vbatts/cri-o
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #489 from dcbw/fix-pod-namespace-name-id

Browse source 
sandbox: pass correct pod Namespace/Name to network plugins and fix id/name ordering
This commit is contained in:
Mrunal Patel 2017-05-06 09:17:19 -07:00 committed by GitHub
commit 88b8a9efe1
8 changed files with 93 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Dockerfile
View file

@ -66,6 +66,8 @@ RUN set -x \
&& cp bin/* /opt/cni/bin/ \ && cp bin/* /opt/cni/bin/ \
&& rm -rf "$GOPATH" && rm -rf "$GOPATH"
COPY test/plugin_test_args.bash /opt/cni/bin/plugin_test_args.bash
# Make sure we have some policy for pulling images # Make sure we have some policy for pulling images
RUN mkdir -p /etc/containers RUN mkdir -p /etc/containers
COPY test/policy.json /etc/containers/policy.json COPY test/policy.json /etc/containers/policy.json

7
server/sandbox.go
View file

@ -126,7 +126,11 @@ func hostNetNsPath() (string, error) {
type sandbox struct { type sandbox struct {
id string id string
namespace string
// OCI pod name (eg "<namespace>-<name>-<attempt>")
name string name string
// Kubernetes pod name (eg, "<name>")
kubeName string
logDir string logDir string
labels fields.Set labels fields.Set
annotations map[string]string annotations map[string]string
@ -144,7 +148,6 @@ type sandbox struct {
} }
const ( const (
podDefaultNamespace = "default"
defaultShmSize = 64 * 1024 * 1024 defaultShmSize = 64 * 1024 * 1024
nsRunDir = "/var/run/netns" nsRunDir = "/var/run/netns"
podInfraCommand = "/pause" podInfraCommand = "/pause"
@ -254,7 +257,7 @@ func (s *Server) generatePodIDandName(name string, namespace string, attempt uin
id = stringid.GenerateNonCryptoID() id = stringid.GenerateNonCryptoID()
) )
if namespace == "" { if namespace == "" {
namespace = podDefaultNamespace return "", "", fmt.Errorf("cannot generate pod ID without namespace")
} }
if name, err = s.reservePodName(id, fmt.Sprintf("%s-%s-%v", namespace, name, attempt)); err != nil { if name, err = s.reservePodName(id, fmt.Sprintf("%s-%s-%v", namespace, name, attempt)); err != nil {

11
server/sandbox_run.go
View file

@ -71,15 +71,15 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
logrus.Debugf("RunPodSandboxRequest %+v", req) logrus.Debugf("RunPodSandboxRequest %+v", req)
var processLabel, mountLabel, netNsPath, resolvPath string var processLabel, mountLabel, netNsPath, resolvPath string
// process req.Name // process req.Name
name := req.GetConfig().GetMetadata().Name kubeName := req.GetConfig().GetMetadata().Name
if name == "" { if kubeName == "" {
return nil, fmt.Errorf("PodSandboxConfig.Name should not be empty") return nil, fmt.Errorf("PodSandboxConfig.Name should not be empty")
} }
namespace := req.GetConfig().GetMetadata().Namespace namespace := req.GetConfig().GetMetadata().Namespace
attempt := req.GetConfig().GetMetadata().Attempt attempt := req.GetConfig().GetMetadata().Attempt
id, name, err := s.generatePodIDandName(name, namespace, attempt) id, name, err := s.generatePodIDandName(kubeName, namespace, attempt)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -268,7 +268,9 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
sb := &sandbox{ sb := &sandbox{
id: id, id: id,
namespace: namespace,
name: name, name: name,
kubeName: kubeName,
logDir: logDir, logDir: logDir,
labels: labels, labels: labels,
annotations: annotations, annotations: annotations,
@ -405,8 +407,7 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
// setup the network // setup the network
if !hostNetwork { if !hostNetwork {
podNamespace := "" if err = s.netPlugin.SetUpPod(netNsPath, namespace, kubeName, id); err != nil {
if err = s.netPlugin.SetUpPod(netNsPath, podNamespace, id, containerName); err != nil {
return nil, fmt.Errorf("failed to create network for container %s in sandbox %s: %v", containerName, id, err) return nil, fmt.Errorf("failed to create network for container %s in sandbox %s: %v", containerName, id, err)
} }
} }

3
server/sandbox_status.go
View file

@ -27,8 +27,7 @@ func (s *Server) PodSandboxStatus(ctx context.Context, req *pb.PodSandboxStatusR
if err != nil { if err != nil {
return nil, err return nil, err
} }
podNamespace := "" ip, err := s.netPlugin.GetContainerNetworkStatus(netNsPath, sb.namespace, sb.kubeName, sb.id)
ip, err := s.netPlugin.GetContainerNetworkStatus(netNsPath, podNamespace, sb.id, podInfraContainer.Name())
if err != nil { if err != nil {
// ignore the error on network status // ignore the error on network status
ip = "" ip = ""

5
server/sandbox_stop.go
View file

@ -19,20 +19,19 @@ func (s *Server) StopPodSandbox(ctx context.Context, req *pb.StopPodSandboxReque
return nil, err return nil, err
} }
podNamespace := ""
podInfraContainer := sb.infraContainer podInfraContainer := sb.infraContainer
netnsPath, err := podInfraContainer.NetNsPath() netnsPath, err := podInfraContainer.NetNsPath()
if err != nil { if err != nil {
return nil, err return nil, err
} }
if _, err := os.Stat(netnsPath); err == nil { if _, err := os.Stat(netnsPath); err == nil {
if err2 := s.netPlugin.TearDownPod(netnsPath, podNamespace, sb.id, podInfraContainer.Name()); err2 != nil { if err2 := s.netPlugin.TearDownPod(netnsPath, sb.namespace, sb.kubeName, sb.id); err2 != nil {
return nil, fmt.Errorf("failed to destroy network for container %s in sandbox %s: %v", return nil, fmt.Errorf("failed to destroy network for container %s in sandbox %s: %v",
podInfraContainer.Name(), sb.id, err2) podInfraContainer.Name(), sb.id, err2)
} }
} else if !os.IsNotExist(err) { // it's ok for netnsPath to *not* exist } else if !os.IsNotExist(err) { // it's ok for netnsPath to *not* exist
return nil, fmt.Errorf("failed to stat netns path for container %s in sandbox %s before tearing down the network: %v", return nil, fmt.Errorf("failed to stat netns path for container %s in sandbox %s before tearing down the network: %v",
podInfraContainer.Name(), sb.id, err) sb.name, sb.id, err)
} }
// Close the sandbox networking namespace. // Close the sandbox networking namespace.

20
test/helpers.bash
View file

@ -149,7 +149,12 @@ function start_ocid() {
"$OCID_BINARY" --conmon "$CONMON_BINARY" --listen "$OCID_SOCKET" --runtime "$RUNTIME_BINARY" --root "$TESTDIR/ocid" --runroot "$TESTDIR/ocid-run" $STORAGE_OPTS --seccomp-profile "$seccomp" --apparmor-profile "$apparmor" --cni-config-dir "$OCID_CNI_CONFIG" --signature-policy "$INTEGRATION_ROOT"/policy.json --config /dev/null config >$OCID_CONFIG "$OCID_BINARY" --conmon "$CONMON_BINARY" --listen "$OCID_SOCKET" --runtime "$RUNTIME_BINARY" --root "$TESTDIR/ocid" --runroot "$TESTDIR/ocid-run" $STORAGE_OPTS --seccomp-profile "$seccomp" --apparmor-profile "$apparmor" --cni-config-dir "$OCID_CNI_CONFIG" --signature-policy "$INTEGRATION_ROOT"/policy.json --config /dev/null config >$OCID_CONFIG
# Prepare the CNI configuration files, we're running with non host networking by default # Prepare the CNI configuration files, we're running with non host networking by default
prepare_network_conf $POD_CIDR if [[ -n "$4" ]]; then
netfunc="$4"
else
netfunc="prepare_network_conf"
fi
${netfunc} $POD_CIDR
"$OCID_BINARY" --debug --config "$OCID_CONFIG" & OCID_PID=$! "$OCID_BINARY" --debug --config "$OCID_CONFIG" & OCID_PID=$!
wait_until_reachable wait_until_reachable
@ -288,6 +293,19 @@ EOF
echo 0 echo 0
} }
function prepare_plugin_test_args_network_conf() {
mkdir -p $OCID_CNI_CONFIG
cat >$OCID_CNI_CONFIG/10-plugin-test-args.conf <<-EOF
{
"cniVersion": "0.2.0",
"name": "ocidnet",
"type": "plugin_test_args.bash"
}
EOF
echo 0
}
function check_pod_cidr() { function check_pod_cidr() {
fullnetns=`ocic pod status --id $1 | grep namespace | cut -d ' ' -f 3` fullnetns=`ocic pod status --id $1 | grep namespace | cut -d ' ' -f 3`
netns=`basename $fullnetns` netns=`basename $fullnetns`

16
test/network.bats
View file

@ -51,3 +51,19 @@ load helpers
cleanup_pods cleanup_pods
stop_ocid stop_ocid
} }
@test "Ensure correct CNI plugin namespace/name/container-id arguments" {
start_ocid "" "" "" "prepare_plugin_test_args_network_conf"
run ocic pod run --config "$TESTDATA"/sandbox_config.json
[ "$status" -eq 0 ]
. /tmp/plugin_test_args.out
[ "$FOUND_CNI_CONTAINERID" != "redhat.test.ocid" ]
[ "$FOUND_CNI_CONTAINERID" != "podsandbox1" ]
[ "$FOUND_K8S_POD_NAMESPACE" = "redhat.test.ocid" ]
[ "$FOUND_K8S_POD_NAME" = "podsandbox1" ]
cleanup_pods
stop_ocid
}

37
test/plugin_test_args.bash Executable file
View file

@ -0,0 +1,37 @@
#!/bin/bash
if [[ -z "${CNI_ARGS}" ]]; then
exit 1
fi
IFS=';' read -ra array <<< "${CNI_ARGS}"
for arg in "${array[@]}"; do
IFS='=' read -ra item <<< "${arg}"
if [[ "${item[0]}" = "K8S_POD_NAMESPACE" ]]; then
K8S_POD_NAMESPACE="${item[1]}"
elif [[ "${item[0]}" = "K8S_POD_NAME" ]]; then
K8S_POD_NAME="${item[1]}"
fi
done
if [[ -z "${CNI_CONTAINERID}" ]]; then
exit 1
elif [[ -z "${K8S_POD_NAMESPACE}" ]]; then
exit 1
elif [[ -z "${K8S_POD_NAME}" ]]; then
exit 1
fi
echo "FOUND_CNI_CONTAINERID=${CNI_CONTAINERID}" >> /tmp/plugin_test_args.out
echo "FOUND_K8S_POD_NAMESPACE=${K8S_POD_NAMESPACE}" >> /tmp/plugin_test_args.out
echo "FOUND_K8S_POD_NAME=${K8S_POD_NAME}" >> /tmp/plugin_test_args.out
cat <<-EOF
{
"cniVersion": "0.2.0",
"ip4": {
"ip": "1.1.1.1/24"
}
}
EOF