Azure · saiyan86 · Oct 15, 2018 · Oct 11, 2018
@@ -1,43 +1,46 @@
 {
-   "cniVersion":"0.3.0",
-   "name":"azure",
-   "plugins":[
-      {
-         "type":"azure-vnet",
-         "mode":"bridge",
-         "bridge":"azure0",
-         "ipam":{
-            "type":"azure-vnet-ipam"
-         },
-         "dns":{
-            "Nameservers":[
-               "10.0.0.10",
-               "168.63.129.16"
-            ],
-            "Search":[
-               "svc.cluster.local"
-            ]
-         },
-         "AdditionalArgs":[
-            {
-               "Name":"EndpointPolicy",
-               "Value":{
-                  "Type":"OutBoundNAT",
-                  "ExceptionList":[
-                     "10.240.0.0/16",
-                     "10.0.0.0/8"
-                  ]
-               }
+    "cniVersion": "0.3.0",
+    "name": "azure",
+    "plugins": [
+        {
+            "type": "azure-vnet",
+            "mode": "bridge",
+            "bridge": "azure0",
+            "capabilities": {
+                "portMappings": true
+            },
+            "ipam": {
+                "type": "azure-vnet-ipam"
             },
-            {
-               "Name":"EndpointPolicy",
-               "Value":{
-                  "Type":"ROUTE",
-                  "DestinationPrefix":"10.0.0.0/8",
-                  "NeedEncap":true
-               }
-            }
-         ]
-      }
-   ]
+            "dns": {
+                "Nameservers": [
+                    "10.0.0.10",
+                    "168.63.129.16"
+                ],
+                "Search": [
+                    "svc.cluster.local"
+                ]
+            },
+            "AdditionalArgs": [
+                {
+                    "Name": "EndpointPolicy",
+                    "Value": {
+                        "Type": "OutBoundNAT",
+                        "ExceptionList": [
+                            "10.240.0.0/16",
+                            "10.0.0.0/8"
+                        ]
+                    }
+                },
+                {
+                    "Name": "EndpointPolicy",
+                    "Value": {
+                        "Type": "ROUTE",
+                        "DestinationPrefix": "10.0.0.0/8",
+                        "NeedEncap": true
+                    }
+                }
+            ]
+        }
+    ]
 }
@@ -22,6 +22,17 @@ type KVPair struct {
 	Value json.RawMessage `json:"value"`
 }
 
+type PortMapping struct {
+	HostPort      int    `json:"hostPort"`
+	ContainerPort int    `json:"containerPort"`
+	Protocol      string `json:"protocol"`
+	HostIp        string `json:"hostIP,omitempty"`
+}
+
+type RuntimeConfig struct {
+	PortMappings []PortMapping `json:"portMappings,omitempty"`
+}
+
 // NetworkConfig represents Azure CNI plugin network configuration.
 type NetworkConfig struct {
 	CNIVersion                 string   `json:"cniVersion"`
@@ -45,7 +56,8 @@ type NetworkConfig struct {
 		Address       string `json:"ipAddress,omitempty"`
 		QueryInterval string `json:"queryInterval,omitempty"`
 	}
-	DNS            cniTypes.DNS `json:"dns"`
+	DNS            cniTypes.DNS  `json:"dns"`
+	RuntimeConfig  RuntimeConfig `json:"runtimeConfig"`
 	AdditionalArgs []KVPair
 }
 

@@ -407,6 +407,11 @@ func (plugin *netPlugin) Add(args *cniSkel.CmdArgs) error {
 		DNS:              epDNSInfo,
 		Policies:         policies,
 	}
+
+	epPolicies := getPoliciesFromRuntimeCfg(nwCfg)
+	for _, epPolicy := range epPolicies {
+		epInfo.Policies = append(epInfo.Policies, epPolicy)
+	}
 
 	// Populate addresses.
 	for _, ipconfig := range result.IPs {

@@ -8,6 +8,7 @@ import (
 	"github.com/Azure/azure-container-networking/cns"
 	"github.com/Azure/azure-container-networking/log"
 	"github.com/Azure/azure-container-networking/network"
+	"github.com/Azure/azure-container-networking/network/policy"
 	cniTypes "github.com/containernetworking/cni/pkg/types"
 	cniTypesCurr "github.com/containernetworking/cni/pkg/types/current"
 )
@@ -101,3 +102,9 @@ func getNetworkDNSSettings(nwCfg *cni.NetworkConfig, result *cniTypesCurr.Result
 func getEndpointDNSSettings(nwCfg *cni.NetworkConfig, result *cniTypesCurr.Result, namespace string) (network.DNSInfo, error) {
 	return getNetworkDNSSettings(nwCfg, result, namespace)
 }
+
+// getPoliciesFromRuntimeCfg returns network policies from network config.
+// getPoliciesFromRuntimeCfg is a dummy function for Linux platform.
+func getPoliciesFromRuntimeCfg(nwCfg *cni.NetworkConfig) []policy.Policy {
+	return nil
+}
@@ -1,6 +1,7 @@
 package network
 
 import (
+	"encoding/json"
 	"fmt"
 	"net"
 	"strings"
@@ -9,6 +10,7 @@ import (
 	"github.com/Azure/azure-container-networking/cns"
 	"github.com/Azure/azure-container-networking/log"
 	"github.com/Azure/azure-container-networking/network"
+	"github.com/Azure/azure-container-networking/network/policy"
 	"github.com/Microsoft/hcsshim"
 
 	cniTypes "github.com/containernetworking/cni/pkg/types"
@@ -120,3 +122,27 @@ func getEndpointDNSSettings(nwCfg *cni.NetworkConfig, result *cniTypesCurr.Resul
 
 	return epDNS, nil
 }
+
+// getPoliciesFromRuntimeCfg returns network policies from network config.
+func getPoliciesFromRuntimeCfg(nwCfg *cni.NetworkConfig) []policy.Policy {
+	log.Printf("[net] RuntimeConfigs: %+v", nwCfg.RuntimeConfig)
+	var policies []policy.Policy
+	for _, mapping := range nwCfg.RuntimeConfig.PortMappings {
+		rawPolicy, _ := json.Marshal(&hcsshim.NatPolicy{
+			Type:         "NAT",
+			ExternalPort: uint16(mapping.HostPort),
+			InternalPort: uint16(mapping.ContainerPort),
+			Protocol:     mapping.Protocol,
+		})
+
+		policy := policy.Policy{
+			Type: policy.EndpointPolicy,
+			Data: rawPolicy,
+		}
+		log.Printf("[net] Creating port mapping policy: %+v", policy)
+
+		policies = append(policies, policy)
+	}
+
+	return policies
+}