free cni based ip allocations

srl-labs · Jun 9, 2021 · 62de6b3 · 62de6b3
1 parent bb930a2
commit 62de6b3
Showing 1 changed file with 36 additions and 12 deletions.
diff --git a/runtime/containerd/containerd.go b/runtime/containerd/containerd.go
@@ -119,6 +119,9 @@ func (c *ContainerdRuntime) CreateContainer(ctx context.Context, node *types.Nod
 		}
 		mounts[idx] = m
 	}
+
+	mounts = append(mounts, specs.Mount{Type: "cgroup", Source: "cgroup", Destination: "/sys/fs/cgroup", Options: []string{"ro", "nosuid", "noexec", "nodev"}})
+
 	_ = cmd
 	opts := []oci.SpecOpts{
 		oci.WithImageConfig(img),
@@ -129,10 +132,13 @@ func (c *ContainerdRuntime) CreateContainer(ctx context.Context, node *types.Nod
 		oci.WithUser(node.User),
 		WithSysctls(node.Sysctls),
 		oci.WithAllKnownCapabilities,
-		//oci.WithoutRunMount,
+		oci.WithoutRunMount,
 		//oci.WithNoNewPrivileges,
 		oci.WithPrivileged,
+		oci.WithHostLocaltime,
+		oci.WithNamespacedCgroup(),
 		oci.WithAllDevicesAllowed,
+		oci.WithDefaultUnixDevices,
 		//oci.WithHostDevices,
 		oci.WithApparmorProfile("unconfined"),
 	}
@@ -154,21 +160,11 @@ func (c *ContainerdRuntime) CreateContainer(ctx context.Context, node *types.Nod
 	case "none":
 		// Done!
 	default:
-		cnic = libcni.NewCNIConfigWithCacheDir([]string{cniBin}, cniCache, nil)
-
-		cncl, err = libcni.ConfListFromFile(cniConfigFile)
+		cnic, cncl, cnirc, err = cniInit(node.LongName, "eth0")
 		if err != nil {
 			return err
 		}
 
-		cnirc = &libcni.RuntimeConf{
-			ContainerID: node.LongName,
-			IfName:      "eth0",
-			//// NetNS must be set later, can just be determined after cotnainer start
-			//NetNS:          node.NSPath,
-			CapabilityArgs: make(map[string]interface{}),
-		}
-
 		// set mac if defined in node
 		if node.MacAddress != "" {
 			cnirc.CapabilityArgs["mac"] = node.MacAddress
@@ -246,6 +242,24 @@ func (c *ContainerdRuntime) CreateContainer(ctx context.Context, node *types.Nod
 
 }
 
+func cniInit(cId string, ifName string) (*libcni.CNIConfig, *libcni.NetworkConfigList, *libcni.RuntimeConf, error) {
+	cnic := libcni.NewCNIConfigWithCacheDir([]string{cniBin}, cniCache, nil)
+
+	cncl, err := libcni.ConfListFromFile(cniConfigFile)
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	cnirc := &libcni.RuntimeConf{
+		ContainerID: cId,
+		IfName:      ifName,
+		//// NetNS must be set later, can just be determined after cotnainer start
+		//NetNS:          node.NSPath,
+		CapabilityArgs: make(map[string]interface{}),
+	}
+	return cnic, cncl, cnirc, nil
+}
+
 type portMapping struct {
 	HostPort      int    `json:"hostPort"`
 	HostIP        string `json:"hostIP,omitempty"`
@@ -501,6 +515,16 @@ func (c *ContainerdRuntime) DeleteContainer(ctx context.Context, container *type
 		return err
 	}
 
+	cnic, cncl, cnirc, err := cniInit(container.ID, "eth0")
+	if err != nil {
+		return err
+	}
+
+	err = cnic.DelNetworkList(ctx, cncl, cnirc)
+	if err != nil {
+		return err
+	}
+
 	cont, err := c.client.LoadContainer(ctx, container.ID)
 	if err != nil {
 		return err