diff --git a/Dockerfile b/Dockerfile index 99b0d343..3c9ed6ac 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,6 +24,7 @@ RUN apt-get update && apt-get install -y \ libdevmapper1.02.1 \ libdevmapper-dev \ libgpgme11-dev \ + netcat \ --no-install-recommends \ && apt-get clean diff --git a/test/helpers.bash b/test/helpers.bash index 2f144264..54aa891d 100644 --- a/test/helpers.bash +++ b/test/helpers.bash @@ -397,6 +397,12 @@ function parse_pod_ip() { done } +function get_host_ip() { + gateway_dev=`ip -o route show default 0.0.0.0/0 | sed 's/.*dev \([^[:space:]]*\).*/\1/'` + [ "$gateway_dev" ] + host_ip=`ip -o -4 addr show dev $gateway_dev scope global | sed 's/.*inet \([0-9.]*\).*/\1/'` +} + function ping_pod() { netns=`crioctl pod status --id $1 | grep namespace | cut -d ' ' -f 3` inet=`ip netns exec \`basename $netns\` ip addr show dev eth0 scope global | grep inet` diff --git a/test/network.bats b/test/network.bats index fab38d98..3f34669f 100644 --- a/test/network.bats +++ b/test/network.bats @@ -67,3 +67,31 @@ load helpers cleanup_pods stop_crio } + +@test "Connect to pod hostport from the host" { + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config_hostport.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + + get_host_ip + echo $host_ip + + run crioctl ctr create --config "$TESTDATA"/container_config_hostport.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + ctr_id="$output" + run crioctl ctr start --id "$ctr_id" + echo "$output" + [ "$status" -eq 0 ] + run nc -w 5 $host_ip 4888 + echo "$output" + [ "$output" = "crioctl_host" ] + [ "$status" -eq 0 ] + run crioctl ctr stop --id "$ctr_id" + echo "$output" + cleanup_pods + + stop_crio +} diff --git a/test/testdata/container_config_hostport.json b/test/testdata/container_config_hostport.json new file mode 100644 index 00000000..ea242056 --- /dev/null +++ b/test/testdata/container_config_hostport.json @@ -0,0 +1,73 @@ +{ + "metadata": { + "name": "container1", + "attempt": 1 + }, + "image": { + "image": "busybox:latest" + }, + "command": [ + "/bin/nc", "-ll", "-p", "80", "-e" + ], + "args": [ + "/bin/hostname" + ], + "working_dir": "/", + "envs": [ + { + "key": "PATH", + "value": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + }, + { + "key": "TERM", + "value": "xterm" + }, + { + "key": "TESTDIR", + "value": "test/dir1" + }, + { + "key": "TESTFILE", + "value": "test/file1" + } + ], + "labels": { + "type": "small", + "batch": "no" + }, + "annotations": { + "owner": "dragon", + "daemon": "crio" + }, + "privileged": true, + "readonly_rootfs": true, + "log_path": "", + "stdin": false, + "stdin_once": false, + "tty": false, + "linux": { + "resources": { + "cpu_period": 10000, + "cpu_quota": 20000, + "cpu_shares": 512, + "oom_score_adj": 30 + }, + "security_context": { + "capabilities": { + "add_capabilities": [ + "setuid", + "setgid" + ], + "drop_capabilities": [ + "audit_read" + ] + }, + "selinux_options": { + "user": "system_u", + "role": "system_r", + "type": "container_t", + "level": "s0:c4,c5" + } + } + } +} diff --git a/test/testdata/sandbox_config_hostport.json b/test/testdata/sandbox_config_hostport.json new file mode 100644 index 00000000..5feda866 --- /dev/null +++ b/test/testdata/sandbox_config_hostport.json @@ -0,0 +1,55 @@ +{ + "metadata": { + "name": "podsandbox1", + "uid": "redhat-test-crio", + "namespace": "redhat.test.crio", + "attempt": 1 + }, + "hostname": "crioctl_host", + "log_directory": "", + "dns_options": { + "servers": [ + "server1.redhat.com", + "server2.redhat.com" + ], + "searches": [ + "8.8.8.8" + ] + }, + "port_mappings": [ + { + "protocol": 0, + "container_port": 80, + "host_port": 4888 + } + ], + "resources": { + "cpu": { + "limits": 3, + "requests": 2 + }, + "memory": { + "limits": 50000000, + "requests": 2000000 + } + }, + "labels": { + "group": "test" + }, + "annotations": { + "owner": "hmeng", + "security.alpha.kubernetes.io/sysctls": "kernel.shm_rmid_forced=1,net.ipv4.ip_local_port_range=1024 65000", + "security.alpha.kubernetes.io/unsafe-sysctls": "kernel.msgmax=8192" , + "security.alpha.kubernetes.io/seccomp/pod": "unconfined" + }, + "linux": { + "cgroup_parent": "/Burstable/pod_123-456", + "security_context": { + "namespace_options": { + "host_network": false, + "host_pid": false, + "host_ipc": false + } + } + } +}