Skip to content

Commit a85709c

Browse files
fuweidqiutongs
fuweid
authored and
qiutongs
committed
integration: simplify CNI-fp and add README.md
* Use delegated plugin call to simplify cni-bridge-cni * Add README.md for cni-bridge-cni Signed-off-by: Wei Fu <[email protected]> (cherry picked from commit e6a2c07) Signed-off-by: Qiutong Song <[email protected]>
1 parent d89a8d2 commit a85709c

9 files changed

Lines changed: 659 additions & 218 deletions

File tree

go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@ require (
1919
github.com/containerd/ttrpc v1.1.0
2020
github.com/containerd/typeurl v1.0.2
2121
github.com/containerd/zfs v1.0.0
22+
github.com/containernetworking/cni v1.1.1
2223
github.com/containernetworking/plugins v1.1.1
2324
github.com/coreos/go-systemd/v22 v22.3.2
2425
github.com/davecgh/go-spew v1.1.1
@@ -83,7 +84,6 @@ require (
8384
github.com/cenkalti/backoff/v4 v4.1.2 // indirect
8485
github.com/cespare/xxhash/v2 v2.1.2 // indirect
8586
github.com/cilium/ebpf v0.7.0 // indirect
86-
github.com/containernetworking/cni v1.1.1 // indirect
8787
github.com/containers/ocicrypt v1.1.3 // indirect
8888
github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect
8989
github.com/go-logr/logr v1.2.2 // indirect

integration/failpoint/cmd/cni-bridge-fp/README.md

Lines changed: 159 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,159 @@
1+
## cni-bridge-f(ail)p(oint)
2+
3+
### Overview
4+
5+
The `cni-bridge-fp` is a CNI plugin which delegates interface-creating function
6+
to [CNI bridge plugin][1] and allows user to inject failpoint before delegation.
7+
8+
Since the CNI plugin is invoked by binary call from CRI and it is short-lived,
9+
the failpoint need to be configured by a JSON file, which can be persisted.
10+
There is an example about failpoint description.
11+
12+
```json
13+
{
14+
"cmdAdd": "1*error(you-shall-not-pass!)->1*panic(again)",
15+
"cmdDel": "1*error(try-again)",
16+
"cmdCheck": "10*off"
17+
}
18+
```
19+
20+
* `cmdAdd` (string, optional): The failpoint for `ADD` command.
21+
* `cmdDel` (string, optional): The failpoint for `DEL` command.
22+
* `cmdCheck` (string, optional): The failpoint for `CHECK` command.
23+
24+
Since the `cmdXXX` can be multiple failpoints, each CNI binary call will update
25+
the current state to make sure the order of execution is expected.
26+
27+
And the failpoint injection is enabled by pod's annotation. Currently, the key
28+
of customized CNI capabilities in containerd can only be `io.kubernetes.cri.pod-annotations`
29+
and containerd will pass pod's annotations to CNI under the that object. The
30+
user can use the `failpoint.cni.containerd.io/confpath` annotation to enable
31+
failpoint for the pod.
32+
33+
```yaml
34+
apiVersion: v1
35+
kind: Pod
36+
metadata:
37+
name: nginx
38+
annotations:
39+
failpoint.cni.containerd.io/confpath: "/tmp/pod-failpoints.json"
40+
spec:
41+
containers:
42+
- name: nginx
43+
image: nginx:1.14.2
44+
ports:
45+
- containerPort: 80
46+
```
47+
48+
### Example
49+
50+
Let's use the following json as failpoint description.
51+
52+
```bash
53+
$ cat <<EOF | tee /tmp/cni-failpoint.json
54+
{
55+
"cmdAdd": "1*error(try-again)",
56+
"cmdDel": "2*error(oops)",
57+
"cmdCheck": "1*off->1*panic(sorry)"
58+
}
59+
EOF
60+
```
61+
62+
And use `ip netns` to create persisted net namespace named by `failpoint`.
63+
64+
```bash
65+
$ sudo ip netns add failpoint
66+
```
67+
68+
And then setup the following bash script for demo.
69+
70+
```bash
71+
$ cat <<EOFDEMO | tee /tmp/cni-failpoint-demo-helper.sh
72+
#!/usr/bin/env bash
73+
74+
export CNI_CONTAINERID=failpoint-testing
75+
export CNI_NETNS=/run/netns/failpoint
76+
export CNI_IFNAME=fpeni0
77+
export CNI_PATH=/opt/cni/bin/
78+
79+
cat <<EOF | /opt/cni/bin/cni-bridge-fp
80+
{
81+
"cniVersion": "0.3.0",
82+
"name": "containerd-net-fp",
83+
"type": "cni-bridge-fp",
84+
"bridge": "fp-cni0",
85+
"isGateway": true,
86+
"ipMasq": true,
87+
"promiscMode": true,
88+
"ipam": {
89+
"type": "host-local",
90+
"ranges": [
91+
[{
92+
"subnet": "10.88.0.0/16"
93+
}],
94+
[{
95+
"subnet": "2001:4860:4860::/64"
96+
}]
97+
],
98+
"routes": [
99+
{ "dst": "0.0.0.0/0" },
100+
{ "dst": "::/0" }
101+
]
102+
},
103+
"runtimeConfig": {
104+
"io.kubernetes.cri.pod-annotations": {
105+
"failpoint.cni.containerd.io/confpath": "/tmp/cni-failpoint.json"
106+
}
107+
}
108+
}
109+
EOF
110+
111+
EOFDEMO
112+
```
113+
114+
Let's try to setup CNI and we should get a error `try-again`.
115+
116+
```bash
117+
$ sudo CNI_COMMAND=ADD bash /tmp/cni-failpoint-demo-helper.sh
118+
{
119+
"code": 999,
120+
"msg": "try-again"
121+
}
122+
123+
# there is no failpoint for ADD command.
124+
$ cat /tmp/cni-failpoint.json | jq .
125+
{
126+
"cmdAdd": "0*error(try-again)",
127+
"cmdDel": "2*error(oops)",
128+
"cmdCheck": "1*off->1*panic(sorry)"
129+
}
130+
```
131+
132+
We should setup CNI successfully after retry. When we teardown the interface,
133+
there should be two failpoints.
134+
135+
```bash
136+
$ sudo CNI_COMMAND=ADD bash /tmp/cni-failpoint-demo-helper.sh
137+
...
138+
139+
$ sudo CNI_COMMAND=DEL bash /tmp/cni-failpoint-demo-helper.sh
140+
{
141+
"code": 999,
142+
"msg": "oops"
143+
}
144+
145+
$ sudo CNI_COMMAND=DEL bash /tmp/cni-failpoint-demo-helper.sh
146+
{
147+
"code": 999,
148+
"msg": "oops"
149+
}
150+
151+
$ cat /tmp/cni-failpoint.json | jq .
152+
{
153+
"cmdAdd": "0*error(try-again)",
154+
"cmdDel": "0*error(oops)",
155+
"cmdCheck": "1*off->1*panic(sorry)"
156+
}
157+
```
158+
159+
[1]: <https://www.cni.dev/plugins/current/main/bridge/>

integration/failpoint/cmd/cni-bridge-fp/main.go

Lines changed: 0 additions & 209 deletions
This file was deleted.

0 commit comments

Comments
 (0)