install all core CNI plugins via init container (#2355)

.gitignore

@@ -3,9 +3,6 @@ aws-k8s-agent
 aws-cni
 aws-vpc-cni
 aws-vpc-cni-init
-bandwidth
-host-local
-loopback
 verify-aws
 verify-network
 *~
@@ -17,6 +14,7 @@ portmap
 grpc-health-probe
 cni-metrics-helper
 coverage.txt
+core-plugins/
 build/
 vendor
 egress-v4-cni

Makefile

@@ -85,10 +85,8 @@ LDFLAGS = -X pkg/version/info.Version=$(VERSION) -X pkg/awsutils/awssession.vers
 ALLPKGS = $(shell go list $(VENDOR_OVERRIDE_FLAG) ./... | grep -v cmd/packet-verifier)
 # BINS is the set of built command executables.
 BINS = aws-k8s-agent aws-cni grpc-health-probe cni-metrics-helper aws-vpc-cni aws-vpc-cni-init egress-v4-cni
-# Plugin binaries
-# Not copied: bridge dhcp firewall flannel host-device host-local ipvlan macvlan ptp sbr static tuning vlan
-# For gnu tar, the full path in the tar file is required
-PLUGIN_BINS = ./loopback ./portmap ./bandwidth ./host-local
+# CORE_PLUGIN_DIR is the directory containing upstream containernetworking plugins
+CORE_PLUGIN_DIR = $(MAKEFILE_PATH)/core-plugins/
 
 # DOCKER_ARGS is extra arguments passed during container image build.
 DOCKER_ARGS =
@@ -284,7 +282,8 @@ plugins:   ## Fetch the CNI plugins
 	@echo "Visit upstream project for plugin details:"
 	@echo "$(VISIT_URL)"
 	@echo
-	curl -L $(FETCH_URL) | tar -zx $(PLUGIN_BINS)
+	mkdir -p $(CORE_PLUGIN_DIR)
+	curl -s -L $(FETCH_URL) | tar xzvf - -C $(CORE_PLUGIN_DIR)
 
 ##@ Debug script 
 
@@ -391,9 +390,9 @@ cleanup-ec2-sdk-override:
 # Clean temporary files and build artifacts from the project.
 clean:    ## Clean temporary files and build artifacts from the project.
 	@rm -f -- $(BINS)
-	@rm -f -- $(PLUGIN_BINS)
+	@rm -rf -- $(CORE_PLUGIN_DIR)
 	@rm -f -- coverage.txt
-	@rm -rf -- ${MAKEFILE_PATH}test/build
+	@rm -rf -- $(MAKEFILE_PATH)test/build
 
 ##@ Helpers
 

cmd/aws-vpc-cni-init/main.go

@@ -136,18 +136,13 @@ func main() {
 
 func _main() int {
 	log.Debug("Started Initialization")
-	pluginBins := []string{"loopback", "portmap", "bandwidth", "host-local", "aws-cni-support.sh"}
 	var err error
-	for _, plugin := range pluginBins {
-		if _, err = os.Stat(plugin); err != nil {
-			log.WithError(err).Fatalf("Required executable: %s not found", plugin)
-			return 1
-		}
-	}
 
 	log.Infof("Copying CNI plugin binaries ...")
 	hostCNIBinPath := utils.GetEnv(envHostCniBinPath, defaultHostCNIBinPath)
-	err = cp.InstallBinaries(pluginBins, hostCNIBinPath)
+	excludeBins := map[string]bool{"aws-vpc-cni-init": true}
+	// Copy all binaries from workdir to host bin dir except container init binary
+	err = cp.InstallBinariesFromDir(".", hostCNIBinPath, excludeBins)
 	if err != nil {
 		log.WithError(err).Errorf("Failed to install binaries")
 		return 1

scripts/dockerfiles/Dockerfile.init

@@ -24,10 +24,7 @@ FROM $base_image
 WORKDIR /init
 
 COPY --from=builder \
-    /go/src/github.com/aws/amazon-vpc-cni-k8s/loopback \
-    /go/src/github.com/aws/amazon-vpc-cni-k8s/portmap \
-    /go/src/github.com/aws/amazon-vpc-cni-k8s/bandwidth \
-    /go/src/github.com/aws/amazon-vpc-cni-k8s/host-local \
+    /go/src/github.com/aws/amazon-vpc-cni-k8s/core-plugins/* \
     /go/src/github.com/aws/amazon-vpc-cni-k8s/aws-cni-support.sh \
     /go/src/github.com/aws/amazon-vpc-cni-k8s/aws-vpc-cni-init /init/
 

utils/cp/cp.go

@@ -74,3 +74,27 @@ func InstallBinaries(pluginBins []string, hostCNIBinPath string) error {
 	}
 	return nil
 }
+
+func InstallBinariesFromDir(readDir string, hostCNIBinPath string, excludeBins map[string]bool) error {
+	bins, err := os.ReadDir(readDir)
+	if err != nil {
+		return fmt.Errorf("failed to read directory %s, error: %s", readDir, err)
+	}
+
+	for _, file := range bins {
+		// Only copy files
+		if !file.Type().IsRegular() {
+			continue
+		}
+		// Exclude binaries in deny-list
+		if _, ok := excludeBins[file.Name()]; ok {
+			continue
+		}
+		target := fmt.Sprintf("%s/%s", hostCNIBinPath, file.Name())
+		source := fmt.Sprintf("%s", file.Name())
+		if err := CopyFile(source, target); err != nil {
+			return fmt.Errorf("Failed to install %s: %s", target, err)
+		}
+	}
+	return nil
+}