-
Notifications
You must be signed in to change notification settings - Fork 39.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add CNI config validation to getDefaultCNINetwork #80482
add CNI config validation to getDefaultCNINetwork #80482
Conversation
Hi @mars1024. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/ok-to-test |
/retest |
By the way, thanks a lot for implementing this. I wrote |
My pleasure :), and thanks for your contributions in libcni. |
/retest |
Updated! PTAL, thanks ! @dcbw @rramkumar1 cc @squeed |
/lgtm |
/assign @dcbw |
/retest |
1. add validation for CNI config before loading 2. make some CNI capabilities constants 3. add Capabilities field to cniNetwork struct Signed-off-by: Bruce Ma <[email protected]>
fc3e459
to
9903cb3
Compare
@squeed Squash make label lgtm removed, could you do me a favor to add it back ? No code changes expect a commits squash. |
/lgtm |
/retest |
/assign @thockin |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
/approve
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mars1024, thockin The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
It's now required due to kubernetes/kubernetes#80482 adding CNI validation to the kubelet Signed-off-by: Ben Moss <[email protected]>
It's now required due to kubernetes/kubernetes#80482 adding CNI validation to the kubelet Signed-off-by: Ben Moss <[email protected]>
It's now required due to kubernetes/kubernetes#80482 adding CNI validation to the kubelet Signed-off-by: Ben Moss <[email protected]>
Switches to use the newer `conflist` cni configuration. This is required because Kubernetes v1.16.0 introduces config validation: kubernetes/kubernetes#80482 which is no longer able to validate the old configuration. The behavior is the same with the new configuration. Signed-off-by: Mikkel Oscar Lyderik Larsen <[email protected]>
What type of PR is this?
/kind bug
What this PR does / why we need it:
If we use a CNI config file contains plugins ptp and bandwidth, just like
and bandwidth plugin is not on disk.
cniNetworkPlugin.SetUpPod will fail because we can't find bandwidth plugin, then cniNetworkPlugin.TearDownPod will be called to recycle container network, we all know plugins are called in reverse order in CNI DEL, so teardown will fail in calling bandwidth plugin without calling ptp plugin, so CNI DEL of ptp plugin is actually not done for container, this leads to some problems, one of these is IP leak.
So I use CNI validation to check the presence of plugins before setup/teardown pods, which can prevent the happening above.