From 469cadb13f2ca4e40a29ab379672e7019b166e27 Mon Sep 17 00:00:00 2001 From: Kashif Khan Date: Tue, 31 Dec 2024 11:01:29 +0200 Subject: [PATCH 1/2] Ensure existing CNI config file has correct permissions Signed-off-by: Kashif Khan --- cni-plugin/pkg/install/install.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/cni-plugin/pkg/install/install.go b/cni-plugin/pkg/install/install.go index 57f0ae67840..a76d60f4e7a 100644 --- a/cni-plugin/pkg/install/install.go +++ b/cni-plugin/pkg/install/install.go @@ -401,6 +401,12 @@ func writeCNIConfig(c config) { logrus.Fatal(err) } + // Safeguarding since WriteFile does not change existing file's permissions. + err = os.Chmod(path, perm) + if err != nil { + logrus.Fatal(err) + } + content, err := os.ReadFile(path) if err != nil { logrus.Fatal(err) From 54dbf29786ac464860ce7b5479add81daabf8429 Mon Sep 17 00:00:00 2001 From: ritikaguptams <85255050+ritikaguptams@users.noreply.github.com> Date: Tue, 19 Nov 2024 13:55:49 -0800 Subject: [PATCH 2/2] Upgrade hcsshim to 0.12.8 and update logic for stale endpoint for hyperv isolation Signed-off-by: ritikaguptams <85255050+ritikaguptams@users.noreply.github.com> Upgrading hcshim Signed-off-by: ritikaguptams <85255050+ritikaguptams@users.noreply.github.com> --- felix/dataplane/windows/endpoint_mgr.go | 5 ++++- go.mod | 5 +++-- go.sum | 10 ++++++---- 3 files changed, 13 insertions(+), 7 deletions(-) diff --git a/felix/dataplane/windows/endpoint_mgr.go b/felix/dataplane/windows/endpoint_mgr.go index d2b4f77ed64..5f59dec1273 100644 --- a/felix/dataplane/windows/endpoint_mgr.go +++ b/felix/dataplane/windows/endpoint_mgr.go @@ -197,7 +197,10 @@ func (m *endpointManager) RefreshHnsEndpointCache(forceRefresh bool) error { // Some CNI plugins do not clear endpoint properly when a pod has been torn down. // In that case, it is possible Felix sees multiple endpoints with the same IP. // We need to filter out inactive endpoints that do not attach to any container. - if len(endpoint.SharedContainers) == 0 { + // An endpoint is considered to be active if its state is Attached or AttachedSharing. + // Note: Endpoint.State attribute is dependent on HNS v1 api. If hcsshim upgrades to HNS v2 + // api this will break. We then need to Reach out to Microsoft to facilate the change via HNS. + if endpoint.State.String() != "Attached" && endpoint.State.String() != "AttachedSharing" { log.WithFields(log.Fields{ "id": endpoint.Id, "name": endpoint.Name, diff --git a/go.mod b/go.mod index 116716da252..50192c14a4a 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.23.2 require ( github.com/BurntSushi/toml v1.4.0 github.com/Masterminds/semver/v3 v3.3.1 - github.com/Microsoft/hcsshim v0.12.6 + github.com/Microsoft/hcsshim v0.12.8 github.com/apparentlymart/go-cidr v1.1.0 github.com/aws/aws-sdk-go-v2 v1.32.6 github.com/aws/aws-sdk-go-v2/config v1.28.6 @@ -166,7 +166,8 @@ require ( github.com/containerd/cgroups v1.1.0 // indirect github.com/containerd/cgroups/v3 v3.0.3 // indirect github.com/containerd/console v1.0.4 // indirect - github.com/containerd/errdefs v0.1.0 // indirect + github.com/containerd/containerd v1.7.23 // indirect + github.com/containerd/errdefs v0.3.0 // indirect github.com/containerd/log v0.1.0 // indirect github.com/containerd/ttrpc v1.2.5 // indirect github.com/coreos/go-iptables v0.7.0 // indirect diff --git a/go.sum b/go.sum index 9d2668abb46..48487eaf72b 100644 --- a/go.sum +++ b/go.sum @@ -14,8 +14,8 @@ github.com/Masterminds/semver/v3 v3.3.1 h1:QtNSWtVZ3nBfk8mAOu/B6v7FMJ+NHTIgUPi7r github.com/Masterminds/semver/v3 v3.3.1/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= -github.com/Microsoft/hcsshim v0.12.6 h1:qEnZjoHXv+4/s0LmKZWE0/AiZmMWEIkFfWBSf1a0wlU= -github.com/Microsoft/hcsshim v0.12.6/go.mod h1:ZABCLVcvLMjIkzr9rUGcQ1QA0p0P3Ps+d3N1g2DsFfk= +github.com/Microsoft/hcsshim v0.12.8 h1:BtDWYlFMcWhorrvSSo2M7z0csPdw6t7no/C3FsSvqiI= +github.com/Microsoft/hcsshim v0.12.8/go.mod h1:cibQ4BqhJ32FXDwPdQhKhwrwophnh3FuT4nwQZF907w= github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I= github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwFc0ih8puEVAOFGELsn1zoIIYdxvML7mDxA= @@ -145,8 +145,10 @@ github.com/containerd/cgroups/v3 v3.0.3 h1:S5ByHZ/h9PMe5IOQoN7E+nMc2UcLEM/V48DGD github.com/containerd/cgroups/v3 v3.0.3/go.mod h1:8HBe7V3aWGLFPd/k03swSIsGjZhHI2WzJmticMgVuz0= github.com/containerd/console v1.0.4 h1:F2g4+oChYvBTsASRTz8NP6iIAi97J3TtSAsLbIFn4ro= github.com/containerd/console v1.0.4/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk= -github.com/containerd/errdefs v0.1.0 h1:m0wCRBiu1WJT/Fr+iOoQHMQS/eP5myQ8lCv4Dz5ZURM= -github.com/containerd/errdefs v0.1.0/go.mod h1:YgWiiHtLmSeBrvpw+UfPijzbLaB77mEG1WwJTDETIV0= +github.com/containerd/containerd v1.7.23 h1:H2CClyUkmpKAGlhQp95g2WXHfLYc7whAuvZGBNYOOwQ= +github.com/containerd/containerd v1.7.23/go.mod h1:7QUzfURqZWCZV7RLNEn1XjUCQLEf0bkaK4GjUaZehxw= +github.com/containerd/errdefs v0.3.0 h1:FSZgGOeK4yuT/+DnF07/Olde/q4KBoMsaamhXxIMDp4= +github.com/containerd/errdefs v0.3.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/containerd/ttrpc v1.2.5 h1:IFckT1EFQoFBMG4c3sMdT8EP3/aKfumK1msY+Ze4oLU=