nsplugin

README

Linux namespace plugin

Auxiliary plugin used mainly by other plugins to handle namespaces and microservices.

Namespaces

Agent has full support for Linux network namespaces. It is possible to attach Linux interface/ARP/route into a new, existing or even yet-to-be-created network namespace via the Namespace configuration section inside data model.

Namespace can be referenced in multiple ways. The most low-level link to a namespace is a file descriptor associated with the symbolic link automatically created in the proc filesystem, pointing to the definition of the namespace used by a given process (/proc/<PID>/ns/net) or by a task of a given process (/proc/<PID>/task/<TID>/ns/net). A more common approach to reference namespace is to use just the PID of the process whose namespace we want to attach to, or to create a bind-mount of the symbolic link into /var/run/netns directory and use the filename of that mount. The latter is called named namespace and it is created and managed for example by the ip netns command line tool from the iproute2 package. The advantage of named namespace is that it can outlive the process it was originally created by.

namespace configuration section should be seen as a union of values. First, set the type and then store the reference into the appropriate field (pid vs. name vs microservice). Agent supports both PID-based references as well as named namespaces.

Microservices

Additionally, we provide a non-standard namespace reference, denoted as MICROSERVICE_REF_NS, which is specific to ecosystems with microservices. It is possible to attach interface/ARP/route into the namespace of a container that runs microservice with a given label. To make it even simpler, it is not required to start the microservice before the configured item is pushed. The agent will postpone interface (re)configuration until the referenced microservice gets launched. Behind the scenes, the agent communicates with the docker daemon to construct and maintain an up-to-date map of microservice labels to PIDs and IDs of their corresponding containers. Whenever a new microservice is detected, all pending interfaces are moved to its namespace.

Documentation

Index

• Variables
• type API
• type Config
• type Deps
• type NsPlugin
  • func NewPlugin(opts ...Option) *NsPlugin
  • func (p *NsPlugin) Close() error
  • func (p *NsPlugin) GetNamespaceHandle(ctx nsLinuxcalls.NamespaceMgmtCtx, namespace *nsmodel.NetNamespace) (handle netns.NsHandle, err error)
  • func (p *NsPlugin) Init() error
  • func (p *NsPlugin) SwitchToNamespace(ctx nsLinuxcalls.NamespaceMgmtCtx, ns *nsmodel.NetNamespace) (revert func(), err error)
• type Option
  • func UseDeps(f func(*Deps)) Option

Variables

var DefaultPlugin = *NewPlugin()

DefaultPlugin is a default instance of IfPlugin.

Types

type API

type API interface {
	// SwitchToNamespace switches the network namespace of the current thread.
	// Caller should eventually call the returned "revert" function in order to get back to the original
	// network namespace (for example using "defer revert()").
	SwitchToNamespace(ctx linuxcalls.NamespaceMgmtCtx, ns *linux_namespace.NetNamespace) (revert func(), err error)

	// GetNamespaceHandle returns low-level run-time handle for the given namespace
	// to be used with Netlink API. Do not forget to eventually close the handle using
	// the netns.NsHandle.Close() method.
	GetNamespaceHandle(ctx linuxcalls.NamespaceMgmtCtx, ns *linux_namespace.NetNamespace) (handle netns.NsHandle, err error)
}

API defines methods exposed by NsPlugin.

type Config

type Config struct {
	Disabled bool `json:"disabled"`
}

Config holds the nsplugin configuration.

type Deps

type Deps struct {
	infra.PluginDeps
	KVScheduler kvs.KVScheduler
}

Deps lists dependencies of the NsPlugin.

type NsPlugin

type NsPlugin struct {
	Deps
	// contains filtered or unexported fields
}

NsPlugin is a plugin to handle namespaces and microservices for other linux plugins (ifplugin, l3plugin ...). It does not follow the standard concept of CRUD, but provides a set of methods other plugins can use to manage namespaces.

func NewPlugin

func NewPlugin(opts ...Option) *NsPlugin

NewPlugin creates a new Plugin with the provides Options

func (*NsPlugin) Close

func (p *NsPlugin) Close() error

Close stops microservice tracker

func (*NsPlugin) GetNamespaceHandle

func (p *NsPlugin) GetNamespaceHandle(ctx nsLinuxcalls.NamespaceMgmtCtx, namespace *nsmodel.NetNamespace) (handle netns.NsHandle, err error)

GetNamespaceHandle returns low-level run-time handle for the given namespace to be used with Netlink API. Do not forget to eventually close the handle using the netns.NsHandle.Close() method.

func (*NsPlugin) Init

func (p *NsPlugin) Init() error

Init namespace handler caches and create config namespace

func (*NsPlugin) SwitchToNamespace

func (p *NsPlugin) SwitchToNamespace(ctx nsLinuxcalls.NamespaceMgmtCtx, ns *nsmodel.NetNamespace) (revert func(), err error)

SwitchToNamespace switches the network namespace of the current thread. Caller should eventually call the returned "revert" function in order to get back to the original network namespace (for example using "defer revert()").

type Option

type Option func(*NsPlugin)

Option is a function that can be used in NewPlugin to customize Plugin.

func UseDeps

func UseDeps(f func(*Deps)) Option

UseDeps returns Option that can inject custom dependencies.