Skip to content
This repository was archived by the owner on Mar 9, 2022. It is now read-only.

Commit 986f754

Browse files
Random-LiuRandom-Liu
committed
Teardown pod network even if the network namespace is closed
Signed-off-by: Lantao Liu <[email protected]>
1 parent a97094d commit 986f754

2 files changed

Lines changed: 21 additions & 17 deletions

File tree

pkg/server/sandbox_stop.go

Lines changed: 14 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,6 @@ limitations under the License.
1717
package server
1818

1919
import (
20-
"os"
2120
"time"
2221

2322
"github.com/containerd/containerd"
@@ -60,23 +59,21 @@ func (c *criService) StopPodSandbox(ctx context.Context, r *runtime.StopPodSandb
6059
}
6160

6261
// Teardown network for sandbox.
63-
if sandbox.NetNSPath != "" && sandbox.NetNS != nil {
64-
if _, err := os.Stat(sandbox.NetNSPath); err != nil {
65-
if !os.IsNotExist(err) {
66-
return nil, errors.Wrapf(err, "failed to stat network namespace path %s", sandbox.NetNSPath)
67-
}
68-
} else {
69-
if teardownErr := c.teardownPod(id, sandbox.NetNSPath, sandbox.Config); teardownErr != nil {
70-
return nil, errors.Wrapf(teardownErr, "failed to destroy network for sandbox %q", id)
71-
}
62+
if sandbox.NetNSPath != "" {
63+
netNSPath := sandbox.NetNSPath
64+
if sandbox.NetNS == nil || sandbox.NetNS.Closed() {
65+
// Use empty netns path if netns is not available. This is defined in:
66+
// https://github.com/containernetworking/cni/blob/v0.7.0-alpha1/SPEC.md
67+
netNSPath = ""
7268
}
73-
/*TODO:It is still possible that containerd crashes after we teardown the network, but before we remove the network namespace.
74-
In that case, we'll not be able to remove the sandbox anymore. The chance is slim, but we should be aware of that.
75-
In the future, once TearDownPod is idempotent, this will be fixed.*/
76-
77-
//Close the sandbox network namespace if it was created
78-
if err = sandbox.NetNS.Remove(); err != nil {
79-
return nil, errors.Wrapf(err, "failed to remove network namespace for sandbox %q", id)
69+
if err := c.teardownPod(id, netNSPath, sandbox.Config); err != nil {
70+
return nil, errors.Wrapf(err, "failed to destroy network for sandbox %q", id)
71+
}
72+
// Close the sandbox network namespace if it was created
73+
if sandbox.NetNS != nil {
74+
if err = sandbox.NetNS.Remove(); err != nil {
75+
return nil, errors.Wrapf(err, "failed to remove network namespace for sandbox %q", id)
76+
}
8077
}
8178
}
8279

pkg/store/sandbox/netns.go

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,13 @@ import (
2727
osinterface "github.com/containerd/cri/pkg/os"
2828
)
2929

30+
// The NetNS library assumes only containerd manages the lifecycle of the
31+
// network namespace mount. The only case that netns will be unmounted by
32+
// someone else is node reboot.
33+
// If this assumption is broken, NetNS won't be aware of the external
34+
// unmount, and there will be a state mismatch.
35+
// TODO(random-liu): Don't cache state, always load from the system.
36+
3037
// ErrClosedNetNS is the error returned when network namespace is closed.
3138
var ErrClosedNetNS = errors.New("network namespace is closed")
3239

0 commit comments

Comments
 (0)