Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

k8splugin support manager_networkmanage_network_ns_lifecycle=true from CRI-O #1153

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

k8splugin support manager_networkmanage_network_ns_lifecycle=true from CRI-O #1153

wants to merge 1 commit into from

Conversation

newtonjose
Copy link

Description of the changes

Type of fix:

Bug fix

Fixes #

#1054.
Please describe:

  • changes made in the Pull request
    The cni 0.3 support the network namespace path can be /proc/[pid]/ns/net or a bind-mount/link(like /var/run/netns/cni-<something>;) to it.
    So, when the flag **manage_network_ns_lifecycle=true** on the CRI-O runtime, contiv return the bug contiv cni plugin is broken with cri-o runtime. #1054.

When, the runtime send the pid process the operation inside the container is permitted, but when is the path of network namespace I have problems to exec same operation I get the error: RTNETLINK answers: Invalid argument, exit status 2

This is result inside the container contiv-netplugin running on k8s

ls -lha /var/run/netns/

rw-r--r- 1 root root 0 Aug 9 18:41 cni-d5e070e5-08c4-46f0-96ee-4bb5e6c6e21a
lrwxrwxrwx 1 root root 55 Aug 9 18:41 k8s_contiv-blue-c1_default_01bc671d-9a69-11e8-a90e-000af70485d0_1-81a93eff -> /var/run/netns/cni-d5e070e5-08c4-46f0-96ee-4bb5e6c6e21a

So, the k8s_cni is part of the contivk8s plugin execute on the host.

I make some test to try maintain the logical on ./netplugin\mgmtfn\k8splugin\driver.go but no success.
I made some logical modifications to contiv run over buth net path. Some problems of permission on container, I can't execute the operation on the mounted path and that force me send part of the code to k8s_cni.go code.

Modifications:

  • On the function addPod() of file driver.go of the k8splugin package. And put the same logical on the function addPodToContiv() of file k8s_cni.go of cniapi package;

  • type of testing done (both manual and automated)
    Manual tests on Kubernetes v1.10.5 with CRI-O v1.10.6 and Kata Container v1.1.0, and Kata needed the manage_network_ns_lifecycle=true, https://github.com/kata-containers/documentation/blob/master/architecture.md#cni.
    And modify the k8s_cni_test.go to

TODO

  • Tests
  • Documentation

@kannanvr
Copy link

I am also facing the similar problem. Can you please merge this code changes if it is OK

@newtonjose
Copy link
Author

On this branch https://github.com/n3wt0nSAN/netplugin/tree/suport_manage_network_ns_lifecycle, the issue is fixed. But you need create a new docker image of netplugin. And change the contiv.yaml description for kubernetes. This is my personal image with the new code: newton001/netplugin:test

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@newtonjose @kannanvr