kubeadm: reset: use crictl to reset containers #54721
Conversation
cmd/kubeadm/app/cmd/reset.go
Outdated
| fmt.Println("[reset] Removing kubernetes-managed containers.") | ||
| if err := exec.Command("sh", "-c", "docker ps -a --filter name=k8s_ -q | xargs -r docker rm --force --volumes").Run(); err != nil { | ||
| fmt.Println("[reset] Failed to stop the running containers.") | ||
| resetWithDocker := func() { |
There was a problem hiding this comment.
write this as a normal function top-level
cmd/kubeadm/app/cmd/reset.go
Outdated
| resetWithDocker() | ||
| } | ||
| } else { | ||
| fmt.Println("[reest] CRI socket path not provided for crictl. Trying docker instead.") |
cmd/kubeadm/app/cmd/reset.go
Outdated
| crictlPath, err := exec.LookPath("crictl") | ||
| if err == nil { | ||
| if r.criSocketPath != "" { | ||
| if err := exec.Command("sh", "-c", crictlPath+" -r "+r.criSocketPath+" sandboxes --quiet | xargs -r "+crictlPath+" -r "+r.criSocketPath+" rms"); err != nil { |
There was a problem hiding this comment.
Logging here that "resetting foo env with tool bar and socket baz" would be helpful
cmd/kubeadm/app/cmd/reset.go
Outdated
| } | ||
| } else { | ||
| fmt.Println("[reset] Docker doesn't seem to be running. Skipping the removal of running Kubernetes containers.") | ||
| fmt.Println("[reset] crictl isn't available on your system. Trying using docker instead.") |
There was a problem hiding this comment.
not sure we need to log this, seems like an error to users, while everything's fine.
There was a problem hiding this comment.
Yeah, I'm fine dropping this one.
cmd/kubeadm/app/cmd/reset.go
Outdated
| @@ -56,16 +57,22 @@ func NewCmdReset(out io.Writer) *cobra.Command { | |||
| "The path to the directory where the certificates are stored. If specified, clean this directory.", | |||
| ) | |||
|
|
|||
| cmd.PersistentFlags().StringVar( | |||
| &criSocketPath, "cri-socket", "", | |||
| "The path to the CRI socket to use with crictl when cleaning up containers.", | |||
There was a problem hiding this comment.
should we default to the dockershim socket?
1ec2ea1
to
abcafd6
Compare
|
@luxas addressed all your comments |
cmd/kubeadm/app/cmd/reset.go
Outdated
| if err == nil { | ||
| if r.criSocketPath != "" { | ||
| fmt.Println("[reset] Cleaning up running containers using crictl with socket %s", r.criSocketPath) | ||
| if err := exec.Command("sh", "-c", crictlPath+" -r "+r.criSocketPath+" sandboxes --quiet | xargs -r "+crictlPath+" -r "+r.criSocketPath+" rms"); err != nil { |
There was a problem hiding this comment.
for readability, can you please create a separate string for this and use fmt.Sprintf?
cmd/kubeadm/app/cmd/reset.go
Outdated
| func resetWithDocker() { | ||
| dockerCheck := preflight.ServiceCheck{Service: "docker", CheckIfActive: true} | ||
| if _, errors := dockerCheck.Check(); len(errors) == 0 { | ||
| if err := exec.Command("sh", "-c", "docker ps -a --filter name=k8s_ -q | xargs -r docker rm --force --volumes").Run(); err != nil { |
There was a problem hiding this comment.
I know this wasn't here before sigh, but now I really think we should have unit tests for this, as the complexity grows.
Can you please use k8s.io/utils/exec that you inject to the functions here, and then fake it out and test the different cases out in unit tests?
There was a problem hiding this comment.
yeah, I'll add a unit test for this function but it needs to mock out dockerCheck as well
e1e4cb1
to
b60bbbc
Compare
|
@luxas reworked and added unit tests. PTAL |
|
/retest |
|
Looks like tests are failing cause they're using old code (???) |
|
/retest |
cmd/kubeadm/app/cmd/reset_test.go
Outdated
| @@ -181,3 +185,131 @@ func TestConfigDirCleaner(t *testing.T) { | |||
| } | |||
| } | |||
| } | |||
|
|
|||
| // TODO(justinsb): Add test for nodePort conflict detection, once we have nodePort wired in | |||
There was a problem hiding this comment.
Mmm i don't know where that comes from, I'll fix remove it.
|
@sttts mentioned that bazel-contrib/rules_go#831 might be related/relevant for bazel failure |
|
it looks like you need to run |
b60bbbc
to
32b129c
Compare
done |
|
/test pull-kubernetes-verify |
Signed-off-by: Antonio Murdaca <[email protected]>
32b129c
to
bb0cd27
Compare
|
/test pull-kubernetes-verify |
|
@luxas everything passed now |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: luxas, runcom Associated issue: 508 The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
|
/test all [submit-queue is verifying that this PR is safe to merge] |
|
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here. |
@luxas PTAL
Signed-off-by: Antonio Murdaca [email protected]
What this PR does / why we need it:
This patch makes kubeadm to try and reset containers using
crictlfirst instead of docker. The reason is that kubeadm reset is ineffective with new container runtimes using the CRI (like CRI-O).This patch uses
crictlfirst and falls back todockerin casecrictlisn't available.Which issue this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close that issue when PR gets merged): fixes #Fix kubernetes/kubeadm#508
Special notes for your reviewer:
Release note: