feat(instance): avoid missing Node Refs for Private Network Instances without pnNIC

steffen-karlsson · steffen-karlsson · commit 8cbe826b0b0e · 2026-01-27T22:28:57.000+01:00
Signed-off-by: Steffen Karlsson &lt;steffen.karlsson@gmail.com&gt;
diff --git a/scaleway/instances.go b/scaleway/instances.go
@@ -178,49 +178,90 @@ func (i *instances) instanceAddresses(server *scwinstance.Server) ([]v1.NodeAddr
 		}
 	}
 
-	var pnNIC *scwinstance.PrivateNIC
+	// Try to get private network IPs
+	privateAddresses, err := i.getPrivateNetworkAddresses(server)
+	if err != nil {
+		klog.Warningf("error getting private network addresses for node %s: %v", server.Name, err)
+	}
+
+	if len(privateAddresses) > 0 {
+		addresses = append(addresses, privateAddresses...)
+		return addresses, nil
+	}
+
+	// fallback to legacy private ip
+	if server.PrivateIP != nil && *server.PrivateIP != "" {
+		addresses = append(
+			addresses,
+			v1.NodeAddress{Type: v1.NodeInternalIP, Address: *server.PrivateIP},
+			v1.NodeAddress{Type: v1.NodeInternalDNS, Address: fmt.Sprintf("%s.priv.instances.scw.cloud", server.ID)},
+		)
+	}
+
+	return addresses, nil
+}
+
+// getPrivateNetworkAddresses returns private network IPs for the server.
+// If pnID is configured, it only looks up IPs for that specific private network.
+// If pnID is not configured, it iterates through all private NICs and returns all found IPs.
+func (i *instances) getPrivateNetworkAddresses(server *scwinstance.Server) ([]v1.NodeAddress, error) {
+	if len(server.PrivateNics) == 0 {
+		return nil, nil
+	}
+
+	region, err := server.Zone.Region()
+	if err != nil {
+		return nil, fmt.Errorf("unable to get region from zone %s: %v", server.Zone, err)
+	}
+
+	var addresses []v1.NodeAddress
+
+	// If a specific private network ID is configured, only look for that one
 	if i.pnID != "" {
 		for _, pNIC := range server.PrivateNics {
 			if pNIC.PrivateNetworkID == i.pnID {
-				pnNIC = pNIC
-				break
+				nicAddresses, err := i.getIPsForPrivateNIC(server, pNIC, region)
+				if err != nil {
+					return nil, err
+				}
+				return nicAddresses, nil
 			}
 		}
+		// Configured pnID not found in server's private NICs
+		return nil, nil
 	}
 
-	if pnNIC != nil {
-		region, _ := server.Zone.Region()
-		ips, err := i.ipam.ListIPs(&scwipam.ListIPsRequest{
-			ProjectID:    &server.Project,
-			ResourceType: scwipam.ResourceTypeInstancePrivateNic,
-			ResourceID:   &pnNIC.ID,
-			IsIPv6:       scw.BoolPtr(false),
-			Region:       region,
-		})
+	// No specific pnID configured - iterate through all private NICs
+	for _, pNIC := range server.PrivateNics {
+		nicAddresses, err := i.getIPsForPrivateNIC(server, pNIC, region)
 		if err != nil {
-			return addresses, fmt.Errorf("unable to query ipam for node %s: %v", server.Name, err)
-		}
-
-		if len(ips.IPs) == 0 {
-			return addresses, fmt.Errorf("no private network ip for node %s", server.Name)
+			klog.Warningf("error getting IPs for private NIC %s on node %s: %v", pNIC.ID, server.Name, err)
+			continue
 		}
+		addresses = append(addresses, nicAddresses...)
+	}
 
-		for _, nicIP := range ips.IPs {
-			addresses = append(
-				addresses,
-				v1.NodeAddress{Type: v1.NodeInternalIP, Address: nicIP.Address.IP.String()},
-			)
-		}
+	return addresses, nil
+}
 
-		return addresses, nil
+// getIPsForPrivateNIC queries IPAM for IPs assigned to a specific private NIC
+func (i *instances) getIPsForPrivateNIC(server *scwinstance.Server, pNIC *scwinstance.PrivateNIC, region scw.Region) ([]v1.NodeAddress, error) {
+	ips, err := i.ipam.ListIPs(&scwipam.ListIPsRequest{
+		ProjectID:    &server.Project,
+		ResourceType: scwipam.ResourceTypeInstancePrivateNic,
+		ResourceID:   &pNIC.ID,
+		IsIPv6:       scw.BoolPtr(false),
+		Region:       region,
+	})
+	if err != nil {
+		return nil, fmt.Errorf("unable to query ipam for node %s NIC %s: %v", server.Name, pNIC.ID, err)
 	}
 
-	// fallback to legacy private ip
-	if server.PrivateIP != nil && *server.PrivateIP != "" {
+	var addresses []v1.NodeAddress
+	for _, nicIP := range ips.IPs {
 		addresses = append(
 			addresses,
-			v1.NodeAddress{Type: v1.NodeInternalIP, Address: *server.PrivateIP},
-			v1.NodeAddress{Type: v1.NodeInternalDNS, Address: fmt.Sprintf("%s.priv.instances.scw.cloud", server.ID)},
+			v1.NodeAddress{Type: v1.NodeInternalIP, Address: nicIP.Address.IP.String()},
 		)
 	}
 
diff --git a/scaleway/instances_test.go b/scaleway/instances_test.go
@@ -23,6 +23,7 @@ import (
 	"testing"
 
 	scwinstance "github.com/scaleway/scaleway-sdk-go/api/instance/v1"
+	scwipam "github.com/scaleway/scaleway-sdk-go/api/ipam/v1"
 	"github.com/scaleway/scaleway-sdk-go/scw"
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -134,6 +135,59 @@ func newFakeInstanceAPI() *fakeInstanceAPI {
 				CommercialType: "GP1-XS",
 				State:          scwinstance.ServerStateStarting,
 			},
+			// a server with private network only (no public IP)
+			"private-only-server-id": {
+				Zone:           "fr-par-2",
+				Name:           "scw-private-only",
+				CommercialType: "PLAY2-NANO",
+				State:          scwinstance.ServerStateRunning,
+				Project:        "test-project",
+				PrivateNics: []*scwinstance.PrivateNIC{
+					{
+						ID:               "nic-private-only",
+						PrivateNetworkID: "pn-12345",
+					},
+				},
+			},
+			// a server with both public and private network
+			"both-networks-server-id": {
+				Zone:           "fr-par-2",
+				Name:           "scw-both-networks",
+				CommercialType: "PLAY2-NANO",
+				State:          scwinstance.ServerStateRunning,
+				Project:        "test-project",
+				PublicIPs: []*scwinstance.ServerIP{
+					{
+						Address:          net.ParseIP("51.159.100.1"),
+						ProvisioningMode: scwinstance.ServerIPProvisioningModeDHCP,
+						Family:           scwinstance.ServerIPIPFamilyInet,
+					},
+				},
+				PrivateNics: []*scwinstance.PrivateNIC{
+					{
+						ID:               "nic-both-networks",
+						PrivateNetworkID: "pn-12345",
+					},
+				},
+			},
+			// a server with multiple private networks
+			"multi-pn-server-id": {
+				Zone:           "fr-par-2",
+				Name:           "scw-multi-pn",
+				CommercialType: "PLAY2-NANO",
+				State:          scwinstance.ServerStateRunning,
+				Project:        "test-project",
+				PrivateNics: []*scwinstance.PrivateNIC{
+					{
+						ID:               "nic-private-only",
+						PrivateNetworkID: "pn-12345",
+					},
+					{
+						ID:               "nic-other-pn",
+						PrivateNetworkID: "pn-67890",
+					},
+				},
+			},
 		},
 	}
 }
@@ -171,9 +225,65 @@ func (f *fakeInstanceAPI) GetServer(req *scwinstance.GetServerRequest, opts ...s
 	}, nil
 }
 
+// fakeIPAMAPI implements IPAMAPI for testing
+type fakeIPAMAPI struct {
+	// IPs maps NIC ID to list of IPs
+	IPs map[string][]*scwipam.IP
+}
+
+func newFakeIPAMAPI() *fakeIPAMAPI {
+	return &fakeIPAMAPI{
+		IPs: map[string][]*scwipam.IP{
+			// IPs for private NIC on server with private network only
+			"nic-private-only": {
+				{
+					Address: scw.IPNet{IPNet: net.IPNet{IP: net.ParseIP("10.200.0.5"), Mask: net.CIDRMask(20, 32)}},
+				},
+			},
+			// IPs for private NIC on server with both public and private
+			"nic-both-networks": {
+				{
+					Address: scw.IPNet{IPNet: net.IPNet{IP: net.ParseIP("10.200.0.10"), Mask: net.CIDRMask(20, 32)}},
+				},
+			},
+			// IPs for another private network
+			"nic-other-pn": {
+				{
+					Address: scw.IPNet{IPNet: net.IPNet{IP: net.ParseIP("192.168.1.5"), Mask: net.CIDRMask(24, 32)}},
+				},
+			},
+		},
+	}
+}
+
+func (f *fakeIPAMAPI) ListIPs(req *scwipam.ListIPsRequest, opts ...scw.RequestOption) (*scwipam.ListIPsResponse, error) {
+	if req.ResourceID == nil {
+		return &scwipam.ListIPsResponse{IPs: []*scwipam.IP{}}, nil
+	}
+
+	ips, ok := f.IPs[*req.ResourceID]
+	if !ok {
+		return &scwipam.ListIPsResponse{IPs: []*scwipam.IP{}}, nil
+	}
+
+	return &scwipam.ListIPsResponse{
+		IPs:        ips,
+		TotalCount: uint64(len(ips)),
+	}, nil
+}
+
 func newFakeInstances() *instances {
 	return &instances{
-		api: newFakeInstanceAPI(),
+		api:  newFakeInstanceAPI(),
+		ipam: newFakeIPAMAPI(),
+	}
+}
+
+func newFakeInstancesWithPNID(pnID string) *instances {
+	return &instances{
+		api:  newFakeInstanceAPI(),
+		ipam: newFakeIPAMAPI(),
+		pnID: pnID,
 	}
 }
 
@@ -577,3 +687,80 @@ func TestInstances_InstanceMetadata(t *testing.T) {
 
 	})
 }
+
+func TestInstances_PrivateNetworkAddresses(t *testing.T) {
+	t.Run("PrivateNetworkOnly_NoPNID", func(t *testing.T) {
+		// When no pnID is configured, the CCM should discover private IPs from all NICs
+		instance := newFakeInstances()
+
+		expectedAddresses := []v1.NodeAddress{
+			{Type: v1.NodeHostName, Address: "scw-private-only"},
+			{Type: v1.NodeInternalIP, Address: "10.200.0.5"},
+		}
+
+		returnedAddresses, err := instance.NodeAddressesByProviderID(context.TODO(), "scaleway://instance/fr-par-2/private-only-server-id")
+		AssertNoError(t, err)
+		Equals(t, expectedAddresses, returnedAddresses)
+	})
+
+	t.Run("PrivateNetworkOnly_WithPNID", func(t *testing.T) {
+		// When pnID is configured, only look for that specific private network
+		instance := newFakeInstancesWithPNID("pn-12345")
+
+		expectedAddresses := []v1.NodeAddress{
+			{Type: v1.NodeHostName, Address: "scw-private-only"},
+			{Type: v1.NodeInternalIP, Address: "10.200.0.5"},
+		}
+
+		returnedAddresses, err := instance.NodeAddressesByProviderID(context.TODO(), "scaleway://instance/fr-par-2/private-only-server-id")
+		AssertNoError(t, err)
+		Equals(t, expectedAddresses, returnedAddresses)
+	})
+
+	t.Run("BothNetworks_NoPNID", func(t *testing.T) {
+		// Server with both public and private network, no specific pnID configured
+		instance := newFakeInstances()
+
+		expectedAddresses := []v1.NodeAddress{
+			{Type: v1.NodeHostName, Address: "scw-both-networks"},
+			{Type: v1.NodeExternalIP, Address: "51.159.100.1"},
+			{Type: v1.NodeExternalDNS, Address: "both-networks-server-id.pub.instances.scw.cloud"},
+			{Type: v1.NodeInternalIP, Address: "10.200.0.10"},
+		}
+
+		returnedAddresses, err := instance.NodeAddressesByProviderID(context.TODO(), "scaleway://instance/fr-par-2/both-networks-server-id")
+		AssertNoError(t, err)
+		Equals(t, expectedAddresses, returnedAddresses)
+	})
+
+	t.Run("MultiplePrivateNetworks_NoPNID", func(t *testing.T) {
+		// Server with multiple private networks, no specific pnID configured
+		// Should return IPs from all private networks
+		instance := newFakeInstances()
+
+		expectedAddresses := []v1.NodeAddress{
+			{Type: v1.NodeHostName, Address: "scw-multi-pn"},
+			{Type: v1.NodeInternalIP, Address: "10.200.0.5"},
+			{Type: v1.NodeInternalIP, Address: "192.168.1.5"},
+		}
+
+		returnedAddresses, err := instance.NodeAddressesByProviderID(context.TODO(), "scaleway://instance/fr-par-2/multi-pn-server-id")
+		AssertNoError(t, err)
+		Equals(t, expectedAddresses, returnedAddresses)
+	})
+
+	t.Run("MultiplePrivateNetworks_WithPNID", func(t *testing.T) {
+		// Server with multiple private networks, specific pnID configured
+		// Should only return IPs from the configured private network
+		instance := newFakeInstancesWithPNID("pn-67890")
+
+		expectedAddresses := []v1.NodeAddress{
+			{Type: v1.NodeHostName, Address: "scw-multi-pn"},
+			{Type: v1.NodeInternalIP, Address: "192.168.1.5"},
+		}
+
+		returnedAddresses, err := instance.NodeAddressesByProviderID(context.TODO(), "scaleway://instance/fr-par-2/multi-pn-server-id")
+		AssertNoError(t, err)
+		Equals(t, expectedAddresses, returnedAddresses)
+	})
+}
