Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The value specified by multus.spidernet.io/cr-name when creating spidermultusconfig is not validated and can be repeated #4167

Open
ty-dc opened this issue Oct 14, 2024 · 0 comments · May be fixed by #4168
Open

The value specified by multus.spidernet.io/cr-name when creating spidermultusconfig is not validated and can be repeated #4167

ty-dc opened this issue Oct 14, 2024 · 0 comments · May be fixed by #4168
Assignees
@ty-dc
Labels
kind/bug

Comments

@ty-dc
Copy link
Collaborator

ty-dc commented Oct 14, 2024
edited
Loading

Spiderpool Version

any

Main CNI

any

bug description

The value specified by multus.spidernet.io/cr-name when creating spidermultusconfig is not validated and can be repeated

What did you expect to happen?

Unreasonable data should be rejected.

How to reproduce it (as minimally and precisely as possible)

  1. The spidermultusconfig of calico corresponds to the following:

    root@controller-node-1:~# kubectl get smc -n kube-system   calico  -oyaml
apiVersion: spiderpool.spidernet.io/v2beta1
kind: SpiderMultusConfig
metadata:
  annotations:
    multus.spidernet.io/cr-name: k8s-pod-network
  creationTimestamp: "2024-05-20T06:27:32Z"
  generation: 1
  name: calico
  namespace: kube-system
  resourceVersion: "809396"
  uid: e9ee8b99-0a93-4b43-b250-0a125775e600
spec:
  cniType: custom
  customCNI: ""
  disableIPAM: false
  enableCoordinator: false

  2. In calico's spidermultusconfig, the name of net-attach-def is specified as k8s-pod-network through multus.spidernet.io/cr-name.

  3. Create a new SpiderMultusConfig (cniType is macvlan) with the same name as k8s-pod-network

    root@controller-node-1:~# kubectl get smc -A
NAMESPACE     NAME              AGE
kube-system   calico            147d
kube-system   k8s-pod-network   2m27s

root@controller-node-1:~# kubectl get network-attachment-definitions.k8s.cni.cncf.io  -A | grep k8s-pod-network 
kube-system   k8s-pod-network   14d

  4. Check network-attachment-definitions.k8s.cni.cncf.io and find that multusConfig named k8s-pod-network is managed by two spiderpoolmultus (Changing, sometimes managed by calico, sometimes managed by macvlan).

    root@controller-node-1:~# kubectl get network-attachment-definitions.k8s.cni.cncf.io -n kube-system   k8s-pod-network -oyaml
apiVersion: k8s.cni.cncf.io/v1
kind: NetworkAttachmentDefinition
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"spiderpool.spidernet.io/v2beta1","kind":"SpiderMultusConfig","metadata":{"annotations":{},"name":"k8s-pod-network","namespace":"kube-system"},"spec":{"cniType":"macvlan","coordinator":{"detectGateway":false,"detectIPConflict":false,"hostRPFilter":0,"hostRuleTable":500,"mode":"auto","podDefaultRouteNIC":"","podMACPrefix":"","tunePodRoutes":true,"txQueueLen":0},"disableIPAM":false,"enableCoordinator":true,"macvlan":{"enableRdma":false,"ippools":{},"master":["enp4s0f0np0"],"rdmaResourceName":"","vlanID":0}}}
  creationTimestamp: "2024-09-30T08:11:06Z"
  generation: 2
  name: k8s-pod-network
  namespace: kube-system
  ownerReferences:
  - apiVersion: spiderpool.spidernet.io/v2beta1
    blockOwnerDeletion: true
    controller: true
    kind: SpiderMultusConfig
    name: k8s-pod-network
    uid: eeb96509-7672-4cbd-9173-a83d72bfb7d9
  resourceVersion: "107771498"
  uid: e42d7c3d-15a7-4193-ab5f-b7aa1edabca2
spec:
  config: '{"cniVersion":"0.3.1","name":"k8s-pod-network","plugins":[{"type":"macvlan","master":"enp4s0f0np0","mode":"bridge","ipam":{"type":"spiderpool"}},{"txQueueLen":0,"detectIPConflict":false,"detectGateway":false,"tunePodRoutes":true,"mode":"auto","type":"coordinator"}]}'

    root@controller-node-1:~# kubectl get network-attachment-definitions.k8s.cni.cncf.io  -n kube-system   k8s-pod-network  -oyaml
apiVersion: k8s.cni.cncf.io/v1
kind: NetworkAttachmentDefinition
metadata:
  annotations:
    multus.spidernet.io/cr-name: k8s-pod-network
  creationTimestamp: "2024-09-30T08:11:06Z"
  generation: 1
  name: k8s-pod-network
  namespace: kube-system
  ownerReferences:
  - apiVersion: spiderpool.spidernet.io/v2beta1
    blockOwnerDeletion: true
    controller: true
    kind: SpiderMultusConfig
    name: calico
    uid: e9ee8b99-0a93-4b43-b250-0a125775e600
  resourceVersion: "97093101"
  uid: e42d7c3d-15a7-4193-ab5f-b7aa1edabca2
spec:
  config: ""

  5. If the user expects the default network to be calico, frequent changes will cause the cluster's default network to be unavailable.

Additional Context

No response
@ty-dc ty-dc added the kind/bug label Oct 14, 2024
@ty-dc ty-dc self-assigned this Oct 14, 2024
@ty-dc ty-dc linked a pull request Oct 14, 2024 that will close this issue
Open
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ty-dc ty-dc

Labels
kind/bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: same-name conflict check specified by multus.spidernet.io/cr-name ty-dc/spiderpool
1 participant
@ty-dc