Skip to content

WIP: OCPBUGS-66104: Add CloudDNSIPs to CloudLoadBalancerConfig #2718

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
sadasu wants to merge 1 commit into
base: master
Choose a base branch
from
Open

WIP: OCPBUGS-66104: Add CloudDNSIPs to CloudLoadBalancerConfig #2718

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions config/v1/types_infrastructure.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -870,6 +870,7 @@ type GCPResourceTag struct {
// Load Balancer configuration needs to be provided so that the DNS solution hosted
// within the cluster can be configured with those values.
// +kubebuilder:validation:XValidation:rule="has(self.dnsType) && self.dnsType != 'ClusterHosted' ? !has(self.clusterHosted) : true",message="clusterHosted is permitted only when dnsType is ClusterHosted"
// TODO: Is it useful to have a kubebuilder validation for CloudDnsIPs too?
// +union
type CloudLoadBalancerConfig struct {
// dnsType indicates the type of DNS solution in use within the cluster. Its default value of
Comment on lines 872 to 876
Copy link

@qodo-code-review qodo-code-review bot Feb 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Action required

2. clouddnsips constraint not xvalidation-enforced 📘 Rule violation ✓ Correctness

The field comment explicitly states 'When dnsType is not ClusterHosted, this field must not be set',
but no +kubebuilder:validation:XValidation rule enforces this constraint. The PR even includes a
TODO comment acknowledging this enforcement gap.
Agent Prompt 
## Issue description
The documented constraint 'When dnsType is not ClusterHosted, this field must not be set' for `cloudDnsIPs` is not machine-enforced by any CEL XValidation rule, allowing invalid configurations to be accepted by the API server.

## Issue Context
The existing rule on `CloudLoadBalancerConfig` covers only `clusterHosted`. A parallel rule for `cloudDnsIPs` needs to be added following the same pattern. Suggested addition:
```
// +kubebuilder:validation:XValidation:rule="has(self.dnsType) && self.dnsType != 'ClusterHosted' ? !has(self.cloudDnsIPs) || self.cloudDnsIPs.size() == 0 : true",message="cloudDnsIPs is permitted only when dnsType is ClusterHosted"
```
The TODO comment at line 873 should also be removed.

## Fix Focus Areas
- config/v1/types_infrastructure.go[872-874]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

Expand Down Expand Up @@ -897,6 +898,19 @@ type CloudLoadBalancerConfig struct {
// +optional
// +unionMember,optional
ClusterHosted *CloudLoadBalancerIPs `json:"clusterHosted,omitempty"`

// cloudDnsIPs holds the IP addresses of the cloud platform DNS servers.
// These DNS server IP addresses are used when the cluster DNS type is ClusterHosted.
// For AWS, the DNS IPs are typically the VPC's CIDR base address plus 2 (e.g., 10.0.0.2 for VPC 10.0.0.0/16).
// This field is only valid when dnsType is set to ClusterHosted.
// When dnsType is not ClusterHosted, this field must not be set.
// Entries in cloudDnsIPs must be unique.
// A maximum of 16 IP addresses are permitted.
// +kubebuilder:validation:Format=ip
// +listType=set
// +kubebuilder:validation:MaxItems=16
// +optional
CloudDnsIPs []IP `json:"cloudDnsIPs,omitempty"`
Comment on lines +902 to +913
Copy link

@qodo-code-review qodo-code-review bot Feb 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Action required

1. clouddnsips missing featuregate marker 📘 Rule violation ✓ Correctness

The new CloudDnsIPs field is added directly to the stable config/v1 API
(CloudLoadBalancerConfig) without a +openshift:enable:FeatureGate= marker. Other new fields in
the same file consistently use this gating pattern to protect stable API contracts.
Agent Prompt 
## Issue description
The `CloudDnsIPs` field is added to the stable `config/v1` `CloudLoadBalancerConfig` struct without the required `+openshift:enable:FeatureGate=` marker, exposing an ungated field on a stable API.

## Issue Context
Other fields in the same file follow this pattern (e.g., `+openshift:enable:FeatureGate=AWSClusterHostedDNSInstall` at line 562). The referenced FeatureGate must also exist in `features/features.go`.

## Fix Focus Areas
- config/v1/types_infrastructure.go[902-913]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

}

// CloudLoadBalancerIPs contains the Load Balancer IPs for the cloud's API,
Expand Down
66 changes: 66 additions & 0 deletions ...nerated.crd-manifests/0000_10_config-operator_01_infrastructures-CustomNoUpgrade.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1262,6 +1262,28 @@ spec:
ingress load balancer.
nullable: true
properties:
cloudDnsIPs:
description: |-
cloudDnsIPs holds the IP addresses of the cloud platform DNS servers.
These DNS server IP addresses are used when the cluster DNS type is ClusterHosted.
For AWS, the DNS IPs are typically the VPC's CIDR base address plus 2 (e.g., 10.0.0.2 for VPC 10.0.0.0/16).
This field is only valid when dnsType is set to ClusterHosted.
When dnsType is not ClusterHosted, this field must not be set.
Entries in cloudDnsIPs must be unique.
A maximum of 16 IP addresses are permitted.
format: ip
items:
description: IP is an IP address (for example, "10.0.0.0"
or "fd00::").
maxLength: 39
minLength: 1
type: string
x-kubernetes-validations:
- message: value must be a valid IP address
rule: isIP(self)
maxItems: 16
type: array
x-kubernetes-list-type: set
clusterHosted:
description: |-
clusterHosted holds the IP addresses of API, API-Int and Ingress Load
Expand Down Expand Up @@ -1467,6 +1489,28 @@ spec:
must be provided for the API and internal API load balancers as well as the
ingress load balancer.
properties:
cloudDnsIPs:
description: |-
cloudDnsIPs holds the IP addresses of the cloud platform DNS servers.
These DNS server IP addresses are used when the cluster DNS type is ClusterHosted.
For AWS, the DNS IPs are typically the VPC's CIDR base address plus 2 (e.g., 10.0.0.2 for VPC 10.0.0.0/16).
This field is only valid when dnsType is set to ClusterHosted.
When dnsType is not ClusterHosted, this field must not be set.
Entries in cloudDnsIPs must be unique.
A maximum of 16 IP addresses are permitted.
format: ip
items:
description: IP is an IP address (for example, "10.0.0.0"
or "fd00::").
maxLength: 39
minLength: 1
type: string
x-kubernetes-validations:
- message: value must be a valid IP address
rule: isIP(self)
maxItems: 16
type: array
x-kubernetes-list-type: set
clusterHosted:
description: |-
clusterHosted holds the IP addresses of API, API-Int and Ingress Load
Expand Down Expand Up @@ -1844,6 +1888,28 @@ spec:
ingress load balancer.
nullable: true
properties:
cloudDnsIPs:
description: |-
cloudDnsIPs holds the IP addresses of the cloud platform DNS servers.
These DNS server IP addresses are used when the cluster DNS type is ClusterHosted.
For AWS, the DNS IPs are typically the VPC's CIDR base address plus 2 (e.g., 10.0.0.2 for VPC 10.0.0.0/16).
This field is only valid when dnsType is set to ClusterHosted.
When dnsType is not ClusterHosted, this field must not be set.
Entries in cloudDnsIPs must be unique.
A maximum of 16 IP addresses are permitted.
format: ip
items:
description: IP is an IP address (for example, "10.0.0.0"
or "fd00::").
maxLength: 39
minLength: 1
type: string
x-kubernetes-validations:
- message: value must be a valid IP address
rule: isIP(self)
maxItems: 16
type: array
x-kubernetes-list-type: set
clusterHosted:
description: |-
clusterHosted holds the IP addresses of API, API-Int and Ingress Load
Expand Down
22 changes: 22 additions & 0 deletions ...v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1506,6 +1506,28 @@ spec:
ingress load balancer.
nullable: true
properties:
cloudDnsIPs:
description: |-
cloudDnsIPs holds the IP addresses of the cloud platform DNS servers.
These DNS server IP addresses are used when the cluster DNS type is ClusterHosted.
For AWS, the DNS IPs are typically the VPC's CIDR base address plus 2 (e.g., 10.0.0.2 for VPC 10.0.0.0/16).
This field is only valid when dnsType is set to ClusterHosted.
When dnsType is not ClusterHosted, this field must not be set.
Entries in cloudDnsIPs must be unique.
A maximum of 16 IP addresses are permitted.
format: ip
items:
description: IP is an IP address (for example, "10.0.0.0"
or "fd00::").
maxLength: 39
minLength: 1
type: string
x-kubernetes-validations:
- message: value must be a valid IP address
rule: isIP(self)
maxItems: 16
type: array
x-kubernetes-list-type: set
clusterHosted:
description: |-
clusterHosted holds the IP addresses of API, API-Int and Ingress Load
Expand Down
66 changes: 66 additions & 0 deletions ...ted.crd-manifests/0000_10_config-operator_01_infrastructures-DevPreviewNoUpgrade.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1262,6 +1262,28 @@ spec:
ingress load balancer.
nullable: true
properties:
cloudDnsIPs:
description: |-
cloudDnsIPs holds the IP addresses of the cloud platform DNS servers.
These DNS server IP addresses are used when the cluster DNS type is ClusterHosted.
For AWS, the DNS IPs are typically the VPC's CIDR base address plus 2 (e.g., 10.0.0.2 for VPC 10.0.0.0/16).
This field is only valid when dnsType is set to ClusterHosted.
When dnsType is not ClusterHosted, this field must not be set.
Entries in cloudDnsIPs must be unique.
A maximum of 16 IP addresses are permitted.
format: ip
items:
description: IP is an IP address (for example, "10.0.0.0"
or "fd00::").
maxLength: 39
minLength: 1
type: string
x-kubernetes-validations:
- message: value must be a valid IP address
rule: isIP(self)
maxItems: 16
type: array
x-kubernetes-list-type: set
clusterHosted:
description: |-
clusterHosted holds the IP addresses of API, API-Int and Ingress Load
Expand Down Expand Up @@ -1467,6 +1489,28 @@ spec:
must be provided for the API and internal API load balancers as well as the
ingress load balancer.
properties:
cloudDnsIPs:
description: |-
cloudDnsIPs holds the IP addresses of the cloud platform DNS servers.
These DNS server IP addresses are used when the cluster DNS type is ClusterHosted.
For AWS, the DNS IPs are typically the VPC's CIDR base address plus 2 (e.g., 10.0.0.2 for VPC 10.0.0.0/16).
This field is only valid when dnsType is set to ClusterHosted.
When dnsType is not ClusterHosted, this field must not be set.
Entries in cloudDnsIPs must be unique.
A maximum of 16 IP addresses are permitted.
format: ip
items:
description: IP is an IP address (for example, "10.0.0.0"
or "fd00::").
maxLength: 39
minLength: 1
type: string
x-kubernetes-validations:
- message: value must be a valid IP address
rule: isIP(self)
maxItems: 16
type: array
x-kubernetes-list-type: set
clusterHosted:
description: |-
clusterHosted holds the IP addresses of API, API-Int and Ingress Load
Expand Down Expand Up @@ -1844,6 +1888,28 @@ spec:
ingress load balancer.
nullable: true
properties:
cloudDnsIPs:
description: |-
cloudDnsIPs holds the IP addresses of the cloud platform DNS servers.
These DNS server IP addresses are used when the cluster DNS type is ClusterHosted.
For AWS, the DNS IPs are typically the VPC's CIDR base address plus 2 (e.g., 10.0.0.2 for VPC 10.0.0.0/16).
This field is only valid when dnsType is set to ClusterHosted.
When dnsType is not ClusterHosted, this field must not be set.
Entries in cloudDnsIPs must be unique.
A maximum of 16 IP addresses are permitted.
format: ip
items:
description: IP is an IP address (for example, "10.0.0.0"
or "fd00::").
maxLength: 39
minLength: 1
type: string
x-kubernetes-validations:
- message: value must be a valid IP address
rule: isIP(self)
maxItems: 16
type: array
x-kubernetes-list-type: set
clusterHosted:
description: |-
clusterHosted holds the IP addresses of API, API-Int and Ingress Load
Expand Down
22 changes: 22 additions & 0 deletions config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-OKD.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1506,6 +1506,28 @@ spec:
ingress load balancer.
nullable: true
properties:
cloudDnsIPs:
description: |-
cloudDnsIPs holds the IP addresses of the cloud platform DNS servers.
These DNS server IP addresses are used when the cluster DNS type is ClusterHosted.
For AWS, the DNS IPs are typically the VPC's CIDR base address plus 2 (e.g., 10.0.0.2 for VPC 10.0.0.0/16).
This field is only valid when dnsType is set to ClusterHosted.
When dnsType is not ClusterHosted, this field must not be set.
Entries in cloudDnsIPs must be unique.
A maximum of 16 IP addresses are permitted.
format: ip
items:
description: IP is an IP address (for example, "10.0.0.0"
or "fd00::").
maxLength: 39
minLength: 1
type: string
x-kubernetes-validations:
- message: value must be a valid IP address
rule: isIP(self)
maxItems: 16
type: array
x-kubernetes-list-type: set
clusterHosted:
description: |-
clusterHosted holds the IP addresses of API, API-Int and Ingress Load
Expand Down
Loading