feat: release IPAM subnet on network delete to avoid range exhaustion

[moizpgedge]

Summary

Adds subnet release on database network delete so the IPAM pool is reused and "range is full" no longer occurs after repeated create/delete. Release is best-effort and non-fatal (warnings only) when the subnet is invalid, missing, or out of range.

Changes

• Add ReleaseSubnet/releaseSubnet on IPAM service to deallocate subnet when a database network is removed
• Call ReleaseSubnet from swarm Network.Delete after successful NetworkRemove or ErrNotFound
• Document workaround: use a different subnet CIDR to avoid conflicts (docs/installation/configuration.md)

Testing

• go build ./server/... and go test ./server/internal/ipam/... ./server/internal/orchestrator/swarm/...

• make test (full unit tests)

• Manual: small CIDR (e.g. /26), create database → delete → create again; second create succeeds (no "range is full").

• ...

Checklist

• Tests added or updated (unit and/or e2e, as needed)
• Documentation updated (if needed)
• Issue is linked
• Changelog entry added for user-facing behavior changes
• Breaking changes (if any) are clearly called out in the PR description

Notes for Reviewers

• Release is best-effort: all failure paths log a warning and return nil so network delete never fails due to IPAM.
• Network.Delete removes the Docker network first, then calls ReleaseSubnet; order avoids leaking a subnet if release fails.

PLAT-399

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: dba8fa90-5c48-4ed6-9867-7fe4aff28c26

📥 Commits

Reviewing files that changed from the base of the PR and between 65bf163 and 6e503a6.

📒 Files selected for processing (3)

• server/internal/ipam/service.go
• server/internal/ipam/subnet.go
• server/internal/orchestrator/swarm/network.go

🚧 Files skipped from review as they are similar to previous changes (1)

• server/internal/ipam/subnet.go

---

📝 Walkthrough

Walkthrough

This change introduces a new subnet release capability in the IPAM service. It adds a public ReleaseSubnet method with retry logic, a helper Contains method on SubnetRange for validation, and integrates the release mechanism into network removal operations.

Changes

Cohort / File(s)	Summary
IPAM Service Release server/internal/ipam/service.go, server/internal/ipam/subnet.go	Added ReleaseSubnet public method with retry logic and best-effort release semantics for returning subnets to the pool; added Contains method to SubnetRange for subnet containment validation.
Network Orchestrator Integration server/internal/orchestrator/swarm/network.go	Integrated subnet release into network removal by invoking ReleaseSubnet on successful deletion; adjusted error handling to treat ErrNotFound as a non-error case.

Poem

🐰 Subnets hop back to the pool so free,
Contains checks keep them in harmony,
Networks spring forth with greatest ease,
IPAM service bounds with such grace,
A leap forward for this rabbit's place! 🌿

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main change: adding IPAM subnet release functionality to network deletion, which directly addresses the range exhaustion problem.
Description check	✅ Passed	The description covers the required template sections with substantive content: Summary explains the problem and solution, Changes lists the key modifications, Testing describes verification steps, and Notes for Reviewers provides important implementation context. All critical sections are complete.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/PLAT-399/Implement-release-deallocate-method-on-IPAM-service

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/installation/configuration.md`:
- Around line 49-59: Clarify the contradictory guidance about changing
docker_swarm.database_networks_cidr and database_networks_subnet_bits:
explicitly state that these values must not be changed after any databases are
created (or only may be changed if all databases using the old range have been
deleted and re-created), and add a prominent warning/admonition callout
indicating the risk and required steps (delete databases or perform full
migration) before changing; also specify what the CIDR must not overlap with
(e.g., host Docker bridge networks, other Docker Swarm IPAM ranges, or any
on-prem/VPC networks) and note that the Control Plane restart is required only
when performed before creating databases or after completing the safe migration
steps.

In `@server/internal/ipam/service.go`:
- Around line 56-71: The loop in releaseSubnet uses releaseMaxRetries with for
retries := releaseMaxRetries; retries >= 0; retries-- which makes 1 +
releaseMaxRetries attempts (e.g. releaseMaxRetries=2 -> 3 attempts) and is
inconsistent with allocateSubnet's semantics; fix by either renaming the
constant to reflect attempts (e.g. releaseMaxAttempts = 3) and keep the loop, or
keep releaseMaxRetries and change the loop to run retries > 0 (so it performs 1
initial attempt plus releaseMaxRetries retries); update the declaration of
releaseMaxRetries/releaseMaxAttempts and the loop around s.releaseSubnet(ctx,
prefix, bits, subnet) accordingly to restore consistent semantics and naming.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a7e8a31 and 65bf163.

📒 Files selected for processing (4)

• docs/installation/configuration.md
• server/internal/ipam/service.go
• server/internal/ipam/subnet.go
• server/internal/orchestrator/swarm/network.go

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Contradictory guidance: table says "Must not be changed after creating databases" but the note encourages changing CIDR.

Lines 46–47 state the CIDR and subnet bits "Must not be changed after creating databases," yet this new note advises users to switch to a different CIDR and restart. This will confuse operators—clarify when this workaround is safe (e.g., only before any databases exist, or only after all databases on the old range are deleted) and consider adding a warning/admonition callout for visibility.

Also, the note doesn't explain what the CIDR should not overlap with (host Docker networks? other IPAM ranges?). A brief clarification would help.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/installation/configuration.md` around lines 49 - 59, Clarify the
contradictory guidance about changing docker_swarm.database_networks_cidr and
database_networks_subnet_bits: explicitly state that these values must not be
changed after any databases are created (or only may be changed if all databases
using the old range have been deleted and re-created), and add a prominent
warning/admonition callout indicating the risk and required steps (delete
databases or perform full migration) before changing; also specify what the CIDR
must not overlap with (e.g., host Docker bridge networks, other Docker Swarm
IPAM ranges, or any on-prem/VPC networks) and note that the Control Plane
restart is required only when performed before creating databases or after
completing the safe migration steps.

[jason-lynch]

@moizpgedge could you please remove this advice? Coderabbit is right that this is contradictory with our existing documentation.

[coderabbitai]

Seems like the humans are having a chat. I'll hop back into my burrow for now. If you need me again, just tag @coderabbitai in a new comment, and I'll come hopping out!

[jason-lynch]

Nice! I think this is looking good. It should be good to merge once you've addressed the CodeRabbit comments.

[jason-lynch]

@moizpgedge could you please remove this advice? Coderabbit is right that this is contradictory with our existing documentation.

[jason-lynch]

Awesome! Thanks for making this change.