[PRODENG-3342] Validate --pod-cidr does not overlap Swarm overlay address pool#636
Open
james-nesbitt wants to merge 1 commit into
Open
[PRODENG-3342] Validate --pod-cidr does not overlap Swarm overlay address pool#636james-nesbitt wants to merge 1 commit into
james-nesbitt wants to merge 1 commit into
Conversation
Configs with --pod-cidr that overlaps the Swarm overlay address pool (default 10.0.0.0/8) cause the Docker daemon to restart into a broken network state during MKE bootstrap. The SSH session rides that network, so the connection drops silently and launchpad reports a timeout after 20+ minutes of install. Adds ValidateFacts.validatePodCIDR() which: - Parses --pod-cidr from mke.installFlags - Uses the Swarm default pool (10.0.0.0/8) unless mcr.swarmInstallFlags contains --default-addr-pool, in which case that value is used instead - Fails immediately with a clear, actionable error if the CIDRs overlap Tests cover: overlap with default pool, no overlap, absent flag, custom pool no overlap, custom pool overlap. PRODENG-3342
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Add early validation that rejects configs where
--pod-cidrinmke.installFlagsoverlaps with the Swarm overlay address pool.Why
A
--pod-cidrthat overlaps10.0.0.0/8(Swarm's default overlay pool) causes the Docker daemon to restart into a broken network state during MKE bootstrap. The SSH session rides that network, so the connection drops silently and launchpad reports a 20-minute timeout with no useful diagnosis.How
validatePodCIDR()toValidateFactsphase — parses--pod-cidrfrommke.installFlagsand checks for CIDR overlap with the Swarm poolmcr.swarmInstallFlagscontains--default-addr-pool, that value is used as the Swarm pool instead of the compiled-in default (10.0.0.0/8)Testing
make unit-testpasses (24/24 packages)Links
Checklist