From 24cec9be560c44bf7ab3135836ebf9caddbf7c61 Mon Sep 17 00:00:00 2001 From: Claudiu Belu Date: Thu, 2 Sep 2021 03:39:53 -0700 Subject: [PATCH] sandbox: Allows the sandbox to be deleted in NotReady state The Pod Sandbox can enter in a NotReady state if the task associated with it no longer exists (it died, or it was killed). In this state, the Pod network namespace could still be open, which means we can't remove the sandbox, even if --force was used. Signed-off-by: Claudiu Belu --- pkg/cri/server/sandbox_remove.go | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/pkg/cri/server/sandbox_remove.go b/pkg/cri/server/sandbox_remove.go index 8971b8196..90d4efcb1 100644 --- a/pkg/cri/server/sandbox_remove.go +++ b/pkg/cri/server/sandbox_remove.go @@ -26,7 +26,6 @@ import ( runtime "k8s.io/cri-api/pkg/apis/runtime/v1" "github.com/containerd/containerd/pkg/cri/store" - sandboxstore "github.com/containerd/containerd/pkg/cri/store/sandbox" ) // RemovePodSandbox removes the sandbox. If there are running containers in the @@ -46,13 +45,12 @@ func (c *criService) RemovePodSandbox(ctx context.Context, r *runtime.RemovePodS // Use the full sandbox id. id := sandbox.ID - // If the sandbox is still running or in an unknown state, forcibly stop it. - state := sandbox.Status.Get().State - if state == sandboxstore.StateReady || state == sandboxstore.StateUnknown { - logrus.Infof("Forcibly stopping sandbox %q", id) - if err := c.stopPodSandbox(ctx, sandbox); err != nil { - return nil, errors.Wrapf(err, "failed to forcibly stop sandbox %q", id) - } + // If the sandbox is still running, not ready, or in an unknown state, forcibly stop it. + // Even if it's in a NotReady state, this will close its network namespace, if open. + // This can happen if the task process associated with the Pod died or it was killed. + logrus.Infof("Forcibly stopping sandbox %q", id) + if err := c.stopPodSandbox(ctx, sandbox); err != nil { + return nil, errors.Wrapf(err, "failed to forcibly stop sandbox %q", id) } // Return error if sandbox network namespace is not closed yet.