diff options
Diffstat (limited to 'vendor/github.com')
13 files changed, 330 insertions, 86 deletions
diff --git a/vendor/github.com/containers/psgo/Makefile b/vendor/github.com/containers/psgo/Makefile index 08a1ac623..6050b9d5b 100644 --- a/vendor/github.com/containers/psgo/Makefile +++ b/vendor/github.com/containers/psgo/Makefile @@ -1,3 +1,5 @@ +export GO111MODULE=off + SHELL= /bin/bash GO ?= go BUILD_DIR := ./bin @@ -51,7 +53,7 @@ install: .PHONY: .install.lint .install.lint: # Workaround for https://github.com/golangci/golangci-lint/issues/523 - go get -u github.com/golangci/golangci-lint/cmd/golangci-lint@master + go get -u github.com/golangci/golangci-lint/cmd/golangci-lint .PHONY: uninstall uninstall: diff --git a/vendor/github.com/containers/psgo/go.mod b/vendor/github.com/containers/psgo/go.mod index dd671bbb0..a194ec196 100644 --- a/vendor/github.com/containers/psgo/go.mod +++ b/vendor/github.com/containers/psgo/go.mod @@ -6,6 +6,6 @@ require ( github.com/opencontainers/runc v0.0.0-20190425234816-dae70e8efea4 github.com/pkg/errors v0.0.0-20190227000051-27936f6d90f9 github.com/sirupsen/logrus v0.0.0-20190403091019-9b3cdde74fbe - github.com/stretchr/testify v1.2.2 + github.com/stretchr/testify v1.3.0 golang.org/x/sys v0.0.0-20190425145619-16072639606e ) diff --git a/vendor/github.com/containers/psgo/go.sum b/vendor/github.com/containers/psgo/go.sum index f8a7d1f0c..da6c750db 100644 --- a/vendor/github.com/containers/psgo/go.sum +++ b/vendor/github.com/containers/psgo/go.sum @@ -1,3 +1,4 @@ +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk= @@ -10,9 +11,13 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/sirupsen/logrus v0.0.0-20190403091019-9b3cdde74fbe h1:PBQLA9wc7FrXiUBnlfs/diNlg3ZdrP21tzcgL3OlVhU= github.com/sirupsen/logrus v0.0.0-20190403091019-9b3cdde74fbe/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.1.1 h1:2vfRuCMp5sSVIDSqO8oNnWJq7mPa6KVP3iPIwFBuy8A= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190425145619-16072639606e h1:4ktJgTV34+N3qOZUc5fAaG3Pb11qzMm3PkAoTAgUZ2I= golang.org/x/sys v0.0.0-20190425145619-16072639606e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= diff --git a/vendor/github.com/containers/psgo/internal/host/host.go b/vendor/github.com/containers/psgo/internal/host/host.go index 4b145ecfb..33ad67a11 100644 --- a/vendor/github.com/containers/psgo/internal/host/host.go +++ b/vendor/github.com/containers/psgo/internal/host/host.go @@ -24,26 +24,6 @@ import ( "strings" ) -/* -#include <unistd.h> -*/ -import "C" - -var ( - // cache host queries to redundant calculations - clockTicks *int64 - bootTime *int64 -) - -// ClockTicks returns sysconf(SC_CLK_TCK). -func ClockTicks() int64 { - if clockTicks == nil { - ticks := int64(C.sysconf(C._SC_CLK_TCK)) - clockTicks = &ticks - } - return *clockTicks -} - // BootTime parses /proc/uptime returns the boot time in seconds since the // Epoch, 1970-01-01 00:00:00 +0000 (UTC). func BootTime() (int64, error) { diff --git a/vendor/github.com/containers/psgo/internal/host/host_cgo.go b/vendor/github.com/containers/psgo/internal/host/host_cgo.go new file mode 100644 index 000000000..eac9fe5ce --- /dev/null +++ b/vendor/github.com/containers/psgo/internal/host/host_cgo.go @@ -0,0 +1,37 @@ +// Copyright 2018 psgo authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package host extracts data from the host, such as the system's boot time or +// the tick rate of the system clock. +package host + +/* +#include <unistd.h> +*/ +import "C" + +var ( + // cache host queries to redundant calculations + clockTicks *int64 + bootTime *int64 +) + +// ClockTicks returns sysconf(SC_CLK_TCK). +func ClockTicks() (int64, error) { + if clockTicks == nil { + ticks := int64(C.sysconf(C._SC_CLK_TCK)) + clockTicks = &ticks + } + return *clockTicks, nil +} diff --git a/vendor/github.com/containers/psgo/internal/host/host_nocgo.go b/vendor/github.com/containers/psgo/internal/host/host_nocgo.go new file mode 100644 index 000000000..6ff337415 --- /dev/null +++ b/vendor/github.com/containers/psgo/internal/host/host_nocgo.go @@ -0,0 +1,84 @@ +// +build !cgo + +// Copyright 2018 psgo authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package host extracts data from the host, such as the system's boot time or +// the tick rate of the system clock. +package host + +import ( + "encoding/binary" + "fmt" + "io/ioutil" + "unsafe" +) + +var ( + // cache host queries to redundant calculations + clockTicks *int64 + bootTime *int64 +) + +func getNativeEndianness() binary.ByteOrder { + var i int32 = 0x00000001 + u := unsafe.Pointer(&i) + if *((*byte)(u)) == 0x01 { + return binary.LittleEndian + } + return binary.BigEndian +} + +const ( + atClktck = 17 +) + +func getFromAuxv(what uint, whatName string) (uint, error) { + dataLen := int(unsafe.Sizeof(int(0))) + p, err := ioutil.ReadFile("/proc/self/auxv") + if err != nil { + return 0, err + } + native := getNativeEndianness() + for i := 0; i < len(p); { + var k, v uint + + switch dataLen { + case 4: + k = uint(native.Uint32(p[i : i+dataLen])) + v = uint(native.Uint32(p[i+dataLen : i+dataLen*2])) + case 8: + k = uint(native.Uint64(p[i : i+dataLen])) + v = uint(native.Uint64(p[i+dataLen : i+dataLen*2])) + } + i += dataLen * 2 + if k == what { + return v, nil + } + } + return 0, fmt.Errorf("cannot find %s in auxv", whatName) +} + +// ClockTicks returns sysconf(SC_CLK_TCK). +func ClockTicks() (int64, error) { + if clockTicks == nil { + ret, err := getFromAuxv(atClktck, "AT_CLKTCK") + if err != nil { + return -1, err + } + ticks := int64(ret) + clockTicks = &ticks + } + return *clockTicks, nil +} diff --git a/vendor/github.com/containers/psgo/internal/process/process.go b/vendor/github.com/containers/psgo/internal/process/process.go index 68241264e..20e40163f 100644 --- a/vendor/github.com/containers/psgo/internal/process/process.go +++ b/vendor/github.com/containers/psgo/internal/process/process.go @@ -192,8 +192,12 @@ func (p *Process) ElapsedTime() (time.Duration, error) { if err != nil { return 0, err } + clockTicks, err := host.ClockTicks() + if err != nil { + return 0, err + } - sinceBoot = sinceBoot / host.ClockTicks() + sinceBoot = sinceBoot / clockTicks bootTime, err := host.BootTime() if err != nil { @@ -213,7 +217,11 @@ func (p *Process) CPUTime() (time.Duration, error) { if err != nil { return 0, err } - secs := (user + system) / host.ClockTicks() + clockTicks, err := host.ClockTicks() + if err != nil { + return 0, err + } + secs := (user + system) / clockTicks cpu := time.Unix(secs, 0) return cpu.Sub(time.Unix(0, 0)), nil } diff --git a/vendor/github.com/containers/storage/VERSION b/vendor/github.com/containers/storage/VERSION index 656fd0d7e..434711004 100644 --- a/vendor/github.com/containers/storage/VERSION +++ b/vendor/github.com/containers/storage/VERSION @@ -1 +1 @@ -1.12.12 +1.12.13 diff --git a/vendor/github.com/containers/storage/drivers/quota/projectquota.go b/vendor/github.com/containers/storage/drivers/quota/projectquota.go index 93e744371..6ef35d8ad 100644 --- a/vendor/github.com/containers/storage/drivers/quota/projectquota.go +++ b/vendor/github.com/containers/storage/drivers/quota/projectquota.go @@ -1,4 +1,4 @@ -// +build linux +// +build linux,!exclude_disk_quota // // projectquota.go - implements XFS project quota controls diff --git a/vendor/github.com/containers/storage/drivers/quota/projectquota_unsupported.go b/vendor/github.com/containers/storage/drivers/quota/projectquota_unsupported.go new file mode 100644 index 000000000..b6db1e1d8 --- /dev/null +++ b/vendor/github.com/containers/storage/drivers/quota/projectquota_unsupported.go @@ -0,0 +1,32 @@ +// +build linux,exclude_disk_quota + +package quota + +import ( + "github.com/pkg/errors" +) + +// Quota limit params - currently we only control blocks hard limit +type Quota struct { + Size uint64 +} + +// Control - Context to be used by storage driver (e.g. overlay) +// who wants to apply project quotas to container dirs +type Control struct { +} + +func NewControl(basePath string) (*Control, error) { + return nil, errors.New("filesystem does not support, or has not enabled quotas") +} + +// SetQuota - assign a unique project id to directory and set the quota limits +// for that project id +func (q *Control) SetQuota(targetPath string, quota Quota) error { + return errors.New("filesystem does not support, or has not enabled quotas") +} + +// GetQuota - get the quota limits of a directory that was configured with SetQuota +func (q *Control) GetQuota(targetPath string, quota *Quota) error { + return errors.New("filesystem does not support, or has not enabled quotas") +} diff --git a/vendor/github.com/containers/storage/pkg/idtools/idtools.go b/vendor/github.com/containers/storage/pkg/idtools/idtools.go index 815589382..a5c73d311 100644 --- a/vendor/github.com/containers/storage/pkg/idtools/idtools.go +++ b/vendor/github.com/containers/storage/pkg/idtools/idtools.go @@ -4,6 +4,7 @@ import ( "bufio" "fmt" "os" + "os/user" "sort" "strconv" "strings" @@ -244,7 +245,13 @@ func parseSubgid(username string) (ranges, error) { // and return all found ranges for a specified username. If the special value // "ALL" is supplied for username, then all ranges in the file will be returned func parseSubidFile(path, username string) (ranges, error) { - var rangeList ranges + var ( + rangeList ranges + uidstr string + ) + if u, err := user.Lookup(username); err == nil { + uidstr = u.Uid + } subidFile, err := os.Open(path) if err != nil { @@ -266,7 +273,7 @@ func parseSubidFile(path, username string) (ranges, error) { if len(parts) != 3 { return rangeList, fmt.Errorf("Cannot parse subuid/gid information: Format not correct for %s file", path) } - if parts[0] == username || username == "ALL" { + if parts[0] == username || username == "ALL" || (parts[0] == uidstr && parts[0] != "") { startid, err := strconv.Atoi(parts[1]) if err != nil { return rangeList, fmt.Errorf("String to int conversion failed during subuid/gid parsing of %s: %v", path, err) diff --git a/vendor/github.com/cri-o/ocicni/pkg/ocicni/ocicni.go b/vendor/github.com/cri-o/ocicni/pkg/ocicni/ocicni.go index a08be9ecd..8743abc56 100644 --- a/vendor/github.com/cri-o/ocicni/pkg/ocicni/ocicni.go +++ b/vendor/github.com/cri-o/ocicni/pkg/ocicni/ocicni.go @@ -382,7 +382,7 @@ func (plugin *cniNetworkPlugin) Name() string { return CNIPluginName } -func (plugin *cniNetworkPlugin) forEachNetwork(podNetwork *PodNetwork, forEachFunc func(*cniNetwork, string, *PodNetwork) error) error { +func (plugin *cniNetworkPlugin) forEachNetwork(podNetwork *PodNetwork, forEachFunc func(*cniNetwork, string, *PodNetwork, RuntimeConfig) error) error { networks := podNetwork.Networks if len(networks) == 0 { networks = append(networks, plugin.GetDefaultNetworkName()) @@ -395,7 +395,7 @@ func (plugin *cniNetworkPlugin) forEachNetwork(podNetwork *PodNetwork, forEachFu logrus.Errorf(err.Error()) return err } - if err := forEachFunc(network, ifName, podNetwork); err != nil { + if err := forEachFunc(network, ifName, podNetwork, podNetwork.RuntimeConfig[netName]); err != nil { return err } } @@ -410,20 +410,15 @@ func (plugin *cniNetworkPlugin) SetUpPod(podNetwork PodNetwork) ([]cnitypes.Resu plugin.podLock(podNetwork).Lock() defer plugin.podUnlock(podNetwork) - _, err := plugin.loNetwork.addToNetwork(plugin.cacheDir, &podNetwork, "lo", "") + _, err := plugin.loNetwork.addToNetwork(plugin.cacheDir, &podNetwork, "lo", RuntimeConfig{}) if err != nil { logrus.Errorf("Error while adding to cni lo network: %s", err) return nil, err } results := make([]cnitypes.Result, 0) - if err := plugin.forEachNetwork(&podNetwork, func(network *cniNetwork, ifName string, podNetwork *PodNetwork) error { - ip := "" - if conf, ok := podNetwork.NetworkConfig[network.name]; ok { - ip = conf.IP - } - - result, err := network.addToNetwork(plugin.cacheDir, podNetwork, ifName, ip) + if err := plugin.forEachNetwork(&podNetwork, func(network *cniNetwork, ifName string, podNetwork *PodNetwork, runtimeConfig RuntimeConfig) error { + result, err := network.addToNetwork(plugin.cacheDir, podNetwork, ifName, runtimeConfig) if err != nil { logrus.Errorf("Error while adding pod to CNI network %q: %s", network.name, err) return err @@ -445,13 +440,8 @@ func (plugin *cniNetworkPlugin) TearDownPod(podNetwork PodNetwork) error { plugin.podLock(podNetwork).Lock() defer plugin.podUnlock(podNetwork) - return plugin.forEachNetwork(&podNetwork, func(network *cniNetwork, ifName string, podNetwork *PodNetwork) error { - ip := "" - if conf, ok := podNetwork.NetworkConfig[network.name]; ok { - ip = conf.IP - } - - if err := network.deleteFromNetwork(plugin.cacheDir, podNetwork, ifName, ip); err != nil { + return plugin.forEachNetwork(&podNetwork, func(network *cniNetwork, ifName string, podNetwork *PodNetwork, runtimeConfig RuntimeConfig) error { + if err := network.deleteFromNetwork(plugin.cacheDir, podNetwork, ifName, runtimeConfig); err != nil { logrus.Errorf("Error while removing pod from CNI network %q: %s", network.name, err) return err } @@ -466,35 +456,15 @@ func (plugin *cniNetworkPlugin) GetPodNetworkStatus(podNetwork PodNetwork) ([]cn defer plugin.podUnlock(podNetwork) results := make([]cnitypes.Result, 0) - if err := plugin.forEachNetwork(&podNetwork, func(network *cniNetwork, ifName string, podNetwork *PodNetwork) error { - version := "4" - ip, mac, err := getContainerDetails(plugin.nsManager, podNetwork.NetNS, ifName, "-4") + if err := plugin.forEachNetwork(&podNetwork, func(network *cniNetwork, ifName string, podNetwork *PodNetwork, runtimeConfig RuntimeConfig) error { + result, err := network.checkNetwork(plugin.cacheDir, podNetwork, ifName, runtimeConfig, plugin.nsManager) if err != nil { - ip, mac, err = getContainerDetails(plugin.nsManager, podNetwork.NetNS, ifName, "-6") - if err != nil { - return err - } - version = "6" + logrus.Errorf("Error while checking pod to CNI network %q: %s", network.name, err) + return err + } + if result != nil { + results = append(results, result) } - - // Until CNI's GET request lands, construct the Result manually - results = append(results, &cnicurrent.Result{ - CNIVersion: "0.3.1", - Interfaces: []*cnicurrent.Interface{ - { - Name: ifName, - Mac: mac.String(), - Sandbox: podNetwork.NetNS, - }, - }, - IPs: []*cnicurrent.IPConfig{ - { - Version: version, - Interface: cnicurrent.Int(0), - Address: *ip, - }, - }, - }) return nil }); err != nil { return nil, err @@ -503,8 +473,8 @@ func (plugin *cniNetworkPlugin) GetPodNetworkStatus(podNetwork PodNetwork) ([]cn return results, nil } -func (network *cniNetwork) addToNetwork(cacheDir string, podNetwork *PodNetwork, ifName, ip string) (cnitypes.Result, error) { - rt, err := buildCNIRuntimeConf(cacheDir, podNetwork, ifName, ip) +func (network *cniNetwork) addToNetwork(cacheDir string, podNetwork *PodNetwork, ifName string, runtimeConfig RuntimeConfig) (cnitypes.Result, error) { + rt, err := buildCNIRuntimeConf(cacheDir, podNetwork, ifName, runtimeConfig) if err != nil { logrus.Errorf("Error adding network: %v", err) return nil, err @@ -521,8 +491,82 @@ func (network *cniNetwork) addToNetwork(cacheDir string, podNetwork *PodNetwork, return res, nil } -func (network *cniNetwork) deleteFromNetwork(cacheDir string, podNetwork *PodNetwork, ifName, ip string) error { - rt, err := buildCNIRuntimeConf(cacheDir, podNetwork, ifName, ip) +func (network *cniNetwork) checkNetwork(cacheDir string, podNetwork *PodNetwork, ifName string, runtimeConfig RuntimeConfig, nsManager *nsManager) (cnitypes.Result, error) { + + rt, err := buildCNIRuntimeConf(cacheDir, podNetwork, ifName, runtimeConfig) + if err != nil { + logrus.Errorf("Error checking network: %v", err) + return nil, err + } + + netconf, cninet := network.NetworkConfig, network.CNIConfig + logrus.Infof("About to check CNI network %s (type=%v)", netconf.Name, netconf.Plugins[0].Network.Type) + + gtet, err := cniversion.GreaterThanOrEqualTo(netconf.CNIVersion, "0.4.0") + if err != nil { + return nil, err + } + + var result cnitypes.Result + + // When CNIVersion supports Check, use it. Otherwise fall back on what was done initially. + if gtet { + err = cninet.CheckNetworkList(context.Background(), netconf, rt) + logrus.Infof("Checking CNI network %s (config version=%v)", netconf.Name, netconf.CNIVersion) + if err != nil { + logrus.Errorf("Error checking network: %v", err) + return nil, err + } + } + + result, err = cninet.GetNetworkListCachedResult(netconf, rt) + if err != nil { + logrus.Errorf("Error GetNetworkListCachedResult: %v", err) + return nil, err + } else if result != nil { + return result, nil + } + + // result doesn't exist, create one + logrus.Infof("Checking CNI network %s (config version=%v) nsManager=%v", netconf.Name, netconf.CNIVersion, nsManager) + + var cniInterface *cnicurrent.Interface + ips := []*cnicurrent.IPConfig{} + errs := []error{} + for _, version := range []string{"4", "6"} { + ip, mac, err := getContainerDetails(nsManager, podNetwork.NetNS, ifName, "-"+version) + if err == nil { + if cniInterface == nil { + cniInterface = &cnicurrent.Interface{ + Name: ifName, + Mac: mac.String(), + Sandbox: podNetwork.NetNS, + } + } + ips = append(ips, &cnicurrent.IPConfig{ + Version: version, + Interface: cnicurrent.Int(0), + Address: *ip, + }) + } else { + errs = append(errs, err) + } + } + if cniInterface == nil || len(ips) == 0 { + return nil, fmt.Errorf("neither IPv4 nor IPv6 found when retrieving network status: %v", errs) + } + + result = &cnicurrent.Result{ + CNIVersion: netconf.CNIVersion, + Interfaces: []*cnicurrent.Interface{cniInterface}, + IPs: ips, + } + + return result, nil +} + +func (network *cniNetwork) deleteFromNetwork(cacheDir string, podNetwork *PodNetwork, ifName string, runtimeConfig RuntimeConfig) error { + rt, err := buildCNIRuntimeConf(cacheDir, podNetwork, ifName, runtimeConfig) if err != nil { logrus.Errorf("Error deleting network: %v", err) return err @@ -538,7 +582,7 @@ func (network *cniNetwork) deleteFromNetwork(cacheDir string, podNetwork *PodNet return nil } -func buildCNIRuntimeConf(cacheDir string, podNetwork *PodNetwork, ifName, ip string) (*libcni.RuntimeConf, error) { +func buildCNIRuntimeConf(cacheDir string, podNetwork *PodNetwork, ifName string, runtimeConfig RuntimeConfig) (*libcni.RuntimeConf, error) { logrus.Infof("Got pod network %+v", podNetwork) rt := &libcni.RuntimeConf{ @@ -552,9 +596,11 @@ func buildCNIRuntimeConf(cacheDir string, podNetwork *PodNetwork, ifName, ip str {"K8S_POD_NAME", podNetwork.Name}, {"K8S_POD_INFRA_CONTAINER_ID", podNetwork.ID}, }, + CapabilityArgs: map[string]interface{}{}, } // Add requested static IP to CNI_ARGS + ip := runtimeConfig.IP if ip != "" { if tstIP := net.ParseIP(ip); tstIP == nil { return nil, fmt.Errorf("unable to parse IP address %q", ip) @@ -562,13 +608,26 @@ func buildCNIRuntimeConf(cacheDir string, podNetwork *PodNetwork, ifName, ip str rt.Args = append(rt.Args, [2]string{"IP", ip}) } - if len(podNetwork.PortMappings) == 0 { - return rt, nil + // Set PortMappings in Capabilities + if len(runtimeConfig.PortMappings) != 0 { + rt.CapabilityArgs["portMappings"] = runtimeConfig.PortMappings + } + + // Set Bandwidth in Capabilities + if runtimeConfig.Bandwidth != nil { + rt.CapabilityArgs["bandwidth"] = map[string]uint64{ + "ingressRate": runtimeConfig.Bandwidth.IngressRate, + "ingressBurst": runtimeConfig.Bandwidth.IngressBurst, + "egressRate": runtimeConfig.Bandwidth.EgressRate, + "egressBurst": runtimeConfig.Bandwidth.EgressBurst, + } } - rt.CapabilityArgs = map[string]interface{}{ - "portMappings": podNetwork.PortMappings, + // Set IpRanges in Capabilities + if len(runtimeConfig.IpRanges) > 0 { + rt.CapabilityArgs["ipRanges"] = runtimeConfig.IpRanges } + return rt, nil } diff --git a/vendor/github.com/cri-o/ocicni/pkg/ocicni/types.go b/vendor/github.com/cri-o/ocicni/pkg/ocicni/types.go index d76094292..8709711e0 100644 --- a/vendor/github.com/cri-o/ocicni/pkg/ocicni/types.go +++ b/vendor/github.com/cri-o/ocicni/pkg/ocicni/types.go @@ -24,12 +24,44 @@ type PortMapping struct { HostIP string `json:"hostIP"` } -// NetworkConfig is additional configuration for a single CNI network. -type NetworkConfig struct { +// IpRange maps to the standard CNI ipRanges Capability +// see: https://github.com/containernetworking/cni/blob/master/CONVENTIONS.md +type IpRange struct { + // Subnet is the whole CIDR + Subnet string `json:"subnet"` + // RangeStart is the first available IP in subnet + RangeStart string `json:"rangeStart,omitempty"` + // RangeEnd is the last available IP in subnet + RangeEnd string `json:"rangeEnd,omitempty"` + // Gateway is the gateway of subnet + Gateway string `json:"gateway,omitempty"` +} + +// RuntimeConfig is additional configuration for a single CNI network that +// is pod-specific rather than general to the network. +type RuntimeConfig struct { // IP is a static IP to be specified in the network. Can only be used // with the hostlocal IP allocator. If left unset, an IP will be // dynamically allocated. IP string + // PortMappings is the port mapping of the sandbox. + PortMappings []PortMapping + // Bandwidth is the bandwidth limiting of the pod + Bandwidth *BandwidthConfig + // IpRanges is the ip range gather which is used for address allocation + IpRanges [][]IpRange +} + +// BandwidthConfig maps to the standard CNI bandwidth Capability +// see: https://github.com/containernetworking/cni/blob/master/CONVENTIONS.md +type BandwidthConfig struct { + // IngressRate is a limit for incoming traffic in bps + IngressRate uint64 + IngressBurst uint64 + + // EgressRate is a limit for outgoing traffic in bps + EgressRate uint64 + EgressBurst uint64 } // PodNetwork configures the network of a pod sandbox. @@ -42,8 +74,6 @@ type PodNetwork struct { ID string // NetNS is the network namespace path of the sandbox. NetNS string - // PortMappings is the port mapping of the sandbox. - PortMappings []PortMapping // Networks is a list of CNI network names to attach to the sandbox // Leave this list empty to attach the default network to the sandbox @@ -52,7 +82,7 @@ type PodNetwork struct { // NetworkConfig is configuration specific to a single CNI network. // It is optional, and can be omitted for some or all specified networks // without issue. - NetworkConfig map[string]NetworkConfig + RuntimeConfig map[string]RuntimeConfig } // CNIPlugin is the interface that needs to be implemented by a plugin |