Merge pull request #6733 from xiang90/kub_cap

pkg/kubelet: move the capabilities related code to util.go
2025-08-01 07:47:56 +00:00 · 2015-04-13 09:02:36 -07:00 · 2015-04-13 09:02:36 -07:00 · ab68bcb97f
commit ab68bcb97f
parent 4e3b4bd10e cef744ecaa
2 changed files with 32 additions and 31 deletions
--- a/pkg/kubelet/kubelet.go
+++ b/pkg/kubelet/kubelet.go
@ -32,7 +32,6 @@ import (

 	"github.com/GoogleCloudPlatform/kubernetes/pkg/api"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/api/validation"
-	"github.com/GoogleCloudPlatform/kubernetes/pkg/capabilities"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/client"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/client/cache"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/client/record"
@ -851,20 +850,6 @@ func (kl *Kubelet) killContainerByID(ID string) error {
 	return err
 }

-// Determined whether the specified pod is allowed to use host networking
-func allowHostNetwork(pod *api.Pod) (bool, error) {
-	podSource, err := getPodSource(pod)
-	if err != nil {
-		return false, err
-	}
-	for _, source := range capabilities.Get().HostNetworkSources {
-		if source == podSource {
-			return true, nil
-		}
-	}
-	return false, nil
-}
-
 // createPodInfraContainer starts the pod infra container for a pod. Returns the docker container ID of the newly created container.
 func (kl *Kubelet) createPodInfraContainer(pod *api.Pod) (dockertools.DockerID, error) {

@ -1209,21 +1194,6 @@ func (kl *Kubelet) computePodContainerChanges(pod *api.Pod, runningPod kubeconta
 	}, nil
 }

-// Check whether we can run the specified pod.
-func (kl *Kubelet) canRunPod(pod *api.Pod) error {
-	if pod.Spec.HostNetwork {
-		allowed, err := allowHostNetwork(pod)
-		if err != nil {
-			return err
-		}
-		if !allowed {
-			return fmt.Errorf("pod with UID %q specified host networking, but is disallowed", pod.UID)
-		}
-	}
-	// TODO(vmarmol): Check Privileged too.
-	return nil
-}
-
 func (kl *Kubelet) syncPod(pod *api.Pod, mirrorPod *api.Pod, runningPod kubecontainer.Pod) error {
 	podFullName := kubecontainer.GetPodFullName(pod)
 	uid := pod.UID
@ -1248,7 +1218,7 @@ func (kl *Kubelet) syncPod(pod *api.Pod, mirrorPod *api.Pod, runningPod kubecont
 	}()

 	// Kill pods we can't run.
-	err := kl.canRunPod(pod)
+	err := canRunPod(pod)
 	if err != nil {
 		kl.killPod(runningPod)
 		return err
--- a/pkg/kubelet/util.go
+++ b/pkg/kubelet/util.go
@ -17,6 +17,8 @@ limitations under the License.
 package kubelet

 import (
+	"fmt"
+
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/api"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/api/resource"
 	cadvisorApi "github.com/google/cadvisor/info/v1"
@ -33,3 +35,32 @@ func CapacityFromMachineInfo(info *cadvisorApi.MachineInfo) api.ResourceList {
 	}
 	return c
 }
+
+// Check whether we have the capabilities to run the specified pod.
+func canRunPod(pod *api.Pod) error {
+	if pod.Spec.HostNetwork {
+		allowed, err := allowHostNetwork(pod)
+		if err != nil {
+			return err
+		}
+		if !allowed {
+			return fmt.Errorf("pod with UID %q specified host networking, but is disallowed", pod.UID)
+		}
+	}
+	// TODO(vmarmol): Check Privileged too.
+	return nil
+}
+
+// Determined whether the specified pod is allowed to use host networking
+func allowHostNetwork(pod *api.Pod) (bool, error) {
+	podSource, err := getPodSource(pod)
+	if err != nil {
+		return false, err
+	}
+	for _, source := range capabilities.Get().HostNetworkSources {
+		if source == podSource {
+			return true, nil
+		}
+	}
+	return false, nil
+}