-
Notifications
You must be signed in to change notification settings - Fork 123
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support containerd 1.7 #297
Support containerd 1.7 #297
Conversation
17b7e22
to
aa4253c
Compare
I don't think the It feels like something else is going on here? does the |
It might be that the working directory changed between containerd v1.6 and v1.7 too. |
That was my expectation, was the Working dir changed. I am surprised that change the folder name is making a difference here. |
aa4253c
to
3ab5b19
Compare
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: marosset, Mik4sa The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@marosset What is missing here so this gets the lgtm label/gets merged? |
ls $env:CONTAINER_SANDBOX_MOUNT_POINT/etc/kube-flannel/ | ||
cp -force $env:CONTAINER_SANDBOX_MOUNT_POINT/etc/kube-flannel/net-conf.json C:\etc\kube-flannel\net-conf.json | ||
ls $env:CONTAINER_SANDBOX_MOUNT_POINT/mounts/kube-flannel/ | ||
cp -force $env:CONTAINER_SANDBOX_MOUNT_POINT/mounts/kube-flannel/net-conf.json C:\etc\kube-flannel\net-conf.json |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is the value of CONTAINER_SANDBOX_MOUNT_POINT
in this script with 1.7? I am guessing we are getting the error cp : Access to the path 'C:\etc\kube-flannel\net-conf.json' is denied
because we are trying to copy from the wrong place. If CONTAINER_SANDBOX_MOUNT_POINT
is not set then we would be trying to copy from c:/etc/kube-flannel/net-conf.json
which isn't created yet (we are trying to do that now...).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Afaik 'C:/hpc' but I can't verify before wednesday/thursday
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is the value of
CONTAINER_SANDBOX_MOUNT_POINT
in this script with 1.7?
It's C:\hpc\
. Just verified.
I am guessing we are getting the error
cp : Access to the path 'C:\etc\kube-flannel\net-conf.json' is denied
because we are trying to copy from the wrong place.
I manually entered into the flannel pod and executed the commands one by one and made some other testing.
The source doesn't seem to be problematic. I'm able to copy it to a different folder. This for example works (after creating the target directory):
cp -force $env:CONTAINER_SANDBOX_MOUNT_POINT/etc/kube-flannel/net-conf.json C:\test\
But when I for example try to delete the target file with this command:
Remove-Item C:\etc\kube-flannel\net-conf.json
I get the following error:
Remove-Item : Cannot remove item C:\etc\kube-flannel\net-conf.json: Access to the path 'C:\etc\kube-flannel\net-conf.json' is denied.
At line:1 char:1
+ Remove-Item C:\etc\kube-flannel\net-conf.json
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\etc\kube-flannel\net-conf.json:FileInfo) [Remove-Item], UnauthorizedAccessException
+ FullyQualifiedErrorId : RemoveFileSystemItemUnAuthorizedAccess,Microsoft.PowerShell.Commands.RemoveItemCommand
This is because the configmap kube-flannel-cfg
is mounted into this place (readonly). I verified that by editing the configmap first and then checking the content inside of the container:
PS C:\> cat C:\etc\kube-flannel\net-conf.json
{
"Network": "10.244.0.0/16",
"Backend": {
"Type": "vxlan"
}
"Some falsy value..."
}
And this is the target directory structure:
PS C:\> ls C:\etc\kube-flannel\
Directory: C:\etc\kube-flannel
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 5/12/2023 2:54 PM ..2023_05_12_14_54_31.2595385805
d----l 5/12/2023 2:54 PM ..data
-a---l 5/12/2023 2:54 PM 0 cni-conf.json
-a---l 5/12/2023 2:54 PM 0 net-conf.json
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, I yes this has to do with the behavioral change with mounts in containerd 1.7 (which I think you already said. Thanks for bearing with me! 😄).
Additional volume mounts specified for hostProcess containers will be mounted at their requested location and can be access the same way as volume mounts in Linux or regular Windows Server containers.
ex: a volume with a mountPath of /var/run/secrets/token for containers will be mounted at c:\var\run\secrets\token for containers.
/lgtm |
Reason for PR:
The
kube-flannel
andkube-proxy
pods were failing/crashing with containerd 1.7.0. This was because of the usage ofbind volume
instead ofsymlink volume
(see here).This problem was first mentioned in #289 and here: #277 (comment)
For details check this comment: #277 (comment)
Issue Fixed:
Fixes #289
Requirements
Notes:
I decided to move the mounts to
/mounts/...
instead of directly mounting them to the root because of two reasons:/kube-proxy
/mounts/...
maybe better communicates that these are actual mounts which was really hard for me to understand due to the behavior of hostprocess containers.