netplugin icon indicating copy to clipboard operation
netplugin copied to clipboard

Published 20 hours ago verified publisher icon contiv

k8splugin support manager_networkmanage_network_ns_lifecycle=true from CRI-O

Open newtonjose opened this issue 6 years ago • 2 comments

Description of the changes

Type of fix:

Bug fix

Fixes #

#1054. Please describe:

  • changes made in the Pull request The cni 0.3 support the network namespace path can be /proc/[pid]/ns/net or a bind-mount/link(like /var/run/netns/cni-<something>;) to it. So, when the flag **manage_network_ns_lifecycle=true** on the CRI-O runtime, contiv return the bug #1054.

When, the runtime send the pid process the operation inside the container is permitted, but when is the path of network namespace I have problems to exec same operation I get the error: RTNETLINK answers: Invalid argument, exit status 2

This is result inside the container contiv-netplugin running on k8s

ls -lha /var/run/netns/

rw-r--r- 1 root root 0 Aug 9 18:41 cni-d5e070e5-08c4-46f0-96ee-4bb5e6c6e21a
lrwxrwxrwx 1 root root 55 Aug 9 18:41 k8s_contiv-blue-c1_default_01bc671d-9a69-11e8-a90e-000af70485d0_1-81a93eff -> /var/run/netns/cni-d5e070e5-08c4-46f0-96ee-4bb5e6c6e21a

So, the k8s_cni is part of the contivk8s plugin execute on the host.

I make some test to try maintain the logical on ./netplugin\mgmtfn\k8splugin\driver.go but no success. I made some logical modifications to contiv run over buth net path. Some problems of permission on container, I can't execute the operation on the mounted path and that force me send part of the code to k8s_cni.go code.

Modifications:

  • On the function addPod() of file driver.go of the k8splugin package. And put the same logical on the function addPodToContiv() of file k8s_cni.go of cniapi package;

  • type of testing done (both manual and automated) Manual tests on Kubernetes v1.10.5 with CRI-O v1.10.6 and Kata Container v1.1.0, and Kata needed the manage_network_ns_lifecycle=true, https://github.com/kata-containers/documentation/blob/master/architecture.md#cni. And modify the k8s_cni_test.go to

TODO

  • [ ] Tests
  • [ ] Documentation

newtonjose avatar Aug 24 '18 20:08 newtonjose

I am also facing the similar problem. Can you please merge this code changes if it is OK

kannanvr avatar Oct 29 '18 12:10 kannanvr

On this branch https://github.com/n3wt0nSAN/netplugin/tree/suport_manage_network_ns_lifecycle, the issue is fixed. But you need create a new docker image of netplugin. And change the contiv.yaml description for kubernetes. This is my personal image with the new code: newton001/netplugin:test

newtonjose avatar Oct 29 '18 13:10 newtonjose