Support CNI DNS capabilities.
Signed-off-by: Lantao Liu <lantaol@google.com>
This commit is contained in:
Lantao Liu
parent
ff0889fb4d
commit
28aef2fe38
@ -367,15 +367,6 @@ func buildLabels(configLabels map[string]string, containerType string) map[strin
|
||||
return labels
|
||||
}
|
||||
|
||||
func getPodCNILabels(id string, config *runtime.PodSandboxConfig) map[string]string {
|
||||
return map[string]string{
|
||||
"K8S_POD_NAMESPACE": config.GetMetadata().GetNamespace(),
|
||||
"K8S_POD_NAME": config.GetMetadata().GetName(),
|
||||
"K8S_POD_INFRA_CONTAINER_ID": id,
|
||||
"IgnoreUnknown": "1",
|
||||
}
|
||||
}
|
||||
|
||||
// toRuntimeAuthConfig converts cri plugin auth config to runtime auth config.
|
||||
func toRuntimeAuthConfig(a criconfig.AuthConfig) *runtime.AuthConfig {
|
||||
return &runtime.AuthConfig{
|
||||
|
||||
@ -550,22 +550,12 @@ func (c *criService) setupPod(ctx context.Context, id string, path string, confi
|
||||
return "", nil, errors.New("cni config not initialized")
|
||||
}
|
||||
|
||||
labels := getPodCNILabels(id, config)
|
||||
|
||||
// Will return an error if the bandwidth limitation has the wrong unit
|
||||
// or an unreasonable valure see validateBandwidthIsReasonable()
|
||||
bandWidth, err := toCNIBandWidth(config.Annotations)
|
||||
opts, err := cniNamespaceOpts(id, config)
|
||||
if err != nil {
|
||||
return "", nil, errors.Wrap(err, "failed to get bandwidth info from annotations")
|
||||
return "", nil, errors.Wrap(err, "get cni namespace options")
|
||||
}
|
||||
|
||||
result, err := c.netPlugin.Setup(ctx, id,
|
||||
path,
|
||||
cni.WithLabels(labels),
|
||||
cni.WithCapabilityPortMap(toCNIPortMappings(config.GetPortMappings())),
|
||||
cni.WithCapabilityBandWidth(*bandWidth),
|
||||
)
|
||||
|
||||
result, err := c.netPlugin.Setup(ctx, id, path, opts...)
|
||||
if err != nil {
|
||||
return "", nil, err
|
||||
}
|
||||
@ -581,11 +571,54 @@ func (c *criService) setupPod(ctx context.Context, id string, path string, confi
|
||||
return "", result, errors.Errorf("failed to find network info for sandbox %q", id)
|
||||
}
|
||||
|
||||
// cniNamespaceOpts get CNI namespace options from sandbox config.
|
||||
func cniNamespaceOpts(id string, config *runtime.PodSandboxConfig) ([]cni.NamespaceOpts, error) {
|
||||
opts := []cni.NamespaceOpts{
|
||||
cni.WithLabels(toCNILabels(id, config)),
|
||||
}
|
||||
|
||||
portMappings := toCNIPortMappings(config.GetPortMappings())
|
||||
if len(portMappings) > 0 {
|
||||
opts = append(opts, cni.WithCapabilityPortMap(portMappings))
|
||||
}
|
||||
|
||||
// Will return an error if the bandwidth limitation has the wrong unit
|
||||
// or an unreasonable value see validateBandwidthIsReasonable()
|
||||
bandWidth, err := toCNIBandWidth(config.Annotations)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if bandWidth != nil {
|
||||
opts = append(opts, cni.WithCapabilityBandWidth(*bandWidth))
|
||||
}
|
||||
|
||||
dns := toCNIDNS(config.GetDnsConfig())
|
||||
if dns != nil {
|
||||
opts = append(opts, cni.WithCapabilityDNS(*dns))
|
||||
}
|
||||
|
||||
return opts, nil
|
||||
}
|
||||
|
||||
// toCNILabels adds pod metadata into CNI labels.
|
||||
func toCNILabels(id string, config *runtime.PodSandboxConfig) map[string]string {
|
||||
return map[string]string{
|
||||
"K8S_POD_NAMESPACE": config.GetMetadata().GetNamespace(),
|
||||
"K8S_POD_NAME": config.GetMetadata().GetName(),
|
||||
"K8S_POD_INFRA_CONTAINER_ID": id,
|
||||
"IgnoreUnknown": "1",
|
||||
}
|
||||
}
|
||||
|
||||
// toCNIBandWidth converts CRI annotations to CNI bandwidth.
|
||||
func toCNIBandWidth(annotations map[string]string) (*cni.BandWidth, error) {
|
||||
ingress, egress, err := bandwidth.ExtractPodBandwidthResources(annotations)
|
||||
if err != nil {
|
||||
return nil, errors.Errorf("reading pod bandwidth annotations: %v", err)
|
||||
return nil, errors.Wrap(err, "reading pod bandwidth annotations")
|
||||
}
|
||||
|
||||
if ingress == nil && egress == nil {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
bandWidth := &cni.BandWidth{}
|
||||
@ -623,6 +656,18 @@ func toCNIPortMappings(criPortMappings []*runtime.PortMapping) []cni.PortMapping
|
||||
return portMappings
|
||||
}
|
||||
|
||||
// toCNIDNS converts CRI DNSConfig to CNI.
|
||||
func toCNIDNS(dns *runtime.DNSConfig) *cni.DNS {
|
||||
if dns == nil {
|
||||
return nil
|
||||
}
|
||||
return &cni.DNS{
|
||||
Servers: dns.GetServers(),
|
||||
Searches: dns.GetSearches(),
|
||||
Options: dns.GetOptions(),
|
||||
}
|
||||
}
|
||||
|
||||
// selectPodIP select an ip from the ip list. It prefers ipv4 more than ipv6.
|
||||
func selectPodIP(ipConfigs []*cni.IPConfig) string {
|
||||
for _, c := range ipConfigs {
|
||||
|
||||
@ -23,7 +23,6 @@ import (
|
||||
eventtypes "github.com/containerd/containerd/api/events"
|
||||
"github.com/containerd/containerd/errdefs"
|
||||
"github.com/containerd/containerd/log"
|
||||
cni "github.com/containerd/go-cni"
|
||||
"github.com/pkg/errors"
|
||||
"golang.org/x/net/context"
|
||||
runtime "k8s.io/cri-api/pkg/apis/runtime/v1alpha2"
|
||||
@ -162,11 +161,12 @@ func (c *criService) teardownPod(ctx context.Context, id string, path string, co
|
||||
return errors.New("cni config not initialized")
|
||||
}
|
||||
|
||||
labels := getPodCNILabels(id, config)
|
||||
return c.netPlugin.Remove(ctx, id,
|
||||
path,
|
||||
cni.WithLabels(labels),
|
||||
cni.WithCapabilityPortMap(toCNIPortMappings(config.GetPortMappings())))
|
||||
opts, err := cniNamespaceOpts(id, config)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "get cni namespace options")
|
||||
}
|
||||
|
||||
return c.netPlugin.Remove(ctx, id, path, opts...)
|
||||
}
|
||||
|
||||
// cleanupUnknownSandbox cleanup stopped sandbox in unknown state.
|
||||
|
||||
@ -77,4 +77,4 @@ github.com/davecgh/go-spew v1.1.1
|
||||
# cni dependencies
|
||||
github.com/containernetworking/plugins v0.7.6
|
||||
github.com/containernetworking/cni v0.7.1
|
||||
github.com/containerd/go-cni 49fbd9b210f3c8ee3b7fd3cd797aabaf364627c1
|
||||
github.com/containerd/go-cni 0d360c50b10b350b6bb23863fd4dfb1c232b01c9
|
||||
|
||||
8
vendor/github.com/containerd/go-cni/namespace_opts.go
generated
vendored
8
vendor/github.com/containerd/go-cni/namespace_opts.go
generated
vendored
@ -42,6 +42,14 @@ func WithCapabilityBandWidth(bandWidth BandWidth) NamespaceOpts {
|
||||
}
|
||||
}
|
||||
|
||||
// WithCapabilityDNS adds support for dns
|
||||
func WithCapabilityDNS(dns DNS) NamespaceOpts {
|
||||
return func(c *Namespace) error {
|
||||
c.capabilityArgs["dns"] = dns
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
func WithCapability(name string, capability interface{}) NamespaceOpts {
|
||||
return func(c *Namespace) error {
|
||||
c.capabilityArgs[name] = capability
|
||||
|
||||
10
vendor/github.com/containerd/go-cni/types.go
generated
vendored
10
vendor/github.com/containerd/go-cni/types.go
generated
vendored
@ -53,3 +53,13 @@ type BandWidth struct {
|
||||
EgressRate uint64
|
||||
EgressBurst uint64
|
||||
}
|
||||
|
||||
// DNS defines the dns config
|
||||
type DNS struct {
|
||||
// List of DNS servers of the cluster.
|
||||
Servers []string
|
||||
// List of DNS search domains of the cluster.
|
||||
Searches []string
|
||||
// List of DNS options.
|
||||
Options []string
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user