Started azure vnet and ipam as part of CNS and enabled outbound connectivity for containers by default

Author: tamilmani1989

cns/api.go

@@ -35,6 +35,7 @@ type OverlayConfiguration struct {
 type CreateNetworkRequest struct {
 	NetworkName          string
 	OverlayConfiguration OverlayConfiguration
+	Options              map[string]interface{}
 }
 
 // DeleteNetworkRequest describes request to delete the network.

cns/dockerclient/api.go

@@ -6,6 +6,8 @@ package dockerclient
 const (
 	createNetworkPath  = "/networks/create"
 	inspectNetworkPath = "/networks/"
+
+	OptDisableSnat = "DisableSNAT"
 )
 
 // Config describes subnet/gateway for ipam.
@@ -25,6 +27,7 @@ type NetworkConfiguration struct {
 	Driver   string
 	IPAM     IPAM
 	Internal bool
+	Options  map[string]interface{}
 }
 
 // DockerErrorResponse defines the error response retunred by docker.

cns/dockerclient/dockerclient.go

@@ -8,6 +8,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"net/http"
+	"os/exec"
 
 	"github.com/Azure/azure-container-networking/cns/imdsclient"
 	"github.com/Azure/azure-container-networking/log"
@@ -16,6 +17,8 @@ import (
 const (
 	defaultDockerConnectionURL = "http://127.0.0.1:2375"
 	defaultIpamPlugin          = "azure-vnet"
+	networkMode                = "com.microsoft.azure.network.mode"
+	bridgeMode                 = "bridge"
 )
 
 // DockerClient specifies a client to connect to docker.
@@ -24,6 +27,16 @@ type DockerClient struct {
 	imdsClient    *imdsclient.ImdsClient
 }
 
+func executeShellCommand(command string) error {
+	log.Debugf("[ebtables] %s", command)
+	cmd := exec.Command("sh", "-c", command)
+	err := cmd.Start()
+	if err != nil {
+		return err
+	}
+	return cmd.Wait()
+}
+
 // NewDockerClient create a new docker client.
 func NewDockerClient(url string) (*DockerClient, error) {
 	return &DockerClient{
@@ -68,9 +81,11 @@ func (dockerClient *DockerClient) NetworkExists(networkName string) error {
 }
 
 // CreateNetwork creates a network using docker network create.
-func (dockerClient *DockerClient) CreateNetwork(networkName string) error {
+func (dockerClient *DockerClient) CreateNetwork(networkName string, options map[string]interface{}) error {
 	log.Printf("[Azure CNS] CreateNetwork")
 
+	enableSnat := true
+
 	primaryNic, err := dockerClient.imdsClient.GetPrimaryInterfaceInfoFromHost()
 	if err != nil {
 		return err
@@ -94,6 +109,17 @@ func (dockerClient *DockerClient) CreateNetwork(networkName string) error {
 		Internal: true,
 	}
 
+	if options != nil {
+		if _, ok := options[OptDisableSnat]; ok {
+			enableSnat = false
+		}
+	}
+
+	if enableSnat {
+		netConfig.Options = make(map[string]interface{})
+		netConfig.Options[networkMode] = bridgeMode
+	}
+
 	log.Printf("[Azure CNS] Going to create network with config: %+v", netConfig)
 
 	netConfigJSON := new(bytes.Buffer)
@@ -123,6 +149,16 @@ func (dockerClient *DockerClient) CreateNetwork(networkName string) error {
 			res.StatusCode, createNetworkResponse.message, ermsg)
 	}
 
+	if enableSnat {
+		cmd := fmt.Sprintf("iptables -t nat -A POSTROUTING -m iprange ! --dst-range 168.63.129.16 -m addrtype ! --dst-type local ! -d %v -j MASQUERADE",
+			primaryNic.Subnet)
+		err = executeShellCommand(cmd)
+		if err != nil {
+			log.Printf("SNAT Iptable rule was not set")
+			return err
+		}
+	}
+
 	return nil
 }
 
@@ -143,6 +179,14 @@ func (dockerClient *DockerClient) DeleteNetwork(networkName string) error {
 
 	// network successfully deleted.
 	if res.StatusCode == 204 {
+		primaryNic, err := dockerClient.imdsClient.GetPrimaryInterfaceInfoFromHost()
+		if err != nil {
+			return err
+		}
+
+		cmd := fmt.Sprintf("iptables -t nat -D POSTROUTING -m iprange ! --dst-range 168.63.129.16 -m addrtype ! --dst-type local ! -d %v -j MASQUERADE",
+			primaryNic.Subnet)
+		executeShellCommand(cmd)
 		return nil
 	}
 

cns/restserver/restserver.go

@@ -5,11 +5,10 @@ package restserver
 
 import (
 	"fmt"
+	"net"
 	"net/http"
 	"time"
 
-	"net"
-
 	"github.com/Azure/azure-container-networking/cns"
 	"github.com/Azure/azure-container-networking/cns/common"
 	"github.com/Azure/azure-container-networking/cns/dockerclient"
@@ -187,7 +186,7 @@ func (service *httpRestService) createNetwork(w http.ResponseWriter, r *http.Req
 								log.Printf("[Azure CNS] Unable to get routing table from node, %+v.", err.Error())
 							}
 
-							err = dc.CreateNetwork(req.NetworkName)
+							err = dc.CreateNetwork(req.NetworkName, req.Options)
 							if err != nil {
 								returnMessage = fmt.Sprintf("[Azure CNS] Error. CreateNetwork failed %v.", err.Error())
 								returnCode = UnexpectedError

cns/service/main.go

@@ -9,6 +9,8 @@ import (
 	"os/signal"
 	"syscall"
 
+	"github.com/Azure/azure-container-networking/cnm/ipam"
+	"github.com/Azure/azure-container-networking/cnm/network"
 	"github.com/Azure/azure-container-networking/cns/common"
 	"github.com/Azure/azure-container-networking/cns/restserver"
 	acn "github.com/Azure/azure-container-networking/common"
@@ -19,14 +21,27 @@ import (
 
 const (
 	// Service name.
-	name = "azure-cns"
+	name       = "azure-cns"
+	pluginName = "azure-vnet"
 )
 
 // Version is populated by make during build.
 var version string
 
 // Command line arguments for CNM plugin.
 var args = acn.ArgumentList{
+	{
+		Name:         acn.OptEnvironment,
+		Shorthand:    acn.OptEnvironmentAlias,
+		Description:  "Set the operating environment",
+		Type:         "string",
+		DefaultValue: acn.OptEnvironmentAzure,
+		ValueMap: map[string]interface{}{
+			acn.OptEnvironmentAzure: 0,
+			acn.OptEnvironmentMAS:   0,
+		},
+	},
+
 	{
 		Name:         acn.OptAPIServerURL,
 		Shorthand:    acn.OptAPIServerURLAlias,
@@ -57,6 +72,13 @@ var args = acn.ArgumentList{
 			acn.OptLogTargetFile:   log.TargetLogfile,
 		},
 	},
+	{
+		Name:         acn.OptIpamQueryInterval,
+		Shorthand:    acn.OptIpamQueryIntervalAlias,
+		Description:  "Set the IPAM plugin query interval",
+		Type:         "int",
+		DefaultValue: "",
+	},
 	{
 		Name:         acn.OptVersion,
 		Shorthand:    acn.OptVersionAlias,
@@ -77,9 +99,11 @@ func main() {
 	// Initialize and parse command line arguments.
 	acn.ParseArgs(&args, printVersion)
 
+	environment := acn.GetArg(acn.OptEnvironment).(string)
 	url := acn.GetArg(acn.OptAPIServerURL).(string)
 	logLevel := acn.GetArg(acn.OptLogLevel).(int)
 	logTarget := acn.GetArg(acn.OptLogTarget).(int)
+	ipamQueryInterval, _ := acn.GetArg(acn.OptIpamQueryInterval).(int)
 	vers := acn.GetArg(acn.OptVersion).(bool)
 
 	if vers {
@@ -110,6 +134,33 @@ func main() {
 		return
 	}
 
+	var pluginConfig acn.PluginConfig
+	pluginConfig.Version = version
+
+	// Create a channel to receive unhandled errors from the plugins.
+	pluginConfig.ErrChan = make(chan error, 1)
+
+	// Create network plugin.
+	netPlugin, err := network.NewPlugin(&pluginConfig)
+	if err != nil {
+		fmt.Printf("Failed to create network plugin, err:%v.\n", err)
+		return
+	}
+
+	// Create IPAM plugin.
+	ipamPlugin, err := ipam.NewPlugin(&pluginConfig)
+	if err != nil {
+		fmt.Printf("Failed to create IPAM plugin, err:%v.\n", err)
+		return
+	}
+
+	// Create the key value store.
+	pluginConfig.Store, err = store.NewJsonFileStore(platform.RuntimePath + pluginName + ".json")
+	if err != nil {
+		fmt.Printf("Failed to create store: %v\n", err)
+		return
+	}
+
 	// Create logging provider.
 	log.SetName(name)
 	log.SetLevel(logLevel)
@@ -134,6 +185,30 @@ func main() {
 		}
 	}
 
+	// Set plugin options.
+	netPlugin.SetOption(acn.OptAPIServerURL, url)
+
+	ipamPlugin.SetOption(acn.OptEnvironment, environment)
+	ipamPlugin.SetOption(acn.OptAPIServerURL, url)
+	ipamPlugin.SetOption(acn.OptIpamQueryInterval, ipamQueryInterval)
+
+	if netPlugin != nil {
+		log.Printf("Start netplugin\n")
+		err = netPlugin.Start(&pluginConfig)
+		if err != nil {
+			fmt.Printf("Failed to start network plugin, err:%v.\n", err)
+			return
+		}
+	}
+
+	if ipamPlugin != nil {
+		err = ipamPlugin.Start(&pluginConfig)
+		if err != nil {
+			fmt.Printf("Failed to start IPAM plugin, err:%v.\n", err)
+			return
+		}
+	}
+
 	// Relay these incoming signals to OS signal channel.
 	osSignalChannel := make(chan os.Signal, 1)
 	signal.Notify(osSignalChannel, os.Interrupt, os.Kill, syscall.SIGTERM)
@@ -150,4 +225,12 @@ func main() {
 	if httpRestService != nil {
 		httpRestService.Stop()
 	}
+
+	if netPlugin != nil {
+		netPlugin.Stop()
+	}
+
+	if ipamPlugin != nil {
+		ipamPlugin.Stop()
+	}
 }