fix(preflight): check storage containers on all failure domains (#1215)

thunderboltsid · web-flow · commit e6aaf8df275f · 2025-07-17T13:13:53.000-07:00
If control plane or a machine deployment uses failure domains, use the
cluster from the failure domain instead of machine details.

**How has this been tested?**

1. Misconfigured storage container (doesn't actually exist) on cluster
in machine details or on cluster in failure domain (e.g.
`ncn-dev-sandbox-gpu` doesn't have `k8s` storage container)
2. Create failure domain
```
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: NutanixFailureDomain
metadata:
  name: fd-2
  namespace: default
spec:
  prismElementCluster:
    type: name
    name: ncn-dev-sandbox-gpu
  subnets:
    - type: name
      name: subnet-2
```
3. Create a cluster
```
apiVersion: cluster.x-k8s.io/v1beta1
kind: Cluster
metadata:
  ...
spec:
  ...
  topology:
    class: nutanix-quick-start
    controlPlane:
      metadata: {}
      replicas: 3
    variables:
    ...
    - name: workerConfig
      value:
        nutanix:
          machineDetails:
            bootType: uefi
            cluster:
              name: ncn-dev-sandbox-gpu
              type: name
            imageLookup:
              baseOS: rocky-9.6
              format: nkp-{{.BaseOS}}-release-{{.K8sVersion}}-*
            memorySize: 4Gi
            subnets:
            - name: vlan173
              type: name
            systemDiskSize: 40Gi
            vcpuSockets: 2
            vcpusPerSocket: 1
    version: 1.33.1
    workers:
      machineDeployments:
      - class: default-worker
        name: md-variable-override
        variables:
          overrides:
          - name: workerConfig
            value:
              nutanix:
                machineDetails:
                  ...
                  cluster:
                    name: ncn-dev-sandbox-gpu
                    type: name
      - class: default-worker
        failureDomain: fd-2
        name: md-variable-override-failure-domain
        variables:
          overrides:
          - name: workerConfig
            value:
              nutanix:
                machineDetails:
                  ...
                  cluster:
                    name: ncn-dev-sandbox-gpu
                    type: name
```
4. Observe pre-flight failure on 2 machine deployments
```
The request is invalid: 
* $.spec.topology.workers.machineDeployments[?@.name=="md-variable-override-failure-domain"].failureDomain: Found no Storage Containers with name "k8s" on Cluster "ncn-dev-sandbox-gpu". Create a Storage Container with this name on Cluster "ncn-dev-sandbox-gpu", and then retry.
* $.spec.topology.workers.machineDeployments[?@.name=="md-variable-override"].variables[?@.name=workerConfig].value.nutanix.machineDetails: Found no Storage Containers with name "k8s" on Cluster "ncn-dev-sandbox-gpu". Create a Storage Container with this name on Cluster "ncn-dev-sandbox-gpu", and then retry.
```
diff --git a/pkg/webhook/preflight/nutanix/clients_test.go b/pkg/webhook/preflight/nutanix/clients_test.go
@@ -9,6 +9,7 @@ import (
 	clustermgmtv4 "github.com/nutanix/ntnx-api-golang-clients/clustermgmt-go-client/v4/models/clustermgmt/v4/config"
 	netv4 "github.com/nutanix/ntnx-api-golang-clients/networking-go-client/v4/models/networking/v4/config"
 	vmmv4 "github.com/nutanix/ntnx-api-golang-clients/vmm-go-client/v4/models/vmm/v4/content"
+	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
 
 	prismv3 "github.com/nutanix-cloud-native/prism-go-client/v3"
 )
@@ -72,6 +73,30 @@ type mocknclient struct {
 	) (*netv4.ListSubnetsApiResponse, error)
 }
 
+type mockKubeClient struct {
+	ctrlclient.Client
+	SubResourceClient ctrlclient.SubResourceClient
+	getFunc           func(
+		ctx context.Context,
+		key ctrlclient.ObjectKey,
+		obj ctrlclient.Object,
+		opts ...ctrlclient.GetOption,
+	) error
+}
+
+func (m *mockKubeClient) Get(
+	ctx context.Context,
+	key ctrlclient.ObjectKey,
+	obj ctrlclient.Object,
+	opts ...ctrlclient.GetOption,
+) error {
+	return m.getFunc(ctx, key, obj, opts...)
+}
+
+func (m *mockKubeClient) SubResource(subResource string) ctrlclient.SubResourceClient {
+	return m.SubResourceClient
+}
+
 func (m *mocknclient) GetCurrentLoggedInUser(ctx context.Context) (*prismv3.UserIntentResponse, error) {
 	return m.user, m.err
 }
diff --git a/pkg/webhook/preflight/nutanix/storagecontainer.go b/pkg/webhook/preflight/nutanix/storagecontainer.go
@@ -9,8 +9,10 @@ import (
 	"sync"
 
 	clustermgmtv4 "github.com/nutanix/ntnx-api-golang-clients/clustermgmt-go-client/v4/models/clustermgmt/v4/config"
+	"k8s.io/apimachinery/pkg/api/errors"
+	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
 
-	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/external/github.com/nutanix-cloud-native/cluster-api-provider-nutanix/api/v1beta1"
+	capxv1 "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/external/github.com/nutanix-cloud-native/cluster-api-provider-nutanix/api/v1beta1"
 	carenv1 "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/v1alpha1"
 	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/webhook/preflight"
 )
@@ -20,10 +22,16 @@ const (
 )
 
 type storageContainerCheck struct {
+	// machineSpec is used for cluster identifier when no failure domain is configured
 	machineSpec *carenv1.NutanixMachineDetails
-	field       string
-	csiSpec     *carenv1.CSIProvider
-	nclient     client
+	// failureDomainName is used for cluster identifier when failure domain is configured
+	failureDomainName string
+	namespace         string
+	kclient           ctrlclient.Client
+	// Common fields
+	field   string
+	csiSpec *carenv1.CSIProvider
+	nclient client
 }
 
 func (c *storageContainerCheck) Name() string {
@@ -45,7 +53,40 @@ func (c *storageContainerCheck) Run(ctx context.Context) preflight.CheckResult {
 		return result
 	}
 
-	clusterIdentifier := &c.machineSpec.Cluster
+	// Get cluster identifier based on whether failure domain is configured
+	var clusterIdentifier *capxv1.NutanixResourceIdentifier
+	var err error
+
+	if c.failureDomainName != "" {
+		// Get cluster identifier from failure domain
+		clusterIdentifier, err = c.getClusterIdentifierFromFailureDomain(ctx)
+		if err != nil {
+			result.Allowed = false
+			if errors.IsNotFound(err) {
+				result.Causes = append(result.Causes, preflight.Cause{
+					Message: fmt.Sprintf(
+						"NutanixFailureDomain %q referenced in cluster was not found in the management cluster. Please create it and retry.", //nolint:lll // Message is long.
+						c.failureDomainName,
+					),
+					Field: c.field,
+				})
+			} else {
+				result.InternalError = true
+				result.Causes = append(result.Causes, preflight.Cause{
+					Message: fmt.Sprintf(
+						"Failed to get cluster identifier from NutanixFailureDomain %q: %v This is usually a temporary error. Please retry.", //nolint:lll // Message is long.
+						c.failureDomainName,
+						err,
+					),
+					Field: c.field,
+				})
+			}
+			return result
+		}
+	} else {
+		// Use cluster identifier from machine spec
+		clusterIdentifier = &c.machineSpec.Cluster
+	}
 
 	// To avoid unnecessary API calls, we delay the retrieval of clusters until we actually
 	// need to check for storage containers.
@@ -151,6 +192,19 @@ func (c *storageContainerCheck) Run(ctx context.Context) preflight.CheckResult {
 	return result
 }
 
+// getClusterIdentifierFromFailureDomain fetches the failure domain and returns the cluster identifier.
+func (c *storageContainerCheck) getClusterIdentifierFromFailureDomain(
+	ctx context.Context,
+) (*capxv1.NutanixResourceIdentifier, error) {
+	fdObj := &capxv1.NutanixFailureDomain{}
+	fdKey := ctrlclient.ObjectKey{Name: c.failureDomainName, Namespace: c.namespace}
+	if err := c.kclient.Get(ctx, fdKey, fdObj); err != nil {
+		return nil, err
+	}
+
+	return &fdObj.Spec.PrismElementCluster, nil
+}
+
 func newStorageContainerChecks(cd *checkDependencies) []preflight.Check {
 	checks := []preflight.Check{}
 
@@ -168,14 +222,29 @@ func newStorageContainerChecks(cd *checkDependencies) []preflight.Check {
 	if cd.nutanixClusterConfigSpec != nil &&
 		cd.nutanixClusterConfigSpec.ControlPlane != nil &&
 		cd.nutanixClusterConfigSpec.ControlPlane.Nutanix != nil {
-		// Skip the check if failureDomains are configured
-		if len(cd.nutanixClusterConfigSpec.ControlPlane.Nutanix.FailureDomains) > 0 {
-			cd.log.V(5).
-				Info("Skip preflight check NutanixStorageContainer for controlPlane with failureDomains configured.")
+		controlPlaneNutanix := cd.nutanixClusterConfigSpec.ControlPlane.Nutanix
+
+		// Check if failureDomains are configured for control plane
+		if len(controlPlaneNutanix.FailureDomains) > 0 && cd.cluster != nil && cd.kclient != nil {
+			// Create a check for each failure domain
+			for _, fdName := range controlPlaneNutanix.FailureDomains {
+				if fdName != "" {
+					checks = append(checks,
+						&storageContainerCheck{
+							failureDomainName: fdName,
+							namespace:         cd.cluster.Namespace,
+							kclient:           cd.kclient,
+							field:             "$.spec.topology.variables[?@.name==\"clusterConfig\"].value.controlPlane.nutanix.failureDomains", //nolint:lll // The field is long.
+							csiSpec:           &cd.nutanixClusterConfigSpec.Addons.CSI.Providers.NutanixCSI,
+							nclient:           cd.nclient,
+						},
+					)
+				}
+			}
 		} else {
 			checks = append(checks,
 				&storageContainerCheck{
-					machineSpec: &cd.nutanixClusterConfigSpec.ControlPlane.Nutanix.MachineDetails,
+					machineSpec: &controlPlaneNutanix.MachineDetails,
 					field:       "$.spec.topology.variables[?@.name==\"clusterConfig\"].value.controlPlane.nutanix.machineDetails",
 					csiSpec:     &cd.nutanixClusterConfigSpec.Addons.CSI.Providers.NutanixCSI,
 					nclient:     cd.nclient,
@@ -186,27 +255,41 @@ func newStorageContainerChecks(cd *checkDependencies) []preflight.Check {
 
 	for mdName, nutanixWorkerNodeConfigSpec := range cd.nutanixWorkerNodeConfigSpecByMachineDeploymentName {
 		if nutanixWorkerNodeConfigSpec.Nutanix != nil {
-			// Skip the check if failureDomain is configured
-			if fdName, ok := cd.failureDomainByMachineDeploymentName[mdName]; ok {
-				cd.log.V(5).Info(
-					"Skip preflight check NutanixStorageContainer for machineDeployment with failureDomain configured.",
-					"machineDeployment", mdName, "failureDomain", fdName,
+			// Check if failureDomain is configured for this machine deployment
+			if fdName, ok := cd.failureDomainByMachineDeploymentName[mdName]; ok &&
+				fdName != "" &&
+				cd.cluster != nil &&
+				cd.kclient != nil {
+				// Use failure domain for cluster information
+				checks = append(checks,
+					&storageContainerCheck{
+						failureDomainName: fdName,
+						namespace:         cd.cluster.Namespace,
+						kclient:           cd.kclient,
+
+						field: fmt.Sprintf(
+							"$.spec.topology.workers.machineDeployments[?@.name==%q].failureDomain",
+							mdName,
+						),
+						csiSpec: &cd.nutanixClusterConfigSpec.Addons.CSI.Providers.NutanixCSI,
+						nclient: cd.nclient,
+					},
+				)
+			} else {
+				// Use machine details for cluster information
+				checks = append(checks,
+					&storageContainerCheck{
+						machineSpec: &nutanixWorkerNodeConfigSpec.Nutanix.MachineDetails,
+						//nolint:lll // The field is long.
+						field: fmt.Sprintf(
+							"$.spec.topology.workers.machineDeployments[?@.name==%q].variables[?@.name=workerConfig].value.nutanix.machineDetails",
+							mdName,
+						),
+						csiSpec: &cd.nutanixClusterConfigSpec.Addons.CSI.Providers.NutanixCSI,
+						nclient: cd.nclient,
+					},
 				)
-				continue
 			}
-
-			checks = append(checks,
-				&storageContainerCheck{
-					machineSpec: &nutanixWorkerNodeConfigSpec.Nutanix.MachineDetails,
-					//nolint:lll // The field is long.
-					field: fmt.Sprintf(
-						"$.spec.topology.workers.machineDeployments[?@.name==%q].variables[?@.name=workerConfig].value.nutanix.machineDetails",
-						mdName,
-					),
-					csiSpec: &cd.nutanixClusterConfigSpec.Addons.CSI.Providers.NutanixCSI,
-					nclient: cd.nclient,
-				},
-			)
 		}
 	}
 
@@ -236,7 +319,7 @@ func getStorageContainers(
 
 func getClusters(
 	client client,
-	clusterIdentifier *v1beta1.NutanixResourceIdentifier,
+	clusterIdentifier *capxv1.NutanixResourceIdentifier,
 ) ([]clustermgmtv4.Cluster, error) {
 	switch {
 	case clusterIdentifier.IsUUID():
diff --git a/pkg/webhook/preflight/nutanix/storagecontainer_test.go b/pkg/webhook/preflight/nutanix/storagecontainer_test.go
