Conversation
- nodeAddresses: add nil guard for instance parameter to prevent panic - updateFirewallRule: track deletion errors separately so a successful creation no longer returns a stale deletion error; return changed=false when nothing actually changed - symmetricDifference: add nil guard for instance elements - newCSCloud: improve error message to specify which config fields are required - EnsureLoadBalancer: add warning logs when rules are skipped during IP switch cleanup due to invalid protocol or unparseable port Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add a pre-flight validatePublicIPAvailable() check in EnsureLoadBalancer when switching to a user-specified IP. This prevents leaving the service in a broken state if the target IP is invalid or unavailable — the old config is preserved and the error is returned immediately. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Claude code audit
Address four scenarios where CloudStack public IPs could be permanently leaked: 1. Filter keyword search results in getLoadBalancerByName() with exact prefix matching to prevent CloudStack's LIKE %keyword% from returning rules belonging to other services with overlapping names (e.g., "foo" matching "foobar"). 2. Add lookupPublicIPAddress() helper that checks if an IP is already allocated without associating unallocated IPs. 3. Add annotation-based IP cleanup in EnsureLoadBalancerDeleted() — when no LB rules exist but the service annotation still references an IP, attempt to release it. 4. Add annotation-based IP recovery in EnsureLoadBalancer() — on retry after partial failure, reuse the previously allocated IP found in the service annotation instead of allocating a new one. Also cleans up old IPs during failed IP switch retries. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
fix: Prevent public IP orphaning under partial failure conditions
…p support Replace deprecated spec.LoadBalancerIP with the ServiceAnnotationLoadBalancerAddress annotation as the primary way to request a specific IP. Add ServiceAnnotationLoadBalancerKeepIP annotation to control IP retention on service deletion (breaking change: spec.LoadBalancerIP no longer prevents IP release). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Live IP reassignment adds significant complexity for a feature most cloud providers don't offer. OpenStack (architecturally closest to CloudStack) explicitly declined to implement it. Replace the IP switch branch with a warning event telling users to delete and recreate the service instead. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ookup Store the CloudStack public IP UUID and network UUID as service annotations so that subsequent reconciliation loops can look up load balancer rules by exact ID instead of relying on keyword-based LIKE %keyword% matching. The new getLoadBalancer orchestrator tries ID-based lookup first and falls back to name-based search when annotations are absent or stale. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
feat: Deprecate spec.LoadBalancerIP in favor of annotations
Reorganize documentation from a single monolithic README into topic-based pages under docs/. Remove outdated references to pre-1.17 labels, the old in-tree provider, and the migration guide. Slim README to an overview with links to the new docs. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
docs: Reorganize documentation into docs/ folder
When a service switches from type LoadBalancer to ClusterIP, Kubernetes calls EnsureLoadBalancerDeleted. Previously this left stale CloudStack annotations on the service. Now all 6 LB annotations are removed on successful deletion via the service patcher, but only when the service is not being deleted (DeletionTimestamp is zero) to avoid unnecessary API calls on garbage-collected objects. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
hrak
requested review from
FarnazBGH,
jpsfalcao,
kasperhendriks and
suhasagasthya
suhasagasthya
approved these changes
Mar 5, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR consolidates work from the
developbranch: bug fixes, new annotation-based IP management, and documentation restructuring.Bug fixes
getLoadBalancerByName()to avoid CloudStack LIKE matching false positives, annotation-based IP cleanup/recovery in delete and ensure paths, and a newlookupPublicIPAddress()helpervalidatePublicIPAvailable()check prevents leaving a service broken when a user-specified IP is invalidnodeAddressesandsymmetricDifference, fix stale error tracking inupdateFirewallRule, improved config error messages, warning logs for skipped rulesFeatures
spec.LoadBalancerIPwithcloudstack-load-balancer-addressannotation as the primary way to request a specific IP. Addcloudstack-load-balancer-keep-ipannotation to control IP retention on deletioncloudstack-load-balancer-id) and network UUID (cloudstack-load-balancer-network-id) as annotations for exact ID-based rule lookup instead of keyword LIKE matchingEnsureLoadBalancerDeletedsucceeds (e.g., service type changed from LoadBalancer to ClusterIP), skip cleanup when service is being garbage collectedRefactoring
Documentation
docs/(getting-started, configuration, load-balancer, development). Remove outdated references to pre-1.17 labels and the old in-tree providerTest plan
go test ./cloudstack/...)golangci-lint run)🤖 Generated with Claude Code