Merge pull request #12895 from lvlv/uts

use host uts namespace when pod.Spec.HostNetwork is true
2025-07-29 22:46:12 +00:00 · 2015-08-20 17:26:03 -07:00 · 2015-08-20 17:26:03 -07:00 · 1db153cee3
commit 1db153cee3
parent a90b67f276 7cf9ee19c7
2 changed files with 49 additions and 3 deletions
--- a/pkg/kubelet/dockertools/manager.go
+++ b/pkg/kubelet/dockertools/manager.go
@ -572,7 +572,8 @@ func (dm *DockerManager) runContainer(
 	opts *kubecontainer.RunContainerOptions,
 	ref *api.ObjectReference,
 	netMode string,
-	ipcMode string) (string, error) {
+	ipcMode string,
+	utsMode string) (string, error) {

 	dockerName := KubeletContainerName{
 		PodFullName:   kubecontainer.GetPodFullName(pod),
@ -679,6 +680,7 @@ func (dm *DockerManager) runContainer(
 		Binds:        binds,
 		NetworkMode:  netMode,
 		IpcMode:      ipcMode,
+		UTSMode:      utsMode,
 		// Memory and CPU are set here for newer versions of Docker (1.6+).
 		Memory:     memoryLimit,
 		MemorySwap: -1,
@ -1240,7 +1242,11 @@ func (dm *DockerManager) runContainerInPod(pod *api.Pod, container *api.Containe
 		return "", err
 	}

-	id, err := dm.runContainer(pod, container, opts, ref, netMode, ipcMode)
+	utsMode := ""
+	if pod.Spec.HostNetwork {
+		utsMode = "host"
+	}
+	id, err := dm.runContainer(pod, container, opts, ref, netMode, ipcMode, utsMode)
 	if err != nil {
 		return "", err
 	}
@ -1303,7 +1309,7 @@ func (dm *DockerManager) runContainerInPod(pod *api.Pod, container *api.Containe
 	// This resolv.conf file is shared by all containers of the same pod, and needs to be modified only once per pod.
 	// we modify it when the pause container is created since it is the first container created in the pod since it holds
 	// the networking namespace.
-	if container.Name == PodInfraContainerName {
+	if container.Name == PodInfraContainerName && utsMode != "host" {
 		err = addNDotsOption(containerInfo.ResolvConfPath)
 	}

--- a/pkg/kubelet/dockertools/manager_test.go
+++ b/pkg/kubelet/dockertools/manager_test.go
@ -1991,6 +1991,46 @@ func TestSyncPodWithTerminationLog(t *testing.T) {
 	}
 }

+func TestSyncPodWithHostNetwork(t *testing.T) {
+	dm, fakeDocker := newTestDockerManager()
+	pod := &api.Pod{
+		ObjectMeta: api.ObjectMeta{
+			UID:       "12345678",
+			Name:      "foo",
+			Namespace: "new",
+		},
+		Spec: api.PodSpec{
+			Containers: []api.Container{
+				{Name: "bar"},
+			},
+			HostNetwork: true,
+		},
+	}
+
+	runSyncPod(t, dm, fakeDocker, pod)
+
+	verifyCalls(t, fakeDocker, []string{
+		// Create pod infra container.
+		"create", "start", "inspect_container",
+		// Create container.
+		"create", "start", "inspect_container",
+	})
+
+	fakeDocker.Lock()
+	if len(fakeDocker.Created) != 2 ||
+		!matchString(t, "k8s_POD\\.[a-f0-9]+_foo_new_", fakeDocker.Created[0]) ||
+		!matchString(t, "k8s_bar\\.[a-f0-9]+_foo_new_", fakeDocker.Created[1]) {
+		t.Errorf("Unexpected containers created %v", fakeDocker.Created)
+	}
+
+	utsMode := fakeDocker.Container.HostConfig.UTSMode
+	if utsMode != "host" {
+		t.Errorf("Pod with host network must have \"host\" utsMode, actual: \"%v\"", utsMode)
+	}
+
+	fakeDocker.Unlock()
+}
+
 func TestGetPodStatusSortedContainers(t *testing.T) {
 	dm, fakeDocker := newTestDockerManager()
 	dockerInspect := map[string]*docker.Container{}