Add network connectivity information to Server status

[xkonni]

NetworkCheck indicates the network configuration validation status.
Possible values: Unknown/Pass/Fail, default Unknown.

Proposed Changes

• add a networkCheck field to the servers crd

Fixes #

Allows an inventory check to compare the network definitions in netbox with the information in the crd and report on the outcome

Summary by CodeRabbit

Release Notes

• New Features

  • Introduced ServerNetworkConfig custom resource for defining and validating server network interface configurations
  • Added automated network interface validation that compares configured interfaces against discovered LLDP neighbors and reports mismatches

• Documentation

  • Updated API reference documentation with ServerNetworkConfig types and schema definitions

[afritzler]

Who exactly should react on changes to that field? Also this looks like something which is better kept in the status.conditions.

[xkonni]

it's like a flag to check after buildup, reconfiguration. It will also be present in greenhouse/prometheus.

I agree that status.conditions is a better place.

[afritzler]

What we are doing on our side is setting lables/annotations indicating that the Server is ready for consumption.

[afritzler]

An idiomatic way of doing things like that would be e.g.:

Your controller which talks to netbox writes:

my-operator.io/network-validation-result: success

Then the ServerReconciler could populate e.g. the conditions slice with a corresponding Condition.

Alternatively we can define a dedicated substruct in the status for that e.g.:

status:
  state: Available
  conditions:
    - type: Ready
      # ... other fields ...

  # Managed by some external component
  networkConnectivity:
    status: "Unknown"  # "Ready", "Failure", "Checking"
    lastUpdateTime: "2025-12-10T12:00:00Z"
    message: "Awaiting connectivity check from external service."

The external component should have only PATCH RBAC permissions on the Server resources.

[hardikdr]

IMO this would be a good candidate for the Conditions instead.

[afritzler]

Can you please regenerate the Helm chart files via make helm.

[hardikdr]

Could we use here consts, and enums if we remain with the field?

const (
	NetworkCheckPass    NetworkCheck = "Pass"
	NetworkCheckFail    NetworkCheck = "Fail"
	NetworkCheckUnknown NetworkCheck = "Unknown"
)


// +kubebuilder:validation:Enum=Pass;Fail;Unknown
// +kubebuilder:default=Unknown
// +optional
NetworkCheck NetworkCheck `json:"networkCheck,omitempty"`

[hardikdr]

IMO this would be a good candidate for the Conditions instead.

[xkonni]

replaced by a new one.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 8adeaacc-c958-4cd4-b486-035cb6f6933d

📥 Commits

Reviewing files that changed from the base of the PR and between 3c0c146 and 6f023cd.

⛔ Files ignored due to path filters (2)

• dist/chart/templates/crd/metal.ironcore.dev_servernetworkconfigs.yaml is excluded by !**/dist/**
• dist/chart/templates/rbac/role.yaml is excluded by !**/dist/**

📒 Files selected for processing (6)

• api/v1alpha1/servernetworkconfig_types.go
• api/v1alpha1/zz_generated.deepcopy.go
• config/crd/bases/metal.ironcore.dev_servernetworkconfigs.yaml
• config/rbac/role.yaml
• docs/api-reference/api.md
• internal/controller/server_controller.go

---

Walkthrough

This pull request introduces a new ServerNetworkConfig custom resource to validate server network interfaces against expected configurations. Changes include the Kubernetes API type definitions, generated deepcopy implementations, CRD manifest, RBAC permissions, API documentation, and controller logic that defers server state transition to Available until network validation succeeds.

Changes

Cohort / File(s)	Summary
API Type Definitions api/v1alpha1/servernetworkconfig_types.go	Introduces ServerNetworkConfig CRD with NetworkCheckPhase enum (Passed, Failed, Pending), ServerNetworkConfigSpec containing server reference and expected interfaces, ExpectedNetworkInterface with network details, and ServerNetworkConfigStatus tracking phase, messages, check time, and interface mismatches.
Generated Code api/v1alpha1/zz_generated.deepcopy.go	Auto-generated deepcopy methods for all new types (ExpectedNetworkInterface, NetworkInterfaceMismatch, ServerNetworkConfig, ServerNetworkConfigList, ServerNetworkConfigSpec, ServerNetworkConfigStatus) with proper nil guards and slice allocation.
CRD Manifest config/crd/bases/metal.ironcore.dev_servernetworkconfigs.yaml	Kubernetes CRD definition for namespaced ServerNetworkConfig resource with OpenAPI v3 schema covering spec (serverRef, interfaces) and status (phase, message, lastCheckTime, mismatches) fields, including printer columns and status subresource.
RBAC Configuration config/rbac/role.yaml	Updated ClusterRole manager-role to grant get, list, patch, update, watch permissions on servernetworkconfigs resource and get, patch, update on servernetworkconfigs/status subresource.
API Documentation docs/api-reference/api.md	Added API reference documentation for ServerNetworkConfig, ServerNetworkConfigSpec, ServerNetworkConfigStatus, ExpectedNetworkInterface, NetworkCheckPhase, and NetworkInterfaceMismatch with field descriptions and cross-references.
Controller Logic internal/controller/server_controller.go	Modified server reconciliation to defer Available state transition until network check passes. Added runNetworkCheck() to locate and validate ServerNetworkConfig against discovered LLDP interfaces, switchPortMatch() helper for normalized comparison, and enqueueServerByNetworkConfig() handler to reconcile servers when network configs change.

Sequence Diagram

sequenceDiagram
    participant Reconciler as Server Reconciler
    participant Server as Server Resource
    participant SNC as ServerNetworkConfig
    participant LLDP as Discovered Interfaces<br/>(Server.Status)
    
    Reconciler->>Server: Discover network interfaces via LLDP
    activate Server
    Server-->>Reconciler: Store discovered interfaces in Status
    deactivate Server
    
    Reconciler->>Reconciler: handleDiscoveryState() invoked
    Reconciler->>SNC: Lookup ServerNetworkConfig referencing this Server
    activate SNC
    SNC-->>Reconciler: Return ServerNetworkConfig with expected interfaces
    deactivate SNC
    
    Reconciler->>Reconciler: runNetworkCheck(): Compare expected vs discovered
    Reconciler->>LLDP: Retrieve discovered LLDP neighbors
    activate LLDP
    LLDP-->>Reconciler: Return interface list
    deactivate LLDP
    
    Reconciler->>Reconciler: switchPortMatch(): Normalize & compare<br/>expected vs actual switch/port
    
    alt Check passes (no mismatches)
        Reconciler->>SNC: Update Status (Phase=Passed, Mismatches=[])
        Reconciler->>Server: Transition to ServerStateAvailable
    else Check fails (mismatches found)
        Reconciler->>SNC: Update Status (Phase=Failed, Mismatches=[...])
        Reconciler->>Reconciler: Requeue reconciliation
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Suggested labels

size/L

Suggested reviewers

• stefanhipfel
• afritzler
• nagadeesh-nagaraja

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/networkCheck

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}