cnitool: fix default CNI directory on Windows and add extra checks. #942
Conversation
|
Note that the only new validation logic which may introduce extra constraints is this new I'm also open to any better suggestions for the Windows default path than this default from containerd. |
aznashwan
force-pushed
the
fix-default-windows-confdir
branch
from
c27ab2c
to
ca319a0
Compare
aznashwan
force-pushed
the
fix-default-windows-confdir
branch
from
ca319a0
to
289c64b
Compare
FWIW I have switched to using I've also compared the pre and post-patch behavior on Linux: ### Pre-patch:
# Relative paths work:
$ NETCONFPATH=../../../../etc/cni/net.d/ ./cnitool check nonexistent-net /var/run/netns/testing
no net configuration with name "nonexistent-net" in ../../../../etc/cni/net.d/ # correct
# Setting a nonexistent directory will only claim there are no net configurations:
$ NETCONFPATH=/nonexistent/path ./cnitool check nonexistent-net /var/run/netns/testing
no net configurations found in /nonexistent/path
# Setting a nonexistent relative directory will also only claim there are no net configurations:
$ NETCONFPATH=./nonexistent/relative/path ./cnitool check nonexistent-net /var/run/netns/testing
no net configurations found in ./nonexistent/relative/path
### Post-patch:
# Relative paths still work:
$ NETCONFPATH=../../../../etc/cni/net.d/ ./cnitool check nonexistent-net /var/run/netns/testing
no net configuration with name "nonexistent-net" in /etc/cni/net.d # correct
# Setting a nonexistent directory will error out with a clear message:
$ NETCONFPATH=/nonexistent/path ./cnitool check nonexistent-net /var/run/netns/testing
the provided CNI config path ($NETCONFPATH) does not exist: "/nonexistent/path"
# Setting a nonexistent relative directory will also error out with a clear message:
$ NETCONFPATH=./nonexistent/relative/path ./cnitool check nonexistent-net /var/run/netns/testing
the provided CNI config path ($NETCONFPATH) does not exist: "/home/nashu/cni/cnitool/nonexistent/relative/path" |
| // NOTE: this is the most reasonable default as most CNI setups on Windows | ||
| // will have been made using the helper script in the containerd repo. | ||
| // https://github.com/containerd/containerd/blob/main/script/setup/install-cni-windows | ||
| DefaultNetDir = "C:\\Program Files\\containerd\\cni\\conf" |
There was a problem hiding this comment.
@aznashwan this seems containerd specific, but CNI is used by more than just containerd. If each CRI implementation has its own default directory, should this be a list of default dirs that get tried in sequence?
There was a problem hiding this comment.
Sorry for the huge delay, I must've somehow missed this notification when it happened.
seems containerd specific
Correct.
CNI is used by more than just containerd
Correct, but generally not really Windows (at least when I was involved in CNI porting efforts on Windows a whole year ago).
Back then, the vast majority of k8s/docker setups on Windows directly installed containerd from their build scripts in the main containerd/containerd repo, so it seemed like the most reasonable choice...
I'm not sure whether there is a "standardised way" to install k8s on Windows nowadays, but I'm willing to bet it uses containerd with this default.
Plus at the end of the day this path is configurable via an env var, so the C:\Program Files\containerd\cni\conf default isn't preventing anyone from using cnitool, and it's certainly a hell of a lot saner of a default on Windows than /etc/cni/net.d 🤣
|
@aznashwan is this still required? |
aznashwan
force-pushed
the
fix-default-windows-confdir
branch
from
289c64b
to
ef2a217
Compare
While I have't worked with Windows CNIs in over 1 year or so, this patch still looks relevant for anyone wanting to run I've just rebased the PR FWIW. |
…ory. Signed-off-by: Nashwan Azhari <[email protected]>
Signed-off-by: Nashwan Azhari <[email protected]>
aznashwan
force-pushed
the
fix-default-windows-confdir
branch
from
ef2a217
to
2cd00e3
Compare
No description provided.