cni: support spec v1.0.0

- bump default cni version to 0.4.0
- inner cni CHECK is not required in 0.4.0

cmd/terway-cli/cni.go

@@ -106,7 +106,7 @@ func mergeConfigList(configs [][]byte, f *feature) (string, error) {
 	var err error
 
 	g := gabs.New()
-	_, err = g.Set("0.3.1", "cniVersion")
+	_, err = g.Set("0.4.0", "cniVersion")
 	if err != nil {
 		return "", err
 	}

daemon/daemon.go

@@ -6,7 +6,6 @@ import (
 	"fmt"
 	"net"
 	"os"
-	"path/filepath"
 	"sort"
 	"strconv"
 	"strings"
@@ -29,8 +28,6 @@ import (
 	"github.com/AliyunContainerService/terway/types"
 	"github.com/AliyunContainerService/terway/types/daemon"
 
-	"github.com/containernetworking/cni/libcni"
-	containertypes "github.com/containernetworking/cni/pkg/types"
 	"github.com/pkg/errors"
 	corev1 "k8s.io/api/core/v1"
 	k8sErr "k8s.io/apimachinery/pkg/api/errors"
@@ -59,9 +56,6 @@ const (
 	commandMapping = "mapping"
 
 	cniDefaultPath = "/opt/cni/bin"
-	// this file is generated from configmap
-	terwayCNIConf  = "/etc/eni/10-terway.conf"
-	cniExecTimeout = 10 * time.Second
 
 	IfEth0 = "eth0"
 )
@@ -930,67 +924,6 @@ func (n *networkService) startPeriodCheck() {
 			}
 		}
 	}()
-	// call CNI CHECK, make sure all dev is ok
-	func() {
-		serviceLog.Debugf("call CNI CHECK")
-		defer func() {
-			serviceLog.Debugf("call CNI CHECK end")
-		}()
-		n.RLock()
-		podResList, err := n.resourceDB.List()
-		n.RUnlock()
-		if err != nil {
-			serviceLog.Error(err)
-			return
-		}
-		ff, err := os.ReadFile(utils.NormalizePath(terwayCNIConf))
-		if err != nil {
-			serviceLog.Error(err)
-			return
-		}
-		for _, v := range podResList {
-			res := v.(types.PodResources)
-			if res.NetNs == nil {
-				continue
-			}
-			serviceLog.Debugf("checking pod name %s", res.PodInfo.Name)
-			cniCfg := libcni.NewCNIConfig([]string{n.cniBinPath}, nil)
-			netNs := filepath.Join("/proc/1/root/", *res.NetNs)
-			if utils.IsWindowsOS() {
-				netNs = *res.NetNs
-			}
-			func() {
-				ctx, cancel := context.WithTimeout(context.Background(), cniExecTimeout)
-				defer cancel()
-
-				args := [][2]string{
-					{"K8S_POD_NAME", res.PodInfo.Name},
-					{"K8S_POD_NAMESPACE", res.PodInfo.Namespace},
-				}
-				if res.ContainerID != nil {
-					args = append(args, [2]string{"K8S_POD_INFRA_CONTAINER_ID", *res.ContainerID})
-				}
-
-				err := cniCfg.CheckNetwork(ctx, &libcni.NetworkConfig{
-					Network: &containertypes.NetConf{
-						CNIVersion: "0.4.0",
-						Name:       "terway",
-						Type:       "terway",
-					},
-					Bytes: ff,
-				}, &libcni.RuntimeConf{
-					ContainerID: "fake", // must provide
-					NetNS:       netNs,
-					IfName:      IfEth0,
-					Args:        args,
-				})
-				if err != nil {
-					serviceLog.Error(err)
-					return
-				}
-			}()
-		}
-	}()
 }
 
 // requestCRD get crd from api

docs/cni-chain.md

@@ -6,7 +6,7 @@ Terway will set CNI config on the startup. The config (`/etc/cni/net.d/10-terway
 
 ```json
 {
-  "cniVersion": "0.3.1",
+  "cniVersion": "0.4.0",
   "name": "terway",
   "type": "terway",
   "eniip_virtual_type": "IPVlan"
@@ -46,7 +46,7 @@ data:
 
   10-terway.conf: |
     {
-      "cniVersion": "0.3.1",
+      "cniVersion": "0.4.0",
       "name": "terway",
       "type": "terway"
     }

docs/host-stack-cidrs.md

@@ -23,7 +23,7 @@
     ```json
       10-terway.conf: |
       {
-        "cniVersion": "0.3.1",
+        "cniVersion": "0.4.0",
         "name": "terway",
         "eniip_virtual_type": "IPVlan",
         "host_stack_cidrs": ["169.254.0.0/16"], // 此处为您希望添加的主机网络栈路由
@@ -50,7 +50,7 @@
    ```bash
     cat /etc/cni/net.d/*
     {
-      "cniVersion": "0.3.1",
+      "cniVersion": "0.4.0",
       "name": "terway-chainer",
       "plugins": [
         {

docs/hubble-intergration.md

@@ -19,7 +19,7 @@
    ```json
    10-terway.conf: |
    {
-     "cniVersion": "0.3.1",
+     "cniVersion": "0.4.0",
      "name": "terway",
      "eniip_virtual_type": "IPVlan",
      // 新增以下配置，以打开 Hubble 网络流量分析

docs/ipv6.md

@@ -10,7 +10,7 @@ apiVersion: v1
 data:
   10-terway.conf: |
     {
-      "cniVersion": "0.3.1",
+      "cniVersion": "0.4.0",
       "name": "terway",
       "eniip_virtual_type": "IPVlan",
       "ip_stack": "dual",   <----- 启用双栈支持

docs/qos.md

@@ -30,7 +30,7 @@ apiVersion: v1
 data:
   10-terway.conf: |
     {
-      "cniVersion": "0.3.1",
+      "cniVersion": "0.4.0",
       "name": "terway",
       "capabilities": {"bandwidth": true}, # add 
       "type": "terway"
@@ -64,7 +64,7 @@ apiVersion: v1
 data:
   10-terway.conf: |
     {
-      "cniVersion": "0.3.1",
+      "cniVersion": "0.4.0",
       "name": "terway",
       "enable_network_priority": true, # add
       "type": "terway"

docs/terway-trunk.md

@@ -31,7 +31,7 @@ apiVersion: v1
 data:
   10-terway.conf: |
     {
-      "cniVersion": "0.3.1",
+      "cniVersion": "0.4.0",
       "name": "terway",
       "eniip_virtual_type": "IPVlan",
       "type": "terway"

eni.conf

@@ -1,5 +1,5 @@
 {
-  "cniVersion": "0.3.1",
+  "cniVersion": "0.4.0",
   "name": "eni",
   "type": "terway-plugin",
   "prefix": "eth"

entrypoint.ps1

@@ -283,7 +283,7 @@ Log-Info "Transferred eni configuration"
 # generated cni config to host
 Log-Debug "Generating cni configuration"
 $cni_config = @{
-  cniVersion = "0.3.1"
+  cniVersion = "0.4.0"
   name = "terway"
   type = "terway"
 }
@@ -292,7 +292,7 @@ if (Test-File -Path "c:\etc\eni\10-terway.conf") {
 }
 # version
 if (-not $cni_config["cniVersion"]) {
-  $cni_config["cniVersion"] = "0.3.1"
+  $cni_config["cniVersion"] = "0.4.0"
 }
 # name
 if (-not $cni_config["name"]) {

go.mod

@@ -4,28 +4,28 @@ go 1.18
 
 require (
 	github.com/Jeffail/gabs/v2 v2.7.0
-	github.com/Microsoft/go-winio v0.5.2
-	github.com/Microsoft/hcsshim v0.9.4
-	github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae
+	github.com/Microsoft/go-winio v0.6.0
+	github.com/Microsoft/hcsshim v0.9.9
+	github.com/alexflint/go-filemutex v1.2.0
 	github.com/aliyun/alibaba-cloud-sdk-go v1.62.215
 	github.com/boltdb/bolt v1.3.1
-	github.com/containernetworking/cni v0.8.1
-	github.com/containernetworking/plugins v0.9.1
+	github.com/containernetworking/cni v1.1.2
+	github.com/containernetworking/plugins v1.3.0
 	github.com/denverdino/aliyungo v0.0.0-20201215054313-f635de23c5e0
 	github.com/docker/docker v20.10.20+incompatible
 	github.com/evanphx/json-patch v5.6.0+incompatible
 	github.com/go-playground/mold/v4 v4.2.0
 	github.com/go-playground/validator/v10 v10.11.1
 	github.com/google/uuid v1.3.0
 	github.com/onsi/ginkgo v1.16.5
-	github.com/onsi/gomega v1.22.1
+	github.com/onsi/gomega v1.27.6
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.13.0
 	github.com/pterm/pterm v0.12.62
 	github.com/sirupsen/logrus v1.9.0
 	github.com/spf13/cobra v1.6.1
-	github.com/stretchr/testify v1.8.0
-	github.com/vishvananda/netlink v1.1.1-0.20210510164352-d17758a128bf
+	github.com/stretchr/testify v1.8.1
+	github.com/vishvananda/netlink v1.2.1-beta.2
 	golang.org/x/net v0.9.0
 	golang.org/x/sync v0.1.0
 	golang.org/x/sys v0.8.0
@@ -54,16 +54,16 @@ require (
 	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
-	github.com/containerd/cgroups v1.0.3 // indirect
+	github.com/containerd/cgroups v1.1.0 // indirect
 	github.com/containerd/console v1.0.3 // indirect
-	github.com/coreos/go-iptables v0.5.0 // indirect
+	github.com/coreos/go-iptables v0.6.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/docker/distribution v2.8.1+incompatible // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-units v0.4.0 // indirect
 	github.com/emicklei/go-restful v2.16.0+incompatible // indirect
 	github.com/fsnotify/fsnotify v1.5.1 // indirect
-	github.com/go-logr/logr v1.2.0 // indirect
+	github.com/go-logr/logr v1.2.4 // indirect
 	github.com/go-logr/zapr v1.2.0 // indirect
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
 	github.com/go-openapi/jsonreference v0.19.5 // indirect
@@ -72,8 +72,8 @@ require (
 	github.com/go-playground/universal-translator v0.18.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
-	github.com/google/go-cmp v0.5.8 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/googleapis/gnostic v0.5.5 // indirect
 	github.com/gookit/color v1.5.3 // indirect
@@ -99,24 +99,24 @@ require (
 	github.com/prometheus/common v0.37.0 // indirect
 	github.com/prometheus/procfs v0.8.0 // indirect
 	github.com/rivo/uniseg v0.4.4 // indirect
-	github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8 // indirect
+	github.com/safchain/ethtool v0.3.0 // indirect
 	github.com/segmentio/go-camelcase v0.0.0-20160726192923-7085f1e3c734 // indirect
 	github.com/segmentio/go-snakecase v1.2.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/vishvananda/netns v0.0.0-20201230012202-c4f3ca719c73 // indirect
+	github.com/vishvananda/netns v0.0.4 // indirect
 	github.com/vladimirvivien/gexe v0.1.1 // indirect
 	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
-	go.opencensus.io v0.23.0 // indirect
+	go.opencensus.io v0.24.0 // indirect
 	go.uber.org/atomic v1.9.0 // indirect
 	go.uber.org/multierr v1.6.0 // indirect
 	go.uber.org/zap v1.19.1 // indirect
 	golang.org/x/crypto v0.1.0 // indirect
-	golang.org/x/mod v0.8.0 // indirect
+	golang.org/x/mod v0.9.0 // indirect
 	golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect
 	golang.org/x/term v0.8.0 // indirect
 	golang.org/x/text v0.9.0 // indirect
 	golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect
-	golang.org/x/tools v0.6.0 // indirect
+	golang.org/x/tools v0.7.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect