Bug 1939605: cri-o+kuryr: Switch to proper netns management … #12316

dulek · 2021-03-24T17:08:54Z

cri-o is not complying with the CNI spec when
manage_network_ns_lifecycle isn't set to "true". This affects Kuryr SDN
so this commit enables that option when Kuryr is enabled.

As in that more reliable mode network namespaces are placed in the
standard /run/netns directory we need to mount it into kuryr-cni
container in order to be able to access the network namespaces there.
This commit does so too.

openshift-ci-robot · 2021-03-24T17:08:55Z

@dulek: No Bugzilla bug is referenced in the title of this pull request.
To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

In response to this:

Kuryr: Mount host's /run/netns into kuryr-cni pod

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

openshift-ci-robot · 2021-03-24T17:09:48Z

@dulek: This pull request references Bugzilla bug 1939605, which is valid. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target release (3.11.z) matches configured target release for branch (3.11.z)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

No GitHub users were found matching the public email listed for the QA contact in Bugzilla (schoudha@redhat.com), skipping review request.

In response to this:

Bug 1939605: Kuryr: Mount host's /run/netns into kuryr-cni pod

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

dulek · 2021-03-24T17:11:44Z

/hold

I need cri-o's go ahead first.

dulek · 2021-04-02T15:23:42Z

/retest

dulek · 2021-04-06T08:27:15Z

/retest

MaysaMacedo · 2021-04-06T11:04:17Z

just confirming, non crio installation works fine as well with the new mounting path, right?

dulek · 2021-04-06T11:15:50Z

just confirming, non crio installation works fine as well with the new mounting path, right?

Sure, I'm not removing the old mount of host's /proc.

dulek · 2021-04-07T14:51:19Z

/hold cancel
/retest

dulek · 2021-04-07T14:52:51Z

/retest

haircommander · 2021-04-07T14:58:10Z

roles/container_runtime/templates/crio.conf.j2

+# manage_network_ns_lifecycle determines whether we pin and remove network namespaces
+# and manage their lifecycle


nit: can we put this clause inside of the if statement?

Ah right, I should, that's a template.

haircommander · 2021-04-07T14:58:24Z

one nit, non blocking, otherwise LGTM, thanks @dulek

cri-o is not complying with the CNI spec when manage_network_ns_lifecycle isn't set to "true". This affects Kuryr SDN so this commit enables that option when Kuryr is enabled. As in that more reliable mode network namespaces are placed in the standard /run/netns directory we need to mount it into kuryr-cni container in order to be able to access the network namespaces there. This commit does so too.

haircommander · 2021-04-07T15:32:58Z

/retest

/lgtm

openshift-ci-robot · 2021-04-08T09:02:44Z

@dulek: This pull request references Bugzilla bug 1939605, which is valid.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target release (3.11.z) matches configured target release for branch (3.11.z)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

Requesting review from QA contact:
/cc @lyman9966

In response to this:

Bug 1939605: Kuryr: Mount host's /run/netns into kuryr-cni pod

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

openshift-bot · 2021-05-12T21:50:45Z

/retest