kuryr-kubernetes

kuryr-k8s may not work properly in a multi-cni cluster

Bug #1681338 reported by Kirill Zaitsev on 2017-04-10

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	kuryr-kubernetes	In Progress	High	Yash Gupta	kuryr-kubernetes pike-3 "p-3"

Bug Description

There are currently no checks, that would skip pods not managed by kuryr-CNI. Kuryr-k8s expects that all new pods would be properly annotated by kuryr-cni. This might lead to kuryr-k8s crashes and is mentioned in a comment here: https://github.com/openstack/kuryr-kubernetes/blob/f7e64fbe6106012a78ac65dbc2fb1018fdb1b85d/kuryr_kubernetes/controller/handlers/vif.py#L50

This also applies to Services/lbaas support: see discussion here https://review.openstack.org/#/c/376045/20/kuryr_kubernetes/controller/handlers/lbaas.py

Antoni Segura Puimedon (celebdor) on 2017-04-18

Changed in kuryr-kubernetes:
milestone:	none → pike-2
importance:	Undecided → High
status:	New → Triaged

Revision history for this message

longfei.zhang (longfei.zhang) wrote on 2017-06-23:

Yes, we also have this requirement.
In a kubernetes ready environment, if we deploy kuryr later when needed, then some existing pods/LB would cause a lot
of error , kuryr controller get incorrect pod/LB info from those already existing pods/LB, then some times we can find kuryr-k8s crashed at last.

Revision history for this message

Antoni Segura Puimedon (celebdor) wrote on 2017-08-01:

@longfei.zhang @kzaitsev

Do you have some idea about what would be acceptabe in this case to determine if we should serve a pod or a service?

I had a couple of ideas:

a) An annotation to inhibit kuryr
b) With multi-network support allow kuryr to be configured as 'on by default' and 'off by default'. In the latter case, it would only act on networks with a kuryr annotation.
c) Implemented in some driver. The driver would raise an exception like "NotKuryrManaged"

Changed in kuryr-kubernetes:
milestone:	pike-2 → pike-3

Revision history for this message

Kirill Zaitsev (kzaitsev) wrote on 2017-08-01:

I like the 2 option more.

However at this point I'd say that it is safe to downgrade importance to med or low. Is there user-demand for this kind of setup/functionality?

Revision history for this message

Yash Gupta (yashg2) wrote on 2019-11-13:

We also face this issue, when kuryr is used along with multus, and a vif might not be requested from kuryr for some pods.

For CNI case, we can annotate/label pods which are mentioned in CNI ADD requests and start processing the pod in controller once such label appears. It does slow down the port request process by a bit, so we might have it as a configurable behaviour.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-11-29: Fix proposed to kuryr-kubernetes (master)

Fix proposed to branch: master
Review: https://review.opendev.org/696639

Changed in kuryr-kubernetes:
assignee:	nobody → Yash Gupta (yashg2)
status:	Triaged → In Progress

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.