gravity icon indicating copy to clipboard operation
gravity copied to clipboard
verified publisher icon gravitational

CIDR validation does not catch overlap

Open bernardjkim opened this issue 5 years ago • 2 comments

Description

Gravity fails to catch overlap of pod and service subnet. This is possible when one of the CIDR ranges is provided in the cluster configuration resource and overlaps with the default.

What you expected to happen: Gravity should fail to install with an error stating subnets should not overlap.

How to reproduce it (as minimally and precisely as possible):

  • Create config file and specify podCIDR to be the same value as the default serviceCIDR.
// config.yaml
kind: ClusterConfiguration
spec:
  global:
    podCIDR: "100.100.0.0/16"
  • Install cluster with gravity install --config config.yaml.
// gravity resource get clusterconfiguration
Configuration
=============
Pod IP Range:         100.100.0.0/16
Service IP Range:     100.100.0.0/16
...

Gravity verifies the subnet configuration from flags and cluster configuration separately. This can allow edges cases like this to slip through.

bernardjkim avatar Oct 29 '20 19:10 bernardjkim

@bernardjkim this looks completed, can this be closed?

a-palchikov avatar May 20 '21 15:05 a-palchikov

@a-palchikov I'm not sure if anyone got around to addressing this issue. I created this issue as a TODO while testing #2297.

bernardjkim avatar May 20 '21 16:05 bernardjkim