feat: [LKEAPIFW-428] LKE clusters should have IP ACL integration on CM (part 1)

[talmai]

Description 📝

Enables creation of LKE clusters with IP ACLS; enables updates of already migrated clusters

Changes 🔄

• Adds new UI components
• adds respective library calls
• some style cleanup

*** tests will be in separate PRs: #11131 and #11132

Target release date 🗓️

Oct 28th release

Preview 📷

Cluster creation:

Cluster summary:

IPACL enabled	IPACL not enabled

New IPACL Drawer:

Cluster migrated (IPACL enabled/not enabled)	Cluster not yet migrated

How to test 🧪

Spin up this branch, update to reach alpha's apinext backend. Once all set, attempt to create new clusters with ipacls and then update them.

For release testing: you should also be able to create clusters in the prod env, but for creating clusters without IPACL, see Talmai's comment (and use the prod env)

Prerequisites

See how to test

Verification steps

• Create a Cluster with IPACL enabled (toggled on). Confirm button on summary page lists number of IPs added
• Create a Cluster with IPACL disabled (toggled off). Confirm button on summary page says 'Enable'. If you added any IPs, confirm they show up in the drawer
• Create a Cluster that does not have IPACL. Confirm button on summary page says 'Enable' (it will take several seconds to load) and that drawer matches the screenshot for 'Cluster not yet migrated'. Update/toggle IPACL, confirm flow now follows a cluster with IPACL enabled
  • See Talmai's comment for how to create these clusters. I'v also just been creating clusters on alpha (but not on this branch/using the develop branch), and then going back to this branch
  • general spotcheck of Kubernetes with both the APL flag on and off

As an Author I have considered 🤔

Check all that apply

• ✅ 👀 Doing a self review
• ✅ ❔ Our contribution guidelines
• ✅ 🤏 Splitting feature into small PRs
• [NO see comment] ➕ Adding a changeset
• [NO ] 🧪 Providing/Improving test coverage
• ✅ 🔐 Removing all sensitive information from the code and PR description
• [NO] 🚩 Using a feature flag to protect the release
• ✅ 👣 Providing comprehensive reproduction steps
• [NO] 📑 Providing or updating our documentation
• [NO] 🕛 Scheduling a pair reviewing session
• [N/A] 📱 Providing mobile support
• [N/A] ♿ Providing accessibility support

[jcallahan-akamai]

Thanks for the contribution @talmai. Would you please move this to Draft until it's ready to be reviewed?

[talmai]

Can someone help me get the changeset together? I keep hitting the following error:

toliveir@bos-mpdj0 manager % yarn changeset
yarn run v1.22.22
$ node scripts/changelog/changeset.mjs

======================================================

Failed to get pull request number.
Please open a pull request for the current branch and let's try this again!

➔ Error: Pull request number not found.

======================================================

error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
toliveir@bos-mpdj0 manager % yarn changeset
yarn run v1.22.22
$ node scripts/changelog/changeset.mjs

======================================================

Failed to get pull request number.
Please open a pull request for the current branch and let's try this again!

➔ Error: Pull request number not found.

======================================================

error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.

[coliu-akamai]

Just pushed up a changeset! (I had to run the gh repo set-default command and set linode/manager as the default repo - not sure what could have caused this)
edit: forgot one for the api-v4 package, so just pushed up another changeset for that too

Giving a quick glance over the files - seems like there are a few new components and flows. Will there be test coverage added later/is there a ticket for it already?

[github-actions]

Coverage Report: ❌
Base Coverage: 87.08%
Current Coverage: 87.01%

[jdamore-linode]

Hi @talmai! I'm seeing a test has failed repeatedly in lke-create.spec.ts against this branch. Would you mind taking a quick look? We can disregard if it's unrelated to your PRs changes.

yarn && yarn build && yarn start:manager:ci, then in another console:

yarn cy:run -s "cypress/e2e/core/kubernetes/lke-create.spec.ts"

(You might have to follow our Cypress first time setup docs, but feel free to reach out on Slack if you have any questions or run into any trouble)

[coliu-akamai]

Thanks Talmai! Overall this is looking really solid! 🎉
Will also reach out to Daniel to set up a UX review

✅ Tested the following flows so far:

• Creating LKE clusters with only IPv4 IPs, only IPv6s, both, and having IP ACL disabled (and then later enabled via drawer)
• Validation/API error handling for nonsense IPs for both the create flow and the drawer
• Adding/updating/removing IPs in the drawer
• Enabling/disabling IP ACL in the drawer

Still need to go through the code, had a few questions/comments with what I tested:

• Should there be error handling for when I enter the same IP twice? This will say two IP addresses in the cluster summary's IPACL section, but the IPs are the same:

• There's some extra spacing at the bottom of the HA Control Plane on the Create flow now (in comparison to the top of the section):

• On prod, because there's no IP ACL section yet, there's an extra divider:

• in the drawer, the API error appears in the IP section but in the create flow, the error appears at the top of the page - wondering if there should be consistency? (and wondering how other pages/drawers handle this - will need to check)

• In the Create flow: if I type a bad IP, then flip off the Enable IPACL toggle, and try to create a cluster, the bad IP will still get sent to the backend and trigger an error - wondering if toggling off 'Enable ACL' should clear the IPs that might still exist there

[bnussman-akamai]

Looking good! Let me know when you need a final review!

[bnussman-akamai]

Good callout. Nice job using validation here. Looks clean and seems to work work well with react hook form

[bnussman-akamai]

This poor form 😭

It really needs the react-hook-form treatment.

This looks good for now, but hopefully we can find some time in the future to refactor this page.

[bnussman-akamai]

I do wonder if it would make sense to just not use MultipleIPInput at all for cases like this (in the future. we can leave it for now unless you want to do more work 😅 ). I do think abstractions are good, but I feel like building the same thing without the abstraction is also fine. MultipeIPInput just seems a bit rigid and doesn't enable us to be as flexible. For example, I wonder if react-hook-form's useFieldArray could be used for the IPs (similar to packages/manager/src/features/Linodes/LinodeCreate/VPC/VPCRanges.tsx) if we weren't locked into using MultipleIPInput .

Most of that is me thing thinking out-loud, but what you did here seems fair to me.

[coliu-akamai]

😅 I'm gonna leave as is for now since I still need to finish the e2e tests, but will hopefully revisit this down the line! Maybe this could be part of the work for transitioning ClusterCreate to react-hook-form, since that also uses MultipleIPInput

update: [M3-8777]

[abailly-akamai]

@coliu-akamai Fantastic job taking over a large PR that should have been broken down in the first place. Should have been flagged right away and rejected in its current shape. It's really hard to digest and ended up taking far more time it would have taken to make several small PRs.

I am going to spend some extra time with the UI in the coming days but so far I have not caught any issue with the UI & functionality. Left some minor comments and will get back to this, with fresh eyes a bit later.

[abailly-akamai]

It seems quite unusual for the API to introduce a hyphened id property. It doesn't usually play very well with downstream consumers...

[abailly-akamai]

can we just pass SX ?

[abailly-akamai]

see my comment above.. not this PR's fault, but... why

[coliu-akamai]

@abailly-akamai

• double checked regarding the drawer - we're wanting to allow people to update IPs and tag it with a revision ID independent of enabling ACL
• created internal ticket for LKE summary mobile/smaller views! [M3-8764]

[abailly-akamai]

This is looking great on my end - I did not find functionality issues after the second pass, tho I may still miss some context on the feature as a whole. Thanks for taking this to the finish line @coliu-akamai

[cypress]

Cloud Manager E2E    Run #6715

Run Properties:   Passed #6715  •  8b9d956cb1: feat: [LKEAPIFW-428] LKE clusters should have IP ACL integration on CM (part 1) ...

Project	Cloud Manager E2E
Branch Review	develop
Run status	Passed #6715
Run duration	29m 04s
Commit	8b9d956cb1: feat: [LKEAPIFW-428] LKE clusters should have IP ACL integration on CM (part 1) ...
Committer	Talmai Oliveira
View all properties for this run ↗︎

---

Test results
Failures	0
Flaky	5
Pending	2
Skipped	0
Passing	438
View all changes introduced in this branch ↗︎

[j-zimnowoda]

@talmai , why this was removed ?

[coliu-akamai]

we consolidated the logic for this query with the already existing kubernetesClusterQuery so that we'd only need one query key. The functionality should still exist, it's just been moved. Apologies if this caused any confusion!

see here for reasoning/discussion for the change, and here for the file changes (lines 112-118)