Add cni plugin #4
Conversation
kubevirt-bot
added
dco-signoff: yes
kubevirt-bot
added
size/XXL
approved
maiqueb
force-pushed
the
add_cni_plugin
branch
from
4c6b0c2 to
732b635
Compare
pkg/cni/plugin.go
Outdated
| return macvtap, err | ||
| } | ||
|
|
||
| func renameMacvtapIface(macvtapLink netlink.Link, macvtapIface *current.Interface, ifaceName string, netns ns.NetNS) error { |
There was a problem hiding this comment.
I would argue it could also be left out of configureMacvtap. Just fetch the mac of the interface if none has been provided directly in CmdAdd.
|
/release-note-none |
kubevirt-bot
added
release-note-none
pkg/cni/plugin_test.go
Outdated
| @@ -115,7 +115,6 @@ var _ = Describe("Macvtap CNI", func() { | |||
| Expect(err).NotTo(HaveOccurred()) | |||
|
|
|||
| Expect(link.Attrs().HardwareAddr.String()).NotTo(BeNil()) | |||
| Expect(link.Attrs().OperState.String()).To(Equal("up")) | |||
There was a problem hiding this comment.
I got no clue as to why, but this works locally.
|
/hold Allow me to re-write the PR's history (squash some stuff), to make it cleaner. |
kubevirt-bot
added
the
do-not-merge/hold
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: maiqueb, phoracek The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
The ConfigureMacvtap interface code is located in the `netlink` util pkg. The following helper functions are also made available on the `netlink` pkg. - configureArp - renameMacvtapIface All the configuration is performed within a single netns.Do instruction. Interface renaming is performed in the target netns, thus reducing the risk of interface name collision. Signed-off-by: Miguel Duarte Barroso <[email protected]>
The init-container installs the macvtap-cni plugin into the host, and afterwards, the macvtap container listens to device plugin requests, and operates on them. This way, we can achieve macvtap cni & dp co-existence within the same container. Signed-off-by: Miguel Duarte Barroso <[email protected]>
Signed-off-by: Miguel Duarte Barroso <[email protected]>
The -logtostderr flag is somehow preventing the cni unit tests from running. Can't figure this one out; this is just to show I'm not insane. Signed-off-by: Miguel Duarte Barroso <[email protected]>
maiqueb
force-pushed
the
add_cni_plugin
branch
from
ce36296 to
5f9d7a7
Compare
|
/hold cancel |
kubevirt-bot
removed
the
do-not-merge/hold
|
/lgtm |
| if err := ip.DelLinkByName(args.IfName); err != nil { | ||
| if err != ip.ErrLinkNotFound { | ||
| return err | ||
| } |
There was a problem hiding this comment.
I wondered if there was any difference between ip.DelLinkByName and what we have in util/netlink.go @ LinkDelete. The only difference is that the latter would not return ErrLinkNotFound which is not meaningful here. Since we are also using the latter elsewhere, If I were me I would probably change it to that for consistency. Non binding comment.
| macvtapIface, err := netlink.LinkByName(currentIfaceName) | ||
| if err != nil { | ||
| return nil, fmt.Errorf("failed to lookup device %q: %v", currentIfaceName, err) | ||
| } | ||
|
|
||
| // move the macvtap interface to the pod's netns | ||
| if err = netlink.LinkSetNsFd(macvtapIface, int(netns.Fd())); err != nil { | ||
| return nil, fmt.Errorf("failed to move iface %s to the netns %d because: %v", macvtapIface, netns.Fd(), err) | ||
| } | ||
|
|
||
| var macvtap *current.Interface = nil | ||
|
|
||
| // configure the macvtap iface | ||
| err = netns.Do(func(_ ns.NetNS) error { | ||
| defer func() { | ||
| if err != nil { | ||
| LinkDelete(currentIfaceName) | ||
| LinkDelete(newIfaceName) | ||
| } | ||
| }() |
There was a problem hiding this comment.
Another non binding cosmetic comment on my side. I would prefer the namespace business outside of the utility method. For me the namespace is too closely related to the main purpose of the cni that I would like it visible from the main CmdAdd method.
| macvtap = ¤t.Interface{ | ||
| Name: newIfaceName, | ||
| Mac: macvtapIface.Attrs().HardwareAddr.String(), | ||
| Sandbox: netns.Path(), | ||
| } |
There was a problem hiding this comment.
Ditto, as my previous cosmetic comment, with this section. The current.Interface is directly related to the cni api and I would prefer it to be built in the main CmdAdd method than buried in an utility method. ConfigureInterface could return nothing, and we could have a specific utility method to re-fetch the mac address (only if none was specified).
| return renamedMacvtapIface, nil | ||
| } | ||
|
|
||
| func configureArp(ifaceName string) error { |
There was a problem hiding this comment.
Ditto again with this method. I would probably call this from CmdAdd to give it more visibility/awareness as it would be diffcult to guess it from ConfigureInterface name or parameters and wends up pretty well hidden.
What this PR does / why we need it:
This PR adds a CNI plugin that moves the macvtap interface created by the macvtap device plugin into the new pod's netns.
The macvtap CNI is built in the same image as the macvtap device plugin, and mounted in the corresponding host using the 'initContainers' functionality.
Special notes for your reviewer: