From 4a72f33958299331dadcc7b29d5f994bc22bf04a Mon Sep 17 00:00:00 2001 From: Erik Frimodig Date: Wed, 10 Oct 2018 17:37:42 -0700 Subject: [PATCH] Squash --- cni/azure-windows.conflist | 83 ++++++++++++++++++---------------- cni/netconfig.go | 14 +++++- cni/network/network.go | 5 ++ cni/network/network_linux.go | 7 +++ cni/network/network_windows.go | 26 +++++++++++ 5 files changed, 94 insertions(+), 41 deletions(-) diff --git a/cni/azure-windows.conflist b/cni/azure-windows.conflist index d2d87df595..e0eaafa0b3 100644 --- a/cni/azure-windows.conflist +++ b/cni/azure-windows.conflist @@ -1,43 +1,46 @@ { - "cniVersion":"0.3.0", - "name":"azure", - "plugins":[ - { - "type":"azure-vnet", - "mode":"bridge", - "bridge":"azure0", - "ipam":{ - "type":"azure-vnet-ipam" - }, - "dns":{ - "Nameservers":[ - "10.0.0.10", - "168.63.129.16" - ], - "Search":[ - "svc.cluster.local" - ] - }, - "AdditionalArgs":[ - { - "Name":"EndpointPolicy", - "Value":{ - "Type":"OutBoundNAT", - "ExceptionList":[ - "10.240.0.0/16", - "10.0.0.0/8" - ] - } + "cniVersion": "0.3.0", + "name": "azure", + "plugins": [ + { + "type": "azure-vnet", + "mode": "bridge", + "bridge": "azure0", + "capabilities": { + "portMappings": true + }, + "ipam": { + "type": "azure-vnet-ipam" }, - { - "Name":"EndpointPolicy", - "Value":{ - "Type":"ROUTE", - "DestinationPrefix":"10.0.0.0/8", - "NeedEncap":true - } - } - ] - } - ] + "dns": { + "Nameservers": [ + "10.0.0.10", + "168.63.129.16" + ], + "Search": [ + "svc.cluster.local" + ] + }, + "AdditionalArgs": [ + { + "Name": "EndpointPolicy", + "Value": { + "Type": "OutBoundNAT", + "ExceptionList": [ + "10.240.0.0/16", + "10.0.0.0/8" + ] + } + }, + { + "Name": "EndpointPolicy", + "Value": { + "Type": "ROUTE", + "DestinationPrefix": "10.0.0.0/8", + "NeedEncap": true + } + } + ] + } + ] } \ No newline at end of file diff --git a/cni/netconfig.go b/cni/netconfig.go index db335372e0..4b3137371c 100644 --- a/cni/netconfig.go +++ b/cni/netconfig.go @@ -22,6 +22,17 @@ type KVPair struct { Value json.RawMessage `json:"value"` } +type PortMapping struct { + HostPort int `json:"hostPort"` + ContainerPort int `json:"containerPort"` + Protocol string `json:"protocol"` + HostIp string `json:"hostIP,omitempty"` +} + +type RuntimeConfig struct { + PortMappings []PortMapping `json:"portMappings,omitempty"` +} + // NetworkConfig represents Azure CNI plugin network configuration. type NetworkConfig struct { CNIVersion string `json:"cniVersion"` @@ -45,7 +56,8 @@ type NetworkConfig struct { Address string `json:"ipAddress,omitempty"` QueryInterval string `json:"queryInterval,omitempty"` } - DNS cniTypes.DNS `json:"dns"` + DNS cniTypes.DNS `json:"dns"` + RuntimeConfig RuntimeConfig `json:"runtimeConfig"` AdditionalArgs []KVPair } diff --git a/cni/network/network.go b/cni/network/network.go index b12dfab8e8..2e9b4868f9 100644 --- a/cni/network/network.go +++ b/cni/network/network.go @@ -407,6 +407,11 @@ func (plugin *netPlugin) Add(args *cniSkel.CmdArgs) error { DNS: epDNSInfo, Policies: policies, } + + epPolicies := getPoliciesFromRuntimeCfg(nwCfg) + for _, epPolicy := range epPolicies { + epInfo.Policies = append(epInfo.Policies, epPolicy) + } // Populate addresses. for _, ipconfig := range result.IPs { diff --git a/cni/network/network_linux.go b/cni/network/network_linux.go index c5872f6b64..5927345256 100644 --- a/cni/network/network_linux.go +++ b/cni/network/network_linux.go @@ -8,6 +8,7 @@ import ( "github.com/Azure/azure-container-networking/cns" "github.com/Azure/azure-container-networking/log" "github.com/Azure/azure-container-networking/network" + "github.com/Azure/azure-container-networking/network/policy" cniTypes "github.com/containernetworking/cni/pkg/types" cniTypesCurr "github.com/containernetworking/cni/pkg/types/current" ) @@ -101,3 +102,9 @@ func getNetworkDNSSettings(nwCfg *cni.NetworkConfig, result *cniTypesCurr.Result func getEndpointDNSSettings(nwCfg *cni.NetworkConfig, result *cniTypesCurr.Result, namespace string) (network.DNSInfo, error) { return getNetworkDNSSettings(nwCfg, result, namespace) } + +// getPoliciesFromRuntimeCfg returns network policies from network config. +// getPoliciesFromRuntimeCfg is a dummy function for Linux platform. +func getPoliciesFromRuntimeCfg(nwCfg *cni.NetworkConfig) []policy.Policy { + return nil +} diff --git a/cni/network/network_windows.go b/cni/network/network_windows.go index 76cd55f4a1..a495894369 100644 --- a/cni/network/network_windows.go +++ b/cni/network/network_windows.go @@ -1,6 +1,7 @@ package network import ( + "encoding/json" "fmt" "net" "strings" @@ -9,6 +10,7 @@ import ( "github.com/Azure/azure-container-networking/cns" "github.com/Azure/azure-container-networking/log" "github.com/Azure/azure-container-networking/network" + "github.com/Azure/azure-container-networking/network/policy" "github.com/Microsoft/hcsshim" cniTypes "github.com/containernetworking/cni/pkg/types" @@ -120,3 +122,27 @@ func getEndpointDNSSettings(nwCfg *cni.NetworkConfig, result *cniTypesCurr.Resul return epDNS, nil } + +// getPoliciesFromRuntimeCfg returns network policies from network config. +func getPoliciesFromRuntimeCfg(nwCfg *cni.NetworkConfig) []policy.Policy { + log.Printf("[net] RuntimeConfigs: %+v", nwCfg.RuntimeConfig) + var policies []policy.Policy + for _, mapping := range nwCfg.RuntimeConfig.PortMappings { + rawPolicy, _ := json.Marshal(&hcsshim.NatPolicy{ + Type: "NAT", + ExternalPort: uint16(mapping.HostPort), + InternalPort: uint16(mapping.ContainerPort), + Protocol: mapping.Protocol, + }) + + policy := policy.Policy{ + Type: policy.EndpointPolicy, + Data: rawPolicy, + } + log.Printf("[net] Creating port mapping policy: %+v", policy) + + policies = append(policies, policy) + } + + return policies +}