M2 plumbing: CNI ↔ agent JSON RPC over unix socket
Build flock Image / build (push) Has been cancelled
Build flock Image / build (push) Has been cancelled
Locks the wire format between /opt/cni/bin/flock and flock-agent. ADD returns a CNI Result, DEL returns success/error, CHECK returns success/error. Connection-per-RPC, newline-delimited JSON. - pkg/cni/rpc.go: shared Op + Request + Response + framed encode/decode. - pkg/cni/rpc_client.go: net.Dial + EncodeRequest + DecodeResponse; rpcSocket overridable for tests. - pkg/cni/plugin.go: real implementations of CmdAdd/Del/Check that call through, mapping agent errors to types.Error. - pkg/agent/rpc.go: rpcServer with swappable AddHandler/DelHandler/ CheckHandler (defaults: not-implemented for ADD; idempotent-no-op for DEL/CHECK so kubelet teardown of a never-ADDed pod doesn't fail). - pkg/agent/server.go: replaces the M1 accept-and-close placeholder with rpcServer.serve(ctx, listener); listener closes on ctx cancel. Tests cover: Request/Response JSON roundtrip, end-to-end client → unix-socket → fake server, agent error → CNI types.Error mapping. ADD remains "not implemented" until netlink + IPAM wire-up — the agent returns an error and kubelet will fail pod sandbox creation IF a node were configured to use this CNI. host001's CNI plane is still 100% Calico, so this changes nothing observable on the cluster. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Donavan Fritz
+25
-13
@@ -4,8 +4,6 @@
|
||||
package cni
|
||||
|
||||
import (
|
||||
"errors"
|
||||
|
||||
"github.com/containernetworking/cni/pkg/skel"
|
||||
"github.com/containernetworking/cni/pkg/types"
|
||||
current "github.com/containernetworking/cni/pkg/types/100"
|
||||
@@ -14,24 +12,38 @@ import (
|
||||
// SocketPath is the unix socket exposed by flock-agent.
|
||||
const SocketPath = "/run/flock/flock.sock"
|
||||
|
||||
var errNotImplemented = errors.New("flock: ADD/DEL/CHECK not implemented in M1 scaffold")
|
||||
|
||||
// CmdAdd is invoked by kubelet when a pod sandbox is created.
|
||||
func CmdAdd(args *skel.CmdArgs) error {
|
||||
// M2: dial SocketPath, send ADD RPC, return CNI result.
|
||||
_ = args
|
||||
_ = current.ImplementedSpecVersion
|
||||
return types.NewError(types.ErrInternal, "flock-add", errNotImplemented.Error())
|
||||
resp, err := call(fromArgs(OpAdd, args))
|
||||
if err != nil {
|
||||
return types.NewError(types.ErrInternal, "flock-add", err.Error())
|
||||
}
|
||||
if cerr := toCNIError("add", resp); cerr != nil {
|
||||
return cerr
|
||||
}
|
||||
if resp.Result == nil {
|
||||
return types.NewError(types.ErrInternal, "flock-add", "agent returned no result")
|
||||
}
|
||||
return types.PrintResult(resp.Result, current.ImplementedSpecVersion)
|
||||
}
|
||||
|
||||
// CmdDel is invoked by kubelet when a pod sandbox is torn down.
|
||||
// CmdDel is invoked by kubelet when a pod sandbox is torn down. CNI spec:
|
||||
// DEL must be idempotent. The agent treats a missing allocation as success.
|
||||
func CmdDel(args *skel.CmdArgs) error {
|
||||
_ = args
|
||||
return types.NewError(types.ErrInternal, "flock-del", errNotImplemented.Error())
|
||||
resp, err := call(fromArgs(OpDel, args))
|
||||
if err != nil {
|
||||
// On dial failure during DEL, fail loudly — kubelet retries DEL,
|
||||
// and the next attempt may succeed once the agent is reachable.
|
||||
return types.NewError(types.ErrInternal, "flock-del", err.Error())
|
||||
}
|
||||
return toCNIError("del", resp)
|
||||
}
|
||||
|
||||
// CmdCheck verifies that the live netns matches the persisted allocation.
|
||||
func CmdCheck(args *skel.CmdArgs) error {
|
||||
_ = args
|
||||
return types.NewError(types.ErrInternal, "flock-check", errNotImplemented.Error())
|
||||
resp, err := call(fromArgs(OpCheck, args))
|
||||
if err != nil {
|
||||
return types.NewError(types.ErrInternal, "flock-check", err.Error())
|
||||
}
|
||||
return toCNIError("check", resp)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user