opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-22 18:08:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add support for rootless network-aliases

Browse Source 
Make sure we pass the network aliases as capability args to the
cnitool in the rootless-cni-infra container. Also update the
dnsname plugin in the cni-infra container.

Fixes #8567

Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
This commit is contained in:
Paul Holzinger
2020-12-03 22:26:29 +01:00
parent c717b3caca
commit 1fac43654c
4 changed files with 30 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
contrib/rootless-cni-infra/Containerfile
View File

@ -2,7 +2,7 @@ ARG GOLANG_VERSION=1.15
ARG ALPINE_VERSION=3.12 ARG ALPINE_VERSION=3.12
ARG CNI_VERSION=v0.8.0 ARG CNI_VERSION=v0.8.0
ARG CNI_PLUGINS_VERSION=v0.8.7 ARG CNI_PLUGINS_VERSION=v0.8.7
ARG DNSNAME_VERSION=v1.0.0 ARG DNSNAME_VERSION=v1.1.1
FROM golang:${GOLANG_VERSION}-alpine${ALPINE_VERSION} AS golang-base FROM golang:${GOLANG_VERSION}-alpine${ALPINE_VERSION} AS golang-base
RUN apk add --no-cache git RUN apk add --no-cache git
@ -33,4 +33,4 @@ COPY rootless-cni-infra /usr/local/bin
ENV CNI_PATH=/opt/cni/bin ENV CNI_PATH=/opt/cni/bin
CMD ["sleep", "infinity"] CMD ["sleep", "infinity"]
ENV ROOTLESS_CNI_INFRA_VERSION=4 ENV ROOTLESS_CNI_INFRA_VERSION=5

12
contrib/rootless-cni-infra/rootless-cni-infra
View File

@ -21,10 +21,10 @@ wait_unshare_net() {
done done
} }
# CLI subcommand: "alloc $CONTAINER_ID $NETWORK_NAME $POD_NAME $IP $MAC" # CLI subcommand: "alloc $CONTAINER_ID $NETWORK_NAME $POD_NAME $IP $MAC $CAP_ARGS"
cmd_entrypoint_alloc() { cmd_entrypoint_alloc() {
if [ "$#" -ne 5 ]; then if [ "$#" -ne 6 ]; then
echo >&2 "Usage: $ARG0 alloc CONTAINER_ID NETWORK_NAME POD_NAME IP MAC" echo >&2 "Usage: $ARG0 alloc CONTAINER_ID NETWORK_NAME POD_NAME IP MAC CAP_ARGS"
exit 1 exit 1
fi fi
@ -33,6 +33,7 @@ cmd_entrypoint_alloc() {
K8S_POD_NAME="$3" K8S_POD_NAME="$3"
IP="$4" IP="$4"
MAC="$5" MAC="$5"
CAP_ARGS="$6"
dir="${BASE}/${ID}" dir="${BASE}/${ID}"
mkdir -p "${dir}/attached" "${dir}/attached-args" mkdir -p "${dir}/attached" "${dir}/attached-args"
@ -54,9 +55,12 @@ cmd_entrypoint_alloc() {
if [ "$MAC" ]; then if [ "$MAC" ]; then
CNI_ARGS="$CNI_ARGS;MAC=${MAC}" CNI_ARGS="$CNI_ARGS;MAC=${MAC}"
fi fi
if [ "$CAP_ARGS" ]; then
CAP_ARGS="$CAP_ARGS"
fi
nwcount=$(find "${dir}/attached" -type f | wc -l) nwcount=$(find "${dir}/attached" -type f | wc -l)
CNI_IFNAME="eth${nwcount}" CNI_IFNAME="eth${nwcount}"
export CNI_ARGS CNI_IFNAME export CNI_ARGS CNI_IFNAME CAP_ARGS
cnitool add "${NET}" "/proc/${pid}/ns/net" >"${dir}/attached/${NET}" cnitool add "${NET}" "/proc/${pid}/ns/net" >"${dir}/attached/${NET}"
echo "${CNI_ARGS}" >"${dir}/attached-args/${NET}" echo "${CNI_ARGS}" >"${dir}/attached-args/${NET}"

25
libpod/rootless_cni_linux.go
View File

@ -25,7 +25,7 @@ import (
// Built from ../contrib/rootless-cni-infra. // Built from ../contrib/rootless-cni-infra.
var rootlessCNIInfraImage = map[string]string{ var rootlessCNIInfraImage = map[string]string{
"amd64": "quay.io/luap99/rootless-cni-infra@sha256:4e9f1e223463a46d9f9b019c0fa8c902494ed34872f75104d985b23812f19683", // 4-amd64 "amd64": "quay.io/libpod/rootless-cni-infra@sha256:adf352454666f7ce9ca3e1098448b5ee18f89c4516471ec99447ec9ece917f36", // 5-amd64
} }
const ( const (
@ -66,10 +66,25 @@ func AllocRootlessCNI(ctx context.Context, c *Container) (ns.NetNS, []*cnitypes.
if c.config.StaticMAC != nil { if c.config.StaticMAC != nil {
mac = c.config.StaticMAC.String() mac = c.config.StaticMAC.String()
} }
aliases, err := c.runtime.state.GetAllNetworkAliases(c)
if err != nil {
return nil, nil, err
}
capArgs := ""
// add network aliases json encoded as capabilityArgs for cni
if len(aliases) > 0 {
capabilityArgs := make(map[string]interface{})
capabilityArgs["aliases"] = aliases
b, err := json.Marshal(capabilityArgs)
if err != nil {
return nil, nil, err
}
capArgs = string(b)
}
cniResults := make([]*cnitypes.Result, len(networks)) cniResults := make([]*cnitypes.Result, len(networks))
for i, nw := range networks { for i, nw := range networks {
cniRes, err := rootlessCNIInfraCallAlloc(infra, c.ID(), nw, k8sPodName, ip, mac) cniRes, err := rootlessCNIInfraCallAlloc(infra, c.ID(), nw, k8sPodName, ip, mac, capArgs)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
@ -146,11 +161,11 @@ func getCNIPodName(c *Container) string {
return c.Name() return c.Name()
} }
func rootlessCNIInfraCallAlloc(infra *Container, id, nw, k8sPodName, ip, mac string) (*cnitypes.Result, error) { func rootlessCNIInfraCallAlloc(infra *Container, id, nw, k8sPodName, ip, mac, capArgs string) (*cnitypes.Result, error) {
logrus.Debugf("rootless CNI: alloc %q, %q, %q, %q, %q", id, nw, k8sPodName, ip, mac) logrus.Debugf("rootless CNI: alloc %q, %q, %q, %q, %q, %q", id, nw, k8sPodName, ip, mac, capArgs)
var err error var err error
_, err = rootlessCNIInfraExec(infra, "alloc", id, nw, k8sPodName, ip, mac) _, err = rootlessCNIInfraExec(infra, "alloc", id, nw, k8sPodName, ip, mac, capArgs)
if err != nil { if err != nil {
return nil, err return nil, err
} }

1
test/e2e/network_test.go
View File

@ -408,7 +408,6 @@ var _ = Describe("Podman network", func() {
Expect(lines[1]).To(Equal(netName2)) Expect(lines[1]).To(Equal(netName2))
}) })
It("podman network with multiple aliases", func() { It("podman network with multiple aliases", func() {
Skip("Until DNSName is updated on our CI images")
var worked bool var worked bool
netName := "aliasTest" + stringid.GenerateNonCryptoID() netName := "aliasTest" + stringid.GenerateNonCryptoID()
session := podmanTest.Podman([]string{"network", "create", netName}) session := podmanTest.Podman([]string{"network", "create", netName})