From 72129ee3fbd02a70550a0519095f3e515f6d032f Mon Sep 17 00:00:00 2001 From: Samuel Ortiz Date: Fri, 24 Mar 2017 15:28:14 +0100 Subject: [PATCH 1/2] sandbox: Track and store the pod resolv.conf path When we get a pod with DNS settings, we need to build a resolv.conf file and mount it in all pod containers. In order to do that, we have to track the built resolv.conf file and store/load it. Signed-off-by: Samuel Ortiz --- server/sandbox.go | 1 + server/sandbox_run.go | 6 ++++-- server/server.go | 1 + 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/server/sandbox.go b/server/sandbox.go index 65868a9f..8ed20b64 100644 --- a/server/sandbox.go +++ b/server/sandbox.go @@ -140,6 +140,7 @@ type sandbox struct { shmPath string cgroupParent string privileged bool + resolvPath string } const ( diff --git a/server/sandbox_run.go b/server/sandbox_run.go index c978582a..9d8f606a 100644 --- a/server/sandbox_run.go +++ b/server/sandbox_run.go @@ -66,7 +66,7 @@ func (s *Server) runContainer(container *oci.Container, cgroupParent string) err // RunPodSandbox creates and runs a pod-level sandbox. func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest) (resp *pb.RunPodSandboxResponse, err error) { logrus.Debugf("RunPodSandboxRequest %+v", req) - var processLabel, mountLabel, netNsPath string + var processLabel, mountLabel, netNsPath, resolvPath string // process req.Name name := req.GetConfig().GetMetadata().Name if name == "" { @@ -160,7 +160,7 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest dnsServers := req.GetConfig().GetDnsConfig().Servers dnsSearches := req.GetConfig().GetDnsConfig().Searches dnsOptions := req.GetConfig().GetDnsConfig().Options - resolvPath := fmt.Sprintf("%s/resolv.conf", podContainer.RunDir) + resolvPath = fmt.Sprintf("%s/resolv.conf", podContainer.RunDir) err = parseDNSOptions(dnsServers, dnsSearches, dnsOptions, resolvPath) if err != nil { err1 := removeFile(resolvPath) @@ -258,6 +258,7 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest g.AddAnnotation("ocid/container_id", id) g.AddAnnotation("ocid/shm_path", shmPath) g.AddAnnotation("ocid/privileged_runtime", fmt.Sprintf("%v", privileged)) + g.AddAnnotation("ocid/resolv_path", resolvPath) sb := &sandbox{ id: id, @@ -271,6 +272,7 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest metadata: metadata, shmPath: shmPath, privileged: privileged, + resolvPath: resolvPath, } s.addSandbox(sb) diff --git a/server/server.go b/server/server.go index 150f98b8..69eaad7e 100644 --- a/server/server.go +++ b/server/server.go @@ -187,6 +187,7 @@ func (s *Server) loadSandbox(id string) error { metadata: &metadata, shmPath: m.Annotations["ocid/shm_path"], privileged: privileged, + resolvPath: m.Annotations["ocid/resolv_path"], } // We add a netNS only if we can load a permanent one. From 48a297ed7b6a64775e2fa603e8c98e2f8636a9cf Mon Sep 17 00:00:00 2001 From: Samuel Ortiz Date: Fri, 24 Mar 2017 15:32:16 +0100 Subject: [PATCH 2/2] container: Propagate the pod sandbox resolv.conf mount point When a pod sandbox comes with DNS settings, the resulting resolv.conf file needs to be bind mounted in all pod containers under /etc/resolv.conf. Signed-off-by: Samuel Ortiz --- server/container_create.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/server/container_create.go b/server/container_create.go index 8ef2cce7..fe8b8c0a 100644 --- a/server/container_create.go +++ b/server/container_create.go @@ -407,6 +407,11 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string, // bind mount the pod shm specgen.AddBindMount(sb.shmPath, "/dev/shm", []string{"rw"}) + if sb.resolvPath != "" { + // bind mount the pod resolver file + specgen.AddBindMount(sb.resolvPath, "/etc/resolv.conf", []string{"ro"}) + } + specgen.AddAnnotation("ocid/name", containerName) specgen.AddAnnotation("ocid/sandbox_id", sb.id) specgen.AddAnnotation("ocid/sandbox_name", sb.infraContainer.Name())