From 0b90dfba3a9f89bc1783b7cbed90258bbe4583db Mon Sep 17 00:00:00 2001 From: Lv Lv Date: Wed, 19 Aug 2015 13:02:10 +0800 Subject: [PATCH 1/2] use host uts namespace when pod.Spec.HostNetwork is true --- pkg/kubelet/dockertools/manager.go | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/pkg/kubelet/dockertools/manager.go b/pkg/kubelet/dockertools/manager.go index 29405ac9f7f..80855452d7e 100644 --- a/pkg/kubelet/dockertools/manager.go +++ b/pkg/kubelet/dockertools/manager.go @@ -572,7 +572,8 @@ func (dm *DockerManager) runContainer( opts *kubecontainer.RunContainerOptions, ref *api.ObjectReference, netMode string, - ipcMode string) (string, error) { + ipcMode string, + utsMode string) (string, error) { dockerName := KubeletContainerName{ PodFullName: kubecontainer.GetPodFullName(pod), @@ -679,6 +680,7 @@ func (dm *DockerManager) runContainer( Binds: binds, NetworkMode: netMode, IpcMode: ipcMode, + UTSMode: utsMode, // Memory and CPU are set here for newer versions of Docker (1.6+). Memory: memoryLimit, MemorySwap: -1, @@ -1240,7 +1242,11 @@ func (dm *DockerManager) runContainerInPod(pod *api.Pod, container *api.Containe return "", err } - id, err := dm.runContainer(pod, container, opts, ref, netMode, ipcMode) + utsMode := "" + if pod.Spec.HostNetwork { + utsMode = "host" + } + id, err := dm.runContainer(pod, container, opts, ref, netMode, ipcMode, utsMode) if err != nil { return "", err } From 7cf9ee19c702ab6173057787293c239bd83ce3b6 Mon Sep 17 00:00:00 2001 From: Lv Lv Date: Wed, 19 Aug 2015 16:56:19 +0800 Subject: [PATCH 2/2] add test for utsMode change --- pkg/kubelet/dockertools/manager.go | 2 +- pkg/kubelet/dockertools/manager_test.go | 40 +++++++++++++++++++++++++ 2 files changed, 41 insertions(+), 1 deletion(-) diff --git a/pkg/kubelet/dockertools/manager.go b/pkg/kubelet/dockertools/manager.go index 80855452d7e..3a32ee95b55 100644 --- a/pkg/kubelet/dockertools/manager.go +++ b/pkg/kubelet/dockertools/manager.go @@ -1309,7 +1309,7 @@ func (dm *DockerManager) runContainerInPod(pod *api.Pod, container *api.Containe // This resolv.conf file is shared by all containers of the same pod, and needs to be modified only once per pod. // we modify it when the pause container is created since it is the first container created in the pod since it holds // the networking namespace. - if container.Name == PodInfraContainerName { + if container.Name == PodInfraContainerName && utsMode != "host" { err = addNDotsOption(containerInfo.ResolvConfPath) } diff --git a/pkg/kubelet/dockertools/manager_test.go b/pkg/kubelet/dockertools/manager_test.go index 3fdb78d2e63..3f76372a6e2 100644 --- a/pkg/kubelet/dockertools/manager_test.go +++ b/pkg/kubelet/dockertools/manager_test.go @@ -1991,6 +1991,46 @@ func TestSyncPodWithTerminationLog(t *testing.T) { } } +func TestSyncPodWithHostNetwork(t *testing.T) { + dm, fakeDocker := newTestDockerManager() + pod := &api.Pod{ + ObjectMeta: api.ObjectMeta{ + UID: "12345678", + Name: "foo", + Namespace: "new", + }, + Spec: api.PodSpec{ + Containers: []api.Container{ + {Name: "bar"}, + }, + HostNetwork: true, + }, + } + + runSyncPod(t, dm, fakeDocker, pod) + + verifyCalls(t, fakeDocker, []string{ + // Create pod infra container. + "create", "start", "inspect_container", + // Create container. + "create", "start", "inspect_container", + }) + + fakeDocker.Lock() + if len(fakeDocker.Created) != 2 || + !matchString(t, "k8s_POD\\.[a-f0-9]+_foo_new_", fakeDocker.Created[0]) || + !matchString(t, "k8s_bar\\.[a-f0-9]+_foo_new_", fakeDocker.Created[1]) { + t.Errorf("Unexpected containers created %v", fakeDocker.Created) + } + + utsMode := fakeDocker.Container.HostConfig.UTSMode + if utsMode != "host" { + t.Errorf("Pod with host network must have \"host\" utsMode, actual: \"%v\"", utsMode) + } + + fakeDocker.Unlock() +} + func TestGetPodStatusSortedContainers(t *testing.T) { dm, fakeDocker := newTestDockerManager() dockerInspect := map[string]*docker.Container{}