USHIFT-6794: Config for Cluster 2 Cluster Communication

[pmtk]

Summary by CodeRabbit

• New Features

  • Added remote-cluster connectivity config: define remote cluster/service CIDRs, next-hop routes, and optional DNS domains; feature enables when remotes are provided and validates conflicts, routing loops, host-interface overlap, and IP-family compatibility.

• Tests

  • Added comprehensive validation and enablement tests covering parsing, overlap detection, uniqueness, mask/cardinality rules, host-interface checks, and DNS validation.

• Documentation

  • Added user config examples showing the new c2cc section.

• Chores

  • Updated configuration schema and packaging defaults to include c2cc.

[openshift-ci-robot]

@pmtk: This pull request references USHIFT-6794 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Adds C2CC remote-cluster types and validation, integrates C2CC into Config (defaults, merge, validation), introduces an overridable host-IP discovery hook, updates OpenAPI schema, docs, packaging, and adds tests covering enablement, sanitization, and extensive validation rules.

Changes

Cohort / File(s)	Summary
C2CC configuration & validation pkg/config/c2cc.go	New exported C2CC and RemoteCluster types, IsEnabled() method, stripEmptyRemoteClusters, host-IP discovery hook (getHostIPs), and comprehensive validation (NextHop/CIDR parsing, min-prefix, overlap/containment, host-IP checks, IP-family rules, domain validation, aggregated errors via errors.Join).
Tests for C2CC pkg/config/c2cc_test.go	New unit tests for enablement, sanitization, and extensive validation scenarios (invalid NextHop/CIDRs, overlaps, duplicates, host-IP containment, family compatibility, domain rules). Stubs getHostIPs for deterministic tests.
Config integration pkg/config/config.go	Added C2CC field to Config; fillDefaults() initializes it; user-merge copies C2CC only when RemoteClusters is non-nil; computed-values step strips empty remotes; validation invokes c.C2CC.validate(cfg) when enabled and wraps errors.
OpenAPI schema cmd/generate-config/config/config-openapi-spec.json	Added top-level c2cc schema and remoteClusters array; per-item schema requires clusterNetwork, nextHop, serviceNetwork, optional domain; c2cc added to required properties.
Docs & packaging docs/user/howto_config.md, packaging/microshift/config.yaml	Documented and added c2cc configuration examples and MicroShift YAML block with remoteClusters entries (clusterNetwork, serviceNetwork, nextHop, optional domain).

Sequence Diagram(s)

sequenceDiagram
    participant User as rgba(52,152,219,0.5) User
    participant Config as rgba(46,204,113,0.5) Config
    participant C2CC as rgba(155,89,182,0.5) C2CC.validate
    participant Host as rgba(241,196,15,0.5) HostIPs
    participant Checker as rgba(231,76,60,0.5) Checks

    User->>Config: provide c2cc settings
    Config->>C2CC: call validate(cfg)
    C2CC->>Host: getHostIPs() (overridable)
    Host-->>C2CC: host interface IPs
    C2CC->>Checker: validate NextHop, CIDRs, domains, overlaps, families
    Checker-->>C2CC: errors / success
    C2CC-->>Config: return aggregated error or nil

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

🚥 Pre-merge checks | ✅ 10 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Test Structure And Quality	❓ Inconclusive	Test file content cannot be accessed to verify Ginkgo test patterns and code quality assertions.	Confirm whether tests use Ginkgo BDD framework or standard Go testing; adjust assessment criteria accordingly and rerun validation.

✅ Passed checks (10 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'USHIFT-6794: Config for Cluster 2 Cluster Communication' directly matches the PR's main objective—adding configuration support for cluster-to-cluster communication, as evidenced by the new C2CC types, validation logic, and config files across all modified files.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	All test names in c2cc_test.go are stable and deterministic with no dynamic information like timestamps, UUIDs, or generated identifiers.
Microshift Test Compatibility	✅ Passed	Test file uses Go standard testing package and testify/assert, not Ginkgo e2e tests. No OpenShift API invocations or MicroShift-incompatible features present.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	PR adds standard Go unit tests without Ginkgo e2e test patterns, validating configuration logic in isolation without cluster topology assumptions.
Topology-Aware Scheduling Compatibility	✅ Passed	PR modifies only configuration structures, validation logic, JSON schema, documentation, and default YAML files without modifying Kubernetes deployment manifests or operator code.
Ote Binary Stdout Contract	✅ Passed	No stdout writes detected in process-level code (main, init, TestMain, BeforeSuite, AfterSuite). All logging uses fmt.Errorf for errors; test output properly contained within test cases.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR adds only standard Go unit tests in pkg/config/c2cc_test.go, not Ginkgo e2e tests.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pkg/config/c2cc.go`:
- Around line 89-99: The duplicate NextHop detection is inconsistent because it
compares raw rc.NextHop strings while the routing-loop check uses
ip.Equal(nodeIP) (which canonicalizes IPv6); normalize NextHop by parsing
rc.NextHop to net.ParseIP and using its canonical form (ip.String()) as the key
in seenNextHops and for comparisons, i.e., compute a normalizedNextHop :=
ip.String() after successful ParseIP and use normalizedNextHop for the nodeIP
equality check and for lookup/storage in seenNextHops (replace uses of
rc.NextHop as the map key and in duplicate error messages with the canonical
form).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Pro Plus

Run ID: 368a244e-5ca5-459f-8bd3-66477daae1ef

📥 Commits

Reviewing files that changed from the base of the PR and between fe29d2a and 408eb47.

📒 Files selected for processing (3)

• pkg/config/c2cc.go
• pkg/config/c2cc_test.go
• pkg/config/config.go

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

pkg/config/c2cc.go (1)

46-49: Avoid silently dropping host-interface lookup errors.

Ignoring AddrList failures can miss host IPs and weaken management-traffic conflict checks. Consider aggregating and returning these errors.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/config/c2cc.go` around lines 46 - 49, The code currently ignores errors
from netlink.AddrList(link, netlink.FAMILY_ALL); change it to collect per-link
errors instead of silently continuing: when netlink.AddrList returns err, append
a contextualized error (include link.Name or link.Attrs().Name and the err) to a
local []error slice (or a multierror), continue processing other links, and
after the loop if the slice is non-empty return an aggregated error (use
errors.Join if available or a multierror) alongside any successful results so
callers are aware of lookup failures; keep the variables addrs, err and
netlink.AddrList as the error source so reviewers can find the change easily.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pkg/config/c2cc.go`:
- Around line 111-120: The loops validate each CIDR against prior remotes
(seenCIDRs) but miss overlaps inside the same remote (rc) between
rc.ClusterNetwork and rc.ServiceNetwork; before appending rc.ClusterNetwork and
rc.ServiceNetwork to seenCIDRs, run intra-remote conflict checks by invoking
checkCIDRConflicts for each CIDR in rc.ClusterNetwork against rc.ServiceNetwork
and vice versa (and optionally check within rc.ClusterNetwork and within
rc.ServiceNetwork for duplicates) so that validateRemoteCIDR and
checkCIDRConflicts catch overlaps within the same remote cluster using the
existing variables rc, label, seenCIDRs, and hostIPs.

---

Nitpick comments:
In `@pkg/config/c2cc.go`:
- Around line 46-49: The code currently ignores errors from
netlink.AddrList(link, netlink.FAMILY_ALL); change it to collect per-link errors
instead of silently continuing: when netlink.AddrList returns err, append a
contextualized error (include link.Name or link.Attrs().Name and the err) to a
local []error slice (or a multierror), continue processing other links, and
after the loop if the slice is non-empty return an aggregated error (use
errors.Join if available or a multierror) alongside any successful results so
callers are aware of lookup failures; keep the variables addrs, err and
netlink.AddrList as the error source so reviewers can find the change easily.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Pro Plus

Run ID: fbc7a9a0-303f-4bcd-9b2c-53dacbe6b3a3

📥 Commits

Reviewing files that changed from the base of the PR and between 408eb47 and a0bec55.

📒 Files selected for processing (3)

• pkg/config/c2cc.go
• pkg/config/c2cc_test.go
• pkg/config/config.go

✅ Files skipped from review due to trivial changes (1)

• pkg/config/c2cc_test.go

🚧 Files skipped from review as they are similar to previous changes (1)

• pkg/config/config.go

[coderabbitai]

🧹 Nitpick comments (2)

pkg/config/c2cc.go (2)

213-220: Overlap check silently returns false on parse errors.

If either CIDR fails to parse, the function returns false (no overlap). This is safe because validateRemoteCIDR is called first and will catch malformed CIDRs, but consider documenting this assumption.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/config/c2cc.go` around lines 213 - 220, The cidrsOverlap function
currently returns false when net.ParseCIDR fails, which can hide parse errors;
update the code by adding a clear comment above func cidrsOverlap(a, b string)
bool that states the function assumes inputs have been validated (e.g., by
validateRemoteCIDR) and therefore intentionally returns false on parse errors,
and mention that callers must validate CIDRs first; ensure the comment
references cidrsOverlap and validateRemoteCIDR so future maintainers understand
the contract.

---

45-52: Silent error suppression when enumerating interface addresses.

If netlink.AddrList fails for a link, the error is silently ignored. This is likely intentional for resilience (e.g., transient interface issues), but could mask systematic failures. Consider logging at debug level.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pkg/config/c2cc.go` around lines 45 - 52, The loop that calls
netlink.AddrList on each link currently swallows errors (in the snippet using
variables links, link, addrs, ips) which can hide systemic failures; modify the
error handling in the block that calls netlink.AddrList(link,
netlink.FAMILY_ALL) to log the returned error at debug (or trace) level instead
of silently continuing—use the existing logger (or inject one if not present)
and include the link identifier and err in the log message, then continue as
before so resilience is preserved while making failures visible for debugging.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@pkg/config/c2cc.go`:
- Around line 213-220: The cidrsOverlap function currently returns false when
net.ParseCIDR fails, which can hide parse errors; update the code by adding a
clear comment above func cidrsOverlap(a, b string) bool that states the function
assumes inputs have been validated (e.g., by validateRemoteCIDR) and therefore
intentionally returns false on parse errors, and mention that callers must
validate CIDRs first; ensure the comment references cidrsOverlap and
validateRemoteCIDR so future maintainers understand the contract.
- Around line 45-52: The loop that calls netlink.AddrList on each link currently
swallows errors (in the snippet using variables links, link, addrs, ips) which
can hide systemic failures; modify the error handling in the block that calls
netlink.AddrList(link, netlink.FAMILY_ALL) to log the returned error at debug
(or trace) level instead of silently continuing—use the existing logger (or
inject one if not present) and include the link identifier and err in the log
message, then continue as before so resilience is preserved while making
failures visible for debugging.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Pro Plus

Run ID: 82df0843-e348-4f54-b465-a95468d190dc

📥 Commits

Reviewing files that changed from the base of the PR and between a0bec55 and bc38b57.

📒 Files selected for processing (6)

• cmd/generate-config/config/config-openapi-spec.json
• docs/user/howto_config.md
• packaging/microshift/config.yaml
• pkg/config/c2cc.go
• pkg/config/c2cc_test.go
• pkg/config/config.go

✅ Files skipped from review due to trivial changes (1)

• pkg/config/c2cc_test.go

🚧 Files skipped from review as they are similar to previous changes (1)

• pkg/config/config.go

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pkg/config/c2cc.go`:
- Around line 60-62: The loop currently swallows errors from
netlink.AddrList(link, netlink.FAMILY_ALL) by using continue; change this to
fail-closed: surface the error to the caller instead of skipping the interface
(e.g., return the error or wrap it with context and return), so the host-IP
overlap guard cannot ignore unreadable interfaces; update the code paths that
call this function to handle the returned error accordingly and reference
netlink.AddrList and the loop iterating over link to locate the change.
- Around line 147-150: Add a check that enforces clusterNetwork and
serviceNetwork on a remote have matching cardinality and IP-family alignment
(same number of CIDRs and corresponding v4/v6 family per index) before accepting
the remote; implement this either by adding a new helper (e.g.,
validateRemoteClusterServiceShape(rc.ClusterNetwork, rc.ServiceNetwork, label))
or by extending validateRemoteIPFamilyCompatibility to accept both lists and
compare lengths and per-index families, and call it alongside
validateIPFamilyConsistency for rc.ClusterNetwork and rc.ServiceNetwork so
remotes follow the same invariant as the local cluster.

In `@pkg/config/config.go`:
- Around line 458-460: The merge logic currently ignores an explicitly disabled
C2CC because it only copies when len(u.C2CC.RemoteClusters) > 0; change the
condition to check presence of the C2CC value itself (e.g. if u.C2CC != nil) and
assign c.C2CC = u.C2CC so that an empty RemoteClusters slice from the incoming
config overwrites/clears the inherited value (follow the nil-vs-empty pattern
used for manifests.kustomizePaths).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Pro Plus

Run ID: 750f88b5-1fc9-42aa-8b45-3681186160f3

📥 Commits

Reviewing files that changed from the base of the PR and between bc38b57 and 0348b57.

📒 Files selected for processing (3)

• pkg/config/c2cc.go
• pkg/config/c2cc_test.go
• pkg/config/config.go

🚧 Files skipped from review as they are similar to previous changes (1)

• pkg/config/c2cc_test.go

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pkg/config/c2cc.go`:
- Around line 81-84: The validation currently only parses and compares
cfg.Node.NodeIP against nextHop; update the logic to also parse
cfg.Node.NodeIPV6 (when non-empty) and ensure nextHop is compared against both
local IPs to detect local-node loop in dual-stack mode. Specifically, extend the
parsing block that creates nodeIP (and the similar block at lines ~108-110) to
parse cfg.Node.NodeIPV6 into a separate variable (e.g., nodeIPV6), handle
nil/invalid parsing appropriately, and add a conditional that treats nextHop
equal to either nodeIP or nodeIPV6 as a loop error; use the existing nextHop
identifier and cfg.Node.NodeIP/NodeIPV6 names to locate and update the checks.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Pro Plus

Run ID: 3095f427-acfc-4db4-a1e3-830845888359

📥 Commits

Reviewing files that changed from the base of the PR and between 0348b57 and 6f26699.

📒 Files selected for processing (6)

• cmd/generate-config/config/config-openapi-spec.json
• docs/user/howto_config.md
• packaging/microshift/config.yaml
• pkg/config/c2cc.go
• pkg/config/c2cc_test.go
• pkg/config/config.go

✅ Files skipped from review due to trivial changes (1)

• docs/user/howto_config.md

🚧 Files skipped from review as they are similar to previous changes (2)

• pkg/config/config.go
• packaging/microshift/config.yaml

[agullon]

should we add a check before this one to report an error if errA or errB are nil?
for example, we can silently return false when errA is nil

[pmtk]

those CIDRs are validated in validateRemoteCIDR:

	_, ipNet, err := net.ParseCIDR(cidr)
	if err != nil {
		return fmt.Errorf("%s %q is not a valid CIDR: %w", field, cidr, err)
	}

[agullon]

why this is valid error if CNI can be unset? see this error message

[pmtk]

But this is CniPluginNone not Unset, right?
(I think) we use None in upstream to deploy Kindnet

[agullon]

I see, so if we use CniPluginNone and Unset I suggest we add a unit test to validate the unset as a valid option.

[pmtk]

/hold

[pmtk]

/unhold

[pmtk]

/retest

[ggiguash]

The c2cc name in the configuration file may seem a bit cryptic for some users.
Can we make it more explicit, like clusterToCluster, etc.?

[pmtk]

That's a good point. Changed to clusterToCluster

[pmtk]

/retest

[pacevedom]

Should this be optional instead of remoteClusters inside c2cc? It is required now because it doesnt have an omitempty. Then the remoteClusters inside is optional, which creates a confusing setup?

[pmtk]

None of fields in Config has omitempty and they still work as expected.
As for remoteClusters - I guess it only matters for microshift config --effective or whatever the command is?

[pacevedom]

Are these defaults ok? Some might fail to validate?

[pmtk]

There's a code to remove empty objects like this to make sure default config works (which we have test for)

[pacevedom]

/lgtm

[pmtk]

/lgtm

[openshift-ci]

@pmtk: you cannot LGTM your own PR.

Details

In response to this:

/lgtm

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[pmtk]

/verified by @pmtk

[openshift-ci-robot]

@pmtk: This PR has been marked as verified by @pmtk.

Details

In response to this:

/verified by @pmtk

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: pacevedom, pmtk

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [pacevedom,pmtk]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-merge-bot]

/retest-required

Remaining retests: 0 against base HEAD 7ae3864 and 2 for PR HEAD 98b8d99 in total

[openshift-ci]

@pmtk: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.