The go-cni from containerd

Why is libcni in a subpackage?

How to connect to the network?

Once I have created container and network, how do I connect to it?

How to remove/release IP if container has stopped and namespaces does not exist

Create interfaces per network

To support multiple networks we will need to pass in different interface names per network.

ip may be leaked when call RunPodSandbox failed

environments

containerd 1.4.0
cni v0.6.0

cni configuration

{
  "name":"cni0",
  "cniVersion":"0.3.1",
  "plugins":[
    {
      "type":"flannel",
      "delegate":{
        "forceAddress":true,
        "hairpinMode": true,
        "isDefaultGateway":true
      }
    },
    {
      "type":"portmap",
      "capabilities":{
        "portMappings":true
      }
    }
  ]
}

containerd log

Oct 13 19:57:27 node-6 containerd: time="2020-10-13T19:57:27.000650503+08:00" level=error msg="Failed to destroy network for sandbox \"48579e8be48f4e17144c81e6750947513bd790985c3513a78a84d3569d94b33c\"" error="delegateDel: error invoking ConflistDel - \"cni0\": conflistDel: error in getting result from DelNetworkList: could not teardown ipv4 snat: running [/usr/sbin/iptables -t nat -N CNI-SN-789e45a28000a6e5f5d67 --wait]: exit status 4: iptables: Resource temporarily unavailable.\n"

expected

ip recycled

real

ip leaked

look like, this should be cni question, but cni plugins should return failed also

note... until cni adds a converter (see below) for 1.0.1 we can't move up the version we are using in containerd or we won't be able to do a live update of containerd.. because when you try to remove the pod and it goes to destroy the network.. you'll get one of these errors:

FATA[0000] stopping the pod sandbox "9b": rpc error: code = Unknown desc = failed to destroy network for sandbox "9b068ec35dfaffe5e92287db5d24731a30569d13ab88addfeb07361956d407e4": failed to get network "containerd-net" cached result: failed to convert cached result to config version "1.0.1": no converter for CNI result version 0.4.0 to 1.0.1

here's the list of existing converters: https://github.com/containernetworking/cni/blob/master/pkg/types/100/types.go#L43

Some use issue about `WithArgs` in namespace_opts.go

Hello all,

I got some special issue about WithArgs in namespace_opts.go. For right now, the code below

func WithArgs(k, v string) NamespaceOpts {
	return func(c *Namespace) error {
		c.args[k] = v
		return nil
	}
}

Just allow people to use string as value when calling this function. But in the specification, the value may be a slice type. FYI https://www.cni.dev/docs/conventions/#args-in-network-config

I'm not sure if there is some mistake?

add cni plugin config file max num config

Make cni plugin config file num configurable， let containerd can make mutil network card

Changes to support cni 0.4.0

GET command

Establish cadence for regularly updating CNI

Need to decide when to update CNI and establish a cadence process.

coordinate updating cni and plugins across the stack
#56
evaluate new cni cache config apis

Code comment points to dead link

This line points to a dead link.

go-cni/namespace_opts.go

Line 37 in 2d9d28f

// https://github.com/heptio/cni-plugins/tree/master/plugins/meta/bandwidth

New Link:
https://github.com/containernetworking/plugins/tree/master/plugins/meta/bandwidth

`Remove` suppresses errors unnecessarily

(*libcni).Remove ignores not found errors, which suppresses valid errors from plugins that are cannot find the resource required to properly delete an interface.

A blanket ignore prevents the runtime from identifying and issue, and can cause future errors if the runtime tries to re-use the same interface name.

Question: Possible to find CNI Pod?

I apologize in advance if this isn't the right place for this question. I'm trying to identify the pod responsible for providing the CNI to a node. I have a use case where I need to destroy all pods on a node, without using Kubernetes, and I need to destroy the CNI pod last. The reason I need to do this is because in the case of cilium, if I destroy the cilium pod first, I get the following error when attempting to destroy subsequent pods:

StopPodSandbox "c0e0d734fbf5d44c44cac7ca535475a0a747b55abee1782c842fc270b1a254e6" from runtime service failed: rpc error: code = Unknown desc = failed to destroy network for sandbox "c0e0d734fbf5d44c44cac7ca535475a0a747b55abee1782c842fc270b1a254e6": unable to connect to Cilium daemon: failed to create cilium agent client after 30.000000 seconds timeout: Get http:///var/run/cilium/cilium.sock/v1/config: dial unix /var/run/cilium/cilium.sock: connect: no such file or directory

I don't know if I will face something similar with other CNIs, and I'd like to discover the CNI pod dynamically so that I can destroy it last. So maybe I have 2 questions:

Is it possible to discover which pod is providing the CNI to a given node?
If so, can I use this package to do so?

I am posting these questions here since I am using containerd as the CRI, so I figured the maintainers of this package would know best. I appreciate any kind of help you guys can offer 🙂.

go test data race in parallel network setup

After bumping go-cni from 1.1.0 to 1.1.1 we saw data race warning from go test -race in our containerd integration test suit. The tests are with no change only go-cni bumped.

==================
WARNING: DATA RACE
Read at 0x00c00046e598 by goroutine 45:
  github.com/containernetworking/cni/libcni.(*CNIConfig).ensureExec()
      github.com/containernetworking/[email protected]/libcni/api.go:183 +0x99
  github.com/containernetworking/cni/libcni.(*CNIConfig).addNetwork()
      github.com/containernetworking/[email protected]/libcni/api.go:394 +0x88
  github.com/containernetworking/cni/libcni.(*CNIConfig).AddNetworkList()
      github.com/containernetworking/[email protected]/libcni/api.go:422 +0x18f
  github.com/containerd/go-cni.(*Network).Attach()
      github.com/containerd/[email protected]/namespace.go:33 +0xbd
  github.com/containerd/go-cni.asynchAttach()
      github.com/containerd/[email protected]/cni.go:165 +0xd2
  github.com/containerd/go-cni.(*libcni).attachNetworks·dwrap·5()
      github.com/containerd/[email protected]/cni.go:177 +0x99

Previous write at 0x00c00046e598 by goroutine 44:
  github.com/containernetworking/cni/libcni.(*CNIConfig).ensureExec()
      github.com/containernetworking/[email protected]/libcni/api.go:184 +0x191
  github.com/containernetworking/cni/libcni.(*CNIConfig).addNetwork()
      github.com/containernetworking/[email protected]/libcni/api.go:394 +0x88
  github.com/containernetworking/cni/libcni.(*CNIConfig).AddNetworkList()
      github.com/containernetworking/[email protected]/libcni/api.go:422 +0x18f
  github.com/containerd/go-cni.(*Network).Attach()
      github.com/containerd/[email protected]/namespace.go:33 +0xbd
  github.com/containerd/go-cni.asynchAttach()
      github.com/containerd/[email protected]/cni.go:165 +0xd2
  github.com/containerd/go-cni.(*libcni).attachNetworks·dwrap·5()
      github.com/containerd/[email protected]/cni.go:177 +0x99

Goroutine 45 (running) created at:
  github.com/containerd/go-cni.(*libcni).attachNetworks()
      github.com/containerd/[email protected]/cni.go:177 +0xf0
  github.com/containerd/go-cni.(*libcni).Setup()
      github.com/containerd/[email protected]/cni.go:150 +0xd0
  github.com/concourse/concourse/worker/runtime.cniNetwork.Add()
      github.com/concourse/concourse/worker/runtime/cni_network.go:382 +0xf3
  github.com/concourse/concourse/worker/runtime.(*cniNetwork).Add()
      <autogenerated>:1 +0x127

In the testing, while creating a containerd container, it tries to get the id and path of a containerd task to pass to cni Setup(). Both contaner and task are newly created for individual test. The only thing shared between our tests is the CNI client for setting up networks.

can't install with go modules

go get github.com/containerd/go-cni

results in:

go: finding github.com/containerd/go-cni latest
go: downloading github.com/containerd/go-cni v0.0.0-20190610170741-5a4663dad645
go: extracting github.com/containerd/go-cni v0.0.0-20190610170741-5a4663dad645
# github.com/containerd/go-cni
../../go/pkg/mod/github.com/containerd/[email protected]/namespace.go:31:32: not enough arguments in call to n.cni.AddNetworkList
	have (*libcni.NetworkConfigList, *libcni.RuntimeConf)
	want (context.Context, *libcni.NetworkConfigList, *libcni.RuntimeConf)
../../go/pkg/mod/github.com/containerd/[email protected]/namespace.go:39:29: not enough arguments in call to n.cni.DelNetworkList
	have (*libcni.NetworkConfigList, *libcni.RuntimeConf)
	want (context.Context, *libcni.NetworkConfigList, *libcni.RuntimeConf)

Loading configuration with multiple plugins fail with "WithConfFile"

Whenever I try to load a config with cni.Load(gocni.WithLoNetwork, gocni.WithConfFile(filepath.Join(CNIConfDir, DefaultCNIConfFilename))) that has multiple plugins like:

{
    "cniVersion": "0.4.0",
    "name": "mybridge",
    "type": "bridge",
    "plugins": [
      {
        "type": "bridge",
        "bridge": "myb0",
        "isGateway": true,
        "ipMasq": true,
        "ipam": {
            "type": "host-local",
            "subnet": "10.62.0.0/16",
            "routes": [
                { "dst": "0.0.0.0/0" }
            ]
        }
      },
      {
        "type": "firewall"
      }
    ]
}

I get an error like cni config load failed: error parsing configuration: missing 'type'.

If I load the same config with cni.Load(gocni.WithLoNetwork, gocni.WithDefaultConf), it successes.

Shouldn't both have same behavior where by using WithConfFile I can guarantee that I'm loading the correct config?

Open items for completion

Readme and Usage guidlines
Port mapping testing
Unit Test cases
Supporting specific network attachments
More hooks and extensions
Evaluate use cases like these:
https://github.com/clearcontainers/runtime/blob/master/docs/architecture/architecture.md#cni . If we can make it easier for them to use cni through our library.
Makefile,formats etc

cannot use mockCNI (type *MockCNI) as type libcni.CNI

With github.com/containernetworking/cni 0.7.0 and Golang 1.12.2:

Testing    in: /builddir/build/BUILD/go-cni-891c2a41e18144b2d7921f971d6c9789a68046b2/_build/src
         PATH: /builddir/build/BUILD/go-cni-891c2a41e18144b2d7921f971d6c9789a68046b2/_build/bin:/builddir/.local/bin:/builddir/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/sbin
       GOPATH: /builddir/build/BUILD/go-cni-891c2a41e18144b2d7921f971d6c9789a68046b2/_build:/usr/share/gocode
  GO111MODULE: off
      command: go test -buildmode pie -compiler gc -ldflags "-X github.com/containerd/go-cni/version.commit=891c2a41e18144b2d7921f971d6c9789a68046b2 -X github.com/containerd/go-cni/version=0 -extldflags '-Wl,-z,relro -Wl,--as-needed  -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '"
      testing: github.com/containerd/go-cni
github.com/containerd/go-cni
# github.com/containerd/go-cni [github.com/containerd/go-cni.test]
./namespace.go:31:32: not enough arguments in call to n.cni.AddNetworkList
	have (*libcni.NetworkConfigList, *libcni.RuntimeConf)
	want (context.Context, *libcni.NetworkConfigList, *libcni.RuntimeConf)
./namespace.go:39:29: not enough arguments in call to n.cni.DelNetworkList
	have (*libcni.NetworkConfigList, *libcni.RuntimeConf)
	want (context.Context, *libcni.NetworkConfigList, *libcni.RuntimeConf)
./cni_test.go:50:20: cannot use mockCNI (type *MockCNI) as type libcni.CNI in assignment:
	*MockCNI does not implement libcni.CNI (wrong type for AddNetwork method)
		have AddNetwork(*libcni.NetworkConfig, *libcni.RuntimeConf) (types.Result, error)
		want AddNetwork(context.Context, *libcni.NetworkConfig, *libcni.RuntimeConf) (types.Result, error)
./cni_test.go:66:20: cannot use mockCNI (type *MockCNI) as type libcni.CNI in assignment:
	*MockCNI does not implement libcni.CNI (wrong type for AddNetwork method)
		have AddNetwork(*libcni.NetworkConfig, *libcni.RuntimeConf) (types.Result, error)
		want AddNetwork(context.Context, *libcni.NetworkConfig, *libcni.RuntimeConf) (types.Result, error)
./cni_test.go:122:20: cannot use mockCNI (type *MockCNI) as type libcni.CNI in assignment:
	*MockCNI does not implement libcni.CNI (wrong type for AddNetwork method)
		have AddNetwork(*libcni.NetworkConfig, *libcni.RuntimeConf) (types.Result, error)
		want AddNetwork(context.Context, *libcni.NetworkConfig, *libcni.RuntimeConf) (types.Result, error)
./cni_test.go:123:20: cannot use mockCNI (type *MockCNI) as type libcni.CNI in assignment:
	*MockCNI does not implement libcni.CNI (wrong type for AddNetwork method)
		have AddNetwork(*libcni.NetworkConfig, *libcni.RuntimeConf) (types.Result, error)
		want AddNetwork(context.Context, *libcni.NetworkConfig, *libcni.RuntimeConf) (types.Result, error)
./cni_test.go:151:20: cannot use mockCNI (type *MockCNI) as type libcni.CNI in assignment:
	*MockCNI does not implement libcni.CNI (wrong type for AddNetwork method)
		have AddNetwork(*libcni.NetworkConfig, *libcni.RuntimeConf) (types.Result, error)
		want AddNetwork(context.Context, *libcni.NetworkConfig, *libcni.RuntimeConf) (types.Result, error)
FAIL	github.com/containerd/go-cni [build failed]

containerd / go-cni Goto Github PK

go-cni's Introduction

go-cni

Usage

Project details

go-cni's People

Contributors

Stargazers

Watchers

Forkers

go-cni's Issues

environments

expected

real

Recommend Projects

Recommend Topics

Recommend Org