github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-14 05:36:12 +00:00
Code Issues Projects Releases Wiki Activity

Keep host port socket open for kubenet

Browse Source 
When cni is set to kubenet, kubelet should hold the host port socket,
so that other application in this node could not listen/bind this port
any more. However, the sockets are closed accidentally, because
kubelet forget to reconcile the protocol format before comparing.
This commit is contained in:
Cao Shufeng
2016-11-24 04:19:03 -05:00
parent 1dfd64f437
commit 04bc58b6e5
2 changed files with 24 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/kubelet/network/hostport/hostport.go
View File

@@ -370,7 +370,7 @@ func (h *handler) cleanupHostportMap(containerPortMap map[v1.ContainerPort]targe
for containerPort := range containerPortMap { for containerPort := range containerPortMap {
hp := hostport{ hp := hostport{
port: containerPort.HostPort, port: containerPort.HostPort,
protocol: string(containerPort.Protocol), protocol: strings.ToLower(string(containerPort.Protocol)),
} }
currentHostports[hp] = true currentHostports[hp] = true
} }
@@ -379,6 +379,7 @@ func (h *handler) cleanupHostportMap(containerPortMap map[v1.ContainerPort]targe
for hp, socket := range h.hostPortMap { for hp, socket := range h.hostPortMap {
if _, ok := currentHostports[hp]; !ok { if _, ok := currentHostports[hp]; !ok {
socket.Close() socket.Close()
glog.V(3).Infof("Closed local port %s", hp.String())
delete(h.hostPortMap, hp) delete(h.hostPortMap, hp)
} }
} }

22
pkg/kubelet/network/hostport/hostport_test.go
View File

@@ -19,6 +19,7 @@ package hostport
import ( import (
"fmt" "fmt"
"net" "net"
"reflect"
"strings" "strings"
"testing" "testing"
@@ -185,6 +186,17 @@ func TestOpenPodHostports(t *testing.T) {
}) })
} }
// Already running pod's host port
hp := hostport{
tests[1].pod.Spec.Containers[0].Ports[0].HostPort,
strings.ToLower(string(tests[1].pod.Spec.Containers[0].Ports[0].Protocol)),
}
h.hostPortMap[hp] = &fakeSocket{
tests[1].pod.Spec.Containers[0].Ports[0].HostPort,
strings.ToLower(string(tests[1].pod.Spec.Containers[0].Ports[0].Protocol)),
false,
}
err := h.OpenPodHostportsAndSync(&ActivePod{Pod: tests[0].pod, IP: net.ParseIP(tests[0].ip)}, "br0", activePods) err := h.OpenPodHostportsAndSync(&ActivePod{Pod: tests[0].pod, IP: net.ParseIP(tests[0].ip)}, "br0", activePods)
if err != nil { if err != nil {
t.Fatalf("Failed to OpenPodHostportsAndSync: %v", err) t.Fatalf("Failed to OpenPodHostportsAndSync: %v", err)
@@ -220,6 +232,16 @@ func TestOpenPodHostports(t *testing.T) {
} }
} }
} }
// Socket
hostPortMap := map[hostport]closeable{
hostport{123, "tcp"}: &fakeSocket{123, "tcp", false},
hostport{4567, "tcp"}: &fakeSocket{4567, "tcp", false},
hostport{5678, "udp"}: &fakeSocket{5678, "udp", false},
}
if !reflect.DeepEqual(hostPortMap, h.hostPortMap) {
t.Fatalf("Mismatch in expected hostPortMap. Expected '%v', got '%v'", hostPortMap, h.hostPortMap)
}
} }
func matchRule(chain *fakeChain, match string) bool { func matchRule(chain *fakeChain, match string) bool {