Skip to content

Commit 79cdbf6

Browse files
klihubklihub
committed
cri,nri: block NRI plugin sync. during event processing.
Block the synchronization of registering NRI plugins during CRI events to avoid the plugin ending up in an inconsistent starting state after initial sync (missing pods, containers or missed events for some pods or containers). Signed-off-by: Krisztian Litkey <[email protected]>
1 parent e465b45 commit 79cdbf6

11 files changed

Lines changed: 49 additions & 0 deletions

internal/cri/nri/nri_api_linux.go

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -358,6 +358,15 @@ func (a *API) WithContainerExit(criCtr *cstore.Container) containerd.ProcessDele
358358
}
359359
}
360360

361+
type PluginSyncBlock = nri.PluginSyncBlock
362+
363+
func (a *API) BlockPluginSync() *PluginSyncBlock {
364+
if a.IsDisabled() {
365+
return nil
366+
}
367+
return a.nri.BlockPluginSync()
368+
}
369+
361370
//
362371
// NRI-CRI 'domain' interface
363372
//

internal/cri/nri/nri_api_other.go

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -108,6 +108,14 @@ func (*API) WithContainerExit(*cstore.Container) containerd.ProcessDeleteOpts {
108108
}
109109
}
110110

111+
type PluginSyncBlock struct{}
112+
113+
func (*API) BlockPluginSync() *PluginSyncBlock {
114+
return nil
115+
}
116+
117+
func (*PluginSyncBlock) Unblock() {}
118+
111119
//
112120
// NRI-CRI no-op 'domain' interface
113121
//

internal/cri/server/container_create.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -313,6 +313,8 @@ func (c *criService) CreateContainer(ctx context.Context, r *runtime.CreateConta
313313
}
314314
}()
315315

316+
defer c.nri.BlockPluginSync().Unblock()
317+
316318
var cntr containerd.Container
317319
if cntr, err = c.client.NewContainer(ctx, id, opts...); err != nil {
318320
return nil, fmt.Errorf("failed to create containerd container: %w", err)

internal/cri/server/container_remove.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,9 @@ func (c *criService) RemoveContainer(ctx context.Context, r *runtime.RemoveConta
4444
log.G(ctx).Tracef("RemoveContainer called for container %q that does not exist", ctrID)
4545
return &runtime.RemoveContainerResponse{}, nil
4646
}
47+
48+
defer c.nri.BlockPluginSync().Unblock()
49+
4750
id := container.ID
4851
span.SetAttributes(tracing.Attribute("container.id", id))
4952
i, err := container.Container.Info(ctx)

internal/cri/server/container_start.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -156,6 +156,8 @@ func (c *criService) StartContainer(ctx context.Context, r *runtime.StartContain
156156
return nil, fmt.Errorf("failed to wait for containerd task: %w", err)
157157
}
158158

159+
defer c.nri.BlockPluginSync().Unblock()
160+
159161
defer func() {
160162
if retErr != nil {
161163
deferCtx, deferCancel := ctrdutil.DeferContext()

internal/cri/server/container_stop.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,9 @@ func (c *criService) StopContainer(ctx context.Context, r *runtime.StopContainer
5151
// https://github.com/kubernetes/cri-api/blob/c20fa40/pkg/apis/runtime/v1/api.proto#L67-L68
5252
return &runtime.StopContainerResponse{}, nil
5353
}
54+
55+
defer c.nri.BlockPluginSync().Unblock()
56+
5457
span.SetAttributes(tracing.Attribute("container.id", container.ID))
5558
if err := c.stopContainer(ctx, container, time.Duration(r.GetTimeout())*time.Second); err != nil {
5659
return nil, err

internal/cri/server/container_update_resources.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,8 @@ func (c *criService) UpdateContainerResources(ctx context.Context, r *runtime.Up
4747
return nil, err
4848
}
4949

50+
defer c.nri.BlockPluginSync().Unblock()
51+
5052
resources := r.GetLinux()
5153
updated, err := c.nri.UpdateContainerResources(ctx, &sandbox, &container, resources)
5254
if err != nil {

internal/cri/server/sandbox_remove.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,9 @@ func (c *criService) RemovePodSandbox(ctx context.Context, r *runtime.RemovePodS
4444
r.GetPodSandboxId())
4545
return &runtime.RemovePodSandboxResponse{}, nil
4646
}
47+
48+
defer c.nri.BlockPluginSync().Unblock()
49+
4750
// Use the full sandbox id.
4851
id := sandbox.ID
4952
span.SetAttributes(tracing.Attribute("sandbox.id", id))

internal/cri/server/sandbox_run.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -300,6 +300,8 @@ func (c *criService) RunPodSandbox(ctx context.Context, r *runtime.RunPodSandbox
300300

301301
sandbox.ProcessLabel = labels["selinux_label"]
302302

303+
defer c.nri.BlockPluginSync().Unblock()
304+
303305
err = c.nri.RunPodSandbox(ctx, &sandbox)
304306
if err != nil {
305307
return nil, fmt.Errorf("NRI RunPodSandbox failed: %w", err)

internal/cri/server/sandbox_stop.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,9 @@ func (c *criService) StopPodSandbox(ctx context.Context, r *runtime.StopPodSandb
4646
// https://github.com/kubernetes/cri-api/blob/c20fa40/pkg/apis/runtime/v1/api.proto#L45-L46
4747
return &runtime.StopPodSandboxResponse{}, nil
4848
}
49+
50+
defer c.nri.BlockPluginSync().Unblock()
51+
4952
span.SetAttributes(tracing.Attribute("sandbox.id", sandbox.ID))
5053
if err := c.stopPodSandbox(ctx, sandbox); err != nil {
5154
return nil, err

0 commit comments

Comments
 (0)