2015-12-16 23:31:10 +00:00
|
|
|
// +build linux
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
Copyright 2014 The Kubernetes Authors All rights reserved.
|
|
|
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
|
limitations under the License.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
package kubenet
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
|
|
|
|
"net"
|
|
|
|
|
"strings"
|
2016-04-26 20:56:46 +00:00
|
|
|
"sync"
|
2015-12-16 23:31:10 +00:00
|
|
|
"syscall"
|
|
|
|
|
|
|
|
|
|
"github.com/vishvananda/netlink"
|
|
|
|
|
|
|
|
|
|
"github.com/appc/cni/libcni"
|
|
|
|
|
"github.com/golang/glog"
|
|
|
|
|
kubecontainer "k8s.io/kubernetes/pkg/kubelet/container"
|
|
|
|
|
"k8s.io/kubernetes/pkg/kubelet/dockertools"
|
|
|
|
|
"k8s.io/kubernetes/pkg/kubelet/network"
|
|
|
|
|
"k8s.io/kubernetes/pkg/util/bandwidth"
|
2016-04-11 19:06:26 +00:00
|
|
|
utilexec "k8s.io/kubernetes/pkg/util/exec"
|
2016-04-01 17:00:05 +00:00
|
|
|
utilsets "k8s.io/kubernetes/pkg/util/sets"
|
2016-04-11 19:06:26 +00:00
|
|
|
utilsysctl "k8s.io/kubernetes/pkg/util/sysctl"
|
2015-12-16 23:31:10 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
const (
|
2016-03-02 00:17:04 +00:00
|
|
|
KubenetPluginName = "kubenet"
|
|
|
|
|
BridgeName = "cbr0"
|
|
|
|
|
DefaultCNIDir = "/opt/cni/bin"
|
2016-04-11 19:06:26 +00:00
|
|
|
|
|
|
|
|
sysctlBridgeCallIptables = "net/bridge/bridge-nf-call-iptables"
|
2015-12-16 23:31:10 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type kubenetNetworkPlugin struct {
|
2016-03-22 16:38:21 +00:00
|
|
|
network.NoopNetworkPlugin
|
|
|
|
|
|
2015-12-16 23:31:10 +00:00
|
|
|
host network.Host
|
|
|
|
|
netConfig *libcni.NetworkConfig
|
|
|
|
|
cniConfig *libcni.CNIConfig
|
|
|
|
|
shaper bandwidth.BandwidthShaper
|
|
|
|
|
|
2016-04-06 20:45:16 +00:00
|
|
|
podCIDRs map[kubecontainer.ContainerID]string
|
2015-12-16 23:31:10 +00:00
|
|
|
MTU int
|
2016-04-26 20:56:46 +00:00
|
|
|
mu sync.Mutex //Mutex for protecting podCIDRs map and netConfig
|
2015-12-16 23:31:10 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func NewPlugin() network.NetworkPlugin {
|
|
|
|
|
return &kubenetNetworkPlugin{
|
2016-04-06 20:45:16 +00:00
|
|
|
podCIDRs: make(map[kubecontainer.ContainerID]string),
|
2015-12-16 23:31:10 +00:00
|
|
|
MTU: 1460,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (plugin *kubenetNetworkPlugin) Init(host network.Host) error {
|
|
|
|
|
plugin.host = host
|
|
|
|
|
plugin.cniConfig = &libcni.CNIConfig{
|
|
|
|
|
Path: []string{DefaultCNIDir},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if link, err := findMinMTU(); err == nil {
|
|
|
|
|
plugin.MTU = link.MTU
|
|
|
|
|
glog.V(5).Infof("Using interface %s MTU %d as bridge MTU", link.Name, link.MTU)
|
|
|
|
|
} else {
|
|
|
|
|
glog.Warningf("Failed to find default bridge MTU: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-11 19:06:26 +00:00
|
|
|
// Since this plugin uses a Linux bridge, set bridge-nf-call-iptables=1
|
|
|
|
|
// is necessary to ensure kube-proxy functions correctly.
|
|
|
|
|
//
|
|
|
|
|
// This will return an error on older kernel version (< 3.18) as the module
|
|
|
|
|
// was built-in, we simply ignore the error here. A better thing to do is
|
|
|
|
|
// to check the kernel version in the future.
|
|
|
|
|
utilexec.New().Command("modprobe", "br-netfilter").CombinedOutput()
|
|
|
|
|
if err := utilsysctl.SetSysctl(sysctlBridgeCallIptables, 1); err != nil {
|
|
|
|
|
glog.Warningf("can't set sysctl %s: %v", sysctlBridgeCallIptables, err)
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-16 23:31:10 +00:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func findMinMTU() (*net.Interface, error) {
|
|
|
|
|
intfs, err := net.Interfaces()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
mtu := 999999
|
|
|
|
|
defIntfIndex := -1
|
|
|
|
|
for i, intf := range intfs {
|
|
|
|
|
if ((intf.Flags & net.FlagUp) != 0) && (intf.Flags&(net.FlagLoopback|net.FlagPointToPoint) == 0) {
|
|
|
|
|
if intf.MTU < mtu {
|
|
|
|
|
mtu = intf.MTU
|
|
|
|
|
defIntfIndex = i
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if mtu >= 999999 || mtu < 576 || defIntfIndex < 0 {
|
2016-03-23 00:26:50 +00:00
|
|
|
return nil, fmt.Errorf("no suitable interface: %v", BridgeName)
|
2015-12-16 23:31:10 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return &intfs[defIntfIndex], nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const NET_CONFIG_TEMPLATE = `{
|
|
|
|
|
"cniVersion": "0.1.0",
|
|
|
|
|
"name": "kubenet",
|
|
|
|
|
"type": "bridge",
|
|
|
|
|
"bridge": "%s",
|
|
|
|
|
"mtu": %d,
|
|
|
|
|
"addIf": "%s",
|
|
|
|
|
"isGateway": true,
|
|
|
|
|
"ipMasq": true,
|
|
|
|
|
"ipam": {
|
|
|
|
|
"type": "host-local",
|
|
|
|
|
"subnet": "%s",
|
|
|
|
|
"gateway": "%s",
|
|
|
|
|
"routes": [
|
|
|
|
|
{ "dst": "0.0.0.0/0" }
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
}`
|
|
|
|
|
|
|
|
|
|
func (plugin *kubenetNetworkPlugin) Event(name string, details map[string]interface{}) {
|
|
|
|
|
if name != network.NET_PLUGIN_EVENT_POD_CIDR_CHANGE {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-26 20:56:46 +00:00
|
|
|
plugin.mu.Lock()
|
|
|
|
|
defer plugin.mu.Unlock()
|
|
|
|
|
|
2015-12-16 23:31:10 +00:00
|
|
|
podCIDR, ok := details[network.NET_PLUGIN_EVENT_POD_CIDR_CHANGE_DETAIL_CIDR].(string)
|
|
|
|
|
if !ok {
|
|
|
|
|
glog.Warningf("%s event didn't contain pod CIDR", network.NET_PLUGIN_EVENT_POD_CIDR_CHANGE)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if plugin.netConfig != nil {
|
|
|
|
|
glog.V(5).Infof("Ignoring subsequent pod CIDR update to %s", podCIDR)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
glog.V(5).Infof("PodCIDR is set to %q", podCIDR)
|
|
|
|
|
_, cidr, err := net.ParseCIDR(podCIDR)
|
|
|
|
|
if err == nil {
|
|
|
|
|
// Set bridge address to first address in IPNet
|
|
|
|
|
cidr.IP.To4()[3] += 1
|
|
|
|
|
|
2016-03-02 00:17:04 +00:00
|
|
|
json := fmt.Sprintf(NET_CONFIG_TEMPLATE, BridgeName, plugin.MTU, network.DefaultInterfaceName, podCIDR, cidr.IP.String())
|
2016-03-31 20:54:45 +00:00
|
|
|
glog.V(2).Infof("CNI network config set to %v", json)
|
2015-12-16 23:31:10 +00:00
|
|
|
plugin.netConfig, err = libcni.ConfFromBytes([]byte(json))
|
|
|
|
|
if err == nil {
|
|
|
|
|
glog.V(5).Infof("CNI network config:\n%s", json)
|
|
|
|
|
|
|
|
|
|
// Ensure cbr0 has no conflicting addresses; CNI's 'bridge'
|
|
|
|
|
// plugin will bail out if the bridge has an unexpected one
|
|
|
|
|
plugin.clearBridgeAddressesExcept(cidr.IP.String())
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
glog.Warningf("Failed to generate CNI network config: %v", err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (plugin *kubenetNetworkPlugin) clearBridgeAddressesExcept(keep string) {
|
|
|
|
|
bridge, err := netlink.LinkByName(BridgeName)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
addrs, err := netlink.AddrList(bridge, syscall.AF_INET)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, addr := range addrs {
|
|
|
|
|
if addr.IPNet.String() != keep {
|
|
|
|
|
glog.V(5).Infof("Removing old address %s from %s", addr.IPNet.String(), BridgeName)
|
|
|
|
|
netlink.AddrDel(bridge, &addr)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (plugin *kubenetNetworkPlugin) Name() string {
|
|
|
|
|
return KubenetPluginName
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-01 17:00:05 +00:00
|
|
|
func (plugin *kubenetNetworkPlugin) Capabilities() utilsets.Int {
|
|
|
|
|
return utilsets.NewInt(network.NET_PLUGIN_CAPABILITY_SHAPING)
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-06 20:45:16 +00:00
|
|
|
func (plugin *kubenetNetworkPlugin) SetUpPod(namespace string, name string, id kubecontainer.ContainerID) error {
|
2016-04-01 17:00:05 +00:00
|
|
|
pod, ok := plugin.host.GetPodByName(namespace, name)
|
|
|
|
|
if !ok {
|
|
|
|
|
return fmt.Errorf("pod %q cannot be found", name)
|
|
|
|
|
}
|
|
|
|
|
ingress, egress, err := bandwidth.ExtractPodBandwidthResources(pod.Annotations)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("Error reading pod bandwidth annotations: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-26 23:10:07 +00:00
|
|
|
if err := plugin.Status(); err != nil {
|
2016-04-22 22:23:03 +00:00
|
|
|
return fmt.Errorf("Kubenet cannot SetUpPod: %v", err)
|
2015-12-16 23:31:10 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
runtime, ok := plugin.host.GetRuntime().(*dockertools.DockerManager)
|
|
|
|
|
if !ok {
|
|
|
|
|
return fmt.Errorf("Kubenet execution called on non-docker runtime")
|
|
|
|
|
}
|
2016-04-06 20:45:16 +00:00
|
|
|
netnsPath, err := runtime.GetNetNS(id)
|
2015-12-16 23:31:10 +00:00
|
|
|
if err != nil {
|
2016-04-19 19:21:14 +00:00
|
|
|
return fmt.Errorf("Kubenet failed to retrieve network namespace path: %v", err)
|
2015-12-16 23:31:10 +00:00
|
|
|
}
|
|
|
|
|
|
2016-04-06 20:45:16 +00:00
|
|
|
rt := buildCNIRuntimeConf(name, namespace, id, netnsPath)
|
2015-12-16 23:31:10 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("Error building CNI config: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-26 20:56:46 +00:00
|
|
|
if err = plugin.addContainerToNetwork(id, rt); err != nil {
|
|
|
|
|
return err
|
2015-12-16 23:31:10 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// The first SetUpPod call creates the bridge; ensure shaping is enabled
|
|
|
|
|
if plugin.shaper == nil {
|
|
|
|
|
plugin.shaper = bandwidth.NewTCShaper(BridgeName)
|
|
|
|
|
if plugin.shaper == nil {
|
|
|
|
|
return fmt.Errorf("Failed to create bandwidth shaper!")
|
|
|
|
|
}
|
|
|
|
|
plugin.shaper.ReconcileInterface()
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-01 17:00:05 +00:00
|
|
|
if egress != nil || ingress != nil {
|
|
|
|
|
ipAddr, _, _ := net.ParseCIDR(plugin.podCIDRs[id])
|
|
|
|
|
if err = plugin.shaper.ReconcileCIDR(fmt.Sprintf("%s/32", ipAddr.String()), egress, ingress); err != nil {
|
|
|
|
|
return fmt.Errorf("Failed to add pod to shaper: %v", err)
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-12-16 23:31:10 +00:00
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-06 20:45:16 +00:00
|
|
|
func (plugin *kubenetNetworkPlugin) TearDownPod(namespace string, name string, id kubecontainer.ContainerID) error {
|
2015-12-16 23:31:10 +00:00
|
|
|
if plugin.netConfig == nil {
|
|
|
|
|
return fmt.Errorf("Kubenet needs a PodCIDR to tear down pods")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
runtime, ok := plugin.host.GetRuntime().(*dockertools.DockerManager)
|
|
|
|
|
if !ok {
|
|
|
|
|
return fmt.Errorf("Kubenet execution called on non-docker runtime")
|
|
|
|
|
}
|
2016-04-06 20:45:16 +00:00
|
|
|
netnsPath, err := runtime.GetNetNS(id)
|
2015-12-16 23:31:10 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-06 20:45:16 +00:00
|
|
|
rt := buildCNIRuntimeConf(name, namespace, id, netnsPath)
|
2015-12-16 23:31:10 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("Error building CNI config: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// no cached CIDR is Ok during teardown
|
|
|
|
|
if cidr, ok := plugin.podCIDRs[id]; ok {
|
|
|
|
|
glog.V(5).Infof("Removing pod CIDR %s from shaper", cidr)
|
|
|
|
|
// shaper wants /32
|
|
|
|
|
if addr, _, err := net.ParseCIDR(cidr); err != nil {
|
|
|
|
|
if err = plugin.shaper.Reset(fmt.Sprintf("%s/32", addr.String())); err != nil {
|
|
|
|
|
glog.Warningf("Failed to remove pod CIDR %s from shaper: %v", cidr, err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2016-04-26 20:56:46 +00:00
|
|
|
if err = plugin.delContainerFromNetwork(id, rt); err != nil {
|
|
|
|
|
return err
|
2015-12-16 23:31:10 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// TODO: Use the addToNetwork function to obtain the IP of the Pod. That will assume idempotent ADD call to the plugin.
|
|
|
|
|
// Also fix the runtime's call to Status function to be done only in the case that the IP is lost, no need to do periodic calls
|
2016-04-26 23:10:07 +00:00
|
|
|
func (plugin *kubenetNetworkPlugin) GetPodNetworkStatus(namespace string, name string, id kubecontainer.ContainerID) (*network.PodNetworkStatus, error) {
|
2016-04-26 20:56:46 +00:00
|
|
|
plugin.mu.Lock()
|
|
|
|
|
defer plugin.mu.Unlock()
|
2015-12-16 23:31:10 +00:00
|
|
|
cidr, ok := plugin.podCIDRs[id]
|
|
|
|
|
if !ok {
|
|
|
|
|
return nil, fmt.Errorf("No IP address found for pod %v", id)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ip, _, err := net.ParseCIDR(strings.Trim(cidr, "\n"))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return &network.PodNetworkStatus{IP: ip}, nil
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-26 23:10:07 +00:00
|
|
|
func (plugin *kubenetNetworkPlugin) Status() error {
|
2016-04-22 22:23:03 +00:00
|
|
|
// Can't set up pods if we don't have a PodCIDR yet
|
|
|
|
|
if plugin.netConfig == nil {
|
|
|
|
|
return fmt.Errorf("Kubenet does not have netConfig. This is most likely due to lack of PodCIDR")
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-16 23:31:10 +00:00
|
|
|
func buildCNIRuntimeConf(podName string, podNs string, podInfraContainerID kubecontainer.ContainerID, podNetnsPath string) *libcni.RuntimeConf {
|
|
|
|
|
glog.V(4).Infof("Kubenet: using netns path %v", podNetnsPath)
|
|
|
|
|
glog.V(4).Infof("Kubenet: using podns path %v", podNs)
|
|
|
|
|
|
|
|
|
|
return &libcni.RuntimeConf{
|
|
|
|
|
ContainerID: podInfraContainerID.ID,
|
|
|
|
|
NetNS: podNetnsPath,
|
2016-03-02 00:17:04 +00:00
|
|
|
IfName: network.DefaultInterfaceName,
|
2015-12-16 23:31:10 +00:00
|
|
|
}
|
|
|
|
|
}
|
2016-04-26 20:56:46 +00:00
|
|
|
|
|
|
|
|
func (plugin *kubenetNetworkPlugin) addContainerToNetwork(id kubecontainer.ContainerID, rt *libcni.RuntimeConf) error {
|
|
|
|
|
plugin.mu.Lock()
|
|
|
|
|
defer plugin.mu.Unlock()
|
|
|
|
|
glog.V(3).Infof("Calling cni plugins to add container to network with cni runtime: %+v", rt)
|
|
|
|
|
res, err := plugin.cniConfig.AddNetwork(plugin.netConfig, rt)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("Error adding container to network: %v", err)
|
|
|
|
|
}
|
|
|
|
|
if res.IP4 == nil || res.IP4.IP.String() == "" {
|
|
|
|
|
return fmt.Errorf("CNI plugin reported no IPv4 address for container %v.", id)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
plugin.podCIDRs[id] = res.IP4.IP.String()
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (plugin *kubenetNetworkPlugin) delContainerFromNetwork(id kubecontainer.ContainerID, rt *libcni.RuntimeConf) error {
|
|
|
|
|
plugin.mu.Lock()
|
|
|
|
|
defer plugin.mu.Unlock()
|
|
|
|
|
glog.V(3).Infof("Calling cni plugins to remove container from network with cni runtime: %+v", rt)
|
|
|
|
|
if err := plugin.cniConfig.DelNetwork(plugin.netConfig, rt); err != nil {
|
|
|
|
|
return fmt.Errorf("Error removing container from network: %v", err)
|
|
|
|
|
}
|
|
|
|
|
delete(plugin.podCIDRs, id)
|
|
|
|
|
return nil
|
|
|
|
|
}
|
