cluster-api-ipam-provider-in-cluster icon indicating copy to clipboard operation
cluster-api-ipam-provider-in-cluster copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

Two distinct globalinclusterippools can contain same ip ranges

Open lukastopiarz opened this issue 1 year ago • 1 comments

Hello there,

I created by accident two globalinclusteripool CRs with unique names and same IP address ranges. No complaints from the admission webhook, nor IPAM operator. Cluster API is happily rolling new nodes with the same IP addresses 😯

image image Cluster nodes with same IPs! image

Shouldn't be this behaviour somehow checked and prohibited?

lukastopiarz avatar Aug 14 '24 07:08 lukastopiarz

I think that's debatable. The in-cluster IPAM provider manages IP addresses in pools, but it does not manage the pools. Cluster Nodes can use the same subnet as long as your network setup allows it. Therefore there might be cases where someone wants to have two separate pools that use the same subnet, but live in e.g. two different data centers.

We could consider making this an optional feature, but then the question arises whether overlap validation should only cover global pools and regular pools per namespace, or all pools, regardless whether they're namespaced or global.

schrej avatar Aug 16 '24 14:08 schrej

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Nov 14 '24 15:11 k8s-triage-robot