Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate pod CIDR and service CIDR #695

Merged
merged 9 commits into from
Oct 1, 2024
Merged

Validate pod CIDR and service CIDR #695

merged 9 commits into from
Oct 1, 2024

Conversation

eaudetcobello
Copy link
Contributor

@eaudetcobello eaudetcobello commented Sep 24, 2024
edited
Loading

We should verify that the user provides valid CIDRs when bootstrapping the cluster.

This PR adds validation at bootstrap-time.

Examples

bootstrap-config:

pod-cidr: 192.168.1.0/24
service-cidr: 192.168.2.0/24,fe80::/64

Error: Failed to validate the CIDR configuration.                                                                           

The error was: service CIDR "fe80::/64" cannot have a prefix length of 64 or more

bootstrap-config:

pod-cidr: 192.168.1.0/24
service-cidr: 192.168.1.0/24

Error: Failed to validate the CIDR configuration.                                                                             

The error was: pod CIDR "192.168.1.0/24" and service CIDR "192.168.1.0/24" overlap

@eaudetcobello eaudetcobello marked this pull request as ready for review September 25, 2024 18:29
@eaudetcobello eaudetcobello requested a review from a team as a code owner September 25, 2024 18:29
HomayoonAlimohammadi
HomayoonAlimohammadi reviewed Sep 26, 2024
View reviewed changes
Copy link
Contributor

@HomayoonAlimohammadi HomayoonAlimohammadi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wonderful job @eaudetcobello! Thanks a lot. Left some minor comments.

src/k8s/cmd/k8s/k8s_bootstrap.go Outdated Show resolved Hide resolved
src/k8s/cmd/k8s/k8s_bootstrap.go Outdated Show resolved Hide resolved
src/k8s/cmd/k8s/k8s_bootstrap.go Outdated
}

// Check CIDR size
// Ref: https://documentation.ubuntu.com/canonical-kubernetes/latest/snap/howto/networking/dualstack/#cidr-size-limitations
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/64 is too large for the Service CIDR: Using a /64 CIDR for services may cause issues like failure to initialize the IPv6 allocator.

This makes me feel that the problem might not only be with the IPv6 but that IPv6 problem is just an example, WDYT? Do we need to change the docs or check for IPv4 here as well?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is a limitation of the Kubernetes controller. I understand your point, but IMHO we should describe the limitation for a user (-> use smaller CIDR size) as they normally don't care about the internals of some Kubernetes controller.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did some tests with @berkayoz and we will be going with /108. Cluster fails to bootstrap at /64 and /96.

src/k8s/cmd/k8s/k8s_bootstrap_test.go Outdated Show resolved Hide resolved
bschimke95
bschimke95 reviewed Sep 26, 2024
View reviewed changes
Copy link
Contributor

@bschimke95 bschimke95 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This check should be done on the server side (in the bootstrap hook) otherwise you'd need to implement this for every client.

bschimke95
bschimke95 reviewed Sep 27, 2024
View reviewed changes
Copy link
Contributor

@bschimke95 bschimke95 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looking good - couple of comments

src/k8s/cmd/k8s/k8s_bootstrap.go Outdated Show resolved Hide resolved
src/k8s/pkg/k8sd/app/hooks_bootstrap.go Outdated Show resolved Hide resolved
src/k8s/pkg/k8sd/app/hooks_bootstrap.go Outdated Show resolved Hide resolved
src/k8s/pkg/utils/cidr.go Show resolved Hide resolved
src/k8s/pkg/k8sd/app/hooks_bootstrap.go Outdated Show resolved Hide resolved
HomayoonAlimohammadi
HomayoonAlimohammadi reviewed Sep 30, 2024
View reviewed changes
Copy link
Contributor

@HomayoonAlimohammadi HomayoonAlimohammadi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot @eaudetcobello! Left some minor comments.

src/k8s/pkg/k8sd/app/hooks_bootstrap_test.go Outdated Show resolved Hide resolved
src/k8s/pkg/utils/cidr.go Outdated Show resolved Hide resolved
src/k8s/pkg/k8sd/types/cluster_config_validate.go Outdated Show resolved Hide resolved
src/k8s/pkg/k8sd/types/cluster_config_validate.go Outdated Show resolved Hide resolved
src/k8s/pkg/k8sd/types/cluster_config_validate.go Outdated Show resolved Hide resolved
src/k8s/pkg/k8sd/types/cluster_config_validate.go Outdated Show resolved Hide resolved
src/k8s/pkg/k8sd/types/cluster_config_validate.go Show resolved Hide resolved
src/k8s/pkg/k8sd/types/cluster_config_validate_test.go Outdated Show resolved Hide resolved
bschimke95
bschimke95 approved these changes Sep 30, 2024
View reviewed changes
Copy link
Contributor

@bschimke95 bschimke95 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, great work @eaudetcobello

src/k8s/pkg/k8sd/types/cluster_config_validate.go Show resolved Hide resolved
@bschimke95
Copy link
Contributor

please resolve the conflicts then this is good to merge

HomayoonAlimohammadi
HomayoonAlimohammadi approved these changes Oct 1, 2024
View reviewed changes
Copy link
Contributor

@HomayoonAlimohammadi HomayoonAlimohammadi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks a lot @eaudetcobello!

@eaudetcobello eaudetcobello merged commit 27247c4 into main Oct 1, 2024
18 of 20 checks passed
@eaudetcobello eaudetcobello deleted the KU-1586 branch October 1, 2024 18:35
evilnick pushed a commit to evilnick/k8s-snap that referenced this pull request Nov 14, 2024
@eaudetcobello @evilnick
Validate pod CIDR and service CIDR (canonical#695)
5755f01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bschimke95 bschimke95 bschimke95 approved these changes

@HomayoonAlimohammadi HomayoonAlimohammadi HomayoonAlimohammadi approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@eaudetcobello @bschimke95 @HomayoonAlimohammadi