Backport of CSL-13047: fix for segmentation fault or SIGSEGV with consul-cni network plugin's code on 1.9.1 into release/1.7.x #5074
Conversation
…ork plugin's code on 1.9.1 (#5062) * looks for kubeconfig created for cni plugin * added tcs * added leader Renewal params * added changelog * added timeout for leader renewal--mainly on ocp * renamed file name * changelog file name * updated code to reduce complexity to O(n)
|
Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement Learn more about why HashiCorp requires a CLA and what the CLA includes 2 out of 3 committers have signed the CLA.
temp seems not to be a GitHub user. Have you signed the CLA already but the status is still pending? Recheck it. |
|
Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement Learn more about why HashiCorp requires a CLA and what the CLA includes 1 out of 2 committers have signed the CLA.
temp seems not to be a GitHub user. Have you signed the CLA already but the status is still pending? Recheck it. |
vdinesh4738
added
the
pr/no-backport
2 participants
This PR is copy auto-generated from #5062 to be assessed for backporting due to the inclusion of the label backport/1.7.x.
🚨
Warning automatic cherry-pick of commits failed. If the first commit failed,
you will see a blank no-op commit below. If at least one commit succeeded, you
will see the cherry-picked commits up to, not including, the commit where
the merge conflict occurred.
The person who merged in the original PR is:
@vdinesh4738
This person should resolve the merge-conflict(s) by either:
Manually completing the cherry picks into this branch
Creating a new branch and manually cherry-picking all commits being backported
merge conflict error: POST https://api.github.com/repos/hashicorp/consul-k8s/merges: 409 Merge conflict []
The below text is copied from the body of the original PR.
Provided fix for the segmentation fault or SIGSEGV with consul-cni network plugin's code, which is common across the platform till date on Multus cni extension.
Background:
As per jira, when we enable cni and Multus, and then deploy the application with the api-resource 'network-attachment-definition' annotation like 'k8s.v1.cni.cncf.io/networks': '[{"namespace": "consul", "name":"consul-consul-cni"}]' is attached to the application pod, the application pod fails to come up at pod init with error in
Failed to create pod sandbox: rpc error: code = Unknown desc = failed to create pod network sandbox. (more detailed in the jira: https://hashicorp.atlassian.net/browse/CSL-13047
Root cause:
Creation of client with unavailable Kubeconfig or with the wrong Kubeconfig file name causing nil pointer dereference.
Fix:
Created the function to looks/fetch the latest Kubeconfig file and creates client.
Validation:
With the cni and Multus enabled: we update the iptables in the pod network ns.
With this fix : App is up and running and the iptables are updated in the pod network ns.