network: Always bind back physical interfaces #385
Conversation
virtcontainers/cni.go
Outdated
| @@ -155,14 +155,18 @@ func (n *cni) add(sandbox *Sandbox, config NetworkConfig, netNsPath string, netN | |||
|
|
|||
| // remove unbridges and deletes TAP interfaces. It also removes virtual network | |||
There was a problem hiding this comment.
While we are in here, should we update the function description to be more accurate (ie, handle the non-virtual case as well).
virtcontainers/cnm.go
Outdated
| @@ -49,10 +49,14 @@ func (n *cnm) add(sandbox *Sandbox, config NetworkConfig, netNsPath string, netN | |||
|
|
|||
| // remove unbridges and deletes TAP interfaces. It also removes virtual network | |||
|
PSS Measurement: Memory inside container: |
amshinde
force-pushed
the
always-bind-back-physical-interfaces
branch
from
42d84fa to
3f6baad
Compare
|
PSS Measurement: Memory inside container: |
There was a problem hiding this comment.
As @egernst noted, good catch! Can we create some tests here to assert the expected behaviour?
lgtm
| return err | ||
| } | ||
|
|
||
| if err := n.invokePluginsDelete(sandbox, networkNS); err != nil { | ||
| return err | ||
| } | ||
|
|
||
| return deleteNetNS(networkNS.NetNsPath, true) | ||
| if netNsCreated { |
There was a problem hiding this comment.
Aside: It looks like all calls to deleteNetNS() now call it with mounted=true so this param (and the logic) can be dropped I think? Maybe you could do that cleanup on a separate commit on this PR?
|
@amshinde thanks for the PR, looks very good, and I agree the logic related to the fact that we have created or not the network namespace should be only affecting the removal of this network namespace. |
amshinde
force-pushed
the
always-bind-back-physical-interfaces
branch
from
3f6baad to
db30b61
Compare
|
PSS Measurement: Memory inside container: |
|
@amshinde could you try to look into those CI issues ? They don't look like random issues, the patch might be the cause here. |
|
PSS Measurement: Memory inside container: |
|
PSS Measurement: Memory inside container: |
In case of physical network interfaces, we explicitly pass through them to the VM. We need to bind them back to the host driver when the sandbox is stopped, irrespective if the network namespace has been created by virtcontainers or not. Fixes kata-containers#384 Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
All calls to deleteNetNS were passing the "mounted" parameter as true. So drop this parameter. Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Out CI is failing because of a recent change introduced in the CNI plugins repo(github.com/containernetworking/plugins) that vendors in CNI v0.7.0-alpha0. Refer to commit #e4fdb6cd1883b7b. However, it looks like the the plugins themselves have not been updated yet, causing failures in CI. This was verified by vendoring in the latest CNI and CNI plugins in our repo. Till the plugin binaries our fixed, use older version of CNI plugins for testing virtcontainers. See this: containernetworking/plugins@68b4efb4056c In any case we should keep this version in sync with what we vendor in, in our runtime and not use the latest commit. Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
amshinde
force-pushed
the
always-bind-back-physical-interfaces
branch
from
bcb1036 to
a31dd49
Compare
|
PSS Measurement: Memory inside container: |
Codecov Report
@@ Coverage Diff @@
## master #385 +/- ##
==========================================
- Coverage 63.8% 63.79% -0.01%
==========================================
Files 87 87
Lines 8807 8811 +4
==========================================
+ Hits 5619 5621 +2
- Misses 2586 2587 +1
- Partials 602 603 +1
Continue to review full report at Codecov.
|
|
@sboeuf I was seeing these unit tests failing in the last CI build for this PR: This was introduced by this change in the CNI plugins repository: This introduces a change requiring network name to be provided by the plugins, but the loopback plugin that we use in our tests has been been updated yet to include this as seen here : Since we we use the latest master in our virtcontainers setup script, our CI is failing with the error "missing network name". So I introduced a change to use plugin binaries with the same version that we vendor in our runtime. Once this has been fixed upstream, we can update the vendoring and the setup script. |
|
Tests issue raised for the CNI version issue: kata-containers/tests#42. |
|
@sboeuf @jodh-intel I have opened an issue upstream to address the failure on latest master for CNI plugins: We can pull in the latest CNI plugins once the above issue is solved. Meanwhile, can this PR be merged? |
# Kata Containers 1.3.0
In case of physical network interfaces, we explicitly
pass through them to the VM. We need to bind them back to
the host driver when the sandbox is stopped, irrespective if
the network namespace has been created by virtcontainers or not.
Fixes #384
Signed-off-by: Archana Shinde archana.m.shinde@intel.com