* Increase entroy from 2 bytes to 7 bytes to prevent collisions
* Extract common library function for hash with prefix
* Refactor portmap plugin to use library function
fixes #347
Co-authored-by: Cameron Moreau <cmoreau@pivotal.io>
Co-authored-by: Mikael Manukyan <mmanukyan@pivotal.io>
This PR add the option to configure an empty ipam for the macvlan cni plugin.
When using the macvlan cni plugin with an empty ipam the requeted pod will get the macvlan interface but without any ip address.
One of the use cases for this feature is for projects that runs a dhcp server inside the pod like KubeVirt.
In KubeVirt we need to let the vm running inside the pod to make the dhcp request so it will be able to make a release an renew request when needed.
We used to return error if no endpoint was found during delete. We now treat this as a success. If we fail during an add call, we now make a delete delegate call to the ipam to clean-up.
Now that libcni has the ability to print a version message, plumb it
through correctly.
While we're at it,
- fix import paths
- run gofmt
- add some more comments to sample
- add container runtime swappability for release
Example of usage, which uses flannel for allocating IP
addresses for containers and then registers them in `trusted`
zone in firewalld:
{
"cniVersion": "0.3.1",
"name": "flannel-firewalld",
"plugins": [
{
"name": "cbr0",
"type": "flannel",
"delegate": {
"isDefaultGateway": true
}
},
{
"type": "firewall",
"backend": "firewalld",
"zone": "trusted"
}
]
}
Fixes #114
Signed-off-by: Alban Crequy <alban@kinvolk.io>
Signed-off-by: Michal Rostecki <mrostecki@suse.com>
Distros often have additional rules in the their iptabvles 'filter' table
that do things like:
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
docker, for example, gets around this by adding explicit rules to the filter
table's FORWARD chain to allow traffic from the docker0 interface. Do that
for a given host interface too, as a chained plugin.
With the VLAN filter, the Linux bridge acts more like a real switch, Allow to tag and untag
vlan id's on every interface connected to the bridge.
This PR also creates a veth interface for the bridge vlan interface on L3 configuration.
Related to https://developers.redhat.com/blog/2017/09/14/vlan-filter-support-on-bridge/ post.
Note: This feature was introduced in Linux kernel 3.8 and was added to RHEL in version 7.0.
host-local and static ipam plugins
tuning, bandwidth and portmap meta plugins
Utility functions created for common PrevResult checking
Fix windows build
DHCP REQUEST from DHCP plugin does not include Subnet Mask option parameter (1). Some DHCP servers need that option to be explicit in order to return it in a DHCPACK message.
If not, DHCP plugin returns "DHCP option Subnet Mask not found in DHCPACK" error msg in this type of scenario.
This adds the dns capability for supplying a runtime dnsConfig from a CRI. It also includes a bug fix for removing an endpoint when no IPAM is supplied. Adds version dependency of 0.3.0. Mild updates to windows READMEs.
Move the windows plugin to use the Host Compute (v2) APIs, as well
as clean-up the code. Allows win-bridge to use either the old API or Host Compute (v2) api
depending on a conf parameter. Fixes a leaked endpoint issue on windows for the v1 flow, and
removes the hns/pkg from the linux test run.
