NO-JIRA: fix KubeVirtAdvancedMultinetTest IPv6 and apk errors

[qinqon]

What this PR does / why we need it:

Fixes two bugs in KubeVirtAdvancedMultinetTest that cause the e2e test to fail:

1. apk on UBI9 image: configureDNAT() ran apk update && apk add iptables but the dnsmasq pod uses registry.access.redhat.com/ubi9/ubi:latest (a dnf-based image). Since the pod's init script already runs dnf install -y iptables, the apk commands are both wrong and unnecessary.

2. IPv6 address passed to iptables: firstMachineAddress() iterated over all InternalIP addresses and kept the last one, which could be an IPv6 link-local address (e.g. fe80::...). This address was then used in an iptables (IPv4-only) DNAT rule, causing Bad IP address errors.

Which issue(s) this PR fixes:

Fixes the KubeVirtNodeAdvancedMultinetTest failure in pull-ci-openshift-cluster-api-provider-kubevirt-main-e2e-hypershift-kubevirt

Special notes for your reviewer:

The two fixes are:

• Remove the apk lines from configureDNAT() — iptables is already installed by the pod's init command
• Filter for IPv4 addresses in firstMachineAddress() using net.ParseIP and ip.To4(), and break on first match

Checklist:

• Subject and description added to both, commit and PR.
• Relevant issues have been referenced.
• This change includes docs.
• This change includes unit tests.

Summary by CodeRabbit

• Tests
  • Improved IPv4 validation and stricter selection of machine internal addresses in network tests.
  • Consolidated network configuration steps to use a single command for DNAT setup.
  • Clarified error messaging for missing IPv4 internal addresses.

[openshift-ci-robot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

[coderabbitai]

Walkthrough

Modifies an e2e test to enforce IPv4-only internal address selection (using net.ParseIP and To4), updates error messaging for missing IPv4 internal addresses, and replaces a multi-step iptables/apk setup with a single iptables command invocation.

Changes

Cohort / File(s)	Summary
Test Enhancement test/e2e/nodepool_kv_advanced_multinet_test.go	Adds net import; restricts machine address selection to InternalIP IPv4 addresses using net.ParseIP and To4(); updates error text to "missing IPv4 internal address at kubevirt machine"; consolidates DNAT setup into a single iptables command, removing prior apk/iptables install steps.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Test Structure And Quality	⚠️ Warning	Test violates single responsibility by testing multiple unrelated behaviors, lacks meaningful failure messages on assertions, and performs unprotected API operations without timeout handling or eventual consistency patterns.	Refactor Run method to wrap API operations in e2eutil.EventuallyObject calls with descriptive messages, add meaningful failure messages to assertions, and ensure consistency with established KubeVirtMultinetTest patterns.
Stable And Deterministic Test Names	❓ Inconclusive	The test file test/e2e/nodepool_kv_advanced_multinet_test.go cannot be located in the repository to verify test naming conventions.	Verify the file exists and is accessible, then review all test titles to ensure they contain only static descriptive strings without dynamic values like IP addresses, node names, or timestamps.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Title check	✅ Passed	The title clearly identifies the test being fixed (KubeVirtAdvancedMultinetTest) and the two main issues resolved (IPv6 and apk errors), aligning with the PR's primary objectives.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@test/e2e/nodepool_kv_advanced_multinet_test.go`:
- Around line 277-284: The code currently checks IPv4 via ip.To4() but assigns
the original address.Address which may be an IPv4-mapped IPv6 string; change the
assignment to use the canonical dotted-decimal form from the parsed IP: set
internalAddress = ip.To4().String() (after the ip :=
net.ParseIP(address.Address) and ip.To4() != nil check) so iptables receives a
proper IPv4 address.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: c6bfb184-b202-4d6d-a963-f14f23273511

📥 Commits

Reviewing files that changed from the base of the PR and between a908993 and b0385bb.

📒 Files selected for processing (1)

• test/e2e/nodepool_kv_advanced_multinet_test.go

[nunnatsa]

/lgtm

[openshift-ci-robot]

Scheduling tests matching the pipeline_run_if_changed or not excluded by pipeline_skip_if_only_changed parameters:
/test e2e-aks-4-21
/test e2e-aws-4-21
/test e2e-aks
/test e2e-aws
/test e2e-aws-upgrade-hypershift-operator
/test e2e-kubevirt-aws-ovn-reduced
/test e2e-v2-aws

[qinqon]

/approve

[nunnatsa]

/lgtm

[openshift-ci-robot]

Scheduling tests matching the pipeline_run_if_changed or not excluded by pipeline_skip_if_only_changed parameters:
/test e2e-aks-4-21
/test e2e-aws-4-21
/test e2e-aks
/test e2e-aws
/test e2e-aws-upgrade-hypershift-operator
/test e2e-kubevirt-aws-ovn-reduced
/test e2e-v2-aws

[jparrill]

/verified by e2e

[openshift-ci-robot]

@jparrill: This PR has been marked as verified by e2e.

Details

In response to this:

/verified by e2e

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[jparrill]

/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jparrill, nunnatsa, qinqon

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [jparrill]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@qinqon: This pull request explicitly references no jira issue.

Details

In response to this:

What this PR does / why we need it:

Fixes two bugs in KubeVirtAdvancedMultinetTest that cause the e2e test to fail:

1. apk on UBI9 image: configureDNAT() ran apk update && apk add iptables but the dnsmasq pod uses registry.access.redhat.com/ubi9/ubi:latest (a dnf-based image). Since the pod's init script already runs dnf install -y iptables, the apk commands are both wrong and unnecessary.

2. IPv6 address passed to iptables: firstMachineAddress() iterated over all InternalIP addresses and kept the last one, which could be an IPv6 link-local address (e.g. fe80::...). This address was then used in an iptables (IPv4-only) DNAT rule, causing Bad IP address errors.

Which issue(s) this PR fixes:

Fixes the KubeVirtNodeAdvancedMultinetTest failure in pull-ci-openshift-cluster-api-provider-kubevirt-main-e2e-hypershift-kubevirt

Special notes for your reviewer:

The two fixes are:

• Remove the apk lines from configureDNAT() — iptables is already installed by the pod's init command
• Filter for IPv4 addresses in firstMachineAddress() using net.ParseIP and ip.To4(), and break on first match

Checklist:

• Subject and description added to both, commit and PR.
• Relevant issues have been referenced.
• This change includes docs.
• This change includes unit tests.

Summary by CodeRabbit

• Tests
• Improved IPv4 validation and stricter selection of machine internal addresses in network tests.
• Consolidated network configuration steps to use a single command for DNAT setup.
• Clarified error messaging for missing IPv4 internal addresses.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[qinqon]

/retest-required

[cwbotbot]

Test Results

e2e-aws

• Status: ✅ PASS
• Started: 2026-03-06T20:54:05Z
• View Job
• View Job History

e2e-aks

• Status: ✅ PASS
• Started: 2026-03-05T13:58:56Z
• View Job
• View Job History

[qinqon]

/retest-required

[nunnatsa]

/retest-required

[nunnatsa]

/retest-required

[nunnatsa]

/retest-required

[nunnatsa]

/retest-required

[nunnatsa]

/retest-required

[nunnatsa]

/retest-required

[nunnatsa]

/retest-required

[openshift-ci]

@qinqon: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.