Removing DAD config and updating plugins to v0.7.0
Signed-off-by: abhi <abhi@docker.com>
This commit is contained in:
abhi
@@ -19,7 +19,6 @@ package server
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"os/exec"
|
||||
"path"
|
||||
"path/filepath"
|
||||
"strconv"
|
||||
@@ -37,7 +36,6 @@ import (
|
||||
"github.com/opencontainers/selinux/go-selinux/label"
|
||||
"golang.org/x/net/context"
|
||||
runtime "k8s.io/kubernetes/pkg/kubelet/apis/cri/runtime/v1alpha2"
|
||||
"k8s.io/kubernetes/pkg/util/sysctl"
|
||||
|
||||
"github.com/containerd/cri/pkg/store"
|
||||
imagestore "github.com/containerd/cri/pkg/store/image"
|
||||
@@ -400,38 +398,6 @@ func newSpecGenerator(spec *runtimespec.Spec) generate.Generator {
|
||||
return g
|
||||
}
|
||||
|
||||
// disableNetNSDAD disables duplicate address detection in the network namespace.
|
||||
// DAD has a negative affect on sandbox start latency, since we have to wait
|
||||
// a second or more for the addresses to leave the "tentative" state.
|
||||
func disableNetNSDAD(ns string) error {
|
||||
dad := "net/ipv6/conf/default/accept_dad"
|
||||
|
||||
sysctlBin, err := exec.LookPath("sysctl")
|
||||
if err != nil {
|
||||
return fmt.Errorf("could not find sysctl binary: %v", err)
|
||||
}
|
||||
|
||||
nsenterBin, err := exec.LookPath("nsenter")
|
||||
if err != nil {
|
||||
return fmt.Errorf("could not find nsenter binary: %v", err)
|
||||
}
|
||||
|
||||
// If the sysctl doesn't exist, it means ipv6 is disabled.
|
||||
if _, err := sysctl.New().GetSysctl(dad); err != nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
output, err := exec.Command(nsenterBin,
|
||||
fmt.Sprintf("--net=%s", ns), "-F", "--",
|
||||
sysctlBin, "-w", fmt.Sprintf("%s=%s", dad, "0"),
|
||||
).CombinedOutput()
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to write sysctl %q - output: %s, error: %s",
|
||||
dad, output, err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func getPodCNILabels(id string, config *runtime.PodSandboxConfig) map[string]string {
|
||||
return map[string]string{
|
||||
"K8S_POD_NAMESPACE": config.GetMetadata().GetNamespace(),
|
||||
|
||||
@@ -107,21 +107,11 @@ func (c *criContainerdService) RunPodSandbox(ctx context.Context, r *runtime.Run
|
||||
sandbox.NetNSPath = ""
|
||||
}
|
||||
}()
|
||||
if !c.config.EnableIPv6DAD {
|
||||
// It's a known issue that IPv6 DAD increases sandbox start latency by several seconds.
|
||||
// Disable it when it's not enabled to avoid the latency.
|
||||
// See:
|
||||
// * https://github.com/kubernetes/kubernetes/issues/54651
|
||||
// * https://www.agwa.name/blog/post/beware_the_ipv6_dad_race_condition
|
||||
if err := disableNetNSDAD(sandbox.NetNSPath); err != nil {
|
||||
return nil, fmt.Errorf("failed to disable DAD for sandbox %q: %v", id, err)
|
||||
}
|
||||
}
|
||||
// Setup network for sandbox.
|
||||
// Certain VM based solutions like clear containers (Issue containerd/cri-containerd#524)
|
||||
// rely on the assumption that CRI shim will not be querying the network namespace to check the
|
||||
// network states such as IP.
|
||||
// In furture runtime implementation should avoid relying on CRI shim implementation details.
|
||||
// In future runtime implementation should avoid relying on CRI shim implementation details.
|
||||
// In this case however caching the IP will add a subtle performance enhancement by avoiding
|
||||
// calls to network namespace of the pod to query the IP of the veth interface on every
|
||||
// SandboxStatus request.
|
||||
|
||||
Reference in New Issue
Block a user