sandbox_run: Do not run net plugin in host namespace
Signed-off-by: Jacek J. Łakis <jacek.lakis@intel.com>
This commit is contained in:
parent
61e60bfe47
commit
b034072d6a
1 changed files with 8 additions and 4 deletions
|
@ -256,8 +256,10 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
|
||||||
sb.cgroupParent = cgroupParent
|
sb.cgroupParent = cgroupParent
|
||||||
}
|
}
|
||||||
|
|
||||||
|
hostNetwork := req.GetConfig().GetLinux().GetSecurityContext().GetNamespaceOptions().GetHostNetwork()
|
||||||
|
|
||||||
// set up namespaces
|
// set up namespaces
|
||||||
if req.GetConfig().GetLinux().GetSecurityContext().GetNamespaceOptions().GetHostNetwork() {
|
if hostNetwork {
|
||||||
err = g.RemoveLinuxNamespace("network")
|
err = g.RemoveLinuxNamespace("network")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
@ -330,9 +332,11 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
|
||||||
sb.infraContainer = container
|
sb.infraContainer = container
|
||||||
|
|
||||||
// setup the network
|
// setup the network
|
||||||
podNamespace := ""
|
if !hostNetwork {
|
||||||
if err = s.netPlugin.SetUpPod(netNsPath, podNamespace, id, containerName); err != nil {
|
podNamespace := ""
|
||||||
return nil, fmt.Errorf("failed to create network for container %s in sandbox %s: %v", containerName, id, err)
|
if err = s.netPlugin.SetUpPod(netNsPath, podNamespace, id, containerName); err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to create network for container %s in sandbox %s: %v", containerName, id, err)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if err = s.runContainer(container); err != nil {
|
if err = s.runContainer(container); err != nil {
|
||||||
|
|
Loading…
Reference in a new issue