k8splugin support manage_network_ns_lifecycle=true from crio #1150
Conversation
| @@ -95,15 +279,40 @@ func addPodToContiv(nc *clients.NWClient, pInfo *cniapi.CNIPodAttr) { | |||
| } | |||
| os.Exit(1) | |||
| } | |||
| log.Infof("EP created IP: %s\n", result.Attr.IPAddress) | |||
There was a problem hiding this comment.
Why change this function?
Why not change the
// addPod is the handler for pod additions
func addPod(w http.ResponseWriter, r *http.Request, vars map[string]string) (interface{}, error)
in \netplugin\mgmtfn\k8splugin\driver.go
There was a problem hiding this comment.
When, the runtime send the pid process the operation inside the container is permitted, but when is the path of network namespace I have problems to exec same operation I get the error: RTNETLINK answers: Invalid argument, exit status 2
This is result inside the container contiv-netplugin running on k8s
ls -lha /var/run/netns/
-rw-r--r-- 1 root root 0 Aug 9 18:41 cni-d5e070e5-08c4-46f0-96ee-4bb5e6c6e21a
lrwxrwxrwx 1 root root 55 Aug 9 18:41 k8s_contiv-blue-c1_default_01bc671d-9a69-11e8-a90e-000af70485d0_1-81a93eff -> /var/run/netns/cni-d5e070e5-08c4-46f0-96ee-4bb5e6c6e21a
So, the k8s_cni is part of the contivk8s plugin execute on the host.
I make some test to try maintain the logical on ./netplugin\mgmtfn\k8splugin\driver.go but no success.
newtonjose
changed the title
| } | ||
| defer ns.Close() | ||
| return ns.Do(toRun) | ||
| } |
There was a problem hiding this comment.
maybe these files can use vendor in the project?
https://github.com/containernetworking/plugins/tree/master/pkg/ns
|
Yes. Is good practice. But the master version of this vendor don't have the
function I need. Only
https://github.com/containernetworking/plugins/tree/v0.7/pkg/ns
<https://github.com/containernetworking/plugins/tree/master/pkg/ns>.
You now how I get this specific branch with *go get*?
TIA
…On Fri, Aug 17, 2018, 3:47 AM Jackson ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In utils/ns/ns_linux.go
<#1150 (comment)>:
> + }()
+ wg.Wait()
+
+ return innerError
+}
+
+// WithNetNSPath executes the passed closure under the given network
+// namespace, restoring the original namespace afterwards.
+func WithNetNSPath(nspath string, toRun func(NetNS) error) error {
+ ns, err := GetNS(nspath)
+ if err != nil {
+ return err
+ }
+ defer ns.Close()
+ return ns.Do(toRun)
+}
maybe these files can use vendor in the project?
https://github.com/containernetworking/plugins/tree/master/pkg/ns
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#1150 (review)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ARjvR5Q0Xqz1DQZG_o4Lxgo8pIiUH6BAks5uRmcJgaJpZM4V0AUL>
.
|
Description of the changes
Type of fix:
Bug fix
Fixes #
1054
Please describe:
The cni 0.3 support the network namespace path can be
/proc/[pid]/ns/netor abind-mount/link(like /var/run/netns/cni-<something>)to it.So, when the flag
manage_network_ns_lifecycle=trueon the cri-o runtime, contiv return the bug contiv cni plugin is broken with cri-o runtime. #1054.I made some logical modifications to contiv run over buth net path. Some problems of permission on container, I can't execute the operation on the mounted path and that force me send part of the code to k8s_cni code.
Modifications:
Manual tests on Kubernetes v1.10.5 with CRI-O v1.10.6 and Kata Container v1.1.0, and Kata needed the manage_network_ns_lifecycle=true, https://github.com/kata-containers/documentation/blob/master/architecture.md#cni.
TODO