From a3216ec571f2ec8fb3437dd409e48f6d7179a134 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Wed, 24 Jan 2024 21:55:25 +0000 Subject: [PATCH] Only run flannel host-network CIS netpol controller when using canal CNI This will leave the existing policy in place in case anyone was depending on it, but new clusters will not have it. Administrators can delete if if they wish, without risk of the controller putting it back. Signed-off-by: Brad Davidson --- pkg/controllers/cisnetworkpolicy/controller.go | 2 +- pkg/rke2/rke2.go | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/pkg/controllers/cisnetworkpolicy/controller.go b/pkg/controllers/cisnetworkpolicy/controller.go index ae39b289de..b8e20f9bf6 100644 --- a/pkg/controllers/cisnetworkpolicy/controller.go +++ b/pkg/controllers/cisnetworkpolicy/controller.go @@ -34,7 +34,7 @@ func register(ctx context.Context, ctx: ctx, k8s: k8s, } - logrus.Debugf("CISNetworkPolicyController: Registering controller hooks") + logrus.Debugf("CISNetworkPolicyController: Registering controller hooks for NetworkPolicy %s", flannelHostNetworkPolicyName) nodes.OnChange(ctx, "cisnetworkpolicy-node", h.handle) nodes.OnRemove(ctx, "cisnetworkpolicy-node", h.handle) return nil diff --git a/pkg/rke2/rke2.go b/pkg/rke2/rke2.go index ef38e92c9e..35ac9e514d 100644 --- a/pkg/rke2/rke2.go +++ b/pkg/rke2/rke2.go @@ -22,6 +22,7 @@ import ( "github.com/pkg/errors" "github.com/rancher/rke2/pkg/controllers/cisnetworkpolicy" "github.com/rancher/rke2/pkg/images" + "github.com/rancher/wrangler/pkg/slice" "github.com/sirupsen/logrus" "github.com/urfave/cli" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -114,7 +115,8 @@ func Server(clx *cli.Context, cfg Config) error { var leaderControllers rawServer.CustomControllers - if cisMode { + cnis := clx.StringSlice("cni") + if cisMode && (len(cnis) == 0 || slice.ContainsString(cnis, "canal")) { leaderControllers = append(leaderControllers, cisnetworkpolicy.Controller) }