Merge pull request #14279 from pweil-/ipc-followup

Auto commit by PR queue bot
2025-07-23 19:56:01 +00:00 · 2015-09-22 07:28:07 -07:00 · 2015-09-22 07:28:07 -07:00 · e535e27e82
commit e535e27e82
parent 014947c16c 20361e33f2
3 changed files with 24 additions and 6 deletions
--- a/pkg/api/validation/validation_test.go
+++ b/pkg/api/validation/validation_test.go
@ -1259,6 +1259,20 @@ func TestValidatePodSpec(t *testing.T) {
 			RestartPolicy: api.RestartPolicyAlways,
 			DNSPolicy:     api.DNSClusterFirst,
 		},
+		{ // Populate HostIPC.
+			HostIPC:       true,
+			Volumes:       []api.Volume{{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}}},
+			Containers:    []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
+			RestartPolicy: api.RestartPolicyAlways,
+			DNSPolicy:     api.DNSClusterFirst,
+		},
+		{ // Populate HostPID.
+			HostPID:       true,
+			Volumes:       []api.Volume{{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}}},
+			Containers:    []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}},
+			RestartPolicy: api.RestartPolicyAlways,
+			DNSPolicy:     api.DNSClusterFirst,
+		},
 	}
 	for i := range successCases {
 		if errs := ValidatePodSpec(&successCases[i]); len(errs) != 0 {
@ -1306,7 +1320,6 @@ func TestValidatePodSpec(t *testing.T) {
 				},
 			},
 			HostNetwork:   true,
-			HostIPC:       true,
 			RestartPolicy: api.RestartPolicyAlways,
 			DNSPolicy:     api.DNSClusterFirst,
 		},
--- a/pkg/kubelet/dockertools/manager.go
+++ b/pkg/kubelet/dockertools/manager.go
@ -1557,7 +1557,7 @@ func (dm *DockerManager) createPodInfraContainer(pod *api.Pod) (kubeletTypes.Doc
 		return "", err
 	}

-	id, err := dm.runContainerInPod(pod, container, netNamespace, getIPCMode(pod, ""), getPidMode(pod))
+	id, err := dm.runContainerInPod(pod, container, netNamespace, getIPCMode(pod), getPidMode(pod))
 	if err != nil {
 		return "", err
 	}
@ -1812,8 +1812,12 @@ func (dm *DockerManager) SyncPod(pod *api.Pod, runningPod kubecontainer.Pod, pod
 		}

 		// TODO(dawnchen): Check RestartPolicy.DelaySeconds before restart a container
+		// Note: when configuring the pod's containers anything that can be configured by pointing
+		// to the namespace of the infra container should use namespaceMode.  This includes things like the net namespace
+		// and IPC namespace.  PID mode cannot point to another container right now.
+		// See createPodInfraContainer for infra container setup.
 		namespaceMode := fmt.Sprintf("container:%v", podInfraContainerID)
-		_, err = dm.runContainerInPod(pod, container, namespaceMode, getIPCMode(pod, namespaceMode), getPidMode(pod))
+		_, err = dm.runContainerInPod(pod, container, namespaceMode, namespaceMode, getPidMode(pod))
 		dm.updateReasonCache(pod, container, "RunContainerError", err)
 		if err != nil {
 			// TODO(bburns) : Perhaps blacklist a container after N failures?
@ -1938,7 +1942,8 @@ func getPidMode(pod *api.Pod) string {
 }

 // getIPCMode returns the ipc mode to use on the docker container based on pod.Spec.HostIPC.
-func getIPCMode(pod *api.Pod, ipcMode string) string {
+func getIPCMode(pod *api.Pod) string {
+	ipcMode := ""
 	if pod.Spec.HostIPC {
 		ipcMode = "host"
 	}
--- a/pkg/kubelet/dockertools/manager_test.go
+++ b/pkg/kubelet/dockertools/manager_test.go
@ -2071,7 +2071,7 @@ func TestGetPidMode(t *testing.T) {
 func TestGetIPCMode(t *testing.T) {
 	// test false
 	pod := &api.Pod{}
-	ipcMode := getIPCMode(pod, "")
+	ipcMode := getIPCMode(pod)

 	if ipcMode != "" {
 		t.Errorf("expected empty ipc mode for pod but got %v", ipcMode)
@ -2079,7 +2079,7 @@ func TestGetIPCMode(t *testing.T) {

 	// test true
 	pod.Spec.HostIPC = true
-	ipcMode = getIPCMode(pod, "")
+	ipcMode = getIPCMode(pod)
 	if ipcMode != "host" {
 		t.Errorf("expected host ipc mode for pod but got %v", ipcMode)
 	}