Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

hotplug feature: add pod networks annotation controller #777

Closed
wants to merge 41 commits into from
Closed

hotplug feature: add pod networks annotation controller #777

wants to merge 41 commits into from

Conversation

maiqueb
Copy link
Collaborator

@maiqueb maiqueb commented Jan 13, 2022
edited
Loading

Features:

  • a very opinionated refactor of multus, allowing its delegate handling functions to be called outside the package
  • a controller listening to multus annotations. When the multus annotations changes, it will invoke the corresponding delegate
  • e2e tests
  • two runtimes (required to read to network namespace of the pod being updated - which is a CNI parameter)
    • containerd
    • crio
  • unit tests of every new package

TODO:

  • figure out what is holding this PR
  • act upon revive's comments

@maiqueb maiqueb force-pushed the add-networks-annotation-controller branch from 2434098 to f99f08e Compare January 13, 2022 16:13
@maiqueb
Copy link
Collaborator Author

maiqueb commented Jan 13, 2022

This forced push features:

  • removed the status condition updates
  • fixed revive's comments (causing the unit test jobs to fail).

@coveralls
Copy link

coveralls commented Jan 13, 2022
edited
Loading

Pull Request Test Coverage Report for Build 1993977572

  • 59 of 165 (35.76%) changed or added relevant lines in 5 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage decreased (-2.3%) to 64.81%
Changes Missing Coverage Covered Lines Changed/Added Lines %
pkg/types/conf.go 0 3 0.0%
pkg/k8sclient/k8sclient.go 16 21 76.19%
pkg/multus/multus.go 39 52 75.0%
pkg/types/extractors.go 0 85 0.0%
Totals Coverage Status
Change from base Build 1952559576: -2.3%
Covered Lines: 1722
Relevant Lines: 2657
💛 - Coveralls

@maiqueb maiqueb force-pushed the add-networks-annotation-controller branch 2 times, most recently from c99daa7 to df801b2 Compare January 13, 2022 17:35
@maiqueb
Copy link
Collaborator Author

maiqueb commented Jan 13, 2022

@s1061123 I think the approach you shared offline is in line w/ this commit: df801b2

I would appreciate if you'd help me understand how to build the missing data on the controller.

Furthermore, a logic split is required on the multus CmdAdd function.

If we take this route, when the time comes to handle the default route update, another serious refactor on the multus pkg will be required.

@maiqueb maiqueb force-pushed the add-networks-annotation-controller branch 3 times, most recently from 249a538 to 3d4cb6d Compare January 14, 2022 13:39
maiqueb added 10 commits February 9, 2022 11:43
@maiqueb
thick-plugin: refactor multus
71ea3b5 
Multus is refactored as a thick plugin, featuring 2 main components:
  - a server listening to a unix domain socket, running in a pod
  - a shim, a binary on the host that will send JSON requests built from
    its environment / stdin values to the aforementioned server.

The pod where the multus daemon is running must share the host's PID
namespace.

Signed-off-by: Miguel Duarte Barroso <[email protected]>
@maiqueb
react to maintainers review
bba9474 
Signed-off-by: Miguel Duarte Barroso <[email protected]>
@maiqueb
thick, deployment: update the daemonset spec
aed83d5 
Signed-off-by: Miguel Duarte Barroso <[email protected]>
@maiqueb
thick, config: validate the cni config passed by the runtime
c163cc7 
Without this patch, we're blindly trusting anything sent by the server.
This way, we assure the requests arriving at the multus controller are
valid before hand.

Signed-off-by: Miguel Duarte Barroso <[email protected]>
@maiqueb
thick: model client / server config
6e22328 
Also add a new command line parameter on the multus controller, pointing
it to the server configuration.

Signed-off-by: Miguel Duarte Barroso <[email protected]>
@maiqueb
SQUASH candidate, thick, config: cleanup the configuration
3f31f0d 
Signed-off-by: Miguel Duarte Barroso <[email protected]>
@maiqueb
multus: use args.args instead of an env variable
41ce328 
CNI is already filling the args structure; we should consume that
rather than rely on the environment variables.

Signed-off-by: Miguel Duarte Barroso <[email protected]>
@maiqueb
unit tests: remove weird tests that check an impossible scenario
ddcd865 
Signed-off-by: Miguel Duarte Barroso <[email protected]>
@maiqueb
docs, thick: document the thick plugin variant
7fcfe77 
Signed-off-by: Miguel Duarte Barroso <[email protected]>
@maiqueb
thick, server, multus: re-use common types
1d228ee 
Signed-off-by: Miguel Duarte Barroso <[email protected]>
@maiqueb maiqueb changed the title hotplug feature: add pod networks annotation controller WIP: hotplug feature: add pod networks annotation controller Feb 17, 2022
dougbtv and others added 10 commits February 21, 2022 09:13
@dougbtv
Merge pull request k8snetworkplumbingwg#771 from maiqueb/thick-arch
b800e09 
Refactor multus as a thick plugin
@s1061123
Replace setenv with runtimeConfig set (k8snetworkplumbingwg#785)
9a66450 
setenv refers environment variables, which is unique in process,
not unique to go routine. Hence it may causes some issue in multi
threaded case, hence it is replaced with libcni's runtimeConfig
value set to set these variables at libcni side, after process
fork.
@s1061123
Make binary file and directory name consistent
b652f86 
This change make binary file and directory name consistent.
In addition, change the package name cni to server because cni
is a bit umbiguous for cni plugin's repository.
@s1061123
Simplify e2e scripts (k8snetworkplumbingwg#795)
20224de
@s1061123
Split multus unit tests into several files
e6e854a 
To simplify multus unit tests, split it into several files,
based on testing CNI version.
@s1061123 @bn222
check version incompatibility (k8snetworkplumbingwg#762) (k8snetworkp…
efde67b 
…lumbingwg#798)

* multus: entrypoint: disallow incompatible cni versions

When top level CNI version is 0.4.0 or more, nested CNI version
can't be less than 0.4.0 since these are incompatible. This
closes issue k8snetworkplumbingwg#737.

Signed-off-by: Balazs Nemeth <[email protected]>

* multus: thick: disallow incompatible cni versions

Similarly to disallowing incompatible versions in entrypoint.sh,
add the same logic in go for the thick plugin.

Signed-off-by: Balazs Nemeth <[email protected]>

* multus: add unit test for incompatible cni versions

Signed-off-by: Balazs Nemeth <[email protected]>

Co-authored-by: Balazs Nemeth <[email protected]>
@dougbtv
Merge pull request k8snetworkplumbingwg#797 from s1061123/dev/refine_…
5b3f05e 
…multus_ut

Split multus unit tests into several files
@s1061123
Support CNI 1.0.0
107121c 
Fix k8snetworkplumbingwg#792
@dougbtv
Merge pull request k8snetworkplumbingwg#800 from s1061123/dev/cni100
c7be533 
Support CNI 1.0.0
@s1061123
Fix thick plugin to run kind-e2e test
0864e88
@maiqueb maiqueb changed the base branch from master to feature/multus-4.0 March 14, 2022 11:28
@maiqueb maiqueb force-pushed the add-networks-annotation-controller branch 5 times, most recently from d742b2e to 7c8c099 Compare March 16, 2022 16:11
@maiqueb maiqueb mentioned this pull request Mar 25, 2022
Closed
maiqueb added 14 commits March 28, 2022 17:47
@maiqueb
controller: listen to pod network annotation updates
49d49d6 
Signed-off-by: Miguel Duarte Barroso <[email protected]>
@maiqueb
controller, containerd: add CRI runtime
2dbaef1 
A follow-up PR will add the cri-o runtime.

Signed-off-by: Miguel Duarte Barroso <[email protected]>
@maiqueb
controller, cni: invoke cni API add/remove network
ed66763 
Signed-off-by: Miguel Duarte Barroso <[email protected]>
@maiqueb
controller, crio: add new runtime
da7adbe 
Signed-off-by: Miguel Duarte Barroso <[email protected]>
@maiqueb
yaml templating: remove unnecessary config
544418b 
Signed-off-by: Miguel Duarte Barroso <[email protected]>
@maiqueb
e2e, tests: re-write macvlan tests in golang
1e06a12 
Signed-off-by: Miguel Duarte Barroso <[email protected]>
@maiqueb
e2e tests, hotplug: test hotplug interface
c7e9da6 
Introduce tests to check:
  - hotplug a new interface
  - remove an old interface

Signed-off-by: Miguel Duarte Barroso <[email protected]>
@maiqueb
ci: only run golang e2e on the thick img variant
1dd0059 
Signed-off-by: Miguel Duarte Barroso <[email protected]>
@maiqueb
config, cri: specify the cri in the multus server config
9641f7c 
Signed-off-by: Miguel Duarte Barroso <[email protected]>
@maiqueb
controller: user informer factories
297d6ed 
This commit defines the controller constructor:
  - use informer factories instead of passing the client
  - inject the container runtime into the controller

Signed-off-by: Miguel Duarte Barroso <[email protected]>
@maiqueb
controller: use net-attach-def informer & lister
62f899c 
Signed-off-by: Miguel Duarte Barroso <[email protected]>
@maiqueb
controller: use a workqueue, to provide a level trigger controller
1728706 
By using the queue, we can re-queue when the request fails, which makes
the solution more robust.

Signed-off-by: Miguel Duarte Barroso <[email protected]>
@maiqueb
containerd, unit tests: add unit tests to containerd runtime
a6dc413 
Signed-off-by: Miguel Duarte Barroso <[email protected]>
@maiqueb
crio, unit tests: add unit tests to cri-o runtime
a8ce32c 
Signed-off-by: Miguel Duarte Barroso <[email protected]>
@maiqueb maiqueb force-pushed the add-networks-annotation-controller branch from 7c8c099 to a8ce32c Compare March 28, 2022 16:00
@maiqueb maiqueb changed the title WIP: hotplug feature: add pod networks annotation controller hotplug feature: add pod networks annotation controller Mar 28, 2022
@maiqueb maiqueb mentioned this pull request Mar 30, 2022
Closed
@s1061123 s1061123 force-pushed the feature/multus-4.0 branch 2 times, most recently from 64b08ca to bf4d6c7 Compare April 12, 2022 12:42
maiqueb
maiqueb commented Apr 21, 2022
View reviewed changes
pkg/containerruntimes/crio/crio_test.go
runtime = newDummyCrioRuntime(fake.WithCachedContainer(containerID, netnsPath))
})

It("cannot extract the network namespace of a container", func() {
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the it clause description is wrong, probably a copy paste error.

@martinkennelly
Copy link
Member

/assign @martinkennelly

@maiqueb maiqueb closed this Aug 24, 2022
@maiqueb
Copy link
Collaborator Author

maiqueb commented Aug 24, 2022

This is being implemented in https://github.com/maiqueb/multus-dynamic-networks-controller/, now that a 3rd party controller with access to the multus thick-plugin socket can trigger delegate add / delete.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@maiqueb @coveralls @martinkennelly @dougbtv @s1061123 @cyclinder