Merge pull request #594 from mskrocki/reduce

Removed unnecessary cidr validation.

Author: k8s-ci-robot

pkg/controller/nodeipam/ipam/BUILD

@@ -23,7 +23,6 @@ go_library(
         "//pkg/util/node",
         "//pkg/util/taints",
         "//providers/gce",
-        "//vendor/github.com/google/go-cmp/cmp",
         "//vendor/google.golang.org/api/compute/v1:compute",
         "//vendor/k8s.io/api/core/v1:core",
         "//vendor/k8s.io/apimachinery/pkg/api/errors",
@@ -87,6 +86,5 @@ go_test(
         "//vendor/k8s.io/cloud-provider-gcp/crd/client/network/clientset/versioned/fake",
         "//vendor/k8s.io/cloud-provider-gcp/crd/client/network/informers/externalversions",
         "//vendor/k8s.io/component-base/metrics/testutil",
-        "//vendor/k8s.io/utils/net",
     ],
 )

pkg/controller/nodeipam/ipam/cloud_cidr_allocator.go

@@ -22,11 +22,9 @@ package ipam
 import (
 	"context"
 	"fmt"
-	"net"
 	"reflect"
 	"time"
 
-	"github.com/google/go-cmp/cmp"
 	"k8s.io/apimachinery/pkg/api/meta"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/client-go/util/workqueue"
@@ -350,26 +348,15 @@ func (ca *cloudCIDRAllocator) updateCIDRAllocation(nodeName string) error {
 	if err != nil {
 		return fmt.Errorf("failed to parse strings %v as CIDRs: %v", cidrStrings, err)
 	}
-
-	// TODO: revisit need of needPodCIDRsUpdate with current code base
-	// additionally: spec.podCIDRs: Forbidden: node updates may not change podCIDR except from "" to valid
-	needUpdate, err := needPodCIDRsUpdate(node, cidrs)
-	if err != nil {
-		return fmt.Errorf("err: %v, CIDRS: %v", err, cidrStrings)
-	}
-	if needUpdate {
-		if node.Spec.PodCIDR != "" {
-			klog.ErrorS(nil, "PodCIDR being reassigned!", "nodeName", node.Name, "node.Spec.PodCIDRs", node.Spec.PodCIDRs, "cidrStrings", cidrStrings)
-			// We fall through and set the CIDR despite this error. This
-			// implements the same logic as implemented in the
-			// rangeAllocator.
-			//
-			// See https://github.com/kubernetes/kubernetes/pull/42147#discussion_r103357248
+	if len(cidrs) > 1 {
+		if dualStack, _ := netutils.IsDualStackCIDRs(cidrs); !dualStack {
+			return fmt.Errorf("err: IPs are not dual stack, CIDRS: %v", cidrStrings)
 		}
-		node.Spec.PodCIDR = cidrStrings[0]
-		node.Spec.PodCIDRs = cidrStrings
 	}
 
+	node.Spec.PodCIDR = cidrStrings[0]
+	node.Spec.PodCIDRs = cidrStrings
+
 	err = ca.updateNodeCIDR(node, oldNode)
 	if err != nil {
 		return err
@@ -434,18 +421,13 @@ func (ca *cloudCIDRAllocator) updateNodeCIDR(node, oldNode *v1.Node) error {
 
 	// update Spec.podCIDR
 	if !reflect.DeepEqual(node.Spec, oldNode.Spec) {
-		// TODO: remove the retry since it is handled by the reconciliation loop
-		for i := 0; i < cidrUpdateRetries; i++ {
-			if err = utilnode.PatchNodeCIDRs(ca.client, types.NodeName(node.Name), node.Spec.PodCIDRs); err == nil {
-				klog.InfoS("Set the node PodCIDRs", "nodeName", node.Name, "cidrStrings", node.Spec.PodCIDRs)
-				break
-			}
-		}
+		err = utilnode.PatchNodeCIDRs(ca.client, types.NodeName(node.Name), node.Spec.PodCIDRs)
 		if err != nil {
 			nodeutil.RecordNodeStatusChange(ca.recorder, node, "CIDRAssignmentFailed")
 			klog.ErrorS(err, "Failed to update the node PodCIDR after multiple attempts", "nodeName", node.Name, "cidrStrings", node.Spec.PodCIDRs)
 			return err
 		}
+		klog.InfoS("Set the node PodCIDRs", "nodeName", node.Name, "cidrStrings", node.Spec.PodCIDRs)
 	}
 
 	// Update Conditions
@@ -463,44 +445,6 @@ func (ca *cloudCIDRAllocator) updateNodeCIDR(node, oldNode *v1.Node) error {
 	return err
 }
 
-func needPodCIDRsUpdate(node *v1.Node, podCIDRs []*net.IPNet) (bool, error) {
-	if node.Spec.PodCIDR == "" {
-		return true, nil
-	}
-	_, nodePodCIDR, err := net.ParseCIDR(node.Spec.PodCIDR)
-	if err != nil {
-		klog.ErrorS(err, "Found invalid node.Spec.PodCIDR", "node.Spec.PodCIDR", node.Spec.PodCIDR)
-		// We will try to overwrite with new CIDR(s)
-		return true, nil
-	}
-	nodePodCIDRs, err := netutils.ParseCIDRs(node.Spec.PodCIDRs)
-	if err != nil {
-		klog.ErrorS(err, "Found invalid node.Spec.PodCIDRs", "node.Spec.PodCIDRs", node.Spec.PodCIDRs)
-		// We will try to overwrite with new CIDR(s)
-		return true, nil
-	}
-
-	if len(podCIDRs) == 1 {
-		if cmp.Equal(nodePodCIDR, podCIDRs[0]) {
-			klog.V(4).InfoS("Node already has allocated CIDR. It matches the proposed one.", "nodeName", node.Name, "podCIDRs[0]", podCIDRs[0])
-			return false, nil
-		}
-	} else if len(nodePodCIDRs) == len(podCIDRs) {
-		if dualStack, _ := netutils.IsDualStackCIDRs(podCIDRs); !dualStack {
-			return false, fmt.Errorf("IPs are not dual stack")
-		}
-		for idx, cidr := range podCIDRs {
-			if !cmp.Equal(nodePodCIDRs[idx], cidr) {
-				return true, nil
-			}
-		}
-		klog.V(4).InfoS("Node already has allocated CIDRs. It matches the proposed one.", "nodeName", node.Name, "podCIDRs", podCIDRs)
-		return false, nil
-	}
-
-	return true, nil
-}
-
 func (ca *cloudCIDRAllocator) ReleaseCIDR(node *v1.Node) error {
 	klog.V(2).Infof("Node %v PodCIDR (%v) will be released by external cloud provider (not managed by controller)",
 		node.Name, node.Spec.PodCIDR)

pkg/controller/nodeipam/ipam/cloud_cidr_allocator_test.go

@@ -42,7 +42,6 @@ import (
 	"k8s.io/cloud-provider-gcp/pkg/controller/testutil"
 	"k8s.io/cloud-provider-gcp/providers/gce"
 	metricsUtil "k8s.io/component-base/metrics/testutil"
-	netutils "k8s.io/utils/net"
 )
 
 const (
@@ -98,10 +97,6 @@ func TestBoundedRetries(t *testing.T) {
 	}
 }
 
-func withinExpectedRange(got time.Duration, expected time.Duration) bool {
-	return got >= expected/2 && got <= 3*expected/2
-}
-
 func TestUpdateCIDRAllocation(t *testing.T) {
 	tests := []struct {
 		name            string
@@ -131,7 +126,7 @@ func TestUpdateCIDRAllocation(t *testing.T) {
 			nodeChanges: func(node *v1.Node) {},
 		},
 		{
-			name: "provider not set",
+			name: "want error - provider not set",
 			fakeNodeHandler: &testutil.FakeNodeHandler{
 				Existing: []*v1.Node{
 					{
@@ -152,7 +147,7 @@ func TestUpdateCIDRAllocation(t *testing.T) {
 			expectErrMsg: "doesn't have providerID",
 		},
 		{
-			name: "node not found in gce by provider",
+			name: "want error - node not found in gce by provider",
 			fakeNodeHandler: &testutil.FakeNodeHandler{
 				Existing: []*v1.Node{
 					{
@@ -176,7 +171,7 @@ func TestUpdateCIDRAllocation(t *testing.T) {
 			expectErrMsg: "failed to get instance from provider",
 		},
 		{
-			name: "gce node has no networks",
+			name: "want error - gce node has no networks",
 			fakeNodeHandler: &testutil.FakeNodeHandler{
 				Existing: []*v1.Node{
 					{
@@ -287,7 +282,7 @@ func TestUpdateCIDRAllocation(t *testing.T) {
 			expectedUpdate: true,
 		},
 		{
-			name: "incorrect cidr",
+			name: "want error - incorrect cidr",
 			fakeNodeHandler: &testutil.FakeNodeHandler{
 				Existing: []*v1.Node{
 					{
@@ -320,6 +315,40 @@ func TestUpdateCIDRAllocation(t *testing.T) {
 			expectErr:    true,
 			expectErrMsg: "failed to parse strings",
 		},
+		{
+			name: "want error - incorrect dualstack cidr",
+			fakeNodeHandler: &testutil.FakeNodeHandler{
+				Existing: []*v1.Node{
+					{
+						ObjectMeta: metav1.ObjectMeta{
+							Name: "test",
+						},
+						Spec: v1.NodeSpec{
+							ProviderID: "gce://test-project/us-central1-b/test",
+						},
+					},
+				},
+				Clientset: fake.NewSimpleClientset(),
+			},
+			gceInstance: []*compute.Instance{
+				{
+					Name: "test",
+					NetworkInterfaces: []*compute.NetworkInterface{
+						{
+							Ipv6Address: "10.10.1.0",
+							AliasIpRanges: []*compute.AliasIpRange{
+								{
+									IpCidrRange: "192.168.1.0/24",
+								},
+							},
+						},
+					},
+				},
+			},
+			nodeChanges:  func(node *v1.Node) {},
+			expectErr:    true,
+			expectErrMsg: "err: IPs are not dual stack",
+		},
 		{
 			name: "node already configured",
 			fakeNodeHandler: &testutil.FakeNodeHandler{
@@ -804,7 +833,7 @@ func TestUpdateCIDRAllocation(t *testing.T) {
 			},
 		},
 		{
-			name: "[mn] [invalid] - node with cidrs in incorrect format",
+			name: "[mn] want error - node with cidrs in incorrect format",
 			networks: []*networkv1.Network{
 				network(networkv1.DefaultPodNetworkName, defaultGKENetworkParamsName, true),
 				network(redNetworkName, redGKENetworkParamsName, true),
@@ -860,7 +889,7 @@ func TestUpdateCIDRAllocation(t *testing.T) {
 			expectErrMsg: "invalid CIDR address",
 		},
 		{
-			name: "[mn] one additional network with /32 cidr",
+			name: "[mn] want error - one additional network with /32 cidr",
 			networks: []*networkv1.Network{
 				network(networkv1.DefaultPodNetworkName, defaultGKENetworkParamsName, true),
 				network(redNetworkName, redGKENetworkParamsName, true),
@@ -1321,106 +1350,3 @@ func interfaces(network, subnetwork, networkIP string, aliasIPRanges []*compute.
 		NetworkIP:     networkIP,
 	}
 }
-
-func TestNeedPodCIDRsUpdate(t *testing.T) {
-	for _, tc := range []struct {
-		desc         string
-		cidrs        []string
-		nodePodCIDR  string
-		nodePodCIDRs []string
-		want         bool
-		wantErr      bool
-	}{
-		{
-			desc:         "want error - invalid cidr",
-			cidrs:        []string{"10.10.10.0/24"},
-			nodePodCIDR:  "10.10..0/24",
-			nodePodCIDRs: []string{"10.10..0/24"},
-			want:         true,
-		},
-		{
-			desc:         "want error - cidr len 2 but not dual stack",
-			cidrs:        []string{"10.10.10.0/24", "10.10.11.0/24"},
-			nodePodCIDR:  "10.10.10.0/24",
-			nodePodCIDRs: []string{"10.10.10.0/24", "2001:db8::/64"},
-			wantErr:      true,
-		},
-		{
-			desc:         "want false - matching v4 only cidr",
-			cidrs:        []string{"10.10.10.0/24"},
-			nodePodCIDR:  "10.10.10.0/24",
-			nodePodCIDRs: []string{"10.10.10.0/24"},
-			want:         false,
-		},
-		{
-			desc:  "want false - nil node.Spec.PodCIDR",
-			cidrs: []string{"10.10.10.0/24"},
-			want:  true,
-		},
-		{
-			desc:         "want true - non matching v4 only cidr",
-			cidrs:        []string{"10.10.10.0/24"},
-			nodePodCIDR:  "10.10.11.0/24",
-			nodePodCIDRs: []string{"10.10.11.0/24"},
-			want:         true,
-		},
-		{
-			desc:         "want false - matching v4 and v6 cidrs",
-			cidrs:        []string{"10.10.10.0/24", "2001:db8::/64"},
-			nodePodCIDR:  "10.10.10.0/24",
-			nodePodCIDRs: []string{"10.10.10.0/24", "2001:db8::/64"},
-			want:         false,
-		},
-		{
-			desc:         "want false - matching v4 and v6 cidrs, different strings but same CIDRs",
-			cidrs:        []string{"10.10.10.0/24", "2001:db8::/64"},
-			nodePodCIDR:  "10.10.10.0/24",
-			nodePodCIDRs: []string{"10.10.10.0/24", "2001:db8:0::/64"},
-			want:         false,
-		},
-		{
-			desc:         "want true - matching v4 and non matching v6 cidrs",
-			cidrs:        []string{"10.10.10.0/24", "2001:db8::/64"},
-			nodePodCIDR:  "10.10.10.0/24",
-			nodePodCIDRs: []string{"10.10.10.0/24", "2001:dba::/64"},
-			want:         true,
-		},
-		{
-			desc:  "want true - nil node.Spec.PodCIDRs",
-			cidrs: []string{"10.10.10.0/24", "2001:db8::/64"},
-			want:  true,
-		},
-		{
-			desc:         "want true - matching v6 and non matching v4 cidrs",
-			cidrs:        []string{"10.10.10.0/24", "2001:db8::/64"},
-			nodePodCIDR:  "10.10.1.0/24",
-			nodePodCIDRs: []string{"10.10.1.0/24", "2001:db8::/64"},
-			want:         true,
-		},
-		{
-			desc:         "want true - missing v6",
-			cidrs:        []string{"10.10.10.0/24", "2001:db8::/64"},
-			nodePodCIDR:  "10.10.10.0/24",
-			nodePodCIDRs: []string{"10.10.10.0/24"},
-			want:         true,
-		},
-	} {
-		var node v1.Node
-		node.Spec.PodCIDR = tc.nodePodCIDR
-		node.Spec.PodCIDRs = tc.nodePodCIDRs
-		netCIDRs, err := netutils.ParseCIDRs(tc.cidrs)
-		if err != nil {
-			t.Errorf("failed to parse %v as CIDRs: %v", tc.cidrs, err)
-		}
-
-		t.Run(tc.desc, func(t *testing.T) {
-			got, err := needPodCIDRsUpdate(&node, netCIDRs)
-			if tc.wantErr == (err == nil) {
-				t.Errorf("err: %v, wantErr: %v", err, tc.wantErr)
-			}
-			if err == nil && got != tc.want {
-				t.Errorf("got: %v, want: %v", got, tc.want)
-			}
-		})
-	}
-}