feat: Add Hyper-V sypport#1775
Conversation
|
Caution 🩺 Integration diagnosis — mode:
|
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
…_block and adjust test cases for new IP addresses
…tching and enhance variable description
| source = "windsorcli/hyperv" | ||
| version = "~> 0.2" | ||
| } | ||
| talos = { |
There was a problem hiding this comment.
Talos provider has no version constraint
Low Severity · terraform/cluster/talos/config/main.tf:36
The hyperv provider in the same block pins ~> 0.2, but talos carries no version field. The lock file currently captures 0.11.0, which is fine for everyday use. Running terraform init -upgrade or initializing a fresh workspace without the lock file will pull the latest available version, which could silently introduce breaking argument-shape changes if the upstream provider makes a major bump. Adding version = "~> 0.11" would keep the declared constraint aligned with the lock file entry.
| nat_internal_prefix: "${network.cidr_block ?? '10.5.0.0/16'}" | ||
| nat_prefix_length: "${split(network.cidr_block ?? '10.5.0.0/16', '/')[1]}" | ||
| nat_host_address: "${cidrhost(network.cidr_block ?? '10.5.0.0/16', 1)}" | ||
| bench_ip: "${(cluster.endpoint ?? '') != '' ? split(split(cluster.endpoint, '://')[1], ':')[0] : ''}" |
There was a problem hiding this comment.
bench_ip extraction fails for IPv6 cluster endpoints
Low Severity · contexts/_template/facets/platform-hyperv.yaml:109
The expression splits cluster.endpoint on :// then on : to extract the host portion. For an IPv4 endpoint like https://192.168.3.77:6443 this is correct, but for https://[::1]:6443 it returns [ (the first colon hit is inside the bracket). Port-forward rules written with [ as the external target would silently fail at the Windows netsh / Add-NetNatStaticMapping level. If IPv6 bench addresses are out of scope for this target, noting it in the cluster.endpoint schema description would prevent silent misconfiguration when someone tries it.
1 participant
Note
Medium Risk
Introduces a new platform target and modifies a shared kustomize patch; the
externalTrafficPolicy: Clusterchange affects all existing NodePort deployments and has been accepted by the author as a known trade-off.Overview
This PR introduces Hyper-V as a first-class Windsor platform, delivering a
platform-hypervfacet, acompute/hypervTerraform module, and a newcluster/talos/configmodule that generates per-node Talos machineconfigs and wraps them into CIDATA seed ISOs for VM boot-time delivery. It extendscluster/talosto accept pre-generated secrets so the CIDATA path and the cluster bootstrap step share the same CA, eliminating a redundant machineconfig apply on the Hyper-V path.The most recent commit resolves the earlier NIC-naming fragility by changing
var.network.interfaceincluster/talos/configto default to thee*glob, which covers botheth0andenX0naming conventions across Talos versions. Amovedblock incluster/talos/main.tfensures state continuity when the newvar.machine_secretscount gate is introduced to existing non-Hyper-V deployments. Two low-severity findings remain open: thetalosprovider incluster/talos/configlacks a version constraint (the lock file covers normal use, butinit -upgradewithout it would pull latest), andbench_ipextraction uses colon-splitting that silently breaks for IPv6 cluster endpoints.Test coverage is solid: both Terraform modules ship
tftest.hclsuites and the facet has a.test.yamlcovering the main topology combinations including NodePort multi-VM, custom CIDR, and gitops pull-mode variants.Reviewed by Claude for commit
887a8a4.