Add vsphere failure domain validation

aws · Feb 14, 2025 · 118e5de · 118e5de
1 parent 7ac7afd
commit 118e5de
Show file tree

Hide file tree

Showing 6 changed files with 385 additions and 23 deletions.
diff --git a/pkg/api/v1alpha1/cluster_types.go b/pkg/api/v1alpha1/cluster_types.go
@@ -966,6 +966,9 @@ const (
 	// MachineConfigInvalidReason reports that the Cluster machineconfig validation has failed.
 	MachineConfigInvalidReason FailureReasonType = "MachineConfigInvalid"
 
+	// FailureDomainInvalidReason reports that the Cluster failure domain validation has failed.
+	FailureDomainInvalidReason FailureReasonType = "FailureDomainInvalid"
+
 	// UnavailableControlPlaneIPReason reports that the Cluster controlPlaneIP is already in use.
 	UnavailableControlPlaneIPReason FailureReasonType = "UnavailableControlPlaneIP"
 

diff --git a/pkg/providers/vsphere/reconciler/reconciler.go b/pkg/providers/vsphere/reconciler/reconciler.go
@@ -122,6 +122,7 @@ func (r *Reconciler) Reconcile(ctx context.Context, log logr.Logger, cluster *an
 		r.ipValidator.ValidateControlPlaneIP,
 		r.ValidateDatacenterConfig,
 		r.ValidateMachineConfigs,
+		r.ValidateFailureDomains,
 		clusters.CleanupStatusAfterValidate,
 		r.ReconcileFailureDomains,
 		r.ReconcileControlPlane,
@@ -173,6 +174,23 @@ func (r *Reconciler) ValidateMachineConfigs(ctx context.Context, log logr.Logger
 	return controller.Result{}, nil
 }
 
+// ValidateFailureDomains performs validations for the provided failure domains and the assigned failure domains in worker node group.
+func (r *Reconciler) ValidateFailureDomains(_ context.Context, log logr.Logger, clusterSpec *c.Spec) (controller.Result, error) {
+	if features.IsActive(features.VsphereFailureDomainEnabled()) {
+		log = log.WithValues("phase", "validateFailureDomains")
+
+		vsphereClusterSpec := vsphere.NewSpec(clusterSpec)
+
+		if err := r.validator.ValidateFailureDomains(vsphereClusterSpec); err != nil {
+			log.Error(err, "Invalid Failure domain setup")
+			failureMessage := err.Error()
+			clusterSpec.Cluster.SetFailure(anywherev1.FailureDomainInvalidReason, failureMessage)
+			return controller.ResultWithReturn(), nil
+		}
+	}
+	return controller.Result{}, nil
+}
+
 // ReconcileFailureDomains applies the Vsphere FailureDomain objects to the cluster.
 // It also takes care of  deleting the old Vsphere FailureDomains that are not in in the cluster spec anymore.
 func (r *Reconciler) ReconcileFailureDomains(ctx context.Context, log logr.Logger, spec *c.Spec) (controller.Result, error) {

diff --git a/pkg/providers/vsphere/reconciler/reconciler_test.go b/pkg/providers/vsphere/reconciler/reconciler_test.go
@@ -188,6 +188,73 @@ func TestReconcilerFailureDomainsSuccess(t *testing.T) {
 	features.ClearCache()
 }
 
+func TestValidateFailureDomainsSuccess(t *testing.T) {
+	features.ClearCache()
+	t.Setenv(features.VSphereFailureDomainEnabledEnvVar, "true")
+	tt := newReconcilerTest(t)
+	tt.eksaSupportObjs = append(tt.eksaSupportObjs, test.CAPICluster(func(c *clusterv1.Cluster) {
+		c.Name = tt.cluster.Name
+	}))
+	tt.createAllObjs()
+
+	spec := tt.buildSpec()
+	spec.VSphereDatacenter.Spec.Server = "myServer"
+	spec.VSphereDatacenter.Spec.Datacenter = "myDatacenter"
+	spec.VSphereDatacenter.Spec.Network = "/myDatacenter/network/myNetwork"
+	spec.VSphereDatacenter.Spec.FailureDomains = []anywherev1.FailureDomain{
+		{
+			Name:           "fd-1",
+			ComputeCluster: "myComputeCluster",
+			ResourcePool:   "myResourcePool",
+			Datastore:      "myDatastore",
+			Folder:         "myFolder",
+			Network:        "/myDatacenter/network/myNetwork",
+		},
+	}
+
+	result, err := tt.reconciler().ValidateFailureDomains(tt.ctx, test.NewNullLogger(), spec)
+
+	tt.Expect(err).NotTo(HaveOccurred())
+	tt.Expect(tt.cluster.Status.FailureMessage).To(BeZero())
+	tt.Expect(tt.cluster.Status.FailureReason).To(BeZero())
+	tt.Expect(result).To(Equal(controller.Result{}))
+	features.ClearCache()
+}
+
+func TestValidateFailureDomainsFailure(t *testing.T) {
+	features.ClearCache()
+	t.Setenv(features.VSphereFailureDomainEnabledEnvVar, "true")
+	tt := newReconcilerTest(t)
+	tt.eksaSupportObjs = append(tt.eksaSupportObjs, test.CAPICluster(func(c *clusterv1.Cluster) {
+		c.Name = tt.cluster.Name
+	}))
+	tt.createAllObjs()
+
+	spec := tt.buildSpec()
+	spec.Cluster.Spec.WorkerNodeGroupConfigurations[0].FailureDomains = []string{"fd-2"}
+	spec.VSphereDatacenter.Spec.Server = "myServer"
+	spec.VSphereDatacenter.Spec.Datacenter = "myDatacenter"
+	spec.VSphereDatacenter.Spec.Network = "/myDatacenter/network/myNetwork"
+	spec.VSphereDatacenter.Spec.FailureDomains = []anywherev1.FailureDomain{
+		{
+			Name:           "fd-1",
+			ComputeCluster: "myComputeCluster",
+			ResourcePool:   "myResourcePool",
+			Datastore:      "myDatastore",
+			Folder:         "myFolder",
+			Network:        "/myDatacenter/network/myNetwork",
+		},
+	}
+
+	result, err := tt.reconciler().ValidateFailureDomains(tt.ctx, test.NewNullLogger(), spec)
+
+	tt.Expect(err).To(BeNil(), "error should be nil to prevent requeue")
+	tt.Expect(result).To(Equal(controller.Result{Result: &reconcile.Result{}}), "result should stop reconciliation")
+	tt.Expect(tt.cluster.Status.FailureMessage).To(HaveValue(ContainSubstring("provided invalid failure domain")))
+	tt.Expect(tt.cluster.Status.FailureReason).To(HaveValue(Equal(anywherev1.FailureDomainInvalidReason)))
+	features.ClearCache()
+}
+
 func TestReconcilerReconcileInvalidDatacenterConfig(t *testing.T) {
 	tt := newReconcilerTest(t)
 	logger := test.NewNullLogger()

diff --git a/pkg/providers/vsphere/validator.go b/pkg/providers/vsphere/validator.go
@@ -12,6 +12,7 @@ import (
 	"gopkg.in/yaml.v2"
 
 	anywherev1 "github.com/aws/eks-anywhere/pkg/api/v1alpha1"
+	"github.com/aws/eks-anywhere/pkg/collection"
 	"github.com/aws/eks-anywhere/pkg/config"
 	"github.com/aws/eks-anywhere/pkg/features"
 	"github.com/aws/eks-anywhere/pkg/govmomi"
@@ -90,10 +91,40 @@ func (v *Validator) ValidateVCenterConfig(ctx context.Context, datacenterConfig
 }
 
 // ValidateFailureDomains validates the provided list of failure domains.
-func (v *Validator) ValidateFailureDomains(datacenterConfig *anywherev1.VSphereDatacenterConfig) error {
-	if !features.IsActive(features.VsphereFailureDomainEnabled()) && len(datacenterConfig.Spec.FailureDomains) > 0 {
-		return fmt.Errorf("Failure Domains feature is not enabled. Please set the env variable %v", features.VSphereFailureDomainEnabledEnvVar)
+func (v *Validator) ValidateFailureDomains(vsphereClusterSpec *Spec) error {
+	if !features.IsActive(features.VsphereFailureDomainEnabled()) {
+		if len(vsphereClusterSpec.VSphereDatacenter.Spec.FailureDomains) > 0 {
+			return fmt.Errorf("Failure Domains feature is not enabled. Please set the env variable %v", features.VSphereFailureDomainEnabledEnvVar)
+		}
+		return nil
+	}
+
+	if err := vsphereClusterSpec.VSphereDatacenter.Validate(); err != nil {
+		return err
 	}
+
+	providedFailureDomiains := collection.MapSet(vsphereClusterSpec.VSphereDatacenter.Spec.FailureDomains, func(fd anywherev1.FailureDomain) string {
+		return fd.Name
+	})
+
+	for _, wng := range vsphereClusterSpec.Cluster.Spec.WorkerNodeGroupConfigurations {
+
+		if len(wng.FailureDomains) == 0 {
+			continue
+		}
+
+		if len(wng.FailureDomains) > 1 {
+			return fmt.Errorf("multiple failure domains provided in the worker node group: %s. Please provide only one failure domain", wng.Name)
+		}
+
+		assignedFailureDomain := wng.FailureDomains[0]
+
+		if !providedFailureDomiains.Contains(assignedFailureDomain) {
+			return fmt.Errorf("provided invalid failure domain %s in the worker node group %s", assignedFailureDomain, wng.Name)
+		}
+
+	}
+
 	return nil
 }