This repository has been archived by the owner on May 28, 2021. It is now read-only.
CIDR fixes and kops support #184
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Gianluca Borello <[email protected]>
Signed-off-by: Gianluca Borello <[email protected]>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR introduces two changes, split in separate commits:
Better validation of IP addresses to CIDR, since the original algorithm was a little bit weak, and it also adds some tests.
Includes the
100.64.0.0/10address range as valid range.The reason for 2) is that kops by default seems to be using that range to minimize the likelihood of collisions in the wild[1] . This is in my opinion improper and against the guidelines of the RFC (e.g. [2], [3]), but considering the popularity of kops it's a scenario we have to support, so we either introduce a new configuration parameter inside the CRD that the user can use to manually specify the whitelist range (and this would then be passed to the mysql-agent as argument when the statefulset is first created), or we just hardcode the address range, like I did. The latter has the advantage that it will work out of the box, which is a usability advantage with respect to the other solution in my opinion.
Thanks
[1] kubernetes/kops#2075
[2] https://blog.ipspace.net/2013/08/can-i-use-shared-rfc-6598-ipv4-address.html
[3] https://networkengineering.stackexchange.com/questions/35958/ipv4-segment-100-64-0-0-10