-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
4.18, 4.19
-
None
-
Quality / Stability / Reliability
-
False
-
-
None
-
None
-
None
-
None
-
Rejected
-
None
-
In Progress
-
Release Note Not Required
-
None
-
None
-
None
-
None
-
None
This is a clone of issue OCPBUGS-54426. The following is the description of the original issue:
—
Description of problem:
The CEL validation containerCIDR doesnt work as expected given for non-masked CIDRs.
For example:
cidr('192.168.0.0/16').containsCIDR('192.168.0.0/32') <- This works today, return true as expected
cidr('192.168.0.0/16').containsCIDR('192.168.0.1/32') <- This does not work today, return false but it should return true.
Version-Release number of selected component (if applicable):
How reproducible:
100%
Steps to Reproduce:
1. Install attached CRD
kubectl apply -f crd.yaml
2. Apply the attached manifest
kubectl apply -f cr.yaml
3. CR creation succeed but it should fail.
Actual results:
The CEL validation 'containsCIDR' doesnt cover non-masked CIDRs.
For example:
cidr('192.168.0.0/16').containsCIDR('192.168.0.1/32')
It return false
Expected results:
The CEL validation'containsCIDR' should cover non-masked CIDRs.
For example:
cidr('192.168.0.0/16').containsCIDR('192.168.0.1/32')
should return true.
Additional info:
We found this while working on a feature for OVN-Kuberentes targeted for OCP 4.19. Involving extending a CRD and add CEL validations to it, utilizing the IP/CIDR validations. The bug is reported on U/S [1]. And fixed on U/S main branch [2]. There is a PR for backporting the fix to release-1.32 branch [3]. We need the bugfix on OCP 4.19, so we can utilize contiansCIDR in the incoming CRD extensions. [1] https://github.com/kubernetes/kubernetes/issues/130441 [2] https://github.com/kubernetes/kubernetes/pull/130450 [3] https://github.com/kubernetes/kubernetes/pull/130773
- clones
-
-
- Closed
-
- is blocked by
-
-
- Closed
-
- links to
