coderwangke
diff --git a/‎pkg/kubelet/config/common_test.go
Lines changed: 16 additions & 0 deletions b/‎pkg/kubelet/config/common_test.go
Lines changed: 16 additions & 0 deletions
diff --git a/‎pkg/kubelet/container/runtime.go
Lines changed: 2 additions & 2 deletions b/‎pkg/kubelet/container/runtime.go
Lines changed: 2 additions & 2 deletions
diff --git a/‎pkg/kubelet/dockershim/docker_sandbox.go
Lines changed: 46 additions & 20 deletions b/‎pkg/kubelet/dockershim/docker_sandbox.go
Lines changed: 46 additions & 20 deletions
diff --git a/‎pkg/kubelet/dockershim/docker_sandbox_test.go
Lines changed: 3 additions & 3 deletions b/‎pkg/kubelet/dockershim/docker_sandbox_test.go
Lines changed: 3 additions & 3 deletions
diff --git a/‎pkg/kubelet/dockershim/helpers_linux.go
Lines changed: 2 additions & 2 deletions b/‎pkg/kubelet/dockershim/helpers_linux.go
Lines changed: 2 additions & 2 deletions
diff --git a/‎pkg/kubelet/dockershim/helpers_unsupported.go
Lines changed: 2 additions & 2 deletions b/‎pkg/kubelet/dockershim/helpers_unsupported.go
Lines changed: 2 additions & 2 deletions
diff --git a/‎pkg/kubelet/dockershim/helpers_windows.go
Lines changed: 8 additions & 8 deletions b/‎pkg/kubelet/dockershim/helpers_windows.go
Lines changed: 8 additions & 8 deletions
diff --git a/‎pkg/kubelet/dockershim/network/BUILD
Lines changed: 2 additions & 0 deletions b/‎pkg/kubelet/dockershim/network/BUILD
Lines changed: 2 additions & 0 deletions
diff --git a/‎pkg/kubelet/dockershim/network/cni/cni_others.go
Lines changed: 5 additions & 2 deletions b/‎pkg/kubelet/dockershim/network/cni/cni_others.go
Lines changed: 5 additions & 2 deletions
diff --git a/‎pkg/kubelet/dockershim/network/kubenet/BUILD
Lines changed: 4 additions & 0 deletions b/‎pkg/kubelet/dockershim/network/kubenet/BUILD
Lines changed: 4 additions & 0 deletions
@@ -63,6 +63,14 @@ func TestDecodeSinglePod(t *testing.T) {
 			SchedulerName:      core.DefaultSchedulerName,
 			EnableServiceLinks: &enableServiceLinks,
 		},
+		Status: v1.PodStatus{
+			PodIP: "1.2.3.4",
+			PodIPs: []v1.PodIP{
+				{
+					IP: "1.2.3.4",
+				},
+			},
+		},
 	}
 	json, err := runtime.Encode(testapi.Default.Codec(), pod)
 	if err != nil {
@@ -128,6 +136,14 @@ func TestDecodePodList(t *testing.T) {
 			SchedulerName:      core.DefaultSchedulerName,
 			EnableServiceLinks: &enableServiceLinks,
 		},
+		Status: v1.PodStatus{
+			PodIP: "1.2.3.4",
+			PodIPs: []v1.PodIP{
+				{
+					IP: "1.2.3.4",
+				},
+			},
+		},
 	}
 	podList := &v1.PodList{
 		Items: []v1.Pod{*pod},
 
@@ -273,8 +273,8 @@ type PodStatus struct {
 	Name string
 	// Namespace of the pod.
 	Namespace string
-	// IP of the pod.
-	IP string
+	// All IPs assigned to this pod
+	IPs []string
 	// Status of containers in the pod.
 	ContainerStatuses []*ContainerStatus
 	// Status of the pod sandbox.
 
@@ -324,65 +324,75 @@ func (ds *dockerService) RemovePodSandbox(ctx context.Context, r *runtimeapi.Rem
 	return nil, utilerrors.NewAggregate(errs)
 }
 
-// getIPFromPlugin interrogates the network plugin for an IP.
-func (ds *dockerService) getIPFromPlugin(sandbox *dockertypes.ContainerJSON) (string, error) {
+// getIPsFromPlugin interrogates the network plugin for sandbox IPs.
+func (ds *dockerService) getIPsFromPlugin(sandbox *dockertypes.ContainerJSON) ([]string, error) {
 	metadata, err := parseSandboxName(sandbox.Name)
 	if err != nil {
-		return "", err
+		return nil, err
 	}
 	msg := fmt.Sprintf("Couldn't find network status for %s/%s through plugin", metadata.Namespace, metadata.Name)
 	cID := kubecontainer.BuildContainerID(runtimeName, sandbox.ID)
 	networkStatus, err := ds.network.GetPodNetworkStatus(metadata.Namespace, metadata.Name, cID)
 	if err != nil {
-		return "", err
+		return nil, err
 	}
 	if networkStatus == nil {
-		return "", fmt.Errorf("%v: invalid network status for", msg)
+		return nil, fmt.Errorf("%v: invalid network status for", msg)
+	}
+
+	ips := make([]string, 0)
+	for _, ip := range networkStatus.IPs {
+		ips = append(ips, ip.String())
+	}
+	// if we don't have any ip in our list then cni is using classic primary IP only
+	if len(ips) == 0 {
+		ips = append(ips, networkStatus.IP.String())
 	}
-	return networkStatus.IP.String(), nil
+	return ips, nil
 }
 
-// getIP returns the ip given the output of `docker inspect` on a pod sandbox,
+// getIPs returns the ip given the output of `docker inspect` on a pod sandbox,
 // first interrogating any registered plugins, then simply trusting the ip
 // in the sandbox itself. We look for an ipv4 address before ipv6.
-func (ds *dockerService) getIP(podSandboxID string, sandbox *dockertypes.ContainerJSON) string {
+func (ds *dockerService) getIPs(podSandboxID string, sandbox *dockertypes.ContainerJSON) []string {
 	if sandbox.NetworkSettings == nil {
-		return ""
+		return nil
 	}
 	if networkNamespaceMode(sandbox) == runtimeapi.NamespaceMode_NODE {
 		// For sandboxes using host network, the shim is not responsible for
 		// reporting the IP.
-		return ""
+		return nil
 	}
 
 	// Don't bother getting IP if the pod is known and networking isn't ready
 	ready, ok := ds.getNetworkReady(podSandboxID)
 	if ok && !ready {
-		return ""
+		return nil
 	}
 
-	ip, err := ds.getIPFromPlugin(sandbox)
+	ips, err := ds.getIPsFromPlugin(sandbox)
 	if err == nil {
-		return ip
+		return ips
 	}
 
+	ips = make([]string, 0)
 	// TODO: trusting the docker ip is not a great idea. However docker uses
 	// eth0 by default and so does CNI, so if we find a docker IP here, we
 	// conclude that the plugin must have failed setup, or forgotten its ip.
 	// This is not a sensible assumption for plugins across the board, but if
 	// a plugin doesn't want this behavior, it can throw an error.
 	if sandbox.NetworkSettings.IPAddress != "" {
-		return sandbox.NetworkSettings.IPAddress
+		ips = append(ips, sandbox.NetworkSettings.IPAddress)
 	}
 	if sandbox.NetworkSettings.GlobalIPv6Address != "" {
-		return sandbox.NetworkSettings.GlobalIPv6Address
+		ips = append(ips, sandbox.NetworkSettings.GlobalIPv6Address)
 	}
 
 	// If all else fails, warn but don't return an error, as pod status
 	// should generally not return anything except fatal errors
 	// FIXME: handle network errors by restarting the pod somehow?
 	klog.Warningf("failed to read pod IP from plugin/docker: %v", err)
-	return ""
+	return ips
 }
 
 // Returns the inspect container response, the sandbox metadata, and network namespace mode
@@ -422,11 +432,19 @@ func (ds *dockerService) PodSandboxStatus(ctx context.Context, req *runtimeapi.P
 		state = runtimeapi.PodSandboxState_SANDBOX_READY
 	}
 
-	var IP string
+	var ips []string
 	// TODO: Remove this when sandbox is available on windows
 	// This is a workaround for windows, where sandbox is not in use, and pod IP is determined through containers belonging to the Pod.
-	if IP = ds.determinePodIPBySandboxID(podSandboxID); IP == "" {
-		IP = ds.getIP(podSandboxID, r)
+	if ips = ds.determinePodIPBySandboxID(podSandboxID); len(ips) == 0 {
+		ips = ds.getIPs(podSandboxID, r)
+	}
+
+	// ip is primary ips
+	// ips is all other ips
+	ip := ""
+	if len(ips) != 0 {
+		ip = ips[0]
+		ips = ips[1:]
 	}
 
 	labels, annotations := extractLabels(r.Config.Labels)
@@ -438,7 +456,7 @@ func (ds *dockerService) PodSandboxStatus(ctx context.Context, req *runtimeapi.P
 		Labels:      labels,
 		Annotations: annotations,
 		Network: &runtimeapi.PodSandboxNetworkStatus{
-			Ip: IP,
+			Ip: ip,
 		},
 		Linux: &runtimeapi.LinuxPodSandboxStatus{
 			Namespaces: &runtimeapi.Namespace{
@@ -450,6 +468,14 @@ func (ds *dockerService) PodSandboxStatus(ctx context.Context, req *runtimeapi.P
 			},
 		},
 	}
+	// add additional IPs
+	additionalPodIPs := make([]*runtimeapi.PodIP, 0, len(ips))
+	for _, ip := range ips {
+		additionalPodIPs = append(additionalPodIPs, &runtimeapi.PodIP{
+			Ip: ip,
+		})
+	}
+	status.Network.AdditionalIps = additionalPodIPs
 	return &runtimeapi.PodSandboxStatusResponse{Status: status}, nil
 }
 
 
@@ -106,7 +106,7 @@ func TestSandboxStatus(t *testing.T) {
 		State:     state,
 		CreatedAt: ct,
 		Metadata:  config.Metadata,
-		Network:   &runtimeapi.PodSandboxNetworkStatus{Ip: podIP},
+		Network:   &runtimeapi.PodSandboxNetworkStatus{Ip: podIP, AdditionalIps: []*runtimeapi.PodIP{}},
 		Linux: &runtimeapi.LinuxPodSandboxStatus{
 			Namespaces: &runtimeapi.Namespace{
 				Options: &runtimeapi.NamespaceOption{
@@ -142,6 +142,7 @@ func TestSandboxStatus(t *testing.T) {
 	require.NoError(t, err)
 	// IP not valid after sandbox stop
 	expected.Network.Ip = ""
+	expected.Network.AdditionalIps = []*runtimeapi.PodIP{}
 	statusResp, err = ds.PodSandboxStatus(getTestCTX(), &runtimeapi.PodSandboxStatusRequest{PodSandboxId: id})
 	require.NoError(t, err)
 	assert.Equal(t, expected, statusResp.Status)
@@ -161,14 +162,13 @@ func TestSandboxStatusAfterRestart(t *testing.T) {
 	config := makeSandboxConfig("foo", "bar", "1", 0)
 	r := rand.New(rand.NewSource(0)).Uint32()
 	podIP := fmt.Sprintf("10.%d.%d.%d", byte(r>>16), byte(r>>8), byte(r))
-
 	state := runtimeapi.PodSandboxState_SANDBOX_READY
 	ct := int64(0)
 	expected := &runtimeapi.PodSandboxStatus{
 		State:     state,
 		CreatedAt: ct,
 		Metadata:  config.Metadata,
-		Network:   &runtimeapi.PodSandboxNetworkStatus{Ip: podIP},
+		Network:   &runtimeapi.PodSandboxNetworkStatus{Ip: podIP, AdditionalIps: []*runtimeapi.PodIP{}},
 		Linux: &runtimeapi.LinuxPodSandboxStatus{
 			Namespaces: &runtimeapi.Namespace{
 				Options: &runtimeapi.NamespaceOption{
 
@@ -136,8 +136,8 @@ func (ds *dockerService) updateCreateConfig(
 	return nil
 }
 
-func (ds *dockerService) determinePodIPBySandboxID(uid string) string {
-	return ""
+func (ds *dockerService) determinePodIPBySandboxID(uid string) []string {
+	return nil
 }
 
 func getNetworkNamespace(c *dockertypes.ContainerJSON) (string, error) {
 
@@ -45,9 +45,9 @@ func (ds *dockerService) updateCreateConfig(
 	return nil
 }
 
-func (ds *dockerService) determinePodIPBySandboxID(uid string) string {
+func (ds *dockerService) determinePodIPBySandboxID(uid string) []string {
 	klog.Warningf("determinePodIPBySandboxID is unsupported in this build")
-	return ""
+	return nil
 }
 
 func getNetworkNamespace(c *dockertypes.ContainerJSON) (string, error) {
 
@@ -97,7 +97,7 @@ func applyWindowsContainerSecurityContext(wsc *runtimeapi.WindowsContainerSecuri
 	}
 }
 
-func (ds *dockerService) determinePodIPBySandboxID(sandboxID string) string {
+func (ds *dockerService) determinePodIPBySandboxID(sandboxID string) []string {
 	opts := dockertypes.ContainerListOptions{
 		All:     true,
 		Filters: dockerfilters.NewArgs(),
@@ -108,7 +108,7 @@ func (ds *dockerService) determinePodIPBySandboxID(sandboxID string) string {
 	f.AddLabel(sandboxIDLabelKey, sandboxID)
 	containers, err := ds.client.ListContainers(opts)
 	if err != nil {
-		return ""
+		return nil
 	}
 
 	for _, c := range containers {
@@ -144,26 +144,26 @@ func (ds *dockerService) determinePodIPBySandboxID(sandboxID string) string {
 				// Hyper-V only supports one container per Pod yet and the container will have a different
 				// IP address from sandbox. Return the first non-sandbox container IP as POD IP.
 				// TODO(feiskyer): remove this workaround after Hyper-V supports multiple containers per Pod.
-				if containerIP := ds.getIP(c.ID, r); containerIP != "" {
-					return containerIP
+				if containerIPs := ds.getIPs(c.ID, r); len(containerIPs) != 0 {
+					return containerIPs
 				}
 			} else {
 				// Do not return any IP, so that we would continue and get the IP of the Sandbox.
 				// Windows 1709 and 1803 doesn't have the Namespace support, so getIP() is called
 				// to replicate the DNS registry key to the Workload container (IP/Gateway/MAC is
 				// set separately than DNS).
 				// TODO(feiskyer): remove this workaround after Namespace is supported in Windows RS5.
-				ds.getIP(sandboxID, r)
+				ds.getIPs(sandboxID, r)
 			}
 		} else {
 			// ds.getIP will call the CNI plugin to fetch the IP
-			if containerIP := ds.getIP(c.ID, r); containerIP != "" {
-				return containerIP
+			if containerIPs := ds.getIPs(c.ID, r); len(containerIPs) != 0 {
+				return containerIPs
 			}
 		}
 	}
 
-	return ""
+	return nil
 }
 
 func getNetworkNamespace(c *dockertypes.ContainerJSON) (string, error) {
 
@@ -9,6 +9,7 @@ go_library(
     importpath = "k8s.io/kubernetes/pkg/kubelet/dockershim/network",
     visibility = ["//visibility:public"],
     deps = [
+        "//pkg/features:go_default_library",
         "//pkg/kubelet/apis/config:go_default_library",
         "//pkg/kubelet/container:go_default_library",
         "//pkg/kubelet/dockershim/network/hostport:go_default_library",
@@ -18,6 +19,7 @@ go_library(
         "//staging/src/k8s.io/apimachinery/pkg/util/errors:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/util/validation:go_default_library",
+        "//staging/src/k8s.io/apiserver/pkg/util/feature:go_default_library",
         "//vendor/k8s.io/klog:go_default_library",
         "//vendor/k8s.io/utils/exec:go_default_library",
     ],
 
@@ -69,12 +69,15 @@ func (plugin *cniNetworkPlugin) GetPodNetworkStatus(namespace string, name strin
 		return nil, fmt.Errorf("Cannot find the network namespace, skipping pod network status for container %q", id)
 	}
 
-	ip, err := network.GetPodIP(plugin.execer, plugin.nsenterPath, netnsPath, network.DefaultInterfaceName)
+	ips, err := network.GetPodIPs(plugin.execer, plugin.nsenterPath, netnsPath, network.DefaultInterfaceName)
 	if err != nil {
 		return nil, err
 	}
 
-	return &network.PodNetworkStatus{IP: ip}, nil
+	return &network.PodNetworkStatus{
+		IP:  ips[0],
+		IPs: ips,
+	}, nil
 }
 
 // buildDNSCapabilities builds cniDNSConfig from runtimeapi.DNSConfig.
 
@@ -36,6 +36,7 @@ go_library(
             "//pkg/kubelet/dockershim/network:go_default_library",
         ],
         "@io_bazel_rules_go//go/platform:linux": [
+            "//pkg/features:go_default_library",
             "//pkg/kubelet/apis/config:go_default_library",
             "//pkg/kubelet/container:go_default_library",
             "//pkg/kubelet/dockershim/network:go_default_library",
@@ -48,13 +49,15 @@ go_library(
             "//staging/src/k8s.io/apimachinery/pkg/util/errors:go_default_library",
             "//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library",
             "//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library",
+            "//staging/src/k8s.io/apiserver/pkg/util/feature:go_default_library",
             "//vendor/github.com/containernetworking/cni/libcni:go_default_library",
             "//vendor/github.com/containernetworking/cni/pkg/types:go_default_library",
             "//vendor/github.com/containernetworking/cni/pkg/types/020:go_default_library",
             "//vendor/github.com/vishvananda/netlink:go_default_library",
             "//vendor/golang.org/x/sys/unix:go_default_library",
             "//vendor/k8s.io/klog:go_default_library",
             "//vendor/k8s.io/utils/exec:go_default_library",
+            "//vendor/k8s.io/utils/net:go_default_library",
         ],
         "@io_bazel_rules_go//go/platform:nacl": [
             "//pkg/kubelet/apis/config:go_default_library",
@@ -105,6 +108,7 @@ go_test(
             "//pkg/util/bandwidth:go_default_library",
             "//pkg/util/iptables/testing:go_default_library",
             "//pkg/util/sysctl/testing:go_default_library",
+            "//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library",
             "//vendor/github.com/stretchr/testify/assert:go_default_library",
             "//vendor/github.com/stretchr/testify/mock:go_default_library",
             "//vendor/k8s.io/utils/exec:go_default_library",
Original file line number	Diff line number	Diff line change
`@@ -136,8 +136,8 @@ func (ds *dockerService) updateCreateConfig(`
`136`	`136`	`return nil`
`137`	`137`	`}`
`138`	`138`
`139`		`-func (ds *dockerService) determinePodIPBySandboxID(uid string) string {`
`140`		`- return ""`
	`139`	`+func (ds *dockerService) determinePodIPBySandboxID(uid string) []string {`
	`140`	`+ return nil`
`141`	`141`	`}`
`142`	`142`
`143`	`143`	`func getNetworkNamespace(c *dockertypes.ContainerJSON) (string, error) {`
Original file line number	Diff line number	Diff line change
`@@ -45,9 +45,9 @@ func (ds *dockerService) updateCreateConfig(`
`45`	`45`	`return nil`
`46`	`46`	`}`
`47`	`47`
`48`		`-func (ds *dockerService) determinePodIPBySandboxID(uid string) string {`
	`48`	`+func (ds *dockerService) determinePodIPBySandboxID(uid string) []string {`
`49`	`49`	`klog.Warningf("determinePodIPBySandboxID is unsupported in this build")`
`50`		`- return ""`
	`50`	`+ return nil`
`51`	`51`	`}`
`52`	`52`
`53`	`53`	`func getNetworkNamespace(c *dockertypes.ContainerJSON) (string, error) {`
Original file line number	Diff line number	Diff line change
`@@ -97,7 +97,7 @@ func applyWindowsContainerSecurityContext(wsc *runtimeapi.WindowsContainerSecuri`
`97`	`97`	`}`
`98`	`98`	`}`
`99`	`99`
`100`		`-func (ds *dockerService) determinePodIPBySandboxID(sandboxID string) string {`
	`100`	`+func (ds *dockerService) determinePodIPBySandboxID(sandboxID string) []string {`
`101`	`101`	`opts := dockertypes.ContainerListOptions{`
`102`	`102`	`All: true,`
`103`	`103`	`Filters: dockerfilters.NewArgs(),`
`@@ -108,7 +108,7 @@ func (ds *dockerService) determinePodIPBySandboxID(sandboxID string) string {`
`108`	`108`	`f.AddLabel(sandboxIDLabelKey, sandboxID)`
`109`	`109`	`containers, err := ds.client.ListContainers(opts)`
`110`	`110`	`if err != nil {`
`111`		`- return ""`
	`111`	`+ return nil`
`112`	`112`	`}`
`113`	`113`
`114`	`114`	`for _, c := range containers {`
`@@ -144,26 +144,26 @@ func (ds *dockerService) determinePodIPBySandboxID(sandboxID string) string {`
`144`	`144`	`// Hyper-V only supports one container per Pod yet and the container will have a different`
`145`	`145`	`// IP address from sandbox. Return the first non-sandbox container IP as POD IP.`
`146`	`146`	`// TODO(feiskyer): remove this workaround after Hyper-V supports multiple containers per Pod.`
`147`		`- if containerIP := ds.getIP(c.ID, r); containerIP != "" {`
`148`		`- return containerIP`
	`147`	`+ if containerIPs := ds.getIPs(c.ID, r); len(containerIPs) != 0 {`
	`148`	`+ return containerIPs`
`149`	`149`	`}`
`150`	`150`	`} else {`
`151`	`151`	`// Do not return any IP, so that we would continue and get the IP of the Sandbox.`
`152`	`152`	`// Windows 1709 and 1803 doesn't have the Namespace support, so getIP() is called`
`153`	`153`	`// to replicate the DNS registry key to the Workload container (IP/Gateway/MAC is`
`154`	`154`	`// set separately than DNS).`
`155`	`155`	`// TODO(feiskyer): remove this workaround after Namespace is supported in Windows RS5.`
`156`		`- ds.getIP(sandboxID, r)`
	`156`	`+ ds.getIPs(sandboxID, r)`
`157`	`157`	`}`
`158`	`158`	`} else {`
`159`	`159`	`// ds.getIP will call the CNI plugin to fetch the IP`
`160`		`- if containerIP := ds.getIP(c.ID, r); containerIP != "" {`
`161`		`- return containerIP`
	`160`	`+ if containerIPs := ds.getIPs(c.ID, r); len(containerIPs) != 0 {`
	`161`	`+ return containerIPs`
`162`	`162`	`}`
`163`	`163`	`}`
`164`	`164`	`}`
`165`	`165`
`166`		`- return ""`
	`166`	`+ return nil`
`167`	`167`	`}`
`168`	`168`
`169`	`169`	`func getNetworkNamespace(c *dockertypes.ContainerJSON) (string, error) {`
Original file line number	Diff line number	Diff line change
`@@ -69,12 +69,15 @@ func (plugin *cniNetworkPlugin) GetPodNetworkStatus(namespace string, name strin`
`69`	`69`	`return nil, fmt.Errorf("Cannot find the network namespace, skipping pod network status for container %q", id)`
`70`	`70`	`}`
`71`	`71`
`72`		`- ip, err := network.GetPodIP(plugin.execer, plugin.nsenterPath, netnsPath, network.DefaultInterfaceName)`
	`72`	`+ ips, err := network.GetPodIPs(plugin.execer, plugin.nsenterPath, netnsPath, network.DefaultInterfaceName)`
`73`	`73`	`if err != nil {`
`74`	`74`	`return nil, err`
`75`	`75`	`}`
`76`	`76`
`77`		`- return &network.PodNetworkStatus{IP: ip}, nil`
	`77`	`+ return &network.PodNetworkStatus{`
	`78`	`+ IP: ips[0],`
	`79`	`+ IPs: ips,`
	`80`	`+ }, nil`
`78`	`81`	`}`
`79`	`82`
`80`	`83`	`// buildDNSCapabilities builds cniDNSConfig from runtimeapi.DNSConfig.`