上一篇blog讲解了一下gc的整个流程。后面介绍了删除sandbox。但sandbox怎么删除还是没有讲清楚,在此详细展开说一下,通过sandbox id去删除sandbox代码在pkg/kubelet/kuberuntime/kuberuntime_gc.go。
func (cgc *containerGC) removeSandbox(sandboxID string) {
glog.V(4).Infof("Removing sandbox %q", sandboxID)
// In normal cases, kubelet should've already called StopPodSandbox before
// GC kicks in. To guard against the rare cases where this is not true, try
// stopping the sandbox before removing it.
if err := cgc.client.StopPodSandbox(sandboxID); err != nil {
glog.Errorf("Failed to stop sandbox %q before removing: %v", sandboxID, err)
return
}
if err := cgc.client.RemovePodSandbox(sandboxID); err != nil {
glog.Errorf("Failed to remove sandbox %q: %v", sandboxID, err)
}
}
上面的代码分为两步,第一步是停止sandbox,第二步是删除sandbox。
先看停止pkg/kubelet/dockershim/docker_sandbox.go。
func (ds *dockerService) StopPodSandbox(podSandboxID string) error {
...
errList := []error{}
if needNetworkTearDown {
cID := kubecontainer.BuildContainerID(runtimeName, podSandboxID)
err := ds.network.TearDownPod(namespace, name, cID)
if err == nil {
ds.setNetworkReady(podSandboxID, false)
} else {
errList = append(errList, err)
}
}
if err := ds.client.StopContainer(podSandboxID, defaultSandboxGracePeriod); err != nil {
glog.Errorf("Failed to stop sandbox %q: %v", podSandboxID, err)
// Do not return error if the container does not exist
if !libdocker.IsContainerNotFoundError(err) {
errList = append(errList, err)
}
}
...先调用cni去删除网络,然后采集是停止容器。
先看删除网络调用cni的过程
err := ds.network.TearDownPod(namespace, name, cID)具体实现在pkg/kubelet/network/cni/cni.go
func (plugin *cniNetworkPlugin) TearDownPod(namespace string, name string, id kubecontainer.ContainerID) error {
if err := plugin.checkInitialized(); err != nil {
return err
}
// Lack of namespace should not be fatal on teardown
netnsPath, err := plugin.host.GetNetNS(id.ID)
if err != nil {
glog.Warningf("CNI failed to retrieve network namespace path: %v", err)
}
return plugin.deleteFromNetwork(plugin.getDefaultNetwork(), name, namespace, id, netnsPath)
}再深入看看上面删除网络方法deleteFromNetwork
func (plugin *cniNetworkPlugin) deleteFromNetwork(network *cniNetwork, podName string, podNamespace string, podInfraContainerID kubecontainer.ContainerID, podNetnsPath string) error {
rt, err := plugin.buildCNIRuntimeConf(podName, podNamespace, podInfraContainerID, podNetnsPath)
if err != nil {
glog.Errorf("Error deleting network when building cni runtime conf: %v", err)
return err
}
netConf, cniNet := network.NetworkConfig, network.CNIConfig
glog.V(4).Infof("About to del CNI network %v (type=%v)", netConf.Name, netConf.Plugins[0].Network.Type)
err = cniNet.DelNetworkList(netConf, rt)
if err != nil {
glog.Errorf("Error deleting network: %v", err)
return err
}
return nil
}先是装配参数netConf和rt,然后是通过DelNetworkList是删除,
继续看代码DelNetworkList
func (c *CNIConfig) DelNetworkList(list *NetworkConfigList, rt *RuntimeConf) error {
for i := len(list.Plugins) - 1; i >= 0; i-- {
net := list.Plugins[i]
pluginPath, err := invoke.FindInPath(net.Network.Type, c.Path)
if err != nil {
return err
}
newConf, err := buildOneConfig(list, net, nil, rt)
if err != nil {
return err
}
if err := invoke.ExecPluginWithoutResult(pluginPath, newConf.Bytes, c.args("DEL", rt)); err != nil {
return err
}
}
return nil
}好了这里开始调用正在的/opt/cni/bin下面cni的二进制文件的地方,上面的pluginPath默认就是/opt/cni/bin,上面执行的DEL方法,这个如果大家感兴趣可以看看我之前CNI解析的blog。
如果大家对怎么执行二进制cni感兴趣,我再多说一句怎么执行cni的
vendor/github.com/containernetworking/cni/pkg/invoke/raw_exec.go
func (e *RawExec) ExecPlugin(pluginPath string, stdinData []byte, environ []string) ([]byte, error) {
stdout := &bytes.Buffer{}
c := exec.Cmd{
Env: environ,
Path: pluginPath,
Args: []string{pluginPath},
Stdin: bytes.NewBuffer(stdinData),
Stdout: stdout,
Stderr: e.Stderr,
}
if err := c.Run(); err != nil {
return nil, pluginErr(err, stdout.Bytes())
}
return stdout.Bytes(), nil
}通过golang 的os/exec去执行。
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
