Use persistent XPC connection for IP allocation management.

[jglogan]

• Closes [Bug]: IP address exhaustion with container delete --force #1378.
• At present, IP allocation involves four parties: the ContainersService and NetworksService in the API server, the SandboxService running in container-runtime-linux, and the NetworkService running in container-network-vmnet.
• Each NetworkService allocate() requires a corresponding deallocate() or an IP address gets leaked.
• This change gets rid of deallocate() and instead changes allocate() so that the caller received an XPC connection. The caller holds this connection for as long as the network attachment is alive (essentially as long as the container is running). When the connection disconnects, the NetworkService automatically unregisters the hostname:IP association.
• Removed IP allocation from the API server, restoring the old process by which sandboxes directly allocate from networks. To deal with the eventual possibility of more network plugins than container-network-vmnet, the bootstrap call requires an additional parameter networkPluginInfos that is the same size as the attachments array in the container configuration, and identifies the plugin for each attachment.

Type of Change

• Bug fix
• New feature
• Breaking change
• Documentation update

Motivation and Context

• Current network plumbing is complicated and needed simplification.
• The deallocate() call was always a leak hazard.

Testing

• Tested locally
• Added/updated tests
• Added/updated docs

[dcantah]

If we changed this client to the model that some of our others have taken (maintain a long lived xpc connection instead of creating a new one for every request), does this screw things up with this persistent routes idea?

[katiewasnothere]

Maybe this is a naive question, but could this ever cause an issue if we have a lot of running containers with a lot of networks in use?