From ab204b6641c72a0acb7cdef28fa923a4f25a5a55 Mon Sep 17 00:00:00 2001
From: Antonio Murdaca <runcom@redhat.com>
Date: Tue, 13 Feb 2018 11:45:31 +0100
Subject: [PATCH] sandbox: record whether sb is using host network

We need to record whether the sandbox is using hostnetwok because the
kubelet needs that information when computing pod changes. Without this
patch it could happen that a pod that's using host network is restarted
just because the sandbox's status isn't reporting that it's running
using host network.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
---
 lib/container_server.go        |  2 ++
 lib/sandbox/sandbox.go         | 11 +++++++++++
 pkg/annotations/annotations.go |  3 +++
 server/sandbox_run.go          |  2 ++
 server/sandbox_status.go       |  9 +++++++++
 5 files changed, 27 insertions(+)

diff --git a/lib/container_server.go b/lib/container_server.go
index 98fffaf7..923449c3 100644
--- a/lib/container_server.go
+++ b/lib/container_server.go
@@ -340,6 +340,7 @@ func (c *ContainerServer) LoadSandbox(id string) error {
 
 	privileged := isTrue(m.Annotations[annotations.PrivilegedRuntime])
 	trusted := isTrue(m.Annotations[annotations.TrustedSandbox])
+	hostNetwork := isTrue(m.Annotations[annotations.HostNetwork])
 
 	sb, err := sandbox.New(id, m.Annotations[annotations.Namespace], name, m.Annotations[annotations.KubeName], filepath.Dir(m.Annotations[annotations.LogPath]), labels, kubeAnnotations, processLabel, mountLabel, &metadata, m.Annotations[annotations.ShmPath], m.Annotations[annotations.CgroupParent], privileged, trusted, m.Annotations[annotations.ResolvPath], m.Annotations[annotations.HostName], portMappings)
 	if err != nil {
@@ -348,6 +349,7 @@ func (c *ContainerServer) LoadSandbox(id string) error {
 	sb.AddHostnamePath(m.Annotations[annotations.HostnamePath])
 	sb.AddIP(ip)
 	sb.SetSeccompProfilePath(spp)
+	sb.SetHostNetwork(hostNetwork)
 
 	// We add a netNS only if we can load a permanent one.
 	// Otherwise, the sandbox will live in the host namespace.
diff --git a/lib/sandbox/sandbox.go b/lib/sandbox/sandbox.go
index 7624b072..59c2a718 100644
--- a/lib/sandbox/sandbox.go
+++ b/lib/sandbox/sandbox.go
@@ -160,6 +160,7 @@ type Sandbox struct {
 	ip                 string
 	seccompProfilePath string
 	created            time.Time
+	hostNetwork        bool
 }
 
 const (
@@ -224,6 +225,16 @@ func (s *Sandbox) AddIP(ip string) {
 	s.ip = ip
 }
 
+// SetHostNetwork sets whether the pod is running using host network
+func (s *Sandbox) SetHostNetwork(hn bool) {
+	s.hostNetwork = hn
+}
+
+// HostNetwork returns whether the pod is using host network
+func (s *Sandbox) HostNetwork() bool {
+	return s.hostNetwork
+}
+
 // IP returns the ip of the sandbox
 func (s *Sandbox) IP() string {
 	return s.ip
diff --git a/pkg/annotations/annotations.go b/pkg/annotations/annotations.go
index 02f3c145..b83bc7e2 100644
--- a/pkg/annotations/annotations.go
+++ b/pkg/annotations/annotations.go
@@ -25,6 +25,9 @@ const (
 	// IP is the container ipv4 or ipv6 address
 	IP = "io.kubernetes.cri-o.IP"
 
+	// HostNetwork tells whether the sandbox is using hostnetwork
+	HostNetwork = "io.kubernetes.cri-o.HostNetwork"
+
 	// SeccompProfilePath is the node seccomp profile path
 	SeccompProfilePath = "io.kubernetes.cri-o.SeccompProfilePath"
 
diff --git a/server/sandbox_run.go b/server/sandbox_run.go
index 8e25db4c..920eb271 100644
--- a/server/sandbox_run.go
+++ b/server/sandbox_run.go
@@ -353,6 +353,7 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
 	g.AddAnnotation(annotations.TrustedSandbox, fmt.Sprintf("%v", trusted))
 	g.AddAnnotation(annotations.ResolvPath, resolvPath)
 	g.AddAnnotation(annotations.HostName, hostname)
+	g.AddAnnotation(annotations.HostNetwork, fmt.Sprintf("%v", hostNetwork))
 	g.AddAnnotation(annotations.KubeName, kubeName)
 	if podContainer.Config.Config.StopSignal != "" {
 		// this key is defined in image-spec conversion document at https://github.com/opencontainers/image-spec/pull/492/files#diff-8aafbe2c3690162540381b8cdb157112R57
@@ -528,6 +529,7 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
 
 	g.AddAnnotation(annotations.IP, ip)
 	sb.AddIP(ip)
+	sb.SetHostNetwork(hostNetwork)
 
 	spp := req.GetConfig().GetLinux().GetSecurityContext().GetSeccompProfilePath()
 	g.AddAnnotation(annotations.SeccompProfilePath, spp)
diff --git a/server/sandbox_status.go b/server/sandbox_status.go
index 90193e71..8bc7de92 100644
--- a/server/sandbox_status.go
+++ b/server/sandbox_status.go
@@ -31,6 +31,14 @@ func (s *Server) PodSandboxStatus(ctx context.Context, req *pb.PodSandboxStatusR
 		rStatus = pb.PodSandboxState_SANDBOX_READY
 	}
 
+	linux := &pb.LinuxPodSandboxStatus{
+		Namespaces: &pb.Namespace{
+			Options: &pb.NamespaceOption{
+				HostNetwork: sb.HostNetwork(),
+			},
+		},
+	}
+
 	sandboxID := sb.ID()
 	resp = &pb.PodSandboxStatusResponse{
 		Status: &pb.PodSandboxStatus{
@@ -41,6 +49,7 @@ func (s *Server) PodSandboxStatus(ctx context.Context, req *pb.PodSandboxStatusR
 			Labels:      sb.Labels(),
 			Annotations: sb.Annotations(),
 			Metadata:    sb.Metadata(),
+			Linux:       linux,
 		},
 	}