Remove Docker Support for Antrea Windows

This commit removes the support for Docker from the Antrea Windows Agent. The specific changes made in this commit include modifying the CNI call to return an error when the runtime is identified as Docker on Windows. Signed-off-by: Shuyang Xin <[email protected]>
antrea-io · Feb 28, 2024 · ab12903 · ab12903
1 parent 23292b3
commit ab12903
Show file tree

Hide file tree

Showing 5 changed files with 41 additions and 122 deletions.
diff --git a/pkg/agent/cniserver/interface_configuration_windows.go b/pkg/agent/cniserver/interface_configuration_windows.go
@@ -228,11 +228,8 @@ func attachContainerLink(ep *hcsshim.HNSEndpoint, containerID, sandbox, containe
 	var err error
 	var hcnEp *hcn.HostComputeEndpoint
 	if isDockerContainer(sandbox) {
-		// Docker runtime
-		attached, err = isContainerAttachOnEndpointFunc(ep, containerID)
-		if err != nil {
-			return nil, err
-		}
+		// Support for Docker runtime has been deprecated in Antrea 2.0.
+		return nil, fmt.Errorf("Failed to attach ContainerLink because Docker runtime is not supported after Antrea 2.0")
 	} else {
 		// containerd runtime
 		if hcnEp, err = getHcnEndpointByIDFunc(ep.Id); err != nil {

diff --git a/pkg/agent/cniserver/server.go b/pkg/agent/cniserver/server.go
@@ -442,6 +442,10 @@ func (s *CNIServer) CmdAdd(ctx context.Context, request *cnipb.CniCmdRequest) (*
 
 	result := &ipam.IPAMResult{Result: current.Result{CNIVersion: current.ImplementedSpecVersion}}
 	netNS := s.hostNetNsPath(cniConfig.Netns)
+	if !validateRuntime(netNS) {
+		// Support for Docker runtime has been deprecated in Antrea 2.0.
+		return nil, fmt.Errorf("Failed to process CmdAdd request because Docker runtime is not supported after Antrea 2.0")
+	}
 	isInfraContainer := isInfraContainer(netNS)
 
 	success := false
@@ -558,11 +562,18 @@ func (s *CNIServer) cmdDel(_ context.Context, cniConfig *CNIConfig) (*cnipb.CniC
 func (s *CNIServer) CmdDel(ctx context.Context, request *cnipb.CniCmdRequest) (*cnipb.CniCmdResponse, error) {
 	klog.InfoS("Received CmdDel request", "request", request)
 
+
 	cniConfig, response := s.validateRequestMessage(request)
 	if response != nil {
 		return response, nil
 	}
 
+	netNS := s.hostNetNsPath(cniConfig.Netns)
+	if !validateRuntime(netNS) {
+		// Support for Docker runtime has been deprecated in Antrea 2.0.
+		return nil, fmt.Errorf("Failed to process CmdDel request because Docker runtime is not supported after Antrea 2.0")
+	}
+
 	return s.cmdDel(ctx, cniConfig)
 }
 
@@ -575,6 +586,12 @@ func (s *CNIServer) CmdCheck(_ context.Context, request *cnipb.CniCmdRequest) (
 		return response, nil
 	}
 
+	netNS := s.hostNetNsPath(cniConfig.Netns)
+	if !validateRuntime(netNS) {
+		// Support for Docker runtime has been deprecated in Antrea 2.0.
+		return nil, fmt.Errorf("Failed to process CmdAdd request because Docker runtime is not supported after Antrea 2.0")
+	}
+
 	infraContainer := cniConfig.getInfraContainer()
 	s.containerAccess.lockContainer(infraContainer)
 	defer s.containerAccess.unlockContainer(infraContainer)

diff --git a/pkg/agent/cniserver/server_linux.go b/pkg/agent/cniserver/server_linux.go
@@ -37,6 +37,12 @@ func isInfraContainer(netNS string) bool {
 	return true
 }
 
+// validateRuntime returns true if the container runtime is supported by Antrea.
+// Always return true on Linux platform, because both Docker and Containerd are supported.
+func validateRuntime(netNS string) bool {
+	return true
+}
+
 // getInfraContainer returns the sandbox container ID of a Pod.
 // On Linux, it's always the ContainerID in the request.
 func (c *CNIConfig) getInfraContainer() string {

diff --git a/pkg/agent/cniserver/server_windows.go b/pkg/agent/cniserver/server_windows.go
@@ -64,6 +64,12 @@ func isDockerContainer(netNS string) bool {
 	return netNS == dockerInfraContainerNetNS || strings.Contains(netNS, ":")
 }
 
+// validateRuntime returns false if a container is created by Docker with the provided network namespace
+// because the Docker support has been removed since Antrea 2.0.
+func validateRuntime(netNS string) bool {
+	return !isDockerContainer(netNS)
+}
+
 func getInfraContainer(containerID, netNS string) string {
 	if isInfraContainer(netNS) {
 		return containerID

diff --git a/pkg/agent/cniserver/server_windows_test.go b/pkg/agent/cniserver/server_windows_test.go
@@ -321,9 +321,6 @@ func TestCmdAdd(t *testing.T) {
 	oriIPAMResult := &ipam.IPAMResult{Result: *ipamResult}
 	ctx := context.TODO()
 
-	dockerInfraContainer := "261a1970-5b6c-11ed-8caf-000c294e5d03"
-	dockerWorkContainer := "261e579a-5b6c-11ed-8caf-000c294e5d03"
-	unknownInfraContainer := generateUUID()
 	containerdInfraContainer := generateUUID()
 
 	defer mockHostInterfaceExists()()
@@ -351,98 +348,7 @@ func TestCmdAdd(t *testing.T) {
 		errResponse          *cnipb.CniCmdResponse
 		expectedErr          error
 	}{
-		{
-			name:                 "docker-infra-create-failure",
-			podName:              "pod0",
-			containerID:          dockerInfraContainer,
-			infraContainerID:     dockerInfraContainer,
-			netns:                "none",
-			ipamAdd:              true,
-			ipamDel:              true,
-			hnsEndpointCreateErr: fmt.Errorf("unable to create HnsEndpoint"),
-			errResponse: &cnipb.CniCmdResponse{
-				Error: &cnipb.Error{
-					Code:    cnipb.ErrorCode_CONFIG_INTERFACE_FAILURE,
-					Message: "unable to create HnsEndpoint",
-				},
-			},
-		}, {
-			name:              "docker-infra-attach-failure",
-			podName:           "pod1",
-			containerID:       dockerInfraContainer,
-			infraContainerID:  dockerInfraContainer,
-			netns:             "none",
-			ipamAdd:           true,
-			ipamDel:           true,
-			endpointAttachErr: fmt.Errorf("unable to attach HnsEndpoint"),
-			errResponse: &cnipb.CniCmdResponse{
-				Error: &cnipb.Error{
-					Code:    cnipb.ErrorCode_CONFIG_INTERFACE_FAILURE,
-					Message: "failed to configure container IP: unable to attach HnsEndpoint",
-				},
-			},
-		}, {
-			name:                "docker-infra-success",
-			podName:             "pod2",
-			containerID:         dockerInfraContainer,
-			infraContainerID:    dockerInfraContainer,
-			netns:               "none",
-			ipamAdd:             true,
-			connectOVS:          true,
-			containerIfaceExist: true,
-		}, {
-			name:             "docker-workload-allocate-ip-failure",
-			podName:          "pod3",
-			containerID:      dockerWorkContainer,
-			infraContainerID: unknownInfraContainer,
-			netns:            fmt.Sprintf("container:%s", unknownInfraContainer),
-			expectedErr:      fmt.Errorf("allocated IP address not found"),
-		}, {
-			name:             "docker-workload-no-endpoint",
-			podName:          "pod4",
-			containerID:      dockerWorkContainer,
-			infraContainerID: dockerInfraContainer,
-			netns:            fmt.Sprintf("container:%s", dockerInfraContainer),
-			oriIPAMResult:    oriIPAMResult,
-			errResponse: &cnipb.CniCmdResponse{
-				Error: &cnipb.Error{
-					Code:    cnipb.ErrorCode_CONFIG_INTERFACE_FAILURE,
-					Message: "failed to find HNSEndpoint: pod4-6631b7",
-				},
-			},
-		}, {
-			name:              "docker-workload-attach-failure",
-			podName:           "pod5",
-			containerID:       dockerWorkContainer,
-			infraContainerID:  dockerInfraContainer,
-			netns:             fmt.Sprintf("container:%s", dockerInfraContainer),
-			oriIPAMResult:     oriIPAMResult,
-			endpointAttachErr: fmt.Errorf("unable to attach HnsEndpoint"),
-			endpointExists:    true,
-			errResponse: &cnipb.CniCmdResponse{
-				Error: &cnipb.Error{
-					Code:    cnipb.ErrorCode_CONFIG_INTERFACE_FAILURE,
-					Message: "failed to configure container IP: unable to attach HnsEndpoint",
-				},
-			},
-		}, {
-			name:             "docker-workload-success",
-			podName:          "pod6",
-			containerID:      dockerWorkContainer,
-			infraContainerID: dockerInfraContainer,
-			netns:            fmt.Sprintf("container:%s", dockerInfraContainer),
-			oriIPAMResult:    oriIPAMResult,
-			endpointExists:   true,
-		}, {
-			name:             "docker-workload-already-attached",
-			podName:          "pod7",
-			containerID:      dockerWorkContainer,
-			infraContainerID: dockerInfraContainer,
-			netns:            fmt.Sprintf("container:%s", dockerInfraContainer),
-			isAttached:       true,
-			endpointExists:   true,
-			oriIPAMResult:    oriIPAMResult,
-		}, {
+		 {
 			name:                "containerd-success",
 			podName:             "pod8",
 			containerID:         containerdInfraContainer,
@@ -500,14 +406,9 @@ func TestCmdAdd(t *testing.T) {
 			}
 			ovsPortID := generateUUID()
 			if tc.connectOVS {
-				if isDocker {
-					mockOVSBridgeClient.EXPECT().CreateInternalPort(ovsPortName, int32(0), gomock.Any(), gomock.Any()).Return(ovsPortID, nil).Times(1)
-					mockOVSBridgeClient.EXPECT().GetOFPort(ovsPortName, false).Return(int32(100), nil).Times(1)
-				} else {
-					mockOVSBridgeClient.EXPECT().CreatePort(ovsPortName, ovsPortName, gomock.Any()).Return(ovsPortID, nil).Times(1)
-					mockOVSBridgeClient.EXPECT().SetInterfaceType(ovsPortName, "internal").Return(nil).Times(1)
-					mockOVSBridgeClient.EXPECT().GetOFPort(ovsPortName, true).Return(int32(100), nil).Times(1)
-				}
+				mockOVSBridgeClient.EXPECT().CreatePort(ovsPortName, ovsPortName, gomock.Any()).Return(ovsPortID, nil).Times(1)
+				mockOVSBridgeClient.EXPECT().SetInterfaceType(ovsPortName, "internal").Return(nil).Times(1)
+				mockOVSBridgeClient.EXPECT().GetOFPort(ovsPortName, true).Return(int32(100), nil).Times(1)
 				mockOFClient.EXPECT().InstallPodFlows(ovsPortName, gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(nil)
 				mockRoute.EXPECT().AddLocalAntreaFlexibleIPAMPodRule(gomock.Any()).Return(nil).Times(1)
 			}
@@ -577,22 +478,14 @@ func TestCmdDel(t *testing.T) {
 		ifaceExists    bool
 		errResponse    *cnipb.CniCmdResponse
 	}{
-		{
-			name:           "docker-infra-success",
-			netns:          "none",
-			ipamDel:        true,
-			disconnectOVS:  true,
-			endpointExists: true,
-			ifaceExists:    true,
-		},
 		{
 			name:    "interface-not-exist",
-			netns:   "none",
+			netns:   generateUUID(),
 			ipamDel: true,
 		},
 		{
 			name:           "ipam-delete-failure",
-			netns:          "none",
+			netns:          generateUUID(),
 			ipamDel:        true,
 			ipamError:      fmt.Errorf("unable to delete IP"),
 			disconnectOVS:  true,
@@ -709,7 +602,7 @@ func TestCmdCheck(t *testing.T) {
 		{
 			name:        "check-success",
 			podName:     "pod0",
-			netns:       "none",
+			netns:       generateUUID(),
 			containerID: containerID,
 			prevResult: wrapperIPAMResult(*ipamResult, []*current.Interface{
 				{Name: "pod0-6631b7", Mac: "11:22:33:44:33:22", Sandbox: ""},
@@ -725,7 +618,7 @@ func TestCmdCheck(t *testing.T) {
 		}, {
 			name:        "pod-namespace-mismatch",
 			podName:     "pod1",
-			netns:       "none",
+			netns:       generateUUID(),
 			containerID: containerID,
 			prevResult: wrapperIPAMResult(*ipamResult, []*current.Interface{
 				{Name: "pod1-6631b7", Mac: "11:22:33:44:33:22", Sandbox: ""},
@@ -747,7 +640,7 @@ func TestCmdCheck(t *testing.T) {
 		}, {
 			name:        "container-host-names-mismatch",
 			podName:     "pod2",
-			netns:       "none",
+			netns:       generateUUID(),
 			containerID: containerID,
 			prevResult: wrapperIPAMResult(*ipamResult, []*current.Interface{
 				{Name: "pod2-6631b7", Mac: "11:22:33:44:33:22", Sandbox: ""},
@@ -769,7 +662,7 @@ func TestCmdCheck(t *testing.T) {
 		}, {
 			name:        "container-host-MAC-mismatch",
 			podName:     "pod3",
-			netns:       "none",
+			netns:       generateUUID(),
 			containerID: containerID,
 			prevResult: wrapperIPAMResult(*ipamResult, []*current.Interface{
 				{Name: "pod3-6631b7", Mac: "11:22:33:44:33:22", Sandbox: ""},