Merge pull request #3486 from openSUSE/ocicni-bump

Vendor latest OCICNI version
This commit is contained in:
OpenShift Merge Robot
2019-07-03 16:17:33 +02:00
committed by GitHub
6 changed files with 163 additions and 70 deletions

2
go.mod
View File

@ -26,7 +26,7 @@ require (
github.com/coreos/go-iptables v0.4.1
github.com/coreos/go-semver v0.3.0 // indirect
github.com/coreos/go-systemd v0.0.0-20190620071333-e64a0ec8b42a
github.com/cri-o/ocicni v0.0.0-20190328132530-0c180f981b27
github.com/cri-o/ocicni v0.1.1-0.20190702175919-7762645d18ca
github.com/cyphar/filepath-securejoin v0.2.2
github.com/davecgh/go-spew v1.1.1
github.com/docker/distribution v2.7.1+incompatible

2
go.sum
View File

@ -107,6 +107,8 @@ github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfc
github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
github.com/cri-o/ocicni v0.0.0-20190328132530-0c180f981b27 h1:c3yt54JU7t7bzcae8YwI6+TvbWeQWrBfDxYi7zL9XPE=
github.com/cri-o/ocicni v0.0.0-20190328132530-0c180f981b27/go.mod h1:BO0al9TKber3XUTucLzKgoG5sq8qiOB41H7zSdfw6r8=
github.com/cri-o/ocicni v0.1.1-0.20190702175919-7762645d18ca h1:CJstDqYy9ClWuPcDHMTCAiUS+ckekluYetGR2iYYWuo=
github.com/cri-o/ocicni v0.1.1-0.20190702175919-7762645d18ca/go.mod h1:BO0al9TKber3XUTucLzKgoG5sq8qiOB41H7zSdfw6r8=
github.com/cyphar/filepath-securejoin v0.2.1 h1:5DPkzz/0MwUpvR4fxASKzgApeq2OMFY5FfYtrX28Coo=
github.com/cyphar/filepath-securejoin v0.2.1/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4=
github.com/cyphar/filepath-securejoin v0.2.2 h1:jCwT2GTP+PY5nBz3c/YL5PAIbusElVrPujOBSCj8xRg=

View File

@ -28,21 +28,23 @@ import (
// Get an OCICNI network config
func (r *Runtime) getPodNetwork(id, name, nsPath string, networks []string, ports []ocicni.PortMapping, staticIP net.IP) ocicni.PodNetwork {
defaultNetwork := r.netPlugin.GetDefaultNetworkName()
network := ocicni.PodNetwork{
Name: name,
Namespace: name, // TODO is there something else we should put here? We don't know about Kube namespaces
ID: id,
NetNS: nsPath,
PortMappings: ports,
Networks: networks,
RuntimeConfig: map[string]ocicni.RuntimeConfig{
defaultNetwork: {PortMappings: ports},
},
}
if staticIP != nil {
defaultNetwork := r.netPlugin.GetDefaultNetworkName()
network.Networks = []string{defaultNetwork}
network.NetworkConfig = make(map[string]ocicni.NetworkConfig)
network.NetworkConfig[defaultNetwork] = ocicni.NetworkConfig{IP: staticIP.String()}
network.RuntimeConfig = map[string]ocicni.RuntimeConfig{
defaultNetwork: {IP: staticIP.String(), PortMappings: ports},
}
}
return network

View File

@ -382,7 +382,7 @@ func (plugin *cniNetworkPlugin) Name() string {
return CNIPluginName
}
func (plugin *cniNetworkPlugin) forEachNetwork(podNetwork *PodNetwork, forEachFunc func(*cniNetwork, string, *PodNetwork) error) error {
func (plugin *cniNetworkPlugin) forEachNetwork(podNetwork *PodNetwork, forEachFunc func(*cniNetwork, string, *PodNetwork, RuntimeConfig) error) error {
networks := podNetwork.Networks
if len(networks) == 0 {
networks = append(networks, plugin.GetDefaultNetworkName())
@ -395,7 +395,7 @@ func (plugin *cniNetworkPlugin) forEachNetwork(podNetwork *PodNetwork, forEachFu
logrus.Errorf(err.Error())
return err
}
if err := forEachFunc(network, ifName, podNetwork); err != nil {
if err := forEachFunc(network, ifName, podNetwork, podNetwork.RuntimeConfig[netName]); err != nil {
return err
}
}
@ -410,20 +410,15 @@ func (plugin *cniNetworkPlugin) SetUpPod(podNetwork PodNetwork) ([]cnitypes.Resu
plugin.podLock(podNetwork).Lock()
defer plugin.podUnlock(podNetwork)
_, err := plugin.loNetwork.addToNetwork(plugin.cacheDir, &podNetwork, "lo", "")
_, err := plugin.loNetwork.addToNetwork(plugin.cacheDir, &podNetwork, "lo", RuntimeConfig{})
if err != nil {
logrus.Errorf("Error while adding to cni lo network: %s", err)
return nil, err
}
results := make([]cnitypes.Result, 0)
if err := plugin.forEachNetwork(&podNetwork, func(network *cniNetwork, ifName string, podNetwork *PodNetwork) error {
ip := ""
if conf, ok := podNetwork.NetworkConfig[network.name]; ok {
ip = conf.IP
}
result, err := network.addToNetwork(plugin.cacheDir, podNetwork, ifName, ip)
if err := plugin.forEachNetwork(&podNetwork, func(network *cniNetwork, ifName string, podNetwork *PodNetwork, runtimeConfig RuntimeConfig) error {
result, err := network.addToNetwork(plugin.cacheDir, podNetwork, ifName, runtimeConfig)
if err != nil {
logrus.Errorf("Error while adding pod to CNI network %q: %s", network.name, err)
return err
@ -445,13 +440,8 @@ func (plugin *cniNetworkPlugin) TearDownPod(podNetwork PodNetwork) error {
plugin.podLock(podNetwork).Lock()
defer plugin.podUnlock(podNetwork)
return plugin.forEachNetwork(&podNetwork, func(network *cniNetwork, ifName string, podNetwork *PodNetwork) error {
ip := ""
if conf, ok := podNetwork.NetworkConfig[network.name]; ok {
ip = conf.IP
}
if err := network.deleteFromNetwork(plugin.cacheDir, podNetwork, ifName, ip); err != nil {
return plugin.forEachNetwork(&podNetwork, func(network *cniNetwork, ifName string, podNetwork *PodNetwork, runtimeConfig RuntimeConfig) error {
if err := network.deleteFromNetwork(plugin.cacheDir, podNetwork, ifName, runtimeConfig); err != nil {
logrus.Errorf("Error while removing pod from CNI network %q: %s", network.name, err)
return err
}
@ -466,35 +456,15 @@ func (plugin *cniNetworkPlugin) GetPodNetworkStatus(podNetwork PodNetwork) ([]cn
defer plugin.podUnlock(podNetwork)
results := make([]cnitypes.Result, 0)
if err := plugin.forEachNetwork(&podNetwork, func(network *cniNetwork, ifName string, podNetwork *PodNetwork) error {
version := "4"
ip, mac, err := getContainerDetails(plugin.nsManager, podNetwork.NetNS, ifName, "-4")
if err != nil {
ip, mac, err = getContainerDetails(plugin.nsManager, podNetwork.NetNS, ifName, "-6")
if err := plugin.forEachNetwork(&podNetwork, func(network *cniNetwork, ifName string, podNetwork *PodNetwork, runtimeConfig RuntimeConfig) error {
result, err := network.checkNetwork(plugin.cacheDir, podNetwork, ifName, runtimeConfig, plugin.nsManager)
if err != nil {
logrus.Errorf("Error while checking pod to CNI network %q: %s", network.name, err)
return err
}
version = "6"
if result != nil {
results = append(results, result)
}
// Until CNI's GET request lands, construct the Result manually
results = append(results, &cnicurrent.Result{
CNIVersion: "0.3.1",
Interfaces: []*cnicurrent.Interface{
{
Name: ifName,
Mac: mac.String(),
Sandbox: podNetwork.NetNS,
},
},
IPs: []*cnicurrent.IPConfig{
{
Version: version,
Interface: cnicurrent.Int(0),
Address: *ip,
},
},
})
return nil
}); err != nil {
return nil, err
@ -503,8 +473,8 @@ func (plugin *cniNetworkPlugin) GetPodNetworkStatus(podNetwork PodNetwork) ([]cn
return results, nil
}
func (network *cniNetwork) addToNetwork(cacheDir string, podNetwork *PodNetwork, ifName, ip string) (cnitypes.Result, error) {
rt, err := buildCNIRuntimeConf(cacheDir, podNetwork, ifName, ip)
func (network *cniNetwork) addToNetwork(cacheDir string, podNetwork *PodNetwork, ifName string, runtimeConfig RuntimeConfig) (cnitypes.Result, error) {
rt, err := buildCNIRuntimeConf(cacheDir, podNetwork, ifName, runtimeConfig)
if err != nil {
logrus.Errorf("Error adding network: %v", err)
return nil, err
@ -521,8 +491,82 @@ func (network *cniNetwork) addToNetwork(cacheDir string, podNetwork *PodNetwork,
return res, nil
}
func (network *cniNetwork) deleteFromNetwork(cacheDir string, podNetwork *PodNetwork, ifName, ip string) error {
rt, err := buildCNIRuntimeConf(cacheDir, podNetwork, ifName, ip)
func (network *cniNetwork) checkNetwork(cacheDir string, podNetwork *PodNetwork, ifName string, runtimeConfig RuntimeConfig, nsManager *nsManager) (cnitypes.Result, error) {
rt, err := buildCNIRuntimeConf(cacheDir, podNetwork, ifName, runtimeConfig)
if err != nil {
logrus.Errorf("Error checking network: %v", err)
return nil, err
}
netconf, cninet := network.NetworkConfig, network.CNIConfig
logrus.Infof("About to check CNI network %s (type=%v)", netconf.Name, netconf.Plugins[0].Network.Type)
gtet, err := cniversion.GreaterThanOrEqualTo(netconf.CNIVersion, "0.4.0")
if err != nil {
return nil, err
}
var result cnitypes.Result
// When CNIVersion supports Check, use it. Otherwise fall back on what was done initially.
if gtet {
err = cninet.CheckNetworkList(context.Background(), netconf, rt)
logrus.Infof("Checking CNI network %s (config version=%v)", netconf.Name, netconf.CNIVersion)
if err != nil {
logrus.Errorf("Error checking network: %v", err)
return nil, err
}
}
result, err = cninet.GetNetworkListCachedResult(netconf, rt)
if err != nil {
logrus.Errorf("Error GetNetworkListCachedResult: %v", err)
return nil, err
} else if result != nil {
return result, nil
}
// result doesn't exist, create one
logrus.Infof("Checking CNI network %s (config version=%v) nsManager=%v", netconf.Name, netconf.CNIVersion, nsManager)
var cniInterface *cnicurrent.Interface
ips := []*cnicurrent.IPConfig{}
errs := []error{}
for _, version := range []string{"4", "6"} {
ip, mac, err := getContainerDetails(nsManager, podNetwork.NetNS, ifName, "-"+version)
if err == nil {
if cniInterface == nil {
cniInterface = &cnicurrent.Interface{
Name: ifName,
Mac: mac.String(),
Sandbox: podNetwork.NetNS,
}
}
ips = append(ips, &cnicurrent.IPConfig{
Version: version,
Interface: cnicurrent.Int(0),
Address: *ip,
})
} else {
errs = append(errs, err)
}
}
if cniInterface == nil || len(ips) == 0 {
return nil, fmt.Errorf("neither IPv4 nor IPv6 found when retrieving network status: %v", errs)
}
result = &cnicurrent.Result{
CNIVersion: netconf.CNIVersion,
Interfaces: []*cnicurrent.Interface{cniInterface},
IPs: ips,
}
return result, nil
}
func (network *cniNetwork) deleteFromNetwork(cacheDir string, podNetwork *PodNetwork, ifName string, runtimeConfig RuntimeConfig) error {
rt, err := buildCNIRuntimeConf(cacheDir, podNetwork, ifName, runtimeConfig)
if err != nil {
logrus.Errorf("Error deleting network: %v", err)
return err
@ -538,7 +582,7 @@ func (network *cniNetwork) deleteFromNetwork(cacheDir string, podNetwork *PodNet
return nil
}
func buildCNIRuntimeConf(cacheDir string, podNetwork *PodNetwork, ifName, ip string) (*libcni.RuntimeConf, error) {
func buildCNIRuntimeConf(cacheDir string, podNetwork *PodNetwork, ifName string, runtimeConfig RuntimeConfig) (*libcni.RuntimeConf, error) {
logrus.Infof("Got pod network %+v", podNetwork)
rt := &libcni.RuntimeConf{
@ -552,9 +596,11 @@ func buildCNIRuntimeConf(cacheDir string, podNetwork *PodNetwork, ifName, ip str
{"K8S_POD_NAME", podNetwork.Name},
{"K8S_POD_INFRA_CONTAINER_ID", podNetwork.ID},
},
CapabilityArgs: map[string]interface{}{},
}
// Add requested static IP to CNI_ARGS
ip := runtimeConfig.IP
if ip != "" {
if tstIP := net.ParseIP(ip); tstIP == nil {
return nil, fmt.Errorf("unable to parse IP address %q", ip)
@ -562,13 +608,26 @@ func buildCNIRuntimeConf(cacheDir string, podNetwork *PodNetwork, ifName, ip str
rt.Args = append(rt.Args, [2]string{"IP", ip})
}
if len(podNetwork.PortMappings) == 0 {
return rt, nil
// Set PortMappings in Capabilities
if len(runtimeConfig.PortMappings) != 0 {
rt.CapabilityArgs["portMappings"] = runtimeConfig.PortMappings
}
rt.CapabilityArgs = map[string]interface{}{
"portMappings": podNetwork.PortMappings,
// Set Bandwidth in Capabilities
if runtimeConfig.Bandwidth != nil {
rt.CapabilityArgs["bandwidth"] = map[string]uint64{
"ingressRate": runtimeConfig.Bandwidth.IngressRate,
"ingressBurst": runtimeConfig.Bandwidth.IngressBurst,
"egressRate": runtimeConfig.Bandwidth.EgressRate,
"egressBurst": runtimeConfig.Bandwidth.EgressBurst,
}
}
// Set IpRanges in Capabilities
if len(runtimeConfig.IpRanges) > 0 {
rt.CapabilityArgs["ipRanges"] = runtimeConfig.IpRanges
}
return rt, nil
}

View File

@ -24,12 +24,44 @@ type PortMapping struct {
HostIP string `json:"hostIP"`
}
// NetworkConfig is additional configuration for a single CNI network.
type NetworkConfig struct {
// IpRange maps to the standard CNI ipRanges Capability
// see: https://github.com/containernetworking/cni/blob/master/CONVENTIONS.md
type IpRange struct {
// Subnet is the whole CIDR
Subnet string `json:"subnet"`
// RangeStart is the first available IP in subnet
RangeStart string `json:"rangeStart,omitempty"`
// RangeEnd is the last available IP in subnet
RangeEnd string `json:"rangeEnd,omitempty"`
// Gateway is the gateway of subnet
Gateway string `json:"gateway,omitempty"`
}
// RuntimeConfig is additional configuration for a single CNI network that
// is pod-specific rather than general to the network.
type RuntimeConfig struct {
// IP is a static IP to be specified in the network. Can only be used
// with the hostlocal IP allocator. If left unset, an IP will be
// dynamically allocated.
IP string
// PortMappings is the port mapping of the sandbox.
PortMappings []PortMapping
// Bandwidth is the bandwidth limiting of the pod
Bandwidth *BandwidthConfig
// IpRanges is the ip range gather which is used for address allocation
IpRanges [][]IpRange
}
// BandwidthConfig maps to the standard CNI bandwidth Capability
// see: https://github.com/containernetworking/cni/blob/master/CONVENTIONS.md
type BandwidthConfig struct {
// IngressRate is a limit for incoming traffic in bps
IngressRate uint64
IngressBurst uint64
// EgressRate is a limit for outgoing traffic in bps
EgressRate uint64
EgressBurst uint64
}
// PodNetwork configures the network of a pod sandbox.
@ -42,8 +74,6 @@ type PodNetwork struct {
ID string
// NetNS is the network namespace path of the sandbox.
NetNS string
// PortMappings is the port mapping of the sandbox.
PortMappings []PortMapping
// Networks is a list of CNI network names to attach to the sandbox
// Leave this list empty to attach the default network to the sandbox
@ -52,7 +82,7 @@ type PodNetwork struct {
// NetworkConfig is configuration specific to a single CNI network.
// It is optional, and can be omitted for some or all specified networks
// without issue.
NetworkConfig map[string]NetworkConfig
RuntimeConfig map[string]RuntimeConfig
}
// CNIPlugin is the interface that needs to be implemented by a plugin

2
vendor/modules.txt vendored
View File

@ -153,7 +153,7 @@ github.com/coreos/go-systemd/sdjournal
github.com/coreos/go-systemd/journal
# github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f
github.com/coreos/pkg/dlopen
# github.com/cri-o/ocicni v0.0.0-20190328132530-0c180f981b27
# github.com/cri-o/ocicni v0.1.1-0.20190702175919-7762645d18ca
github.com/cri-o/ocicni/pkg/ocicni
# github.com/cyphar/filepath-securejoin v0.2.2
github.com/cyphar/filepath-securejoin