Description of problem: In addition to the fix for https://bugzilla.redhat.com/show_bug.cgi?id=2179333, the used should also explicitly set `preserveDefaultVlan`, which is default True, to False in the NetworkAttachmentDefinition. This should be documented in https://github.com/containernetworking/cni.dev (in content/plugins/current/main/bridge.md).
I know this request comes in quite late, but is there any chance we could change the default of the CNI instead of just documenting it? Having preserveDefaultVlan True by default is IMO unsafe and counterintuitive. My worry is that today, users of the bridge CNI are requesting a VLAN with the expectation that their Pods will be fully isolated to this VLAN. That is however not not the case since by default their Pods would be also exposed to VLAN 1 which may contain sensitive management traffic. While this new preserveDefaultVlan attribute allows them to fix that gap in isolation, it is suboptimal since they need to change their existing configuration. While theoretically there may have been users who relied on the VLAN 1 to be exposed in addition to the requested VLAN ID, I would argue that they would be the exception (if they exist at all).