WIP

Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>

Author: maiqueb

go.mod

@@ -4,9 +4,12 @@ go 1.18
 
 require (
 	github.com/containerd/containerd v1.6.8
+	github.com/containernetworking/cni v1.1.1
+	github.com/gogo/protobuf v1.3.2
 	github.com/k8snetworkplumbingwg/network-attachment-definition-client v1.3.0
 	github.com/onsi/ginkgo v1.16.5
 	github.com/onsi/gomega v1.17.0
+	github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
 	k8s.io/api v0.24.4
 	k8s.io/apimachinery v0.24.4
 	k8s.io/client-go v0.24.4
@@ -33,7 +36,6 @@ require (
 	github.com/go-openapi/jsonreference v0.19.5 // indirect
 	github.com/go-openapi/swag v0.19.14 // indirect
 	github.com/gogo/googleapis v1.4.0 // indirect
-	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/gnostic v0.5.7-v3refs // indirect
@@ -55,7 +57,6 @@ require (
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799 // indirect
 	github.com/opencontainers/runc v1.1.2 // indirect
-	github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 // indirect
 	github.com/opencontainers/selinux v1.10.1 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/sirupsen/logrus v1.8.1 // indirect

go.sum

@@ -226,6 +226,8 @@ github.com/containerd/zfs v1.0.0/go.mod h1:m+m51S1DvAP6r3FcmYCp54bQ34pyOwTieQDNR
 github.com/containernetworking/cni v0.7.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
 github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
 github.com/containernetworking/cni v0.8.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
+github.com/containernetworking/cni v1.1.1 h1:ky20T7c0MvKvbMOwS/FrlbNwjEoqJEUUYfsL4b0mc4k=
+github.com/containernetworking/cni v1.1.1/go.mod h1:sDpYKmGVENF3s6uvMvGgldDWeG8dMxakj/u+i9ht9vw=
 github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHVlzhJpcY6TQxn/fUyDDM=
 github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRDjeJr6FLK6vuiUwoH7P8=
 github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc=
@@ -431,6 +433,7 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe
 github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -577,6 +580,8 @@ github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9k
 github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
+github.com/onsi/ginkgo/v2 v2.1.3 h1:e/3Cwtogj0HA+25nMP1jCMDIf8RtRYbGwGGuBIFztkc=
+github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
 github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
 github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
 github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
@@ -1218,6 +1223,7 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C
 gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
 gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
 gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0=

pkg/annotations/dynamic-network-status.go

@@ -1 +1,66 @@
 package annotations
+
+import (
+	"encoding/json"
+	"fmt"
+
+	corev1 "k8s.io/api/core/v1"
+
+	nettypes "github.com/k8snetworkplumbingwg/network-attachment-definition-client/pkg/apis/k8s.cni.cncf.io/v1"
+)
+
+const DynamicNetworksAnnotation = "cni.mutato.maiqueb.io/network-status"
+
+func AddDynamicIfaceStatus(currentPod *corev1.Pod, netName string, ifaceName string, ips ...string) (string, error) {
+	newIfaceStatus := nettypes.NetworkStatus{
+		Name:      netName,
+		Interface: ifaceName,
+		IPs:       ips,
+	}
+
+	currentIfaceStatus, err := podDynamicNetworkStatus(currentPod)
+	if err != nil {
+		return "", err
+	}
+
+	newIfaceString, err := json.Marshal(append(currentIfaceStatus, newIfaceStatus))
+	if err != nil {
+		return "", fmt.Errorf("failed to marshall the dynamic networks status")
+	}
+	return string(newIfaceString), nil
+}
+
+func DeleteDynamicIfaceStatus(currentPod *corev1.Pod, netName string, ifaceName string) (string, error) {
+	currentIfaceStatus, err := podDynamicNetworkStatus(currentPod)
+	if err != nil {
+		return "", err
+	}
+
+	var newIfaceStatus []nettypes.NetworkStatus
+	for i := range currentIfaceStatus {
+		if currentIfaceStatus[i].Name == netName && currentIfaceStatus[i].Interface == ifaceName {
+			continue
+		}
+		newIfaceStatus = append(newIfaceStatus, currentIfaceStatus[i])
+	}
+
+	newIfaceString, err := json.Marshal(newIfaceStatus)
+	if err != nil {
+		return "", fmt.Errorf("failed to marshall the dynamic networks status")
+	}
+	return string(newIfaceString), nil
+}
+
+func podDynamicNetworkStatus(currentPod *corev1.Pod) ([]nettypes.NetworkStatus, error) {
+	var currentIfaceStatus []nettypes.NetworkStatus
+	if currentIfaceStatusString, wasFound := currentPod.Annotations[DynamicNetworksAnnotation]; wasFound {
+		if err := json.Unmarshal([]byte(currentIfaceStatusString), &currentIfaceStatus); err != nil {
+			return nil, fmt.Errorf("could not unmarshall the current dynamic annotations for pod %s: %v", podNameAndNs(currentPod), err)
+		}
+	}
+	return currentIfaceStatus, nil
+}
+
+func podNameAndNs(currentPod *corev1.Pod) string {
+	return fmt.Sprintf("%s/%s", currentPod.GetNamespace(), currentPod.GetName())
+}

pkg/controller/pod.go

@@ -1,13 +1,15 @@
 package controller
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
 	"reflect"
 	"strings"
 	"time"
 
 	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/util/wait"
 	v1coreinformerfactory "k8s.io/client-go/informers"
@@ -26,6 +28,7 @@ import (
 	"github.com/maiqueb/multus-dynamic-networks-controller/pkg/annotations"
 	"github.com/maiqueb/multus-dynamic-networks-controller/pkg/cri"
 	"github.com/maiqueb/multus-dynamic-networks-controller/pkg/logging"
+	"github.com/maiqueb/multus-dynamic-networks-controller/pkg/multuscni"
 )
 
 const (
@@ -150,13 +153,13 @@ func (pnc *PodNetworksController) handleDynamicInterfaceRequest(dynamicAttachmen
 		if err != nil {
 			return err
 		}
-		return pnc.addNetworks(dynamicAttachmentRequest.AttachmentNames, pod)
+		return pnc.addNetworks(dynamicAttachmentRequest.AttachmentNames, pod, dynamicAttachmentRequest.PodNetNS)
 	} else if dynamicAttachmentRequest.Type == "remove" {
 		pod, err := pnc.podsLister.Pods(dynamicAttachmentRequest.PodNamespace).Get(dynamicAttachmentRequest.PodName)
 		if err != nil {
 			return err
 		}
-		return pnc.removeNetworks(dynamicAttachmentRequest.AttachmentNames, pod)
+		return pnc.removeNetworks(dynamicAttachmentRequest.AttachmentNames, pod, dynamicAttachmentRequest.PodNetNS)
 	} else {
 		klog.Infof("very weird attachment request: %+v", dynamicAttachmentRequest)
 	}
@@ -169,7 +172,7 @@ func (pnc *PodNetworksController) handleResult(err error, dynamicAttachmentReque
 		pnc.workqueue.Forget(dynamicAttachmentRequest)
 		return
 	}
-
+	klog.Warningf("attachment failed for %v: %v", *dynamicAttachmentRequest, err)
 	currentRetries := pnc.workqueue.NumRequeues(dynamicAttachmentRequest)
 	if currentRetries <= maxRetries {
 		klog.Errorf("re-queued request for: %v", dynamicAttachmentRequest)
@@ -245,19 +248,73 @@ func namespacedName(podNamespace string, podName string) string {
 	return fmt.Sprintf("%s/%s", podNamespace, podName)
 }
 
-func (pnc *PodNetworksController) addNetworks(netsToAdd []*nadv1.NetworkSelectionElement, pod *corev1.Pod) error {
+func (pnc *PodNetworksController) addNetworks(netsToAdd []*nadv1.NetworkSelectionElement, pod *corev1.Pod, netnsPath string) error {
 	for i := range netsToAdd {
 		klog.Infof("network to add: %v", netsToAdd[i])
+
+		netAttachDef, err := pnc.netAttachDefLister.NetworkAttachmentDefinitions(netsToAdd[i].Namespace).Get(netsToAdd[i].Name)
+		if err != nil {
+			klog.Errorf("failed to access the network-attachment-definition %s/%s: %v", netsToAdd[i].Namespace, netsToAdd[i].Name, err)
+			return err
+		}
+		response, err := multuscni.DoCNI(
+			multuscni.MultusDelegateURL(),
+			delegateRequest("ADD", netsToAdd[i], netAttachDef, pod, netnsPath),
+			pnc.multusSocketPath,
+		)
+		if err != nil {
+			return fmt.Errorf("failed to ADD delegate: %v", err)
+		}
+		klog.Infof("response: %s", string(response))
+
+		newIfaceStatus, err := annotations.AddDynamicIfaceStatus(pod, netsToAdd[0].Name, netsToAdd[0].InterfaceRequest)
+		if err != nil {
+			return fmt.Errorf("failed to create the new dynamic network status annotation: %v", err)
+		}
+		pod.Annotations[annotations.DynamicNetworksAnnotation] = newIfaceStatus
+
+		_, err = pnc.k8sClientSet.CoreV1().Pods(pod.GetNamespace()).Update(context.Background(), pod, metav1.UpdateOptions{})
+		if err != nil {
+			return fmt.Errorf("failed to add pod's dynamic annotations for %s: %v", pod.GetName(), err)
+		}
+
 		pnc.Eventf(pod, corev1.EventTypeNormal, "AddedInterface", "add network: %s", netsToAdd[i].Name)
 	}
 
 	return nil
 }
 
-func (pnc *PodNetworksController) removeNetworks(netsToRemove []*nadv1.NetworkSelectionElement, pod *corev1.Pod) error {
+func (pnc *PodNetworksController) removeNetworks(netsToRemove []*nadv1.NetworkSelectionElement, pod *corev1.Pod, netnsPath string) error {
 	for i := range netsToRemove {
 		klog.Infof("network to remove: %v", netsToRemove[i])
+
+		netAttachDef, err := pnc.netAttachDefLister.NetworkAttachmentDefinitions(netsToRemove[i].Namespace).Get(netsToRemove[i].Name)
+		if err != nil {
+			klog.Errorf("failed to access the network-attachment-definition %s/%s: %v", netsToRemove[i].Namespace, netsToRemove[i].Name, err)
+			return err
+		}
+
+		response, err := multuscni.DoCNI(
+			multuscni.MultusDelegateURL(),
+			delegateRequest("DEL", netsToRemove[i], netAttachDef, pod, netnsPath),
+			pnc.multusSocketPath,
+		)
+		if err != nil {
+			return fmt.Errorf("failed to remove delegate: %v", err)
+		}
+
+		newPodIfaceStatus, err := annotations.DeleteDynamicIfaceStatus(pod, netsToRemove[0].Name, netsToRemove[0].InterfaceRequest)
+		if err != nil {
+			return fmt.Errorf("failed to compute the dynamic network attachments after deleting network: %s, iface: %s: %v", netsToRemove[0].Name, netsToRemove[0].InterfaceRequest, err)
+		}
+		pod.Annotations[annotations.DynamicNetworksAnnotation] = newPodIfaceStatus
+
+		_, err = pnc.k8sClientSet.CoreV1().Pods(pod.GetNamespace()).Update(context.Background(), pod, metav1.UpdateOptions{})
+		if err != nil {
+			return fmt.Errorf("failed to add pod's dynamic annotations for %s: %v", pod.GetName(), err)
+		}
 		pnc.Eventf(pod, corev1.EventTypeNormal, "RemovedInterface", "removed network: %s", netsToRemove[i].Name)
+		klog.Infof("response: %s", string(response))
 	}
 
 	return nil
@@ -354,3 +411,19 @@ func podContainerID(pod *corev1.Pod) string {
 	}
 	return cidURI
 }
+
+func delegateRequest(command string, network *nadv1.NetworkSelectionElement, netAttachDef *nadv1.NetworkAttachmentDefinition, pod *corev1.Pod, netns string) interface{} {
+	klog.V(logging.Debug).Infof("the net-attach-def config: %v", netAttachDef.Spec.Config)
+	addRequest := &multuscni.Request{
+		Env: map[string]string{
+			"CNI_COMMAND":     command,
+			"CNI_CONTAINERID": podContainerID(pod),
+			"CNI_NETNS":       netns,
+			"CNI_IFNAME":      network.InterfaceRequest,
+			"CNI_ARGS":        fmt.Sprintf("K8S_POD_NAMESPACE=%s;K8S_POD_NAME=%s;K8S_POD_UID=%s", pod.GetNamespace(), pod.GetName(), string(pod.UID)),
+		},
+		Config: []byte(netAttachDef.Spec.Config),
+	}
+
+	return addRequest
+}

pkg/multuscni/client.go

@@ -0,0 +1,53 @@
+package multuscni
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"k8s.io/klog/v2"
+	"net"
+	"net/http"
+)
+
+func MultusDelegateURL() string {
+	return "http://dummy/delegate"
+}
+
+func DoCNI(url string, req interface{}, socketPath string) ([]byte, error) {
+	data, err := json.Marshal(req)
+	if err != nil {
+		return nil, fmt.Errorf("failed to marshal CNI request %v: %v", req, err)
+	}
+
+	client := &http.Client{
+		Transport: &http.Transport{
+			DialContext: func(ctx context.Context, network string, addr string) (net.Conn, error) {
+				return net.Dial("unix", socketPath)
+			},
+		},
+	}
+
+	resp, err := client.Post(url, "application/json", bytes.NewReader(data))
+	if err != nil {
+		return nil, fmt.Errorf("failed to send CNI request: %v", err)
+	}
+	defer func(respBody io.ReadCloser) {
+		if err := respBody.Close(); err != nil {
+			klog.Errorf("failed closing the connection to the multus-server: %v", err)
+		}
+	}(resp.Body)
+
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return nil, fmt.Errorf("failed to read CNI result: %v", err)
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("CNI request failed with status %v: '%s'", resp.StatusCode, string(body))
+	}
+
+	return body, nil
+}