Merge pull request #59749 from zioproto/issues/59421-CheckCIDR

Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Detect CIDR IPv4 or IPv6 version to select nexthop **What this PR does / why we need it**: The node `InternalIP` is used as nexthop by the Kubernetes master to create routes in the Neutron router for Pods reachability. If a node has more than one `InternalIP`s, eventually IPv4 and IPv6, a random `InternalIP` from the list is returned. This can lead to the bug described in https://github.com/kubernetes/kubernetes/issues/59421 We need to check when we build a route that the CIDR and the nexthop belong to the same IP Address Family (both IPv4 or both IPv6) **Which issue(s) this PR fixes** : Fixes https://github.com/kubernetes/kubernetes/issues/59421 It is related to https://github.com/kubernetes/kubernetes/issues/55202 **Special notes for your reviewer**: This is the suggested way to fix the problem after the discussion in https://github.com/kubernetes/kubernetes/pull/59502 **Release note**: ```release-note NONE ```
2025-07-24 12:15:52 +00:00 · 2018-02-14 04:10:10 -08:00 · 2018-02-14 04:10:10 -08:00 · 0dda5c8a7b
commit 0dda5c8a7b
parent f2b6e49e6c 2eff8bf31f
2 changed files with 21 additions and 5 deletions
--- a/pkg/cloudprovider/providers/openstack/openstack.go
+++ b/pkg/cloudprovider/providers/openstack/openstack.go
@ -23,6 +23,7 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
+	"net"
 	"net/http"
 	"os"
 	"regexp"
@ -511,7 +512,7 @@ func getAddressesByName(client *gophercloud.ServiceClient, name types.NodeName)
 	return nodeAddresses(srv)
 }

-func getAddressByName(client *gophercloud.ServiceClient, name types.NodeName) (string, error) {
+func getAddressByName(client *gophercloud.ServiceClient, name types.NodeName, needIPv6 bool) (string, error) {
 	addrs, err := getAddressesByName(client, name)
 	if err != nil {
 		return "", err
@ -520,12 +521,20 @@ func getAddressByName(client *gophercloud.ServiceClient, name types.NodeName) (s
 	}

 	for _, addr := range addrs {
-		if addr.Type == v1.NodeInternalIP {
+		isIPv6 := net.ParseIP(addr.Address).To4() == nil
+		if (addr.Type == v1.NodeInternalIP) && (isIPv6 == needIPv6) {
 			return addr.Address, nil
 		}
 	}

-	return addrs[0].Address, nil
+	for _, addr := range addrs {
+		isIPv6 := net.ParseIP(addr.Address).To4() == nil
+		if (addr.Type == v1.NodeExternalIP) && (isIPv6 == needIPv6) {
+			return addr.Address, nil
+		}
+	}
+	// It should never return an address from a different IP Address family than the one needed
+	return "", ErrNoAddressFound
 }

 // getAttachedInterfacesByID returns the node interfaces of the specified instance.
--- a/pkg/cloudprovider/providers/openstack/openstack_routes.go
+++ b/pkg/cloudprovider/providers/openstack/openstack_routes.go
@ -19,6 +19,7 @@ package openstack
 import (
 	"context"
 	"errors"
+	"net"

 	"github.com/gophercloud/gophercloud"
 	"github.com/gophercloud/gophercloud/openstack/compute/v2/servers"
@ -146,7 +147,10 @@ func (r *Routes) CreateRoute(ctx context.Context, clusterName string, nameHint s

 	onFailure := newCaller()

-	addr, err := getAddressByName(r.compute, route.TargetNode)
+	ip, _, _ := net.ParseCIDR(route.DestinationCIDR)
+	isCIDRv6 := ip.To4() == nil
+	addr, err := getAddressByName(r.compute, route.TargetNode, isCIDRv6)
+
 	if err != nil {
 		return err
 	}
@ -219,7 +223,10 @@ func (r *Routes) DeleteRoute(ctx context.Context, clusterName string, route *clo

 	onFailure := newCaller()

-	addr, err := getAddressByName(r.compute, route.TargetNode)
+	ip, _, _ := net.ParseCIDR(route.DestinationCIDR)
+	isCIDRv6 := ip.To4() == nil
+	addr, err := getAddressByName(r.compute, route.TargetNode, isCIDRv6)
+
 	if err != nil {
 		return err
 	}