Provide ability to set lo up without CNI

Signed-off-by: Michael Zappa <michael.zappa@gmail.com>
2024-05-16 09:31:38 -06:00 · 2024-05-16 09:31:38 -06:00 · 332caf1a15
commit 332caf1a15
parent a673c3452a
9 changed files with 107 additions and 8 deletions
--- a/docs/cri/config.md
+++ b/docs/cri/config.md
@ -432,6 +432,8 @@ version = 2
    # * ipv6 - select the first ipv6 address
    # * cni - use the order returned by the CNI plugins, returning the first IP address from the results
    ip_pref = "ipv4"
    # use_internal_loopback specifies if we use the CNI loopback plugin or internal mechanism to set lo to up
    use_internal_loopback = false
  # 'plugins."io.containerd.grpc.v1.cri".image_decryption' contains config related
  # to handling decryption of encrypted container images.
--- a/internal/cri/config/config.go
+++ b/internal/cri/config/config.go
@ -185,6 +185,8 @@ type CniConfig struct {
 	// * ipv6 - select the first ipv6 address
 	// * cni - use the order returned by the CNI plugins, returning the first IP address from the results
 	IPPreference string `toml:"ip_pref" json:"ipPref"`
 	// UseInternalLoopback specifies if we use the CNI loopback plugin or internal mechanism to set lo to up
 	UseInternalLoopback bool `toml:"use_internal_loopback" json:"useInternalLoopback"`
 }
 // Mirror contains the config related to the registry mirror
--- a/internal/cri/config/config_unix.go
+++ b/internal/cri/config/config_unix.go
@ -77,6 +77,7 @@ func DefaultRuntimeConfig() RuntimeConfig {
 			NetworkPluginMaxConfNum:    1, // only one CNI plugin config file will be loaded
 			NetworkPluginSetupSerially: false,
 			NetworkPluginConfTemplate:  "",
 			UseInternalLoopback:        false,
 		},
 		ContainerdConfig: ContainerdConfig{
 			DefaultRuntimeName: "runc",
--- a/internal/cri/config/config_windows.go
+++ b/internal/cri/config/config_windows.go
@ -47,6 +47,7 @@ func DefaultRuntimeConfig() RuntimeConfig {
 			NetworkPluginMaxConfNum:    1,
 			NetworkPluginSetupSerially: false,
 			NetworkPluginConfTemplate:  "",
 			UseInternalLoopback:        false,
 		},
 		ContainerdConfig: ContainerdConfig{
 			DefaultRuntimeName: "runhcs-wcow-process",
--- a/internal/cri/server/sandbox_run.go
+++ b/internal/cri/server/sandbox_run.go
@ -455,7 +455,12 @@ func (c *criService) setupPodNetwork(ctx context.Context, sandbox *sandboxstore.
 	if netPlugin == nil {
 		return errors.New("cni config not initialized")
 	}
-
+	if c.config.UseInternalLoopback {
 		err := c.bringUpLoopback(path)
 		if err != nil {
 			return fmt.Errorf("unable to set lo to up: %w", err)
 		}
 	}
 	opts, err := cniNamespaceOpts(id, config)
 	if err != nil {
 		return fmt.Errorf("get cni namespace options: %w", err)
--- a/internal/cri/server/sandbox_run_linux.go
+++ b/internal/cri/server/sandbox_run_linux.go
@ -0,0 +1,37 @@
 /*
   Copyright The containerd Authors.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at
       http://www.apache.org/licenses/LICENSE-2.0
   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
 */
 package server
 import (
 	"fmt"
 	"github.com/containernetworking/plugins/pkg/ns"
 	"github.com/vishvananda/netlink"
 )
 func (c *criService) bringUpLoopback(netns string) error {
 	if err := ns.WithNetNSPath(netns, func(_ ns.NetNS) error {
 		link, err := netlink.LinkByName("lo")
 		if err != nil {
 			return err
 		}
 		return netlink.LinkSetUp(link)
 	}); err != nil {
 		return fmt.Errorf("error setting loopback interface up: %w", err)
 	}
 	return nil
 }
--- a/internal/cri/server/sandbox_run_other.go
+++ b/internal/cri/server/sandbox_run_other.go
@ -0,0 +1,23 @@
 //go:build !windows && !linux
 /*
   Copyright The containerd Authors.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at
       http://www.apache.org/licenses/LICENSE-2.0
   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
 */
 package server
 func (c *criService) bringUpLoopback(string) error {
 	return nil
 }
--- a/internal/cri/server/sandbox_run_windows.go
+++ b/internal/cri/server/sandbox_run_windows.go
@ -0,0 +1,21 @@
 /*
   Copyright The containerd Authors.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at
       http://www.apache.org/licenses/LICENSE-2.0
   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
 */
 package server
 func (c *criService) bringUpLoopback(string) error {
 	return nil
 }
--- a/internal/cri/server/service_linux.go
+++ b/internal/cri/server/service_linux.go
@ -37,10 +37,6 @@ func init() {
 	}
 }
 // networkAttachCount is the minimum number of networks the PodSandbox
 // attaches to
 const networkAttachCount = 2
 // initPlatform handles linux specific initialization for the CRI service.
 func (c *criService) initPlatform() (err error) {
 	if userns.RunningInUserNS() {
@ -69,6 +65,12 @@ func (c *criService) initPlatform() (err error) {
 		}
 	}
 	networkAttachCount := 2
 	if c.Config().UseInternalLoopback {
 		networkAttachCount = 1
 	}
 	c.netPlugin = make(map[string]cni.CNI)
 	for name, dir := range pluginDirs {
 		max := c.config.NetworkPluginMaxConfNum
@ -78,9 +80,10 @@ func (c *criService) initPlatform() (err error) {
 			}
 		}
 		// Pod needs to attach to at least loopback network and a non host network,
-		// hence networkAttachCount is 2. If there are more network configs the
+		// hence networkAttachCount is 2 if the CNI plugin is used and
-		// pod will be attached to all the networks but we will only use the ip
+		// 1 if the internal mechanism for setting lo to up is used.
-		// of the default network interface as the pod IP.
+		// If there are more network configs the pod will be attached to all the networks
 		// but we will only use the ip of the default network interface as the pod IP.
 		i, err := cni.New(cni.WithMinNetworkCount(networkAttachCount),
 			cni.WithPluginConfDir(dir),
 			cni.WithPluginMaxConfNum(max),
@ -110,5 +113,9 @@ func (c *criService) initPlatform() (err error) {
 // cniLoadOptions returns cni load options for the linux.
 func (c *criService) cniLoadOptions() []cni.Opt {
 	if c.config.UseInternalLoopback {
 		return []cni.Opt{cni.WithDefaultConf}
 	}
 	return []cni.Opt{cni.WithLoNetwork, cni.WithDefaultConf}
 }