Vendor swarmkit ae52d9d

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>

vendor.conf

@@ -105,7 +105,7 @@ github.com/docker/containerd 9048e5e50717ea4497b757314bad98ea3763c145
 github.com/tonistiigi/fifo 1405643975692217d6720f8b54aeee1bf2cd5cf4
 
 # cluster
-github.com/docker/swarmkit bd105f8afe9609137a48f817ae124295df0e8ef1
+github.com/docker/swarmkit ae52d9de97b91eee978bc2fe411bc85b33eb82dd
 github.com/gogo/protobuf 8d70fb3182befc465c4a1eac8ad4d38ff49778e2
 github.com/cloudflare/cfssl 7fb22c8cba7ecaf98e4082d22d65800cf45e042a
 github.com/google/certificate-transparency d90e65c3a07988180c5b1ece71791c0b6506826e

vendor/github.com/docker/swarmkit/manager/allocator/network.go

@@ -1089,12 +1089,7 @@ func updateTaskStatus(t *api.Task, newStatus api.TaskState, message string) {
 
 // IsIngressNetwork returns whether the passed network is an ingress network.
 func IsIngressNetwork(nw *api.Network) bool {
-	if nw.Spec.Ingress {
-		return true
-	}
-	// Check if legacy defined ingress network
-	_, ok := nw.Spec.Annotations.Labels["com.docker.swarm.internal"]
-	return ok && nw.Spec.Annotations.Name == "ingress"
+	return networkallocator.IsIngressNetwork(nw)
 }
 
 // GetIngressNetwork fetches the ingress network from store.

vendor/github.com/docker/swarmkit/manager/allocator/networkallocator/networkallocator.go

@@ -153,7 +153,7 @@ func (na *NetworkAllocator) Deallocate(n *api.Network) error {
 // IP and ports needed by the service.
 func (na *NetworkAllocator) ServiceAllocate(s *api.Service) (err error) {
 	if err = na.portAllocator.serviceAllocatePorts(s); err != nil {
-		return
+		return err
 	}
 	defer func() {
 		if err != nil {
@@ -183,7 +183,7 @@ func (na *NetworkAllocator) ServiceAllocate(s *api.Service) (err error) {
 		}
 
 		delete(na.services, s.ID)
-		return
+		return nil
 	}
 
 	// Always prefer NetworkAttachmentConfig in the TaskSpec
@@ -194,48 +194,55 @@ func (na *NetworkAllocator) ServiceAllocate(s *api.Service) (err error) {
 
 	// Allocate VIPs for all the pre-populated endpoint attachments
 	eVIPs := s.Endpoint.VirtualIPs[:0]
+
+vipLoop:
 	for _, eAttach := range s.Endpoint.VirtualIPs {
-		match := false
+		if na.IsVIPOnIngressNetwork(eAttach) {
+			if err = na.allocateVIP(eAttach); err != nil {
+				return err
+			}
+			eVIPs = append(eVIPs, eAttach)
+			continue vipLoop
+
+		}
 		for _, nAttach := range specNetworks {
 			if nAttach.Target == eAttach.NetworkID {
-				match = true
 				if err = na.allocateVIP(eAttach); err != nil {
-					return
+					return err
 				}
 				eVIPs = append(eVIPs, eAttach)
-				break
+				continue vipLoop
 			}
 		}
-		//If the network of the VIP is not part of the service spec,
-		//deallocate the vip
-		if !match {
-			na.deallocateVIP(eAttach)
-		}
+		// If the network of the VIP is not part of the service spec,
+		// deallocate the vip
+		na.deallocateVIP(eAttach)
 	}
-	s.Endpoint.VirtualIPs = eVIPs
 
-outer:
+networkLoop:
 	for _, nAttach := range specNetworks {
 		for _, vip := range s.Endpoint.VirtualIPs {
 			if vip.NetworkID == nAttach.Target {
-				continue outer
+				continue networkLoop
 			}
 		}
 
 		vip := &api.Endpoint_VirtualIP{NetworkID: nAttach.Target}
 		if err = na.allocateVIP(vip); err != nil {
-			return
+			return err
 		}
 
-		s.Endpoint.VirtualIPs = append(s.Endpoint.VirtualIPs, vip)
+		eVIPs = append(eVIPs, vip)
 	}
 
-	if len(s.Endpoint.VirtualIPs) > 0 {
+	if len(eVIPs) > 0 {
 		na.services[s.ID] = struct{}{}
 	} else {
 		delete(na.services, s.ID)
 	}
-	return
+
+	s.Endpoint.VirtualIPs = eVIPs
+	return nil
 }
 
 // ServiceDeallocate de-allocates all the network resources such as
@@ -253,6 +260,7 @@ func (na *NetworkAllocator) ServiceDeallocate(s *api.Service) error {
 				WithField("vip.addr", vip.Addr).Error("error deallocating vip")
 		}
 	}
+	s.Endpoint.VirtualIPs = nil
 
 	na.portAllocator.serviceDeallocatePorts(s)
 	delete(na.services, s.ID)
@@ -346,34 +354,33 @@ func (na *NetworkAllocator) ServiceNeedsAllocation(s *api.Service, flags ...func
 			return true
 		}
 
+		// If the spec has networks which don't have a corresponding VIP,
+		// the service needs to be allocated.
+	networkLoop:
 		for _, net := range specNetworks {
-			match := false
 			for _, vip := range s.Endpoint.VirtualIPs {
 				if vip.NetworkID == net.Target {
-					match = true
-					break
+					continue networkLoop
 				}
 			}
-			if !match {
-				return true
-			}
+			return true
 		}
 	}
 
-	//If the spec no longer has networks attached and has a vip allocated
-	//from previous spec the service needs to updated
+	// If the spec no longer has networks attached and has a vip allocated
+	// from previous spec the service needs to allocated.
 	if s.Endpoint != nil {
+	vipLoop:
 		for _, vip := range s.Endpoint.VirtualIPs {
-			match := false
+			if na.IsVIPOnIngressNetwork(vip) {
+				continue vipLoop
+			}
 			for _, net := range specNetworks {
 				if vip.NetworkID == net.Target {
-					match = true
-					break
+					continue vipLoop
 				}
 			}
-			if !match {
-				return true
-			}
+			return true
 		}
 	}
 
@@ -885,3 +892,26 @@ func initializeDrivers(reg *drvregistry.DrvRegistry) error {
 	}
 	return nil
 }
+
+// IsVIPOnIngressNetwork check if the vip is in ingress network
+func (na *NetworkAllocator) IsVIPOnIngressNetwork(vip *api.Endpoint_VirtualIP) bool {
+	if vip == nil {
+		return false
+	}
+
+	localNet := na.getNetwork(vip.NetworkID)
+	if localNet != nil && localNet.nw != nil {
+		return IsIngressNetwork(localNet.nw)
+	}
+	return false
+}
+
+// IsIngressNetwork check if the network is an ingress network
+func IsIngressNetwork(nw *api.Network) bool {
+	if nw.Spec.Ingress {
+		return true
+	}
+	// Check if legacy defined ingress network
+	_, ok := nw.Spec.Annotations.Labels["com.docker.swarm.internal"]
+	return ok && nw.Spec.Annotations.Name == "ingress"
+}