Closed antzjm closed 3 years ago
Here is the error log and daemonset.yaml `SIOCSIFADDR: Permission denied sh-4.4# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 8950 inet 10.244.0.201 netmask 255.255.255.0 broadcast 10.244.0.255 ether f6:c9:19:f1:e0:06 txqueuelen 0 (Ethernet) RX packets 6 bytes 488 (488.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 2 bytes 132 (132.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
hoam1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 9000 ether 5a:6f:7b:4a:15:33 txqueuelen 1000 (Ethernet) RX packets 3 bytes 354 (354.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
sh-4.4# ifconfig hoam1 add 2a00:8a00:4000:6000::0027:4504/120
SIOCSIFADDR: Permission denied
daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
annotations:
deprecated.daemonset.template.generation: "4"
creationTimestamp: "2021-04-30T08:29:50Z"
generation: 4
name: deamonset-pod
namespace: default
resourceVersion: "18064376"
selfLink: /apis/apps/v1/namespaces/default/daemonsets/deamonset-pod
uid: a2516db7-ff44-430e-9e4e-fe8a00df26c3
spec:
revisionHistoryLimit: 10
selector:
matchLabels:
app: deamonset-pod-app
template:
metadata:
annotations:
danm.k8s.io/interfaces: "[\n { \"clusterNetwork\":\"flannel\", \"ip\":\"dynamic\"}
,\n { \"clusterNetwork\":\"hoam\", \"ip\":\"none\"} \n]\n"
creationTimestamp: null
labels:
app: deamonset-pod-app
spec:
containers:
you don't have the privileges required to modify your container network namespace, that has nothing to do with DANM. in the CNI eco-system it is the CNI IPAM's responsibility to provision the IPs
if you want to do it on oyur own for some reason, you need NET_ADMIN capability. if you just missed how to ask for V6 addresses from DANM, read the schema documentation: https://github.com/nokia/danm/blob/master/schema/network_attach.yaml#L40
@Levovar Not that, I had add NET_ADMIN
and privileges
to my container. But still can not get access to operator ipv6 network but ipv4 is ok.
You can see the yaml config I provided above.
Is this a BUG REPORT or FEATURE REQUEST?:
What happened: When I launch a pod with sriov network and want to config ipv6 network on network interface, the system call send me 'SIOCSIFADDR: Permission denied'.
What you expected to happen: I hope I can add ipv6 addr to networ interface How to reproduce it: apply a pod with spcific yaml file. Anything else we need to know?:
Environment:
danm -version
): 4.1.1kubectl version
): v1.16.2[cloudadmin@caas-master-1 ~]$ kubectl get cn hoam -o yaml apiVersion: danm.k8s.io/v1 kind: ClusterNetwork metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"danm.k8s.io/v1","kind":"ClusterNetwork","metadata":{"annotations":{},"name":"hoam"},"spec":{"NetworkID":"hoam","NetworkType":"sriov","Options":{"container_prefix":"hoam","device_pool":"nokia.k8s.io/sriov_ens11f0","net6":"fc00:1234:5678:90aa:cdef:1:0:0/64","vlan":271}}} creationTimestamp: "2021-03-19T06:07:39Z" generation: 1 name: hoam resourceVersion: "10642952" selfLink: /apis/danm.k8s.io/v1/clusternetworks/hoam uid: f23c0bc8-b6cb-4352-988b-85d1b67ce089 spec: NetworkID: hoam NetworkType: sriov Options: container_prefix: hoam device_pool: nokia.k8s.io/sriov_ens11f0 net6: fc00:1234:5678:90aa:cdef:1:0:0/64 vlan: 271
uname -a
): 4.19.162-1.el7.centos.ncir.x86_64