From e06f17f58030a925c7d175dfccd09b2b3cff55e2 Mon Sep 17 00:00:00 2001
From: Chris Evich <cevich@redhat.com>
Date: Tue, 27 Aug 2019 12:12:28 -0400
Subject: Cirrus: Block CNI use of google VPCs

Specifically pertaining to executing tests in google cloud, there are
default, pre-allocated class-a subnetworks for each region (data-center).
Each includes a gateway using a `.1` LSB and all are routable from other
regions in google cloud via these gateways.

Because the default CNI configuration also utilizes class-a subnetworks,
this creates the possibility for IPv4 address-space clashes.  Since the
default regional cloud subnets are pre-defined/known, preventing clashes
can be accomplished by seeding these subnets in a dummy CNI configuration.

The default behavior of podman is to grab the highest priority CNI
configuration.  Name the dummy config. appropriate so it always loads
last.  Also name the bridge itself with an obvious name `do-not-use`,
such that any related testing errors should be easier to debug.

Also:

* Minor cleanup of `install_test_configs()`
* Move install_test_configs in `setup_environment.sh` to after possible
  run of `remove_packaged_podman_files()` because that also strips out
  `/etc/cni/net.d/87-podman-bridge.conflist`.

Signed-off-by: Chris Evich <cevich@redhat.com>
---
 .../cirrus/99-do-not-use-google-subnets.conflist    | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 contrib/cirrus/99-do-not-use-google-subnets.conflist

(limited to 'contrib/cirrus/99-do-not-use-google-subnets.conflist')

diff --git a/contrib/cirrus/99-do-not-use-google-subnets.conflist b/contrib/cirrus/99-do-not-use-google-subnets.conflist
new file mode 100644
index 000000000..e9ab638ed
--- /dev/null
+++ b/contrib/cirrus/99-do-not-use-google-subnets.conflist
@@ -0,0 +1,21 @@
+{
+    "cniVersion": "0.4.0",
+    "name": "do-not-use-google-subnets",
+    "plugins": [
+        {
+            "type": "bridge",
+            "name": "do-not-use-google-subnets",
+            "bridge": "do-not-use-google-subnets",
+            "ipam": {
+                "type": "host-local",
+                "ranges": [
+                    [
+                        {
+                            "subnet": "10.128.0.0/9"
+                        }
+                    ]
+                ]
+            }
+        }
+    ]
+}
-- 
cgit v1.2.3-54-g00ecf