Bug 1918417
| Summary: | IPv6 errors after exiting crictl | |||
|---|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Qian Cai <qcai> | |
| Component: | Node | Assignee: | Peter Hunt <pehunt> | |
| Node sub component: | CRI-O | QA Contact: | Weinan Liu <weinliu> | |
| Status: | CLOSED ERRATA | Docs Contact: | ||
| Severity: | medium | |||
| Priority: | medium | CC: | ajia, aos-bugs, atomic-bugs, bbaude, dwalsh, gscrivan, jligon, jnovy, lsm5, mheon, pehunt, pthomas, tsweeney, umohnani | |
| Version: | 4.7 | |||
| Target Milestone: | --- | |||
| Target Release: | 4.11.0 | |||
| Hardware: | All | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | No Doc Update | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | 1915950 | |||
| : | 1932399 (view as bug list) | Environment: | ||
| Last Closed: | 2022-08-10 10:35:38 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | 1915950 | |||
| Bug Blocks: | 1932399, 1942665 | |||
This could be reproduced using vanilla containers as well. what are the contents of the files in `/etc/cni/net.d` This should be fixed upstream in https://github.com/containernetworking/plugins/pull/563, though there isn't a corresponding release yet. I would build your plugins off of the main branch (or just the bridge plugin, really) (In reply to Peter Hunt from comment #2) > what are the contents of the files in `/etc/cni/net.d` Just the standard CNI file from cri-o-1.20.0-0.rhaos4.7.git845747f.el8.40.x86_64. # cat /etc/cni/net.d/100-crio-bridge.conf
{
"cniVersion": "0.3.1",
"name": "crio",
"type": "bridge",
"bridge": "cni0",
"isGateway": true,
"ipMasq": true,
"hairpinMode": true,
"ipam": {
"type": "host-local",
"routes": [
{ "dst": "0.0.0.0/0" },
{ "dst": "1100:200::1/24" }
],
"ranges": [
[{ "subnet": "10.85.0.0/16" }],
[{ "subnet": "1100:200::/24" }]
]
}
}
*** Bug 1915950 has been marked as a duplicate of this bug. *** Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:5069 |
# cat pod-config.json { "metadata": { "name": "alpine-sandbox", "namespace": "default", "attempt": 1, "uid": "hdishd83djaidwnduwk28bcsb" }, "log_directory": "/tmp", "linux": { } } # cat container-pod.json { "metadata": { "name": "alpine" }, "image":{ "image": "alpine" }, "command": [ "sleep", "3600" ], "log_path":"alpine.0.log", "linux": { "security_context": { "capabilities": { "add_capabilities": [ "net_raw" ] } } } } # crictl runp --runtime=kata pod-config.json a38230720451583ade7c0b84fa7d08663e3417b52ad2ffadca9b553fb36d82d3 # crictl create a38230720451583ade7c0b84fa7d08663e3417b52ad2ffadca9b553fb36d82d3 container-pod.json pod-config.json 30e947cd0a85eab9634cef2975acd18d3e98367eeac1826506cea9d6d0bb78 # crictl start 30e947cd0a85eab9634cef2975acd18d3e98367eeac1826506cea9d6d0bb78 # crictl stop 30e947cd0a85eab9634cef2975acd18d3e98367eeac1826506cea9d6d0bb78 # crictl rm 30e947cd0a85eab9634cef2975acd18d3e98367eeac1826506cea9d6d0bb78 # crictl stopp a382307204515 FATA[0000] stopping the pod sandbox "a382307204515": rpc error: code = Unknown desc = failed to destroy network for pod sandbox k8s_ubi8-sandbox_default_hdishd83djaidwnduwk28bcsb_1(a38230720451583ade7c0b84fa7d08663e3417b52ad2ffadca9b553fb36d82d3): running [/usr/sbin/ip6tables -t nat -D POSTROUTING -s 1100:200::5/24 -j CNI-7860ea922d1a46225b9c13c1 -m comment --comment name: "crio" id: "a38230720451583ade7c0b84fa7d08663e3417b52ad2ffadca9b553fb36d82d3" --wait]: exit status 1: iptables: Bad rule (does a matching rule exist in that chain?). cri-o-1.20.0-0.rhaos4.7.git845747f.el8.40.x86_64 cri-tools-1.20.0-1.el8.x86_64