Merge pull request #3486 from openSUSE/ocicni-bump

Vendor latest OCICNI version
2025-06-21 17:38:12 +08:00 · 2019-07-03 16:17:33 +02:00
parent a22a32a0a5 143ed8b826
commit 4712fe009a
6 changed files with 163 additions and 70 deletions
--- a/go.mod
+++ b/go.mod
@ -26,7 +26,7 @@ require (
 	github.com/coreos/go-iptables v0.4.1
 	github.com/coreos/go-semver v0.3.0 // indirect
 	github.com/coreos/go-systemd v0.0.0-20190620071333-e64a0ec8b42a
-	github.com/cri-o/ocicni v0.0.0-20190328132530-0c180f981b27
+	github.com/cri-o/ocicni v0.1.1-0.20190702175919-7762645d18ca
 	github.com/cyphar/filepath-securejoin v0.2.2
 	github.com/davecgh/go-spew v1.1.1
 	github.com/docker/distribution v2.7.1+incompatible
--- a/go.sum
+++ b/go.sum
@ -107,6 +107,8 @@ github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfc
 github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
 github.com/cri-o/ocicni v0.0.0-20190328132530-0c180f981b27 h1:c3yt54JU7t7bzcae8YwI6+TvbWeQWrBfDxYi7zL9XPE=
 github.com/cri-o/ocicni v0.0.0-20190328132530-0c180f981b27/go.mod h1:BO0al9TKber3XUTucLzKgoG5sq8qiOB41H7zSdfw6r8=
+github.com/cri-o/ocicni v0.1.1-0.20190702175919-7762645d18ca h1:CJstDqYy9ClWuPcDHMTCAiUS+ckekluYetGR2iYYWuo=
+github.com/cri-o/ocicni v0.1.1-0.20190702175919-7762645d18ca/go.mod h1:BO0al9TKber3XUTucLzKgoG5sq8qiOB41H7zSdfw6r8=
 github.com/cyphar/filepath-securejoin v0.2.1 h1:5DPkzz/0MwUpvR4fxASKzgApeq2OMFY5FfYtrX28Coo=
 github.com/cyphar/filepath-securejoin v0.2.1/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4=
 github.com/cyphar/filepath-securejoin v0.2.2 h1:jCwT2GTP+PY5nBz3c/YL5PAIbusElVrPujOBSCj8xRg=
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@ -28,21 +28,23 @@ import (

 // Get an OCICNI network config
 func (r *Runtime) getPodNetwork(id, name, nsPath string, networks []string, ports []ocicni.PortMapping, staticIP net.IP) ocicni.PodNetwork {
+	defaultNetwork := r.netPlugin.GetDefaultNetworkName()
 	network := ocicni.PodNetwork{
 		Name:      name,
 		Namespace: name, // TODO is there something else we should put here? We don't know about Kube namespaces
 		ID:        id,
 		NetNS:     nsPath,
-		PortMappings: ports,
 		Networks:  networks,
+		RuntimeConfig: map[string]ocicni.RuntimeConfig{
+			defaultNetwork: {PortMappings: ports},
+		},
 	}

 	if staticIP != nil {
-		defaultNetwork := r.netPlugin.GetDefaultNetworkName()
-
 		network.Networks = []string{defaultNetwork}
-		network.NetworkConfig = make(map[string]ocicni.NetworkConfig)
-		network.NetworkConfig[defaultNetwork] = ocicni.NetworkConfig{IP: staticIP.String()}
+		network.RuntimeConfig = map[string]ocicni.RuntimeConfig{
+			defaultNetwork: {IP: staticIP.String(), PortMappings: ports},
+		}
 	}

 	return network
--- a/vendor/github.com/cri-o/ocicni/pkg/ocicni/ocicni.go
+++ b/vendor/github.com/cri-o/ocicni/pkg/ocicni/ocicni.go
@ -382,7 +382,7 @@ func (plugin *cniNetworkPlugin) Name() string {
 	return CNIPluginName
 }

-func (plugin *cniNetworkPlugin) forEachNetwork(podNetwork *PodNetwork, forEachFunc func(*cniNetwork, string, *PodNetwork) error) error {
+func (plugin *cniNetworkPlugin) forEachNetwork(podNetwork *PodNetwork, forEachFunc func(*cniNetwork, string, *PodNetwork, RuntimeConfig) error) error {
 	networks := podNetwork.Networks
 	if len(networks) == 0 {
 		networks = append(networks, plugin.GetDefaultNetworkName())
@ -395,7 +395,7 @@ func (plugin *cniNetworkPlugin) forEachNetwork(podNetwork *PodNetwork, forEachFu
 			logrus.Errorf(err.Error())
 			return err
 		}
-		if err := forEachFunc(network, ifName, podNetwork); err != nil {
+		if err := forEachFunc(network, ifName, podNetwork, podNetwork.RuntimeConfig[netName]); err != nil {
 			return err
 		}
 	}
@ -410,20 +410,15 @@ func (plugin *cniNetworkPlugin) SetUpPod(podNetwork PodNetwork) ([]cnitypes.Resu
 	plugin.podLock(podNetwork).Lock()
 	defer plugin.podUnlock(podNetwork)

-	_, err := plugin.loNetwork.addToNetwork(plugin.cacheDir, &podNetwork, "lo", "")
+	_, err := plugin.loNetwork.addToNetwork(plugin.cacheDir, &podNetwork, "lo", RuntimeConfig{})
 	if err != nil {
 		logrus.Errorf("Error while adding to cni lo network: %s", err)
 		return nil, err
 	}

 	results := make([]cnitypes.Result, 0)
-	if err := plugin.forEachNetwork(&podNetwork, func(network *cniNetwork, ifName string, podNetwork *PodNetwork) error {
-		ip := ""
-		if conf, ok := podNetwork.NetworkConfig[network.name]; ok {
-			ip = conf.IP
-		}
-
-		result, err := network.addToNetwork(plugin.cacheDir, podNetwork, ifName, ip)
+	if err := plugin.forEachNetwork(&podNetwork, func(network *cniNetwork, ifName string, podNetwork *PodNetwork, runtimeConfig RuntimeConfig) error {
+		result, err := network.addToNetwork(plugin.cacheDir, podNetwork, ifName, runtimeConfig)
 		if err != nil {
 			logrus.Errorf("Error while adding pod to CNI network %q: %s", network.name, err)
 			return err
@ -445,13 +440,8 @@ func (plugin *cniNetworkPlugin) TearDownPod(podNetwork PodNetwork) error {
 	plugin.podLock(podNetwork).Lock()
 	defer plugin.podUnlock(podNetwork)

-	return plugin.forEachNetwork(&podNetwork, func(network *cniNetwork, ifName string, podNetwork *PodNetwork) error {
-		ip := ""
-		if conf, ok := podNetwork.NetworkConfig[network.name]; ok {
-			ip = conf.IP
-		}
-
-		if err := network.deleteFromNetwork(plugin.cacheDir, podNetwork, ifName, ip); err != nil {
+	return plugin.forEachNetwork(&podNetwork, func(network *cniNetwork, ifName string, podNetwork *PodNetwork, runtimeConfig RuntimeConfig) error {
+		if err := network.deleteFromNetwork(plugin.cacheDir, podNetwork, ifName, runtimeConfig); err != nil {
 			logrus.Errorf("Error while removing pod from CNI network %q: %s", network.name, err)
 			return err
 		}
@ -466,35 +456,15 @@ func (plugin *cniNetworkPlugin) GetPodNetworkStatus(podNetwork PodNetwork) ([]cn
 	defer plugin.podUnlock(podNetwork)

 	results := make([]cnitypes.Result, 0)
-	if err := plugin.forEachNetwork(&podNetwork, func(network *cniNetwork, ifName string, podNetwork *PodNetwork) error {
-		version := "4"
-		ip, mac, err := getContainerDetails(plugin.nsManager, podNetwork.NetNS, ifName, "-4")
-		if err != nil {
-			ip, mac, err = getContainerDetails(plugin.nsManager, podNetwork.NetNS, ifName, "-6")
+	if err := plugin.forEachNetwork(&podNetwork, func(network *cniNetwork, ifName string, podNetwork *PodNetwork, runtimeConfig RuntimeConfig) error {
+		result, err := network.checkNetwork(plugin.cacheDir, podNetwork, ifName, runtimeConfig, plugin.nsManager)
 		if err != nil {
+			logrus.Errorf("Error while checking pod to CNI network %q: %s", network.name, err)
 			return err
 		}
-			version = "6"
+		if result != nil {
+			results = append(results, result)
 		}
-
-		// Until CNI's GET request lands, construct the Result manually
-		results = append(results, &cnicurrent.Result{
-			CNIVersion: "0.3.1",
-			Interfaces: []*cnicurrent.Interface{
-				{
-					Name:    ifName,
-					Mac:     mac.String(),
-					Sandbox: podNetwork.NetNS,
-				},
-			},
-			IPs: []*cnicurrent.IPConfig{
-				{
-					Version:   version,
-					Interface: cnicurrent.Int(0),
-					Address:   *ip,
-				},
-			},
-		})
 		return nil
 	}); err != nil {
 		return nil, err
@ -503,8 +473,8 @@ func (plugin *cniNetworkPlugin) GetPodNetworkStatus(podNetwork PodNetwork) ([]cn
 	return results, nil
 }

-func (network *cniNetwork) addToNetwork(cacheDir string, podNetwork *PodNetwork, ifName, ip string) (cnitypes.Result, error) {
-	rt, err := buildCNIRuntimeConf(cacheDir, podNetwork, ifName, ip)
+func (network *cniNetwork) addToNetwork(cacheDir string, podNetwork *PodNetwork, ifName string, runtimeConfig RuntimeConfig) (cnitypes.Result, error) {
+	rt, err := buildCNIRuntimeConf(cacheDir, podNetwork, ifName, runtimeConfig)
 	if err != nil {
 		logrus.Errorf("Error adding network: %v", err)
 		return nil, err
@ -521,8 +491,82 @@ func (network *cniNetwork) addToNetwork(cacheDir string, podNetwork *PodNetwork,
 	return res, nil
 }

-func (network *cniNetwork) deleteFromNetwork(cacheDir string, podNetwork *PodNetwork, ifName, ip string) error {
-	rt, err := buildCNIRuntimeConf(cacheDir, podNetwork, ifName, ip)
+func (network *cniNetwork) checkNetwork(cacheDir string, podNetwork *PodNetwork, ifName string, runtimeConfig RuntimeConfig, nsManager *nsManager) (cnitypes.Result, error) {
+
+	rt, err := buildCNIRuntimeConf(cacheDir, podNetwork, ifName, runtimeConfig)
+	if err != nil {
+		logrus.Errorf("Error checking network: %v", err)
+		return nil, err
+	}
+
+	netconf, cninet := network.NetworkConfig, network.CNIConfig
+	logrus.Infof("About to check CNI network %s (type=%v)", netconf.Name, netconf.Plugins[0].Network.Type)
+
+	gtet, err := cniversion.GreaterThanOrEqualTo(netconf.CNIVersion, "0.4.0")
+	if err != nil {
+		return nil, err
+	}
+
+	var result cnitypes.Result
+
+	// When CNIVersion supports Check, use it.  Otherwise fall back on what was done initially.
+	if gtet {
+		err = cninet.CheckNetworkList(context.Background(), netconf, rt)
+		logrus.Infof("Checking CNI network %s (config version=%v)", netconf.Name, netconf.CNIVersion)
+		if err != nil {
+			logrus.Errorf("Error checking network: %v", err)
+			return nil, err
+		}
+	}
+
+	result, err = cninet.GetNetworkListCachedResult(netconf, rt)
+	if err != nil {
+		logrus.Errorf("Error GetNetworkListCachedResult: %v", err)
+		return nil, err
+	} else if result != nil {
+		return result, nil
+	}
+
+	// result doesn't exist, create one
+	logrus.Infof("Checking CNI network %s (config version=%v) nsManager=%v", netconf.Name, netconf.CNIVersion, nsManager)
+
+	var cniInterface *cnicurrent.Interface
+	ips := []*cnicurrent.IPConfig{}
+	errs := []error{}
+	for _, version := range []string{"4", "6"} {
+		ip, mac, err := getContainerDetails(nsManager, podNetwork.NetNS, ifName, "-"+version)
+		if err == nil {
+			if cniInterface == nil {
+				cniInterface = &cnicurrent.Interface{
+					Name:    ifName,
+					Mac:     mac.String(),
+					Sandbox: podNetwork.NetNS,
+				}
+			}
+			ips = append(ips, &cnicurrent.IPConfig{
+				Version:   version,
+				Interface: cnicurrent.Int(0),
+				Address:   *ip,
+			})
+		} else {
+			errs = append(errs, err)
+		}
+	}
+	if cniInterface == nil || len(ips) == 0 {
+		return nil, fmt.Errorf("neither IPv4 nor IPv6 found when retrieving network status: %v", errs)
+	}
+
+	result = &cnicurrent.Result{
+		CNIVersion: netconf.CNIVersion,
+		Interfaces: []*cnicurrent.Interface{cniInterface},
+		IPs:        ips,
+	}
+
+	return result, nil
+}
+
+func (network *cniNetwork) deleteFromNetwork(cacheDir string, podNetwork *PodNetwork, ifName string, runtimeConfig RuntimeConfig) error {
+	rt, err := buildCNIRuntimeConf(cacheDir, podNetwork, ifName, runtimeConfig)
 	if err != nil {
 		logrus.Errorf("Error deleting network: %v", err)
 		return err
@ -538,7 +582,7 @@ func (network *cniNetwork) deleteFromNetwork(cacheDir string, podNetwork *PodNet
 	return nil
 }

-func buildCNIRuntimeConf(cacheDir string, podNetwork *PodNetwork, ifName, ip string) (*libcni.RuntimeConf, error) {
+func buildCNIRuntimeConf(cacheDir string, podNetwork *PodNetwork, ifName string, runtimeConfig RuntimeConfig) (*libcni.RuntimeConf, error) {
 	logrus.Infof("Got pod network %+v", podNetwork)

 	rt := &libcni.RuntimeConf{
@ -552,9 +596,11 @@ func buildCNIRuntimeConf(cacheDir string, podNetwork *PodNetwork, ifName, ip str
 			{"K8S_POD_NAME", podNetwork.Name},
 			{"K8S_POD_INFRA_CONTAINER_ID", podNetwork.ID},
 		},
+		CapabilityArgs: map[string]interface{}{},
 	}

 	// Add requested static IP to CNI_ARGS
+	ip := runtimeConfig.IP
 	if ip != "" {
 		if tstIP := net.ParseIP(ip); tstIP == nil {
 			return nil, fmt.Errorf("unable to parse IP address %q", ip)
@ -562,13 +608,26 @@ func buildCNIRuntimeConf(cacheDir string, podNetwork *PodNetwork, ifName, ip str
 		rt.Args = append(rt.Args, [2]string{"IP", ip})
 	}

-	if len(podNetwork.PortMappings) == 0 {
-		return rt, nil
+	// Set PortMappings in Capabilities
+	if len(runtimeConfig.PortMappings) != 0 {
+		rt.CapabilityArgs["portMappings"] = runtimeConfig.PortMappings
 	}

-	rt.CapabilityArgs = map[string]interface{}{
-		"portMappings": podNetwork.PortMappings,
+	// Set Bandwidth in Capabilities
+	if runtimeConfig.Bandwidth != nil {
+		rt.CapabilityArgs["bandwidth"] = map[string]uint64{
+			"ingressRate":  runtimeConfig.Bandwidth.IngressRate,
+			"ingressBurst": runtimeConfig.Bandwidth.IngressBurst,
+			"egressRate":   runtimeConfig.Bandwidth.EgressRate,
+			"egressBurst":  runtimeConfig.Bandwidth.EgressBurst,
 		}
+	}
+
+	// Set IpRanges in Capabilities
+	if len(runtimeConfig.IpRanges) > 0 {
+		rt.CapabilityArgs["ipRanges"] = runtimeConfig.IpRanges
+	}
+
 	return rt, nil
 }

--- a/vendor/github.com/cri-o/ocicni/pkg/ocicni/types.go
+++ b/vendor/github.com/cri-o/ocicni/pkg/ocicni/types.go
@ -24,12 +24,44 @@ type PortMapping struct {
 	HostIP string `json:"hostIP"`
 }

-// NetworkConfig is additional configuration for a single CNI network.
-type NetworkConfig struct {
+// IpRange maps to the standard CNI ipRanges Capability
+// see: https://github.com/containernetworking/cni/blob/master/CONVENTIONS.md
+type IpRange struct {
+	// Subnet is the whole CIDR
+	Subnet string `json:"subnet"`
+	// RangeStart is the first available IP in subnet
+	RangeStart string `json:"rangeStart,omitempty"`
+	// RangeEnd is the last available IP in subnet
+	RangeEnd string `json:"rangeEnd,omitempty"`
+	// Gateway is the gateway of subnet
+	Gateway string `json:"gateway,omitempty"`
+}
+
+// RuntimeConfig is additional configuration for a single CNI network that
+// is pod-specific rather than general to the network.
+type RuntimeConfig struct {
 	// IP is a static IP to be specified in the network. Can only be used
 	// with the hostlocal IP allocator. If left unset, an IP will be
 	// dynamically allocated.
 	IP string
+	// PortMappings is the port mapping of the sandbox.
+	PortMappings []PortMapping
+	// Bandwidth is the bandwidth limiting of the pod
+	Bandwidth *BandwidthConfig
+	// IpRanges is the ip range gather which is used for address allocation
+	IpRanges [][]IpRange
+}
+
+// BandwidthConfig maps to the standard CNI bandwidth Capability
+// see: https://github.com/containernetworking/cni/blob/master/CONVENTIONS.md
+type BandwidthConfig struct {
+	// IngressRate is a limit for incoming traffic in bps
+	IngressRate  uint64
+	IngressBurst uint64
+
+	// EgressRate is a limit for outgoing traffic in bps
+	EgressRate  uint64
+	EgressBurst uint64
 }

 // PodNetwork configures the network of a pod sandbox.
@ -42,8 +74,6 @@ type PodNetwork struct {
 	ID string
 	// NetNS is the network namespace path of the sandbox.
 	NetNS string
-	// PortMappings is the port mapping of the sandbox.
-	PortMappings []PortMapping

 	// Networks is a list of CNI network names to attach to the sandbox
 	// Leave this list empty to attach the default network to the sandbox
@ -52,7 +82,7 @@ type PodNetwork struct {
 	// NetworkConfig is configuration specific to a single CNI network.
 	// It is optional, and can be omitted for some or all specified networks
 	// without issue.
-	NetworkConfig map[string]NetworkConfig
+	RuntimeConfig map[string]RuntimeConfig
 }

 // CNIPlugin is the interface that needs to be implemented by a plugin
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -153,7 +153,7 @@ github.com/coreos/go-systemd/sdjournal
 github.com/coreos/go-systemd/journal
 # github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f
 github.com/coreos/pkg/dlopen
-# github.com/cri-o/ocicni v0.0.0-20190328132530-0c180f981b27
+# github.com/cri-o/ocicni v0.1.1-0.20190702175919-7762645d18ca
 github.com/cri-o/ocicni/pkg/ocicni
 # github.com/cyphar/filepath-securejoin v0.2.2
 github.com/cyphar/filepath-securejoin