Merge pull request #1328 from runcom/record-hostnetwork-snb
sandbox: record whether sb is using host network
This commit is contained in:
commit
fa8cedf981
5 changed files with 27 additions and 0 deletions
|
@ -340,6 +340,7 @@ func (c *ContainerServer) LoadSandbox(id string) error {
|
||||||
|
|
||||||
privileged := isTrue(m.Annotations[annotations.PrivilegedRuntime])
|
privileged := isTrue(m.Annotations[annotations.PrivilegedRuntime])
|
||||||
trusted := isTrue(m.Annotations[annotations.TrustedSandbox])
|
trusted := isTrue(m.Annotations[annotations.TrustedSandbox])
|
||||||
|
hostNetwork := isTrue(m.Annotations[annotations.HostNetwork])
|
||||||
|
|
||||||
sb, err := sandbox.New(id, m.Annotations[annotations.Namespace], name, m.Annotations[annotations.KubeName], filepath.Dir(m.Annotations[annotations.LogPath]), labels, kubeAnnotations, processLabel, mountLabel, &metadata, m.Annotations[annotations.ShmPath], m.Annotations[annotations.CgroupParent], privileged, trusted, m.Annotations[annotations.ResolvPath], m.Annotations[annotations.HostName], portMappings)
|
sb, err := sandbox.New(id, m.Annotations[annotations.Namespace], name, m.Annotations[annotations.KubeName], filepath.Dir(m.Annotations[annotations.LogPath]), labels, kubeAnnotations, processLabel, mountLabel, &metadata, m.Annotations[annotations.ShmPath], m.Annotations[annotations.CgroupParent], privileged, trusted, m.Annotations[annotations.ResolvPath], m.Annotations[annotations.HostName], portMappings)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -348,6 +349,7 @@ func (c *ContainerServer) LoadSandbox(id string) error {
|
||||||
sb.AddHostnamePath(m.Annotations[annotations.HostnamePath])
|
sb.AddHostnamePath(m.Annotations[annotations.HostnamePath])
|
||||||
sb.AddIP(ip)
|
sb.AddIP(ip)
|
||||||
sb.SetSeccompProfilePath(spp)
|
sb.SetSeccompProfilePath(spp)
|
||||||
|
sb.SetHostNetwork(hostNetwork)
|
||||||
|
|
||||||
// We add a netNS only if we can load a permanent one.
|
// We add a netNS only if we can load a permanent one.
|
||||||
// Otherwise, the sandbox will live in the host namespace.
|
// Otherwise, the sandbox will live in the host namespace.
|
||||||
|
|
|
@ -160,6 +160,7 @@ type Sandbox struct {
|
||||||
ip string
|
ip string
|
||||||
seccompProfilePath string
|
seccompProfilePath string
|
||||||
created time.Time
|
created time.Time
|
||||||
|
hostNetwork bool
|
||||||
}
|
}
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
@ -224,6 +225,16 @@ func (s *Sandbox) AddIP(ip string) {
|
||||||
s.ip = ip
|
s.ip = ip
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// SetHostNetwork sets whether the pod is running using host network
|
||||||
|
func (s *Sandbox) SetHostNetwork(hn bool) {
|
||||||
|
s.hostNetwork = hn
|
||||||
|
}
|
||||||
|
|
||||||
|
// HostNetwork returns whether the pod is using host network
|
||||||
|
func (s *Sandbox) HostNetwork() bool {
|
||||||
|
return s.hostNetwork
|
||||||
|
}
|
||||||
|
|
||||||
// IP returns the ip of the sandbox
|
// IP returns the ip of the sandbox
|
||||||
func (s *Sandbox) IP() string {
|
func (s *Sandbox) IP() string {
|
||||||
return s.ip
|
return s.ip
|
||||||
|
|
|
@ -25,6 +25,9 @@ const (
|
||||||
// IP is the container ipv4 or ipv6 address
|
// IP is the container ipv4 or ipv6 address
|
||||||
IP = "io.kubernetes.cri-o.IP"
|
IP = "io.kubernetes.cri-o.IP"
|
||||||
|
|
||||||
|
// HostNetwork tells whether the sandbox is using hostnetwork
|
||||||
|
HostNetwork = "io.kubernetes.cri-o.HostNetwork"
|
||||||
|
|
||||||
// SeccompProfilePath is the node seccomp profile path
|
// SeccompProfilePath is the node seccomp profile path
|
||||||
SeccompProfilePath = "io.kubernetes.cri-o.SeccompProfilePath"
|
SeccompProfilePath = "io.kubernetes.cri-o.SeccompProfilePath"
|
||||||
|
|
||||||
|
|
|
@ -353,6 +353,7 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
|
||||||
g.AddAnnotation(annotations.TrustedSandbox, fmt.Sprintf("%v", trusted))
|
g.AddAnnotation(annotations.TrustedSandbox, fmt.Sprintf("%v", trusted))
|
||||||
g.AddAnnotation(annotations.ResolvPath, resolvPath)
|
g.AddAnnotation(annotations.ResolvPath, resolvPath)
|
||||||
g.AddAnnotation(annotations.HostName, hostname)
|
g.AddAnnotation(annotations.HostName, hostname)
|
||||||
|
g.AddAnnotation(annotations.HostNetwork, fmt.Sprintf("%v", hostNetwork))
|
||||||
g.AddAnnotation(annotations.KubeName, kubeName)
|
g.AddAnnotation(annotations.KubeName, kubeName)
|
||||||
if podContainer.Config.Config.StopSignal != "" {
|
if podContainer.Config.Config.StopSignal != "" {
|
||||||
// this key is defined in image-spec conversion document at https://github.com/opencontainers/image-spec/pull/492/files#diff-8aafbe2c3690162540381b8cdb157112R57
|
// this key is defined in image-spec conversion document at https://github.com/opencontainers/image-spec/pull/492/files#diff-8aafbe2c3690162540381b8cdb157112R57
|
||||||
|
@ -528,6 +529,7 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
|
||||||
|
|
||||||
g.AddAnnotation(annotations.IP, ip)
|
g.AddAnnotation(annotations.IP, ip)
|
||||||
sb.AddIP(ip)
|
sb.AddIP(ip)
|
||||||
|
sb.SetHostNetwork(hostNetwork)
|
||||||
|
|
||||||
spp := req.GetConfig().GetLinux().GetSecurityContext().GetSeccompProfilePath()
|
spp := req.GetConfig().GetLinux().GetSecurityContext().GetSeccompProfilePath()
|
||||||
g.AddAnnotation(annotations.SeccompProfilePath, spp)
|
g.AddAnnotation(annotations.SeccompProfilePath, spp)
|
||||||
|
|
|
@ -31,6 +31,14 @@ func (s *Server) PodSandboxStatus(ctx context.Context, req *pb.PodSandboxStatusR
|
||||||
rStatus = pb.PodSandboxState_SANDBOX_READY
|
rStatus = pb.PodSandboxState_SANDBOX_READY
|
||||||
}
|
}
|
||||||
|
|
||||||
|
linux := &pb.LinuxPodSandboxStatus{
|
||||||
|
Namespaces: &pb.Namespace{
|
||||||
|
Options: &pb.NamespaceOption{
|
||||||
|
HostNetwork: sb.HostNetwork(),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
sandboxID := sb.ID()
|
sandboxID := sb.ID()
|
||||||
resp = &pb.PodSandboxStatusResponse{
|
resp = &pb.PodSandboxStatusResponse{
|
||||||
Status: &pb.PodSandboxStatus{
|
Status: &pb.PodSandboxStatus{
|
||||||
|
@ -41,6 +49,7 @@ func (s *Server) PodSandboxStatus(ctx context.Context, req *pb.PodSandboxStatusR
|
||||||
Labels: sb.Labels(),
|
Labels: sb.Labels(),
|
||||||
Annotations: sb.Annotations(),
|
Annotations: sb.Annotations(),
|
||||||
Metadata: sb.Metadata(),
|
Metadata: sb.Metadata(),
|
||||||
|
Linux: linux,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue