github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-27 05:27:21 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #5973 from ArtfulCoder/pause_no_port_forward_for_net_host

Browse Source 
Stop port forwarding from pause in net=host mode
This commit is contained in:
Victor Marmol 2015-03-25 18:13:04 -07:00
commit 8183a4805e
2 changed files with 32 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
pkg/kubelet/kubelet.go
View File

@ -1023,12 +1023,21 @@ func allowHostNetwork(pod *api.Pod) (bool, error) {
// createPodInfraContainer starts the pod infra container for a pod. Returns the docker container ID of the newly created container. // createPodInfraContainer starts the pod infra container for a pod. Returns the docker container ID of the newly created container.
func (kl *Kubelet) createPodInfraContainer(pod *api.Pod) (dockertools.DockerID, error) { func (kl *Kubelet) createPodInfraContainer(pod *api.Pod) (dockertools.DockerID, error) {
// Use host networking if specified and allowed.
netNamespace := ""
var ports []api.ContainerPort var ports []api.ContainerPort
if pod.Spec.HostNetwork {
netNamespace = "host"
} else {
// Docker only exports ports from the pod infra container. Let's // Docker only exports ports from the pod infra container. Let's
// collect all of the relevant ports and export them. // collect all of the relevant ports and export them.
for _, container := range pod.Spec.Containers { for _, container := range pod.Spec.Containers {
ports = append(ports, container.Ports...) ports = append(ports, container.Ports...)
} }
}
container := &api.Container{ container := &api.Container{
Name: dockertools.PodInfraContainerName, Name: dockertools.PodInfraContainerName,
Image: kl.podInfraContainerImage, Image: kl.podInfraContainerImage,
@ -1055,20 +1064,6 @@ func (kl *Kubelet) createPodInfraContainer(pod *api.Pod) (dockertools.DockerID,
kl.recorder.Eventf(ref, "pulled", "Successfully pulled image %q", container.Image) kl.recorder.Eventf(ref, "pulled", "Successfully pulled image %q", container.Image)
} }
// Use host networking if specified and allowed.
netNamespace := ""
if pod.Spec.HostNetwork {
allowed, err := allowHostNetwork(pod)
if err != nil {
return "", err
}
if !allowed {
return "", fmt.Errorf("pod with UID %q specified host networking, but is disallowed", pod.UID)
}
netNamespace = "host"
}
id, err := kl.runContainer(pod, container, nil, netNamespace, "") id, err := kl.runContainer(pod, container, nil, netNamespace, "")
if err != nil { if err != nil {
return "", err return "", err
@ -1364,9 +1359,26 @@ func (kl *Kubelet) computePodContainerChanges(pod *api.Pod, runningPod kubeconta
}, nil }, nil
} }
func (kl *Kubelet) canRunPod(pod *api.Pod) error {
if pod.Spec.HostNetwork {
allowed, err := allowHostNetwork(pod)
if err != nil {
return err
}
if !allowed {
return fmt.Errorf("pod with UID %q specified host networking, but is disallowed", pod.UID)
}
}
return nil
}
func (kl *Kubelet) syncPod(pod *api.Pod, mirrorPod *api.Pod, runningPod kubecontainer.Pod) error { func (kl *Kubelet) syncPod(pod *api.Pod, mirrorPod *api.Pod, runningPod kubecontainer.Pod) error {
podFullName := kubecontainer.GetPodFullName(pod) podFullName := kubecontainer.GetPodFullName(pod)
uid := pod.UID uid := pod.UID
err := kl.canRunPod(pod)
if err != nil {
return err
}
// Before returning, regenerate status and store it in the cache. // Before returning, regenerate status and store it in the cache.
defer func() { defer func() {

4
pkg/kubelet/kubelet_test.go
View File

@ -3495,7 +3495,7 @@ func TestHostNetworkAllowed(t *testing.T) {
HostNetwork: true, HostNetwork: true,
}, },
} }
_, err := kubelet.createPodInfraContainer(pod) err := kubelet.syncPod(pod, nil, container.Pod{})
if err != nil { if err != nil {
t.Errorf("expected pod infra creation to succeed: %v", err) t.Errorf("expected pod infra creation to succeed: %v", err)
} }
@ -3524,7 +3524,7 @@ func TestHostNetworkDisallowed(t *testing.T) {
HostNetwork: true, HostNetwork: true,
}, },
} }
_, err := kubelet.createPodInfraContainer(pod) err := kubelet.syncPod(pod, nil, container.Pod{})
if err == nil { if err == nil {
t.Errorf("expected pod infra creation to fail") t.Errorf("expected pod infra creation to fail")
} }