Can we support to transmit annotation from CNI to runtime?

[yiya1989]

What is the problem you're trying to solve

Some runtimes like clear containers or kata-containers, the runtimes may not directly use the net devices in the pod's network, so we need transmit some configs like annotations to runtimes which generated by the CNI.
For example, when the ovs-dpdk mode like kata-containers, we need to tell the kata-container runtime to use the specific vhost-user-socket path which created by CNI.
The annotation may be smaple like this:
pod_nic_status: {"eth0":{"address":["172.16.1.98/24"],"path":"/https/github.com/var/run/openvswitch/v-bkufwys4yyryy","katamac":"5e:44:08:1f:35:73","uuid":"0ca76712-63c9-4962-a845-49bc93fbd0d3"}}

Describe the solution you'd like

Now the containerd will run CRI plugin firtly, and then run the runtime flow. I want to allow some var of CNIResult to transmit to the pod container.
One way to like this:

1. Add new var like addations map[string]string in CNIResult
2. Transmit the CNIResult.addations to the pod container annotations

Additional context

`
type Result struct {
Interfaces map[string]*Config
DNS []types.DNS
Routes []*types.Route
raw []*types100.Result
}

`

[fuweid]

I think it should be handled in upstream first. containernetworking/cni#582 :)

[yiya1989]

yes, you are right. but that issue has none update two years, disappointing : (

I think it should be handled in upstream first. containernetworking/cni#582 :)

[fuweid]

cc @MikeZappa87 should we consider this as CNI enhancements? 😄

[MikeZappa87]

@fuweid hey I will take a look at this tomorrow slipped through the cracks!

[aojea]

is not fixed in #5026?

[MikeZappa87]

This looks like the ask is to have the cni result modified to include fields so the runtime can do something with it? I wonder if the NRI would be useful here as well.

[yiya1989]

is not fixed in #5026?

Thanks, this commit can solve my question, but there is none documents about io.kubernetes.cri.pod-annotations in CNI capabilities-runtime-configuration. Wondering is it a official usage and we can use it？

https://github.com/containernetworking/cni/blob/main/CONVENTIONS.md#dynamic-plugin-specific-fields-capabilities--runtime-configuration

[MikeZappa87]

@yiya1989 we are discussing something similar in: containernetworking/cni#1050

The idea behind this is that the CNI result would contain a map[string]string to pass back to the container runtime and then down to the OCI runtime (kata, runc, ...)