Skip to content

Fix CNI issue where CNI DEL is never executed#12923

Merged
mxpv merged 3 commits intocontainerd:mainfrom
MikeZappa87:mzappa/fixcnidelissuev2
Feb 20, 2026
Merged

Fix CNI issue where CNI DEL is never executed#12923
mxpv merged 3 commits intocontainerd:mainfrom
MikeZappa87:mzappa/fixcnidelissuev2

Conversation

@MikeZappa87
Copy link
Copy Markdown
Member

@MikeZappa87 MikeZappa87 commented Feb 19, 2026

We have seen a condition, where the CNI ADD is executed, and containerd exits before the cniResult is saved to disk. When containerd recoverys the StopPodSandbox is called, but skips the CNI DEL because the CNI result is nil. The idea here is to ignore errors from the CNI DEL and try to do a best effort cleanup. The alternative is that a leaked resource could still exist which has been observed.

We see the RunPodSandbox + StopPodSandbox RPC's executed, just no CNI DEL cmd is viewed.

@github-project-automation github-project-automation Bot moved this to Needs Triage in Pull Request Review Feb 19, 2026
@MikeZappa87 MikeZappa87 force-pushed the mzappa/fixcnidelissuev2 branch from 295c5e6 to 414e9c0 Compare February 19, 2026 22:49
@MikeZappa87 MikeZappa87 force-pushed the mzappa/fixcnidelissuev2 branch from 414e9c0 to 17da2b1 Compare February 19, 2026 22:49
@MikeZappa87 MikeZappa87 marked this pull request as ready for review February 20, 2026 00:27
@dosubot dosubot Bot added area/cri Container Runtime Interface (CRI) kind/bug labels Feb 20, 2026
mikebrow
mikebrow reviewed Feb 20, 2026
View reviewed changes
Comment thread internal/cri/server/sandbox_stop.go Outdated
@MikeZappa87 MikeZappa87 force-pushed the mzappa/fixcnidelissuev2 branch from d355072 to 39e81c3 Compare February 20, 2026 15:07
@MikeZappa87
address comment
1092b85 
Signed-off-by: Michael Zappa <[email protected]>
@MikeZappa87 MikeZappa87 force-pushed the mzappa/fixcnidelissuev2 branch from 39e81c3 to 1092b85 Compare February 20, 2026 15:12
@MikeZappa87 MikeZappa87 force-pushed the mzappa/fixcnidelissuev2 branch from af9aec3 to 96dee5f Compare February 20, 2026 15:55
mikebrow
mikebrow approved these changes Feb 20, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@mikebrow mikebrow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM on green!

@mikebrow
Copy link
Copy Markdown
Member

mikebrow commented Feb 20, 2026

/cc @fuweid @mxpv

@k8s-ci-robot k8s-ci-robot requested review from fuweid and mxpv February 20, 2026 16:22
@mikebrow mikebrow added cherry-pick/1.7.x Change to be cherry picked to release/1.7 branch cherry-pick/2.1.x Change to be cherry picked to release/2.1 branch cherry-pick/2.2.x Change to be cherry picked to release/2.2 branch labels Feb 20, 2026
Merged via the queue into containerd:main with commit be50f8f Feb 20, 2026
53 checks passed
@github-project-automation github-project-automation Bot moved this from Review In Progress to Done in Pull Request Review Feb 20, 2026
@MikeZappa87
Copy link
Copy Markdown
Member Author

MikeZappa87 commented Feb 20, 2026

/cherry-pick release/2.2

@k8s-infra-cherrypick-robot
Copy link
Copy Markdown

k8s-infra-cherrypick-robot commented Feb 20, 2026

@MikeZappa87: only containerd org members may request cherry picks. If you are already part of the org, make sure to change your membership to public. Otherwise you can still do the cherry-pick manually.

Details

In response to this:

/cherry-pick release/2.2

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@MikeZappa87
Copy link
Copy Markdown
Member Author

MikeZappa87 commented Feb 20, 2026

/cherry-pick release/1.7

@k8s-infra-cherrypick-robot
Copy link
Copy Markdown

k8s-infra-cherrypick-robot commented Feb 20, 2026

@MikeZappa87: #12923 failed to apply on top of branch "release/1.7":

Applying: fix issue where cni del is never executed
Using index info to reconstruct a base tree...
A	internal/cri/server/sandbox_stop.go
Falling back to patching base and 3-way merge...
Auto-merging pkg/cri/sbserver/sandbox_stop.go
CONFLICT (content): Merge conflict in pkg/cri/sbserver/sandbox_stop.go
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
hint: When you have resolved this problem, run "git am --continue".
hint: If you prefer to skip this patch, run "git am --skip" instead.
hint: To restore the original branch and stop patching, run "git am --abort".
hint: Disable this message with "git config set advice.mergeConflict false"
Patch failed at 0001 fix issue where cni del is never executed
Details

In response to this:

/cherry-pick release/1.7

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@MikeZappa87
Copy link
Copy Markdown
Member Author

MikeZappa87 commented Feb 20, 2026

/cherry-pick release/2.2

@MikeZappa87
Copy link
Copy Markdown
Member Author

MikeZappa87 commented Feb 20, 2026

/cherry-pick release/2.1

@k8s-infra-cherrypick-robot
Copy link
Copy Markdown

k8s-infra-cherrypick-robot commented Feb 20, 2026

@MikeZappa87: new pull request created: #12926

Details

In response to this:

/cherry-pick release/2.2

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-infra-cherrypick-robot k8s-infra-cherrypick-robot mentioned this pull request Feb 20, 2026
Merged
@k8s-infra-cherrypick-robot
Copy link
Copy Markdown

k8s-infra-cherrypick-robot commented Feb 20, 2026

@MikeZappa87: new pull request created: #12927

Details

In response to this:

/cherry-pick release/2.1

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-infra-cherrypick-robot k8s-infra-cherrypick-robot mentioned this pull request Feb 20, 2026
Closed
@fuweid fuweid mentioned this pull request Feb 23, 2026
Merged
@fuweid fuweid added cherry-picked/2.2.x PR commits are cherry-picked into release/2.2 branch and removed cherry-pick/2.2.x Change to be cherry picked to release/2.2 branch labels Feb 23, 2026
@MikeZappa87 MikeZappa87 mentioned this pull request Feb 23, 2026
Merged
@aojea
Copy link
Copy Markdown
Contributor

aojea commented Feb 24, 2026

@MrHohn IIUIC this PR solves #12132

@fuweid fuweid added cherry-picked/1.7.x PR commits are cherry-picked into release/1.7 branch cherry-picked/2.1.x PR commits are cherry picked into the release/2.1 branch and removed cherry-pick/1.7.x Change to be cherry picked to release/1.7 branch cherry-pick/2.1.x Change to be cherry picked to release/2.1 branch labels Feb 24, 2026
@chrishenzie
Copy link
Copy Markdown
Member

chrishenzie commented Apr 7, 2026

/cherry-pick release/2.0

@k8s-infra-cherrypick-robot
Copy link
Copy Markdown

k8s-infra-cherrypick-robot commented Apr 7, 2026

@chrishenzie: new pull request created: #13178

Details

In response to this:

/cherry-pick release/2.0

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-infra-cherrypick-robot k8s-infra-cherrypick-robot mentioned this pull request Apr 7, 2026
Closed
@MikeZappa87
Copy link
Copy Markdown
Member Author

MikeZappa87 commented Apr 7, 2026

Did I forget 2.0! Ha thanks @chrishenzie for getting this, you might need to do some manual changes.

@chrishenzie
Copy link
Copy Markdown
Member

chrishenzie commented Apr 7, 2026

@MikeZappa87 No worries, we're just tackling this as part of reviving the 2.0 branch to extend support. I'm putting together a manual cherry-pick that includes the lint fixes

@chrishenzie chrishenzie mentioned this pull request Apr 7, 2026
Merged
@chrishenzie chrishenzie added the cherry-pick/2.0.x Change to be cherry picked to release/2.0 branch label Apr 7, 2026
@dmcgowan dmcgowan added cherry-picked/2.0.x PR commits are cherry picked into the release/2.0 branch and removed cherry-pick/2.0.x Change to be cherry picked to release/2.0 branch labels Apr 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mxpv mxpv mxpv approved these changes

@mikebrow mikebrow mikebrow approved these changes

@fuweid fuweid Awaiting requested review from fuweid

Assignees

No one assigned

Labels

area/cri Container Runtime Interface (CRI) cherry-picked/1.7.x PR commits are cherry-picked into release/1.7 branch cherry-picked/2.0.x PR commits are cherry picked into the release/2.0 branch cherry-picked/2.1.x PR commits are cherry picked into the release/2.1 branch cherry-picked/2.2.x PR commits are cherry-picked into release/2.2 branch kind/bug size/M

Projects

Pull Request Review
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

9 participants

@MikeZappa87 @mikebrow @k8s-infra-cherrypick-robot @aojea @chrishenzie @mxpv @dmcgowan @fuweid @k8s-ci-robot