-
Bug
-
Resolution: Done
-
Major
-
4.18, 4.19
-
None
Description of problem:
The CEL validation containerCIDR doesnt work as expected given for non-masked CIDRs.
For example:
cidr('192.168.0.0/16').containsCIDR('192.168.0.0/32') <- This works today, return true as expected
cidr('192.168.0.0/16').containsCIDR('192.168.0.1/32') <- This does not work today, return false but it should return true.
Version-Release number of selected component (if applicable):
How reproducible:
100%
Steps to Reproduce:
1. Install attached CRD
kubectl apply -f crd.yaml
2. Apply the attached manifest
kubectl apply -f cr.yaml
3. CR creation succeed but it should fail.
Actual results:
The CEL validation 'containsCIDR' doesnt cover non-masked CIDRs.
For example:
cidr('192.168.0.0/16').containsCIDR('192.168.0.1/32')
It return false
Expected results:
The CEL validation'containsCIDR' should cover non-masked CIDRs.
For example:
cidr('192.168.0.0/16').containsCIDR('192.168.0.1/32')
should return true.
Additional info:
We found this while working on a feature for OVN-Kuberentes targeted for OCP 4.19. Involving extending a CRD and add CEL validations to it, utilizing the IP/CIDR validations. The bug is reported on U/S [1]. And fixed on U/S main branch [2]. There is a PR for backporting the fix to release-1.32 branch [3]. We need the bugfix on OCP 4.19, so we can utilize contiansCIDR in the incoming CRD extensions. [1] https://github.com/kubernetes/kubernetes/issues/130441 [2] https://github.com/kubernetes/kubernetes/pull/130450 [3] https://github.com/kubernetes/kubernetes/pull/130773
- blocks
-
-
- POST
-
- is cloned by
-
-
- POST
-
- links to
(3 links to)
