refactor network generate

cmd/nerdctl/network_create.go

@@ -98,7 +98,15 @@ func networkCreateAction(cmd *cobra.Command, args []string) error {
 		}
 
 		labels := strutil.DedupeStrSlice(labels)
-		l, err := netutil.GenerateConfigList(e, labels, id, name, subnet)
+		ipam, err := netutil.GenerateIPAM("", subnet)
+		if err != nil {
+			return err
+		}
+		cniPlugins, err := netutil.GenerateCNIPlugins("", id, ipam)
+		if err != nil {
+			return err
+		}
+		l, err := netutil.GenerateConfigList(e, labels, id, name, cniPlugins)
 		if err != nil {
 			return err
 		}

cmd/nerdctl/network_rm.go

@@ -84,7 +84,7 @@ func networkRmAction(cmd *cobra.Command, args []string) error {
 			}
 			// Remove the bridge network interface on the host.
 			if l.Plugins[0].Network.Type == "bridge" {
-				netIf := fmt.Sprintf("nerdctl%d", *l.NerdctlID)
+				netIf := netutil.GetBridgeName(*l.NerdctlID)
 				removeBridgeNetworkInterface(netIf)
 			}
 			fmt.Fprintln(cmd.OutOrStdout(), name)

docs/cni.md

@@ -13,6 +13,53 @@ system, the supported CNI plugin types are `nat` only.
 The default network `bridge` for Linux and `nat` for Windows if you
 don't set any network options.
 
+Configuration of the default network `bridge` of Linux:
+
+```json
+{
+  "cniVersion": "0.4.0",
+  "name": "bridge",
+  "plugins": [
+    {
+      "type": "bridge",
+      "bridge": "nerdctl0",
+      "isGateway": true,
+      "ipMasq": true,
+      "hairpinMode": true,
+      "ipam": {
+        "type": "host-local",
+        "routes": [{ "dst": "0.0.0.0/0" }],
+        "ranges": [
+          [
+            {
+              "subnet": "10.4.0.1",
+              "gateway": "10.4.0.0/24"
+            }
+          ]
+        ]
+      }
+    },
+    {
+      "type": "portmap",
+      "capabilities": {
+        "portMappings": true
+      }
+    },
+    {
+      "type": "firewall"
+    },
+    {
+      "type": "tuning"
+    },
+    {
+      "type": "isolation"
+    }
+  ]
+}
+```
+
+When CNI plugin `isolation` be installed, will inject isolation configuration `{"type":"isolation"}` automatically.
+
 ## Custom networks
 
 You can also customize your CNI network by providing configuration files.

pkg/netutil/cni_plugin.go

@@ -0,0 +1,48 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package netutil
+
+type CNIPlugin interface {
+	GetPluginType() string
+}
+
+type IPRange struct {
+	Subnet     string `json:"subnet"`
+	RangeStart string `json:"rangeStart,omitempty"`
+	RangeEnd   string `json:"rangeEnd,omitempty"`
+	Gateway    string `json:"gateway,omitempty"`
+}
+
+type IPAMRoute struct {
+	Dst     string `json:"dst,omitempty"`
+	GW      string `json:"gw,omitempty"`
+	Gateway string `json:"gateway,omitempty"`
+}
+
+type isolationConfig struct {
+	PluginType string `json:"type"`
+}
+
+func newIsolationPlugin() *isolationConfig {
+	return &isolationConfig{
+		PluginType: "isolation",
+	}
+}
+
+func (*isolationConfig) GetPluginType() string {
+	return "isolation"
+}

pkg/netutil/cni_plugin_unix.go

@@ -0,0 +1,111 @@
+//go:build freebsd || linux
+// +build freebsd linux
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package netutil
+
+// bridgeConfig describes the bridge plugin
+type bridgeConfig struct {
+	PluginType   string                 `json:"type"`
+	BrName       string                 `json:"bridge,omitempty"`
+	IsGW         bool                   `json:"isGateway,omitempty"`
+	IsDefaultGW  bool                   `json:"isDefaultGateway,omitempty"`
+	ForceAddress bool                   `json:"forceAddress,omitempty"`
+	IPMasq       bool                   `json:"ipMasq,omitempty"`
+	MTU          int                    `json:"mtu,omitempty"`
+	HairpinMode  bool                   `json:"hairpinMode,omitempty"`
+	PromiscMode  bool                   `json:"promiscMode,omitempty"`
+	Vlan         int                    `json:"vlan,omitempty"`
+	IPAM         map[string]interface{} `json:"ipam"`
+}
+
+func newBridgePlugin(bridgeName string) *bridgeConfig {
+	return &bridgeConfig{
+		PluginType: "bridge",
+		BrName:     bridgeName,
+	}
+}
+
+func (*bridgeConfig) GetPluginType() string {
+	return "bridge"
+}
+
+// portMapConfig describes the portmapping plugin
+type portMapConfig struct {
+	PluginType   string          `json:"type"`
+	Capabilities map[string]bool `json:"capabilities"`
+}
+
+func newPortMapPlugin() *portMapConfig {
+	return &portMapConfig{
+		PluginType: "portmap",
+		Capabilities: map[string]bool{
+			"portMappings": true,
+		},
+	}
+}
+
+func (*portMapConfig) GetPluginType() string {
+	return "portmap"
+}
+
+// firewallConfig describes the firewall plugin
+type firewallConfig struct {
+	PluginType string `json:"type"`
+	Backend    string `json:"backend,omitempty"`
+}
+
+func newFirewallPlugin() *firewallConfig {
+	return &firewallConfig{
+		PluginType: "firewall",
+	}
+}
+
+func (*firewallConfig) GetPluginType() string {
+	return "firewall"
+}
+
+// tuningConfig describes the tuning plugin
+type tuningConfig struct {
+	PluginType string `json:"type"`
+}
+
+func newTuningPlugin() *tuningConfig {
+	return &tuningConfig{
+		PluginType: "tuning",
+	}
+}
+
+func (*tuningConfig) GetPluginType() string {
+	return "tuning"
+}
+
+// https://github.com/containernetworking/plugins/blob/v1.0.1/plugins/ipam/host-local/backend/allocator/config.go#L47-L56
+type hostLocalIPAMConfig struct {
+	Type        string      `json:"type"`
+	Routes      []IPAMRoute `json:"routes,omitempty"`
+	ResolveConf string      `json:"resolveConf,omitempty"`
+	DataDir     string      `json:"dataDir,omitempty"`
+	Ranges      [][]IPRange `json:"ranges,omitempty"`
+}
+
+func newHostLocalIPAMConfig() *hostLocalIPAMConfig {
+	return &hostLocalIPAMConfig{
+		Type: "host-local",
+	}
+}

pkg/netutil/cni_plugin_windows.go

@@ -0,0 +1,49 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package netutil
+
+type natConfig struct {
+	PluginType string                 `json:"type"`
+	Master     string                 `json:"master,omitempty"`
+	IPAM       map[string]interface{} `json:"ipam"`
+}
+
+func (*natConfig) GetPluginType() string {
+	return "nat"
+}
+
+func newNatPlugin(master string) *natConfig {
+	return &natConfig{
+		PluginType: "nat",
+		Master:     master,
+	}
+}
+
+// https://github.com/microsoft/windows-container-networking/blob/v0.2.0/cni/cni.go#L55-L63
+type windowsIpamConfig struct {
+	Type          string      `json:"type"`
+	Environment   string      `json:"environment,omitempty"`
+	AddrSpace     string      `json:"addressSpace,omitempty"`
+	Subnet        string      `json:"subnet,omitempty"`
+	Address       string      `json:"ipAddress,omitempty"`
+	QueryInterval string      `json:"queryInterval,omitempty"`
+	Routes        []IPAMRoute `json:"routes,omitempty"`
+}
+
+func newWindowsIPAMConfig() *windowsIpamConfig {
+	return &windowsIpamConfig{}
+}