Description
Is this a BUG REPORT or FEATURE REQUEST?:
feature
What happened:
For delegated CNI plugins, DANM currently only supports relaying to a single plugin (a /etc/cni/net.d/*.conf
file), not a configuration list (/etc/cni/net.d/*.conflist
file)
What you expected to happen:
Just trying to gauge what it'd take to support conflists as delegate plugins (for example, for the bootstrap network).
While admittedly conflists are unnecessary most of the time, this is especially interesting in scenarios where we want to offer DANM as an "optional" plugin, but deliver a transparent experience to other users.
I have a couple of setups where I'd like selected users to be able to have a choice of tenantnetworks/clusternetworks; for other users, this option should not even be available and they should, for lack of a better comparison, "not even know that DANM is in the picture". The access control aspect to that is another question -- but the point of this issue is, for those users not using custom tenant/cluster-networking, and in the absence of .conflist support, the experience can never be completely transparent. Many (most) off-the-shelf CNI plugins rely on the portmap plugin for hostPort services; some CNI plugins (eg. Calico) rely on the "bandwidth" plugin to provide bandwidth limiting. By truncating the delegated CNI conflist to a single plugin, we effectively deprive default network users of these options.
As said, not a hugely important feature, but it'd be interesting to hear if this is actually a major enhancement, or something that can be done with reasonable effort.