Used MachineNetwork CIDR instead of RendezvousIP

Author: bfournie

cmd/openshift-install/testdata/agent/image/configurations/compact.txt

@@ -54,4 +54,4 @@ rendezvousIP: 192.168.111.20
 [Manager]
 DefaultEnvironment=HTTP_PROXY="http://192.168.111.1:8215"
 DefaultEnvironment=HTTPS_PROXY="http://192.168.111.1:8215"
-DefaultEnvironment=NO_PROXY="172.22.0.0/24,virthost.ostest.test.metalkube.org,192.168.111.20"
+DefaultEnvironment=NO_PROXY="172.22.0.0/24,virthost.ostest.test.metalkube.org,192.168.111.0/24"

cmd/openshift-install/testdata/agent/image/configurations/control-plane-4-replicas.txt

@@ -55,7 +55,7 @@ rendezvousIP: 192.168.111.20
 [Manager]
 DefaultEnvironment=HTTP_PROXY="http://192.168.111.1:8215"
 DefaultEnvironment=HTTPS_PROXY="http://192.168.111.1:8215"
-DefaultEnvironment=NO_PROXY="172.22.0.0/24,virthost.ostest.test.metalkube.org,192.168.111.20"
+DefaultEnvironment=NO_PROXY="172.22.0.0/24,virthost.ostest.test.metalkube.org,192.168.111.0/24"
 -- expected/agent-cluster-install.yaml --
 apiVersion: extensions.hive.openshift.io/v1beta1
 kind: AgentClusterInstall
@@ -90,7 +90,7 @@ spec:
   proxy:
     httpProxy: http://192.168.111.1:8215
     httpsProxy: http://192.168.111.1:8215
-    noProxy: 172.22.0.0/24,virthost.ostest.test.metalkube.org
+    noProxy: 172.22.0.0/24,virthost.ostest.test.metalkube.org,192.168.111.0/24
   sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDK6UTEydcEKzuNdPaofn8Z2DwgHqdcionLZBiPf/zIRNco++etLsat7Avv7yt04DINQd5zjxIFgG8jblaUB5E5C9ClUcMwb52GO0ay2Y9v1uBv1a4WhI3peKktAzYNk0EBMQlJtXPjRMrC9ylBPh+DsBHMu+KmDnfk7PIwyN4efC8k5kSRuPWoNdme1rz2+umU8FSmaWTHIajrbspf4GQbsntA5kuKEtDbfoNCU97o2KrRnUbeg3a8hwSjfh3u6MhlnGcg5K2Ij+zivEsWGCLKYUtE1ErqwfIzwWmJ6jnV66XCQGHf4Q1iIxqF7s2a1q24cgG2Z/iDXfqXrCIfy4P7b/Ztak3bdT9jfAdVZtdO5/r7I+O5hYhF86ayFlDWzZWP/ByiSb+q4CQbfVgK3BMmiAv2MqLHdhesmD/SmIcoOWUF6rFmRKZVFFpKpt5ATNTgUJ3JRowoXrrDruVXClUGRiCS6Zabd1rZ3VmTchaPJwtzQMdfIWISXj+Ig+C4UK0=
 status:
   debugInfo:

cmd/openshift-install/testdata/agent/image/configurations/control-plane-5-replicas.txt

@@ -55,7 +55,7 @@ rendezvousIP: 192.168.111.20
 [Manager]
 DefaultEnvironment=HTTP_PROXY="http://192.168.111.1:8215"
 DefaultEnvironment=HTTPS_PROXY="http://192.168.111.1:8215"
-DefaultEnvironment=NO_PROXY="172.22.0.0/24,virthost.ostest.test.metalkube.org,192.168.111.20"
+DefaultEnvironment=NO_PROXY="172.22.0.0/24,virthost.ostest.test.metalkube.org,192.168.111.0/24"
 -- expected/agent-cluster-install.yaml --
 apiVersion: extensions.hive.openshift.io/v1beta1
 kind: AgentClusterInstall
@@ -90,7 +90,7 @@ spec:
   proxy:
     httpProxy: http://192.168.111.1:8215
     httpsProxy: http://192.168.111.1:8215
-    noProxy: 172.22.0.0/24,virthost.ostest.test.metalkube.org
+    noProxy: 172.22.0.0/24,virthost.ostest.test.metalkube.org,192.168.111.0/24
   sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDK6UTEydcEKzuNdPaofn8Z2DwgHqdcionLZBiPf/zIRNco++etLsat7Avv7yt04DINQd5zjxIFgG8jblaUB5E5C9ClUcMwb52GO0ay2Y9v1uBv1a4WhI3peKktAzYNk0EBMQlJtXPjRMrC9ylBPh+DsBHMu+KmDnfk7PIwyN4efC8k5kSRuPWoNdme1rz2+umU8FSmaWTHIajrbspf4GQbsntA5kuKEtDbfoNCU97o2KrRnUbeg3a8hwSjfh3u6MhlnGcg5K2Ij+zivEsWGCLKYUtE1ErqwfIzwWmJ6jnV66XCQGHf4Q1iIxqF7s2a1q24cgG2Z/iDXfqXrCIfy4P7b/Ztak3bdT9jfAdVZtdO5/r7I+O5hYhF86ayFlDWzZWP/ByiSb+q4CQbfVgK3BMmiAv2MqLHdhesmD/SmIcoOWUF6rFmRKZVFFpKpt5ATNTgUJ3JRowoXrrDruVXClUGRiCS6Zabd1rZ3VmTchaPJwtzQMdfIWISXj+Ig+C4UK0=
 status:
   debugInfo:

cmd/openshift-install/testdata/agent/image/manifests/default_manifests.txt

@@ -76,7 +76,7 @@ spec:
   proxy:
     httpProxy: http://192.168.111.1:8215
     httpsProxy: http://192.168.111.1:8215
-    noProxy: 172.22.0.0/24,virthost.ostest.test.metalkube.org,192.168.111.20
+    noProxy: 172.22.0.0/24,virthost.ostest.test.metalkube.org,192.168.111.0/24
   sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDK6UTEydcEKzuNdPaofn8Z2DwgHqdcionLZBiPf/zIRNco++etLsat7Avv7yt04DINQd5zjxIFgG8jblaUB5E5C9ClUcMwb52GO0ay2Y9v1uBv1a4WhI3peKktAzYNk0EBMQlJtXPjRMrC9ylBPh+DsBHMu+KmDnfk7PIwyN4efC8k5kSRuPWoNdme1rz2+umU8FSmaWTHIajrbspf4GQbsntA5kuKEtDbfoNCU97o2KrRnUbeg3a8hwSjfh3u6MhlnGcg5K2Ij+zivEsWGCLKYUtE1ErqwfIzwWmJ6jnV66XCQGHf4Q1iIxqF7s2a1q24cgG2Z/iDXfqXrCIfy4P7b/Ztak3bdT9jfAdVZtdO5/r7I+O5hYhF86ayFlDWzZWP/ByiSb+q4CQbfVgK3BMmiAv2MqLHdhesmD/SmIcoOWUF6rFmRKZVFFpKpt5ATNTgUJ3JRowoXrrDruVXClUGRiCS6Zabd1rZ3VmTchaPJwtzQMdfIWISXj+Ig+C4UK0=
 status:
   debugInfo:
@@ -135,7 +135,7 @@ spec:
   proxy:
     httpProxy: http://192.168.111.1:8215
     httpsProxy: http://192.168.111.1:8215
-    noProxy: 172.22.0.0/24,virthost.ostest.test.metalkube.org,192.168.111.20
+    noProxy: 172.22.0.0/24,virthost.ostest.test.metalkube.org,192.168.111.0/24
   pullSecretRef:
     name: ostest-pull-secret
   sshAuthorizedKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDK6UTEydcEKzuNdPaofn8Z2DwgHqdcionLZBiPf/zIRNco++etLsat7Avv7yt04DINQd5zjxIFgG8jblaUB5E5C9ClUcMwb52GO0ay2Y9v1uBv1a4WhI3peKktAzYNk0EBMQlJtXPjRMrC9ylBPh+DsBHMu+KmDnfk7PIwyN4efC8k5kSRuPWoNdme1rz2+umU8FSmaWTHIajrbspf4GQbsntA5kuKEtDbfoNCU97o2KrRnUbeg3a8hwSjfh3u6MhlnGcg5K2Ij+zivEsWGCLKYUtE1ErqwfIzwWmJ6jnV66XCQGHf4Q1iIxqF7s2a1q24cgG2Z/iDXfqXrCIfy4P7b/Ztak3bdT9jfAdVZtdO5/r7I+O5hYhF86ayFlDWzZWP/ByiSb+q4CQbfVgK3BMmiAv2MqLHdhesmD/SmIcoOWUF6rFmRKZVFFpKpt5ATNTgUJ3JRowoXrrDruVXClUGRiCS6Zabd1rZ3VmTchaPJwtzQMdfIWISXj+Ig+C4UK0=

pkg/asset/agent/manifests/agentclusterinstall.go

@@ -236,7 +236,7 @@ func (a *AgentClusterInstall) Generate(_ context.Context, dependencies asset.Par
 				rendezvousIP = agentConfig.Config.RendezvousIP
 			}
 
-			agentClusterInstall.Spec.Proxy = (*hiveext.Proxy)(getProxy(installConfig.Config.Proxy, rendezvousIP))
+			agentClusterInstall.Spec.Proxy = (*hiveext.Proxy)(getProxy(installConfig.Config.Proxy, &installConfig.Config.Networking.MachineNetwork, rendezvousIP))
 		}
 
 		if installConfig.Config.Platform.BareMetal != nil {

pkg/asset/agent/manifests/agentclusterinstall_test.go

@@ -2,6 +2,7 @@ package manifests
 
 import (
 	"context"
+	"net"
 	"os"
 	"testing"
 
@@ -21,6 +22,7 @@ import (
 	"github.com/openshift/installer/pkg/asset/agent/agentconfig"
 	"github.com/openshift/installer/pkg/asset/agent/workflow"
 	"github.com/openshift/installer/pkg/asset/mock"
+	"github.com/openshift/installer/pkg/ipnet"
 	"github.com/openshift/installer/pkg/types"
 	externaltype "github.com/openshift/installer/pkg/types/external"
 )
@@ -39,11 +41,18 @@ func TestAgentClusterInstall_Generate(t *testing.T) {
 		installConfigOverrides: `{"fips":true}`,
 	})
 
+	_, machineNetCidr, _ := net.ParseCIDR("192.168.122.0/16") //nolint:errcheck
+	machineNetwork := []types.MachineNetworkEntry{
+		{
+			CIDR: ipnet.IPNet{IPNet: *machineNetCidr},
+		},
+	}
+
 	installConfigWithProxy := getValidOptionalInstallConfig()
-	installConfigWithProxy.Config.Proxy = (*types.Proxy)(getProxy(getProxyValidOptionalInstallConfig().Config.Proxy, ""))
+	installConfigWithProxy.Config.Proxy = (*types.Proxy)(getProxy(getProxyValidOptionalInstallConfig().Config.Proxy, &machineNetwork, "192.168.122.2"))
 
 	goodProxyACI := getGoodACI()
-	goodProxyACI.Spec.Proxy = (*hiveext.Proxy)(getProxy(getProxyValidOptionalInstallConfig().Config.Proxy, "192.168.122.2"))
+	goodProxyACI.Spec.Proxy = (*hiveext.Proxy)(getProxy(getProxyValidOptionalInstallConfig().Config.Proxy, &machineNetwork, "192.168.122.2"))
 
 	goodACIDualStackVIPs := getGoodACIDualStack()
 	goodACIDualStackVIPs.Spec.APIVIPs = []string{"192.168.122.10", "2001:db8:1111:2222:ffff:ffff:ffff:cafe"}
@@ -280,6 +289,7 @@ func TestAgentClusterInstall_Generate(t *testing.T) {
 				&workflow.AgentWorkflow{Workflow: workflow.AgentWorkflowTypeInstall},
 				installConfigWithTrustBundlePolicy,
 				&agentconfig.AgentHosts{},
+				&agentconfig.AgentConfig{},
 			},
 			expectedConfig: goodTrustBundlePolicyACI,
 		},

pkg/asset/agent/manifests/common.go

@@ -2,9 +2,11 @@ package manifests
 
 import (
 	"fmt"
+	"net"
 
 	aiv1beta1 "github.com/openshift/assisted-service/api/v1beta1"
 	"github.com/openshift/installer/pkg/asset/agent"
+	"github.com/openshift/installer/pkg/ipnet"
 	"github.com/openshift/installer/pkg/types"
 	"github.com/openshift/installer/pkg/version"
 )
@@ -21,14 +23,31 @@ func getPullSecretName(clusterName string) string {
 	return clusterName + "-pull-secret"
 }
 
-func getProxy(proxy *types.Proxy, rendezvousIP string) *aiv1beta1.Proxy {
-	// if proxy set add the rendezvousIP to noproxy
+func getProxy(proxy *types.Proxy, machineNetwork *[]types.MachineNetworkEntry, rendezvousIP string) *aiv1beta1.Proxy {
 	noProxy := proxy.NoProxy
 	if (proxy.HTTPProxy != "" || proxy.HTTPSProxy != "") && rendezvousIP != "" {
-		if noProxy == "" {
-			noProxy = rendezvousIP
-		} else {
-			noProxy = fmt.Sprintf("%s,%s", noProxy, rendezvousIP)
+		// if proxy set, add the machineNetwork corresponding to rendezvousIP to noproxy
+		cidr := ""
+		if machineNetwork != nil {
+			for _, mn := range *machineNetwork {
+				ipNet, err := ipnet.ParseCIDR(mn.CIDR.String())
+				if err != nil {
+					continue
+				}
+				ip := net.ParseIP(rendezvousIP)
+				if ipNet.Contains(ip) {
+					cidr = mn.CIDR.String()
+					break
+				}
+			}
+		}
+
+		if cidr != "" {
+			if noProxy == "" {
+				noProxy = cidr
+			} else {
+				noProxy = fmt.Sprintf("%s,%s", noProxy, cidr)
+			}
 		}
 	}
 	return &aiv1beta1.Proxy{

pkg/asset/agent/manifests/infraenv.go

@@ -65,7 +65,7 @@ func (i *InfraEnv) Generate(_ context.Context, dependencies asset.Parents) error
 	switch agentWorkflow.Workflow {
 	case workflow.AgentWorkflowTypeInstall:
 		if installConfig.Config != nil {
-			err := i.generateManifest(installConfig.ClusterName(), installConfig.ClusterNamespace(), installConfig.Config.SSHKey, installConfig.Config.AdditionalTrustBundle, installConfig.Config.Proxy, string(installConfig.Config.ControlPlane.Architecture), rendezvousIP)
+			err := i.generateManifest(installConfig.ClusterName(), installConfig.ClusterNamespace(), installConfig.Config.SSHKey, installConfig.Config.AdditionalTrustBundle, installConfig.Config.Proxy, string(installConfig.Config.ControlPlane.Architecture), &installConfig.Config.Networking.MachineNetwork, rendezvousIP)
 			if err != nil {
 				return err
 			}
@@ -77,7 +77,7 @@ func (i *InfraEnv) Generate(_ context.Context, dependencies asset.Parents) error
 		}
 
 	case workflow.AgentWorkflowTypeAddNodes:
-		err := i.generateManifest(clusterInfo.ClusterName, clusterInfo.Namespace, clusterInfo.SSHKey, clusterInfo.UserCaBundle, clusterInfo.Proxy, clusterInfo.Architecture, rendezvousIP)
+		err := i.generateManifest(clusterInfo.ClusterName, clusterInfo.Namespace, clusterInfo.SSHKey, clusterInfo.UserCaBundle, clusterInfo.Proxy, clusterInfo.Architecture, nil, rendezvousIP)
 		if err != nil {
 			return err
 		}
@@ -89,7 +89,7 @@ func (i *InfraEnv) Generate(_ context.Context, dependencies asset.Parents) error
 	return i.finish()
 }
 
-func (i *InfraEnv) generateManifest(clusterName, clusterNamespace, sshKey, additionalTrustBundle string, proxy *types.Proxy, architecture, rendezvousIP string) error {
+func (i *InfraEnv) generateManifest(clusterName, clusterNamespace, sshKey, additionalTrustBundle string, proxy *types.Proxy, architecture string, machineNetwork *[]types.MachineNetworkEntry, rendezvousIP string) error {
 	infraEnv := &aiv1beta1.InfraEnv{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       "InfraEnv",
@@ -122,7 +122,7 @@ func (i *InfraEnv) generateManifest(clusterName, clusterNamespace, sshKey, addit
 		infraEnv.Spec.AdditionalTrustBundle = additionalTrustBundle
 	}
 	if proxy != nil {
-		infraEnv.Spec.Proxy = getProxy(proxy, rendezvousIP)
+		infraEnv.Spec.Proxy = getProxy(proxy, machineNetwork, rendezvousIP)
 	}
 
 	i.Config = infraEnv

pkg/asset/agent/manifests/infraenv_test.go

@@ -3,6 +3,7 @@ package manifests
 import (
 	"context"
 	"errors"
+	"net"
 	"os"
 	"strings"
 	"testing"
@@ -20,11 +21,19 @@ import (
 	"github.com/openshift/installer/pkg/asset/agent/joiner"
 	"github.com/openshift/installer/pkg/asset/agent/workflow"
 	"github.com/openshift/installer/pkg/asset/mock"
+	"github.com/openshift/installer/pkg/ipnet"
 	"github.com/openshift/installer/pkg/types"
 )
 
 func TestInfraEnv_Generate(t *testing.T) {
 
+	_, machineNetCidr, _ := net.ParseCIDR("10.10.11.0/24") //nolint:errcheck
+	machineNetwork := []types.MachineNetworkEntry{
+		{
+			CIDR: ipnet.IPNet{IPNet: *machineNetCidr},
+		},
+	}
+
 	cases := []struct {
 		name           string
 		dependencies   []asset.Asset
@@ -79,7 +88,7 @@ func TestInfraEnv_Generate(t *testing.T) {
 				&workflow.AgentWorkflow{Workflow: workflow.AgentWorkflowTypeInstall},
 				&joiner.ClusterInfo{},
 				getProxyValidOptionalInstallConfig(),
-				getValidAgentConfig(),
+				getValidAgentConfigProxy(),
 			},
 			expectedConfig: &aiv1beta1.InfraEnv{
 				TypeMeta: metav1.TypeMeta{
@@ -91,7 +100,7 @@ func TestInfraEnv_Generate(t *testing.T) {
 					Namespace: getProxyValidOptionalInstallConfig().ClusterNamespace(),
 				},
 				Spec: aiv1beta1.InfraEnvSpec{
-					Proxy:            getProxy(getProxyValidOptionalInstallConfig().Config.Proxy, "192.168.122.2"),
+					Proxy:            getProxy(getProxyValidOptionalInstallConfig().Config.Proxy, &machineNetwork, "10.10.11.1"),
 					SSHAuthorizedKey: strings.Trim(testSSHKey, "|\n\t"),
 					PullSecretRef: &corev1.LocalObjectReference{
 						Name: getPullSecretName(getProxyValidOptionalInstallConfig().ClusterName()),
@@ -124,7 +133,7 @@ func TestInfraEnv_Generate(t *testing.T) {
 					Namespace: getProxyValidOptionalInstallConfig().ClusterNamespace(),
 				},
 				Spec: aiv1beta1.InfraEnvSpec{
-					Proxy:            getProxy(getProxyValidOptionalInstallConfig().Config.Proxy, "192.168.122.2"),
+					Proxy:            getProxy(getProxyValidOptionalInstallConfig().Config.Proxy, &machineNetwork, "192.168.122.2"),
 					SSHAuthorizedKey: strings.Trim(testSSHKey, "|\n\t"),
 					PullSecretRef: &corev1.LocalObjectReference{
 						Name: getPullSecretName(getProxyValidOptionalInstallConfig().ClusterName()),

pkg/asset/agent/manifests/util_test.go

@@ -243,6 +243,12 @@ func getValidAgentConfig() *agentconfig.AgentConfig {
 	}
 }
 
+func getValidAgentConfigProxy() *agentconfig.AgentConfig {
+	agentConfig := getValidAgentConfig()
+	agentConfig.Config.RendezvousIP = "10.10.11.1"
+	return agentConfig
+}
+
 func getValidAgentHostsConfig() *agentconfig.AgentHosts {
 	return &agentconfig.AgentHosts{
 		Hosts: []agenttypes.Host{