aboutsummaryrefslogtreecommitdiff
path: root/libpod/networking.go
blob: 966b40238b9f55ee9b15865ff27d54693f1aed35 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
package libpod

import (
	"net"
	"strings"

	"github.com/containernetworking/plugins/pkg/ns"
	"github.com/cri-o/ocicni/pkg/ocicni"
	"github.com/pkg/errors"
	"github.com/sirupsen/logrus"
	"k8s.io/kubernetes/pkg/api/v1"
	"k8s.io/kubernetes/pkg/kubelet/network/hostport"
)

// Get an OCICNI network config
func getPodNetwork(id, name, nsPath string, ports []ocicni.PortMapping) ocicni.PodNetwork {
	return ocicni.PodNetwork{
		Name:         name,
		Namespace:    name, // TODO is there something else we should put here? We don't know about Kube namespaces
		ID:           id,
		NetNS:        nsPath,
		PortMappings: ports,
	}
}

// Convert port mapping struct from OCICNI version to one Kubernetes understands
func portMappingToHostport(mappings []ocicni.PortMapping) ([]*hostport.PortMapping, error) {
	newMappings := make([]*hostport.PortMapping, len(mappings))
	for _, port := range mappings {
		var protocol v1.Protocol
		switch strings.ToLower(port.Protocol) {
		case "udp":
			protocol = v1.ProtocolUDP
		case "tcp":
			protocol = v1.ProtocolTCP
		default:
			return nil, errors.Wrapf(ErrInvalidArg, "protocol must be TCP or UDP, instead got %s", port.Protocol)
		}

		newPort := new(hostport.PortMapping)
		newPort.Name = ""
		newPort.HostPort = port.HostPort
		newPort.ContainerPort = port.ContainerPort
		newPort.Protocol = protocol
		newPort.HostIP = port.HostIP

		newMappings = append(newMappings, newPort)
	}
	return newMappings, nil
}

// Create and configure a new network namespace for a container
func (r *Runtime) createNetNS(ctr *Container) (err error) {
	ctrNS, err := ns.NewNS()
	if err != nil {
		return errors.Wrapf(err, "error creating network namespace for container %s", ctr.ID())
	}
	defer func() {
		if err != nil {
			if err2 := ctrNS.Close(); err2 != nil {
				logrus.Errorf("Error closing partially created network namespace for container %s: %v", ctr.ID(), err2)
			}
		}
	}()

	logrus.Debugf("Made network namespace at %s for container %s", ctrNS.Path(), ctr.ID())

	podNetwork := getPodNetwork(ctr.ID(), ctr.Name(), ctrNS.Path(), ctr.config.PortMappings)

	if err := r.netPlugin.SetUpPod(podNetwork); err != nil {
		return errors.Wrapf(err, "error configuring network namespace for container %s", ctr.ID())
	}

	if len(ctr.config.PortMappings) != 0 {
		ip, err := r.netPlugin.GetPodNetworkStatus(podNetwork)
		if err != nil {
			return errors.Wrapf(err, "failed to get status of network for container %s", ctr.ID())
		}

		ip4 := net.ParseIP(ip).To4()
		if ip4 == nil {
			return errors.Wrapf(err, "failed to parse IPv4 address for container %s", ctr.ID())
		}

		portMappings, err := portMappingToHostport(ctr.config.PortMappings)
		if err != nil {
			return errors.Wrapf(err, "failed to generate port ammpings for container %s", ctr.ID())
		}

		err = r.hostportManager.Add(ctr.ID(), &hostport.PodPortMapping{
			Name:         ctr.Name(),
			PortMappings: portMappings,
			IP:           ip4,
			HostNetwork:  false,
		}, "lo")
		if err != nil {
			return errors.Wrapf(err, "failed to add port mappings for container %s", ctr.ID())
		}
	}

	ctr.state.NetNS = ctrNS

	return nil
}

// Join an existing network namespace
func joinNetNS(path string) (ns.NetNS, error) {
	ns, err := ns.GetNS(path)
	if err != nil {
		return nil, errors.Wrapf(err, "error retrieving network namespace at %s", path)
	}

	return ns, nil
}

// Get a container's IP address
func (r *Runtime) getContainerIP(ctr *Container) (net.IP, error) {
	if ctr.state.NetNS == nil {
		return nil, errors.Wrapf(ErrInvalidArg, "container %s has no network namespace, cannot get IP", ctr.ID())
	}

	podNetwork := getPodNetwork(ctr.ID(), ctr.Name(), ctr.state.NetNS.Path(), ctr.config.PortMappings)

	ipStr, err := r.netPlugin.GetPodNetworkStatus(podNetwork)
	if err != nil {
		return nil, errors.Wrapf(err, "error retrieving network status of container %s", ctr.ID())
	}

	ip := net.ParseIP(ipStr)
	if ip == nil {
		return nil, errors.Wrapf(ErrInternal, "error parsing IP address %s for container %s", ipStr, ctr.ID())
	}

	return ip, nil
}

// Tear down a network namespace
func (r *Runtime) teardownNetNS(ctr *Container) error {
	if ctr.state.NetNS == nil {
		// The container has no network namespace, we're set
		return nil
	}

	logrus.Debugf("Tearing down network namespace at %s for container %s", ctr.state.NetNS.Path(), ctr.ID())

	portMappings, err := portMappingToHostport(ctr.config.PortMappings)
	if err != nil {
		logrus.Errorf("Failed to generate port mappings for container %s: %v", ctr.ID(), err)
	} else {
		// Only attempt to remove hostport mappings if we successfully
		// converted to hostport-style mappings
		err := r.hostportManager.Remove(ctr.ID(), &hostport.PodPortMapping{
			Name:         ctr.Name(),
			PortMappings: portMappings,
			HostNetwork:  false,
		})
		if err != nil {
			logrus.Errorf("Failed to tear down port mappings for container %s: %v", ctr.ID(), err)
		}
	}

	podNetwork := getPodNetwork(ctr.ID(), ctr.Name(), ctr.state.NetNS.Path(), ctr.config.PortMappings)

	// The network may have already been torn down, so don't fail here, just log
	if err := r.netPlugin.TearDownPod(podNetwork); err != nil {
		logrus.Errorf("Failed to tear down network namespace for container %s: %v", ctr.ID(), err)
	}

	if err := ctr.state.NetNS.Close(); err != nil {
		return errors.Wrapf(err, "error closing network namespace for container %s", ctr.ID())
	}

	ctr.state.NetNS = nil

	return nil
}