From f6345baf15f1614fa899f927d859667ca1d4d7a3 Mon Sep 17 00:00:00 2001
From: Teddy Andrieux <teddy.andrieux@scality.com>
Date: Tue, 14 Sep 2021 09:11:34 +0200
Subject: [PATCH] salt: Ensure we do not have multi cidr for Control Plane with
 MetalLB

Today we do not support multiple subnets for the Control Plane
network when MetalLB is enabled, so this commit check that it's
not the case

See: #3502
---
 CHANGELOG.md             |  6 ++++++
 salt/_pillar/metalk8s.py | 19 ++++++++++++-------
 2 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 740b23ae65..e87dc9ebf7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,12 @@
 - Fix UI issues in multi nodes environment when a node
   is unavailable (PR[#3521](https://github.com/scality/metalk8s/pull/3521))
 
+## Bug fixes
+
+- Enforce a single subnet for control plane when using a
+  MetalLB-managed VIP for Ingress
+  (PR [#3533](https://github.com/scality/metalk8s/pull/3533))
+
 ## Release 2.10.2
 ### Bug fixes
 - Fix the link to documentation from the UI navigation bar
diff --git a/salt/_pillar/metalk8s.py b/salt/_pillar/metalk8s.py
index b70d877f6a..303029564a 100644
--- a/salt/_pillar/metalk8s.py
+++ b/salt/_pillar/metalk8s.py
@@ -94,13 +94,18 @@ def _load_networks(config_data):
     # MetalLB disabled by default
     networks_data["controlPlane"].setdefault("metalLB", {}).setdefault("enabled", False)
 
-    if networks_data["controlPlane"]["metalLB"]["enabled"] and not networks_data[
-        "controlPlane"
-    ].get("ingress", {}).get("ip"):
-        errors.append(
-            "'ip' for 'ingress' in 'controlPlane' network is mandatory when 'metalLB'"
-            "is enabled"
-        )
+    if networks_data["controlPlane"]["metalLB"]["enabled"]:
+        if not networks_data["controlPlane"].get("ingress", {}).get("ip"):
+            errors.append(
+                "'ip' for 'ingress' in 'controlPlane' network is mandatory when "
+                "'metalLB' is enabled"
+            )
+        if len(networks_data["controlPlane"]["cidr"]) > 1:
+            errors.append(
+                "Enabling 'metalLB' requires a single 'cidr' in "
+                "'controlPlane' network, see "
+                "https://github.com/scality/metalk8s/issues/3502"
+            )
 
     if errors:
         return __utils__["pillar_utils.errors_to_dict"](errors)