From 9140ce07bcf20303c4d9d6e484583c578aa6f2d6 Mon Sep 17 00:00:00 2001 From: Yifan Gu Date: Wed, 22 Jun 2016 17:52:12 -0700 Subject: [PATCH] kubenet: Fix host port for rktnetes. Because rkt pod runs after plugin.SetUpPod() is called, so getRunningPods() does not return the newly created pod, which causes the hostport iptable rules to be missing for this new pod. --- pkg/kubelet/network/hostport/hostport.go | 18 +++++++++++++++--- pkg/kubelet/network/hostport/hostport_test.go | 2 +- pkg/kubelet/network/hostport/testing/fake.go | 5 ++--- pkg/kubelet/network/kubenet/kubenet_linux.go | 4 +++- 4 files changed, 21 insertions(+), 8 deletions(-) diff --git a/pkg/kubelet/network/hostport/hostport.go b/pkg/kubelet/network/hostport/hostport.go index 23587e2fde3..10ce366ec82 100644 --- a/pkg/kubelet/network/hostport/hostport.go +++ b/pkg/kubelet/network/hostport/hostport.go @@ -42,7 +42,7 @@ const ( ) type HostportHandler interface { - OpenPodHostportsAndSync(newPod *api.Pod, natInterfaceName string, runningPods []*RunningPod) error + OpenPodHostportsAndSync(newPod *RunningPod, natInterfaceName string, runningPods []*RunningPod) error SyncHostports(natInterfaceName string, runningPods []*RunningPod) error } @@ -172,12 +172,24 @@ func hostportChainName(cp api.ContainerPort, podFullName string) utiliptables.Ch // OpenPodHostportsAndSync opens hostports for a new pod, gathers all hostports on // node, sets up iptables rules enable them. And finally clean up stale hostports -func (h *handler) OpenPodHostportsAndSync(newPod *api.Pod, natInterfaceName string, runningPods []*RunningPod) error { +func (h *handler) OpenPodHostportsAndSync(newPod *RunningPod, natInterfaceName string, runningPods []*RunningPod) error { // try to open pod host port if specified - if err := h.openHostports(newPod); err != nil { + if err := h.openHostports(newPod.Pod); err != nil { return err } + // Add the new pod to running pods if it's not running already (e.g. in rkt's case). + var found bool + for _, p := range runningPods { + if p.Pod.UID == newPod.Pod.UID { + found = true + break + } + } + if !found { + runningPods = append(runningPods, newPod) + } + return h.SyncHostports(natInterfaceName, runningPods) } diff --git a/pkg/kubelet/network/hostport/hostport_test.go b/pkg/kubelet/network/hostport/hostport_test.go index 5b8159c3ef0..18fa8651653 100644 --- a/pkg/kubelet/network/hostport/hostport_test.go +++ b/pkg/kubelet/network/hostport/hostport_test.go @@ -185,7 +185,7 @@ func TestOpenPodHostports(t *testing.T) { }) } - err := h.OpenPodHostportsAndSync(tests[0].pod, "br0", runningPods) + err := h.OpenPodHostportsAndSync(&RunningPod{Pod: tests[0].pod, IP: net.ParseIP(tests[0].ip)}, "br0", runningPods) if err != nil { t.Fatalf("Failed to OpenPodHostportsAndSync: %v", err) } diff --git a/pkg/kubelet/network/hostport/testing/fake.go b/pkg/kubelet/network/hostport/testing/fake.go index d2032741375..f5ce6b94cf0 100644 --- a/pkg/kubelet/network/hostport/testing/fake.go +++ b/pkg/kubelet/network/hostport/testing/fake.go @@ -19,7 +19,6 @@ package testing import ( "fmt" - "k8s.io/kubernetes/pkg/api" kubecontainer "k8s.io/kubernetes/pkg/kubelet/container" "k8s.io/kubernetes/pkg/kubelet/network/hostport" ) @@ -30,8 +29,8 @@ func NewFakeHostportHandler() hostport.HostportHandler { return &fakeHandler{} } -func (h *fakeHandler) OpenPodHostportsAndSync(newPod *api.Pod, natInterfaceName string, runningPods []*hostport.RunningPod) error { - return h.SyncHostports(natInterfaceName, runningPods) +func (h *fakeHandler) OpenPodHostportsAndSync(newPod *hostport.RunningPod, natInterfaceName string, runningPods []*hostport.RunningPod) error { + return h.SyncHostports(natInterfaceName, append(runningPods, newPod)) } func (h *fakeHandler) SyncHostports(natInterfaceName string, runningPods []*hostport.RunningPod) error { diff --git a/pkg/kubelet/network/kubenet/kubenet_linux.go b/pkg/kubelet/network/kubenet/kubenet_linux.go index bc90b7b3d40..f51b5696131 100644 --- a/pkg/kubelet/network/kubenet/kubenet_linux.go +++ b/pkg/kubelet/network/kubenet/kubenet_linux.go @@ -348,7 +348,9 @@ func (plugin *kubenetNetworkPlugin) setup(namespace string, name string, id kube if err != nil { return err } - if err := plugin.hostportHandler.OpenPodHostportsAndSync(pod, BridgeName, runningPods); err != nil { + + newPod := &hostport.RunningPod{Pod: pod, IP: ip4} + if err := plugin.hostportHandler.OpenPodHostportsAndSync(newPod, BridgeName, runningPods); err != nil { return err }