Merge pull request #11146 from k8s-infra-cherrypick-robot/cherry-pick-11135-to-release/2.0

[release/2.0] Update go-cni for CNI STATUS
2024-12-12 10:12:54 -05:00 · 2024-12-12 10:12:54 -05:00 · e9004f0a88
commit e9004f0a88
parent c403b64231 5eb7995a9a
6 changed files with 99 additions and 11 deletions
--- a/go.mod
+++ b/go.mod
@ -18,7 +18,7 @@ require (
 	github.com/containerd/errdefs v1.0.0
 	github.com/containerd/errdefs/pkg v0.3.0
 	github.com/containerd/fifo v1.1.0
-	github.com/containerd/go-cni v1.1.10
+	github.com/containerd/go-cni v1.1.11
 	github.com/containerd/go-runc v1.1.0
 	github.com/containerd/imgcrypt/v2 v2.0.0-rc.1
 	github.com/containerd/log v0.1.0
--- a/go.sum
+++ b/go.sum
@ -679,8 +679,8 @@ github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151X
 github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk=
 github.com/containerd/fifo v1.1.0 h1:4I2mbh5stb1u6ycIABlBw9zgtlK8viPI9QkQNRQEEmY=
 github.com/containerd/fifo v1.1.0/go.mod h1:bmC4NWMbXlt2EZ0Hc7Fx7QzTFxgPID13eH0Qu+MAb2o=
-github.com/containerd/go-cni v1.1.10 h1:c2U73nld7spSWfiJwSh/8W9DK+/qQwYM2rngIhCyhyg=
-github.com/containerd/go-cni v1.1.10/go.mod h1:/Y/sL8yqYQn1ZG1om1OncJB1W4zN3YmjfP/ShCzG/OY=
+github.com/containerd/go-cni v1.1.11 h1:fWt1K15AmSLsEfa57N+qYw4NeGPiQKYq1pjNGJwV9mc=
+github.com/containerd/go-cni v1.1.11/go.mod h1:/Y/sL8yqYQn1ZG1om1OncJB1W4zN3YmjfP/ShCzG/OY=
 github.com/containerd/go-runc v1.1.0 h1:OX4f+/i2y5sUT7LhmcJH7GYrjjhHa1QI4e8yO0gGleA=
 github.com/containerd/go-runc v1.1.0/go.mod h1:xJv2hFF7GvHtTJd9JqTS2UVxMkULUYw4JN5XAUZqH5U=
 github.com/containerd/imgcrypt/v2 v2.0.0-rc.1 h1:7OMu5otk5Z2GeQs24JBPOmYbTc50+q6jo02qWNJc0p8=
--- a/vendor/github.com/containerd/go-cni/README.md
+++ b/vendor/github.com/containerd/go-cni/README.md
@ -13,7 +13,7 @@ A generic CNI library to provide APIs for CNI plugin interactions. The library p
 - Query status of CNI network plugin initialization
 - Check verifies the network is still in desired state

-go-cni aims to support plugins that implement [Container Network Interface](https://github.com/containernetworking/cni)
+go-cni aims to support plugins that implement the [Container Network Interface](https://github.com/containernetworking/cni).

 ## Usage
 ```go
--- a/vendor/github.com/containerd/go-cni/cni.go
+++ b/vendor/github.com/containerd/go-cni/cni.go
@ -135,11 +135,20 @@ func (c *libcni) Load(opts ...Opt) error {

 // Status returns the status of CNI initialization.
 func (c *libcni) Status() error {
+	if err := c.ready(); err != nil {
+		return err
+	}
 	c.RLock()
 	defer c.RUnlock()
-	if len(c.networks) < c.networkCount {
-		return ErrCNINotInitialized
+	// STATUS is only called for CNI Version 1.1.0 or greater. It is ignored for previous versions.
+	for _, v := range c.networks {
+		err := c.cniConfig.GetStatusNetworkList(context.Background(), v.config)
+
+		if err != nil {
+			return err
+		}
 	}
+
 	return nil
 }

@ -153,9 +162,11 @@ func (c *libcni) Networks() []*Network {

 // Setup setups the network in the namespace and returns a Result
 func (c *libcni) Setup(ctx context.Context, id string, path string, opts ...NamespaceOpts) (*Result, error) {
-	if err := c.Status(); err != nil {
+	if err := c.ready(); err != nil {
 		return nil, err
 	}
+	c.RLock()
+	defer c.RUnlock()
 	ns, err := newNamespace(id, path, opts...)
 	if err != nil {
 		return nil, err
@ -169,9 +180,11 @@ func (c *libcni) Setup(ctx context.Context, id string, path string, opts ...Name

 // SetupSerially setups the network in the namespace and returns a Result
 func (c *libcni) SetupSerially(ctx context.Context, id string, path string, opts ...NamespaceOpts) (*Result, error) {
-	if err := c.Status(); err != nil {
+	if err := c.ready(); err != nil {
 		return nil, err
 	}
+	c.RLock()
+	defer c.RUnlock()
 	ns, err := newNamespace(id, path, opts...)
 	if err != nil {
 		return nil, err
@ -232,9 +245,11 @@ func (c *libcni) attachNetworks(ctx context.Context, ns *Namespace) ([]*types100

 // Remove removes the network config from the namespace
 func (c *libcni) Remove(ctx context.Context, id string, path string, opts ...NamespaceOpts) error {
-	if err := c.Status(); err != nil {
+	if err := c.ready(); err != nil {
 		return err
 	}
+	c.RLock()
+	defer c.RUnlock()
 	ns, err := newNamespace(id, path, opts...)
 	if err != nil {
 		return err
@ -260,9 +275,11 @@ func (c *libcni) Remove(ctx context.Context, id string, path string, opts ...Nam

 // Check checks if the network is still in desired state
 func (c *libcni) Check(ctx context.Context, id string, path string, opts ...NamespaceOpts) error {
-	if err := c.Status(); err != nil {
+	if err := c.ready(); err != nil {
 		return err
 	}
+	c.RLock()
+	defer c.RUnlock()
 	ns, err := newNamespace(id, path, opts...)
 	if err != nil {
 		return err
@ -310,3 +327,13 @@ func (c *libcni) GetConfig() *ConfigResult {
 func (c *libcni) reset() {
 	c.networks = nil
 }
+
+func (c *libcni) ready() error {
+	c.RLock()
+	defer c.RUnlock()
+	if len(c.networks) < c.networkCount {
+		return ErrCNINotInitialized
+	}
+
+	return nil
+}
--- a/vendor/github.com/containerd/go-cni/testutils.go
+++ b/vendor/github.com/containerd/go-cni/testutils.go
@ -75,3 +75,64 @@ func tearDownCNIConfig(t *testing.T, confDir string) {
 		t.Fatalf("Failed to cleanup CNI configs: %v", err)
 	}
 }
+
+func buildFakeConfig(t *testing.T) (string, string) {
+	conf := `
+	{
+	"cniVersion": "1.1.0",
+	"name": "containerd-net",
+	"plugins": [
+		{
+		"type": "bridge",
+		"bridge": "cni0",
+		"isGateway": true,
+		"ipMasq": true,
+		"promiscMode": true,
+		"ipam": {
+			"type": "host-ipam",
+			"ranges": [
+			[{
+				"subnet": "10.88.0.0/16"
+			}],
+			[{
+				"subnet": "2001:4860:4860::/64"
+			}]
+			],
+			"routes": [
+			{ "dst": "0.0.0.0/0" },
+			{ "dst": "::/0" }
+			]
+		}
+		},
+		{
+		"type": "portmap",
+		"capabilities": {"portMappings": true}
+		}
+	]
+	}`
+
+	cniDir, err := makeTmpDir("fakecni")
+	if err != nil {
+		t.Fatalf("Failed to create plugin config dir: %v", err)
+	}
+
+	cniConfDir := path.Join(cniDir, "net.d")
+	err = os.MkdirAll(cniConfDir, 0777)
+	if err != nil {
+		t.Fatalf("Failed to create network config dir: %v", err)
+	}
+
+	networkConfig1 := path.Join(cniConfDir, "mocknetwork1.conflist")
+	f1, err := os.Create(networkConfig1)
+	if err != nil {
+		t.Fatalf("Failed to create network config %v: %v", f1, err)
+	}
+
+	_, err = f1.WriteString(conf)
+	if err != nil {
+		t.Fatalf("Failed to write network config file %v: %v", f1, err)
+	}
+	f1.Close()
+
+	return cniDir, cniConfDir
+}
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -154,7 +154,7 @@ github.com/containerd/errdefs/pkg/internal/types
 # github.com/containerd/fifo v1.1.0
 ## explicit; go 1.18
 github.com/containerd/fifo
-# github.com/containerd/go-cni v1.1.10
+# github.com/containerd/go-cni v1.1.11
 ## explicit; go 1.21
 github.com/containerd/go-cni
 # github.com/containerd/go-runc v1.1.0