Description of problem: In Kuryr CNI container cni_ds_init script is used as entrypoint. Currently it uses `docker run` command to run kuryr-cni executable. Unfortunately there's upstream kuryr/cni container image hardcoded threre. Instead of that cni_ds_init should be able to produce script finding the running CNI container and use `docker exec` to execute kuryr-cni binary inside the container. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Run Kuryr CNI container on OpenShift or Kubernetes infrastructure. 2. Run a pod in OpenShift/K8s. 3. Use `docker ps --all` to notice that the container executed was upstream kuryr/cni downloaded from DockerHub. Actual results: kuryr/cni is being run. Expected results: Downstream CNI image is used (at least). Additional info:
New downstream image is prepared: https://registry-console.engineering.redhat.com/registry#/images/rhosp13/openstack-kuryr-cni
Verified in: openstack-kuryr-kubernetes-common-0.4.3-1.el7ost.noarch openstack-kuryr-kubernetes-cni-0.4.3-1.el7ost.noarch Deployed OpenShift kuryr demo app with 4 replicas and checked that kuryr-cni images have been taken from downstream Red Hat repository, and not from DockerHub. [openshift@master-0 ~]$ oc -n openshift-infra get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE bootstrap-autoapprover-0 1/1 Running 0 2d 10.11.0.34 master-0.openshift.example.com kuryr-cni-ds-78l89 1/1 Running 0 2d 192.168.99.5 infra-node-0.openshift.example.com kuryr-cni-ds-gkr24 1/1 Running 0 2d 192.168.99.10 app-node-1.openshift.example.com kuryr-cni-ds-nlnl8 1/1 Running 0 2d 192.168.99.14 master-0.openshift.example.com kuryr-cni-ds-p49z9 1/1 Running 0 2d 192.168.99.4 app-node-0.openshift.example.com kuryr-controller-5cb44464fd-ttvrp 1/1 Running 0 2d 192.168.99.4 app-node-0.openshift.example.com [openshift@master-0 ~]$ sudo docker images REPOSITORY TAG IMAGE ID CREATED SIZE docker-registry.engineering.redhat.com/rhosp13/openstack-kuryr-cni latest 66cf833144bd 3 days ago 344 MB ... [openshift@master-0 ~]$ sudo docker image inspect docker-registry.engineering.redhat.com/rhosp13/openstack-kuryr-cni ... "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/rhosp13/openstack-kuryr-cni/images/13.0-42", ... [openshift@infra-node-0 ~]$ sudo docker images REPOSITORY TAG IMAGE ID CREATED SIZE docker-registry.engineering.redhat.com/rhosp13/openstack-kuryr-cni latest 66cf833144bd 3 days ago 344 MB ... [openshift@infra-node-0 ~]$ sudo docker image inspect docker-registry.engineering.redhat.com/rhosp13/openstack-kuryr-cni ... "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/rhosp13/openstack-kuryr-cni/images/13.0-42", ... [openshift@app-node-0 ~]$ sudo docker images REPOSITORY TAG IMAGE ID CREATED SIZE docker-registry.engineering.redhat.com/rhosp13/openstack-kuryr-cni latest 66cf833144bd 3 days ago 344 MB ... [openshift@app-node-0 ~]$ sudo docker image inspect docker-registry.engineering.redhat.com/rhosp13/openstack-kuryr-cni ... "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/rhosp13/openstack-kuryr-cni/images/13.0-42", ... [openshift@app-node-1 ~]$ sudo docker images REPOSITORY TAG IMAGE ID CREATED SIZE docker-registry.engineering.redhat.com/rhosp13/openstack-kuryr-cni latest 66cf833144bd 3 days ago 344 MB [openshift@app-node-1 ~]$ sudo docker image inspect docker-registry.engineering.redhat.com/rhosp13/openstack-kuryr-cni ... "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/rhosp13/openstack-kuryr-cni/images/13.0-42", ...
Adding application pods (kuryr/demo image) info in test project: [openshift@master-0 ~]$ oc get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE demo-1-7ffx4 1/1 Running 0 2d 10.11.0.5 app-node-0.openshift.example.com demo-1-8rpsg 1/1 Running 0 2d 10.11.0.4 app-node-0.openshift.example.com demo-1-cd9h6 1/1 Running 0 2d 10.11.0.12 app-node-1.openshift.example.com demo-1-q9fgz 1/1 Running 0 2d 10.11.0.3 app-node-1.openshift.example.com
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2018:2086