Skip to content

[release/1.6 backport] moving up to go-cni v1.1.4#6728

Merged
dmcgowan merged 1 commit intocontainerd:release/1.6from
thaJeztah:1.6_backport_update_go_cni_to_v1.1.4
Mar 24, 2022
Merged

[release/1.6 backport] moving up to go-cni v1.1.4#6728
dmcgowan merged 1 commit intocontainerd:release/1.6from
thaJeztah:1.6_backport_update_go_cni_to_v1.1.4

Conversation

@thaJeztah
Copy link
Copy Markdown
Member

@thaJeztah thaJeztah commented Mar 24, 2022

backport of #6721 (re-ran go mod tidy and vendor)
(cherry picked from commit a51da91)

@mikebrow @thaJeztah
moving up to go-cni v1.1.4
82a12ed 
Signed-off-by: Mike Brown <[email protected]>
(cherry picked from commit a51da91)
Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah
Copy link
Copy Markdown
Member Author

thaJeztah commented Mar 24, 2022

Hmm.... rate limits? Are we missing IP addresses again on Hub?

[1/7] STEP 1/1: FROM golang:1.17.8 AS golang
Resolving "golang" using unqualified-search registries (/etc/containers/registries.conf)
Trying to pull docker.io/library/golang:1.17.8...
time="2022-03-24T02:27:17Z" level=warning msg="failed, retrying in 2s ... (1/3). Error: initializing source docker://golang:1.17.8: reading manifest 1.17.8 in docker.io/library/golang: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit"
time="2022-03-24T02:27:52Z" level=warning msg="failed, retrying in 2s ... (2/3). Error: initializing source docker://golang:1.17.8: reading manifest 1.17.8 in docker.io/library/golang: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit"
time="2022-03-24T02:28:26Z" level=warning msg="failed, retrying in 2s ... (3/3). Error: initializing source docker://golang:1.17.8: reading manifest 1.17.8 in docker.io/library/golang: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit"
Error: error creating build container: initializing source docker://golang:1.17.8: reading manifest 1.17.8 in docker.io/library/golang: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit

Let me check internally

vagrant ssh -- curl https://api64.ipify.org/
199.19.85.81

@thaJeztah thaJeztah mentioned this pull request Mar 24, 2022
Merged
estesp
estesp approved these changes Mar 24, 2022
View reviewed changes
Copy link
Copy Markdown
Member

@estesp estesp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

mikebrow
mikebrow approved these changes Mar 24, 2022
View reviewed changes
Copy link
Copy Markdown
Member

@mikebrow mikebrow left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM thx for the cherry pick

@fuweid
Copy link
Copy Markdown
Member

fuweid commented Mar 24, 2022

@mikebrow I added impact/changelog label because the loopback's config version has been upgraded from 0.3.0 to 1.0.0. It might impact the user if there are still using loopback v0.3.0.

@kzys
Copy link
Copy Markdown
Member

kzys commented Mar 24, 2022

@fuweid @mikebrow Hmm, do we have specific features/fixes we'd like to bring by cherry-picking the change?

@dmcgowan dmcgowan merged commit 264371e into containerd:release/1.6 Mar 24, 2022
@thaJeztah thaJeztah deleted the 1.6_backport_update_go_cni_to_v1.1.4 branch March 24, 2022 17:49
@mikebrow
Copy link
Copy Markdown
Member

mikebrow commented Mar 28, 2022

@mikebrow I added impact/changelog label because the loopback's config version has been upgraded from 0.3.0 to 1.0.0. It might impact the user if there are still using loopback v0.3.0.

Nod. The config change is in code vs cni config in storage. You get loopback unless it's switched off

@fuweid
Copy link
Copy Markdown
Member

fuweid commented Mar 28, 2022

@mikebrow I think most of people might just install the eth0's CNI, like flannel 😂 . The CRI will load the loopback with https://github.com/containerd/containerd/blob/main/pkg/cri/server/service_linux.go#L95.

The following bash result is from my local.

➜  ~ sudo ctr version | grep -i revision
  Revision: d394e00c7eb9ed22b842f0d75c20e9353dccf488
  Revision: d394e00c7eb9ed22b842f0d75c20e9353dccf488
➜  ~ sudo ls /etc/cni/net.d 
10-flannel.conflist
➜  ~ sudo cat /etc/cni/net.d/10-flannel.conflist
{
  "name": "cbr0",
  "cniVersion": "0.3.1",
  "plugins": [
    {
      "type": "flannel",
      "delegate": {
        "hairpinMode": true,
        "isDefaultGateway": true
      }
    },
    {
      "type": "portmap",
      "capabilities": {
        "portMappings": true
      }
    }
  ]
}
➜  ~ sudo crictl info | grep -i loop -B 5 
    "PluginMaxConfNum": 1,
    "Prefix": "eth",
    "Networks": [
      {
        "Config": {
          "Name": "cni-loopback",
          "CNIVersion": "1.0.0",
          "Plugins": [
            {
              "Network": {
                "type": "loopback",
                "ipam": {},
                "dns": {}
              },
              "Source": "{\"type\":\"loopback\"}"
            }
          ],
          "Source": "{\n\"cniVersion\": \"1.0.0\",\n\"name\": \"cni-loopback\",\n\"plugins\": [{\n  \"type\": \"loopback\"\n}]\n}"

@mikebrow
Copy link
Copy Markdown
Member

mikebrow commented Mar 29, 2022
edited
Loading

Yes. By "You get loopback unless it's switched off" I mean unless networking is switched off for the pod or the networking config path is set to null.

Defaults with the default CNI plugin config (before this pr noting 0.3.1 for lo):

  "cniconfig": {
    "PluginDirs": [
      "/opt/cni/bin"
    ],
    "PluginConfDir": "/etc/cni/net.d",
    "PluginMaxConfNum": 1,
    "Prefix": "eth",
    "Networks": [
      {
        "Config": {
          "Name": "cni-loopback",
          "CNIVersion": "0.3.1",
          "Plugins": [
            {
              "Network": {
                "type": "loopback",
                "ipam": {},
                "dns": {}
              },
              "Source": "{\"type\":\"loopback\"}"
            }
          ],
          "Source": "{\n\"cniVersion\": \"0.3.1\",\n\"name\": \"cni-loopback\",\n\"plugins\": [{\n  \"type\": \"loopback\"\n}]\n}"
        },
        "IFName": "lo"
      },
      {
        "Config": {
          "Name": "containerd-net",
          "CNIVersion": "1.0.0",
          "Plugins": [
            {
              "Network": {
                "type": "bridge",
                "ipam": {
                  "type": "host-local"
                },
                "dns": {}
              },
              "Source": "{\"bridge\":\"cni0\",\"ipMasq\":true,\"ipam\":{\"ranges\":[[{\"subnet\":\"10.88.0.0/16\"}],[{\"subnet\":\"2001:4860:4860::/64\"}]],\"routes\":[{\"dst\":\"0.0.0.0/0\"},{\"dst\":\"::/0\"}],\"type\":\"host-local\"},\"isGateway\":true,\"promiscMode\":true,\"type\":\"bridge\"}"
            },
            {
              "Network": {
                "type": "portmap",
                "capabilities": {
                  "portMappings": true
                },
                "ipam": {},
                "dns": {}
              },
              "Source": "{\"capabilities\":{\"portMappings\":true},\"type\":\"portmap\"}"
            }
          ],
          "Source": "{\n  \"cniVersion\": \"1.0.0\",\n  \"name\": \"containerd-net\",\n  \"plugins\": [\n    {\n      \"type\": \"bridge\",\n      \"bridge\": \"cni0\",\n      \"isGateway\": true,\n      \"ipMasq\": true,\n      \"promiscMode\": true,\n      \"ipam\": {\n        \"type\": \"host-local\",\n        \"ranges\": [\n          [{\n            \"subnet\": \"10.88.0.0/16\"\n          }],\n          [{\n            \"subnet\": \"2001:4860:4860::/64\"\n          }]\n        ],\n        \"routes\": [\n          { \"dst\": \"0.0.0.0/0\" },\n          { \"dst\": \"::/0\" }\n        ]\n      }\n    },\n    {\n      \"type\": \"portmap\",\n      \"capabilities\": {\"portMappings\": true}\n    }\n  ]\n}\n"
        },
        "IFName": "eth0"
      }
    ]
  },

@fuweid
Copy link
Copy Markdown
Member

fuweid commented Mar 29, 2022

understand. I just concerned that if the cluster is still using v0.3.1 loopback binary, the cni will not work after upgrade to containerd with this commit. I was facing this issue like 'loopback only supports 0.3.1, not v1.0.0' in my local. I have to upgrade the loopback binary version.

So I am ok with this commit but still want to put changelog label here because the new 1.6 minor release needs upgrade loopback binary.

@mikebrow
Copy link
Copy Markdown
Member

mikebrow commented Mar 29, 2022

understand. I just concerned that if the cluster is still using v0.3.1 loopback binary, the cni will not work after upgrade to containerd with this commit. I was facing this issue like 'loopback only supports 0.3.1, not v1.0.0' in my local. I have to upgrade the loopback binary version.

So I am ok with this commit but still want to put changelog label here because the new 1.6 minor release needs upgrade loopback binary.

ah.. ok.. to many versions cni lib, cni config(s), plugin binaries...

@smira smira mentioned this pull request Apr 28, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kzys kzys kzys approved these changes

@dmcgowan dmcgowan dmcgowan approved these changes

@estesp estesp estesp approved these changes

@mikebrow mikebrow mikebrow approved these changes

Assignees

No one assigned

Labels

impact/changelog

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@thaJeztah @fuweid @kzys @mikebrow @dmcgowan @estesp