Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

multus: Delete cni cache at preStop #1253

Merged
merged 1 commit into from Mar 6, 2022
Merged

multus: Delete cni cache at preStop #1253

merged 1 commit into from Mar 6, 2022

Conversation

qinqon
Copy link
Collaborator

@qinqon qinqon commented Mar 4, 2022
edited

/kind bug

What this PR does / why we need it:
When multus is deleted the CNI resolution has to be forced for already
present pods or they will not be able to be removed. This change remove
the CNI cache before deleting the multus daemonset. This is related to
[1]

[1] 0703604

Release note:

Delete CNI cache /var/lib/cni/* at multus delete, the cache should be reconstructed by the CRI if it's using libcni.

@qinqon
multus: Delete cni cache at preStop
95d5732 
When multus is deleted the CNI resolution has to be forced for already
present pods or they will not be able to be removed. This change remove
the CNI cache before deleting the multus daemonset. This is related to
[1]

[1] kubevirt@0703604

Signed-off-by: Quique Llorente <ellorent@redhat.com>
@kubevirt-bot kubevirt-bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/bug dco-signoff: yes Indicates the PR's author has DCO signed all their commits. labels Mar 4, 2022
@qinqon qinqon requested review from maiqueb and RamLavi March 4, 2022 12:41
@sonarcloud
Copy link

sonarcloud bot commented Mar 4, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@qinqon
Copy link
Collaborator Author

qinqon commented Mar 4, 2022

/retest

maiqueb
maiqueb reviewed Mar 4, 2022
View reviewed changes
Copy link
Contributor

@maiqueb maiqueb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would prefer to only remove the data associated with multus, but I won't object if we have to blow up the entire cni cache.

data/multus/001-multus.yaml
imagePullPolicy: {{ .ImagePullPolicy }}
lifecycle:
preStop:
exec:
command: ["/bin/sh", "-c", "rm -f /host/etc/cni/net.d/00-multus.conf"]
command: ["/bin/sh", "-c", "rm -rf /host/etc/cni/net.d/00-multus.conf /host/var/lib/cni/*"]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it would be safer to only delete stuff associated w/ multus; I find it strange that you're destroying the cache for all CNIs.

Did you attempt to only remove the stuff belonging to multus ?

Something like (I did not check if this works, my goal is mainly to show my intention):

command:
  - "/bin/sh"
  - "-c"
  - "find /host/var/lib/cni -name multus* -exec rm -f {} ; && rm -f /host/etc/cni/net.d/00-multus.conf"

Copy link
Collaborator Author

@qinqon qinqon Mar 4, 2022
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried it and didn't work, maybe I can try with grep, also the cache is reconstructed if not found, so this is not a big deal.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, I did not the cache was reconstructed.

I just spoke because removing the cache breaks the CNI spec for runtimes relying on libcni's cache:

A runtime must include a prevResult field in the network configuration containing the Result of the immediately preceding ADD for the container. The runtime may wish to use libcni's support for caching Results

I guess there's nothing wrong then.

@qinqon
Copy link
Collaborator Author

qinqon commented Mar 4, 2022

/retest

+ git clone https://github.com/kubevirt/kubevirtci.git /tmp/cnao/cluster-network-addons-operator/_kubevirtci/
Cloning into '/tmp/cnao/cluster-network-addons-operator/_kubevirtci'...
fatal: error reading section header 'shallow-info'

maiqueb
maiqueb suggested changes Mar 4, 2022
View reviewed changes
Copy link
Contributor

@maiqueb maiqueb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would you update the release notes indicating that runtimes relying on the libcni's cache will have to find a way to reconstruct the cache ?

@qinqon
Copy link
Collaborator Author

qinqon commented Mar 4, 2022

runtimes relying on the libcni's cache will have to find a way to reconstruct the cache ?

Let's really verify that first.

@qinqon
Copy link
Collaborator Author

qinqon commented Mar 4, 2022

/retest

@qinqon
Copy link
Collaborator Author

qinqon commented Mar 4, 2022

runtimes relying on the libcni's cache will have to find a way to reconstruct the cache ?

Let's really verify that first.

@maiqueb Have confirmed that removing just the "multus" entries is not enough.

@qinqon qinqon requested a review from maiqueb March 4, 2022 14:03
maiqueb
maiqueb approved these changes Mar 4, 2022
View reviewed changes
Copy link
Contributor

@maiqueb maiqueb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks.

Awesome work you did figuring this one out.

@kubevirt-bot kubevirt-bot added the lgtm Indicates that a PR is ready to be merged. label Mar 4, 2022
@tiraboschi tiraboschi mentioned this pull request Mar 4, 2022
Closed
RamLavi
RamLavi approved these changes Mar 6, 2022
View reviewed changes
Copy link
Collaborator

@RamLavi RamLavi left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

Great catch! Thanks

@kubevirt-bot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: RamLavi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kubevirt-bot kubevirt-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 6, 2022
@kubevirt-bot kubevirt-bot merged commit d9f95d7 into kubevirt:main Mar 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maiqueb maiqueb maiqueb approved these changes

@RamLavi RamLavi RamLavi approved these changes

@phoracek phoracek Awaiting requested review from phoracek

Assignees

@maiqueb maiqueb

@RamLavi RamLavi

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates the PR's author has DCO signed all their commits. kind/bug lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/S
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@qinqon @kubevirt-bot @maiqueb @RamLavi