diff --git a/vendor.conf b/vendor.conf index 062fbe290..bd8fe31af 100644 --- a/vendor.conf +++ b/vendor.conf @@ -105,7 +105,7 @@ github.com/docker/containerd 9048e5e50717ea4497b757314bad98ea3763c145 github.com/tonistiigi/fifo 1405643975692217d6720f8b54aeee1bf2cd5cf4 # cluster -github.com/docker/swarmkit bd105f8afe9609137a48f817ae124295df0e8ef1 +github.com/docker/swarmkit ae52d9de97b91eee978bc2fe411bc85b33eb82dd github.com/gogo/protobuf 8d70fb3182befc465c4a1eac8ad4d38ff49778e2 github.com/cloudflare/cfssl 7fb22c8cba7ecaf98e4082d22d65800cf45e042a github.com/google/certificate-transparency d90e65c3a07988180c5b1ece71791c0b6506826e diff --git a/vendor/github.com/docker/swarmkit/manager/allocator/network.go b/vendor/github.com/docker/swarmkit/manager/allocator/network.go index 4a711171b..597494ea6 100644 --- a/vendor/github.com/docker/swarmkit/manager/allocator/network.go +++ b/vendor/github.com/docker/swarmkit/manager/allocator/network.go @@ -1089,12 +1089,7 @@ func updateTaskStatus(t *api.Task, newStatus api.TaskState, message string) { // IsIngressNetwork returns whether the passed network is an ingress network. func IsIngressNetwork(nw *api.Network) bool { - if nw.Spec.Ingress { - return true - } - // Check if legacy defined ingress network - _, ok := nw.Spec.Annotations.Labels["com.docker.swarm.internal"] - return ok && nw.Spec.Annotations.Name == "ingress" + return networkallocator.IsIngressNetwork(nw) } // GetIngressNetwork fetches the ingress network from store. diff --git a/vendor/github.com/docker/swarmkit/manager/allocator/networkallocator/networkallocator.go b/vendor/github.com/docker/swarmkit/manager/allocator/networkallocator/networkallocator.go index fafb3b18c..a70cfd121 100644 --- a/vendor/github.com/docker/swarmkit/manager/allocator/networkallocator/networkallocator.go +++ b/vendor/github.com/docker/swarmkit/manager/allocator/networkallocator/networkallocator.go @@ -153,7 +153,7 @@ func (na *NetworkAllocator) Deallocate(n *api.Network) error { // IP and ports needed by the service. func (na *NetworkAllocator) ServiceAllocate(s *api.Service) (err error) { if err = na.portAllocator.serviceAllocatePorts(s); err != nil { - return + return err } defer func() { if err != nil { @@ -183,7 +183,7 @@ func (na *NetworkAllocator) ServiceAllocate(s *api.Service) (err error) { } delete(na.services, s.ID) - return + return nil } // Always prefer NetworkAttachmentConfig in the TaskSpec @@ -194,48 +194,55 @@ func (na *NetworkAllocator) ServiceAllocate(s *api.Service) (err error) { // Allocate VIPs for all the pre-populated endpoint attachments eVIPs := s.Endpoint.VirtualIPs[:0] + +vipLoop: for _, eAttach := range s.Endpoint.VirtualIPs { - match := false + if na.IsVIPOnIngressNetwork(eAttach) { + if err = na.allocateVIP(eAttach); err != nil { + return err + } + eVIPs = append(eVIPs, eAttach) + continue vipLoop + + } for _, nAttach := range specNetworks { if nAttach.Target == eAttach.NetworkID { - match = true if err = na.allocateVIP(eAttach); err != nil { - return + return err } eVIPs = append(eVIPs, eAttach) - break + continue vipLoop } } - //If the network of the VIP is not part of the service spec, - //deallocate the vip - if !match { - na.deallocateVIP(eAttach) - } + // If the network of the VIP is not part of the service spec, + // deallocate the vip + na.deallocateVIP(eAttach) } - s.Endpoint.VirtualIPs = eVIPs -outer: +networkLoop: for _, nAttach := range specNetworks { for _, vip := range s.Endpoint.VirtualIPs { if vip.NetworkID == nAttach.Target { - continue outer + continue networkLoop } } vip := &api.Endpoint_VirtualIP{NetworkID: nAttach.Target} if err = na.allocateVIP(vip); err != nil { - return + return err } - s.Endpoint.VirtualIPs = append(s.Endpoint.VirtualIPs, vip) + eVIPs = append(eVIPs, vip) } - if len(s.Endpoint.VirtualIPs) > 0 { + if len(eVIPs) > 0 { na.services[s.ID] = struct{}{} } else { delete(na.services, s.ID) } - return + + s.Endpoint.VirtualIPs = eVIPs + return nil } // ServiceDeallocate de-allocates all the network resources such as @@ -253,6 +260,7 @@ func (na *NetworkAllocator) ServiceDeallocate(s *api.Service) error { WithField("vip.addr", vip.Addr).Error("error deallocating vip") } } + s.Endpoint.VirtualIPs = nil na.portAllocator.serviceDeallocatePorts(s) delete(na.services, s.ID) @@ -346,34 +354,33 @@ func (na *NetworkAllocator) ServiceNeedsAllocation(s *api.Service, flags ...func return true } + // If the spec has networks which don't have a corresponding VIP, + // the service needs to be allocated. + networkLoop: for _, net := range specNetworks { - match := false for _, vip := range s.Endpoint.VirtualIPs { if vip.NetworkID == net.Target { - match = true - break + continue networkLoop } } - if !match { - return true - } + return true } } - //If the spec no longer has networks attached and has a vip allocated - //from previous spec the service needs to updated + // If the spec no longer has networks attached and has a vip allocated + // from previous spec the service needs to allocated. if s.Endpoint != nil { + vipLoop: for _, vip := range s.Endpoint.VirtualIPs { - match := false + if na.IsVIPOnIngressNetwork(vip) { + continue vipLoop + } for _, net := range specNetworks { if vip.NetworkID == net.Target { - match = true - break + continue vipLoop } } - if !match { - return true - } + return true } } @@ -885,3 +892,26 @@ func initializeDrivers(reg *drvregistry.DrvRegistry) error { } return nil } + +// IsVIPOnIngressNetwork check if the vip is in ingress network +func (na *NetworkAllocator) IsVIPOnIngressNetwork(vip *api.Endpoint_VirtualIP) bool { + if vip == nil { + return false + } + + localNet := na.getNetwork(vip.NetworkID) + if localNet != nil && localNet.nw != nil { + return IsIngressNetwork(localNet.nw) + } + return false +} + +// IsIngressNetwork check if the network is an ingress network +func IsIngressNetwork(nw *api.Network) bool { + if nw.Spec.Ingress { + return true + } + // Check if legacy defined ingress network + _, ok := nw.Spec.Annotations.Labels["com.docker.swarm.internal"] + return ok && nw.Spec.Annotations.Name == "ingress" +}