mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-08-09 11:58:16 +00:00
virtcontainers: plumb iptable set/get from sandbox to agent
Introduce get/set iptable handling. We add a sandbox API for getting and setting the IPTables within the guest. This routes it from sandbox interface, through kata-agent, ultimately making requests to the guest agent. Signed-off-by: Eric Ernst <eric_ernst@apple.com>
This commit is contained in:
Eric Ernst
parent
bd50d463b2
commit
0136be22ca
@ -190,9 +190,15 @@ type agent interface {
|
|||||||
// getAgentMetrics get metrics of agent and guest through agent
|
// getAgentMetrics get metrics of agent and guest through agent
|
||||||
getAgentMetrics(context.Context, *grpc.GetMetricsRequest) (*grpc.Metrics, error)
|
getAgentMetrics(context.Context, *grpc.GetMetricsRequest) (*grpc.Metrics, error)
|
||||||
|
|
||||||
//getGuestVolumeStats get the filesystem stats of a volume specified by the volume mount path on the guest.
|
// getGuestVolumeStats get the filesystem stats of a volume specified by the volume mount path on the guest.
|
||||||
getGuestVolumeStats(ctx context.Context, volumeGuestPath string) ([]byte, error)
|
getGuestVolumeStats(ctx context.Context, volumeGuestPath string) ([]byte, error)
|
||||||
|
|
||||||
// resizeGuestVolume resizes a volume specified by the volume mount path on the guest.
|
// resizeGuestVolume resizes a volume specified by the volume mount path on the guest.
|
||||||
resizeGuestVolume(ctx context.Context, volumeGuestPath string, size uint64) error
|
resizeGuestVolume(ctx context.Context, volumeGuestPath string, size uint64) error
|
||||||
|
|
||||||
|
// getIPTables obtains the iptables from the guest
|
||||||
|
getIPTables(ctx context.Context, isIPv6 bool) ([]byte, error)
|
||||||
|
|
||||||
|
// setIPTables sets the iptables from the guest
|
||||||
|
setIPTables(ctx context.Context, isIPv6 bool, data []byte) error
|
||||||
}
|
}
|
||||||
|
|||||||
@ -79,6 +79,9 @@ type VCSandbox interface {
|
|||||||
|
|
||||||
GuestVolumeStats(ctx context.Context, volumePath string) ([]byte, error)
|
GuestVolumeStats(ctx context.Context, volumePath string) ([]byte, error)
|
||||||
ResizeGuestVolume(ctx context.Context, volumePath string, size uint64) error
|
ResizeGuestVolume(ctx context.Context, volumePath string, size uint64) error
|
||||||
|
|
||||||
|
GetIPTables(ctx context.Context, isIPv6 bool) ([]byte, error)
|
||||||
|
SetIPTables(ctx context.Context, isIPv6 bool, data []byte) error
|
||||||
}
|
}
|
||||||
|
|
||||||
// VCContainer is the Container interface
|
// VCContainer is the Container interface
|
||||||
|
|||||||
@ -141,6 +141,8 @@ const (
|
|||||||
grpcAddSwapRequest = "grpc.AddSwapRequest"
|
grpcAddSwapRequest = "grpc.AddSwapRequest"
|
||||||
grpcVolumeStatsRequest = "grpc.VolumeStatsRequest"
|
grpcVolumeStatsRequest = "grpc.VolumeStatsRequest"
|
||||||
grpcResizeVolumeRequest = "grpc.ResizeVolumeRequest"
|
grpcResizeVolumeRequest = "grpc.ResizeVolumeRequest"
|
||||||
|
grpcGetIPTablesRequest = "grpc.GetIPTablesRequest"
|
||||||
|
grpcSetIPTablesRequest = "grpc.SetIPTablesRequest"
|
||||||
)
|
)
|
||||||
|
|
||||||
// newKataAgent returns an agent from an agent type.
|
// newKataAgent returns an agent from an agent type.
|
||||||
@ -1976,6 +1978,12 @@ func (k *kataAgent) installReqFunc(c *kataclient.AgentClient) {
|
|||||||
k.reqHandlers[grpcResizeVolumeRequest] = func(ctx context.Context, req interface{}) (interface{}, error) {
|
k.reqHandlers[grpcResizeVolumeRequest] = func(ctx context.Context, req interface{}) (interface{}, error) {
|
||||||
return k.client.AgentServiceClient.ResizeVolume(ctx, req.(*grpc.ResizeVolumeRequest))
|
return k.client.AgentServiceClient.ResizeVolume(ctx, req.(*grpc.ResizeVolumeRequest))
|
||||||
}
|
}
|
||||||
|
k.reqHandlers[grpcGetIPTablesRequest] = func(ctx context.Context, req interface{}) (interface{}, error) {
|
||||||
|
return k.client.AgentServiceClient.GetIPTables(ctx, req.(*grpc.GetIPTablesRequest))
|
||||||
|
}
|
||||||
|
k.reqHandlers[grpcSetIPTablesRequest] = func(ctx context.Context, req interface{}) (interface{}, error) {
|
||||||
|
return k.client.AgentServiceClient.SetIPTables(ctx, req.(*grpc.SetIPTablesRequest))
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (k *kataAgent) getReqContext(ctx context.Context, reqName string) (newCtx context.Context, cancel context.CancelFunc) {
|
func (k *kataAgent) getReqContext(ctx context.Context, reqName string) (newCtx context.Context, cancel context.CancelFunc) {
|
||||||
@ -2194,6 +2202,26 @@ func (k *kataAgent) getAgentMetrics(ctx context.Context, req *grpc.GetMetricsReq
|
|||||||
return resp.(*grpc.Metrics), nil
|
return resp.(*grpc.Metrics), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (k *kataAgent) getIPTables(ctx context.Context, isIPv6 bool) ([]byte, error) {
|
||||||
|
resp, err := k.sendReq(ctx, &grpc.GetIPTablesRequest{IsIpv6: isIPv6})
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return resp.(*grpc.GetIPTablesResponse).Data, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (k *kataAgent) setIPTables(ctx context.Context, isIPv6 bool, data []byte) error {
|
||||||
|
_, err := k.sendReq(ctx, &grpc.SetIPTablesRequest{
|
||||||
|
IsIpv6: isIPv6,
|
||||||
|
Data: data,
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
k.Logger().WithError(err).Errorf("setIPTables request to agent failed")
|
||||||
|
}
|
||||||
|
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
func (k *kataAgent) getGuestVolumeStats(ctx context.Context, volumeGuestPath string) ([]byte, error) {
|
func (k *kataAgent) getGuestVolumeStats(ctx context.Context, volumeGuestPath string) ([]byte, error) {
|
||||||
result, err := k.sendReq(ctx, &grpc.VolumeStatsRequest{VolumeGuestPath: volumeGuestPath})
|
result, err := k.sendReq(ctx, &grpc.VolumeStatsRequest{VolumeGuestPath: volumeGuestPath})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
@ -249,3 +249,11 @@ func (n *mockAgent) getGuestVolumeStats(ctx context.Context, volumeGuestPath str
|
|||||||
func (n *mockAgent) resizeGuestVolume(ctx context.Context, volumeGuestPath string, size uint64) error {
|
func (n *mockAgent) resizeGuestVolume(ctx context.Context, volumeGuestPath string, size uint64) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (k *mockAgent) getIPTables(ctx context.Context, isIPv6 bool) ([]byte, error) {
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (k *mockAgent) setIPTables(ctx context.Context, isIPv6 bool, data []byte) error {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|||||||
@ -12,12 +12,13 @@ import (
|
|||||||
"net/url"
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
|
|
||||||
|
"path"
|
||||||
|
"strings"
|
||||||
|
|
||||||
"github.com/containerd/ttrpc"
|
"github.com/containerd/ttrpc"
|
||||||
gpb "github.com/gogo/protobuf/types"
|
gpb "github.com/gogo/protobuf/types"
|
||||||
aTypes "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols"
|
aTypes "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols"
|
||||||
pb "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols/grpc"
|
pb "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols/grpc"
|
||||||
"path"
|
|
||||||
"strings"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
const VSockPrefix = "mock://"
|
const VSockPrefix = "mock://"
|
||||||
@ -239,3 +240,11 @@ func (p *HybridVSockTTRPCMockImp) GetVolumeStats(ctx context.Context, req *pb.Vo
|
|||||||
func (p *HybridVSockTTRPCMockImp) ResizeVolume(ctx context.Context, req *pb.ResizeVolumeRequest) (*gpb.Empty, error) {
|
func (p *HybridVSockTTRPCMockImp) ResizeVolume(ctx context.Context, req *pb.ResizeVolumeRequest) (*gpb.Empty, error) {
|
||||||
return &gpb.Empty{}, nil
|
return &gpb.Empty{}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (p *HybridVSockTTRPCMockImp) GetIPTables(ctx context.Context, req *pb.GetIPTablesRequest) (*pb.GetIPTablesResponse, error) {
|
||||||
|
return &pb.GetIPTablesResponse{}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *HybridVSockTTRPCMockImp) SetIPTables(ctx context.Context, req *pb.SetIPTablesRequest) (*pb.SetIPTablesResponse, error) {
|
||||||
|
return &pb.SetIPTablesResponse{}, nil
|
||||||
|
}
|
||||||
|
|||||||
@ -261,3 +261,11 @@ func (s *Sandbox) GuestVolumeStats(ctx context.Context, path string) ([]byte, er
|
|||||||
func (s *Sandbox) ResizeGuestVolume(ctx context.Context, path string, size uint64) error {
|
func (s *Sandbox) ResizeGuestVolume(ctx context.Context, path string, size uint64) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (s *Sandbox) GetIPTables(ctx context.Context, isIPv6 bool) ([]byte, error) {
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *Sandbox) SetIPTables(ctx context.Context, isIPv6 bool, data []byte) error {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|||||||
@ -2254,6 +2254,16 @@ func (s *Sandbox) GetAgentURL() (string, error) {
|
|||||||
return s.agent.getAgentURL()
|
return s.agent.getAgentURL()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// GetIPTables will obtain the iptables from the guest
|
||||||
|
func (s *Sandbox) GetIPTables(ctx context.Context, isIPv6 bool) ([]byte, error) {
|
||||||
|
return s.agent.getIPTables(ctx, isIPv6)
|
||||||
|
}
|
||||||
|
|
||||||
|
// SetIPTables will set the iptables in the guest
|
||||||
|
func (s *Sandbox) SetIPTables(ctx context.Context, isIPv6 bool, data []byte) error {
|
||||||
|
return s.agent.setIPTables(ctx, isIPv6, data)
|
||||||
|
}
|
||||||
|
|
||||||
// GuestVolumeStats return the filesystem stat of a given volume in the guest.
|
// GuestVolumeStats return the filesystem stat of a given volume in the guest.
|
||||||
func (s *Sandbox) GuestVolumeStats(ctx context.Context, volumePath string) ([]byte, error) {
|
func (s *Sandbox) GuestVolumeStats(ctx context.Context, volumePath string) ([]byte, error) {
|
||||||
guestMountPath, err := s.guestMountPath(volumePath)
|
guestMountPath, err := s.guestMountPath(volumePath)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user