" "path/filepath" + "strings" "text/template" "sigs.k8s.io/yaml" @@ -25,8 +26,8 @@ func renderParamsFromConfig(cfg *config.Config, extra assets.RenderParams) asset "ReleaseImage": release.Image, "NodeName": cfg.CanonicalNodeName(), "NodeIP": cfg.Node.NodeIP, - "ClusterCIDR": cfg.Network.ClusterNetwork[0], - "ServiceCIDR": cfg.Network.ServiceNetwork[0], + "ClusterCIDR": strings.Join(cfg.Network.ClusterNetwork, ","), + "ServiceCIDR": strings.Join(cfg.Network.ServiceNetwork, ","), "ClusterDNS": cfg.Network.DNS, "BaseDomain": cfg.DNS.BaseDomain, } From 570a5da37960030d3270e46d9a6993db01012835 Mon Sep 17 00:00:00 2001 From: Pablo Acevedo Montserrat Date: Tue, 9 Jul 2024 12:19:02 +0200 Subject: [PATCH 4/8] USHIFT-3478: Add advertiseAddresses to config pkg --- pkg/config/apiserver.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/pkg/config/apiserver.go b/pkg/config/apiserver.go index 31a8349889..32d18ed13c 100644 --- a/pkg/config/apiserver.go +++ b/pkg/config/apiserver.go @@ -20,6 +20,18 @@ type ApiServer struct { // The URL and Port of the API server cannot be changed by the user. URL string `json:"-"` Port int `json:"-"` + + // In dual stack mode, ovnk requires ovn.OVNGatewayInterface to have one IP + // per family or else it wont start. When configuring advertiseAddress, + // whether that is manual or automatic, this IP is configured in that + // bridge afterwards in node package. Since there is only one IP, ovnk will + // return an error complaining about the other IP family for the secondary + // cluster/service network gateway. This variable holds all the different + // IP addresses that ovn.OVNGatewayInterface needs. Note that this IP is + // not configurable by users and it will not be used for apiserver + // advertising because of dual stack limitations there. This is only to + // make ovnk work properly. + AdvertiseAddresses []string `json:"-"` } // NamedCertificateEntry provides certificate details From 1b6b64ccea9393f0741a30bae7d9318aadae663c Mon Sep 17 00:00:00 2001 From: Pablo Acevedo Montserrat Date: Tue, 9 Jul 2024 13:08:06 +0200 Subject: [PATCH 5/8] USHIFT-3478: Add logic to advertiseAddresses --- pkg/config/config.go | 66 +++++++++++++++++++------- pkg/controllers/kube-apiserver.go | 4 +- pkg/node/netconfig.go | 77 ++++++++++++++++++------------- 3 files changed, 96 insertions(+), 51 deletions(-) diff --git a/pkg/config/config.go b/pkg/config/config.go index 910ced5afd..72e6ae4ec2 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -294,25 +294,30 @@ func (c *Config) updateComputedValues() error { // If we have no advertise address, pick one. if len(c.ApiServer.AdvertiseAddress) == 0 { - // unchecked error because this was done when getting cluster DNS - _, svcNet, _ := net.ParseCIDR(c.Network.ServiceNetwork[0]) // Since the KAS advertise address was not provided we will default to the // next immediate subnet after the service CIDR. This is due to the fact // that using the actual apiserver service IP as an endpoint slice breaks // host network pods trying to reach apiserver, as the VIP 10.43.0.1:443 is // not translated to 10.43.0.1:6443. It remains unchanged and therefore // connects to the ingress router instead, triggering all sorts of errors. - prefix := 32 - if svcNet.IP.To4() == nil { - prefix = 128 + ip, err := firstIPFromNextSubnet(c.Network.ServiceNetwork[0]) + if err != nil { + return fmt.Errorf("unable to compute AdvertiseAddress: %s", err) } - nextSubnet, exceed := cidr.NextSubnet(svcNet, prefix) - if exceed { - return fmt.Errorf("unable to compute next subnet from service CIDR") + c.ApiServer.AdvertiseAddress = ip + } + + // Use this variable instead, as we may be in dual stack ip an need to + // configure one extra IP address in the ovn gateway interface. Pick + // the IP family that was not used for the advertise address and add + // the first valid IP for the next subnet. + c.ApiServer.AdvertiseAddresses = []string{c.ApiServer.AdvertiseAddress} + if c.IsIPv4() && c.IsIPv6() { + ip, err := firstIPFromNextSubnet(c.Network.ServiceNetwork[1]) + if err != nil { + return fmt.Errorf("unable to compute secondary address for br-ex: %s", err) } - // First and last are the same because of the /32 netmask. - firstValidIP, _ := cidr.AddressRange(nextSubnet) - c.ApiServer.AdvertiseAddress = firstValidIP.String() + c.ApiServer.AdvertiseAddresses = append(c.ApiServer.AdvertiseAddresses, ip) } c.computeLoggingSetting() @@ -379,9 +384,14 @@ func (c *Config) validate() error { "openshift.default", "openshift.default.svc", "openshift.default.svc.cluster.local", - c.ApiServer.AdvertiseAddress, ) { - return fmt.Errorf("subjectAltNames must not contain apiserver kubernetes service names or IPs") + return fmt.Errorf("subjectAltNames must not contain kubernetes service names") + } + if stringSliceContains( + c.ApiServer.SubjectAltNames, + c.ApiServer.AdvertiseAddresses..., + ) { + return fmt.Errorf("subjectAltNames must not contain apiserver advertise address IPs") } } @@ -391,6 +401,13 @@ func (c *Config) validate() error { ) } + if c.ApiServer.SkipInterface { + err := checkAdvertiseAddressConfigured(c.ApiServer.AdvertiseAddresses[0]) + if err != nil { + return err + } + } + switch c.Ingress.Status { case StatusManaged, StatusRemoved: default: @@ -411,7 +428,7 @@ func (c *Config) validate() error { } if len(c.Ingress.ListenAddress) != 0 { - if err := validateRouterListenAddress(c.Ingress.ListenAddress, c.ApiServer.AdvertiseAddress, c.ApiServer.SkipInterface, c.IsIPv4(), c.IsIPv6()); err != nil { + if err := validateRouterListenAddress(c.Ingress.ListenAddress, c.ApiServer.AdvertiseAddresses, c.ApiServer.SkipInterface, c.IsIPv4(), c.IsIPv6()); err != nil { return fmt.Errorf("error validating ingress.listenAddress: %w", err) } } @@ -495,7 +512,7 @@ func checkAdvertiseAddressConfigured(advertiseAddress string) error { return fmt.Errorf("Advertise address: %s not present in any interface", advertiseAddress) } -func validateRouterListenAddress(ingressListenAddresses []string, advertiseAddress string, skipInterface, ipv4, ipv6 bool) error { +func validateRouterListenAddress(ingressListenAddresses []string, advertiseAddresses []string, skipInterface bool, ipv4, ipv6 bool) error { addresses, err := AllowedListeningIPAddresses(ipv4, ipv6) if err != nil { return err @@ -505,7 +522,7 @@ func validateRouterListenAddress(ingressListenAddresses []string, advertiseAddre return err } for _, entry := range ingressListenAddresses { - if entry == advertiseAddress && !skipInterface { + if slices.Contains(advertiseAddresses, entry) && !skipInterface { continue } ip := net.ParseIP(entry) @@ -666,3 +683,20 @@ func validateNetworkStack(cfg *Config) error { } return nil } + +func firstIPFromNextSubnet(subnet string) (string, error) { + _, svcNet, err := net.ParseCIDR(subnet) + if err != nil { + return "", err + } + prefix := 32 + if svcNet.IP.To4() == nil { + prefix = 128 + } + nextSubnet, exceed := cidr.NextSubnet(svcNet, prefix) + if exceed { + return "", fmt.Errorf("unable to compute next subnet from service CIDR") + } + firstValidIP, _ := cidr.AddressRange(nextSubnet) + return firstValidIP.String(), nil +} diff --git a/pkg/controllers/kube-apiserver.go b/pkg/controllers/kube-apiserver.go index abac1d915e..74e333ad44 100644 --- a/pkg/controllers/kube-apiserver.go +++ b/pkg/controllers/kube-apiserver.go @@ -114,7 +114,7 @@ func (s *KubeAPIServer) configure(cfg *config.Config) error { s.masterURL = cfg.ApiServer.URL s.servingCAPath = cryptomaterial.ServiceAccountTokenCABundlePath(certsDir) - s.advertiseAddress = cfg.ApiServer.AdvertiseAddress + s.advertiseAddress = cfg.ApiServer.AdvertiseAddresses[0] namedCerts := []configv1.NamedCertificate{ { @@ -139,7 +139,7 @@ func (s *KubeAPIServer) configure(cfg *config.Config) error { if len(cfg.ApiServer.NamedCertificates) > 0 { for _, namedCertsCfg := range cfg.ApiServer.NamedCertificates { //Validate the cert is non-destructive - certAllowed, err := util.IsCertAllowed(cfg.ApiServer.AdvertiseAddress, cfg.Network.ClusterNetwork, cfg.Network.ServiceNetwork, namedCertsCfg.CertPath, namedCertsCfg.Names) + certAllowed, err := util.IsCertAllowed(cfg.ApiServer.AdvertiseAddresses[0], cfg.Network.ClusterNetwork, cfg.Network.ServiceNetwork, namedCertsCfg.CertPath, namedCertsCfg.Names) if err != nil { klog.Warningf("Failed to read NamedCertificate from %s - ignoring: %v", namedCertsCfg.CertPath, err) continue diff --git a/pkg/node/netconfig.go b/pkg/node/netconfig.go index b6bf53efc2..d3beff3d39 100644 --- a/pkg/node/netconfig.go +++ b/pkg/node/netconfig.go @@ -36,7 +36,7 @@ const ( ) type NetworkConfiguration struct { - kasAdvertiseAddress string + kasAdvertiseAddresses []string skipInterfaceConfiguration bool } @@ -50,7 +50,7 @@ func (n *NetworkConfiguration) Name() string { return componentNetwork func (n *NetworkConfiguration) Dependencies() []string { return []string{} } func (n *NetworkConfiguration) configure(cfg *config.Config) { - n.kasAdvertiseAddress = cfg.ApiServer.AdvertiseAddress + n.kasAdvertiseAddresses = cfg.ApiServer.AdvertiseAddresses n.skipInterfaceConfiguration = cfg.ApiServer.SkipInterface } @@ -88,24 +88,31 @@ func (n *NetworkConfiguration) addServiceIPLoopback() error { return err } } - prefix := 32 - if net.ParseIP(n.kasAdvertiseAddress).To4() == nil { - prefix = 128 - } - address, err := netlink.ParseAddr(fmt.Sprintf("%s/%d", n.kasAdvertiseAddress, prefix)) - if err != nil { - return err - } - existing, err := netlink.AddrList(link, netlink.FAMILY_ALL) - if err != nil { - return err - } - for _, existingAddress := range existing { - if address.Equal(existingAddress) { - return nil + + for _, entry := range n.kasAdvertiseAddresses { + prefix := 32 + if net.ParseIP(entry).To4() == nil { + prefix = 128 + } + address, err := netlink.ParseAddr(fmt.Sprintf("%s/%d", entry, prefix)) + if err != nil { + return err + } + existing, err := netlink.AddrList(link, netlink.FAMILY_ALL) + if err != nil { + return err + } + for _, existingAddress := range existing { + if address.Equal(existingAddress) { + return nil + } + } + if err := netlink.AddrAdd(link, address); err != nil { + return err } } - return netlink.AddrAdd(link, address) + + return nil } func (n *NetworkConfiguration) removeServiceIPLoopback() error { @@ -119,21 +126,25 @@ func (n *NetworkConfiguration) removeServiceIPLoopback() error { return err } } - prefix := 32 - if net.ParseIP(n.kasAdvertiseAddress).To4() == nil { - prefix = 128 - } - address, err := netlink.ParseAddr(fmt.Sprintf("%s/%d", n.kasAdvertiseAddress, prefix)) - if err != nil { - return err - } - existing, err := netlink.AddrList(link, netlink.FAMILY_ALL) - if err != nil { - return err - } - for _, existingAddress := range existing { - if address.Equal(existingAddress) { - return netlink.AddrDel(link, address) + for _, entry := range n.kasAdvertiseAddresses { + prefix := 32 + if net.ParseIP(entry).To4() == nil { + prefix = 128 + } + address, err := netlink.ParseAddr(fmt.Sprintf("%s/%d", entry, prefix)) + if err != nil { + return err + } + existing, err := netlink.AddrList(link, netlink.FAMILY_ALL) + if err != nil { + return err + } + for _, existingAddress := range existing { + if address.Equal(existingAddress) { + if err := netlink.AddrDel(link, address); err != nil { + return err + } + } } } return nil From 79e8130e9b78de51a519a3980a98dce844c0813e Mon Sep 17 00:00:00 2001 From: Pablo Acevedo Montserrat Date: Tue, 9 Jul 2024 13:26:00 +0200 Subject: [PATCH 6/8] USHIFT-3478: Fix kube-controller-manager unit test --- pkg/controllers/kube-controller-manager_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/controllers/kube-controller-manager_test.go b/pkg/controllers/kube-controller-manager_test.go index d935e9e0a0..73a1cfc73e 100644 --- a/pkg/controllers/kube-controller-manager_test.go +++ b/pkg/controllers/kube-controller-manager_test.go @@ -69,6 +69,7 @@ func TestConfigure(t *testing.T) { fmt.Sprintf("--root-ca-file=%s", kcmRootCAFile()), "--secure-port=10257", fmt.Sprintf("--service-account-private-key-file=%s", kcmServiceAccountPrivateKeyFile()), + fmt.Sprintf("--service-cluster-ip-range=%s", cfg.Network.ServiceNetwork[0]), fmt.Sprintf("--tls-cipher-suites=%s", strings.Join(crypto.OpenSSLToIANACipherSuites(fixedTLSProfile.Ciphers), ",")), fmt.Sprintf("--tls-min-version=%s", string(fixedTLSProfile.MinTLSVersion)), "--use-service-account-credentials=true", From 815fc8f22b5dc6b378a67457ae6d9a54c32db1ac Mon Sep 17 00:00:00 2001 From: Pablo Acevedo Montserrat Date: Tue, 9 Jul 2024 15:04:59 +0200 Subject: [PATCH 7/8] USHIFT-3478: etcd vendor --- .../microshift/pkg/config/apiserver.go | 12 ++++ .../openshift/microshift/pkg/config/config.go | 66 ++++++++++++++----- 2 files changed, 62 insertions(+), 16 deletions(-) diff --git a/etcd/vendor/github.com/openshift/microshift/pkg/config/apiserver.go b/etcd/vendor/github.com/openshift/microshift/pkg/config/apiserver.go index 31a8349889..32d18ed13c 100644 --- a/etcd/vendor/github.com/openshift/microshift/pkg/config/apiserver.go +++ b/etcd/vendor/github.com/openshift/microshift/pkg/config/apiserver.go @@ -20,6 +20,18 @@ type ApiServer struct { // The URL and Port of the API server cannot be changed by the user. URL string `json:"-"` Port int `json:"-"` + + // In dual stack mode, ovnk requires ovn.OVNGatewayInterface to have one IP + // per family or else it wont start. When configuring advertiseAddress, + // whether that is manual or automatic, this IP is configured in that + // bridge afterwards in node package. Since there is only one IP, ovnk will + // return an error complaining about the other IP family for the secondary + // cluster/service network gateway. This variable holds all the different + // IP addresses that ovn.OVNGatewayInterface needs. Note that this IP is + // not configurable by users and it will not be used for apiserver + // advertising because of dual stack limitations there. This is only to + // make ovnk work properly. + AdvertiseAddresses []string `json:"-"` } // NamedCertificateEntry provides certificate details diff --git a/etcd/vendor/github.com/openshift/microshift/pkg/config/config.go b/etcd/vendor/github.com/openshift/microshift/pkg/config/config.go index 910ced5afd..72e6ae4ec2 100644 --- a/etcd/vendor/github.com/openshift/microshift/pkg/config/config.go +++ b/etcd/vendor/github.com/openshift/microshift/pkg/config/config.go @@ -294,25 +294,30 @@ func (c *Config) updateComputedValues() error { // If we have no advertise address, pick one. if len(c.ApiServer.AdvertiseAddress) == 0 { - // unchecked error because this was done when getting cluster DNS - _, svcNet, _ := net.ParseCIDR(c.Network.ServiceNetwork[0]) // Since the KAS advertise address was not provided we will default to the // next immediate subnet after the service CIDR. This is due to the fact // that using the actual apiserver service IP as an endpoint slice breaks // host network pods trying to reach apiserver, as the VIP 10.43.0.1:443 is // not translated to 10.43.0.1:6443. It remains unchanged and therefore // connects to the ingress router instead, triggering all sorts of errors. - prefix := 32 - if svcNet.IP.To4() == nil { - prefix = 128 + ip, err := firstIPFromNextSubnet(c.Network.ServiceNetwork[0]) + if err != nil { + return fmt.Errorf("unable to compute AdvertiseAddress: %s", err) } - nextSubnet, exceed := cidr.NextSubnet(svcNet, prefix) - if exceed { - return fmt.Errorf("unable to compute next subnet from service CIDR") + c.ApiServer.AdvertiseAddress = ip + } + + // Use this variable instead, as we may be in dual stack ip an need to + // configure one extra IP address in the ovn gateway interface. Pick + // the IP family that was not used for the advertise address and add + // the first valid IP for the next subnet. + c.ApiServer.AdvertiseAddresses = []string{c.ApiServer.AdvertiseAddress} + if c.IsIPv4() && c.IsIPv6() { + ip, err := firstIPFromNextSubnet(c.Network.ServiceNetwork[1]) + if err != nil { + return fmt.Errorf("unable to compute secondary address for br-ex: %s", err) } - // First and last are the same because of the /32 netmask. - firstValidIP, _ := cidr.AddressRange(nextSubnet) - c.ApiServer.AdvertiseAddress = firstValidIP.String() + c.ApiServer.AdvertiseAddresses = append(c.ApiServer.AdvertiseAddresses, ip) } c.computeLoggingSetting() @@ -379,9 +384,14 @@ func (c *Config) validate() error { "openshift.default", "openshift.default.svc", "openshift.default.svc.cluster.local", - c.ApiServer.AdvertiseAddress, ) { - return fmt.Errorf("subjectAltNames must not contain apiserver kubernetes service names or IPs") + return fmt.Errorf("subjectAltNames must not contain kubernetes service names") + } + if stringSliceContains( + c.ApiServer.SubjectAltNames, + c.ApiServer.AdvertiseAddresses..., + ) { + return fmt.Errorf("subjectAltNames must not contain apiserver advertise address IPs") } } @@ -391,6 +401,13 @@ func (c *Config) validate() error { ) } + if c.ApiServer.SkipInterface { + err := checkAdvertiseAddressConfigured(c.ApiServer.AdvertiseAddresses[0]) + if err != nil { + return err + } + } + switch c.Ingress.Status { case StatusManaged, StatusRemoved: default: @@ -411,7 +428,7 @@ func (c *Config) validate() error { } if len(c.Ingress.ListenAddress) != 0 { - if err := validateRouterListenAddress(c.Ingress.ListenAddress, c.ApiServer.AdvertiseAddress, c.ApiServer.SkipInterface, c.IsIPv4(), c.IsIPv6()); err != nil { + if err := validateRouterListenAddress(c.Ingress.ListenAddress, c.ApiServer.AdvertiseAddresses, c.ApiServer.SkipInterface, c.IsIPv4(), c.IsIPv6()); err != nil { return fmt.Errorf("error validating ingress.listenAddress: %w", err) } } @@ -495,7 +512,7 @@ func checkAdvertiseAddressConfigured(advertiseAddress string) error { return fmt.Errorf("Advertise address: %s not present in any interface", advertiseAddress) } -func validateRouterListenAddress(ingressListenAddresses []string, advertiseAddress string, skipInterface, ipv4, ipv6 bool) error { +func validateRouterListenAddress(ingressListenAddresses []string, advertiseAddresses []string, skipInterface bool, ipv4, ipv6 bool) error { addresses, err := AllowedListeningIPAddresses(ipv4, ipv6) if err != nil { return err @@ -505,7 +522,7 @@ func validateRouterListenAddress(ingressListenAddresses []string, advertiseAddre return err } for _, entry := range ingressListenAddresses { - if entry == advertiseAddress && !skipInterface { + if slices.Contains(advertiseAddresses, entry) && !skipInterface { continue } ip := net.ParseIP(entry) @@ -666,3 +683,20 @@ func validateNetworkStack(cfg *Config) error { } return nil } + +func firstIPFromNextSubnet(subnet string) (string, error) { + _, svcNet, err := net.ParseCIDR(subnet) + if err != nil { + return "", err + } + prefix := 32 + if svcNet.IP.To4() == nil { + prefix = 128 + } + nextSubnet, exceed := cidr.NextSubnet(svcNet, prefix) + if exceed { + return "", fmt.Errorf("unable to compute next subnet from service CIDR") + } + firstValidIP, _ := cidr.AddressRange(nextSubnet) + return firstValidIP.String(), nil +} From 34ffe87b8893b56c11f9bf0f959aba786d82418c Mon Sep 17 00:00:00 2001 From: Pablo Acevedo Montserrat Date: Tue, 9 Jul 2024 17:31:04 +0200 Subject: [PATCH 8/8] USHIFT-3478: fmt update --- pkg/node/netconfig.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/node/netconfig.go b/pkg/node/netconfig.go index d3beff3d39..35a5ca6664 100644 --- a/pkg/node/netconfig.go +++ b/pkg/node/netconfig.go @@ -36,7 +36,7 @@ const ( ) type NetworkConfiguration struct { - kasAdvertiseAddresses []string + kasAdvertiseAddresses []string skipInterfaceConfiguration bool }