CNI: Update CRIO netconfig with matching subnet

pkg/minikube/bootstrapper/kubeadm/kubeadm.go

@@ -282,8 +282,8 @@ func (k *Bootstrapper) applyCNI(cfg config.ClusterConfig) error {
 	}
 
 	if cfg.KubernetesConfig.ContainerRuntime == "crio" {
-		if err := sysinit.New(k.c).Restart("crio"); err != nil {
-			glog.Errorf("failed to restart CRI: %v", err)
+		if err := cruntime.UpdateCRIONet(k.c, cnm.CIDR()); err != nil {
+			return errors.Wrap(err, "update crio")
 		}
 	}
 

pkg/minikube/cni/bridge.go

@@ -82,6 +82,7 @@ func (c Bridge) Apply(r Runner) error {
 	if err := r.Copy(f); err != nil {
 		return errors.Wrapf(err, "copy")
 	}
+
 	return nil
 }
 

pkg/minikube/cruntime/crio.go

@@ -18,6 +18,7 @@ package cruntime
 
 import (
 	"fmt"
+	"net"
 	"os/exec"
 	"strings"
 
@@ -96,7 +97,6 @@ func (r *CRIO) Available() error {
 		return errors.Wrapf(err, "check crio available.")
 	}
 	return nil
-
 }
 
 // Active returns if CRIO is active on the host
@@ -224,3 +224,30 @@ func (r *CRIO) Preload(cfg config.KubernetesConfig) error {
 	}
 	return fmt.Errorf("not yet implemented for %s", r.Name())
 }
+
+// UpdateCRIONet updates CRIO CNI network configuration and restarts it
+func UpdateCRIONet(r CommandRunner, cidr string) error {
+	glog.Infof("Updating CRIO to use CIDR: %q", cidr)
+	ip, net, err := net.ParseCIDR(cidr)
+	if err != nil {
+		return errors.Wrap(err, "parse cidr")
+	}
+
+	oldNet := "10.88.0.0/16"
+	oldGw := "10.88.0.1"
+
+	newNet := cidr
+
+	// Assume gateway is first IP in netmask (10.244.0.1, for instance)
+	newGw := ip.Mask(net.Mask)
+	newGw[3]++
+
+	// Update subnets used by 100-crio-bridge.conf & 87-podman-bridge.conflist
+	// avoids: "Error adding network: failed to set bridge addr: could not add IP address to \"cni0\": permission denied"
+	sed := fmt.Sprintf("sed -i -e s#%s#%s# -e s#%s#%s# /etc/cni/net.d/*bridge*", oldNet, newNet, oldGw, newGw)
+	if _, err := r.RunCmd(exec.Command("sudo", "/bin/bash", "-c", sed)); err != nil {
+		glog.Errorf("netconf update failed: %v", err)
+	}
+
+	return sysinit.New(r).Restart("crio")
+}

test/integration/net_test.go

@@ -66,7 +66,7 @@ func TestNetworkPlugins(t *testing.T) {
 				profile := UniqueProfileName(tc.name)
 
 				ctx, cancel := context.WithTimeout(context.Background(), Minutes(40))
-				defer Cleanup(t, profile, cancel)
+				defer CleanupWithLogs(t, profile, cancel)
 
 				startArgs := append([]string{"start", "-p", profile, "--memory=1800", "--alsologtostderr", "--wait=true", "--wait-timeout=25m"}, tc.args...)
 				startArgs = append(startArgs, StartArgs()...)
@@ -129,6 +129,10 @@ func TestNetworkPlugins(t *testing.T) {
 					})
 				}
 
+				if strings.Contains(tc.name, "weave") {
+					t.Skipf("skipping remaining tests for weave, as results can be unpredictable")
+				}
+
 				if !t.Failed() {
 					t.Run("DNS", func(t *testing.T) {
 						var rr *RunResult
@@ -166,10 +170,6 @@ func TestNetworkPlugins(t *testing.T) {
 
 				if !t.Failed() {
 					t.Run("HairPin", func(t *testing.T) {
-						if strings.Contains(tc.name, "weave") {
-							t.Skipf("skipping: weavenet hairpin results vary substantially across environments")
-						}
-
 						tryHairPin := func() error {
 							_, err := Run(t, exec.CommandContext(ctx, "kubectl", "--context", profile, "exec", "deployment/netcat", "--", "/bin/sh", "-c", "nc -w 5 -i 5 -z netcat 8080"))
 							return err