github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

RunPodSandbox: destroy network if fails or invalid

Browse Source 
Should destroy the pod network if fails to setup or return invalid
net interface, especially multiple CNI configurations.

Signed-off-by: Wei Fu <fuweid89@gmail.com>
This commit is contained in:
Wei Fu 2020-05-01 12:02:57 +08:00
parent dc7afe8fbe
commit 48e797c77f
1 changed files with 6 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
pkg/server/sandbox_run.go
View File

@ -123,12 +123,18 @@ func (c *criService) RunPodSandbox(ctx context.Context, r *runtime.RunPodSandbox
sandbox.NetNSPath = sandbox.NetNS.GetPath() sandbox.NetNSPath = sandbox.NetNS.GetPath()
defer func() { defer func() {
if retErr != nil { if retErr != nil {
// Teardown network if an error is returned.
if err := c.teardownPodNetwork(ctx, sandbox); err != nil {
log.G(ctx).WithError(err).Errorf("Failed to destroy network for sandbox %q", id)
}
if err := sandbox.NetNS.Remove(); err != nil { if err := sandbox.NetNS.Remove(); err != nil {
log.G(ctx).WithError(err).Errorf("Failed to remove network namespace %s for sandbox %q", sandbox.NetNSPath, id) log.G(ctx).WithError(err).Errorf("Failed to remove network namespace %s for sandbox %q", sandbox.NetNSPath, id)
} }
sandbox.NetNSPath = "" sandbox.NetNSPath = ""
} }
}() }()
// Setup network for sandbox. // Setup network for sandbox.
// Certain VM based solutions like clear containers (Issue containerd/cri-containerd#524) // Certain VM based solutions like clear containers (Issue containerd/cri-containerd#524)
// rely on the assumption that CRI shim will not be querying the network namespace to check the // rely on the assumption that CRI shim will not be querying the network namespace to check the
@ -140,14 +146,6 @@ func (c *criService) RunPodSandbox(ctx context.Context, r *runtime.RunPodSandbox
if err := c.setupPodNetwork(ctx, &sandbox); err != nil { if err := c.setupPodNetwork(ctx, &sandbox); err != nil {
return nil, errors.Wrapf(err, "failed to setup network for sandbox %q", id) return nil, errors.Wrapf(err, "failed to setup network for sandbox %q", id)
} }
defer func() {
if retErr != nil {
// Teardown network if an error is returned.
if err := c.teardownPodNetwork(ctx, sandbox); err != nil {
log.G(ctx).WithError(err).Errorf("Failed to destroy network for sandbox %q", id)
}
}
}()
} }
// Create sandbox container. // Create sandbox container.
@ -328,10 +326,6 @@ func (c *criService) setupPodNetwork(ctx context.Context, sandbox *sandboxstore.
sandbox.CNIResult = result sandbox.CNIResult = result
return nil return nil
} }
// If it comes here then the result was invalid so destroy the pod network and return error
if err := c.teardownPodNetwork(ctx, *sandbox); err != nil {
log.G(ctx).WithError(err).Errorf("Failed to destroy network for sandbox %q", id)
}
return errors.Errorf("failed to find network info for sandbox %q", id) return errors.Errorf("failed to find network info for sandbox %q", id)
} }