Skip to content

Fixing CNI result Interface indexing #255

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Levovar merged 1 commit into from
May 25, 2021
Merged

Fixing CNI result Interface indexing #255

Levovar merged 1 commit into from
May 25, 2021

Conversation

@Levovar
Copy link
Collaborator

@Levovar Levovar commented May 19, 2021

When DANM merges together multiple CNI results it needs to change the indexing of the IPs to reference the proper Interface records from the merged result, rather than using the ID from their original one
This can cause issues when DANM is invoked directly by CRIs such as containerd instead of Kubelet. CRIs do parse the returned result, and the improper indexing can result in the wrong interface getting identified by CRI as belonging to the "cluster network"

@Levovar
Fixing CNI result Interface indexing
de3c07f 
When DANM merges together multiple CNI results it needs to change the indexing of the IPs to reference the proper Interface records from the merged result, rather than using the ID from their original one
@Levovar
Copy link
Collaborator Author

Levovar commented May 21, 2021

As usual and should have already anticipated after this many years, nobody actually gives a danm about CNI spec: Calico puts wrong interface name into its result, and doesn't do indexing on its own at all
And containerd treats "Interfaces" as mandatory, but is actually prepared to do indexing on its own (I guess they also realized somebody need to streamline the mess in code, otherwise nothing will ever work)

so, at the end of the day: eh. We just make sure the interface / IPs belonging the K8s Service Network are first in the CNI result, and let CRIs deal with the rest.
Seems to work, containerd recognizes the Calico V4/V6 addresses as PodIPs with this code when the Pod had 2 dual-stakc interfaces, one Calico and 1 IPVLAN

@Levovar
Copy link
Collaborator Author

Levovar commented May 21, 2021

So for this CNI result:
2021/05/20 16:07:56.421615 { "interfaces": [ { "name": "cali5823a3ba4ac" }, { "name": "eth1", "sandbox": "f128ffec7b20430d6e3cda7d576affc530217830b784501ea513a1e0093a1d3d" } ], "ips": [ { "version": "4", "address": "192.168.180.222/32" }, { "version": "6", "address": "fc00:caa5::14c1:6948:7f8f:d810/128" }, { "version": "4", "address": "99.98.10.1/24" } ], "dns": {} }

these IPs were recognized by K8s:
IP: 192.168.180.222 IPs: IP: 192.168.180.222 IP: fc00:caa5::14c1:6948:7f8f:d810

@TothFerenc
Copy link
Contributor

TothFerenc commented May 25, 2021

I could test it again by myself. It works fine. Ready to be merged. Thanks!

@Levovar Levovar merged commit f0c0545 into master May 25, 2021
@Levovar Levovar deleted the cni_res_fix branch May 25, 2021 08:39
@MikeZappa87
Copy link

MikeZappa87 commented Nov 28, 2022

@Levovar I am one of the CNI && containerd maintainers. I am curious about your thoughts on the spec and issues you have noticed.

@Levovar
Copy link
Collaborator Author

Levovar commented Nov 28, 2022

@Levovar I am one of the CNI && containerd maintainers. I am curious about your thoughts on the spec and issues you have noticed.

generally speaking or specifically related to this issue? :)

@MikeZappa87
Copy link

MikeZappa87 commented Nov 28, 2022

@Levovar I am one of the CNI && containerd maintainers. I am curious about your thoughts on the spec and issues you have noticed.

generally speaking or specifically related to this issue? :)

I can discuss both :-) Please reach out .... [email protected] or slack @michael Zappa

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Levovar @TothFerenc @MikeZappa87