fix: properly calculate overal of node address with subnet filters

Example: host has address `10.0.0.1/8`, while Kubernetes pod CIDR is `10.244.0.0/16`. These two subnets overlap, but the address `10.0.0.1` isn't contained in the `10.244.0.0/16` subnet. This change fixes the check to make sure address is not contained vs. the address subnet overlaps with the filter. NB: this is still a bad idea to have host network subnet to overlap with Kubernetes pod/service CIDRs. Also refactor the unit-tests to use new (better ways) to do assertions. Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
siderolabs · Aug 23, 2023 · c0ea4d7 · c0ea4d7
1 parent d6b2719
commit c0ea4d7
Show file tree

Hide file tree

Showing 2 changed files with 256 additions and 332 deletions.
diff --git a/internal/app/machined/pkg/controllers/network/node_address.go b/internal/app/machined/pkg/controllers/network/node_address.go
@@ -275,7 +275,7 @@ outer:
 			matchesAny := false
 
 			for _, subnet := range includeSubnets {
-				if subnet.Overlaps(ip) {
+				if subnet.Contains(ip.Addr()) {
 					matchesAny = true
 
 					break
@@ -288,7 +288,7 @@ outer:
 		}
 
 		for _, subnet := range excludeSubnets {
-			if subnet.Overlaps(ip) {
+			if subnet.Contains(ip.Addr()) {
 				continue outer
 			}
 		}