netutil

func APIPortForLocalZone ¶

func APIPortForLocalZone(isLBKAS bool) int32

APIPortForLocalZone returns the port used by processes within a private hosted cluster to communicate with the KAS via the api.<hc-name>.hypershift.local host.

func AddHCPRouteLabel ¶

func AddHCPRouteLabel(target crclient.Object)

func AddInternalRouteLabel ¶

func AddInternalRouteLabel(target crclient.Object)

func AdvertiseAddress ¶

func AdvertiseAddress(hcp *hyperv1.HostedControlPlane) *string

func AdvertiseAddressWithDefault ¶

func AdvertiseAddressWithDefault(hcp *hyperv1.HostedControlPlane, defaultValue string) string

func AllowedCIDRBlocks ¶

func AllowedCIDRBlocks(hcp *hyperv1.HostedControlPlane) []string

func ClusterCIDRs ¶

func ClusterCIDRs(clusterNetwork []hyperv1.ClusterNetworkEntry) []string

func ConnectsThroughInternetToControlplane ¶

func ConnectsThroughInternetToControlplane(platform hyperv1.PlatformSpec) bool

ConnectsThroughInternetToControlplane determines if workloads running inside the guest cluster connect through the Internet to reach the control plane.

func FirstClusterCIDR ¶

func FirstClusterCIDR(clusterNetwork []hyperv1.ClusterNetworkEntry) string

func FirstServiceCIDR ¶

func FirstServiceCIDR(serviceNetwork []hyperv1.ServiceNetworkEntry) string

func FirstUsableIP ¶

func FirstUsableIP(cidr string) (string, error)

FirstUsableIP returns the first usable IP in both, IPv4 and IPv6 stacks.

func GetAdvertiseAddress ¶

func GetAdvertiseAddress(hcp *hyperv1.HostedControlPlane, ipv4DefaultAddress, ipv6DefaultAddress string) string

func HostFromURL ¶

func HostFromURL(addr string) (string, error)

func IsDisableMultiNetwork ¶

func IsDisableMultiNetwork(hcp *hyperv1.HostedControlPlane) bool

IsDisableMultiNetwork returns true if multus/multi-network is disabled for the hosted control plane. When DisableMultiNetwork is nil, it defaults to false (multus enabled).

func IsIPv4Address ¶

func IsIPv4Address(input string) (bool, error)

IsIPv4Address checks if the input string is an IPv4 address.

func IsIPv4CIDR ¶

func IsIPv4CIDR(input string) (bool, error)

IsIPv4CIDR checks if the input string is an IPv4 CIDR.

func IsLBKAS ¶

func IsLBKAS(hcp *hyperv1.HostedControlPlane) bool

func IsLBKASByHC ¶

func IsLBKASByHC(hc *hyperv1.HostedCluster) bool

func IsPrivateHC ¶

func IsPrivateHC(hc *hyperv1.HostedCluster) bool

func IsPrivateHCP ¶

func IsPrivateHCP(hcp *hyperv1.HostedControlPlane) bool

func IsPublicHC ¶

func IsPublicHC(hc *hyperv1.HostedCluster) bool

func IsPublicHCP ¶

func IsPublicHCP(hcp *hyperv1.HostedControlPlane) bool

func IsRoute ¶

func IsRoute(hcp *hyperv1.HostedControlPlane, svcType hyperv1.ServiceType) bool

func IsRouteByHC ¶

func IsRouteByHC(hc *hyperv1.HostedCluster, svcType hyperv1.ServiceType) bool

func IsRouteKAS ¶

func IsRouteKAS(hcp *hyperv1.HostedControlPlane) bool

func KASPodPort ¶

func KASPodPort(hcp *hyperv1.HostedControlPlane) int32

KASPodPort will retrieve the port the kube-apiserver binds on locally in the pod. This comes from hcp.Spec.Networking.APIServer.Port if set and != 443 or defaults to 6443.

func KASPodPortFromHostedCluster ¶

func KASPodPortFromHostedCluster(hc *hyperv1.HostedCluster) int32

KASPodPortFromHostedCluster will retrieve the port the kube-apiserver binds on locally in the pod. This comes from hcp.Spec.Networking.APIServer.Port if set and != 443 or defaults to 6443.

func LabelHCPRoutes ¶

func LabelHCPRoutes(hcp *hyperv1.HostedControlPlane) bool

LabelHCPRoutes determines if routes should be labeled for admission by the HCP router. Routes with the label "hypershift.openshift.io/hosted-control-plane" are served by a dedicated HCP router (HAProxy deployment in the HCP namespace). Routes without this label are served by the management cluster's default OpenShift ingress controller.

This function is the single source of truth for route labeling decisions and is called by: - OAuth route reconciliation (external public/private routes) - Konnectivity route reconciliation (external routes) - Ignition server route reconciliation (external routes) - Router component predicate (determines if router Deployment/ConfigMap/PDB are created) - Router service creation (determines if public router LoadBalancer service is created)

The HCP router infrastructure (Deployment, Services) is created when routes need to be labeled. This ensures routes and router services stay synchronized.

Platform-Specific Behavior ¶

AWS Platform:

• Private: Always labels routes (no public access)
• PublicAndPrivate + KAS LoadBalancer: Does NOT label external routes (uses mgmt cluster router)
• PublicAndPrivate + KAS Route: Labels routes (uses HCP router for all routes)
• Public + KAS LoadBalancer: Does NOT label routes (uses mgmt cluster router)
• Public + KAS Route: Labels routes (uses HCP router)

GCP Platform:

• Same behavior as AWS platform

Azure Platform:

• Same behavior as AWS platform (supports endpoint access modes)

Agent Platform (bare metal):

• No EndpointAccess field (no Private/PublicAndPrivate concept)
• Labels routes ONLY when KAS uses Route with explicit hostname
• KAS LoadBalancer/NodePort: Does NOT label routes (uses mgmt cluster router)

KubeVirt, OpenStack, None Platforms:

• Same behavior as Agent platform
• Labels routes ONLY when KAS uses Route with explicit hostname

IBM Cloud Platform:

• Never labels routes (uses different routing mechanism)

Internal Routes ¶

Note that internal routes (*.apps.<cluster>.hypershift.local) are ALWAYS labeled for HCP router regardless of this function's return value. This function only controls EXTERNAL route labeling. Internal routes are handled separately in ReconcileInternalRoute().

Architecture Reference ¶

For complete details on the HCP ingress architecture, see HCP_INGRESS_ARCHITECTURE.md in the repository root, which documents the full decision flow, code references, and interaction between route labeling and router service creation.

Returns true when routes should be labeled for HCP router; false when routes should use the management cluster router.

func MachineCIDRs ¶

func MachineCIDRs(machineNetwork []hyperv1.MachineNetworkEntry) []string

func MachineNetworksToList ¶

func MachineNetworksToList(machineNetwork []hyperv1.MachineNetworkEntry) string

MachineNetworksToList converts a list of MachineNetworkEntry to a comma separated list of CIDRs.

func MarkHCPRouteLabelForRemoval ¶

func MarkHCPRouteLabelForRemoval(target crclient.Object)

MarkHCPRouteLabelForRemoval sets the HCP route label to a special marker value that tells preserveOriginalMetadata (used by ApplyManifest) to remove it. This is needed when using the component framework with ApplyManifest, as opposed to createOrUpdate which directly modifies the existing object.

func ReconcileExternalRoute ¶

func ReconcileExternalRoute(route *routev1.Route, hostname string, defaultIngressDomain string, serviceName string, labelHCPRoutes bool) error

func ReconcileInternalRoute ¶

func ReconcileInternalRoute(route *routev1.Route, hcName string, serviceName string) error

func RemoveHCPRouteLabel ¶

func RemoveHCPRouteLabel(target crclient.Object)

func ResolveDNSHostname ¶

func ResolveDNSHostname(ctx context.Context, hostName string) error

ResolveDNSHostname receives a hostname string and tries to resolve it. Returns error if the host can't be resolved.

func ServiceCIDRs ¶

func ServiceCIDRs(serviceNetwork []hyperv1.ServiceNetworkEntry) []string

func ServiceExternalDNSHostname ¶

func ServiceExternalDNSHostname(hcp *hyperv1.HostedControlPlane, serviceType hyperv1.ServiceType) string

func ServiceExternalDNSHostnameByHC ¶

func ServiceExternalDNSHostnameByHC(hc *hyperv1.HostedCluster, serviceType hyperv1.ServiceType) string

func ServicePublishingStrategyByTypeByHC ¶

func ServicePublishingStrategyByTypeByHC(hc *hyperv1.HostedCluster, svcType hyperv1.ServiceType) *hyperv1.ServicePublishingStrategy

func ServicePublishingStrategyByTypeForHCP ¶

func ServicePublishingStrategyByTypeForHCP(hcp *hyperv1.HostedControlPlane, svcType hyperv1.ServiceType) *hyperv1.ServicePublishingStrategy

func ShortenName ¶

func ShortenName(base, suffix string, maxLength int) string

ShortenName returns a name given a base ("deployment-5") and a suffix ("deploy") It will first attempt to join them with a dash. If the resulting name is longer than maxLength: if the suffix is too long, it will truncate the base name and add an 8-character hash of the [base]-[suffix] string. If the suffix is not too long, it will truncate the base, add the hash of the base and return [base]-hash-[suffix] Source: openshift/origin v3.9.0 pkg/api/apihelpers/namer.go

func ShortenRouteHostnameIfNeeded ¶

func ShortenRouteHostnameIfNeeded(name, namespace string, baseDomain string) string

ShortenRouteHostnameIfNeeded will return a shortened hostname if the route hostname will exceed the allowed DNS name size. If the hostname is not too long, an empty string is returned so that the default can be used.

func UseDedicatedDNS ¶

func UseDedicatedDNS(hcp *hyperv1.HostedControlPlane, svcType hyperv1.ServiceType) bool

func UseDedicatedDNSByHC ¶

func UseDedicatedDNSByHC(hc *hyperv1.HostedCluster, svcType hyperv1.ServiceType) bool

func UseDedicatedDNSForKAS ¶

func UseDedicatedDNSForKAS(hcp *hyperv1.HostedControlPlane) bool

func UseDedicatedDNSForKASByHC ¶

func UseDedicatedDNSForKASByHC(hc *hyperv1.HostedCluster) bool