Provide ability to set lo up without CNI
Signed-off-by: Michael Zappa <michael.zappa@gmail.com>
This commit is contained in:
Michael Zappa
@@ -432,6 +432,8 @@ version = 2
|
|||||||
# * ipv6 - select the first ipv6 address
|
# * ipv6 - select the first ipv6 address
|
||||||
# * cni - use the order returned by the CNI plugins, returning the first IP address from the results
|
# * cni - use the order returned by the CNI plugins, returning the first IP address from the results
|
||||||
ip_pref = "ipv4"
|
ip_pref = "ipv4"
|
||||||
|
# use_internal_loopback specifies if we use the CNI loopback plugin or internal mechanism to set lo to up
|
||||||
|
use_internal_loopback = false
|
||||||
|
|
||||||
# 'plugins."io.containerd.grpc.v1.cri".image_decryption' contains config related
|
# 'plugins."io.containerd.grpc.v1.cri".image_decryption' contains config related
|
||||||
# to handling decryption of encrypted container images.
|
# to handling decryption of encrypted container images.
|
||||||
|
|||||||
@@ -185,6 +185,8 @@ type CniConfig struct {
|
|||||||
// * ipv6 - select the first ipv6 address
|
// * ipv6 - select the first ipv6 address
|
||||||
// * cni - use the order returned by the CNI plugins, returning the first IP address from the results
|
// * cni - use the order returned by the CNI plugins, returning the first IP address from the results
|
||||||
IPPreference string `toml:"ip_pref" json:"ipPref"`
|
IPPreference string `toml:"ip_pref" json:"ipPref"`
|
||||||
|
// UseInternalLoopback specifies if we use the CNI loopback plugin or internal mechanism to set lo to up
|
||||||
|
UseInternalLoopback bool `toml:"use_internal_loopback" json:"useInternalLoopback"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// Mirror contains the config related to the registry mirror
|
// Mirror contains the config related to the registry mirror
|
||||||
|
|||||||
@@ -77,6 +77,7 @@ func DefaultRuntimeConfig() RuntimeConfig {
|
|||||||
NetworkPluginMaxConfNum: 1, // only one CNI plugin config file will be loaded
|
NetworkPluginMaxConfNum: 1, // only one CNI plugin config file will be loaded
|
||||||
NetworkPluginSetupSerially: false,
|
NetworkPluginSetupSerially: false,
|
||||||
NetworkPluginConfTemplate: "",
|
NetworkPluginConfTemplate: "",
|
||||||
|
UseInternalLoopback: false,
|
||||||
},
|
},
|
||||||
ContainerdConfig: ContainerdConfig{
|
ContainerdConfig: ContainerdConfig{
|
||||||
DefaultRuntimeName: "runc",
|
DefaultRuntimeName: "runc",
|
||||||
|
|||||||
@@ -47,6 +47,7 @@ func DefaultRuntimeConfig() RuntimeConfig {
|
|||||||
NetworkPluginMaxConfNum: 1,
|
NetworkPluginMaxConfNum: 1,
|
||||||
NetworkPluginSetupSerially: false,
|
NetworkPluginSetupSerially: false,
|
||||||
NetworkPluginConfTemplate: "",
|
NetworkPluginConfTemplate: "",
|
||||||
|
UseInternalLoopback: false,
|
||||||
},
|
},
|
||||||
ContainerdConfig: ContainerdConfig{
|
ContainerdConfig: ContainerdConfig{
|
||||||
DefaultRuntimeName: "runhcs-wcow-process",
|
DefaultRuntimeName: "runhcs-wcow-process",
|
||||||
|
|||||||
@@ -455,7 +455,12 @@ func (c *criService) setupPodNetwork(ctx context.Context, sandbox *sandboxstore.
|
|||||||
if netPlugin == nil {
|
if netPlugin == nil {
|
||||||
return errors.New("cni config not initialized")
|
return errors.New("cni config not initialized")
|
||||||
}
|
}
|
||||||
|
if c.config.UseInternalLoopback {
|
||||||
|
err := c.bringUpLoopback(path)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("unable to set lo to up: %w", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
opts, err := cniNamespaceOpts(id, config)
|
opts, err := cniNamespaceOpts(id, config)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("get cni namespace options: %w", err)
|
return fmt.Errorf("get cni namespace options: %w", err)
|
||||||
|
|||||||
37
internal/cri/server/sandbox_run_linux.go
Normal file
37
internal/cri/server/sandbox_run_linux.go
Normal file
@@ -0,0 +1,37 @@
|
|||||||
|
/*
|
||||||
|
Copyright The containerd Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package server
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
|
||||||
|
"github.com/containernetworking/plugins/pkg/ns"
|
||||||
|
"github.com/vishvananda/netlink"
|
||||||
|
)
|
||||||
|
|
||||||
|
func (c *criService) bringUpLoopback(netns string) error {
|
||||||
|
if err := ns.WithNetNSPath(netns, func(_ ns.NetNS) error {
|
||||||
|
link, err := netlink.LinkByName("lo")
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
return netlink.LinkSetUp(link)
|
||||||
|
}); err != nil {
|
||||||
|
return fmt.Errorf("error setting loopback interface up: %w", err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
23
internal/cri/server/sandbox_run_other.go
Normal file
23
internal/cri/server/sandbox_run_other.go
Normal file
@@ -0,0 +1,23 @@
|
|||||||
|
//go:build !windows && !linux
|
||||||
|
|
||||||
|
/*
|
||||||
|
Copyright The containerd Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package server
|
||||||
|
|
||||||
|
func (c *criService) bringUpLoopback(string) error {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
21
internal/cri/server/sandbox_run_windows.go
Normal file
21
internal/cri/server/sandbox_run_windows.go
Normal file
@@ -0,0 +1,21 @@
|
|||||||
|
/*
|
||||||
|
Copyright The containerd Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package server
|
||||||
|
|
||||||
|
func (c *criService) bringUpLoopback(string) error {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
@@ -37,10 +37,6 @@ func init() {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// networkAttachCount is the minimum number of networks the PodSandbox
|
|
||||||
// attaches to
|
|
||||||
const networkAttachCount = 2
|
|
||||||
|
|
||||||
// initPlatform handles linux specific initialization for the CRI service.
|
// initPlatform handles linux specific initialization for the CRI service.
|
||||||
func (c *criService) initPlatform() (err error) {
|
func (c *criService) initPlatform() (err error) {
|
||||||
if userns.RunningInUserNS() {
|
if userns.RunningInUserNS() {
|
||||||
@@ -69,6 +65,12 @@ func (c *criService) initPlatform() (err error) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
networkAttachCount := 2
|
||||||
|
|
||||||
|
if c.Config().UseInternalLoopback {
|
||||||
|
networkAttachCount = 1
|
||||||
|
}
|
||||||
|
|
||||||
c.netPlugin = make(map[string]cni.CNI)
|
c.netPlugin = make(map[string]cni.CNI)
|
||||||
for name, dir := range pluginDirs {
|
for name, dir := range pluginDirs {
|
||||||
max := c.config.NetworkPluginMaxConfNum
|
max := c.config.NetworkPluginMaxConfNum
|
||||||
@@ -78,9 +80,10 @@ func (c *criService) initPlatform() (err error) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
// Pod needs to attach to at least loopback network and a non host network,
|
// Pod needs to attach to at least loopback network and a non host network,
|
||||||
// hence networkAttachCount is 2. If there are more network configs the
|
// hence networkAttachCount is 2 if the CNI plugin is used and
|
||||||
// pod will be attached to all the networks but we will only use the ip
|
// 1 if the internal mechanism for setting lo to up is used.
|
||||||
// of the default network interface as the pod IP.
|
// If there are more network configs the pod will be attached to all the networks
|
||||||
|
// but we will only use the ip of the default network interface as the pod IP.
|
||||||
i, err := cni.New(cni.WithMinNetworkCount(networkAttachCount),
|
i, err := cni.New(cni.WithMinNetworkCount(networkAttachCount),
|
||||||
cni.WithPluginConfDir(dir),
|
cni.WithPluginConfDir(dir),
|
||||||
cni.WithPluginMaxConfNum(max),
|
cni.WithPluginMaxConfNum(max),
|
||||||
@@ -110,5 +113,9 @@ func (c *criService) initPlatform() (err error) {
|
|||||||
|
|
||||||
// cniLoadOptions returns cni load options for the linux.
|
// cniLoadOptions returns cni load options for the linux.
|
||||||
func (c *criService) cniLoadOptions() []cni.Opt {
|
func (c *criService) cniLoadOptions() []cni.Opt {
|
||||||
|
if c.config.UseInternalLoopback {
|
||||||
|
return []cni.Opt{cni.WithDefaultConf}
|
||||||
|
}
|
||||||
|
|
||||||
return []cni.Opt{cni.WithLoNetwork, cni.WithDefaultConf}
|
return []cni.Opt{cni.WithLoNetwork, cni.WithDefaultConf}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user