From 9868bac1ff2a131acfb4ed10efb89e35af77b8fd Mon Sep 17 00:00:00 2001 From: "M. Oleske" Date: Fri, 24 May 2024 15:54:50 -0700 Subject: [PATCH 1/2] Mostly remove internal_route_vip_range - cf-networking-release expects a bosh link to consume for us, so we can actually remove the property til they stop wanting it - https://github.com/cloudfoundry/cf-networking-release/blob/a0b0fc7de7d3dd8564e3ab1fbb0f5b4f7e29791f/jobs/garden-cni/spec#L11-L13 --- jobs/cloud_controller_ng/spec | 6 +--- .../templates/cloud_controller_ng.yml.erb | 10 ------- jobs/cloud_controller_worker/spec | 6 +--- .../templates/cloud_controller_ng.yml.erb | 10 ------- .../cloud_controller_ng_spec.rb | 29 ------------------- 5 files changed, 2 insertions(+), 59 deletions(-) diff --git a/jobs/cloud_controller_ng/spec b/jobs/cloud_controller_ng/spec index edba23a9d5..794cc41bec 100644 --- a/jobs/cloud_controller_ng/spec +++ b/jobs/cloud_controller_ng/spec @@ -1275,11 +1275,7 @@ properties: cc.internal_route_vip_range: default: "127.128.0.0/9" - description: "The IPv4 CIDR range of virtual IP addresses to be assigned to routes on internal domains. - WARNING: Changing this range is not supported, and has undefined behaviors. - It is recommended to leave this value as the default. - If this range is changed, it is likely the routes on the internal service mesh domain - will need to be recreated." + description: "This is only here cause cf networking needs it, we should coordinate a delete with them" cc.log_audit_events: default: true diff --git a/jobs/cloud_controller_ng/templates/cloud_controller_ng.yml.erb b/jobs/cloud_controller_ng/templates/cloud_controller_ng.yml.erb index b96d36fa38..43bcc51266 100644 --- a/jobs/cloud_controller_ng/templates/cloud_controller_ng.yml.erb +++ b/jobs/cloud_controller_ng/templates/cloud_controller_ng.yml.erb @@ -569,16 +569,6 @@ perm: max_labels_per_resource: <%= p("cc.max_labels_per_resource") %> max_annotations_per_resource: <%= p("cc.max_annotations_per_resource") %> -<% - internal_vip_range = p("cc.internal_route_vip_range") - raise StandardError.new("invalid cc.internal_route_vip_range: #{internal_vip_range}") unless internal_vip_range =~ /\A (?:\d{1,3}\.){3} \d{1,3} \/ \d{1,3} \z/x - - parts = internal_vip_range.split(/[\.\/]/).map(&:to_i) - raise StandardError.new("invalid cc.internal_route_vip_range: #{internal_vip_range}") if parts[0..3].any? {|x| x > 255} || parts[4] > 32 -%> - -internal_route_vip_range: <%= internal_vip_range %> - threadpool_size: <%= p("cc.experimental.thin_server.thread_pool_size") %> default_app_lifecycle: <%= p("cc.default_app_lifecycle") %> diff --git a/jobs/cloud_controller_worker/spec b/jobs/cloud_controller_worker/spec index b1a6bcddcf..46a6b2f472 100644 --- a/jobs/cloud_controller_worker/spec +++ b/jobs/cloud_controller_worker/spec @@ -585,11 +585,7 @@ properties: cc.internal_route_vip_range: default: "127.128.0.0/9" - description: "The IPv4 CIDR range of virtual IP addresses to be assigned to routes on internal domains. - WARNING: Changing this range is not supported, and has undefined behaviors. - It is recommended to leave this value as the default. - If this range is changed, it is likely the routes on the internal service mesh domain - will need to be recreated." + description: "This is only here cause cf networking needs it, we should coordinate a delete with them" cc.loggregator.internal_url: description: "Internal URL used to communicate with traffic_controller" diff --git a/jobs/cloud_controller_worker/templates/cloud_controller_ng.yml.erb b/jobs/cloud_controller_worker/templates/cloud_controller_ng.yml.erb index f73bad3e16..636e5b0994 100644 --- a/jobs/cloud_controller_worker/templates/cloud_controller_ng.yml.erb +++ b/jobs/cloud_controller_worker/templates/cloud_controller_ng.yml.erb @@ -342,16 +342,6 @@ perform_blob_cleanup: <%= p("cc.perform_blob_cleanup") %> system_domain: <%= p("system_domain") %> system_hostnames: <%= link("cloud_controller_internal").p("cc.system_hostnames") %> -<% - internal_vip_range = p("cc.internal_route_vip_range") - raise StandardError.new("invalid cc.internal_route_vip_range: #{internal_vip_range}") unless internal_vip_range =~ /\A (?:\d{1,3}\.){3} \d{1,3} \/ \d{1,3} \z/x - - parts = internal_vip_range.split(/[\.\/]/).map(&:to_i) - raise StandardError.new("invalid cc.internal_route_vip_range: #{internal_vip_range}") if parts[0..3].any? {|x| x > 255} || parts[4] > 32 -%> - -internal_route_vip_range: <%= internal_vip_range %> - disable_private_domain_cross_space_context_path_route_sharing: <%= link("cloud_controller_internal").p("cc.disable_private_domain_cross_space_context_path_route_sharing") %> max_labels_per_resource: <%= link("cloud_controller_internal").p("cc.max_labels_per_resource") %> diff --git a/spec/cloud_controller_ng/cloud_controller_ng_spec.rb b/spec/cloud_controller_ng/cloud_controller_ng_spec.rb index 6f4855f6ac..df73828f73 100644 --- a/spec/cloud_controller_ng/cloud_controller_ng_spec.rb +++ b/spec/cloud_controller_ng/cloud_controller_ng_spec.rb @@ -195,35 +195,6 @@ module Test end end - describe 'internal route vip range' do - it 'has a default range' do - rendered_hash = YAML.safe_load(template.render(merged_manifest_properties, consumes: links)) - expect(rendered_hash['internal_route_vip_range']).to eq('127.128.0.0/9') - end - - describe 'when a range is specified in manifest properties' do - it 'validates they are valid CIDRs' do - merged_manifest_properties['cc']['internal_route_vip_range'] = '10.16.255.0/777' - expect do - YAML.safe_load(template.render(merged_manifest_properties, consumes: links)) - end.to raise_error(StandardError, 'invalid cc.internal_route_vip_range: 10.16.255.0/777') - end - - it 'does not allow ipv6 addresses' do - merged_manifest_properties['cc']['internal_route_vip_range'] = '2001:0db8:85a3:0000:0000:8a2e:0370:7334/21' - expect do - YAML.safe_load(template.render(merged_manifest_properties, consumes: links)) - end.to raise_error(StandardError, 'invalid cc.internal_route_vip_range: 2001:0db8:85a3:0000:0000:8a2e:0370:7334/21') - end - - it 'renders valid CIDRs' do - merged_manifest_properties['cc']['internal_route_vip_range'] = '10.16.255.0/24' - rendered_hash = YAML.safe_load(template.render(merged_manifest_properties, consumes: links)) - expect(rendered_hash['internal_route_vip_range']).to eq('10.16.255.0/24') - end - end - end - describe 'database_encryption block' do context 'when the database_encryption block is not present' do before do From c0c8425dab62e37aba0906832403996fb14df402 Mon Sep 17 00:00:00 2001 From: "M. Oleske" Date: Wed, 27 Aug 2025 18:49:36 -0700 Subject: [PATCH 2/2] Real remomve from spec since it is gone from cf networking --- jobs/cloud_controller_ng/spec | 9 --------- jobs/cloud_controller_worker/spec | 4 ---- 2 files changed, 13 deletions(-) diff --git a/jobs/cloud_controller_ng/spec b/jobs/cloud_controller_ng/spec index 794cc41bec..fe42f968df 100644 --- a/jobs/cloud_controller_ng/spec +++ b/jobs/cloud_controller_ng/spec @@ -111,10 +111,6 @@ provides: - cc.mutual_tls.ca_cert - cc.prom_metrics_server_tls_port - cc.prom_scraper_tls.ca_cert -- name: cloud_controller_container_networking_info - type: cloud_controller_container_networking_info - properties: - - cc.internal_route_vip_range - name: cloud_controller_internal type: cloud_controller_internal properties: @@ -216,7 +212,6 @@ provides: - cc.temporary_enable_v2 - cc.tls_port - cc.uaa.client_timeout - - cc.internal_route_vip_range - cc.volume_services_enabled - credhub_api.ca_cert - credhub_api.hostname @@ -1273,10 +1268,6 @@ properties: description: "Controls whether CredHub credentials are automatically interpolated in VCAP_SERVICES" default: true - cc.internal_route_vip_range: - default: "127.128.0.0/9" - description: "This is only here cause cf networking needs it, we should coordinate a delete with them" - cc.log_audit_events: default: true description: "Log audit events" diff --git a/jobs/cloud_controller_worker/spec b/jobs/cloud_controller_worker/spec index 46a6b2f472..f5e94d7b89 100644 --- a/jobs/cloud_controller_worker/spec +++ b/jobs/cloud_controller_worker/spec @@ -583,10 +583,6 @@ properties: description: "Maximum PID limit for containerized work running user-provided code" default: 1024 - cc.internal_route_vip_range: - default: "127.128.0.0/9" - description: "This is only here cause cf networking needs it, we should coordinate a delete with them" - cc.loggregator.internal_url: description: "Internal URL used to communicate with traffic_controller" default: "http://loggregator-trafficcontroller.service.cf.internal:8081"