From 04bc58b6e53c9800a915023569ebc50a1cdfb587 Mon Sep 17 00:00:00 2001 From: Cao Shufeng Date: Thu, 24 Nov 2016 04:19:03 -0500 Subject: [PATCH] Keep host port socket open for kubenet When cni is set to kubenet, kubelet should hold the host port socket, so that other application in this node could not listen/bind this port any more. However, the sockets are closed accidentally, because kubelet forget to reconcile the protocol format before comparing. --- pkg/kubelet/network/hostport/hostport.go | 3 ++- pkg/kubelet/network/hostport/hostport_test.go | 22 +++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/pkg/kubelet/network/hostport/hostport.go b/pkg/kubelet/network/hostport/hostport.go index 273dab10b5c..42f78351a7d 100644 --- a/pkg/kubelet/network/hostport/hostport.go +++ b/pkg/kubelet/network/hostport/hostport.go @@ -370,7 +370,7 @@ func (h *handler) cleanupHostportMap(containerPortMap map[v1.ContainerPort]targe for containerPort := range containerPortMap { hp := hostport{ port: containerPort.HostPort, - protocol: string(containerPort.Protocol), + protocol: strings.ToLower(string(containerPort.Protocol)), } currentHostports[hp] = true } @@ -379,6 +379,7 @@ func (h *handler) cleanupHostportMap(containerPortMap map[v1.ContainerPort]targe for hp, socket := range h.hostPortMap { if _, ok := currentHostports[hp]; !ok { socket.Close() + glog.V(3).Infof("Closed local port %s", hp.String()) delete(h.hostPortMap, hp) } } diff --git a/pkg/kubelet/network/hostport/hostport_test.go b/pkg/kubelet/network/hostport/hostport_test.go index 25cbcc24736..3680ec60b7c 100644 --- a/pkg/kubelet/network/hostport/hostport_test.go +++ b/pkg/kubelet/network/hostport/hostport_test.go @@ -19,6 +19,7 @@ package hostport import ( "fmt" "net" + "reflect" "strings" "testing" @@ -185,6 +186,17 @@ func TestOpenPodHostports(t *testing.T) { }) } + // Already running pod's host port + hp := hostport{ + tests[1].pod.Spec.Containers[0].Ports[0].HostPort, + strings.ToLower(string(tests[1].pod.Spec.Containers[0].Ports[0].Protocol)), + } + h.hostPortMap[hp] = &fakeSocket{ + tests[1].pod.Spec.Containers[0].Ports[0].HostPort, + strings.ToLower(string(tests[1].pod.Spec.Containers[0].Ports[0].Protocol)), + false, + } + err := h.OpenPodHostportsAndSync(&ActivePod{Pod: tests[0].pod, IP: net.ParseIP(tests[0].ip)}, "br0", activePods) if err != nil { t.Fatalf("Failed to OpenPodHostportsAndSync: %v", err) @@ -220,6 +232,16 @@ func TestOpenPodHostports(t *testing.T) { } } } + + // Socket + hostPortMap := map[hostport]closeable{ + hostport{123, "tcp"}: &fakeSocket{123, "tcp", false}, + hostport{4567, "tcp"}: &fakeSocket{4567, "tcp", false}, + hostport{5678, "udp"}: &fakeSocket{5678, "udp", false}, + } + if !reflect.DeepEqual(hostPortMap, h.hostPortMap) { + t.Fatalf("Mismatch in expected hostPortMap. Expected '%v', got '%v'", hostPortMap, h.hostPortMap) + } } func matchRule(chain *fakeChain, match string) bool {