agent: revert CNI result addresses inclusion; document k8s limit

Kubernetes limits pod.status.podIPs to one IPv4 + one IPv6 per pod. Additional IPs in the CNI result are silently dropped by kubelet, making the resultFromAllocation change in 4a60c00 a no-op. Revert it and add a comment documenting the constraint so the intent is clear. Addresses IPs remain fully functional: bound to eth0, advertised via BGP, visible inside the pod — just not reflected in pod status. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
2026-04-28 18:37:05 -05:00
parent 4a60c004c3
commit 40e13037b5
1 changed files with 5 additions and 19 deletions
@@ -254,25 +254,11 @@ func resultFromAllocation(ifName string, a Allocation) *current.Result {
 			Address:   net.IPNet{IP: ip4, Mask: net.CIDRMask(32, 32)},
 		})
 	}
-	// Addresses are assigned to eth0 and should appear in pod.status.podIPs
-	// so Kubernetes and workloads that inspect pod metadata see them.
-	for _, s := range a.Addresses {
-		ip := net.ParseIP(s)
-		if ip == nil {
-			continue
-		}
-		if v4 := ip.To4(); v4 != nil {
-			r.IPs = append(r.IPs, &current.IPConfig{
-				Interface: intPtr(0),
-				Address:   net.IPNet{IP: v4, Mask: net.CIDRMask(32, 32)},
-			})
-		} else {
-			r.IPs = append(r.IPs, &current.IPConfig{
-				Interface: intPtr(0),
-				Address:   net.IPNet{IP: ip.To16(), Mask: net.CIDRMask(128, 128)},
-			})
-		}
-	}
+	// Addresses IPs are intentionally excluded from the CNI result.
+	// Kubernetes limits pod.status.podIPs to one IPv4 + one IPv6; any
+	// additional IPs returned here are silently dropped by kubelet. The
+	// addresses IPs are visible inside the pod on eth0 and advertised via
+	// BGP — that is sufficient for workload use.
 	return r
 }