fix(preflight): sanitize kubernetes version for image name preflight check (#1198)

thunderboltsid · web-flow · commit 5b01c5af96be · 2025-07-07T12:11:42.000+02:00
kubernetes version can include extraneous values other than
major.minor.patch. e.g. "1.33.1+fips.0".

While our image builder conventions include kubernetes major, minor, and
patch versions in the image name, they don't include extraneous info as
part of kubernetes version. To ensure our check only matches the right
parts of the image name, we sanitize the kubernetes version before doing
a substring match.
diff --git a/pkg/webhook/preflight/nutanix/imagekubernetesversioncheck.go b/pkg/webhook/preflight/nutanix/imagekubernetesversioncheck.go
@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"strings"
 
+	"github.com/blang/semver/v4"
 	vmmv4 "github.com/nutanix/ntnx-api-golang-clients/vmm-go-client/v4/models/vmm/v4/content"
 
 	carenv1 "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/v1alpha1"
@@ -81,7 +82,15 @@ func (c *imageKubernetesVersionCheck) checkKubernetesVersion(image *vmmv4.Image)
 		return fmt.Errorf("VM image name is empty")
 	}
 
-	if !strings.Contains(imageName, c.clusterK8sVersion) {
+	parsedVersion, err := semver.Parse(c.clusterK8sVersion)
+	if err != nil {
+		return fmt.Errorf("failed to parse kubernetes version '%s': %v", c.clusterK8sVersion, err)
+	}
+
+	// For example, "1.33.1+fips.0" becomes "1.33.1".
+	k8sVersion := parsedVersion.FinalizeVersion()
+
+	if !strings.Contains(imageName, k8sVersion) {
 		return fmt.Errorf(
 			"cluster kubernetes version '%s' is not part of image name '%s'",
 			c.clusterK8sVersion,
diff --git a/pkg/webhook/preflight/nutanix/imagekubernetesversioncheck_test.go b/pkg/webhook/preflight/nutanix/imagekubernetesversioncheck_test.go
@@ -85,6 +85,31 @@ func TestVMImageCheckWithKubernetesVersion(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "kubernetes version with build metadata matches",
+			nclient: &mocknclient{
+				getImageByIdFunc: func(uuid *string) (*vmmv4.GetImageApiResponse, error) {
+					resp := &vmmv4.GetImageApiResponse{}
+					err := resp.SetData(vmmv4.Image{
+						ObjectType_: ptr.To("vmm.v4.content.Image"),
+						ExtId:       ptr.To("test-uuid"),
+						Name:        ptr.To("kubedistro-rhel-8.10-release-fips-1.33.1-20250704023459"),
+					})
+					require.NoError(t, err)
+					return resp, nil
+				},
+			},
+			machineDetails: &carenv1.NutanixMachineDetails{
+				Image: &capxv1.NutanixResourceIdentifier{
+					Type: capxv1.NutanixIdentifierUUID,
+					UUID: ptr.To("test-uuid"),
+				},
+			},
+			clusterK8sVersion: "1.33.1+fips.0",
+			want: preflight.CheckResult{
+				Allowed: true,
+			},
+		},
 		{
 			name: "custom image name - extraction fails",
 			nclient: &mocknclient{
@@ -117,6 +142,38 @@ func TestVMImageCheckWithKubernetesVersion(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "invalid kubernetes version",
+			nclient: &mocknclient{
+				getImageByIdFunc: func(uuid *string) (*vmmv4.GetImageApiResponse, error) {
+					resp := &vmmv4.GetImageApiResponse{}
+					err := resp.SetData(vmmv4.Image{
+						ObjectType_: ptr.To("vmm.v4.content.Image"),
+						ExtId:       ptr.To("test-uuid"),
+						Name:        ptr.To("kubedistro-rhel-8.10-release-fips-1.33.1-20250704023459"),
+					})
+					require.NoError(t, err)
+					return resp, nil
+				},
+			},
+			machineDetails: &carenv1.NutanixMachineDetails{
+				Image: &capxv1.NutanixResourceIdentifier{
+					Type: capxv1.NutanixIdentifierUUID,
+					UUID: ptr.To("test-uuid"),
+				},
+			},
+			clusterK8sVersion: "invalid.version",
+			want: preflight.CheckResult{
+				Allowed:       false,
+				InternalError: false,
+				Causes: []preflight.Cause{
+					{
+						Message: "failed to parse kubernetes version 'invalid.version': No Major.Minor.Patch elements found",
+						Field:   "test-field",
+					},
+				},
+			},
+		},
 		{
 			name: "empty image name",
 			nclient: &mocknclient{
