Skip to content

Commit

Permalink
ocicni: pass a Pod UID down to CNI plugins as K8S_POD_UID
Browse files Browse the repository at this point in the history
If a pod is deleted from the Kube API while a SetUpPod() call
is ongoing it would be nice if the CNI plugin could easily
figure that out and exit early. Plugins can watch the Kube API
for pod events, but there is a race where the pod could have
been deleted + recreated before the plugin is executed and
sets up the watches.

Since each new pod object will have a different UID, pass
the UID we get from the runtime down to the CNI plugins so
they can compare the UID they receive from ocicni with one
they read from the Kube API. If the two UIDs are different,
that means the pod was deleted + recreated before or during
the plugin execution, and the plugin may wish to exit early
since any information it read from the Kube API and used to
configure sandbox resources may be out-of-date.

Signed-off-by: Dan Williams <dcbw@redhat.com>
  • Loading branch information
dcbw committed Jun 11, 2021
1 parent 4901c67 commit 1ea8db5
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 9 deletions.
1 change: 1 addition & 0 deletions pkg/ocicni/ocicni.go
Original file line number Diff line number Diff line change
Expand Up @@ -795,6 +795,7 @@ func buildCNIRuntimeConf(podNetwork *PodNetwork, ifName string, runtimeConfig Ru
{"K8S_POD_NAMESPACE", podNetwork.Namespace},
{"K8S_POD_NAME", podNetwork.Name},
{"K8S_POD_INFRA_CONTAINER_ID", podNetwork.ID},
{"K8S_POD_UID", podNetwork.UID},
},
CapabilityArgs: map[string]interface{}{},
}
Expand Down
19 changes: 12 additions & 7 deletions pkg/ocicni/ocicni_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -381,8 +381,8 @@ var _ = Describe("ocicni operations", func() {
runtimeConfig = RuntimeConfig{IP: "172.16.0.1"}
rt, err = buildCNIRuntimeConf(podNetwork, ifName, runtimeConfig)
Expect(err).NotTo(HaveOccurred())
Expect(len(rt.Args)).To(Equal(5))
Expect(rt.Args[4][1]).To(Equal("172.16.0.1"))
Expect(len(rt.Args)).To(Equal(6))
Expect(rt.Args[5][1]).To(Equal("172.16.0.1"))

// runtimeConfig with invalid MAC
runtimeConfig = RuntimeConfig{MAC: "f0:a6"}
Expand All @@ -393,16 +393,16 @@ var _ = Describe("ocicni operations", func() {
runtimeConfig = RuntimeConfig{MAC: "9e:0c:d9:b2:f0:a6"}
rt, err = buildCNIRuntimeConf(podNetwork, ifName, runtimeConfig)
Expect(err).NotTo(HaveOccurred())
Expect(len(rt.Args)).To(Equal(5))
Expect(rt.Args[4][1]).To(Equal("9e:0c:d9:b2:f0:a6"))
Expect(len(rt.Args)).To(Equal(6))
Expect(rt.Args[5][1]).To(Equal("9e:0c:d9:b2:f0:a6"))

// runtimeConfig with valid IP and valid MAC
runtimeConfig = RuntimeConfig{IP: "172.16.0.1", MAC: "9e:0c:d9:b2:f0:a6"}
rt, err = buildCNIRuntimeConf(podNetwork, ifName, runtimeConfig)
Expect(err).NotTo(HaveOccurred())
Expect(len(rt.Args)).To(Equal(6))
Expect(rt.Args[4][1]).To(Equal("172.16.0.1"))
Expect(rt.Args[5][1]).To(Equal("9e:0c:d9:b2:f0:a6"))
Expect(len(rt.Args)).To(Equal(7))
Expect(rt.Args[5][1]).To(Equal("172.16.0.1"))
Expect(rt.Args[6][1]).To(Equal("9e:0c:d9:b2:f0:a6"))

// runtimeConfig with portMappings is nil
runtimeConfig = RuntimeConfig{PortMappings: nil}
Expand Down Expand Up @@ -499,6 +499,7 @@ var _ = Describe("ocicni operations", func() {
Name: "pod1",
Namespace: "namespace1",
ID: "1234567890",
UID: "9414bd03-b3d3-453e-9d9f-47dcee07958c",
NetNS: networkNS.Path(),
}
results, err := ocicni.SetUpPod(podNet)
Expand Down Expand Up @@ -579,6 +580,7 @@ var _ = Describe("ocicni operations", func() {
Name: "pod1",
Namespace: "namespace1",
ID: "1234567890",
UID: "9414bd03-b3d3-453e-9d9f-47dcee07958c",
NetNS: networkNS.Path(),
Networks: []NetAttachment{
{Name: "network3"},
Expand Down Expand Up @@ -656,6 +658,7 @@ var _ = Describe("ocicni operations", func() {
Name: "pod1",
Namespace: "namespace1",
ID: "1234567890",
UID: "9414bd03-b3d3-453e-9d9f-47dcee07958c",
NetNS: networkNS.Path(),
Networks: []NetAttachment{
{Name: "network3"},
Expand Down Expand Up @@ -731,6 +734,7 @@ var _ = Describe("ocicni operations", func() {
Name: "pod1",
Namespace: "namespace1",
ID: containerID,
UID: "9414bd03-b3d3-453e-9d9f-47dcee07958c",
NetNS: networkNS.Path(),
}
})
Expand Down Expand Up @@ -797,6 +801,7 @@ var _ = Describe("ocicni operations", func() {
Name: "pod1",
Namespace: "namespace1",
ID: containerID,
UID: "9414bd03-b3d3-453e-9d9f-47dcee07958c",
NetNS: networkNS.Path(),
Networks: []NetAttachment{
{Name: netName1},
Expand Down
6 changes: 4 additions & 2 deletions pkg/ocicni/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -71,12 +71,14 @@ type BandwidthConfig struct {

// PodNetwork configures the network of a pod sandbox.
type PodNetwork struct {
// Name is the name of the sandbox.
// Name is the name of the pod.
Name string
// Namespace is the namespace of the sandbox.
// Namespace is the namespace of the pod.
Namespace string
// ID is the id of the sandbox container.
ID string
// UID is the UID of the pod that owns the sandbox.
UID string
// NetNS is the network namespace path of the sandbox.
NetNS string

Expand Down

0 comments on commit 1ea8db5

Please # to comment.