Skip to content

Fix/dynamic ipam#287

Open
ani1609 wants to merge 3 commits intokubeslice:feature-dynamicipamfrom
ani1609:fix/dynamic-ipam
Open

Fix/dynamic ipam#287
ani1609 wants to merge 3 commits intokubeslice:feature-dynamicipamfrom
ani1609:fix/dynamic-ipam

Conversation

@ani1609
Copy link

@ani1609 ani1609 commented Dec 2, 2025

Description

This PR fixes a critical bug where WorkerSliceGateway objects were using calculated subnets (Static IPAM formula) instead of the actual dynamically allocated subnets from SliceIpam resources.

Root Cause: The subnetMap containing dynamically allocated subnets was not propagated from CreateMinimalWorkerSliceConfig() to the gateway service layer, causing gateways to fall back to subnet calculation.

Solution:

  • Modified CreateMinimalWorkerSliceConfig() to return subnetMap alongside clusterMap
  • Updated slice_config_service to capture and pass subnetMap to gateway service
  • Enhanced BuildNetworkAddresses() to prefer allocated subnets over calculated ones
  • Updated vpn_key_rotation_service to reconstruct subnetMap for consistency during rotation

Changes maintain backward compatibility - Static IPAM continues working with fallback to calculated subnets when subnetMap is nil.

Fixes gateway subnet allocation for Dynamic IPAM slices while preserving Static IPAM functionality.

How Has This Been Tested?

  • Unit tests updated and passing for new function signatures
  • Manual validation with complete-gateway-bug-validation.sh
  • Verified Dynamic IPAM allocations propagate correctly to gateways
  • Verified Static IPAM backward compatibility (nil subnetMap handling)
  • Build verification: make build, make generate, make manifests, make generate-mocks

Test Results:

  • SliceIpam allocates unique subnets per cluster (10.50.0.0/24, 10.50.1.0/24)
  • WorkerSliceConfig receives correct allocated subnets
  • WorkerSliceGateway uses actual allocated subnets (not calculated)

Checklist:

  • The title of the PR states what changed and the related issues number (used for the release note).
  • Does this PR requires documentation updates?
  • I've updated documentation as required by this PR.
  • I have performed a self-review of my own code.
  • I have commented my code, particularly in hard-to-understand areas.
  • I have tested it for all user roles.
  • I have added all the required unit test cases.

Does this PR introduce a breaking change for other components like worker-operator?

NO - This is an internal controller fix. Worker-operator continues to work as expected since it relies on the subnet values in WorkerSliceConfig/WorkerSliceGateway specs, which now receive correct values.

@ani1609
fix(): include sliceipams resource in kustomization.yaml
8abe95c 
Signed-off-by: Ankit Kr. Chowdhury <rakesh856100@gmail.com>
@ani1609
feat(): Implement Dynamic IPAM support in SliceConfig and WorkerSlice…
910102d 
… services

Signed-off-by: Ankit Kr. Chowdhury <rakesh856100@gmail.com>
@ani1609
fix(): update mock functions to include subnetMap parameter and adjus…
0d33c83 
…t return values

Signed-off-by: Ankit Kr. Chowdhury <rakesh856100@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@that-backend-guy that-backend-guy Awaiting requested review from that-backend-guy that-backend-guy is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ani1609