fix: return error if it fails to tear down network in stopsandbox

treat it as success if the the netns dont exists, otherwise, return error kubelet will retry the StopPodSandbox method, avoiding cni leaking Signed-off-by: zhuangqh <zhuangqhc@gmail.com>
AliyunContainerService · May 13, 2019 · 2596dc7 · 2596dc7
1 parent 602298d
commit 2596dc7
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/cri/ocicni/cni_manager.go b/cri/ocicni/cni_manager.go
@@ -83,9 +83,10 @@ func (c *CniManager) TearDownPodNetwork(podNetwork *ocicni.PodNetwork) error {
 		return nil
 	}
 
-	// if netNSPath is not found, should return the error of IsNotExist.
+	// if netNSPath is not found, dont return error.
 	if _, err = os.Stat(podNetwork.NetNS); err != nil {
 		if os.IsNotExist(err) {
+			logrus.Warnf("failed to find network namespace file %s of sandbox %s", podNetwork.NetNS, podNetwork.ID)
 			return nil
 		}
 		return err

diff --git a/cri/v1alpha2/cri.go b/cri/v1alpha2/cri.go
@@ -473,7 +473,7 @@ func (c *CriManager) StopPodSandbox(ctx context.Context, r *runtime.StopPodSandb
 	// Teardown network of the pod, if it is not in host network mode.
 	if sandboxNetworkMode(sandboxMeta.Config) != runtime.NamespaceMode_NODE {
 		if err = c.teardownNetwork(podSandboxID, sandboxMeta.NetNS, sandboxMeta.Config); err != nil {
-			logrus.Warnf("failed to find network namespace file %s of sandbox %s which may have been already stopped", sandboxMeta.NetNS, podSandboxID)
+			return nil, fmt.Errorf("failed to teardown network of sandbox %s, ns path: %v", podSandboxID, sandboxMeta.NetNS)
 		}
 	}