Pass interface name and MAC back to runtime #145
Conversation
|
For example, with OpenShift we'd use the hostIfname so that we don't have to jump into the container with 'nsenter' and grab the peer ifindex, then look that up on the host side. We also use nsenter to get the container veth MAC address, so this would also remove that step. I'm going to plumb this through Kubernetes too, since it assumes interfaces are always called 'eth0' which may not always be the case, like with the Calico CNI plugin. |
|
@steveej fixed the issue, PTAL |
|
Looks useful :) Wanted to chime in with a few thoughts:
@dcbw - Also wanted to correct the point above - the Calico CNI plugin does respect the CNI_IFNAME variable. I believe you're thinking of Mike Spreitzer's experimentation with mapping his own CNI plugin for Kubernetes to the Calico libnetwork plugin (which doesn't respect CNI_IFNAME for obvious reasons). |
|
@caseydavenport thanks for the clarification, and sorry for blaming the Calico plugin where I shouldn't have :) |
|
hey @dcbw would it be possible to include some tests of this functionality? We've started backfilling tests and it would be great to merge new code with tests. If you need examples or want to chat about how to test this I'd be happy to help. |
| The specification does not declare how this information must be processed by CNI consumers. | ||
| Examples include generating an `/etc/resolv.conf` file to be injected into the container filesystem or running a DNS forwarder on the host. | ||
| - `cniVersion` specifies a [Semantic Version 2.0](http://semver.org) of CNI specification used by the plugin. | ||
| - `dns` field contains a dictionary consisting of common DNS information that this network is aware of. The result is returned in the same format as specified in the [configuration](#network-configuration). The specification does not declare how this information must be processed by CNI consumers. Examples include generating an `/etc/resolv.conf` file to be injected into the container filesystem or running a DNS forwarder on the host. |
There was a problem hiding this comment.
Did you reformat this section intentionally? We've been writing one sentence (separated by .) per line in markdown files.
|
@steveej unintentional reformatting, I'll fix and repush with some testcases. |
Thanks :-) Also, please make sure the commit message conforms to https://github.com/appc/cni/blob/master/CONTRIBUTING.md#format-of-the-commit-message. We should go back to insisting on this, as |
dcbw
force-pushed
the
pass-ifname-back
branch
2 times, most recently
from
3c82107 to
bd0d7b2
Compare
|
@steveej repushed with the SPEC.md reformat fix. Also, instead of hardcoding "eth0" I have updated all plugins to use a prefix+index method and retry with an incremented index if the interface creation fails with EEXIST. This should make all plugins handle multiple interfaces in the same container as long as the runtime doesn't pass CNI_IFNAME. I have not added testcases yet, so this isn't ready to merge. But I wanted to get your opinion on this updated approach. |
Also updated the git commit message, is that better? |
|
Rebased on top of #167 with additional tests. |
|
@tgraf I just pushed an update that move Routes out of the IPs structure and updates the spec to clarify what IPAM plugins return. See #145 (comment) for more details on immediate plans. @containernetworking/cni-maintainers this push has these changes:
PTAL thanks! |
|
The spec changes look OK to me, with just one simple fix:
That being said, I'm a little fuzzy on what the routes (or gateway) are actually used for or needed for. Is that information consumed by any runtimes or is it just just used for passing info between IPAM and network plugins? |
|
@dcbw Given that |
@tomdee mostly passed between plugins. I can't see why anything except the thing that configures the container's networking (eg, the IPAM-wrapping plugin) would use it. |
dcbw
force-pushed
the
pass-ifname-back
branch
from
da8e2c9 to
0bd0a58
Compare
|
@tomdee updated the spec version, I don't know why I hadn't done that before... |
dcbw
force-pushed
the
pass-ifname-back
branch
from
0bd0a58 to
d3606f4
Compare
|
@tomdee @rosenhouse @squeed rebased on top of ordered chaining. |
| "version": "<4-or-6>", | ||
| "address": "<ip-and-prefix-in-CIDR>", | ||
| "gateway": "<ip-address-of-the-gateway>", (optional) | ||
| "interface": "<index into 'interfaces' list>" |
There was a problem hiding this comment.
Totally minor nit-pick, but the quotes probably don't belong around the numeric index value.
| "version": "<4-or-6>", | ||
| "address": "<ip-and-prefix-in-CIDR>", | ||
| "gateway": "<ip-address-of-the-gateway>", (optional) | ||
| "interface": "<index into 'interfaces' list>" (not required for IPAM plugins) |
There was a problem hiding this comment.
Again, I think this numeric index for interface shouldn't have quotes around the value.
Otherwise the test fails, since Go's JSON marshaller prints dict items alphabetically in its String() call.
…untime Updates the spec and plugins to return an array of interfaces and IP details to the runtime including: - interface names and MAC addresses configured by the plugin - whether the interfaces are sandboxed (container/VM) or host (bridge, veth, etc) - multiple IP addresses configured by IPAM and which interface they have been assigned to Returning interface details is useful for runtimes, as well as allowing more flexible chaining of CNI plugins themselves. For example, some meta plugins may need to know the host-side interface to be able to apply firewall or traffic shaping rules to the container.
dcbw
force-pushed
the
pass-ifname-back
branch
from
d3606f4 to
d5acb12
Compare
|
@rosenhouse fix up the spec; if this looks good mind hitting the merge button? Thanks! |
|
It would be an honor... |
| return err | ||
| } | ||
|
|
||
| // String returns a formatted string in the form of "[Interfaces: $1,][ IP: $2,] DNS: $3" where |
| result.IP4 = &types.IPConfig{ | ||
| IP: *ipn, | ||
| result.IPs = []*current.IPConfig{{ | ||
| Version: "4", |
There was a problem hiding this comment.
Just to be in context: Will Allocate() be called for ip4 nets only? Or how does this behave now?
There was a problem hiding this comment.
@AlexeyKasatkin nothing about the Allocate() call and the lease acquisition process changes. The DHCP plugin does not currently support DHCPv6 at all, and thus it's still limited to DHCPv4. Any invocation of the DHCP plugin will inherently try only IPv4.
But IPv6 patches would be gratefully accepted!
Add the infrastructure to pass interface names back from the plugin to the runtime. This lays the groundwork for letting runtimes not pass CNI_IFNAME and allowing plugins to determine that themsevles. This should be backwards compatible; if the runtime sends CNI_IFNAME then plugins must honor that and return an error if they cannot. If the runtime does not send CNI_IFNAME, the plugins currently default to 'eth0'.
Example output: