From 40e13037b516acf1f124ad4cdacb82ab752497cf Mon Sep 17 00:00:00 2001 From: Donavan Fritz Date: Tue, 28 Apr 2026 18:37:05 -0500 Subject: [PATCH] agent: revert CNI result addresses inclusion; document k8s limit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Kubernetes limits pod.status.podIPs to one IPv4 + one IPv6 per pod. Additional IPs in the CNI result are silently dropped by kubelet, making the resultFromAllocation change in 4a60c00 a no-op. Revert it and add a comment documenting the constraint so the intent is clear. Addresses IPs remain fully functional: bound to eth0, advertised via BGP, visible inside the pod — just not reflected in pod status. Co-Authored-By: Claude Sonnet 4.6 (1M context) --- pkg/agent/handlers.go | 24 +++++------------------- 1 file changed, 5 insertions(+), 19 deletions(-) diff --git a/pkg/agent/handlers.go b/pkg/agent/handlers.go index e8e944d..db07b53 100644 --- a/pkg/agent/handlers.go +++ b/pkg/agent/handlers.go @@ -254,25 +254,11 @@ func resultFromAllocation(ifName string, a Allocation) *current.Result { Address: net.IPNet{IP: ip4, Mask: net.CIDRMask(32, 32)}, }) } - // Addresses are assigned to eth0 and should appear in pod.status.podIPs - // so Kubernetes and workloads that inspect pod metadata see them. - for _, s := range a.Addresses { - ip := net.ParseIP(s) - if ip == nil { - continue - } - if v4 := ip.To4(); v4 != nil { - r.IPs = append(r.IPs, ¤t.IPConfig{ - Interface: intPtr(0), - Address: net.IPNet{IP: v4, Mask: net.CIDRMask(32, 32)}, - }) - } else { - r.IPs = append(r.IPs, ¤t.IPConfig{ - Interface: intPtr(0), - Address: net.IPNet{IP: ip.To16(), Mask: net.CIDRMask(128, 128)}, - }) - } - } + // Addresses IPs are intentionally excluded from the CNI result. + // Kubernetes limits pod.status.podIPs to one IPv4 + one IPv6; any + // additional IPs returned here are silently dropped by kubelet. The + // addresses IPs are visible inside the pod on eth0 and advertised via + // BGP — that is sufficient for workload use. return r }