flock/pkg/cni/plugin.go

// Package cni hosts the CNI plugin entry-points. The plugin binary is short-
// lived: it is invoked by kubelet, talks to flock-agent over a unix socket,
// and exits. All real work happens in the agent.
package cni

import (
	"github.com/containernetworking/cni/pkg/skel"
	"github.com/containernetworking/cni/pkg/types"
	current "github.com/containernetworking/cni/pkg/types/100"
)

// SocketPath is the unix socket exposed by flock-agent.
const SocketPath = "/run/flock/flock.sock"

// CmdAdd is invoked by kubelet when a pod sandbox is created.
func CmdAdd(args *skel.CmdArgs) error {
	resp, err := call(fromArgs(OpAdd, args))
	if err != nil {
		return types.NewError(types.ErrInternal, "flock-add", err.Error())
	}
	if cerr := toCNIError("add", resp); cerr != nil {
		return cerr
	}
	if resp.Result == nil {
		return types.NewError(types.ErrInternal, "flock-add", "agent returned no result")
	}
	return types.PrintResult(resp.Result, current.ImplementedSpecVersion)
}

// CmdDel is invoked by kubelet when a pod sandbox is torn down. CNI spec:
// DEL must be idempotent. The agent treats a missing allocation as success.
func CmdDel(args *skel.CmdArgs) error {
	resp, err := call(fromArgs(OpDel, args))
	if err != nil {
		// On dial failure during DEL, fail loudly — kubelet retries DEL,
		// and the next attempt may succeed once the agent is reachable.
		return types.NewError(types.ErrInternal, "flock-del", err.Error())
	}
	return toCNIError("del", resp)
}

// CmdCheck verifies that the live netns matches the persisted allocation.
func CmdCheck(args *skel.CmdArgs) error {
	resp, err := call(fromArgs(OpCheck, args))
	if err != nil {
		return types.NewError(types.ErrInternal, "flock-check", err.Error())
	}
	return toCNIError("check", resp)
}