issue-217: TFTP to network operator

[elinalin]

issue ticket: https://github.wdf.sap.corp/sap-cloud-infrastructure/neutron-issues/issues/217

Summary

• Add inline, read-only TFTP handling in the operator process.
• Serve Device.spec.provisioning.bootScript for valid requests; reject invalid requests in verify mode.
• Support optional --verify-tftp-client with serial + source IP checks.
• Keep Device IP/serial labels for lookup, while only setting labels when missing.

Key changes

• TFTP server implementation: internal/tftp/server.go
• Manager wiring/flags: cmd/main.go
• Device IP label: internal/controller/core/device_controller.go
• Docs: docs/TESTING_TFTP.md

How to test

• Environment: isolated local kind cluster (kind-netop-tftp-e2e), namespace network-operator-system.

• Used local dev image flow (build -> load into kind -> set deployment image -> rollout).

• Prepared test fixtures:

  1. TFTP service (UDP 1069)
  2. BusyBox client pod
  3. Device CR with inline bootScript, serial set in status

• Ran two runtime checks:

  1. Positive: request serial-tftp-test-serial.boot
  2. Negative: request serial-wrong-serial.boot
  3. Collected manager logs for evidence

**Test results **
Positive case: success
POS_EXIT:0
returned script content includes:
#!/bin/sh
echo hello-from-operator

Negative case: correctly rejected
client error: unknown serial
NEG_EXIT:1

Logs confirm both paths:
delivered: [tftp] delivered 35 bytes ... serial=tftp-test-serial ...
denied: [tftp] unknown serial=wrong-serial ... deny

[weneghawi]

TFTP inline server

Adds a read-only TFTP server that runs inside the operator process and serves Device.spec.provisioning.bootScript content to switches during PXE boot.

What changed

New flags on the operator binary

• --tftp-bind-address — enables the server (e.g. :1069); empty = disabled
• --verify-tftp-client — when true, enforces serial + IP checks before serving

internal/tftp/server.go
The TFTP server now holds a client.Reader directly instead of going through an intermediate K8sIndex abstraction. Device lookups happen inline via label selectors (DeviceIPLabel, DeviceSerialLabel). The index.go file has been removed.

Request handling:

• Filename serial-<SERIAL>.boot → lookup by DeviceSerialLabel
• Anything else → lookup by client source IP via DeviceIPLabel
• In verify mode: denies on unknown serial, unknown IP, IP mismatch, or bootscript name mismatch
• Writes (WRQ) are always rejected

internal/controller/core/device_controller.go
Reconcile now keeps both DeviceIPLabel and DeviceSerialLabel in sync on every run, so the TFTP server can filter devices efficiently without scanning all objects.

Helm chart (charts/network-operator/)

• Old flat tftp-service.yaml replaced by templates/tftp/service.yaml with {{- if .Values.tftp.enabled }} guard
• New values.yaml block: tftp.enabled, serviceType, externalTrafficPolicy, port, targetPort

config/develop/manager_patch.yaml
Adds --tftp-bind-address=:1069 and --verify-tftp-client=false for the dev deploy overlay.

Testing

See docs/TESTING_TFTP.md for the full local test guide (binary build, Go TFTP client, verify/non-verify flows, cleanup).

Quick smoke-test against a live switch:

1. Deploy with --tftp-bind-address=:1069 --verify-tftp-client=true
2. Confirm log line: [tftp] listening on :1069 (verify=true)
3. Create a Device with a bootScript and patch status.serialNumber
4. From a pod in-cluster: tftp -g -r serial-<SERIAL>.boot -l /tmp/boot <svc-ip> 1069

[github-actions]

Merging this branch will increase overall coverage

Impacted Packages	Coverage Δ	🤖
github.com/ironcore-dev/network-operator/api/core/v1alpha1	0.00% (ø)
github.com/ironcore-dev/network-operator/cmd	0.00% (ø)
github.com/ironcore-dev/network-operator/internal/controller/core	62.82% (+0.17%)	👍
github.com/ironcore-dev/network-operator/internal/tftp	0.00% (ø)

---

Coverage by file

Changed files (no unit tests)

Changed File	Coverage Δ	Total	Covered	Missed	🤖
github.com/ironcore-dev/network-operator/api/core/v1alpha1/groupversion_info.go	0.00% (ø)	0	0	0
github.com/ironcore-dev/network-operator/cmd/main.go	0.00% (ø)	0	0	0
github.com/ironcore-dev/network-operator/internal/controller/core/device_controller.go	62.50% (+1.82%)	216 (+10)	135 (+10)	81	👍
github.com/ironcore-dev/network-operator/internal/tftp/server.go	0.00% (ø)	0	0	0

Please note that the "Total", "Covered", and "Missed" counts above refer to code statements instead of lines of code. The value in brackets refers to the test coverage of that file in the old version of the code.

[elinalin]

see latest commit and the test result.
Conclusion: verify-mode behavior is working as expected (valid request succeeds, invalid serial is denied)