set network device status data

Change-Id: Ic8fe1378d5f001db9c7dbfc1c5b5ff11e4d1cfd2

Author: aojea

pkg/driver/driver.go

@@ -18,6 +18,7 @@ package driver
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"os"
 	"path/filepath"
@@ -33,8 +34,11 @@ import (
 	"github.com/containerd/nri/pkg/stub"
 
 	resourceapi "k8s.io/api/resource/v1beta1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
+	metav1apply "k8s.io/client-go/applyconfigurations/meta/v1"
+	resourceapply "k8s.io/client-go/applyconfigurations/resource/v1beta1"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/tools/cache"
 	"k8s.io/dynamic-resource-allocation/kubeletplugin"
@@ -216,6 +220,7 @@ func (np *NetworkDriver) RunPodSandbox(ctx context.Context, pod *api.PodSandbox)
 	np.netdb.AddPodNetns(podKey(pod), ns)
 
 	// Process the configurations of the ResourceClaim
+	errorList := []error{}
 	for _, obj := range objs {
 		claim, ok := obj.(*resourceapi.ResourceClaim)
 		if !ok {
@@ -225,11 +230,11 @@ func (np *NetworkDriver) RunPodSandbox(ctx context.Context, pod *api.PodSandbox)
 		if claim.Status.Allocation == nil {
 			continue
 		}
+		resourceClaimStatus := resourceapply.ResourceClaimStatus()
 		for _, result := range claim.Status.Allocation.Devices.Results {
 			if result.Driver != np.driverName {
 				continue
 			}
-
 			// Process the configurations of the ResourceClaim
 			for _, config := range claim.Status.Allocation.Devices.Config {
 				if config.Opaque == nil {
@@ -255,14 +260,54 @@ func (np *NetworkDriver) RunPodSandbox(ctx context.Context, pod *api.PodSandbox)
 
 			// TODO config options to rename the device and pass parameters
 			// use https://github.com/opencontainers/runtime-spec/pull/1271
-			err := nsAttachNetdev(result.Device, ns, result.Device)
+			networkData, err := nsAttachNetdev(result.Device, ns, result.Device)
 			if err != nil {
 				klog.Infof("RunPodSandbox error moving device %s to namespace %s: %v", result.Device, ns, err)
-				return err
+				resourceClaimStatus = resourceClaimStatus.WithDevices(
+					resourceapply.AllocatedDeviceStatus().
+						WithDevice(result.Device).WithDriver(result.Driver).WithPool(result.Pool).
+						WithConditions(
+							metav1apply.Condition().
+								WithType("Ready").
+								WithStatus(metav1.ConditionFalse).
+								WithReason("NetworkDeviceError").
+								WithMessage(err.Error()).
+								WithLastTransitionTime(metav1.Now()),
+						),
+				)
+				errorList = append(errorList, err)
+			} else {
+				resourceClaimStatus = resourceClaimStatus.WithDevices(
+					resourceapply.AllocatedDeviceStatus().
+						WithDevice(result.Device).WithDriver(result.Driver).WithPool(result.Pool).
+						WithConditions(
+							metav1apply.Condition().
+								WithType("Ready").
+								WithReason("NetworkDeviceReady").
+								WithStatus(metav1.ConditionTrue).
+								WithLastTransitionTime(metav1.Now()),
+						).
+						WithNetworkData(resourceapply.NetworkDeviceData().
+							WithInterfaceName(networkData.InterfaceName).
+							WithHardwareAddress(networkData.HardwareAddress).
+							WithIPs(networkData.IPs...),
+						),
+				)
 			}
 		}
+		resourceClaimApply := resourceapply.ResourceClaim(claim.Name, claim.Namespace).WithStatus(resourceClaimStatus)
+		_, err = np.kubeClient.ResourceV1beta1().ResourceClaims(claim.Namespace).ApplyStatus(ctx,
+			resourceClaimApply,
+			metav1.ApplyOptions{FieldManager: np.driverName, Force: true},
+		)
+		// do not fail hard
+		if err != nil {
+			klog.Infof("failed to update status for claim %s/%s : %v", claim.Namespace, claim.Name, err)
+		} else {
+			klog.V(2).Infof("update status for claim %s/%s", claim.Namespace, claim.Name)
+		}
 	}
-	return nil
+	return errors.Join(errorList...)
 }
 
 func (np *NetworkDriver) StopPodSandbox(ctx context.Context, pod *api.PodSandbox) error {

pkg/driver/hostdevice.go

@@ -24,29 +24,31 @@ import (
 	"github.com/vishvananda/netlink/nl"
 	"github.com/vishvananda/netns"
 	"golang.org/x/sys/unix"
+
+	resourceapi "k8s.io/api/resource/v1beta1"
 )
 
-func nsAttachNetdev(hostIfName string, containerNsPAth string, ifName string) error {
+func nsAttachNetdev(hostIfName string, containerNsPAth string, ifName string) (*resourceapi.NetworkDeviceData, error) {
 	hostDev, err := netlink.LinkByName(hostIfName)
 	// recover same behavior on vishvananda/netlink@1.2.1 and do not fail when the kernel returns NLM_F_DUMP_INTR.
 	if err != nil && !errors.Is(err, netlink.ErrDumpInterrupted) {
-		return err
+		return nil, err
 	}
 
 	// Devices can be renamed only when down
 	if err = netlink.LinkSetDown(hostDev); err != nil {
-		return fmt.Errorf("failed to set %q down: %v", hostDev.Attrs().Name, err)
+		return nil, fmt.Errorf("failed to set %q down: %v", hostDev.Attrs().Name, err)
 	}
 
 	// get the existing IP addresses
 	addresses, err := netlink.AddrList(hostDev, netlink.FAMILY_ALL)
 	if err != nil && !errors.Is(err, netlink.ErrDumpInterrupted) {
-		return fmt.Errorf("fail to get ip addresses: %w", err)
+		return nil, fmt.Errorf("fail to get ip addresses: %w", err)
 	}
 
 	containerNs, err := netns.GetFromPath(containerNsPAth)
 	if err != nil {
-		return err
+		return nil, err
 	}
 	defer containerNs.Close()
 
@@ -60,7 +62,7 @@ func nsAttachNetdev(hostIfName string, containerNsPAth string, ifName string) er
 	// Get a netlink socket in current namespace
 	s, err := nl.GetNetlinkSocketAt(netns.None(), netns.None(), unix.NETLINK_ROUTE)
 	if err != nil {
-		return fmt.Errorf("could not get network namespace handle: %w", err)
+		return nil, fmt.Errorf("could not get network namespace handle: %w", err)
 	}
 	defer s.Close()
 
@@ -87,37 +89,65 @@ func nsAttachNetdev(hostIfName string, containerNsPAth string, ifName string) er
 
 	_, err = req.Execute(unix.NETLINK_ROUTE, 0)
 	if err != nil && !errors.Is(err, netlink.ErrDumpInterrupted) {
-		return err
+		return nil, err
 	}
 
 	// to avoid golang problem with goroutines we create the socket in the
 	// namespace and use it directly
 	nhNs, err := netlink.NewHandleAt(containerNs)
 	if err != nil {
-		return err
+		return nil, err
 	}
 	defer nhNs.Close()
 
 	nsLink, err := nhNs.LinkByName(attrs.Name)
 	if err != nil && !errors.Is(err, netlink.ErrDumpInterrupted) {
-		return fmt.Errorf("link not found for interface %s on namespace %s: %w", attrs.Name, containerNsPAth, err)
+		return nil, fmt.Errorf("link not found for interface %s on namespace %s: %w", attrs.Name, containerNsPAth, err)
 	}
 
+	// Re-add the original IP addresses to the interface in the new namespace.
+	// The kernel removes IP addresses when an interface is moved between network namespaces.
 	for _, address := range addresses {
+		// Only move permanent IP addresses configured by the user, dynamic addresses are excluded because
+		// their validity may rely on the original network namespace's context and they may have limited
+		// lifetimes and are not guaranteed to be available in a new namespace.
+		// Ref: https://www.ietf.org/rfc/rfc3549.txt
+		if address.Flags&unix.IFA_F_PERMANENT == 0 {
+			continue
+		}
+		// Only move IP addresses with global scope because those are not host-specific, auto-configured,
+		// or have limited network scope, making them unsuitable inside the container namespace.
+		// Ref: https://www.ietf.org/rfc/rfc3549.txt
+		if address.Scope != unix.RT_SCOPE_UNIVERSE {
+			continue
+		}
 		// remove the interface attribute of the original address
 		// to avoid issues when the interface is renamed.
 		err = nhNs.AddrAdd(nsLink, &netlink.Addr{IPNet: address.IPNet})
 		if err != nil {
-			return fmt.Errorf("fail to set up address %s on namespace %s: %w", address.String(), containerNsPAth, err)
+			return nil, fmt.Errorf("fail to set up address %s on namespace %s: %w", address.String(), containerNsPAth, err)
 		}
 	}
 
 	err = nhNs.LinkSetUp(nsLink)
 	if err != nil {
-		return fmt.Errorf("failt to set up interface %s on namespace %s: %w", nsLink.Attrs().Name, containerNsPAth, err)
+		return nil, fmt.Errorf("failt to set up interface %s on namespace %s: %w", nsLink.Attrs().Name, containerNsPAth, err)
 	}
 
-	return nil
+	networkData := &resourceapi.NetworkDeviceData{
+		InterfaceName:   nsLink.Attrs().Name,
+		HardwareAddress: string(nsLink.Attrs().HardwareAddr.String()),
+	}
+
+	// get the existing IP addresses
+	addresses, err = nhNs.AddrList(nsLink, netlink.FAMILY_ALL)
+	if err == nil || errors.Is(err, netlink.ErrDumpInterrupted) {
+		for _, address := range addresses {
+			networkData.IPs = append(networkData.IPs, address.IPNet.String())
+		}
+	}
+
+	return networkData, nil
 }
 
 func nsDetachNetdev(containerNsPAth string, devName string) error {

tests/e2e.bats

@@ -1,9 +1,17 @@
 #!/usr/bin/env bats
 
-@test "dummy interface" {
-  cat "$BATS_TEST_DIRNAME"/../examples/add_dummy_iface.sh | docker exec -i "$CLUSTER_NAME"-worker bash
+@test "dummy interface with IP addresses" {
+  docker exec "$CLUSTER_NAME"-worker bash -c "ip link add dummy0 type dummy"
+  docker exec "$CLUSTER_NAME"-worker bash -c "ip link set up dev dummy0"
+  docker exec "$CLUSTER_NAME"-worker bash -c "ip addr add 169.254.169.13/32 dev dummy0"
+
   kubectl apply -f "$BATS_TEST_DIRNAME"/../examples/deviceclass.yaml
   kubectl apply -f "$BATS_TEST_DIRNAME"/../examples/resourceclaim.yaml
   kubectl wait --timeout=2m --for=condition=ready pods -l app=pod
-  kubectl exec -it pod1 -- ip link show dummy0
+  run kubectl exec pod1 -- ip addr show dummy0
+  [ "$status" -eq 0 ]
+  [[ "$output" == *"169.254.169.13"* ]]
+  run kubectl get resourceclaims dummy-interface-static-ip  -o=jsonpath='{.status.devices[0].networkData.ips[*]}'
+  [ "$status" -eq 0 ]
+  [[ "$output" == *"169.254.169.13"* ]]
 }