sandbox: record whether sb is using host network
We need to record whether the sandbox is using hostnetwok because the kubelet needs that information when computing pod changes. Without this patch it could happen that a pod that's using host network is restarted just because the sandbox's status isn't reporting that it's running using host network. Signed-off-by: Antonio Murdaca <runcom@redhat.com>
This commit is contained in:
parent
9128ffc226
commit
ab204b6641
5 changed files with 27 additions and 0 deletions
|
@ -340,6 +340,7 @@ func (c *ContainerServer) LoadSandbox(id string) error {
|
||||||
|
|
||||||
privileged := isTrue(m.Annotations[annotations.PrivilegedRuntime])
|
privileged := isTrue(m.Annotations[annotations.PrivilegedRuntime])
|
||||||
trusted := isTrue(m.Annotations[annotations.TrustedSandbox])
|
trusted := isTrue(m.Annotations[annotations.TrustedSandbox])
|
||||||
|
hostNetwork := isTrue(m.Annotations[annotations.HostNetwork])
|
||||||
|
|
||||||
sb, err := sandbox.New(id, m.Annotations[annotations.Namespace], name, m.Annotations[annotations.KubeName], filepath.Dir(m.Annotations[annotations.LogPath]), labels, kubeAnnotations, processLabel, mountLabel, &metadata, m.Annotations[annotations.ShmPath], m.Annotations[annotations.CgroupParent], privileged, trusted, m.Annotations[annotations.ResolvPath], m.Annotations[annotations.HostName], portMappings)
|
sb, err := sandbox.New(id, m.Annotations[annotations.Namespace], name, m.Annotations[annotations.KubeName], filepath.Dir(m.Annotations[annotations.LogPath]), labels, kubeAnnotations, processLabel, mountLabel, &metadata, m.Annotations[annotations.ShmPath], m.Annotations[annotations.CgroupParent], privileged, trusted, m.Annotations[annotations.ResolvPath], m.Annotations[annotations.HostName], portMappings)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -348,6 +349,7 @@ func (c *ContainerServer) LoadSandbox(id string) error {
|
||||||
sb.AddHostnamePath(m.Annotations[annotations.HostnamePath])
|
sb.AddHostnamePath(m.Annotations[annotations.HostnamePath])
|
||||||
sb.AddIP(ip)
|
sb.AddIP(ip)
|
||||||
sb.SetSeccompProfilePath(spp)
|
sb.SetSeccompProfilePath(spp)
|
||||||
|
sb.SetHostNetwork(hostNetwork)
|
||||||
|
|
||||||
// We add a netNS only if we can load a permanent one.
|
// We add a netNS only if we can load a permanent one.
|
||||||
// Otherwise, the sandbox will live in the host namespace.
|
// Otherwise, the sandbox will live in the host namespace.
|
||||||
|
|
|
@ -160,6 +160,7 @@ type Sandbox struct {
|
||||||
ip string
|
ip string
|
||||||
seccompProfilePath string
|
seccompProfilePath string
|
||||||
created time.Time
|
created time.Time
|
||||||
|
hostNetwork bool
|
||||||
}
|
}
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
@ -224,6 +225,16 @@ func (s *Sandbox) AddIP(ip string) {
|
||||||
s.ip = ip
|
s.ip = ip
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// SetHostNetwork sets whether the pod is running using host network
|
||||||
|
func (s *Sandbox) SetHostNetwork(hn bool) {
|
||||||
|
s.hostNetwork = hn
|
||||||
|
}
|
||||||
|
|
||||||
|
// HostNetwork returns whether the pod is using host network
|
||||||
|
func (s *Sandbox) HostNetwork() bool {
|
||||||
|
return s.hostNetwork
|
||||||
|
}
|
||||||
|
|
||||||
// IP returns the ip of the sandbox
|
// IP returns the ip of the sandbox
|
||||||
func (s *Sandbox) IP() string {
|
func (s *Sandbox) IP() string {
|
||||||
return s.ip
|
return s.ip
|
||||||
|
|
|
@ -25,6 +25,9 @@ const (
|
||||||
// IP is the container ipv4 or ipv6 address
|
// IP is the container ipv4 or ipv6 address
|
||||||
IP = "io.kubernetes.cri-o.IP"
|
IP = "io.kubernetes.cri-o.IP"
|
||||||
|
|
||||||
|
// HostNetwork tells whether the sandbox is using hostnetwork
|
||||||
|
HostNetwork = "io.kubernetes.cri-o.HostNetwork"
|
||||||
|
|
||||||
// SeccompProfilePath is the node seccomp profile path
|
// SeccompProfilePath is the node seccomp profile path
|
||||||
SeccompProfilePath = "io.kubernetes.cri-o.SeccompProfilePath"
|
SeccompProfilePath = "io.kubernetes.cri-o.SeccompProfilePath"
|
||||||
|
|
||||||
|
|
|
@ -353,6 +353,7 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
|
||||||
g.AddAnnotation(annotations.TrustedSandbox, fmt.Sprintf("%v", trusted))
|
g.AddAnnotation(annotations.TrustedSandbox, fmt.Sprintf("%v", trusted))
|
||||||
g.AddAnnotation(annotations.ResolvPath, resolvPath)
|
g.AddAnnotation(annotations.ResolvPath, resolvPath)
|
||||||
g.AddAnnotation(annotations.HostName, hostname)
|
g.AddAnnotation(annotations.HostName, hostname)
|
||||||
|
g.AddAnnotation(annotations.HostNetwork, fmt.Sprintf("%v", hostNetwork))
|
||||||
g.AddAnnotation(annotations.KubeName, kubeName)
|
g.AddAnnotation(annotations.KubeName, kubeName)
|
||||||
if podContainer.Config.Config.StopSignal != "" {
|
if podContainer.Config.Config.StopSignal != "" {
|
||||||
// this key is defined in image-spec conversion document at https://github.com/opencontainers/image-spec/pull/492/files#diff-8aafbe2c3690162540381b8cdb157112R57
|
// this key is defined in image-spec conversion document at https://github.com/opencontainers/image-spec/pull/492/files#diff-8aafbe2c3690162540381b8cdb157112R57
|
||||||
|
@ -528,6 +529,7 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
|
||||||
|
|
||||||
g.AddAnnotation(annotations.IP, ip)
|
g.AddAnnotation(annotations.IP, ip)
|
||||||
sb.AddIP(ip)
|
sb.AddIP(ip)
|
||||||
|
sb.SetHostNetwork(hostNetwork)
|
||||||
|
|
||||||
spp := req.GetConfig().GetLinux().GetSecurityContext().GetSeccompProfilePath()
|
spp := req.GetConfig().GetLinux().GetSecurityContext().GetSeccompProfilePath()
|
||||||
g.AddAnnotation(annotations.SeccompProfilePath, spp)
|
g.AddAnnotation(annotations.SeccompProfilePath, spp)
|
||||||
|
|
|
@ -31,6 +31,14 @@ func (s *Server) PodSandboxStatus(ctx context.Context, req *pb.PodSandboxStatusR
|
||||||
rStatus = pb.PodSandboxState_SANDBOX_READY
|
rStatus = pb.PodSandboxState_SANDBOX_READY
|
||||||
}
|
}
|
||||||
|
|
||||||
|
linux := &pb.LinuxPodSandboxStatus{
|
||||||
|
Namespaces: &pb.Namespace{
|
||||||
|
Options: &pb.NamespaceOption{
|
||||||
|
HostNetwork: sb.HostNetwork(),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
sandboxID := sb.ID()
|
sandboxID := sb.ID()
|
||||||
resp = &pb.PodSandboxStatusResponse{
|
resp = &pb.PodSandboxStatusResponse{
|
||||||
Status: &pb.PodSandboxStatus{
|
Status: &pb.PodSandboxStatus{
|
||||||
|
@ -41,6 +49,7 @@ func (s *Server) PodSandboxStatus(ctx context.Context, req *pb.PodSandboxStatusR
|
||||||
Labels: sb.Labels(),
|
Labels: sb.Labels(),
|
||||||
Annotations: sb.Annotations(),
|
Annotations: sb.Annotations(),
|
||||||
Metadata: sb.Metadata(),
|
Metadata: sb.Metadata(),
|
||||||
|
Linux: linux,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue