ipam
host-local
以入?yún)槔?/p>
{
"name": "networks",
"cniVersion": "0.4.0",
"ipam": {
"type": "host-local",
"subnet": "10.250.7.0/24",
"dataDir": "/var/lib/cni/",
"routes": [
{ "dst": "0.0.0.0/0" }
]
}
}
看看這個ipam插件是怎么挑選容器IP的
解析參數(shù)
入?yún)⒅?code>ipam部分參數(shù)對應(yīng)的host-local插件會解析處理的,這里重點看下網(wǎng)段這部分的解析邏輯
func (r *Range) Canonicalize() error {
if err := canonicalizeIP(&r.Subnet.IP); err != nil {
return err
}
// Ensure Subnet IP is the network address, not some other address
networkIP := r.Subnet.IP.Mask(r.Subnet.Mask)
if !r.Subnet.IP.Equal(networkIP) {
return fmt.Errorf("Network has host bits set. For a subnet mask of length %d the network address is %s", ones, networkIP.String())
}
// If the gateway is nil, claim .1
if r.Gateway == nil {
r.Gateway = ip.NextIP(r.Subnet.IP)
} else {
if err := canonicalizeIP(&r.Gateway); err != nil {
return err
}
}
// RangeStart: If specified, make sure it's sane (inside the subnet),
// otherwise use the first free IP (i.e. .1) - this will conflict with the
// gateway but we skip it in the iterator
if r.RangeStart != nil {
if err := canonicalizeIP(&r.RangeStart); err != nil {
return err
}
if !r.Contains(r.RangeStart) {
return fmt.Errorf("RangeStart %s not in network %s", r.RangeStart.String(), (*net.IPNet)(&r.Subnet).String())
}
} else {
r.RangeStart = ip.NextIP(r.Subnet.IP)
}
// RangeEnd: If specified, verify sanity. Otherwise, add a sensible default
// (e.g. for a /24: .254 if IPv4, ::255 if IPv6)
if r.RangeEnd != nil {
if err := canonicalizeIP(&r.RangeEnd); err != nil {
return err
}
if !r.Contains(r.RangeEnd) {
return fmt.Errorf("RangeEnd %s not in network %s", r.RangeEnd.String(), (*net.IPNet)(&r.Subnet).String())
}
} else {
r.RangeEnd = lastIP(r.Subnet)
}
return nil
}
對于網(wǎng)段10.250.7.0/24
首先會解析出子網(wǎng)掩碼信息
255.255.255.0然后取網(wǎng)段內(nèi)的第一個IP作為網(wǎng)關(guān),即
10.250.7.1同樣取網(wǎng)段內(nèi)的第一個IP作為分配IP的起始IP地址鸯绿,即
10.250.7.1,這里起始IP雖然和網(wǎng)關(guān)一樣幔烛,但是后面分配IP的時候會判斷如果和網(wǎng)關(guān)一樣的話就跳過取網(wǎng)段內(nèi)的最后一個IP作為分配IP的結(jié)尾IP地址饿悬,即
10.250.7.254狡恬,忽略廣播地址255
分配IP
func (a *IPAllocator) Get(id string, ifname string, requestedIP net.IP) (*current.IPConfig, error) {
else {
iter, err := a.GetIter()
for {
reservedIP, gw = iter.Next()
if reservedIP == nil {
break
}
reserved, err := a.store.Reserve(id, ifname, reservedIP.IP, a.rangeID)
if err != nil {
return nil, err
}
if reserved {
break
}
}
}
}
這里會初始化一個迭代器蝎宇,初始下標(biāo)是0,起始IP就是上面解析出來的起始IP兔乞,即10.250.7.1庸追,迭代內(nèi)容就是網(wǎng)段10.250.7.0/24
iter := RangeIter{
rangeset: a.rangeset,
rangeIdx: 0
startIP: (*a.rangeset)[0].RangeStart
}
迭代過程就是從起始IP開始台囱,如果起始IP和網(wǎng)關(guān)相同簿训,就跳過這個起始IP强品,將IP+1獲取下一個IP,直到結(jié)尾IP
func (i *RangeIter) Next() (*net.IPNet, net.IP) {
r := (*i.rangeset)[i.rangeIdx]
// If this is the first time iterating and we're not starting in the middle
// of the range, then start at rangeStart, which is inclusive
if i.cur == nil {
i.cur = r.RangeStart
i.startIP = i.cur
if i.cur.Equal(r.Gateway) {
return i.Next()
}
return &net.IPNet{IP: i.cur, Mask: r.Subnet.Mask}, r.Gateway
}
// If we've reached the end of this range, we need to advance the range
// RangeEnd is inclusive as well
if i.cur.Equal(r.RangeEnd) {
i.rangeIdx += 1
i.rangeIdx %= len(*i.rangeset)
r = (*i.rangeset)[i.rangeIdx]
i.cur = r.RangeStart
} else {
i.cur = ip.NextIP(i.cur)
}
if i.startIP == nil {
i.startIP = i.cur
} else if i.cur.Equal(i.startIP) {
// IF we've looped back to where we started, give up
return nil, nil
}
if i.cur.Equal(r.Gateway) {
return i.Next()
}
return &net.IPNet{IP: i.cur, Mask: r.Subnet.Mask}, r.Gateway
}
最終如果結(jié)尾IP也分配出去了,則又會回到起始IP困曙,這時候會失敗慷丽,沒有IP可分配了
記錄IP
再分配IP是怎么知道哪個IP已經(jīng)分配過了呢鳄哭?
host-local插件是通過記錄文件的形式來記錄的
func New(network, dataDir string) (*Store, error) {
if dataDir == "" {
dataDir = defaultDataDir
}
dir := filepath.Join(dataDir, network)
if err := os.MkdirAll(dir, 0755); err != nil {
return nil, err
}
lk, err := NewFileLock(dir)
if err != nil {
return nil, err
}
return &Store{lk, dir}, nil
}
這里會創(chuàng)建目錄/var/lib/cni/networks/锄俄,這里目錄取自入?yún)⒅械膁ataDir字段和name字段拼接而成
當(dāng)一個IP分配出去之后
func (s *Store) Reserve(id string, ifname string, ip net.IP, rangeID string) (bool, error) {
fname := GetEscapedPath(s.dataDir, ip.String())
f, err := os.OpenFile(fname, os.O_RDWR|os.O_EXCL|os.O_CREATE, 0644)
if _, err := f.WriteString(strings.TrimSpace(id) + LineBreak + ifname); err != nil {
// store the reserved ip in lastIPFile
ipfile := GetEscapedPath(s.dataDir, lastIPFilePrefix+rangeID)
err = ioutil.WriteFile(ipfile, []byte(ip.String()), 0644)
if err != nil {
return false, err
}
return true, nil
}
就會在目錄/var/lib/cni/networks/下創(chuàng)建一個文件/var/lib/cni/networks/10.250.7.2,并寫入內(nèi)容
0
eth0
同時記錄文件/var/lib/cni/networks/last_reserved_ip.0鱼填,寫入內(nèi)容
10.250.7.2
表示上一次分配出去的IP地址是10.250.7.2
這樣在構(gòu)造迭代器的時候會首先讀文件/var/lib/cni/networks/last_reserved_ip.0獲取上一次分配出去的IP苹丸,然后把上一次分配出去的IP作為起始IP即可
func (a *IPAllocator) GetIter() (*RangeIter, error) {
iter := RangeIter{
rangeset: a.rangeset,
}
// Round-robin by trying to allocate from the last reserved IP + 1
startFromLastReservedIP := false
// We might get a last reserved IP that is wrong if the range indexes changed.
// This is not critical, we just lose round-robin this one time.
lastReservedIP, err := a.store.LastReservedIP(a.rangeID)
if err != nil && !os.IsNotExist(err) {
log.Printf("Error retrieving last reserved ip: %v", err)
} else if lastReservedIP != nil {
startFromLastReservedIP = a.rangeset.Contains(lastReservedIP)
}
// Find the range in the set with this IP
if startFromLastReservedIP {
for i, r := range *a.rangeset {
if r.Contains(lastReservedIP) {
iter.rangeIdx = i
// We advance the cursor on every Next(), so the first call
// to next() will return lastReservedIP + 1
iter.cur = lastReservedIP
break
}
}
} else {
iter.rangeIdx = 0
iter.startIP = (*a.rangeset)[0].RangeStart
}
return &iter, nil
}
