From 5320c4970dc0a704f701d60cdb38cda9e67c6734 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Wed, 24 Jan 2024 21:55:25 +0000 Subject: [PATCH] Only run flannel host-network CIS netpol controller when using canal CNI This will leave the existing policy in place in case anyone was depending on it, but new clusters will not have it. Administrators can delete if if they wish, without risk of the controller putting it back. Signed-off-by: Brad Davidson --- pkg/controllers/cisnetworkpolicy/controller.go | 2 +- pkg/rke2/rke2.go | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/pkg/controllers/cisnetworkpolicy/controller.go b/pkg/controllers/cisnetworkpolicy/controller.go index ae39b289de7..b8e20f9bf61 100644 --- a/pkg/controllers/cisnetworkpolicy/controller.go +++ b/pkg/controllers/cisnetworkpolicy/controller.go @@ -34,7 +34,7 @@ func register(ctx context.Context, ctx: ctx, k8s: k8s, } - logrus.Debugf("CISNetworkPolicyController: Registering controller hooks") + logrus.Debugf("CISNetworkPolicyController: Registering controller hooks for NetworkPolicy %s", flannelHostNetworkPolicyName) nodes.OnChange(ctx, "cisnetworkpolicy-node", h.handle) nodes.OnRemove(ctx, "cisnetworkpolicy-node", h.handle) return nil diff --git a/pkg/rke2/rke2.go b/pkg/rke2/rke2.go index ef38e92c9ea..18f87a330a5 100644 --- a/pkg/rke2/rke2.go +++ b/pkg/rke2/rke2.go @@ -20,6 +20,7 @@ import ( rawServer "github.com/k3s-io/k3s/pkg/server" "github.com/natefinch/lumberjack" "github.com/pkg/errors" + "github.com/rancher/norman/types/slice" "github.com/rancher/rke2/pkg/controllers/cisnetworkpolicy" "github.com/rancher/rke2/pkg/images" "github.com/sirupsen/logrus" @@ -114,7 +115,8 @@ func Server(clx *cli.Context, cfg Config) error { var leaderControllers rawServer.CustomControllers - if cisMode { + cnis := clx.StringSlice("cni") + if cisMode && (len(cnis) == 0 || slice.ContainsString(cnis, "canal")) { leaderControllers = append(leaderControllers, cisnetworkpolicy.Controller) }