-
Notifications
You must be signed in to change notification settings - Fork 38
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Assigns default=true on a multiple interface return for first interface with a gateway #73
Conversation
192e099
to
20c8cc8
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some nits ...
I am a bit concerned about scenarios where CNIs are not setting the Interface
attribute in their result.IPs, but nothing we can do about that, other than push for them to comply with the CNI spec.
pkg/utils/net-attach-def.go
Outdated
// Check for a gateway-associated interface, we'll use this later if we did to mark as the default. | ||
gatewayInterfaceIndex := -1 | ||
if defaultNetwork { | ||
for _, ipConfig := range result.IPs { | ||
if ipConfig.Gateway != nil && ipConfig.Interface != nil { | ||
// Keep the index of the first interface that has a gateway | ||
gatewayInterfaceIndex = *ipConfig.Interface | ||
break | ||
} | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: maybe, for readability, you should export this into an helper ?
Something like:
// Check for a gateway-associated interface, we'll use this later if we did to mark as the default. | |
gatewayInterfaceIndex := -1 | |
if defaultNetwork { | |
for _, ipConfig := range result.IPs { | |
if ipConfig.Gateway != nil && ipConfig.Interface != nil { | |
// Keep the index of the first interface that has a gateway | |
gatewayInterfaceIndex = *ipConfig.Interface | |
break | |
} | |
} | |
} | |
if defaultNetwork { | |
gatewayIfaceIndex := gatewayInterfaceIndex(result.IPs) | |
} |
And the helper would be something like:
func gatewayInterfaceIndex(ips IPs) int {
for _, ipConfig := range ips {
if ipConfig.Gateway != nil && ipConfig.Interface != nil {
return *ipConfig.Interface
}
}
return -1
}
I do wonder about CNIs that don't bother setting the Interface
attribute for IPs in the CNI result ...
We would discard them; is that OK ? I think so - we can always open a bug on them to honor the CNI spec.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
re:
Totally hear that concern, I think that we were kind of in that situation previously too with the existing:
for i, iface := range result.Interfaces {
Buuuut... You're right. There's a sticky situation here with those in that if you don't set any interfaces, you don't have anything to index in the IPs either, so we can't determine if there's a gateway, and we can't determine if it's the first sandbox interface either. Sooo... I will try to do my best to explain what needs to be done in the release note too, and potentially update the language in the spec update, too.
Helper function++, can't hurt to break it out, makes this block easier to read for the main functionality.
pkg/utils/net-attach-def.go
Outdated
for i, iface := range result.Interfaces { | ||
if iface.Sandbox != "" { | ||
isDefault := false // default to false by default |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: I feel the comment is a bit redundant
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1
pkg/utils/net-attach-def.go
Outdated
} | ||
|
||
// Otherwise, if we didn't find it, we use the first sandbox interface. | ||
if defaultNetwork && gatewayInterfaceIndex == -1 && !foundFirstSandboxIface { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
shouldn't we also enable the foundFirstSandboxIface
flag ?
I know we're doing it later on, in line 202, but I think it would be more readable if we did it in this code block.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah this got spread out huh, good eye, agreed.
…ce with a gateway This is necessary especially under crio, as you may not want to present the default gateway interfaces IP address as the first CNI response, as crio utilizes that IP address as the PodIP, so you may need flexibility in expression of which interface should be presented first, vs. another interface which should be the default gateway (which we mark as default=true in the network-status)
20c8cc8
to
55f81d3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks !
From the release notes: > This release contains a fix related to the determination of the default interface, e.g. setting the default parameter to true in the network-status annotation based on the presence of a gateway in the CNI ADD success result ips.gateway and makes the determination of the default based on the first interface that has an associated value of gateway (using the interface index in the ips element in the CNI ADD success result). > This provides flexibility especially in CRI-O which uses the first interface and IP addresses for the pod.IP in Kubernetes, therefore. Containerd functionality is unchanged in that it uses the value for the IP addresses specifically > It's worth noting that CNI ADD success results which do not contain any interfaces will be discarded in this determination of the default, therefore it's recommended to set one with an associated gateway if aiming to have it be noted as the default. See also: https://github.com/k8snetworkplumbingwg/network-attachment-definition-client/releases/tag/v1.7.5 k8snetworkplumbingwg/network-attachment-definition-client#73
From the release notes: > This release contains a fix related to the determination of the default interface, e.g. setting the default parameter to true in the network-status annotation based on the presence of a gateway in the CNI ADD success result ips.gateway and makes the determination of the default based on the first interface that has an associated value of gateway (using the interface index in the ips element in the CNI ADD success result). > This provides flexibility especially in CRI-O which uses the first interface and IP addresses for the pod.IP in Kubernetes, therefore. Containerd functionality is unchanged in that it uses the value for the IP addresses specifically > It's worth noting that CNI ADD success results which do not contain any interfaces will be discarded in this determination of the default, therefore it's recommended to set one with an associated gateway if aiming to have it be noted as the default. See also: https://github.com/k8snetworkplumbingwg/network-attachment-definition-client/releases/tag/v1.7.5 k8snetworkplumbingwg/network-attachment-definition-client#73
From the release notes: > This release contains a fix related to the determination of the default interface, e.g. setting the default parameter to true in the network-status annotation based on the presence of a gateway in the CNI ADD success result ips.gateway and makes the determination of the default based on the first interface that has an associated value of gateway (using the interface index in the ips element in the CNI ADD success result). > This provides flexibility especially in CRI-O which uses the first interface and IP addresses for the pod.IP in Kubernetes, therefore. Containerd functionality is unchanged in that it uses the value for the IP addresses specifically > It's worth noting that CNI ADD success results which do not contain any interfaces will be discarded in this determination of the default, therefore it's recommended to set one with an associated gateway if aiming to have it be noted as the default. See also: https://github.com/k8snetworkplumbingwg/network-attachment-definition-client/releases/tag/v1.7.5 k8snetworkplumbingwg/network-attachment-definition-client#73
This is necessary especially under crio, as you may not want to present the default gateway interfaces IP address as the first CNI response, as crio utilizes that IP address as the PodIP, so you may need flexibility in expression of which interface should be presented first, vs. another interface which should be the default gateway (which we mark as default=true in the network-status)