chore(repo): sync with upstream scaleway CCM repo (#5)

* feat(instance): avoid missing Node Refs for Private Network Instances without pnNIC

Signed-off-by: Steffen Karlsson <steffen.karlsson@gmail.com>

* fix(instances,lb): propagate IPAM errors and harden backend pool updates (scaleway#213)

Prevent nodes from being initialized without InternalIPs when IPAM
queries fail transiently. By returning errors instead of only logging
warnings, the node keeps its uninitialized taint and Kubernetes retries
until IPAM is available.

Additionally, use internal IPs when the service annotation
scw-loadbalancer-pn-ids is set (not just the global PN_ID env var),
and refuse to clear existing LB backends when no replacement IPs are
found.

Co-authored-by: Nicklas Frahm <nfm@corti.ai>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

* feat: env to disable tags sync from ccm

* fix(examples): update container image for CCM

Signed-off-by: Nicklas Frahm <nfm@corti.ai>

* Update Scaleway CCM image version

Signed-off-by: Andreas Wachs <awa@corti.ai>

* Update Scaleway CCM image version to v0.36.0-kommodity.3

Signed-off-by: Andreas Wachs <awa@corti.ai>

* WIP

Signed-off-by: Andreas Wachs <awa@corti.ai>

* Update k8s-scaleway-ccm-latest.yml

Signed-off-by: Andreas Wachs <awa@corti.ai>

---------

Signed-off-by: Steffen Karlsson <steffen.karlsson@gmail.com>
Signed-off-by: Nicklas Frahm <nfm@corti.ai>
Signed-off-by: Andreas Wachs <awa@corti.ai>
Co-authored-by: Steffen Karlsson <steffen.karlsson@gmail.com>
Co-authored-by: Jérémy THERIN <jtherin@users.noreply.github.com>
Co-authored-by: Nicklas Frahm <nfm@corti.ai>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Jeremy THERIN <jtherin@scaleway.com>

Author: 5 people

scaleway/cloud.go

@@ -44,6 +44,7 @@ const (
 	extraUserAgentEnv = "EXTRA_USER_AGENT"
 	// disableInterfacesEnv is the environment variable used to disable some cloud interfaces
 	disableInterfacesEnv      = "DISABLE_INTERFACES"
+	disableTagsSyncEnv        = "DISABLE_TAGS_SYNC"
 	instancesInterfaceName    = "instances"
 	loadBalancerInterfaceName = "loadbalancer"
 	zonesInterfaceName        = "zones"
@@ -129,9 +130,10 @@ func (c *cloud) Initialize(clientBuilder cloudprovider.ControllerClientBuilder,
 
 	klog.Infof("clientset initialized")
 
-	c.syncController = newSyncController(c.client, c.client.kubernetes, cacheUpdateFrequency)
-
-	go c.syncController.Run(stop)
+	if os.Getenv(disableTagsSyncEnv) == "" {
+		c.syncController = newSyncController(c.client, c.client.kubernetes, cacheUpdateFrequency)
+		go c.syncController.Run(stop)
+	}
 }
 
 func (c *cloud) LoadBalancer() (cloudprovider.LoadBalancer, bool) {

scaleway/instances.go

@@ -181,7 +181,8 @@ func (i *instances) instanceAddresses(server *scwinstance.Server) ([]v1.NodeAddr
 	// Try to get private network IPs
 	privateAddresses, err := i.getPrivateNetworkAddresses(server)
 	if err != nil {
-		klog.Warningf("error getting private network addresses for node %s: %v", server.Name, err)
+		klog.Warningf("failed to get private network addresses for node %s: %v", server.Name, err)
+		return nil, fmt.Errorf("failed to get private network addresses for node %s: %w", server.Name, err)
 	}
 
 	if len(privateAddresses) > 0 {
@@ -235,8 +236,8 @@ func (i *instances) getPrivateNetworkAddresses(server *scwinstance.Server) ([]v1
 	for _, pNIC := range server.PrivateNics {
 		nicAddresses, err := i.getIPsForPrivateNIC(server, pNIC, region)
 		if err != nil {
-			klog.Warningf("error getting IPs for private NIC %s on node %s: %v", pNIC.ID, server.Name, err)
-			continue
+			klog.Warningf("failed to query IPAM for node %s: %v", server.Name, err)
+			return addresses, fmt.Errorf("failed to query IPAM for node %s: %w", server.Name, err)
 		}
 		addresses = append(addresses, nicAddresses...)
 	}

scaleway/loadbalancers.go

@@ -608,7 +608,7 @@ func (l *loadbalancers) updateLoadBalancer(ctx context.Context, loadbalancer *sc
 	}
 
 	var targetIPs []string
-	if getForceInternalIP(service) || l.pnID != "" {
+	if getForceInternalIP(service) || l.pnID != "" || len(getPrivateNetworkIDs(service)) > 0 {
 		targetIPs = extractNodesInternalIps(nodes)
 		klog.V(3).Infof("using internal nodes ips: %s on loadbalancer %s", strings.Join(targetIPs, ","), loadbalancer.ID)
 	} else {
@@ -700,6 +700,13 @@ func (l *loadbalancers) updateLoadBalancer(ctx context.Context, loadbalancer *sc
 
 		// Update backend servers
 		if !stringArrayEqual(backend.Pool, targetIPs) {
+			// Safety: refuse to clear existing backends when no replacement IPs are found
+			if len(targetIPs) == 0 && len(backend.Pool) > 0 {
+				klog.Warningf("refusing to clear backend pool for backend %s on loadbalancer %s — keeping %d existing servers",
+					backend.ID, loadbalancer.ID, len(backend.Pool))
+				continue
+			}
+
 			klog.V(3).Infof("update server list for backend: %s port: %d loadbalancer: %s", backend.ID, port.NodePort, loadbalancer.ID)
 			if _, err := l.api.SetBackendServers(&scwlb.ZonedAPISetBackendServersRequest{
 				Zone:      loadbalancer.Zone,