Merge pull request #6733 from xiang90/kub_cap

pkg/kubelet: move the capabilities related code to util.go
2015-04-13 09:02:36 -07:00
parent 4e3b4bd10e cef744ecaa
commit ab68bcb97f
2 changed files with 32 additions and 31 deletions
--- a/pkg/kubelet/util.go
+++ b/pkg/kubelet/util.go
@@ -17,6 +17,8 @@ limitations under the License.
 package kubelet

 import (
+	"fmt"
+
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/api"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/api/resource"
 	cadvisorApi "github.com/google/cadvisor/info/v1"
@@ -33,3 +35,32 @@ func CapacityFromMachineInfo(info *cadvisorApi.MachineInfo) api.ResourceList {
 	}
 	return c
 }
+
+// Check whether we have the capabilities to run the specified pod.
+func canRunPod(pod *api.Pod) error {
+	if pod.Spec.HostNetwork {
+		allowed, err := allowHostNetwork(pod)
+		if err != nil {
+			return err
+		}
+		if !allowed {
+			return fmt.Errorf("pod with UID %q specified host networking, but is disallowed", pod.UID)
+		}
+	}
+	// TODO(vmarmol): Check Privileged too.
+	return nil
+}
+
+// Determined whether the specified pod is allowed to use host networking
+func allowHostNetwork(pod *api.Pod) (bool, error) {
+	podSource, err := getPodSource(pod)
+	if err != nil {
+		return false, err
+	}
+	for _, source := range capabilities.Get().HostNetworkSources {
+		if source == podSource {
+			return true, nil
+		}
+	}
+	return false, nil
+}