65 lines
2.5 KiB
Diff
65 lines
2.5 KiB
Diff
From 1ae019fca2a6c7874afe2b54b7261dbf9a7d8efc Mon Sep 17 00:00:00 2001
|
|
From: Rob Murray <rob.murray@docker.com>
|
|
Date: Thu, 8 Feb 2024 17:40:54 +0000
|
|
Subject: [PATCH 004/172] Don't enforce new validation rules for existing
|
|
networks
|
|
|
|
Non-swarm networks created before network-creation-time validation
|
|
was added in 25.0.0 continued working, because the checks are not
|
|
re-run.
|
|
|
|
But, swarm creates networks when needed (with 'agent=true'), to
|
|
ensure they exist on each agent - ignoring the NetworkNameError
|
|
that says the network already existed.
|
|
|
|
By ignoring validation errors on creation of a network with
|
|
agent=true, pre-existing swarm networks with IPAM config that would
|
|
fail the new checks will continue to work too.
|
|
|
|
New swarm (overlay) networks are still validated, because they are
|
|
initially created with 'agent=false'.
|
|
|
|
Signed-off-by: Rob Murray <rob.murray@docker.com>
|
|
(cherry picked from commit 571af915d59d2fa68eb10cf0ec3cf9cd85b1eef2)
|
|
Signed-off-by: Albin Kerouanton <albinker@gmail.com>
|
|
---
|
|
daemon/network.go | 22 +++++++++++++++++++++-
|
|
1 file changed, 21 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/daemon/network.go b/daemon/network.go
|
|
index d2d9dd27fc..9fcf6b1fd6 100644
|
|
--- a/daemon/network.go
|
|
+++ b/daemon/network.go
|
|
@@ -332,7 +332,27 @@ func (daemon *Daemon) createNetwork(cfg *config.Config, create types.NetworkCrea
|
|
}
|
|
|
|
if err := network.ValidateIPAM(create.IPAM, create.EnableIPv6); err != nil {
|
|
- return nil, errdefs.InvalidParameter(err)
|
|
+ if agent {
|
|
+ // This function is called with agent=false for all networks. For swarm-scoped
|
|
+ // networks, the configuration is validated but ManagerRedirectError is returned
|
|
+ // and the network is not created. Then, each time a swarm-scoped network is
|
|
+ // needed, this function is called again with agent=true.
|
|
+ //
|
|
+ // Non-swarm networks created before ValidateIPAM was introduced continue to work
|
|
+ // as they did before-upgrade, even if they would fail the new checks on creation
|
|
+ // (for example, by having host-bits set in their subnet). Those networks are not
|
|
+ // seen again here.
|
|
+ //
|
|
+ // By dropping errors for agent networks, existing swarm-scoped networks also
|
|
+ // continue to behave as they did before upgrade - but new networks are still
|
|
+ // validated.
|
|
+ log.G(context.TODO()).WithFields(log.Fields{
|
|
+ "error": err,
|
|
+ "network": create.Name,
|
|
+ }).Warn("Continuing with validation errors in agent IPAM")
|
|
+ } else {
|
|
+ return nil, errdefs.InvalidParameter(err)
|
|
+ }
|
|
}
|
|
|
|
if create.IPAM != nil {
|
|
--
|
|
2.27.0
|
|
|