-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow CRI-O to manage net, IPC and UTS namespaces using pinns #3048
Allow CRI-O to manage net, IPC and UTS namespaces using pinns #3048
Conversation
6ef1bf2
to
937a9ee
Compare
@@ -242,193 +242,4 @@ var _ = t.Describe("Sandbox", func() { | |||
Expect(err).NotTo(BeNil()) | |||
}) | |||
}) | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TODO: update these tests
613b50a
to
1f67ccb
Compare
Codecov Report
@@ Coverage Diff @@
## master #3048 +/- ##
=========================================
- Coverage 46.35% 45.66% -0.7%
=========================================
Files 89 90 +1
Lines 7346 7363 +17
=========================================
- Hits 3405 3362 -43
- Misses 3639 3710 +71
+ Partials 302 291 -11 |
7a1a86d
to
4965f03
Compare
4965f03
to
c8a32d3
Compare
c8a32d3
to
598ee9c
Compare
Signed-off-by: Peter Hunt <pehunt@redhat.com>
7e2ecae
to
63f4d04
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: haircommander, saschagrunert The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
1 similar comment
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: haircommander, saschagrunert The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@giuseppe PTAL |
/hold |
LGTM |
Signed-off-by: Peter Hunt <pehunt@redhat.com>
/lgtm |
as well as refactor *NsJoin Signed-off-by: Peter Hunt <pehunt@redhat.com>
instead of using the infra pid unconditionally Signed-off-by: Peter Hunt <pehunt@redhat.com>
Added a couple more changes, as well as a TODO note that can be addressed here or in another PR. |
/retest |
Hm, still |
/retest |
// If we can't load the IPC namespace | ||
// because it's closed, we just set the sb ipcns | ||
// pointer to nil. Otherwise we return an error. | ||
if nsErr != nil && nsErr != sandbox.ErrClosedNS { | ||
return nsErr | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@haircommander is there any use-case behind the check for closed namespaces? I'm not sure if we really need this. If the namespace is closed I assume that something went wrong and mark the sandbox as not-ready that it gets properly re-created.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hm good question. to be honest I just copied this from the old net ns managing code. There are fewer calls to close now though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This might be the root cause that we tear down the local loopback interface when the namespace is not correctly set-up (referring to openshift/containernetworking-plugins#15 and https://bugzilla.redhat.com/show_bug.cgi?id=1754154#c11).
Ref: #3086
This includes:
change the options ManageNetworkNSLifecycle to ManageNSLifecycle
add a new set of files: internal/lib/sandbox/namespaces* that takes care of namespace related functionality
create a generic NamespaceIface interface for interacting with all three kinds of namespaces
refactor some of runPodSandbox to reduce cyclomatic complexity
use pinns for managing