Azure CNI Bug - Critical for us!
Boxer-Property opened this issue · 4 comments
What happened:
I can't get the CNI working, there isn't enough documentation. I am doing this on a Windows and Linux Azure VM & Docker. I get the IP address from the ipconfig pool, but I don't have any connectivity.
What you expected to happen:
I would get an IP Address on the container (and I do) but I would also have full connectivity in and out of the container.
How to reproduce it:
I have a script that I have at the bottom that I can share.
Orchestrator and Version (e.g. Kubernetes, Docker):
Docker for Linux, Docker (containers role) EE in Windows
Operating System (Linux/Windows):
Windows and Linux both
Kernel (e.g. uanme -a for Linux or $(Get-ItemProperty -Path "C:\windows\system32\hal.dll").VersionInfo.FileVersion for Windows):
??
Anything else we need to know?:
[Miscellaneous information that will assist in solving the issue.]
URL: https://learn.microsoft.com/en-us/azure/virtual-network/deploy-container-networking#deploy-plug-in-for-docker-containers
My notes are bleow....
#Ubuntu 20.04
sudo su -
sudo apt-get update
sudo apt-get install
ca-certificates
curl
gnupg
lsb-release
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get -y install docker-ce docker-ce-cli containerd.io docker-compose-plugin
docker ps
git clone https://github.com/Azure/azure-container-networking.git
cd azure-container-networking/scripts/
./install-cni-plugin.sh v1.4.20
chmod u+x docker-run.sh
sudo apt-get update
sudo apt-get -y install jq
#Nic-name and resourcegroup is the Network Interface of Virtual Machine - That one create additional ip on existing network interface
az network nic ip-config create --name container01 --nic-name cni-test-linux829 --private-ip-address 10.224.0.6 --resource-group CNI-Test02
./docker-run.sh vnetdockerdemo default alpine
sudo docker exec -it vnetdockerdemo /bin/sh
ifconfig
#Windows 2019 with container (Image from Azure)
#https://github.com/Azure/azure-container-networking
#Powershell as a admin
Invoke-WebRequest -Uri https://github.com/Azure/azure-container-networking/archive/refs/heads/master.zip -OutFile azure-container-networking.zip
Expand-Archive azure-container-networking.zip -DestinationPath azure-container-networking
cd .\azure-container-networking\azure-container-networking-master\scripts\
.\Install-CniPlugin.ps1 v1.4.20
#In Azure CLI
#Get list of subscriptions
az account subscription list
#Switch into this subscription
az account set -s "068b11df-1244-4f28-9c40-4ad20f1a39e8"
#Nic-name and resourcegroup is the Network Interface of Virtual Machine - That one create additional ip on existing network interface
az network nic ip-config create --name ipconfig07 --nic-name win1807 --private-ip-address 10.0.0.7 --resource-group RGroup
C:\k\azurecni\netconf\10-azure.conflist:
{
"cniVersion":"0.3.0",
"name":"azure",
"plugins":[
{
"type":"azure-vnet",
"mode": "tunnel",
"bridge": "azure0",
"ipam":{
"type":"azure-vnet-ipam"
},
"dns": {
"Nameservers": [
"10.0.0.10",
"168.63.129.16"
],
"Search": [
"default.svc.cluster.local"
]
}
}
]
}
.\docker-exec.ps1 testcontainer default mcr.microsoft.com/windows/servercore/iis add
docker exec -it testcontainer powershell
ipconfig
@Boxer-Property what is the output of ipconfig inside container? Also cni doesn't support tunnel mode .. can you update conflist to "mode": "bridge" . Also your conflist missing Outbound NAT policy which is needed for internet connectivity from container:
"AdditionalArgs": [
{
"Name": "EndpointPolicy",
"Value": {
"Type": "OutBoundNAT",
"ExceptionList": [
<vnet_address_space>
]
}
}
]
After updating conflist, restart VM and recreate container again.
If still find issue, share conflist and also cni logs.. it should be in same location as azure-vnet binary.. share all logs starts with this prefix azure-vnet in a zip
@Boxer-Property also any reason you are not using latest cni?
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days
Issue closed due to inactivity.