M2 plumbing: CNI ↔ agent JSON RPC over unix socket
Build flock Image / build (push) Has been cancelled
Build flock Image / build (push) Has been cancelled
Locks the wire format between /opt/cni/bin/flock and flock-agent. ADD returns a CNI Result, DEL returns success/error, CHECK returns success/error. Connection-per-RPC, newline-delimited JSON. - pkg/cni/rpc.go: shared Op + Request + Response + framed encode/decode. - pkg/cni/rpc_client.go: net.Dial + EncodeRequest + DecodeResponse; rpcSocket overridable for tests. - pkg/cni/plugin.go: real implementations of CmdAdd/Del/Check that call through, mapping agent errors to types.Error. - pkg/agent/rpc.go: rpcServer with swappable AddHandler/DelHandler/ CheckHandler (defaults: not-implemented for ADD; idempotent-no-op for DEL/CHECK so kubelet teardown of a never-ADDed pod doesn't fail). - pkg/agent/server.go: replaces the M1 accept-and-close placeholder with rpcServer.serve(ctx, listener); listener closes on ctx cancel. Tests cover: Request/Response JSON roundtrip, end-to-end client → unix-socket → fake server, agent error → CNI types.Error mapping. ADD remains "not implemented" until netlink + IPAM wire-up — the agent returns an error and kubelet will fail pod sandbox creation IF a node were configured to use this CNI. host001's CNI plane is still 100% Calico, so this changes nothing observable on the cluster. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Donavan Fritz
+57
-3
@@ -1,5 +1,59 @@
|
||||
package cni
|
||||
|
||||
// rpc_client.go will hold the JSON-over-unix-socket client used by the CNI
|
||||
// plugin to call into flock-agent. Stub for M1; implementation lands in M2
|
||||
// alongside the agent's RPC server.
|
||||
import (
|
||||
"fmt"
|
||||
"net"
|
||||
"time"
|
||||
|
||||
"github.com/containernetworking/cni/pkg/skel"
|
||||
"github.com/containernetworking/cni/pkg/types"
|
||||
)
|
||||
|
||||
// dialTimeout bounds how long the plugin waits to connect to the agent
|
||||
// socket. kubelet has its own outer timeout for the whole CNI invocation,
|
||||
// but a tighter bound here gives a clearer error if the DaemonSet pod is
|
||||
// gone or starting up.
|
||||
const dialTimeout = 5 * time.Second
|
||||
|
||||
// rpcSocket is overridable for tests.
|
||||
var rpcSocket = SocketPath
|
||||
|
||||
// call issues one Request and returns the Response. It dials the agent
|
||||
// unix socket, encodes the request, and decodes a single response. The
|
||||
// connection is closed before returning.
|
||||
func call(req Request) (*Response, error) {
|
||||
conn, err := net.DialTimeout("unix", rpcSocket, dialTimeout)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("dial flock-agent at %s: %w", rpcSocket, err)
|
||||
}
|
||||
defer conn.Close()
|
||||
if err := EncodeRequest(conn, req); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
resp, err := DecodeResponse(conn)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &resp, nil
|
||||
}
|
||||
|
||||
// fromArgs builds a Request from a CNI skel.CmdArgs invocation.
|
||||
func fromArgs(op Op, args *skel.CmdArgs) Request {
|
||||
return Request{
|
||||
Op: op,
|
||||
ContainerID: args.ContainerID,
|
||||
Netns: args.Netns,
|
||||
IfName: args.IfName,
|
||||
Args: args.Args,
|
||||
Path: args.Path,
|
||||
StdinData: args.StdinData,
|
||||
}
|
||||
}
|
||||
|
||||
// toCNIError converts an RPC Response.Error into a CNI types.Error, or nil.
|
||||
func toCNIError(stage string, resp *Response) error {
|
||||
if resp.Error == "" {
|
||||
return nil
|
||||
}
|
||||
return types.NewError(types.ErrInternal, "flock-"+stage, resp.Error)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user