Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ipam: Protect release from releasing alive IP
[ upstream commit 4890a15 ] It has been observed that kubelet calls CNI DELETE multiple times with potentially stale CNI result information. This can lead to a race condition where the initial CNI DELETE properly releases the IP in use which then gets reused by a different pod. Any subsequent CNI DELETE with the stale IP will then cause the IP of the live pod to be released. While the pod will continue to function, the next scheduled pod will attempt to use that IP and continuously fail to be scheduled due to a IP in use error. This is a regression of commit ab61853 which introduced the ability for CNI DELETE to release an IP even if the endpoint deletion fails which is required to fix the race condition when the CNI binary gets killed in between allocating an IP and creating the endpoint. Fixes: ab61853 ("cni: Release IP even when endpoint deletion fails") Fixes: #10065 Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Ray Bejjani <ray@isovalent.com>
- Loading branch information