This repository was archived by the owner on Oct 20, 2025. It is now read-only.
Don't leak old tunnel addresses#430
Merged
caseydavenport merged 2 commits intoMar 12, 2020
Merged
Conversation
64dbe0a to
a329202
Compare
caseydavenport
commented
Mar 5, 2020
caseydavenport
commented
Mar 5, 2020
a329202 to
a54cc19
Compare
nelljerram
suggested changes
Mar 6, 2020
nelljerram
left a comment
Member
There was a problem hiding this comment.
Basically looks good, just a few minor points.
1108c18 to
bdf43b4
Compare
f59d90c to
ee330c1
Compare
ee330c1 to
c38da99
Compare
3 tasks
This was referenced Mar 19, 2020
caseydavenport
added a commit
that referenced
this pull request
Mar 20, 2020
…#430-origin-release-v3.13 Automated cherry pick of #430 origin release v3.13
caseydavenport
added a commit
that referenced
this pull request
Mar 23, 2020
…#430-origin-release-v3.12 Automated cherry pick of #430: Add test which catches IP leak
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Spotted a bug where we'll leak addresses that don't have any allocation
attributes. Turns out we used to allocate all tunnel addresses without
attributes, and so tunnel addresses allocated prior to v3.6 will get
leaked once Calico is upgraded to v3.8+.
This PR aims to fix the leak. Subsequent PRs will try to clean up the
leaked addresses, and fix another potential leak spotted in code
reading.
There are a few cases we need to consider:
The node has an address in its spec, but the address doesn't exist in IPAM.
The current code handles this already simply by assigning a new address and updating the node.
The node has an address in its spec, the address exists in IPAM but has no attributes
This is the case that this PR is primarily trying to fix. Currently, we assign a new address and leak the old. In this PR, we will attempt to "correct" the allocation in IPAM to have attributes, and if that fails we'll just release it and assign a new one. We will only release it if we can see for sure the allocation has no handle. If it had a handle, it would suggest this is actually a WEP address.
The node has an address in its spec, the address exists and has attributes.
The current code handles this case already
The node has no address in its spec, the address exists in IPAM but has no attributes
In this case, the current code will simply allocate a new address and leak the old one. Since the old address has no attributes / handle, we have no way of identifying it and thus cannot clean it up.
A potential future enhancement would be to have kube-controllers detect addresses which have no handle and no attributes and garbage collect them.
The node has no address in its spec, the address exists in IPAM and has attributes
In this case, the current code will simply allocate a new address and leak the old one. However, the address does have a handle associated with it, so we can determine if we're hitting this scenario. I propose we do a defensive "ReleaseByHandle" if we detect that the node has no address in order to cover this case.
The node has no address in its spec, the address does not exist in IPAM.
The current code handles this case already.