Skip to content

Commit

Permalink
address comments
Browse files Browse the repository at this point in the history
- fix comments
- expand README to reference existing going on work across communities
- don't manipuelate network devices on host network namespaced pods

Signed-off-by: Antonio Ojea <aojea@google.com>
  • Loading branch information
aojea committed May 23, 2024
1 parent 0b32005 commit ca24037
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 7 deletions.
23 changes: 20 additions & 3 deletions plugins/network-device-injector/README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,23 @@
## Network Device Injector Plugin

This sample plugin can inject existing network devices into containers using pod annotations.
Network devices are network namespaced, this implies that in Kubernetes they are Pod scoped
and no container scoped, all containers are able to access the network device inside the Pod.

Traditionally in Kubernetes the CNI plugin is the responsable of configuring the default network
interface for Pods, but there are use cases where the Pod may need to use additional network interfaces,
a more detailed explanation of all the possible technologies to add interfaces to Pods was presented during
[SIG Network meeting 14/03/2024](https://www.youtube.com/watch?v=67UzeMEaqnM&list=PL69nYSiGNLP2E8vmnqo5MwPOY25sDWIxb&index=1),
[slides](Slides in https://docs.google.com/presentation/d/1pjDCtpdbCSWaqCbBYWgzTxAewOVbMf6rUS5SbjAJAe8/edit?usp=sharing).

Kubernetes project is working on [provide a better API](https://docs.google.com/document/d/1VBBj8Fh0ks0_-dacpqx6kD2tlIvj0XfFxtMuSfOJ22w/edit)
introducing network device claims that would naturally provide a built in means to inject.

[Network Devices may be included in the OCI Runtime Specification](https://github.com/opencontainers/runtime-spec/issues/1239), this will allow
implementations to be more declarative offloading the low level implementation details to the runtime implementation.

Pods that run in the host network namespace can not inject any network device as those are already running on the same network namespace,
and any modification can impact the existing system networking.

### Network Device Annotations

Expand All @@ -23,11 +40,11 @@ The parameters are based on the existing linux netdevice representation.
https://man7.org/linux/man-pages/man7/netdevice.7.html

`name` is mandatory and refers to the name of the network interface in the host,
the rest of the parameters is optional.
the rest of the parameters are optional.
`new_name` is the name of the interface inside the Pod.

The plugin only injects interfaces on the Pod, for more advanced networking configuration
like routing, traffic redirection or dynamic address configuration new plugins can be created.
The plugin only injects interfaces on the Pod network namespace for which the containers are attached when created,
for more advanced networking configuration like routing, traffic redirection or dynamic address configuration new plugins can be created.

## Testing

Expand Down
11 changes: 7 additions & 4 deletions plugins/network-device-injector/network-device-injector.go
Original file line number Diff line number Diff line change
Expand Up @@ -302,12 +302,13 @@ type plugin struct {
}

func (p *plugin) RunPodSandbox(_ context.Context, pod *api.PodSandbox) error {
log.WithField("namespace", pod.GetNamespace()).WithField("name", pod.GetName).Info("Started pod...")
log.WithField("namespace", pod.GetNamespace()).WithField("name", pod.GetName).Debug("Started pod...")
if verbose {
dump("RunPodSandbox", "pod", pod)
}

// inject associated devices of the netdevice to the container
// inject associated netdevices (based on received pod annotations) into the pod
// network namespace that will be attached to the pod's containers
netdevices, err := parseNetdevices(pod.Annotations)
if err != nil {
return err
Expand All @@ -325,8 +326,10 @@ func (p *plugin) RunPodSandbox(_ context.Context, pod *api.PodSandbox) error {
break
}
}
// TODO check host network namespace

// Pods running on the host network namespace has this value empty
if ns == "" {
log.WithField("namespace", pod.GetNamespace()).WithField("name", pod.GetName).Info("Pod using host namespace, skipping ...")
return nil
}

Expand All @@ -341,7 +344,7 @@ func (p *plugin) RunPodSandbox(_ context.Context, pod *api.PodSandbox) error {
}

func (p *plugin) StopPodSandbox(_ context.Context, pod *api.PodSandbox) error {
log.WithField("namespace", pod.GetNamespace()).WithField("name", pod.GetName).Info("Stopped pod...")
log.WithField("namespace", pod.GetNamespace()).WithField("name", pod.GetName).Debug("Stopped pod...")
if verbose {
dump("StopPodSandbox", "pod", pod)
}
Expand Down

0 comments on commit ca24037

Please sign in to comment.