spec/plugins: return interface details and multiple IP addresses to runtime
Updates the spec and plugins to return an array of interfaces and IP details to the runtime including: - interface names and MAC addresses configured by the plugin - whether the interfaces are sandboxed (container/VM) or host (bridge, veth, etc) - multiple IP addresses configured by IPAM and which interface they have been assigned to Returning interface details is useful for runtimes, as well as allowing more flexible chaining of CNI plugins themselves. For example, some meta plugins may need to know the host-side interface to be able to apply firewall or traffic shaping rules to the container.
This commit is contained in:
Dan Williams
@ -17,12 +17,15 @@ package main
|
||||
import (
|
||||
"fmt"
|
||||
"net"
|
||||
"strings"
|
||||
"syscall"
|
||||
|
||||
"github.com/containernetworking/cni/pkg/ns"
|
||||
"github.com/containernetworking/cni/pkg/skel"
|
||||
"github.com/containernetworking/cni/pkg/testutils"
|
||||
"github.com/containernetworking/cni/pkg/types"
|
||||
"github.com/containernetworking/cni/pkg/types/020"
|
||||
"github.com/containernetworking/cni/pkg/types/current"
|
||||
|
||||
"github.com/containernetworking/cni/pkg/utils/hwaddr"
|
||||
|
||||
@ -51,7 +54,7 @@ var _ = Describe("bridge Operations", func() {
|
||||
|
||||
conf := &NetConf{
|
||||
NetConf: types.NetConf{
|
||||
CNIVersion: "0.2.0",
|
||||
CNIVersion: "0.3.0",
|
||||
Name: "testConfig",
|
||||
Type: "bridge",
|
||||
},
|
||||
@ -64,7 +67,7 @@ var _ = Describe("bridge Operations", func() {
|
||||
err := originalNS.Do(func(ns.NetNS) error {
|
||||
defer GinkgoRecover()
|
||||
|
||||
bridge, err := setupBridge(conf)
|
||||
bridge, _, err := setupBridge(conf)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(bridge.Attrs().Name).To(Equal(IFNAME))
|
||||
|
||||
@ -96,7 +99,7 @@ var _ = Describe("bridge Operations", func() {
|
||||
|
||||
conf := &NetConf{
|
||||
NetConf: types.NetConf{
|
||||
CNIVersion: "0.2.0",
|
||||
CNIVersion: "0.3.0",
|
||||
Name: "testConfig",
|
||||
Type: "bridge",
|
||||
},
|
||||
@ -105,7 +108,7 @@ var _ = Describe("bridge Operations", func() {
|
||||
IPMasq: false,
|
||||
}
|
||||
|
||||
bridge, err := setupBridge(conf)
|
||||
bridge, _, err := setupBridge(conf)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(bridge.Attrs().Name).To(Equal(IFNAME))
|
||||
Expect(bridge.Attrs().Index).To(Equal(ifindex))
|
||||
@ -128,7 +131,7 @@ var _ = Describe("bridge Operations", func() {
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
conf := fmt.Sprintf(`{
|
||||
"cniVersion": "0.2.0",
|
||||
"cniVersion": "0.3.0",
|
||||
"name": "mynet",
|
||||
"type": "bridge",
|
||||
"bridge": "%s",
|
||||
@ -151,18 +154,31 @@ var _ = Describe("bridge Operations", func() {
|
||||
StdinData: []byte(conf),
|
||||
}
|
||||
|
||||
var result *current.Result
|
||||
err = originalNS.Do(func(ns.NetNS) error {
|
||||
defer GinkgoRecover()
|
||||
|
||||
_, _, err := testutils.CmdAddWithResult(targetNs.Path(), IFNAME, []byte(conf), func() error {
|
||||
r, raw, err := testutils.CmdAddWithResult(targetNs.Path(), IFNAME, []byte(conf), func() error {
|
||||
return cmdAdd(args)
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(strings.Index(string(raw), "\"interfaces\":")).Should(BeNumerically(">", 0))
|
||||
|
||||
result, err = current.GetResult(r)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
Expect(len(result.Interfaces)).To(Equal(3))
|
||||
Expect(result.Interfaces[0].Name).To(Equal(BRNAME))
|
||||
Expect(result.Interfaces[2].Name).To(Equal(IFNAME))
|
||||
|
||||
// Make sure bridge link exists
|
||||
link, err := netlink.LinkByName(BRNAME)
|
||||
link, err := netlink.LinkByName(result.Interfaces[0].Name)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(link.Attrs().Name).To(Equal(BRNAME))
|
||||
Expect(link).To(BeAssignableToTypeOf(&netlink.Bridge{}))
|
||||
Expect(link.Attrs().HardwareAddr.String()).To(Equal(result.Interfaces[0].Mac))
|
||||
hwAddr := fmt.Sprintf("%s", link.Attrs().HardwareAddr)
|
||||
Expect(hwAddr).To(HavePrefix(hwaddr.PrivateMACPrefixString))
|
||||
|
||||
// Ensure bridge has gateway address
|
||||
addrs, err := netlink.AddrList(link, syscall.AF_INET)
|
||||
@ -183,23 +199,10 @@ var _ = Describe("bridge Operations", func() {
|
||||
links, err := netlink.LinkList()
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(len(links)).To(Equal(3)) // Bridge, veth, and loopback
|
||||
for _, l := range links {
|
||||
switch {
|
||||
case l.Attrs().Name == BRNAME:
|
||||
{
|
||||
_, isBridge := l.(*netlink.Bridge)
|
||||
Expect(isBridge).To(Equal(true))
|
||||
hwAddr := fmt.Sprintf("%s", l.Attrs().HardwareAddr)
|
||||
Expect(hwAddr).To(HavePrefix(hwaddr.PrivateMACPrefixString))
|
||||
}
|
||||
case l.Attrs().Name != BRNAME && l.Attrs().Name != "lo":
|
||||
{
|
||||
_, isVeth := l.(*netlink.Veth)
|
||||
Expect(isVeth).To(Equal(true))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
link, err = netlink.LinkByName(result.Interfaces[1].Name)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(link).To(BeAssignableToTypeOf(&netlink.Veth{}))
|
||||
return nil
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
@ -211,6 +214,11 @@ var _ = Describe("bridge Operations", func() {
|
||||
link, err := netlink.LinkByName(IFNAME)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(link.Attrs().Name).To(Equal(IFNAME))
|
||||
Expect(link).To(BeAssignableToTypeOf(&netlink.Veth{}))
|
||||
|
||||
addrs, err := netlink.AddrList(link, syscall.AF_INET)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(len(addrs)).To(Equal(1))
|
||||
|
||||
hwAddr := fmt.Sprintf("%s", link.Attrs().HardwareAddr)
|
||||
Expect(hwAddr).To(HavePrefix(hwaddr.PrivateMACPrefixString))
|
||||
@ -243,7 +251,7 @@ var _ = Describe("bridge Operations", func() {
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
// Make sure macvlan link has been deleted
|
||||
// Make sure the host veth has been deleted
|
||||
err = targetNs.Do(func(ns.NetNS) error {
|
||||
defer GinkgoRecover()
|
||||
|
||||
@ -253,6 +261,150 @@ var _ = Describe("bridge Operations", func() {
|
||||
return nil
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
// Make sure the container veth has been deleted
|
||||
err = originalNS.Do(func(ns.NetNS) error {
|
||||
defer GinkgoRecover()
|
||||
|
||||
link, err := netlink.LinkByName(result.Interfaces[1].Name)
|
||||
Expect(err).To(HaveOccurred())
|
||||
Expect(link).To(BeNil())
|
||||
return nil
|
||||
})
|
||||
})
|
||||
|
||||
It("configures and deconfigures a bridge and veth with default route with ADD/DEL for 0.1.0 config", func() {
|
||||
const BRNAME = "cni0"
|
||||
const IFNAME = "eth0"
|
||||
|
||||
gwaddr, subnet, err := net.ParseCIDR("10.1.2.1/24")
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
conf := fmt.Sprintf(`{
|
||||
"cniVersion": "0.1.0",
|
||||
"name": "mynet",
|
||||
"type": "bridge",
|
||||
"bridge": "%s",
|
||||
"isDefaultGateway": true,
|
||||
"ipMasq": false,
|
||||
"ipam": {
|
||||
"type": "host-local",
|
||||
"subnet": "%s"
|
||||
}
|
||||
}`, BRNAME, subnet.String())
|
||||
|
||||
targetNs, err := ns.NewNS()
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
defer targetNs.Close()
|
||||
|
||||
args := &skel.CmdArgs{
|
||||
ContainerID: "dummy",
|
||||
Netns: targetNs.Path(),
|
||||
IfName: IFNAME,
|
||||
StdinData: []byte(conf),
|
||||
}
|
||||
|
||||
var result *types020.Result
|
||||
err = originalNS.Do(func(ns.NetNS) error {
|
||||
defer GinkgoRecover()
|
||||
|
||||
r, raw, err := testutils.CmdAddWithResult(targetNs.Path(), IFNAME, []byte(conf), func() error {
|
||||
return cmdAdd(args)
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(strings.Index(string(raw), "\"ip4\":")).Should(BeNumerically(">", 0))
|
||||
|
||||
// We expect a version 0.1.0 result
|
||||
result, err = types020.GetResult(r)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
// Make sure bridge link exists
|
||||
link, err := netlink.LinkByName(BRNAME)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(link.Attrs().Name).To(Equal(BRNAME))
|
||||
Expect(link).To(BeAssignableToTypeOf(&netlink.Bridge{}))
|
||||
hwAddr := fmt.Sprintf("%s", link.Attrs().HardwareAddr)
|
||||
Expect(hwAddr).To(HavePrefix(hwaddr.PrivateMACPrefixString))
|
||||
|
||||
// Ensure bridge has gateway address
|
||||
addrs, err := netlink.AddrList(link, syscall.AF_INET)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(len(addrs)).To(BeNumerically(">", 0))
|
||||
found := false
|
||||
subnetPrefix, subnetBits := subnet.Mask.Size()
|
||||
for _, a := range addrs {
|
||||
aPrefix, aBits := a.IPNet.Mask.Size()
|
||||
if a.IPNet.IP.Equal(gwaddr) && aPrefix == subnetPrefix && aBits == subnetBits {
|
||||
found = true
|
||||
break
|
||||
}
|
||||
}
|
||||
Expect(found).To(Equal(true))
|
||||
|
||||
// Check for the veth link in the main namespace; can't
|
||||
// check the for the specific link since version 0.1.0
|
||||
// doesn't report interfaces
|
||||
links, err := netlink.LinkList()
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(len(links)).To(Equal(3)) // Bridge, veth, and loopback
|
||||
return nil
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
// Find the veth peer in the container namespace and the default route
|
||||
err = targetNs.Do(func(ns.NetNS) error {
|
||||
defer GinkgoRecover()
|
||||
|
||||
link, err := netlink.LinkByName(IFNAME)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(link.Attrs().Name).To(Equal(IFNAME))
|
||||
Expect(link).To(BeAssignableToTypeOf(&netlink.Veth{}))
|
||||
|
||||
addrs, err := netlink.AddrList(link, syscall.AF_INET)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
Expect(len(addrs)).To(Equal(1))
|
||||
|
||||
hwAddr := fmt.Sprintf("%s", link.Attrs().HardwareAddr)
|
||||
Expect(hwAddr).To(HavePrefix(hwaddr.PrivateMACPrefixString))
|
||||
|
||||
// Ensure the default route
|
||||
routes, err := netlink.RouteList(link, 0)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
var defaultRouteFound bool
|
||||
for _, route := range routes {
|
||||
defaultRouteFound = (route.Dst == nil && route.Src == nil && route.Gw.Equal(gwaddr))
|
||||
if defaultRouteFound {
|
||||
break
|
||||
}
|
||||
}
|
||||
Expect(defaultRouteFound).To(Equal(true))
|
||||
|
||||
return nil
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
err = originalNS.Do(func(ns.NetNS) error {
|
||||
defer GinkgoRecover()
|
||||
|
||||
err := testutils.CmdDelWithResult(targetNs.Path(), IFNAME, func() error {
|
||||
return cmdDel(args)
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
return nil
|
||||
})
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
// Make sure the container veth has been deleted; cannot check
|
||||
// host veth as version 0.1.0 can't report its name
|
||||
err = originalNS.Do(func(ns.NetNS) error {
|
||||
defer GinkgoRecover()
|
||||
|
||||
link, err := netlink.LinkByName(IFNAME)
|
||||
Expect(err).To(HaveOccurred())
|
||||
Expect(link).To(BeNil())
|
||||
return nil
|
||||
})
|
||||
})
|
||||
|
||||
It("ensure bridge address", func() {
|
||||
@ -262,7 +414,7 @@ var _ = Describe("bridge Operations", func() {
|
||||
|
||||
conf := &NetConf{
|
||||
NetConf: types.NetConf{
|
||||
CNIVersion: "0.2.0",
|
||||
CNIVersion: "0.3.0",
|
||||
Name: "testConfig",
|
||||
Type: "bridge",
|
||||
},
|
||||
@ -285,7 +437,7 @@ var _ = Describe("bridge Operations", func() {
|
||||
err := originalNS.Do(func(ns.NetNS) error {
|
||||
defer GinkgoRecover()
|
||||
|
||||
bridge, err := setupBridge(conf)
|
||||
bridge, _, err := setupBridge(conf)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
// Check if ForceAddress has default value
|
||||
Expect(conf.ForceAddress).To(Equal(false))
|
||||
|
||||
Reference in New Issue
Block a user