CNI ADD operation should return interfaces created inside the container

[mgencur]

Currently, calling the ADD operation on the Calico CNI plugin returns a json result that does not include the interface created inside the container, such as eth0. The CNI spec says:

Plugins must output a JSON object with the following keys upon a successful ADD operation:

cniVersion: The same version supplied on input - the string "1.1.0"
interfaces: An array of all interfaces created by the attachment, including any host-level interfaces

This information can be used by other projects such as multus-cni to set metadata on the created Pod (e.g. network-status).

Expected Behavior

Attaching a network interface to a Pod on Kubernetes/OpenShift should result in more complete json "result"
that can be leveraged by other tools/projects.

Current Behavior

Installing Calico CNI on OpenShift 4.18 / Kube 1.31 and creating a Pod make the "eth0" interface available
in the container. The result of ADD operation on the CNI plugin is:

{"cniVersion":"0.3.1","interfaces":[{"name":"calie38e7158114"}], "ips":[{"version":"4","address":"10.135.153.140/32"}],"dns":{}}

This shows the interface that was created on the host but not the one in the container.

The multus project then adds the annotations to the Pod that doesn't have the interface:

ᐅ oc get pod execpod -oyaml
apiVersion: v1
kind: Pod
metadata:
  annotations:
    cni.projectcalico.org/containerID: a7722b72561dc2919d2c7872250a4b5a59f07dedc4492601a5005f2e51efd5d6
    cni.projectcalico.org/podIP: 10.135.153.140/32
    cni.projectcalico.org/podIPs: 10.135.153.140/32
    k8s.v1.cni.cncf.io/network-status: |-
      [{
          "name": "k8s-pod-network",
          "ips": [
              "10.135.153.140"
          ],
          "default": true,
          "dns": {}
      }]
      ...

For comparison, running OVNKubernetes CNI plugin, this results in:

{"cniVersion":"0.4.0","interfaces":[{"name":"cfba07a5fe51f89","mac":"fa:d9:ce:ab:2f:f8"},{"name":"eth0","mac":"0a:58:0a:87:00:07","sandbox":"/var/run/netns/dc55cb7d-a083-4864-bb75-9868c6b3ee55"}],"ips":[{"version":"4","interface":1,"address":"10.135.0.7/23","gateway":"10.135.0.1"}],"dns":{}}

And the Pod then has the additional information:

ᐅ oc get pod execpod -oyaml
apiVersion: v1
kind: Pod
metadata:
    k8s.v1.cni.cncf.io/network-status: |-
      [{
          "name": "ovn-kubernetes",
          "interface": "eth0",
          "ips": [
              "10.135.0.7"
          ],
          "mac": "0a:58:0a:87:00:07",
          "default": true,
          "dns": {}
      }]

Note: The mac address is specific for the eth0 interface.

Possible Solution

Supply the information about eth0 interface created inside the container.

Your Environment

• Calico version: 3.29.3
• Orchestrator version (e.g. kubernetes, mesos, rkt): Kubernetes 1.31

[DrAuYueng]

@mgencur Like this?

{
	"cniVersion": "0.3.1",
	"interfaces": [{
		"name": "calif921a32a047"
	}, {
		"mac": "3a:dd:bc:ad:13:95",
		"name": "eth0",
		"sandbox": "/var/run/netns/cnitest-5f712705-0a57-b0b0-86cf-069dfe12cad3"
	}],
	"ips": [{
		"address": "50.70.184.0/32",
		"interface": 1
	}, {
		"address": "fd80:20::dfdd:ebc0/128",
		"interface": 1
	}],
	"dns": {}
}