Merge pull request #27914 from yifan-gu/fix_kubenet_hostport
Automatic merge from submit-queue kubenet: Fix host port for rktnetes. Because rkt pod runs after plugin.SetUpPod() is called, so getRunningPods() does not return the newly created pod, which causes the hostport iptable rules to be missing for this new pod. cc @dcbw @freehan A follow up fix for https://github.com/kubernetes/kubernetes/pull/27878#issuecomment-227898936
This commit is contained in:
		| @@ -42,7 +42,7 @@ const ( | ||||
| ) | ||||
|  | ||||
| type HostportHandler interface { | ||||
| 	OpenPodHostportsAndSync(newPod *api.Pod, natInterfaceName string, runningPods []*RunningPod) error | ||||
| 	OpenPodHostportsAndSync(newPod *RunningPod, natInterfaceName string, runningPods []*RunningPod) error | ||||
| 	SyncHostports(natInterfaceName string, runningPods []*RunningPod) error | ||||
| } | ||||
|  | ||||
| @@ -172,12 +172,24 @@ func hostportChainName(cp api.ContainerPort, podFullName string) utiliptables.Ch | ||||
|  | ||||
| // OpenPodHostportsAndSync opens hostports for a new pod, gathers all hostports on | ||||
| // node, sets up iptables rules enable them. And finally clean up stale hostports | ||||
| func (h *handler) OpenPodHostportsAndSync(newPod *api.Pod, natInterfaceName string, runningPods []*RunningPod) error { | ||||
| func (h *handler) OpenPodHostportsAndSync(newPod *RunningPod, natInterfaceName string, runningPods []*RunningPod) error { | ||||
| 	// try to open pod host port if specified | ||||
| 	if err := h.openHostports(newPod); err != nil { | ||||
| 	if err := h.openHostports(newPod.Pod); err != nil { | ||||
| 		return err | ||||
| 	} | ||||
|  | ||||
| 	// Add the new pod to running pods if it's not running already (e.g. in rkt's case). | ||||
| 	var found bool | ||||
| 	for _, p := range runningPods { | ||||
| 		if p.Pod.UID == newPod.Pod.UID { | ||||
| 			found = true | ||||
| 			break | ||||
| 		} | ||||
| 	} | ||||
| 	if !found { | ||||
| 		runningPods = append(runningPods, newPod) | ||||
| 	} | ||||
|  | ||||
| 	return h.SyncHostports(natInterfaceName, runningPods) | ||||
| } | ||||
|  | ||||
|   | ||||
| @@ -185,7 +185,7 @@ func TestOpenPodHostports(t *testing.T) { | ||||
| 		}) | ||||
| 	} | ||||
|  | ||||
| 	err := h.OpenPodHostportsAndSync(tests[0].pod, "br0", runningPods) | ||||
| 	err := h.OpenPodHostportsAndSync(&RunningPod{Pod: tests[0].pod, IP: net.ParseIP(tests[0].ip)}, "br0", runningPods) | ||||
| 	if err != nil { | ||||
| 		t.Fatalf("Failed to OpenPodHostportsAndSync: %v", err) | ||||
| 	} | ||||
|   | ||||
| @@ -19,7 +19,6 @@ package testing | ||||
| import ( | ||||
| 	"fmt" | ||||
|  | ||||
| 	"k8s.io/kubernetes/pkg/api" | ||||
| 	kubecontainer "k8s.io/kubernetes/pkg/kubelet/container" | ||||
| 	"k8s.io/kubernetes/pkg/kubelet/network/hostport" | ||||
| ) | ||||
| @@ -30,8 +29,8 @@ func NewFakeHostportHandler() hostport.HostportHandler { | ||||
| 	return &fakeHandler{} | ||||
| } | ||||
|  | ||||
| func (h *fakeHandler) OpenPodHostportsAndSync(newPod *api.Pod, natInterfaceName string, runningPods []*hostport.RunningPod) error { | ||||
| 	return h.SyncHostports(natInterfaceName, runningPods) | ||||
| func (h *fakeHandler) OpenPodHostportsAndSync(newPod *hostport.RunningPod, natInterfaceName string, runningPods []*hostport.RunningPod) error { | ||||
| 	return h.SyncHostports(natInterfaceName, append(runningPods, newPod)) | ||||
| } | ||||
|  | ||||
| func (h *fakeHandler) SyncHostports(natInterfaceName string, runningPods []*hostport.RunningPod) error { | ||||
|   | ||||
| @@ -349,7 +349,9 @@ func (plugin *kubenetNetworkPlugin) setup(namespace string, name string, id kube | ||||
| 	if err != nil { | ||||
| 		return err | ||||
| 	} | ||||
| 	if err := plugin.hostportHandler.OpenPodHostportsAndSync(pod, BridgeName, runningPods); err != nil { | ||||
|  | ||||
| 	newPod := &hostport.RunningPod{Pod: pod, IP: ip4} | ||||
| 	if err := plugin.hostportHandler.OpenPodHostportsAndSync(newPod, BridgeName, runningPods); err != nil { | ||||
| 		return err | ||||
| 	} | ||||
|  | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 k8s-merge-robot
					k8s-merge-robot