Bug 1562783 - NetworkPlugin cni failed to set up pod "egress-dns-proxy_default"
Summary: NetworkPlugin cni failed to set up pod "egress-dns-proxy_default"
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Routing
Version: 3.10.0
Hardware: Unspecified
OS: Linux
high
high
Target Milestone: ---
: 3.10.0
Assignee: Ravi Sankar
QA Contact: zhaozhanqi
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-02 13:37 UTC by Weibin Liang
Modified: 2018-07-30 19:12 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: sdn daemonset not sharing pid namespace with host. Consequence: Add mac vlan interface failed as part of egress router setup. Fix: Set hostPID=true for sdn daemonset Result: Egress router setup works as expected.
Clone Of:
Environment:
Last Closed: 2018-07-30 19:11:39 UTC
Target Upstream Version:


Attachments (Terms of Use)
Test steps and logs (19.24 KB, text/plain)
2018-04-02 13:37 UTC, Weibin Liang
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:1816 None None None 2018-07-30 19:12:03 UTC

Description Weibin Liang 2018-04-02 13:37:01 UTC
Created attachment 1416254 [details]
Test steps and logs

Description of problem:
Can not deploy egress router pod when set dns-proxy in EGRESS_ROUTER_MODE. 
The warning messages is: Warning  FailedCreatePodSandBox  12s   kubelet, 172.16.120.110  Failed create pod sandbox: rpc error: code = Unknown desc = NetworkPlugin cni failed to set up pod "egress-dns-proxy_default" network: CNI request failed with status 400: 'could not open netns "/proc/50551/ns/net"


Version-Release number of selected component (if applicable):
OCP v3.10.0-0.15.0

How reproducible:
Every time

Steps to Reproduce:
1. In node, docker build ose-egress-router and ose-egress-dns-proxy images from origin
2. In master, oc create -f test.yaml
3. oc get pod in master, egress router is not running

Actual results:
Warning  FailedCreatePodSandBox  12s   kubelet, 172.16.120.110  Failed create pod sandbox: rpc error: code = Unknown desc = NetworkPlugin cni failed to set up pod "egress-dns-proxy_default" network: CNI request failed with status 400: 'could not open netns "/proc/50551/ns/net"


Expected results:
Egress router should be in running state

Additional info:
The testing steps is attached.

Comment 1 Ravi Sankar 2018-04-23 23:56:49 UTC
Fixed by https://github.com/openshift/openshift-ansible/pull/8101

Comment 2 Ravi Sankar 2018-04-24 20:13:31 UTC
@weliang
Your egress dns proxy pod yaml file needs these changes:
- EGRESS_DNS_PROXY_DESTINATION instead of EGRESS_DNS_DESTINATION
- '80 www.baidu.com' instead of '80 tcp www.baidu.com', TCP is assumed (no udp).

Hold off your testing, I will be posting another fix (not related to this bug) that resolves dns to ipv4 instead of ipv6.

Comment 3 openshift-github-bot 2018-04-25 04:57:53 UTC
Commits pushed to master at https://github.com/openshift/openshift-ansible

https://github.com/openshift/openshift-ansible/commit/d6ac38fa6a5abeb7a55f9527152bd207a2c8c912
Bug 1562783 - Fix egress router setup

- For egress router, we add macvlan interface to a container
and that calls ns.GetNS(pod-netns-path) which expects pid namespace to
be shared with the host. Until we find some mechanism to push this
logic to cni plugin, we need to set hostPID=true for the sdn static pod.

https://github.com/openshift/openshift-ansible/commit/6d4886384b4d3bd3ade3efd0683d2784c136c2ca
Merge pull request #8101 from pravisankar/fix-egress-router-setup

Bug 1562783 - Fix egress router setup

Comment 5 Meng Bo 2018-05-16 10:43:48 UTC
With the hostPID set to true for the sdn pod, the egress router, egress http proxy and egress dns proxy pod can work well.

Comment 7 errata-xmlrpc 2018-07-30 19:11:39 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:1816


Note You need to log in before you can comment on or make changes to this bug.