Donavan Fritz
31fcae2a97
Build flock Image / build (push) Has been cancelled
Locks the wire format between /opt/cni/bin/flock and flock-agent. ADD returns a CNI Result, DEL returns success/error, CHECK returns success/error. Connection-per-RPC, newline-delimited JSON. - pkg/cni/rpc.go: shared Op + Request + Response + framed encode/decode. - pkg/cni/rpc_client.go: net.Dial + EncodeRequest + DecodeResponse; rpcSocket overridable for tests. - pkg/cni/plugin.go: real implementations of CmdAdd/Del/Check that call through, mapping agent errors to types.Error. - pkg/agent/rpc.go: rpcServer with swappable AddHandler/DelHandler/ CheckHandler (defaults: not-implemented for ADD; idempotent-no-op for DEL/CHECK so kubelet teardown of a never-ADDed pod doesn't fail). - pkg/agent/server.go: replaces the M1 accept-and-close placeholder with rpcServer.serve(ctx, listener); listener closes on ctx cancel. Tests cover: Request/Response JSON roundtrip, end-to-end client → unix-socket → fake server, agent error → CNI types.Error mapping. ADD remains "not implemented" until netlink + IPAM wire-up — the agent returns an error and kubelet will fail pod sandbox creation IF a node were configured to use this CNI. host001's CNI plane is still 100% Calico, so this changes nothing observable on the cluster. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
flock
Kubernetes CNI for sjc001. Per-pod IPv4 opt-in, IID embedding, Ready-gated anycast via BGP.
Design doc: k8s-manager/dfritz-cni.md (in the operator's k8s-manager repo).
Status: M1 scaffold. Not functional. See milestones table in the design doc.
Layout
cmd/flock— CNI plugin binary (kubelet-invoked)cmd/flock-agent— DaemonSet binarypkg/api/v1alpha1—NodeConfigCRD typespkg/cni— CNI plugin internals + RPC clientpkg/agent— agent server, IPAM, state file, anycast, NetworkPolicypkg/embed—ip-algoIID embedding (pure)pkg/routing/{bird,ospf}— routing backendsdeploy/— CRDs, RBAC, DaemonSet manifests
License
Apache 2.0.