Skip to content

Conflist support for delegated plugins #224

Open
@carstenkoester

Description

@carstenkoester

Is this a BUG REPORT or FEATURE REQUEST?:
feature

What happened:
For delegated CNI plugins, DANM currently only supports relaying to a single plugin (a /etc/cni/net.d/*.conf file), not a configuration list (/etc/cni/net.d/*.conflist file)

What you expected to happen:

Just trying to gauge what it'd take to support conflists as delegate plugins (for example, for the bootstrap network).

While admittedly conflists are unnecessary most of the time, this is especially interesting in scenarios where we want to offer DANM as an "optional" plugin, but deliver a transparent experience to other users.

I have a couple of setups where I'd like selected users to be able to have a choice of tenantnetworks/clusternetworks; for other users, this option should not even be available and they should, for lack of a better comparison, "not even know that DANM is in the picture". The access control aspect to that is another question -- but the point of this issue is, for those users not using custom tenant/cluster-networking, and in the absence of .conflist support, the experience can never be completely transparent. Many (most) off-the-shelf CNI plugins rely on the portmap plugin for hostPort services; some CNI plugins (eg. Calico) rely on the "bandwidth" plugin to provide bandwidth limiting. By truncating the delegated CNI conflist to a single plugin, we effectively deprive default network users of these options.

As said, not a hugely important feature, but it'd be interesting to hear if this is actually a major enhancement, or something that can be done with reasonable effort.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions