Skip legacy features (hostport, bwshaping)

pkg/kubelet/network/kubenet/kubenet_linux.go

@@ -334,6 +334,9 @@ func (plugin *kubenetNetworkPlugin) Capabilities() utilsets.Int {
 	return utilsets.NewInt(network.NET_PLUGIN_CAPABILITY_SHAPING)
 }
 
+// setup sets up networking through CNI using the given ns/name and sandbox ID.
+// TODO: Don't pass the pod to this method, it only needs it for bandwidth
+// shaping and hostport management.
 func (plugin *kubenetNetworkPlugin) setup(namespace string, name string, id kubecontainer.ContainerID, pod *api.Pod) error {
 	// Bring up container loopback interface
 	if _, err := plugin.addContainerToNetwork(plugin.loConfig, "lo", namespace, name, id); err != nil {
@@ -384,6 +387,14 @@ func (plugin *kubenetNetworkPlugin) setup(namespace string, name string, id kube
 		plugin.syncEbtablesDedupRules(macAddr)
 	}
 
+	plugin.podIPs[id] = ip4.String()
+
+	// The host can choose to not support "legacy" features. The remote
+	// shim doesn't support it (#35457), but the kubelet does.
+	if !plugin.host.SupportsLegacyFeatures() {
+		return nil
+	}
+
 	// The first SetUpPod call creates the bridge; get a shaper for the sake of
 	// initialization
 	shaper := plugin.shaper()
@@ -398,8 +409,6 @@ func (plugin *kubenetNetworkPlugin) setup(namespace string, name string, id kube
 		}
 	}
 
-	plugin.podIPs[id] = ip4.String()
-
 	// Open any hostports the pod's containers want
 	activePods, err := plugin.getActivePods()
 	if err != nil {
@@ -423,6 +432,7 @@ func (plugin *kubenetNetworkPlugin) SetUpPod(namespace string, name string, id k
 		glog.V(4).Infof("SetUpPod took %v for %s/%s", time.Since(start), namespace, name)
 	}()
 
+	// TODO: Entire pod object only required for bw shaping and hostport.
 	pod, ok := plugin.host.GetPodByName(namespace, name)
 	if !ok {
 		return fmt.Errorf("pod %q cannot be found", name)
@@ -440,15 +450,20 @@ func (plugin *kubenetNetworkPlugin) SetUpPod(namespace string, name string, id k
 			glog.V(4).Infof("Failed to clean up %s/%s after SetUpPod failure: %v", namespace, name, err)
 		}
 
-		// TODO: Remove this hack once we've figured out how to retrieve the netns
+		// TODO(#34278): Figure out if we need IP GC through the cri.
-		// of an exited container. Currently, restarting docker will leak a bunch of
+		// The cri should always send us teardown events for stale sandboxes,
-		// ips. This will exhaust available ip space unless we cleanup old ips. At the
+		// this obviates the need for GC in the common case, for kubenet.
-		// same time we don't want to try GC'ing them periodically as that could lead
+		if plugin.host.SupportsLegacyFeatures() {
-		// to a performance regression in starting pods. So on each setup failure, try
-		// GC on the assumption that the kubelet is going to retry pod creation, and
-		// when it does, there will be ips.
-		plugin.ipamGarbageCollection()
 
+			// TODO: Remove this hack once we've figured out how to retrieve the netns
+			// of an exited container. Currently, restarting docker will leak a bunch of
+			// ips. This will exhaust available ip space unless we cleanup old ips. At the
+			// same time we don't want to try GC'ing them periodically as that could lead
+			// to a performance regression in starting pods. So on each setup failure, try
+			// GC on the assumption that the kubelet is going to retry pod creation, and
+			// when it does, there will be ips.
+			plugin.ipamGarbageCollection()
+		}
 		return err
 	}
 
@@ -485,6 +500,12 @@ func (plugin *kubenetNetworkPlugin) teardown(namespace string, name string, id k
 		}
 	}
 
+	// The host can choose to not support "legacy" features. The remote
+	// shim doesn't support it (#35457), but the kubelet does.
+	if !plugin.host.SupportsLegacyFeatures() {
+		return utilerrors.NewAggregate(errList)
+	}
+
 	activePods, err := plugin.getActivePods()
 	if err == nil {
 		err = plugin.hostportHandler.SyncHostports(BridgeName, activePods)