Teach cri about podCIDR

pkg/kubelet/container/runtime.go

@@ -118,6 +118,10 @@ type Runtime interface {
 	ContainerAttacher
 	// ImageService provides methods to image-related methods.
 	ImageService
+	// UpdatePodCIDR sends a new podCIDR to the runtime.
+	// This method just proxies a new runtimeConfig with the updated
+	// CIDR value down to the runtime shim.
+	UpdatePodCIDR(podCIDR string) error
 }
 
 type ImageService interface {

pkg/kubelet/dockershim/docker_service.go

@@ -169,6 +169,16 @@ func (ds *dockerService) Version(_ string) (*runtimeApi.VersionResponse, error)
 	}, nil
 }
 
-func (ds *dockerService) UpdateRuntimeConfig(runtimeConfig *runtimeApi.RuntimeConfig) error {
+// UpdateRuntimeConfig updates the runtime config. Currently only handles podCIDR updates.
-	return nil
+func (ds *dockerService) UpdateRuntimeConfig(runtimeConfig *runtimeApi.RuntimeConfig) (err error) {
+	if runtimeConfig == nil {
+		return
+	}
+	glog.Infof("docker cri received runtime config %+v", runtimeConfig)
+	if ds.networkPlugin != nil && runtimeConfig.NetworkConfig.PodCidr != nil {
+		event := make(map[string]interface{})
+		event[network.NET_PLUGIN_EVENT_POD_CIDR_CHANGE_DETAIL_CIDR] = *runtimeConfig.NetworkConfig.PodCidr
+		ds.networkPlugin.Event(network.NET_PLUGIN_EVENT_POD_CIDR_CHANGE, event)
+	}
+	return
 }

pkg/kubelet/dockertools/docker_manager.go

@@ -1318,6 +1318,12 @@ func (dm *DockerManager) PortForward(pod *kubecontainer.Pod, port uint16, stream
 	return PortForward(dm.client, podInfraContainer.ID.ID, port, stream)
 }
 
+// UpdatePodCIDR updates the podCIDR for the runtime.
+// Currently no-ops, just implemented to satisfy the cri.
+func (dm *DockerManager) UpdatePodCIDR(podCIDR string) error {
+	return nil
+}
+
 // Temporarily export this function to share with dockershim.
 func PortForward(client DockerInterface, podInfraContainerID string, port uint16, stream io.ReadWriteCloser) error {
 	container, err := client.InspectContainer(podInfraContainerID)

pkg/kubelet/kubelet_network.go

@@ -216,11 +216,17 @@ func (kl *Kubelet) updatePodCIDR(cidr string) {
 	glog.Infof("Setting Pod CIDR: %v -> %v", podCIDR, cidr)
 	kl.runtimeState.setPodCIDR(cidr)
 
+	// kubelet -> network plugin
 	if kl.networkPlugin != nil {
 		details := make(map[string]interface{})
 		details[network.NET_PLUGIN_EVENT_POD_CIDR_CHANGE_DETAIL_CIDR] = cidr
 		kl.networkPlugin.Event(network.NET_PLUGIN_EVENT_POD_CIDR_CHANGE, details)
 	}
+
+	// kubelet -> generic runtime -> runtime shim -> network plugin
+	if err := kl.GetRuntime().UpdatePodCIDR(cidr); err != nil {
+		glog.Errorf("Failed to update pod CIDR: %v", err)
+	}
 }
 
 // shapingEnabled returns whether traffic shaping is enabled.

pkg/kubelet/kuberuntime/kuberuntime_manager.go

@@ -1006,3 +1006,17 @@ func (m *kubeGenericRuntimeManager) PortForward(pod *kubecontainer.Pod, port uin
 
 	return fmt.Errorf("not implemented")
 }
+
+// UpdatePodCIDR is just a passthrough method to update the runtimeConfig of the shim
+// with the podCIDR supplied by the kubelet.
+func (m *kubeGenericRuntimeManager) UpdatePodCIDR(podCIDR string) error {
+	// TODO(#35531): do we really want to write a method on this manager for each
+	// field of the config?
+	glog.Infof("updating runtime config through cri with podcidr %v", podCIDR)
+	return m.runtimeService.UpdateRuntimeConfig(
+		&runtimeApi.RuntimeConfig{
+			NetworkConfig: &runtimeApi.NetworkConfig{
+				PodCidr: &podCIDR,
+			},
+		})
+}

pkg/kubelet/remote/remote_runtime.go

@@ -319,6 +319,23 @@ func (r *RemoteRuntimeService) PortForward(req *runtimeApi.PortForwardRequest) (
 	return resp, nil
 }
 
+// UpdateRuntimeConfig updates the config of a runtime service. The only
+// update payload currently supported is the pod CIDR assigned to a node,
+// and the runtime service just proxies it down to the network plugin.
 func (r *RemoteRuntimeService) UpdateRuntimeConfig(runtimeConfig *runtimeApi.RuntimeConfig) error {
+	ctx, cancel := getContextWithTimeout(r.timeout)
+	defer cancel()
+
+	// Response doesn't contain anything of interest. This translates to an
+	// Event notification to the network plugin, which can't fail, so we're
+	// really looking to surface destination unreachable.
+	_, err := r.runtimeClient.UpdateRuntimeConfig(ctx, &runtimeApi.UpdateRuntimeConfigRequest{
+		RuntimeConfig: runtimeConfig,
+	})
+
+	if err != nil {
+		return err
+	}
+
 	return nil
 }

pkg/kubelet/rkt/rkt.go

@@ -2179,6 +2179,12 @@ func (r *Runtime) PortForward(pod *kubecontainer.Pod, port uint16, stream io.Rea
 	return command.Run()
 }
 
+// UpdatePodCIDR updates the runtimeconfig with the podCIDR.
+// Currently no-ops, just implemented to satisfy the cri.
+func (r *Runtime) UpdatePodCIDR(podCIDR string) error {
+	return nil
+}
+
 // appStateToContainerState converts rktapi.AppState to kubecontainer.ContainerState.
 func appStateToContainerState(state rktapi.AppState) kubecontainer.ContainerState {
 	switch state {