Containers using other containers net namespace don't have IP addresses #1394
Comments
In the container view? Why? If I don't want to see the gory insides of a pod, surely I'd use the Pod view, in which case none of the individual containers should show up. |
|
Sorry I wasn't being clear. I mean for the purpose of rendering edges; we currently can't attribute short lived connection edges to containers on k8s as every net namespace is shared. We can do better if we ignore pause containers for this purpose. |
How so? In general a single pod will be made up of multiple containers plus the pause container, all sharing the same netns. Which container would you attribute connections to? |
|
Duplicate of #986 |
Yes, in general we can't solve this problem with conntrack data. But I don't think its actually that usual to have multiple containers per pod, so we can do better in the case when their is only one by ignoring the pause container.
If there is more than one container with the IP we ignore that edge as we can't deterministically pick the right one. Right now we'd attribute the edge to a pause container, which is just wrong. |
The pause container would deterministically be the right one.
I actually think it's exactly right. As I said above, if a user doesn't care about the innards of pods, then they should be using the pod view, not the container view. |
This particularly affects k8s, where every container uses a pause containers net namespace.
The IP should show up in the details panel, and we should ignore pause containers for the purpose of rendering.
The text was updated successfully, but these errors were encountered: