calico icon indicating copy to clipboard operation
calico copied to clipboard
Published 1 month ago verified publisher icon projectcalico

Use latest CNI spec, and include new required fields in response (e.g., sandbox)

Open maiqueb opened this issue 1 year ago • 1 comments

Expected Behavior

CNI spec says the sandbox attribute should be used to indicate:

The isolation domain reference (e.g. path to network namespace) for the interface, or empty if on the host. For interfaces created inside the container, this should be the value passed via CNI_NETNS

Current Behavior

Calico does not report the pod's sandbox; check this cached CNI result:

{
 "result": {
   "cniVersion": "0.3.1",
   "dns": {},
   "interfaces": [
     {
       "name": "cali05f4a1849c5"
     }
   ],
   "ips": [
     {
       "address": "10.244.196.152/32",
       "version": "4"
     },
     {
       "address": "fd10:244::c497/128",
       "version": "6"
     }
   ]
 }
}

Possible Solution

Return the pod's sandbox in the CNI ADD result. This is where we should add the sandbox info.

Steps to Reproduce (for bugs)

  1. Create a pod
  2. Check the cached CNI result in the node the pod was scheduled on (defaults to /var/lib/cni/results/...)

Your Environment

  • Calico version: main branch / latest release

maiqueb avatar Sep 30 '24 11:09 maiqueb

I believe that this is not required in v0.3.1 of the CNI spec as returned by Calico.

That said, it would seem like a good idea to update to the latest CNI spec version and to respect this field.

caseydavenport avatar Sep 30 '24 16:09 caseydavenport