Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] updates to an existing attachment should be rejected #66

Closed
maiqueb opened this issue Nov 2, 2022 · 0 comments · Fixed by #85
Closed

[BUG] updates to an existing attachment should be rejected #66

maiqueb opened this issue Nov 2, 2022 · 0 comments · Fixed by #85
Labels
bug Something isn't working good first issue Good for newcomers
Milestone
Define API & leve...

Comments

@maiqueb
Copy link
Collaborator

maiqueb commented Nov 2, 2022
edited
Loading

Describe the bug
An update to an existing attachment is currently being accepted, and treated as the following sequence of operations (in this order):

  • add new interface
  • remove old interface

Expected behavior
The controller should reject this operation, logging this.

To Reproduce
Steps to reproduce the behavior:

  1. provision a net-attach-def + pod with network selection elements using it. This net-attach-def should not specify the interface name.
---
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
  name: macvlan1-config
spec: 
  config: '{
            "cniVersion": "0.4.0",
            "plugins": [
                {
                    "type": "macvlan",
                    "capabilities": { "ips": true },
                    "master": "eth1",
                    "mode": "bridge",
                    "ipam": {
                        "type": "static"
                    }
                }, {
                    "type": "tuning"
                } ]
        }'
---
apiVersion: v1
kind: Pod
metadata:
  name: macvlan1-worker1
  annotations:
    k8s.v1.cni.cncf.io/networks: '[
            { "name": "macvlan1-config",
              "ips": [ "10.1.1.11/24" ] }
    ]'
  labels:
    app: macvlan
spec:
  containers:
  - name: macvlan-worker1
    image: centos:8
    command: ["/bin/sleep", "10000"]
    securityContext:
      privileged: true
  1. edit the pod's network-selection-elements trying to define the name of the interface; i.e. turn the networks annotation into:
{
    "name": "macvlan1-config",
    "ips": [ "10.1.1.11/24" ],
    "interface": "net1"
}

Environment:

  • multus-dynamic-networks-controller version: N/A
  • Kubernetes version (use kubectl version): N/A
  • Network-attachment-definition: N/A
  • OS (e.g. from /etc/os-release): N/A
  • Controller configuration (criSocketPath / multusSocketPath): N/A
  • Kernel (e.g. uname -a): N/A
  • Others: N/A

Additional info / context
I wonder if an event should be thrown for this vs only logging the error.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working good first issue Good for newcomers
Projects
None yet
Milestone
Define API & level driven controller
Development

Successfully merging a pull request may close this issue.

Level driven controller k8snetworkplumbingwg/multus-dynamic-networks-controller
1 participant
@maiqueb