From 28aef2fe38b437934657ace2c8de972b459c505b Mon Sep 17 00:00:00 2001
From: Lantao Liu <lantaol@google.com>
Date: Wed, 21 Aug 2019 17:11:56 -0700
Subject: [PATCH] Support CNI DNS capabilities.

Signed-off-by: Lantao Liu <lantaol@google.com>
---
 pkg/server/helpers.go                         |  9 ---
 pkg/server/sandbox_run.go                     | 73 +++++++++++++++----
 pkg/server/sandbox_stop.go                    | 12 +--
 vendor.conf                                   |  2 +-
 .../containerd/go-cni/namespace_opts.go       |  8 ++
 vendor/github.com/containerd/go-cni/types.go  | 10 +++
 6 files changed, 84 insertions(+), 30 deletions(-)

diff --git a/pkg/server/helpers.go b/pkg/server/helpers.go
index 1d1565704..f6a530472 100644
--- a/pkg/server/helpers.go
+++ b/pkg/server/helpers.go
@@ -367,15 +367,6 @@ func buildLabels(configLabels map[string]string, containerType string) map[strin
 	return labels
 }
 
-func getPodCNILabels(id string, config *runtime.PodSandboxConfig) map[string]string {
-	return map[string]string{
-		"K8S_POD_NAMESPACE":          config.GetMetadata().GetNamespace(),
-		"K8S_POD_NAME":               config.GetMetadata().GetName(),
-		"K8S_POD_INFRA_CONTAINER_ID": id,
-		"IgnoreUnknown":              "1",
-	}
-}
-
 // toRuntimeAuthConfig converts cri plugin auth config to runtime auth config.
 func toRuntimeAuthConfig(a criconfig.AuthConfig) *runtime.AuthConfig {
 	return &runtime.AuthConfig{
diff --git a/pkg/server/sandbox_run.go b/pkg/server/sandbox_run.go
index 39e03a116..761af9e46 100644
--- a/pkg/server/sandbox_run.go
+++ b/pkg/server/sandbox_run.go
@@ -550,22 +550,12 @@ func (c *criService) setupPod(ctx context.Context, id string, path string, confi
 		return "", nil, errors.New("cni config not initialized")
 	}
 
-	labels := getPodCNILabels(id, config)
-
-	// Will return an error if the bandwidth limitation has the wrong unit
-	// or an unreasonable valure see validateBandwidthIsReasonable()
-	bandWidth, err := toCNIBandWidth(config.Annotations)
+	opts, err := cniNamespaceOpts(id, config)
 	if err != nil {
-		return "", nil, errors.Wrap(err, "failed to get bandwidth info from annotations")
+		return "", nil, errors.Wrap(err, "get cni namespace options")
 	}
 
-	result, err := c.netPlugin.Setup(ctx, id,
-		path,
-		cni.WithLabels(labels),
-		cni.WithCapabilityPortMap(toCNIPortMappings(config.GetPortMappings())),
-		cni.WithCapabilityBandWidth(*bandWidth),
-	)
-
+	result, err := c.netPlugin.Setup(ctx, id, path, opts...)
 	if err != nil {
 		return "", nil, err
 	}
@@ -581,11 +571,54 @@ func (c *criService) setupPod(ctx context.Context, id string, path string, confi
 	return "", result, errors.Errorf("failed to find network info for sandbox %q", id)
 }
 
+// cniNamespaceOpts get CNI namespace options from sandbox config.
+func cniNamespaceOpts(id string, config *runtime.PodSandboxConfig) ([]cni.NamespaceOpts, error) {
+	opts := []cni.NamespaceOpts{
+		cni.WithLabels(toCNILabels(id, config)),
+	}
+
+	portMappings := toCNIPortMappings(config.GetPortMappings())
+	if len(portMappings) > 0 {
+		opts = append(opts, cni.WithCapabilityPortMap(portMappings))
+	}
+
+	// Will return an error if the bandwidth limitation has the wrong unit
+	// or an unreasonable value see validateBandwidthIsReasonable()
+	bandWidth, err := toCNIBandWidth(config.Annotations)
+	if err != nil {
+		return nil, err
+	}
+	if bandWidth != nil {
+		opts = append(opts, cni.WithCapabilityBandWidth(*bandWidth))
+	}
+
+	dns := toCNIDNS(config.GetDnsConfig())
+	if dns != nil {
+		opts = append(opts, cni.WithCapabilityDNS(*dns))
+	}
+
+	return opts, nil
+}
+
+// toCNILabels adds pod metadata into CNI labels.
+func toCNILabels(id string, config *runtime.PodSandboxConfig) map[string]string {
+	return map[string]string{
+		"K8S_POD_NAMESPACE":          config.GetMetadata().GetNamespace(),
+		"K8S_POD_NAME":               config.GetMetadata().GetName(),
+		"K8S_POD_INFRA_CONTAINER_ID": id,
+		"IgnoreUnknown":              "1",
+	}
+}
+
 // toCNIBandWidth converts CRI annotations to CNI bandwidth.
 func toCNIBandWidth(annotations map[string]string) (*cni.BandWidth, error) {
 	ingress, egress, err := bandwidth.ExtractPodBandwidthResources(annotations)
 	if err != nil {
-		return nil, errors.Errorf("reading pod bandwidth annotations: %v", err)
+		return nil, errors.Wrap(err, "reading pod bandwidth annotations")
+	}
+
+	if ingress == nil && egress == nil {
+		return nil, nil
 	}
 
 	bandWidth := &cni.BandWidth{}
@@ -623,6 +656,18 @@ func toCNIPortMappings(criPortMappings []*runtime.PortMapping) []cni.PortMapping
 	return portMappings
 }
 
+// toCNIDNS converts CRI DNSConfig to CNI.
+func toCNIDNS(dns *runtime.DNSConfig) *cni.DNS {
+	if dns == nil {
+		return nil
+	}
+	return &cni.DNS{
+		Servers:  dns.GetServers(),
+		Searches: dns.GetSearches(),
+		Options:  dns.GetOptions(),
+	}
+}
+
 // selectPodIP select an ip from the ip list. It prefers ipv4 more than ipv6.
 func selectPodIP(ipConfigs []*cni.IPConfig) string {
 	for _, c := range ipConfigs {
diff --git a/pkg/server/sandbox_stop.go b/pkg/server/sandbox_stop.go
index 0796f5cfd..60756fee0 100644
--- a/pkg/server/sandbox_stop.go
+++ b/pkg/server/sandbox_stop.go
@@ -23,7 +23,6 @@ import (
 	eventtypes "github.com/containerd/containerd/api/events"
 	"github.com/containerd/containerd/errdefs"
 	"github.com/containerd/containerd/log"
-	cni "github.com/containerd/go-cni"
 	"github.com/pkg/errors"
 	"golang.org/x/net/context"
 	runtime "k8s.io/cri-api/pkg/apis/runtime/v1alpha2"
@@ -162,11 +161,12 @@ func (c *criService) teardownPod(ctx context.Context, id string, path string, co
 		return errors.New("cni config not initialized")
 	}
 
-	labels := getPodCNILabels(id, config)
-	return c.netPlugin.Remove(ctx, id,
-		path,
-		cni.WithLabels(labels),
-		cni.WithCapabilityPortMap(toCNIPortMappings(config.GetPortMappings())))
+	opts, err := cniNamespaceOpts(id, config)
+	if err != nil {
+		return errors.Wrap(err, "get cni namespace options")
+	}
+
+	return c.netPlugin.Remove(ctx, id, path, opts...)
 }
 
 // cleanupUnknownSandbox cleanup stopped sandbox in unknown state.
diff --git a/vendor.conf b/vendor.conf
index efe3b0910..6210e9f2b 100644
--- a/vendor.conf
+++ b/vendor.conf
@@ -77,4 +77,4 @@ github.com/davecgh/go-spew v1.1.1
 # cni dependencies
 github.com/containernetworking/plugins v0.7.6
 github.com/containernetworking/cni v0.7.1
-github.com/containerd/go-cni 49fbd9b210f3c8ee3b7fd3cd797aabaf364627c1
+github.com/containerd/go-cni 0d360c50b10b350b6bb23863fd4dfb1c232b01c9
diff --git a/vendor/github.com/containerd/go-cni/namespace_opts.go b/vendor/github.com/containerd/go-cni/namespace_opts.go
index e8092e85e..1fad5f69a 100644
--- a/vendor/github.com/containerd/go-cni/namespace_opts.go
+++ b/vendor/github.com/containerd/go-cni/namespace_opts.go
@@ -42,6 +42,14 @@ func WithCapabilityBandWidth(bandWidth BandWidth) NamespaceOpts {
 	}
 }
 
+// WithCapabilityDNS adds support for dns
+func WithCapabilityDNS(dns DNS) NamespaceOpts {
+	return func(c *Namespace) error {
+		c.capabilityArgs["dns"] = dns
+		return nil
+	}
+}
+
 func WithCapability(name string, capability interface{}) NamespaceOpts {
 	return func(c *Namespace) error {
 		c.capabilityArgs[name] = capability
diff --git a/vendor/github.com/containerd/go-cni/types.go b/vendor/github.com/containerd/go-cni/types.go
index 8583050e4..0b7db1ee0 100644
--- a/vendor/github.com/containerd/go-cni/types.go
+++ b/vendor/github.com/containerd/go-cni/types.go
@@ -53,3 +53,13 @@ type BandWidth struct {
 	EgressRate   uint64
 	EgressBurst  uint64
 }
+
+// DNS defines the dns config
+type DNS struct {
+	// List of DNS servers of the cluster.
+	Servers []string
+	// List of DNS search domains of the cluster.
+	Searches []string
+	// List of DNS options.
+	Options []string
+}