suse-edge · dbw7 · Oct 15, 2024 · Oct 16, 2024 · Oct 18, 2024 · Oct 18, 2024
diff --git a/pkg/combustion/helm.go b/pkg/combustion/helm.go
@@ -22,7 +22,7 @@ func ComponentHelmCharts(ctx *image.Context) ([]image.HelmChart, []image.HelmRep
 	var charts []image.HelmChart
 	var repos []image.HelmRepository
 
-	if ctx.ImageDefinition.Kubernetes.Network.APIVIP4 != "" || ctx.ImageDefinition.Kubernetes.Network.APIVIP6 != "" {
+	if ctx.ImageDefinition.Kubernetes.Network.APIVIP != "" {
 		metalLBChart := image.HelmChart{
 			Name:                  ctx.ArtifactSources.MetalLB.Chart,
 			RepositoryName:        metallbRepositoryName,

diff --git a/pkg/combustion/kubernetes.go b/pkg/combustion/kubernetes.go
@@ -3,6 +3,7 @@ package combustion
 import (
 	_ "embed"
 	"fmt"
+	"net/netip"
 	"os"
 	"path/filepath"
 	"strings"
@@ -147,8 +148,7 @@ func (c *Combustion) configureK3S(ctx *image.Context, cluster *kubernetes.Cluste
 
 	templateValues := map[string]any{
 		"installScript":   installScript,
-		"apiVIP4":         ctx.ImageDefinition.Kubernetes.Network.APIVIP4,
-		"apiVIP6":         ctx.ImageDefinition.Kubernetes.Network.APIVIP6,
+		"apiVIP":          ctx.ImageDefinition.Kubernetes.Network.APIVIP,
 		"apiHost":         ctx.ImageDefinition.Kubernetes.Network.APIHost,
 		"binaryPath":      binaryPath,
 		"imagesPath":      imagesPath,
@@ -159,7 +159,7 @@ func (c *Combustion) configureK3S(ctx *image.Context, cluster *kubernetes.Cluste
 
 	singleNode := len(ctx.ImageDefinition.Kubernetes.Nodes) < 2
 	if singleNode {
-		if ctx.ImageDefinition.Kubernetes.Network.APIVIP4 == "" && ctx.ImageDefinition.Kubernetes.Network.APIVIP6 == "" {
+		if ctx.ImageDefinition.Kubernetes.Network.APIVIP == "" {
 			zap.S().Info("Virtual IP address for k3s cluster is not provided and will not be configured")
 		} else {
 			log.Audit("WARNING: A Virtual IP address for the k3s cluster has been provided. " +
@@ -243,8 +243,7 @@ func (c *Combustion) configureRKE2(ctx *image.Context, cluster *kubernetes.Clust
 
 	templateValues := map[string]any{
 		"installScript":   installScript,
-		"apiVIP4":         ctx.ImageDefinition.Kubernetes.Network.APIVIP4,
-		"apiVIP6":         ctx.ImageDefinition.Kubernetes.Network.APIVIP6,
+		"apiVIP":          ctx.ImageDefinition.Kubernetes.Network.APIVIP,
 		"apiHost":         ctx.ImageDefinition.Kubernetes.Network.APIHost,
 		"installPath":     installPath,
 		"imagesPath":      imagesPath,
@@ -255,7 +254,7 @@ func (c *Combustion) configureRKE2(ctx *image.Context, cluster *kubernetes.Clust
 
 	singleNode := len(ctx.ImageDefinition.Kubernetes.Nodes) < 2
 	if singleNode {
-		if ctx.ImageDefinition.Kubernetes.Network.APIVIP4 == "" && ctx.ImageDefinition.Kubernetes.Network.APIVIP6 == "" {
+		if ctx.ImageDefinition.Kubernetes.Network.APIVIP == "" {
 			zap.S().Info("Virtual IP address for RKE2 cluster is not provided and will not be configured")
 		}
 
@@ -318,14 +317,21 @@ func (c *Combustion) downloadRKE2Artefacts(ctx *image.Context, cluster *kubernet
 }
 
 func kubernetesVIPManifest(k *image.Kubernetes) (string, error) {
+	ip, err := netip.ParseAddr(k.Network.APIVIP)
+	if err != nil {
+		return "", fmt.Errorf("parsing kubernetes APIVIP address: %w", err)
+	}
+
 	manifest := struct {
-		APIAddress4 string
-		APIAddress6 string
-		RKE2        bool
+		APIAddress string
+		IsIPV4     bool
+		IsIPV6     bool
+		RKE2       bool
 	}{
-		APIAddress4: k.Network.APIVIP4,
-		APIAddress6: k.Network.APIVIP6,
-		RKE2:        strings.Contains(k.Version, image.KubernetesDistroRKE2),
+		APIAddress: k.Network.APIVIP,
+		IsIPV4:     ip.Is4(),
+		IsIPV6:     ip.Is6(),
+		RKE2:       strings.Contains(k.Version, image.KubernetesDistroRKE2),
 	}
 
 	return template.Parse("k8s-vip", k8sVIPManifest, &manifest)
@@ -371,7 +377,7 @@ func (c *Combustion) configureManifests(ctx *image.Context) (string, error) {
 	manifestsPath := localKubernetesManifestsPath()
 	manifestDestDir := filepath.Join(ctx.ArtefactsDir, manifestsPath)
 
-	if ctx.ImageDefinition.Kubernetes.Network.APIVIP4 != "" || ctx.ImageDefinition.Kubernetes.Network.APIVIP6 != "" {
+	if ctx.ImageDefinition.Kubernetes.Network.APIVIP != "" {
 		if err := os.MkdirAll(manifestDestDir, os.ModePerm); err != nil {
 			return "", fmt.Errorf("creating manifests destination dir: %w", err)
 		}

diff --git a/pkg/combustion/kubernetes_test.go b/pkg/combustion/kubernetes_test.go
@@ -220,7 +220,7 @@ func TestConfigureKubernetes_SuccessfulSingleNodeK3sCluster(t *testing.T) {
 	ctx.ImageDefinition.Kubernetes = image.Kubernetes{
 		Version: "v1.30.3+k3s1",
 		Network: image.Network{
-			APIVIP4: "192.168.122.100",
+			APIVIP:  "192.168.122.100",
 			APIHost: "api.cluster01.hosted.on.edge.suse.com",
 		},
 	}
@@ -293,7 +293,7 @@ func TestConfigureKubernetes_SuccessfulMultiNodeK3sCluster(t *testing.T) {
 		Version: "v1.30.3+k3s1",
 		Network: image.Network{
 			APIHost: "api.cluster01.hosted.on.edge.suse.com",
-			APIVIP4: "192.168.122.100",
+			APIVIP:  "192.168.122.100",
 		},
 		Nodes: []image.Node{
 			{
@@ -423,7 +423,7 @@ func TestConfigureKubernetes_SuccessfulSingleNodeRKE2Cluster(t *testing.T) {
 	ctx.ImageDefinition.Kubernetes = image.Kubernetes{
 		Version: "v1.30.3+rke2r1",
 		Network: image.Network{
-			APIVIP4: "192.168.122.100",
+			APIVIP:  "192.168.122.100",
 			APIHost: "api.cluster01.hosted.on.edge.suse.com",
 		},
 	}
@@ -492,7 +492,7 @@ func TestConfigureKubernetes_SuccessfulMultiNodeRKE2Cluster(t *testing.T) {
 		Version: "v1.30.3+rke2r1",
 		Network: image.Network{
 			APIHost: "api.cluster01.hosted.on.edge.suse.com",
-			APIVIP4: "192.168.122.100",
+			APIVIP:  "192.168.122.100",
 		},
 		Nodes: []image.Node{
 			{
@@ -734,7 +734,7 @@ func TestConfigureKubernetes_SuccessfulRKE2ServerWithManifests(t *testing.T) {
 	ctx.ImageDefinition.Kubernetes = image.Kubernetes{
 		Version: "v1.30.3+rke2r1",
 		Network: image.Network{
-			APIVIP4: "192.168.122.100",
+			APIVIP:  "192.168.122.100",
 			APIHost: "api.cluster01.hosted.on.edge.suse.com",
 		},
 	}
@@ -821,3 +821,47 @@ func TestConfigureKubernetes_SuccessfulRKE2ServerWithManifests(t *testing.T) {
 	assert.Contains(t, contents, "name: my-nginx")
 	assert.Contains(t, contents, "image: nginx:1.14.2")
 }
+
+func TestKubernetesVIPManifestValidIPV4(t *testing.T) {
+	k8s := &image.Kubernetes{
+		Version: "v1.30.3+rke2r1",
+		Network: image.Network{
+			APIVIP: "192.168.1.1",
+		},
+	}
+
+	manifest, err := kubernetesVIPManifest(k8s)
+	require.NoError(t, err)
+
+	assert.Contains(t, manifest, "- 192.168.1.1/32")
+	assert.Contains(t, manifest, "- name: rke2-api")
+}
+
+func TestKubernetesVIPManifestValidIPV6(t *testing.T) {
+	k8s := &image.Kubernetes{
+		Version: "v1.30.3+k3s1",
+		Network: image.Network{
+			APIVIP: "fd12:3456:789a::21",
+		},
+	}
+
+	manifest, err := kubernetesVIPManifest(k8s)
+	require.NoError(t, err)
+	fmt.Println(manifest)
+
+	assert.Contains(t, manifest, "- fd12:3456:789a::21/128")
+	assert.Contains(t, manifest, "- name: k8s-api")
+	assert.NotContains(t, manifest, "rke2")
+}
+
+func TestKubernetesVIPManifestInvalidIP(t *testing.T) {
+	k8s := &image.Kubernetes{
+		Version: "v1.30.3+k3s1",
+		Network: image.Network{
+			APIVIP: "1111",
+		},
+	}
+
+	_, err := kubernetesVIPManifest(k8s)
+	require.ErrorContains(t, err, "parsing kubernetes APIVIP address: ParseAddr(\"1111\"): unable to parse IP")
+}
diff --git a/pkg/combustion/templates/k3s-multi-node-installer.sh.tpl b/pkg/combustion/templates/k3s-multi-node-installer.sh.tpl
@@ -89,12 +89,8 @@ systemctl enable kubernetes-resources-install.service
 {{- end }}
 fi
 
-{{- if and .apiVIP4 .apiHost }}
-echo "{{ .apiVIP4 }} {{ .apiHost }}" >> /etc/hosts
-{{- end }}
-
-{{- if and .apiVIP6 .apiHost }}
-echo "{{ .apiVIP6 }} {{ .apiHost }}" >> /etc/hosts
+{{- if and .apiVIP .apiHost }}
+echo "{{ .apiVIP }} {{ .apiHost }}" >> /etc/hosts
 {{- end }}
 
 mkdir -p /etc/rancher/k3s/

diff --git a/pkg/combustion/templates/k3s-single-node-installer.sh.tpl b/pkg/combustion/templates/k3s-single-node-installer.sh.tpl
@@ -62,12 +62,8 @@ EOF
 systemctl enable kubernetes-resources-install.service
 {{- end }}
 
-{{- if and .apiVIP4 .apiHost }}
-echo "{{ .apiVIP4 }} {{ .apiHost }}" >> /etc/hosts
-{{- end }}
-
-{{- if and .apiVIP6 .apiHost }}
-echo "{{ .apiVIP6 }} {{ .apiHost }}" >> /etc/hosts
+{{- if and .apiVIP .apiHost }}
+echo "{{ .apiVIP }} {{ .apiHost }}" >> /etc/hosts
 {{- end }}
 
 mkdir -p /etc/rancher/k3s/

diff --git a/pkg/combustion/templates/k8s-vip.yaml.tpl b/pkg/combustion/templates/k8s-vip.yaml.tpl
@@ -6,11 +6,11 @@ metadata:
   namespace: metallb-system
 spec:
   addresses:
-  {{- if .APIAddress4 }}
-    - {{ .APIAddress4 }}/32
+  {{- if .IsIPV4 }}
+    - {{ .APIAddress }}/32
   {{- end }}
-  {{- if .APIAddress6 }}
-    - {{ .APIAddress6 }}/128
+  {{- if .IsIPV6 }}
+    - {{ .APIAddress }}/128
   {{- end }}
   avoidBuggyIPs: true
   serviceAllocation:

diff --git a/pkg/combustion/templates/rke2-multi-node-installer.sh.tpl b/pkg/combustion/templates/rke2-multi-node-installer.sh.tpl
@@ -91,14 +91,9 @@ systemctl enable kubernetes-resources-install.service
 {{- end }}
 fi
 
-{{- if and .apiVIP4 .apiHost }}
-echo "{{ .apiVIP4 }} {{ .apiHost }}" >> /etc/hosts
+{{- if and .apiVIP .apiHost }}
+echo "{{ .apiVIP }} {{ .apiHost }}" >> /etc/hosts
 {{- end }}
-
-{{- if and .apiVIP6 .apiHost }}
-echo "{{ .apiVIP6 }} {{ .apiHost }}" >> /etc/hosts
-{{- end }}
-
 mkdir -p /etc/rancher/rke2/
 cp $CONFIGFILE /etc/rancher/rke2/config.yaml
 

diff --git a/pkg/combustion/templates/rke2-single-node-installer.sh.tpl b/pkg/combustion/templates/rke2-single-node-installer.sh.tpl
@@ -64,12 +64,8 @@ EOF
 systemctl enable kubernetes-resources-install.service
 {{- end }}
 
-{{- if and .apiVIP4 .apiHost }}
-echo "{{ .apiVIP4 }} {{ .apiHost }}" >> /etc/hosts
-{{- end }}
-
-{{- if and .apiVIP6 .apiHost }}
-echo "{{ .apiVIP6 }} {{ .apiHost }}" >> /etc/hosts
+{{- if and .apiVIP .apiHost }}
+echo "{{ .apiVIP }} {{ .apiHost }}" >> /etc/hosts
 {{- end }}
 
 mkdir -p /etc/rancher/rke2/

diff --git a/pkg/image/definition.go b/pkg/image/definition.go
@@ -194,8 +194,7 @@ type Kubernetes struct {
 
 type Network struct {
 	APIHost string `yaml:"apiHost"`
-	APIVIP4 string `yaml:"apiVIP"`
-	APIVIP6 string `yaml:"apiVIP6"`
+	APIVIP  string `yaml:"apiVIP"`
 }
 
 type Node struct {

diff --git a/pkg/image/definition_test.go b/pkg/image/definition_test.go
@@ -162,8 +162,7 @@ func TestParse(t *testing.T) {
 	assert.Equal(t, "v1.30.3+rke2r1", kubernetes.Version)
 
 	// Network
-	assert.Equal(t, "192.168.122.100", kubernetes.Network.APIVIP4)
-	assert.Equal(t, "fd12:3456:789a::21", kubernetes.Network.APIVIP6)
+	assert.Equal(t, "192.168.122.100", kubernetes.Network.APIVIP)
 	assert.Equal(t, "api.cluster01.hosted.on.edge.suse.com", kubernetes.Network.APIHost)
 
 	// Nodes

diff --git a/pkg/image/testdata/full-valid-example.yaml b/pkg/image/testdata/full-valid-example.yaml
@@ -83,7 +83,6 @@ kubernetes:
   version: v1.30.3+rke2r1
   network:
     apiVIP: 192.168.122.100
-    apiVIP6: fd12:3456:789a::21
     apiHost: api.cluster01.hosted.on.edge.suse.com
   nodes:
     - hostname: node1.suse.com

diff --git a/pkg/image/validation/kubernetes.go b/pkg/image/validation/kubernetes.go
@@ -115,62 +115,37 @@ func validateNodes(k8s *image.Kubernetes) []FailedValidation {
 
 func validateNetwork(k8s *image.Kubernetes) []FailedValidation {
 	var failures []FailedValidation
+	ip := k8s.Network.APIVIP
 
 	numNodes := len(k8s.Nodes)
 	if numNodes <= 1 {
 		// Single node cluster, node configurations are not required
 		return failures
 	}
 
-	ip4 := k8s.Network.APIVIP4
-	ip6 := k8s.Network.APIVIP6
-
-	if ip4 == "" && ip6 == "" {
+	if ip == "" {
 		failures = append(failures, FailedValidation{
-			UserMessage: "The 'apiVIP' or 'apiVIP6' field is required in the 'network' section when defining entries under 'nodes'.",
+			UserMessage: "The 'apiVIP' field is required in the 'network' section when defining entries under 'nodes'.",
 		})
 	}
 
-	if ip4 != "" {
-		ip, err := netip.ParseAddr(ip4)
-		if err != nil {
-			failures = append(failures, FailedValidation{
-				UserMessage: fmt.Sprintf("Invalid IPV4 address %q for field 'apiVIP'.", ip4),
-				Error:       err,
-			})
-		}
-
-		if !ip.Is4() {
-			failures = append(failures, FailedValidation{
-				UserMessage: fmt.Sprintf("%q is not an IPV4 address, only IPV4 addresses are valid for field 'apiVIP'.", ip4),
-			})
-		}
-
-		if !ip.IsGlobalUnicast() {
-			msg := fmt.Sprintf("Invalid non-unicast cluster API address (%s) for field 'apiVIP'.", ip4)
-			failures = append(failures, FailedValidation{
-				UserMessage: msg,
-			})
-		}
-	}
-
-	if ip6 != "" {
-		ip, err := netip.ParseAddr(ip6)
+	if ip != "" {
+		parsedIP, err := netip.ParseAddr(ip)
 		if err != nil {
 			failures = append(failures, FailedValidation{
-				UserMessage: fmt.Sprintf("Invalid IPV6 address %q for field 'apiVIP6'.", ip6),
+				UserMessage: fmt.Sprintf("Invalid APIVIP address %q for field 'apiVIP'.", ip),
 				Error:       err,
 			})
 		}
 
-		if !ip.Is6() {
+		if !parsedIP.Is4() && !parsedIP.Is6() {
 			failures = append(failures, FailedValidation{
-				UserMessage: fmt.Sprintf("%q is not an IPV6 address, only IPV6 addresses are valid for field 'apiVIP6'.", ip6),
+				UserMessage: fmt.Sprintf("%q is not an IPV4 or IPV6 address, only IPV4 and IPV6 addresses are valid for field 'apiVIP'.", ip),
 			})
 		}
 
-		if !ip.IsGlobalUnicast() {
-			msg := fmt.Sprintf("Invalid non-unicast cluster API address (%s) for field 'apiVIP6'.", ip6)
+		if !parsedIP.IsGlobalUnicast() {
+			msg := fmt.Sprintf("Invalid non-unicast cluster API address (%s) for field 'apiVIP'.", ip)
 			failures = append(failures, FailedValidation{
 				UserMessage: msg,
 			})