-
Notifications
You must be signed in to change notification settings - Fork 7
Introduction
When an container with "fixed-ip" label leaves Minions(now the minions network plugin is fused by barrel) network, minions will record on ETCD which IP it had occupied by (Key, Value) of (ContainerID, IPAddress), and minions will not return the address to Calico IPPool immediately. So next time when an container request the same IP by "--ip" flag, minions will ensure the IP will not be reallocated randomly and assigned to other containers, so the container can aquire the same IP. But thus the IP could only be released when a container, which has no "fixed-ip" label and successful requested the IP address, leaves minions network.
So Barrel is raised to help release reserved IP(or fixed-ip). We are expecting the recycle to happen after we successfully removed an container(either stopped or running), by checking if the container had occupied a ip in minions network IP pool and the IP address is an idle reserved IP. And the way to achieve it is to have an socket acting as an docker socket, by the means it works as an docker socket proxy. It will hook on docker rest api, and exec our functions before or after certain request to dockerd. Currently there are :
- docker container create
- docker container rm
- docker container prune
- docker network connect
- docker network disconnect
Barrel will forward server request(to dockerd) and client response(from dockerd) by byte stream, it will not try to modify dockerd response. But at some circumstances, result may come from Barrel directly(no request is forwarded to dockerd). Cases:
- docker container rm
Because when we trying to recycle an reserved IP, we must specified the container which owned the IP before by full length container ID(due to design of minions ETCD data structure). However docker container rm accepts partial length container ID or container name, so we must get the container ID before remove it. If the container is not exists and the given key is not a full length container ID, an error will throw and writes to server response. But we guarant the response still follow the protocol of docker container rm response(only missing some dockerd response headers).