Support delegating to Windows CNI from Flannel CNI #76
Conversation
Support delegating to Windows CNI - use a separate WindowsDelegate field as the format of Windows properties is different from the schema supported by Linux under the delegate field. This will users to configure both Linux and Windows together and also to use Windows specific configuration for Windows clusters.
There was a problem hiding this comment.
Thanks for getting this work kicked off. I left a few comments on the code itself.
I'd also like to see this new WindowsDelegate field described in the README. In particular, please include an explanation of why the schema needs to be different from that for Linux.
plugins/meta/flannel/flannel.go
Outdated
| func cmdAddWindows(containerID string, n *NetConf, fenv *subnetEnv) error { | ||
| if n.WindowsDelegate == nil { | ||
| n.WindowsDelegate = make(map[string]interface{}) | ||
| } else { |
There was a problem hiding this comment.
these checks appear identical to those in the other cmdAdd function, with only a difference in the error string. Could you extract a function with the common code?
There was a problem hiding this comment.
Since I'm removing the "WindowsDelegate" attribute, I'll just move the call to cmdAddWindows down after the checks and remove the dups.
plugins/meta/flannel/flannel.go
Outdated
|
|
||
| updateOutboundNat(&n.WindowsDelegate, fenv) | ||
|
|
||
| n.WindowsDelegate["cniVersion"] = "0.2.0" |
There was a problem hiding this comment.
Why not n.CNIVersion or version.Current()?
plugins/meta/flannel/flannel.go
Outdated
| n.WindowsDelegate["type"] = "wincni.exe" | ||
| } | ||
|
|
||
| updateOutboundNat(&n.WindowsDelegate, fenv) |
There was a problem hiding this comment.
In Go, a map is already a reference type, there's rarely a reason to pass around a pointer to a map.
plugins/meta/flannel/flannel.go
Outdated
| // TODO: rakesh: file a bug somewhere to remove this when HNS the HNS limitation is fixed | ||
| nid := ipn.IP.Mask(ipn.Mask) | ||
| i := ipToInt(nid) | ||
| return intToIP(i.Add(i, big.NewInt(2))) |
There was a problem hiding this comment.
why not just
nid[len(nid)-1] += 2
return nidand skip the big.Int conversions?
| import ( | ||
| "testing" | ||
| "net" | ||
| "github.com/stretchr/testify/assert" |
There was a problem hiding this comment.
Almost all of CNI, including the other tests of the flannel package, are using Ginkgo. Is there a reason that won't work here?
There was a problem hiding this comment.
Moved to tests to ginkgo.
plugins/meta/flannel/flannel.go
Outdated
| return | ||
| } | ||
|
|
||
| nets := pv["ExceptionList"].([]interface{}) |
There was a problem hiding this comment.
Tabs are a scarce resource 😄
I would suggest that the if branch be the negative case, in order to reduce indenting and improve readability. You can also replace the single-case switch statement with a simple if. For example:
pt := policy.(map[string]interface{})
if !hasKey(pt, "Value") {
continue
}
pv, ok := pt["Value"].(map[string]interface{})
if !ok || !hasKey(pv, "Type") {
continue
}
if !strings.EqualFold(pv["Type"].(string), "OutBoundNAT") {
continue
}
// now to the real suff
if !hasKey(pv, "ExceptionList") { ...There was a problem hiding this comment.
They are scarce indeed - have made the changes and saved them for future generations :-)
| exceptionList := value["ExceptionList"].([]interface{}) | ||
| assert.Equal(t, nw.String(), exceptionList[0].(string)) | ||
| assert.Equal(t, nw2.String(), exceptionList[1].(string)) | ||
| } |
There was a problem hiding this comment.
Can we get a real integration test of the Windows behavior? In other words, a test case that calls cmdAddWindows directly or indirectly?
The other flannel test cases aren't great -- they don't have particularly strong assertions. But they do integrate the full program. I'd like to see that level of test coverage for the Windows features.
|
@rosenhouse Thanks much for taking a look. Your comments are very reasonable, a bunch have to do with my go-naivety that I will fix. One worth discussing a bit is the "windowsDelegate". In general the "delegate" field seems to have the schema of the delegate CNI - so a new attribute is not required if we assume a single CNI type works for all nodes. This assumption is invalid if we assume a mixed cluster that has Windows and Linux nodes. In this case we need one type of delegate for the Linux nodes and a different delegate for Windows nodes. A mixed cluster is desirable since it is quite likely you want to run a few Linux containers alongside the Windows containers e.g. nginx for ingress. A more generalized solution would allow 1..n delegates and some mechanism to select on some basis (not just os) - possibly based on node tags. Another option is to have an additional windows specific section in the flannel config map YAML and provision windows nodes based on that? To avoid premature over-design, I decided to start with a simple separate attribute that allowed me to clearly differentiate Windows and Linux. What do you think? |
|
I'm not sure I like The one thing this enables is deploying the same CNI configuration file to Windows vs. Linux hosts. I'm not entirely convinced of the advantage to adding this complexity. It seems natural that different OSs have different configurations. The presence of the windows-specific additional NAT arguments seems to support this. |
|
I agree with @squeed. At this point, with recommendations like The single-host runtime certainly knows which OS it is running on, and so could decide which OS-specific config to pass to the plugin. I believe the same goes for an orchestrator utilizing a mixture of Linux and Windows hosts -- it likely is aware of OS-based placement constraints. Although the single-host vs multi-host distinction is outside the scope of CNI. |
|
That's not to say that I disagree with most of this PR. The windows-specific code changes for generating a delegate config seem more-or-less fine. It's just the separate config key. |
|
Makes sense. I agree different OSes can have different configurations.
There is probably more downside than upside to a single mega configuration
that spans the variations. I'll update the PR.
…On Thu, Oct 5, 2017 at 8:13 AM, Casey Callendrello ***@***.*** > wrote:
That's not to say that I disagree with most of this PR. The
windows-specific code changes for generating a delegate config seem
more-or-less fine. It's just the separate config key.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#76 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ADQphSJvVR_ju2xRMpD3tdlqYoUkadqDks5spPIvgaJpZM4PtG8d>
.
--
Rakesh Kelkar
|
Resolves PR review comments by: removing the WindowsDelegate attribute, fix coditions to avoid tabs remove duplicate checks remove redundant map pointer remove redundant ip fns
plugins/meta/flannel/flannel.go
Outdated
| @@ -202,6 +204,10 @@ func cmdAdd(args *skel.CmdArgs) error { | |||
| } | |||
| } | |||
|
|
|||
| if runtime.GOOS == "windows" { | |||
There was a problem hiding this comment.
Suggestion: both of these functions generate some kind of transformed configuration. So, can you structure the function something like:
func cmdAdd() {
// preamble
switch runtime.GOOS {
case `"windows":`
buildWindowsDelegate()
case "linux":
buildLinuxDelegate()
default:
return err..
}
return delegateAdd()
}
This would be easier to test on the Linux side too.
There was a problem hiding this comment.
Yup - I made precisely this change to address the test comment :) will commit after adding a test
plugins/meta/flannel/flannel.go
Outdated
|
|
||
| updateOutboundNat(n.Delegate, fenv) | ||
|
|
||
| n.Delegate["cniVersion"] = "0.2.0" |
There was a problem hiding this comment.
If possible, can you use 0.3.1? It supports a more advanced return type.
There was a problem hiding this comment.
Updated to use existing (linux) logic:
n.Delegate["cniVersion"] = n.CNIVersion
Flannel: Add support for Windows Overlay (vxlan) mode Windows Overlay mode requires the network to be set to the cluster CIDR. So for overlay setup host-local as IPAM with the pod CIDR as the ip range
|
CI failure appears to be a flake. |
|
@rosenhouse Have added a section to the flannel CNI README to describe Windows support. Per your contributing guide 3rd party plugins should go into their own repo... so going to work with the folks that own WINCNI to find a home for it somewhere nice and warm. |
Support delegating to Windows CNI for Flannel host-gw and vxlan modes.
This PR is related to the change proposed to Flannel to support Windows:
flannel-io/flannel#832