Merge pull request #1 from kaloom/ocp

Add Crio support

Author: kmabda

README.md

@@ -97,9 +97,10 @@ see [kactus cni-plugin repo](https://github.com/kaloom/kubernetes-kactus-cni-plu
 
 > $ `kubectl apply -f manifests/podagent-serviceaccount-and-rbac.yaml`
 
-3. delopy the podagent as a daemon set:
+3. deploy the podagent as a daemon set:
 
-> $ `kubectl apply -f manifests/podagent-ds.yaml`
+> $ `kubectl apply -f manifests/podagent-ds.yaml`       for docker
+> $ `kubectl apply -f manifests/podagent-cs.yaml`       for crio
 
 
 ### Note

controller/controller.go

@@ -18,9 +18,11 @@ package controller
 
 import (
 	"context"
+	"fmt"
 	"time"
 
 	"github.com/kaloom/kubernetes-podagent/controller/cni"
+	ccri "github.com/kaloom/kubernetes-podagent/controller/crio-runtime"
 	dcri "github.com/kaloom/kubernetes-podagent/controller/docker-runtime"
 
 	"github.com/golang/glog"
@@ -29,10 +31,33 @@ import (
 	"k8s.io/kubernetes/pkg/kubelet/dockershim/libdocker"
 )
 
+// ContainerType defines the type if continer used to support the pods
+type ContainerType int
+
+const (
+	// Docker type container
+	Docker ContainerType = iota
+
+	// Crio type container
+	Crio
+)
+
+func (ct ContainerType) String() string {
+	switch ct {
+	case Docker:
+		return "Docker"
+	case Crio:
+		return "Crio"
+	default:
+		glog.Errorf("Invalid ContainerType: %v", ct)
+		return fmt.Sprintf("%d", int(ct))
+	}
+}
+
 // Controller the controller object
 type Controller struct {
 	kubeClient *kubernetes.Clientset
-	runtime    *dcri.DockerRuntime
+	runtime    Runtime
 	cniPlugin  *cni.NetworkPlugin
 }
 
@@ -57,17 +82,27 @@ func (c *Controller) Run(ctx context.Context, nodeName string) error {
 	return ctx.Err()
 }
 
-// NewController instantiate a controller object
-func NewController(kubeClient *kubernetes.Clientset, dockerEndpoint, cniBinPath, cniConfPath, cniVendor string) (*Controller, error) {
+// NewController instantiate a docker controller object
+func NewController(kubeClient *kubernetes.Clientset, endpoint, cniBinPath, cniConfPath, cniVendor string, containerType ContainerType) (*Controller, error) {
 	runtimeRequestTimeout := 2 * time.Minute
 	imagePullProgressDeadline := time.Minute
-	dockerClient := libdocker.ConnectToDockerOrDie(dockerEndpoint,
-		runtimeRequestTimeout,
-		imagePullProgressDeadline)
-	runTime, err := dcri.NewDockerRuntime(dockerClient)
+
+	var runTime Runtime
+	var err error
+	switch containerType {
+	case Crio:
+		runTime, err = ccri.NewCrioRuntime(endpoint, runtimeRequestTimeout)
+
+	default:
+		dockerClient := libdocker.ConnectToDockerOrDie(endpoint,
+			runtimeRequestTimeout,
+			imagePullProgressDeadline)
+		runTime, err = dcri.NewDockerRuntime(dockerClient)
+	}
 	if err != nil {
 		return nil, err
 	}
+
 	cniPlugin, err := cni.NewCNIPlugin(cniBinPath, cniConfPath, cniVendor)
 	if err != nil {
 		return nil, err

controller/crio-runtime/runtime.go

@@ -0,0 +1,191 @@
+// /*
+// Copyright 2020 Kaloom Inc.
+// Copyright 2014 The Kubernetes Authors.
+
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// */
+
+package crioruntime
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/golang/glog"
+	"github.com/pkg/errors"
+	"google.golang.org/grpc"
+	pb "k8s.io/cri-api/pkg/apis/runtime/v1alpha2"
+	"k8s.io/kubernetes/pkg/kubelet/util"
+)
+
+const (
+	crioNetNSFmt = "/var/run/netns/%s"
+)
+
+// CrioRuntime runtime object
+type CrioRuntime struct {
+	client pb.RuntimeServiceClient
+}
+
+type PodStatusResponseInfo struct {
+	SandboxId   string
+	RunTimeSpec RuneTimeSpecInfo
+}
+
+type RuneTimeSpecInfo struct {
+	Linux NamespacesInfo
+}
+
+type NamespacesInfo struct {
+	NameSpaces []NameSpaceInfo
+}
+
+type NameSpaceInfo struct {
+	Type string
+	Path string
+}
+
+// GetNetNS returns the network namespace of the given containerID. The ID
+// supplied is typically the ID of a pod sandbox. This getter doesn't try
+// to map non-sandbox IDs to their respective sandboxes.
+func (cr *CrioRuntime) GetNetNS(podSandboxID string) (string, error) {
+
+	glog.V(4).Infof("GetNetNS:podSandboxID:%s", podSandboxID)
+	if podSandboxID == "" {
+		return "", fmt.Errorf("ID cannot be empty")
+	}
+
+	request := &pb.PodSandboxStatusRequest{
+		PodSandboxId: podSandboxID,
+		Verbose:      true, // TODO see with non verbose if all info is there
+	}
+	glog.V(5).Infof("PodSandboxStatusRequest: %v", request)
+	r, err := cr.client.PodSandboxStatus(context.Background(), request)
+	glog.V(5).Infof("PodSandboxStatusResponse: %v", r)
+	if err != nil {
+		return "", err
+	}
+
+	mapInfo := r.GetInfo()
+	glog.V(5).Infof("GetNetNS:GetInfo():%s", mapInfo)
+	var podStatusResponseInfo PodStatusResponseInfo
+	info := mapInfo["info"]
+	glog.V(5).Infof("GetNetNS:info:%s", info)
+	err = json.Unmarshal([]byte(info), &podStatusResponseInfo)
+	if err != nil {
+		glog.Errorf("GetNetNS:error decoding response:", err)
+		if e, ok := err.(*json.SyntaxError); ok {
+			glog.Errorf("GetNetNS:syntax error at byte offset ", e.Offset)
+		}
+		return "", err
+	}
+
+	namespaces := podStatusResponseInfo.RunTimeSpec.Linux.NameSpaces
+	glog.V(5).Infof("GetNetNS:RunTimeSpec.Linux.NameSpaces:", namespaces)
+	for _, namespace := range namespaces {
+		if namespace.Type == "network" {
+			ss := strings.Split(namespace.Path, "/")
+			netNS := ss[len(ss)-1]
+			glog.V(5).Infof("GetNetNS:NetNS:%s", netNS)
+			return fmt.Sprintf(crioNetNSFmt, netNS), nil
+		}
+	}
+	return "", nil
+}
+
+// GetSandboxID returns kubernete's crio sandbox container ID
+func (cr *CrioRuntime) GetSandboxID(containerID string) (string, error) {
+	glog.V(5).Infof("GetSandboxID:containerID:%s", containerID)
+	if containerID == "" {
+		return "", fmt.Errorf("ID cannot be empty")
+	}
+
+	filter := &pb.ContainerFilter{
+		Id: containerID,
+	}
+
+	request := &pb.ListContainersRequest{
+		Filter: filter,
+	}
+
+	glog.V(5).Infof("ListContainerRequest: %v", request)
+	r, err := cr.client.ListContainers(context.Background(), request)
+	glog.V(5).Infof("ListContainerResponse: %v", r)
+	if err != nil {
+		return "", err
+	}
+
+	containerslist := r.GetContainers()
+	if len(containerslist) == 0 {
+		return "", fmt.Errorf("Didn't find any container with containerID:%s", containerID)
+	} else if len(containerslist) != 1 {
+		return "", fmt.Errorf("Found more then one container with containerID:%s", containerID)
+	}
+
+	sandboxID := containerslist[0].PodSandboxId
+	glog.V(5).Infof("ContainerStatusResponse:SandboxId %s", sandboxID)
+	return sandboxID, nil
+}
+
+func getConnection(endPoints []string, timeOut time.Duration) (*grpc.ClientConn, error) {
+	if endPoints == nil || len(endPoints) == 0 {
+		return nil, fmt.Errorf("endpoint is not set")
+	}
+	endPointsLen := len(endPoints)
+	var conn *grpc.ClientConn
+	for indx, endPoint := range endPoints {
+		glog.Infof("connect using endpoint '%s' with '%s' timeout", endPoint, timeOut)
+		addr, dialer, err := util.GetAddressAndDialer(endPoint)
+		if err != nil {
+			if indx == endPointsLen-1 {
+				return nil, err
+			}
+			glog.Error(err)
+			continue
+		}
+		conn, err = grpc.Dial(addr, grpc.WithInsecure(), grpc.WithBlock(), grpc.WithTimeout(timeOut), grpc.WithContextDialer(dialer))
+		if err != nil {
+			errMsg := errors.Wrapf(err, "connect endpoint '%s', make sure you are running as root and the endpoint has been started", endPoint)
+			if indx == endPointsLen-1 {
+				return nil, errMsg
+			}
+			glog.Error(errMsg)
+		} else {
+			glog.Infof("connected successfully using endpoint: %s", endPoint)
+			break
+		}
+	}
+	return conn, nil
+}
+
+// NewCrioRuntime instantiate a crio runtime object
+func NewCrioRuntime(endpoint string, timeOut time.Duration) (*CrioRuntime, error) {
+
+	if endpoint == "" {
+		return nil, fmt.Errorf("--runtime-endpoint is not set")
+	}
+	clientConnection, err := getConnection([]string{endpoint}, timeOut)
+	if err != nil {
+		return nil, errors.Wrap(err, "connect")
+	}
+	runtimeClient := pb.NewRuntimeServiceClient(clientConnection)
+
+	cr := &CrioRuntime{
+		client: runtimeClient,
+	}
+
+	return cr, nil
+}

controller/docker-runtime/runtime.go

@@ -58,7 +58,10 @@ func (dr *DockerRuntime) GetNetNS(podSandboxID string) (string, error) {
 	if err != nil {
 		return "", err
 	}
-	return getNetworkNamespace(c)
+
+	ns, err := getNetworkNamespace(c)
+	glog.V(5).Infof("GetNetNS:%s %v", ns, err)
+	return ns, err
 }
 
 // GetSandboxID returns kubernete's docker "pause" container ID
@@ -73,6 +76,7 @@ func (dr *DockerRuntime) GetSandboxID(containerID string) (string, error) {
 			return val, nil
 		}
 	}
+	glog.V(5).Infof("GetSandboxID:SandboxId %s", kubernetesSandboxID)
 	return "", fmt.Errorf("Cannot find label %s in container %q", kubernetesSandboxID, c.ID)
 }
 

controller/runtime.go

@@ -0,0 +1,29 @@
+/*
+Copyright 2020 Kaloom Inc.
+Copyright 2014 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package controller
+
+// Runtime interface
+type Runtime interface {
+	// GetNetNS returns the network namespace of the given containerID. The ID
+	// supplied is typically the ID of a pod sandbox. This getter doesn't try
+	// to map non-sandbox IDs to their respective sandboxes.
+	GetNetNS(podSandboxID string) (string, error)
+
+	// GetSandboxID returns kubernete's docker "pause" container ID
+	GetSandboxID(containerID string) (string, error)
+}