Creating permanent sandbox namespace

This commit contains changes to create/delete permanent namespace for a sandbox container. Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
2017-08-17 12:06:59 -07:00
parent b27ee85f74
commit 5a119200b8
17 changed files with 772 additions and 57 deletions
--- a/pkg/store/sandbox/metadata.go
+++ b/pkg/store/sandbox/metadata.go
@@ -51,8 +51,8 @@ type Metadata struct {
 	CreatedAt int64
 	// Pid is the process id of the sandbox.
 	Pid uint32
-	// NetNS is the network namespace used by the sandbox.
-	NetNS string
+	// NetNSPath is the network namespace used by the sandbox.
+	NetNSPath string
 }

 // Encode encodes Metadata into bytes in json format.
--- a/pkg/store/sandbox/netns.go
+++ b/pkg/store/sandbox/netns.go
@@ -0,0 +1,64 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package sandbox
+
+import (
+	"fmt"
+	"sync"
+
+	cnins "github.com/containernetworking/plugins/pkg/ns"
+)
+
+// NetNS holds network namespace for sandbox
+type NetNS struct {
+	sync.Mutex
+	ns     cnins.NetNS
+	closed bool
+}
+
+// NewNetNS creates a network namespace for the sandbox
+func NewNetNS() (*NetNS, error) {
+	netns, err := cnins.NewNS()
+	if err != nil {
+		return nil, fmt.Errorf("failed to setup network namespace %v", err)
+	}
+	n := new(NetNS)
+	n.ns = netns
+	return n, nil
+}
+
+// Remove removes network namepace if it exists and not closed. Remove is idempotent,
+// meaning it might be invoked multiple times and provides consistent result.
+func (n *NetNS) Remove() error {
+	n.Lock()
+	defer n.Unlock()
+	if !n.closed {
+		err := n.ns.Close()
+		if err != nil {
+			return err
+		}
+		n.closed = true
+	}
+	return nil
+}
+
+// GetPath returns network namespace path for sandbox container
+func (n *NetNS) GetPath() string {
+	n.Lock()
+	defer n.Unlock()
+	return n.ns.Path()
+}
--- a/pkg/store/sandbox/sandbox.go
+++ b/pkg/store/sandbox/sandbox.go
@@ -31,7 +31,8 @@ type Sandbox struct {
 	Metadata
 	// Containerd sandbox container
 	Container containerd.Container
-	// TODO(random-liu): Add cni network namespace client.
+	// CNI network namespace client
+	NetNS *NetNS
 }

 // Store stores all sandboxes.
--- a/pkg/store/sandbox/sandbox_test.go
+++ b/pkg/store/sandbox/sandbox_test.go
@@ -42,7 +42,7 @@ func TestSandboxStore(t *testing.T) {
 			},
 			CreatedAt: time.Now().UnixNano(),
 			Pid:       1001,
-			NetNS:     "TestNetNS-1",
+			NetNSPath: "TestNetNS-1",
 		},
 		"2": {
 			ID:   "2",
@@ -57,7 +57,7 @@ func TestSandboxStore(t *testing.T) {
 			},
 			CreatedAt: time.Now().UnixNano(),
 			Pid:       1002,
-			NetNS:     "TestNetNS-2",
+			NetNSPath: "TestNetNS-2",
 		},
 		"3": {
 			ID:   "3",
@@ -72,7 +72,7 @@ func TestSandboxStore(t *testing.T) {
 			},
 			CreatedAt: time.Now().UnixNano(),
 			Pid:       1003,
-			NetNS:     "TestNetNS-3",
+			NetNSPath: "TestNetNS-3",
 		},
 	}
 	assert := assertlib.New(t)