Bug 1831866: cri-o: manage ns lifecycle, again! #1689
Conversation
switch cri-o to manage namespace lifecycle again, after having ironed out some details with third party networking plugins Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
/hold to inspect the artifacts before merging. |
openshift-ci-robot
added
the
do-not-merge/hold
|
e2e-metal-ipi passed, so I think this time it's good. |
|
/retest I'm running the e2e-network-stress test with clusterbot. that should give us an idea of how this is doing I also verified that this PR is working as expected, though I only poked through the artifacts briefly |
|
|
|
does this work? /test e2e-network-stress edit: no |
|
@haircommander: The specified target(s) for
Use In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift/machine-config-operator#1689 moves pod namespaces from /proc into /var/run/netns. As Kuryr needs access to them in order to manipulate interfaces, we need to mount the new directory and this commit does that.
|
Alright, so along with openshift/cluster-network-operator#562 this seem to work just fine. :) |
|
/retest |
openshift/machine-config-operator#1689 moves pod namespaces from /proc into /run/netns. As Kuryr needs access to them in order to manipulate interfaces, we need to mount the new directory and this commit does that. Note that CNI will pass /var/run/netns in netns paths, but /var/run is a symlink to /run, so it should be just fine.
|
/retest |
haircommander
changed the title
openshift-ci-robot
added
bugzilla/severity-unspecified
|
@haircommander: This pull request references Bugzilla bug 1831866, which is valid. The bug has been moved to the POST state. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/bugzilla refresh |
|
@haircommander: This pull request references Bugzilla bug 1831866, which is valid. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
we've gotten +1 from kuryr team and metal IPI teams, as well as tested with ovs and ovn, and run network stress tests. PTAL @umohnani8 @mrunalp I believe this is ready. |
openshift/machine-config-operator#1689 moves pod namespaces from /proc into /run/netns. As Kuryr needs access to them in order to manipulate interfaces, we need to mount the new directory and this commit does that. Note that CNI will pass /var/run/netns in netns paths, but /var/run is a symlink to /run, so it should be just fine.
|
/retest |
|
|
|
/lgtm |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
8 similar comments
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
@runcom @kikisdeliveryservice @sinnykumari @yuqi-zhang can we skip gcp-op? It passed organically in CI before the timeouts started happening, and I ran them manually on a gcp cluster with a bumped timeout and they passed. I'd like this to have some soak time before 4.5 freeze to make sure we have time to react to issues if there are any |
|
I can confirm that it did pass at some point. I'm going to go ahead and override |
|
/override e2e-gcp-op |
|
/override ci/prow/e2e-gcp-op |
|
@yuqi-zhang: /override requires a failed status context to operate on.
Only the following contexts were expected:
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@yuqi-zhang: Overrode contexts on behalf of yuqi-zhang: ci/prow/e2e-gcp-op In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
thanks! |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
6 similar comments
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
since e2e-gcp-op test has already passed earlier, attempting to override again to get this merged |
|
@sinnykumari: Overrode contexts on behalf of sinnykumari: ci/prow/e2e-gcp-op In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@haircommander: All pull requests linked via external trackers have merged: openshift/machine-config-operator#1689. Bugzilla bug 1831866 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift/machine-config-operator#1689 moves pod namespaces from /proc into /run/netns. As Kuryr needs access to them in order to manipulate interfaces, we need to mount the new directory and this commit does that. Note that CNI will pass /var/run/netns in netns paths, but /var/run is a symlink to /run, so it should be just fine.
- What I did
change the entry in crio.conf template to manage ns lifecycle
As it is more secure and gives cri-o more control of namespace lifecycle
This is attempting to do what #1568 did, but now we've hopefully ironed out the issues that caused the need for #1600
- How to verify it
- Description for the changelog
CRI-O now manages namespace lifecycle