Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Packaging a CNI conflist conflicts with Kubernetes-focused CNIs #201

Closed
fasaxc opened this issue Nov 21, 2024 · 4 comments · Fixed by #202
Closed

Packaging a CNI conflist conflicts with Kubernetes-focused CNIs #201

fasaxc opened this issue Nov 21, 2024 · 4 comments · Fixed by #202
Labels
kind/feature Categorizes issue or PR as related to a new feature.

Comments

@fasaxc
Copy link

fasaxc commented Nov 21, 2024

CRI-O now bundles a bridge CNI conflist at install time (presumably to make CRI-O work out-of-the-box for local pods). This causes an issue in Kubernetes because Kubernetes generally requires a multi-node CNI (such as Calico), which is typically installed as a group of Kubernetes pods.

If there is no CNI installed, Kubernetes will block scheduling of CNI-networked pods, allowing for the CNI itself to bootstrap first and then provision the CNI config. However, with the bridge CNI pre-installed, some pods can get scheduled before the intended CNI has bootstrapped, resulting in some pods being provisioned on the local bridge network, instead of, say, Calico.

There may be more moving parts; I'm not 100% sure which pods can and cannot be scheduled before the intended CNI comes up (Kubernetes also has a "NetowrkUnavilable" taint that the CNI or cloud provider is supposed to remove). However, a user of Calico reported that some of Calico's pods were getting scheduled on the CRIO bridge network where normally they would wait for Calico to bootstrap.

Old issue with similar problem: cri-o/cri-o#5799 (comment) I think it was resolved by removing the bridge config, but that seems to have been regressed.
@saschagrunert saschagrunert moved this to To do in Feature Roadmap Nov 22, 2024
@saschagrunert saschagrunert added the kind/feature Categorizes issue or PR as related to a new feature. label Nov 22, 2024
@saschagrunert
Copy link
Member

I'm not sure if we should remove the config. Maybe putting it into a recommended extra package. But that seems to be a lot for a single config file.

@cri-o/cri-o-maintainers what are your thoughts on that?

@haircommander
Copy link
Member

yeah I think separating the packages is probably the best option

@kwilczynski
Copy link
Member

I think a dedicated package might be an overkill. I would put the files into /usr/share/crio or perhaps change their name to have the .disabled or .example suffix and keep them where they currently are, only to prevent them from being loaded automatically.

Whichever approach, the user-facing documentation has to be updated to let users know about the default configuration.

@saschagrunert saschagrunert mentioned this issue Nov 29, 2024
Merged
@saschagrunert
Copy link
Member

Sounds like a good idea, proposing that in #202

@github-project-automation github-project-automation bot moved this from To do to Done in Feature Roadmap Nov 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature Categorizes issue or PR as related to a new feature.
Projects
Feature Roadmap
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Disable CNI configuration by default saschagrunert/packaging
4 participants
@kwilczynski @fasaxc @saschagrunert @haircommander